[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.515289] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.451826] random: sshd: uninitialized urandom read (32 bytes read)
[   23.782828] random: sshd: uninitialized urandom read (32 bytes read)
[   24.621908] random: sshd: uninitialized urandom read (32 bytes read)
[   97.611959] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
[  103.021698] random: sshd: uninitialized urandom read (32 bytes read)
[  103.117774] IPVS: ftp: loaded support on port[0] = 21
[  111.869252] ==================================================================
[  111.876660] BUG: KASAN: stack-out-of-bounds in __lock_acquire+0x3829/0x5020
[  111.883755] Read of size 8 at addr ffff8801a91dc738 by task syz-executor471/4532
[  111.891450] 
[  111.893081] CPU: 0 PID: 4532 Comm: syz-executor471 Not tainted 4.18.0-rc3+ #137
[  111.900518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  111.909865] Call Trace:
[  111.912461]  dump_stack+0x1c9/0x2b4
[  111.916090]  ? dump_stack_print_info.cold.2+0x52/0x52
[  111.921275]  ? printk+0xa7/0xcf
[  111.924558]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  111.929317]  ? __lock_acquire+0x3829/0x5020
[  111.933638]  print_address_description+0x6c/0x20b
[  111.938482]  ? __lock_acquire+0x3829/0x5020
[  111.942805]  kasan_report.cold.7+0x242/0x2fe
[  111.947218]  __asan_report_load8_noabort+0x14/0x20
[  111.952156]  __lock_acquire+0x3829/0x5020
[  111.956325]  ? lock_is_held_type+0x210/0x210
[  111.960734]  ? kasan_check_write+0x14/0x20
[  111.964968]  ? do_raw_spin_lock+0xc1/0x200
[  111.969207]  ? graph_lock+0x170/0x170
[  111.973010]  ? trace_hardirqs_on+0x10/0x10
[  111.977245]  ? find_held_lock+0x36/0x1c0
[  111.981315]  ? __lock_acquire+0x7fc/0x5020
[  111.985550]  ? lock_downgrade+0x8f0/0x8f0
[  111.989705]  ? finish_task_switch+0x18a/0x870
[  111.994196]  ? print_usage_bug+0xc0/0xc0
[  111.998252]  ? print_usage_bug+0xc0/0xc0
[  112.002306]  ? trace_hardirqs_on+0x10/0x10
[  112.006535]  ? __lock_acquire+0x7fc/0x5020
[  112.010768]  ? kasan_check_write+0x14/0x20
[  112.015004]  ? finish_task_switch+0x2ca/0x870
[  112.019502]  ? __lock_acquire+0x7fc/0x5020
[  112.023735]  lock_acquire+0x1e4/0x540
[  112.027530]  ? add_wait_queue+0x92/0x2b0
[  112.031586]  ? lock_release+0xa30/0xa30
[  112.035552]  ? graph_lock+0x170/0x170
[  112.039351]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  112.044361]  ? hrtimer_active+0x2db/0x440
[  112.048518]  _raw_spin_lock_irqsave+0x96/0xc0
[  112.053013]  ? add_wait_queue+0x92/0x2b0
[  112.057068]  add_wait_queue+0x92/0x2b0
[  112.060951]  ? rcu_pm_notify+0xc0/0xc0
[  112.064839]  ? __wake_up_locked_key_bookmark+0x20/0x20
[  112.070114]  do_wait+0x1bf/0xb80
[  112.073493]  ? kasan_check_read+0x11/0x20
[  112.077649]  ? do_raw_spin_unlock+0xa7/0x2f0
[  112.082056]  ? wait_consider_task+0x39b0/0x39b0
[  112.086735]  ? find_held_lock+0x36/0x1c0
[  112.090797]  ? lock_downgrade+0x8f0/0x8f0
[  112.094944]  kernel_wait4+0x247/0x3f0
[  112.098741]  ? __ia32_sys_waitid+0x140/0x140
[  112.103147]  ? task_stopped_code+0x190/0x190
[  112.107551]  __do_sys_wait4+0x137/0x150
[  112.111517]  ? kernel_wait4+0x3f0/0x3f0
[  112.115490]  ? nsecs_to_jiffies+0x30/0x30
[  112.119644]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  112.125181]  ? __x64_sys_clock_gettime+0x170/0x250
[  112.130105]  ? __ia32_sys_clock_settime+0x290/0x290
[  112.135122]  __x64_sys_wait4+0x97/0xf0
[  112.139006]  do_syscall_64+0x1b9/0x820
[  112.142893]  ? syscall_slow_exit_work+0x500/0x500
[  112.147731]  ? syscall_return_slowpath+0x5e0/0x5e0
[  112.152654]  ? syscall_return_slowpath+0x31d/0x5e0
[  112.157584]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  112.162956]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  112.167798]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  112.172984] RIP: 0033:0x405faa
[  112.176157] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 0e cc 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d0 ff ff ff f7 
[  112.195390] RSP: 002b:00007fff2e852408 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[  112.203099] RAX: ffffffffffffffda RBX: 00000000000007b5 RCX: 0000000000405faa
[  112.210364] RDX: 0000000040000001 RSI: 00007fff2e85241c RDI: ffffffffffffffff
[  112.217633] RBP: 00000000000007b5 R08: 0000000000000001 R09: 00000000023e4880
[  112.224902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000291
[  112.232166] R13: 000000000001b4c3 R14: 0000000000000000 R15: 0000000000000000
[  112.239434] 
[  112.241054] Allocated by task 4531:
[  112.244680]  save_stack+0x43/0xd0
[  112.248130]  kasan_kmalloc+0xc4/0xe0
[  112.251839]  kasan_slab_alloc+0x12/0x20
[  112.255820]  kmem_cache_alloc+0x12e/0x760
[  112.259961]  copy_signal+0x175/0xc10
[  112.263673]  copy_process.part.39+0x2137/0x7220
[  112.268336]  _do_fork+0x291/0x12a0
[  112.271876]  __x64_sys_clone+0xbf/0x150
[  112.275847]  do_syscall_64+0x1b9/0x820
[  112.279740]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  112.284917] 
[  112.286536] Freed by task 0:
[  112.289538] (stack is not available)
[  112.293236] 
[  112.294865] The buggy address belongs to the object at ffff8801a91dc700
[  112.294865]  which belongs to the cache signal_cache of size 1296
[  112.307700] The buggy address is located 56 bytes inside of
[  112.307700]  1296-byte region [ffff8801a91dc700, ffff8801a91dcc10)
[  112.319571] The buggy address belongs to the page:
[  112.324505] page:ffffea0006a47700 count:1 mapcount:0 mapping:ffff8801da97be40 index:0x0 compound_mapcount: 0
[  112.334473] flags: 0x2fffc0000008100(slab|head)
[  112.339144] raw: 02fffc0000008100 ffffea0006b3ca88 ffffea0006b2f888 ffff8801da97be40
[  112.347026] raw: 0000000000000000 ffff8801a91dc140 0000000100000005 0000000000000000
[  112.354911] page dumped because: kasan: bad access detected
[  112.360613] 
[  112.362236] Memory state around the buggy address:
[  112.367164]  ffff8801a91dc600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  112.374517]  ffff8801a91dc680: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2
[  112.381870] >ffff8801a91dc700: 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2
[  112.389219]                                         ^
[  112.394401]  ffff8801a91dc780: f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00
[  112.401756]  ffff8801a91dc800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  112.409101] ==================================================================
[  112.416448] Disabling lock debugging due to kernel taint
[  112.421889] Kernel panic - not syncing: panic_on_warn set ...
[  112.421889] 
[  112.429251] CPU: 0 PID: 4532 Comm: syz-executor471 Tainted: G    B             4.18.0-rc3+ #137
[  112.438076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  112.447419] Call Trace:
[  112.450012]  dump_stack+0x1c9/0x2b4
[  112.453646]  ? dump_stack_print_info.cold.2+0x52/0x52
[  112.458856]  ? lock_downgrade+0x8f0/0x8f0
[  112.463009]  panic+0x238/0x4e7
[  112.466214]  ? add_taint.cold.5+0x16/0x16
[  112.470387]  ? add_taint.cold.5+0x5/0x16
[  112.474450]  ? do_raw_spin_unlock+0xa7/0x2f0
[  112.478870]  ? __lock_acquire+0x3829/0x5020
[  112.483194]  kasan_end_report+0x47/0x4f
[  112.487168]  kasan_report.cold.7+0x76/0x2fe
[  112.491490]  __asan_report_load8_noabort+0x14/0x20
[  112.496420]  __lock_acquire+0x3829/0x5020
[  112.500566]  ? lock_is_held_type+0x210/0x210
[  112.504974]  ? kasan_check_write+0x14/0x20
[  112.509219]  ? do_raw_spin_lock+0xc1/0x200
[  112.513462]  ? graph_lock+0x170/0x170
[  112.517267]  ? trace_hardirqs_on+0x10/0x10
[  112.521507]  ? find_held_lock+0x36/0x1c0
[  112.525571]  ? __lock_acquire+0x7fc/0x5020
[  112.529806]  ? lock_downgrade+0x8f0/0x8f0
[  112.533958]  ? finish_task_switch+0x18a/0x870
[  112.538452]  ? print_usage_bug+0xc0/0xc0
[  112.542515]  ? print_usage_bug+0xc0/0xc0
[  112.546578]  ? trace_hardirqs_on+0x10/0x10
[  112.550808]  ? __lock_acquire+0x7fc/0x5020
[  112.555046]  ? kasan_check_write+0x14/0x20
[  112.559280]  ? finish_task_switch+0x2ca/0x870
[  112.563776]  ? __lock_acquire+0x7fc/0x5020
[  112.568017]  lock_acquire+0x1e4/0x540
[  112.571825]  ? add_wait_queue+0x92/0x2b0
[  112.575892]  ? lock_release+0xa30/0xa30
[  112.579865]  ? graph_lock+0x170/0x170
[  112.583662]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  112.588672]  ? hrtimer_active+0x2db/0x440
[  112.592820]  _raw_spin_lock_irqsave+0x96/0xc0
[  112.597320]  ? add_wait_queue+0x92/0x2b0
[  112.601382]  add_wait_queue+0x92/0x2b0
[  112.605263]  ? rcu_pm_notify+0xc0/0xc0
[  112.609144]  ? __wake_up_locked_key_bookmark+0x20/0x20
[  112.614417]  do_wait+0x1bf/0xb80
[  112.617785]  ? kasan_check_read+0x11/0x20
[  112.621929]  ? do_raw_spin_unlock+0xa7/0x2f0
[  112.626334]  ? wait_consider_task+0x39b0/0x39b0
[  112.631005]  ? find_held_lock+0x36/0x1c0
[  112.635069]  ? lock_downgrade+0x8f0/0x8f0
[  112.639214]  kernel_wait4+0x247/0x3f0
[  112.643011]  ? __ia32_sys_waitid+0x140/0x140
[  112.647418]  ? task_stopped_code+0x190/0x190
[  112.651825]  __do_sys_wait4+0x137/0x150
[  112.655804]  ? kernel_wait4+0x3f0/0x3f0
[  112.659778]  ? nsecs_to_jiffies+0x30/0x30
[  112.664012]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  112.669550]  ? __x64_sys_clock_gettime+0x170/0x250
[  112.674476]  ? __ia32_sys_clock_settime+0x290/0x290
[  112.679489]  __x64_sys_wait4+0x97/0xf0
[  112.683378]  do_syscall_64+0x1b9/0x820
[  112.687263]  ? syscall_slow_exit_work+0x500/0x500
[  112.692115]  ? syscall_return_slowpath+0x5e0/0x5e0
[  112.697046]  ? syscall_return_slowpath+0x31d/0x5e0
[  112.701983]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  112.707349]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  112.712199]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  112.717387] RIP: 0033:0x405faa
[  112.720564] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 0e cc 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d0 ff ff ff f7 
[  112.739780] RSP: 002b:00007fff2e852408 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[  112.747527] RAX: ffffffffffffffda RBX: 00000000000007b5 RCX: 0000000000405faa
[  112.754798] RDX: 0000000040000001 RSI: 00007fff2e85241c RDI: ffffffffffffffff
[  112.762098] RBP: 00000000000007b5 R08: 0000000000000001 R09: 00000000023e4880
[  112.769374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000291
[  112.776644] R13: 000000000001b4c3 R14: 0000000000000000 R15: 0000000000000000
[  112.784932] Dumping ftrace buffer:
[  112.788462]    (ftrace buffer empty)
[  112.792161] Kernel Offset: disabled
[  112.795765] Rebooting in 86400 seconds..