[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   13.754676] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   15.530589] random: sshd: uninitialized urandom read (32 bytes read)
[   15.934343] random: sshd: uninitialized urandom read (32 bytes read)
[   16.754747] random: sshd: uninitialized urandom read (32 bytes read)
[   70.893576] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts.
[   76.272811] random: sshd: uninitialized urandom read (32 bytes read)
2018/05/23 21:19:30 parsed 1 programs
2018/05/23 21:19:30 executed programs: 0
[   76.715584] IPVS: Creating netns size=2536 id=1
[   76.737106] IPVS: Creating netns size=2536 id=2
[   76.768662] IPVS: Creating netns size=2536 id=3
[   76.803152] IPVS: Creating netns size=2536 id=4
[   76.829855] IPVS: Creating netns size=2536 id=5
[   76.839373] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   76.856255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   76.874946] IPVS: Creating netns size=2536 id=6
[   76.890587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   76.907473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   76.914843] IPVS: Creating netns size=2536 id=7
[   76.945314] IPVS: Creating netns size=2536 id=8
[   76.950977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   76.971351] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   76.987825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   77.008065] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   77.045954] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   77.058753] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.072668] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   77.100579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.115008] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.130359] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   77.147117] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.156085] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   77.168229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.187572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.227195] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   77.239526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.248749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.268485] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   77.281588] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.301234] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.315225] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.326761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.339226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.349979] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.371585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.383892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   77.393792] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.404127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.412698] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.423960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.432731] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   77.442022] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.455790] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   77.467996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.476647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.488307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   77.502016] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.509977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.529520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.544507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.553041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   77.573406] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   77.624037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.641549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.651084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.658929] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   77.669703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.677905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.687142] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   77.696548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.718528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.735186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.751262] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.780842] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.810904] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   77.817791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   77.826454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.841633] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   77.848968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   77.859893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.874685] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.903601] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.931452] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   77.942325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   77.951666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.964146] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   77.976472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   77.984114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.783849] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   79.952376] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   79.958817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   79.967697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.990444] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   80.051718] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   80.123659] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   80.131334] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   80.139860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.149156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.202561] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   80.216852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.224014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.269035] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   80.278856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.285618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.443850] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   80.558889] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   80.571096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.577822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.616993] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   80.627537] ip (6253) used greatest stack depth: 24008 bytes left
[   80.635055] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   80.686176] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   80.733875] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   80.743911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.753256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.771277] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   80.779326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.796779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.862050] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   80.871039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.877745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/05/23 21:19:35 executed programs: 8
2018/05/23 21:19:40 executed programs: 48
2018/05/23 21:19:46 executed programs: 88
[   92.220481] ==================================================================
[   92.227880] BUG: KASAN: out-of-bounds in __unwind_start+0x37c/0x3c0
[   92.234261] Read of size 8 at addr ffff8801c0abf818 by task syz-executor1/7124
[   92.241589] 
[   92.243193] CPU: 1 PID: 7124 Comm: syz-executor1 Not tainted 4.9.102-gd054505 #34
[   92.250786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.260113]  ffff8801b68f7678 ffffffff81eb3489 ffffea000702afc0 ffff8801c0abf818
[   92.268105]  0000000000000000 ffff8801c0abf820 ffff8801b68f77b0 ffff8801b68f76b0
[   92.276130]  ffffffff815676bb ffff8801c0abf818 0000000000000008 0000000000000000
[   92.284124] Call Trace:
[   92.286691]  [<ffffffff81eb3489>] dump_stack+0xc1/0x128
[   92.292031]  [<ffffffff815676bb>] print_address_description+0x6c/0x234
[   92.298687]  [<ffffffff81567ac5>] kasan_report.cold.6+0x242/0x2fe
[   92.304909]  [<ffffffff810d31ec>] ? __unwind_start+0x37c/0x3c0
[   92.310854]  [<ffffffff8153b744>] __asan_report_load8_noabort+0x14/0x20
[   92.317582]  [<ffffffff810d31ec>] __unwind_start+0x37c/0x3c0
[   92.323361]  [<ffffffff81159e74>] ? ptrace_may_access+0x24/0x50
[   92.329390]  [<ffffffff8107b929>] __save_stack_trace+0x59/0xf0
[   92.335336]  [<ffffffff8107ba28>] save_stack_trace_tsk+0x48/0x70
[   92.341454]  [<ffffffff816d75e8>] proc_pid_stack+0x148/0x220
[   92.347224]  [<ffffffff816d74a0>] ? lock_trace+0xc0/0xc0
[   92.352659]  [<ffffffff816d8a8d>] proc_single_show+0xfd/0x170
[   92.358522]  [<ffffffff815e9c23>] traverse+0x363/0x920
[   92.364088]  [<ffffffff815e98c0>] ? seq_buf_alloc+0x80/0x80
[   92.369773]  [<ffffffff815ed529>] seq_read+0xd19/0x12e0
[   92.375117]  [<ffffffff815ec810>] ? seq_dentry+0x290/0x290
[   92.380730]  [<ffffffff8164d140>] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300
[   92.389204]  [<ffffffff8164e240>] ? fsnotify+0x1100/0x1100
[   92.394814]  [<ffffffff8156ef45>] do_loop_readv_writev.part.18+0xd5/0x280
[   92.401727]  [<ffffffff815740f7>] compat_do_readv_writev+0x567/0x7a0
[   92.408200]  [<ffffffff81573b90>] ? do_pwritev+0x240/0x240
[   92.413823]  [<ffffffff81f1aeeb>] ? check_preemption_disabled+0x3b/0x170
[   92.420634]  [<ffffffff815d55ea>] ? __fget+0x20a/0x3b0
[   92.425891]  [<ffffffff815d5611>] ? __fget+0x231/0x3b0
[   92.431151]  [<ffffffff815d5427>] ? __fget+0x47/0x3b0
[   92.436314]  [<ffffffff81574412>] compat_readv+0xe2/0x150
[   92.441823]  [<ffffffff815747a2>] do_compat_preadv64+0x152/0x180
[   92.447941]  [<ffffffff81574650>] ? do_compat_readv+0x1d0/0x1d0
[   92.453993]  [<ffffffff839f7537>] ? _raw_spin_unlock_irq+0x27/0x50
[   92.460283]  [<ffffffff81576d3b>] compat_SyS_preadv+0x3b/0x50
[   92.466141]  [<ffffffff81576d00>] ? compat_SyS_preadv64+0x40/0x40
[   92.472350]  [<ffffffff81006da7>] do_fast_syscall_32+0x2f7/0x870
[   92.478470]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   92.485120]  [<ffffffff839f8fd0>] entry_SYSENTER_compat+0x90/0xa2
[   92.491331] 
[   92.492935] The buggy address belongs to the page:
[   92.497839] page:ffffea000702afc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   92.506078] flags: 0x8000000000000000()
[   92.510032] page dumped because: kasan: bad access detected
[   92.515717] 
[   92.517325] Memory state around the buggy address:
[   92.522230]  ffff8801c0abf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.529574]  ffff8801c0abf780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.536921] >ffff8801c0abf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.544267]                                ^
[   92.548660]  ffff8801c0abf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.556000]  ffff8801c0abf900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.563328] ==================================================================
[   92.570661] Disabling lock debugging due to kernel taint
[   92.576514] Kernel panic - not syncing: panic_on_warn set ...
[   92.576514] 
[   92.583882] CPU: 1 PID: 7124 Comm: syz-executor1 Tainted: G    B           4.9.102-gd054505 #34
[   92.592696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.602031]  ffff8801b68f75d8 ffffffff81eb3489 ffffffff843c5d7d 00000000ffffffff
[   92.610045]  0000000000000000 0000000000000001 ffff8801b68f77b0 ffff8801b68f7698
[   92.618042]  ffffffff81421aa5 0000000041b58ab3 ffffffff843b94b0 ffffffff814218e6
[   92.626031] Call Trace:
[   92.628596]  [<ffffffff81eb3489>] dump_stack+0xc1/0x128
[   92.633933]  [<ffffffff81421aa5>] panic+0x1bf/0x3bc
[   92.638922]  [<ffffffff814218e6>] ? add_taint.cold.6+0x16/0x16
[   92.644869]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   92.651077]  [<ffffffff815675d8>] kasan_end_report+0x47/0x4f
[   92.656856]  [<ffffffff815678f9>] kasan_report.cold.6+0x76/0x2fe
[   92.662979]  [<ffffffff810d31ec>] ? __unwind_start+0x37c/0x3c0
[   92.668933]  [<ffffffff8153b744>] __asan_report_load8_noabort+0x14/0x20
[   92.675658]  [<ffffffff810d31ec>] __unwind_start+0x37c/0x3c0
[   92.681427]  [<ffffffff81159e74>] ? ptrace_may_access+0x24/0x50
[   92.687459]  [<ffffffff8107b929>] __save_stack_trace+0x59/0xf0
[   92.693414]  [<ffffffff8107ba28>] save_stack_trace_tsk+0x48/0x70
[   92.699544]  [<ffffffff816d75e8>] proc_pid_stack+0x148/0x220
[   92.705320]  [<ffffffff816d74a0>] ? lock_trace+0xc0/0xc0
[   92.710750]  [<ffffffff816d8a8d>] proc_single_show+0xfd/0x170
[   92.716618]  [<ffffffff815e9c23>] traverse+0x363/0x920
[   92.721869]  [<ffffffff815e98c0>] ? seq_buf_alloc+0x80/0x80
[   92.727551]  [<ffffffff815ed529>] seq_read+0xd19/0x12e0
[   92.732887]  [<ffffffff815ec810>] ? seq_dentry+0x290/0x290
[   92.738483]  [<ffffffff8164d140>] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300
[   92.746953]  [<ffffffff8164e240>] ? fsnotify+0x1100/0x1100
[   92.752561]  [<ffffffff8156ef45>] do_loop_readv_writev.part.18+0xd5/0x280
[   92.759460]  [<ffffffff815740f7>] compat_do_readv_writev+0x567/0x7a0
[   92.765923]  [<ffffffff81573b90>] ? do_pwritev+0x240/0x240
[   92.771526]  [<ffffffff81f1aeeb>] ? check_preemption_disabled+0x3b/0x170
[   92.778345]  [<ffffffff815d55ea>] ? __fget+0x20a/0x3b0
[   92.783596]  [<ffffffff815d5611>] ? __fget+0x231/0x3b0
[   92.788855]  [<ffffffff815d5427>] ? __fget+0x47/0x3b0
[   92.794036]  [<ffffffff81574412>] compat_readv+0xe2/0x150
[   92.799566]  [<ffffffff815747a2>] do_compat_preadv64+0x152/0x180
[   92.805697]  [<ffffffff81574650>] ? do_compat_readv+0x1d0/0x1d0
[   92.811731]  [<ffffffff839f7537>] ? _raw_spin_unlock_irq+0x27/0x50
[   92.818030]  [<ffffffff81576d3b>] compat_SyS_preadv+0x3b/0x50
[   92.823892]  [<ffffffff81576d00>] ? compat_SyS_preadv64+0x40/0x40
[   92.830099]  [<ffffffff81006da7>] do_fast_syscall_32+0x2f7/0x870
[   92.836220]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   92.842862]  [<ffffffff839f8fd0>] entry_SYSENTER_compat+0x90/0xa2
[   92.849544] Dumping ftrace buffer:
[   92.853056]    (ftrace buffer empty)
[   92.856747] Kernel Offset: disabled
[   92.860345] Rebooting in 86400 seconds..