[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 5.763525] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.184173] random: sshd: uninitialized urandom read (32 bytes read) [ 18.588384] random: sshd: uninitialized urandom read (32 bytes read) [ 18.851130] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. [ 24.433286] urandom_read: 1 callbacks suppressed [ 24.433287] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/09 13:15:41 parsed 1 programs [ 25.376597] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/09 13:15:43 executed programs: 0 [ 26.523326] IPVS: ftp: loaded support on port[0] = 21 [ 26.543664] ip (4044) used greatest stack depth: 10344 bytes left [ 26.566338] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.572677] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.579190] device bridge_slave_0 entered promiscuous mode [ 26.587126] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.593559] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.599998] device bridge_slave_1 entered promiscuous mode [ 26.607837] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 26.616674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 26.629529] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 26.639308] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 26.656667] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 26.663497] team0: Port device team_slave_0 added [ 26.670591] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 26.677364] team0: Port device team_slave_1 added [ 26.684235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 26.693289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 26.702387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.711730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.739369] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.745686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.752276] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.758589] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.836541] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 26.842647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.855932] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 26.868920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.875616] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 26.887627] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 26.893696] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.950507] FAULT_INJECTION: forcing a failure. [ 26.950507] name failslab, interval 1, probability 0, space 0, times 1 [ 26.961706] CPU: 1 PID: 4290 Comm: syz-executor0 Not tainted 4.18.0-rc8+ #32 [ 26.968865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.978195] Call Trace: [ 26.980761] dump_stack+0xae/0xf0 [ 26.984190] should_fail+0x144/0x230 [ 26.987872] ? __should_failslab+0x67/0x90 [ 26.992209] __should_failslab+0x7e/0x90 [ 26.996241] should_failslab+0x9/0x20 [ 27.000007] __kmalloc+0x61/0x250 [ 27.003502] ? skb_page_frag_refill+0x7f/0x110 [ 27.008116] tls_push_record+0x48/0x470 [ 27.012067] tls_sw_sendpage+0x380/0x4d0 [ 27.016099] ? trim_sg+0x1a0/0x1a0 [ 27.019668] inet_sendpage+0x11d/0x1c0 [ 27.023547] ? inet_sendmsg+0x170/0x170 [ 27.027536] sock_sendpage+0x63/0x90 [ 27.031225] ? sock_fasync+0x90/0x90 [ 27.034911] pipe_to_sendpage+0x93/0xb0 [ 27.038859] __splice_from_pipe+0xdd/0x2a0 [ 27.043066] ? generic_splice_sendpage+0x90/0x90 [ 27.047800] generic_splice_sendpage+0x6e/0x90 [ 27.052420] direct_splice_actor+0x42/0x50 [ 27.056696] splice_direct_to_actor+0x174/0x350 [ 27.061340] ? do_splice_direct+0xe0/0xe0 [ 27.065456] do_splice_direct+0x87/0xe0 [ 27.069475] do_sendfile+0x424/0x680 [ 27.073199] __x64_sys_sendfile64+0x59/0xb0 [ 27.077556] do_syscall_64+0x61/0x90 [ 27.081244] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.086403] RIP: 0033:0x456d89 [ 27.089561] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.108556] RSP: 002b:0000000000a3fb98 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 27.116287] RAX: ffffffffffffffda RBX: 0000000002240914 RCX: 0000000000456d89 [ 27.123575] RDX: 0000000020000280 RSI: 0000000000000005 RDI: 0000000000000003 [ 27.130823] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 [ 27.138146] R10: 000000000000ee78 R11: 0000000000000246 R12: 0000000000000006 [ 27.145395] R13: 00000000004d34c0 R14: 00000000004c823e R15: 000000000000000d [ 27.247309] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 27.255278] PGD 8000000208b5a067 P4D 8000000208b5a067 PUD 204c78067 PMD 0 [ 27.262266] Oops: 0000 [#1] SMP PTI [ 27.265861] CPU: 1 PID: 4290 Comm: syz-executor0 Not tainted 4.18.0-rc8+ #32 [ 27.273423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.282764] RIP: 0010:blkcipher_walk_done+0x18e/0x290 [ 27.287925] Code: 45 28 49 8b 5d 38 8b 43 0c 03 43 08 41 39 45 40 73 07 e8 05 f5 83 ff eb 18 e8 fe f4 83 ff 48 89 df e8 b6 74 0d 00 49 89 45 38 <8b> 40 08 41 89 45 40 45 89 7d 48 45 89 7d 30 41 f6 46 11 02 75 07 [ 27.306920] RSP: 0018:ffff880200c7b948 EFLAGS: 00010246 [ 27.312256] RAX: 0000000000000000 RBX: ffff880203276a70 RCX: ffff88020327b700 [ 27.319500] RDX: 0000000000000000 RSI: ffff880200c7b9a0 RDI: ffff880203276a70 [ 27.326750] RBP: ffff880200c7b970 R08: ffff880208b5f8ec R09: 0000000000000005 [ 27.334044] R10: 000000000000330b R11: 00000000a459bcb9 R12: 0000000000000010 [ 27.341297] R13: ffff880200c7b9a0 R14: ffff880200c7ba88 R15: 000000000000000e [ 27.348544] FS: 0000000002240940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 27.356795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.362655] CR2: 0000000000000008 CR3: 000000020c40a000 CR4: 00000000001406e0 [ 27.369978] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.377229] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.384542] Call Trace: [ 27.387110] crypto_ctr_crypt+0x21c/0x250 [ 27.391231] ? aesti_set_key+0x680/0x680 [ 27.395381] ? scatterwalk_ffwd+0x53/0xe0 [ 27.399639] skcipher_encrypt_blkcipher+0x49/0x50 [ 27.404467] crypto_gcm_encrypt+0xd1/0x160 [ 27.408681] tls_push_record+0x1f0/0x470 [ 27.412718] tls_sw_sendpage+0x380/0x4d0 [ 27.416903] ? trim_sg+0x1a0/0x1a0 [ 27.420422] inet_sendpage+0x11d/0x1c0 [ 27.424286] ? inet_sendmsg+0x170/0x170 [ 27.428233] sock_sendpage+0x63/0x90 [ 27.431918] ? sock_fasync+0x90/0x90 [ 27.435609] pipe_to_sendpage+0x93/0xb0 [ 27.439638] __splice_from_pipe+0xdd/0x2a0 [ 27.443855] ? generic_splice_sendpage+0x90/0x90 [ 27.448587] generic_splice_sendpage+0x6e/0x90 [ 27.453140] direct_splice_actor+0x42/0x50 [ 27.457345] splice_direct_to_actor+0x174/0x350 [ 27.461986] ? do_splice_direct+0xe0/0xe0 [ 27.466239] do_splice_direct+0x87/0xe0 [ 27.470188] do_sendfile+0x424/0x680 [ 27.473872] __x64_sys_sendfile64+0x59/0xb0 [ 27.478222] do_syscall_64+0x61/0x90 [ 27.481912] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.487233] RIP: 0033:0x456d89 [ 27.490400] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.509402] RSP: 002b:0000000000a3fb98 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 27.517084] RAX: ffffffffffffffda RBX: 0000000002240914 RCX: 0000000000456d89 [ 27.524326] RDX: 0000000020000280 RSI: 0000000000000005 RDI: 0000000000000003 [ 27.531566] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 [ 27.538890] R10: 000000000000ee78 R11: 0000000000000246 R12: 0000000000000006 [ 27.546128] R13: 00000000004d34c0 R14: 00000000004c823e R15: 000000000000000d [ 27.553369] Modules linked in: [ 27.556533] Dumping ftrace buffer: [ 27.560037] (ftrace buffer empty) [ 27.563720] CR2: 0000000000000008 [ 27.567249] ---[ end trace 39db34959e64e8eb ]--- [ 27.571989] RIP: 0010:blkcipher_walk_done+0x18e/0x290 [ 27.577176] Code: 45 28 49 8b 5d 38 8b 43 0c 03 43 08 41 39 45 40 73 07 e8 05 f5 83 ff eb 18 e8 fe f4 83 ff 48 89 df e8 b6 74 0d 00 49 89 45 38 <8b> 40 08 41 89 45 40 45 89 7d 48 45 89 7d 30 41 f6 46 11 02 75 07 [ 27.596194] RSP: 0018:ffff880200c7b948 EFLAGS: 00010246 [ 27.601711] RAX: 0000000000000000 RBX: ffff880203276a70 RCX: ffff88020327b700 [ 27.609875] RDX: 0000000000000000 RSI: ffff880200c7b9a0 RDI: ffff880203276a70 [ 27.617146] RBP: ffff880200c7b970 R08: ffff880208b5f8ec R09: 0000000000000005 [ 27.624393] R10: 000000000000330b R11: 00000000a459bcb9 R12: 0000000000000010 [ 27.631659] R13: ffff880200c7b9a0 R14: ffff880200c7ba88 R15: 000000000000000e [ 27.638915] FS: 0000000002240940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 27.647143] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.653123] CR2: 0000000000000008 CR3: 000000020c40a000 CR4: 00000000001406e0 [ 27.660402] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.667672] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.675101] Kernel panic - not syncing: Fatal exception [ 27.680535] Dumping ftrace buffer: [ 27.684135] (ftrace buffer empty) [ 27.687827] Kernel Offset: disabled [ 27.691432] Rebooting in 86400 seconds..