[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   15.328526] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.387720] random: sshd: uninitialized urandom read (32 bytes read)
[   21.697430] random: sshd: uninitialized urandom read (32 bytes read)
[   22.392040] random: sshd: uninitialized urandom read (32 bytes read)
[  849.022954] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
[  854.478351] random: sshd: uninitialized urandom read (32 bytes read)
[  854.567633] IPVS: ftp: loaded support on port[0] = 21
[ 1007.001760] ==================================================================
[ 1007.009290] BUG: KASAN: stack-out-of-bounds in wait_consider_task+0x3792/0x39b0
[ 1007.016761] Read of size 8 at addr ffff8801afd885e8 by task syz-executor653/4456
[ 1007.024286] 
[ 1007.025917] CPU: 1 PID: 4456 Comm: syz-executor653 Not tainted 4.18.0-rc3-next-20180706+ #1
[ 1007.034395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1007.043790] Call Trace:
[ 1007.046433]  dump_stack+0x1c9/0x2b4
[ 1007.050066]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 1007.055250]  ? printk+0xa7/0xcf
[ 1007.058528]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 1007.063281]  ? wait_consider_task+0x3792/0x39b0
[ 1007.067945]  print_address_description+0x6c/0x20b
[ 1007.072789]  ? wait_consider_task+0x3792/0x39b0
[ 1007.077452]  kasan_report.cold.7+0x242/0x30d
[ 1007.081861]  __asan_report_load8_noabort+0x14/0x20
[ 1007.086790]  wait_consider_task+0x3792/0x39b0
[ 1007.091279]  ? preempt_notifier_register+0x200/0x200
[ 1007.096388]  ? trace_hardirqs_on+0x10/0x10
[ 1007.100621]  ? lock_repin_lock+0x430/0x430
[ 1007.104854]  ? release_task.part.17+0x1bb0/0x1bb0
[ 1007.109697]  ? lock_acquire+0x1e4/0x540
[ 1007.113668]  ? add_wait_queue+0x1b9/0x2b0
[ 1007.117816]  ? lock_downgrade+0x8f0/0x8f0
[ 1007.121973]  ? kasan_check_read+0x11/0x20
[ 1007.126130]  ? lock_acquire+0x1e4/0x540
[ 1007.130111]  ? do_wait+0x3fa/0xb80
[ 1007.133657]  ? do_raw_spin_lock+0xc1/0x200
[ 1007.137899]  ? lock_release+0xa30/0xa30
[ 1007.141876]  ? add_wait_queue+0x1b9/0x2b0
[ 1007.146042]  ? __wake_up_locked_key_bookmark+0x20/0x20
[ 1007.151322]  ? kasan_check_write+0x14/0x20
[ 1007.155552]  do_wait+0x477/0xb80
[ 1007.158918]  ? wait_consider_task+0x39b0/0x39b0
[ 1007.163764]  ? kasan_check_write+0x14/0x20
[ 1007.168002]  ? do_raw_spin_lock+0xc1/0x200
[ 1007.172239]  ? trace_hardirqs_on+0xd/0x10
[ 1007.176393]  ? lock_acquire+0x1e4/0x540
[ 1007.180365]  ? __might_fault+0x12b/0x1e0
[ 1007.184425]  ? lock_downgrade+0x8f0/0x8f0
[ 1007.188576]  kernel_wait4+0x247/0x3f0
[ 1007.192380]  ? __ia32_sys_waitid+0x140/0x140
[ 1007.196788]  ? task_stopped_code+0x190/0x190
[ 1007.201199]  __do_sys_wait4+0x137/0x150
[ 1007.205167]  ? kernel_wait4+0x3f0/0x3f0
[ 1007.209139]  ? nsecs_to_jiffies+0x30/0x30
[ 1007.213294]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1007.218830]  ? __x64_sys_clock_gettime+0x170/0x250
[ 1007.223761]  ? __ia32_sys_clock_settime+0x290/0x290
[ 1007.228778]  __x64_sys_wait4+0x97/0xf0
[ 1007.232684]  do_syscall_64+0x1b9/0x820
[ 1007.236572]  ? syscall_slow_exit_work+0x500/0x500
[ 1007.241412]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1007.246344]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1007.251368]  ? perf_trace_sys_enter+0xb10/0xb10
[ 1007.256035]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1007.260934]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1007.266125] RIP: 0033:0x406ada
[ 1007.269305] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 fe d0 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d4 ff ff ff f7 
[ 1007.288570] RSP: 002b:00007fffc9cfbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[ 1007.296282] RAX: ffffffffffffffda RBX: 00000000000028ef RCX: 0000000000406ada
[ 1007.303557] RDX: 0000000040000001 RSI: 00007fffc9cfbc8c RDI: ffffffffffffffff
[ 1007.310828] RBP: 00000000000028ef R08: 0000000000000001 R09: 0000000001c22940
[ 1007.318099] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000037eb
[ 1007.325367] R13: 00000000000f5d89 R14: 0000000000000000 R15: 0000000000000000
[ 1007.332637] 
[ 1007.334320] Allocated by task 4456:
[ 1007.337958]  save_stack+0x43/0xd0
[ 1007.341420]  kasan_kmalloc+0xc4/0xe0
[ 1007.345140]  kasan_slab_alloc+0x12/0x20
[ 1007.349122]  kmem_cache_alloc_node+0x144/0x780
[ 1007.353710]  copy_process.part.41+0x16e2/0x7340
[ 1007.358381]  _do_fork+0x291/0x12a0
[ 1007.361922]  __x64_sys_clone+0xbf/0x150
[ 1007.365899]  do_syscall_64+0x1b9/0x820
[ 1007.369788]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1007.374962] 
[ 1007.376597] Freed by task 3520244992:
[ 1007.380413] BUG: unable to handle kernel paging request at ffffffff8bce6b10
[ 1007.387510] PGD 8e6d067 P4D 8e6d067 PUD 8e6e063 PMD 0 
[ 1007.392811] Oops: 0000 [#1] SMP KASAN
[ 1007.396619] CPU: 1 PID: 4456 Comm: syz-executor653 Not tainted 4.18.0-rc3-next-20180706+ #1
[ 1007.405103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1007.414477] RIP: 0010:depot_fetch_stack+0x10/0x30
[ 1007.419318] Code: e8 95 39 45 fe e9 b3 fd ff ff e8 8b 39 45 fe e9 55 fd ff ff 90 90 90 90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 c0 6d 43 8b 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 00 
[ 1007.438533] RSP: 0018:ffff8801b95976b8 EFLAGS: 00010002
[ 1007.443908] RAX: 0000000000115faa RBX: ffff8801afd898cc RCX: 0000000000000000
[ 1007.451184] RDX: 0000000000000000 RSI: ffff8801b95976c0 RDI: 0000000000000bb0
[ 1007.458457] RBP: ffff8801b95976e8 R08: ffff8801d9644600 R09: ffffed003b5e3ec2
[ 1007.465730] R10: ffffed003b5e3ec2 R11: ffff8801daf1f617 R12: ffff8801afd88140
[ 1007.473004] R13: ffff8801afd885e8 R14: ffff8801ba7174c0 R15: ffff8801afd898c0
[ 1007.480287] FS:  0000000001c22940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[ 1007.488517] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1007.494405] CR2: ffffffff8bce6b10 CR3: 00000001ba471000 CR4: 00000000001406e0
[ 1007.501689] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1007.508966] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1007.516239] Call Trace:
[ 1007.518843]  ? print_track.isra.4+0x3b/0x6f
[ 1007.523171]  ? print_stack_trace.cold.2+0x97/0xb9
[ 1007.528025]  print_address_description+0x11b/0x20b
[ 1007.532969]  ? wait_consider_task+0x3792/0x39b0
[ 1007.537650]  kasan_report.cold.7+0x242/0x30d
[ 1007.542079]  __asan_report_load8_noabort+0x14/0x20
[ 1007.547017]  wait_consider_task+0x3792/0x39b0
[ 1007.551526]  ? preempt_notifier_register+0x200/0x200
[ 1007.556640]  ? trace_hardirqs_on+0x10/0x10
[ 1007.560888]  ? lock_repin_lock+0x430/0x430
[ 1007.565136]  ? release_task.part.17+0x1bb0/0x1bb0
[ 1007.569981]  ? lock_acquire+0x1e4/0x540
[ 1007.573957]  ? add_wait_queue+0x1b9/0x2b0
[ 1007.578114]  ? lock_downgrade+0x8f0/0x8f0
[ 1007.582278]  ? kasan_check_read+0x11/0x20
[ 1007.586438]  ? lock_acquire+0x1e4/0x540
[ 1007.590420]  ? do_wait+0x3fa/0xb80
[ 1007.593970]  ? do_raw_spin_lock+0xc1/0x200
[ 1007.598212]  ? lock_release+0xa30/0xa30
[ 1007.602187]  ? add_wait_queue+0x1b9/0x2b0
[ 1007.606337]  ? __wake_up_locked_key_bookmark+0x20/0x20
[ 1007.611641]  ? kasan_check_write+0x14/0x20
[ 1007.615884]  do_wait+0x477/0xb80
[ 1007.619254]  ? wait_consider_task+0x39b0/0x39b0
[ 1007.623931]  ? kasan_check_write+0x14/0x20
[ 1007.628170]  ? do_raw_spin_lock+0xc1/0x200
[ 1007.632435]  ? trace_hardirqs_on+0xd/0x10
[ 1007.636600]  ? lock_acquire+0x1e4/0x540
[ 1007.640585]  ? __might_fault+0x12b/0x1e0
[ 1007.644661]  ? lock_downgrade+0x8f0/0x8f0
[ 1007.648833]  kernel_wait4+0x247/0x3f0
[ 1007.652645]  ? __ia32_sys_waitid+0x140/0x140
[ 1007.657070]  ? task_stopped_code+0x190/0x190
[ 1007.661488]  __do_sys_wait4+0x137/0x150
[ 1007.665472]  ? kernel_wait4+0x3f0/0x3f0
[ 1007.669479]  ? nsecs_to_jiffies+0x30/0x30
[ 1007.673642]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1007.679189]  ? __x64_sys_clock_gettime+0x170/0x250
[ 1007.684128]  ? __ia32_sys_clock_settime+0x290/0x290
[ 1007.689156]  __x64_sys_wait4+0x97/0xf0
[ 1007.693058]  do_syscall_64+0x1b9/0x820
[ 1007.696953]  ? syscall_slow_exit_work+0x500/0x500
[ 1007.701803]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1007.706744]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1007.711773]  ? perf_trace_sys_enter+0xb10/0xb10
[ 1007.716450]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1007.721306]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1007.726494] RIP: 0033:0x406ada
[ 1007.729766] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 fe d0 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d4 ff ff ff f7 
[ 1007.749171] RSP: 002b:00007fffc9cfbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[ 1007.756890] RAX: ffffffffffffffda RBX: 00000000000028ef RCX: 0000000000406ada
[ 1007.764169] RDX: 0000000040000001 RSI: 00007fffc9cfbc8c RDI: ffffffffffffffff
[ 1007.771443] RBP: 00000000000028ef R08: 0000000000000001 R09: 0000000001c22940
[ 1007.778723] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000037eb
[ 1007.785999] R13: 00000000000f5d89 R14: 0000000000000000 R15: 0000000000000000
[ 1007.793278] Modules linked in:
[ 1007.796577] Dumping ftrace buffer:
[ 1007.800158]    (ftrace buffer empty)
[ 1007.803880] CR2: ffffffff8bce6b10
[ 1007.807336] ---[ end trace a22c2d39a3d8792c ]---
[ 1007.812100] RIP: 0010:depot_fetch_stack+0x10/0x30
[ 1007.816932] Code: e8 95 39 45 fe e9 b3 fd ff ff e8 8b 39 45 fe e9 55 fd ff ff 90 90 90 90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 c0 6d 43 8b 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 00 
[ 1007.836210] RSP: 0018:ffff8801b95976b8 EFLAGS: 00010002
[ 1007.841579] RAX: 0000000000115faa RBX: ffff8801afd898cc RCX: 0000000000000000
[ 1007.848855] RDX: 0000000000000000 RSI: ffff8801b95976c0 RDI: 0000000000000bb0
[ 1007.856130] RBP: ffff8801b95976e8 R08: ffff8801d9644600 R09: ffffed003b5e3ec2
[ 1007.863411] R10: ffffed003b5e3ec2 R11: ffff8801daf1f617 R12: ffff8801afd88140
[ 1007.870688] R13: ffff8801afd885e8 R14: ffff8801ba7174c0 R15: ffff8801afd898c0
[ 1007.877970] FS:  0000000001c22940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[ 1007.886200] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1007.892087] CR2: ffffffff8bce6b10 CR3: 00000001ba471000 CR4: 00000000001406e0
[ 1007.899363] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1007.906641] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1007.913933] Kernel panic - not syncing: Fatal exception
[ 1007.919781] Dumping ftrace buffer:
[ 1007.923321]    (ftrace buffer empty)
[ 1007.927009] Kernel Offset: disabled
[ 1007.930617] Rebooting in 86400 seconds..