[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.469336] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 17.359640] random: sshd: uninitialized urandom read (32 bytes read) [ 17.621956] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.311361] random: sshd: uninitialized urandom read (32 bytes read) [ 18.448794] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. [ 23.866529] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 23.958797] FAULT_INJECTION: forcing a failure. [ 23.958797] name failslab, interval 1, probability 0, space 0, times 1 [ 23.970048] CPU: 0 PID: 4467 Comm: syz-executor985 Not tainted 4.18.0-rc3-next-20180706+ #1 [ 23.978550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.989189] Call Trace: [ 23.991768] dump_stack+0x1c9/0x2b4 [ 23.995382] ? dump_stack_print_info.cold.2+0x52/0x52 [ 24.000564] should_fail.cold.4+0xa/0x11 [ 24.004611] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 24.009698] ? mm_fault_error+0x380/0x380 [ 24.013830] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 24.019358] ? tcp_push+0x8c0/0x8c0 [ 24.022987] ? do_page_fault+0xf6/0x8c0 [ 24.026965] ? vmalloc_sync_all+0x30/0x30 [ 24.031118] ? sk_busy_loop_end+0x1c0/0x1c0 [ 24.035422] ? trace_hardirqs_on+0x10/0x10 [ 24.039639] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 24.045158] ? alloc_pages_current+0x114/0x210 [ 24.049725] ? lock_acquire+0x1e4/0x540 [ 24.053688] ? fs_reclaim_acquire+0x20/0x20 [ 24.058004] ? lock_downgrade+0x8f0/0x8f0 [ 24.062139] ? lock_acquire+0x1e4/0x540 [ 24.066094] ? check_same_owner+0x340/0x340 [ 24.070400] ? check_same_owner+0x340/0x340 [ 24.074898] ? rcu_note_context_switch+0x730/0x730 [ 24.079824] __should_failslab+0x124/0x180 [ 24.084056] should_failslab+0x9/0x14 [ 24.087858] __kmalloc+0x2c8/0x760 [ 24.091380] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 24.096379] ? _copy_from_iter+0x39d/0x1090 [ 24.100683] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 24.105696] ? tls_push_record+0x10d/0x1400 [ 24.109999] ? __check_object_size+0x9d/0x5f2 [ 24.114485] tls_push_record+0x10d/0x1400 [ 24.118617] ? _copy_from_iter_nocache+0x1050/0x1050 [ 24.123701] ? __local_bh_enable_ip+0x161/0x230 [ 24.128438] tls_sw_sendmsg+0x9e6/0x12c0 [ 24.132481] ? lock_release+0xa30/0xa30 [ 24.136437] ? tls_sw_push_pending_record+0x30/0x30 [ 24.141443] ? lock_downgrade+0x8f0/0x8f0 [ 24.145573] ? __sanitizer_cov_trace_cmp8+0x7/0x20 [ 24.150491] ? lock_release+0xa30/0xa30 [ 24.154449] ? __check_object_size+0x9d/0x5f2 [ 24.158927] inet_sendmsg+0x1a1/0x690 [ 24.162712] ? ipip_gro_receive+0x100/0x100 [ 24.167042] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 24.172561] ? security_socket_sendmsg+0x94/0xc0 [ 24.177293] ? ipip_gro_receive+0x100/0x100 [ 24.181603] sock_sendmsg+0xd5/0x120 [ 24.185323] __sys_sendto+0x3d7/0x670 [ 24.189124] ? __ia32_sys_getpeername+0xb0/0xb0 [ 24.193949] ? vfs_write+0x2f3/0x560 [ 24.197821] ? lock_downgrade+0x8f0/0x8f0 [ 24.201949] ? lock_release+0xa30/0xa30 [ 24.205914] ? fsnotify_first_mark+0x350/0x350 [ 24.210483] ? __fsnotify_parent+0xcc/0x420 [ 24.214787] ? fsnotify+0x14e0/0x14e0 [ 24.218573] ? __sb_end_write+0xac/0xe0 [ 24.222528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.228062] ? ksys_write+0x1ae/0x260 [ 24.231848] ? __ia32_sys_read+0xb0/0xb0 [ 24.235890] ? syscall_slow_exit_work+0x500/0x500 [ 24.240715] __x64_sys_sendto+0xe1/0x1a0 [ 24.244758] do_syscall_64+0x1b9/0x820 [ 24.248626] ? syscall_return_slowpath+0x5e0/0x5e0 [ 24.253536] ? syscall_return_slowpath+0x31d/0x5e0 [ 24.258454] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 24.263458] ? prepare_exit_to_usermode+0x291/0x3b0 [ 24.268454] ? perf_trace_sys_enter+0xb10/0xb10 [ 24.273108] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.277937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 24.283105] RIP: 0033:0x440699 [ 24.286277] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 24.305407] RSP: 002b:00007ffd4c241478 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 24.313103] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440699 [ 24.320355] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000004 [ 24.327614] RBP: 00000000006cb018 R08: 0000000020000000 R09: 000000000000001c [ 24.334951] R10: 0000000000000040 R11: 0000000000000216 R12: 0000000000000005 [ 24.342293] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 24.350541] ================================================================== [ 24.357927] BUG: KASAN: out-of-bounds in tls_push_record+0x1091/0x1400 [ 24.364596] Write of size 1 at addr ffff8801c07b8000 by task syz-executor985/4467 [ 24.372195] [ 24.373806] CPU: 0 PID: 4467 Comm: syz-executor985 Not tainted 4.18.0-rc3-next-20180706+ #1 [ 24.382285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.391625] Call Trace: [ 24.394223] dump_stack+0x1c9/0x2b4 [ 24.397850] ? dump_stack_print_info.cold.2+0x52/0x52 [ 24.403045] ? printk+0xa7/0xcf [ 24.406316] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 24.411063] ? tls_push_record+0x1091/0x1400 [ 24.415458] print_address_description+0x6c/0x20b [ 24.420279] ? tls_push_record+0x1091/0x1400 [ 24.424666] kasan_report.cold.7+0x242/0x30d [ 24.429055] __asan_report_store1_noabort+0x17/0x20 [ 24.434058] tls_push_record+0x1091/0x1400 [ 24.438271] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 24.442834] ? lock_sock_nested+0x9f/0x120 [ 24.447067] tls_sw_push_pending_record+0x22/0x30 [ 24.451894] tls_sk_proto_close+0x74c/0xae0 [ 24.456196] ? lock_acquire+0x1e4/0x540 [ 24.460148] ? tcp_check_oom+0x530/0x530 [ 24.464189] ? lock_downgrade+0x8f0/0x8f0 [ 24.468316] ? tls_write_space+0x360/0x360 [ 24.472532] ? kasan_check_read+0x11/0x20 [ 24.476665] ? rcu_note_context_switch+0x730/0x730 [ 24.481583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.487100] ? ipv6_sock_ac_close+0x356/0x490 [ 24.491576] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 24.497105] ? ipv6_sock_mc_close+0x162/0x1d0 [ 24.501579] ? ip_mc_drop_socket+0x20f/0x270 [ 24.505966] ? down_write+0x8f/0x130 [ 24.509661] inet_release+0x104/0x1f0 [ 24.513440] inet6_release+0x50/0x70 [ 24.517139] __sock_release+0xd7/0x260 [ 24.521027] ? __sock_release+0x260/0x260 [ 24.525169] sock_close+0x19/0x20 [ 24.528604] __fput+0x35d/0x930 [ 24.531863] ? fput+0x1a0/0x1a0 [ 24.535133] ? check_same_owner+0x340/0x340 [ 24.539447] ? kasan_check_write+0x14/0x20 [ 24.543676] ? do_raw_spin_lock+0xc1/0x200 [ 24.547900] ____fput+0x15/0x20 [ 24.551257] task_work_run+0x1ec/0x2a0 [ 24.555125] ? task_work_cancel+0x250/0x250 [ 24.559436] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 24.564954] ? switch_task_namespaces+0xa2/0xd0 [ 24.569615] do_exit+0x1b08/0x2750 [ 24.573139] ? mm_update_next_owner+0x9a0/0x9a0 [ 24.577786] ? finish_task_switch+0x1d3/0x870 [ 24.582263] ? lock_downgrade+0x8f0/0x8f0 [ 24.586388] ? finish_task_switch+0x18a/0x870 [ 24.590866] ? kasan_check_read+0x11/0x20 [ 24.595020] ? do_raw_spin_unlock+0xa7/0x2f0 [ 24.599416] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 24.603975] ? compat_start_thread+0x80/0x80 [ 24.608380] ? kasan_check_write+0x14/0x20 [ 24.612600] ? finish_task_switch+0x2ca/0x870 [ 24.617077] ? preempt_notifier_register+0x200/0x200 [ 24.622167] ? lock_downgrade+0x8f0/0x8f0 [ 24.626301] ? lock_repin_lock+0x430/0x430 [ 24.630515] ? kasan_check_write+0x14/0x20 [ 24.634741] ? __sched_text_start+0x8/0x8 [ 24.638871] ? security_socket_sendmsg+0x94/0xc0 [ 24.643616] ? ipip_gro_receive+0x100/0x100 [ 24.647924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.653455] ? sock_sendmsg+0x5a/0x120 [ 24.657335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.662850] ? __sys_sendto+0x475/0x670 [ 24.666804] ? __ia32_sys_getpeername+0xb0/0xb0 [ 24.671454] ? vfs_write+0x2f3/0x560 [ 24.675171] ? lock_downgrade+0x8f0/0x8f0 [ 24.679303] ? lock_release+0xa30/0xa30 [ 24.683259] ? schedule+0xfb/0x450 [ 24.686785] ? fsnotify+0x14e0/0x14e0 [ 24.690565] ? __schedule+0x1ed0/0x1ed0 [ 24.694520] ? __sb_end_write+0xac/0xe0 [ 24.698477] do_group_exit+0x177/0x440 [ 24.702360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.707877] ? __ia32_sys_exit+0x50/0x50 [ 24.711921] ? syscall_slow_exit_work+0x500/0x500 [ 24.716745] __x64_sys_exit_group+0x3e/0x50 [ 24.721059] do_syscall_64+0x1b9/0x820 [ 24.724936] ? syscall_return_slowpath+0x5e0/0x5e0 [ 24.729850] ? syscall_return_slowpath+0x31d/0x5e0 [ 24.734767] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 24.739771] ? prepare_exit_to_usermode+0x291/0x3b0 [ 24.744776] ? perf_trace_sys_enter+0xb10/0xb10 [ 24.749427] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.754253] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 24.759513] RIP: 0033:0x43f358 [ 24.762678] Code: Bad RIP value. [ 24.766039] RSP: 002b:00007ffd4c2414b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.773725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f358 [ 24.780975] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 24.788232] RBP: 00000000004bf448 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 24.795498] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 24.802747] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 24.810004] [ 24.811614] The buggy address belongs to the page: [ 24.816613] page:ffffea000701ee00 count:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 24.824996] flags: 0x2fffc0000000000() [ 24.828870] raw: 02fffc0000000000 ffffea0006b7be08 ffff88021fffac18 0000000000000000 [ 24.836734] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 24.844599] page dumped because: kasan: bad access detected [ 24.850287] [ 24.851888] Memory state around the buggy address: [ 24.856802] ffff8801c07b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.864171] ffff8801c07b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.871535] >ffff8801c07b8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.878880] ^ [ 24.882499] ffff8801c07b8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.889853] ffff8801c07b8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.897204] ================================================================== [ 24.904895] Kernel panic - not syncing: panic_on_warn set ... [ 24.904895] [ 24.912271] CPU: 0 PID: 4467 Comm: syz-executor985 Tainted: G B 4.18.0-rc3-next-20180706+ #1 [ 24.922129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.931462] Call Trace: [ 24.934042] dump_stack+0x1c9/0x2b4 [ 24.937655] ? dump_stack_print_info.cold.2+0x52/0x52 [ 24.942842] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.947589] panic+0x238/0x4e7 [ 24.950769] ? add_taint.cold.5+0x16/0x16 [ 24.954912] ? do_raw_spin_unlock+0xa7/0x2f0 [ 24.959303] ? tls_push_record+0x1091/0x1400 [ 24.963693] kasan_end_report+0x47/0x4f [ 24.967647] kasan_report.cold.7+0x76/0x30d [ 24.971949] __asan_report_store1_noabort+0x17/0x20 [ 24.976960] tls_push_record+0x1091/0x1400 [ 24.981182] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 24.985746] ? lock_sock_nested+0x9f/0x120 [ 24.989968] tls_sw_push_pending_record+0x22/0x30 [ 24.994799] tls_sk_proto_close+0x74c/0xae0 [ 24.999102] ? lock_acquire+0x1e4/0x540 [ 25.003056] ? tcp_check_oom+0x530/0x530 [ 25.007095] ? lock_downgrade+0x8f0/0x8f0 [ 25.011224] ? tls_write_space+0x360/0x360 [ 25.015440] ? kasan_check_read+0x11/0x20 [ 25.019591] ? rcu_note_context_switch+0x730/0x730 [ 25.024505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 25.030032] ? ipv6_sock_ac_close+0x356/0x490 [ 25.034517] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 25.040049] ? ipv6_sock_mc_close+0x162/0x1d0 [ 25.044526] ? ip_mc_drop_socket+0x20f/0x270 [ 25.048918] ? down_write+0x8f/0x130 [ 25.052613] inet_release+0x104/0x1f0 [ 25.056405] inet6_release+0x50/0x70 [ 25.060112] __sock_release+0xd7/0x260 [ 25.063983] ? __sock_release+0x260/0x260 [ 25.068129] sock_close+0x19/0x20 [ 25.071575] __fput+0x35d/0x930 [ 25.074846] ? fput+0x1a0/0x1a0 [ 25.078111] ? check_same_owner+0x340/0x340 [ 25.082426] ? kasan_check_write+0x14/0x20 [ 25.086707] ? do_raw_spin_lock+0xc1/0x200 [ 25.090929] ____fput+0x15/0x20 [ 25.094213] task_work_run+0x1ec/0x2a0 [ 25.098084] ? task_work_cancel+0x250/0x250 [ 25.102387] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 25.107906] ? switch_task_namespaces+0xa2/0xd0 [ 25.112555] do_exit+0x1b08/0x2750 [ 25.116083] ? mm_update_next_owner+0x9a0/0x9a0 [ 25.120739] ? finish_task_switch+0x1d3/0x870 [ 25.125214] ? lock_downgrade+0x8f0/0x8f0 [ 25.129343] ? finish_task_switch+0x18a/0x870 [ 25.133825] ? kasan_check_read+0x11/0x20 [ 25.137959] ? do_raw_spin_unlock+0xa7/0x2f0 [ 25.142347] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 25.146913] ? compat_start_thread+0x80/0x80 [ 25.151307] ? kasan_check_write+0x14/0x20 [ 25.155610] ? finish_task_switch+0x2ca/0x870 [ 25.160092] ? preempt_notifier_register+0x200/0x200 [ 25.165186] ? lock_downgrade+0x8f0/0x8f0 [ 25.169314] ? lock_repin_lock+0x430/0x430 [ 25.173538] ? kasan_check_write+0x14/0x20 [ 25.177758] ? __sched_text_start+0x8/0x8 [ 25.181896] ? security_socket_sendmsg+0x94/0xc0 [ 25.186646] ? ipip_gro_receive+0x100/0x100 [ 25.190956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 25.196491] ? sock_sendmsg+0x5a/0x120 [ 25.200363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 25.205887] ? __sys_sendto+0x475/0x670 [ 25.209852] ? __ia32_sys_getpeername+0xb0/0xb0 [ 25.214513] ? vfs_write+0x2f3/0x560 [ 25.218211] ? lock_downgrade+0x8f0/0x8f0 [ 25.222339] ? lock_release+0xa30/0xa30 [ 25.226490] ? schedule+0xfb/0x450 [ 25.230013] ? fsnotify+0x14e0/0x14e0 [ 25.233804] ? __schedule+0x1ed0/0x1ed0 [ 25.237762] ? __sb_end_write+0xac/0xe0 [ 25.241732] do_group_exit+0x177/0x440 [ 25.245603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 25.251121] ? __ia32_sys_exit+0x50/0x50 [ 25.255166] ? syscall_slow_exit_work+0x500/0x500 [ 25.259994] __x64_sys_exit_group+0x3e/0x50 [ 25.264307] do_syscall_64+0x1b9/0x820 [ 25.268216] ? syscall_return_slowpath+0x5e0/0x5e0 [ 25.273124] ? syscall_return_slowpath+0x31d/0x5e0 [ 25.278042] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 25.283310] ? prepare_exit_to_usermode+0x291/0x3b0 [ 25.288306] ? perf_trace_sys_enter+0xb10/0xb10 [ 25.292966] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.297797] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 25.302971] RIP: 0033:0x43f358 [ 25.306137] Code: Bad RIP value. [ 25.309491] RSP: 002b:00007ffd4c2414b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 25.317178] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f358 [ 25.324429] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 25.331687] RBP: 00000000004bf448 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 25.338947] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 25.346197] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 25.354017] Dumping ftrace buffer: [ 25.357543] (ftrace buffer empty) [ 25.361239] Kernel Offset: disabled [ 25.364845] Rebooting in 86400 seconds..