[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.443835] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.887824] random: sshd: uninitialized urandom read (32 bytes read) [ 23.248453] random: sshd: uninitialized urandom read (32 bytes read) [ 24.017511] random: sshd: uninitialized urandom read (32 bytes read) [ 24.167141] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. [ 29.530448] random: sshd: uninitialized urandom read (32 bytes read) 2018/05/30 07:41:42 parsed 1 programs 2018/05/30 07:41:42 executed programs: 0 [ 30.027506] IPVS: ftp: loaded support on port[0] = 21 [ 30.145405] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.151835] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.159070] device bridge_slave_0 entered promiscuous mode [ 30.174537] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.180953] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.187989] device bridge_slave_1 entered promiscuous mode [ 30.207933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 30.223328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 30.260181] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.276741] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.333728] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.340878] team0: Port device team_slave_0 added [ 30.353981] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.361052] team0: Port device team_slave_1 added [ 30.374490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.390373] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.405956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 30.422952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 30.527937] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.534351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.541186] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.547538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.916232] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.922328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.961510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 31.000749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.009225] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 31.043817] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 31.049898] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.096219] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.283336] ================================================================== [ 31.290828] BUG: KASAN: stack-out-of-bounds in compat_copy_entries+0x12b6/0x14a0 [ 31.298354] Write of size 1 at addr ffff8801ab0cf8a7 by task syz-executor0/4762 [ 31.305774] [ 31.307396] CPU: 0 PID: 4762 Comm: syz-executor0 Not tainted 4.17.0-rc7+ #99 [ 31.314561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.323888] Call Trace: [ 31.326455] dump_stack+0x1b9/0x294 [ 31.330065] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.335233] ? printk+0x9e/0xba [ 31.338492] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.343226] ? kasan_check_write+0x14/0x20 [ 31.347444] print_address_description+0x6c/0x20b [ 31.352280] ? compat_copy_entries+0x12b6/0x14a0 [ 31.357018] kasan_report.cold.7+0x242/0x2fe [ 31.361415] __asan_report_store1_noabort+0x17/0x20 [ 31.366410] compat_copy_entries+0x12b6/0x14a0 [ 31.370977] ? compat_table_info+0x660/0x660 [ 31.375366] ? xt_compat_init_offsets+0x26e/0x340 [ 31.380196] compat_do_replace+0x483/0x900 [ 31.384416] ? compat_do_ebt_get_ctl+0x910/0x910 [ 31.389154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.394673] ? cap_capable+0x1f9/0x260 [ 31.398546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.404061] ? ns_capable_common+0x13f/0x170 [ 31.408452] compat_do_ebt_set_ctl+0x2ac/0x324 [ 31.413022] ? compat_do_replace+0x900/0x900 [ 31.417416] ? mutex_unlock+0xd/0x10 [ 31.421120] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 31.426386] compat_nf_setsockopt+0x9b/0x140 [ 31.430773] ? compat_do_replace+0x900/0x900 [ 31.435162] compat_ip_setsockopt+0xff/0x140 [ 31.439565] inet_csk_compat_setsockopt+0x97/0x120 [ 31.444478] ? ip_setsockopt+0xf0/0xf0 [ 31.448345] compat_tcp_setsockopt+0x49/0x80 [ 31.452733] compat_sock_common_setsockopt+0xb4/0x150 [ 31.457899] ? tcp_setsockopt+0xe0/0xe0 [ 31.461853] ? sock_common_setsockopt+0xe0/0xe0 [ 31.466504] __compat_sys_setsockopt+0x1ab/0x840 [ 31.471242] ? __compat_sys_getsockopt+0x880/0x880 [ 31.476163] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 31.481861] ? mm_fault_error+0x380/0x380 [ 31.485989] __ia32_compat_sys_setsockopt+0xbd/0x150 [ 31.491078] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.496079] do_fast_syscall_32+0x345/0xf9b [ 31.500380] ? do_int80_syscall_32+0x880/0x880 [ 31.504942] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.509679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.515196] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.520109] ? sysret32_from_system_call+0x5/0x46 [ 31.524931] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.529756] entry_SYSENTER_compat+0x70/0x7f [ 31.534141] RIP: 0023:0xf7f25cb9 [ 31.537487] RSP: 002b:00000000ffa7550c EFLAGS: 00000282 ORIG_RAX: 000000000000016e [ 31.545172] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 31.552420] RDX: 0000000000000080 RSI: 0000000020000040 RDI: 0000000000000384 [ 31.559669] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 31.566915] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 31.574161] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.581420] [ 31.583027] The buggy address belongs to the page: [ 31.587935] page:ffffea0006ac33c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 31.596066] flags: 0x2fffc0000000000() [ 31.599940] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 31.607801] raw: 0000000000000000 ffffea0006ac0101 0000000000000000 0000000000000000 [ 31.615654] page dumped because: kasan: bad access detected [ 31.621337] [ 31.622940] Memory state around the buggy address: [ 31.627845] ffff8801ab0cf780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.635181] ffff8801ab0cf800: 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2 [ 31.642514] >ffff8801ab0cf880: f2 00 00 00 07 f3 f3 f3 f3 00 00 00 00 00 00 00 [ 31.649849] ^ [ 31.654232] ffff8801ab0cf900: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 [ 31.661569] ffff8801ab0cf980: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 31.668899] ================================================================== [ 31.676231] Disabling lock debugging due to kernel taint [ 31.682656] Kernel panic - not syncing: panic_on_warn set ... [ 31.682656] [ 31.690036] CPU: 0 PID: 4762 Comm: syz-executor0 Tainted: G B 4.17.0-rc7+ #99 [ 31.698594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.707920] Call Trace: [ 31.710487] dump_stack+0x1b9/0x294 [ 31.714093] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.719262] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.723996] ? compat_copy_entries+0x1250/0x14a0 [ 31.728731] panic+0x22f/0x4de [ 31.731901] ? add_taint.cold.5+0x16/0x16 [ 31.736033] ? do_raw_spin_unlock+0x9e/0x2e0 [ 31.740420] ? do_raw_spin_unlock+0x9e/0x2e0 [ 31.744809] ? compat_copy_entries+0x12b6/0x14a0 [ 31.749542] kasan_end_report+0x47/0x4f [ 31.753494] kasan_report.cold.7+0x76/0x2fe [ 31.757797] __asan_report_store1_noabort+0x17/0x20 [ 31.762790] compat_copy_entries+0x12b6/0x14a0 [ 31.767353] ? compat_table_info+0x660/0x660 [ 31.771741] ? xt_compat_init_offsets+0x26e/0x340 [ 31.776562] compat_do_replace+0x483/0x900 [ 31.780774] ? compat_do_ebt_get_ctl+0x910/0x910 [ 31.785512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.791032] ? cap_capable+0x1f9/0x260 [ 31.794899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.800415] ? ns_capable_common+0x13f/0x170 [ 31.804801] compat_do_ebt_set_ctl+0x2ac/0x324 [ 31.809361] ? compat_do_replace+0x900/0x900 [ 31.813748] ? mutex_unlock+0xd/0x10 [ 31.817442] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 31.822695] compat_nf_setsockopt+0x9b/0x140 [ 31.827779] ? compat_do_replace+0x900/0x900 [ 31.832166] compat_ip_setsockopt+0xff/0x140 [ 31.836553] inet_csk_compat_setsockopt+0x97/0x120 [ 31.841456] ? ip_setsockopt+0xf0/0xf0 [ 31.845323] compat_tcp_setsockopt+0x49/0x80 [ 31.849712] compat_sock_common_setsockopt+0xb4/0x150 [ 31.854879] ? tcp_setsockopt+0xe0/0xe0 [ 31.858832] ? sock_common_setsockopt+0xe0/0xe0 [ 31.863480] __compat_sys_setsockopt+0x1ab/0x840 [ 31.868215] ? __compat_sys_getsockopt+0x880/0x880 [ 31.873135] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 31.878823] ? mm_fault_error+0x380/0x380 [ 31.882947] __ia32_compat_sys_setsockopt+0xbd/0x150 [ 31.888032] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.893035] do_fast_syscall_32+0x345/0xf9b [ 31.897348] ? do_int80_syscall_32+0x880/0x880 [ 31.901905] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.906640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.912154] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.917062] ? sysret32_from_system_call+0x5/0x46 [ 31.921882] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.926703] entry_SYSENTER_compat+0x70/0x7f [ 31.931085] RIP: 0023:0xf7f25cb9 [ 31.934423] RSP: 002b:00000000ffa7550c EFLAGS: 00000282 ORIG_RAX: 000000000000016e [ 31.942106] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 31.949354] RDX: 0000000000000080 RSI: 0000000020000040 RDI: 0000000000000384 [ 31.956602] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 31.963847] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 31.971090] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.978801] Dumping ftrace buffer: [ 31.982313] (ftrace buffer empty) [ 31.985998] Kernel Offset: disabled [ 31.989598] Rebooting in 86400 seconds..