[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.409586] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.969113] random: sshd: uninitialized urandom read (32 bytes read) [ 22.201346] random: sshd: uninitialized urandom read (32 bytes read) [ 23.070380] random: sshd: uninitialized urandom read (32 bytes read) [ 23.225331] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts. [ 28.744693] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 28.838415] ================================================================== [ 28.845863] BUG: KASAN: slab-out-of-bounds in process_preds+0x3ecf/0x4160 [ 28.852770] Write of size 4 at addr ffff8801d3154cf0 by task syz-executor932/4525 [ 28.860363] [ 28.861979] CPU: 1 PID: 4525 Comm: syz-executor932 Not tainted 4.17.0+ #105 [ 28.869065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.878404] Call Trace: [ 28.880975] dump_stack+0x1c9/0x2b4 [ 28.884596] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.889764] ? printk+0xa7/0xcf [ 28.893033] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 28.897791] ? process_preds+0x3ecf/0x4160 [ 28.902018] print_address_description+0x6c/0x20b [ 28.906839] ? process_preds+0x3ecf/0x4160 [ 28.911052] kasan_report.cold.7+0x242/0x2fe [ 28.915440] __asan_report_store4_noabort+0x17/0x20 [ 28.920434] process_preds+0x3ecf/0x4160 [ 28.924481] ? filter_parse_regex+0x2b0/0x2b0 [ 28.928960] ? create_filter_start.constprop.14+0xfb/0x2b0 [ 28.934563] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.939559] ? kmem_cache_alloc_trace+0x616/0x780 [ 28.944389] ? create_filter_start.constprop.14+0x55/0x2b0 [ 28.949992] create_filter+0x167/0x280 [ 28.953862] ? process_preds+0x4160/0x4160 [ 28.958080] ftrace_profile_set_filter+0x135/0x2f0 [ 28.962988] ? ftrace_profile_free_filter+0x70/0x70 [ 28.967986] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 28.973504] ? memdup_user+0x6b/0xa0 [ 28.977200] perf_event_set_filter+0x251/0x1260 [ 28.981850] ? mutex_trylock+0x2b0/0x2b0 [ 28.985894] ? __mutex_lock+0x7e8/0x1820 [ 28.989939] ? graph_lock+0x170/0x170 [ 28.993728] ? graph_lock+0x170/0x170 [ 28.997509] ? perf_pmu_unregister+0x540/0x540 [ 29.002071] ? mutex_trylock+0x2b0/0x2b0 [ 29.006114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.011632] ? smp_call_function_single+0x2d6/0x5c0 [ 29.016634] ? find_held_lock+0x36/0x1c0 [ 29.020684] ? graph_lock+0x170/0x170 [ 29.024466] ? lock_downgrade+0x8f0/0x8f0 [ 29.028597] _perf_ioctl+0x865/0x1600 [ 29.032385] ? __do_sys_perf_event_open+0x30f0/0x30f0 [ 29.037556] ? lock_downgrade+0x8f0/0x8f0 [ 29.041686] ? kasan_check_read+0x11/0x20 [ 29.045815] ? rcu_is_watching+0x8c/0x150 [ 29.049941] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 29.054331] ? mutex_lock_nested+0x16/0x20 [ 29.058557] ? mutex_lock_nested+0x16/0x20 [ 29.062772] ? perf_event_ctx_lock_nested+0x415/0x500 [ 29.067943] ? trace_hardirqs_on_caller+0x371/0x5c0 [ 29.072938] ? perf_event_read_event+0x450/0x450 [ 29.077676] ? fd_install+0x4d/0x60 [ 29.081283] ? __do_sys_perf_event_open+0x7c7/0x30f0 [ 29.086367] perf_ioctl+0x59/0x80 [ 29.089798] ? _perf_ioctl+0x1600/0x1600 [ 29.093839] do_vfs_ioctl+0x1de/0x1720 [ 29.097708] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 29.103237] ? ioctl_preallocate+0x300/0x300 [ 29.107627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.113144] ? __fget_light+0x2f7/0x440 [ 29.117099] ? fget_raw+0x20/0x20 [ 29.120542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.126059] ? __do_page_fault+0x449/0xe50 [ 29.130276] ? mm_fault_error+0x380/0x380 [ 29.134402] ? security_file_ioctl+0x94/0xc0 [ 29.138795] ksys_ioctl+0xa9/0xd0 [ 29.142234] __x64_sys_ioctl+0x73/0xb0 [ 29.146101] do_syscall_64+0x1b9/0x820 [ 29.149968] ? syscall_return_slowpath+0x5e0/0x5e0 [ 29.154890] ? syscall_return_slowpath+0x31d/0x5e0 [ 29.159800] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 29.165146] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.169978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.175147] RIP: 0033:0x43fdb9 [ 29.178311] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 [ 29.197484] RSP: 002b:00007ffd9ad777c8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 29.205177] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9 [ 29.212431] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000003 [ 29.219681] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 29.226932] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0 [ 29.234180] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000 [ 29.241433] [ 29.243036] Allocated by task 1: [ 29.246385] save_stack+0x43/0xd0 [ 29.249818] kasan_kmalloc+0xc4/0xe0 [ 29.253523] kmem_cache_alloc_trace+0x152/0x780 [ 29.258171] __kthread_create_on_node+0x127/0x4c0 [ 29.263002] kthread_create_on_node+0xb1/0xe0 [ 29.267475] cryptomgr_notify+0x5ac/0xb90 [ 29.271600] notifier_call_chain+0x180/0x390 [ 29.275987] blocking_notifier_call_chain+0x147/0x190 [ 29.281154] crypto_probing_notify+0x26/0x80 [ 29.285540] crypto_wait_for_test+0x42/0xe0 [ 29.289839] crypto_register_alg+0xc0/0xe0 [ 29.294050] crypto_register_shash+0x35/0x50 [ 29.298434] crypto_register_shashes+0x5d/0xe0 [ 29.302994] sha3_generic_mod_init+0x1a/0x1c [ 29.307381] do_one_initcall+0x127/0x913 [ 29.311421] kernel_init_freeable+0x49b/0x58e [ 29.315895] kernel_init+0x11/0x1b3 [ 29.319502] ret_from_fork+0x3a/0x50 [ 29.323199] [ 29.324804] Freed by task 1: [ 29.327802] save_stack+0x43/0xd0 [ 29.331233] __kasan_slab_free+0x11a/0x170 [ 29.335444] kasan_slab_free+0xe/0x10 [ 29.339221] kfree+0xd9/0x260 [ 29.342306] __kthread_create_on_node+0x34a/0x4c0 [ 29.347124] kthread_create_on_node+0xb1/0xe0 [ 29.351603] cryptomgr_notify+0x5ac/0xb90 [ 29.355730] notifier_call_chain+0x180/0x390 [ 29.360124] blocking_notifier_call_chain+0x147/0x190 [ 29.365294] crypto_probing_notify+0x26/0x80 [ 29.369681] crypto_wait_for_test+0x42/0xe0 [ 29.373979] crypto_register_alg+0xc0/0xe0 [ 29.378191] crypto_register_shash+0x35/0x50 [ 29.382578] crypto_register_shashes+0x5d/0xe0 [ 29.387141] sha3_generic_mod_init+0x1a/0x1c [ 29.391527] do_one_initcall+0x127/0x913 [ 29.395565] kernel_init_freeable+0x49b/0x58e [ 29.400038] kernel_init+0x11/0x1b3 [ 29.403646] ret_from_fork+0x3a/0x50 [ 29.407333] [ 29.408938] The buggy address belongs to the object at ffff8801d3154c80 [ 29.408938] which belongs to the cache kmalloc-64 of size 64 [ 29.421404] The buggy address is located 48 bytes to the right of [ 29.421404] 64-byte region [ffff8801d3154c80, ffff8801d3154cc0) [ 29.433607] The buggy address belongs to the page: [ 29.438514] page:ffffea00074c5500 count:1 mapcount:0 mapping:ffff8801da800340 index:0x0 [ 29.446643] flags: 0x2fffc0000000100(slab) [ 29.450859] raw: 02fffc0000000100 ffffea00074ad188 ffff8801da801348 ffff8801da800340 [ 29.458726] raw: 0000000000000000 ffff8801d3154000 0000000100000020 0000000000000000 [ 29.466581] page dumped because: kasan: bad access detected [ 29.472268] [ 29.473871] Memory state around the buggy address: [ 29.478777] ffff8801d3154b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.486113] ffff8801d3154c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.493451] >ffff8801d3154c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.500785] ^ [ 29.507774] ffff8801d3154d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.515111] ffff8801d3154d80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.522443] ================================================================== [ 29.529776] Disabling lock debugging due to kernel taint [ 29.535263] Kernel panic - not syncing: panic_on_warn set ... [ 29.535263] [ 29.542625] CPU: 1 PID: 4525 Comm: syz-executor932 Tainted: G B 4.17.0+ #105 [ 29.551098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.560426] Call Trace: [ 29.562998] dump_stack+0x1c9/0x2b4 [ 29.566971] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.572141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.576876] panic+0x238/0x4e7 [ 29.580046] ? add_taint.cold.5+0x16/0x16 [ 29.584172] ? do_raw_spin_unlock+0xa7/0x2f0 [ 29.588559] ? process_preds+0x3ecf/0x4160 [ 29.592774] kasan_end_report+0x47/0x4f [ 29.596724] kasan_report.cold.7+0x76/0x2fe [ 29.601029] __asan_report_store4_noabort+0x17/0x20 [ 29.606030] process_preds+0x3ecf/0x4160 [ 29.610077] ? filter_parse_regex+0x2b0/0x2b0 [ 29.614549] ? create_filter_start.constprop.14+0xfb/0x2b0 [ 29.620151] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.625145] ? kmem_cache_alloc_trace+0x616/0x780 [ 29.629967] ? create_filter_start.constprop.14+0x55/0x2b0 [ 29.635571] create_filter+0x167/0x280 [ 29.639439] ? process_preds+0x4160/0x4160 [ 29.643651] ftrace_profile_set_filter+0x135/0x2f0 [ 29.648558] ? ftrace_profile_free_filter+0x70/0x70 [ 29.653552] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.659068] ? memdup_user+0x6b/0xa0 [ 29.662760] perf_event_set_filter+0x251/0x1260 [ 29.667414] ? mutex_trylock+0x2b0/0x2b0 [ 29.671450] ? __mutex_lock+0x7e8/0x1820 [ 29.675487] ? graph_lock+0x170/0x170 [ 29.679272] ? graph_lock+0x170/0x170 [ 29.683052] ? perf_pmu_unregister+0x540/0x540 [ 29.687618] ? mutex_trylock+0x2b0/0x2b0 [ 29.691654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.697166] ? smp_call_function_single+0x2d6/0x5c0 [ 29.702161] ? find_held_lock+0x36/0x1c0 [ 29.706198] ? graph_lock+0x170/0x170 [ 29.709975] ? lock_downgrade+0x8f0/0x8f0 [ 29.714104] _perf_ioctl+0x865/0x1600 [ 29.717879] ? __do_sys_perf_event_open+0x30f0/0x30f0 [ 29.723052] ? lock_downgrade+0x8f0/0x8f0 [ 29.727179] ? kasan_check_read+0x11/0x20 [ 29.731302] ? rcu_is_watching+0x8c/0x150 [ 29.735435] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 29.739822] ? mutex_lock_nested+0x16/0x20 [ 29.744036] ? mutex_lock_nested+0x16/0x20 [ 29.748251] ? perf_event_ctx_lock_nested+0x415/0x500 [ 29.753419] ? trace_hardirqs_on_caller+0x371/0x5c0 [ 29.758410] ? perf_event_read_event+0x450/0x450 [ 29.763145] ? fd_install+0x4d/0x60 [ 29.766752] ? __do_sys_perf_event_open+0x7c7/0x30f0 [ 29.771840] perf_ioctl+0x59/0x80 [ 29.775272] ? _perf_ioctl+0x1600/0x1600 [ 29.779310] do_vfs_ioctl+0x1de/0x1720 [ 29.783184] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 29.788697] ? ioctl_preallocate+0x300/0x300 [ 29.793081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.798595] ? __fget_light+0x2f7/0x440 [ 29.802548] ? fget_raw+0x20/0x20 [ 29.805984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.811501] ? __do_page_fault+0x449/0xe50 [ 29.815714] ? mm_fault_error+0x380/0x380 [ 29.819841] ? security_file_ioctl+0x94/0xc0 [ 29.824227] ksys_ioctl+0xa9/0xd0 [ 29.827658] __x64_sys_ioctl+0x73/0xb0 [ 29.831532] do_syscall_64+0x1b9/0x820 [ 29.835399] ? syscall_return_slowpath+0x5e0/0x5e0 [ 29.840306] ? syscall_return_slowpath+0x31d/0x5e0 [ 29.845215] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 29.850558] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.855378] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.860556] RIP: 0033:0x43fdb9 [ 29.863718] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 [ 29.882832] RSP: 002b:00007ffd9ad777c8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 29.890524] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9 [ 29.897774] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000003 [ 29.905026] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 29.912275] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0 [ 29.919519] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000 [ 29.927245] Dumping ftrace buffer: [ 29.930765] (ftrace buffer empty) [ 29.934449] Kernel Offset: disabled [ 29.938052] Rebooting in 86400 seconds..