[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.255986] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.852814] random: sshd: uninitialized urandom read (32 bytes read) [ 24.255585] random: sshd: uninitialized urandom read (32 bytes read) [ 24.980205] random: sshd: uninitialized urandom read (32 bytes read) [ 25.127987] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. [ 30.615879] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/25 05:23:50 parsed 1 programs 2018/04/25 05:23:50 executed programs: 0 [ 31.048854] IPVS: ftp: loaded support on port[0] = 21 [ 31.093849] ================================================================== [ 31.101333] BUG: KASAN: stack-out-of-bounds in compat_copy_entries+0x96c/0x14a0 [ 31.108769] Write of size 33 at addr ffff8801b1367888 by task syz-executor0/4499 [ 31.116273] [ 31.117883] CPU: 0 PID: 4499 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #40 [ 31.125046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.134373] Call Trace: [ 31.136941] dump_stack+0x1b9/0x294 [ 31.140730] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.145897] ? printk+0x9e/0xba [ 31.149164] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.153901] ? kasan_check_write+0x14/0x20 [ 31.158112] print_address_description+0x6c/0x20b [ 31.162934] ? compat_copy_entries+0x96c/0x14a0 [ 31.167583] kasan_report.cold.7+0x242/0x2fe [ 31.171972] check_memory_region+0x13e/0x1b0 [ 31.176358] memcpy+0x37/0x50 [ 31.179444] compat_copy_entries+0x96c/0x14a0 [ 31.183926] ? compat_table_info+0x660/0x660 [ 31.188315] ? xt_compat_init_offsets+0x26e/0x340 [ 31.193141] ? xt_compat_flush_offsets+0x270/0x270 [ 31.198056] compat_do_replace+0x483/0x900 [ 31.202272] ? compat_do_ebt_get_ctl+0x910/0x910 [ 31.207013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.212536] ? cap_capable+0x1f9/0x260 [ 31.216409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.221924] ? ns_capable_common+0x13f/0x170 [ 31.226315] compat_do_ebt_set_ctl+0x2ac/0x324 [ 31.230882] ? compat_do_replace+0x900/0x900 [ 31.235270] ? mutex_unlock+0xd/0x10 [ 31.238972] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 31.244229] compat_nf_setsockopt+0x9b/0x140 [ 31.248618] ? compat_do_replace+0x900/0x900 [ 31.253010] compat_ip_setsockopt+0xff/0x140 [ 31.257407] inet_csk_compat_setsockopt+0x97/0x120 [ 31.262314] ? ip_setsockopt+0xf0/0xf0 [ 31.266182] compat_tcp_setsockopt+0x49/0x80 [ 31.270575] compat_sock_common_setsockopt+0xb4/0x150 [ 31.275744] ? tcp_setsockopt+0xe0/0xe0 [ 31.279695] ? sock_common_setsockopt+0xe0/0xe0 [ 31.284345] __compat_sys_setsockopt+0x1ab/0x7c0 [ 31.289095] ? __compat_sys_getsockopt+0x7f0/0x7f0 [ 31.294011] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 31.299713] ? mm_fault_error+0x380/0x380 [ 31.303842] __ia32_compat_sys_setsockopt+0xbd/0x150 [ 31.308924] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.313922] do_fast_syscall_32+0x345/0xf9b [ 31.318226] ? do_int80_syscall_32+0x880/0x880 [ 31.322788] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.327525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.333049] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.337960] ? sysret32_from_system_call+0x5/0x46 [ 31.342784] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.347607] entry_SYSENTER_compat+0x70/0x7f [ 31.351989] RIP: 0023:0xf7f4dcb9 [ 31.355335] RSP: 002b:00000000ffbd2b4c EFLAGS: 00000286 ORIG_RAX: 000000000000016e [ 31.363030] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 31.370279] RDX: 0000000000000080 RSI: 0000000020000300 RDI: 00000000000005f4 [ 31.377526] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 31.384771] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 31.392025] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.399288] [ 31.400901] The buggy address belongs to the page: [ 31.405809] page:ffffea0006c4d9c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 31.413926] flags: 0x2fffc0000000000() [ 31.417796] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 31.425652] raw: 0000000000000000 ffffea0006c40101 0000000000000000 0000000000000000 [ 31.433505] page dumped because: kasan: bad access detected [ 31.439187] [ 31.440791] Memory state around the buggy address: [ 31.445699] ffff8801b1367780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.453037] ffff8801b1367800: 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2 [ 31.460370] >ffff8801b1367880: f2 00 00 00 07 f3 f3 f3 f3 00 00 00 00 00 00 00 [ 31.467702] ^ [ 31.472085] ffff8801b1367900: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 [ 31.479418] ffff8801b1367980: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 31.486753] ================================================================== [ 31.494082] Disabling lock debugging due to kernel taint [ 31.499581] Kernel panic - not syncing: panic_on_warn set ... [ 31.499581] [ 31.506939] CPU: 0 PID: 4499 Comm: syz-executor0 Tainted: G B 4.17.0-rc2+ #40 [ 31.515489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.524818] Call Trace: [ 31.527385] dump_stack+0x1b9/0x294 [ 31.530993] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.536165] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.540902] ? compat_copy_entries+0x920/0x14a0 [ 31.545550] panic+0x22f/0x4de [ 31.548719] ? add_taint.cold.5+0x16/0x16 [ 31.552845] ? do_raw_spin_unlock+0x9e/0x2e0 [ 31.557239] ? do_raw_spin_unlock+0x9e/0x2e0 [ 31.561627] ? compat_copy_entries+0x96c/0x14a0 [ 31.566272] kasan_end_report+0x47/0x4f [ 31.570224] kasan_report.cold.7+0x76/0x2fe [ 31.574522] check_memory_region+0x13e/0x1b0 [ 31.578909] memcpy+0x37/0x50 [ 31.581992] compat_copy_entries+0x96c/0x14a0 [ 31.586472] ? compat_table_info+0x660/0x660 [ 31.590860] ? xt_compat_init_offsets+0x26e/0x340 [ 31.595679] ? xt_compat_flush_offsets+0x270/0x270 [ 31.600587] compat_do_replace+0x483/0x900 [ 31.604802] ? compat_do_ebt_get_ctl+0x910/0x910 [ 31.609540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.615055] ? cap_capable+0x1f9/0x260 [ 31.618924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.624436] ? ns_capable_common+0x13f/0x170 [ 31.628823] compat_do_ebt_set_ctl+0x2ac/0x324 [ 31.633382] ? compat_do_replace+0x900/0x900 [ 31.637771] ? mutex_unlock+0xd/0x10 [ 31.641465] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 31.646719] compat_nf_setsockopt+0x9b/0x140 [ 31.651105] ? compat_do_replace+0x900/0x900 [ 31.655492] compat_ip_setsockopt+0xff/0x140 [ 31.659878] inet_csk_compat_setsockopt+0x97/0x120 [ 31.664781] ? ip_setsockopt+0xf0/0xf0 [ 31.668656] compat_tcp_setsockopt+0x49/0x80 [ 31.673044] compat_sock_common_setsockopt+0xb4/0x150 [ 31.678211] ? tcp_setsockopt+0xe0/0xe0 [ 31.682162] ? sock_common_setsockopt+0xe0/0xe0 [ 31.686808] __compat_sys_setsockopt+0x1ab/0x7c0 [ 31.691554] ? __compat_sys_getsockopt+0x7f0/0x7f0 [ 31.696464] ? __x32_compat_sys_get_robust_list+0x430/0x430 [ 31.702157] ? mm_fault_error+0x380/0x380 [ 31.706283] __ia32_compat_sys_setsockopt+0xbd/0x150 [ 31.711366] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.716360] do_fast_syscall_32+0x345/0xf9b [ 31.720659] ? do_int80_syscall_32+0x880/0x880 [ 31.725224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.729963] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.735479] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.740386] ? sysret32_from_system_call+0x5/0x46 [ 31.745207] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.750040] entry_SYSENTER_compat+0x70/0x7f [ 31.754430] RIP: 0023:0xf7f4dcb9 [ 31.757770] RSP: 002b:00000000ffbd2b4c EFLAGS: 00000286 ORIG_RAX: 000000000000016e [ 31.765459] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 31.772706] RDX: 0000000000000080 RSI: 0000000020000300 RDI: 00000000000005f4 [ 31.779952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 31.787199] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 31.794445] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.802122] Dumping ftrace buffer: [ 31.805638] (ftrace buffer empty) [ 31.809321] Kernel Offset: disabled [ 31.812924] Rebooting in 86400 seconds..