[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.870599] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.476358] random: sshd: uninitialized urandom read (32 bytes read)
[   22.861896] random: sshd: uninitialized urandom read (32 bytes read)
[   23.666244] random: sshd: uninitialized urandom read (32 bytes read)
[   23.823645] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
[   29.331405] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   29.427362] ==================================================================
[   29.434811] BUG: KASAN: slab-out-of-bounds in process_preds+0x191f/0x19d0
[   29.441723] Write of size 4 at addr ffff8801d2fb1a70 by task syz-executor336/4522
[   29.449329] 
[   29.450949] CPU: 0 PID: 4522 Comm: syz-executor336 Not tainted 4.17.0+ #39
[   29.457961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.467298] Call Trace:
[   29.469876]  dump_stack+0x1b9/0x294
[   29.473493]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.478667]  ? printk+0x9e/0xba
[   29.481953]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   29.486700]  ? kasan_check_write+0x14/0x20
[   29.490927]  print_address_description+0x6c/0x20b
[   29.495757]  ? process_preds+0x191f/0x19d0
[   29.499979]  kasan_report.cold.7+0x242/0x2fe
[   29.504380]  __asan_report_store4_noabort+0x17/0x20
[   29.509382]  process_preds+0x191f/0x19d0
[   29.513449]  ? parse_pred+0x28e0/0x28e0
[   29.517423]  ? create_filter_start.constprop.14+0x55/0x2b0
[   29.523036]  create_filter+0x155/0x270
[   29.526921]  ? process_preds+0x19d0/0x19d0
[   29.531150]  ftrace_profile_set_filter+0x130/0x2e0
[   29.536071]  ? ftrace_profile_free_filter+0x70/0x70
[   29.541074]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   29.546595]  ? memdup_user+0x6b/0xa0
[   29.550301]  perf_event_set_filter+0x22e/0x1230
[   29.554956]  ? mutex_trylock+0x2a0/0x2a0
[   29.559004]  ? memset+0x31/0x40
[   29.562274]  ? perf_pmu_unregister+0x530/0x530
[   29.566843]  ? perf_trace_lock+0x495/0x900
[   29.571065]  ? zap_class+0x720/0x720
[   29.574773]  ? graph_lock+0x170/0x170
[   29.578568]  ? rcu_is_watching+0x85/0x140
[   29.582698]  ? __lock_is_held+0xb5/0x140
[   29.586754]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   29.591945]  _perf_ioctl+0x84c/0x15e0
[   29.595730]  ? __do_sys_perf_event_open+0x30c0/0x30c0
[   29.600912]  ? lock_downgrade+0x8e0/0x8e0
[   29.605056]  ? get_unused_fd_flags+0x190/0x190
[   29.609632]  ? rcu_is_watching+0x85/0x140
[   29.613767]  ? rcu_report_qs_rnp+0x790/0x790
[   29.618166]  ? mark_held_locks+0xc9/0x160
[   29.622308]  ? mutex_lock_nested+0x16/0x20
[   29.626527]  ? mutex_lock_nested+0x16/0x20
[   29.630746]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   29.635925]  ? perf_event_read_event+0x430/0x430
[   29.640668]  ? __do_sys_perf_event_open+0x7b6/0x30c0
[   29.645772]  perf_ioctl+0x59/0x80
[   29.649211]  ? _perf_ioctl+0x15e0/0x15e0
[   29.653258]  do_vfs_ioctl+0x1cf/0x16f0
[   29.657129]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   29.662659]  ? ioctl_preallocate+0x2e0/0x2e0
[   29.667056]  ? fget_raw+0x20/0x20
[   29.670510]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.676040]  ? __do_page_fault+0x441/0xe40
[   29.680273]  ? security_file_ioctl+0x94/0xc0
[   29.684670]  ksys_ioctl+0xa9/0xd0
[   29.688114]  __x64_sys_ioctl+0x73/0xb0
[   29.691990]  do_syscall_64+0x1b1/0x800
[   29.695864]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   29.700694]  ? syscall_return_slowpath+0x5c0/0x5c0
[   29.705610]  ? syscall_return_slowpath+0x30f/0x5c0
[   29.710530]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   29.715883]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.720716]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   29.726595] RIP: 0033:0x43fdb9
[   29.729765] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   29.749102] RSP: 002b:00007ffd8486fb38 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   29.756798] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   29.764054] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000003
[   29.771307] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   29.778557] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   29.785811] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   29.793077] 
[   29.794689] Allocated by task 4522:
[   29.798304]  save_stack+0x43/0xd0
[   29.801742]  kasan_kmalloc+0xc4/0xe0
[   29.805448]  kmem_cache_alloc_trace+0x152/0x780
[   29.810105]  tracepoint_probe_register_prio+0x7a2/0xa50
[   29.815452]  tracepoint_probe_register+0x2a/0x40
[   29.820192]  trace_event_reg+0x19a/0x350
[   29.824242]  perf_trace_event_init+0x4fe/0x990
[   29.828806]  perf_trace_init+0x186/0x250
[   29.832851]  perf_tp_event_init+0xa6/0x120
[   29.837068]  perf_try_init_event+0x137/0x2f0
[   29.841459]  perf_event_alloc.part.93+0x1248/0x3090
[   29.846456]  __do_sys_perf_event_open+0xa8c/0x30c0
[   29.851370]  __x64_sys_perf_event_open+0xbe/0x150
[   29.856195]  do_syscall_64+0x1b1/0x800
[   29.860068]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   29.865233] 
[   29.866841] Freed by task 1:
[   29.869845]  save_stack+0x43/0xd0
[   29.873284]  __kasan_slab_free+0x11a/0x170
[   29.877502]  kasan_slab_free+0xe/0x10
[   29.881286]  kfree+0xd9/0x260
[   29.884377]  kvfree+0x61/0x70
[   29.887467]  __vunmap+0x326/0x460
[   29.891360]  vfree+0x68/0x100
[   29.894451]  check_partition+0x4d6/0x6ad
[   29.898493]  rescan_partitions+0x172/0x910
[   29.902710]  __blkdev_get+0xb67/0x13a0
[   29.906581]  blkdev_get+0xb9/0xb30
[   29.910101]  __device_add_disk+0xdfa/0x1340
[   29.914402]  device_add_disk+0x22/0x30
[   29.918273]  brd_init+0x27b/0x379
[   29.921708]  do_one_initcall+0x127/0x913
[   29.925753]  kernel_init_freeable+0x49b/0x58e
[   29.930232]  kernel_init+0x11/0x1b3
[   29.933842]  ret_from_fork+0x3a/0x50
[   29.937533] 
[   29.939151] The buggy address belongs to the object at ffff8801d2fb1a00
[   29.939151]  which belongs to the cache kmalloc-64 of size 64
[   29.951616] The buggy address is located 48 bytes to the right of
[   29.951616]  64-byte region [ffff8801d2fb1a00, ffff8801d2fb1a40)
[   29.963819] The buggy address belongs to the page:
[   29.968731] page:ffffea00074bec40 count:1 mapcount:0 mapping:ffff8801da800340 index:0x0
[   29.976858] flags: 0x2fffc0000000100(slab)
[   29.981089] raw: 02fffc0000000100 ffffea00074b99c8 ffffea00074a2608 ffff8801da800340
[   29.988955] raw: 0000000000000000 ffff8801d2fb1000 0000000100000020 0000000000000000
[   29.996813] page dumped because: kasan: bad access detected
[   30.002498] 
[   30.004114] Memory state around the buggy address:
[   30.009039]  ffff8801d2fb1900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   30.016381]  ffff8801d2fb1980: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   30.023721] >ffff8801d2fb1a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   30.031057]                                                              ^
[   30.038053]  ffff8801d2fb1a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   30.045392]  ffff8801d2fb1b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   30.052728] ==================================================================
[   30.060074] Disabling lock debugging due to kernel taint
[   30.065666] Kernel panic - not syncing: panic_on_warn set ...
[   30.065666] 
[   30.073047] CPU: 0 PID: 4522 Comm: syz-executor336 Tainted: G    B             4.17.0+ #39
[   30.081442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.090777] Call Trace:
[   30.093350]  dump_stack+0x1b9/0x294
[   30.096965]  ? dump_stack_print_info.cold.2+0x52/0x52
[   30.102142]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.106885]  ? process_preds+0x1850/0x19d0
[   30.111103]  panic+0x22f/0x4de
[   30.114279]  ? add_taint.cold.5+0x16/0x16
[   30.118415]  ? do_raw_spin_unlock+0x9e/0x2e0
[   30.122820]  ? do_raw_spin_unlock+0x9e/0x2e0
[   30.127226]  ? process_preds+0x191f/0x19d0
[   30.131446]  kasan_end_report+0x47/0x4f
[   30.135409]  kasan_report.cold.7+0x76/0x2fe
[   30.139717]  __asan_report_store4_noabort+0x17/0x20
[   30.144717]  process_preds+0x191f/0x19d0
[   30.148769]  ? parse_pred+0x28e0/0x28e0
[   30.152734]  ? create_filter_start.constprop.14+0x55/0x2b0
[   30.158349]  create_filter+0x155/0x270
[   30.162233]  ? process_preds+0x19d0/0x19d0
[   30.166456]  ftrace_profile_set_filter+0x130/0x2e0
[   30.171370]  ? ftrace_profile_free_filter+0x70/0x70
[   30.176369]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   30.181888]  ? memdup_user+0x6b/0xa0
[   30.185589]  perf_event_set_filter+0x22e/0x1230
[   30.190242]  ? mutex_trylock+0x2a0/0x2a0
[   30.194295]  ? memset+0x31/0x40
[   30.197571]  ? perf_pmu_unregister+0x530/0x530
[   30.202136]  ? perf_trace_lock+0x495/0x900
[   30.206354]  ? zap_class+0x720/0x720
[   30.210058]  ? graph_lock+0x170/0x170
[   30.213849]  ? rcu_is_watching+0x85/0x140
[   30.217977]  ? __lock_is_held+0xb5/0x140
[   30.222030]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   30.227204]  _perf_ioctl+0x84c/0x15e0
[   30.230988]  ? __do_sys_perf_event_open+0x30c0/0x30c0
[   30.236171]  ? lock_downgrade+0x8e0/0x8e0
[   30.240301]  ? get_unused_fd_flags+0x190/0x190
[   30.244872]  ? rcu_is_watching+0x85/0x140
[   30.249007]  ? rcu_report_qs_rnp+0x790/0x790
[   30.253416]  ? mark_held_locks+0xc9/0x160
[   30.257552]  ? mutex_lock_nested+0x16/0x20
[   30.261769]  ? mutex_lock_nested+0x16/0x20
[   30.265986]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   30.271166]  ? perf_event_read_event+0x430/0x430
[   30.275907]  ? __do_sys_perf_event_open+0x7b6/0x30c0
[   30.281000]  perf_ioctl+0x59/0x80
[   30.284451]  ? _perf_ioctl+0x15e0/0x15e0
[   30.288496]  do_vfs_ioctl+0x1cf/0x16f0
[   30.292368]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   30.297889]  ? ioctl_preallocate+0x2e0/0x2e0
[   30.302291]  ? fget_raw+0x20/0x20
[   30.305730]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   30.311248]  ? __do_page_fault+0x441/0xe40
[   30.315483]  ? security_file_ioctl+0x94/0xc0
[   30.319887]  ksys_ioctl+0xa9/0xd0
[   30.323334]  __x64_sys_ioctl+0x73/0xb0
[   30.327205]  do_syscall_64+0x1b1/0x800
[   30.331076]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   30.335905]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.340819]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.345735]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   30.351084]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.355918]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   30.361091] RIP: 0033:0x43fdb9
[   30.364263] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   30.383529] RSP: 002b:00007ffd8486fb38 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   30.391221] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   30.398480] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000003
[   30.405740] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   30.412991] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   30.420245] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   30.427936] Dumping ftrace buffer:
[   30.431458]    (ftrace buffer empty)
[   30.435160] Kernel Offset: disabled
[   30.438775] Rebooting in 86400 seconds..