[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   25.440488] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   29.201623] random: sshd: uninitialized urandom read (32 bytes read)
[   29.428686] random: sshd: uninitialized urandom read (32 bytes read)
[   30.013237] random: sshd: uninitialized urandom read (32 bytes read)
[   30.230609] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts.
[   35.852473] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   36.058356] FAULT_INJECTION: forcing a failure.
[   36.058356] name failslab, interval 1, probability 0, space 0, times 1
[   36.069690] CPU: 0 PID: 5340 Comm: syz-executor610 Not tainted 4.19.0-rc2+ #50
[   36.077069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.086425] Call Trace:
[   36.089013]  dump_stack+0x1c4/0x2b4
[   36.092639]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.097839]  should_fail.cold.4+0xa/0x17
[   36.101901]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   36.107013]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   36.112125]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   36.117217]  ? lockdep_hardirqs_on+0x421/0x5c0
[   36.121792]  ? graph_lock+0x170/0x170
[   36.125590]  ? kasan_check_read+0x11/0x20
[   36.129736]  ? depot_save_stack+0x292/0x470
[   36.134060]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   36.139515]  ? kasan_check_write+0x14/0x20
[   36.143755]  ? do_raw_spin_lock+0xc1/0x200
[   36.147992]  ? find_held_lock+0x36/0x1c0
[   36.152062]  ? ___might_sleep+0x1ed/0x300
[   36.156199]  ? do_vfs_ioctl+0x1de/0x1720
[   36.160252]  ? arch_local_save_flags+0x40/0x40
[   36.164875]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.170240]  __should_failslab+0x124/0x180
[   36.174467]  should_failslab+0x9/0x14
[   36.178262]  kmem_cache_alloc_trace+0x2d7/0x750
[   36.182919]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.188444]  ? check_preemption_disabled+0x48/0x200
[   36.193454]  ? check_preemption_disabled+0x48/0x200
[   36.198463]  apparmor_file_alloc_security+0x168/0xaa0
[   36.203641]  ? rcu_pm_notify+0xc0/0xc0
[   36.207570]  ? apparmor_socket_getpeersec_stream+0xab0/0xab0
[   36.213367]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.218374]  ? kmem_cache_alloc+0x33a/0x730
[   36.222681]  ? lock_downgrade+0x900/0x900
[   36.226829]  security_file_alloc+0x4c/0xa0
[   36.231054]  __alloc_file+0x12a/0x470
[   36.234844]  ? file_free_rcu+0xd0/0xd0
[   36.238722]  ? kasan_check_write+0x14/0x20
[   36.242945]  ? do_raw_spin_lock+0xc1/0x200
[   36.247196]  ? _raw_spin_unlock+0x2c/0x50
[   36.251335]  ? mntget+0x3e/0x50
[   36.254612]  ? __ns_get_path.isra.2+0x480/0x8a0
[   36.259276]  alloc_empty_file+0x72/0x170
[   36.263331]  ? __sock_recv_wifi_status+0x250/0x250
[   36.268250]  dentry_open+0x71/0x1d0
[   36.271869]  open_related_ns+0x1b0/0x210
[   36.275926]  ? __ns_get_path.isra.2+0x8a0/0x8a0
[   36.280585]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.286116]  ? ns_capable_common+0x13f/0x170
[   36.290516]  __tun_chr_ioctl+0x48d/0x4690
[   36.294658]  ? tun_select_queue+0xac0/0xac0
[   36.298971]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[   36.304764]  ? kasan_check_read+0x11/0x20
[   36.308906]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   36.314177]  ? rcu_bh_qs+0xc0/0xc0
[   36.317705]  ? find_vpid+0xf0/0xf0
[   36.321246]  ? graph_lock+0x170/0x170
[   36.325042]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   36.330572]  ? proc_fail_nth_write+0x9e/0x210
[   36.335059]  ? proc_cwd_link+0x1d0/0x1d0
[   36.339113]  ? trace_hardirqs_off+0xb8/0x300
[   36.343541]  ? kasan_check_read+0x11/0x20
[   36.347691]  tun_chr_ioctl+0x2a/0x40
[   36.351395]  ? tun_chr_compat_ioctl+0x30/0x30
[   36.355878]  do_vfs_ioctl+0x1de/0x1720
[   36.359755]  ? __lock_is_held+0xb5/0x140
[   36.363830]  ? ioctl_preallocate+0x300/0x300
[   36.368234]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.373766]  ? __fget_light+0x2e9/0x430
[   36.377732]  ? fget_raw+0x20/0x20
[   36.381178]  ? __sb_end_write+0xd9/0x110
[   36.385239]  ? do_syscall_64+0x9a/0x820
[   36.389203]  ? do_syscall_64+0x9a/0x820
[   36.393169]  ? lockdep_hardirqs_on+0x421/0x5c0
[   36.397745]  ? security_file_ioctl+0x94/0xc0
[   36.402143]  ksys_ioctl+0xa9/0xd0
[   36.405588]  __x64_sys_ioctl+0x73/0xb0
[   36.409471]  do_syscall_64+0x1b9/0x820
[   36.413353]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   36.418718]  ? syscall_return_slowpath+0x5e0/0x5e0
[   36.423643]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.428479]  ? trace_hardirqs_off+0x300/0x300
[   36.433022]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   36.438032]  ? prepare_exit_to_usermode+0x291/0x3b0
[   36.443053]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.447895]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.453073] RIP: 0033:0x440479
[   36.456254] usercopy: Kernel memory overwrite attempt detected to spans multiple pages (offset 0, size 64)!
[   36.466221] ------------[ cut here ]------------
[   36.470967] kernel BUG at mm/usercopy.c:102!
[   36.475369] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   36.480724] CPU: 0 PID: 5340 Comm: syz-executor610 Not tainted 4.19.0-rc2+ #50
[   36.488086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.497454] RIP: 0010:usercopy_abort+0xbb/0xbd
[   36.502025] Code: c0 e8 8a 23 b2 ff 48 8b 55 c0 49 89 d9 4d 89 f0 ff 75 c8 4c 89 e1 4c 89 ee 48 c7 c7 80 48 15 88 ff 75 d0 41 57 e8 5a 38 98 ff <0f> 0b e8 5f 23 b2 ff e8 8a 6e f5 ff 8b 95 5c fe ff ff 4d 89 e0 31
[   36.520919] RSP: 0018:ffff8801bbcf6d50 EFLAGS: 00010086
[   36.526274] RAX: 000000000000005f RBX: ffffffff881545a0 RCX: 0000000000000000
[   36.533534] RDX: 0000000000000000 RSI: ffffffff8164f825 RDI: 0000000000000005
[   36.540792] RBP: ffff8801bbcf6da8 R08: ffff8801d8f1a500 R09: ffffed003b5c3ee2
[   36.548053] R10: ffffed003b5c3ee2 R11: ffff8801dae1f717 R12: ffffffff88154ac0
[   36.555310] R13: ffffffff881546e0 R14: ffffffff881545a0 R15: ffffffff881545a0
[   36.562572] FS:  000000000225c880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   36.570784] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   36.576671] CR2: 0000000000455350 CR3: 00000001d90eb000 CR4: 00000000001406f0
[   36.583926] Call Trace:
[   36.586506]  __check_object_size.cold.2+0x23/0x134
[   36.591426]  ? usercopy_warn+0x110/0x110
[   36.595471]  ? vprintk_emit+0x268/0x930
[   36.599435]  ? vprintk_default+0x28/0x30
[   36.603478]  ? vprintk_func+0x85/0x181
[   36.607349]  __probe_kernel_read+0xda/0x1c0
[   36.611655]  show_opcodes+0x4c/0x70
[   36.615264]  ? vprintk_default+0x28/0x30
[   36.619309]  show_ip+0x31/0x36
[   36.622490]  show_iret_regs+0x14/0x38
[   36.626279]  __show_regs+0x1c/0x60
[   36.629802]  ? is_bpf_text_address+0xd3/0x170
[   36.634285]  show_regs_if_on_stack.constprop.10+0x36/0x39
[   36.639806]  show_trace_log_lvl+0x25d/0x28c
[   36.644113]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.649465]  show_stack+0x38/0x3a
[   36.652912]  dump_stack+0x1c4/0x2b4
[   36.656524]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.661699]  should_fail.cold.4+0xa/0x17
[   36.665746]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   36.670836]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   36.675927]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   36.681018]  ? lockdep_hardirqs_on+0x421/0x5c0
[   36.685591]  ? graph_lock+0x170/0x170
[   36.689377]  ? kasan_check_read+0x11/0x20
[   36.693512]  ? depot_save_stack+0x292/0x470
[   36.697823]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   36.703261]  ? kasan_check_write+0x14/0x20
[   36.707481]  ? do_raw_spin_lock+0xc1/0x200
[   36.711718]  ? find_held_lock+0x36/0x1c0
[   36.715774]  ? ___might_sleep+0x1ed/0x300
[   36.719909]  ? do_vfs_ioctl+0x1de/0x1720
[   36.723953]  ? arch_local_save_flags+0x40/0x40
[   36.728520]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.733888]  __should_failslab+0x124/0x180
[   36.738110]  should_failslab+0x9/0x14
[   36.741894]  kmem_cache_alloc_trace+0x2d7/0x750
[   36.746550]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.752093]  ? check_preemption_disabled+0x48/0x200
[   36.757093]  ? check_preemption_disabled+0x48/0x200
[   36.762095]  apparmor_file_alloc_security+0x168/0xaa0
[   36.767284]  ? rcu_pm_notify+0xc0/0xc0
[   36.771161]  ? apparmor_socket_getpeersec_stream+0xab0/0xab0
[   36.776951]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.781959]  ? kmem_cache_alloc+0x33a/0x730
[   36.786269]  ? lock_downgrade+0x900/0x900
[   36.790406]  security_file_alloc+0x4c/0xa0
[   36.794633]  __alloc_file+0x12a/0x470
[   36.798416]  ? file_free_rcu+0xd0/0xd0
[   36.802316]  ? kasan_check_write+0x14/0x20
[   36.806543]  ? do_raw_spin_lock+0xc1/0x200
[   36.810766]  ? _raw_spin_unlock+0x2c/0x50
[   36.814896]  ? mntget+0x3e/0x50
[   36.818159]  ? __ns_get_path.isra.2+0x480/0x8a0
[   36.822812]  alloc_empty_file+0x72/0x170
[   36.826867]  ? __sock_recv_wifi_status+0x250/0x250
[   36.831778]  dentry_open+0x71/0x1d0
[   36.835397]  open_related_ns+0x1b0/0x210
[   36.839450]  ? __ns_get_path.isra.2+0x8a0/0x8a0
[   36.844105]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.849627]  ? ns_capable_common+0x13f/0x170
[   36.854021]  __tun_chr_ioctl+0x48d/0x4690
[   36.858155]  ? tun_select_queue+0xac0/0xac0
[   36.862465]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[   36.868259]  ? kasan_check_read+0x11/0x20
[   36.872392]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   36.877656]  ? rcu_bh_qs+0xc0/0xc0
[   36.881187]  ? find_vpid+0xf0/0xf0
[   36.884712]  ? graph_lock+0x170/0x170
[   36.888510]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   36.894066]  ? proc_fail_nth_write+0x9e/0x210
[   36.898550]  ? proc_cwd_link+0x1d0/0x1d0
[   36.902601]  ? trace_hardirqs_off+0xb8/0x300
[   36.906995]  ? kasan_check_read+0x11/0x20
[   36.911136]  tun_chr_ioctl+0x2a/0x40
[   36.914841]  ? tun_chr_compat_ioctl+0x30/0x30
[   36.919338]  do_vfs_ioctl+0x1de/0x1720
[   36.923214]  ? __lock_is_held+0xb5/0x140
[   36.927258]  ? ioctl_preallocate+0x300/0x300
[   36.931648]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.937167]  ? __fget_light+0x2e9/0x430
[   36.941124]  ? fget_raw+0x20/0x20
[   36.944561]  ? __sb_end_write+0xd9/0x110
[   36.948608]  ? do_syscall_64+0x9a/0x820
[   36.952561]  ? do_syscall_64+0x9a/0x820
[   36.956527]  ? lockdep_hardirqs_on+0x421/0x5c0
[   36.961093]  ? security_file_ioctl+0x94/0xc0
[   36.965485]  ksys_ioctl+0xa9/0xd0
[   36.968932]  __x64_sys_ioctl+0x73/0xb0
[   36.972805]  do_syscall_64+0x1b9/0x820
[   36.976690]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   36.982069]  ? syscall_return_slowpath+0x5e0/0x5e0
[   36.986984]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.991813]  ? trace_hardirqs_off+0x300/0x300
[   36.996302]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.001310]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.006311]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.011139]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.016309] RIP: 0033:0x440479
[   37.019487] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   37.038376] RSP: 002b:00007ffe3cf83628 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   37.046075] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440479
[   37.053333] RDX: 0000000000000000 RSI: 000000000000894c RDI: 0000000000000004
[   37.060586] RBP: 00000000006cb018 R08: 0000000000000001 R09: 0000000000000034
[   37.067844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   37.075098] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   37.082356] Modules linked in:
[   37.085533] Dumping ftrace buffer:
[   37.089070]    (ftrace buffer empty)
[   37.092768] ---[ end trace 125c9e5841391893 ]---
[   37.097513] RIP: 0010:usercopy_abort+0xbb/0xbd
[   37.102077] Code: c0 e8 8a 23 b2 ff 48 8b 55 c0 49 89 d9 4d 89 f0 ff 75 c8 4c 89 e1 4c 89 ee 48 c7 c7 80 48 15 88 ff 75 d0 41 57 e8 5a 38 98 ff <0f> 0b e8 5f 23 b2 ff e8 8a 6e f5 ff 8b 95 5c fe ff ff 4d 89 e0 31
[   37.120979] RSP: 0018:ffff8801bbcf6d50 EFLAGS: 00010086
[   37.126330] RAX: 000000000000005f RBX: ffffffff881545a0 RCX: 0000000000000000
[   37.133586] RDX: 0000000000000000 RSI: ffffffff8164f825 RDI: 0000000000000005
[   37.140847] RBP: ffff8801bbcf6da8 R08: ffff8801d8f1a500 R09: ffffed003b5c3ee2
[   37.148114] R10: ffffed003b5c3ee2 R11: ffff8801dae1f717 R12: ffffffff88154ac0
[   37.155365] R13: ffffffff881546e0 R14: ffffffff881545a0 R15: ffffffff881545a0
[   37.163043] FS:  000000000225c880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   37.171253] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   37.177118] CR2: 0000000000455350 CR3: 00000001d90eb000 CR4: 00000000001406f0
[   37.184373] Kernel panic - not syncing: Fatal exception
[   37.190070] Dumping ftrace buffer:
[   37.193601]    (ftrace buffer empty)
[   37.197917] Kernel Offset: disabled
[   37.201541] Rebooting in 86400 seconds..