[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   17.666705] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.703878] random: sshd: uninitialized urandom read (32 bytes read)
[   23.109503] random: sshd: uninitialized urandom read (32 bytes read)
[   23.845014] random: sshd: uninitialized urandom read (32 bytes read)
[   23.988254] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
[   29.532812] random: sshd: uninitialized urandom read (32 bytes read)
[   29.639984] IPVS: ftp: loaded support on port[0] = 21
[   29.642328] IPVS: ftp: loaded support on port[0] = 21
[   29.648040] IPVS: ftp: loaded support on port[0] = 21
[   29.653951] IPVS: ftp: loaded support on port[0] = 21
[   29.658872] IPVS: ftp: loaded support on port[0] = 21
[   29.662667] IPVS: ftp: loaded support on port[0] = 21
[   29.667935] IPVS: ftp: loaded support on port[0] = 21
[   29.673104] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   31.097617] ==================================================================
[   31.105046] BUG: KASAN: slab-out-of-bounds in find_first_bit+0xf7/0x100
[   31.111812] Read of size 8 at addr ffff8801d72da090 by task kswapd0/1533
[   31.118679] 
[   31.120325] CPU: 0 PID: 1533 Comm: kswapd0 Not tainted 4.18.0-rc4-next-20180710+ #3
[   31.128138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.137496] Call Trace:
[   31.140094]  dump_stack+0x1c9/0x2b4
[   31.143728]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.148917]  ? printk+0xa7/0xcf
[   31.152201]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   31.156957]  ? find_first_bit+0xf7/0x100
[   31.161119]  print_address_description+0x6c/0x20b
[   31.165963]  ? find_first_bit+0xf7/0x100
[   31.170049]  kasan_report.cold.7+0x242/0x30d
[   31.174463]  __asan_report_load8_noabort+0x14/0x20
[   31.179425]  find_first_bit+0xf7/0x100
[   31.183405]  shrink_slab+0x5d0/0xdb0
[   31.187155]  ? shrink_node_memcg+0xc91/0x18f0
[   31.191660]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   31.197299]  ? shrink_active_list+0x1830/0x1830
[   31.201983]  ? run_rebalance_domains+0x4c0/0x4c0
[   31.206756]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   31.212305]  shrink_node+0x429/0x16a0
[   31.216157]  ? shrink_node_memcg+0x18f0/0x18f0
[   31.220745]  ? zone_watermark_ok_safe+0x14b/0x3d0
[   31.225600]  ? lock_acquire+0x1e4/0x540
[   31.229646]  ? __alloc_pages_direct_compact+0x340/0x340
[   31.235030]  ? lock_release+0xa30/0xa30
[   31.239019]  ? __sched_text_start+0x8/0x8
[   31.243356]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.248918]  ? pgdat_balanced+0x118/0x150
[   31.253073]  balance_pgdat+0x7ca/0x1010
[   31.257065]  ? mem_cgroup_shrink_node+0xb20/0xb20
[   31.261943]  ? check_same_owner+0x340/0x340
[   31.266295]  ? rcu_note_context_switch+0x730/0x730
[   31.271240]  kswapd+0x82e/0x12f0
[   31.274648]  ? balance_pgdat+0x1010/0x1010
[   31.278892]  ? finish_wait+0x430/0x430
[   31.282800]  ? kasan_check_read+0x11/0x20
[   31.286953]  ? do_raw_spin_unlock+0xa7/0x2f0
[   31.291370]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   31.296480]  ? __kthread_parkme+0x58/0x1b0
[   31.300725]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.305934]  ? trace_hardirqs_on+0xd/0x10
[   31.310093]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.315635]  ? __kthread_parkme+0x106/0x1b0
[   31.319964]  kthread+0x345/0x410
[   31.323339]  ? balance_pgdat+0x1010/0x1010
[   31.327576]  ? kthread_bind+0x40/0x40
[   31.331386]  ret_from_fork+0x3a/0x50
[   31.335107] 
[   31.336729] Allocated by task 4499:
[   31.340363]  save_stack+0x43/0xd0
[   31.343859]  kasan_kmalloc+0xc4/0xe0
[   31.347576]  __kmalloc_node+0x47/0x70
[   31.351370]  kvmalloc_node+0x65/0xf0
[   31.355111]  mem_cgroup_css_online+0x169/0x3c0
[   31.359686]  online_css+0x10c/0x350
[   31.363296]  cgroup_apply_control_enable+0x777/0xe90
[   31.368386]  cgroup_mkdir+0x88a/0x1170
[   31.372258]  kernfs_iop_mkdir+0x159/0x1e0
[   31.376389]  vfs_mkdir+0x42e/0x6b0
[   31.380015]  do_mkdirat+0x27b/0x310
[   31.383637]  __x64_sys_mkdir+0x5c/0x80
[   31.387519]  do_syscall_64+0x1b9/0x820
[   31.392700]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.397869] 
[   31.399496] Freed by task 1:
[   31.402525]  save_stack+0x43/0xd0
[   31.405965]  __kasan_slab_free+0x11a/0x170
[   31.410192]  kasan_slab_free+0xe/0x10
[   31.413977]  kfree+0xd9/0x260
[   31.417137]  acpi_ex_stop_trace_method+0x1bf/0x1cb
[   31.422054]  acpi_ds_terminate_control_method+0x5ab/0x5bc
[   31.427587]  acpi_ps_parse_aml+0x4af/0x86a
[   31.431816]  acpi_ps_execute_method+0x521/0x597
[   31.436466]  acpi_ns_evaluate+0x717/0x9bc
[   31.440605]  acpi_evaluate_object+0x48c/0x8cf
[   31.445264]  acpi_evaluate_integer+0x129/0x280
[   31.450019]  acpi_bus_get_status_handle+0x26/0xa0
[   31.454866]  acpi_bus_check_add+0x3b5/0xb60
[   31.459190]  acpi_ns_walk_namespace+0x224/0x400
[   31.463845]  acpi_walk_namespace+0xf2/0x12c
[   31.468158]  acpi_bus_scan+0x146/0x170
[   31.472029]  acpi_scan_init+0x403/0x8fe
[   31.476337]  acpi_init+0x941/0xa19
[   31.479864]  do_one_initcall+0x127/0x913
[   31.483909]  kernel_init_freeable+0x49b/0x58e
[   31.488400]  kernel_init+0x11/0x1b3
[   31.492018]  ret_from_fork+0x3a/0x50
[   31.495717] 
[   31.497335] The buggy address belongs to the object at ffff8801d72da080
[   31.497335]  which belongs to the cache kmalloc-32 of size 32
[   31.509811] The buggy address is located 16 bytes inside of
[   31.509811]  32-byte region [ffff8801d72da080, ffff8801d72da0a0)
[   31.521581] The buggy address belongs to the page:
[   31.526495] page:ffffea00075cb680 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d72dafc1
[   31.535937] flags: 0x2fffc0000000100(slab)
[   31.540160] raw: 02fffc0000000100 ffffea00075ca9c8 ffffea00075cb808 ffff8801da8001c0
[   31.548036] raw: ffff8801d72dafc1 ffff8801d72da000 000000010000003f 0000000000000000
[   31.555993] page dumped because: kasan: bad access detected
[   31.561690] 
[   31.563294] Memory state around the buggy address:
[   31.568207]  ffff8801d72d9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.575556]  ffff8801d72da000: 00 03 fc fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   31.582988] >ffff8801d72da080: 00 00 05 fc fc fc fc fc 05 fc fc fc fc fc fc fc
[   31.590334]                          ^
[   31.594208]  ffff8801d72da100: 05 fc fc fc fc fc fc fc 05 fc fc fc fc fc fc fc
[   31.601551]  ffff8801d72da180: 05 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   31.609008] ==================================================================
[   31.617284] Kernel panic - not syncing: panic_on_warn set ...
[   31.617284] 
[   31.624679] CPU: 0 PID: 1533 Comm: kswapd0 Tainted: G    B             4.18.0-rc4-next-20180710+ #3
[   31.633859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.643197] Call Trace:
[   31.645777]  dump_stack+0x1c9/0x2b4
[   31.649393]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.654585]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.659529]  panic+0x238/0x4e7
[   31.662883]  ? add_taint.cold.5+0x16/0x16
[   31.667031]  ? do_raw_spin_unlock+0xa7/0x2f0
[   31.671451]  ? do_raw_spin_unlock+0xa7/0x2f0
[   31.675873]  ? find_first_bit+0xf7/0x100
[   31.680026]  kasan_end_report+0x47/0x4f
[   31.684096]  kasan_report.cold.7+0x76/0x30d
[   31.688498]  __asan_report_load8_noabort+0x14/0x20
[   31.693417]  find_first_bit+0xf7/0x100
[   31.697287]  shrink_slab+0x5d0/0xdb0
[   31.700986]  ? shrink_node_memcg+0xc91/0x18f0
[   31.705469]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   31.711090]  ? shrink_active_list+0x1830/0x1830
[   31.715752]  ? run_rebalance_domains+0x4c0/0x4c0
[   31.720508]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   31.726036]  shrink_node+0x429/0x16a0
[   31.729832]  ? shrink_node_memcg+0x18f0/0x18f0
[   31.734413]  ? zone_watermark_ok_safe+0x14b/0x3d0
[   31.739241]  ? lock_acquire+0x1e4/0x540
[   31.743203]  ? __alloc_pages_direct_compact+0x340/0x340
[   31.748569]  ? lock_release+0xa30/0xa30
[   31.752531]  ? __sched_text_start+0x8/0x8
[   31.756667]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.762277]  ? pgdat_balanced+0x118/0x150
[   31.766592]  balance_pgdat+0x7ca/0x1010
[   31.770558]  ? mem_cgroup_shrink_node+0xb20/0xb20
[   31.775393]  ? check_same_owner+0x340/0x340
[   31.779814]  ? rcu_note_context_switch+0x730/0x730
[   31.784910]  kswapd+0x82e/0x12f0
[   31.788270]  ? balance_pgdat+0x1010/0x1010
[   31.792492]  ? finish_wait+0x430/0x430
[   31.796374]  ? kasan_check_read+0x11/0x20
[   31.800510]  ? do_raw_spin_unlock+0xa7/0x2f0
[   31.804909]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   31.809996]  ? __kthread_parkme+0x58/0x1b0
[   31.814220]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.819233]  ? trace_hardirqs_on+0xd/0x10
[   31.823382]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.828922]  ? __kthread_parkme+0x106/0x1b0
[   31.833234]  kthread+0x345/0x410
[   31.836595]  ? balance_pgdat+0x1010/0x1010
[   31.840828]  ? kthread_bind+0x40/0x40
[   31.844618]  ret_from_fork+0x3a/0x50
[   31.848920] Dumping ftrace buffer:
[   31.852444]    (ftrace buffer empty)
[   31.856139] Kernel Offset: disabled
[   31.859754] Rebooting in 86400 seconds..