[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.036139] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.626225] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [ 19.953943] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [ 21.244746] random: nonblocking pool is initialized Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. executing program [ 38.083244] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 38.100642] ================================================================== [ 38.108002] BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 [ 38.114209] Read of size 1 at addr ffff8800b92078e0 by task syz-executor471/3708 [ 38.121708] [ 38.123311] CPU: 0 PID: 3708 Comm: syz-executor471 Not tainted 4.4.140-ged9bdc8 #68 [ 38.131074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.140417] 0000000000000000 c082ff154dcd4715 ffff8800b9207410 ffffffff81e0e08d [ 38.148392] ffffea0002e481c0 ffff8800b92078e0 0000000000000000 ffff8800b92078e0 [ 38.156378] 0000000000000000 ffff8800b9207448 ffffffff81515a56 ffff8800b92078e0 [ 38.164359] Call Trace: [ 38.166930] [] dump_stack+0xc1/0x124 [ 38.172266] [] print_address_description+0x6c/0x216 [ 38.178911] [] kasan_report.cold.7+0x175/0x2f7 [ 38.185122] [] ? memcmp+0x126/0x160 [ 38.190376] [] __asan_report_load1_noabort+0x14/0x20 [ 38.197098] [] memcmp+0x126/0x160 [ 38.202172] [] ? __lock_is_held+0xa2/0xf0 [ 38.207943] [] xfrm_selector_match+0x12d/0xe50 [ 38.214145] [] xfrm_sk_policy_lookup+0x151/0x350 [ 38.220522] [] ? xfrm_sk_policy_lookup+0x42/0x350 [ 38.226984] [] xfrm_lookup+0x1b5/0xb70 [ 38.232491] [] ? xfrm_bundle_lookup+0x1220/0x1220 [ 38.238970] [] ? ip6_dst_lookup_tail+0x3b9/0x1460 [ 38.238975] [] ? ip6_dst_lookup_tail+0x454/0x1460 [ 38.238979] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 38.238985] [] ? mark_held_locks+0xc7/0x130 [ 38.238992] [] ? depot_save_stack+0x211/0x610 [ 38.239003] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 38.239008] [] xfrm_lookup_route+0x39/0x1b0 [ 38.239012] [] ip6_dst_lookup_flow+0x1b7/0x2f0 [ 38.239016] [] ? ip6_dst_lookup+0x60/0x60 [ 38.239022] [] ? selinux_sk_getsecid+0x77/0xc0 [ 38.239028] [] tcp_v6_connect+0xd58/0x1b70 [ 38.239034] [] ? sock_sendmsg+0xcc/0x110 [ 38.239038] [] ? SYSC_sendto+0x21c/0x370 [ 38.239043] [] ? tcp_v6_syn_recv_sock+0x1f20/0x1f20 [ 38.239048] [] ? __kernel_text_address+0x6b/0xa0 [ 38.239055] [] __inet_stream_connect+0x2a9/0xc30 [ 38.239059] [] ? inet_dgram_connect+0x200/0x200 [ 38.239064] [] ? kasan_kmalloc+0xc7/0xe0 [ 38.239071] [] ? tcp_sendmsg+0x14d6/0x2b00 [ 38.239076] [] ? kmem_cache_alloc_trace+0x104/0x2c0 [ 38.239080] [] tcp_sendmsg+0x1600/0x2b00 [ 38.239085] [] ? debug_check_no_locks_freed+0x210/0x210 [ 38.239089] [] ? tcp_sendpage+0x1840/0x1840 [ 38.239093] [] ? inet_sendmsg+0x143/0x4d0 [ 38.239097] [] inet_sendmsg+0x203/0x4d0 [ 38.239101] [] ? inet_sendmsg+0x73/0x4d0 [ 38.239105] [] ? inet_recvmsg+0x4c0/0x4c0 [ 38.239109] [] sock_sendmsg+0xcc/0x110 [ 38.239112] [] SYSC_sendto+0x21c/0x370 [ 38.239116] [] ? SYSC_connect+0x300/0x300 [ 38.239120] [] ? _raw_spin_unlock+0x2c/0x50 [ 38.239125] [] ? do_huge_pmd_anonymous_page+0x38c/0x9d0 [ 38.239129] [] ? handle_mm_fault+0xbf7/0x30b0 [ 38.239135] [] ? __do_page_fault+0x385/0xa10 [ 38.239139] [] ? retint_user+0x18/0x3c [ 38.239144] [] SyS_sendto+0x40/0x50 [ 38.239148] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 38.239150] [ 38.239151] The buggy address belongs to the page: [ 38.239156] page:ffffea0002e481c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 38.239159] flags: 0x4000000000000000() [ 38.239160] page dumped because: kasan: bad access detected [ 38.239161] [ 38.239162] Memory state around the buggy address: [ 38.239166] ffff8800b9207780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.239169] ffff8800b9207800: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 [ 38.239171] >ffff8800b9207880: f2 f2 00 00 00 00 00 00 00 00 00 00 f2 f2 00 00 [ 38.239173] ^ [ 38.239176] ffff8800b9207900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.239178] ffff8800b9207980: 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2 f2 00 [ 38.239179] ================================================================== [ 38.239181] Disabling lock debugging due to kernel taint [ 38.239224] Kernel panic - not syncing: panic_on_warn set ... [ 38.239224] [ 38.239230] CPU: 0 PID: 3708 Comm: syz-executor471 Tainted: G B 4.4.140-ged9bdc8 #68 [ 38.239232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.239238] 0000000000000000 c082ff154dcd4715 ffff8800b9207370 ffffffff81e0e08d [ 38.239242] ffffffff841ed927 0000000000000001 0000000000000000 ffff8800b92078e0 [ 38.239246] 0000000000000000 ffff8800b9207430 ffffffff8140a1c4 0000000041b58ab3 [ 38.239248] Call Trace: [ 38.239253] [] dump_stack+0xc1/0x124 [ 38.239258] [] panic+0x19e/0x38d [ 38.239262] [] ? add_taint.cold.4+0x16/0x16 [ 38.239266] [] kasan_end_report+0x47/0x4f [ 38.239269] [] kasan_report.cold.7+0x192/0x2f7 [ 38.239274] [] ? memcmp+0x126/0x160 [ 38.239278] [] __asan_report_load1_noabort+0x14/0x20 [ 38.239282] [] memcmp+0x126/0x160 [ 38.239286] [] ? __lock_is_held+0xa2/0xf0 [ 38.239290] [] xfrm_selector_match+0x12d/0xe50 [ 38.239294] [] xfrm_sk_policy_lookup+0x151/0x350 [ 38.239298] [] ? xfrm_sk_policy_lookup+0x42/0x350 [ 38.239302] [] xfrm_lookup+0x1b5/0xb70 [ 38.239306] [] ? xfrm_bundle_lookup+0x1220/0x1220 [ 38.239311] [] ? ip6_dst_lookup_tail+0x3b9/0x1460 [ 38.239315] [] ? ip6_dst_lookup_tail+0x454/0x1460 [ 38.239319] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 38.239323] [] ? mark_held_locks+0xc7/0x130 [ 38.239327] [] ? depot_save_stack+0x211/0x610 [ 38.239332] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 38.239336] [] xfrm_lookup_route+0x39/0x1b0 [ 38.239340] [] ip6_dst_lookup_flow+0x1b7/0x2f0 [ 38.239344] [] ? ip6_dst_lookup+0x60/0x60 [ 38.239347] [] ? selinux_sk_getsecid+0x77/0xc0 [ 38.239352] [] tcp_v6_connect+0xd58/0x1b70 [ 38.239356] [] ? sock_sendmsg+0xcc/0x110 [ 38.239359] [] ? SYSC_sendto+0x21c/0x370 [ 38.239364] [] ? tcp_v6_syn_recv_sock+0x1f20/0x1f20 [ 38.239368] [] ? __kernel_text_address+0x6b/0xa0 [ 38.239372] [] __inet_stream_connect+0x2a9/0xc30 [ 38.239376] [] ? inet_dgram_connect+0x200/0x200 [ 38.239380] [] ? kasan_kmalloc+0xc7/0xe0 [ 38.239384] [] ? tcp_sendmsg+0x14d6/0x2b00 [ 38.239387] [] ? kmem_cache_alloc_trace+0x104/0x2c0 [ 38.239391] [] tcp_sendmsg+0x1600/0x2b00 [ 38.239396] [] ? debug_check_no_locks_freed+0x210/0x210 [ 38.239403] [] ? tcp_sendpage+0x1840/0x1840 [ 38.239408] [] ? inet_sendmsg+0x143/0x4d0 [ 38.239412] [] inet_sendmsg+0x203/0x4d0 [ 38.239415] [] ? inet_sendmsg+0x73/0x4d0 [ 38.239419] [] ? inet_recvmsg+0x4c0/0x4c0 [ 38.239423] [] sock_sendmsg+0xcc/0x110 [ 38.239427] [] SYSC_sendto+0x21c/0x370 [ 38.239430] [] ? SYSC_connect+0x300/0x300 [ 38.239434] [] ? _raw_spin_unlock+0x2c/0x50 [ 38.239438] [] ? do_huge_pmd_anonymous_page+0x38c/0x9d0 [ 38.239442] [] ? handle_mm_fault+0xbf7/0x30b0 [ 38.239446] [] ? __do_page_fault+0x385/0xa10 [ 38.239450] [] ? retint_user+0x18/0x3c [ 38.239454] [] SyS_sendto+0x40/0x50 [ 38.239458] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 38.245892] Dumping ftrace buffer: [ 38.245895] (ftrace buffer empty) [ 38.245896] Kernel Offset: disabled [ 38.917600] Rebooting in 86400 seconds..