[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   23.145254] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   27.542705] random: sshd: uninitialized urandom read (32 bytes read)
[   28.017745] random: sshd: uninitialized urandom read (32 bytes read)
[   28.564593] random: sshd: uninitialized urandom read (32 bytes read)
[  171.414145] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts.
[  177.123740] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/27 19:34:19 parsed 1 programs
[  178.472781] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/27 19:34:21 executed programs: 0
[  179.813693] IPVS: ftp: loaded support on port[0] = 21
[  180.037991] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.044771] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.053105] device bridge_slave_0 entered promiscuous mode
[  180.070663] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.077070] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.084165] device bridge_slave_1 entered promiscuous mode
[  180.100773] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  180.117448] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  180.163021] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  180.181921] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  180.248696] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  180.256292] team0: Port device team_slave_0 added
[  180.271956] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  180.279723] team0: Port device team_slave_1 added
[  180.296159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  180.314702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  180.333066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  180.352812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  180.490827] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.497286] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.504312] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.511158] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.971472] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  180.977810] 8021q: adding VLAN 0 to HW filter on device bond0
[  180.984530] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  181.024925] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  181.071563] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  181.078288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  181.086345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  181.128223] 8021q: adding VLAN 0 to HW filter on device team0
[  181.462777] ==================================================================
[  181.470447] BUG: KASAN: stack-out-of-bounds in __schedule+0x1977/0x1df0
[  181.477209] Read of size 8 at addr ffff8801ad090000 by task syz-executor0/4718
[  181.485376] 
[  181.487014] CPU: 0 PID: 4718 Comm: syz-executor0 Not tainted 4.19.0-rc1+ #211
[  181.494469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  181.504073] Call Trace:
[  181.506671] 
[  181.508458] The buggy address belongs to the page:
[  181.513656] page:ffffea0006b42400 count:1 mapcount:-512 mapping:0000000000000000 index:0x0
[  181.522175] flags: 0x2fffc0000000000()
[  181.526074] raw: 02fffc0000000000 dead000000000100 dead000000000200 0000000000000000
[  181.534202] raw: 0000000000000000 0000000000000000 00000001fffffdff ffff8801d29544c0
[  181.542354] page dumped because: kasan: bad access detected
[  181.548146] page->mem_cgroup:ffff8801d29544c0
[  181.552647] 
[  181.554298] Memory state around the buggy address:
[  181.559226]  ffff8801ad08ff00: f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00
[  181.566595]  ffff8801ad08ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[  181.573973] >ffff8801ad090000: f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 f2
[  181.581674]                    ^
[  181.585317]  ffff8801ad090080: f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00 00
[  181.593145]  ffff8801ad090100: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
[  181.600711] ==================================================================
[  181.608227] Disabling lock debugging due to kernel taint
[  181.613763] Kernel panic - not syncing: panic_on_warn set ...
[  181.613763] 
[  181.617150] BUG: unable to handle kernel paging request at 0000000100000007
[  181.628534] PGD 1b34a2067 P4D 1b34a2067 PUD 0 
[  181.633739] Oops: 0000 [#1] SMP KASAN
[  181.637645] CPU: 1 PID: 4325 Comm: rs:main Q:Reg Tainted: G    B             4.19.0-rc1+ #211
[  181.646310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  181.655824] RIP: 0010:depot_save_stack+0x120/0x470
[  181.660764] Code: 0f 00 4e 8b 24 f5 e0 db ae 89 4d 85 e4 0f 84 d4 00 00 00 44 8d 47 ff 49 c1 e0 03 eb 0d 4d 8b 24 24 4d 85 e4 0f 84 bd 00 00 00 <41> 39 5c 24 08 75 ec 41 3b 7c 24 0c 75 e5 48 8b 01 49 39 44 24 18
[  181.679747] RSP: 0018:ffff8801b2636f40 EFLAGS: 00010006
[  181.685123] RAX: 0000000084727a0d RBX: 00000000222ca320 RCX: ffff8801b2636fa0
[  181.692412] RDX: 000000004e510a9d RSI: 0000000000400000 RDI: 0000000000000012
[  181.699710] RBP: ffff8801b2636f78 R08: 0000000000000088 R09: 00000000dcf06c78
[  181.707001] R10: 00000000ecfd654a R11: ffff8801db1236f3 R12: 00000000ffffffff
[  181.714288] R13: ffff8801b2636f88 R14: 00000000000ca320 R15: ffff8801b2a72680
[  181.721653] FS:  00007ff2eb061700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[  181.730067] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  181.735958] CR2: 0000000100000007 CR3: 00000001b4fdd000 CR4: 00000000001406e0
[  181.743245] Call Trace:
[  181.745864]  save_stack+0xa9/0xd0
[  181.749340]  ? save_stack+0x43/0xd0
[  181.752980]  ? __kasan_slab_free+0x11a/0x170
[  181.757407]  ? kasan_slab_free+0xe/0x10
[  181.761399]  ? kmem_cache_free+0x86/0x280
[  181.765598]  ? jbd2_journal_stop+0x443/0x1600
[  181.770103]  ? __ext4_journal_stop+0xde/0x1f0
[  181.774694]  ? ext4_dirty_inode+0xab/0xc0
[  181.778856]  ? __mark_inode_dirty+0x760/0x1300
[  181.783449]  ? generic_update_time+0x26a/0x450
[  181.788116]  ? file_update_time+0x390/0x640
[  181.792455]  ? __generic_file_write_iter+0x1dc/0x630
[  181.797595]  ? ext4_file_write_iter+0x390/0x1450
[  181.802360]  ? __vfs_write+0x6af/0x9d0
[  181.806255]  ? vfs_write+0x1fc/0x560
[  181.809985]  ? ksys_write+0x101/0x260
[  181.813797]  ? __x64_sys_write+0x73/0xb0
[  181.817871]  ? do_syscall_64+0x1b9/0x820
[  181.822009]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  181.827383]  ? do_raw_spin_unlock+0xa7/0x2f0
[  181.831816]  ? trace_hardirqs_on+0x2c0/0x2c0
[  181.836371]  ? kasan_check_write+0x14/0x20
[  181.840749]  ? do_raw_spin_lock+0xc1/0x200
[  181.845572]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[  181.850699]  ? debug_check_no_obj_freed+0x30b/0x595
[  181.855742]  ? __wake_up_common_lock+0x1d0/0x330
[  181.860538]  ? free_obj_work+0xbb0/0xbb0
[  181.864614]  ? ext4_chunk_trans_blocks+0x30/0x30
[  181.869383]  __kasan_slab_free+0x11a/0x170
[  181.873738]  ? jbd2_journal_stop+0x443/0x1600
[  181.878244]  kasan_slab_free+0xe/0x10
[  181.882052]  kmem_cache_free+0x86/0x280
[  181.886048]  jbd2_journal_stop+0x443/0x1600
[  181.890391]  ? jbd2_journal_get_write_access+0xa5/0xc0
[  181.895681]  ? jbd2_buffer_abort_trigger+0x90/0x90
[  181.900627]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  181.906266]  ? ext4_reserve_inode_write+0x146/0x260
[  181.911296]  ? ext4_mark_inode_dirty+0x24e/0xab0
[  181.916068]  ? ext4_dirty_inode+0x97/0xc0
[  181.920227]  ? ext4_expand_extra_isize+0x5b0/0x5b0
[  181.925171]  ? ext4_setattr+0x2850/0x2850
[  181.929338]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  181.934895]  ? ext4_setattr+0x2850/0x2850
[  181.939125]  ? __ext4_journal_start_sb+0x195/0x590
[  181.944095]  ? ext4_dirty_inode+0x62/0xc0
[  181.948427]  ? ext4_journal_abort_handle.isra.5+0x260/0x260
[  181.954152]  ? rcu_note_context_switch+0x680/0x680
[  181.959100]  __ext4_journal_stop+0xde/0x1f0
[  181.963566]  ? ext4_setattr+0x2850/0x2850
[  181.967725]  ext4_dirty_inode+0xab/0xc0
[  181.971711]  __mark_inode_dirty+0x760/0x1300
[  181.976129]  ? kasan_check_write+0x14/0x20
[  181.980376]  ? __inode_attach_wb+0x13d0/0x13d0
[  181.984970]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  181.990548]  ? get_futex_value_locked+0xcb/0xf0
[  181.995233]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  182.000264]  ? current_time+0x72/0x1b0
[  182.004162]  ? lock_downgrade+0x8f0/0x8f0
[  182.008551]  ? mark_held_locks+0x160/0x160
[  182.012802]  ? trace_hardirqs_on+0xbd/0x2c0
[  182.017133]  ? current_time+0x72/0x1b0
[  182.021029]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[  182.026152]  ? futex_wait+0x5d2/0xa20
[  182.030063]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  182.035098]  ? ktime_get_coarse_real_ts64+0x243/0x3a0
[  182.040301]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  182.045850]  ? timespec64_trunc+0xea/0x180
[  182.050249]  ? inode_init_owner+0x340/0x340
[  182.054589]  generic_update_time+0x26a/0x450
[  182.059131]  ? file_remove_privs+0x530/0x530
[  182.063732]  ? lock_acquire+0x1e4/0x4f0
[  182.067725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  182.073274]  ? mnt_clone_write+0xed/0x130
[  182.077438]  ? file_remove_privs+0x530/0x530
[  182.081855]  file_update_time+0x390/0x640
[  182.086083]  ? current_time+0x1b0/0x1b0
[  182.090082]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  182.095117]  ? generic_write_checks+0x385/0x5d0
[  182.099808]  ? page_endio+0x5b0/0x5b0
[  182.103625]  ? ext4_file_write_iter+0x2a1/0x1450
[  182.108394]  __generic_file_write_iter+0x1dc/0x630
[  182.113541]  ext4_file_write_iter+0x390/0x1450
[  182.118148]  ? ext4_file_mmap+0x410/0x410
[  182.122373]  ? __fget+0x4d5/0x740
[  182.125845]  ? ksys_dup3+0x690/0x690
[  182.129638]  ? __sb_end_write+0xac/0xe0
[  182.133622]  ? pipe_write+0xb63/0xeb0
[  182.137536]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  182.143093]  ? iov_iter_init+0xc9/0x1f0
[  182.147089]  __vfs_write+0x6af/0x9d0
[  182.150820]  ? kernel_read+0x120/0x120
[  182.154720]  ? lock_release+0x9f0/0x9f0
[  182.158780]  ? check_same_owner+0x340/0x340
[  182.163124]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  182.168671]  ? __sb_start_write+0x17f/0x300
[  182.173007]  vfs_write+0x1fc/0x560
[  182.176568]  ksys_write+0x101/0x260
[  182.180212]  ? __ia32_sys_read+0xb0/0xb0
[  182.184417]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[  182.189562]  ? ksys_ioctl+0x81/0xd0
[  182.193207]  __x64_sys_write+0x73/0xb0
[  182.197205]  do_syscall_64+0x1b9/0x820
[  182.201109]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  182.206623]  ? syscall_return_slowpath+0x5e0/0x5e0
[  182.211573]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  182.216433]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[  182.221462]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  182.226548]  ? prepare_exit_to_usermode+0x291/0x3b0
[  182.231628]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  182.236510]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  182.241710] RIP: 0033:0x7ff2ecabf19d
[  182.245436] Code: d1 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 be fa ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 07 fb ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  182.264346] RSP: 002b:00007ff2eb05ff90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  182.272065] RAX: ffffffffffffffda RBX: 0000000000000400 RCX: 00007ff2ecabf19d
[  182.279334] RDX: 0000000000000400 RSI: 0000000002089a90 RDI: 0000000000000005
[  182.286621] RBP: 0000000002089a90 R08: 00000000020d9e00 R09: 656c6c616b7a7973
[  182.294244] R10: 6c656e72656b2072 R11: 0000000000000293 R12: 0000000000000000
[  182.301520] R13: 00007ff2eb060410 R14: 00000000020d9e00 R15: 0000000002089890
[  182.308845] Modules linked in:
[  182.312038] Dumping ftrace buffer:
[  182.315575]    (ftrace buffer empty)
[  182.319284] CR2: 0000000100000007
[  182.322735] ---[ end trace fbf1ba842de6c894 ]---
[  182.327502] RIP: 0010:depot_save_stack+0x120/0x470
[  182.332435] Code: 0f 00 4e 8b 24 f5 e0 db ae 89 4d 85 e4 0f 84 d4 00 00 00 44 8d 47 ff 49 c1 e0 03 eb 0d 4d 8b 24 24 4d 85 e4 0f 84 bd 00 00 00 <41> 39 5c 24 08 75 ec 41 3b 7c 24 0c 75 e5 48 8b 01 49 39 44 24 18
[  182.351444] RSP: 0018:ffff8801b2636f40 EFLAGS: 00010006
[  182.356816] RAX: 0000000084727a0d RBX: 00000000222ca320 RCX: ffff8801b2636fa0
[  182.364089] RDX: 000000004e510a9d RSI: 0000000000400000 RDI: 0000000000000012
[  182.371353] RBP: ffff8801b2636f78 R08: 0000000000000088 R09: 00000000dcf06c78
[  182.378622] R10: 00000000ecfd654a R11: ffff8801db1236f3 R12: 00000000ffffffff
[  182.385886] R13: ffff8801b2636f88 R14: 00000000000ca320 R15: ffff8801b2a72680
[  182.393154] FS:  00007ff2eb061700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[  182.401380] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  182.407254] CR2: 0000000100000007 CR3: 00000001b4fdd000 CR4: 00000000001406e0
[  182.698612] Shutting down cpus with NMI
[  182.702969] Dumping ftrace buffer:
[  182.706505]    (ftrace buffer empty)
[  182.710200] Kernel Offset: disabled
[  182.713814] Rebooting in 86400 seconds..