[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.392919] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 25.714967] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.031812] random: sshd: uninitialized urandom read (32 bytes read) [ 26.648191] random: sshd: uninitialized urandom read (32 bytes read) [ 26.862950] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. [ 32.407477] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 32.531564] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 32.618346] ================================================================== [ 32.625850] BUG: KASAN: slab-out-of-bounds in tls_write_space+0x29d/0x2d0 [ 32.632805] Read of size 8 at addr ffff8801bc3c9ff0 by task ksoftirqd/1/18 [ 32.639803] [ 32.641419] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.0-rc4+ #227 [ 32.648343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.657685] Call Trace: [ 32.660268] dump_stack+0x1c4/0x2b4 [ 32.663889] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.669071] ? printk+0xa7/0xcf [ 32.672341] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 32.677093] print_address_description.cold.8+0x9/0x1ff [ 32.682510] kasan_report.cold.9+0x242/0x309 [ 32.686910] ? tls_write_space+0x29d/0x2d0 [ 32.691153] __asan_report_load8_noabort+0x14/0x20 [ 32.696076] tls_write_space+0x29d/0x2d0 [ 32.700130] ? tcp_sndbuf_expand+0x250/0x2c0 [ 32.704556] tcp_check_space+0x53f/0x920 [ 32.708634] ? tcp_prune_ofo_queue.part.52+0x8e0/0x8e0 [ 32.713917] ? tcp_xmit_recovery.part.65+0x130/0x130 [ 32.719029] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 32.724578] tcp_rcv_established+0xde8/0x2120 [ 32.729080] ? tcp_data_queue+0x4790/0x4790 [ 32.733747] ? graph_lock+0x170/0x170 [ 32.737551] ? tcp_v6_rcv+0x2d01/0x38a0 [ 32.741521] ? lock_release+0x970/0x970 [ 32.745493] tcp_v6_do_rcv+0x4b3/0x13c0 [ 32.749466] tcp_v6_rcv+0x2f7a/0x38a0 [ 32.753275] ? __sanitizer_cov_trace_cmp8+0x8/0x20 [ 32.758206] ? tcp_v6_reqsk_send_ack+0x380/0x380 [ 32.762964] ? __lock_is_held+0xb5/0x140 [ 32.767031] ip6_input_finish+0x3fc/0x1aa0 [ 32.771280] ? ip6_sublist_rcv+0xfb0/0xfb0 [ 32.775508] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 32.780516] ? nf_hook_slow+0x11e/0x1c0 [ 32.784478] ip6_input+0xe9/0x600 [ 32.788020] ? ip6_input_finish+0x1aa0/0x1aa0 [ 32.792504] ? ip6_sublist_rcv+0xfb0/0xfb0 [ 32.796731] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 32.802526] ? kasan_check_read+0x11/0x20 [ 32.806676] ? rcu_bh_qs+0xc0/0xc0 [ 32.810217] ip6_rcv_finish+0x17a/0x330 [ 32.814191] ipv6_rcv+0x113/0x640 [ 32.817641] ? ip6_rcv_core.isra.16+0x1e10/0x1e10 [ 32.822478] ? ip6_rcv_finish_core.isra.13+0x720/0x720 [ 32.827745] ? lock_acquire+0x1ed/0x520 [ 32.831703] ? process_backlog+0x1a6/0x760 [ 32.835950] __netif_receive_skb_one_core+0x14d/0x200 [ 32.841128] ? __netif_receive_skb_core+0x3b60/0x3b60 [ 32.846305] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 32.851568] ? rcu_bh_qs+0xc0/0xc0 [ 32.855101] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 32.860561] __netif_receive_skb+0x2c/0x1e0 [ 32.864866] process_backlog+0x217/0x760 [ 32.868913] net_rx_action+0x7c5/0x1950 [ 32.872880] ? napi_complete_done+0x6d0/0x6d0 [ 32.877402] ? reweight_task+0x130/0x130 [ 32.881467] ? pick_next_task_fair+0x98e/0x17c0 [ 32.886135] ? finish_task_switch+0x1f5/0x900 [ 32.890621] ? _raw_spin_unlock_irq+0x27/0x80 [ 32.895105] ? _raw_spin_unlock_irq+0x27/0x80 [ 32.899586] ? lockdep_hardirqs_on+0x421/0x5c0 [ 32.904153] ? trace_hardirqs_on+0xbd/0x310 [ 32.908459] ? kasan_check_read+0x11/0x20 [ 32.912595] ? finish_task_switch+0x1f5/0x900 [ 32.917081] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 32.922518] ? compat_start_thread+0x80/0x80 [ 32.926916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.932441] ? kasan_check_write+0x14/0x20 [ 32.936665] ? finish_task_switch+0x2f5/0x900 [ 32.941147] ? __switch_to_asm+0x40/0x70 [ 32.945194] ? preempt_notifier_register+0x200/0x200 [ 32.950283] ? __switch_to_asm+0x34/0x70 [ 32.954327] ? __switch_to_asm+0x34/0x70 [ 32.958394] ? __switch_to_asm+0x40/0x70 [ 32.962439] ? __switch_to_asm+0x34/0x70 [ 32.966485] ? __switch_to_asm+0x40/0x70 [ 32.970526] ? __switch_to_asm+0x34/0x70 [ 32.974567] ? __switch_to_asm+0x40/0x70 [ 32.978613] ? __switch_to_asm+0x34/0x70 [ 32.982664] ? pvclock_read_flags+0x160/0x160 [ 32.987144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.992668] ? check_preemption_disabled+0x48/0x200 [ 32.997683] ? check_preemption_disabled+0x48/0x200 [ 33.002710] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 33.008233] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 33.013494] ? rcu_pm_notify+0xc0/0xc0 [ 33.017395] __do_softirq+0x30b/0xad8 [ 33.021191] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 33.026294] ? schedule+0x108/0x460 [ 33.029907] ? __schedule+0x1ed0/0x1ed0 [ 33.033870] ? trace_hardirqs_off+0xb8/0x310 [ 33.038262] ? ___might_sleep+0x1ed/0x300 [ 33.042397] ? smpboot_thread_fn+0x68b/0xa00 [ 33.046791] ? trace_hardirqs_on+0x310/0x310 [ 33.051184] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.056730] ? check_preemption_disabled+0x48/0x200 [ 33.061751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.067283] ? takeover_tasklets+0xa90/0xa90 [ 33.071678] run_ksoftirqd+0x94/0x100 [ 33.075477] smpboot_thread_fn+0x68b/0xa00 [ 33.079699] ? sort_range+0x30/0x30 [ 33.083328] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.088419] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.093948] ? __kthread_parkme+0xfb/0x1a0 [ 33.098169] kthread+0x35a/0x420 [ 33.101516] ? sort_range+0x30/0x30 [ 33.105162] ? kthread_bind+0x40/0x40 [ 33.108953] ret_from_fork+0x3a/0x50 [ 33.112650] [ 33.114254] Allocated by task 3559: [ 33.117862] save_stack+0x43/0xd0 [ 33.121308] kasan_kmalloc+0xc7/0xe0 [ 33.125006] kmem_cache_alloc_trace+0x152/0x750 [ 33.129657] kernfs_fop_open+0x358/0xf90 [ 33.133713] do_dentry_open+0x499/0x1250 [ 33.137756] vfs_open+0xa0/0xd0 [ 33.141017] path_openat+0x12bf/0x5160 [ 33.144881] do_filp_open+0x255/0x380 [ 33.148661] do_sys_open+0x568/0x700 [ 33.152353] __x64_sys_open+0x7e/0xc0 [ 33.156177] do_syscall_64+0x1b9/0x820 [ 33.160056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.165221] [ 33.166826] Freed by task 3559: [ 33.170101] save_stack+0x43/0xd0 [ 33.173535] __kasan_slab_free+0x102/0x150 [ 33.177748] kasan_slab_free+0xe/0x10 [ 33.181529] kfree+0xcf/0x230 [ 33.184622] kernfs_fop_release+0x12b/0x1a0 [ 33.188922] __fput+0x385/0xa30 [ 33.192183] ____fput+0x15/0x20 [ 33.195441] task_work_run+0x1e8/0x2a0 [ 33.199312] exit_to_usermode_loop+0x318/0x380 [ 33.203872] do_syscall_64+0x6be/0x820 [ 33.207757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.213269] [ 33.214876] The buggy address belongs to the object at ffff8801bc3c9c80 [ 33.214876] which belongs to the cache kmalloc-512 of size 512 [ 33.227512] The buggy address is located 368 bytes to the right of [ 33.227512] 512-byte region [ffff8801bc3c9c80, ffff8801bc3c9e80) [ 33.239899] The buggy address belongs to the page: [ 33.244809] page:ffffea0006f0f240 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0 [ 33.252955] flags: 0x2fffc0000000100(slab) [ 33.257173] raw: 02fffc0000000100 ffffea0006ee1408 ffffea0007619c08 ffff8801da800940 [ 33.265036] raw: 0000000000000000 ffff8801bc3c9000 0000000100000006 0000000000000000 [ 33.272894] page dumped because: kasan: bad access detected [ 33.278580] [ 33.280186] Memory state around the buggy address: [ 33.285092] ffff8801bc3c9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.292429] ffff8801bc3c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.299769] >ffff8801bc3c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.307105] ^ [ 33.314096] ffff8801bc3ca000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.321438] ffff8801bc3ca080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.328775] ================================================================== [ 33.336109] Disabling lock debugging due to kernel taint [ 33.341600] Kernel panic - not syncing: panic_on_warn set ... [ 33.341600] [ 33.348978] CPU: 1 PID: 18 Comm: ksoftirqd/1 Tainted: G B 4.19.0-rc4+ #227 [ 33.357282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.366626] Call Trace: [ 33.369216] dump_stack+0x1c4/0x2b4 [ 33.372842] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.378029] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 33.382787] panic+0x238/0x4e7 [ 33.385976] ? add_taint.cold.5+0x16/0x16 [ 33.390122] ? trace_hardirqs_on+0x9a/0x310 [ 33.394443] ? trace_hardirqs_on+0xb4/0x310 [ 33.398765] ? trace_hardirqs_on+0xb4/0x310 [ 33.403087] kasan_end_report+0x47/0x4f [ 33.407060] kasan_report.cold.9+0x76/0x309 [ 33.411380] ? tls_write_space+0x29d/0x2d0 [ 33.415624] __asan_report_load8_noabort+0x14/0x20 [ 33.420551] tls_write_space+0x29d/0x2d0 [ 33.424609] ? tcp_sndbuf_expand+0x250/0x2c0 [ 33.429019] tcp_check_space+0x53f/0x920 [ 33.433079] ? tcp_prune_ofo_queue.part.52+0x8e0/0x8e0 [ 33.438354] ? tcp_xmit_recovery.part.65+0x130/0x130 [ 33.443465] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.449002] tcp_rcv_established+0xde8/0x2120 [ 33.453500] ? tcp_data_queue+0x4790/0x4790 [ 33.457823] ? graph_lock+0x170/0x170 [ 33.461620] ? tcp_v6_rcv+0x2d01/0x38a0 [ 33.465597] ? lock_release+0x970/0x970 [ 33.469577] tcp_v6_do_rcv+0x4b3/0x13c0 [ 33.473553] tcp_v6_rcv+0x2f7a/0x38a0 [ 33.477353] ? __sanitizer_cov_trace_cmp8+0x8/0x20 [ 33.482301] ? tcp_v6_reqsk_send_ack+0x380/0x380 [ 33.487061] ? __lock_is_held+0xb5/0x140 [ 33.491127] ip6_input_finish+0x3fc/0x1aa0 [ 33.495367] ? ip6_sublist_rcv+0xfb0/0xfb0 [ 33.499609] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 33.504627] ? nf_hook_slow+0x11e/0x1c0 [ 33.508609] ip6_input+0xe9/0x600 [ 33.512061] ? ip6_input_finish+0x1aa0/0x1aa0 [ 33.516554] ? ip6_sublist_rcv+0xfb0/0xfb0 [ 33.520787] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 33.526586] ? kasan_check_read+0x11/0x20 [ 33.530737] ? rcu_bh_qs+0xc0/0xc0 [ 33.534281] ip6_rcv_finish+0x17a/0x330 [ 33.538256] ipv6_rcv+0x113/0x640 [ 33.541711] ? ip6_rcv_core.isra.16+0x1e10/0x1e10 [ 33.546556] ? ip6_rcv_finish_core.isra.13+0x720/0x720 [ 33.551834] ? lock_acquire+0x1ed/0x520 [ 33.555807] ? process_backlog+0x1a6/0x760 [ 33.560041] __netif_receive_skb_one_core+0x14d/0x200 [ 33.565229] ? __netif_receive_skb_core+0x3b60/0x3b60 [ 33.570423] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 33.575698] ? rcu_bh_qs+0xc0/0xc0 [ 33.579234] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 33.584681] __netif_receive_skb+0x2c/0x1e0 [ 33.589003] process_backlog+0x217/0x760 [ 33.593063] net_rx_action+0x7c5/0x1950 [ 33.597042] ? napi_complete_done+0x6d0/0x6d0 [ 33.601532] ? reweight_task+0x130/0x130 [ 33.605853] ? pick_next_task_fair+0x98e/0x17c0 [ 33.610544] ? finish_task_switch+0x1f5/0x900 [ 33.615049] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.619544] ? _raw_spin_unlock_irq+0x27/0x80 [ 33.624040] ? lockdep_hardirqs_on+0x421/0x5c0 [ 33.628620] ? trace_hardirqs_on+0xbd/0x310 [ 33.632939] ? kasan_check_read+0x11/0x20 [ 33.637093] ? finish_task_switch+0x1f5/0x900 [ 33.641587] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 33.647049] ? compat_start_thread+0x80/0x80 [ 33.651457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.656996] ? kasan_check_write+0x14/0x20 [ 33.661231] ? finish_task_switch+0x2f5/0x900 [ 33.665730] ? __switch_to_asm+0x40/0x70 [ 33.669792] ? preempt_notifier_register+0x200/0x200 [ 33.674888] ? __switch_to_asm+0x34/0x70 [ 33.678947] ? __switch_to_asm+0x34/0x70 [ 33.683003] ? __switch_to_asm+0x40/0x70 [ 33.687058] ? __switch_to_asm+0x34/0x70 [ 33.691116] ? __switch_to_asm+0x40/0x70 [ 33.695171] ? __switch_to_asm+0x34/0x70 [ 33.699229] ? __switch_to_asm+0x40/0x70 [ 33.703285] ? __switch_to_asm+0x34/0x70 [ 33.707347] ? pvclock_read_flags+0x160/0x160 [ 33.711856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.717399] ? check_preemption_disabled+0x48/0x200 [ 33.722420] ? check_preemption_disabled+0x48/0x200 [ 33.727441] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 33.732977] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 33.738752] ? rcu_pm_notify+0xc0/0xc0 [ 33.742647] __do_softirq+0x30b/0xad8 [ 33.746452] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 33.751557] ? schedule+0x108/0x460 [ 33.755184] ? __schedule+0x1ed0/0x1ed0 [ 33.759162] ? trace_hardirqs_off+0xb8/0x310 [ 33.763568] ? ___might_sleep+0x1ed/0x300 [ 33.767715] ? smpboot_thread_fn+0x68b/0xa00 [ 33.772123] ? trace_hardirqs_on+0x310/0x310 [ 33.776532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.782067] ? check_preemption_disabled+0x48/0x200 [ 33.787079] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.792613] ? takeover_tasklets+0xa90/0xa90 [ 33.797018] run_ksoftirqd+0x94/0x100 [ 33.800815] smpboot_thread_fn+0x68b/0xa00 [ 33.805047] ? sort_range+0x30/0x30 [ 33.808674] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 33.813776] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.819311] ? __kthread_parkme+0xfb/0x1a0 [ 33.823543] kthread+0x35a/0x420 [ 33.826902] ? sort_range+0x30/0x30 [ 33.830534] ? kthread_bind+0x40/0x40 [ 33.834333] ret_from_fork+0x3a/0x50 [ 33.838968] Kernel Offset: disabled [ 33.842592] Rebooting in 86400 seconds..