[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.454419] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.837934] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 24.212758] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 25.218666] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) [ 25.361814] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. [ 30.822910] random: nonblocking pool is initialized 2018/04/10 13:21:50 parsed 1 programs 2018/04/10 13:21:50 executed programs: 0 [ 31.219028] IPVS: Creating netns size=2552 id=1 [ 32.354357] ================================================================== [ 32.361743] BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 [ 32.367952] Read of size 1 at addr ffff8800badaf860 by task syz-executor0/4040 [ 32.375284] [ 32.376883] CPU: 1 PID: 4040 Comm: syz-executor0 Not tainted 4.4.125-g38f41ec #21 [ 32.384466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.393786] 0000000000000000 a3575aca88f58640 ffff8800badaf398 ffffffff81d067bd [ 32.401758] ffffea0002eb6bc0 ffff8800badaf860 0000000000000000 ffff8800badaf860 [ 32.409733] ffff8800badaf848 ffff8800badaf3d0 ffffffff814fea83 ffff8800badaf860 [ 32.417694] Call Trace: [ 32.420254] [] dump_stack+0xc1/0x124 [ 32.425584] [] print_address_description+0x73/0x260 [ 32.432213] [] kasan_report+0x285/0x370 [ 32.437803] [] ? memcmp+0x126/0x160 [ 32.443051] [] __asan_report_load1_noabort+0x14/0x20 [ 32.449777] [] memcmp+0x126/0x160 [ 32.454850] [] xfrm_selector_match+0x1c7/0xe50 [ 32.461046] [] xfrm_sk_policy_lookup+0x153/0x360 [ 32.467421] [] ? xfrm_sk_policy_lookup+0x43/0x360 [ 32.473881] [] xfrm_lookup+0x1be/0xc10 [ 32.479384] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 32.485851] [] ? ip6_dst_lookup_tail+0x3c0/0x1480 [ 32.492316] [] ? ip6_dst_lookup_tail+0x4a5/0x1480 [ 32.498776] [] ? ip6_copy_metadata+0x710/0x710 [ 32.504975] [] ? mark_held_locks+0xaf/0x100 [ 32.510916] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 32.517815] [] xfrm_lookup_route+0x39/0x1a0 [ 32.523752] [] ip6_dst_lookup_flow+0x1b4/0x2e0 [ 32.529963] [] ? ip6_dst_lookup+0x60/0x60 [ 32.535821] [] ? selinux_sk_getsecid+0xa0/0x110 [ 32.542113] [] tcp_v6_connect+0xade/0x1b90 [ 32.547977] [] ? tcp_sendmsg+0xda9/0x2b10 [ 32.553743] [] ? inet_sendmsg+0x2bc/0x4c0 [ 32.559509] [] ? tcp_v6_syn_recv_sock+0x1f50/0x1f50 [ 32.566146] [] ? gup_pud_range+0x271/0x2f0 [ 32.572002] [] __inet_stream_connect+0x2a6/0xc70 [ 32.578372] [] ? inet_dgram_connect+0x1f0/0x1f0 [ 32.584661] [] ? kasan_kmalloc+0xad/0xe0 [ 32.590344] [] ? tcp_sendmsg+0xda9/0x2b10 [ 32.596116] [] ? kmem_cache_alloc_trace+0x100/0x2b0 [ 32.602855] [] tcp_sendmsg+0xcc1/0x2b10 [ 32.608453] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 32.615450] [] ? sock_has_perm+0x1c1/0x400 [ 32.621306] [] ? tcp_sendpage+0x1830/0x1830 [ 32.627244] [] ? inet_sendmsg+0x201/0x4c0 [ 32.633013] [] inet_sendmsg+0x2bc/0x4c0 [ 32.638611] [] ? inet_sendmsg+0x73/0x4c0 [ 32.644290] [] ? inet_recvmsg+0x4c0/0x4c0 [ 32.650060] [] sock_sendmsg+0xca/0x110 [ 32.655564] [] SYSC_sendto+0x2c8/0x340 [ 32.661066] [] ? SYSC_connect+0x310/0x310 [ 32.666850] [] ? sock_has_perm+0x29f/0x400 [ 32.673141] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 32.680215] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 32.686348] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 32.693336] [] ? compat_SyS_setsockopt+0x18a/0x290 [ 32.699908] [] ? sock_common_setsockopt+0xd0/0xd0 [ 32.706375] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 32.713103] [] SyS_sendto+0x40/0x50 [ 32.718367] [] ? SyS_getpeername+0x30/0x30 [ 32.724224] [] do_fast_syscall_32+0x321/0x8a0 [ 32.730343] [] sysenter_flags_fixed+0xd/0x17 [ 32.736366] [ 32.737970] The buggy address belongs to the page: [ 32.742877] page:ffffea0002eb6bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 32.750987] flags: 0x4000000000000000() [ 32.755040] page dumped because: kasan: bad access detected [ 32.760723] [ 32.762324] Memory state around the buggy address: [ 32.767219] ffff8800badaf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.774554] ffff8800badaf780: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 [ 32.781889] >ffff8800badaf800: f2 f2 00 00 00 00 00 00 00 00 00 00 f2 f2 00 00 [ 32.789221] ^ [ 32.795692] ffff8800badaf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.803028] ffff8800badaf900: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2 f2 [ 32.810353] ================================================================== [ 32.817683] Disabling lock debugging due to kernel taint [ 32.823142] Kernel panic - not syncing: panic_on_warn set ... [ 32.823142] [ 32.830486] CPU: 1 PID: 4040 Comm: syz-executor0 Tainted: G B 4.4.125-g38f41ec #21 [ 32.839296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.848623] 0000000000000000 a3575aca88f58640 ffff8800badaf2f0 ffffffff81d067bd [ 32.856618] ffffffff83fb764d ffff8800badaf3c8 0000000000000000 ffff8800badaf860 [ 32.864684] ffff8800badaf848 ffff8800badaf3b8 ffffffff8141b46a 0000000041b58ab3 [ 32.872666] Call Trace: [ 32.875229] [] dump_stack+0xc1/0x124 [ 32.880568] [] panic+0x1aa/0x388 [ 32.885566] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 32.892478] [] ? add_taint+0x1c/0x50 [ 32.898166] [] kasan_end_report+0x50/0x50 [ 32.903941] [] kasan_report+0x15c/0x370 [ 32.909533] [] ? memcmp+0x126/0x160 [ 32.914782] [] __asan_report_load1_noabort+0x14/0x20 [ 32.921513] [] memcmp+0x126/0x160 [ 32.926600] [] xfrm_selector_match+0x1c7/0xe50 [ 32.932808] [] xfrm_sk_policy_lookup+0x153/0x360 [ 32.939186] [] ? xfrm_sk_policy_lookup+0x43/0x360 [ 32.945659] [] xfrm_lookup+0x1be/0xc10 [ 32.951187] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 32.957656] [] ? ip6_dst_lookup_tail+0x3c0/0x1480 [ 32.964123] [] ? ip6_dst_lookup_tail+0x4a5/0x1480 [ 32.970592] [] ? ip6_copy_metadata+0x710/0x710 [ 32.976805] [] ? mark_held_locks+0xaf/0x100 [ 32.982749] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 32.989652] [] xfrm_lookup_route+0x39/0x1a0 [ 32.995608] [] ip6_dst_lookup_flow+0x1b4/0x2e0 [ 33.001818] [] ? ip6_dst_lookup+0x60/0x60 [ 33.007596] [] ? selinux_sk_getsecid+0xa0/0x110 [ 33.013891] [] tcp_v6_connect+0xade/0x1b90 [ 33.019753] [] ? tcp_sendmsg+0xda9/0x2b10 [ 33.025533] [] ? inet_sendmsg+0x2bc/0x4c0 [ 33.031307] [] ? tcp_v6_syn_recv_sock+0x1f50/0x1f50 [ 33.037966] [] ? gup_pud_range+0x271/0x2f0 [ 33.043833] [] __inet_stream_connect+0x2a6/0xc70 [ 33.050212] [] ? inet_dgram_connect+0x1f0/0x1f0 [ 33.056510] [] ? kasan_kmalloc+0xad/0xe0 [ 33.062199] [] ? tcp_sendmsg+0xda9/0x2b10 [ 33.067970] [] ? kmem_cache_alloc_trace+0x100/0x2b0 [ 33.074616] [] tcp_sendmsg+0xcc1/0x2b10 [ 33.080222] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.087206] [] ? sock_has_perm+0x1c1/0x400 [ 33.093070] [] ? tcp_sendpage+0x1830/0x1830 [ 33.099012] [] ? inet_sendmsg+0x201/0x4c0 [ 33.104784] [] inet_sendmsg+0x2bc/0x4c0 [ 33.110387] [] ? inet_sendmsg+0x73/0x4c0 [ 33.116069] [] ? inet_recvmsg+0x4c0/0x4c0 [ 33.121843] [] sock_sendmsg+0xca/0x110 [ 33.127354] [] SYSC_sendto+0x2c8/0x340 [ 33.132862] [] ? SYSC_connect+0x310/0x310 [ 33.138633] [] ? sock_has_perm+0x29f/0x400 [ 33.144493] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 33.151576] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 33.157704] [] ? compat_SyS_get_robust_list+0x300/0x300 [ 33.164694] [] ? compat_SyS_setsockopt+0x18a/0x290 [ 33.171245] [] ? sock_common_setsockopt+0xd0/0xd0 [ 33.177704] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 33.184247] [] SyS_sendto+0x40/0x50 [ 33.189489] [] ? SyS_getpeername+0x30/0x30 [ 33.195338] [] do_fast_syscall_32+0x321/0x8a0 [ 33.201450] [] sysenter_flags_fixed+0xd/0x17 [ 33.207874] Dumping ftrace buffer: [ 33.211384] (ftrace buffer empty) [ 33.215062] Kernel Offset: disabled [ 33.218654] Rebooting in 86400 seconds..