[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 18.667267] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 22.511575] random: sshd: uninitialized urandom read (32 bytes read)
[ 22.839396] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.706434] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.865806] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts.
[ 29.293923] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 29.405977] ==================================================================
[ 29.413469] BUG: KASAN: use-after-free in _copy_to_user+0xe9/0x110
[ 29.419771] Read of size 1012 at addr ffff8801a73ffff2 by task syz-executor999/4519
[ 29.427540]
[ 29.429150] CPU: 1 PID: 4519 Comm: syz-executor999 Not tainted 4.18.0-rc3+ #4
[ 29.436398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.445729] Call Trace:
[ 29.448305] dump_stack+0x1c9/0x2b4
[ 29.451918] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.457087] ? printk+0xa7/0xcf
[ 29.460348] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 29.465088] ? _copy_to_user+0xe9/0x110
[ 29.469048] print_address_description+0x6c/0x20b
[ 29.473875] ? _copy_to_user+0xe9/0x110
[ 29.477830] kasan_report.cold.7+0x242/0x2fe
[ 29.482219] check_memory_region+0x13e/0x1b0
[ 29.486607] kasan_check_read+0x11/0x20
[ 29.490560] _copy_to_user+0xe9/0x110
[ 29.494346] bpf_test_finish.isra.7+0xee/0x1f0
[ 29.498910] ? bpf_test_init.isra.8+0x100/0x100
[ 29.503558] ? bpf_skb_change_head+0x737/0xad0
[ 29.508121] ? bpf_test_run+0x2fc/0x3b0
[ 29.512078] bpf_prog_test_run_skb+0x7d7/0xa30
[ 29.516640] ? bpf_test_finish.isra.7+0x1f0/0x1f0
[ 29.521501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.527035] ? __bpf_prog_get+0x9b/0x290
[ 29.531078] ? bpf_test_finish.isra.7+0x1f0/0x1f0
[ 29.535901] bpf_prog_test_run+0x130/0x1a0
[ 29.540118] __x64_sys_bpf+0x3d8/0x510
[ 29.544545] ? bpf_prog_get+0x20/0x20
[ 29.548339] ? do_syscall_64+0x9a/0x820
[ 29.552303] do_syscall_64+0x1b9/0x820
[ 29.556175] ? syscall_return_slowpath+0x5e0/0x5e0
[ 29.561085] ? syscall_return_slowpath+0x31d/0x5e0
[ 29.566039] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[ 29.571398] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.576251] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 29.581420] RIP: 0033:0x440269
[ 29.584588] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 29.603758] RSP: 002b:00007ffd46082208 EFLAGS: 00000213 ORIG_RAX: 0000000000000141
[ 29.611448] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269
[ 29.618705] RDX: 0000000000000028 RSI: 0000000020000080 RDI: 000000000000000a
[ 29.625953] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 29.633204] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401af0
[ 29.640455] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000
[ 29.647715]
[ 29.649319] The buggy address belongs to the page:
[ 29.654226] page:ffffea00069cffc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 29.662343] flags: 0x2fffc0000000000()
[ 29.666212] raw: 02fffc0000000000 ffffea00069cffc8 ffffea00069cffc8 0000000000000000
[ 29.674078] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 29.681945] page dumped because: kasan: bad access detected
[ 29.687637]
[ 29.689243] Memory state around the buggy address:
[ 29.694150] ffff8801a73ffe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 29.701487] ffff8801a73fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 29.708825] >ffff8801a73fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 29.716159] ^
[ 29.723150] ffff8801a7400000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.730491] ffff8801a7400080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.737823] ==================================================================
[ 29.745157] Disabling lock debugging due to kernel taint
[ 29.750653] Kernel panic - not syncing: panic_on_warn set ...
[ 29.750653]
[ 29.758019] CPU: 1 PID: 4519 Comm: syz-executor999 Tainted: G B 4.18.0-rc3+ #4
[ 29.766674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.776013] Call Trace:
[ 29.778590] dump_stack+0x1c9/0x2b4
[ 29.782198] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.787368] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 29.792133] panic+0x238/0x4e7
[ 29.795305] ? add_taint.cold.5+0x16/0x16
[ 29.799431] ? do_raw_spin_unlock+0xa7/0x2f0
[ 29.803836] ? do_raw_spin_unlock+0xa7/0x2f0
[ 29.808234] ? _copy_to_user+0xe9/0x110
[ 29.812198] kasan_end_report+0x47/0x4f
[ 29.816148] kasan_report.cold.7+0x76/0x2fe
[ 29.820448] check_memory_region+0x13e/0x1b0
[ 29.824856] kasan_check_read+0x11/0x20
[ 29.828809] _copy_to_user+0xe9/0x110
[ 29.832589] bpf_test_finish.isra.7+0xee/0x1f0
[ 29.837147] ? bpf_test_init.isra.8+0x100/0x100
[ 29.841798] ? bpf_skb_change_head+0x737/0xad0
[ 29.846359] ? bpf_test_run+0x2fc/0x3b0
[ 29.850400] bpf_prog_test_run_skb+0x7d7/0xa30
[ 29.854964] ? bpf_test_finish.isra.7+0x1f0/0x1f0
[ 29.859795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.865309] ? __bpf_prog_get+0x9b/0x290
[ 29.869355] ? bpf_test_finish.isra.7+0x1f0/0x1f0
[ 29.874178] bpf_prog_test_run+0x130/0x1a0
[ 29.878393] __x64_sys_bpf+0x3d8/0x510
[ 29.882266] ? bpf_prog_get+0x20/0x20
[ 29.886054] ? do_syscall_64+0x9a/0x820
[ 29.890012] do_syscall_64+0x1b9/0x820
[ 29.893892] ? syscall_return_slowpath+0x5e0/0x5e0
[ 29.898801] ? syscall_return_slowpath+0x31d/0x5e0
[ 29.903730] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[ 29.909074] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.913898] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 29.919086] RIP: 0033:0x440269
[ 29.922254] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 29.941475] RSP: 002b:00007ffd46082208 EFLAGS: 00000213 ORIG_RAX: 0000000000000141
[ 29.949187] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269
[ 29.956538] RDX: 0000000000000028 RSI: 0000000020000080 RDI: 000000000000000a
[ 29.963791] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 29.971046] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401af0
[ 29.978298] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000
[ 29.986120] Dumping ftrace buffer:
[ 29.989655] (ftrace buffer empty)
[ 29.993431] Kernel Offset: disabled
[ 29.997036] Rebooting in 86400 seconds..