[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.576133] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.714748] random: sshd: uninitialized urandom read (32 bytes read) [ 22.997729] random: sshd: uninitialized urandom read (32 bytes read) [ 23.740088] random: sshd: uninitialized urandom read (32 bytes read) [ 23.887805] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. [ 29.275757] random: sshd: uninitialized urandom read (32 bytes read) 2018/05/20 04:09:09 parsed 1 programs 2018/05/20 04:09:09 executed programs: 0 [ 29.785112] IPVS: ftp: loaded support on port[0] = 21 [ 29.913242] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.919714] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.927110] device bridge_slave_0 entered promiscuous mode [ 29.943521] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.949906] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.957007] device bridge_slave_1 entered promiscuous mode [ 29.972162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 29.988226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.028780] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.046341] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.108412] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.116794] team0: Port device team_slave_0 added [ 30.131202] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.138439] team0: Port device team_slave_1 added [ 30.152982] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.171522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.187994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 30.205775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 30.324690] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.331160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.338113] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.344478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.741148] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.747273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.789223] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.830856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.838659] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 30.877293] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.123318] ================================================================== [ 31.130836] BUG: KASAN: stack-out-of-bounds in compat_copy_entries+0x96c/0x14a0 [ 31.138267] Write of size 33 at addr ffff8801d899f8c8 by task syz-executor0/4751 [ 31.145778] [ 31.147395] CPU: 0 PID: 4751 Comm: syz-executor0 Not tainted 4.17.0-rc5+ #84 [ 31.154560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.163889] Call Trace: [ 31.166472] dump_stack+0x1b9/0x294 [ 31.170094] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.175268] ? printk+0x9e/0xba [ 31.178528] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.183265] ? kasan_check_write+0x14/0x20 [ 31.187496] print_address_description+0x6c/0x20b [ 31.192325] ? compat_copy_entries+0x96c/0x14a0 [ 31.196979] kasan_report.cold.7+0x242/0x2fe [ 31.201383] check_memory_region+0x13e/0x1b0 [ 31.205786] memcpy+0x37/0x50 [ 31.208883] compat_copy_entries+0x96c/0x14a0 [ 31.213377] ? compat_table_info+0x660/0x660 [ 31.217767] ? xt_compat_init_offsets+0x26e/0x340 [ 31.222594] ? xt_compat_flush_offsets+0x270/0x270 [ 31.227515] compat_do_replace+0x483/0x900 [ 31.231736] ? compat_do_ebt_get_ctl+0x910/0x910 [ 31.236478] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.242010] ? cap_capable+0x1f9/0x260 [ 31.245898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.251421] ? ns_capable_common+0x13f/0x170 [ 31.255817] compat_do_ebt_set_ctl+0x2ac/0x324 [ 31.260388] ? compat_do_replace+0x900/0x900 [ 31.264791] ? __fget+0x40c/0x650 [ 31.268228] ? mutex_unlock+0xd/0x10 [ 31.271921] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 31.277182] compat_nf_setsockopt+0x9b/0x140 [ 31.281573] ? compat_do_replace+0x900/0x900 [ 31.285977] compat_ip_setsockopt+0xff/0x140 [ 31.290372] compat_udp_setsockopt+0x62/0xa0 [ 31.294763] compat_sock_common_setsockopt+0xb4/0x150 [ 31.299948] ? udp_lib_unhash+0x960/0x960 [ 31.304081] ? sock_common_setsockopt+0xe0/0xe0 [ 31.308731] __compat_sys_setsockopt+0x1ab/0x840 [ 31.313478] ? __compat_sys_getsockopt+0x880/0x880 [ 31.318395] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 31.324110] ? mm_fault_error+0x380/0x380 [ 31.328243] __ia32_compat_sys_setsockopt+0xbd/0x150 [ 31.333327] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.338328] do_fast_syscall_32+0x345/0xf9b [ 31.342633] ? do_int80_syscall_32+0x880/0x880 [ 31.347194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.351934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.357452] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.362375] ? sysret32_from_system_call+0x5/0x46 [ 31.367200] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.372042] entry_SYSENTER_compat+0x70/0x7f [ 31.376435] RIP: 0023:0xf7fadcb9 [ 31.379778] RSP: 002b:00000000ffca173c EFLAGS: 00000282 ORIG_RAX: 000000000000016e [ 31.387469] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 31.394732] RDX: 0000000000000080 RSI: 00000000200006c0 RDI: 00000000000006b8 [ 31.401983] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 31.409233] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 31.416496] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.423751] [ 31.425364] The buggy address belongs to the page: [ 31.430274] page:ffffea00076267c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 31.438398] flags: 0x2fffc0000000000() [ 31.442267] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 31.450127] raw: 0000000000000000 ffffea0007620101 0000000000000000 0000000000000000 [ 31.457988] page dumped because: kasan: bad access detected [ 31.463676] [ 31.465278] Memory state around the buggy address: [ 31.470184] ffff8801d899f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.477529] ffff8801d899f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 31.484878] >ffff8801d899f880: f1 00 00 f2 f2 f2 f2 f2 f2 00 00 00 07 f3 f3 f3 [ 31.492214] ^ [ 31.498685] ffff8801d899f900: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.506030] ffff8801d899f980: 00 00 f1 f1 f1 f1 00 00 00 f2 f2 f2 f2 f2 00 00 [ 31.513369] ================================================================== [ 31.520712] Disabling lock debugging due to kernel taint [ 31.526413] Kernel panic - not syncing: panic_on_warn set ... [ 31.526413] [ 31.533790] CPU: 0 PID: 4751 Comm: syz-executor0 Tainted: G B 4.17.0-rc5+ #84 [ 31.542343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.551673] Call Trace: [ 31.554242] dump_stack+0x1b9/0x294 [ 31.557847] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.563031] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.567773] ? compat_copy_entries+0x900/0x14a0 [ 31.572428] panic+0x22f/0x4de [ 31.575598] ? add_taint.cold.5+0x16/0x16 [ 31.579726] ? do_raw_spin_unlock+0x9e/0x2e0 [ 31.584119] ? do_raw_spin_unlock+0x9e/0x2e0 [ 31.588526] ? compat_copy_entries+0x96c/0x14a0 [ 31.593179] kasan_end_report+0x47/0x4f [ 31.597133] kasan_report.cold.7+0x76/0x2fe [ 31.601438] check_memory_region+0x13e/0x1b0 [ 31.605828] memcpy+0x37/0x50 [ 31.608916] compat_copy_entries+0x96c/0x14a0 [ 31.613396] ? compat_table_info+0x660/0x660 [ 31.617786] ? xt_compat_init_offsets+0x26e/0x340 [ 31.622611] ? xt_compat_flush_offsets+0x270/0x270 [ 31.627527] compat_do_replace+0x483/0x900 [ 31.631746] ? compat_do_ebt_get_ctl+0x910/0x910 [ 31.636493] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.642016] ? cap_capable+0x1f9/0x260 [ 31.645895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.651412] ? ns_capable_common+0x13f/0x170 [ 31.655803] compat_do_ebt_set_ctl+0x2ac/0x324 [ 31.660374] ? compat_do_replace+0x900/0x900 [ 31.664776] ? __fget+0x40c/0x650 [ 31.668211] ? mutex_unlock+0xd/0x10 [ 31.671904] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 31.677159] compat_nf_setsockopt+0x9b/0x140 [ 31.681548] ? compat_do_replace+0x900/0x900 [ 31.685936] compat_ip_setsockopt+0xff/0x140 [ 31.690344] compat_udp_setsockopt+0x62/0xa0 [ 31.694753] compat_sock_common_setsockopt+0xb4/0x150 [ 31.699922] ? udp_lib_unhash+0x960/0x960 [ 31.704055] ? sock_common_setsockopt+0xe0/0xe0 [ 31.708712] __compat_sys_setsockopt+0x1ab/0x840 [ 31.713465] ? __compat_sys_getsockopt+0x880/0x880 [ 31.718378] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 31.724076] ? mm_fault_error+0x380/0x380 [ 31.728225] __ia32_compat_sys_setsockopt+0xbd/0x150 [ 31.733310] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.738311] do_fast_syscall_32+0x345/0xf9b [ 31.742622] ? do_int80_syscall_32+0x880/0x880 [ 31.747185] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.751926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.757443] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.762354] ? sysret32_from_system_call+0x5/0x46 [ 31.767186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.772014] entry_SYSENTER_compat+0x70/0x7f [ 31.776415] RIP: 0023:0xf7fadcb9 [ 31.779763] RSP: 002b:00000000ffca173c EFLAGS: 00000282 ORIG_RAX: 000000000000016e [ 31.787461] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 31.794714] RDX: 0000000000000080 RSI: 00000000200006c0 RDI: 00000000000006b8 [ 31.801965] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 31.809215] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 31.816465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.824270] Dumping ftrace buffer: [ 31.827790] (ftrace buffer empty) [ 31.831478] Kernel Offset: disabled [ 31.835085] Rebooting in 86400 seconds..