[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.503145] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 13.642194] random: sshd: uninitialized urandom read (32 bytes read) [ 13.770017] random: sshd: uninitialized urandom read (32 bytes read) [ 14.569211] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 14.696169] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. [ 20.184165] random: sshd: uninitialized urandom read (32 bytes read) 2018/04/30 16:47:17 parsed 1 programs 2018/04/30 16:47:17 executed programs: 0 [ 20.621809] IPVS: Creating netns size=2536 id=1 [ 20.655811] IPVS: Creating netns size=2536 id=2 [ 20.668889] IPVS: Creating netns size=2536 id=3 [ 20.706236] IPVS: Creating netns size=2536 id=4 [ 20.741514] IPVS: Creating netns size=2536 id=5 [ 20.777518] IPVS: Creating netns size=2536 id=6 [ 20.814526] IPVS: Creating netns size=2536 id=7 [ 20.856033] IPVS: Creating netns size=2536 id=8 2018/04/30 16:47:22 executed programs: 717 [ 28.764708] ================================================================== [ 28.772105] BUG: KASAN: out-of-bounds in __unwind_start+0x37c/0x3c0 [ 28.778495] Read of size 8 at addr ffff8801c4a5fb80 by task syz-executor5/8192 [ 28.785834] [ 28.787452] CPU: 0 PID: 8192 Comm: syz-executor5 Not tainted 4.9.97-g2bcbbd5 #14 [ 28.794971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.804313] ffff8801c2427048 ffffffff81eb0b69 ffffea00071297c0 ffff8801c4a5fb80 [ 28.812336] 0000000000000000 ffff8801c4a5fb88 ffff8801c2427180 ffff8801c2427080 [ 28.820366] ffffffff8156540b ffff8801c4a5fb80 0000000000000008 0000000000000000 [ 28.828398] Call Trace: [ 28.830970] [] dump_stack+0xc1/0x128 [ 28.836331] [] print_address_description+0x6c/0x234 [ 28.842985] [] kasan_report.cold.6+0x242/0x2fe [ 28.849208] [] ? __unwind_start+0x37c/0x3c0 [ 28.855170] [] __asan_report_load8_noabort+0x14/0x20 [ 28.861913] [] __unwind_start+0x37c/0x3c0 [ 28.867701] [] ? ptrace_may_access+0x24/0x50 [ 28.873750] [] __save_stack_trace+0x59/0xf0 [ 28.879709] [] save_stack_trace_tsk+0x48/0x70 [ 28.885841] [] proc_pid_stack+0x148/0x220 [ 28.891627] [] ? lock_trace+0xc0/0xc0 [ 28.897072] [] proc_single_show+0xfd/0x170 [ 28.902939] [] traverse+0x363/0x920 [ 28.908198] [] ? seq_buf_alloc+0x80/0x80 [ 28.913896] [] ? unwind_next_frame+0x86/0xe0 [ 28.919936] [] seq_read+0xd19/0x12e0 [ 28.925272] [] ? seq_dentry+0x290/0x290 [ 28.930869] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 28.939332] [] ? fsnotify+0x1100/0x1100 [ 28.944928] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 28.951823] [] do_readv_writev+0x565/0x7a0 [ 28.957675] [] ? vfs_write+0x530/0x530 [ 28.963183] [] ? kasan_unpoison_shadow+0x35/0x50 [ 28.969559] [] ? push_pipe+0x3f4/0x780 [ 28.975069] [] ? iov_iter_get_pages_alloc+0x2bb/0xf10 [ 28.981878] [] vfs_readv+0x84/0xc0 [ 28.987039] [] default_file_splice_read+0x44b/0x7e0 [ 28.993674] [] ? depot_save_stack+0x132/0x460 [ 28.999788] [] ? do_splice_direct+0x270/0x270 [ 29.005910] [] ? save_stack+0x43/0xd0 [ 29.011329] [] ? __kmalloc+0x11d/0x300 [ 29.016837] [] ? alloc_pipe_info+0x164/0x380 [ 29.022863] [] ? splice_direct_to_actor+0x62c/0x7e0 [ 29.029496] [] ? do_splice_direct+0x1a3/0x270 [ 29.035609] [] ? do_sendfile+0x4f0/0xc60 [ 29.041290] [] ? compat_SyS_sendfile+0xd1/0x160 [ 29.047582] [] ? do_fast_syscall_32+0x2f7/0x870 [ 29.053872] [] ? check_preemption_disabled+0x3b/0x170 [ 29.060683] [] ? avc_has_perm+0x27d/0x4f0 [ 29.066449] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 29.074907] [] ? fsnotify+0x1100/0x1100 [ 29.080500] [] ? avc_policy_seqno+0x9/0x20 [ 29.086356] [] ? selinux_file_permission+0x82/0x470 [ 29.092991] [] ? security_file_permission+0x8f/0x1f0 [ 29.099713] [] ? rw_verify_area+0xe5/0x2b0 [ 29.105567] [] ? do_splice_direct+0x270/0x270 [ 29.111679] [] do_splice_to+0x10c/0x170 [ 29.117269] [] splice_direct_to_actor+0x23f/0x7e0 [ 29.123728] [] ? pipe_to_sendpage+0x330/0x330 [ 29.129839] [] ? do_splice_to+0x170/0x170 [ 29.135604] [] ? security_file_permission+0x8f/0x1f0 [ 29.142324] [] ? rw_verify_area+0xe5/0x2b0 [ 29.148176] [] do_splice_direct+0x1a3/0x270 [ 29.154116] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 29.160751] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 29.167301] [] ? __sb_start_write+0x161/0x300 [ 29.173414] [] do_sendfile+0x4f0/0xc60 [ 29.178918] [] ? do_compat_pwritev64+0x180/0x180 [ 29.185295] [] ? __might_fault+0x114/0x1d0 [ 29.191148] [] compat_SyS_sendfile+0xd1/0x160 [ 29.197262] [] ? SyS_sendfile64+0x160/0x160 [ 29.203204] [] ? do_fast_syscall_32+0xcf/0x870 [ 29.209405] [] ? SyS_sendfile64+0x160/0x160 [ 29.215345] [] do_fast_syscall_32+0x2f7/0x870 [ 29.221460] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.228094] [] entry_SYSENTER_compat+0x90/0xa2 [ 29.234294] [ 29.235889] The buggy address belongs to the page: [ 29.240788] page:ffffea00071297c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 29.249014] flags: 0x8000000000000000() [ 29.252953] page dumped because: kasan: bad access detected [ 29.258627] [ 29.260224] Memory state around the buggy address: [ 29.265121] ffff8801c4a5fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.272448] ffff8801c4a5fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.279777] >ffff8801c4a5fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.287102] ^ [ 29.290698] ffff8801c4a5fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.298025] ffff8801c4a5fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.305349] ================================================================== [ 29.312676] Disabling lock debugging due to kernel taint [ 29.325382] Kernel panic - not syncing: panic_on_warn set ... [ 29.325382] [ 29.332752] CPU: 0 PID: 8192 Comm: syz-executor5 Tainted: G B 4.9.97-g2bcbbd5 #14 [ 29.341481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.350823] ffff8801c2426fa8 ffffffff81eb0b69 ffffffff843c4d05 00000000ffffffff [ 29.358870] 0000000000000000 0000000000000000 ffff8801c2427180 ffff8801c2427068 [ 29.366852] ffffffff8141f975 0000000041b58ab3 ffffffff843b8408 ffffffff8141f7b6 [ 29.374833] Call Trace: [ 29.377392] [] dump_stack+0xc1/0x128 [ 29.382724] [] panic+0x1bf/0x3bc [ 29.387712] [] ? add_taint.cold.6+0x16/0x16 [ 29.393654] [] ? ___preempt_schedule+0x16/0x18 [ 29.399854] [] kasan_end_report+0x47/0x4f [ 29.405620] [] kasan_report.cold.6+0x76/0x2fe [ 29.411736] [] ? __unwind_start+0x37c/0x3c0 [ 29.417678] [] __asan_report_load8_noabort+0x14/0x20 [ 29.424400] [] __unwind_start+0x37c/0x3c0 [ 29.430168] [] ? ptrace_may_access+0x24/0x50 [ 29.436194] [] __save_stack_trace+0x59/0xf0 [ 29.442133] [] save_stack_trace_tsk+0x48/0x70 [ 29.448250] [] proc_pid_stack+0x148/0x220 [ 29.454018] [] ? lock_trace+0xc0/0xc0 [ 29.459436] [] proc_single_show+0xfd/0x170 [ 29.465293] [] traverse+0x363/0x920 [ 29.470538] [] ? seq_buf_alloc+0x80/0x80 [ 29.476218] [] ? unwind_next_frame+0x86/0xe0 [ 29.482246] [] seq_read+0xd19/0x12e0 [ 29.487581] [] ? seq_dentry+0x290/0x290 [ 29.493174] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 29.501632] [] ? fsnotify+0x1100/0x1100 [ 29.507226] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 29.514123] [] do_readv_writev+0x565/0x7a0 [ 29.519976] [] ? vfs_write+0x530/0x530 [ 29.525494] [] ? kasan_unpoison_shadow+0x35/0x50 [ 29.531872] [] ? push_pipe+0x3f4/0x780 [ 29.537380] [] ? iov_iter_get_pages_alloc+0x2bb/0xf10 [ 29.544187] [] vfs_readv+0x84/0xc0 [ 29.549349] [] default_file_splice_read+0x44b/0x7e0 [ 29.555986] [] ? depot_save_stack+0x132/0x460 [ 29.562100] [] ? do_splice_direct+0x270/0x270 [ 29.568214] [] ? save_stack+0x43/0xd0 [ 29.573631] [] ? __kmalloc+0x11d/0x300 [ 29.579137] [] ? alloc_pipe_info+0x164/0x380 [ 29.585169] [] ? splice_direct_to_actor+0x62c/0x7e0 [ 29.591803] [] ? do_splice_direct+0x1a3/0x270 [ 29.597919] [] ? do_sendfile+0x4f0/0xc60 [ 29.603598] [] ? compat_SyS_sendfile+0xd1/0x160 [ 29.609884] [] ? do_fast_syscall_32+0x2f7/0x870 [ 29.616171] [] ? check_preemption_disabled+0x3b/0x170 [ 29.622983] [] ? avc_has_perm+0x27d/0x4f0 [ 29.628750] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 29.637207] [] ? fsnotify+0x1100/0x1100 [ 29.642800] [] ? avc_policy_seqno+0x9/0x20 [ 29.648652] [] ? selinux_file_permission+0x82/0x470 [ 29.655290] [] ? security_file_permission+0x8f/0x1f0 [ 29.662012] [] ? rw_verify_area+0xe5/0x2b0 [ 29.667866] [] ? do_splice_direct+0x270/0x270 [ 29.674499] [] do_splice_to+0x10c/0x170 [ 29.680092] [] splice_direct_to_actor+0x23f/0x7e0 [ 29.686560] [] ? pipe_to_sendpage+0x330/0x330 [ 29.692674] [] ? do_splice_to+0x170/0x170 [ 29.698441] [] ? security_file_permission+0x8f/0x1f0 [ 29.705163] [] ? rw_verify_area+0xe5/0x2b0 [ 29.711018] [] do_splice_direct+0x1a3/0x270 [ 29.716956] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 29.723592] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 29.730140] [] ? __sb_start_write+0x161/0x300 [ 29.736263] [] do_sendfile+0x4f0/0xc60 [ 29.741769] [] ? do_compat_pwritev64+0x180/0x180 [ 29.748146] [] ? __might_fault+0x114/0x1d0 [ 29.753999] [] compat_SyS_sendfile+0xd1/0x160 [ 29.760112] [] ? SyS_sendfile64+0x160/0x160 [ 29.766062] [] ? do_fast_syscall_32+0xcf/0x870 [ 29.772265] [] ? SyS_sendfile64+0x160/0x160 [ 29.778203] [] do_fast_syscall_32+0x2f7/0x870 [ 29.784318] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.790954] [] entry_SYSENTER_compat+0x90/0xa2 [ 29.797610] Dumping ftrace buffer: [ 29.801122] (ftrace buffer empty) [ 29.804800] Kernel Offset: disabled [ 29.808396] Rebooting in 86400 seconds..