[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.356797] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.823476] random: sshd: uninitialized urandom read (32 bytes read)
[   19.280715] random: sshd: uninitialized urandom read (32 bytes read)
[   19.926926] random: sshd: uninitialized urandom read (32 bytes read)
[   20.064148] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
[   25.594154] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   25.685532] IPVS: ftp: loaded support on port[0] = 21
[   25.712512] ==================================================================
[   25.719922] BUG: KASAN: slab-out-of-bounds in find_first_bit+0xf7/0x100
[   25.726665] Read of size 8 at addr ffff8801d7fda1d0 by task syz-executor234/4448
[   25.734182] 
[   25.735802] CPU: 1 PID: 4448 Comm: syz-executor234 Not tainted 4.18.0-rc3-next-20180706+ #1
[   25.744275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.753619] Call Trace:
[   25.756200]  dump_stack+0x1c9/0x2b4
[   25.759820]  ? dump_stack_print_info.cold.2+0x52/0x52
[   25.765003]  ? printk+0xa7/0xcf
[   25.768272]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   25.773105]  ? find_first_bit+0xf7/0x100
[   25.777151]  print_address_description+0x6c/0x20b
[   25.781980]  ? find_first_bit+0xf7/0x100
[   25.786035]  kasan_report.cold.7+0x242/0x30d
[   25.790427]  __asan_report_load8_noabort+0x14/0x20
[   25.795351]  find_first_bit+0xf7/0x100
[   25.799229]  shrink_slab+0x5d0/0xdb0
[   25.802930]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   25.808479]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   25.814108]  ? shrink_active_list+0x1830/0x1830
[   25.818767]  ? save_stack+0xa9/0xd0
[   25.822393]  ? save_stack+0x43/0xd0
[   25.826008]  ? kernfs_fop_open+0xa7f/0x1020
[   25.830326]  ? do_dentry_open+0xa7d/0x11c0
[   25.834556]  ? trace_hardirqs_on+0x10/0x10
[   25.838777]  shrink_node+0x429/0x16a0
[   25.842575]  ? shrink_node_memcg+0x18f0/0x18f0
[   25.847152]  ? kvm_clock_read+0x25/0x30
[   25.851113]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   25.856148]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[   25.860664]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   25.865724]  do_try_to_free_pages+0x3e7/0x1290
[   25.870293]  ? shrink_node+0x16a0/0x16a0
[   25.874347]  ? check_same_owner+0x340/0x340
[   25.878660]  ? trace_hardirqs_on+0x10/0x10
[   25.882912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   25.888449]  ? _parse_integer+0x13b/0x190
[   25.892596]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   25.898130]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[   25.903308]  ? pointer_string+0x1b0/0x1b0
[   25.907439]  ? try_to_free_pages+0xb80/0xb80
[   25.911830]  ? memparse+0x171/0x1d0
[   25.915449]  ? get_options+0x380/0x380
[   25.919326]  ? kasan_kmalloc+0xc4/0xe0
[   25.923201]  ? __kmalloc+0x14e/0x760
[   25.926908]  ? kernfs_fop_write+0x33d/0x480
[   25.931208]  ? __vfs_write+0x117/0x9f0
[   25.935080]  ? vfs_write+0x1fc/0x560
[   25.938789]  ? ksys_write+0x101/0x260
[   25.942581]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   25.948110]  ? page_counter_memparse+0xb5/0x1e0
[   25.952783]  ? page_counter_set_low+0x180/0x180
[   25.957438]  ? cgroup_control+0x180/0x180
[   25.961587]  memory_high_write+0x283/0x310
[   25.965822]  ? mem_cgroup_css_released+0x140/0x140
[   25.970767]  ? lock_acquire+0x1e4/0x540
[   25.974728]  ? __might_fault+0x12b/0x1e0
[   25.978779]  cgroup_file_write+0x31f/0x840
[   25.983000]  ? mem_cgroup_css_released+0x140/0x140
[   25.987934]  ? cgroup_migrate_add_task+0xcd0/0xcd0
[   25.992859]  ? __might_fault+0x1a3/0x1e0
[   25.996927]  ? cgroup_migrate_add_task+0xcd0/0xcd0
[   26.001856]  kernfs_fop_write+0x2ba/0x480
[   26.006005]  __vfs_write+0x117/0x9f0
[   26.009711]  ? kernfs_fop_open+0x1020/0x1020
[   26.014099]  ? kernel_read+0x120/0x120
[   26.017977]  ? lock_release+0xa30/0xa30
[   26.021932]  ? check_same_owner+0x340/0x340
[   26.026235]  ? rcu_note_context_switch+0x730/0x730
[   26.031166]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.036695]  ? __sb_start_write+0x17f/0x300
[   26.041016]  vfs_write+0x1fc/0x560
[   26.044547]  ksys_write+0x101/0x260
[   26.048168]  ? __ia32_sys_read+0xb0/0xb0
[   26.052218]  __x64_sys_write+0x73/0xb0
[   26.056091]  do_syscall_64+0x1b9/0x820
[   26.059986]  ? syscall_return_slowpath+0x5e0/0x5e0
[   26.064900]  ? syscall_return_slowpath+0x31d/0x5e0
[   26.069813]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   26.074811]  ? prepare_exit_to_usermode+0x291/0x3b0
[   26.079819]  ? perf_trace_sys_enter+0xb10/0xb10
[   26.084481]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.089308]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.094489] RIP: 0033:0x4419d9
[   26.097664] Code: e8 ec b5 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   26.116960] RSP: 002b:00007ffcb3401d88 EFLAGS: 00000217 ORIG_RAX: 0000000000000001
[   26.124662] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9
[   26.131929] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000004
[   26.139195] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000006
[   26.146449] R10: 0000000000000006 R11: 0000000000000217 R12: 0000000000000000
[   26.153714] R13: 6c616b7a79732f2e R14: 0000000000000000 R15: 0000000000000000
[   26.160997] 
[   26.162628] Allocated by task 4447:
[   26.166242]  save_stack+0x43/0xd0
[   26.169699]  kasan_kmalloc+0xc4/0xe0
[   26.173397]  __kmalloc_node+0x47/0x70
[   26.177193]  kvmalloc_node+0x65/0xf0
[   26.180890]  mem_cgroup_css_online+0x169/0x3c0
[   26.185466]  online_css+0x10c/0x350
[   26.189079]  cgroup_apply_control_enable+0x777/0xe90
[   26.194170]  cgroup_mkdir+0x88a/0x1170
[   26.198070]  kernfs_iop_mkdir+0x159/0x1e0
[   26.202210]  vfs_mkdir+0x42e/0x6b0
[   26.205736]  do_mkdirat+0x27b/0x310
[   26.209348]  __x64_sys_mkdir+0x5c/0x80
[   26.213226]  do_syscall_64+0x1b9/0x820
[   26.217095]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.222268] 
[   26.223872] Freed by task 2761:
[   26.227143]  save_stack+0x43/0xd0
[   26.230581]  __kasan_slab_free+0x11a/0x170
[   26.234802]  kasan_slab_free+0xe/0x10
[   26.238587]  kfree+0xd9/0x260
[   26.241680]  single_release+0x8f/0xb0
[   26.245470]  __fput+0x35d/0x930
[   26.248739]  ____fput+0x15/0x20
[   26.252000]  task_work_run+0x1ec/0x2a0
[   26.255883]  exit_to_usermode_loop+0x313/0x370
[   26.260465]  do_syscall_64+0x6be/0x820
[   26.264346]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.269516] 
[   26.271131] The buggy address belongs to the object at ffff8801d7fda1c0
[   26.271131]  which belongs to the cache kmalloc-32 of size 32
[   26.283607] The buggy address is located 16 bytes inside of
[   26.283607]  32-byte region [ffff8801d7fda1c0, ffff8801d7fda1e0)
[   26.295290] The buggy address belongs to the page:
[   26.300205] page:ffffea00075ff680 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d7fdafc1
[   26.309640] flags: 0x2fffc0000000100(slab)
[   26.313873] raw: 02fffc0000000100 ffffea00075f5d88 ffffea00076079c8 ffff8801da8001c0
[   26.321913] raw: ffff8801d7fdafc1 ffff8801d7fda000 0000000100000039 0000000000000000
[   26.329772] page dumped because: kasan: bad access detected
[   26.335458] 
[   26.337062] Memory state around the buggy address:
[   26.341981]  ffff8801d7fda080: 00 03 fc fc fc fc fc fc 00 03 fc fc fc fc fc fc
[   26.349331]  ffff8801d7fda100: 00 07 fc fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   26.356681] >ffff8801d7fda180: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc
[   26.364190]                                                  ^
[   26.370144]  ffff8801d7fda200: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   26.377493]  ffff8801d7fda280: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   26.384833] ==================================================================
[   26.392297] Kernel panic - not syncing: panic_on_warn set ...
[   26.392297] 
[   26.399676] CPU: 1 PID: 4448 Comm: syz-executor234 Tainted: G    B             4.18.0-rc3-next-20180706+ #1
[   26.409548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.418881] Call Trace:
[   26.421455]  dump_stack+0x1c9/0x2b4
[   26.425064]  ? dump_stack_print_info.cold.2+0x52/0x52
[   26.430243]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.434999]  panic+0x238/0x4e7
[   26.438196]  ? add_taint.cold.5+0x16/0x16
[   26.442340]  ? do_raw_spin_unlock+0xa7/0x2f0
[   26.446733]  ? find_first_bit+0xf7/0x100
[   26.450784]  kasan_end_report+0x47/0x4f
[   26.454763]  kasan_report.cold.7+0x76/0x30d
[   26.459075]  __asan_report_load8_noabort+0x14/0x20
[   26.463997]  find_first_bit+0xf7/0x100
[   26.467882]  shrink_slab+0x5d0/0xdb0
[   26.471582]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   26.477112]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   26.482735]  ? shrink_active_list+0x1830/0x1830
[   26.487401]  ? save_stack+0xa9/0xd0
[   26.491035]  ? save_stack+0x43/0xd0
[   26.494656]  ? kernfs_fop_open+0xa7f/0x1020
[   26.498965]  ? do_dentry_open+0xa7d/0x11c0
[   26.503188]  ? trace_hardirqs_on+0x10/0x10
[   26.507412]  shrink_node+0x429/0x16a0
[   26.511206]  ? shrink_node_memcg+0x18f0/0x18f0
[   26.515784]  ? kvm_clock_read+0x25/0x30
[   26.519744]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.524744]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[   26.529225]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.534245]  do_try_to_free_pages+0x3e7/0x1290
[   26.538825]  ? shrink_node+0x16a0/0x16a0
[   26.542877]  ? check_same_owner+0x340/0x340
[   26.547197]  ? trace_hardirqs_on+0x10/0x10
[   26.551422]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.556974]  ? _parse_integer+0x13b/0x190
[   26.561116]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   26.566657]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[   26.571844]  ? pointer_string+0x1b0/0x1b0
[   26.575984]  ? try_to_free_pages+0xb80/0xb80
[   26.580389]  ? memparse+0x171/0x1d0
[   26.584019]  ? get_options+0x380/0x380
[   26.587903]  ? kasan_kmalloc+0xc4/0xe0
[   26.591776]  ? __kmalloc+0x14e/0x760
[   26.595481]  ? kernfs_fop_write+0x33d/0x480
[   26.599794]  ? __vfs_write+0x117/0x9f0
[   26.603679]  ? vfs_write+0x1fc/0x560
[   26.607382]  ? ksys_write+0x101/0x260
[   26.611167]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   26.616686]  ? page_counter_memparse+0xb5/0x1e0
[   26.621340]  ? page_counter_set_low+0x180/0x180
[   26.625998]  ? cgroup_control+0x180/0x180
[   26.630148]  memory_high_write+0x283/0x310
[   26.634381]  ? mem_cgroup_css_released+0x140/0x140
[   26.639303]  ? lock_acquire+0x1e4/0x540
[   26.643267]  ? __might_fault+0x12b/0x1e0
[   26.647325]  cgroup_file_write+0x31f/0x840
[   26.651549]  ? mem_cgroup_css_released+0x140/0x140
[   26.656468]  ? cgroup_migrate_add_task+0xcd0/0xcd0
[   26.661417]  ? __might_fault+0x1a3/0x1e0
[   26.665472]  ? cgroup_migrate_add_task+0xcd0/0xcd0
[   26.670390]  kernfs_fop_write+0x2ba/0x480
[   26.674522]  __vfs_write+0x117/0x9f0
[   26.678228]  ? kernfs_fop_open+0x1020/0x1020
[   26.682617]  ? kernel_read+0x120/0x120
[   26.686510]  ? lock_release+0xa30/0xa30
[   26.690475]  ? check_same_owner+0x340/0x340
[   26.694791]  ? rcu_note_context_switch+0x730/0x730
[   26.699717]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.705239]  ? __sb_start_write+0x17f/0x300
[   26.709551]  vfs_write+0x1fc/0x560
[   26.713090]  ksys_write+0x101/0x260
[   26.716706]  ? __ia32_sys_read+0xb0/0xb0
[   26.720757]  __x64_sys_write+0x73/0xb0
[   26.724630]  do_syscall_64+0x1b9/0x820
[   26.728502]  ? syscall_return_slowpath+0x5e0/0x5e0
[   26.733425]  ? syscall_return_slowpath+0x31d/0x5e0
[   26.738340]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   26.743350]  ? prepare_exit_to_usermode+0x291/0x3b0
[   26.748350]  ? perf_trace_sys_enter+0xb10/0xb10
[   26.753035]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.757865]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.763043] RIP: 0033:0x4419d9
[   26.766209] Code: e8 ec b5 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   26.785365] RSP: 002b:00007ffcb3401d88 EFLAGS: 00000217 ORIG_RAX: 0000000000000001
[   26.793066] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419d9
[   26.800326] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000004
[   26.807587] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000006
[   26.814846] R10: 0000000000000006 R11: 0000000000000217 R12: 0000000000000000
[   26.822099] R13: 6c616b7a79732f2e R14: 0000000000000000 R15: 0000000000000000
[   26.829924] Dumping ftrace buffer:
[   26.833546]    (ftrace buffer empty)
[   26.837255] Kernel Offset: disabled
[   26.840872] Rebooting in 86400 seconds..