[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   24.148517] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.253733] random: sshd: uninitialized urandom read (32 bytes read)
[   28.667691] random: sshd: uninitialized urandom read (32 bytes read)
[   29.234787] random: sshd: uninitialized urandom read (32 bytes read)
[  105.675712] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
[  111.309746] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/26 09:13:39 parsed 1 programs
[  112.468578] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/26 09:13:41 executed programs: 0
[  113.836194] IPVS: ftp: loaded support on port[0] = 21
[  114.054755] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.061247] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.068987] device bridge_slave_0 entered promiscuous mode
[  114.087456] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.093877] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.100975] device bridge_slave_1 entered promiscuous mode
[  114.117647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  114.134737] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  114.180962] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  114.200942] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  114.270382] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  114.278608] team0: Port device team_slave_0 added
[  114.294346] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  114.301613] team0: Port device team_slave_1 added
[  114.317824] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  114.331416] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  114.350778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  114.365509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  114.494920] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.501376] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.508126] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.514477] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.978671] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  114.985078] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.027471] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  115.036956] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  115.085366] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  115.091971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  115.099535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.140465] 8021q: adding VLAN 0 to HW filter on device team0
[  115.426598] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  115.452503] kasan: CONFIG_KASAN_INLINE enabled
[  115.457203] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  115.464619] general protection fault: 0000 [#1] SMP KASAN
[  115.470145] CPU: 0 PID: 4733 Comm: syz-executor0 Not tainted 4.18.0-next-20180824+ #47
[  115.478176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  115.487641] RIP: 0010:kvm_pv_send_ipi+0x582/0xaf0
[  115.492474] Code: e0 07 83 c0 01 88 85 97 fe ff ff e8 08 1d 64 00 8b 85 b0 fe ff ff 44 01 e0 48 98 49 8d bc c7 18 02 00 00 48 89 fa 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ed 03 00 00 49 8b 84 c7 18 02 00 00 48 8d b8
[  115.511470] RSP: 0018:ffff8801d09bf028 EFLAGS: 00010206
[  115.516820] RAX: 000000000000002f RBX: ffff8801d09bf190 RCX: ffffffff8118b084
[  115.524070] RDX: 0000000000000072 RSI: ffffffff8118b0c8 RDI: 0000000000000390
[  115.531334] RBP: ffff8801d09bf1b8 R08: ffff8801c5862740 R09: ffffed003b6046de
[  115.538589] R10: ffffed003b6046de R11: ffff8801db0236f3 R12: 000000000000000f
[  115.545840] R13: ffff8801d09bf110 R14: dffffc0000000000 R15: 0000000000000000
[  115.553106] FS:  00000000021fd940(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
[  115.561313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  115.567174] CR2: 0000000000000000 CR3: 00000001bac14000 CR4: 00000000001426f0
[  115.574435] Call Trace:
[  115.577011]  ? __lock_acquire+0x7fc/0x5020
[  115.581238]  ? kvm_apic_set_irq+0x170/0x170
[  115.585665]  ? __lock_is_held+0xb5/0x140
[  115.589766]  ? save_stack+0x43/0xd0
[  115.593394]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  115.599051]  ? vmx_read_guest_seg_ar+0x221/0x270
[  115.603795]  kvm_emulate_hypercall+0x9d7/0xea0
[  115.608365]  ? kvm_fast_pio+0x4f0/0x4f0
[  115.612439]  ? graph_lock+0x170/0x170
[  115.616224]  ? vmx_vcpu_run+0x13f9/0x277b
[  115.620370]  ? vmx_vcpu_run+0x13ed/0x277b
[  115.624503]  ? vmx_vcpu_run+0x13f9/0x277b
[  115.628630]  ? vmx_vcpu_run+0x13ed/0x277b
[  115.632755]  ? vmx_vcpu_run+0x13f9/0x277b
[  115.636890]  ? vmx_vcpu_run+0x13ed/0x277b
[  115.641021]  ? vmx_vcpu_run+0x13f9/0x277b
[  115.645146]  ? vmx_vcpu_run+0x13ed/0x277b
[  115.649277]  ? print_usage_bug+0xc0/0xc0
[  115.653369]  ? vmx_vcpu_run+0x13ed/0x277b
[  115.657514]  ? __lock_is_held+0xb5/0x140
[  115.661556]  ? __vmx_complete_interrupts+0x103/0x3e0
[  115.666666]  handle_vmcall+0x15/0x20
[  115.670492]  ? handle_io+0x100/0x100
[  115.674321]  vmx_handle_exit+0x2dd/0x1760
[  115.678452]  ? lock_acquire+0x1e4/0x4f0
[  115.682417]  ? vcpu_enter_guest+0x1285/0x61a0
[  115.686906]  ? vcpu_enter_guest+0x1227/0x61a0
[  115.691511]  ? handle_vmfunc+0x9d0/0x9d0
[  115.695559]  ? trace_hardirqs_on+0xbd/0x2c0
[  115.699863]  ? kvm_arch_vcpu_ioctl_run+0x373/0x16d0
[  115.704865]  vcpu_enter_guest+0x143c/0x61a0
[  115.709243]  ? kasan_check_write+0x14/0x20
[  115.713471]  ? kvm_set_msr_common+0x2680/0x2680
[  115.718300]  ? vmx_vcpu_load+0xad2/0xfe0
[  115.722345]  ? find_held_lock+0x36/0x1c0
[  115.726510]  ? handle_dr+0x8c0/0x8c0
[  115.730205]  ? graph_lock+0x170/0x170
[  115.733986]  ? lock_downgrade+0x8f0/0x8f0
[  115.738203]  ? __kasan_slab_free+0x11a/0x170
[  115.742603]  ? kasan_slab_free+0xe/0x10
[  115.746568]  ? __lock_is_held+0xb5/0x140
[  115.750627]  ? kvm_check_async_pf_completion+0x3a7/0x5c0
[  115.756076]  ? kvm_clear_async_pf_completion_queue+0x790/0x790
[  115.762034]  ? kvm_arch_dev_ioctl+0x610/0x610
[  115.766531]  ? preempt_notifier_dec+0x20/0x20
[  115.771027]  kvm_arch_vcpu_ioctl_run+0x373/0x16d0
[  115.775875]  ? kvm_arch_vcpu_ioctl_run+0x373/0x16d0
[  115.780877]  kvm_vcpu_ioctl+0x7b8/0x1280
[  115.784936]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  115.790628]  ? exit_robust_list+0x290/0x290
[  115.794941]  ? lockdep_hardirqs_on+0x421/0x5c0
[  115.799532]  ? trace_hardirqs_on+0xbd/0x2c0
[  115.803840]  ? rcu_is_watching+0x8c/0x150
[  115.808018]  ? call_rcu_sched+0x12/0x20
[  115.811973]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[  115.817079]  ? rcu_cleanup_dead_rnp+0x200/0x200
[  115.821804]  ? graph_lock+0x170/0x170
[  115.825594]  ? note_gp_changes+0x420/0x420
[  115.829813]  ? mnt_get_count+0x150/0x150
[  115.833855]  ? blkcg_maybe_throttle_current+0xa56/0x10c0
[  115.839285]  ? _raw_spin_unlock+0x22/0x30
[  115.843415]  ? blkcg_print_stat+0x1420/0x1420
[  115.847893]  ? _raw_spin_unlock_irq+0x27/0x70
[  115.852368]  ? _raw_spin_unlock_irq+0x27/0x70
[  115.856847]  ? kvm_uevent_notify_change.part.32+0x440/0x440
[  115.862543]  do_vfs_ioctl+0x1de/0x1720
[  115.866412]  ? task_work_run+0x1af/0x2a0
[  115.870454]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[  115.875543]  ? ioctl_preallocate+0x300/0x300
[  115.879938]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  115.885460]  ? __fget_light+0x2f7/0x440
[  115.889418]  ? fget_raw+0x20/0x20
[  115.892866]  ? trace_hardirqs_off+0xb8/0x2b0
[  115.897264]  ? __x64_sys_futex+0x47f/0x6a0
[  115.901484]  ? do_syscall_64+0x9a/0x820
[  115.905439]  ? do_syscall_64+0x9a/0x820
[  115.909397]  ? lockdep_hardirqs_on+0x421/0x5c0
[  115.913964]  ? security_file_ioctl+0x94/0xc0
[  115.918355]  ksys_ioctl+0xa9/0xd0
[  115.921795]  __x64_sys_ioctl+0x73/0xb0
[  115.925669]  do_syscall_64+0x1b9/0x820
[  115.929554]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  115.934905]  ? syscall_return_slowpath+0x5e0/0x5e0
[  115.939814]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  115.944648]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[  115.949649]  ? prepare_exit_to_usermode+0x291/0x3b0
[  115.954663]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  115.959493]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  115.964667] RIP: 0033:0x457089
[  115.967852] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  115.986733] RSP: 002b:00007ffccf6230c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  115.994424] RAX: ffffffffffffffda RBX: 00000000021fd914 RCX: 0000000000457089
[  116.001675] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  116.008922] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  116.016170] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  116.023430] R13: 00000000004ceea8 R14: 00000000004c5529 R15: 0000000000000000
[  116.030678] Modules linked in:
[  116.033852] Dumping ftrace buffer:
[  116.037365]    (ftrace buffer empty)
[  116.041483] ---[ end trace 0c14275c13b86dde ]---
[  116.046268] RIP: 0010:kvm_pv_send_ipi+0x582/0xaf0
[  116.051118] Code: e0 07 83 c0 01 88 85 97 fe ff ff e8 08 1d 64 00 8b 85 b0 fe ff ff 44 01 e0 48 98 49 8d bc c7 18 02 00 00 48 89 fa 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ed 03 00 00 49 8b 84 c7 18 02 00 00 48 8d b8
[  116.070040] RSP: 0018:ffff8801d09bf028 EFLAGS: 00010206
[  116.075463] RAX: 000000000000002f RBX: ffff8801d09bf190 RCX: ffffffff8118b084
[  116.082760] RDX: 0000000000000072 RSI: ffffffff8118b0c8 RDI: 0000000000000390
[  116.090051] RBP: ffff8801d09bf1b8 R08: ffff8801c5862740 R09: ffffed003b6046de
[  116.097362] R10: ffffed003b6046de R11: ffff8801db0236f3 R12: 000000000000000f
[  116.104648] R13: ffff8801d09bf110 R14: dffffc0000000000 R15: 0000000000000000
[  116.111931] FS:  00000000021fd940(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
[  116.120176] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.126109] CR2: 0000000000000000 CR3: 00000001bac14000 CR4: 00000000001426f0
[  116.133465] Kernel panic - not syncing: Fatal exception
[  116.139192] Dumping ftrace buffer:
[  116.142724]    (ftrace buffer empty)
[  116.146416] Kernel Offset: disabled
[  116.150021] Rebooting in 86400 seconds..