[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.023520] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.711767] random: sshd: uninitialized urandom read (32 bytes read)
[   23.091542] random: sshd: uninitialized urandom read (32 bytes read)
[   23.980561] random: sshd: uninitialized urandom read (32 bytes read)
[   24.133485] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts.
[   29.572335] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/11 16:18:19 parsed 1 programs
[   31.456650] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/11 16:18:21 executed programs: 0
[   32.723252] IPVS: ftp: loaded support on port[0] = 21
[   32.924742] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.931255] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.939286] device bridge_slave_0 entered promiscuous mode
[   32.955969] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.962386] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.969967] device bridge_slave_1 entered promiscuous mode
[   32.985769] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   33.001820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   33.044668] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   33.062934] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   33.128112] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   33.135623] team0: Port device team_slave_0 added
[   33.151875] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   33.159074] team0: Port device team_slave_1 added
[   33.174245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   33.191901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   33.208931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   33.227292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   33.347645] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.354163] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.361270] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.367636] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.800388] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.806514] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.850655] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.890234] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   33.905328] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.911534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.918696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.960006] 8021q: adding VLAN 0 to HW filter on device team0
[   34.222803] BUG: unable to handle kernel paging request at ffffebe000000008
[   34.229959] PGD 0 P4D 0 
[   34.232621] Oops: 0000 [#1] SMP KASAN
[   34.236401] CPU: 0 PID: 4839 Comm: syz-executor0 Not tainted 4.18.0-rc4+ #44
[   34.243562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.252904] RIP: 0010:kfree+0xa0/0x260
[   34.256771] Code: 82 cb 01 00 00 48 ba 00 00 00 80 ff 77 00 00 48 01 c2 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 <48> 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 49 63 75 74 
[   34.275897] RSP: 0018:ffff8801cfcaf4e0 EFLAGS: 00010086
[   34.281242] RAX: ffffea0000000000 RBX: 0000000000000286 RCX: 0000000000000000
[   34.288490] RDX: ffffebe000000000 RSI: 0000000000000000 RDI: 0000000000000286
[   34.295761] RBP: ffff8801cfcaf500 R08: ffffed003b5c46d7 R09: ffffed003b5c46d6
[   34.303029] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: 0000000000000286
[   34.310293] R13: ffffffff8766d6c3 R14: ffff8801cfcaf650 R15: ffff8801aa991640
[   34.317552] FS:  0000000000000000(0000) GS:ffff8801dae00000(0063) knlGS:000000000917f900
[   34.325755] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   34.331614] CR2: ffffebe000000008 CR3: 00000001d71a4000 CR4: 00000000001406f0
[   34.339132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.346380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.353626] Call Trace:
[   34.356211]  p9_client_create+0xf43/0x16c9
[   34.360428]  ? p9_client_read+0xc60/0xc60
[   34.364557]  ? find_held_lock+0x36/0x1c0
[   34.368611]  ? __lockdep_init_map+0x105/0x590
[   34.373089]  ? kasan_check_write+0x14/0x20
[   34.377302]  ? __init_rwsem+0x1cc/0x2a0
[   34.381256]  ? do_raw_write_unlock.cold.8+0x49/0x49
[   34.386254]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.391249]  ? __kmalloc_track_caller+0x5f5/0x760
[   34.396077]  ? save_stack+0xa9/0xd0
[   34.399690]  ? save_stack+0x43/0xd0
[   34.403295]  ? kasan_kmalloc+0xc4/0xe0
[   34.407176]  ? memcpy+0x45/0x50
[   34.410442]  v9fs_session_init+0x21a/0x1a80
[   34.414746]  ? find_held_lock+0x36/0x1c0
[   34.418788]  ? v9fs_show_options+0x7e0/0x7e0
[   34.423182]  ? kasan_check_read+0x11/0x20
[   34.427313]  ? rcu_is_watching+0x8c/0x150
[   34.431437]  ? rcu_pm_notify+0xc0/0xc0
[   34.435302]  ? rcu_pm_notify+0xc0/0xc0
[   34.439178]  ? v9fs_mount+0x61/0x900
[   34.442873]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.447871]  ? kmem_cache_alloc_trace+0x616/0x780
[   34.452704]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   34.458222]  v9fs_mount+0x7c/0x900
[   34.461744]  mount_fs+0xae/0x328
[   34.465098]  vfs_kern_mount.part.34+0xdc/0x4e0
[   34.469660]  ? may_umount+0xb0/0xb0
[   34.473272]  ? _raw_read_unlock+0x22/0x30
[   34.477396]  ? __get_fs_type+0x97/0xc0
[   34.481265]  do_mount+0x581/0x30e0
[   34.484787]  ? copy_mount_string+0x40/0x40
[   34.489015]  ? copy_mount_options+0x5f/0x380
[   34.493417]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.498417]  ? kmem_cache_alloc_trace+0x616/0x780
[   34.503249]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.508766]  ? _copy_from_user+0xdf/0x150
[   34.512895]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.518427]  ? copy_mount_options+0x285/0x380
[   34.522911]  __ia32_compat_sys_mount+0x5d5/0x860
[   34.527656]  do_fast_syscall_32+0x34d/0xfb2
[   34.531962]  ? do_int80_syscall_32+0x890/0x890
[   34.536526]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.541306]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.546837]  ? syscall_return_slowpath+0x31d/0x5e0
[   34.551754]  ? sysret32_from_system_call+0x5/0x46
[   34.556586]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.561411]  entry_SYSENTER_compat+0x70/0x7f
[   34.565813] RIP: 0023:0xf7f8dcb9
[   34.569152] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   34.588362] RSP: 002b:00000000ff97219c EFLAGS: 00000286 ORIG_RAX: 0000000000000015
[   34.596063] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0
[   34.603323] RDX: 0000000020000340 RSI: 0000000000000000 RDI: 0000000020000540
[   34.610585] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   34.617852] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   34.625110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.632369] Modules linked in:
[   34.635544] Dumping ftrace buffer:
[   34.639067]    (ftrace buffer empty)
[   34.642764] CR2: ffffebe000000008
[   34.646198] ---[ end trace 815b82c2dc5dd5e7 ]---
[   34.650941] RIP: 0010:kfree+0xa0/0x260
[   34.654818] Code: 82 cb 01 00 00 48 ba 00 00 00 80 ff 77 00 00 48 01 c2 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 <48> 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 49 63 75 74 
[   34.673944] RSP: 0018:ffff8801cfcaf4e0 EFLAGS: 00010086
[   34.679287] RAX: ffffea0000000000 RBX: 0000000000000286 RCX: 0000000000000000
[   34.686533] RDX: ffffebe000000000 RSI: 0000000000000000 RDI: 0000000000000286
[   34.693779] RBP: ffff8801cfcaf500 R08: ffffed003b5c46d7 R09: ffffed003b5c46d6
[   34.701041] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: 0000000000000286
[   34.708290] R13: ffffffff8766d6c3 R14: ffff8801cfcaf650 R15: ffff8801aa991640
[   34.715543] FS:  0000000000000000(0000) GS:ffff8801dae00000(0063) knlGS:000000000917f900
[   34.723749] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   34.729612] CR2: ffffebe000000008 CR3: 00000001d71a4000 CR4: 00000000001406f0
[   34.736881] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.744218] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.751466] Kernel panic - not syncing: Fatal exception
[   34.757313] Dumping ftrace buffer:
[   34.760829]    (ftrace buffer empty)
[   34.764515] Kernel Offset: disabled
[   34.768122] Rebooting in 86400 seconds..