[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.208549] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.220070] random: sshd: uninitialized urandom read (32 bytes read)
[   24.583929] random: sshd: uninitialized urandom read (32 bytes read)
[   25.353447] random: sshd: uninitialized urandom read (32 bytes read)
[   25.517203] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts.
[   31.033473] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   31.134973] FAULT_INJECTION: forcing a failure.
[   31.134973] name failslab, interval 1, probability 0, space 0, times 1
[   31.146379] CPU: 1 PID: 4527 Comm: syz-executor246 Not tainted 4.17.0+ #89
[   31.153393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.162742] Call Trace:
[   31.165332]  dump_stack+0x1b9/0x294
[   31.168976]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.174251]  ? perf_trace_lock+0xd6/0x900
[   31.178447]  should_fail.cold.4+0xa/0x1a
[   31.182498]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   31.187591]  ? graph_lock+0x170/0x170
[   31.191377]  ? kasan_kmalloc+0xc4/0xe0
[   31.195247]  ? kmem_cache_alloc_trace+0x152/0x780
[   31.200074]  ? xdp_umem_create+0xc8/0x10f0
[   31.204299]  ? xsk_setsockopt+0x443/0x550
[   31.208432]  ? graph_lock+0x170/0x170
[   31.212218]  ? kasan_check_write+0x14/0x20
[   31.216437]  ? find_held_lock+0x36/0x1c0
[   31.220483]  ? __lock_is_held+0xb5/0x140
[   31.224539]  ? check_same_owner+0x320/0x320
[   31.228849]  ? rcu_is_watching+0x85/0x140
[   31.232979]  ? rcu_note_context_switch+0x710/0x710
[   31.237897]  __should_failslab+0x124/0x180
[   31.242139]  should_failslab+0x9/0x14
[   31.245925]  __kmalloc+0x2c8/0x760
[   31.249451]  ? security_capable+0x99/0xc0
[   31.253592]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.259120]  ? xdp_umem_create+0x5c9/0x10f0
[   31.263427]  ? ns_capable_common+0x13f/0x170
[   31.267823]  xdp_umem_create+0x5c9/0x10f0
[   31.271971]  ? xdp_put_umem+0x240/0x240
[   31.275930]  ? check_same_owner+0x320/0x320
[   31.280234]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   31.285758]  ? proc_fail_nth_write+0x96/0x1f0
[   31.290237]  ? proc_cwd_link+0x1d0/0x1d0
[   31.294284]  ? __might_sleep+0x95/0x190
[   31.298250]  xsk_setsockopt+0x443/0x550
[   31.302206]  ? xsk_init_queue+0xf0/0xf0
[   31.306181]  ? security_socket_setsockopt+0x94/0xc0
[   31.311184]  __sys_setsockopt+0x1bd/0x390
[   31.315318]  ? kernel_accept+0x310/0x310
[   31.319372]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.324895]  ? ksys_write+0x1a6/0x250
[   31.328689]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   31.333521]  __x64_sys_setsockopt+0xbe/0x150
[   31.337915]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.342917]  do_syscall_64+0x1b1/0x800
[   31.346788]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.351702]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.356619]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.361969]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.366797]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.371972] RIP: 0033:0x440549
[   31.375139] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   31.394342] RSP: 002b:00007fffc475d008 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   31.402047] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440549
[   31.409338] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004
[   31.416596] RBP: 00000000006cb018 R08: 0000000000000018 R09: 00007fffc4750032
[   31.423860] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000005
[   31.431115] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   31.438743] ==================================================================
[   31.446273] BUG: KASAN: null-ptr-deref in xdp_umem_unaccount_pages.isra.4+0x3d/0x80
[   31.454062] Write of size 8 at addr 0000000000000060 by task syz-executor246/4527
[   31.461668] 
[   31.463284] CPU: 1 PID: 4527 Comm: syz-executor246 Not tainted 4.17.0+ #89
[   31.470274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.479608] Call Trace:
[   31.482191]  dump_stack+0x1b9/0x294
[   31.485812]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.490986]  ? kasan_check_write+0x14/0x20
[   31.495203]  ? do_raw_spin_lock+0xc1/0x200
[   31.499422]  ? vprintk_func+0x81/0xe7
[   31.503219]  ? xdp_umem_unaccount_pages.isra.4+0x3d/0x80
[   31.508678]  kasan_report.cold.7+0x6d/0x2fe
[   31.513018]  check_memory_region+0x13e/0x1b0
[   31.517427]  kasan_check_write+0x14/0x20
[   31.521497]  xdp_umem_unaccount_pages.isra.4+0x3d/0x80
[   31.526773]  xdp_umem_create+0xd6c/0x10f0
[   31.530920]  ? xdp_put_umem+0x240/0x240
[   31.534888]  ? check_same_owner+0x320/0x320
[   31.539198]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   31.544721]  ? proc_fail_nth_write+0x96/0x1f0
[   31.549198]  ? proc_cwd_link+0x1d0/0x1d0
[   31.553247]  ? __might_sleep+0x95/0x190
[   31.557214]  xsk_setsockopt+0x443/0x550
[   31.561269]  ? xsk_init_queue+0xf0/0xf0
[   31.565236]  ? security_socket_setsockopt+0x94/0xc0
[   31.570245]  __sys_setsockopt+0x1bd/0x390
[   31.574463]  ? kernel_accept+0x310/0x310
[   31.578509]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.584031]  ? ksys_write+0x1a6/0x250
[   31.587822]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   31.592652]  __x64_sys_setsockopt+0xbe/0x150
[   31.597045]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.602062]  do_syscall_64+0x1b1/0x800
[   31.605947]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.610858]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.615776]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.621126]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.625958]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.631137] RIP: 0033:0x440549
[   31.634302] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   31.653507] RSP: 002b:00007fffc475d008 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   31.661199] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440549
[   31.668449] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004
[   31.675709] RBP: 00000000006cb018 R08: 0000000000000018 R09: 00007fffc4750032
[   31.682959] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000005
[   31.690208] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   31.697472] ==================================================================
[   31.704808] Disabling lock debugging due to kernel taint
[   31.710294] Kernel panic - not syncing: panic_on_warn set ...
[   31.710294] 
[   31.717654] CPU: 1 PID: 4527 Comm: syz-executor246 Tainted: G    B             4.17.0+ #89
[   31.726122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.735452] Call Trace:
[   31.738032]  dump_stack+0x1b9/0x294
[   31.741653]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.746826]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.751561]  ? xdp_umem_unpin_pages.isra.3+0x350/0x410
[   31.756816]  panic+0x22f/0x4de
[   31.759988]  ? add_taint.cold.5+0x16/0x16
[   31.764120]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.768507]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.772894]  ? xdp_umem_unaccount_pages.isra.4+0x3d/0x80
[   31.778323]  kasan_end_report+0x47/0x4f
[   31.782287]  kasan_report.cold.7+0x76/0x2fe
[   31.786590]  check_memory_region+0x13e/0x1b0
[   31.790979]  kasan_check_write+0x14/0x20
[   31.795028]  xdp_umem_unaccount_pages.isra.4+0x3d/0x80
[   31.800289]  xdp_umem_create+0xd6c/0x10f0
[   31.804428]  ? xdp_put_umem+0x240/0x240
[   31.808386]  ? check_same_owner+0x320/0x320
[   31.812687]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   31.818203]  ? proc_fail_nth_write+0x96/0x1f0
[   31.822676]  ? proc_cwd_link+0x1d0/0x1d0
[   31.826801]  ? __might_sleep+0x95/0x190
[   31.830759]  xsk_setsockopt+0x443/0x550
[   31.834714]  ? xsk_init_queue+0xf0/0xf0
[   31.838675]  ? security_socket_setsockopt+0x94/0xc0
[   31.843671]  __sys_setsockopt+0x1bd/0x390
[   31.847798]  ? kernel_accept+0x310/0x310
[   31.851840]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.857356]  ? ksys_write+0x1a6/0x250
[   31.861150]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   31.865973]  __x64_sys_setsockopt+0xbe/0x150
[   31.870361]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.875355]  do_syscall_64+0x1b1/0x800
[   31.879222]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.884128]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.889043]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.894394]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.899218]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.904387] RIP: 0033:0x440549
[   31.907551] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   31.926694] RSP: 002b:00007fffc475d008 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   31.934386] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440549
[   31.941640] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004
[   31.948888] RBP: 00000000006cb018 R08: 0000000000000018 R09: 00007fffc4750032
[   31.956134] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000005
[   31.963387] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   31.971140] Dumping ftrace buffer:
[   31.974656]    (ftrace buffer empty)
[   31.978342] Kernel Offset: disabled
[   31.981948] Rebooting in 86400 seconds..