[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.375594] random: sshd: uninitialized urandom read (32 bytes read, 30 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. [ 20.026468] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [ 20.253836] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.224506] random: sshd: uninitialized urandom read (32 bytes read, 101 bits of entropy available) [ 21.376301] random: sshd: uninitialized urandom read (32 bytes read, 104 bits of entropy available) Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. [ 26.858971] random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available) executing program [ 26.956504] ================================================================== [ 26.963875] BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 [ 26.970076] Read of size 1 at addr ffff8801c87678e0 by task syzkaller311351/3732 [ 26.977571] [ 26.979169] CPU: 1 PID: 3732 Comm: syzkaller311351 Not tainted 4.4.125-g38f41ec #63 [ 26.986934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.996256] 0000000000000000 847c5155748e9cda ffff8801c8767418 ffffffff81d067bd [ 27.004220] ffffea000721d9c0 ffff8801c87678e0 0000000000000000 ffff8801c87678e0 [ 27.012188] ffff8801c87678c8 ffff8801c8767450 ffffffff814fea83 ffff8801c87678e0 [ 27.020163] Call Trace: [ 27.022719] [] dump_stack+0xc1/0x124 [ 27.028050] [] print_address_description+0x73/0x260 [ 27.034683] [] kasan_report+0x285/0x370 [ 27.040283] [] ? memcmp+0x126/0x160 [ 27.045525] [] __asan_report_load1_noabort+0x14/0x20 [ 27.052243] [] memcmp+0x126/0x160 [ 27.057417] [] xfrm_selector_match+0x1c7/0xe50 [ 27.063628] [] xfrm_sk_policy_lookup+0x153/0x360 [ 27.070006] [] ? xfrm_sk_policy_lookup+0x43/0x360 [ 27.076465] [] xfrm_lookup+0x1be/0xc10 [ 27.081972] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 27.088434] [] ? ip6_dst_lookup_tail+0x3c0/0x1480 [ 27.094898] [] ? ip6_dst_lookup_tail+0x4a5/0x1480 [ 27.101361] [] ? ip6_copy_metadata+0x710/0x710 [ 27.107566] [] ? mark_held_locks+0xaf/0x100 [ 27.113516] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 27.120416] [] xfrm_lookup_route+0x39/0x1a0 [ 27.126355] [] ip6_dst_lookup_flow+0x1b4/0x2e0 [ 27.132560] [] ? ip6_dst_lookup+0x60/0x60 [ 27.138377] [] ? selinux_sk_getsecid+0xa0/0x110 [ 27.144666] [] tcp_v6_connect+0xade/0x1b90 [ 27.150522] [] ? inet_sendmsg+0x2bc/0x4c0 [ 27.156292] [] ? sock_sendmsg+0xca/0x110 [ 27.161983] [] ? tcp_v6_syn_recv_sock+0x1f50/0x1f50 [ 27.168618] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.175600] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 27.181888] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 27.188179] [] __inet_stream_connect+0x2a6/0xc70 [ 27.194552] [] ? inet_dgram_connect+0x1f0/0x1f0 [ 27.200840] [] ? kasan_kmalloc+0xad/0xe0 [ 27.206522] [] ? tcp_sendmsg+0xda9/0x2b10 [ 27.212291] [] ? kmem_cache_alloc_trace+0x100/0x2b0 [ 27.218937] [] tcp_sendmsg+0xcc1/0x2b10 [ 27.224549] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.231542] [] ? sock_has_perm+0x1c1/0x400 [ 27.237396] [] ? tcp_sendpage+0x1830/0x1830 [ 27.243336] [] ? inet_sendmsg+0x201/0x4c0 [ 27.249101] [] inet_sendmsg+0x2bc/0x4c0 [ 27.254693] [] ? inet_sendmsg+0x73/0x4c0 [ 27.260373] [] ? inet_recvmsg+0x4c0/0x4c0 [ 27.266139] [] sock_sendmsg+0xca/0x110 [ 27.271648] [] SYSC_sendto+0x2c8/0x340 [ 27.277158] [] ? SYSC_connect+0x310/0x310 [ 27.282924] [] ? sock_has_perm+0x29f/0x400 [ 27.288779] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 27.295849] [] ? selinux_netlbl_socket_setsockopt+0x117/0x320 [ 27.303352] [] ? selinux_netlbl_sock_rcv_skb+0x400/0x400 [ 27.310424] [] ? sock_common_setsockopt+0x95/0xd0 [ 27.316885] [] ? SyS_setsockopt+0x17f/0x250 [ 27.322847] [] ? vmacache_update+0xfe/0x130 [ 27.328794] [] ? SyS_recv+0x40/0x40 [ 27.334041] [] ? retint_user+0x18/0x3c [ 27.339560] [] SyS_sendto+0x40/0x50 [ 27.344805] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 27.351347] [ 27.352946] The buggy address belongs to the page: [ 27.357843] page:ffffea000721d9c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.365948] flags: 0x8000000000000000() [ 27.370008] page dumped because: kasan: bad access detected [ 27.375769] [ 27.377365] Memory state around the buggy address: [ 27.382260] ffff8801c8767780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.389589] ffff8801c8767800: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 [ 27.396918] >ffff8801c8767880: f2 f2 00 00 00 00 00 00 00 00 00 00 f2 f2 00 00 [ 27.404248] ^ [ 27.410706] ffff8801c8767900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.418033] ffff8801c8767980: 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2 f2 00 [ 27.425358] ================================================================== [ 27.432683] Disabling lock debugging due to kernel taint [ 27.438133] Kernel panic - not syncing: panic_on_warn set ... [ 27.438133] [ 27.445475] CPU: 1 PID: 3732 Comm: syzkaller311351 Tainted: G B 4.4.125-g38f41ec #63 [ 27.454455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.463777] 0000000000000000 847c5155748e9cda ffff8801c8767370 ffffffff81d067bd [ 27.471738] ffffffff83fb764d ffff8801c8767448 0000000000000000 ffff8801c87678e0 [ 27.479705] ffff8801c87678c8 ffff8801c8767438 ffffffff8141b46a 0000000041b58ab3 [ 27.487704] Call Trace: [ 27.490265] [] dump_stack+0xc1/0x124 [ 27.495602] [] panic+0x1aa/0x388 [ 27.500589] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 27.507491] [] ? add_taint+0x1c/0x50 [ 27.512823] [] kasan_end_report+0x50/0x50 [ 27.518588] [] kasan_report+0x15c/0x370 [ 27.524182] [] ? memcmp+0x126/0x160 [ 27.529430] [] __asan_report_load1_noabort+0x14/0x20 [ 27.536152] [] memcmp+0x126/0x160 [ 27.541228] [] xfrm_selector_match+0x1c7/0xe50 [ 27.547429] [] xfrm_sk_policy_lookup+0x153/0x360 [ 27.553828] [] ? xfrm_sk_policy_lookup+0x43/0x360 [ 27.560292] [] xfrm_lookup+0x1be/0xc10 [ 27.565798] [] ? xfrm_bundle_lookup+0x11d0/0x11d0 [ 27.572262] [] ? ip6_dst_lookup_tail+0x3c0/0x1480 [ 27.578724] [] ? ip6_dst_lookup_tail+0x4a5/0x1480 [ 27.585185] [] ? ip6_copy_metadata+0x710/0x710 [ 27.591389] [] ? mark_held_locks+0xaf/0x100 [ 27.597352] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 27.604257] [] xfrm_lookup_route+0x39/0x1a0 [ 27.610200] [] ip6_dst_lookup_flow+0x1b4/0x2e0 [ 27.616402] [] ? ip6_dst_lookup+0x60/0x60 [ 27.622169] [] ? selinux_sk_getsecid+0xa0/0x110 [ 27.628461] [] tcp_v6_connect+0xade/0x1b90 [ 27.634328] [] ? inet_sendmsg+0x2bc/0x4c0 [ 27.640096] [] ? sock_sendmsg+0xca/0x110 [ 27.645776] [] ? tcp_v6_syn_recv_sock+0x1f50/0x1f50 [ 27.652419] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.659405] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 27.665689] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 27.671977] [] __inet_stream_connect+0x2a6/0xc70 [ 27.678353] [] ? inet_dgram_connect+0x1f0/0x1f0 [ 27.684642] [] ? kasan_kmalloc+0xad/0xe0 [ 27.690324] [] ? tcp_sendmsg+0xda9/0x2b10 [ 27.696092] [] ? kmem_cache_alloc_trace+0x100/0x2b0 [ 27.702727] [] tcp_sendmsg+0xcc1/0x2b10 [ 27.708335] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.715322] [] ? sock_has_perm+0x1c1/0x400 [ 27.721177] [] ? tcp_sendpage+0x1830/0x1830 [ 27.727122] [] ? inet_sendmsg+0x201/0x4c0 [ 27.732888] [] inet_sendmsg+0x2bc/0x4c0 [ 27.738495] [] ? inet_sendmsg+0x73/0x4c0 [ 27.744173] [] ? inet_recvmsg+0x4c0/0x4c0 [ 27.749948] [] sock_sendmsg+0xca/0x110 [ 27.755454] [] SYSC_sendto+0x2c8/0x340 [ 27.760961] [] ? SYSC_connect+0x310/0x310 [ 27.766728] [] ? sock_has_perm+0x29f/0x400 [ 27.772589] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 27.779661] [] ? selinux_netlbl_socket_setsockopt+0x117/0x320 [ 27.787168] [] ? selinux_netlbl_sock_rcv_skb+0x400/0x400 [ 27.794243] [] ? sock_common_setsockopt+0x95/0xd0 [ 27.800705] [] ? SyS_setsockopt+0x17f/0x250 [ 27.806646] [] ? vmacache_update+0xfe/0x130 [ 27.812584] [] ? SyS_recv+0x40/0x40 [ 27.817830] [] ? retint_user+0x18/0x3c [ 27.823334] [] SyS_sendto+0x40/0x50 [ 27.828578] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 27.835589] Dumping ftrace buffer: [ 27.839108] (ftrace buffer empty) [ 27.842788] Kernel Offset: disabled [ 27.846384] Rebooting in 86400 seconds..