[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   34.098745] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.234599] random: sshd: uninitialized urandom read (32 bytes read)
[   37.820789] random: sshd: uninitialized urandom read (32 bytes read)
[   39.231660] random: sshd: uninitialized urandom read (32 bytes read)
[  374.666728] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts.
[  380.337133] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/19 14:53:21 parsed 1 programs
[  381.826386] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/19 14:53:23 executed programs: 0
[  383.505841] IPVS: ftp: loaded support on port[0] = 21
[  392.309583] oom_reaper: reaped process 4648 (syz-executor0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
[  392.382374] rsyslogd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0
[  392.393807] rsyslogd cpuset=/ mems_allowed=0
[  392.398374] CPU: 0 PID: 4498 Comm: rsyslogd Not tainted 4.18.0-rc5+ #28
[  392.405147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  392.414521] Call Trace:
[  392.417181]  dump_stack+0x185/0x1e0
[  392.420847]  dump_header+0x2cc/0x16f0
[  392.424709]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  392.430212]  oom_kill_process+0x339/0x2060
[  392.434516]  ? oom_evaluate_task+0x577/0xb90
[  392.438964]  out_of_memory+0x1760/0x1e10
[  392.443078]  __alloc_pages_nodemask+0x5394/0x6320
[  392.448010]  alloc_pages_current+0x6b1/0x970
[  392.452456]  __page_cache_alloc+0x95/0x320
[  392.456722]  filemap_fault+0x161b/0x25e0
[  392.460851]  ext4_filemap_fault+0xbb/0x130
[  392.465143]  ? ext4_page_mkwrite+0x2a50/0x2a50
[  392.469754]  handle_mm_fault+0x665e/0x85e0
[  392.474012]  ? filemap_fault+0x25e0/0x25e0
[  392.478275]  __do_page_fault+0xa76/0x1810
[  392.482439]  do_page_fault+0x98/0xd0
[  392.486147]  ? page_fault+0x8/0x30
[  392.490157]  page_fault+0x1e/0x30
[  392.493602] RIP: 0033:0x7f05e3b51db4
[  392.497298] Code: Bad RIP value.
[  392.500670] RSP: 002b:00007f05e2520e40 EFLAGS: 00010203
[  392.506037] RAX: 0000000000000071 RBX: 00000000017a5ce0 RCX: 00007f05e4f811fd
[  392.513320] RDX: 0000000000000071 RSI: 00007f05e3d555a0 RDI: 0000000000000000
[  392.520580] RBP: 0000000000000000 R08: 0000000001791260 R09: 0000000004000001
[  392.527839] R10: 0000000000000001 R11: 0000000000000000 R12: 000000000065e420
[  392.535105] R13: 00007f05e25219c0 R14: 00007f05e55c6040 R15: 0000000000000003
[  392.542567] Mem-Info:
[  392.545006] kthreadd: page allocation failure: order:4, mode:0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null)
[  392.545178] active_anon:3912 inactive_anon:78 isolated_anon:0
[  392.545178]  active_file:3 inactive_file:27 isolated_file:0
[  392.545178]  unevictable:0 dirty:13 writeback:0 unstable:0
[  392.545178]  slab_reclaimable:3137 slab_unreclaimable:4353
[  392.545178]  mapped:17 shmem:84 pagetables:310 bounce:0
[  392.545178]  free:15396 free_pcp:0 free_cma:0
[  392.555845] kthreadd cpuset=/ mems_allowed=0
[  392.587895] Node 0 active_anon:15648kB inactive_anon:312kB active_file:12kB inactive_file:108kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:68kB dirty:52kB writeback:0kB shmem:336kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[  392.587912] Node 0 
[  392.592348] CPU: 1 PID: 2 Comm: kthreadd Not tainted 4.18.0-rc5+ #28
[  392.592376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  392.619417] DMA free:15904kB min:144kB low:180kB high:216kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  392.621548] Call Trace:
[  392.621597]  dump_stack+0x185/0x1e0
[  392.621635]  warn_alloc+0x459/0x6d0
[  392.628134] lowmem_reserve[]:
[  392.637467]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  392.637510]  ? __alloc_pages_direct_compact+0x223/0x4f0
[  392.663065]  0
[  392.665588]  __alloc_pages_nodemask+0x615c/0x6320
[  392.665654]  ? kmem_cache_alloc_node+0x90d/0xcb0
[  392.669251]  2812
[  392.672883]  copy_process+0x7ca/0xa250
[  392.672916]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  392.672946]  ? __list_add_valid+0xb8/0x450
[  392.672977]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  392.673013]  ? pick_next_task_fair+0x2308/0x2580
[  392.673046]  ? kthread_blkcg+0xf0/0xf0
[  392.673093]  ? _do_fork+0x116/0x1000
[  392.673130]  ? kernel_thread+0xc6/0xe0
[  392.676229]  7238
[  392.681569]  _do_fork+0x390/0x1000
[  392.681628]  ? kthread_blkcg+0xf0/0xf0
[  392.686963]  7238
[  392.688747]  kernel_thread+0xc6/0xe0
[  392.688781]  ? kthread_blkcg+0xf0/0xf0
[  392.698351]  kthreadd+0x5df/0x940
[  392.698390]  ? kthread_stop+0x6c0/0x6c0
[  392.700447] Node 0 
[  392.704310]  ret_from_fork+0x35/0x40
[  392.704484] Mem-Info:
[  392.709770] DMA32 free:30572kB min:26204kB low:32752kB high:39300kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2885376kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  392.714030] active_anon:3912 inactive_anon:78 isolated_anon:0
[  392.714030]  active_file:3 inactive_file:27 isolated_file:0
[  392.714030]  unevictable:0 dirty:13 writeback:0 unstable:0
[  392.714030]  slab_reclaimable:3137 slab_unreclaimable:4353
[  392.714030]  mapped:17 shmem:84 pagetables:310 bounce:0
[  392.714030]  free:15396 free_pcp:0 free_cma:0
[  392.719448] lowmem_reserve[]:
[  392.724255] Node 0 active_anon:15648kB inactive_anon:312kB active_file:12kB inactive_file:108kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:68kB dirty:52kB writeback:0kB shmem:336kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[  392.724271] Node 0 
[  392.728178]  0
[  392.731945] DMA free:15904kB min:144kB low:180kB high:216kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  392.731960] lowmem_reserve[]:
[  392.735870]  0 4425 4425
[  392.735895] Node 0 Normal free:15108kB min:41232kB low:51540kB high:61848kB active_anon:11552kB inactive_anon:312kB active_file:136kB inactive_file:124kB unevictable:0kB writepending:168kB present:4718592kB managed:4532216kB mlocked:0kB kernel_stack:7680kB pagetables:1240kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  392.738069]  0 2812
[  392.741645] lowmem_reserve[]:
[  392.745540]  7238 7238
[  392.747634]  0
[  392.751370] Node 0 
[  392.755277]  0
[  392.758775] DMA32 free:30572kB min:26204kB low:32752kB high:39300kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2885376kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  392.758789] lowmem_reserve[]:
[  392.762781]  0
[  392.765021]  0 0
[  392.768757]  0
[  392.768772] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 
[  392.771256]  4425 4425
[  392.798158] 1*128kB 
[  392.830108] Node 0 
[  392.833222] (U) 1*256kB (U) 0*512kB 
[  392.860303] Normal free:15108kB min:41232kB low:51540kB high:61848kB active_anon:11552kB inactive_anon:312kB active_file:136kB inactive_file:124kB unevictable:0kB writepending:168kB present:4718592kB managed:4532216kB mlocked:0kB kernel_stack:7680kB pagetables:1240kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  392.860317] lowmem_reserve[]:
[  392.862577] 1*1024kB 
[  392.864382]  0 0
[  392.889922] (U) 
[  392.893036]  0 0
[  392.895748] 1*2048kB 
[  392.924555] Node 0 DMA: 
[  392.926828] (M) 
[  392.929941] 0*4kB 0*8kB 
[  392.932569] 3*4096kB 
[  392.934377] 0*16kB 1*32kB 
[  392.936638] (M) = 15904kB
[  392.938457] (U) 2*64kB 
[  392.965297] Node 0 DMA32: 2*4kB (M) 
[  392.968444] (U) 1*128kB 
[  392.970294] 3*8kB 
[  392.972273] (U) 1*256kB 
[  392.974107] (M) 
[  392.980342] (U) 0*512kB 
[  392.982872] 2*16kB 
[  392.985371] 1*1024kB (U) 
[  392.987640] (M) 
[  392.991361] 1*2048kB (M) 
[  393.019607] 3*32kB 
[  393.022718] 3*4096kB (M) 
[  393.025162] (UM) 
[  393.027142] = 15904kB
[  393.027157] Node 0 
[  393.029168] 1*64kB 
[  393.031149] DMA32: 2*4kB 
[  393.033595] (U) 
[  393.036271] (M) 3*8kB 
[  393.038279] 4*128kB 
[  393.040966] (M) 
[  393.043389] (UM) 
[  393.046249] 2*16kB (M) 
[  393.049039] 3*256kB 
[  393.051631] 3*32kB (UM) 
[  393.055367] (M) 3*512kB (M) 3*1024kB (M) 
[  393.058087] 1*64kB (U) 
[  393.060273] 0*2048kB 
[  393.062951] 4*128kB (UM) 
[  393.064961] 6*4096kB 
[  393.067637] 3*256kB (M) 
[  393.069909] (M) 
[  393.072671] 3*512kB (M) 
[  393.074682] = 30688kB
[  393.077440] 3*1024kB (M) 
[  393.079723] Node 0 
[  393.082488] 0*2048kB 6*4096kB 
[  393.084583] Normal: 
[  393.087036] (M) 
[  393.089290] 342*4kB 
[  393.091527] = 30688kB
[  393.091543] Node 0 
[  393.094310] (UME) 273*8kB (UME) 180*16kB 
[  393.096324] Normal: 342*4kB 
[  393.098863] (UME) 
[  393.101189] (UME) 273*8kB (UME) 
[  393.103209] 89*32kB 
[  393.105275] 180*16kB (UME) 
[  393.107891] (UME) 
[  393.110221] 89*32kB (UME) 
[  393.112925] 46*64kB 
[  393.117080] 46*64kB (UM) 
[  393.119698] (UM) 
[  393.122109] 21*128kB (UM) 2*256kB 
[  393.124909] 21*128kB 
[  393.127319] (U) 0*512kB 
[  393.130041] (UM) 
[  393.132041] 0*1024kB 0*2048kB 
[  393.134746] 2*256kB 
[  393.137161] 0*4096kB = 15424kB
[  393.139949] (U) 
[  393.142205] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  393.142222] 136 total pagecache pages
[  393.145421] 0*512kB 0*1024kB 
[  393.147778] 0 pages in swap cache
[  393.147801] Swap cache stats: add 0, delete 0, find 0/0
[  393.149788] 0*2048kB 
[  393.152113] Free swap  = 0kB
[  393.152121] Total swap = 0kB
[  393.152138] 1965969 pages RAM
[  393.154567] 0*4096kB 
[  393.156812] 0 pages HighMem/MovableOnly
[  393.156829] 107595 pages reserved
[  393.160995] = 15424kB
[  393.164160] BUG: unable to handle kernel NULL pointer dereference at 00000000000008f4
[  393.166231] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  393.169528] PGD 800000018a036067 P4D 800000018a036067 PUD 18a039067 PMD 0 
[  393.169559] Oops: 0002 [#1] SMP PTI
[  393.169572] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 4.18.0-rc5+ #28
[  393.169589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  393.171931] 136 total pagecache pages
[  393.174826] Workqueue:            (null) (events_unbound)
[  393.174853] RIP: 0010:memset_erms+0x9/0x10
[  393.174866] Code: 
[  393.177033] 0 pages in swap cache
[  393.179820] c1 e9 03 40 0f b6 f6 48 b8 01 01 
[  393.182212] Swap cache stats: add 0, delete 0, find 0/0
[  393.184906] 01 01 01 01 01 01 48 0f af c6 f3 
[  393.187028] Free swap  = 0kB
[  393.190510] 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 
[  393.192990] Total swap = 0kB
[  393.195608] 49 89 f9 40 88 f0 48 89 d1 <f3> 
[  393.197728] 1965969 pages RAM
[  393.200860] aa 4c 89 c8 c3 90 49 89 fa 40 0f 
[  393.203246] 0 pages HighMem/MovableOnly
[  393.206379] b6 ce 48 b8 01 01 01 01 01 01 
[  393.208413] 107595 pages reserved
[  393.216937] RSP: 0000:ffff8801d155fa18 EFLAGS: 00010046
[  393.216951] RAX: 0000000000000000 RBX: fffffffffffffff4 RCX: 0000000000000fb0
[  393.216960] RDX: 0000000000000fb0 RSI: 0000000000000000 RDI: 00000000000008f4
[  393.216968] RBP: ffff8801d155fa28 R08: 0000000000000000 R09: 00000000000008f4
[  393.216987] R10: 0000000000000000 R11: ffffffff81363150 R12: ffff8801d144c400
[  393.220796] Unreclaimable slab info:
[  393.223851] R13: 0000000000000000 R14: 0000000000000292 R15: fffffffffffffff4
[  393.223864] FS:  0000000000000000(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
[  393.223875] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  393.223883] CR2: 00000000000000b0 CR3: 000000018a1c2000 CR4: 00000000001406e0
[  393.223901] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  393.227363] Name                      Used          Total
[  393.232676] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  393.232681] Call Trace:
[  393.232702]  ? do_kmsan_thread_create+0x1b/0x30
[  393.232726]  kmsan_thread_create+0x58/0xb0
[  393.235169] SCTPv6                    63KB         63KB
[  393.238119]  __kthread_create_on_node+0x6e5/0x7f0
[  393.238158]  kthread_create_on_node+0x278/0x2c0
[  393.241189] DCCPv6                    31KB         31KB
[  393.244255]  ? process_one_work+0x2000/0x2000
[  393.244288]  create_worker+0x7a0/0x1040
[  393.246718] DCCP                      30KB         30KB
[  393.250652]  ? mod_timer+0x70/0x80
[  393.250670]  worker_thread+0x876/0x2490
[  393.250705]  kthread+0x473/0x4b0
[  393.254168] RAWv6                     15KB         15KB
[  393.256523]  ? process_one_work+0x2000/0x2000
[  393.256545]  ? kthread_blkcg+0xf0/0xf0
[  393.256571]  ret_from_fork+0x35/0x40
[  393.264562] UDPv6                     30KB         30KB
[  393.273087] Modules linked in:
[  393.273103] Dumping ftrace buffer:
[  393.273110]    (ftrace buffer empty)
[  393.273116] CR2: 00000000000008f4
[  393.273166] ---[ end trace 79f6f1b377c4d80d ]---
[  393.280170] TCPv6                     31KB         31KB
[  393.283745] RIP: 0010:memset_erms+0x9/0x10
[  393.283750] Code: c1 e9 03 40 
[  393.290637] nf_conntrack               7KB          7KB
[  393.299930] 0f b6 f6 48 b8 01 01 01 01 01 01 
[  393.303807] scsi_sense_cache        1096KB       1096KB
[  393.309270] 01 01 48 0f af c6 f3 48 ab 89 
[  393.313570] sgpool-128                32KB         32KB
[  393.315661] d1 f3 aa 4c 89 c8 c3 90 49 89 
[  393.319178] mqueue_inode_cache         15KB         15KB
[  393.323606] f9 40 88 f0 48 89 d1 <f3> aa 4c 89 
[  393.329067] nfs_commit_data           15KB         15KB
[  393.333471] c8 c3 90 49 89 fa 40 0f b6 ce 48 
[  393.336555] nfs_read_data             31KB         31KB
[  393.340985] b8 01 01 01 01 01 01 
[  393.341022] RSP: 0000:ffff8801d155fa18 EFLAGS: 00010046
[  393.341035] RAX: 0000000000000000 RBX: fffffffffffffff4 RCX: 0000000000000fb0
[  393.341043] RDX: 0000000000000fb0 RSI: 0000000000000000 RDI: 00000000000008f4
[  393.341061] RBP: ffff8801d155fa28 R08: 0000000000000000 R09: 00000000000008f4
[  393.344132] pid_namespace              3KB          3KB
[  393.348451] R10: 0000000000000000 R11: ffffffff81363150 R12: ffff8801d144c400
[  393.348460] R13: 0000000000000000 R14: 0000000000000292 R15: fffffffffffffff4
[  393.348473] FS:  0000000000000000(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
[  393.348482] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  393.348500] CR2: 00000000000000b0 CR3: 000000018a1c2000 CR4: 00000000001406e0
[  393.351622] secpath_cache             12KB         12KB
[  393.356062] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  393.356071] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  393.356079] Kernel panic - not syncing: Fatal exception
[  393.356533] Dumping ftrace buffer:
[  393.356539]    (ftrace buffer empty)
[  393.356543] Kernel Offset: disabled
[  393.726256] Rebooting in 86400 seconds..