[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [ 9.913052] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 12.056260] random: crng init done Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts. executing program [ 28.384370] ================================================================== [ 28.385654] BUG: KASAN: stack-out-of-bounds in strlcpy+0x101/0x120 [ 28.386680] Read of size 1 at addr ffff8801cf78fb0c by task syz-executor184/2044 [ 28.387723] [ 28.387964] CPU: 0 PID: 2044 Comm: syz-executor184 Not tainted 4.9.126+ #42 [ 28.388920] ffff8801cf78f9e8 ffffffff81af1049 ffffea00073de3c0 ffff8801cf78fb0c [ 28.390092] 0000000000000000 ffff8801cf78fb0c 0000000000000091 ffff8801cf78fa20 [ 28.391263] ffffffff814e136d ffff8801cf78fb0c 0000000000000001 0000000000000000 [ 28.392448] Call Trace: [ 28.392809] [] dump_stack+0xc1/0x128 [ 28.393597] [] print_address_description+0x6c/0x234 [ 28.394499] [] kasan_report.cold.6+0x242/0x2fe [ 28.395323] [] ? strlcpy+0x101/0x120 [ 28.396061] [] __asan_report_load1_noabort+0x14/0x20 [ 28.396975] [] strlcpy+0x101/0x120 [ 28.397690] [] xt_copy_counters_from_user+0x152/0x300 [ 28.398617] [] ? xt_hook_ops_alloc+0x270/0x270 [ 28.399464] [] ? vti6_tnl_xmit.cold.1+0x25/0x26 [ 28.400300] [] ? mutex_lock_nested+0x650/0x870 [ 28.401164] [] do_add_counters+0x96/0x5c0 [ 28.401954] [] ? __do_replace+0x630/0x630 [ 28.402746] [] ? security_capable+0x94/0xc0 [ 28.403538] [] ? ns_capable_common+0x12a/0x150 [ 28.404365] [] compat_do_ip6t_set_ctl+0xd6/0x140 [ 28.410080] [] compat_nf_setsockopt+0x8b/0x130 [ 28.416290] [] ? compat_do_replace.isra.10+0x380/0x380 [ 28.423199] [] compat_ipv6_setsockopt+0x15d/0x1d0 [ 28.429679] [] inet_csk_compat_setsockopt+0x97/0x120 [ 28.436426] [] ? ipv6_setsockopt+0x130/0x130 [ 28.442486] [] compat_tcp_setsockopt+0x3d/0x70 [ 28.448702] [] compat_sock_common_setsockopt+0xb4/0x150 [ 28.455699] [] ? do_tcp_setsockopt.isra.5+0x1ca0/0x1ca0 [ 28.462695] [] compat_SyS_setsockopt+0x169/0x540 [ 28.469083] [] ? sock_common_setsockopt+0xe0/0xe0 [ 28.475663] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 28.482228] [] ? up_read+0x1a/0x40 [ 28.487409] [] ? __do_page_fault+0x554/0xa60 [ 28.493453] [] ? move_addr_to_kernel+0x50/0x50 [ 28.499665] [] ? do_fast_syscall_32+0xcf/0x860 [ 28.506085] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 28.512652] [] do_fast_syscall_32+0x2f1/0x860 [ 28.518782] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.525434] [] entry_SYSENTER_compat+0x90/0xa2 [ 28.532174] [ 28.533777] The buggy address belongs to the page: [ 28.538681] page:ffffea00073de3c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 28.546929] flags: 0x4000000000000000() [ 28.550873] page dumped because: kasan: bad access detected [ 28.556553] [ 28.558151] Memory state around the buggy address: [ 28.563054] ffff8801cf78fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.570398] ffff8801cf78fa80: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 [ 28.577852] >ffff8801cf78fb00: 00 04 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 [ 28.585189] ^ [ 28.588888] ffff8801cf78fb80: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 [ 28.596236] ffff8801cf78fc00: 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 28.603576] ================================================================== [ 28.610918] Disabling lock debugging due to kernel taint [ 28.616915] Kernel panic - not syncing: panic_on_warn set ... [ 28.616915] [ 28.624274] CPU: 0 PID: 2044 Comm: syz-executor184 Tainted: G B 4.9.126+ #42 [ 28.632757] ffff8801cf78f948 ffffffff81af1049 ffffffff82c346e0 00000000ffffffff [ 28.640768] 0000000000000000 0000000000000000 0000000000000091 ffff8801cf78fa08 [ 28.648770] ffffffff813df5e5 0000000041b58ab3 ffffffff82c286e3 ffffffff813df426 [ 28.656757] Call Trace: [ 28.659326] [] dump_stack+0xc1/0x128 [ 28.664666] [] panic+0x1bf/0x39f [ 28.669659] [] ? add_taint.cold.6+0x16/0x16 [ 28.675608] [] ? ___preempt_schedule+0x16/0x18 [ 28.681825] [] kasan_end_report+0x47/0x4f [ 28.687602] [] kasan_report.cold.6+0x76/0x2fe [ 28.693840] [] ? strlcpy+0x101/0x120 [ 28.699201] [] __asan_report_load1_noabort+0x14/0x20 [ 28.705937] [] strlcpy+0x101/0x120 [ 28.711113] [] xt_copy_counters_from_user+0x152/0x300 [ 28.717934] [] ? xt_hook_ops_alloc+0x270/0x270 [ 28.724144] [] ? vti6_tnl_xmit.cold.1+0x25/0x26 [ 28.730441] [] ? mutex_lock_nested+0x650/0x870 [ 28.736654] [] do_add_counters+0x96/0x5c0 [ 28.742553] [] ? __do_replace+0x630/0x630 [ 28.748338] [] ? security_capable+0x94/0xc0 [ 28.754399] [] ? ns_capable_common+0x12a/0x150 [ 28.760620] [] compat_do_ip6t_set_ctl+0xd6/0x140 [ 28.767011] [] compat_nf_setsockopt+0x8b/0x130 [ 28.773225] [] ? compat_do_replace.isra.10+0x380/0x380 [ 28.780134] [] compat_ipv6_setsockopt+0x15d/0x1d0 [ 28.786609] [] inet_csk_compat_setsockopt+0x97/0x120 [ 28.793342] [] ? ipv6_setsockopt+0x130/0x130 [ 28.799392] [] compat_tcp_setsockopt+0x3d/0x70 [ 28.805740] [] compat_sock_common_setsockopt+0xb4/0x150 [ 28.812845] [] ? do_tcp_setsockopt.isra.5+0x1ca0/0x1ca0 [ 28.819848] [] compat_SyS_setsockopt+0x169/0x540 [ 28.826329] [] ? sock_common_setsockopt+0xe0/0xe0 [ 28.832815] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 28.839394] [] ? up_read+0x1a/0x40 [ 28.844566] [] ? __do_page_fault+0x554/0xa60 [ 28.850612] [] ? move_addr_to_kernel+0x50/0x50 [ 28.856879] [] ? do_fast_syscall_32+0xcf/0x860 [ 28.863099] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 28.869661] [] do_fast_syscall_32+0x2f1/0x860 [ 28.875784] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.882432] [] entry_SYSENTER_compat+0x90/0xa2 [ 28.889145] Dumping ftrace buffer: [ 28.892670] (ftrace buffer empty) [ 28.896375] Kernel Offset: disabled [ 28.899988] Rebooting in 86400 seconds..