[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.494851] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.620899] random: sshd: uninitialized urandom read (32 bytes read) [ 22.925616] random: sshd: uninitialized urandom read (32 bytes read) [ 23.715242] random: sshd: uninitialized urandom read (32 bytes read) [ 37.020368] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. [ 42.517974] random: sshd: uninitialized urandom read (32 bytes read) 2018/06/16 06:21:21 parsed 1 programs [ 44.146865] random: cc1: uninitialized urandom read (8 bytes read) 2018/06/16 06:21:23 executed programs: 0 [ 45.253291] IPVS: ftp: loaded support on port[0] = 21 [ 45.458949] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.465435] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.473507] device bridge_slave_0 entered promiscuous mode [ 45.490208] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.496607] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.503736] device bridge_slave_1 entered promiscuous mode [ 45.520397] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.536611] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.577554] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.595339] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.656892] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.664178] team0: Port device team_slave_0 added [ 45.680090] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.687251] team0: Port device team_slave_1 added [ 45.703828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.722748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.739529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.757511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.883060] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.889546] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.896381] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.902750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.351087] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.357233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.402130] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.432723] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 46.451978] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 46.458167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.465452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.504458] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.764740] ================================================================== [ 46.772244] BUG: KASAN: slab-out-of-bounds in process_preds+0x3ecf/0x4160 [ 46.779165] Write of size 4 at addr ffff8801af5e8df0 by task syz-executor0/4780 [ 46.786593] [ 46.788206] CPU: 0 PID: 4780 Comm: syz-executor0 Not tainted 4.17.0+ #8 [ 46.794936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.804288] Call Trace: [ 46.806870] dump_stack+0x1c9/0x2b4 [ 46.810486] ? dump_stack_print_info.cold.2+0x52/0x52 [ 46.815665] ? printk+0xa7/0xcf [ 46.818927] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 46.823763] ? process_preds+0x3ecf/0x4160 [ 46.827980] print_address_description+0x6c/0x20b [ 46.832896] ? process_preds+0x3ecf/0x4160 [ 46.837112] kasan_report.cold.7+0x242/0x2fe [ 46.841511] __asan_report_store4_noabort+0x17/0x20 [ 46.846513] process_preds+0x3ecf/0x4160 [ 46.850575] ? filter_parse_regex+0x2b0/0x2b0 [ 46.855055] ? create_filter_start.constprop.14+0xfb/0x2b0 [ 46.860663] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.865660] ? kmem_cache_alloc_trace+0x616/0x780 [ 46.870489] ? create_filter_start.constprop.14+0x55/0x2b0 [ 46.876098] create_filter+0x167/0x280 [ 46.879977] ? process_preds+0x4160/0x4160 [ 46.884196] ftrace_profile_set_filter+0x135/0x2f0 [ 46.889107] ? ftrace_profile_free_filter+0x70/0x70 [ 46.894104] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.899625] ? memdup_user+0x6b/0xa0 [ 46.903322] perf_event_set_filter+0x251/0x1260 [ 46.907972] ? mutex_trylock+0x2b0/0x2b0 [ 46.912027] ? perf_pmu_unregister+0x540/0x540 [ 46.916591] ? exit_robust_list+0x290/0x290 [ 46.921435] ? kasan_check_read+0x11/0x20 [ 46.925574] ? do_raw_spin_unlock+0xa7/0x2f0 [ 46.929974] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 46.934546] ? add_mm_counter_fast+0xd0/0xd0 [ 46.938941] ? kasan_check_write+0x14/0x20 [ 46.943171] ? graph_lock+0x170/0x170 [ 46.946961] ? _raw_spin_unlock+0x22/0x30 [ 46.951098] ? __handle_mm_fault+0x94b/0x4460 [ 46.955590] _perf_ioctl+0x865/0x1600 [ 46.959379] ? __do_sys_perf_event_open+0x30f0/0x30f0 [ 46.964570] ? lock_downgrade+0x8f0/0x8f0 [ 46.968713] ? kasan_check_read+0x11/0x20 [ 46.972841] ? rcu_is_watching+0x8c/0x150 [ 46.976969] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 46.981370] ? mutex_lock_nested+0x16/0x20 [ 46.985582] ? mutex_lock_nested+0x16/0x20 [ 46.989799] ? perf_event_ctx_lock_nested+0x415/0x500 [ 46.994972] ? __sanitizer_cov_trace_cmp8+0x1/0x20 [ 46.999895] ? perf_event_read_event+0x450/0x450 [ 47.004633] ? __handle_mm_fault+0x4460/0x4460 [ 47.009200] ? __ia32_compat_sys_futex+0x3e6/0x5f0 [ 47.014114] perf_ioctl+0x59/0x80 [ 47.017550] perf_compat_ioctl+0x6a/0xb0 [ 47.021593] ? perf_ioctl+0x80/0x80 [ 47.025206] __ia32_compat_sys_ioctl+0x221/0x640 [ 47.029956] do_fast_syscall_32+0x34d/0xfb2 [ 47.034266] ? do_int80_syscall_32+0x890/0x890 [ 47.038830] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 47.043574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.049114] ? syscall_return_slowpath+0x31d/0x5e0 [ 47.054128] ? sysret32_from_system_call+0x5/0x46 [ 47.058960] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.063801] entry_SYSENTER_compat+0x70/0x7f [ 47.068192] RIP: 0023:0xf7f8fcb9 [ 47.071555] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 47.091446] RSP: 002b:00000000ff8a07bc EFLAGS: 00000286 ORIG_RAX: 0000000000000036 [ 47.099230] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040082406 [ 47.106507] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 47.113760] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 47.121035] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 47.128284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 47.135558] [ 47.137165] Allocated by task 0: [ 47.140504] (stack is not available) [ 47.144540] [ 47.146156] Freed by task 0: [ 47.149147] (stack is not available) [ 47.152830] [ 47.154438] The buggy address belongs to the object at ffff8801af5e8d80 [ 47.154438] which belongs to the cache kmalloc-64 of size 64 [ 47.167137] The buggy address is located 48 bytes to the right of [ 47.167137] 64-byte region [ffff8801af5e8d80, ffff8801af5e8dc0) [ 47.179362] The buggy address belongs to the page: [ 47.184285] page:ffffea0006bd7a00 count:1 mapcount:0 mapping:ffff8801da800340 index:0x0 [ 47.192427] flags: 0x2fffc0000000100(slab) [ 47.196673] raw: 02fffc0000000100 ffffea00075de388 ffffea0006bb26c8 ffff8801da800340 [ 47.204801] raw: 0000000000000000 ffff8801af5e8000 0000000100000020 0000000000000000 [ 47.212661] page dumped because: kasan: bad access detected [ 47.218354] [ 47.219967] Memory state around the buggy address: [ 47.224883] ffff8801af5e8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.232225] ffff8801af5e8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.239570] >ffff8801af5e8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.246916] ^ [ 47.253910] ffff8801af5e8e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 47.261957] ffff8801af5e8e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 47.269471] ================================================================== [ 47.276809] Disabling lock debugging due to kernel taint [ 47.282896] Kernel panic - not syncing: panic_on_warn set ... [ 47.282896] [ 47.290263] CPU: 0 PID: 4780 Comm: syz-executor0 Tainted: G B 4.17.0+ #8 [ 47.298383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.307730] Call Trace: [ 47.310307] dump_stack+0x1c9/0x2b4 [ 47.313917] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.319101] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 47.323850] panic+0x238/0x4e7 [ 47.327033] ? add_taint.cold.5+0x16/0x16 [ 47.331173] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.335568] ? process_preds+0x3ecf/0x4160 [ 47.339809] kasan_end_report+0x47/0x4f [ 47.343772] kasan_report.cold.7+0x76/0x2fe [ 47.348073] __asan_report_store4_noabort+0x17/0x20 [ 47.353068] process_preds+0x3ecf/0x4160 [ 47.357112] ? filter_parse_regex+0x2b0/0x2b0 [ 47.361589] ? create_filter_start.constprop.14+0xfb/0x2b0 [ 47.367193] ? rcu_read_lock_sched_held+0x108/0x120 [ 47.372190] ? kmem_cache_alloc_trace+0x616/0x780 [ 47.377024] ? create_filter_start.constprop.14+0x55/0x2b0 [ 47.382634] create_filter+0x167/0x280 [ 47.386501] ? process_preds+0x4160/0x4160 [ 47.390720] ftrace_profile_set_filter+0x135/0x2f0 [ 47.395631] ? ftrace_profile_free_filter+0x70/0x70 [ 47.400636] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.406156] ? memdup_user+0x6b/0xa0 [ 47.409855] perf_event_set_filter+0x251/0x1260 [ 47.414509] ? mutex_trylock+0x2b0/0x2b0 [ 47.418552] ? perf_pmu_unregister+0x540/0x540 [ 47.423111] ? exit_robust_list+0x290/0x290 [ 47.427411] ? kasan_check_read+0x11/0x20 [ 47.431536] ? do_raw_spin_unlock+0xa7/0x2f0 [ 47.435921] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 47.440491] ? add_mm_counter_fast+0xd0/0xd0 [ 47.444879] ? kasan_check_write+0x14/0x20 [ 47.449097] ? graph_lock+0x170/0x170 [ 47.452893] ? _raw_spin_unlock+0x22/0x30 [ 47.457040] ? __handle_mm_fault+0x94b/0x4460 [ 47.461531] _perf_ioctl+0x865/0x1600 [ 47.465312] ? __do_sys_perf_event_open+0x30f0/0x30f0 [ 47.470495] ? lock_downgrade+0x8f0/0x8f0 [ 47.474628] ? kasan_check_read+0x11/0x20 [ 47.478755] ? rcu_is_watching+0x8c/0x150 [ 47.482880] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 47.487294] ? mutex_lock_nested+0x16/0x20 [ 47.491511] ? mutex_lock_nested+0x16/0x20 [ 47.495728] ? perf_event_ctx_lock_nested+0x415/0x500 [ 47.500899] ? __sanitizer_cov_trace_cmp8+0x1/0x20 [ 47.505810] ? perf_event_read_event+0x450/0x450 [ 47.510548] ? __handle_mm_fault+0x4460/0x4460 [ 47.515113] ? __ia32_compat_sys_futex+0x3e6/0x5f0 [ 47.520030] perf_ioctl+0x59/0x80 [ 47.523474] perf_compat_ioctl+0x6a/0xb0 [ 47.527523] ? perf_ioctl+0x80/0x80 [ 47.531134] __ia32_compat_sys_ioctl+0x221/0x640 [ 47.535875] do_fast_syscall_32+0x34d/0xfb2 [ 47.540180] ? do_int80_syscall_32+0x890/0x890 [ 47.544743] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 47.549482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.555017] ? syscall_return_slowpath+0x31d/0x5e0 [ 47.559936] ? sysret32_from_system_call+0x5/0x46 [ 47.564758] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.569583] entry_SYSENTER_compat+0x70/0x7f [ 47.573972] RIP: 0023:0xf7f8fcb9 [ 47.577309] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 47.596435] RSP: 002b:00000000ff8a07bc EFLAGS: 00000286 ORIG_RAX: 0000000000000036 [ 47.604129] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040082406 [ 47.611385] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 47.618636] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 47.625902] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 47.633150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 47.641044] Dumping ftrace buffer: [ 47.644568] (ftrace buffer empty) [ 47.648255] Kernel Offset: disabled [ 47.651861] Rebooting in 86400 seconds..