[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   26.051939] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   30.096638] random: sshd: uninitialized urandom read (32 bytes read)
[   30.495326] random: sshd: uninitialized urandom read (32 bytes read)
[   31.037912] random: sshd: uninitialized urandom read (32 bytes read)
[  118.137419] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts.
[  123.677265] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/31 01:42:02 parsed 1 programs
[  124.885058] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/31 01:42:04 executed programs: 0
[  126.280618] IPVS: ftp: loaded support on port[0] = 21
[  126.498456] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.504979] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.512578] device bridge_slave_0 entered promiscuous mode
[  126.530543] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.537043] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.544367] device bridge_slave_1 entered promiscuous mode
[  126.560772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  126.577979] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  126.623447] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  126.643065] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  126.712848] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  126.720331] team0: Port device team_slave_0 added
[  126.735788] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  126.743077] team0: Port device team_slave_1 added
[  126.760065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  126.778591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  126.796458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  126.814384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  126.945819] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.952290] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.959084] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.965460] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.422887] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  127.429156] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.475410] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  127.485158] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  127.525217] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  127.531459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  127.538827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  127.580282] 8021q: adding VLAN 0 to HW filter on device team0
[  127.859962] ------------[ cut here ]------------
[  127.864805] usb usb1: BOGUS urb flags, 40 --> 0
[  127.869754] WARNING: CPU: 1 PID: 5061 at drivers/usb/core/urb.c:503 usb_submit_urb+0x719/0x14d0
[  127.878621] Kernel panic - not syncing: panic_on_warn set ...
[  127.878621] 
[  127.885995] CPU: 1 PID: 5061 Comm: syz-executor0 Not tainted 4.19.0-rc1-next-20180830+ #52
[  127.894395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  127.903734] Call Trace:
[  127.906310]  dump_stack+0x1c9/0x2b4
[  127.909924]  ? dump_stack_print_info.cold.2+0x52/0x52
[  127.915108]  panic+0x238/0x4e7
[  127.918293]  ? add_taint.cold.5+0x16/0x16
[  127.922432]  ? __warn.cold.8+0x148/0x1ba
[  127.926476]  ? __warn.cold.8+0x117/0x1ba
[  127.930533]  ? usb_submit_urb+0x719/0x14d0
[  127.934759]  __warn.cold.8+0x163/0x1ba
[  127.938640]  ? usb_submit_urb+0x719/0x14d0
[  127.942865]  report_bug+0x252/0x2d0
[  127.946565]  do_error_trap+0x1fc/0x4d0
[  127.950444]  ? math_error+0x3e0/0x3e0
[  127.954246]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  127.959075]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[  127.964190]  ? vprintk_func+0x81/0x117
[  127.968073]  ? printk+0xa7/0xcf
[  127.971342]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  127.976179]  do_invalid_op+0x1b/0x20
[  127.979883]  invalid_op+0x14/0x20
[  127.983322] RIP: 0010:usb_submit_urb+0x719/0x14d0
[  127.988154] Code: 06 fd 48 8b 45 d0 48 8d b8 a0 00 00 00 e8 7f d2 72 ff 45 89 e0 44 89 e9 4c 89 fa 48 89 c6 48 c7 c7 00 1a 7e 87 e8 e7 11 d1 fc <0f> 0b e8 30 56 06 fd 48 c7 c6 00 1b 7e 87 4c 89 f7 e8 71 57 06 fd
[  128.007095] RSP: 0018:ffff8801cdfc7278 EFLAGS: 00010282
[  128.012452] RAX: 0000000000000000 RBX: ffff8801cf31ea00 RCX: 0000000000000000
[  128.019710] RDX: 0000000000000000 RSI: ffffffff8163ac11 RDI: ffff8801cdfc6f68
[  128.026964] RBP: ffff8801cdfc72e8 R08: ffff8801cb490500 R09: 0000000000000006
[  128.034218] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  128.041482] R13: 0000000000000040 R14: 0000000000000000 R15: ffff8801ce9c6540
[  128.048755]  ? vprintk_func+0x81/0x117
[  128.052637]  ? usb_submit_urb+0x719/0x14d0
[  128.056856]  ? kasan_check_write+0x14/0x20
[  128.061085]  proc_do_submiturb+0x2669/0x3d70
[  128.065498]  ? free_async+0x490/0x490
[  128.069356]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  128.074892]  ? _copy_from_user+0xdf/0x150
[  128.079035]  proc_submiturb_compat+0x544/0x800
[  128.083605]  ? proc_do_submiturb+0x3d70/0x3d70
[  128.088290]  usbdev_do_ioctl+0x19a5/0x3b30
[  128.092667]  ? processcompl_compat+0x680/0x680
[  128.097353]  ? __pagevec_lru_add+0x30/0x30
[  128.101577]  ? graph_lock+0x170/0x170
[  128.105414]  ? kasan_check_read+0x11/0x20
[  128.109562]  ? rcu_is_watching+0x8c/0x150
[  128.113697]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  128.118881]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  128.124485]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  128.129584]  ? futex_wake+0x304/0x760
[  128.133387]  ? get_futex_key+0x2000/0x2000
[  128.137610]  ? graph_lock+0x170/0x170
[  128.141402]  ? trace_hardirqs_on+0xbd/0x2c0
[  128.145716]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[  128.150817]  ? do_futex+0x249/0x27d0
[  128.154532]  ? lock_downgrade+0x8f0/0x8f0
[  128.158687]  ? exit_robust_list+0x290/0x290
[  128.163005]  ? do_raw_spin_unlock+0xa7/0x2f0
[  128.167426]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  128.172017]  ? pte_val+0x100/0x100
[  128.175551]  ? kasan_check_write+0x14/0x20
[  128.179786]  ? do_raw_spin_lock+0xc1/0x200
[  128.184024]  ? _raw_spin_unlock+0x22/0x30
[  128.188182]  ? __handle_mm_fault+0x945/0x4350
[  128.192670]  ? vmf_insert_mixed_mkwrite+0xa0/0xa0
[  128.197511]  ? graph_lock+0x170/0x170
[  128.201321]  ? graph_lock+0x170/0x170
[  128.205133]  ? find_held_lock+0x36/0x1c0
[  128.209190]  usbdev_ioctl+0x25/0x30
[  128.212808]  ? usbdev_compat_ioctl+0x30/0x30
[  128.217227]  do_vfs_ioctl+0x1de/0x1720
[  128.221110]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  128.226638]  ? ioctl_preallocate+0x300/0x300
[  128.231036]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  128.236563]  ? __fget_light+0x2f7/0x440
[  128.240536]  ? __handle_mm_fault+0x4350/0x4350
[  128.245122]  ? fget_raw+0x20/0x20
[  128.248593]  ? __x64_sys_futex+0x47f/0x6a0
[  128.252819]  ? do_syscall_64+0x9a/0x820
[  128.256856]  ? do_syscall_64+0x9a/0x820
[  128.260842]  ? lockdep_hardirqs_on+0x421/0x5c0
[  128.265446]  ? security_file_ioctl+0x94/0xc0
[  128.269875]  ksys_ioctl+0xa9/0xd0
[  128.273335]  __x64_sys_ioctl+0x73/0xb0
[  128.277236]  do_syscall_64+0x1b9/0x820
[  128.281120]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  128.286476]  ? syscall_return_slowpath+0x5e0/0x5e0
[  128.291411]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  128.296268]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[  128.301282]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  128.306295]  ? prepare_exit_to_usermode+0x291/0x3b0
[  128.311301]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  128.316137]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  128.321335] RIP: 0033:0x457089
[  128.324527] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  128.343420] RSP: 002b:00007ffe421857c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  128.351118] RAX: ffffffffffffffda RBX: 000000000142b914 RCX: 0000000000457089
[  128.358402] RDX: 0000000020000080 RSI: 00000000802c550a RDI: 0000000000000003
[  128.365661] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  128.372928] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  128.380216] R13: 00000000004cf368 R14: 00000000004c57eb R15: 0000000000000000
[  128.387920] Dumping ftrace buffer:
[  128.391552]    (ftrace buffer empty)
[  128.395250] Kernel Offset: disabled
[  128.398866] Rebooting in 86400 seconds..