[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.179488] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 13.855315] random: sshd: uninitialized urandom read (32 bytes read) [ 14.069246] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.147416] random: sshd: uninitialized urandom read (32 bytes read) [ 110.027256] random: sshd: uninitialized urandom read (32 bytes read) INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. [ 115.482712] random: sshd: uninitialized urandom read (32 bytes read) 2018/06/04 14:19:47 parsed 1 programs 2018/06/04 14:19:47 executed programs: 0 [ 115.948323] IPVS: Creating netns size=2536 id=1 [ 116.024015] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 116.036474] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 116.070523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 116.082267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 116.115918] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 116.127403] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 116.139599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 116.160615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 116.451883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 116.477695] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 116.483968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 116.490765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/06/04 14:19:53 executed programs: 6 2018/06/04 14:19:58 executed programs: 13 2018/06/04 14:20:04 executed programs: 20 2018/06/04 14:20:10 executed programs: 27 2018/06/04 14:20:15 executed programs: 34 2018/06/04 14:20:21 executed programs: 41 2018/06/04 14:20:27 executed programs: 48 2018/06/04 14:20:33 executed programs: 55 2018/06/04 14:20:38 executed programs: 62 2018/06/04 14:20:44 executed programs: 69 [ 175.111907] ================================================================== [ 175.119315] BUG: KASAN: out-of-bounds in __unwind_start+0x37c/0x3c0 [ 175.125691] Read of size 8 at addr ffff8801cfbcf818 by task syz-executor0/4462 [ 175.133018] [ 175.134619] CPU: 1 PID: 4462 Comm: syz-executor0 Not tainted 4.9.105-gd7e64f8 #43 [ 175.142207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.151533] ffff8801d9ba7130 ffffffff81eb41a9 ffffea00073ef3c0 ffff8801cfbcf818 [ 175.159520] 0000000000000000 ffff8801cfbcf820 ffff8801d9ba7268 ffff8801d9ba7168 [ 175.167523] ffffffff81567e49 ffff8801cfbcf818 0000000000000008 0000000000000000 [ 175.175522] Call Trace: [ 175.178084] [] dump_stack+0xc1/0x128 [ 175.183419] [] print_address_description+0x6c/0x234 [ 175.190067] [] kasan_report.cold.6+0x242/0x2fe [ 175.196270] [] ? __unwind_start+0x37c/0x3c0 [ 175.202222] [] __asan_report_load8_noabort+0x14/0x20 [ 175.208957] [] __unwind_start+0x37c/0x3c0 [ 175.214727] [] ? ptrace_may_access+0x24/0x50 [ 175.220758] [] __save_stack_trace+0x59/0xf0 [ 175.226698] [] save_stack_trace_tsk+0x48/0x70 [ 175.232812] [] proc_pid_stack+0x148/0x220 [ 175.238589] [] ? lock_trace+0xc0/0xc0 [ 175.244010] [] proc_single_show+0xfd/0x170 [ 175.249867] [] seq_read+0x4b6/0x12e0 [ 175.255201] [] ? seq_dentry+0x290/0x290 [ 175.260797] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 175.269256] [] ? fsnotify+0x1100/0x1100 [ 175.274855] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 175.281750] [] do_readv_writev+0x565/0x7a0 [ 175.287603] [] ? vfs_write+0x530/0x530 [ 175.293110] [] ? kasan_unpoison_shadow+0x35/0x50 [ 175.299486] [] ? push_pipe+0x3f4/0x780 [ 175.304994] [] ? iov_iter_get_pages_alloc+0x2bb/0xf10 [ 175.311804] [] vfs_readv+0x84/0xc0 [ 175.316967] [] default_file_splice_read+0x44b/0x7e0 [ 175.323607] [] ? depot_save_stack+0x132/0x460 [ 175.329725] [] ? do_splice_direct+0x270/0x270 [ 175.335839] [] ? save_stack+0x43/0xd0 [ 175.341263] [] ? __kmalloc+0x11d/0x300 [ 175.346783] [] ? alloc_pipe_info+0x164/0x380 [ 175.352814] [] ? splice_direct_to_actor+0x62c/0x7e0 [ 175.359452] [] ? do_splice_direct+0x1a3/0x270 [ 175.365567] [] ? do_sendfile+0x4f0/0xc60 [ 175.371377] [] ? compat_SyS_sendfile+0xd1/0x160 [ 175.377665] [] ? do_fast_syscall_32+0x2f7/0x870 [ 175.383957] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 175.392424] [] ? fsnotify+0x1100/0x1100 [ 175.398020] [] ? avc_policy_seqno+0x9/0x20 [ 175.403872] [] ? selinux_file_permission+0x82/0x470 [ 175.410507] [] ? security_file_permission+0x8f/0x1f0 [ 175.417230] [] ? rw_verify_area+0xe5/0x2b0 [ 175.423083] [] ? do_splice_direct+0x270/0x270 [ 175.429198] [] do_splice_to+0x10c/0x170 [ 175.434792] [] splice_direct_to_actor+0x23f/0x7e0 [ 175.441254] [] ? pipe_to_sendpage+0x330/0x330 [ 175.447375] [] ? do_splice_to+0x170/0x170 [ 175.453142] [] ? security_file_permission+0x8f/0x1f0 [ 175.459865] [] ? rw_verify_area+0xe5/0x2b0 [ 175.465720] [] do_splice_direct+0x1a3/0x270 [ 175.471671] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 175.478318] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 175.484867] [] ? __sb_start_write+0x161/0x300 [ 175.490981] [] do_sendfile+0x4f0/0xc60 [ 175.496489] [] ? do_compat_pwritev64+0x180/0x180 [ 175.502863] [] ? __might_fault+0x114/0x1d0 [ 175.508717] [] compat_SyS_sendfile+0xd1/0x160 [ 175.514831] [] ? SyS_sendfile64+0x160/0x160 [ 175.520783] [] ? do_fast_syscall_32+0xcf/0x870 [ 175.526984] [] ? SyS_sendfile64+0x160/0x160 [ 175.532924] [] do_fast_syscall_32+0x2f7/0x870 [ 175.539040] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 175.545677] [] entry_SYSENTER_compat+0x90/0xa2 [ 175.551875] [ 175.553474] The buggy address belongs to the page: [ 175.558374] page:ffffea00073ef3c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 175.566604] flags: 0x8000000000000000() [ 175.570666] page dumped because: kasan: bad access detected [ 175.576363] [ 175.577960] Memory state around the buggy address: [ 175.582861] ffff8801cfbcf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.590193] ffff8801cfbcf780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.597522] >ffff8801cfbcf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.604850] ^ [ 175.609227] ffff8801cfbcf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.616566] ffff8801cfbcf900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 175.623905] ================================================================== [ 175.631232] Disabling lock debugging due to kernel taint [ 175.636775] Kernel panic - not syncing: panic_on_warn set ... [ 175.636775] [ 175.644120] CPU: 1 PID: 4462 Comm: syz-executor0 Tainted: G B 4.9.105-gd7e64f8 #43 [ 175.652925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.662264] ffff8801d9ba7090 ffffffff81eb41a9 ffffffff843c625d 00000000ffffffff [ 175.670265] 0000000000000000 0000000000000001 ffff8801d9ba7268 ffff8801d9ba7150 [ 175.678265] ffffffff81421e15 0000000041b58ab3 ffffffff843b9990 ffffffff81421c56 [ 175.686260] Call Trace: [ 175.688822] [] dump_stack+0xc1/0x128 [ 175.694157] [] panic+0x1bf/0x3bc [ 175.699155] [] ? add_taint.cold.6+0x16/0x16 [ 175.705110] [] ? ___preempt_schedule+0x16/0x18 [ 175.711314] [] kasan_end_report+0x47/0x4f [ 175.717080] [] kasan_report.cold.6+0x76/0x2fe [ 175.723209] [] ? __unwind_start+0x37c/0x3c0 [ 175.729151] [] __asan_report_load8_noabort+0x14/0x20 [ 175.735875] [] __unwind_start+0x37c/0x3c0 [ 175.741642] [] ? ptrace_may_access+0x24/0x50 [ 175.747681] [] __save_stack_trace+0x59/0xf0 [ 175.753623] [] save_stack_trace_tsk+0x48/0x70 [ 175.759750] [] proc_pid_stack+0x148/0x220 [ 175.765517] [] ? lock_trace+0xc0/0xc0 [ 175.770938] [] proc_single_show+0xfd/0x170 [ 175.776792] [] seq_read+0x4b6/0x12e0 [ 175.782126] [] ? seq_dentry+0x290/0x290 [ 175.787722] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 175.796180] [] ? fsnotify+0x1100/0x1100 [ 175.801794] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 175.808691] [] do_readv_writev+0x565/0x7a0 [ 175.814554] [] ? vfs_write+0x530/0x530 [ 175.820063] [] ? kasan_unpoison_shadow+0x35/0x50 [ 175.826438] [] ? push_pipe+0x3f4/0x780 [ 175.831944] [] ? iov_iter_get_pages_alloc+0x2bb/0xf10 [ 175.838755] [] vfs_readv+0x84/0xc0 [ 175.843915] [] default_file_splice_read+0x44b/0x7e0 [ 175.850551] [] ? depot_save_stack+0x132/0x460 [ 175.856675] [] ? do_splice_direct+0x270/0x270 [ 175.862790] [] ? save_stack+0x43/0xd0 [ 175.868212] [] ? __kmalloc+0x11d/0x300 [ 175.873719] [] ? alloc_pipe_info+0x164/0x380 [ 175.879748] [] ? splice_direct_to_actor+0x62c/0x7e0 [ 175.886384] [] ? do_splice_direct+0x1a3/0x270 [ 175.892497] [] ? do_sendfile+0x4f0/0xc60 [ 175.898188] [] ? compat_SyS_sendfile+0xd1/0x160 [ 175.904476] [] ? do_fast_syscall_32+0x2f7/0x870 [ 175.910766] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 175.919225] [] ? fsnotify+0x1100/0x1100 [ 175.924824] [] ? avc_policy_seqno+0x9/0x20 [ 175.930693] [] ? selinux_file_permission+0x82/0x470 [ 175.937342] [] ? security_file_permission+0x8f/0x1f0 [ 175.944064] [] ? rw_verify_area+0xe5/0x2b0 [ 175.949919] [] ? do_splice_direct+0x270/0x270 [ 175.956036] [] do_splice_to+0x10c/0x170 [ 175.961645] [] splice_direct_to_actor+0x23f/0x7e0 [ 175.968117] [] ? pipe_to_sendpage+0x330/0x330 [ 175.974235] [] ? do_splice_to+0x170/0x170 [ 175.980003] [] ? security_file_permission+0x8f/0x1f0 [ 175.986726] [] ? rw_verify_area+0xe5/0x2b0 [ 175.992580] [] do_splice_direct+0x1a3/0x270 [ 175.998521] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 176.005169] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 176.011718] [] ? __sb_start_write+0x161/0x300 [ 176.017835] [] do_sendfile+0x4f0/0xc60 [ 176.023342] [] ? do_compat_pwritev64+0x180/0x180 [ 176.029717] [] ? __might_fault+0x114/0x1d0 [ 176.035585] [] compat_SyS_sendfile+0xd1/0x160 [ 176.041699] [] ? SyS_sendfile64+0x160/0x160 [ 176.047639] [] ? do_fast_syscall_32+0xcf/0x870 [ 176.053843] [] ? SyS_sendfile64+0x160/0x160 [ 176.059785] [] do_fast_syscall_32+0x2f7/0x870 [ 176.065906] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 176.072543] [] entry_SYSENTER_compat+0x90/0xa2 [ 176.079366] Dumping ftrace buffer: [ 176.082875] (ftrace buffer empty) [ 176.086556] Kernel Offset: disabled [ 176.090152] Rebooting in 86400 seconds..