[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 15.619465] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 19.444042] random: sshd: uninitialized urandom read (32 bytes read)
[ 19.802400] random: sshd: uninitialized urandom read (32 bytes read)
[ 20.516400] random: sshd: uninitialized urandom read (32 bytes read)
[ 24.447473] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
[ 29.970923] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 30.055208] ==================================================================
[ 30.062610] BUG: KASAN: use-after-free in _copy_to_user+0xe9/0x110
[ 30.068906] Read of size 978 at addr ffff8801a67ffff2 by task syz-executor043/4461
[ 30.076586]
[ 30.078195] CPU: 0 PID: 4461 Comm: syz-executor043 Not tainted 4.18.0-rc3+ #48
[ 30.085530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.094860] Call Trace:
[ 30.097435] dump_stack+0x1c9/0x2b4
[ 30.101040] ? dump_stack_print_info.cold.2+0x52/0x52
[ 30.106207] ? printk+0xa7/0xcf
[ 30.109472] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 30.114208] ? _copy_to_user+0xe9/0x110
[ 30.118174] print_address_description+0x6c/0x20b
[ 30.122993] ? _copy_to_user+0xe9/0x110
[ 30.126944] kasan_report.cold.7+0x242/0x2fe
[ 30.131333] check_memory_region+0x13e/0x1b0
[ 30.135720] kasan_check_read+0x11/0x20
[ 30.139673] _copy_to_user+0xe9/0x110
[ 30.143471] bpf_test_finish.isra.7+0xee/0x1f0
[ 30.148032] ? bpf_test_init.isra.8+0x100/0x100
[ 30.152691] ? bpf_test_run+0x2fc/0x3b0
[ 30.156663] bpf_prog_test_run_skb+0x7d7/0xa30
[ 30.161227] ? bpf_test_finish.isra.7+0x1f0/0x1f0
[ 30.166059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.171573] ? __bpf_prog_get+0x9b/0x290
[ 30.175613] ? bpf_test_finish.isra.7+0x1f0/0x1f0
[ 30.180432] bpf_prog_test_run+0x130/0x1a0
[ 30.184647] __x64_sys_bpf+0x3d8/0x510
[ 30.188528] ? bpf_prog_get+0x20/0x20
[ 30.192311] ? do_page_fault+0xf6/0x8c0
[ 30.196276] do_syscall_64+0x1b9/0x820
[ 30.200140] ? syscall_return_slowpath+0x5e0/0x5e0
[ 30.205046] ? syscall_return_slowpath+0x31d/0x5e0
[ 30.209953] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 30.215060] ? prepare_exit_to_usermode+0x291/0x3b0
[ 30.220065] ? perf_trace_sys_enter+0xb10/0xb10
[ 30.224710] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.229544] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.234716] RIP: 0033:0x440259
[ 30.237883] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 30.257002] RSP: 002b:00007ffc38b965b8 EFLAGS: 00000213 ORIG_RAX: 0000000000000141
[ 30.264689] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259
[ 30.271936] RDX: 0000000000000028 RSI: 0000000020000280 RDI: 000000000000000a
[ 30.279185] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 30.286435] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401ae0
[ 30.293695] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000
[ 30.300957]
[ 30.302559] The buggy address belongs to the page:
[ 30.307465] page:ffffea000699ffc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 30.315583] flags: 0x2fffc0000000000()
[ 30.319449] raw: 02fffc0000000000 ffffea000699ffc8 ffffea000699ffc8 0000000000000000
[ 30.327503] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 30.335358] page dumped because: kasan: bad access detected
[ 30.341039]
[ 30.342649] Memory state around the buggy address:
[ 30.347552] ffff8801a67ffe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.354926] ffff8801a67fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.362271] >ffff8801a67fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 30.369616] ^
[ 30.376606] ffff8801a6800000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.383944] ffff8801a6800080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.391274] ==================================================================
[ 30.398708] Kernel panic - not syncing: panic_on_warn set ...
[ 30.398708]
[ 30.406055] CPU: 0 PID: 4461 Comm: syz-executor043 Tainted: G B 4.18.0-rc3+ #48
[ 30.414788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.424118] Call Trace:
[ 30.426694] dump_stack+0x1c9/0x2b4
[ 30.430303] ? dump_stack_print_info.cold.2+0x52/0x52
[ 30.435475] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 30.440210] panic+0x238/0x4e7
[ 30.443384] ? add_taint.cold.5+0x16/0x16
[ 30.447514] ? do_raw_spin_unlock+0xa7/0x2f0
[ 30.451913] ? do_raw_spin_unlock+0xa7/0x2f0
[ 30.456301] ? _copy_to_user+0xe9/0x110
[ 30.460254] kasan_end_report+0x47/0x4f
[ 30.464203] kasan_report.cold.7+0x76/0x2fe
[ 30.468504] check_memory_region+0x13e/0x1b0
[ 30.472892] kasan_check_read+0x11/0x20
[ 30.476841] _copy_to_user+0xe9/0x110
[ 30.480635] bpf_test_finish.isra.7+0xee/0x1f0
[ 30.485196] ? bpf_test_init.isra.8+0x100/0x100
[ 30.489855] ? bpf_test_run+0x2fc/0x3b0
[ 30.493810] bpf_prog_test_run_skb+0x7d7/0xa30
[ 30.498371] ? bpf_test_finish.isra.7+0x1f0/0x1f0
[ 30.503194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.508708] ? __bpf_prog_get+0x9b/0x290
[ 30.512746] ? bpf_test_finish.isra.7+0x1f0/0x1f0
[ 30.517563] bpf_prog_test_run+0x130/0x1a0
[ 30.521774] __x64_sys_bpf+0x3d8/0x510
[ 30.525640] ? bpf_prog_get+0x20/0x20
[ 30.529423] ? do_page_fault+0xf6/0x8c0
[ 30.533384] do_syscall_64+0x1b9/0x820
[ 30.537256] ? syscall_return_slowpath+0x5e0/0x5e0
[ 30.542161] ? syscall_return_slowpath+0x31d/0x5e0
[ 30.547067] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 30.552074] ? prepare_exit_to_usermode+0x291/0x3b0
[ 30.557070] ? perf_trace_sys_enter+0xb10/0xb10
[ 30.561717] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.566542] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 30.571709] RIP: 0033:0x440259
[ 30.574875] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 30.593996] RSP: 002b:00007ffc38b965b8 EFLAGS: 00000213 ORIG_RAX: 0000000000000141
[ 30.601684] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259
[ 30.608930] RDX: 0000000000000028 RSI: 0000000020000280 RDI: 000000000000000a
[ 30.616173] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 30.623425] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401ae0
[ 30.630673] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000
[ 30.638512] Dumping ftrace buffer:
[ 30.642030] (ftrace buffer empty)
[ 30.645732] Kernel Offset: disabled
[ 30.649336] Rebooting in 86400 seconds..