[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   30.151448] random: sshd: uninitialized urandom read (32 bytes read)
[   30.391650] kauditd_printk_skb: 9 callbacks suppressed
[   30.391659] audit: type=1400 audit(1566720011.698:35): avc:  denied  { map } for  pid=6834 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   30.465812] random: sshd: uninitialized urandom read (32 bytes read)
[   30.999979] random: sshd: uninitialized urandom read (32 bytes read)
[   31.186023] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
[   36.716191] random: sshd: uninitialized urandom read (32 bytes read)
[   36.893302] audit: type=1400 audit(1566720018.198:36): avc:  denied  { map } for  pid=6848 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/08/25 08:00:19 parsed 1 programs
[   37.757441] audit: type=1400 audit(1566720019.058:37): avc:  denied  { map } for  pid=6848 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=29 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   38.379248] random: cc1: uninitialized urandom read (8 bytes read)
2019/08/25 08:00:20 executed programs: 0
[   39.096720] audit: type=1400 audit(1566720020.398:38): avc:  denied  { map } for  pid=6848 comm="syz-execprog" path="/root/syzkaller-shm194914168" dev="sda1" ino=16485 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   39.381002] IPVS: ftp: loaded support on port[0] = 21
[   40.233793] chnl_net:caif_netlink_parms(): no params data found
[   40.262187] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.269088] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.276153] device bridge_slave_0 entered promiscuous mode
[   40.283602] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.290361] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.297298] device bridge_slave_1 entered promiscuous mode
[   40.311597] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   40.321931] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   40.337137] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   40.344696] team0: Port device team_slave_0 added
[   40.350470] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   40.357572] team0: Port device team_slave_1 added
[   40.362969] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   40.370420] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   40.442526] device hsr_slave_0 entered promiscuous mode
[   40.490323] device hsr_slave_1 entered promiscuous mode
[   40.530480] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   40.537482] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   40.550456] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.557398] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.565078] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.571641] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.596487] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   40.603775] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.612765] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   40.621101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.629419] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.636846] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.646525] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   40.653552] 8021q: adding VLAN 0 to HW filter on device team0
[   40.662371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.670490] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.676844] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.692669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.700683] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.707268] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.715635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   40.723706] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   40.732359] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   40.741623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.751388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.760444] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   40.766469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   40.778598] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   40.789003] 8021q: adding VLAN 0 to HW filter on device batadv0
[   41.230702] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   41.931851] audit: type=1400 audit(1566720023.238:39): avc:  denied  { map } for  pid=6880 comm="syz-executor.0" path="/root/syzkaller-testdir524355191/syzkaller.iMgqCp/0/file0/mem" dev="devtmpfs" ino=13684 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=1
[   41.932071] x86/PAT: syz-executor.0:6880 freeing invalid memtype [mem 0x00001000-0x00001fff]
[   41.972679] FAULT_INJECTION: forcing a failure.
[   41.972679] name failslab, interval 1, probability 0, space 0, times 1
[   41.985776] CPU: 1 PID: 6880 Comm: syz-executor.0 Not tainted 4.14.139 #35
[   41.993061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.002517] Call Trace:
[   42.005547]  dump_stack+0x138/0x19c
[   42.009589]  should_fail.cold+0x10f/0x159
[   42.014004]  should_failslab+0xdb/0x130
[   42.018137]  kmem_cache_alloc+0x2d7/0x780
[   42.022423]  ? __pmd_alloc+0x410/0x410
[   42.026502]  copy_process.part.0+0x444f/0x6a00
[   42.031402]  ? __cleanup_sighand+0x50/0x50
[   42.035712]  ? vfs_write+0x25f/0x500
[   42.039609]  _do_fork+0x19e/0xce0
[   42.043062]  ? fork_idle+0x280/0x280
[   42.046783]  ? vfs_write+0x104/0x500
[   42.050796]  ? SyS_write+0x15e/0x230
[   42.054832]  SyS_clone+0x37/0x50
[   42.058296]  ? sys_vfork+0x30/0x30
[   42.062009]  do_syscall_64+0x1e8/0x640
[   42.066163]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.071141]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.076639] RIP: 0033:0x459879
[   42.079814] RSP: 002b:00007ffdba9c76f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   42.087944] RAX: ffffffffffffffda RBX: 00007ffdba9c7710 RCX: 0000000000459879
[   42.095415] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   42.102673] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   42.110184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001938914
[   42.117620] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000004
[   42.126737] x86/PAT: syz-executor.0:6880 freeing invalid memtype [mem 0x00000000-0x00000fff]
[   42.137205] x86/PAT: syz-executor.0:6880 freeing invalid memtype [mem 0x00002000-0x00002fff]
[   42.198846] x86/PAT: syz-executor.0:6881 freeing invalid memtype [mem 0x00001000-0x00001fff]
[   42.208515] FAULT_INJECTION: forcing a failure.
[   42.208515] name failslab, interval 1, probability 0, space 0, times 0
[   42.220093] CPU: 1 PID: 6881 Comm: syz-executor.0 Not tainted 4.14.139 #35
[   42.227371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.236869] Call Trace:
[   42.239490]  dump_stack+0x138/0x19c
[   42.243374]  should_fail.cold+0x10f/0x159
[   42.247659]  should_failslab+0xdb/0x130
[   42.251886]  kmem_cache_alloc_trace+0x2e9/0x790
[   42.256651]  ? pat_pagerange_is_ram+0x90/0xf0
[   42.261289]  ? __init_cache_modes+0x240/0x240
[   42.266022]  reserve_memtype+0x164/0x640
[   42.270073]  ? lock_downgrade+0x6e0/0x6e0
[   42.274290]  ? pat_init+0x420/0x420
[   42.277931]  ? __init_cache_modes+0x240/0x240
[   42.282506]  reserve_pfn_range+0x11c/0x390
[   42.286756]  ? arch_io_reserve_memtype_wc+0x80/0x80
[   42.291770]  ? copy_process.part.0+0x444f/0x6a00
[   42.296823]  ? SyS_clone+0x37/0x50
[   42.300375]  ? do_syscall_64+0x1e8/0x640
[   42.304656]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.310034]  track_pfn_copy+0x14a/0x190
[   42.313999]  ? reserve_pfn_range+0x390/0x390
[   42.318411]  ? trace_hardirqs_on+0x10/0x10
[   42.322636]  copy_page_range+0x1255/0x1bd0
[   42.327054]  ? save_trace+0x290/0x290
[   42.331224]  ? copy_process.part.0+0x41de/0x6a00
[   42.336110]  ? find_held_lock+0x35/0x130
[   42.340338]  ? vma_compute_subtree_gap+0x190/0x1f0
[   42.345414]  ? vma_gap_callbacks_rotate+0x62/0x80
[   42.350270]  ? __rb_insert_augmented+0x22f/0xdf0
[   42.355098]  ? __pmd_alloc+0x410/0x410
[   42.358996]  ? __vma_link_rb+0x247/0x340
[   42.363082]  copy_process.part.0+0x4764/0x6a00
[   42.367852]  ? __cleanup_sighand+0x50/0x50
[   42.372091]  ? vfs_write+0x25f/0x500
[   42.376087]  _do_fork+0x19e/0xce0
[   42.379756]  ? fork_idle+0x280/0x280
[   42.383496]  ? vfs_write+0x104/0x500
[   42.387459]  ? SyS_write+0x15e/0x230
[   42.391169]  SyS_clone+0x37/0x50
[   42.394891]  ? sys_vfork+0x30/0x30
[   42.398449]  do_syscall_64+0x1e8/0x640
[   42.402337]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.407203]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.412380] RIP: 0033:0x459879
[   42.415565] RSP: 002b:00007ffdba9c76f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   42.423421] RAX: ffffffffffffffda RBX: 00007ffdba9c7710 RCX: 0000000000459879
[   42.430680] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   42.438023] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   42.445548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001938914
[   42.453064] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000004
[   42.461997] ------------[ cut here ]------------
[   42.467003] WARNING: CPU: 1 PID: 6881 at arch/x86/mm/pat.c:1020 untrack_pfn+0x1dc/0x220
[   42.475138] Kernel panic - not syncing: panic_on_warn set ...
[   42.475138] 
[   42.482530] CPU: 1 PID: 6881 Comm: syz-executor.0 Not tainted 4.14.139 #35
[   42.489543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.498922] Call Trace:
[   42.501513]  dump_stack+0x138/0x19c
[   42.505132]  panic+0x1f2/0x426
[   42.508481]  ? add_taint.cold+0x16/0x16
[   42.512568]  ? untrack_pfn+0x1dc/0x220
[   42.516442]  ? untrack_pfn+0x1dc/0x220
[   42.520416]  __warn.cold+0x2f/0x36
[   42.524044]  ? ist_end_non_atomic+0x10/0x10
[   42.528372]  ? untrack_pfn+0x1dc/0x220
[   42.532268]  report_bug+0x216/0x254
[   42.536024]  do_error_trap+0x1bb/0x310
[   42.539895]  ? math_error+0x360/0x360
[   42.543689]  ? lock_downgrade+0x6e0/0x6e0
[   42.547835]  ? unmap_page_range+0xbe7/0x1770
[   42.552257]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.557169]  do_invalid_op+0x1b/0x20
[   42.560895]  invalid_op+0x1b/0x40
[   42.564338] RIP: 0010:untrack_pfn+0x1dc/0x220
[   42.568826] RSP: 0018:ffff8880a4b8f948 EFLAGS: 00010297
[   42.574288] RAX: ffff8880870722c0 RBX: ffff8880a0a27ca0 RCX: 0000000000000000
[   42.581941] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[   42.589636] RBP: ffff8880a4b8f9d8 R08: ffff8880870722c0 R09: 0000000000000000
[   42.596907] R10: 0000000000000000 R11: ffff8880870722c0 R12: 1ffff11014971f2a
[   42.604604] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880a4b8f9b0
[   42.612209]  ? untrack_pfn+0x1dc/0x220
[   42.616115]  ? track_pfn_insert+0x150/0x150
[   42.620455]  ? vm_normal_page_pmd+0x360/0x360
[   42.625195]  ? uprobe_munmap+0x94/0x210
[   42.629333]  unmap_single_vma+0x182/0x2c0
[   42.633568]  unmap_vmas+0xac/0x170
[   42.637097]  exit_mmap+0x285/0x4e0
[   42.640757]  ? SyS_munmap+0x30/0x30
[   42.644543]  ? kmem_cache_free+0x244/0x2b0
[   42.648837]  ? __khugepaged_exit+0xcf/0x3d0
[   42.653165]  ? lock_downgrade+0x6e0/0x6e0
[   42.657395]  mmput+0x114/0x440
[   42.660573]  copy_process.part.0+0x4743/0x6a00
[   42.665265]  ? __cleanup_sighand+0x50/0x50
[   42.669496]  ? vfs_write+0x25f/0x500
[   42.673277]  _do_fork+0x19e/0xce0
[   42.676836]  ? fork_idle+0x280/0x280
[   42.680648]  ? vfs_write+0x104/0x500
[   42.684534]  ? SyS_write+0x15e/0x230
[   42.688326]  SyS_clone+0x37/0x50
[   42.691702]  ? sys_vfork+0x30/0x30
[   42.695451]  do_syscall_64+0x1e8/0x640
[   42.699564]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.704897]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.710092] RIP: 0033:0x459879
[   42.713277] RSP: 002b:00007ffdba9c76f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   42.720984] RAX: ffffffffffffffda RBX: 00007ffdba9c7710 RCX: 0000000000459879
[   42.728679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   42.735953] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   42.743517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001938914
[   42.751001] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000004
[   42.761526] Kernel Offset: disabled
[   42.765496] Rebooting in 86400 seconds..