[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.629377] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.544673] random: sshd: uninitialized urandom read (32 bytes read)
[   23.854381] random: sshd: uninitialized urandom read (32 bytes read)
[   24.603603] random: sshd: uninitialized urandom read (32 bytes read)
[   24.754888] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts.
[   30.174218] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/08 01:15:09 parsed 1 programs
[   31.574071] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/08 01:15:11 executed programs: 0
[   32.630250] IPVS: ftp: loaded support on port[0] = 21
[   32.751312] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.757853] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.765352] device bridge_slave_0 entered promiscuous mode
[   32.781961] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.788370] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.795542] device bridge_slave_1 entered promiscuous mode
[   32.811387] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   32.826937] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   32.866792] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   32.884269] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   32.902627] ip (4575) used greatest stack depth: 17016 bytes left
[   32.946806] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   32.954462] team0: Port device team_slave_0 added
[   32.969067] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   32.976290] team0: Port device team_slave_1 added
[   32.991920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   33.008503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   33.024639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   33.041084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   33.119972] ip (4611) used greatest stack depth: 16344 bytes left
[   33.155710] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.162151] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.169139] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.175502] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.570832] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.576946] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.616429] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.656538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.664339] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   33.701498] 8021q: adding VLAN 0 to HW filter on device team0
[   33.938257] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[   33.946286] PGD 1b2f8b067 P4D 1b2f8b067 PUD 1b290b067 PMD 0 
[   33.952078] Oops: 0010 [#1] SMP KASAN
[   33.955946] CPU: 0 PID: 4781 Comm: syz-executor0 Not tainted 4.17.0+ #114
[   33.962847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.972181] RIP: 0010:          (null)
[   33.976045] Code: Bad RIP value.
[   33.979397] RSP: 0018:ffff8801d6717350 EFLAGS: 00010246
[   33.984739] RAX: 0000000000000000 RBX: ffff8801d6ec1800 RCX: 1ffffffff10ea5ed
[   33.991985] RDX: ffff8801d6717bb0 RSI: ffff8801d4f3c0c0 RDI: ffff8801d9bbecc0
[   33.999237] RBP: ffff8801d67174c0 R08: ffff8801d22b4c78 R09: 0000000000000006
[   34.006486] R10: ffff8801d22b4440 R11: 0000000000000000 R12: 1ffff1003ace2e6f
[   34.013738] R13: ffff8801d6717bb0 R14: ffff8801d6ec1812 R15: ffff8801d6ec1c58
[   34.020990] FS:  0000000000000000(0000) GS:ffff8801dae00000(0063) knlGS:0000000008b38900
[   34.029207] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   34.035153] CR2: ffffffffffffffd6 CR3: 00000001d7b3d000 CR4: 00000000001406f0
[   34.042403] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.049662] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.056918] Call Trace:
[   34.059487]  ? smc_poll+0x211/0xdd0
[   34.063096]  ? __smc_connect+0xa90/0xa90
[   34.067140]  ? save_stack+0x43/0xd0
[   34.070747]  ? kasan_kmalloc+0xc4/0xe0
[   34.074623]  ? kasan_slab_alloc+0x12/0x20
[   34.078762]  ? kmem_cache_alloc+0x12e/0x760
[   34.083062]  ? ep_insert+0x270/0x1c00
[   34.086842]  ? __ia32_sys_epoll_ctl+0xef1/0x10f0
[   34.091578]  ? do_fast_syscall_32+0x345/0xf9b
[   34.096054]  ? entry_SYSENTER_compat+0x70/0x7f
[   34.100620]  ? graph_lock+0x170/0x170
[   34.104402]  ? percpu_ref_tryget+0x2b0/0x2b0
[   34.108792]  ? find_held_lock+0x36/0x1c0
[   34.112839]  ? print_usage_bug+0xc0/0xc0
[   34.116887]  sock_poll+0x1d1/0x710
[   34.120502]  ? __smc_connect+0xa90/0xa90
[   34.124544]  ? sock_get_poll_head+0x460/0x460
[   34.129031]  ? sock_get_poll_head+0x460/0x460
[   34.133517]  vfs_poll+0x77/0x2a0
[   34.136863]  ep_item_poll.isra.15+0x2c1/0x390
[   34.141340]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.146335]  ? ep_eventpoll_poll+0x1f0/0x1f0
[   34.150733]  ? ep_insert+0x270/0x1c00
[   34.154513]  ep_insert+0x6b8/0x1c00
[   34.158212]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.163384]  ? ep_send_events_proc+0xee0/0xee0
[   34.167947]  ? lock_release+0xa10/0xa10
[   34.171902]  ? check_same_owner+0x320/0x320
[   34.176207]  ? rcu_note_context_switch+0x710/0x710
[   34.181117]  ? __might_sleep+0x95/0x190
[   34.185072]  ? kasan_check_write+0x14/0x20
[   34.189290]  ? __mutex_lock+0x7d9/0x17f0
[   34.193330]  ? __ia32_sys_epoll_ctl+0x518/0x10f0
[   34.198076]  ? do_futex+0x249/0x27d0
[   34.201770]  ? mutex_trylock+0x2a0/0x2a0
[   34.205813]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.210813]  ? exit_robust_list+0x290/0x290
[   34.215132]  ? lockdep_init_map+0x9/0x10
[   34.219186]  ? debug_mutex_init+0x2d/0x60
[   34.223321]  ? __mutex_init+0x1ef/0x280
[   34.227274]  ? pud_val+0x80/0xf0
[   34.230619]  ? pmd_val+0xf0/0xf0
[   34.233968]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.239491]  ? find_held_lock+0x36/0x1c0
[   34.243533]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.249054]  ? __fget_light+0x2ef/0x430
[   34.253013]  ? fget_raw+0x20/0x20
[   34.256467]  ? __might_sleep+0x95/0x190
[   34.260426]  ? clear_tfile_check_list+0x380/0x380
[   34.265260]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.270431]  __ia32_sys_epoll_ctl+0xef1/0x10f0
[   34.274997]  ? __x64_sys_epoll_ctl+0x10f0/0x10f0
[   34.279742]  ? __ia32_compat_sys_futex+0x3de/0x5e0
[   34.284663]  ? __x32_compat_sys_get_robust_list+0x430/0x430
[   34.290365]  ? do_fast_syscall_32+0x148/0xf9b
[   34.294845]  do_fast_syscall_32+0x345/0xf9b
[   34.299235]  ? do_int80_syscall_32+0x880/0x880
[   34.303797]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.308546]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.314082]  ? syscall_return_slowpath+0x30f/0x5c0
[   34.318992]  ? sysret32_from_system_call+0x5/0x46
[   34.323819]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.328641]  entry_SYSENTER_compat+0x70/0x7f
[   34.333037] RIP: 0023:0xf7f2ccb9
[   34.336394] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   34.355519] RSP: 002b:00000000ff8723fc EFLAGS: 00000286 ORIG_RAX: 00000000000000ff
[   34.363216] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[   34.370466] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000000
[   34.377730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   34.384987] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[   34.392237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.399671] Modules linked in:
[   34.402845] Dumping ftrace buffer:
[   34.406362]    (ftrace buffer empty)
[   34.410066] CR2: 0000000000000000
[   34.414110] ---[ end trace a17143a9e4d7b928 ]---
[   34.418880] RIP: 0010:          (null)
[   34.422780] Code: Bad RIP value.
[   34.426162] RSP: 0018:ffff8801d6717350 EFLAGS: 00010246
[   34.431535] RAX: 0000000000000000 RBX: ffff8801d6ec1800 RCX: 1ffffffff10ea5ed
[   34.438908] RDX: ffff8801d6717bb0 RSI: ffff8801d4f3c0c0 RDI: ffff8801d9bbecc0
[   34.446190] RBP: ffff8801d67174c0 R08: ffff8801d22b4c78 R09: 0000000000000006
[   34.453461] R10: ffff8801d22b4440 R11: 0000000000000000 R12: 1ffff1003ace2e6f
[   34.460737] R13: ffff8801d6717bb0 R14: ffff8801d6ec1812 R15: ffff8801d6ec1c58
[   34.468026] FS:  0000000000000000(0000) GS:ffff8801dae00000(0063) knlGS:0000000008b38900
[   34.476273] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   34.482158] CR2: ffffffffffffffd6 CR3: 00000001d7b3d000 CR4: 00000000001406f0
[   34.489436] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.496726] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.504000] Kernel panic - not syncing: Fatal exception
[   34.509825] Dumping ftrace buffer:
[   34.513346]    (ftrace buffer empty)
[   34.517033] Kernel Offset: disabled
[   34.520648] Rebooting in 86400 seconds..