[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.731095] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.641828] random: sshd: uninitialized urandom read (32 bytes read)
[   24.075840] random: sshd: uninitialized urandom read (32 bytes read)
[   24.913721] random: sshd: uninitialized urandom read (32 bytes read)
[   25.077474] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
[   30.617678] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/16 10:02:47 parsed 1 programs
[   31.973353] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/16 10:02:49 executed programs: 0
[   32.915528] IPVS: ftp: loaded support on port[0] = 21
[   33.098593] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.105112] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.112479] device bridge_slave_0 entered promiscuous mode
[   33.130208] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.136594] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.143615] device bridge_slave_1 entered promiscuous mode
[   33.158579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   33.173972] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   33.212628] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   33.230221] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   33.288970] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   33.296350] team0: Port device team_slave_0 added
[   33.310924] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   33.318036] team0: Port device team_slave_1 added
[   33.332723] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   33.348754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   33.364315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   33.380800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   33.486536] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.493053] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.499927] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.506309] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.880149] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.886270] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.925299] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.965500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.972858] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   34.006996] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   34.013113] 8021q: adding VLAN 0 to HW filter on device team0
[   34.048497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   34.274535] ==================================================================
[   34.282031] BUG: KASAN: slab-out-of-bounds in process_preds+0x3ecf/0x4160
[   34.288938] Write of size 4 at addr ffff8801d7ebdaf0 by task syz-executor0/4828
[   34.296356] 
[   34.297965] CPU: 0 PID: 4828 Comm: syz-executor0 Not tainted 4.17.0+ #8
[   34.304691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.314022] Call Trace:
[   34.316597]  dump_stack+0x1c9/0x2b4
[   34.320347]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.325524]  ? printk+0xa7/0xcf
[   34.328797]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   34.333536]  ? process_preds+0x3ecf/0x4160
[   34.337761]  print_address_description+0x6c/0x20b
[   34.342599]  ? process_preds+0x3ecf/0x4160
[   34.346815]  kasan_report.cold.7+0x242/0x2fe
[   34.351215]  __asan_report_store4_noabort+0x17/0x20
[   34.356210]  process_preds+0x3ecf/0x4160
[   34.360259]  ? filter_parse_regex+0x2b0/0x2b0
[   34.364739]  ? create_filter_start.constprop.14+0xfb/0x2b0
[   34.370343]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.375343]  ? kmem_cache_alloc_trace+0x616/0x780
[   34.380178]  ? create_filter_start.constprop.14+0x55/0x2b0
[   34.385782]  create_filter+0x167/0x280
[   34.389649]  ? process_preds+0x4160/0x4160
[   34.393871]  ftrace_profile_set_filter+0x135/0x2f0
[   34.398791]  ? ftrace_profile_free_filter+0x70/0x70
[   34.403801]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.409319]  ? memdup_user+0x6b/0xa0
[   34.413013]  perf_event_set_filter+0x251/0x1260
[   34.417684]  ? mutex_trylock+0x2b0/0x2b0
[   34.421726]  ? perf_pmu_unregister+0x540/0x540
[   34.426287]  ? exit_robust_list+0x290/0x290
[   34.430599]  ? kasan_check_read+0x11/0x20
[   34.434742]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.439128]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.443691]  ? add_mm_counter_fast+0xd0/0xd0
[   34.448099]  ? kasan_check_write+0x14/0x20
[   34.452315]  ? graph_lock+0x170/0x170
[   34.456102]  ? _raw_spin_unlock+0x22/0x30
[   34.460233]  ? __handle_mm_fault+0x94b/0x4460
[   34.464724]  _perf_ioctl+0x865/0x1600
[   34.468518]  ? __do_sys_perf_event_open+0x30f0/0x30f0
[   34.473690]  ? lock_downgrade+0x8f0/0x8f0
[   34.477820]  ? kasan_check_read+0x11/0x20
[   34.481957]  ? rcu_is_watching+0x8c/0x150
[   34.486092]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[   34.490491]  ? mutex_lock_nested+0x16/0x20
[   34.494728]  ? mutex_lock_nested+0x16/0x20
[   34.498958]  ? perf_event_ctx_lock_nested+0x415/0x500
[   34.504139]  ? __sanitizer_cov_trace_cmp8+0x1/0x20
[   34.509048]  ? perf_event_read_event+0x450/0x450
[   34.513785]  ? __handle_mm_fault+0x4460/0x4460
[   34.518347]  ? __ia32_compat_sys_futex+0x3e6/0x5f0
[   34.523259]  perf_ioctl+0x59/0x80
[   34.526691]  perf_compat_ioctl+0x6a/0xb0
[   34.530731]  ? perf_ioctl+0x80/0x80
[   34.534340]  __ia32_compat_sys_ioctl+0x221/0x640
[   34.539093]  do_fast_syscall_32+0x34d/0xfb2
[   34.543394]  ? do_int80_syscall_32+0x890/0x890
[   34.547952]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.552698]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.558224]  ? syscall_return_slowpath+0x31d/0x5e0
[   34.563139]  ? sysret32_from_system_call+0x5/0x46
[   34.567963]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.572789]  entry_SYSENTER_compat+0x70/0x7f
[   34.577176] RIP: 0023:0xf7f4ecb9
[   34.580513] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   34.599698] RSP: 002b:00000000ffcd7f2c EFLAGS: 00000286 ORIG_RAX: 0000000000000036
[   34.607538] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040082406
[   34.614788] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
[   34.622045] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   34.629294] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   34.636541] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.643797] 
[   34.645404] Allocated by task 1:
[   34.648791]  save_stack+0x43/0xd0
[   34.652224]  kasan_kmalloc+0xc4/0xe0
[   34.655925]  __kmalloc+0x14e/0x760
[   34.659444]  kobj_map+0x7c/0x430
[   34.662788]  cdev_add+0x91/0x100
[   34.666134]  __register_chrdev+0x14d/0x290
[   34.670358]  fbmem_init+0x5b/0x128
[   34.673877]  do_one_initcall+0x127/0x913
[   34.677930]  kernel_init_freeable+0x49b/0x58e
[   34.682418]  kernel_init+0x11/0x1b3
[   34.686027]  ret_from_fork+0x3a/0x50
[   34.689712] 
[   34.691316] Freed by task 0:
[   34.694309] (stack is not available)
[   34.697994] 
[   34.699601] The buggy address belongs to the object at ffff8801d7ebda80
[   34.699601]  which belongs to the cache kmalloc-64 of size 64
[   34.712065] The buggy address is located 48 bytes to the right of
[   34.712065]  64-byte region [ffff8801d7ebda80, ffff8801d7ebdac0)
[   34.724262] The buggy address belongs to the page:
[   34.729168] page:ffffea00075faf40 count:1 mapcount:0 mapping:ffff8801da800340 index:0x0
[   34.737298] flags: 0x2fffc0000000100(slab)
[   34.741526] raw: 02fffc0000000100 ffffea00075f1b88 ffffea000759dd48 ffff8801da800340
[   34.749396] raw: 0000000000000000 ffff8801d7ebd000 0000000100000020 0000000000000000
[   34.757252] page dumped because: kasan: bad access detected
[   34.762934] 
[   34.764535] Memory state around the buggy address:
[   34.769441]  ffff8801d7ebd980: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   34.776778]  ffff8801d7ebda00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   34.784127] >ffff8801d7ebda80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   34.791482]                                                              ^
[   34.798472]  ffff8801d7ebdb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   34.805808]  ffff8801d7ebdb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   34.813154] ==================================================================
[   34.820489] Disabling lock debugging due to kernel taint
[   34.826233] Kernel panic - not syncing: panic_on_warn set ...
[   34.826233] 
[   34.833590] CPU: 0 PID: 4828 Comm: syz-executor0 Tainted: G    B             4.17.0+ #8
[   34.841707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.851033] Call Trace:
[   34.853619]  dump_stack+0x1c9/0x2b4
[   34.857243]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.862419]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.867154]  panic+0x238/0x4e7
[   34.870323]  ? add_taint.cold.5+0x16/0x16
[   34.874460]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.878850]  ? process_preds+0x3ecf/0x4160
[   34.883077]  kasan_end_report+0x47/0x4f
[   34.887039]  kasan_report.cold.7+0x76/0x2fe
[   34.891348]  __asan_report_store4_noabort+0x17/0x20
[   34.896344]  process_preds+0x3ecf/0x4160
[   34.900389]  ? filter_parse_regex+0x2b0/0x2b0
[   34.904876]  ? create_filter_start.constprop.14+0xfb/0x2b0
[   34.910476]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.915470]  ? kmem_cache_alloc_trace+0x616/0x780
[   34.920292]  ? create_filter_start.constprop.14+0x55/0x2b0
[   34.925892]  create_filter+0x167/0x280
[   34.929756]  ? process_preds+0x4160/0x4160
[   34.933970]  ftrace_profile_set_filter+0x135/0x2f0
[   34.938886]  ? ftrace_profile_free_filter+0x70/0x70
[   34.943881]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.949396]  ? memdup_user+0x6b/0xa0
[   34.953089]  perf_event_set_filter+0x251/0x1260
[   34.957738]  ? mutex_trylock+0x2b0/0x2b0
[   34.961775]  ? perf_pmu_unregister+0x540/0x540
[   34.966333]  ? exit_robust_list+0x290/0x290
[   34.970634]  ? kasan_check_read+0x11/0x20
[   34.974757]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.979142]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.983704]  ? add_mm_counter_fast+0xd0/0xd0
[   34.988099]  ? kasan_check_write+0x14/0x20
[   34.992322]  ? graph_lock+0x170/0x170
[   34.996101]  ? _raw_spin_unlock+0x22/0x30
[   35.000227]  ? __handle_mm_fault+0x94b/0x4460
[   35.004713]  _perf_ioctl+0x865/0x1600
[   35.008491]  ? __do_sys_perf_event_open+0x30f0/0x30f0
[   35.013659]  ? lock_downgrade+0x8f0/0x8f0
[   35.017794]  ? kasan_check_read+0x11/0x20
[   35.021923]  ? rcu_is_watching+0x8c/0x150
[   35.026047]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[   35.030435]  ? mutex_lock_nested+0x16/0x20
[   35.034645]  ? mutex_lock_nested+0x16/0x20
[   35.038853]  ? perf_event_ctx_lock_nested+0x415/0x500
[   35.044033]  ? __sanitizer_cov_trace_cmp8+0x1/0x20
[   35.048942]  ? perf_event_read_event+0x450/0x450
[   35.053689]  ? __handle_mm_fault+0x4460/0x4460
[   35.058258]  ? __ia32_compat_sys_futex+0x3e6/0x5f0
[   35.063172]  perf_ioctl+0x59/0x80
[   35.066604]  perf_compat_ioctl+0x6a/0xb0
[   35.070645]  ? perf_ioctl+0x80/0x80
[   35.074250]  __ia32_compat_sys_ioctl+0x221/0x640
[   35.078986]  do_fast_syscall_32+0x34d/0xfb2
[   35.083289]  ? do_int80_syscall_32+0x890/0x890
[   35.087860]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   35.092606]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.098130]  ? syscall_return_slowpath+0x31d/0x5e0
[   35.103037]  ? sysret32_from_system_call+0x5/0x46
[   35.107858]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.112680]  entry_SYSENTER_compat+0x70/0x7f
[   35.117065] RIP: 0023:0xf7f4ecb9
[   35.120403] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   35.139603] RSP: 002b:00000000ffcd7f2c EFLAGS: 00000286 ORIG_RAX: 0000000000000036
[   35.147298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040082406
[   35.154547] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
[   35.161810] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   35.169064] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   35.176309] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   35.183921] Dumping ftrace buffer:
[   35.187435]    (ftrace buffer empty)
[   35.191131] Kernel Offset: disabled
[   35.194736] Rebooting in 86400 seconds..