[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.878680] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.583636] random: sshd: uninitialized urandom read (32 bytes read) [ 24.089968] random: sshd: uninitialized urandom read (32 bytes read) [ 24.790397] random: sshd: uninitialized urandom read (32 bytes read) [ 24.925290] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. [ 30.332687] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program [ 30.464367] ================================================================== [ 30.465098] kasan: CONFIG_KASAN_INLINE enabled [ 30.471791] BUG: KASAN: stack-out-of-bounds in __handle_mm_fault+0x3aa3/0x4460 [ 30.471800] Read of size 8 at addr ffff8801ab353d18 by task sshd/4469 [ 30.471802] [ 30.471815] CPU: 1 PID: 4469 Comm: sshd Not tainted 4.18.0-rc3+ #130 [ 30.471821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.471829] Call Trace: [ 30.476424] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 30.483781] dump_stack+0x1c9/0x2b4 [ 30.483795] ? dump_stack_print_info.cold.2+0x52/0x52 [ 30.483807] ? printk+0xa7/0xcf [ 30.483821] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 30.490396] general protection fault: 0000 [#1] SMP KASAN [ 30.491991] ? __handle_mm_fault+0x3aa3/0x4460 [ 30.498470] CPU: 0 PID: 4484 Comm: syz-executor008 Not tainted 4.18.0-rc3+ #130 [ 30.507812] print_address_description+0x6c/0x20b [ 30.510369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.517726] ? __handle_mm_fault+0x3aa3/0x4460 [ 30.521326] RIP: 0010:bpf_tcp_close+0x215/0x1050 [ 30.526496] kasan_report.cold.7+0x242/0x2fe [ 30.529745] Code: [ 30.534491] __asan_report_load8_noabort+0x14/0x20 [ 30.539994] ------------[ cut here ]------------ [ 30.544578] __handle_mm_fault+0x3aa3/0x4460 [ 30.552011] Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLAB object 'TCPv6' (offset 592, size 64)! [ 30.556833] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 30.566280] WARNING: CPU: 0 PID: 4484 at mm/usercopy.c:81 usercopy_warn+0xf5/0x120 [ 30.570736] ? lock_release+0xa30/0xa30 [ 30.575457] Kernel panic - not syncing: panic_on_warn set ... [ 30.575457] [ 30.579851] ? check_same_owner+0x340/0x340 [ 30.636311] ? ktime_get_ts64+0x3a5/0x530 [ 30.640455] ? lock_acquire+0x1e4/0x540 [ 30.644421] ? handle_mm_fault+0x417/0xc80 [ 30.648653] ? lock_downgrade+0x8f0/0x8f0 [ 30.652787] ? lock_release+0xa30/0xa30 [ 30.656757] ? lock_release+0xa30/0xa30 [ 30.660729] ? __set_task_blocked+0x219/0x320 [ 30.665218] ? mem_cgroup_from_task+0xcb/0x1f0 [ 30.669798] ? percpu_ref_tryget_live+0x310/0x310 [ 30.674660] handle_mm_fault+0x53e/0xc80 [ 30.678718] ? __handle_mm_fault+0x4460/0x4460 [ 30.683292] ? find_vma+0x34/0x190 [ 30.686823] __do_page_fault+0x620/0xe50 [ 30.690875] ? mm_fault_error+0x380/0x380 [ 30.695031] ? syscall_slow_exit_work+0x500/0x500 [ 30.699877] do_page_fault+0xf6/0x8c0 [ 30.703671] ? vmalloc_sync_all+0x30/0x30 [ 30.707834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.713363] ? do_syscall_64+0x497/0x820 [ 30.717428] ? syscall_return_slowpath+0x5e0/0x5e0 [ 30.722345] ? syscall_return_slowpath+0x31d/0x5e0 [ 30.727260] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 30.732264] ? prepare_exit_to_usermode+0x291/0x3b0 [ 30.737355] ? page_fault+0x8/0x30 [ 30.740883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.745719] ? page_fault+0x8/0x30 [ 30.749252] page_fault+0x1e/0x30 [ 30.752699] RIP: 0033:0x55b971b3e3db [ 30.756402] Code: 89 5c 24 d0 48 89 6c 24 d8 48 89 fb 4c 89 64 24 e0 4c 89 6c 24 e8 48 89 f5 4c 89 74 24 f0 4c 89 7c 24 f8 48 81 ec b8 00 00 00 <64> 48 8b 04 25 28 00 00 00 48 89 44 24 78 31 c0 49 89 d4 e8 ad d9 [ 30.775618] RSP: 002b:00007ffda8e118f0 EFLAGS: 00010206 [ 30.780979] RAX: 000055b971b3e3b0 RBX: 000055b971ee7f30 RCX: 00007efcf2abb3e0 [ 30.789725] RDX: 000055b971ee6ab0 RSI: 000055b971ee6ad0 RDI: 000055b971ee7f30 [ 30.797243] RBP: 000055b971ee6ad0 R08: 00007ffda8e119a0 R09: 0101010101010101 [ 30.804513] R10: 0000000000000008 R11: 0000000000000000 R12: 000055b971d88dc0 [ 30.811784] R13: 000055b971ee6ad0 R14: 000055b971ee6ab0 R15: 0000000000000050 [ 30.819045] [ 30.820654] The buggy address belongs to the page: [ 30.825569] page:ffffea0006acd4c0 count:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 30.833723] flags: 0x2fffc0000000000() [ 30.837607] raw: 02fffc0000000000 dead000000000100 0000000000000000 0000000000000000 [ 30.845483] raw: 0000000000000000 ffff8801bec434d0 00000001ffffffff 0000000000000000 [ 30.853344] page dumped because: kasan: bad access detected [ 30.859035] [ 30.860650] Memory state around the buggy address: [ 30.865571] ffff8801ab353c00: f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00 [ 30.872931] ffff8801ab353c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 30.880279] >ffff8801ab353d00: f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 [ 30.887622] ^ [ 30.891768] ffff8801ab353d80: f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 [ 30.899125] ffff8801ab353e00: f2 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 [ 30.906467] ================================================================== [ 30.914295] Dumping ftrace buffer: [ 30.917866] (ftrace buffer empty) [ 30.921558] Kernel Offset: disabled [ 30.925170] Rebooting in 86400 seconds..