[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.563508] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [ 18.912885] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available) [ 19.115236] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.074093] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available) [ 20.227902] random: sshd: uninitialized urandom read (32 bytes read, 107 bits of entropy available) Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. [ 25.706543] random: sshd: uninitialized urandom read (32 bytes read, 113 bits of entropy available) 2018/04/05 16:42:46 parsed 1 programs 2018/04/05 16:42:46 executed programs: 0 [ 26.121442] IPVS: Creating netns size=2552 id=1 [ 26.187098] ================================================================== [ 26.194506] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x270e/0x3490 [ 26.201066] Read of size 2081 at addr ffff8801d23b1198 by task syz-executor0/3745 [ 26.208668] [ 26.210292] CPU: 1 PID: 3745 Comm: syz-executor0 Not tainted 4.4.125-g38f41ec #21 [ 26.217894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.227335] 0000000000000000 369b0876cf223b1d ffff8801c9a476f8 ffffffff81d067bd [ 26.235319] ffffea000748ec00 ffff8801d23b1198 0000000000000000 ffff8801d23b1380 [ 26.243297] ffff8801c9a47938 ffff8801c9a47730 ffffffff814fea83 ffff8801d23b1198 [ 26.251283] Call Trace: [ 26.253849] [] dump_stack+0xc1/0x124 [ 26.259197] [] print_address_description+0x73/0x260 [ 26.265846] [] kasan_report+0x285/0x370 [ 26.271448] [] ? pfkey_add+0x270e/0x3490 [ 26.277144] [] check_memory_region+0x137/0x190 [ 26.283365] [] memcpy+0x23/0x50 [ 26.288273] [] pfkey_add+0x270e/0x3490 [ 26.293786] [] ? pfkey_delete+0x370/0x370 [ 26.299572] [] ? pfkey_add+0x3490/0x3490 [ 26.305266] [] ? __skb_clone+0x24a/0x7d0 [ 26.310948] [] ? pfkey_delete+0x370/0x370 [ 26.316717] [] pfkey_process+0x68b/0x750 [ 26.322403] [] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 26.329222] [] pfkey_sendmsg+0x3a9/0x760 [ 26.334909] [] ? pfkey_spdget+0x820/0x820 [ 26.340703] [] sock_sendmsg+0xca/0x110 [ 26.346219] [] ___sys_sendmsg+0x6c1/0x7c0 [ 26.352007] [] ? copy_msghdr_from_user+0x550/0x550 [ 26.358635] [] ? __alloc_pages_direct_compact+0x250/0x250 [ 26.365802] [] ? do_futex+0x3f4/0x15d0 [ 26.371316] [] ? __lock_is_held+0xa1/0xf0 [ 26.377102] [] ? exit_robust_list+0x240/0x240 [ 26.383228] [] ? do_huge_pmd_anonymous_page+0x549/0xa10 [ 26.390225] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 26.396958] [] ? __fget_light+0xa3/0x1e0 [ 26.402659] [] ? __fdget+0x18/0x20 [ 26.407826] [] ? sockfd_lookup_light+0x118/0x160 [ 26.414217] [] __sys_sendmsg+0xd3/0x190 [ 26.419822] [] ? SyS_shutdown+0x1b0/0x1b0 [ 26.425594] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 26.431716] [] ? __do_page_fault+0x380/0xa00 [ 26.437763] [] compat_SyS_sendmsg+0x2a/0x40 [ 26.443718] [] ? compat_SyS_getsockopt+0x2a0/0x2a0 [ 26.450274] [] do_fast_syscall_32+0x321/0x8a0 [ 26.456404] [] sysenter_flags_fixed+0xd/0x17 [ 26.462433] [ 26.464039] Allocated by task 3745: [ 26.467634] [] save_stack_trace+0x26/0x50 [ 26.473592] [] save_stack+0x43/0xd0 [ 26.478976] [] kasan_kmalloc+0xad/0xe0 [ 26.484601] [] kasan_krealloc+0x64/0x80 [ 26.490317] [] ksize+0x92/0xf0 [ 26.495251] [] __alloc_skb+0x132/0x600 [ 26.500881] [] pfkey_sendmsg+0x135/0x760 [ 26.506690] [] sock_sendmsg+0xca/0x110 [ 26.512331] [] ___sys_sendmsg+0x6c1/0x7c0 [ 26.518234] [] __sys_sendmsg+0xd3/0x190 [ 26.523981] [] compat_SyS_sendmsg+0x2a/0x40 [ 26.530056] [] do_fast_syscall_32+0x321/0x8a0 [ 26.536296] [] sysenter_flags_fixed+0xd/0x17 [ 26.542458] [ 26.544061] Freed by task 1985: [ 26.547308] [] save_stack_trace+0x26/0x50 [ 26.553205] [] save_stack+0x43/0xd0 [ 26.558580] [] kasan_slab_free+0x72/0xc0 [ 26.564388] [] kfree+0xfc/0x300 [ 26.569411] [] skb_release_data+0x2ed/0x3b0 [ 26.575474] [] skb_release_all+0x4a/0x60 [ 26.581274] [] consume_skb+0xf3/0x3d0 [ 26.586824] [] skb_free_datagram+0x1a/0xe0 [ 26.592806] [] netlink_recvmsg+0x60b/0xe10 [ 26.598783] [] sock_recvmsg+0x8c/0xc0 [ 26.604327] [] ___sys_recvmsg+0x26d/0x560 [ 26.610232] [] __sys_recvmsg+0xd3/0x190 [ 26.615960] [] SyS_recvmsg+0x2d/0x50 [ 26.621428] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 26.628103] [ 26.629710] The buggy address belongs to the object at ffff8801d23b1180 [ 26.629710] which belongs to the cache kmalloc-512 of size 512 [ 26.642349] The buggy address is located 24 bytes inside of [ 26.642349] 512-byte region [ffff8801d23b1180, ffff8801d23b1380) [ 26.654114] The buggy address belongs to the page: [ 27.112464] BUG: unable to handle kernel NULL pointer dereference at 0000000000000062 [ 27.120750] IP: [] str__compaction__trace_system_name+0x56b/0xfa0 [ 27.128694] PGD 80000000b23fa067 PUD b13f1067 PMD 0 [ 27.134194] Oops: 0002 [#1] PREEMPT SMP KASAN [ 27.139216] Dumping ftrace buffer: [ 27.142762] (ftrace buffer empty) [ 27.146467] Modules linked in: [ 27.149788] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.125-g38f41ec #21 [ 27.156794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.166155] task: ffffffff84217840 task.stack: ffffffff84200000 [ 27.172214] RIP: 0010:[] [] str__compaction__trace_system_name+0x56b/0xfa0 [ 27.182610] RSP: 0018:ffff8801db207d18 EFLAGS: 00010206 [ 27.188058] RAX: ffffffff838a91a0 RBX: ffff8801db207d68 RCX: ffffffff812a146b [ 27.195332] RDX: 0000000000000100 RSI: ffffffff842bdb60 RDI: ffffffff812a147b [ 27.202610] RBP: ffff8801db207df0 R08: 0000000000000001 R09: ffffffff850f6860 [ 27.209883] R10: 0000000000000000 R11: 1ffff1003b640f70 R12: 1ffff1003b640fa9 [ 27.217163] R13: ffff8801c9446be8 R14: 0000000000000101 R15: ffff8801db207df0 [ 27.224528] FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 27.232753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.238639] CR2: 0000000000000062 CR3: 00000000aea36000 CR4: 0000000000160670 [ 27.245917] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.253207] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.260471] Stack: [ 27.262620] ffffffff838a91a0 ffffffff812a13cc 0000000000000000 ffffffff842c35a0 [ 27.270700] 0000000000000000 ffffffff838a91a0 0000000041b58ab3 ffffffff83fac471 [ 27.278779] ffffffff812a12f0 ffffffff84218120 ffff8801db207d68 ffffffff851bf530 [ 27.286870] Call Trace: [ 27.289443] [ 27.291538] [] ? call_timer_fn+0xdc/0x860 [ 27.297662] [] ? process_timeout+0x20/0x20 [ 27.303557] [] ? _raw_spin_unlock_irq+0x27/0x50 [ 27.309915] [] ? trace_hardirqs_on_caller+0x266/0x590 [ 27.316773] [] run_timer_softirq+0x604/0xbb0 [ 27.322843] [] ? kvm_clock_read+0x23/0x40 [ 27.328653] [] ? msleep+0xc0/0xc0 [ 27.333778] [] __do_softirq+0x227/0xa38 [ 27.339413] [] irq_exit+0x119/0x140 [ 27.344710] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 27.351225] [] apic_timer_interrupt+0xa0/0xb0 [ 27.357371] [ 27.359457] [] ? native_safe_halt+0x6/0x10 [ 27.365653] [] default_idle+0x55/0x3c0 [ 27.371200] [] arch_cpu_idle+0xa/0x10 [ 27.376666] [] default_idle_call+0x48/0x70 [ 27.382579] [] cpu_startup_entry+0x5fd/0x8f0 [ 27.388658] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 27.395600] [] ? call_cpuidle+0xe0/0xe0 [ 27.401236] [] rest_init+0x189/0x190 [ 27.406624] [] start_kernel+0x6b9/0x6ee [ 27.412271] [] ? thread_stack_cache_init+0xb/0xb [ 27.418697] [] ? early_idt_handler_array+0x120/0x120 [ 27.425473] [] ? early_idt_handler_array+0x120/0x120 [ 27.432253] [] x86_64_start_reservations+0x2a/0x2c [ 27.438853] [] x86_64_start_kernel+0x140/0x163 [ 27.445079] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 4d 5f 42 55 47 5f 4f 4e 5f 50 <41> 47 45 28 50 61 67 65 53 6c 61 62 28 70 61 67 65 29 29 00 00 [ 27.472739] RIP [] str__compaction__trace_system_name+0x56b/0xfa0 [ 27.480785] RSP [ 27.484414] CR2: 0000000000000062 [ 27.487871] ---[ end trace 5e830fc36ed1d56b ]--- [ 27.492630] Kernel panic - not syncing: Fatal exception in interrupt [ 28.362409] PANIC: double fault, error_code: 0x0 [ 28.367201] CPU: 1 PID: 3745 Comm: syz-executor0 Tainted: G D 4.4.125-g38f41ec #21 [ 28.376012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.385342] task: ffff8801ca85e000 task.stack: ffff8801c9a40000 [ 28.391372] RIP: 0010:[] [] dump_page_badflags+0xd/0x250 [ 28.400143] RSP: 0018:ffff880100000000 EFLAGS: 00010046 [ 28.405568] RAX: ffff8801ca85e000 RBX: ffffea000748ec00 RCX: ffffffff814912f0 [ 28.412817] RDX: 0000000000000000 RSI: ffffffff838a91a0 RDI: ffffea000748ec00 [ 28.420064] RBP: ffff880100000018 R08: 0000000000000001 R09: 0000000000000000 [ 28.427312] R10: 0000000000000002 R11: fffffbfff0ad821e R12: 0000000000000000 [ 28.434557] R13: ffffffff838a91a0 R14: 0000000000000000 R15: 0000000000000000 [ 28.441806] FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:000000000866c900 [ 28.450010] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 28.455868] CR2: ffff8800fffffff8 CR3: 00000001cab78000 CR4: 0000000000160670 [ 28.463115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.470361] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.477605] Stack: [ 28.479729] [ 28.481330] Call Trace: [ 28.483886] [ 28.485926] Code: ff e8 88 df 06 00 e9 50 fd ff ff e8 7e df 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 <41> 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 f1 04 ed ff 48 8d 7b [ 28.619848] Shutting down cpus with NMI [ 28.624398] Dumping ftrace buffer: [ 28.627938] (ftrace buffer empty) [ 28.631620] Kernel Offset: disabled [ 28.635216] Rebooting in 86400 seconds..