[   29.535260] random: sshd: uninitialized urandom read (32 bytes read)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   30.201233] random: sshd: uninitialized urandom read (32 bytes read)
[   30.429294] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   30.983566] random: sshd: uninitialized urandom read (32 bytes read)
[   31.167890] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts.
[   36.634193] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/07 02:24:04 parsed 1 programs
[   36.819662] kauditd_printk_skb: 10 callbacks suppressed
[   36.819671] audit: type=1400 audit(1567823044.360:36): avc:  denied  { map } for  pid=6889 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   36.880984] audit: type=1400 audit(1567823044.430:37): avc:  denied  { map } for  pid=6889 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=41 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   37.677576] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/07 02:24:06 executed programs: 0
[   38.741035] IPVS: ftp: loaded support on port[0] = 21
[   39.566241] chnl_net:caif_netlink_parms(): no params data found
[   39.596482] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.603620] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.611321] device bridge_slave_0 entered promiscuous mode
[   39.618423] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.624932] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.631883] device bridge_slave_1 entered promiscuous mode
[   39.647753] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   39.656906] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   39.673101] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   39.680420] team0: Port device team_slave_0 added
[   39.685864] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   39.693409] team0: Port device team_slave_1 added
[   39.698567] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   39.706647] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   39.762318] device hsr_slave_0 entered promiscuous mode
[   39.800534] device hsr_slave_1 entered promiscuous mode
[   39.840704] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   39.847608] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   39.862271] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.868678] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.875750] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.882173] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.907887] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   39.914972] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.922836] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   39.932026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.950815] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.958043] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.967945] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   39.974446] 8021q: adding VLAN 0 to HW filter on device team0
[   39.982645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.991039] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.997465] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.016718] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   40.026814] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   40.037647] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   40.044491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.052380] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.058856] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.066575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   40.074322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   40.082089] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.089732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.098074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   40.104902] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   40.116836] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   40.126705] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.561030] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   41.976371] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   41.984513] IP:           (null)
[   41.987868] PGD a63dc067 P4D a63dc067 PUD 9338b067 PMD 0 
[   41.993388] Oops: 0010 [#1] PREEMPT SMP KASAN
[   41.997918] Modules linked in:
[   42.001281] CPU: 1 PID: 7165 Comm: syz-executor.0 Not tainted 4.14.142 #0
[   42.008184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.017519] task: ffff88809f3a4100 task.stack: ffff888087620000
[   42.023561] RIP: 0010:          (null)
[   42.027426] RSP: 0018:ffff8880876275e8 EFLAGS: 00010246
[   42.032765] RAX: dffffc0000000000 RBX: ffffffff86f156e0 RCX: 0000000000000000
[   42.040380] RDX: 1ffffffff0de2ae4 RSI: 0000000000000001 RDI: ffff8880a552c480
[   42.048024] RBP: ffff8880876276c0 R08: 1ffff11010ec4ee8 R09: ffff888087627740
[   42.055441] R10: ffffed1010ec4ef3 R11: ffff88808762779f R12: ffff888087627698
[   42.062694] R13: ffff8880a552c480 R14: 0000000000000001 R15: 0000000000000000
[   42.070045] FS:  00007ff52cb0d700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
[   42.078272] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.084129] CR2: 0000000000000000 CR3: 00000000a02b6000 CR4: 00000000001406e0
[   42.091377] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   42.098712] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.105976] Call Trace:
[   42.108542]  tc_bind_tclass+0x124/0x400
[   42.112583]  ? security_capable+0x8e/0xc0
[   42.116706]  ? __qdisc_calculate_pkt_len+0x2e0/0x2e0
[   42.121790]  ? validate_nla+0x201/0x5f0
[   42.125751]  ? nla_parse+0x186/0x240
[   42.129441]  ? qdisc_match_from_root+0x14f/0x230
[   42.134180]  tc_ctl_tclass+0x94a/0xa70
[   42.138055]  ? qdisc_tree_reduce_backlog+0x4a0/0x4a0
[   42.143435]  ? rtnetlink_rcv_msg+0x305/0xb70
[   42.147822]  ? qdisc_tree_reduce_backlog+0x4a0/0x4a0
[   42.152909]  rtnetlink_rcv_msg+0x3eb/0xb70
[   42.157122]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   42.161692]  ? netlink_deliver_tap+0x93/0x8f0
[   42.166458]  netlink_rcv_skb+0x14f/0x3c0
[   42.170650]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[   42.175236]  ? lock_downgrade+0x6e0/0x6e0
[   42.179376]  ? netlink_ack+0x9a0/0x9a0
[   42.183312]  ? netlink_deliver_tap+0xba/0x8f0
[   42.187885]  rtnetlink_rcv+0x1d/0x30
[   42.191600]  netlink_unicast+0x45d/0x640
[   42.195748]  ? netlink_attachskb+0x6a0/0x6a0
[   42.200145]  ? security_netlink_send+0x81/0xb0
[   42.204713]  netlink_sendmsg+0x7c4/0xc60
[   42.208764]  ? netlink_unicast+0x640/0x640
[   42.213006]  ? security_socket_sendmsg+0x89/0xb0
[   42.217741]  ? netlink_unicast+0x640/0x640
[   42.221952]  sock_sendmsg+0xce/0x110
[   42.225644]  ___sys_sendmsg+0x70a/0x840
[   42.229594]  ? copy_msghdr_from_user+0x3f0/0x3f0
[   42.234328]  ? __fget+0x210/0x370
[   42.237758]  ? find_held_lock+0x35/0x130
[   42.241802]  ? __fget+0x210/0x370
[   42.245247]  ? lock_downgrade+0x6e0/0x6e0
[   42.249394]  ? __fget+0x237/0x370
[   42.252834]  ? __fget_light+0x172/0x1f0
[   42.256798]  ? __fdget+0x1b/0x20
[   42.260153]  ? sockfd_lookup_light+0xb4/0x160
[   42.264630]  __sys_sendmsg+0xb9/0x140
[   42.268406]  ? SyS_shutdown+0x170/0x170
[   42.272358]  ? put_timespec64+0xb4/0x100
[   42.276397]  ? SyS_clock_gettime+0xf8/0x180
[   42.280701]  SyS_sendmsg+0x2d/0x50
[   42.284228]  ? __sys_sendmsg+0x140/0x140
[   42.288267]  do_syscall_64+0x1e8/0x640
[   42.292129]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.296967]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.302136] RIP: 0033:0x459879
[   42.305311] RSP: 002b:00007ff52cb0cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   42.313082] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879
[   42.320337] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[   42.327584] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[   42.334833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff52cb0d6d4
[   42.342085] R13: 00000000004c77c2 R14: 00000000004dd018 R15: 00000000ffffffff
[   42.349340] Code:  Bad RIP value.
[   42.352790] RIP:           (null) RSP: ffff8880876275e8
[   42.358566] CR2: 0000000000000000
[   42.363233] ---[ end trace f673ca410adb0e3c ]---
[   42.368024] Kernel panic - not syncing: Fatal exception
[   42.374983] Kernel Offset: disabled
[   42.378612] Rebooting in 86400 seconds..