[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   17.467608] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.285747] random: sshd: uninitialized urandom read (32 bytes read)
[   19.519913] random: sshd: uninitialized urandom read (32 bytes read)
[   20.276580] random: sshd: uninitialized urandom read (32 bytes read)
[   34.891827] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts.
[   40.414603] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   40.508144] ==================================================================
[   40.515722] BUG: KASAN: use-after-free in skb_ensure_writable+0x554/0x620
[   40.522655] Read of size 4 at addr ffff8801b0b40fc0 by task syz-executor258/4479
[   40.532940] 
[   40.534552] CPU: 0 PID: 4479 Comm: syz-executor258 Not tainted 4.17.0-rc6+ #29
[   40.541886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.551675] Call Trace:
[   40.554249]  dump_stack+0x1b9/0x294
[   40.557870]  ? dump_stack_print_info.cold.2+0x52/0x52
[   40.563040]  ? printk+0x9e/0xba
[   40.566300]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   40.571050]  ? kasan_check_write+0x14/0x20
[   40.575280]  print_address_description+0x6c/0x20b
[   40.580107]  ? skb_ensure_writable+0x554/0x620
[   40.584672]  kasan_report.cold.7+0x242/0x2fe
[   40.589063]  __asan_report_load4_noabort+0x14/0x20
[   40.593984]  skb_ensure_writable+0x554/0x620
[   40.598373]  ? skb_cow_data+0xf10/0xf10
[   40.602328]  ? trace_hardirqs_on+0xd/0x10
[   40.606461]  ? depot_save_stack+0x26b/0x450
[   40.610770]  bpf_l3_csum_replace+0x8c/0x4d0
[   40.615076]  ? lock_downgrade+0x8e0/0x8e0
[   40.619205]  ? rcu_pm_notify+0xc0/0xc0
[   40.623078]  ? pvclock_read_flags+0x160/0x160
[   40.627553]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.632564]  ? kmem_cache_alloc+0x5fa/0x760
[   40.636868]  ? ktime_get+0x33e/0x430
[   40.640583]  ? lock_acquire+0x1dc/0x520
[   40.644553]  ? bpf_test_run+0x1f3/0x3b0
[   40.648516]  ? kasan_check_read+0x11/0x20
[   40.652997]  ? rcu_is_watching+0x85/0x140
[   40.657128]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   40.662307]  ? __might_sleep+0x95/0x190
[   40.666265]  ? bpf_test_run+0xaf/0x3b0
[   40.670140]  ? bpf_prog_test_run_skb+0x622/0xa20
[   40.674879]  ? bpf_test_finish.isra.7+0x1e0/0x1e0
[   40.679704]  ? bpf_prog_add+0x69/0xd0
[   40.683491]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.689008]  ? __bpf_prog_get+0x9b/0x290
[   40.693048]  ? bpf_test_finish.isra.7+0x1e0/0x1e0
[   40.697873]  ? bpf_prog_test_run+0x130/0x1a0
[   40.702266]  ? __x64_sys_bpf+0x3d8/0x510
[   40.706307]  ? bpf_prog_get+0x20/0x20
[   40.710104]  ? do_syscall_64+0x92/0x800
[   40.714067]  ? do_syscall_64+0x1b1/0x800
[   40.718231]  ? syscall_return_slowpath+0x5c0/0x5c0
[   40.723153]  ? syscall_return_slowpath+0x30f/0x5c0
[   40.728070]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   40.733418]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.738244]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.743589] 
[   40.745193] The buggy address belongs to the page:
[   40.750102] page:ffffea0006c2d000 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   40.758230] flags: 0x2fffc0000000000()
[   40.762105] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   40.771666] raw: ffffea00075ea760 ffffea0006c39660 ffff8801b5848738 0000000000000000
[   40.779533] page dumped because: kasan: bad access detected
[   40.785222] 
[   40.786828] Memory state around the buggy address:
[   40.791736]  ffff8801b0b40e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.799076]  ffff8801b0b40f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.806415] >ffff8801b0b40f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.813760]                                            ^
[   40.819189]  ffff8801b0b41000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.826526]  ffff8801b0b41080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.834120] ==================================================================
[   40.841455] Disabling lock debugging due to kernel taint
[   40.846990] Kernel panic - not syncing: panic_on_warn set ...
[   40.846990] 
[   40.854347] CPU: 0 PID: 4479 Comm: syz-executor258 Tainted: G    B             4.17.0-rc6+ #29
[   40.863083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.872420] Call Trace:
[   40.875014]  dump_stack+0x1b9/0x294
[   40.878636]  ? dump_stack_print_info.cold.2+0x52/0x52
[   40.883807]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.888550]  ? skb_ensure_writable+0x530/0x620
[   40.893111]  panic+0x22f/0x4de
[   40.896284]  ? add_taint.cold.5+0x16/0x16
[   40.900413]  ? do_raw_spin_unlock+0x9e/0x2e0
[   40.904803]  ? do_raw_spin_unlock+0x9e/0x2e0
[   40.909189]  ? skb_ensure_writable+0x554/0x620
[   40.913751]  kasan_end_report+0x47/0x4f
[   40.917706]  kasan_report.cold.7+0x76/0x2fe
[   40.922009]  __asan_report_load4_noabort+0x14/0x20
[   40.926919]  skb_ensure_writable+0x554/0x620
[   40.931306]  ? skb_cow_data+0xf10/0xf10
[   40.935261]  ? trace_hardirqs_on+0xd/0x10
[   40.939392]  ? depot_save_stack+0x26b/0x450
[   40.943711]  bpf_l3_csum_replace+0x8c/0x4d0
[   40.948013]  ? lock_downgrade+0x8e0/0x8e0
[   40.952145]  ? rcu_pm_notify+0xc0/0xc0
[   40.956015]  ? pvclock_read_flags+0x160/0x160
[   40.960494]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.965516]  ? kmem_cache_alloc+0x5fa/0x760
[   40.969818]  ? ktime_get+0x33e/0x430
[   40.973511]  ? lock_acquire+0x1dc/0x520
[   40.977469]  ? bpf_test_run+0x1f3/0x3b0
[   40.981428]  ? kasan_check_read+0x11/0x20
[   40.985559]  ? rcu_is_watching+0x85/0x140
[   40.989688]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   40.994867]  ? __might_sleep+0x95/0x190
[   40.998833]  ? bpf_test_run+0xaf/0x3b0
[   41.002709]  ? bpf_prog_test_run_skb+0x622/0xa20
[   41.007446]  ? bpf_test_finish.isra.7+0x1e0/0x1e0
[   41.012268]  ? bpf_prog_add+0x69/0xd0
[   41.016061]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   41.021580]  ? __bpf_prog_get+0x9b/0x290
[   41.025632]  ? bpf_test_finish.isra.7+0x1e0/0x1e0
[   41.030464]  ? bpf_prog_test_run+0x130/0x1a0
[   41.034868]  ? __x64_sys_bpf+0x3d8/0x510
[   41.038907]  ? bpf_prog_get+0x20/0x20
[   41.042693]  ? do_syscall_64+0x92/0x800
[   41.046648]  ? do_syscall_64+0x1b1/0x800
[   41.050689]  ? syscall_return_slowpath+0x5c0/0x5c0
[   41.055603]  ? syscall_return_slowpath+0x30f/0x5c0
[   41.060512]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   41.065854]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.070675]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.076643] Dumping ftrace buffer:
[   41.080160]    (ftrace buffer empty)
[   41.083851] Kernel Offset: disabled
[   41.087457] Rebooting in 86400 seconds..