[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   21.056196] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.408694] random: sshd: uninitialized urandom read (32 bytes read)
[   24.974194] random: sshd: uninitialized urandom read (32 bytes read)
[   25.747426] random: sshd: uninitialized urandom read (32 bytes read)
[   25.905118] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts.
[   31.334200] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   31.434240] FAULT_INJECTION: forcing a failure.
[   31.434240] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   31.446281] CPU: 1 PID: 4545 Comm: syz-executor492 Not tainted 4.17.0-rc7+ #82
[   31.453623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.462958] Call Trace:
[   31.465555]  dump_stack+0x1b9/0x294
[   31.469166]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.474341]  ? print_usage_bug+0xc0/0xc0
[   31.478387]  should_fail.cold.4+0xa/0x1a
[   31.482435]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   31.487519]  ? graph_lock+0x170/0x170
[   31.491301]  ? print_usage_bug+0xc0/0xc0
[   31.495344]  ? __wake_up_common_lock+0x1c2/0x300
[   31.500083]  ? __lock_acquire+0x7f5/0x5140
[   31.504304]  ? __lock_acquire+0x7f5/0x5140
[   31.508519]  ? __lock_acquire+0x7f5/0x5140
[   31.512738]  ? print_usage_bug+0xc0/0xc0
[   31.517910]  ? debug_check_no_locks_freed+0x310/0x310
[   31.523087]  ? debug_check_no_locks_freed+0x310/0x310
[   31.528260]  ? debug_check_no_locks_freed+0x310/0x310
[   31.533430]  ? debug_check_no_locks_freed+0x310/0x310
[   31.538608]  __alloc_pages_nodemask+0x34e/0xd70
[   31.543262]  ? __alloc_pages_slowpath+0x2db0/0x2db0
[   31.548282]  ? debug_check_no_locks_freed+0x310/0x310
[   31.553455]  ? __lock_acquire+0x7f5/0x5140
[   31.557679]  ? print_usage_bug+0xc0/0xc0
[   31.561746]  ? print_usage_bug+0xc0/0xc0
[   31.565813]  ? debug_check_no_locks_freed+0x310/0x310
[   31.570998]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   31.576530]  alloc_pages_current+0x10c/0x210
[   31.580937]  skb_page_frag_refill+0x453/0x6a0
[   31.585415]  ? graph_lock+0x170/0x170
[   31.589197]  ? sock_kzfree_s+0x60/0x60
[   31.593068]  ? debug_check_no_locks_freed+0x310/0x310
[   31.598239]  ? print_usage_bug+0xc0/0xc0
[   31.602286]  ? find_held_lock+0x36/0x1c0
[   31.606330]  sk_page_frag_refill+0x55/0x1f0
[   31.610631]  sk_alloc_sg+0x1df/0x9b0
[   31.614328]  ? sk_page_frag_refill+0x1f0/0x1f0
[   31.618902]  ? __local_bh_enable_ip+0x161/0x230
[   31.623552]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.628548]  ? lock_sock_nested+0x9f/0x120
[   31.632765]  ? trace_hardirqs_on+0xd/0x10
[   31.636892]  ? __local_bh_enable_ip+0x161/0x230
[   31.641545]  tls_sw_sendmsg+0x575/0x12b0
[   31.645594]  ? lock_release+0xa10/0xa10
[   31.649550]  ? check_same_owner+0x320/0x320
[   31.653866]  ? tls_sw_push_pending_record+0x30/0x30
[   31.658861]  ? lock_downgrade+0x8e0/0x8e0
[   31.662992]  ? __sanitizer_cov_trace_cmp8+0x7/0x20
[   31.667906]  ? lock_release+0xa10/0xa10
[   31.671861]  ? __check_object_size+0x95/0x5d9
[   31.676427]  inet_sendmsg+0x19f/0x690
[   31.680209]  ? __might_sleep+0x95/0x190
[   31.684162]  ? ipip_gro_receive+0x100/0x100
[   31.688466]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.693983]  ? security_socket_sendmsg+0x94/0xc0
[   31.698727]  ? ipip_gro_receive+0x100/0x100
[   31.703043]  sock_sendmsg+0xd5/0x120
[   31.706748]  __sys_sendto+0x3d7/0x670
[   31.710533]  ? __ia32_sys_getpeername+0xb0/0xb0
[   31.715208]  ? lock_downgrade+0x8e0/0x8e0
[   31.719351]  ? __lock_is_held+0xb5/0x140
[   31.723400]  ? __sb_end_write+0xac/0xe0
[   31.727371]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.732900]  ? ksys_write+0x1a6/0x250
[   31.736682]  ? __ia32_sys_read+0xb0/0xb0
[   31.740730]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   31.745559]  __x64_sys_sendto+0xe1/0x1a0
[   31.749608]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.754626]  do_syscall_64+0x1b1/0x800
[   31.758503]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.763415]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.768330]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.773675]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.778510]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.783694] RIP: 0033:0x4406a9
[   31.786870] RSP: 002b:00007ffd03500538 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[   31.794559] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004406a9
[   31.801809] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003
[   31.809062] RBP: 00000000006cb018 R08: 0000000020000000 R09: 000000000000001c
[   31.816310] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000005
[   31.823567] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   31.832520] page:ffffea0006b26200 count:0 mapcount:-127 mapping:0000000000000000 index:0x0
[   31.841006] flags: 0x2fffc0000000000()
[   31.844941] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffff80
[   31.852855] raw: ffffea0006b29220 ffff88021fffac18 0000000000000003 0000000000000000
[   31.860743] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) <= 0)
[   31.868044] ------------[ cut here ]------------
[   31.872788] kernel BUG at include/linux/mm.h:853!
[   31.877662] invalid opcode: 0000 [#1] SMP KASAN
[   31.882340] Dumping ftrace buffer:
[   31.885863]    (ftrace buffer empty)
[   31.889551] Modules linked in:
[   31.892735] CPU: 1 PID: 4545 Comm: syz-executor492 Not tainted 4.17.0-rc7+ #82
[   31.900078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.909421] RIP: 0010:do_tcp_sendpages+0x1879/0x1e60
[   31.914499] RSP: 0018:ffff8801c2a06f88 EFLAGS: 00010203
[   31.919851] RAX: 0000000000000000 RBX: ffff8801d972d580 RCX: 0000000000000000
[   31.927102] RDX: 0000000000000000 RSI: ffffffff81a66c25 RDI: ffffed0038540de0
[   31.934349] RBP: ffff8801c2a071e8 R08: ffff8801b11d2480 R09: 0000000000000006
[   31.941605] R10: ffff8801b11d2480 R11: 0000000000000000 R12: 000000000000301d
[   31.948859] R13: ffffea0006b2621c R14: ffff8801ae5a6040 R15: dffffc0000000000
[   31.956109] FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[   31.964323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   31.970183] CR2: 0000000020008000 CR3: 0000000008c6a000 CR4: 00000000001406e0
[   31.977432] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   31.984681] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   31.991937] Call Trace:
[   31.994511]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.998902]  ? sk_stream_alloc_skb+0x960/0x960
[   32.003468]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.008983]  ? PageHuge+0x17e/0x2a0
[   32.012587]  ? vma_kernel_pagesize+0xb0/0xb0
[   32.016975]  ? save_stack+0x43/0xd0
[   32.020577]  ? __kasan_slab_free+0x11a/0x170
[   32.024962]  ? kfree+0xd9/0x260
[   32.028223]  ? tls_sk_proto_close+0x734/0xad0
[   32.032726]  ? inet_release+0x104/0x1f0
[   32.036689]  ? inet6_release+0x50/0x70
[   32.040562]  ? sock_release+0x96/0x1b0
[   32.044429]  ? free_compound_page+0x5c/0x70
[   32.048729]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   32.053721]  ? tcp_rate_check_app_limited+0x119/0x450
[   32.058885]  ? __put_page+0x130/0x180
[   32.062672]  ? tcp_fastopen_reset_cipher.cold.14+0x47/0x47
[   32.068282]  ? kasan_check_write+0x14/0x20
[   32.072503]  ? do_raw_spin_lock+0xc1/0x200
[   32.076722]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   32.082236]  tls_push_sg+0x25b/0x860
[   32.085928]  ? wait_on_pending_writer+0x580/0x580
[   32.090746]  ? mark_held_locks+0xc9/0x160
[   32.094873]  ? kfree+0x111/0x260
[   32.098216]  ? tls_push_record+0xa2d/0x13e0
[   32.102517]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.107509]  ? trace_hardirqs_on+0xd/0x10
[   32.111635]  tls_push_record+0xae5/0x13e0
[   32.115774]  tls_sw_push_pending_record+0x22/0x30
[   32.120593]  tls_sk_proto_close+0x734/0xad0
[   32.124903]  ? tcp_check_oom+0x520/0x520
[   32.128944]  ? kasan_check_read+0x11/0x20
[   32.133068]  ? rcu_bh_force_quiescent_state+0x11/0x20
[   32.138251]  ? tls_write_space+0x340/0x340
[   32.142473]  ? kasan_check_read+0x11/0x20
[   32.146598]  ? rcu_is_watching+0x85/0x140
[   32.150732]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.156249]  ? ipv6_sock_ac_close+0x34e/0x480
[   32.160725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   32.166241]  ? ipv6_sock_mc_close+0x161/0x1c0
[   32.170730]  ? ip_mc_drop_socket+0x20f/0x270
[   32.175116]  inet_release+0x104/0x1f0
[   32.178895]  inet6_release+0x50/0x70
[   32.182586]  sock_release+0x96/0x1b0
[   32.186284]  ? sock_alloc_file+0x4e0/0x4e0
[   32.190494]  sock_close+0x16/0x20
[   32.193923]  __fput+0x34d/0x890
[   32.197182]  ? fput+0x1a0/0x1a0
[   32.200449]  ? check_same_owner+0x320/0x320
[   32.204749]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.209239]  ____fput+0x15/0x20
[   32.212506]  task_work_run+0x1e4/0x290
[   32.216370]  ? task_work_cancel+0x240/0x240
[   32.220675]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.226190]  ? switch_task_namespaces+0xa2/0xd0
[   32.230837]  do_exit+0x1aee/0x2730
[   32.234359]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.239355]  ? mm_update_next_owner+0x980/0x980
[   32.244005]  ? release_sock+0x1e2/0x2b0
[   32.247961]  ? __release_sock+0x3a0/0x3a0
[   32.252093]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.257609]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   32.263129]  ? tls_sw_sendmsg+0xa99/0x12b0
[   32.267341]  ? lock_release+0xa10/0xa10
[   32.271303]  ? tls_sw_push_pending_record+0x30/0x30
[   32.276306]  ? lock_downgrade+0x8e0/0x8e0
[   32.280441]  ? __sanitizer_cov_trace_cmp8+0x7/0x20
[   32.285355]  ? lock_release+0xa10/0xa10
[   32.289339]  ? __check_object_size+0x95/0x5d9
[   32.293815]  ? inet_sendmsg+0x1a7/0x690
[   32.297777]  ? __might_sleep+0x95/0x190
[   32.301729]  ? ipip_gro_receive+0x100/0x100
[   32.306037]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   32.311551]  ? security_socket_sendmsg+0x94/0xc0
[   32.316283]  ? ipip_gro_receive+0x100/0x100
[   32.320582]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.326099]  ? sock_sendmsg+0x5a/0x120
[   32.329969]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.335483]  ? __sys_sendto+0x475/0x670
[   32.339446]  ? __ia32_sys_getpeername+0xb0/0xb0
[   32.344093]  ? lock_downgrade+0x8e0/0x8e0
[   32.348226]  ? __lock_is_held+0xb5/0x140
[   32.352272]  ? __sb_end_write+0xac/0xe0
[   32.356229]  do_group_exit+0x16f/0x430
[   32.360097]  ? __ia32_sys_exit+0x50/0x50
[   32.364147]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   32.368968]  ? do_syscall_64+0x92/0x800
[   32.372919]  __x64_sys_exit_group+0x3e/0x50
[   32.377219]  do_syscall_64+0x1b1/0x800
[   32.381084]  ? syscall_return_slowpath+0x5c0/0x5c0
[   32.385993]  ? syscall_return_slowpath+0x30f/0x5c0
[   32.390904]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   32.396254]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.401080]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.406247] RIP: 0033:0x43f368
[   32.409414] RSP: 002b:00007ffd03500578 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   32.417101] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f368
[   32.424356] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   32.431601] RBP: 00000000004bf448 R08: 00000000000000e7 R09: ffffffffffffffd0
[   32.438846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   32.446091] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
[   32.453338] Code: ff ff 41 89 86 cc 08 00 00 e8 e4 07 05 00 e9 2c eb ff ff e8 ca 4b 27 fb 48 8b bd b8 fd ff ff 48 c7 c6 40 0c 54 88 e8 77 72 54 fb <0f> 0b 48 89 85 b8 fd ff ff e8 a9 4b 27 fb 48 8b 85 b8 fd ff ff 
[   32.472475] RIP: do_tcp_sendpages+0x1879/0x1e60 RSP: ffff8801c2a06f88
[   32.479097] ---[ end trace 500a6e4fab99629c ]---
[   32.483853] Kernel panic - not syncing: Fatal exception
[   32.489679] Dumping ftrace buffer:
[   32.493209]    (ftrace buffer empty)
[   32.496893] Kernel Offset: disabled
[   32.500494] Rebooting in 86400 seconds..