[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.261209] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.127514] random: sshd: uninitialized urandom read (32 bytes read)
[   22.593409] random: sshd: uninitialized urandom read (32 bytes read)
[   23.278665] random: sshd: uninitialized urandom read (32 bytes read)
[  611.686099] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts.
[  617.228000] random: sshd: uninitialized urandom read (32 bytes read)
[  617.325788] IPVS: ftp: loaded support on port[0] = 21
[  617.325809] IPVS: ftp: loaded support on port[0] = 21
[  617.333151] IPVS: ftp: loaded support on port[0] = 21
[  617.338230] IPVS: ftp: loaded support on port[0] = 21
[  617.342667] IPVS: ftp: loaded support on port[0] = 21
[  617.350573] IPVS: ftp: loaded support on port[0] = 21
[  617.354110] IPVS: ftp: loaded support on port[0] = 21
[  617.357781] IPVS: ftp: loaded support on port[0] = 21
[  717.807843] list_add corruption. prev->next should be next (ffff8801dae26708), but was 0000000000000000. (prev=ffff8801dae26740).
[  717.819830] ------------[ cut here ]------------
[  717.824636] kernel BUG at lib/list_debug.c:28!
[  717.829229] invalid opcode: 0000 [#1] SMP KASAN
[  717.833901] CPU: 0 PID: 5072 Comm: syz-executor741 Not tainted 4.18.0-rc5-next-20180716+ #8
[  717.842382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  717.851829] RIP: 0010:__list_add_valid.cold.0+0x23/0x25
[  717.857172] Code: e8 9f f2 56 fe eb 97 48 89 d9 48 c7 c7 40 86 1a 88 e8 32 35 ff fd 0f 0b 48 89 f1 48 c7 c7 00 87 1a 88 48 89 de e8 1e 35 ff fd <0f> 0b 4c 89 e2 48 89 de 48 c7 c7 40 88 1a 88 e8 0a 35 ff fd 0f 0b 
[  717.876327] RSP: 0018:ffff8801dae079c0 EFLAGS: 00010086
[  717.881675] RAX: 0000000000000075 RBX: ffff8801dae26708 RCX: 0000000000000000
[  717.888972] RDX: 0000000000000000 RSI: ffffffff81633fc1 RDI: 0000000000000001
[  717.896225] RBP: ffff8801dae079d8 R08: ffff8801c722e540 R09: ffffed003b5c4fc0
[  717.903490] R10: ffffed003b5c4fc0 R11: ffff8801dae27e07 R12: ffff8801dae26740
[  717.910750] R13: ffff8801dae07ab8 R14: ffff8801dae26740 R15: 0000000000000001
[  717.918003] FS:  00007fc2687f2700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  717.926223] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  717.932100] CR2: 00007fc2687f1e78 CR3: 00000001a956f000 CR4: 00000000001406f0
[  717.939354] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  717.946616] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  717.953876] Call Trace:
[  717.956443]  <IRQ>
[  717.958685]  ? cpu_stop_queue_work+0x114/0x460
[  717.963257]  cpu_stop_queue_work+0x248/0x460
[  717.967656]  ? cpu_stop_park+0x160/0x160
[  717.971730]  ? trace_hardirqs_off+0xd/0x10
[  717.975998]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[  717.981144]  ? kasan_check_read+0x11/0x20
[  717.985308]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.989718]  ? touch_softlockup_watchdog+0x30/0x30
[  717.994631]  stop_one_cpu_nowait+0xd3/0x100
[  717.998961]  watchdog_timer_fn+0x93/0x2e0
[  718.003118]  __hrtimer_run_queues+0x3eb/0x10c0
[  718.008033]  ? softlockup_fn+0x30/0x30
[  718.011915]  ? hrtimer_start_range_ns+0xd20/0xd20
[  718.016784]  ? pvclock_read_flags+0x160/0x160
[  718.021276]  ? kvm_clock_read+0x25/0x30
[  718.025235]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  718.030257]  ? ktime_get_update_offsets_now+0x3db/0x5d0
[  718.035617]  ? do_timer+0x50/0x50
[  718.039056]  ? kasan_check_read+0x11/0x20
[  718.043228]  ? rcu_nmi_exit+0xe0/0x2d0
[  718.047189]  ? do_raw_spin_lock+0xc1/0x200
[  718.052279]  hrtimer_interrupt+0x2f3/0x750
[  718.056518]  smp_apic_timer_interrupt+0x165/0x730
[  718.061360]  ? smp_call_function_single_interrupt+0x660/0x660
[  718.067231]  ? _raw_spin_unlock+0x22/0x30
[  718.071405]  ? handle_edge_irq+0x330/0x870
[  718.075650]  ? task_prio+0x50/0x50
[  718.079192]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.084025]  apic_timer_interrupt+0xf/0x20
[  718.088252]  </IRQ>
[  718.090512] RIP: 0010:change_mnt_propagation+0x253/0x1470
[  718.096027] Code: 89 e7 4c 89 a5 98 fc ff ff 49 be 00 00 00 00 00 fc ff df eb 30 e8 6d af a8 ff 49 8d 7f 20 48 89 f9 48 c1 e9 03 42 80 3c 31 00 <0f> 85 10 0d 00 00 48 8b 85 a0 fc ff ff 49 39 84 24 78 ff ff ff 0f 
[  718.115193] RSP: 0018:ffff8801a5cf7368 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  718.122886] RAX: ffff8801c722e540 RBX: ffff8801abdc3600 RCX: 1ffff10039fba344
[  718.130136] RDX: 0000000000000000 RSI: ffffffff81d3c0e3 RDI: ffff8801cfdd1a20
[  718.137397] RBP: ffff8801a5cf7708 R08: ffff8801c722e540 R09: fffffbfff1209364
[  718.144646] R10: fffffbfff1209364 R11: ffffffff89049b23 R12: ffff8801cfdd1aa8
[  718.151909] R13: ffff8801abdc36a8 R14: dffffc0000000000 R15: ffff8801cfdd1a00
[  718.159173]  ? change_mnt_propagation+0x243/0x1470
[  718.164090]  ? change_mnt_propagation+0x243/0x1470
[  718.169010]  ? get_dominating_id+0x200/0x200
[  718.173451]  ? alloc_vfsmnt+0x737/0x9a0
[  718.177415]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  718.182160]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  718.186903]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.192424]  ? put_mountpoint+0x2c7/0x3d0
[  718.196555]  ? free_mnt_ns+0x100/0x100
[  718.200427]  ? lock_acquire+0x1e4/0x540
[  718.204396]  ? pin_insert_group+0x2a9/0x3e0
[  718.208704]  ? lock_downgrade+0x8f0/0x8f0
[  718.212841]  ? unhash_mnt+0x4be/0x740
[  718.216634]  ? mntns_get+0xb0/0xb0
[  718.220161]  ? _raw_spin_unlock+0x22/0x30
[  718.224291]  ? pin_insert_group+0x2a9/0x3e0
[  718.228596]  ? pin_remove+0x4a0/0x4a0
[  718.232470]  ? umount_tree+0x2e9/0x1270
[  718.236431]  ? umount_tree+0x38e/0x1270
[  718.240399]  umount_tree+0x758/0x1270
[  718.244210]  ? commit_tree+0x7c0/0x7c0
[  718.248080]  ? lock_acquire+0x1e4/0x540
[  718.252037]  ? lock_downgrade+0x8f0/0x8f0
[  718.256168]  ? is_subdir+0x2aa/0x4a0
[  718.259868]  ? kasan_check_read+0x11/0x20
[  718.263998]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.268393]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.272957]  ? kasan_check_write+0x14/0x20
[  718.277172]  ? do_raw_spin_lock+0xc1/0x200
[  718.281394]  ? lock_acquire+0x1e4/0x540
[  718.285363]  ? lock_acquire+0x1e4/0x540
[  718.289319]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  718.294062]  ? umount_tree+0xd91/0x1270
[  718.298023]  attach_recursive_mnt+0x91a/0xb70
[  718.302509]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.307077]  ? count_mounts+0x360/0x360
[  718.311037]  ? to_mnt_ns+0x20/0x20
[  718.314561]  graft_tree+0x1aa/0x240
[  718.318188]  do_mount+0x1a90/0x1fb0
[  718.321810]  ? check_same_owner+0x340/0x340
[  718.326114]  ? lock_release+0xa30/0xa30
[  718.330073]  ? copy_mount_string+0x40/0x40
[  718.334292]  ? kasan_kmalloc+0xc4/0xe0
[  718.338177]  ? kmem_cache_alloc_trace+0x318/0x780
[  718.343006]  ? _copy_from_user+0xdf/0x150
[  718.347142]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.352663]  ? copy_mount_options+0x285/0x380
[  718.357141]  ksys_mount+0x12d/0x140
[  718.360764]  __x64_sys_mount+0xbe/0x150
[  718.364738]  do_syscall_64+0x1b9/0x820
[  718.368608]  ? syscall_return_slowpath+0x5e0/0x5e0
[  718.373531]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.378446]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  718.383448]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.388277]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.393458] RIP: 0033:0x4471d9
[  718.396635] Code: e8 cc e5 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[  718.418678] RSP: 002b:00007fc2687f1da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  718.426381] RAX: ffffffffffffffda RBX: 00000000006ddc84 RCX: 00000000004471d9
[  718.433634] RDX: 0000000020753000 RSI: 0000000020000880 RDI: 0000000020000100
[  718.440896] RBP: 00000000006ddc80 R08: 0000000020000640 R09: 0000000000000000
[  718.448149] R10: 0000000000005010 R11: 0000000000000246 R12: 0030656c69662f2e
[  718.455401] R13: 2f30656c69662f2e R14: 69662f30656c6966 R15: 000000000000000a
[  718.462666] Modules linked in:
[  718.465843] Dumping ftrace buffer:
[  718.469360]    (ftrace buffer empty)
[  718.473060] ---[ end trace 8894ce5e0173a58d ]---
[  718.477802] RIP: 0010:__list_add_valid.cold.0+0x23/0x25
[  718.483153] Code: e8 9f f2 56 fe eb 97 48 89 d9 48 c7 c7 40 86 1a 88 e8 32 35 ff fd 0f 0b 48 89 f1 48 c7 c7 00 87 1a 88 48 89 de e8 1e 35 ff fd <0f> 0b 4c 89 e2 48 89 de 48 c7 c7 40 88 1a 88 e8 0a 35 ff fd 0f 0b 
[  718.505277] RSP: 0018:ffff8801dae079c0 EFLAGS: 00010086
[  718.510636] RAX: 0000000000000075 RBX: ffff8801dae26708 RCX: 0000000000000000
[  718.517904] RDX: 0000000000000000 RSI: ffffffff81633fc1 RDI: 0000000000000001
[  718.525153] RBP: ffff8801dae079d8 R08: ffff8801c722e540 R09: ffffed003b5c4fc0
[  718.532410] R10: ffffed003b5c4fc0 R11: ffff8801dae27e07 R12: ffff8801dae26740
[  718.539673] R13: ffff8801dae07ab8 R14: ffff8801dae26740 R15: 0000000000000001
[  718.546940] FS:  00007fc2687f2700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  718.555161] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  718.561024] CR2: 00007fc2687f1e78 CR3: 00000001a956f000 CR4: 00000000001406f0
[  718.568277] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  718.575546] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  718.582813] Kernel panic - not syncing: Fatal exception in interrupt
[  718.589775] Dumping ftrace buffer:
[  718.593313]    (ftrace buffer empty)
[  718.596998] Kernel Offset: disabled
[  718.600606] Rebooting in 86400 seconds..