[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.426682] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.788188] random: sshd: uninitialized urandom read (32 bytes read)
[   23.171952] random: sshd: uninitialized urandom read (32 bytes read)
[   23.935458] random: sshd: uninitialized urandom read (32 bytes read)
[   24.083554] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
[   29.674959] random: sshd: uninitialized urandom read (32 bytes read)
2018/05/26 05:49:07 parsed 1 programs
2018/05/26 05:49:07 executed programs: 0
[   30.200560] IPVS: ftp: loaded support on port[0] = 21
[   30.323786] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.330249] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.337942] device bridge_slave_0 entered promiscuous mode
[   30.353935] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.360329] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.367436] device bridge_slave_1 entered promiscuous mode
[   30.383230] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   30.399087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   30.438887] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   30.456687] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   30.519550] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   30.526838] team0: Port device team_slave_0 added
[   30.541326] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   30.548470] team0: Port device team_slave_1 added
[   30.563229] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   30.580906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   30.598928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   30.617087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   30.733074] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.739518] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.746468] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.752838] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.166628] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   31.172746] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.214242] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   31.258467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.265997] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   31.304576] 8021q: adding VLAN 0 to HW filter on device team0
[   34.009612] ==================================================================
[   34.017135] BUG: KASAN: stack-out-of-bounds in do_general_protection+0x2ac/0x2f0
[   34.024660] Read of size 8 at addr ffff8801b21273f8 by task syz-executor0/5106
[   34.032003] 
[   34.033625] CPU: 0 PID: 5106 Comm: syz-executor0 Not tainted 4.17.0-rc6+ #92
[   34.040786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.050120] Call Trace:
[   34.052692]  dump_stack+0x1b9/0x294
[   34.056304]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.061475]  ? printk+0x9e/0xba
[   34.064738]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   34.069477]  ? kasan_check_write+0x14/0x20
[   34.073692]  print_address_description+0x6c/0x20b
[   34.078517]  ? do_general_protection+0x2ac/0x2f0
[   34.083265]  kasan_report.cold.7+0x242/0x2fe
[   34.087660]  __asan_report_load8_noabort+0x14/0x20
[   34.092573]  do_general_protection+0x2ac/0x2f0
[   34.097148]  general_protection+0x1e/0x30
[   34.101886] RIP: 0010:vmx_vcpu_run+0xa12/0x25c0
[   34.106547] RSP: 0018:ffff8801b2127410 EFLAGS: 00010006
[   34.111899] RAX: dffffc0000000000 RBX: 0000000010000000 RCX: ffffffff811f76f2
[   34.119153] RDX: 000000000836b156 RSI: ffffffff811f76ff RDI: 0000000000000005
[   34.126409] RBP: ffff8801b2127508 R08: ffff8801cf7a6500 R09: 0000000000000000
[   34.133665] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   34.140918] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.148192]  ? vmx_vcpu_run+0x9f2/0x25c0
[   34.152251]  ? vmx_vcpu_run+0x9ff/0x25c0
[   34.156301]  ? kasan_check_read+0x11/0x20
[   34.160430]  ? rcu_is_watching+0x85/0x140
[   34.164567]  ? rcu_pm_notify+0xc0/0xc0
[   34.168437]  ? trace_hardirqs_off+0xd/0x10
[   34.172655]  ? __khugepaged_exit+0x421/0x680
[   34.177053]  exit_mmap+0xa4/0x5a0
[   34.180491]  ? __ia32_sys_munmap+0x80/0x80
[   34.184713]  ? __khugepaged_exit+0x449/0x680
[   34.189123]  ? uprobe_clear_state+0x257/0x350
[   34.193614]  ? hugepage_madvise+0x100/0x100
[   34.197923]  ? check_same_owner+0x320/0x320
[   34.202331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.207860]  ? rcu_note_context_switch+0x710/0x710
[   34.212774]  ? __might_sleep+0x95/0x190
[   34.216750]  mmput+0x251/0x610
[   34.219933]  ? lock_downgrade+0x8d1/0x8e0
[   34.224061]  ? set_mm_exe_file+0x1f0/0x1f0
[   34.228292]  ? kasan_check_read+0x11/0x20
[   34.232429]  ? do_raw_spin_unlock+0x9e/0x2e0
[   34.236830]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   34.241394]  ? kasan_check_write+0x14/0x20
[   34.245609]  ? do_raw_spin_lock+0xc1/0x200
[   34.249831]  do_exit+0xe98/0x2730
[   34.253278]  ? mm_update_next_owner+0x980/0x980
[   34.257942]  ? dequeue_task_fair+0x9c0/0x9c0
[   34.262336]  ? find_held_lock+0x36/0x1c0
[   34.266386]  ? lock_downgrade+0x8e0/0x8e0
[   34.270516]  ? lock_downgrade+0x8e0/0x8e0
[   34.274669]  ? kasan_check_read+0x11/0x20
[   34.278815]  ? do_raw_spin_unlock+0x9e/0x2e0
[   34.283335]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   34.287927]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   34.292500]  ? rcu_read_lock+0x70/0x70
[   34.296374]  ? activate_task+0x123/0x2e0
[   34.300418]  ? trace_hardirqs_off+0xd/0x10
[   34.304635]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   34.309720]  ? try_to_wake_up+0x102/0x1190
[   34.313972]  ? kasan_check_read+0x11/0x20
[   34.318107]  ? graph_lock+0x170/0x170
[   34.321905]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   34.326940]  ? __set_current_blocked+0xe4/0x120
[   34.331692]  ? find_held_lock+0x36/0x1c0
[   34.335740]  ? lock_downgrade+0x8e0/0x8e0
[   34.339876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.345403]  ? kasan_check_read+0x11/0x20
[   34.349538]  ? do_raw_spin_unlock+0x9e/0x2e0
[   34.353940]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   34.358519]  ? force_sig+0x30/0x30
[   34.362051]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.366649]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.371664]  do_group_exit+0x16f/0x430
[   34.375542]  ? __ia32_sys_exit+0x50/0x50
[   34.379589]  ? __bpf_trace_x86_exceptions+0x40/0x40
[   34.384597]  ? do_fast_syscall_32+0x148/0xf9b
[   34.389082]  __ia32_sys_exit_group+0x3e/0x50
[   34.393479]  do_fast_syscall_32+0x345/0xf9b
[   34.397790]  ? do_int80_syscall_32+0x880/0x880
[   34.402375]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   34.407217]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.412740]  ? syscall_return_slowpath+0x30f/0x5c0
[   34.417658]  ? retint_user+0x18/0x18
[   34.421462]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.426382]  entry_SYSENTER_compat+0x70/0x7f
[   34.430775] RIP: 0023:0xf7f88cb9
[   34.434126] RSP: 002b:00000000f7f7fa8c EFLAGS: 00000286 ORIG_RAX: 00000000000000fc
[   34.441819] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000000
[   34.449072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   34.456326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   34.463581] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[   34.470836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.478103] 
[   34.479719] The buggy address belongs to the page:
[   34.484634] page:ffffea0006c849c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   34.492762] flags: 0x2fffc0000000000()
[   34.496636] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   34.504500] raw: 0000000000000000 ffffea0006c80101 0000000000000000 0000000000000000
[   34.512361] page dumped because: kasan: bad access detected
[   34.518050] 
[   34.519656] Memory state around the buggy address:
[   34.524568]  ffff8801b2127280: 00 f2 00 00 00 00 00 00 00 00 00 00 00 00 f3 00
[   34.531916]  ffff8801b2127300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.539257] >ffff8801b2127380: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2
[   34.546600]                                                                 ^
[   34.553872]  ffff8801b2127400: f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
[   34.561218]  ffff8801b2127480: f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00
[   34.568682] ==================================================================
[   34.576032] Disabling lock debugging due to kernel taint
[   34.581569] Kernel panic - not syncing: panic_on_warn set ...
[   34.581569] 
[   34.588920] CPU: 0 PID: 5106 Comm: syz-executor0 Tainted: G    B             4.17.0-rc6+ #92
[   34.597477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.606817] Call Trace:
[   34.609392]  dump_stack+0x1b9/0x294
[   34.613012]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.618199]  ? lock_downgrade+0x8e0/0x8e0
[   34.622350]  ? vprintk_default+0x28/0x30
[   34.626400]  ? do_general_protection+0x280/0x2f0
[   34.631139]  panic+0x22f/0x4de
[   34.634314]  ? add_taint.cold.5+0x16/0x16
[   34.638443]  ? add_taint.cold.5+0x5/0x16
[   34.642509]  ? do_raw_spin_unlock+0x9e/0x2e0
[   34.646911]  ? do_general_protection+0x2ac/0x2f0
[   34.651994]  kasan_end_report+0x47/0x4f
[   34.656138]  kasan_report.cold.7+0x76/0x2fe
[   34.660443]  __asan_report_load8_noabort+0x14/0x20
[   34.665353]  do_general_protection+0x2ac/0x2f0
[   34.669916]  general_protection+0x1e/0x30
[   34.674052] RIP: 0010:vmx_vcpu_run+0xa12/0x25c0
[   34.678701] RSP: 0018:ffff8801b2127410 EFLAGS: 00010006
[   34.684048] RAX: dffffc0000000000 RBX: 0000000010000000 RCX: ffffffff811f76f2
[   34.691305] RDX: 000000000836b156 RSI: ffffffff811f76ff RDI: 0000000000000005
[   34.698557] RBP: ffff8801b2127508 R08: ffff8801cf7a6500 R09: 0000000000000000
[   34.705812] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   34.713063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.720341]  ? vmx_vcpu_run+0x9f2/0x25c0
[   34.724398]  ? vmx_vcpu_run+0x9ff/0x25c0
[   34.728447]  ? kasan_check_read+0x11/0x20
[   34.732582]  ? rcu_is_watching+0x85/0x140
[   34.736721]  ? rcu_pm_notify+0xc0/0xc0
[   34.740589]  ? trace_hardirqs_off+0xd/0x10
[   34.744821]  ? __khugepaged_exit+0x421/0x680
[   34.749211]  exit_mmap+0xa4/0x5a0
[   34.752651]  ? __ia32_sys_munmap+0x80/0x80
[   34.756867]  ? __khugepaged_exit+0x449/0x680
[   34.761388]  ? uprobe_clear_state+0x257/0x350
[   34.765881]  ? hugepage_madvise+0x100/0x100
[   34.770184]  ? check_same_owner+0x320/0x320
[   34.774502]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.780035]  ? rcu_note_context_switch+0x710/0x710
[   34.784956]  ? __might_sleep+0x95/0x190
[   34.788917]  mmput+0x251/0x610
[   34.792104]  ? lock_downgrade+0x8d1/0x8e0
[   34.796231]  ? set_mm_exe_file+0x1f0/0x1f0
[   34.800448]  ? kasan_check_read+0x11/0x20
[   34.804585]  ? do_raw_spin_unlock+0x9e/0x2e0
[   34.808981]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   34.813542]  ? kasan_check_write+0x14/0x20
[   34.817757]  ? do_raw_spin_lock+0xc1/0x200
[   34.821974]  do_exit+0xe98/0x2730
[   34.825421]  ? mm_update_next_owner+0x980/0x980
[   34.830070]  ? dequeue_task_fair+0x9c0/0x9c0
[   34.834476]  ? find_held_lock+0x36/0x1c0
[   34.838541]  ? lock_downgrade+0x8e0/0x8e0
[   34.842666]  ? lock_downgrade+0x8e0/0x8e0
[   34.846797]  ? kasan_check_read+0x11/0x20
[   34.850929]  ? do_raw_spin_unlock+0x9e/0x2e0
[   34.855318]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   34.859888]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   34.864454]  ? rcu_read_lock+0x70/0x70
[   34.868324]  ? activate_task+0x123/0x2e0
[   34.872465]  ? trace_hardirqs_off+0xd/0x10
[   34.876692]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   34.881778]  ? try_to_wake_up+0x102/0x1190
[   34.885997]  ? kasan_check_read+0x11/0x20
[   34.890134]  ? graph_lock+0x170/0x170
[   34.893921]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   34.898923]  ? __set_current_blocked+0xe4/0x120
[   34.903575]  ? find_held_lock+0x36/0x1c0
[   34.907684]  ? lock_downgrade+0x8e0/0x8e0
[   34.911823]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.917342]  ? kasan_check_read+0x11/0x20
[   34.921470]  ? do_raw_spin_unlock+0x9e/0x2e0
[   34.925866]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   34.930431]  ? force_sig+0x30/0x30
[   34.933972]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.938451]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.943450]  do_group_exit+0x16f/0x430
[   34.947322]  ? __ia32_sys_exit+0x50/0x50
[   34.952350]  ? __bpf_trace_x86_exceptions+0x40/0x40
[   34.957349]  ? do_fast_syscall_32+0x148/0xf9b
[   34.961841]  __ia32_sys_exit_group+0x3e/0x50
[   34.966621]  do_fast_syscall_32+0x345/0xf9b
[   34.970933]  ? do_int80_syscall_32+0x880/0x880
[   34.975494]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   34.980720]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.986350]  ? syscall_return_slowpath+0x30f/0x5c0
[   34.991264]  ? retint_user+0x18/0x18
[   34.994960]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.999789]  entry_SYSENTER_compat+0x70/0x7f
[   35.004254] RIP: 0023:0xf7f88cb9
[   35.007598] RSP: 002b:00000000f7f7fa8c EFLAGS: 00000286 ORIG_RAX: 00000000000000fc
[   35.015291] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000000
[   35.022574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   35.029822] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   35.037073] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[   35.044444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   35.052297] Dumping ftrace buffer:
[   35.055817]    (ftrace buffer empty)
[   35.059506] Kernel Offset: disabled
[   35.063112] Rebooting in 86400 seconds..