[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.801378] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 13.341001] random: crng init done Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. executing program [ 38.450521] ================================================================== [ 38.458032] BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 [ 38.464244] Read of size 1 at addr ffff8801c4537880 by task syz-executor300/2048 [ 38.471907] [ 38.473523] CPU: 1 PID: 2048 Comm: syz-executor300 Not tainted 4.9.135+ #65 [ 38.480605] ffff8801c4537350 ffffffff81b42b89 ffffea0007114dc0 ffff8801c4537880 [ 38.488814] 0000000000000000 ffff8801c4537880 ffff8801c4537868 ffff8801c4537388 [ 38.496826] ffffffff815009ad ffff8801c4537880 0000000000000001 0000000000000000 [ 38.504943] Call Trace: [ 38.507512] [] dump_stack+0xc1/0x128 [ 38.512866] [] print_address_description+0x6c/0x234 [ 38.519521] [] kasan_report.cold.6+0x242/0x2fe [ 38.525740] [] ? memcmp+0x126/0x160 [ 38.531008] [] __asan_report_load1_noabort+0x14/0x20 [ 38.537870] [] memcmp+0x126/0x160 [ 38.543037] [] xfrm_selector_match+0x6a0/0xe40 [ 38.549251] [] xfrm_sk_policy_lookup+0x147/0x430 [ 38.555640] [] ? xfrm_selector_match+0xe40/0xe40 [ 38.562027] [] xfrm_lookup+0x1bc/0xc00 [ 38.567548] [] ? xfrm_sk_policy_lookup+0x430/0x430 [ 38.574111] [] ? ip6_dst_lookup_tail+0x499/0x1620 [ 38.580581] [] ? ip6_dst_lookup_tail+0x534/0x1620 [ 38.587178] [] ? xfrm_user_policy+0x199/0x5b0 [ 38.593405] [] ? ip6_copy_metadata+0x810/0x810 [ 38.599617] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 38.606349] [] xfrm_lookup_route+0x39/0x140 [ 38.612308] [] ip6_dst_lookup_flow+0x17b/0x210 [ 38.618532] [] ? ip6_dst_lookup+0x60/0x60 [ 38.624314] [] ? selinux_sk_getsecid+0x7a/0xd0 [ 38.630527] [] tcp_v6_connect+0xd34/0x1ad0 [ 38.636401] [] ? save_stack_trace+0x16/0x20 [ 38.642352] [] ? tcp_v6_init_sequence+0x170/0x170 [ 38.648919] [] __inet_stream_connect+0x6e0/0xbf0 [ 38.655325] [] ? check_preemption_disabled+0x3b/0x170 [ 38.662430] [] ? inet_bind+0x8b0/0x8b0 [ 38.667958] [] ? kasan_kmalloc+0xaf/0xc0 [ 38.673856] [] ? kmem_cache_alloc_trace+0x117/0x2e0 [ 38.680507] [] tcp_sendmsg+0x218a/0x2fd0 [ 38.686204] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 38.692689] [] ? trace_hardirqs_on+0x10/0x10 [ 38.698863] [] ? tcp_sendpage+0x1910/0x1910 [ 38.704928] [] ? sock_has_perm+0x293/0x3e0 [ 38.710805] [] ? sock_has_perm+0x9f/0x3e0 [ 38.716585] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 38.724102] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 38.730842] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 38.737584] [] ? check_preemption_disabled+0x3b/0x170 [ 38.744408] [] ? check_preemption_disabled+0x3b/0x170 [ 38.751228] [] ? inet_sendmsg+0x143/0x4d0 [ 38.757002] [] inet_sendmsg+0x203/0x4d0 [ 38.762725] [] ? inet_sendmsg+0x73/0x4d0 [ 38.768428] [] ? inet_recvmsg+0x4c0/0x4c0 [ 38.774277] [] sock_sendmsg+0xbb/0x110 [ 38.779810] [] SyS_sendto+0x220/0x370 [ 38.785244] [] ? SyS_getpeername+0x2d0/0x2d0 [ 38.791284] [] ? _raw_spin_unlock+0x2c/0x50 [ 38.797309] [] ? handle_mm_fault+0x54b/0x2350 [ 38.803712] [] ? __fd_install+0x20f/0x5d0 [ 38.809491] [] ? vm_insert_page+0x6f0/0x6f0 [ 38.815506] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 38.822262] [] ? __do_page_fault+0x431/0xa60 [ 38.828313] [] ? up_read+0x1a/0x40 [ 38.833495] [] ? __do_page_fault+0x554/0xa60 [ 38.839537] [] ? do_syscall_64+0x48/0x550 [ 38.845328] [] ? SyS_getpeername+0x2d0/0x2d0 [ 38.851443] [] do_syscall_64+0x19f/0x550 [ 38.857209] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 38.864115] [ 38.865723] The buggy address belongs to the page: [ 38.870691] page:ffffea0007114dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 38.878939] flags: 0x4000000000000000() [ 38.882892] page dumped because: kasan: bad access detected [ 38.888582] [ 38.890289] Memory state around the buggy address: [ 38.895201] ffff8801c4537780: 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 00 00 [ 38.902543] ffff8801c4537800: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 38.909881] >ffff8801c4537880: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.917392] ^ [ 38.920744] ffff8801c4537900: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 [ 38.928085] ffff8801c4537980: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.935423] ================================================================== [ 38.942779] Disabling lock debugging due to kernel taint [ 38.948472] Kernel panic - not syncing: panic_on_warn set ... [ 38.948472] [ 38.955930] CPU: 1 PID: 2048 Comm: syz-executor300 Tainted: G B 4.9.135+ #65 [ 38.964419] ffff8801c45372b0 ffffffff81b42b89 ffffffff82e371c0 00000000ffffffff [ 38.972437] 0000000000000000 0000000000000001 ffff8801c4537868 ffff8801c4537370 [ 38.980463] ffffffff813f6aa5 0000000041b58ab3 ffffffff82e2b1c3 ffffffff813f68e6 [ 38.988476] Call Trace: [ 38.991052] [] dump_stack+0xc1/0x128 [ 38.996481] [] panic+0x1bf/0x39f [ 39.001489] [] ? add_taint.cold.6+0x16/0x16 [ 39.007449] [] ? ___preempt_schedule+0x16/0x18 [ 39.013677] [] kasan_end_report+0x47/0x4f [ 39.019465] [] kasan_report.cold.6+0x76/0x2fe [ 39.025596] [] ? memcmp+0x126/0x160 [ 39.030855] [] __asan_report_load1_noabort+0x14/0x20 [ 39.037586] [] memcmp+0x126/0x160 [ 39.042771] [] xfrm_selector_match+0x6a0/0xe40 [ 39.048998] [] xfrm_sk_policy_lookup+0x147/0x430 [ 39.055387] [] ? xfrm_selector_match+0xe40/0xe40 [ 39.061773] [] xfrm_lookup+0x1bc/0xc00 [ 39.067290] [] ? xfrm_sk_policy_lookup+0x430/0x430 [ 39.073957] [] ? ip6_dst_lookup_tail+0x499/0x1620 [ 39.080434] [] ? ip6_dst_lookup_tail+0x534/0x1620 [ 39.086913] [] ? xfrm_user_policy+0x199/0x5b0 [ 39.093041] [] ? ip6_copy_metadata+0x810/0x810 [ 39.099261] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 39.106011] [] xfrm_lookup_route+0x39/0x140 [ 39.111976] [] ip6_dst_lookup_flow+0x17b/0x210 [ 39.118189] [] ? ip6_dst_lookup+0x60/0x60 [ 39.123975] [] ? selinux_sk_getsecid+0x7a/0xd0 [ 39.130189] [] tcp_v6_connect+0xd34/0x1ad0 [ 39.136721] [] ? save_stack_trace+0x16/0x20 [ 39.142679] [] ? tcp_v6_init_sequence+0x170/0x170 [ 39.149156] [] __inet_stream_connect+0x6e0/0xbf0 [ 39.155546] [] ? check_preemption_disabled+0x3b/0x170 [ 39.162450] [] ? inet_bind+0x8b0/0x8b0 [ 39.167987] [] ? kasan_kmalloc+0xaf/0xc0 [ 39.173784] [] ? kmem_cache_alloc_trace+0x117/0x2e0 [ 39.180434] [] tcp_sendmsg+0x218a/0x2fd0 [ 39.186134] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 39.192611] [] ? trace_hardirqs_on+0x10/0x10 [ 39.198741] [] ? tcp_sendpage+0x1910/0x1910 [ 39.204700] [] ? sock_has_perm+0x293/0x3e0 [ 39.210574] [] ? sock_has_perm+0x9f/0x3e0 [ 39.216357] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 39.223874] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 39.230604] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 39.237449] [] ? check_preemption_disabled+0x3b/0x170 [ 39.244275] [] ? check_preemption_disabled+0x3b/0x170 [ 39.251210] [] ? inet_sendmsg+0x143/0x4d0 [ 39.256997] [] inet_sendmsg+0x203/0x4d0 [ 39.262602] [] ? inet_sendmsg+0x73/0x4d0 [ 39.268299] [] ? inet_recvmsg+0x4c0/0x4c0 [ 39.274093] [] sock_sendmsg+0xbb/0x110 [ 39.279613] [] SyS_sendto+0x220/0x370 [ 39.285050] [] ? SyS_getpeername+0x2d0/0x2d0 [ 39.291097] [] ? _raw_spin_unlock+0x2c/0x50 [ 39.297054] [] ? handle_mm_fault+0x54b/0x2350 [ 39.303183] [] ? __fd_install+0x20f/0x5d0 [ 39.308973] [] ? vm_insert_page+0x6f0/0x6f0 [ 39.314927] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 39.321714] [] ? __do_page_fault+0x431/0xa60 [ 39.327768] [] ? up_read+0x1a/0x40 [ 39.332937] [] ? __do_page_fault+0x554/0xa60 [ 39.339058] [] ? do_syscall_64+0x48/0x550 [ 39.344846] [] ? SyS_getpeername+0x2d0/0x2d0 [ 39.350963] [] do_syscall_64+0x19f/0x550 [ 39.356662] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 39.364146] Kernel Offset: disabled [ 39.367775] Rebooting in 86400 seconds..