[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.925668] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.708820] random: sshd: uninitialized urandom read (32 bytes read)
[   23.953045] random: sshd: uninitialized urandom read (32 bytes read)
[   24.710154] random: sshd: uninitialized urandom read (32 bytes read)
[   30.096170] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts.
[   35.529760] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   35.625669] ==================================================================
[   35.633194] BUG: KASAN: slab-out-of-bounds in process_preds+0x191f/0x19d0
[   35.640114] Write of size 4 at addr ffff8801cf82dc70 by task syz-executor134/4549
[   35.647722] 
[   35.649339] CPU: 1 PID: 4549 Comm: syz-executor134 Not tainted 4.17.0-rc6+ #61
[   35.656674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.666009] Call Trace:
[   35.668586]  dump_stack+0x1b9/0x294
[   35.672205]  ? dump_stack_print_info.cold.2+0x52/0x52
[   35.677377]  ? printk+0x9e/0xba
[   35.680654]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   35.685393]  ? kasan_check_write+0x14/0x20
[   35.689611]  print_address_description+0x6c/0x20b
[   35.694434]  ? process_preds+0x191f/0x19d0
[   35.698649]  kasan_report.cold.7+0x242/0x2fe
[   35.703040]  __asan_report_store4_noabort+0x17/0x20
[   35.708050]  process_preds+0x191f/0x19d0
[   35.712112]  ? parse_pred+0x28e0/0x28e0
[   35.716594]  ? create_filter_start.constprop.12+0x55/0x2b0
[   35.722200]  create_filter+0x155/0x270
[   35.726072]  ? process_preds+0x19d0/0x19d0
[   35.730295]  ftrace_profile_set_filter+0x130/0x2e0
[   35.735215]  ? ftrace_profile_free_filter+0x70/0x70
[   35.740220]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   35.745746]  ? memdup_user+0x6b/0xa0
[   35.749452]  perf_event_set_filter+0x248/0x1230
[   35.754110]  ? kasan_check_write+0x14/0x20
[   35.758337]  ? mutex_trylock+0x2a0/0x2a0
[   35.762381]  ? perf_pmu_unregister+0x530/0x530
[   35.766958]  ? lockdep_init_map+0x9/0x10
[   35.770999]  ? debug_mutex_init+0x2d/0x60
[   35.775147]  ? perf_trace_lock+0xd6/0x900
[   35.779274]  ? perf_trace_lock+0xd6/0x900
[   35.783402]  ? zap_class+0x720/0x720
[   35.787105]  ? graph_lock+0x170/0x170
[   35.790904]  ? lock_downgrade+0x8e0/0x8e0
[   35.795049]  ? rcu_is_watching+0x85/0x140
[   35.799181]  ? __lock_is_held+0xb5/0x140
[   35.803227]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   35.808399]  _perf_ioctl+0x84c/0x15e0
[   35.812544]  ? __do_sys_perf_event_open+0x2fa0/0x2fa0
[   35.817718]  ? lock_downgrade+0x8e0/0x8e0
[   35.821848]  ? get_unused_fd_flags+0x190/0x190
[   35.826416]  ? rcu_is_watching+0x85/0x140
[   35.830547]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   35.835733]  ? mark_held_locks+0xc9/0x160
[   35.839868]  ? mutex_lock_nested+0x16/0x20
[   35.844087]  ? mutex_lock_nested+0x16/0x20
[   35.848301]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   35.853473]  ? perf_event_read_event+0x430/0x430
[   35.858212]  ? __do_sys_perf_event_open+0x7b4/0x2fa0
[   35.863304]  perf_ioctl+0x59/0x80
[   35.866746]  ? _perf_ioctl+0x15e0/0x15e0
[   35.870795]  do_vfs_ioctl+0x1cf/0x16a0
[   35.874666]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.880183]  ? ioctl_preallocate+0x2e0/0x2e0
[   35.884583]  ? fget_raw+0x20/0x20
[   35.888036]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.893555]  ? __do_page_fault+0x441/0xe40
[   35.897777]  ? security_file_ioctl+0x94/0xc0
[   35.902169]  ksys_ioctl+0xa9/0xd0
[   35.905616]  __x64_sys_ioctl+0x73/0xb0
[   35.909492]  do_syscall_64+0x1b1/0x800
[   35.913364]  ? syscall_return_slowpath+0x5c0/0x5c0
[   35.918282]  ? syscall_return_slowpath+0x30f/0x5c0
[   35.923198]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   35.928552]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.933379]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.938547] RIP: 0033:0x43fdb9
[   35.941720] RSP: 002b:00007ffd3d489408 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   35.949416] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   35.956664] RDX: 00000000200000c0 RSI: 0000000040082406 RDI: 0000000000000003
[   35.963912] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   35.971161] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   35.978408] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   35.985668] 
[   35.987274] Allocated by task 4545:
[   35.990890]  save_stack+0x43/0xd0
[   35.994324]  kasan_kmalloc+0xc4/0xe0
[   35.998021]  __kmalloc+0x14e/0x760
[   36.001546]  ext4_ext_remove_space+0x17d9/0x4b60
[   36.006283]  ext4_ext_truncate+0x1d1/0x220
[   36.010498]  ext4_truncate+0xecd/0x1640
[   36.014449]  ext4_setattr+0x17bf/0x2ac0
[   36.018403]  notify_change+0xbef/0x10c0
[   36.022358]  do_truncate+0x1a4/0x2a0
[   36.026050]  do_sys_ftruncate+0x492/0x560
[   36.030175]  __x64_sys_ftruncate+0x59/0x80
[   36.034390]  do_syscall_64+0x1b1/0x800
[   36.038262]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.043423] 
[   36.045036] Freed by task 4545:
[   36.048295]  save_stack+0x43/0xd0
[   36.051728]  __kasan_slab_free+0x11a/0x170
[   36.055941]  kasan_slab_free+0xe/0x10
[   36.059733]  kfree+0xd9/0x260
[   36.062821]  ext4_ext_remove_space+0x1507/0x4b60
[   36.067555]  ext4_ext_truncate+0x1d1/0x220
[   36.071767]  ext4_truncate+0xecd/0x1640
[   36.075717]  ext4_setattr+0x17bf/0x2ac0
[   36.079669]  notify_change+0xbef/0x10c0
[   36.083619]  do_truncate+0x1a4/0x2a0
[   36.087309]  do_sys_ftruncate+0x492/0x560
[   36.091433]  __x64_sys_ftruncate+0x59/0x80
[   36.095650]  do_syscall_64+0x1b1/0x800
[   36.099522]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.104685] 
[   36.106291] The buggy address belongs to the object at ffff8801cf82dc00
[   36.106291]  which belongs to the cache kmalloc-64 of size 64
[   36.118753] The buggy address is located 48 bytes to the right of
[   36.118753]  64-byte region [ffff8801cf82dc00, ffff8801cf82dc40)
[   36.130955] The buggy address belongs to the page:
[   36.135864] page:ffffea00073e0b40 count:1 mapcount:0 mapping:ffff8801cf82d000 index:0x0
[   36.143984] flags: 0x2fffc0000000100(slab)
[   36.148202] raw: 02fffc0000000100 ffff8801cf82d000 0000000000000000 0000000100000020
[   36.156067] raw: ffffea00074026e0 ffffea00073b3ca0 ffff8801da800340 0000000000000000
[   36.163920] page dumped because: kasan: bad access detected
[   36.169603] 
[   36.171218] Memory state around the buggy address:
[   36.176142]  ffff8801cf82db00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   36.183479]  ffff8801cf82db80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   36.190816] >ffff8801cf82dc00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   36.198150]                                                              ^
[   36.205140]  ffff8801cf82dc80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   36.212479]  ffff8801cf82dd00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   36.219813] ==================================================================
[   36.227148] Disabling lock debugging due to kernel taint
[   36.232721] Kernel panic - not syncing: panic_on_warn set ...
[   36.232721] 
[   36.240083] CPU: 1 PID: 4549 Comm: syz-executor134 Tainted: G    B             4.17.0-rc6+ #61
[   36.248807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.258136] Call Trace:
[   36.260711]  dump_stack+0x1b9/0x294
[   36.264318]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.269487]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   36.274226]  ? process_preds+0x1860/0x19d0
[   36.278440]  panic+0x22f/0x4de
[   36.281610]  ? add_taint.cold.5+0x16/0x16
[   36.285740]  ? do_raw_spin_unlock+0x9e/0x2e0
[   36.290126]  ? do_raw_spin_unlock+0x9e/0x2e0
[   36.294530]  ? process_preds+0x191f/0x19d0
[   36.298760]  kasan_end_report+0x47/0x4f
[   36.302715]  kasan_report.cold.7+0x76/0x2fe
[   36.307017]  __asan_report_store4_noabort+0x17/0x20
[   36.312014]  process_preds+0x191f/0x19d0
[   36.316058]  ? parse_pred+0x28e0/0x28e0
[   36.320014]  ? create_filter_start.constprop.12+0x55/0x2b0
[   36.325647]  create_filter+0x155/0x270
[   36.329516]  ? process_preds+0x19d0/0x19d0
[   36.333746]  ftrace_profile_set_filter+0x130/0x2e0
[   36.338668]  ? ftrace_profile_free_filter+0x70/0x70
[   36.343668]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   36.349188]  ? memdup_user+0x6b/0xa0
[   36.352887]  perf_event_set_filter+0x248/0x1230
[   36.357539]  ? kasan_check_write+0x14/0x20
[   36.361755]  ? mutex_trylock+0x2a0/0x2a0
[   36.365809]  ? perf_pmu_unregister+0x530/0x530
[   36.370370]  ? lockdep_init_map+0x9/0x10
[   36.374408]  ? debug_mutex_init+0x2d/0x60
[   36.378530]  ? perf_trace_lock+0xd6/0x900
[   36.382656]  ? perf_trace_lock+0xd6/0x900
[   36.386870]  ? zap_class+0x720/0x720
[   36.390584]  ? graph_lock+0x170/0x170
[   36.394366]  ? lock_downgrade+0x8e0/0x8e0
[   36.398498]  ? rcu_is_watching+0x85/0x140
[   36.402623]  ? __lock_is_held+0xb5/0x140
[   36.406675]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   36.411843]  _perf_ioctl+0x84c/0x15e0
[   36.415622]  ? __do_sys_perf_event_open+0x2fa0/0x2fa0
[   36.420792]  ? lock_downgrade+0x8e0/0x8e0
[   36.424919]  ? get_unused_fd_flags+0x190/0x190
[   36.429478]  ? rcu_is_watching+0x85/0x140
[   36.433604]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   36.438776]  ? mark_held_locks+0xc9/0x160
[   36.442907]  ? mutex_lock_nested+0x16/0x20
[   36.447124]  ? mutex_lock_nested+0x16/0x20
[   36.451338]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   36.456507]  ? perf_event_read_event+0x430/0x430
[   36.461238]  ? __do_sys_perf_event_open+0x7b4/0x2fa0
[   36.466322]  perf_ioctl+0x59/0x80
[   36.469755]  ? _perf_ioctl+0x15e0/0x15e0
[   36.473793]  do_vfs_ioctl+0x1cf/0x16a0
[   36.477660]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   36.483175]  ? ioctl_preallocate+0x2e0/0x2e0
[   36.487562]  ? fget_raw+0x20/0x20
[   36.490995]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.496509]  ? __do_page_fault+0x441/0xe40
[   36.500725]  ? security_file_ioctl+0x94/0xc0
[   36.505109]  ksys_ioctl+0xa9/0xd0
[   36.508541]  __x64_sys_ioctl+0x73/0xb0
[   36.512406]  do_syscall_64+0x1b1/0x800
[   36.516269]  ? syscall_return_slowpath+0x5c0/0x5c0
[   36.521174]  ? syscall_return_slowpath+0x30f/0x5c0
[   36.526086]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   36.531430]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.536254]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.541420] RIP: 0033:0x43fdb9
[   36.544589] RSP: 002b:00007ffd3d489408 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   36.552277] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   36.559523] RDX: 00000000200000c0 RSI: 0000000040082406 RDI: 0000000000000003
[   36.566772] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   36.574020] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   36.581268] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   36.588892] Dumping ftrace buffer:
[   36.592412]    (ftrace buffer empty)
[   36.596106] Kernel Offset: disabled
[   36.599721] Rebooting in 86400 seconds..