INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.819904] ================================================================== [ 25.827282] BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 [ 25.833481] Read of size 1 at addr ffff8801b8927840 by task syzkaller056349/3757 [ 25.840981] [ 25.842589] CPU: 0 PID: 3757 Comm: syzkaller056349 Not tainted 4.9.93-geba1ffe #3 [ 25.850181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.859501] ffff8801b8927300 ffffffff81d9c2b9 ffffea0006e249c0 ffff8801b8927840 [ 25.867478] 0000000000000000 ffff8801b8927840 ffff8801b8927828 ffff8801b8927338 [ 25.875440] ffffffff8156536b ffff8801b8927840 0000000000000001 0000000000000000 [ 25.883400] Call Trace: [ 25.885962] [] dump_stack+0xc1/0x128 [ 25.891294] [] print_address_description+0x6c/0x234 [ 25.897928] [] kasan_report.cold.6+0xac/0x2f5 [ 25.904043] [] ? memcmp+0x126/0x160 [ 25.909286] [] __asan_report_load1_noabort+0x14/0x20 [ 25.916005] [] memcmp+0x126/0x160 [ 25.921075] [] xfrm_selector_match+0x122/0xe10 [ 25.927274] [] xfrm_sk_policy_lookup+0x143/0x3c0 [ 25.933645] [] ? xfrm_selector_match+0xe10/0xe10 [ 25.940018] [] xfrm_lookup+0x1b5/0xb70 [ 25.945522] [] ? xfrm_bundle_lookup+0x1220/0x1220 [ 25.951999] [] ? ip6_dst_lookup_tail+0x48f/0x16c0 [ 25.958460] [] ? ip6_dst_lookup_tail+0x52a/0x16c0 [ 25.964923] [] ? ip6_flush_pending_frames+0xb0/0xb0 [ 25.971556] [] xfrm_lookup_route+0x39/0x1b0 [ 25.977495] [] ip6_dst_lookup_flow+0x17b/0x210 [ 25.983693] [] ? ip6_dst_lookup+0x60/0x60 [ 25.989462] [] ? __lock_is_held+0xa2/0xf0 [ 25.995227] [] ? selinux_sk_getsecid+0xa0/0x110 [ 26.001512] [] tcp_v6_connect+0xd8e/0x1b40 [ 26.007366] [] ? tcp_v6_mtu_reduced+0x60/0x60 [ 26.013480] [] __inet_stream_connect+0x6e0/0xbf0 [ 26.019858] [] ? inet_bind+0x8b0/0x8b0 [ 26.025363] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.031049] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.037597] [] tcp_sendmsg+0x1d94/0x2ff0 [ 26.043278] [] ? debug_check_no_locks_freed+0x210/0x210 [ 26.050260] [] ? tcp_sendpage+0x1960/0x1960 [ 26.056200] [] ? sock_has_perm+0x292/0x3e0 [ 26.062052] [] ? sock_has_perm+0x9f/0x3e0 [ 26.067819] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 26.074891] [] ? check_preemption_disabled+0x3b/0x170 [ 26.081698] [] ? inet_sendmsg+0x143/0x4d0 [ 26.087465] [] inet_sendmsg+0x203/0x4d0 [ 26.093058] [] ? inet_sendmsg+0x73/0x4d0 [ 26.098737] [] ? inet_recvmsg+0x4c0/0x4c0 [ 26.104512] [] sock_sendmsg+0xcc/0x110 [ 26.110015] [] SYSC_sendto+0x21c/0x370 [ 26.115520] [] ? SYSC_connect+0x300/0x300 [ 26.121287] [] ? sock_has_perm+0x292/0x3e0 [ 26.127139] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 26.134206] [] ? selinux_netlbl_socket_setsockopt+0x8c/0x340 [ 26.141620] [] ? selinux_netlbl_sock_rcv_skb+0x480/0x480 [ 26.148690] [] ? sock_common_setsockopt+0x9a/0xe0 [ 26.155148] [] ? SyS_setsockopt+0x185/0x260 [ 26.161083] [] ? SyS_recv+0x40/0x40 [ 26.166329] [] ? __do_page_fault+0x183/0xd50 [ 26.172355] [] SyS_sendto+0x40/0x50 [ 26.177601] [] ? SyS_getpeername+0x30/0x30 [ 26.183453] [] do_syscall_64+0x1a6/0x490 [ 26.189136] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.196030] [ 26.197627] The buggy address belongs to the page: [ 26.202524] page:ffffea0006e249c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 26.210746] flags: 0x8000000000000000() [ 26.214687] page dumped because: kasan: bad access detected [ 26.220359] [ 26.221955] Memory state around the buggy address: [ 26.226855] ffff8801b8927700: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 [ 26.234180] ffff8801b8927780: f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 [ 26.241515] >ffff8801b8927800: 00 00 00 00 00 00 00 00 f2 f2 00 00 00 00 00 00 [ 26.248841] ^ [ 26.254255] ffff8801b8927880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.261579] ffff8801b8927900: f1 f1 f1 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 [ 26.268903] ================================================================== [ 26.276228] Disabling lock debugging due to kernel taint [ 26.281713] Kernel panic - not syncing: panic_on_warn set ... [ 26.281713] [ 26.289059] CPU: 0 PID: 3757 Comm: syzkaller056349 Tainted: G B 4.9.93-geba1ffe #3 [ 26.297864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.307188] ffff8801b8927260 ffffffff81d9c2b9 ffffffff841a8689 00000000ffffffff [ 26.315151] 0000000000000000 0000000000000000 ffff8801b8927828 ffff8801b8927320 [ 26.323109] ffffffff8141f845 0000000041b58ab3 ffffffff8419bdc0 ffffffff8141f686 [ 26.331082] Call Trace: [ 26.333642] [] dump_stack+0xc1/0x128 [ 26.338973] [] panic+0x1bf/0x3bc [ 26.343959] [] ? add_taint.cold.6+0x16/0x16 [ 26.349899] [] ? ___preempt_schedule+0x16/0x18 [ 26.356099] [] kasan_end_report+0x47/0x4f [ 26.361864] [] kasan_report.cold.6+0xc9/0x2f5 [ 26.367975] [] ? memcmp+0x126/0x160 [ 26.373220] [] __asan_report_load1_noabort+0x14/0x20 [ 26.379938] [] memcmp+0x126/0x160 [ 26.385013] [] xfrm_selector_match+0x122/0xe10 [ 26.391210] [] xfrm_sk_policy_lookup+0x143/0x3c0 [ 26.397583] [] ? xfrm_selector_match+0xe10/0xe10 [ 26.403965] [] xfrm_lookup+0x1b5/0xb70 [ 26.409471] [] ? xfrm_bundle_lookup+0x1220/0x1220 [ 26.415936] [] ? ip6_dst_lookup_tail+0x48f/0x16c0 [ 26.422397] [] ? ip6_dst_lookup_tail+0x52a/0x16c0 [ 26.428859] [] ? ip6_flush_pending_frames+0xb0/0xb0 [ 26.435495] [] xfrm_lookup_route+0x39/0x1b0 [ 26.441439] [] ip6_dst_lookup_flow+0x17b/0x210 [ 26.447638] [] ? ip6_dst_lookup+0x60/0x60 [ 26.453406] [] ? __lock_is_held+0xa2/0xf0 [ 26.459177] [] ? selinux_sk_getsecid+0xa0/0x110 [ 26.465481] [] tcp_v6_connect+0xd8e/0x1b40 [ 26.471339] [] ? tcp_v6_mtu_reduced+0x60/0x60 [ 26.477456] [] __inet_stream_connect+0x6e0/0xbf0 [ 26.483827] [] ? inet_bind+0x8b0/0x8b0 [ 26.489334] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.495401] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.501959] [] tcp_sendmsg+0x1d94/0x2ff0 [ 26.507639] [] ? debug_check_no_locks_freed+0x210/0x210 [ 26.514622] [] ? tcp_sendpage+0x1960/0x1960 [ 26.520562] [] ? sock_has_perm+0x292/0x3e0 [ 26.526422] [] ? sock_has_perm+0x9f/0x3e0 [ 26.532188] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 26.539258] [] ? check_preemption_disabled+0x3b/0x170 [ 26.546075] [] ? inet_sendmsg+0x143/0x4d0 [ 26.551846] [] inet_sendmsg+0x203/0x4d0 [ 26.557436] [] ? inet_sendmsg+0x73/0x4d0 [ 26.563113] [] ? inet_recvmsg+0x4c0/0x4c0 [ 26.568881] [] sock_sendmsg+0xcc/0x110 [ 26.574393] [] SYSC_sendto+0x21c/0x370 [ 26.579904] [] ? SYSC_connect+0x300/0x300 [ 26.585669] [] ? sock_has_perm+0x292/0x3e0 [ 26.591521] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 26.598600] [] ? selinux_netlbl_socket_setsockopt+0x8c/0x340 [ 26.606016] [] ? selinux_netlbl_sock_rcv_skb+0x480/0x480 [ 26.613083] [] ? sock_common_setsockopt+0x9a/0xe0 [ 26.619543] [] ? SyS_setsockopt+0x185/0x260 [ 26.625481] [] ? SyS_recv+0x40/0x40 [ 26.630728] [] ? __do_page_fault+0x183/0xd50 [ 26.636752] [] SyS_sendto+0x40/0x50 [ 26.641994] [] ? SyS_getpeername+0x30/0x30 [ 26.647850] [] do_syscall_64+0x1a6/0x490 [ 26.653530] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.660883] Dumping ftrace buffer: [ 26.664398] (ftrace buffer empty) [ 26.668077] Kernel Offset: disabled [ 26.671673] Rebooting in 86400 seconds..