[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.966463] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.644117] random: sshd: uninitialized urandom read (32 bytes read) [ 22.941858] random: sshd: uninitialized urandom read (32 bytes read) [ 23.708882] random: sshd: uninitialized urandom read (32 bytes read) [ 37.307248] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. [ 42.771802] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 42.872323] Restarting kernel threads ... done. [ 42.878602] Restarting kernel threads ... done. [ 42.883483] ================================================================== [ 42.890913] BUG: KASAN: null-ptr-deref in _copy_from_user+0x100/0x150 [ 42.897474] Write of size 1144 at addr 0000000000000478 by task syz-executor800/4494 [ 42.905328] [ 42.906942] CPU: 0 PID: 4494 Comm: syz-executor800 Not tainted 4.17.0-rc7+ #74 [ 42.914277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.923609] Call Trace: [ 42.926186] dump_stack+0x1b9/0x294 [ 42.929797] ? dump_stack_print_info.cold.2+0x52/0x52 [ 42.934969] ? kasan_check_write+0x14/0x20 [ 42.939184] ? do_raw_spin_lock+0xc1/0x200 [ 42.943834] ? vprintk_func+0x81/0xe7 [ 42.947616] ? _copy_from_user+0x100/0x150 [ 42.951832] kasan_report.cold.7+0x6d/0x2fe [ 42.956136] check_memory_region+0x13e/0x1b0 [ 42.960524] kasan_check_write+0x14/0x20 [ 42.964565] _copy_from_user+0x100/0x150 [ 42.968610] simple_write_to_buffer+0xaf/0x130 [ 42.973172] snapshot_write+0x16d/0x270 [ 42.977124] ? snapshot_compat_ioctl+0x4e0/0x4e0 [ 42.981863] __vfs_write+0x10b/0x960 [ 42.985554] ? __fget_light+0x2ef/0x430 [ 42.989512] ? snapshot_compat_ioctl+0x4e0/0x4e0 [ 42.994246] ? kernel_read+0x120/0x120 [ 42.998111] ? graph_lock+0x170/0x170 [ 43.001907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.007423] ? security_file_permission+0x1c6/0x240 [ 43.012422] ? rw_verify_area+0x118/0x360 [ 43.016548] vfs_write+0x1f8/0x560 [ 43.020068] ksys_write+0xf9/0x250 [ 43.023588] ? __ia32_sys_read+0xb0/0xb0 [ 43.027634] __x64_sys_write+0x73/0xb0 [ 43.031504] do_syscall_64+0x1b1/0x800 [ 43.035370] ? finish_task_switch+0x1ca/0x840 [ 43.039841] ? syscall_return_slowpath+0x5c0/0x5c0 [ 43.044745] ? syscall_return_slowpath+0x30f/0x5c0 [ 43.049665] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 43.055022] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.059852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.065023] RIP: 0033:0x445d49 [ 43.068193] RSP: 002b:00007f320d3bada8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 43.075882] RAX: ffffffffffffffda RBX: 00000000006dac54 RCX: 0000000000445d49 [ 43.083131] RDX: 0000000000000478 RSI: 0000000020000200 RDI: 0000000000000003 [ 43.090466] RBP: 0000000000000000 R08: 00007f320d3bb700 R09: 0000000000000000 [ 43.097715] R10: 00007f320d3bb700 R11: 0000000000000246 R12: 00000000006dac50 [ 43.104963] R13: 616e732f7665642f R14: 00007f320d3bb9c0 R15: 0000000000000005 [ 43.112217] ================================================================== [ 43.119548] Disabling lock debugging due to kernel taint [ 43.125044] Kernel panic - not syncing: panic_on_warn set ... [ 43.125044] [ 43.132392] CPU: 0 PID: 4494 Comm: syz-executor800 Tainted: G B 4.17.0-rc7+ #74 [ 43.141115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.150441] Call Trace: [ 43.153008] dump_stack+0x1b9/0x294 [ 43.156615] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.161783] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 43.166519] ? _copy_from_user+0xa0/0x150 [ 43.170641] panic+0x22f/0x4de [ 43.173811] ? add_taint.cold.5+0x16/0x16 [ 43.177935] ? do_raw_spin_unlock+0x9e/0x2e0 [ 43.182323] ? do_raw_spin_unlock+0x9e/0x2e0 [ 43.186706] ? _copy_from_user+0x100/0x150 [ 43.190915] kasan_end_report+0x47/0x4f [ 43.194866] kasan_report.cold.7+0x76/0x2fe [ 43.199164] check_memory_region+0x13e/0x1b0 [ 43.203547] kasan_check_write+0x14/0x20 [ 43.207587] _copy_from_user+0x100/0x150 [ 43.211623] simple_write_to_buffer+0xaf/0x130 [ 43.216180] snapshot_write+0x16d/0x270 [ 43.220130] ? snapshot_compat_ioctl+0x4e0/0x4e0 [ 43.224862] __vfs_write+0x10b/0x960 [ 43.228557] ? __fget_light+0x2ef/0x430 [ 43.232507] ? snapshot_compat_ioctl+0x4e0/0x4e0 [ 43.237238] ? kernel_read+0x120/0x120 [ 43.241101] ? graph_lock+0x170/0x170 [ 43.244883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.250394] ? security_file_permission+0x1c6/0x240 [ 43.255383] ? rw_verify_area+0x118/0x360 [ 43.259506] vfs_write+0x1f8/0x560 [ 43.263020] ksys_write+0xf9/0x250 [ 43.266536] ? __ia32_sys_read+0xb0/0xb0 [ 43.270578] __x64_sys_write+0x73/0xb0 [ 43.274441] do_syscall_64+0x1b1/0x800 [ 43.278305] ? finish_task_switch+0x1ca/0x840 [ 43.282776] ? syscall_return_slowpath+0x5c0/0x5c0 [ 43.287682] ? syscall_return_slowpath+0x30f/0x5c0 [ 43.292590] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 43.297928] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.302746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.307907] RIP: 0033:0x445d49 [ 43.311072] RSP: 002b:00007f320d3bada8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 43.318754] RAX: ffffffffffffffda RBX: 00000000006dac54 RCX: 0000000000445d49 [ 43.325997] RDX: 0000000000000478 RSI: 0000000020000200 RDI: 0000000000000003 [ 43.333242] RBP: 0000000000000000 R08: 00007f320d3bb700 R09: 0000000000000000 [ 43.340487] R10: 00007f320d3bb700 R11: 0000000000000246 R12: 00000000006dac50 [ 43.347749] R13: 616e732f7665642f R14: 00007f320d3bb9c0 R15: 0000000000000005 [ 43.355360] Dumping ftrace buffer: [ 43.358874] (ftrace buffer empty) [ 43.362560] Kernel Offset: disabled [ 43.366162] Rebooting in 86400 seconds..