[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.793441] random: sshd: uninitialized urandom read (32 bytes read)
[   34.066054] kauditd_printk_skb: 9 callbacks suppressed
[   34.066062] audit: type=1400 audit(1566422769.673:35): avc:  denied  { map } for  pid=6864 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   34.120247] random: sshd: uninitialized urandom read (32 bytes read)
[   34.671738] random: sshd: uninitialized urandom read (32 bytes read)
[   34.853471] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts.
[   40.292525] random: sshd: uninitialized urandom read (32 bytes read)
[   40.469308] audit: type=1400 audit(1566422776.073:36): avc:  denied  { map } for  pid=6877 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/08/21 21:26:16 parsed 1 programs
[   41.282457] audit: type=1400 audit(1566422776.893:37): avc:  denied  { map } for  pid=6877 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1145 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   41.722371] random: cc1: uninitialized urandom read (8 bytes read)
2019/08/21 21:26:18 executed programs: 0
[   42.470225] audit: type=1400 audit(1566422778.073:38): avc:  denied  { map } for  pid=6877 comm="syz-execprog" path="/root/syzkaller-shm698967708" dev="sda1" ino=16485 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   42.740874] IPVS: ftp: loaded support on port[0] = 21
[   43.582194] chnl_net:caif_netlink_parms(): no params data found
[   43.611294] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.617899] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.625232] device bridge_slave_0 entered promiscuous mode
[   43.632078] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.638508] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.645484] device bridge_slave_1 entered promiscuous mode
[   43.658723] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.667877] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.683371] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   43.690589] team0: Port device team_slave_0 added
[   43.695872] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   43.702989] team0: Port device team_slave_1 added
[   43.708083] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   43.715334] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   43.761663] device hsr_slave_0 entered promiscuous mode
[   43.800356] device hsr_slave_1 entered promiscuous mode
[   43.880447] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   43.887255] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   43.900569] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.906937] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.913784] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.920163] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.944905] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   43.951587] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.959120] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   43.967781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.986169] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.998056] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.007495] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   44.013830] 8021q: adding VLAN 0 to HW filter on device team0
[   44.021856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.029342] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.035707] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.052101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.059628] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.065993] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.073354] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.081475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.092148] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   44.102372] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   44.112744] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   44.119018] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   44.126092] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.133562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.141867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   44.153267] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   44.162535] 8021q: adding VLAN 0 to HW filter on device batadv0
[   44.580821] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   45.237776] audit: type=1400 audit(1566422780.843:39): avc:  denied  { map } for  pid=6907 comm="syz-executor.0" path="/root/syzkaller-testdir924377134/syzkaller.yP7Cib/0/file0/mem" dev="devtmpfs" ino=1059 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=1
[   45.245658] x86/PAT: syz-executor.0:6907 freeing invalid memtype [mem 0x00001000-0x00001fff]
[   45.277291] FAULT_INJECTION: forcing a failure.
[   45.277291] name failslab, interval 1, probability 0, space 0, times 1
[   45.288613] CPU: 1 PID: 6907 Comm: syz-executor.0 Not tainted 4.14.139 #35
[   45.295614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.304948] Call Trace:
[   45.307519]  dump_stack+0x138/0x19c
[   45.311128]  should_fail.cold+0x10f/0x159
[   45.315252]  should_failslab+0xdb/0x130
[   45.319209]  kmem_cache_alloc_trace+0x2e9/0x790
[   45.323865]  ? pat_pagerange_is_ram+0x90/0xf0
[   45.328335]  ? __init_cache_modes+0x240/0x240
[   45.332806]  reserve_memtype+0x164/0x640
[   45.336843]  ? lock_downgrade+0x6e0/0x6e0
[   45.340966]  ? pat_init+0x420/0x420
[   45.344566]  ? __init_cache_modes+0x240/0x240
[   45.349039]  reserve_pfn_range+0x11c/0x390
[   45.353257]  ? arch_io_reserve_memtype_wc+0x80/0x80
[   45.358250]  ? copy_process.part.0+0x444f/0x6a00
[   45.362981]  ? SyS_clone+0x37/0x50
[   45.366496]  ? do_syscall_64+0x1e8/0x640
[   45.370533]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.375874]  track_pfn_copy+0x14a/0x190
[   45.379826]  ? reserve_pfn_range+0x390/0x390
[   45.384212]  ? trace_hardirqs_on+0x10/0x10
[   45.388434]  copy_page_range+0x1255/0x1bd0
[   45.392648]  ? save_trace+0x290/0x290
[   45.396438]  ? copy_process.part.0+0x41de/0x6a00
[   45.401179]  ? find_held_lock+0x35/0x130
[   45.405216]  ? vma_compute_subtree_gap+0x190/0x1f0
[   45.410121]  ? vma_gap_callbacks_rotate+0x62/0x80
[   45.414942]  ? __rb_insert_augmented+0x22f/0xdf0
[   45.419685]  ? __pmd_alloc+0x410/0x410
[   45.423555]  ? __vma_link_rb+0x247/0x340
[   45.427602]  copy_process.part.0+0x4764/0x6a00
[   45.432180]  ? __cleanup_sighand+0x50/0x50
[   45.436393]  ? vfs_write+0x25f/0x500
[   45.440100]  _do_fork+0x19e/0xce0
[   45.443539]  ? fork_idle+0x280/0x280
[   45.447229]  ? vfs_write+0x104/0x500
[   45.450922]  ? SyS_write+0x15e/0x230
[   45.454681]  SyS_clone+0x37/0x50
[   45.458083]  ? sys_vfork+0x30/0x30
[   45.461610]  do_syscall_64+0x1e8/0x640
[   45.465474]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.470298]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.475464] RIP: 0033:0x459829
[   45.478628] RSP: 002b:00007ffc3c81bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   45.486329] RAX: ffffffffffffffda RBX: 00007ffc3c81bb40 RCX: 0000000000459829
[   45.493580] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000
[   45.500833] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000
[   45.508087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000002663914
[   45.515337] R13: 00000000004bfce6 R14: 00000000004d1a58 R15: 0000000000000004
[   45.524151] ------------[ cut here ]------------
[   45.529004] WARNING: CPU: 1 PID: 6907 at arch/x86/mm/pat.c:1020 untrack_pfn+0x1dc/0x220
[   45.537122] Kernel panic - not syncing: panic_on_warn set ...
[   45.537122] 
[   45.544459] CPU: 1 PID: 6907 Comm: syz-executor.0 Not tainted 4.14.139 #35
[   45.551446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.560899] Call Trace:
[   45.563480]  dump_stack+0x138/0x19c
[   45.567097]  panic+0x1f2/0x426
[   45.570391]  ? add_taint.cold+0x16/0x16
[   45.574345]  ? untrack_pfn+0x1dc/0x220
[   45.578218]  ? untrack_pfn+0x1dc/0x220
[   45.582094]  __warn.cold+0x2f/0x36
[   45.585610]  ? ist_end_non_atomic+0x10/0x10
[   45.589908]  ? untrack_pfn+0x1dc/0x220
[   45.593780]  report_bug+0x216/0x254
[   45.597387]  do_error_trap+0x1bb/0x310
[   45.601253]  ? math_error+0x360/0x360
[   45.605034]  ? lock_downgrade+0x6e0/0x6e0
[   45.609161]  ? unmap_page_range+0xbe7/0x1770
[   45.613551]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.618370]  do_invalid_op+0x1b/0x20
[   45.622073]  invalid_op+0x1b/0x40
[   45.625511] RIP: 0010:untrack_pfn+0x1dc/0x220
[   45.629981] RSP: 0018:ffff888097187948 EFLAGS: 00010297
[   45.635327] RAX: ffff888089f5e2c0 RBX: ffff88808ba54778 RCX: 0000000000000000
[   45.642573] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[   45.649876] RBP: ffff8880971879d8 R08: ffff888089f5e2c0 R09: 0000000000000000
[   45.657134] R10: 0000000000000000 R11: ffff888089f5e2c0 R12: 1ffff11012e30f2a
[   45.664382] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880971879b0
[   45.671654]  ? untrack_pfn+0x1dc/0x220
[   45.675527]  ? track_pfn_insert+0x150/0x150
[   45.679826]  ? vm_normal_page_pmd+0x360/0x360
[   45.684298]  ? uprobe_munmap+0x94/0x210
[   45.688247]  unmap_single_vma+0x182/0x2c0
[   45.692370]  unmap_vmas+0xac/0x170
[   45.695887]  exit_mmap+0x285/0x4e0
[   45.699405]  ? SyS_munmap+0x30/0x30
[   45.703014]  ? kmem_cache_free+0x244/0x2b0
[   45.707225]  ? __khugepaged_exit+0xcf/0x3d0
[   45.711523]  ? lock_downgrade+0x6e0/0x6e0
[   45.715649]  mmput+0x114/0x440
[   45.718818]  copy_process.part.0+0x4743/0x6a00
[   45.723384]  ? __cleanup_sighand+0x50/0x50
[   45.727600]  ? vfs_write+0x25f/0x500
[   45.731293]  _do_fork+0x19e/0xce0
[   45.734721]  ? fork_idle+0x280/0x280
[   45.738407]  ? vfs_write+0x104/0x500
[   45.742093]  ? SyS_write+0x15e/0x230
[   45.745785]  SyS_clone+0x37/0x50
[   45.763977]  ? sys_vfork+0x30/0x30
[   45.767503]  do_syscall_64+0x1e8/0x640
[   45.771524]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.776366]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.781537] RIP: 0033:0x459829
[   45.784706] RSP: 002b:00007ffc3c81bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   45.792394] RAX: ffffffffffffffda RBX: 00007ffc3c81bb40 RCX: 0000000000459829
[   45.799643] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000
[   45.806890] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000
[   45.814135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000002663914
[   45.821381] R13: 00000000004bfce6 R14: 00000000004d1a58 R15: 0000000000000004
[   45.832319] Kernel Offset: disabled
[   45.836003] Rebooting in 86400 seconds..