[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.789294] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.518371] random: sshd: uninitialized urandom read (32 bytes read) [ 23.132270] random: sshd: uninitialized urandom read (32 bytes read) [ 23.708229] random: sshd: uninitialized urandom read (32 bytes read) [ 61.765594] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. [ 67.244188] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/25 17:52:26 parsed 1 programs 2018/04/25 17:52:26 executed programs: 0 [ 67.665550] IPVS: Creating netns size=2536 id=1 [ 67.685718] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3847 comm=syz-executor1 [ 67.698952] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3858 comm=syz-executor1 [ 67.699001] IPVS: Creating netns size=2536 id=2 [ 67.717798] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3864 comm=syz-executor7 [ 67.729683] IPVS: Creating netns size=2536 id=3 [ 67.743027] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3871 comm=syz-executor7 [ 67.744349] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3870 comm=syz-executor1 [ 67.744662] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3873 comm=syz-executor1 [ 67.756256] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3877 comm=syz-executor6 [ 67.756567] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3878 comm=syz-executor6 [ 67.759406] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3880 comm=syz-executor1 [ 67.759746] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=3881 comm=syz-executor1 [ 67.770505] IPVS: Creating netns size=2536 id=4 [ 67.816253] IPVS: Creating netns size=2536 id=5 [ 67.862655] IPVS: Creating netns size=2536 id=6 [ 67.914359] IPVS: Creating netns size=2536 id=7 [ 67.947681] IPVS: Creating netns size=2536 id=8 2018/04/25 17:52:31 executed programs: 705 [ 72.711331] selinux_nlmsg_perm: 1399 callbacks suppressed [ 72.711338] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6601 comm=syz-executor1 [ 72.714356] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6608 comm=syz-executor6 [ 72.714574] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6612 comm=syz-executor5 [ 72.718650] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6602 comm=syz-executor4 [ 72.718820] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6615 comm=syz-executor6 [ 72.719124] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6613 comm=syz-executor2 [ 72.719348] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6614 comm=syz-executor5 [ 72.722193] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6616 comm=syz-executor3 [ 72.722433] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6617 comm=syz-executor4 [ 72.723141] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=6619 comm=syz-executor3 2018/04/25 17:52:36 executed programs: 1337 [ 77.722452] selinux_nlmsg_perm: 1256 callbacks suppressed [ 77.722460] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9042 comm=syz-executor6 [ 77.725081] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9044 comm=syz-executor1 [ 77.730156] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9048 comm=syz-executor3 [ 77.745456] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9050 comm=syz-executor2 [ 77.749991] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9047 comm=syz-executor4 [ 77.752099] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9059 comm=syz-executor1 [ 77.752263] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9060 comm=syz-executor2 [ 77.753719] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9054 comm=syz-executor0 [ 77.754733] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9055 comm=syz-executor5 [ 77.757132] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=9061 comm=syz-executor4 2018/04/25 17:52:41 executed programs: 1975 [ 82.727095] selinux_nlmsg_perm: 1259 callbacks suppressed [ 82.727102] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11485 comm=syz-executor1 [ 82.731770] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11477 comm=syz-executor4 [ 82.734033] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11483 comm=syz-executor7 [ 82.737498] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11496 comm=syz-executor7 [ 82.738481] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11495 comm=syz-executor5 [ 82.739384] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11494 comm=syz-executor2 [ 82.741273] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11498 comm=syz-executor6 [ 82.741830] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11500 comm=syz-executor5 [ 82.742366] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11499 comm=syz-executor3 [ 82.750913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=11491 comm=syz-executor0 2018/04/25 17:52:46 executed programs: 2614 [ 87.739412] selinux_nlmsg_perm: 1270 callbacks suppressed [ 87.739419] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13932 comm=syz-executor3 [ 87.746551] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13938 comm=syz-executor6 [ 87.748986] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13933 comm=syz-executor7 [ 87.753961] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13939 comm=syz-executor5 [ 87.757628] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13941 comm=syz-executor0 [ 87.758390] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13948 comm=syz-executor5 [ 87.758784] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13944 comm=syz-executor2 [ 87.763557] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13949 comm=syz-executor0 [ 87.763997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13950 comm=syz-executor2 [ 87.764622] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=13951 comm=syz-executor4 2018/04/25 17:52:51 executed programs: 3246 [ 92.757914] selinux_nlmsg_perm: 1254 callbacks suppressed [ 92.757921] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16371 comm=syz-executor4 [ 92.759502] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16369 comm=syz-executor7 [ 92.764250] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16366 comm=syz-executor2 [ 92.769671] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16379 comm=syz-executor2 [ 92.769934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16378 comm=syz-executor1 [ 92.773203] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16377 comm=syz-executor6 [ 92.775545] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16381 comm=syz-executor5 [ 92.776402] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16382 comm=syz-executor1 [ 92.780981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16385 comm=syz-executor6 [ 92.787367] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26214 sclass=netlink_route_socket pig=16386 comm=syz-executor5 [ 94.690092] ================================================================== [ 94.697494] BUG: KASAN: out-of-bounds in __unwind_start+0x37c/0x3c0 [ 94.703884] Read of size 8 at addr ffff8801d572f810 by task syz-executor4/17252 [ 94.711321] [ 94.712937] CPU: 1 PID: 17252 Comm: syz-executor4 Not tainted 4.9.96-g8c01d00 #11 [ 94.720540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.729884] ffff8801d7387130 ffffffff81eb0b69 ffffea000755cbc0 ffff8801d572f810 [ 94.737989] 0000000000000000 ffff8801d572f818 ffff8801d7387268 ffff8801d7387168 [ 94.746047] ffffffff8156540b ffff8801d572f810 0000000000000008 0000000000000000 [ 94.754085] Call Trace: [ 94.756662] [] dump_stack+0xc1/0x128 [ 94.762019] [] print_address_description+0x6c/0x234 [ 94.768679] [] kasan_report.cold.6+0x242/0x2fe [ 94.774904] [] ? __unwind_start+0x37c/0x3c0 [ 94.780872] [] __asan_report_load8_noabort+0x14/0x20 [ 94.787616] [] __unwind_start+0x37c/0x3c0 [ 94.793407] [] ? ptrace_may_access+0x24/0x50 [ 94.799455] [] __save_stack_trace+0x59/0xf0 [ 94.805420] [] save_stack_trace_tsk+0x48/0x70 [ 94.811559] [] proc_pid_stack+0x148/0x220 [ 94.817417] [] ? lock_trace+0xc0/0xc0 [ 94.822860] [] proc_single_show+0xfd/0x170 [ 94.828737] [] seq_read+0x4b6/0x12e0 [ 94.834102] [] ? seq_dentry+0x290/0x290 [ 94.839716] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 94.848181] [] ? fsnotify+0x1100/0x1100 [ 94.853776] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 94.860672] [] do_readv_writev+0x565/0x7a0 [ 94.866529] [] ? vfs_write+0x530/0x530 [ 94.872036] [] ? kasan_unpoison_shadow+0x35/0x50 [ 94.878413] [] ? push_pipe+0x3f4/0x780 [ 94.883926] [] ? iov_iter_get_pages_alloc+0x2bb/0xf10 [ 94.890752] [] vfs_readv+0x84/0xc0 [ 94.895918] [] default_file_splice_read+0x44b/0x7e0 [ 94.902553] [] ? depot_save_stack+0x132/0x460 [ 94.908667] [] ? do_splice_direct+0x270/0x270 [ 94.914780] [] ? save_stack+0x43/0xd0 [ 94.920202] [] ? __kmalloc+0x11d/0x300 [ 94.925710] [] ? alloc_pipe_info+0x164/0x380 [ 94.931741] [] ? splice_direct_to_actor+0x62c/0x7e0 [ 94.938379] [] ? do_splice_direct+0x1a3/0x270 [ 94.944493] [] ? do_sendfile+0x4f0/0xc60 [ 94.950173] [] ? compat_SyS_sendfile+0xd1/0x160 [ 94.956462] [] ? do_fast_syscall_32+0x2f7/0x870 [ 94.962753] [] ? check_preemption_disabled+0x3b/0x170 [ 94.969569] [] ? avc_has_perm+0x27d/0x4f0 [ 94.975337] [] ? rw_verify_area+0xe5/0x2b0 [ 94.981194] [] ? do_splice_direct+0x270/0x270 [ 94.987308] [] do_splice_to+0x10c/0x170 [ 94.992903] [] splice_direct_to_actor+0x23f/0x7e0 [ 94.999374] [] ? pipe_to_sendpage+0x330/0x330 [ 95.005492] [] ? do_splice_to+0x170/0x170 [ 95.011260] [] ? security_file_permission+0x8f/0x1f0 [ 95.017990] [] ? rw_verify_area+0xe5/0x2b0 [ 95.023845] [] do_splice_direct+0x1a3/0x270 [ 95.029788] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 95.036425] [] ? rw_verify_area+0xe5/0x2b0 [ 95.042281] [] do_sendfile+0x4f0/0xc60 [ 95.047792] [] ? do_compat_pwritev64+0x180/0x180 [ 95.054168] [] ? __might_fault+0x114/0x1d0 [ 95.060024] [] compat_SyS_sendfile+0xd1/0x160 [ 95.066141] [] ? SyS_sendfile64+0x160/0x160 [ 95.072081] [] ? do_fast_syscall_32+0xcf/0x870 [ 95.078284] [] ? SyS_sendfile64+0x160/0x160 [ 95.084231] [] do_fast_syscall_32+0x2f7/0x870 [ 95.090351] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 95.096988] [] entry_SYSENTER_compat+0x90/0xa2 [ 95.103203] [ 95.104799] The buggy address belongs to the page: [ 95.109698] page:ffffea000755cbc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 95.117930] flags: 0x8000000000000000() [ 95.121871] page dumped because: kasan: bad access detected [ 95.127545] [ 95.129142] Memory state around the buggy address: [ 95.134041] ffff8801d572f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.141368] ffff8801d572f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.148696] >ffff8801d572f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.156029] ^ [ 95.160145] ffff8801d572f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.167475] ffff8801d572f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.174802] ================================================================== [ 95.182127] Disabling lock debugging due to kernel taint [ 95.193393] Kernel panic - not syncing: panic_on_warn set ... [ 95.193393] [ 95.200781] CPU: 1 PID: 17252 Comm: syz-executor4 Tainted: G B 4.9.96-g8c01d00 #11 [ 95.209598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.218931] ffff8801d7387090 ffffffff81eb0b69 ffffffff841c492d 00000000ffffffff [ 95.226925] 0000000000000000 0000000000000001 ffff8801d7387268 ffff8801d7387150 [ 95.234910] ffffffff8141f975 0000000041b58ab3 ffffffff841b8030 ffffffff8141f7b6 [ 95.242891] Call Trace: [ 95.245457] [] dump_stack+0xc1/0x128 [ 95.250796] [] panic+0x1bf/0x3bc [ 95.255784] [] ? add_taint.cold.6+0x16/0x16 [ 95.261735] [] ? ___preempt_schedule+0x16/0x18 [ 95.267939] [] kasan_end_report+0x47/0x4f [ 95.273707] [] kasan_report.cold.6+0x76/0x2fe [ 95.279826] [] ? __unwind_start+0x37c/0x3c0 [ 95.285769] [] __asan_report_load8_noabort+0x14/0x20 [ 95.292495] [] __unwind_start+0x37c/0x3c0 [ 95.298267] [] ? ptrace_may_access+0x24/0x50 [ 95.304307] [] __save_stack_trace+0x59/0xf0 [ 95.310257] [] save_stack_trace_tsk+0x48/0x70 [ 95.316376] [] proc_pid_stack+0x148/0x220 [ 95.322157] [] ? lock_trace+0xc0/0xc0 [ 95.327845] [] proc_single_show+0xfd/0x170 [ 95.333702] [] seq_read+0x4b6/0x12e0 [ 95.339047] [] ? seq_dentry+0x290/0x290 [ 95.344643] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 95.353106] [] ? fsnotify+0x1100/0x1100 [ 95.358703] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 95.365616] [] do_readv_writev+0x565/0x7a0 [ 95.371471] [] ? vfs_write+0x530/0x530 [ 95.376980] [] ? kasan_unpoison_shadow+0x35/0x50 [ 95.383358] [] ? push_pipe+0x3f4/0x780 [ 95.388872] [] ? iov_iter_get_pages_alloc+0x2bb/0xf10 [ 95.395687] [] vfs_readv+0x84/0xc0 [ 95.400854] [] default_file_splice_read+0x44b/0x7e0 [ 95.407494] [] ? depot_save_stack+0x132/0x460 [ 95.413615] [] ? do_splice_direct+0x270/0x270 [ 95.419739] [] ? save_stack+0x43/0xd0 [ 95.425164] [] ? __kmalloc+0x11d/0x300 [ 95.430685] [] ? alloc_pipe_info+0x164/0x380 [ 95.436729] [] ? splice_direct_to_actor+0x62c/0x7e0 [ 95.443373] [] ? do_splice_direct+0x1a3/0x270 [ 95.449491] [] ? do_sendfile+0x4f0/0xc60 [ 95.455174] [] ? compat_SyS_sendfile+0xd1/0x160 [ 95.461465] [] ? do_fast_syscall_32+0x2f7/0x870 [ 95.467756] [] ? check_preemption_disabled+0x3b/0x170 [ 95.474567] [] ? avc_has_perm+0x27d/0x4f0 [ 95.480339] [] ? rw_verify_area+0xe5/0x2b0 [ 95.486196] [] ? do_splice_direct+0x270/0x270 [ 95.492314] [] do_splice_to+0x10c/0x170 [ 95.497911] [] splice_direct_to_actor+0x23f/0x7e0 [ 95.504373] [] ? pipe_to_sendpage+0x330/0x330 [ 95.510509] [] ? do_splice_to+0x170/0x170 [ 95.516294] [] ? security_file_permission+0x8f/0x1f0 [ 95.523018] [] ? rw_verify_area+0xe5/0x2b0 [ 95.528873] [] do_splice_direct+0x1a3/0x270 [ 95.534821] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 95.541462] [] ? rw_verify_area+0xe5/0x2b0 [ 95.547320] [] do_sendfile+0x4f0/0xc60 [ 95.552831] [] ? do_compat_pwritev64+0x180/0x180 [ 95.559207] [] ? __might_fault+0x114/0x1d0 [ 95.565064] [] compat_SyS_sendfile+0xd1/0x160 [ 95.571181] [] ? SyS_sendfile64+0x160/0x160 [ 95.577124] [] ? do_fast_syscall_32+0xcf/0x870 [ 95.583327] [] ? SyS_sendfile64+0x160/0x160 [ 95.589270] [] do_fast_syscall_32+0x2f7/0x870 [ 95.595387] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 95.602033] [] entry_SYSENTER_compat+0x90/0xa2 [ 95.608727] Dumping ftrace buffer: [ 95.612238] (ftrace buffer empty) [ 95.615920] Kernel Offset: disabled [ 95.619518] Rebooting in 86400 seconds..