[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   21.713851] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.471339] random: sshd: uninitialized urandom read (32 bytes read)
[   26.013400] random: sshd: uninitialized urandom read (32 bytes read)
[   26.827743] random: sshd: uninitialized urandom read (32 bytes read)
[   26.985540] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts.
[   32.441905] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/08 20:49:22 parsed 1 programs
[   33.987954] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/08 20:49:24 executed programs: 0
[   35.514898] IPVS: ftp: loaded support on port[0] = 21
[   35.646223] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.652714] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.660285] device bridge_slave_0 entered promiscuous mode
[   35.677389] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.683781] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.690935] device bridge_slave_1 entered promiscuous mode
[   35.707328] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   35.723351] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   35.769967] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   35.791381] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   35.859999] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   35.867667] team0: Port device team_slave_0 added
[   35.883541] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   35.890677] team0: Port device team_slave_1 added
[   35.907557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   35.925085] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   35.942916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   35.960532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   36.085568] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.092085] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.099178] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.105564] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.553470] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   36.559609] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.604546] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   36.640729] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   36.651325] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   36.657557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   36.665137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   36.705392] 8021q: adding VLAN 0 to HW filter on device team0
[   36.970706] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[   36.978817] PGD 1c85e5067 P4D 1c85e5067 PUD 1c857d067 PMD 0 
[   36.984622] Oops: 0010 [#1] SMP KASAN
[   36.988411] CPU: 1 PID: 4828 Comm: syz-executor0 Not tainted 4.17.0+ #116
[   36.995352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.004696] RIP: 0010:          (null)
[   37.008571] Code: Bad RIP value.
[   37.011933] RSP: 0018:ffff8801abbff350 EFLAGS: 00010246
[   37.017314] RAX: 0000000000000000 RBX: ffff8801af77a800 RCX: 1ffffffff10ea8e5
[   37.024586] RDX: ffff8801abbffbb0 RSI: ffff8801d4f510c0 RDI: ffff8801cc6b57c0
[   37.031853] RBP: ffff8801abbff4c0 R08: ffff8801aae30db8 R09: 0000000000000006
[   37.039122] R10: ffff8801aae30580 R11: 0000000000000000 R12: 1ffff1003577fe6f
[   37.046554] R13: ffff8801abbffbb0 R14: ffff8801af77a812 R15: ffff8801af77ac58
[   37.053815] FS:  0000000000000000(0000) GS:ffff8801daf00000(0063) knlGS:00000000090ae900
[   37.062045] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   37.067922] CR2: ffffffffffffffd6 CR3: 00000001c5ab6000 CR4: 00000000001406e0
[   37.075179] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   37.082433] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   37.089697] Call Trace:
[   37.092271]  ? smc_poll+0x211/0xdd0
[   37.095909]  ? __smc_connect+0xa90/0xa90
[   37.099973]  ? save_stack+0x43/0xd0
[   37.103584]  ? kasan_kmalloc+0xc4/0xe0
[   37.107479]  ? kasan_slab_alloc+0x12/0x20
[   37.111621]  ? kmem_cache_alloc+0x12e/0x760
[   37.115926]  ? ep_insert+0x270/0x1c00
[   37.119715]  ? __ia32_sys_epoll_ctl+0xef1/0x10f0
[   37.124470]  ? do_fast_syscall_32+0x345/0xf9b
[   37.128963]  ? entry_SYSENTER_compat+0x70/0x7f
[   37.133527]  ? graph_lock+0x170/0x170
[   37.137320]  ? percpu_ref_tryget+0x2b0/0x2b0
[   37.146438]  ? trace_hardirqs_on+0xd/0x10
[   37.150592]  ? queue_work_on+0x12c/0x1e0
[   37.156700]  ? print_usage_bug+0xc0/0xc0
[   37.160757]  sock_poll+0x1d1/0x710
[   37.164296]  ? __smc_connect+0xa90/0xa90
[   37.168863]  ? sock_get_poll_head+0x460/0x460
[   37.173434]  ? sock_get_poll_head+0x460/0x460
[   37.177922]  vfs_poll+0x77/0x2a0
[   37.181273]  ep_item_poll.isra.15+0x2c1/0x390
[   37.185758]  ? rcu_read_lock_sched_held+0x108/0x120
[   37.190814]  ? ep_eventpoll_poll+0x1f0/0x1f0
[   37.195209]  ? find_held_lock+0x36/0x1c0
[   37.199278]  ? ep_insert+0x270/0x1c00
[   37.203069]  ep_insert+0x6b8/0x1c00
[   37.206696]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   37.211890]  ? ep_send_events_proc+0xee0/0xee0
[   37.216462]  ? lock_release+0xa10/0xa10
[   37.220423]  ? check_same_owner+0x320/0x320
[   37.224739]  ? rcu_note_context_switch+0x710/0x710
[   37.229752]  ? __might_sleep+0x95/0x190
[   37.233723]  ? kasan_check_write+0x14/0x20
[   37.237952]  ? __mutex_lock+0x7d9/0x17f0
[   37.242039]  ? __ia32_sys_epoll_ctl+0x518/0x10f0
[   37.246796]  ? do_futex+0x249/0x27d0
[   37.250501]  ? lock_downgrade+0x8e0/0x8e0
[   37.254632]  ? mutex_trylock+0x2a0/0x2a0
[   37.258695]  ? debug_mutex_init+0x1c/0x60
[   37.262842]  ? exit_robust_list+0x290/0x290
[   37.267155]  ? graph_lock+0x170/0x170
[   37.270954]  ? lockdep_init_map+0x9/0x10
[   37.274998]  ? pud_val+0x80/0xf0
[   37.278349]  ? pmd_val+0xf0/0xf0
[   37.281703]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.287230]  ? find_held_lock+0x36/0x1c0
[   37.291293]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.296825]  ? __fget_light+0x2ef/0x430
[   37.300779]  ? fget_raw+0x20/0x20
[   37.304224]  ? __might_sleep+0x95/0x190
[   37.308188]  ? clear_tfile_check_list+0x380/0x380
[   37.313023]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   37.318202]  __ia32_sys_epoll_ctl+0xef1/0x10f0
[   37.322770]  ? __x64_sys_epoll_ctl+0x10f0/0x10f0
[   37.327509]  ? __ia32_compat_sys_futex+0x3de/0x5e0
[   37.332425]  ? __x32_compat_sys_get_robust_list+0x430/0x430
[   37.338135]  ? do_fast_syscall_32+0x148/0xf9b
[   37.342617]  do_fast_syscall_32+0x345/0xf9b
[   37.346935]  ? do_int80_syscall_32+0x880/0x880
[   37.351521]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.356278]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.361820]  ? syscall_return_slowpath+0x30f/0x5c0
[   37.366754]  ? sysret32_from_system_call+0x5/0x46
[   37.371600]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.376442]  entry_SYSENTER_compat+0x70/0x7f
[   37.381060] RIP: 0023:0xf7f6acb9
[   37.384409] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   37.403580] RSP: 002b:00000000ffc3716c EFLAGS: 00000282 ORIG_RAX: 00000000000000ff
[   37.411618] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[   37.418905] RDX: 0000000000000003 RSI: 0000000020c85000 RDI: 0000000000000000
[   37.426169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   37.433422] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   37.440677] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   37.447939] Modules linked in:
[   37.451204] Dumping ftrace buffer:
[   37.454749]    (ftrace buffer empty)
[   37.458460] CR2: 0000000000000000
[   37.462430] ---[ end trace 80cf19202a30692b ]---
[   37.467226] RIP: 0010:          (null)
[   37.471150] Code: Bad RIP value.
[   37.474567] RSP: 0018:ffff8801abbff350 EFLAGS: 00010246
[   37.480140] RAX: 0000000000000000 RBX: ffff8801af77a800 RCX: 1ffffffff10ea8e5
[   37.487552] RDX: ffff8801abbffbb0 RSI: ffff8801d4f510c0 RDI: ffff8801cc6b57c0
[   37.494861] RBP: ffff8801abbff4c0 R08: ffff8801aae30db8 R09: 0000000000000006
[   37.502151] R10: ffff8801aae30580 R11: 0000000000000000 R12: 1ffff1003577fe6f
[   37.509561] R13: ffff8801abbffbb0 R14: ffff8801af77a812 R15: ffff8801af77ac58
[   37.516861] FS:  0000000000000000(0000) GS:ffff8801daf00000(0063) knlGS:00000000090ae900
[   37.525121] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   37.531139] CR2: ffffffffffffffd6 CR3: 00000001c5ab6000 CR4: 00000000001406e0
[   37.538435] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   37.545817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   37.553121] Kernel panic - not syncing: Fatal exception
[   37.559108] Dumping ftrace buffer:
[   37.562655]    (ftrace buffer empty)
[   37.566444] Kernel Offset: disabled
[   37.570058] Rebooting in 86400 seconds..