[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 9.024481] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.227832] random: sshd: uninitialized urandom read (32 bytes read) [ 19.417995] random: sshd: uninitialized urandom read (32 bytes read) [ 19.551643] random: crng init done Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. 2018/09/24 03:41:43 parsed 1 programs 2018/09/24 03:41:44 executed programs: 0 [ 40.128935] ip (2147) used greatest stack depth: 24152 bytes left [ 44.682188] audit: type=1400 audit(1537760509.580:5): avc: denied { associate } for pid=2077 comm="syz-executor2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/09/24 03:41:50 executed programs: 6 [ 51.294921] ================================================================== [ 51.302351] BUG: KASAN: out-of-bounds in __unwind_start+0x368/0x3b0 [ 51.308736] Read of size 8 at addr ffff8801d7f77588 by task syz-executor2/5043 [ 51.316077] [ 51.317685] CPU: 0 PID: 5043 Comm: syz-executor2 Not tainted 4.9.128+ #41 [ 51.324581] ffff8801d600f070 ffffffff81af2469 ffffea00075fddc0 ffff8801d7f77588 [ 51.332631] 0000000000000000 ffff8801d7f77590 ffff8801d77a5f00 ffff8801d600f0a8 [ 51.340650] ffffffff814e13cb ffff8801d7f77588 0000000000000008 0000000000000000 [ 51.348682] Call Trace: [ 51.351250] [] dump_stack+0xc1/0x128 [ 51.356606] [] print_address_description+0x6c/0x234 [ 51.363253] [] kasan_report.cold.6+0x242/0x2fe [ 51.369479] [] ? __unwind_start+0x368/0x3b0 [ 51.375426] [] __asan_report_load8_noabort+0x14/0x20 [ 51.382155] [] __unwind_start+0x368/0x3b0 [ 51.387931] [] ? ptrace_may_access+0x24/0x50 [ 51.393969] [] __save_stack_trace+0x59/0xf0 [ 51.399922] [] save_stack_trace_tsk+0x48/0x70 [ 51.406055] [] proc_pid_stack+0x148/0x220 [ 51.411831] [] ? lock_trace+0xc0/0xc0 [ 51.417282] [] ? get_pid_task+0x9b/0x140 [ 51.423036] [] proc_single_show+0xfd/0x170 [ 51.428905] [] traverse+0x363/0x920 [ 51.434170] [] ? seq_buf_alloc+0x80/0x80 [ 51.439861] [] ? get_page_from_freelist+0xbd1/0x18e0 [ 51.446591] [] seq_read+0xd1b/0x12d0 [ 51.451932] [] ? seq_lseek+0x3c0/0x3c0 [ 51.457444] [] ? __fsnotify_inode_delete+0x30/0x30 [ 51.464010] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 51.472698] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 51.479515] [] do_readv_writev+0x56e/0x7b0 [ 51.485381] [] ? vfs_write+0x520/0x520 [ 51.490904] [] ? kasan_unpoison_shadow+0x35/0x50 [ 51.497293] [] ? push_pipe+0x3e2/0x770 [ 51.502807] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 51.509628] [] vfs_readv+0x84/0xc0 [ 51.514805] [] default_file_splice_read+0x44b/0x7e0 [ 51.521448] [] ? depot_save_stack+0x11c/0x470 [ 51.527574] [] ? do_splice_direct+0x270/0x270 [ 51.533705] [] ? kasan_kmalloc.part.1+0x62/0xf0 [ 51.539999] [] ? __kmalloc+0x12f/0x310 [ 51.545511] [] ? alloc_pipe_info+0x164/0x380 [ 51.551544] [] ? splice_direct_to_actor+0x62c/0x7e0 [ 51.558182] [] ? do_splice_direct+0x1a3/0x270 [ 51.564304] [] ? do_sendfile+0x4f0/0xc30 [ 51.569997] [] ? SyS_sendfile64+0xd1/0x160 [ 51.575866] [] ? do_syscall_64+0x19f/0x480 [ 51.581729] [] ? security_file_permission+0x8f/0x1e0 [ 51.588465] [] ? do_splice_direct+0x270/0x270 [ 51.594588] [] do_splice_to+0x10c/0x170 [ 51.600196] [] splice_direct_to_actor+0x23f/0x7e0 [ 51.606664] [] ? pipe_to_sendpage+0x330/0x330 [ 51.612785] [] ? do_splice_to+0x170/0x170 [ 51.618559] [] ? security_file_permission+0x8f/0x1e0 [ 51.625291] [] ? rw_verify_area+0xe5/0x2a0 [ 51.631149] [] do_splice_direct+0x1a3/0x270 [ 51.637095] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 51.643743] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 51.650298] [] ? __sb_start_write+0x161/0x300 [ 51.656420] [] do_sendfile+0x4f0/0xc30 [ 51.661935] [] ? do_compat_pwritev64+0x180/0x180 [ 51.668324] [] ? __might_fault+0x114/0x1d0 [ 51.674188] [] SyS_sendfile64+0xd1/0x160 [ 51.679874] [] ? SyS_sendfile+0x160/0x160 [ 51.685647] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 51.692463] [] ? do_syscall_64+0x48/0x480 [ 51.698233] [] ? SyS_sendfile+0x160/0x160 [ 51.704017] [] do_syscall_64+0x19f/0x480 [ 51.709717] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 51.716616] [ 51.718218] The buggy address belongs to the page: [ 51.723122] page:ffffea00075fddc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 51.731352] flags: 0x4000000000000000() [ 51.735301] page dumped because: kasan: bad access detected [ 51.740993] [ 51.742593] Memory state around the buggy address: [ 51.747497] ffff8801d7f77480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.754832] ffff8801d7f77500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.762171] >ffff8801d7f77580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.769507] ^ [ 51.773366] ffff8801d7f77600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.780719] ffff8801d7f77680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.788052] ================================================================== [ 51.795381] Disabling lock debugging due to kernel taint [ 51.801770] Kernel panic - not syncing: panic_on_warn set ... [ 51.801770] [ 51.809163] CPU: 0 PID: 5043 Comm: syz-executor2 Tainted: G B 4.9.128+ #41 [ 51.817292] ffff8801d600efd0 ffffffff81af2469 ffffffff82c34968 00000000ffffffff [ 51.825304] 0000000000000000 0000000000000000 ffff8801d77a5f00 ffff8801d600f090 [ 51.833314] ffffffff813df985 0000000041b58ab3 ffffffff82c2896b ffffffff813df7c6 [ 51.841329] Call Trace: [ 51.843894] [] dump_stack+0xc1/0x128 [ 51.849233] [] panic+0x1bf/0x39f [ 51.854227] [] ? add_taint.cold.6+0x16/0x16 [ 51.860179] [] ? ___preempt_schedule+0x16/0x18 [ 51.866390] [] kasan_end_report+0x47/0x4f [ 51.872165] [] kasan_report.cold.6+0x76/0x2fe [ 51.878292] [] ? __unwind_start+0x368/0x3b0 [ 51.884238] [] __asan_report_load8_noabort+0x14/0x20 [ 51.890965] [] __unwind_start+0x368/0x3b0 [ 51.896743] [] ? ptrace_may_access+0x24/0x50 [ 51.902780] [] __save_stack_trace+0x59/0xf0 [ 51.908729] [] save_stack_trace_tsk+0x48/0x70 [ 51.914850] [] proc_pid_stack+0x148/0x220 [ 51.920625] [] ? lock_trace+0xc0/0xc0 [ 51.926051] [] ? get_pid_task+0x9b/0x140 [ 51.931736] [] proc_single_show+0xfd/0x170 [ 51.937597] [] traverse+0x363/0x920 [ 51.942847] [] ? seq_buf_alloc+0x80/0x80 [ 51.948538] [] ? get_page_from_freelist+0xbd1/0x18e0 [ 51.955272] [] seq_read+0xd1b/0x12d0 [ 51.960639] [] ? seq_lseek+0x3c0/0x3c0 [ 51.966154] [] ? __fsnotify_inode_delete+0x30/0x30 [ 51.972708] [] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 51.981175] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 51.987989] [] do_readv_writev+0x56e/0x7b0 [ 51.993846] [] ? vfs_write+0x520/0x520 [ 51.999357] [] ? kasan_unpoison_shadow+0x35/0x50 [ 52.005737] [] ? push_pipe+0x3e2/0x770 [ 52.011251] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 52.018096] [] vfs_readv+0x84/0xc0 [ 52.023277] [] default_file_splice_read+0x44b/0x7e0 [ 52.029922] [] ? depot_save_stack+0x11c/0x470 [ 52.036042] [] ? do_splice_direct+0x270/0x270 [ 52.042164] [] ? kasan_kmalloc.part.1+0x62/0xf0 [ 52.048456] [] ? __kmalloc+0x12f/0x310 [ 52.053968] [] ? alloc_pipe_info+0x164/0x380 [ 52.060001] [] ? splice_direct_to_actor+0x62c/0x7e0 [ 52.066639] [] ? do_splice_direct+0x1a3/0x270 [ 52.072759] [] ? do_sendfile+0x4f0/0xc30 [ 52.078447] [] ? SyS_sendfile64+0xd1/0x160 [ 52.084308] [] ? do_syscall_64+0x19f/0x480 [ 52.090169] [] ? security_file_permission+0x8f/0x1e0 [ 52.096897] [] ? do_splice_direct+0x270/0x270 [ 52.103015] [] do_splice_to+0x10c/0x170 [ 52.108616] [] splice_direct_to_actor+0x23f/0x7e0 [ 52.115091] [] ? pipe_to_sendpage+0x330/0x330 [ 52.121216] [] ? do_splice_to+0x170/0x170 [ 52.126989] [] ? security_file_permission+0x8f/0x1e0 [ 52.133715] [] ? rw_verify_area+0xe5/0x2a0 [ 52.139573] [] do_splice_direct+0x1a3/0x270 [ 52.145520] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 52.152164] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 52.158718] [] ? __sb_start_write+0x161/0x300 [ 52.164858] [] do_sendfile+0x4f0/0xc30 [ 52.170372] [] ? do_compat_pwritev64+0x180/0x180 [ 52.176756] [] ? __might_fault+0x114/0x1d0 [ 52.182617] [] SyS_sendfile64+0xd1/0x160 [ 52.188305] [] ? SyS_sendfile+0x160/0x160 [ 52.194078] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 52.200898] [] ? do_syscall_64+0x48/0x480 [ 52.206681] [] ? SyS_sendfile+0x160/0x160 [ 52.212451] [] do_syscall_64+0x19f/0x480 [ 52.218141] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 52.225438] Kernel Offset: disabled [ 52.229066] Rebooting in 86400 seconds..