[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.074674] random: sshd: uninitialized urandom read (32 bytes read)
[   34.385555] audit: type=1400 audit(1536606739.853:6): avc:  denied  { map } for  pid=5504 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   34.445209] random: sshd: uninitialized urandom read (32 bytes read)
[   35.108260] random: sshd: uninitialized urandom read (32 bytes read)
[  315.586704] audit: type=1400 audit(1536607021.053:7): avc:  denied  { map } for  pid=5514 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[  391.440203] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
[  397.111933] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
[  397.243585] audit: type=1400 audit(1536607102.713:8): avc:  denied  { map } for  pid=5521 comm="syz-executor851" path="/root/syz-executor851977596" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
executing program
[  397.313616] hrtimer: interrupt took 27587 ns
[  397.316428] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  397.318247] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  397.332058] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  397.348096] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
executing program
executing program
executing program
executing program
executing program
[  397.351702] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  397.359589] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  397.377543] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  397.386832] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  397.391523] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  397.403417] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  399.531677] ==================================================================
[  399.539279] BUG: KASAN: use-after-free in memcmp+0xe3/0x160
[  399.545029] Read of size 1 at addr ffff8801c83595f0 by task syz-executor851/6230
[  399.552576] 
[  399.554230] CPU: 1 PID: 6230 Comm: syz-executor851 Not tainted 4.19.0-rc3+ #10
[  399.561692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  399.571064] Call Trace:
[  399.573675]  dump_stack+0x1c4/0x2b4
[  399.577328]  ? dump_stack_print_info.cold.2+0x52/0x52
[  399.582543]  ? printk+0xa7/0xcf
[  399.585848]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  399.590639]  print_address_description.cold.8+0x9/0x1ff
[  399.596048]  kasan_report.cold.9+0x242/0x309
[  399.600480]  ? memcmp+0xe3/0x160
[  399.603878]  __asan_report_load1_noabort+0x14/0x20
[  399.608831]  memcmp+0xe3/0x160
[  399.612069]  __rhashtable_lookup.isra.8.constprop.20+0x73a/0xd00
[  399.618258]  ? rds_sock_put+0x50/0x50
[  399.622095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  399.627658]  ? check_preemption_disabled+0x48/0x200
[  399.632703]  ? kasan_check_read+0x11/0x20
[  399.636877]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  399.642178]  ? rcu_bh_qs+0xc0/0xc0
[  399.645739]  ? rds_bind+0x75a/0x1520
[  399.649479]  ? rds_bind+0x79e/0x1520
[  399.653220]  rds_bind+0x7d2/0x1520
[  399.656792]  ? retint_kernel+0x2d/0x2d
[  399.660704]  ? rds_remove_bound+0x90/0x90
[  399.664888]  ? lock_downgrade+0x900/0x900
[  399.669073]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  399.673926]  ? retint_kernel+0x2d/0x2d
[  399.677863]  __sys_bind+0x331/0x440
executing program
executing program
executing program
executing program
executing program
[  399.681560]  ? rds_remove_bound+0x90/0x90
[  399.685717]  ? __sys_bind+0x331/0x440
[  399.689548]  ? __ia32_sys_socketpair+0xf0/0xf0
[  399.694166]  ? trace_hardirqs_off+0x310/0x310
[  399.698691]  ? __do_page_fault+0x6f5/0xed0
[  399.702955]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  399.708550]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  399.713339]  ? retint_kernel+0x2d/0x2d
[  399.717264]  __x64_sys_bind+0x73/0xb0
[  399.721094]  ? do_syscall_64+0xca/0x820
[  399.725097]  do_syscall_64+0x1b9/0x820
executing program
executing program
executing program
executing program
executing program
[  399.729031]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  399.734421]  ? syscall_return_slowpath+0x5e0/0x5e0
[  399.739377]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  399.744249]  ? trace_hardirqs_on_caller+0x310/0x310
[  399.749290]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  399.754331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  399.759891]  ? prepare_exit_to_usermode+0x291/0x3b0
[  399.764935]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  399.769815]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  399.775044] RIP: 0033:0x440fa9
executing program
executing program
executing program
executing program
executing program
[  399.778592] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  399.797516] RSP: 002b:00007ffcaeabe5e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  399.805408] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440fa9
[  399.812696] RDX: 0000000000000010 RSI: 00000000200002c0 RDI: 0000000000000004
[  399.820009] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
executing program
executing program
executing program
executing program
executing program
[  399.827298] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000061872
[  399.834587] R13: 0000000000401ed0 R14: 0000000000000000 R15: 0000000000000000
[  399.841888] 
[  399.843537] Allocated by task 6228:
[  399.847188]  save_stack+0x43/0xd0
[  399.850660]  kasan_kmalloc+0xc7/0xe0
[  399.854393]  kasan_slab_alloc+0x12/0x20
[  399.858390]  kmem_cache_alloc+0x12e/0x730
[  399.862561]  sk_prot_alloc+0x69/0x2e0
[  399.866383]  sk_alloc+0x10d/0x1690
[  399.869946]  rds_create+0x14f/0x740
[  399.873597]  __sock_create+0x536/0x930
[  399.877507]  __sys_socket+0x106/0x260
executing program
executing program
executing program
executing program
executing program
executing program
[  399.881324]  __x64_sys_socket+0x73/0xb0
[  399.885321]  do_syscall_64+0x1b9/0x820
[  399.889231]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  399.894432] 
[  399.896173] Freed by task 6228:
[  399.899469]  save_stack+0x43/0xd0
[  399.902941]  __kasan_slab_free+0x102/0x150
[  399.907197]  kasan_slab_free+0xe/0x10
[  399.911042]  kmem_cache_free+0x83/0x290
[  399.915059]  __sk_destruct+0x766/0xbd0
[  399.918965]  sk_destruct+0x78/0x90
[  399.922548]  __sk_free+0xcf/0x300
[  399.926039]  sk_free+0x42/0x50
[  399.929251]  rds_release+0x3e8/0x570
executing program
executing program
executing program
executing program
executing program
executing program
[  399.932983]  __sock_release+0xd7/0x250
[  399.936917]  sock_close+0x19/0x20
[  399.940387]  __fput+0x385/0xa30
[  399.943684]  ____fput+0x15/0x20
[  399.946982]  task_work_run+0x1e8/0x2a0
[  399.950919]  exit_to_usermode_loop+0x318/0x380
[  399.955523]  do_syscall_64+0x6be/0x820
[  399.959434]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  399.964632] 
[  399.966277] The buggy address belongs to the object at ffff8801c8359180
[  399.966277]  which belongs to the cache RDS of size 1608
executing program
executing program
executing program
executing program
executing program
[  399.978355] The buggy address is located 1136 bytes inside of
[  399.978355]  1608-byte region [ffff8801c8359180, ffff8801c83597c8)
[  399.990432] The buggy address belongs to the page:
[  399.995388] page:ffffea000720d640 count:1 mapcount:0 mapping:ffff8801cac47800 index:0x0
[  400.003557] flags: 0x2fffc0000000100(slab)
[  400.007825] raw: 02fffc0000000100 ffffea0007063848 ffffea0007045c48 ffff8801cac47800
[  400.015736] raw: 0000000000000000 ffff8801c8359180 0000000100000002 0000000000000000
[  400.023764] page dumped because: kasan: bad access detected
[  400.029488] 
executing program
executing program
executing program
executing program
[  400.031130] Memory state around the buggy address:
[  400.036078]  ffff8801c8359480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.043461]  ffff8801c8359500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.050846] >ffff8801c8359580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.058223]                                                              ^
[  400.065265]  ffff8801c8359600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.072644]  ffff8801c8359680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  400.080034] ==================================================================
[  400.087404] Disabling lock debugging due to kernel taint
[  400.107654] Kernel panic - not syncing: panic_on_warn set ...
[  400.107654] 
[  400.115077] CPU: 1 PID: 6230 Comm: syz-executor851 Tainted: G    B             4.19.0-rc3+ #10
[  400.123840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  400.133205] Call Trace:
[  400.135820]  dump_stack+0x1c4/0x2b4
[  400.139468]  ? dump_stack_print_info.cold.2+0x52/0x52
[  400.144798]  panic+0x238/0x4e7
[  400.148033]  ? add_taint.cold.5+0x16/0x16
[  400.152206]  ? preempt_schedule+0x4d/0x60
[  400.156376]  ? ___preempt_schedule+0x16/0x18
[  400.160808]  ? trace_hardirqs_on+0xb4/0x310
[  400.165156]  kasan_end_report+0x47/0x4f
[  400.169151]  kasan_report.cold.9+0x76/0x309
[  400.173494]  ? memcmp+0xe3/0x160
[  400.176882]  __asan_report_load1_noabort+0x14/0x20
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  400.181830]  memcmp+0xe3/0x160
[  400.185062]  __rhashtable_lookup.isra.8.constprop.20+0x73a/0xd00
[  400.191232]  ? rds_sock_put+0x50/0x50
[  400.195073]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  400.200630]  ? check_preemption_disabled+0x48/0x200
[  400.205674]  ? kasan_check_read+0x11/0x20
[  400.209844]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  400.215141]  ? rcu_bh_qs+0xc0/0xc0
[  400.218708]  ? rds_bind+0x75a/0x1520
[  400.222438]  ? rds_bind+0x79e/0x1520
[  400.226171]  rds_bind+0x7d2/0x1520
[  400.229734]  ? retint_kernel+0x2d/0x2d
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  400.233646]  ? rds_remove_bound+0x90/0x90
[  400.237819]  ? lock_downgrade+0x900/0x900
[  400.242016]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  400.246795]  ? retint_kernel+0x2d/0x2d
[  400.250712]  __sys_bind+0x331/0x440
[  400.254368]  ? rds_remove_bound+0x90/0x90
[  400.258530]  ? __sys_bind+0x331/0x440
[  400.262350]  ? __ia32_sys_socketpair+0xf0/0xf0
[  400.266960]  ? trace_hardirqs_off+0x310/0x310
[  400.271500]  ? __do_page_fault+0x6f5/0xed0
[  400.275760]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
executing program
executing program
executing program
executing program
executing program
executing program
[  400.281322]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  400.286106]  ? retint_kernel+0x2d/0x2d
[  400.290048]  __x64_sys_bind+0x73/0xb0
[  400.293865]  ? do_syscall_64+0xca/0x820
[  400.297855]  do_syscall_64+0x1b9/0x820
[  400.301770]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  400.307155]  ? syscall_return_slowpath+0x5e0/0x5e0
[  400.312106]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  400.316964]  ? trace_hardirqs_on_caller+0x310/0x310
[  400.322045]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  400.327082]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  400.332640]  ? prepare_exit_to_usermode+0x291/0x3b0
[  400.337677]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  400.342549]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  400.347764] RIP: 0033:0x440fa9
[  400.350979] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  400.369920] RSP: 002b:00007ffcaeabe5e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  400.377648] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440fa9
executing program
executing program
executing program
executing program
executing program
[  400.384935] RDX: 0000000000000010 RSI: 00000000200002c0 RDI: 0000000000000004
[  400.392218] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[  400.399500] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000061872
[  400.406779] R13: 0000000000401ed0 R14: 0000000000000000 R15: 0000000000000000
[  400.414414] Dumping ftrace buffer:
[  400.417966]    (ftrace buffer empty)
[  400.422444] Kernel Offset: disabled
[  400.426082] Rebooting in 86400 seconds..