[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   30.350228] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   30.610904] kauditd_printk_skb: 9 callbacks suppressed
[   30.610911] audit: type=1400 audit(1572980304.193:35): avc:  denied  { map } for  pid=6802 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   30.696761] random: sshd: uninitialized urandom read (32 bytes read)
[   31.244476] random: sshd: uninitialized urandom read (32 bytes read)
[   31.421802] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts.
[   36.908229] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   37.017180] audit: type=1400 audit(1572980310.593:36): avc:  denied  { map } for  pid=6816 comm="syz-executor258" path="/root/syz-executor258673375" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   37.022441] devpts: called with bogus options
executing program
[   37.202641] devpts: called with bogus options
executing program
[   37.346661] devpts: called with bogus options
executing program
[   37.498025] devpts: called with bogus options
executing program
[   37.626137] devpts: called with bogus options
executing program
[   37.766138] devpts: called with bogus options
executing program
[   37.948466] devpts: called with bogus options
executing program
[   38.076757] devpts: called with bogus options
executing program
[   38.216430] devpts: called with bogus options
executing program
executing program
executing program
[   38.356406] devpts: called with bogus options
[   38.368236] devpts: called with bogus options
[   38.376232] devpts: called with bogus options
executing program
executing program
[   38.767391] relay: one or more items not logged [item size (56) > sub-buffer size (9)]
[   38.769197] devpts: called with bogus options
[   38.785575] devpts: called with bogus options
executing program
[   39.017047] devpts: called with bogus options
executing program
[   39.122893] relay: one or more items not logged [item size (56) > sub-buffer size (9)]
[   39.166169] devpts: called with bogus options
[   39.312345] ==================================================================
[   39.319844] BUG: KASAN: use-after-free in relay_switch_subbuf+0x87c/0x8e0
[   39.326758] Read of size 8 at addr ffff88809a3d6778 by task kworker/0:2/2601
[   39.333934] 
[   39.333954] CPU: 0 PID: 2601 Comm: kworker/0:2 Not tainted 4.14.151 #0
[   39.333959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.333973] Workqueue: events __blk_release_queue
[   39.333981] Call Trace:
[   39.333990]  dump_stack+0x138/0x197
[   39.333999]  ? relay_switch_subbuf+0x87c/0x8e0
[   39.334007]  print_address_description.cold+0x7c/0x1dc
[   39.334014]  ? relay_switch_subbuf+0x87c/0x8e0
[   39.334019]  kasan_report.cold+0xa9/0x2af
[   39.334028]  __asan_report_load8_noabort+0x14/0x20
[   39.334034]  relay_switch_subbuf+0x87c/0x8e0
[   39.342357]  relay_flush+0x1ae/0x270
[   39.342367]  ? trace_hardirqs_on_caller+0x400/0x590
[   39.342379]  blk_trace_startstop+0x203/0x5c0
[   39.342387]  ? blk_msg_write+0xb0/0xb0
[   39.342399]  ? blk_mq_release+0x192/0x200
[   39.342409]  blk_trace_shutdown+0x47/0x60
[   39.367288]  __blk_release_queue+0x22e/0x4d0
[   39.377104]  process_one_work+0x863/0x1600
[   39.386147]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   39.428951]  worker_thread+0x5d9/0x1050
[   39.432915]  kthread+0x319/0x430
[   39.436280]  ? process_one_work+0x1600/0x1600
[   39.440760]  ? kthread_create_on_node+0xd0/0xd0
[   39.445414]  ret_from_fork+0x24/0x30
[   39.449116] 
[   39.450725] Allocated by task 6850:
[   39.454334]  save_stack_trace+0x16/0x20
[   39.458288]  save_stack+0x45/0xd0
[   39.461719]  kasan_kmalloc+0xce/0xf0
[   39.465413]  kasan_slab_alloc+0xf/0x20
[   39.469277]  kmem_cache_alloc+0x12e/0x780
[   39.473406]  __d_alloc+0x2d/0x9f0
[   39.476836]  d_alloc+0x4d/0x270
[   39.480095]  __lookup_hash+0x58/0x180
[   39.483875]  lookup_one_len+0x27b/0x3a0
[   39.487838]  start_creating+0xa6/0x1b0
[   39.491725]  __debugfs_create_file+0x53/0x3d0
[   39.496203]  debugfs_create_file+0x5a/0x70
[   39.500425]  blk_create_buf_file_callback+0x33/0x40
[   39.505423]  relay_create_buf_file+0xf1/0x160
[   39.509895]  relay_open_buf.part.0+0x6a9/0x9e0
[   39.514457]  relay_open+0x4e7/0x920
[   39.518060]  do_blk_trace_setup+0x3ca/0xb10
[   39.522357]  blk_trace_setup+0xbd/0x140
[   39.526395]  blk_trace_ioctl+0x147/0x270
[   39.530434]  blkdev_ioctl+0x100/0x1860
[   39.534297]  block_ioctl+0xde/0x120
[   39.537902]  do_vfs_ioctl+0x7ae/0x1060
[   39.541763]  SyS_ioctl+0x8f/0xc0
[   39.545106]  do_syscall_64+0x1e8/0x640
[   39.548982]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.554146] 
[   39.555752] Freed by task 7:
[   39.558753]  save_stack_trace+0x16/0x20
[   39.562706]  save_stack+0x45/0xd0
[   39.566135]  kasan_slab_free+0x75/0xc0
[   39.569998]  kmem_cache_free+0x83/0x2b0
[   39.573954]  __d_free+0x20/0x30
[   39.577210]  rcu_process_callbacks+0x7b8/0x12b0
[   39.581855]  __do_softirq+0x244/0x9a0
[   39.585628] 
[   39.587236] The buggy address belongs to the object at ffff88809a3d6720
[   39.587236]  which belongs to the cache dentry of size 288
[   39.599435] The buggy address is located 88 bytes inside of
[   39.599435]  288-byte region [ffff88809a3d6720, ffff88809a3d6840)
[   39.611308] The buggy address belongs to the page:
[   39.616220] page:ffffea000268f580 count:1 mapcount:0 mapping:ffff88809a3d6040 index:0xffff88809a3d6300
[   39.625665] flags: 0x1fffc0000000100(slab)
[   39.629899] raw: 01fffc0000000100 ffff88809a3d6040 ffff88809a3d6300 0000000100000008
[   39.637760] raw: ffffea000251b0a0 ffffea000251a9e0 ffff88821f8b5680 0000000000000000
[   39.645617] page dumped because: kasan: bad access detected
[   39.651303] 
[   39.652908] Memory state around the buggy address:
[   39.657811]  ffff88809a3d6600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.665147]  ffff88809a3d6680: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   39.672481] >ffff88809a3d6700: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb
[   39.679817]                                                                 ^
[   39.687069]  ffff88809a3d6780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.694404]  ffff88809a3d6800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   39.701750] ==================================================================
[   39.709085] Disabling lock debugging due to kernel taint
[   39.715712] Kernel panic - not syncing: panic_on_warn set ...
[   39.715712] 
[   39.721948] kobject: 'queue' (ffff8880a0a14a58): kobject_uevent_env
[   39.723081] CPU: 0 PID: 2601 Comm: kworker/0:2 Tainted: G    B           4.14.151 #0
[   39.729470] kobject: 'queue' (ffff8880a0a14a58): kobject_uevent_env: filter function caused the event to drop!
[   39.737319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.737334] Workqueue: events __blk_release_queue
[   39.737338] Call Trace:
[   39.737353]  dump_stack+0x138/0x197
[   39.737369]  ? relay_switch_subbuf+0x87c/0x8e0
[   39.747755] kobject: 'iosched' (ffff888093ec6050): kobject_add_internal: parent: 'queue', set: '<NULL>'
[   39.756830]  panic+0x1f9/0x42d
[   39.756836]  ? add_taint.cold+0x16/0x16
[   39.756845]  ? ___preempt_schedule+0x16/0x18
[   39.761753] kobject: 'iosched' (ffff888093ec6050): kobject_uevent_env
[   39.764223]  kasan_end_report+0x47/0x4f
[   39.767818] kobject: 'iosched' (ffff888093ec6050): kobject_uevent_env: filter function caused the event to drop!
[   39.772374]  kasan_report.cold+0x130/0x2af
[   39.772383]  __asan_report_load8_noabort+0x14/0x20
[   39.772389]  relay_switch_subbuf+0x87c/0x8e0
[   39.772397]  relay_flush+0x1ae/0x270
[   39.782180] kobject: 'integrity' (ffff888096abce10): kobject_add_internal: parent: 'loop0', set: '<NULL>'
[   39.785082]  ? trace_hardirqs_on_caller+0x400/0x590
[   39.789095] kobject: 'integrity' (ffff888096abce10): kobject_uevent_env
[   39.793408]  blk_trace_startstop+0x203/0x5c0
[   39.793415]  ? blk_msg_write+0xb0/0xb0
[   39.793425]  ? blk_mq_release+0x192/0x200
[   39.793433]  blk_trace_shutdown+0x47/0x60
[   39.800030] kobject: 'integrity' (ffff888096abce10): kobject_uevent_env: filter function caused the event to drop!
[   39.803936]  __blk_release_queue+0x22e/0x4d0
[   39.884251]  process_one_work+0x863/0x1600
[   39.888464]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   39.893110]  worker_thread+0x5d9/0x1050
[   39.897184]  kthread+0x319/0x430
[   39.900525]  ? process_one_work+0x1600/0x1600
[   39.904991]  ? kthread_create_on_node+0xd0/0xd0
[   39.909674]  ret_from_fork+0x24/0x30
[   39.914695] Kernel Offset: disabled
[   39.918311] Rebooting in 86400 seconds..