[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.353181] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.876104] random: sshd: uninitialized urandom read (32 bytes read) [ 18.266821] random: sshd: uninitialized urandom read (32 bytes read) [ 19.000102] random: sshd: uninitialized urandom read (32 bytes read) [ 60.749142] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. [ 66.200618] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/25 23:37:55 parsed 1 programs 2018/04/25 23:37:55 executed programs: 0 [ 66.585024] IPVS: Creating netns size=2536 id=1 2018/04/25 23:38:00 executed programs: 997 2018/04/25 23:38:05 executed programs: 1919 2018/04/25 23:38:10 executed programs: 2848 2018/04/25 23:38:15 executed programs: 3777 [ 87.172641] ================================================================== [ 87.180017] BUG: KASAN: out-of-bounds in __unwind_start+0x37c/0x3c0 [ 87.186393] Read of size 8 at addr ffff8801b6edf810 by task syz-executor0/13799 [ 87.193806] [ 87.195410] CPU: 0 PID: 13799 Comm: syz-executor0 Not tainted 4.9.96-g8c01d00 #11 [ 87.203000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.212328] ffff8801be31f760 ffffffff81eb0b69 ffffea0006dbb7c0 ffff8801b6edf810 [ 87.220303] 0000000000000000 ffff8801b6edf818 ffff8801be31f898 ffff8801be31f798 [ 87.228295] ffffffff8156540b ffff8801b6edf810 0000000000000008 0000000000000000 [ 87.236271] Call Trace: [ 87.238833] [] dump_stack+0xc1/0x128 [ 87.244174] [] print_address_description+0x6c/0x234 [ 87.250813] [] kasan_report.cold.6+0x242/0x2fe [ 87.257034] [] ? __unwind_start+0x37c/0x3c0 [ 87.262975] [] __asan_report_load8_noabort+0x14/0x20 [ 87.269701] [] __unwind_start+0x37c/0x3c0 [ 87.275467] [] ? ptrace_may_access+0x24/0x50 [ 87.281497] [] __save_stack_trace+0x59/0xf0 [ 87.287437] [] save_stack_trace_tsk+0x48/0x70 [ 87.293552] [] proc_pid_stack+0x148/0x220 [ 87.299544] [] ? lock_trace+0xc0/0xc0 [ 87.304966] [] proc_single_show+0xfd/0x170 [ 87.310821] [] seq_read+0x4b6/0x12e0 [ 87.316154] [] ? seq_dentry+0x290/0x290 [ 87.321750] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 87.330213] [] ? fsnotify+0x1100/0x1100 [ 87.335810] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 87.342706] [] compat_do_readv_writev+0x567/0x7a0 [ 87.349167] [] ? do_pwritev+0x240/0x240 [ 87.354761] [] ? mark_held_locks+0xc7/0x130 [ 87.360703] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 87.367516] [] ? mutex_lock_nested+0x596/0x870 [ 87.373716] [] ? __fdget_pos+0xac/0xd0 [ 87.379225] [] ? __fget+0x20a/0x3b0 [ 87.384479] [] ? mutex_trylock+0x3e0/0x3e0 [ 87.390341] [] ? __fget+0x231/0x3b0 [ 87.395587] [] ? __fget+0x47/0x3b0 [ 87.400749] [] compat_readv+0xe2/0x150 [ 87.406272] [] do_compat_readv+0xf2/0x1d0 [ 87.412046] [] ? compat_readv+0x150/0x150 [ 87.417814] [] compat_SyS_readv+0x26/0x30 [ 87.423582] [] ? SyS_pwritev2+0x80/0x80 [ 87.429178] [] do_fast_syscall_32+0x2f7/0x870 [ 87.435304] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 87.441941] [] entry_SYSENTER_compat+0x90/0xa2 [ 87.448149] [ 87.449745] The buggy address belongs to the page: [ 87.454643] page:ffffea0006dbb7c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 87.462871] flags: 0x8000000000000000() [ 87.466812] page dumped because: kasan: bad access detected [ 87.472486] [ 87.474085] Memory state around the buggy address: [ 87.478988] ffff8801b6edf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.486318] ffff8801b6edf780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.493644] >ffff8801b6edf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.500971] ^ [ 87.505086] ffff8801b6edf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.512421] ffff8801b6edf900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.519753] ================================================================== [ 87.527078] Disabling lock debugging due to kernel taint [ 87.532963] Kernel panic - not syncing: panic_on_warn set ... [ 87.532963] [ 87.540311] CPU: 0 PID: 13799 Comm: syz-executor0 Tainted: G B 4.9.96-g8c01d00 #11 [ 87.549113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.558439] ffff8801be31f6c0 ffffffff81eb0b69 ffffffff841c492d 00000000ffffffff [ 87.566417] 0000000000000000 0000000000000000 ffff8801be31f898 ffff8801be31f780 [ 87.574406] ffffffff8141f975 0000000041b58ab3 ffffffff841b8030 ffffffff8141f7b6 [ 87.582378] Call Trace: [ 87.584938] [] dump_stack+0xc1/0x128 [ 87.590271] [] panic+0x1bf/0x3bc [ 87.595261] [] ? add_taint.cold.6+0x16/0x16 [ 87.601204] [] ? ___preempt_schedule+0x16/0x18 [ 87.607406] [] kasan_end_report+0x47/0x4f [ 87.613176] [] kasan_report.cold.6+0x76/0x2fe [ 87.619290] [] ? __unwind_start+0x37c/0x3c0 [ 87.625231] [] __asan_report_load8_noabort+0x14/0x20 [ 87.631960] [] __unwind_start+0x37c/0x3c0 [ 87.637726] [] ? ptrace_may_access+0x24/0x50 [ 87.643752] [] __save_stack_trace+0x59/0xf0 [ 87.649698] [] save_stack_trace_tsk+0x48/0x70 [ 87.655812] [] proc_pid_stack+0x148/0x220 [ 87.661578] [] ? lock_trace+0xc0/0xc0 [ 87.666998] [] proc_single_show+0xfd/0x170 [ 87.672850] [] seq_read+0x4b6/0x12e0 [ 87.678185] [] ? seq_dentry+0x290/0x290 [ 87.683779] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 87.692237] [] ? fsnotify+0x1100/0x1100 [ 87.697831] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 87.704726] [] compat_do_readv_writev+0x567/0x7a0 [ 87.711190] [] ? do_pwritev+0x240/0x240 [ 87.716784] [] ? mark_held_locks+0xc7/0x130 [ 87.722725] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 87.729535] [] ? mutex_lock_nested+0x596/0x870 [ 87.735739] [] ? __fdget_pos+0xac/0xd0 [ 87.741249] [] ? __fget+0x20a/0x3b0 [ 87.746498] [] ? mutex_trylock+0x3e0/0x3e0 [ 87.752354] [] ? __fget+0x231/0x3b0 [ 87.757599] [] ? __fget+0x47/0x3b0 [ 87.762760] [] compat_readv+0xe2/0x150 [ 87.768266] [] do_compat_readv+0xf2/0x1d0 [ 87.774038] [] ? compat_readv+0x150/0x150 [ 87.779806] [] compat_SyS_readv+0x26/0x30 [ 87.785573] [] ? SyS_pwritev2+0x80/0x80 [ 87.791169] [] do_fast_syscall_32+0x2f7/0x870 [ 87.797285] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 87.803919] [] entry_SYSENTER_compat+0x90/0xa2 [ 87.810564] Dumping ftrace buffer: [ 87.814073] (ftrace buffer empty) [ 87.817750] Kernel Offset: disabled [ 87.821346] Rebooting in 86400 seconds..