[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.754076] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.759894] random: sshd: uninitialized urandom read (32 bytes read)
[   26.132180] random: sshd: uninitialized urandom read (32 bytes read)
[   26.900176] random: sshd: uninitialized urandom read (32 bytes read)
[   27.057722] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts.
[   32.563678] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   32.656927] ==================================================================
[   32.664394] BUG: KASAN: slab-out-of-bounds in process_preds+0x191f/0x19d0
[   32.671300] Write of size 4 at addr ffff8801d3cac670 by task syz-executor702/4515
[   32.678892] 
[   32.680504] CPU: 1 PID: 4515 Comm: syz-executor702 Not tainted 4.17.0-rc4+ #39
[   32.687839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.697168] Call Trace:
[   32.699739]  dump_stack+0x1b9/0x294
[   32.703348]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.708517]  ? printk+0x9e/0xba
[   32.711777]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   32.716514]  ? kasan_check_write+0x14/0x20
[   32.720732]  print_address_description+0x6c/0x20b
[   32.725558]  ? process_preds+0x191f/0x19d0
[   32.729772]  kasan_report.cold.7+0x242/0x2fe
[   32.734169]  __asan_report_store4_noabort+0x17/0x20
[   32.739176]  process_preds+0x191f/0x19d0
[   32.743226]  ? parse_pred+0x28e0/0x28e0
[   32.747184]  ? create_filter_start.constprop.12+0x55/0x2b0
[   32.752790]  create_filter+0x155/0x270
[   32.756660]  ? process_preds+0x19d0/0x19d0
[   32.760881]  ftrace_profile_set_filter+0x130/0x2e0
[   32.765792]  ? ftrace_profile_free_filter+0x70/0x70
[   32.770802]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   32.776325]  ? memdup_user+0x6b/0xa0
[   32.780025]  perf_event_set_filter+0x248/0x1230
[   32.784680]  ? mutex_trylock+0x2a0/0x2a0
[   32.788724]  ? perf_pmu_unregister+0x530/0x530
[   32.793297]  ? __thp_get_unmapped_area+0x180/0x180
[   32.798221]  ? graph_lock+0x170/0x170
[   32.802007]  ? lock_downgrade+0x8e0/0x8e0
[   32.806143]  ? kasan_check_read+0x11/0x20
[   32.810278]  ? rcu_is_watching+0x85/0x140
[   32.814423]  ? __lock_is_held+0xb5/0x140
[   32.818488]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   32.823675]  _perf_ioctl+0x84c/0x15e0
[   32.827460]  ? __do_sys_perf_event_open+0x2fa0/0x2fa0
[   32.832636]  ? lock_downgrade+0x8e0/0x8e0
[   32.836773]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.842296]  ? kasan_check_read+0x11/0x20
[   32.846425]  ? rcu_is_watching+0x85/0x140
[   32.850559]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   32.855736]  ? mutex_lock_nested+0x16/0x20
[   32.859955]  ? mutex_lock_nested+0x16/0x20
[   32.864172]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   32.869349]  ? perf_event_read_event+0x430/0x430
[   32.874090]  ? find_held_lock+0x36/0x1c0
[   32.878151]  perf_ioctl+0x59/0x80
[   32.881584]  ? _perf_ioctl+0x15e0/0x15e0
[   32.885632]  do_vfs_ioctl+0x1cf/0x16a0
[   32.889507]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   32.895037]  ? ioctl_preallocate+0x2e0/0x2e0
[   32.899433]  ? fget_raw+0x20/0x20
[   32.902871]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.908392]  ? __do_page_fault+0x441/0xe40
[   32.912611]  ? mm_fault_error+0x380/0x380
[   32.916754]  ? security_file_ioctl+0x94/0xc0
[   32.921156]  ksys_ioctl+0xa9/0xd0
[   32.924594]  __x64_sys_ioctl+0x73/0xb0
[   32.928465]  do_syscall_64+0x1b1/0x800
[   32.932335]  ? syscall_return_slowpath+0x5c0/0x5c0
[   32.937246]  ? syscall_return_slowpath+0x30f/0x5c0
[   32.942170]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.947691]  ? retint_user+0x18/0x18
[   32.951390]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.956218]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   32.961385] RIP: 0033:0x43fdb9
[   32.964553] RSP: 002b:00007ffec56660a8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   32.972243] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   32.979493] RDX: 0000000020000200 RSI: 0000000040082406 RDI: 0000000000000003
[   32.986741] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   32.993992] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   33.001246] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   33.008501] 
[   33.010109] Allocated by task 1:
[   33.013463]  save_stack+0x43/0xd0
[   33.016893]  kasan_kmalloc+0xc4/0xe0
[   33.020585]  kmem_cache_alloc_trace+0x152/0x780
[   33.025252]  __kthread_create_on_node+0x127/0x4c0
[   33.030073]  kthread_create_on_node+0xa8/0xd0
[   33.034547]  kswapd_run+0xa4/0x1b0
[   33.038067]  kswapd_init+0x56/0xbd
[   33.041587]  do_one_initcall+0x127/0x913
[   33.045629]  kernel_init_freeable+0x49b/0x58e
[   33.050117]  kernel_init+0x11/0x1b3
[   33.053721]  ret_from_fork+0x3a/0x50
[   33.057414] 
[   33.059023] Freed by task 1:
[   33.062034]  save_stack+0x43/0xd0
[   33.065467]  __kasan_slab_free+0x11a/0x170
[   33.069680]  kasan_slab_free+0xe/0x10
[   33.073468]  kfree+0xd9/0x260
[   33.076554]  __kthread_create_on_node+0x34a/0x4c0
[   33.081374]  kthread_create_on_node+0xa8/0xd0
[   33.085848]  kswapd_run+0xa4/0x1b0
[   33.089365]  kswapd_init+0x56/0xbd
[   33.092885]  do_one_initcall+0x127/0x913
[   33.096930]  kernel_init_freeable+0x49b/0x58e
[   33.101414]  kernel_init+0x11/0x1b3
[   33.105028]  ret_from_fork+0x3a/0x50
[   33.108718] 
[   33.110327] The buggy address belongs to the object at ffff8801d3cac600
[   33.110327]  which belongs to the cache kmalloc-64 of size 64
[   33.122794] The buggy address is located 48 bytes to the right of
[   33.122794]  64-byte region [ffff8801d3cac600, ffff8801d3cac640)
[   33.134993] The buggy address belongs to the page:
[   33.139908] page:ffffea00074f2b00 count:1 mapcount:0 mapping:ffff8801d3cac000 index:0x0
[   33.148036] flags: 0x2fffc0000000100(slab)
[   33.152257] raw: 02fffc0000000100 ffff8801d3cac000 0000000000000000 0000000100000020
[   33.160118] raw: ffffea0007375660 ffffea0007379360 ffff8801da800340 0000000000000000
[   33.167973] page dumped because: kasan: bad access detected
[   33.173668] 
[   33.175273] Memory state around the buggy address:
[   33.180181]  ffff8801d3cac500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   33.187519]  ffff8801d3cac580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   33.194855] >ffff8801d3cac600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   33.202192]                                                              ^
[   33.209182]  ffff8801d3cac680: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   33.216520]  ffff8801d3cac700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   33.223853] ==================================================================
[   33.231186] Disabling lock debugging due to kernel taint
[   33.236732] Kernel panic - not syncing: panic_on_warn set ...
[   33.236732] 
[   33.244101] CPU: 1 PID: 4515 Comm: syz-executor702 Tainted: G    B             4.17.0-rc4+ #39
[   33.252847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.262175] Call Trace:
[   33.264753]  dump_stack+0x1b9/0x294
[   33.268357]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.273525]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.278260]  ? process_preds+0x1880/0x19d0
[   33.282470]  panic+0x22f/0x4de
[   33.285639]  ? add_taint.cold.5+0x16/0x16
[   33.289767]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.294156]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.298542]  ? process_preds+0x191f/0x19d0
[   33.302752]  kasan_end_report+0x47/0x4f
[   33.306712]  kasan_report.cold.7+0x76/0x2fe
[   33.311019]  __asan_report_store4_noabort+0x17/0x20
[   33.316022]  process_preds+0x191f/0x19d0
[   33.320066]  ? parse_pred+0x28e0/0x28e0
[   33.324029]  ? create_filter_start.constprop.12+0x55/0x2b0
[   33.329632]  create_filter+0x155/0x270
[   33.333500]  ? process_preds+0x19d0/0x19d0
[   33.337714]  ftrace_profile_set_filter+0x130/0x2e0
[   33.342623]  ? ftrace_profile_free_filter+0x70/0x70
[   33.347620]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   33.353136]  ? memdup_user+0x6b/0xa0
[   33.356829]  perf_event_set_filter+0x248/0x1230
[   33.361476]  ? mutex_trylock+0x2a0/0x2a0
[   33.365515]  ? perf_pmu_unregister+0x530/0x530
[   33.370085]  ? __thp_get_unmapped_area+0x180/0x180
[   33.374997]  ? graph_lock+0x170/0x170
[   33.378781]  ? lock_downgrade+0x8e0/0x8e0
[   33.382907]  ? kasan_check_read+0x11/0x20
[   33.387039]  ? rcu_is_watching+0x85/0x140
[   33.391163]  ? __lock_is_held+0xb5/0x140
[   33.395202]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.400370]  _perf_ioctl+0x84c/0x15e0
[   33.404152]  ? __do_sys_perf_event_open+0x2fa0/0x2fa0
[   33.409320]  ? lock_downgrade+0x8e0/0x8e0
[   33.413450]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.418966]  ? kasan_check_read+0x11/0x20
[   33.423091]  ? rcu_is_watching+0x85/0x140
[   33.427216]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   33.432390]  ? mutex_lock_nested+0x16/0x20
[   33.436602]  ? mutex_lock_nested+0x16/0x20
[   33.440818]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   33.445985]  ? perf_event_read_event+0x430/0x430
[   33.450719]  ? find_held_lock+0x36/0x1c0
[   33.454762]  perf_ioctl+0x59/0x80
[   33.458194]  ? _perf_ioctl+0x15e0/0x15e0
[   33.462234]  do_vfs_ioctl+0x1cf/0x16a0
[   33.466188]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.471727]  ? ioctl_preallocate+0x2e0/0x2e0
[   33.476113]  ? fget_raw+0x20/0x20
[   33.479553]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.485072]  ? __do_page_fault+0x441/0xe40
[   33.489291]  ? mm_fault_error+0x380/0x380
[   33.493419]  ? security_file_ioctl+0x94/0xc0
[   33.497805]  ksys_ioctl+0xa9/0xd0
[   33.501236]  __x64_sys_ioctl+0x73/0xb0
[   33.505104]  do_syscall_64+0x1b1/0x800
[   33.508969]  ? syscall_return_slowpath+0x5c0/0x5c0
[   33.513874]  ? syscall_return_slowpath+0x30f/0x5c0
[   33.518784]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.524298]  ? retint_user+0x18/0x18
[   33.527990]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.532815]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.537979] RIP: 0033:0x43fdb9
[   33.541145] RSP: 002b:00007ffec56660a8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   33.548829] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   33.556078] RDX: 0000000020000200 RSI: 0000000040082406 RDI: 0000000000000003
[   33.563324] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   33.570571] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   33.577819] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   33.585638] Dumping ftrace buffer:
[   33.589156]    (ftrace buffer empty)
[   33.592841] Kernel Offset: disabled
[   33.596453] Rebooting in 86400 seconds..