[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 24.392919] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 25.714967] random: sshd: uninitialized urandom read (32 bytes read)
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 26.031812] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.648191] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.862950] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts.
[ 32.407477] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 32.531564] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 32.618346] ==================================================================
[ 32.625850] BUG: KASAN: slab-out-of-bounds in tls_write_space+0x29d/0x2d0
[ 32.632805] Read of size 8 at addr ffff8801bc3c9ff0 by task ksoftirqd/1/18
[ 32.639803]
[ 32.641419] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.0-rc4+ #227
[ 32.648343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.657685] Call Trace:
[ 32.660268] dump_stack+0x1c4/0x2b4
[ 32.663889] ? dump_stack_print_info.cold.2+0x52/0x52
[ 32.669071] ? printk+0xa7/0xcf
[ 32.672341] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 32.677093] print_address_description.cold.8+0x9/0x1ff
[ 32.682510] kasan_report.cold.9+0x242/0x309
[ 32.686910] ? tls_write_space+0x29d/0x2d0
[ 32.691153] __asan_report_load8_noabort+0x14/0x20
[ 32.696076] tls_write_space+0x29d/0x2d0
[ 32.700130] ? tcp_sndbuf_expand+0x250/0x2c0
[ 32.704556] tcp_check_space+0x53f/0x920
[ 32.708634] ? tcp_prune_ofo_queue.part.52+0x8e0/0x8e0
[ 32.713917] ? tcp_xmit_recovery.part.65+0x130/0x130
[ 32.719029] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 32.724578] tcp_rcv_established+0xde8/0x2120
[ 32.729080] ? tcp_data_queue+0x4790/0x4790
[ 32.733747] ? graph_lock+0x170/0x170
[ 32.737551] ? tcp_v6_rcv+0x2d01/0x38a0
[ 32.741521] ? lock_release+0x970/0x970
[ 32.745493] tcp_v6_do_rcv+0x4b3/0x13c0
[ 32.749466] tcp_v6_rcv+0x2f7a/0x38a0
[ 32.753275] ? __sanitizer_cov_trace_cmp8+0x8/0x20
[ 32.758206] ? tcp_v6_reqsk_send_ack+0x380/0x380
[ 32.762964] ? __lock_is_held+0xb5/0x140
[ 32.767031] ip6_input_finish+0x3fc/0x1aa0
[ 32.771280] ? ip6_sublist_rcv+0xfb0/0xfb0
[ 32.775508] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 32.780516] ? nf_hook_slow+0x11e/0x1c0
[ 32.784478] ip6_input+0xe9/0x600
[ 32.788020] ? ip6_input_finish+0x1aa0/0x1aa0
[ 32.792504] ? ip6_sublist_rcv+0xfb0/0xfb0
[ 32.796731] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[ 32.802526] ? kasan_check_read+0x11/0x20
[ 32.806676] ? rcu_bh_qs+0xc0/0xc0
[ 32.810217] ip6_rcv_finish+0x17a/0x330
[ 32.814191] ipv6_rcv+0x113/0x640
[ 32.817641] ? ip6_rcv_core.isra.16+0x1e10/0x1e10
[ 32.822478] ? ip6_rcv_finish_core.isra.13+0x720/0x720
[ 32.827745] ? lock_acquire+0x1ed/0x520
[ 32.831703] ? process_backlog+0x1a6/0x760
[ 32.835950] __netif_receive_skb_one_core+0x14d/0x200
[ 32.841128] ? __netif_receive_skb_core+0x3b60/0x3b60
[ 32.846305] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 32.851568] ? rcu_bh_qs+0xc0/0xc0
[ 32.855101] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 32.860561] __netif_receive_skb+0x2c/0x1e0
[ 32.864866] process_backlog+0x217/0x760
[ 32.868913] net_rx_action+0x7c5/0x1950
[ 32.872880] ? napi_complete_done+0x6d0/0x6d0
[ 32.877402] ? reweight_task+0x130/0x130
[ 32.881467] ? pick_next_task_fair+0x98e/0x17c0
[ 32.886135] ? finish_task_switch+0x1f5/0x900
[ 32.890621] ? _raw_spin_unlock_irq+0x27/0x80
[ 32.895105] ? _raw_spin_unlock_irq+0x27/0x80
[ 32.899586] ? lockdep_hardirqs_on+0x421/0x5c0
[ 32.904153] ? trace_hardirqs_on+0xbd/0x310
[ 32.908459] ? kasan_check_read+0x11/0x20
[ 32.912595] ? finish_task_switch+0x1f5/0x900
[ 32.917081] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 32.922518] ? compat_start_thread+0x80/0x80
[ 32.926916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.932441] ? kasan_check_write+0x14/0x20
[ 32.936665] ? finish_task_switch+0x2f5/0x900
[ 32.941147] ? __switch_to_asm+0x40/0x70
[ 32.945194] ? preempt_notifier_register+0x200/0x200
[ 32.950283] ? __switch_to_asm+0x34/0x70
[ 32.954327] ? __switch_to_asm+0x34/0x70
[ 32.958394] ? __switch_to_asm+0x40/0x70
[ 32.962439] ? __switch_to_asm+0x34/0x70
[ 32.966485] ? __switch_to_asm+0x40/0x70
[ 32.970526] ? __switch_to_asm+0x34/0x70
[ 32.974567] ? __switch_to_asm+0x40/0x70
[ 32.978613] ? __switch_to_asm+0x34/0x70
[ 32.982664] ? pvclock_read_flags+0x160/0x160
[ 32.987144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.992668] ? check_preemption_disabled+0x48/0x200
[ 32.997683] ? check_preemption_disabled+0x48/0x200
[ 33.002710] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[ 33.008233] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 33.013494] ? rcu_pm_notify+0xc0/0xc0
[ 33.017395] __do_softirq+0x30b/0xad8
[ 33.021191] ? __irqentry_text_end+0x1f9618/0x1f9618
[ 33.026294] ? schedule+0x108/0x460
[ 33.029907] ? __schedule+0x1ed0/0x1ed0
[ 33.033870] ? trace_hardirqs_off+0xb8/0x310
[ 33.038262] ? ___might_sleep+0x1ed/0x300
[ 33.042397] ? smpboot_thread_fn+0x68b/0xa00
[ 33.046791] ? trace_hardirqs_on+0x310/0x310
[ 33.051184] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 33.056730] ? check_preemption_disabled+0x48/0x200
[ 33.061751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.067283] ? takeover_tasklets+0xa90/0xa90
[ 33.071678] run_ksoftirqd+0x94/0x100
[ 33.075477] smpboot_thread_fn+0x68b/0xa00
[ 33.079699] ? sort_range+0x30/0x30
[ 33.083328] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 33.088419] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 33.093948] ? __kthread_parkme+0xfb/0x1a0
[ 33.098169] kthread+0x35a/0x420
[ 33.101516] ? sort_range+0x30/0x30
[ 33.105162] ? kthread_bind+0x40/0x40
[ 33.108953] ret_from_fork+0x3a/0x50
[ 33.112650]
[ 33.114254] Allocated by task 3559:
[ 33.117862] save_stack+0x43/0xd0
[ 33.121308] kasan_kmalloc+0xc7/0xe0
[ 33.125006] kmem_cache_alloc_trace+0x152/0x750
[ 33.129657] kernfs_fop_open+0x358/0xf90
[ 33.133713] do_dentry_open+0x499/0x1250
[ 33.137756] vfs_open+0xa0/0xd0
[ 33.141017] path_openat+0x12bf/0x5160
[ 33.144881] do_filp_open+0x255/0x380
[ 33.148661] do_sys_open+0x568/0x700
[ 33.152353] __x64_sys_open+0x7e/0xc0
[ 33.156177] do_syscall_64+0x1b9/0x820
[ 33.160056] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 33.165221]
[ 33.166826] Freed by task 3559:
[ 33.170101] save_stack+0x43/0xd0
[ 33.173535] __kasan_slab_free+0x102/0x150
[ 33.177748] kasan_slab_free+0xe/0x10
[ 33.181529] kfree+0xcf/0x230
[ 33.184622] kernfs_fop_release+0x12b/0x1a0
[ 33.188922] __fput+0x385/0xa30
[ 33.192183] ____fput+0x15/0x20
[ 33.195441] task_work_run+0x1e8/0x2a0
[ 33.199312] exit_to_usermode_loop+0x318/0x380
[ 33.203872] do_syscall_64+0x6be/0x820
[ 33.207757] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 33.213269]
[ 33.214876] The buggy address belongs to the object at ffff8801bc3c9c80
[ 33.214876] which belongs to the cache kmalloc-512 of size 512
[ 33.227512] The buggy address is located 368 bytes to the right of
[ 33.227512] 512-byte region [ffff8801bc3c9c80, ffff8801bc3c9e80)
[ 33.239899] The buggy address belongs to the page:
[ 33.244809] page:ffffea0006f0f240 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0
[ 33.252955] flags: 0x2fffc0000000100(slab)
[ 33.257173] raw: 02fffc0000000100 ffffea0006ee1408 ffffea0007619c08 ffff8801da800940
[ 33.265036] raw: 0000000000000000 ffff8801bc3c9000 0000000100000006 0000000000000000
[ 33.272894] page dumped because: kasan: bad access detected
[ 33.278580]
[ 33.280186] Memory state around the buggy address:
[ 33.285092] ffff8801bc3c9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.292429] ffff8801bc3c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.299769] >ffff8801bc3c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.307105] ^
[ 33.314096] ffff8801bc3ca000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.321438] ffff8801bc3ca080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 33.328775] ==================================================================
[ 33.336109] Disabling lock debugging due to kernel taint
[ 33.341600] Kernel panic - not syncing: panic_on_warn set ...
[ 33.341600]
[ 33.348978] CPU: 1 PID: 18 Comm: ksoftirqd/1 Tainted: G B 4.19.0-rc4+ #227
[ 33.357282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.366626] Call Trace:
[ 33.369216] dump_stack+0x1c4/0x2b4
[ 33.372842] ? dump_stack_print_info.cold.2+0x52/0x52
[ 33.378029] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 33.382787] panic+0x238/0x4e7
[ 33.385976] ? add_taint.cold.5+0x16/0x16
[ 33.390122] ? trace_hardirqs_on+0x9a/0x310
[ 33.394443] ? trace_hardirqs_on+0xb4/0x310
[ 33.398765] ? trace_hardirqs_on+0xb4/0x310
[ 33.403087] kasan_end_report+0x47/0x4f
[ 33.407060] kasan_report.cold.9+0x76/0x309
[ 33.411380] ? tls_write_space+0x29d/0x2d0
[ 33.415624] __asan_report_load8_noabort+0x14/0x20
[ 33.420551] tls_write_space+0x29d/0x2d0
[ 33.424609] ? tcp_sndbuf_expand+0x250/0x2c0
[ 33.429019] tcp_check_space+0x53f/0x920
[ 33.433079] ? tcp_prune_ofo_queue.part.52+0x8e0/0x8e0
[ 33.438354] ? tcp_xmit_recovery.part.65+0x130/0x130
[ 33.443465] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 33.449002] tcp_rcv_established+0xde8/0x2120
[ 33.453500] ? tcp_data_queue+0x4790/0x4790
[ 33.457823] ? graph_lock+0x170/0x170
[ 33.461620] ? tcp_v6_rcv+0x2d01/0x38a0
[ 33.465597] ? lock_release+0x970/0x970
[ 33.469577] tcp_v6_do_rcv+0x4b3/0x13c0
[ 33.473553] tcp_v6_rcv+0x2f7a/0x38a0
[ 33.477353] ? __sanitizer_cov_trace_cmp8+0x8/0x20
[ 33.482301] ? tcp_v6_reqsk_send_ack+0x380/0x380
[ 33.487061] ? __lock_is_held+0xb5/0x140
[ 33.491127] ip6_input_finish+0x3fc/0x1aa0
[ 33.495367] ? ip6_sublist_rcv+0xfb0/0xfb0
[ 33.499609] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 33.504627] ? nf_hook_slow+0x11e/0x1c0
[ 33.508609] ip6_input+0xe9/0x600
[ 33.512061] ? ip6_input_finish+0x1aa0/0x1aa0
[ 33.516554] ? ip6_sublist_rcv+0xfb0/0xfb0
[ 33.520787] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[ 33.526586] ? kasan_check_read+0x11/0x20
[ 33.530737] ? rcu_bh_qs+0xc0/0xc0
[ 33.534281] ip6_rcv_finish+0x17a/0x330
[ 33.538256] ipv6_rcv+0x113/0x640
[ 33.541711] ? ip6_rcv_core.isra.16+0x1e10/0x1e10
[ 33.546556] ? ip6_rcv_finish_core.isra.13+0x720/0x720
[ 33.551834] ? lock_acquire+0x1ed/0x520
[ 33.555807] ? process_backlog+0x1a6/0x760
[ 33.560041] __netif_receive_skb_one_core+0x14d/0x200
[ 33.565229] ? __netif_receive_skb_core+0x3b60/0x3b60
[ 33.570423] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 33.575698] ? rcu_bh_qs+0xc0/0xc0
[ 33.579234] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 33.584681] __netif_receive_skb+0x2c/0x1e0
[ 33.589003] process_backlog+0x217/0x760
[ 33.593063] net_rx_action+0x7c5/0x1950
[ 33.597042] ? napi_complete_done+0x6d0/0x6d0
[ 33.601532] ? reweight_task+0x130/0x130
[ 33.605853] ? pick_next_task_fair+0x98e/0x17c0
[ 33.610544] ? finish_task_switch+0x1f5/0x900
[ 33.615049] ? _raw_spin_unlock_irq+0x27/0x80
[ 33.619544] ? _raw_spin_unlock_irq+0x27/0x80
[ 33.624040] ? lockdep_hardirqs_on+0x421/0x5c0
[ 33.628620] ? trace_hardirqs_on+0xbd/0x310
[ 33.632939] ? kasan_check_read+0x11/0x20
[ 33.637093] ? finish_task_switch+0x1f5/0x900
[ 33.641587] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 33.647049] ? compat_start_thread+0x80/0x80
[ 33.651457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.656996] ? kasan_check_write+0x14/0x20
[ 33.661231] ? finish_task_switch+0x2f5/0x900
[ 33.665730] ? __switch_to_asm+0x40/0x70
[ 33.669792] ? preempt_notifier_register+0x200/0x200
[ 33.674888] ? __switch_to_asm+0x34/0x70
[ 33.678947] ? __switch_to_asm+0x34/0x70
[ 33.683003] ? __switch_to_asm+0x40/0x70
[ 33.687058] ? __switch_to_asm+0x34/0x70
[ 33.691116] ? __switch_to_asm+0x40/0x70
[ 33.695171] ? __switch_to_asm+0x34/0x70
[ 33.699229] ? __switch_to_asm+0x40/0x70
[ 33.703285] ? __switch_to_asm+0x34/0x70
[ 33.707347] ? pvclock_read_flags+0x160/0x160
[ 33.711856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.717399] ? check_preemption_disabled+0x48/0x200
[ 33.722420] ? check_preemption_disabled+0x48/0x200
[ 33.727441] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[ 33.732977] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[ 33.738752] ? rcu_pm_notify+0xc0/0xc0
[ 33.742647] __do_softirq+0x30b/0xad8
[ 33.746452] ? __irqentry_text_end+0x1f9618/0x1f9618
[ 33.751557] ? schedule+0x108/0x460
[ 33.755184] ? __schedule+0x1ed0/0x1ed0
[ 33.759162] ? trace_hardirqs_off+0xb8/0x310
[ 33.763568] ? ___might_sleep+0x1ed/0x300
[ 33.767715] ? smpboot_thread_fn+0x68b/0xa00
[ 33.772123] ? trace_hardirqs_on+0x310/0x310
[ 33.776532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 33.782067] ? check_preemption_disabled+0x48/0x200
[ 33.787079] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.792613] ? takeover_tasklets+0xa90/0xa90
[ 33.797018] run_ksoftirqd+0x94/0x100
[ 33.800815] smpboot_thread_fn+0x68b/0xa00
[ 33.805047] ? sort_range+0x30/0x30
[ 33.808674] ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 33.813776] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 33.819311] ? __kthread_parkme+0xfb/0x1a0
[ 33.823543] kthread+0x35a/0x420
[ 33.826902] ? sort_range+0x30/0x30
[ 33.830534] ? kthread_bind+0x40/0x40
[ 33.834333] ret_from_fork+0x3a/0x50
[ 33.838968] Kernel Offset: disabled
[ 33.842592] Rebooting in 86400 seconds..