[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.322286] random: sshd: uninitialized urandom read (32 bytes read)
[   33.488782] kauditd_printk_skb: 9 callbacks suppressed
[   33.488790] audit: type=1400 audit(1567683170.649:35): avc:  denied  { map } for  pid=6828 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   33.545027] random: sshd: uninitialized urandom read (32 bytes read)
[   34.076422] random: sshd: uninitialized urandom read (32 bytes read)
[   38.788209] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
[   44.312494] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/05 11:33:01 parsed 1 programs
[   44.495770] audit: type=1400 audit(1567683181.659:36): avc:  denied  { map } for  pid=6841 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.567174] audit: type=1400 audit(1567683181.729:37): avc:  denied  { map } for  pid=6841 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1164 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   45.105093] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/05 11:33:02 executed programs: 0
[   45.990934] IPVS: ftp: loaded support on port[0] = 21
[   46.804199] chnl_net:caif_netlink_parms(): no params data found
[   46.834646] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.841647] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.848830] device bridge_slave_0 entered promiscuous mode
[   46.856125] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.862995] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.869830] device bridge_slave_1 entered promiscuous mode
[   46.885606] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   46.894507] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   46.909416] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   46.916793] team0: Port device team_slave_0 added
[   46.922333] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   46.929360] team0: Port device team_slave_1 added
[   46.934696] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   46.941930] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   47.021802] device hsr_slave_0 entered promiscuous mode
[   47.060316] device hsr_slave_1 entered promiscuous mode
[   47.120537] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   47.127437] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   47.140374] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.146832] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.153801] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.160190] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.186873] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   47.193835] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.202516] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   47.211090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   47.219341] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.226995] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.236300] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   47.242614] 8021q: adding VLAN 0 to HW filter on device team0
[   47.250963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.258616] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.265017] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.273848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.282253] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.288588] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.305756] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   47.315621] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   47.326498] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   47.334030] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.341726] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.349137] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.356964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.365862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   47.372629] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   47.382952] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   47.392876] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.801178] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   48.558676] audit: type=1400 audit(1567683185.719:38): avc:  denied  { map } for  pid=6872 comm="syz-executor.0" path="/root/syzkaller-testdir546917204/syzkaller.5ZSJDd/0/file0/mem" dev="devtmpfs" ino=13669 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=1
[   48.589649] x86/PAT: syz-executor.0:6872 freeing invalid memtype [mem 0x00000000-0x00001fff]
[   48.599731] FAULT_INJECTION: forcing a failure.
[   48.599731] name failslab, interval 1, probability 0, space 0, times 1
[   48.612001] CPU: 1 PID: 6872 Comm: syz-executor.0 Not tainted 4.14.141 #37
[   48.619078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.628518] Call Trace:
[   48.631197]  dump_stack+0x138/0x197
[   48.634876]  should_fail.cold+0x10f/0x159
[   48.639046]  should_failslab+0xdb/0x130
[   48.643012]  kmem_cache_alloc_trace+0x2e9/0x790
[   48.647678]  ? pat_pagerange_is_ram+0x90/0xf0
[   48.652154]  ? __init_cache_modes+0x240/0x240
[   48.656643]  reserve_memtype+0x164/0x640
[   48.660688]  ? lock_downgrade+0x6e0/0x6e0
[   48.664820]  ? pat_init+0x420/0x420
[   48.668426]  ? __init_cache_modes+0x240/0x240
[   48.672902]  reserve_pfn_range+0x11c/0x390
[   48.677116]  ? arch_io_reserve_memtype_wc+0x80/0x80
[   48.682133]  ? copy_process.part.0+0x444f/0x6a00
[   48.686870]  ? SyS_clone+0x37/0x50
[   48.690399]  ? do_syscall_64+0x1e8/0x640
[   48.694444]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.699880]  track_pfn_copy+0x14a/0x190
[   48.703837]  ? reserve_pfn_range+0x390/0x390
[   48.708249]  ? trace_hardirqs_on+0x10/0x10
[   48.712485]  copy_page_range+0x1255/0x1bd0
[   48.716772]  ? save_trace+0x290/0x290
[   48.720574]  ? copy_process.part.0+0x41de/0x6a00
[   48.725334]  ? find_held_lock+0x35/0x130
[   48.729395]  ? vma_compute_subtree_gap+0x190/0x1f0
[   48.734306]  ? vma_gap_callbacks_rotate+0x62/0x80
[   48.739174]  ? __rb_insert_augmented+0x22f/0xdf0
[   48.743915]  ? __pmd_alloc+0x410/0x410
[   48.747786]  ? __vma_link_rb+0x247/0x340
[   48.751855]  copy_process.part.0+0x4764/0x6a00
[   48.756437]  ? __cleanup_sighand+0x50/0x50
[   48.760662]  ? vfs_write+0x25f/0x500
[   48.764367]  _do_fork+0x19e/0xce0
[   48.767823]  ? fork_idle+0x280/0x280
[   48.771520]  ? vfs_write+0x104/0x500
[   48.775236]  ? SyS_write+0x15e/0x230
[   48.778953]  SyS_clone+0x37/0x50
[   48.782318]  ? sys_vfork+0x30/0x30
[   48.785849]  do_syscall_64+0x1e8/0x640
[   48.789734]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.794573]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.799764] RIP: 0033:0x459879
[   48.802945] RSP: 002b:00007ffcc83d5438 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   48.810652] RAX: ffffffffffffffda RBX: 00007ffcc83d5450 RCX: 0000000000459879
[   48.817919] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   48.825174] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   48.832422] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000235c914
[   48.839685] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000004
[   48.849634] ------------[ cut here ]------------
[   48.854590] WARNING: CPU: 1 PID: 6872 at arch/x86/mm/pat.c:1020 untrack_pfn+0x1dc/0x220
[   48.862728] Kernel panic - not syncing: panic_on_warn set ...
[   48.862728] 
[   48.870075] CPU: 1 PID: 6872 Comm: syz-executor.0 Not tainted 4.14.141 #37
[   48.877082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.886419] Call Trace:
[   48.888996]  dump_stack+0x138/0x197
[   48.892622]  panic+0x1f2/0x426
[   48.895812]  ? add_taint.cold+0x16/0x16
[   48.899785]  ? untrack_pfn+0x1dc/0x220
[   48.903666]  ? untrack_pfn+0x1dc/0x220
[   48.907548]  __warn.cold+0x2f/0x36
[   48.911089]  ? ist_end_non_atomic+0x10/0x10
[   48.915410]  ? untrack_pfn+0x1dc/0x220
[   48.919399]  report_bug+0x216/0x254
[   48.923039]  do_error_trap+0x1bb/0x310
[   48.927063]  ? math_error+0x360/0x360
[   48.930878]  ? lock_downgrade+0x6e0/0x6e0
[   48.935139]  ? unmap_page_range+0xbe7/0x1770
[   48.939561]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.944397]  do_invalid_op+0x1b/0x20
[   48.948115]  invalid_op+0x1b/0x40
[   48.951899] RIP: 0010:untrack_pfn+0x1dc/0x220
[   48.956391] RSP: 0018:ffff8880a523f948 EFLAGS: 00010297
[   48.961746] RAX: ffff8880a63ec480 RBX: ffff8880a106c460 RCX: 0000000000000000
[   48.969000] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[   48.976272] RBP: ffff8880a523f9d8 R08: ffff8880a63ec480 R09: 0000000000000000
[   48.983534] R10: 0000000000000000 R11: ffff8880a63ec480 R12: 1ffff11014a47f2a
[   48.990792] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880a523f9b0
[   48.998067]  ? untrack_pfn+0x1dc/0x220
[   49.001956]  ? track_pfn_insert+0x150/0x150
[   49.006262]  ? vm_normal_page_pmd+0x360/0x360
[   49.010747]  ? uprobe_munmap+0x94/0x210
[   49.015071]  unmap_single_vma+0x182/0x2c0
[   49.019204]  unmap_vmas+0xac/0x170
[   49.022750]  exit_mmap+0x285/0x4e0
[   49.026274]  ? SyS_munmap+0x30/0x30
[   49.029901]  ? kmem_cache_free+0x244/0x2b0
[   49.034134]  ? __khugepaged_exit+0xcf/0x3d0
[   49.038438]  ? lock_downgrade+0x6e0/0x6e0
[   49.042583]  mmput+0x114/0x440
[   49.045779]  copy_process.part.0+0x4743/0x6a00
[   49.050354]  ? __cleanup_sighand+0x50/0x50
[   49.054605]  ? vfs_write+0x25f/0x500
[   49.058336]  _do_fork+0x19e/0xce0
[   49.061928]  ? fork_idle+0x280/0x280
[   49.065628]  ? vfs_write+0x104/0x500
[   49.069343]  ? SyS_write+0x15e/0x230
[   49.073173]  SyS_clone+0x37/0x50
[   49.076531]  ? sys_vfork+0x30/0x30
[   49.080088]  do_syscall_64+0x1e8/0x640
[   49.083972]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.088802]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   49.093986] RIP: 0033:0x459879
[   49.097155] RSP: 002b:00007ffcc83d5438 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   49.104859] RAX: ffffffffffffffda RBX: 00007ffcc83d5450 RCX: 0000000000459879
[   49.112116] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   49.119464] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   49.126717] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000235c914
[   49.133983] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000004
[   49.142820] Kernel Offset: disabled
[   49.146531] Rebooting in 86400 seconds..