[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.253317] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.467244] random: crng init done Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. executing program [ 36.233363] ================================================================== [ 36.240864] BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 [ 36.247073] Read of size 1 at addr ffff8801cf717ab0 by task syz-executor100/2048 [ 36.254576] [ 36.256185] CPU: 0 PID: 2048 Comm: syz-executor100 Not tainted 4.9.129+ #45 [ 36.263260] ffff8801cf717388 ffffffff81b36939 ffffea00073dc5c0 ffff8801cf717ab0 [ 36.271243] 0000000000000000 ffff8801cf717ab0 ffff8801cf717a98 ffff8801cf7173c0 [ 36.279296] ffffffff8150072d ffff8801cf717ab0 0000000000000001 0000000000000000 [ 36.287339] Call Trace: [ 36.289904] [] dump_stack+0xc1/0x128 [ 36.295245] [] print_address_description+0x6c/0x234 [ 36.301896] [] kasan_report.cold.6+0x242/0x2fe [ 36.308109] [] ? memcmp+0x126/0x160 [ 36.313366] [] __asan_report_load1_noabort+0x14/0x20 [ 36.320099] [] memcmp+0x126/0x160 [ 36.325196] [] xfrm_selector_match+0x6a0/0xe40 [ 36.331408] [] xfrm_sk_policy_lookup+0x143/0x3c0 [ 36.337793] [] ? xfrm_selector_match+0xe40/0xe40 [ 36.344221] [] xfrm_lookup+0x1bd/0xb70 [ 36.349744] [] ? xfrm_sk_policy_lookup+0x3c0/0x3c0 [ 36.356316] [] ? ip6_dst_lookup_tail+0x499/0x1620 [ 36.362781] [] ? ip6_dst_lookup_tail+0x534/0x1620 [ 36.369251] [] ? __lock_acquire+0x654/0x4a10 [ 36.375333] [] ? ip6_copy_metadata+0x810/0x810 [ 36.381558] [] ? trace_hardirqs_on+0x10/0x10 [ 36.387595] [] xfrm_lookup_route+0x39/0x140 [ 36.393540] [] ip6_dst_lookup_flow+0x17b/0x210 [ 36.399744] [] ? ip6_dst_lookup+0x60/0x60 [ 36.405523] [] ? selinux_sk_getsecid+0x7a/0xd0 [ 36.411734] [] rawv6_sendmsg+0x9b5/0x2810 [ 36.417527] [] ? rawv6_sendmsg+0x58b/0x2810 [ 36.423479] [] ? xfrm_sk_policy_lookup+0x242/0x3c0 [ 36.430034] [] ? compat_rawv6_setsockopt+0x100/0x100 [ 36.436768] [] ? check_preemption_disabled+0x3b/0x170 [ 36.443639] [] ? avc_has_perm+0x15a/0x3a0 [ 36.449479] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 36.455953] [] ? trace_hardirqs_on+0x10/0x10 [ 36.461990] [] ? sock_has_perm+0x1c1/0x3e0 [ 36.467954] [] ? sock_has_perm+0x293/0x3e0 [ 36.473816] [] ? sock_has_perm+0x9f/0x3e0 [ 36.479634] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 36.486368] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 36.493111] [] ? inet_sendmsg+0x143/0x4d0 [ 36.498995] [] inet_sendmsg+0x203/0x4d0 [ 36.504593] [] ? inet_sendmsg+0x73/0x4d0 [ 36.510284] [] ? inet_recvmsg+0x4c0/0x4c0 [ 36.516065] [] sock_sendmsg+0xbb/0x110 [ 36.521584] [] sock_write_iter+0x223/0x3b0 [ 36.527449] [] ? sock_sendmsg+0x110/0x110 [ 36.533221] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 36.539948] [] ? iov_iter_init+0xaf/0x1d0 [ 36.545790] [] __vfs_write+0x3d7/0x580 [ 36.551309] [] ? __vfs_read+0x560/0x560 [ 36.556914] [] ? selinux_file_permission+0x82/0x470 [ 36.563561] [] ? rw_verify_area+0xe5/0x2a0 [ 36.569432] [] vfs_write+0x187/0x520 [ 36.574778] [] SyS_write+0xd9/0x1c0 [ 36.580148] [] ? SyS_read+0x1c0/0x1c0 [ 36.585578] [] ? do_syscall_64+0x48/0x550 [ 36.591396] [] ? SyS_read+0x1c0/0x1c0 [ 36.596852] [] do_syscall_64+0x19f/0x550 [ 36.602544] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 36.609449] [ 36.611049] The buggy address belongs to the page: [ 36.615994] page:ffffea00073dc5c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 36.624302] flags: 0x4000000000000000() [ 36.628247] page dumped because: kasan: bad access detected [ 36.633928] [ 36.635539] Memory state around the buggy address: [ 36.640488] ffff8801cf717980: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 f2 f2 [ 36.647833] ffff8801cf717a00: f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 [ 36.655164] >ffff8801cf717a80: 00 00 00 00 00 00 f2 f2 00 00 00 00 00 00 00 00 [ 36.662496] ^ [ 36.667413] ffff8801cf717b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.674748] ffff8801cf717b80: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 [ 36.682081] ================================================================== [ 36.689416] Disabling lock debugging due to kernel taint [ 36.695121] Kernel panic - not syncing: panic_on_warn set ... [ 36.695121] [ 36.702472] CPU: 0 PID: 2048 Comm: syz-executor100 Tainted: G B 4.9.129+ #45 [ 36.710763] ffff8801cf7172e8 ffffffff81b36939 ffffffff82e356c8 00000000ffffffff [ 36.718808] 0000000000000000 0000000000000000 ffff8801cf717a98 ffff8801cf7173a8 [ 36.726798] ffffffff813f6775 0000000041b58ab3 ffffffff82e296cb ffffffff813f65b6 [ 36.734785] Call Trace: [ 36.737349] [] dump_stack+0xc1/0x128 [ 36.742701] [] panic+0x1bf/0x39f [ 36.747807] [] ? add_taint.cold.6+0x16/0x16 [ 36.753794] [] ? ___preempt_schedule+0x16/0x18 [ 36.760006] [] kasan_end_report+0x47/0x4f [ 36.765850] [] kasan_report.cold.6+0x76/0x2fe [ 36.771976] [] ? memcmp+0x126/0x160 [ 36.777229] [] __asan_report_load1_noabort+0x14/0x20 [ 36.783981] [] memcmp+0x126/0x160 [ 36.789077] [] xfrm_selector_match+0x6a0/0xe40 [ 36.795294] [] xfrm_sk_policy_lookup+0x143/0x3c0 [ 36.801677] [] ? xfrm_selector_match+0xe40/0xe40 [ 36.808061] [] xfrm_lookup+0x1bd/0xb70 [ 36.813576] [] ? xfrm_sk_policy_lookup+0x3c0/0x3c0 [ 36.820249] [] ? ip6_dst_lookup_tail+0x499/0x1620 [ 36.826715] [] ? ip6_dst_lookup_tail+0x534/0x1620 [ 36.833181] [] ? __lock_acquire+0x654/0x4a10 [ 36.839218] [] ? ip6_copy_metadata+0x810/0x810 [ 36.845444] [] ? trace_hardirqs_on+0x10/0x10 [ 36.851482] [] xfrm_lookup_route+0x39/0x140 [ 36.857494] [] ip6_dst_lookup_flow+0x17b/0x210 [ 36.863708] [] ? ip6_dst_lookup+0x60/0x60 [ 36.869487] [] ? selinux_sk_getsecid+0x7a/0xd0 [ 36.875839] [] rawv6_sendmsg+0x9b5/0x2810 [ 36.881613] [] ? rawv6_sendmsg+0x58b/0x2810 [ 36.887564] [] ? xfrm_sk_policy_lookup+0x242/0x3c0 [ 36.894193] [] ? compat_rawv6_setsockopt+0x100/0x100 [ 36.900929] [] ? check_preemption_disabled+0x3b/0x170 [ 36.907746] [] ? avc_has_perm+0x15a/0x3a0 [ 36.913529] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 36.919998] [] ? trace_hardirqs_on+0x10/0x10 [ 36.926032] [] ? sock_has_perm+0x1c1/0x3e0 [ 36.931891] [] ? sock_has_perm+0x293/0x3e0 [ 36.937752] [] ? sock_has_perm+0x9f/0x3e0 [ 36.943538] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 36.950277] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 36.957010] [] ? inet_sendmsg+0x143/0x4d0 [ 36.962786] [] inet_sendmsg+0x203/0x4d0 [ 36.968388] [] ? inet_sendmsg+0x73/0x4d0 [ 36.974193] [] ? inet_recvmsg+0x4c0/0x4c0 [ 36.980120] [] sock_sendmsg+0xbb/0x110 [ 36.985641] [] sock_write_iter+0x223/0x3b0 [ 36.991564] [] ? sock_sendmsg+0x110/0x110 [ 36.997381] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 37.004130] [] ? iov_iter_init+0xaf/0x1d0 [ 37.009907] [] __vfs_write+0x3d7/0x580 [ 37.015566] [] ? __vfs_read+0x560/0x560 [ 37.021169] [] ? selinux_file_permission+0x82/0x470 [ 37.028302] [] ? rw_verify_area+0xe5/0x2a0 [ 37.034158] [] vfs_write+0x187/0x520 [ 37.039493] [] SyS_write+0xd9/0x1c0 [ 37.044750] [] ? SyS_read+0x1c0/0x1c0 [ 37.050185] [] ? do_syscall_64+0x48/0x550 [ 37.055969] [] ? SyS_read+0x1c0/0x1c0 [ 37.061411] [] do_syscall_64+0x19f/0x550 [ 37.067296] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 37.074520] Kernel Offset: disabled [ 37.078174] Rebooting in 86400 seconds..