[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.082673] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.407193] random: sshd: uninitialized urandom read (32 bytes read)
[   21.781901] random: sshd: uninitialized urandom read (32 bytes read)
[   22.464321] random: sshd: uninitialized urandom read (32 bytes read)
[   27.950683] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts.
[   33.411179] random: sshd: uninitialized urandom read (32 bytes read)
[   33.502733] IPVS: ftp: loaded support on port[0] = 21
[   34.329018] ==================================================================
[   34.332012] ------------[ cut here ]------------
[   34.336543] BUG: KASAN: stack-out-of-bounds in debug_object_deactivate+0x425/0x450
[   34.341341] ODEBUG: deactivate not available (active state 0) object type: hrtimer hint: tick_sched_timer+0x0/0x130
[   34.349035] Read of size 8 at addr ffff8801d77c00f8 by task swapper/0/0
[   34.359794] WARNING: CPU: 1 PID: 4784 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210
[   34.366362] 
[   34.375117] Kernel panic - not syncing: panic_on_warn set ...
[   34.375117] 
[   34.376748] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc3-next-20180706+ #1
[   34.391784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.401117] Call Trace:
[   34.403675]  <IRQ>
[   34.405812]  dump_stack+0x1c9/0x2b4
[   34.409419]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.414607]  ? printk+0xa7/0xcf
[   34.417867]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   34.422669]  ? debug_object_deactivate+0x425/0x450
[   34.427581]  print_address_description+0x6c/0x20b
[   34.432403]  ? debug_object_deactivate+0x425/0x450
[   34.437314]  kasan_report.cold.7+0x242/0x30d
[   34.441705]  __asan_report_load8_noabort+0x14/0x20
[   34.446625]  debug_object_deactivate+0x425/0x450
[   34.451358]  ? debug_stats_show+0x100/0x100
[   34.455658]  ? kasan_check_write+0x14/0x20
[   34.459877]  ? do_raw_spin_lock+0xc1/0x200
[   34.464113]  __hrtimer_run_queues+0x2bf/0x10c0
[   34.468783]  ? hrtimer_start_range_ns+0xd20/0xd20
[   34.473606]  ? pvclock_read_flags+0x160/0x160
[   34.478080]  ? kvm_clock_read+0x25/0x30
[   34.482034]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   34.487040]  ? ktime_get_update_offsets_now+0x3db/0x5d0
[   34.492421]  ? do_timer+0x50/0x50
[   34.495858]  ? do_raw_spin_lock+0xc1/0x200
[   34.500073]  hrtimer_interrupt+0x2f3/0x750
[   34.504291]  smp_apic_timer_interrupt+0x165/0x730
[   34.509220]  ? smp_call_function_single_interrupt+0x660/0x660
[   34.515104]  ? kvm_clock_read+0x25/0x30
[   34.519072]  ? kvm_sched_clock_read+0x9/0x20
[   34.523458]  ? sched_clock+0x31/0x40
[   34.527163]  ? sched_clock_cpu+0x1b/0x180
[   34.531289]  ? task_prio+0x50/0x50
[   34.534821]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.539644]  apic_timer_interrupt+0xf/0x20
[   34.543853]  </IRQ>
[   34.546070] RIP: 0010:native_safe_halt+0x6/0x10
[   34.550707] Code: c7 48 89 45 d8 e8 8a d7 1d fa 48 8b 45 d8 e9 d2 fe ff ff 48 89 df e8 79 d7 1d fa eb 8a 90 90 90 90 90 90 90 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 
[   34.569835] RSP: 0018:ffffffff88e07bc0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[   34.577536] RAX: dffffc0000000000 RBX: 1ffffffff11c0f7b RCX: ffffffff8166aec2
[   34.584791] RDX: 1ffffffff11e3650 RSI: 0000000000000004 RDI: ffffffff88f1b280
[   34.592125] RBP: ffffffff88e07bc0 R08: ffffed003b5c46d7 R09: ffffed003b5c46d6
[   34.599371] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: 0000000000000000
[   34.606616] R13: ffffffff88e07c78 R14: ffffffff899f3360 R15: 0000000000000000
[   34.613886]  ? rcu_dynticks_eqs_enter+0x22/0x30
[   34.618622]  default_idle+0xc7/0x450
[   34.622314]  ? __sched_text_end+0x3/0x3
[   34.626263]  ? rcu_idle_enter+0x30a/0x480
[   34.630386]  ? rcu_eqs_special_set+0x1b0/0x1b0
[   34.634945]  ? tsc_verify_tsc_adjust+0x109/0x380
[   34.639679]  ? mark_tsc_async_resets+0x20/0x20
[   34.644237]  ? sched_set_stop_task+0x290/0x290
[   34.648797]  ? update_ts_time_stats+0xb3/0x1e0
[   34.653356]  arch_cpu_idle+0x10/0x20
[   34.657055]  default_idle_call+0x6d/0x90
[   34.661093]  do_idle+0x3aa/0x570
[   34.664438]  ? retint_kernel+0x10/0x10
[   34.668304]  ? arch_cpu_idle_exit+0x70/0x70
[   34.672626]  cpu_startup_entry+0x10c/0x120
[   34.676838]  ? cpu_in_idle+0x20/0x20
[   34.680530]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.685523]  ? trace_hardirqs_on+0xd/0x10
[   34.689647]  rest_init+0xe1/0xe4
[   34.692992]  start_kernel+0x90e/0x949
[   34.696769]  ? mem_encrypt_init+0xb/0xb
[   34.700732]  ? early_idt_handler_common+0x3b/0x60
[   34.705572]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.711356]  ? x86_family+0x3e/0x50
[   34.714969]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   34.720482]  x86_64_start_reservations+0x29/0x2b
[   34.725214]  x86_64_start_kernel+0x76/0x79
[   34.729424]  secondary_startup_64+0xa4/0xb0
[   34.733730] 
[   34.733749] CPU: 1 PID: 4784 Comm: syz-executor775 Not tainted 4.18.0-rc3-next-20180706+ #1
[   34.735351] Allocated by task 0:
[   34.743875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.747231] (stack is not available)
[   34.756571] Call Trace:
[   34.760262] 
[   34.762826]  <IRQ>
[   34.764433] Freed by task 3615228464:
[   34.766573]  dump_stack+0x1c9/0x2b4
[   34.770349] BUG: unable to handle kernel paging request at ffffffff8c3fadc8
[   34.773952]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.781030] PGD 8e6d067 
[   34.786200]  panic+0x238/0x4e7
[   34.786203] P4D 8e6d067 PUD 8e6e063 
[   34.788860]  ? add_taint.cold.5+0x16/0x16
[   34.792029] PMD 0 
[   34.795725]  ? __warn.cold.8+0x148/0x1ba
[   34.801991]  ? __warn.cold.8+0x117/0x1ba
[   34.806038] Oops: 0000 [#1] SMP KASAN
[   34.810075]  ? debug_print_object+0x16a/0x210
[   34.813844] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc3-next-20180706+ #1
[   34.818316]  __warn.cold.8+0x163/0x1ba
[   34.826007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.829887]  ? debug_print_object+0x16a/0x210
[   34.839226] RIP: 0010:depot_fetch_stack+0x10/0x30
[   34.843694]  report_bug+0x252/0x2d0
[   34.848503] Code: 
[   34.852111]  do_error_trap+0x1fc/0x4d0
[   34.852114] e8 95 
[   34.854246]  ? math_error+0x3e0/0x3e0
[   34.858116] 39 45 
[   34.860260]  ? vprintk_default+0x28/0x30
[   34.864031] fe e9 
[   34.866171]  ? printk+0xa7/0xcf
[   34.870208] b3 fd 
[   34.872356]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.875593] ff 
[   34.877725]  do_invalid_op+0x1b/0x20
[   34.882534] ff 
[   34.884406]  invalid_op+0x14/0x20
[   34.888088] e8 8b 
[   34.889969] RIP: 0010:debug_print_object+0x16a/0x210
[   34.893387] 39 
[   34.895508] Code: 1a 
[   34.900590] 45 
[   34.902450] 88 48 
[   34.904844] fe 
[   34.906707] 89 fa 
[   34.908837] e9 
[   34.910696] 48 c1 
[   34.912833] 55 fd 
[   34.914700] ea 03 
[   34.916828] ff ff 
[   34.918974] 80 
[   34.921105] 90 90 
[   34.923243] 3c 02 
[   34.925109] 90 90 
[   34.927235] 00 0f 
[   34.929360] 90 90 
[   34.931486] 85 92 
[   34.933615] 89 f8 
[   34.935740] 00 00 
[   34.937883] c1 
[   34.940001] 00 48 
[   34.942129] ef 11 
[   34.944006] 8b 14 
[   34.946136] 25 
[   34.948258] dd e0 
[   34.950387] ff 
[   34.952247] 8d 1a 
[   34.954382] ff 1f 
[   34.956250] 88 4c 
[   34.958383] 00 
[   34.960503] 89 f6 
[   34.962635] 81 
[   34.964503] 48 c7 
[   34.966632] e7 
[   34.968492] c7 80 
[   34.970634] f0 
[   34.972492] 83 1a 
[   34.974624] 3f 
[   34.976497] 88 
[   34.978617] 00 00 
[   34.980484] e8 76 
[   34.982356] <48> 
[   34.984477] c9 e3 
[   34.986604] 03 3c 
[   34.988645] fd <0f> 
[   34.990778] c5 
[   34.992900] 0b 83 
[   34.995206] c0 
[   34.997067] 05 f9 
[   34.999196] 6d 43 
[   35.001077] e9 3b 
[   35.003207] 8b 
[   35.005333] 06 
[   35.007452] 8b 47 
[   35.009318] 01 48 
[   35.011193] 0c 
[   35.013312] 83 c4 
[   35.015445] 48 
[   35.017308] 18 
[   35.019426] 83 c7 
[   35.021292] 5b 41 
[   35.023158] 18 c7 
[   35.025287] 5c 41 
[   35.027422] 46 
[   35.029556] 5d 41 
[   35.031690] 10 
[   35.033552] 5e 41 
[   35.035689] 00 
[   35.037557] 5f 
[   35.039705] 00 
[   35.041568] RSP: 0018:ffff8801daf07a40 EFLAGS: 00010082
[   35.043448] 00 00 
[   35.045318] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
[   35.045327] RDX: 0000000000010000 RSI: ffffffff81634381 RDI: 0000000000000001
[   35.052796] RBP: ffff8801daf07a80 R08: ffff8801ab62c2c0 R09: ffffed003b5e3ec2
[   35.060043] RSP: 0018:ffff8801dae079c0 EFLAGS: 00010006
[   35.068773] R10: ffffed003b5e3ec2 R11: ffff8801daf1f617 R12: 0000000000000001
[   35.081364] R13: ffffffff88fa0fe0 R14: ffffffff881a8760 R15: ffffffff816a9510
[   35.088608] RAX: 00000000001f8801 RBX: ffff8801d77c0114 RCX: 0000000000000000
[   35.088617] RDX: 0000000000000000 RSI: ffff8801dae079c8 RDI: 0000000000003ff0
[   35.095887]  ? ktime_add_safe+0x70/0x70
[   35.103142] RBP: ffff8801dae079f0 R08: ffffffff88e75dc0 R09: ffffed003b5c3ec2
[   35.110397]  ? vprintk_func+0x81/0xe7
[   35.114359] R10: ffffed003b5c3ec2 R11: ffff8801dae1f617 R12: ffff8801d77c00e0
[   35.121627]  debug_object_deactivate+0x2c7/0x450
[   35.125401] R13: ffff8801d77c00f8 R14: ffff8801da810dc0 R15: ffff8801d77c0108
[   35.132698]  ? debug_stats_show+0x100/0x100
[   35.137429] FS:  0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   35.144704]  ? kasan_check_write+0x14/0x20
[   35.149011] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.157220]  ? do_raw_spin_lock+0xc1/0x200
[   35.161428] CR2: ffffffff8c3fadc8 CR3: 00000001ad3ab000 CR4: 00000000001406f0
[   35.167466]  __hrtimer_run_queues+0x2bf/0x10c0
[   35.171698] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.178954]  ? hrtimer_start_range_ns+0xd20/0xd20
[   35.183517] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.190799]  ? pvclock_read_flags+0x160/0x160
[   35.195604] Call Trace:
[   35.202898]  ? kvm_clock_read+0x25/0x30
[   35.207419]  <IRQ>
[   35.210002]  ? kvm_clock_read+0x25/0x30
[   35.213960]  ? print_track.isra.4+0x3b/0x6f
[   35.216089]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   35.220035]  print_address_description+0x11b/0x20b
[   35.224336]  ? ktime_get_update_offsets_now+0x3db/0x5d0
[   35.229339]  ? debug_object_deactivate+0x425/0x450
[   35.234241]  ? do_timer+0x50/0x50
[   35.239597]  kasan_report.cold.7+0x242/0x30d
[   35.239614]  __asan_report_load8_noabort+0x14/0x20
[   35.245251]  ? kasan_check_read+0x11/0x20
[   35.245269]  ? rcu_nmi_exit+0xe0/0x2d0
[   35.248969]  debug_object_deactivate+0x425/0x450
[   35.253350]  ? do_raw_spin_lock+0xc1/0x200
[   35.258251]  ? debug_stats_show+0x100/0x100
[   35.262378]  hrtimer_interrupt+0x2f3/0x750
[   35.266237]  ? kasan_check_write+0x14/0x20
[   35.270969]  smp_apic_timer_interrupt+0x165/0x730
[   35.275178]  ? do_raw_spin_lock+0xc1/0x200
[   35.279475]  ? smp_call_function_single_interrupt+0x660/0x660
[   35.283695]  __hrtimer_run_queues+0x2bf/0x10c0
[   35.287910]  ? _raw_spin_unlock+0x22/0x30
[   35.287929]  ? handle_edge_irq+0x330/0x870
[   35.292773]  ? hrtimer_start_range_ns+0xd20/0xd20
[   35.296977]  ? task_prio+0x50/0x50
[   35.302847]  ? pvclock_read_flags+0x160/0x160
[   35.307487]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.311628]  ? kvm_clock_read+0x25/0x30
[   35.315856]  apic_timer_interrupt+0xf/0x20
[   35.320701]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   35.324210]  </IRQ>
[   35.328687]  ? ktime_get_update_offsets_now+0x3db/0x5d0
[   35.354201]  ? do_timer+0x50/0x50
[   35.357636]  ? do_raw_spin_lock+0xc1/0x200
[   35.361872]  hrtimer_interrupt+0x2f3/0x750
[   35.366104]  smp_apic_timer_interrupt+0x165/0x730
[   35.370925]  ? smp_call_function_single_interrupt+0x660/0x660
[   35.376796]  ? kvm_clock_read+0x25/0x30
[   35.380768]  ? kvm_sched_clock_read+0x9/0x20
[   35.385154]  ? sched_clock+0x31/0x40
[   35.388848]  ? sched_clock_cpu+0x1b/0x180
[   35.392979]  ? task_prio+0x50/0x50
[   35.396505]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.401330]  apic_timer_interrupt+0xf/0x20
[   35.405538]  </IRQ>
[   35.407754] RIP: 0010:native_safe_halt+0x6/0x10
[   35.412393] Code: c7 48 89 45 d8 e8 8a d7 1d fa 48 8b 45 d8 e9 d2 fe ff ff 48 89 df e8 79 d7 1d fa eb 8a 90 90 90 90 90 90 90 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 
[   35.432273] RSP: 0018:ffffffff88e07bc0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[   35.439963] RAX: dffffc0000000000 RBX: 1ffffffff11c0f7b RCX: ffffffff8166aec2
[   35.447210] RDX: 1ffffffff11e3650 RSI: 0000000000000004 RDI: ffffffff88f1b280
[   35.454459] RBP: ffffffff88e07bc0 R08: ffffed003b5c46d7 R09: ffffed003b5c46d6
[   35.461729] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: 0000000000000000
[   35.468983] R13: ffffffff88e07c78 R14: ffffffff899f3360 R15: 0000000000000000
[   35.476246]  ? rcu_dynticks_eqs_enter+0x22/0x30
[   35.480909]  default_idle+0xc7/0x450
[   35.484603]  ? __sched_text_end+0x3/0x3
[   35.488563]  ? rcu_idle_enter+0x30a/0x480
[   35.492692]  ? rcu_eqs_special_set+0x1b0/0x1b0
[   35.497261]  ? tsc_verify_tsc_adjust+0x109/0x380
[   35.501995]  ? mark_tsc_async_resets+0x20/0x20
[   35.506568]  ? sched_set_stop_task+0x290/0x290
[   35.511133]  ? update_ts_time_stats+0xb3/0x1e0
[   35.515694]  arch_cpu_idle+0x10/0x20
[   35.519387]  default_idle_call+0x6d/0x90
[   35.523425]  do_idle+0x3aa/0x570
[   35.526767]  ? retint_kernel+0x10/0x10
[   35.530632]  ? arch_cpu_idle_exit+0x70/0x70
[   35.534931]  cpu_startup_entry+0x10c/0x120
[   35.539144]  ? cpu_in_idle+0x20/0x20
[   35.542836]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   35.547834]  ? trace_hardirqs_on+0xd/0x10
[   35.551978]  rest_init+0xe1/0xe4
[   35.555332]  start_kernel+0x90e/0x949
[   35.559110]  ? mem_encrypt_init+0xb/0xb
[   35.563061]  ? early_idt_handler_common+0x3b/0x60
[   35.567887]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.573400]  ? x86_family+0x3e/0x50
[   35.577003]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.582519]  x86_64_start_reservations+0x29/0x2b
[   35.587262]  x86_64_start_kernel+0x76/0x79
[   35.591491]  secondary_startup_64+0xa4/0xb0
[   35.595793] Modules linked in:
[   35.598963] Dumping ftrace buffer:
[   35.602477]    (ftrace buffer empty)
[   35.606166] CR2: ffffffff8c3fadc8
[   35.609594] ---[ end trace 88e204b504fe4972 ]---
[   35.614343] RIP: 0010:depot_fetch_stack+0x10/0x30
[   35.619157] Code: e8 95 39 45 fe e9 b3 fd ff ff e8 8b 39 45 fe e9 55 fd ff ff 90 90 90 90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 c0 6d 43 8b 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 00 
[   35.638275] RSP: 0018:ffff8801dae079c0 EFLAGS: 00010006
[   35.643619] RAX: 00000000001f8801 RBX: ffff8801d77c0114 RCX: 0000000000000000
[   35.650868] RDX: 0000000000000000 RSI: ffff8801dae079c8 RDI: 0000000000003ff0
[   35.658115] RBP: ffff8801dae079f0 R08: ffffffff88e75dc0 R09: ffffed003b5c3ec2
[   35.665361] R10: ffffed003b5c3ec2 R11: ffff8801dae1f617 R12: ffff8801d77c00e0
[   35.672607] R13: ffff8801d77c00f8 R14: ffff8801da810dc0 R15: ffff8801d77c0108
[   35.679859] FS:  0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   35.688065] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.693934] CR2: ffffffff8c3fadc8 CR3: 00000001ad3ab000 CR4: 00000000001406f0
[   35.701183] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.708531] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   36.416122] Shutting down cpus with NMI
[   36.420671] Dumping ftrace buffer:
[   36.424198]    (ftrace buffer empty)
[   36.427885] Kernel Offset: disabled
[   36.431521] Rebooting in 86400 seconds..