[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.738462] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.584861] random: sshd: uninitialized urandom read (32 bytes read) [ 20.852613] random: sshd: uninitialized urandom read (32 bytes read) [ 21.744816] random: sshd: uninitialized urandom read (32 bytes read) [ 21.898320] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts. [ 27.356145] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 27.459053] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 27.475444] ================================================================== [ 27.482835] BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 [ 27.489063] Read of size 1 at addr ffff8801d906f840 by task syz-executor621/3797 [ 27.496700] [ 27.498308] CPU: 0 PID: 3797 Comm: syz-executor621 Not tainted 4.9.112-g9e79039 #59 [ 27.506084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.515450] ffff8801d906f2f8 ffffffff81eb3249 ffffea0007641bc0 ffff8801d906f840 [ 27.523589] 0000000000000000 ffff8801d906f840 0000000000000000 ffff8801d906f330 [ 27.531589] ffffffff81567bd9 ffff8801d906f840 0000000000000001 0000000000000000 [ 27.539613] Call Trace: [ 27.542201] [] dump_stack+0xc1/0x128 [ 27.547575] [] print_address_description+0x6c/0x234 [ 27.554769] [] kasan_report.cold.6+0x242/0x2fe [ 27.560989] [] ? memcmp+0x126/0x160 [ 27.566356] [] __asan_report_load1_noabort+0x14/0x20 [ 27.573106] [] memcmp+0x126/0x160 [ 27.578209] [] ? __lock_is_held+0xa2/0xf0 [ 27.584169] [] xfrm_selector_match+0x12d/0xe40 [ 27.590407] [] xfrm_sk_policy_lookup+0x143/0x3c0 [ 27.596868] [] ? xfrm_selector_match+0xe40/0xe40 [ 27.603295] [] xfrm_lookup+0x1b5/0xb70 [ 27.608861] [] ? xfrm_bundle_lookup+0x1220/0x1220 [ 27.615392] [] ? ip6_dst_lookup_tail+0x48f/0x16c0 [ 27.621892] [] ? ip6_dst_lookup_tail+0x52a/0x16c0 [ 27.628544] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 27.634870] [] xfrm_lookup_route+0x39/0x1b0 [ 27.640825] [] ip6_dst_lookup_flow+0x17b/0x210 [ 27.647054] [] ? ip6_dst_lookup+0x60/0x60 [ 27.653600] [] ? __lock_is_held+0xa2/0xf0 [ 27.659485] [] ? selinux_sk_getsecid+0x77/0xc0 [ 27.665719] [] tcp_v6_connect+0xd8e/0x1b40 [ 27.671602] [] ? tcp_v6_mtu_reduced+0x60/0x60 [ 27.677955] [] __inet_stream_connect+0x6e0/0xbf0 [ 27.684366] [] ? inet_bind+0x8b0/0x8b0 [ 27.689889] [] ? kasan_kmalloc+0xc7/0xe0 [ 27.695594] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 27.702162] [] tcp_sendmsg+0x1d32/0x3040 [ 27.707856] [] ? debug_check_no_locks_freed+0x210/0x210 [ 27.714863] [] ? tcp_sendpage+0x1960/0x1960 [ 27.720820] [] ? sock_has_perm+0x292/0x3e0 [ 27.727053] [] ? sock_has_perm+0x9f/0x3e0 [ 27.732833] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 27.740024] [] ? check_preemption_disabled+0x3b/0x170 [ 27.747098] [] ? inet_sendmsg+0x143/0x4d0 [ 27.752900] [] inet_sendmsg+0x203/0x4d0 [ 27.758512] [] ? inet_sendmsg+0x73/0x4d0 [ 27.764499] [] ? inet_recvmsg+0x4c0/0x4c0 [ 27.770471] [] sock_sendmsg+0xcc/0x110 [ 27.775990] [] SYSC_sendto+0x21c/0x370 [ 27.781508] [] ? SYSC_connect+0x300/0x300 [ 27.787301] [] ? handle_mm_fault+0x6a4/0x28e0 [ 27.793440] [] ? selinux_netlbl_sock_rcv_skb+0x480/0x480 [ 27.800779] [] ? vm_insert_mixed+0x200/0x200 [ 27.806819] [] ? __do_page_fault+0x5dd/0xd50 [ 27.812867] [] ? up_read+0x1a/0x40 [ 27.818053] [] ? __do_page_fault+0x183/0xd50 [ 27.824096] [] SyS_sendto+0x40/0x50 [ 27.829436] [] ? SyS_getpeername+0x30/0x30 [ 27.835297] [] do_syscall_64+0x1a6/0x490 [ 27.840989] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.847974] [ 27.849581] The buggy address belongs to the page: [ 27.854503] page:ffffea0007641bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.862745] flags: 0x8000000000000000() [ 27.866711] page dumped because: kasan: bad access detected [ 27.872569] [ 27.874173] Memory state around the buggy address: [ 27.879078] ffff8801d906f700: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 [ 27.886429] ffff8801d906f780: f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 [ 27.893808] >ffff8801d906f800: 00 00 00 00 00 00 00 00 f2 f2 00 00 00 00 00 00 [ 27.901427] ^ [ 27.906877] ffff8801d906f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.914288] ffff8801d906f900: f1 f1 f1 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 [ 27.921648] ================================================================== [ 27.928989] Disabling lock debugging due to kernel taint [ 27.934905] Kernel panic - not syncing: panic_on_warn set ... [ 27.934905] [ 27.942266] CPU: 0 PID: 3797 Comm: syz-executor621 Tainted: G B 4.9.112-g9e79039 #59 [ 27.952311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.961660] ffff8801d906f258 ffffffff81eb3249 ffffffff843c775f 00000000ffffffff [ 27.969671] 0000000000000000 0000000000000000 0000000000000000 ffff8801d906f318 [ 27.977681] ffffffff81421a55 0000000041b58ab3 ffffffff843bae78 ffffffff81421896 [ 27.985702] Call Trace: [ 27.988269] [] dump_stack+0xc1/0x128 [ 27.993615] [] panic+0x1bf/0x3bc [ 27.998627] [] ? add_taint.cold.6+0x16/0x16 [ 28.004593] [] ? ___preempt_schedule+0x16/0x18 [ 28.010823] [] kasan_end_report+0x47/0x4f [ 28.016612] [] kasan_report.cold.6+0x76/0x2fe [ 28.022752] [] ? memcmp+0x126/0x160 [ 28.028007] [] __asan_report_load1_noabort+0x14/0x20 [ 28.034758] [] memcmp+0x126/0x160 [ 28.039857] [] ? __lock_is_held+0xa2/0xf0 [ 28.045646] [] xfrm_selector_match+0x12d/0xe40 [ 28.051911] [] xfrm_sk_policy_lookup+0x143/0x3c0 [ 28.058327] [] ? xfrm_selector_match+0xe40/0xe40 [ 28.064752] [] xfrm_lookup+0x1b5/0xb70 [ 28.070286] [] ? xfrm_bundle_lookup+0x1220/0x1220 [ 28.076957] [] ? ip6_dst_lookup_tail+0x48f/0x16c0 [ 28.083466] [] ? ip6_dst_lookup_tail+0x52a/0x16c0 [ 28.090061] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 28.096372] [] xfrm_lookup_route+0x39/0x1b0 [ 28.102360] [] ip6_dst_lookup_flow+0x17b/0x210 [ 28.108612] [] ? ip6_dst_lookup+0x60/0x60 [ 28.114409] [] ? __lock_is_held+0xa2/0xf0 [ 28.120206] [] ? selinux_sk_getsecid+0x77/0xc0 [ 28.126444] [] tcp_v6_connect+0xd8e/0x1b40 [ 28.132325] [] ? tcp_v6_mtu_reduced+0x60/0x60 [ 28.138494] [] __inet_stream_connect+0x6e0/0xbf0 [ 28.144889] [] ? inet_bind+0x8b0/0x8b0 [ 28.150415] [] ? kasan_kmalloc+0xc7/0xe0 [ 28.156379] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 28.162944] [] tcp_sendmsg+0x1d32/0x3040 [ 28.168648] [] ? debug_check_no_locks_freed+0x210/0x210 [ 28.175665] [] ? tcp_sendpage+0x1960/0x1960 [ 28.181625] [] ? sock_has_perm+0x292/0x3e0 [ 28.187501] [] ? sock_has_perm+0x9f/0x3e0 [ 28.193289] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 28.200388] [] ? check_preemption_disabled+0x3b/0x170 [ 28.207211] [] ? inet_sendmsg+0x143/0x4d0 [ 28.212992] [] inet_sendmsg+0x203/0x4d0 [ 28.218611] [] ? inet_sendmsg+0x73/0x4d0 [ 28.224312] [] ? inet_recvmsg+0x4c0/0x4c0 [ 28.231060] [] sock_sendmsg+0xcc/0x110 [ 28.236611] [] SYSC_sendto+0x21c/0x370 [ 28.242152] [] ? SYSC_connect+0x300/0x300 [ 28.247945] [] ? handle_mm_fault+0x6a4/0x28e0 [ 28.254092] [] ? selinux_netlbl_sock_rcv_skb+0x480/0x480 [ 28.261207] [] ? vm_insert_mixed+0x200/0x200 [ 28.267417] [] ? __do_page_fault+0x5dd/0xd50 [ 28.273470] [] ? up_read+0x1a/0x40 [ 28.278644] [] ? __do_page_fault+0x183/0xd50 [ 28.284691] [] SyS_sendto+0x40/0x50 [ 28.289959] [] ? SyS_getpeername+0x30/0x30 [ 28.295832] [] do_syscall_64+0x1a6/0x490 [ 28.301530] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 28.309026] Dumping ftrace buffer: [ 28.312568] (ftrace buffer empty) [ 28.316282] Kernel Offset: disabled [ 28.319906] Rebooting in 86400 seconds..