[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.474077] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.525007] random: sshd: uninitialized urandom read (32 bytes read)
[   24.833749] random: sshd: uninitialized urandom read (32 bytes read)
[   25.608822] random: sshd: uninitialized urandom read (32 bytes read)
[   25.770603] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
[   31.190534] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   31.281596] ==================================================================
[   31.289043] BUG: KASAN: slab-out-of-bounds in skb_ensure_writable+0x554/0x620
[   31.296312] Read of size 4 at addr ffff8801aefc1780 by task syz-executor159/4509
[   31.303825] 
[   31.305435] CPU: 0 PID: 4509 Comm: syz-executor159 Not tainted 4.17.0-rc7+ #78
[   31.312772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.322116] Call Trace:
[   31.324698]  dump_stack+0x1b9/0x294
[   31.328310]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.333478]  ? printk+0x9e/0xba
[   31.336738]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   31.341472]  ? kasan_check_write+0x14/0x20
[   31.345710]  print_address_description+0x6c/0x20b
[   31.350536]  ? skb_ensure_writable+0x554/0x620
[   31.355099]  kasan_report.cold.7+0x242/0x2fe
[   31.359488]  __asan_report_load4_noabort+0x14/0x20
[   31.364394]  skb_ensure_writable+0x554/0x620
[   31.368782]  ? skb_cow_data+0xf10/0xf10
[   31.372732]  ? trace_hardirqs_on+0xd/0x10
[   31.376859]  ? depot_save_stack+0x26b/0x450
[   31.381165]  bpf_l3_csum_replace+0x8c/0x4d0
[   31.385470]  ? lock_downgrade+0x8e0/0x8e0
[   31.389597]  ? rcu_pm_notify+0xc0/0xc0
[   31.393469]  ? pvclock_read_flags+0x160/0x160
[   31.397945]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.402942]  ? kmem_cache_alloc+0x5fa/0x760
[   31.407242]  ? ktime_get+0x33e/0x430
[   31.410935]  ? lock_acquire+0x1dc/0x520
[   31.414892]  ? bpf_test_run+0x1f3/0x3b0
[   31.418847]  ? kasan_check_read+0x11/0x20
[   31.422988]  ? rcu_is_watching+0x85/0x140
[   31.427123]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   31.432291]  ? __might_sleep+0x95/0x190
[   31.436249]  ? bpf_test_run+0xaf/0x3b0
[   31.440122]  ? bpf_prog_test_run_skb+0x622/0xa20
[   31.444867]  ? bpf_test_finish.isra.7+0x1e0/0x1e0
[   31.449686]  ? bpf_prog_add+0x69/0xd0
[   31.453469]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.458986]  ? __bpf_prog_get+0x9b/0x290
[   31.463040]  ? bpf_test_finish.isra.7+0x1e0/0x1e0
[   31.467863]  ? bpf_prog_test_run+0x130/0x1a0
[   31.472251]  ? __x64_sys_bpf+0x3f5/0x4c0
[   31.476289]  ? bpf_prog_get+0x20/0x20
[   31.480074]  ? do_syscall_64+0x92/0x800
[   31.484043]  ? do_syscall_64+0x1b1/0x800
[   31.488090]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.492998]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.497922]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.503276]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.508102]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.513447] 
[   31.515059] Allocated by task 0:
[   31.518397] (stack is not available)
[   31.522080] 
[   31.523683] Freed by task 0:
[   31.526677] (stack is not available)
[   31.530362] 
[   31.531971] The buggy address belongs to the object at ffff8801aefc1680
[   31.531971]  which belongs to the cache skbuff_head_cache of size 232
[   31.545130] The buggy address is located 24 bytes to the right of
[   31.545130]  232-byte region [ffff8801aefc1680, ffff8801aefc1768)
[   31.557411] The buggy address belongs to the page:
[   31.562319] page:ffffea0006bbf040 count:1 mapcount:0 mapping:ffff8801aefc1040 index:0x0
[   31.570448] flags: 0x2fffc0000000100(slab)
[   31.574663] raw: 02fffc0000000100 ffff8801aefc1040 0000000000000000 000000010000000c
[   31.582522] raw: ffffea0006b61060 ffffea0006bd69e0 ffff8801d9bdd6c0 0000000000000000
[   31.590376] page dumped because: kasan: bad access detected
[   31.596071] 
[   31.597674] Memory state around the buggy address:
[   31.602585]  ffff8801aefc1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.609920]  ffff8801aefc1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.617259] >ffff8801aefc1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.624599]                    ^
[   31.627941]  ffff8801aefc1800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.635276]  ffff8801aefc1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.642607] ==================================================================
[   31.649946] Disabling lock debugging due to kernel taint
[   31.655431] Kernel panic - not syncing: panic_on_warn set ...
[   31.655431] 
[   31.662792] CPU: 0 PID: 4509 Comm: syz-executor159 Tainted: G    B             4.17.0-rc7+ #78
[   31.671517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.680849] Call Trace:
[   31.683433]  dump_stack+0x1b9/0x294
[   31.687042]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.692227]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.696960]  ? skb_ensure_writable+0x500/0x620
[   31.701519]  panic+0x22f/0x4de
[   31.704687]  ? add_taint.cold.5+0x16/0x16
[   31.708813]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.713197]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.717581]  ? skb_ensure_writable+0x554/0x620
[   31.722146]  kasan_end_report+0x47/0x4f
[   31.726098]  kasan_report.cold.7+0x76/0x2fe
[   31.730405]  __asan_report_load4_noabort+0x14/0x20
[   31.735313]  skb_ensure_writable+0x554/0x620
[   31.739698]  ? skb_cow_data+0xf10/0xf10
[   31.743650]  ? trace_hardirqs_on+0xd/0x10
[   31.747783]  ? depot_save_stack+0x26b/0x450
[   31.752083]  bpf_l3_csum_replace+0x8c/0x4d0
[   31.756388]  ? lock_downgrade+0x8e0/0x8e0
[   31.760513]  ? rcu_pm_notify+0xc0/0xc0
[   31.764380]  ? pvclock_read_flags+0x160/0x160
[   31.768861]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.773856]  ? kmem_cache_alloc+0x5fa/0x760
[   31.778157]  ? ktime_get+0x33e/0x430
[   31.781849]  ? lock_acquire+0x1dc/0x520
[   31.785802]  ? bpf_test_run+0x1f3/0x3b0
[   31.789755]  ? kasan_check_read+0x11/0x20
[   31.793883]  ? rcu_is_watching+0x85/0x140
[   31.798109]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   31.803277]  ? __might_sleep+0x95/0x190
[   31.807230]  ? bpf_test_run+0xaf/0x3b0
[   31.811111]  ? bpf_prog_test_run_skb+0x622/0xa20
[   31.815848]  ? bpf_test_finish.isra.7+0x1e0/0x1e0
[   31.820667]  ? bpf_prog_add+0x69/0xd0
[   31.824449]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.829963]  ? __bpf_prog_get+0x9b/0x290
[   31.834007]  ? bpf_test_finish.isra.7+0x1e0/0x1e0
[   31.838847]  ? bpf_prog_test_run+0x130/0x1a0
[   31.843232]  ? __x64_sys_bpf+0x3f5/0x4c0
[   31.847281]  ? bpf_prog_get+0x20/0x20
[   31.851068]  ? do_syscall_64+0x92/0x800
[   31.855031]  ? do_syscall_64+0x1b1/0x800
[   31.859072]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.863982]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.868891]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.874231]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.879050]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.884842] Dumping ftrace buffer:
[   31.888357]    (ftrace buffer empty)
[   31.892045] Kernel Offset: disabled
[   31.895647] Rebooting in 86400 seconds..