[....] Starting OpenBSD Secure Shell server: sshd[   18.149694] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.705894] random: sshd: uninitialized urandom read (32 bytes read)
[   21.896988] sshd (4482) used greatest stack depth: 16872 bytes left
[   21.918656] random: sshd: uninitialized urandom read (32 bytes read)
[   22.743488] random: sshd: uninitialized urandom read (32 bytes read)
[   22.893932] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
[   28.333771] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/11 12:18:07 parsed 1 programs
[   29.291883] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/11 12:18:08 executed programs: 0
[   29.824743] IPVS: ftp: loaded support on port[0] = 21
[   29.950972] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.957445] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.964876] device bridge_slave_0 entered promiscuous mode
[   29.981874] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.988327] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.995568] device bridge_slave_1 entered promiscuous mode
[   30.011264] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   30.027505] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   30.073935] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   30.091682] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   30.153220] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   30.160661] team0: Port device team_slave_0 added
[   30.174977] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   30.182328] team0: Port device team_slave_1 added
[   30.197115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   30.214882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   30.232653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   30.249623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   30.364443] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.370924] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.377905] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.384290] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.794782] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   30.800937] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.843661] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.885728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.893458] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   30.933337] 8021q: adding VLAN 0 to HW filter on device team0
[   31.184465] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[   31.192473] PGD 1b84db067 P4D 1b84db067 PUD 1d6e3c067 PMD 0 
[   31.198272] Oops: 0010 [#1] SMP KASAN
[   31.202079] CPU: 1 PID: 4752 Comm: syz-executor0 Not tainted 4.17.0+ #121
[   31.208990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.218334] RIP: 0010:          (null)
[   31.222212] Code: Bad RIP value.
[   31.225586] RSP: 0018:ffff8801d6e27350 EFLAGS: 00010246
[   31.231059] RAX: 0000000000000000 RBX: ffff8801c7c77800 RCX: 1ffffffff10ea9fd
[   31.238317] RDX: ffff8801d6e27bb0 RSI: ffff8801acb37ac0 RDI: ffff8801d7654cc0
[   31.245604] RBP: ffff8801d6e274c0 R08: ffff8801d89bedb8 R09: 0000000000000006
[   31.252860] R10: ffff8801d89be580 R11: 0000000000000000 R12: 1ffff1003adc4e6f
[   31.260127] R13: ffff8801d6e27bb0 R14: ffff8801c7c77812 R15: ffff8801c7c77c58
[   31.267405] FS:  0000000000000000(0000) GS:ffff8801daf00000(0063) knlGS:0000000009928900
[   31.275617] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   31.281481] CR2: ffffffffffffffd6 CR3: 00000001b2453000 CR4: 00000000001406e0
[   31.288738] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   31.296003] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   31.303263] Call Trace:
[   31.305861]  ? smc_poll+0x211/0xdd0
[   31.309476]  ? __smc_connect+0xa90/0xa90
[   31.313530]  ? save_stack+0x43/0xd0
[   31.317162]  ? kasan_kmalloc+0xc4/0xe0
[   31.321049]  ? kasan_slab_alloc+0x12/0x20
[   31.325179]  ? kmem_cache_alloc+0x12e/0x760
[   31.329480]  ? ep_insert+0x270/0x1c00
[   31.333264]  ? __ia32_sys_epoll_ctl+0xef1/0x10f0
[   31.338008]  ? do_fast_syscall_32+0x345/0xf9b
[   31.342495]  ? entry_SYSENTER_compat+0x70/0x7f
[   31.347063]  ? graph_lock+0x170/0x170
[   31.350863]  ? percpu_ref_tryget+0x2b0/0x2b0
[   31.355275]  ? trace_hardirqs_on+0xd/0x10
[   31.359421]  ? queue_work_on+0x12c/0x1e0
[   31.363467]  ? print_usage_bug+0xc0/0xc0
[   31.367511]  sock_poll+0x1d1/0x710
[   31.371047]  ? __smc_connect+0xa90/0xa90
[   31.375094]  ? sock_get_poll_head+0x460/0x460
[   31.379573]  ? sock_get_poll_head+0x460/0x460
[   31.384053]  vfs_poll+0x77/0x2a0
[   31.387413]  ep_item_poll.isra.15+0x2c1/0x390
[   31.391893]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.397243]  ? ep_eventpoll_poll+0x1f0/0x1f0
[   31.401637]  ? find_held_lock+0x36/0x1c0
[   31.405690]  ? ep_insert+0x270/0x1c00
[   31.409487]  ep_insert+0x6b8/0x1c00
[   31.413101]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   31.418291]  ? ep_send_events_proc+0xee0/0xee0
[   31.422860]  ? lock_release+0xa10/0xa10
[   31.426819]  ? check_same_owner+0x320/0x320
[   31.431126]  ? rcu_note_context_switch+0x710/0x710
[   31.436069]  ? __might_sleep+0x95/0x190
[   31.440040]  ? kasan_check_write+0x14/0x20
[   31.444260]  ? __mutex_lock+0x7d9/0x17f0
[   31.448318]  ? __ia32_sys_epoll_ctl+0x518/0x10f0
[   31.453091]  ? do_futex+0x249/0x27d0
[   31.456795]  ? mutex_trylock+0x2a0/0x2a0
[   31.460855]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.465856]  ? exit_robust_list+0x290/0x290
[   31.470176]  ? lockdep_init_map+0x9/0x10
[   31.474221]  ? debug_mutex_init+0x2d/0x60
[   31.478363]  ? __mutex_init+0x1ef/0x280
[   31.482340]  ? pud_val+0x80/0xf0
[   31.485699]  ? pmd_val+0xf0/0xf0
[   31.489053]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.494578]  ? find_held_lock+0x36/0x1c0
[   31.498627]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.504158]  ? __fget_light+0x2ef/0x430
[   31.508114]  ? fget_raw+0x20/0x20
[   31.511553]  ? __might_sleep+0x95/0x190
[   31.515521]  ? clear_tfile_check_list+0x380/0x380
[   31.520366]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   31.525541]  __ia32_sys_epoll_ctl+0xef1/0x10f0
[   31.530111]  ? __x64_sys_epoll_ctl+0x10f0/0x10f0
[   31.534851]  ? __ia32_compat_sys_futex+0x3de/0x5e0
[   31.539771]  ? __x32_compat_sys_get_robust_list+0x430/0x430
[   31.545468]  ? do_fast_syscall_32+0x148/0xf9b
[   31.549949]  do_fast_syscall_32+0x345/0xf9b
[   31.554255]  ? do_int80_syscall_32+0x880/0x880
[   31.558954]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.563710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.569237]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.574155]  ? sysret32_from_system_call+0x5/0x46
[   31.578997]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.583832]  entry_SYSENTER_compat+0x70/0x7f
[   31.588236] RIP: 0023:0xf7f54cb9
[   31.591580] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   31.610801] RSP: 002b:00000000ffa2c14c EFLAGS: 00000286 ORIG_RAX: 00000000000000ff
[   31.618501] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[   31.625766] RDX: 0000000000000003 RSI: 0000000020c7f000 RDI: 0000000000000000
[   31.633025] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   31.640278] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[   31.647530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   31.654872] Modules linked in:
[   31.658052] Dumping ftrace buffer:
[   31.661574]    (ftrace buffer empty)
[   31.665266] CR2: 0000000000000000
[   31.669609] ---[ end trace 85387ed56168cf11 ]---
[   31.674396] RIP: 0010:          (null)
[   31.678297] Code: Bad RIP value.
[   31.681695] RSP: 0018:ffff8801d6e27350 EFLAGS: 00010246
[   31.687092] RAX: 0000000000000000 RBX: ffff8801c7c77800 RCX: 1ffffffff10ea9fd
[   31.694370] RDX: ffff8801d6e27bb0 RSI: ffff8801acb37ac0 RDI: ffff8801d7654cc0
[   31.701660] RBP: ffff8801d6e274c0 R08: ffff8801d89bedb8 R09: 0000000000000006
[   31.708941] R10: ffff8801d89be580 R11: 0000000000000000 R12: 1ffff1003adc4e6f
[   31.716224] R13: ffff8801d6e27bb0 R14: ffff8801c7c77812 R15: ffff8801c7c77c58
[   31.723505] FS:  0000000000000000(0000) GS:ffff8801daf00000(0063) knlGS:0000000009928900
[   31.731742] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   31.737635] CR2: ffffffffffffffd6 CR3: 00000001b2453000 CR4: 00000000001406e0
[   31.744915] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   31.752196] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   31.759473] Kernel panic - not syncing: Fatal exception
[   31.765502] Dumping ftrace buffer:
[   31.769046]    (ftrace buffer empty)
[   31.772756] Kernel Offset: disabled
[   31.776365] Rebooting in 86400 seconds..