[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 20.006081] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 23.130737] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.519903] random: sshd: uninitialized urandom read (32 bytes read)
[ 24.239752] random: sshd: uninitialized urandom read (32 bytes read)
[ 29.537991] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts.
[ 35.226528] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 35.327205] ==================================================================
[ 35.334701] BUG: KASAN: slab-out-of-bounds in process_preds+0x191f/0x19d0
[ 35.341622] Write of size 4 at addr ffff8801cdbe75f0 by task syz-executor761/4521
[ 35.349371]
[ 35.351002] CPU: 0 PID: 4521 Comm: syz-executor761 Not tainted 4.17.0-rc3+ #30
[ 35.358348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.367687] Call Trace:
[ 35.370273] dump_stack+0x1b9/0x294
[ 35.373896] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.379077] ? printk+0x9e/0xba
[ 35.382345] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 35.387093] ? kasan_check_write+0x14/0x20
[ 35.391322] print_address_description+0x6c/0x20b
[ 35.396157] ? process_preds+0x191f/0x19d0
[ 35.400380] kasan_report.cold.7+0x242/0x2fe
[ 35.404792] __asan_report_store4_noabort+0x17/0x20
[ 35.409798] process_preds+0x191f/0x19d0
[ 35.413866] ? parse_pred+0x28e0/0x28e0
[ 35.417838] ? create_filter_start.constprop.12+0x55/0x2b0
[ 35.423461] create_filter+0x155/0x270
[ 35.427345] ? process_preds+0x19d0/0x19d0
[ 35.431601] ftrace_profile_set_filter+0x130/0x2e0
[ 35.436527] ? ftrace_profile_free_filter+0x70/0x70
[ 35.441532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 35.447058] ? memdup_user+0x6b/0xa0
[ 35.450771] perf_event_set_filter+0x248/0x1230
[ 35.455428] ? perf_tp_event+0xc30/0xc30
[ 35.459488] ? mutex_trylock+0x2a0/0x2a0
[ 35.463542] ? perf_pmu_unregister+0x530/0x530
[ 35.468120] ? perf_trace_lock_acquire+0x4f1/0x980
[ 35.473053] ? perf_trace_lock+0x900/0x900
[ 35.477278] ? perf_tp_event+0xc30/0xc30
[ 35.481330] ? graph_lock+0x170/0x170
[ 35.485122] ? memset+0x31/0x40
[ 35.488405] ? perf_trace_lock_acquire+0x4f1/0x980
[ 35.493325] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 35.498521] _perf_ioctl+0x84c/0x15e0
[ 35.502314] ? __do_sys_perf_event_open+0x2fa0/0x2fa0
[ 35.507502] ? lock_downgrade+0x8e0/0x8e0
[ 35.511648] ? kasan_check_read+0x11/0x20
[ 35.515784] ? rcu_is_watching+0x85/0x140
[ 35.519923] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 35.525112] ? mutex_lock_nested+0x16/0x20
[ 35.529367] ? mutex_lock_nested+0x16/0x20
[ 35.533590] ? perf_event_ctx_lock_nested+0x40d/0x4e0
[ 35.538783] ? perf_event_read_event+0x430/0x430
[ 35.543530] ? find_held_lock+0x36/0x1c0
[ 35.547610] perf_ioctl+0x59/0x80
[ 35.551055] ? _perf_ioctl+0x15e0/0x15e0
[ 35.555117] do_vfs_ioctl+0x1cf/0x16a0
[ 35.558992] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 35.564535] ? ioctl_preallocate+0x2e0/0x2e0
[ 35.568932] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 35.573940] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 35.578695] ? retint_kernel+0x10/0x10
[ 35.582584] ? ksys_ioctl+0x3e/0xd0
[ 35.586206] ? security_file_ioctl+0x94/0xc0
[ 35.590609] ksys_ioctl+0xa9/0xd0
[ 35.594063] __x64_sys_ioctl+0x73/0xb0
[ 35.597949] do_syscall_64+0x1b1/0x800
[ 35.601825] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 35.606659] ? syscall_return_slowpath+0x5c0/0x5c0
[ 35.611591] ? syscall_return_slowpath+0x30f/0x5c0
[ 35.616517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.622045] ? retint_user+0x18/0x18
[ 35.625757] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.630608] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.635785] RIP: 0033:0x43fdb9
[ 35.638962] RSP: 002b:00007ffee9537e98 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[ 35.646666] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[ 35.653925] RDX: 0000000020000000 RSI: 0000000040082406 RDI: 0000000000000003
[ 35.661187] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 35.668444] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[ 35.675700] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[ 35.682982]
[ 35.684615] Allocated by task 1:
[ 35.687971] save_stack+0x43/0xd0
[ 35.691413] kasan_kmalloc+0xc4/0xe0
[ 35.695114] kmem_cache_alloc_trace+0x152/0x780
[ 35.699771] __kthread_create_on_node+0x127/0x4c0
[ 35.704674] kthread_create_on_node+0xa8/0xd0
[ 35.709174] init_rescuer.part.25+0x7f/0x190
[ 35.713586] __alloc_workqueue_key+0xdd1/0x1170
[ 35.718251] ceph_msgr_init+0x329/0x38f
[ 35.722221] init_ceph_lib+0x45/0xb6
[ 35.725927] do_one_initcall+0x127/0x913
[ 35.729982] kernel_init_freeable+0x49b/0x58e
[ 35.734467] kernel_init+0x11/0x1b3
[ 35.738081] ret_from_fork+0x3a/0x50
[ 35.741776]
[ 35.743391] Freed by task 1:
[ 35.746399] save_stack+0x43/0xd0
[ 35.749854] __kasan_slab_free+0x11a/0x170
[ 35.754079] kasan_slab_free+0xe/0x10
[ 35.757869] kfree+0xd9/0x260
[ 35.760963] __kthread_create_on_node+0x34a/0x4c0
[ 35.765792] kthread_create_on_node+0xa8/0xd0
[ 35.770285] init_rescuer.part.25+0x7f/0x190
[ 35.774696] __alloc_workqueue_key+0xdd1/0x1170
[ 35.779351] ceph_msgr_init+0x329/0x38f
[ 35.783309] init_ceph_lib+0x45/0xb6
[ 35.787011] do_one_initcall+0x127/0x913
[ 35.791062] kernel_init_freeable+0x49b/0x58e
[ 35.795544] kernel_init+0x11/0x1b3
[ 35.799158] ret_from_fork+0x3a/0x50
[ 35.802855]
[ 35.804473] The buggy address belongs to the object at ffff8801cdbe7580
[ 35.804473] which belongs to the cache kmalloc-64 of size 64
[ 35.816946] The buggy address is located 48 bytes to the right of
[ 35.816946] 64-byte region [ffff8801cdbe7580, ffff8801cdbe75c0)
[ 35.829157] The buggy address belongs to the page:
[ 35.834075] page:ffffea000736f9c0 count:1 mapcount:0 mapping:ffff8801cdbe7000 index:0xffff8801cdbe7b80
[ 35.843514] flags: 0x2fffc0000000100(slab)
[ 35.847747] raw: 02fffc0000000100 ffff8801cdbe7000 ffff8801cdbe7b80 000000010000001d
[ 35.855618] raw: ffffea000736ef60 ffff8801da801338 ffff8801da800340 0000000000000000
[ 35.863483] page dumped because: kasan: bad access detected
[ 35.869179]
[ 35.870789] Memory state around the buggy address:
[ 35.875703] ffff8801cdbe7480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 35.883054] ffff8801cdbe7500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 35.890399] >ffff8801cdbe7580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 35.897739] ^
[ 35.904738] ffff8801cdbe7600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 35.912085] ffff8801cdbe7680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 35.919426] ==================================================================
[ 35.926767] Disabling lock debugging due to kernel taint
[ 35.932405] Kernel panic - not syncing: panic_on_warn set ...
[ 35.932405]
[ 35.939767] CPU: 0 PID: 4521 Comm: syz-executor761 Tainted: G B 4.17.0-rc3+ #30
[ 35.948502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.957852] Call Trace:
[ 35.960431] dump_stack+0x1b9/0x294
[ 35.964052] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.969233] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 35.973981] ? process_preds+0x1870/0x19d0
[ 35.978206] panic+0x22f/0x4de
[ 35.981386] ? add_taint.cold.5+0x16/0x16
[ 35.985529] ? do_raw_spin_unlock+0x9e/0x2e0
[ 35.989933] ? do_raw_spin_unlock+0x9e/0x2e0
[ 35.994329] ? process_preds+0x191f/0x19d0
[ 35.998552] kasan_end_report+0x47/0x4f
[ 36.002522] kasan_report.cold.7+0x76/0x2fe
[ 36.006838] __asan_report_store4_noabort+0x17/0x20
[ 36.011839] process_preds+0x191f/0x19d0
[ 36.015903] ? parse_pred+0x28e0/0x28e0
[ 36.019872] ? create_filter_start.constprop.12+0x55/0x2b0
[ 36.025487] create_filter+0x155/0x270
[ 36.029367] ? process_preds+0x19d0/0x19d0
[ 36.033601] ftrace_profile_set_filter+0x130/0x2e0
[ 36.038521] ? ftrace_profile_free_filter+0x70/0x70
[ 36.043525] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 36.049052] ? memdup_user+0x6b/0xa0
[ 36.052761] perf_event_set_filter+0x248/0x1230
[ 36.057418] ? perf_tp_event+0xc30/0xc30
[ 36.061472] ? mutex_trylock+0x2a0/0x2a0
[ 36.065524] ? perf_pmu_unregister+0x530/0x530
[ 36.070102] ? perf_trace_lock_acquire+0x4f1/0x980
[ 36.075035] ? perf_trace_lock+0x900/0x900
[ 36.079255] ? perf_tp_event+0xc30/0xc30
[ 36.083310] ? graph_lock+0x170/0x170
[ 36.087102] ? memset+0x31/0x40
[ 36.090384] ? perf_trace_lock_acquire+0x4f1/0x980
[ 36.095303] ? __sanitizer_cov_trace_switch+0x53/0x90
[ 36.100484] _perf_ioctl+0x84c/0x15e0
[ 36.104293] ? __do_sys_perf_event_open+0x2fa0/0x2fa0
[ 36.109482] ? lock_downgrade+0x8e0/0x8e0
[ 36.113628] ? kasan_check_read+0x11/0x20
[ 36.117767] ? rcu_is_watching+0x85/0x140
[ 36.121909] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 36.127110] ? mutex_lock_nested+0x16/0x20
[ 36.131331] ? mutex_lock_nested+0x16/0x20
[ 36.135557] ? perf_event_ctx_lock_nested+0x40d/0x4e0
[ 36.140742] ? perf_event_read_event+0x430/0x430
[ 36.145487] ? find_held_lock+0x36/0x1c0
[ 36.149553] perf_ioctl+0x59/0x80
[ 36.152997] ? _perf_ioctl+0x15e0/0x15e0
[ 36.157046] do_vfs_ioctl+0x1cf/0x16a0
[ 36.160921] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 36.166457] ? ioctl_preallocate+0x2e0/0x2e0
[ 36.170852] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 36.175858] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 36.180609] ? retint_kernel+0x10/0x10
[ 36.184495] ? ksys_ioctl+0x3e/0xd0
[ 36.188115] ? security_file_ioctl+0x94/0xc0
[ 36.192515] ksys_ioctl+0xa9/0xd0
[ 36.195961] __x64_sys_ioctl+0x73/0xb0
[ 36.199837] do_syscall_64+0x1b1/0x800
[ 36.203714] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 36.208545] ? syscall_return_slowpath+0x5c0/0x5c0
[ 36.213462] ? syscall_return_slowpath+0x30f/0x5c0
[ 36.218383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 36.223904] ? retint_user+0x18/0x18
[ 36.227611] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 36.232448] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 36.237622] RIP: 0033:0x43fdb9
[ 36.240798] RSP: 002b:00007ffee9537e98 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[ 36.248497] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[ 36.255754] RDX: 0000000020000000 RSI: 0000000040082406 RDI: 0000000000000003
[ 36.263016] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 36.270282] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[ 36.277550] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[ 36.285218] Dumping ftrace buffer:
[ 36.288748] (ftrace buffer empty)
[ 36.292444] Kernel Offset: disabled
[ 36.296069] Rebooting in 86400 seconds..