[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 12.078709] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.871129] random: sshd: uninitialized urandom read (32 bytes read) [ 17.247391] random: sshd: uninitialized urandom read (32 bytes read) [ 17.923937] random: sshd: uninitialized urandom read (32 bytes read) [ 31.022511] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. [ 36.480348] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/24 19:10:16 parsed 1 programs 2018/04/24 19:10:16 executed programs: 0 [ 36.918842] IPVS: Creating netns size=2536 id=1 [ 36.941042] IPVS: Creating netns size=2536 id=2 [ 36.981077] IPVS: Creating netns size=2536 id=3 [ 37.011479] IPVS: Creating netns size=2536 id=4 [ 37.033476] IPVS: Creating netns size=2536 id=5 [ 37.065964] IPVS: Creating netns size=2536 id=6 [ 37.098406] IPVS: Creating netns size=2536 id=7 [ 37.125766] IPVS: Creating netns size=2536 id=8 2018/04/24 19:10:21 executed programs: 935 2018/04/24 19:10:26 executed programs: 1778 2018/04/24 19:10:31 executed programs: 2624 2018/04/24 19:10:36 executed programs: 3472 2018/04/24 19:10:41 executed programs: 4308 2018/04/24 19:10:46 executed programs: 5143 2018/04/24 19:10:51 executed programs: 5972 2018/04/24 19:10:56 executed programs: 6809 2018/04/24 19:11:01 executed programs: 7664 [ 85.768885] ================================================================== [ 85.776495] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x37c/0x3c0 [ 85.783519] Read of size 8 at addr ffff8801bd297c88 by task syz-executor7/25512 [ 85.790956] [ 85.792588] CPU: 1 PID: 25512 Comm: syz-executor7 Not tainted 4.9.96-g320d53a #7 [ 85.800298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.809644] ffff8801cc0a7770 ffffffff81eb0b69 ffffea0006f4a5c0 ffff8801bd297c88 [ 85.817730] 0000000000000000 ffff8801bd297c88 ffff8801cc0a78a8 ffff8801cc0a77a8 [ 85.825792] ffffffff8156540b ffff8801bd297c88 0000000000000008 0000000000000000 [ 85.833832] Call Trace: [ 85.836424] [] dump_stack+0xc1/0x128 [ 85.841788] [] print_address_description+0x6c/0x234 [ 85.848460] [] kasan_report.cold.6+0x242/0x2fe [ 85.855002] [] ? __unwind_start+0x37c/0x3c0 [ 85.860975] [] __asan_report_load8_noabort+0x14/0x20 [ 85.867731] [] __unwind_start+0x37c/0x3c0 [ 85.873531] [] ? ptrace_may_access+0x24/0x50 [ 85.879680] [] __save_stack_trace+0x59/0xf0 [ 85.885662] [] save_stack_trace_tsk+0x48/0x70 [ 85.891809] [] proc_pid_stack+0x148/0x220 [ 85.897635] [] ? lock_trace+0xc0/0xc0 [ 85.903104] [] proc_single_show+0xfd/0x170 [ 85.908994] [] seq_read+0x4b6/0x12e0 [ 85.914379] [] ? seq_dentry+0x290/0x290 [ 85.920008] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 85.928481] [] ? fsnotify+0x1100/0x1100 [ 85.934193] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 85.941110] [] do_readv_writev+0x565/0x7a0 [ 85.946972] [] ? vfs_write+0x530/0x530 [ 85.952927] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 85.959841] [] ? debug_check_no_obj_freed+0x2ec/0x930 [ 85.966664] [] ? check_preemption_disabled+0x3b/0x170 [ 85.973496] [] ? __fget+0x20a/0x3b0 [ 85.978758] [] ? __fget+0x231/0x3b0 [ 85.984024] [] ? __fget+0x47/0x3b0 [ 85.989202] [] vfs_readv+0x84/0xc0 [ 85.994393] [] do_preadv+0x197/0x240 [ 85.999739] [] ? do_readv+0x260/0x260 [ 86.005169] [] ? __do_page_fault+0x183/0xd50 [ 86.011210] [] SyS_preadv+0x30/0x40 [ 86.016464] [] ? SyS_writev+0x30/0x30 [ 86.021895] [] do_syscall_64+0x1a6/0x490 [ 86.027598] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 86.034509] [ 86.036114] The buggy address belongs to the page: [ 86.041020] page:ffffea0006f4a5c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 86.049266] flags: 0x8000000000000000() [ 86.053212] page dumped because: kasan: bad access detected [ 86.058901] [ 86.060516] Memory state around the buggy address: [ 86.065443] ffff8801bd297b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.072781] ffff8801bd297c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.080123] >ffff8801bd297c80: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 [ 86.087457] ^ [ 86.091061] ffff8801bd297d00: f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 [ 86.098403] ffff8801bd297d80: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.105735] ================================================================== [ 86.113071] Disabling lock debugging due to kernel taint [ 86.123623] Kernel panic - not syncing: panic_on_warn set ... [ 86.123623] [ 86.131070] CPU: 1 PID: 25512 Comm: syz-executor7 Tainted: G B 4.9.96-g320d53a #7 [ 86.139810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.149172] ffff8801cc0a76d0 ffffffff81eb0b69 ffffffff841c492d 00000000ffffffff [ 86.157234] 0000000000000000 0000000000000001 ffff8801cc0a78a8 ffff8801cc0a7790 [ 86.165256] ffffffff8141f975 0000000041b58ab3 ffffffff841b8030 ffffffff8141f7b6 [ 86.173244] Call Trace: [ 86.175818] [] dump_stack+0xc1/0x128 [ 86.181159] [] panic+0x1bf/0x3bc [ 86.186162] [] ? add_taint.cold.6+0x16/0x16 [ 86.192200] [] ? ___preempt_schedule+0x16/0x18 [ 86.198406] [] kasan_end_report+0x47/0x4f [ 86.204178] [] kasan_report.cold.6+0x76/0x2fe [ 86.210299] [] ? __unwind_start+0x37c/0x3c0 [ 86.216260] [] __asan_report_load8_noabort+0x14/0x20 [ 86.223001] [] __unwind_start+0x37c/0x3c0 [ 86.228777] [] ? ptrace_may_access+0x24/0x50 [ 86.234814] [] __save_stack_trace+0x59/0xf0 [ 86.240770] [] save_stack_trace_tsk+0x48/0x70 [ 86.246895] [] proc_pid_stack+0x148/0x220 [ 86.252667] [] ? lock_trace+0xc0/0xc0 [ 86.258103] [] proc_single_show+0xfd/0x170 [ 86.263980] [] seq_read+0x4b6/0x12e0 [ 86.269336] [] ? seq_dentry+0x290/0x290 [ 86.274945] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 86.283412] [] ? fsnotify+0x1100/0x1100 [ 86.289012] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 86.295914] [] do_readv_writev+0x565/0x7a0 [ 86.301779] [] ? vfs_write+0x530/0x530 [ 86.307293] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 86.314209] [] ? debug_check_no_obj_freed+0x2ec/0x930 [ 86.321028] [] ? check_preemption_disabled+0x3b/0x170 [ 86.327845] [] ? __fget+0x20a/0x3b0 [ 86.333094] [] ? __fget+0x231/0x3b0 [ 86.338356] [] ? __fget+0x47/0x3b0 [ 86.343536] [] vfs_readv+0x84/0xc0 [ 86.348701] [] do_preadv+0x197/0x240 [ 86.354138] [] ? do_readv+0x260/0x260 [ 86.359567] [] ? __do_page_fault+0x183/0xd50 [ 86.365608] [] SyS_preadv+0x30/0x40 [ 86.370864] [] ? SyS_writev+0x30/0x30 [ 86.376295] [] do_syscall_64+0x1a6/0x490 [ 86.381983] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 86.389481] Dumping ftrace buffer: [ 86.393013] (ftrace buffer empty) [ 86.396699] Kernel Offset: disabled [ 86.400300] Rebooting in 86400 seconds..