[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.653428] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   17.636693] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.954357] random: sshd: uninitialized urandom read (32 bytes read)
[   18.648342] random: sshd: uninitialized urandom read (32 bytes read)
[   54.240578] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
[   59.733743] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   59.824443] IPVS: ftp: loaded support on port[0] = 21
[   59.995174] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.002066] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.009648] device bridge_slave_0 entered promiscuous mode
[   60.026100] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.032574] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.039795] device bridge_slave_1 entered promiscuous mode
[   60.054333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   60.070292] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   60.107982] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.125511] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.179102] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   60.186253] team0: Port device team_slave_0 added
[   60.200440] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   60.207491] team0: Port device team_slave_1 added
[   60.219646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.233823] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.250343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.267384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   60.361344] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.367914] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.374607] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.381078] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   60.752614] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   60.758788] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.800345] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   60.837051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.845180] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   60.877346] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   60.883481] 8021q: adding VLAN 0 to HW filter on device team0
[   60.944171] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[   61.165014] ==================================================================
[   61.172450] BUG: KASAN: use-after-scope in debug_object_deactivate+0x425/0x450
[   61.179801] Read of size 8 at addr ffff8801b8c1b750 by task syz-executor121/4719
[   61.187319] 
[   61.188944] CPU: 0 PID: 4719 Comm: syz-executor121 Not tainted 4.18.0-rc3+ #48
[   61.196280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   61.205612] Call Trace:
[   61.208174]  <IRQ>
[   61.210329]  dump_stack+0x1c9/0x2b4
[   61.213947]  ? dump_stack_print_info.cold.2+0x52/0x52
[   61.219482]  ? printk+0xa7/0xcf
[   61.222765]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   61.227519]  ? debug_object_deactivate+0x425/0x450
[   61.232436]  print_address_description+0x6c/0x20b
[   61.237273]  ? debug_object_deactivate+0x425/0x450
[   61.242190]  kasan_report.cold.7+0x242/0x2fe
[   61.246587]  __asan_report_load8_noabort+0x14/0x20
[   61.251502]  debug_object_deactivate+0x425/0x450
[   61.256249]  ? debug_stats_show+0x100/0x100
[   61.260570]  ? perf_trace_lock_acquire+0xeb/0x9a0
[   61.265409]  __hrtimer_run_queues+0x2bf/0x10c0
[   61.269981]  ? hrtimer_start_range_ns+0xd20/0xd20
[   61.274834]  ? pvclock_read_flags+0x160/0x160
[   61.279325]  ? kvm_clock_read+0x25/0x30
[   61.283299]  ? kvm_clock_read+0x25/0x30
[   61.287273]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   61.292281]  ? ktime_get_update_offsets_now+0x3db/0x5d0
[   61.297649]  ? do_timer+0x50/0x50
[   61.301092]  ? kasan_check_read+0x11/0x20
[   61.305231]  ? rcu_nmi_exit+0xe0/0x2d0
[   61.309136]  ? do_raw_spin_lock+0xc1/0x200
[   61.313356]  hrtimer_interrupt+0x2f3/0x750
[   61.317583]  smp_apic_timer_interrupt+0x165/0x730
[   61.322416]  ? smp_call_function_single_interrupt+0x660/0x660
[   61.328307]  ? _raw_spin_unlock+0x22/0x30
[   61.332458]  ? handle_edge_irq+0x330/0x870
[   61.336680]  ? task_prio+0x50/0x50
[   61.340210]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   61.345069]  apic_timer_interrupt+0xf/0x20
[   61.349285]  </IRQ>
[   61.351498] 
[   61.353108] Allocated by task 917528:
[   61.356897]  save_stack+0x43/0xd0
[   61.360336]  kasan_kmalloc+0xc4/0xe0
[   61.364037]  kasan_slab_alloc+0x12/0x20
[   61.368017]  kmem_cache_alloc+0x12e/0x760
[   61.372154]  __debug_object_init+0xbe1/0x12e0
[   61.376656]  debug_object_activate+0x32e/0x690
[   61.381225]  __call_rcu.constprop.68+0xc8/0xc00
[   61.385900]  call_rcu_sched+0x12/0x20
[   61.389689]  put_filp+0xa1/0xb2
[   61.392987]  path_openat+0x38f2/0x4e10
[   61.396862]  do_filp_open+0x255/0x380
[   61.400645]  do_sys_open+0x584/0x760
[   61.404354]  __x64_sys_open+0x7e/0xc0
[   61.408149]  do_syscall_64+0x1b9/0x820
[   61.412030]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   61.417376] 
[   61.418990] Freed by task 0:
[   61.421982] (stack is not available)
[   61.425669] 
[   61.427276] The buggy address belongs to the object at ffff8801b8c1b738
[   61.427276]  which belongs to the cache debug_objects_cache of size 40
[   61.440715] The buggy address is located 24 bytes inside of
[   61.440715]  40-byte region [ffff8801b8c1b738, ffff8801b8c1b760)
[   61.452406] The buggy address belongs to the page:
[   61.457334] page:ffffea0006e306c0 count:1 mapcount:0 mapping:ffff8801da810dc0 index:0xffff8801b8c1bfb9
[   61.467543] flags: 0x2fffc0000000100(slab)
[   61.471765] raw: 02fffc0000000100 ffffea0006e85b08 ffffea0006df5fc8 ffff8801da810dc0
[   61.479629] raw: ffff8801b8c1bfb9 ffff8801b8c1b000 0000000100000047 0000000000000000
[   61.487497] page dumped because: kasan: bad access detected
[   61.493186] 
[   61.494794] Memory state around the buggy address:
[   61.499705]  ffff8801b8c1b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   61.507045]  ffff8801b8c1b680: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2
[   61.514388] >ffff8801b8c1b700: f2 f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2
[   61.521735]                                                  ^
[   61.527692]  ffff8801b8c1b780: f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[   61.535065]  ffff8801b8c1b800: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
[   61.542420] ==================================================================
[   61.549771] Kernel panic - not syncing: panic_on_warn set ...
[   61.549771] 
[   61.560598] CPU: 0 PID: 4719 Comm: syz-executor121 Tainted: G    B             4.18.0-rc3+ #48
[   61.569326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   61.578671] Call Trace:
[   61.581245]  <IRQ>
[   61.583486]  dump_stack+0x1c9/0x2b4
[   61.587102]  ? dump_stack_print_info.cold.2+0x52/0x52
[   61.592402]  ? lock_downgrade+0x8f0/0x8f0
[   61.596546]  ? debug_object_deactivate+0x425/0x450
[   61.601462]  panic+0x238/0x4e7
[   61.604648]  ? add_taint.cold.5+0x16/0x16
[   61.608783]  ? print_shadow_for_address+0xba/0x116
[   61.613788]  ? do_raw_spin_unlock+0xa7/0x2f0
[   61.618185]  ? debug_object_deactivate+0x425/0x450
[   61.623504]  kasan_end_report+0x47/0x4f
[   61.627470]  kasan_report.cold.7+0x76/0x2fe
[   61.631783]  __asan_report_load8_noabort+0x14/0x20
[   61.636695]  debug_object_deactivate+0x425/0x450
[   61.641430]  ? debug_stats_show+0x100/0x100
[   61.645734]  ? perf_trace_lock_acquire+0xeb/0x9a0
[   61.650576]  __hrtimer_run_queues+0x2bf/0x10c0
[   61.655168]  ? hrtimer_start_range_ns+0xd20/0xd20
[   61.659996]  ? pvclock_read_flags+0x160/0x160
[   61.664493]  ? kvm_clock_read+0x25/0x30
[   61.668449]  ? kvm_clock_read+0x25/0x30
[   61.672407]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   61.677409]  ? ktime_get_update_offsets_now+0x3db/0x5d0
[   61.682771]  ? do_timer+0x50/0x50
[   61.686209]  ? kasan_check_read+0x11/0x20
[   61.690356]  ? rcu_nmi_exit+0xe0/0x2d0
[   61.694233]  ? do_raw_spin_lock+0xc1/0x200
[   61.698457]  hrtimer_interrupt+0x2f3/0x750
[   61.702682]  smp_apic_timer_interrupt+0x165/0x730
[   61.707769]  ? smp_call_function_single_interrupt+0x660/0x660
[   61.713752]  ? _raw_spin_unlock+0x22/0x30
[   61.717888]  ? handle_edge_irq+0x330/0x870
[   61.722208]  ? task_prio+0x50/0x50
[   61.725746]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   61.730575]  apic_timer_interrupt+0xf/0x20
[   61.734813]  </IRQ>
[   61.737583] Dumping ftrace buffer:
[   61.741103]    (ftrace buffer empty)
[   61.744796] Kernel Offset: disabled
[   61.748405] Rebooting in 86400 seconds..