[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 12.839188] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 14.981561] random: sshd: uninitialized urandom read (32 bytes read) [ 15.324282] random: sshd: uninitialized urandom read (32 bytes read) [ 16.235611] random: sshd: uninitialized urandom read (32 bytes read) [ 16.372280] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. [ 22.193884] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 22.271965] A link change request failed with some changes committed already. Interface teql0 may have been left with an inconsistent configuration, please check. [ 22.287797] ================================================================== [ 22.295169] BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 [ 22.301383] Read of size 1 at addr ffff8801d8c6f840 by task syz-executor487/3796 [ 22.308884] [ 22.310485] CPU: 1 PID: 3796 Comm: syz-executor487 Not tainted 4.9.112-gf540ce0 #8 [ 22.318163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.327496] ffff8801d8c6f2f8 ffffffff81eb3249 ffffea0007631bc0 ffff8801d8c6f840 [ 22.335470] 0000000000000000 ffff8801d8c6f840 0000000000000000 ffff8801d8c6f330 [ 22.343443] ffffffff81567bd9 ffff8801d8c6f840 0000000000000001 0000000000000000 [ 22.351444] Call Trace: [ 22.354017] [] dump_stack+0xc1/0x128 [ 22.359370] [] print_address_description+0x6c/0x234 [ 22.366024] [] kasan_report.cold.6+0x242/0x2fe [ 22.372232] [] ? memcmp+0x126/0x160 [ 22.377510] [] __asan_report_load1_noabort+0x14/0x20 [ 22.384242] [] memcmp+0x126/0x160 [ 22.389324] [] ? __lock_is_held+0xa2/0xf0 [ 22.395096] [] xfrm_selector_match+0x12d/0xe40 [ 22.401299] [] xfrm_sk_policy_lookup+0x143/0x3c0 [ 22.407687] [] ? xfrm_selector_match+0xe40/0xe40 [ 22.414077] [] xfrm_lookup+0x1b5/0xb70 [ 22.419588] [] ? xfrm_bundle_lookup+0x1220/0x1220 [ 22.426051] [] ? ip6_dst_lookup_tail+0x48f/0x16c0 [ 22.432512] [] ? ip6_dst_lookup_tail+0x52a/0x16c0 [ 22.438980] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 22.445269] [] xfrm_lookup_route+0x39/0x1b0 [ 22.451212] [] ip6_dst_lookup_flow+0x17b/0x210 [ 22.457429] [] ? ip6_dst_lookup+0x60/0x60 [ 22.463200] [] ? __lock_is_held+0xa2/0xf0 [ 22.468971] [] ? selinux_sk_getsecid+0x77/0xc0 [ 22.475174] [] tcp_v6_connect+0xd8e/0x1b40 [ 22.481031] [] ? tcp_v6_mtu_reduced+0x60/0x60 [ 22.487150] [] __inet_stream_connect+0x6e0/0xbf0 [ 22.493532] [] ? inet_bind+0x8b0/0x8b0 [ 22.499039] [] ? kasan_kmalloc+0xc7/0xe0 [ 22.504728] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 22.511280] [] tcp_sendmsg+0x1d32/0x3040 [ 22.516964] [] ? debug_check_no_locks_freed+0x210/0x210 [ 22.523964] [] ? tcp_sendpage+0x1960/0x1960 [ 22.529910] [] ? sock_has_perm+0x292/0x3e0 [ 22.535779] [] ? sock_has_perm+0x9f/0x3e0 [ 22.541556] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 22.548635] [] ? check_preemption_disabled+0x3b/0x170 [ 22.555454] [] ? inet_sendmsg+0x143/0x4d0 [ 22.561238] [] inet_sendmsg+0x203/0x4d0 [ 22.566849] [] ? inet_sendmsg+0x73/0x4d0 [ 22.572540] [] ? inet_recvmsg+0x4c0/0x4c0 [ 22.578317] [] sock_sendmsg+0xcc/0x110 [ 22.583834] [] SYSC_sendto+0x21c/0x370 [ 22.589355] [] ? SYSC_connect+0x300/0x300 [ 22.595141] [] ? handle_mm_fault+0x6a4/0x28e0 [ 22.601261] [] ? selinux_netlbl_sock_rcv_skb+0x480/0x480 [ 22.608334] [] ? vm_insert_mixed+0x200/0x200 [ 22.614370] [] ? __do_page_fault+0x5dd/0xd50 [ 22.620407] [] ? up_read+0x1a/0x40 [ 22.625569] [] ? __do_page_fault+0x183/0xd50 [ 22.631600] [] SyS_sendto+0x40/0x50 [ 22.636862] [] ? SyS_getpeername+0x30/0x30 [ 22.642721] [] do_syscall_64+0x1a6/0x490 [ 22.648414] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 22.655318] [ 22.656920] The buggy address belongs to the page: [ 22.661823] page:ffffea0007631bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 22.670065] flags: 0x8000000000000000() [ 22.674004] page dumped because: kasan: bad access detected [ 22.679680] [ 22.681280] Memory state around the buggy address: [ 22.686191] ffff8801d8c6f700: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 [ 22.693522] ffff8801d8c6f780: f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 [ 22.700850] >ffff8801d8c6f800: 00 00 00 00 00 00 00 00 f2 f2 00 00 00 00 00 00 [ 22.708186] ^ [ 22.713613] ffff8801d8c6f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 22.720964] ffff8801d8c6f900: f1 f1 f1 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 [ 22.728300] ================================================================== [ 22.735655] Disabling lock debugging due to kernel taint [ 22.741558] Kernel panic - not syncing: panic_on_warn set ... [ 22.741558] [ 22.748939] CPU: 1 PID: 3796 Comm: syz-executor487 Tainted: G B 4.9.112-gf540ce0 #8 [ 22.757836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.767167] ffff8801d8c6f258 ffffffff81eb3249 ffffffff843c77c7 00000000ffffffff [ 22.775166] 0000000000000000 0000000000000001 0000000000000000 ffff8801d8c6f318 [ 22.783187] ffffffff81421a55 0000000041b58ab3 ffffffff843baee0 ffffffff81421896 [ 22.791192] Call Trace: [ 22.793766] [] dump_stack+0xc1/0x128 [ 22.799129] [] panic+0x1bf/0x3bc [ 22.804139] [] ? add_taint.cold.6+0x16/0x16 [ 22.810100] [] ? ___preempt_schedule+0x16/0x18 [ 22.816326] [] kasan_end_report+0x47/0x4f [ 22.822098] [] kasan_report.cold.6+0x76/0x2fe [ 22.828218] [] ? memcmp+0x126/0x160 [ 22.833484] [] __asan_report_load1_noabort+0x14/0x20 [ 22.840222] [] memcmp+0x126/0x160 [ 22.845301] [] ? __lock_is_held+0xa2/0xf0 [ 22.851076] [] xfrm_selector_match+0x12d/0xe40 [ 22.857300] [] xfrm_sk_policy_lookup+0x143/0x3c0 [ 22.863696] [] ? xfrm_selector_match+0xe40/0xe40 [ 22.870075] [] xfrm_lookup+0x1b5/0xb70 [ 22.875582] [] ? xfrm_bundle_lookup+0x1220/0x1220 [ 22.882049] [] ? ip6_dst_lookup_tail+0x48f/0x16c0 [ 22.888514] [] ? ip6_dst_lookup_tail+0x52a/0x16c0 [ 22.894984] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 22.901285] [] xfrm_lookup_route+0x39/0x1b0 [ 22.907228] [] ip6_dst_lookup_flow+0x17b/0x210 [ 22.913430] [] ? ip6_dst_lookup+0x60/0x60 [ 22.919221] [] ? __lock_is_held+0xa2/0xf0 [ 22.924993] [] ? selinux_sk_getsecid+0x77/0xc0 [ 22.931198] [] tcp_v6_connect+0xd8e/0x1b40 [ 22.937053] [] ? tcp_v6_mtu_reduced+0x60/0x60 [ 22.943172] [] __inet_stream_connect+0x6e0/0xbf0 [ 22.949548] [] ? inet_bind+0x8b0/0x8b0 [ 22.955057] [] ? kasan_kmalloc+0xc7/0xe0 [ 22.960739] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 22.967291] [] tcp_sendmsg+0x1d32/0x3040 [ 22.972995] [] ? debug_check_no_locks_freed+0x210/0x210 [ 22.973004] [] ? tcp_sendpage+0x1960/0x1960 [ 22.973019] [] ? sock_has_perm+0x292/0x3e0 [ 22.973024] [] ? sock_has_perm+0x9f/0x3e0 [ 22.973032] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 22.973043] [] ? check_preemption_disabled+0x3b/0x170 [ 22.973052] [] ? inet_sendmsg+0x143/0x4d0 [ 22.973059] [] inet_sendmsg+0x203/0x4d0 [ 22.973065] [] ? inet_sendmsg+0x73/0x4d0 [ 22.973072] [] ? inet_recvmsg+0x4c0/0x4c0 [ 22.973083] [] sock_sendmsg+0xcc/0x110 [ 22.973090] [] SYSC_sendto+0x21c/0x370 [ 22.973097] [] ? SYSC_connect+0x300/0x300 [ 22.973108] [] ? handle_mm_fault+0x6a4/0x28e0 [ 22.973118] [] ? selinux_netlbl_sock_rcv_skb+0x480/0x480 [ 22.973125] [] ? vm_insert_mixed+0x200/0x200 [ 22.973135] [] ? __do_page_fault+0x5dd/0xd50 [ 22.973142] [] ? up_read+0x1a/0x40 [ 22.973149] [] ? __do_page_fault+0x183/0xd50 [ 22.973156] [] SyS_sendto+0x40/0x50 [ 22.973163] [] ? SyS_getpeername+0x30/0x30 [ 22.973171] [] do_syscall_64+0x1a6/0x490 [ 22.973179] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 22.980403] Dumping ftrace buffer: [ 22.980407] (ftrace buffer empty) [ 22.980409] Kernel Offset: disabled [ 23.122272] Rebooting in 86400 seconds..