[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.255986] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.852814] random: sshd: uninitialized urandom read (32 bytes read)
[   24.255585] random: sshd: uninitialized urandom read (32 bytes read)
[   24.980205] random: sshd: uninitialized urandom read (32 bytes read)
[   25.127987] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts.
[   30.615879] random: sshd: uninitialized urandom read (32 bytes read)
2018/04/25 05:23:50 parsed 1 programs
2018/04/25 05:23:50 executed programs: 0
[   31.048854] IPVS: ftp: loaded support on port[0] = 21
[   31.093849] ==================================================================
[   31.101333] BUG: KASAN: stack-out-of-bounds in compat_copy_entries+0x96c/0x14a0
[   31.108769] Write of size 33 at addr ffff8801b1367888 by task syz-executor0/4499
[   31.116273] 
[   31.117883] CPU: 0 PID: 4499 Comm: syz-executor0 Not tainted 4.17.0-rc2+ #40
[   31.125046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.134373] Call Trace:
[   31.136941]  dump_stack+0x1b9/0x294
[   31.140730]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.145897]  ? printk+0x9e/0xba
[   31.149164]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   31.153901]  ? kasan_check_write+0x14/0x20
[   31.158112]  print_address_description+0x6c/0x20b
[   31.162934]  ? compat_copy_entries+0x96c/0x14a0
[   31.167583]  kasan_report.cold.7+0x242/0x2fe
[   31.171972]  check_memory_region+0x13e/0x1b0
[   31.176358]  memcpy+0x37/0x50
[   31.179444]  compat_copy_entries+0x96c/0x14a0
[   31.183926]  ? compat_table_info+0x660/0x660
[   31.188315]  ? xt_compat_init_offsets+0x26e/0x340
[   31.193141]  ? xt_compat_flush_offsets+0x270/0x270
[   31.198056]  compat_do_replace+0x483/0x900
[   31.202272]  ? compat_do_ebt_get_ctl+0x910/0x910
[   31.207013]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.212536]  ? cap_capable+0x1f9/0x260
[   31.216409]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.221924]  ? ns_capable_common+0x13f/0x170
[   31.226315]  compat_do_ebt_set_ctl+0x2ac/0x324
[   31.230882]  ? compat_do_replace+0x900/0x900
[   31.235270]  ? mutex_unlock+0xd/0x10
[   31.238972]  ? nf_sockopt_find.constprop.0+0x221/0x290
[   31.244229]  compat_nf_setsockopt+0x9b/0x140
[   31.248618]  ? compat_do_replace+0x900/0x900
[   31.253010]  compat_ip_setsockopt+0xff/0x140
[   31.257407]  inet_csk_compat_setsockopt+0x97/0x120
[   31.262314]  ? ip_setsockopt+0xf0/0xf0
[   31.266182]  compat_tcp_setsockopt+0x49/0x80
[   31.270575]  compat_sock_common_setsockopt+0xb4/0x150
[   31.275744]  ? tcp_setsockopt+0xe0/0xe0
[   31.279695]  ? sock_common_setsockopt+0xe0/0xe0
[   31.284345]  __compat_sys_setsockopt+0x1ab/0x7c0
[   31.289095]  ? __compat_sys_getsockopt+0x7f0/0x7f0
[   31.294011]  ? __x32_compat_sys_get_robust_list+0x430/0x430
[   31.299713]  ? mm_fault_error+0x380/0x380
[   31.303842]  __ia32_compat_sys_setsockopt+0xbd/0x150
[   31.308924]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.313922]  do_fast_syscall_32+0x345/0xf9b
[   31.318226]  ? do_int80_syscall_32+0x880/0x880
[   31.322788]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.327525]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.333049]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.337960]  ? sysret32_from_system_call+0x5/0x46
[   31.342784]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.347607]  entry_SYSENTER_compat+0x70/0x7f
[   31.351989] RIP: 0023:0xf7f4dcb9
[   31.355335] RSP: 002b:00000000ffbd2b4c EFLAGS: 00000286 ORIG_RAX: 000000000000016e
[   31.363030] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[   31.370279] RDX: 0000000000000080 RSI: 0000000020000300 RDI: 00000000000005f4
[   31.377526] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   31.384771] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   31.392025] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   31.399288] 
[   31.400901] The buggy address belongs to the page:
[   31.405809] page:ffffea0006c4d9c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   31.413926] flags: 0x2fffc0000000000()
[   31.417796] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   31.425652] raw: 0000000000000000 ffffea0006c40101 0000000000000000 0000000000000000
[   31.433505] page dumped because: kasan: bad access detected
[   31.439187] 
[   31.440791] Memory state around the buggy address:
[   31.445699]  ffff8801b1367780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.453037]  ffff8801b1367800: 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2
[   31.460370] >ffff8801b1367880: f2 00 00 00 07 f3 f3 f3 f3 00 00 00 00 00 00 00
[   31.467702]                                ^
[   31.472085]  ffff8801b1367900: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
[   31.479418]  ffff8801b1367980: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[   31.486753] ==================================================================
[   31.494082] Disabling lock debugging due to kernel taint
[   31.499581] Kernel panic - not syncing: panic_on_warn set ...
[   31.499581] 
[   31.506939] CPU: 0 PID: 4499 Comm: syz-executor0 Tainted: G    B             4.17.0-rc2+ #40
[   31.515489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.524818] Call Trace:
[   31.527385]  dump_stack+0x1b9/0x294
[   31.530993]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.536165]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.540902]  ? compat_copy_entries+0x920/0x14a0
[   31.545550]  panic+0x22f/0x4de
[   31.548719]  ? add_taint.cold.5+0x16/0x16
[   31.552845]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.557239]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.561627]  ? compat_copy_entries+0x96c/0x14a0
[   31.566272]  kasan_end_report+0x47/0x4f
[   31.570224]  kasan_report.cold.7+0x76/0x2fe
[   31.574522]  check_memory_region+0x13e/0x1b0
[   31.578909]  memcpy+0x37/0x50
[   31.581992]  compat_copy_entries+0x96c/0x14a0
[   31.586472]  ? compat_table_info+0x660/0x660
[   31.590860]  ? xt_compat_init_offsets+0x26e/0x340
[   31.595679]  ? xt_compat_flush_offsets+0x270/0x270
[   31.600587]  compat_do_replace+0x483/0x900
[   31.604802]  ? compat_do_ebt_get_ctl+0x910/0x910
[   31.609540]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.615055]  ? cap_capable+0x1f9/0x260
[   31.618924]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.624436]  ? ns_capable_common+0x13f/0x170
[   31.628823]  compat_do_ebt_set_ctl+0x2ac/0x324
[   31.633382]  ? compat_do_replace+0x900/0x900
[   31.637771]  ? mutex_unlock+0xd/0x10
[   31.641465]  ? nf_sockopt_find.constprop.0+0x221/0x290
[   31.646719]  compat_nf_setsockopt+0x9b/0x140
[   31.651105]  ? compat_do_replace+0x900/0x900
[   31.655492]  compat_ip_setsockopt+0xff/0x140
[   31.659878]  inet_csk_compat_setsockopt+0x97/0x120
[   31.664781]  ? ip_setsockopt+0xf0/0xf0
[   31.668656]  compat_tcp_setsockopt+0x49/0x80
[   31.673044]  compat_sock_common_setsockopt+0xb4/0x150
[   31.678211]  ? tcp_setsockopt+0xe0/0xe0
[   31.682162]  ? sock_common_setsockopt+0xe0/0xe0
[   31.686808]  __compat_sys_setsockopt+0x1ab/0x7c0
[   31.691554]  ? __compat_sys_getsockopt+0x7f0/0x7f0
[   31.696464]  ? __x32_compat_sys_get_robust_list+0x430/0x430
[   31.702157]  ? mm_fault_error+0x380/0x380
[   31.706283]  __ia32_compat_sys_setsockopt+0xbd/0x150
[   31.711366]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.716360]  do_fast_syscall_32+0x345/0xf9b
[   31.720659]  ? do_int80_syscall_32+0x880/0x880
[   31.725224]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.729963]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.735479]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.740386]  ? sysret32_from_system_call+0x5/0x46
[   31.745207]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.750040]  entry_SYSENTER_compat+0x70/0x7f
[   31.754430] RIP: 0023:0xf7f4dcb9
[   31.757770] RSP: 002b:00000000ffbd2b4c EFLAGS: 00000286 ORIG_RAX: 000000000000016e
[   31.765459] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[   31.772706] RDX: 0000000000000080 RSI: 0000000020000300 RDI: 00000000000005f4
[   31.779952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   31.787199] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   31.794445] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   31.802122] Dumping ftrace buffer:
[   31.805638]    (ftrace buffer empty)
[   31.809321] Kernel Offset: disabled
[   31.812924] Rebooting in 86400 seconds..