[   15.533525] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.540213] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   19.801623] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   20.580209] random: sshd: uninitialized urandom read (32 bytes read, 83 bits of entropy available)
[   20.753740] random: sshd: uninitialized urandom read (32 bytes read, 88 bits of entropy available)
Warning: Permanently added '10.128.15.228' (ECDSA) to the list of known hosts.
[   26.936624] random: sshd: uninitialized urandom read (32 bytes read, 96 bits of entropy available)
executing program
[   27.034045] ==================================================================
[   27.041424] BUG: KASAN: slab-out-of-bounds in strnlen+0xc1/0xd0
[   27.047449] Read of size 1 at addr ffff8801d1dfd490 by task syzkaller419834/3310
[   27.054949] 
[   27.056546] CPU: 1 PID: 3310 Comm: syzkaller419834 Not tainted 4.4.113-ge70c132 #27
[   27.064305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.073628]  0000000000000000 3a0086785c7834f7 ffff8800b49ef5c0 ffffffff81d0278d
[   27.081590]  ffffea0007477f40 ffff8801d1dfd490 0000000000000000 ffff8801d1dfd490
[   27.089561]  ffff8800b49ef890 ffff8800b49ef5f8 ffffffff814fd053 ffff8801d1dfd490
[   27.097521] Call Trace:
[   27.100081]  [<ffffffff81d0278d>] dump_stack+0xc1/0x124
[   27.105414]  [<ffffffff814fd053>] print_address_description+0x73/0x260
[   27.112061]  [<ffffffff814fd565>] kasan_report+0x285/0x370
[   27.117658]  [<ffffffff81d1e171>] ? strnlen+0xc1/0xd0
[   27.122843]  [<ffffffff814fd664>] __asan_report_load1_noabort+0x14/0x20
[   27.129561]  [<ffffffff81d1e171>] strnlen+0xc1/0xd0
[   27.134545]  [<ffffffff81d25dfc>] string.isra.4+0x4c/0x240
[   27.140135]  [<ffffffff81d214e8>] ? format_decode+0x118/0xa50
[   27.145985]  [<ffffffff81d2b2a6>] vsnprintf+0x766/0x15f0
[   27.151404]  [<ffffffff81d2ab40>] ? pointer.isra.22+0xa00/0xa00
[   27.157443]  [<ffffffff8376bf82>] ? __mutex_unlock_slowpath+0x242/0x3b0
[   27.164163]  [<ffffffff8117160f>] __request_module+0x14f/0x810
[   27.170105]  [<ffffffff8376bd40>] ? __ww_mutex_lock_interruptible+0x14d0/0x14d0
[   27.177519]  [<ffffffff811714c0>] ? call_usermodehelper_setup+0x2c0/0x2c0
[   27.184422]  [<ffffffff8376bf48>] ? __mutex_unlock_slowpath+0x208/0x3b0
[   27.191142]  [<ffffffff8376c0f9>] ? mutex_unlock+0x9/0x10
[   27.196647]  [<ffffffff8302c36b>] ? xt_find_target+0x17b/0x1e0
[   27.202584]  [<ffffffff8302c64b>] xt_request_find_target+0x8b/0xb0
[   27.208871]  [<ffffffff8326a258>] translate_compat_table+0x568/0x1760
[   27.215417]  [<ffffffff83269cf0>] ? ipt_register_table+0x1f0/0x1f0
[   27.221703]  [<ffffffff814945a4>] ? __might_fault+0xe4/0x1d0
[   27.227471]  [<ffffffff81514328>] ? check_stack_object+0x68/0x140
[   27.233673]  [<ffffffff81514554>] ? __check_object_size+0x154/0x35b
[   27.240047]  [<ffffffff810002b8>] ? 0xffffffff810002b8
[   27.245291]  [<ffffffff8326b641>] compat_do_replace.isra.15+0x1f1/0x410
[   27.252011]  [<ffffffff8326b450>] ? translate_compat_table+0x1760/0x1760
[   27.258818]  [<ffffffff812357af>] ? mark_held_locks+0xaf/0x100
[   27.264757]  [<ffffffff8114810f>] ? ns_capable_common+0xcf/0x160
[   27.271401]  [<ffffffff8326b966>] compat_do_ipt_set_ctl+0x106/0x150
[   27.277778]  [<ffffffff82f94e58>] compat_nf_setsockopt+0x88/0x130
[   27.283977]  [<ffffffff8326b860>] ? compat_do_replace.isra.15+0x410/0x410
[   27.290872]  [<ffffffff830fc26d>] compat_ip_setsockopt+0x9d/0xf0
[   27.296989]  [<ffffffff831a1ed5>] compat_udp_setsockopt+0x45/0x80
[   27.303193]  [<ffffffff82df0732>] compat_sock_common_setsockopt+0xb2/0x140
[   27.310177]  [<ffffffff831a1e90>] ? udp_lib_setsockopt+0x560/0x560
[   27.316466]  [<ffffffff82ed7659>] compat_SyS_setsockopt+0x149/0x290
[   27.322840]  [<ffffffff82df0680>] ? sock_common_setsockopt+0xd0/0xd0
[   27.329300]  [<ffffffff82ed7510>] ? scm_detach_fds_compat+0x3c0/0x3c0
[   27.335846]  [<ffffffff8148ab8e>] ? vmacache_update+0xfe/0x130
[   27.341786]  [<ffffffff81006b37>] ? do_fast_syscall_32+0xd7/0x890
[   27.347989]  [<ffffffff82ed7510>] ? scm_detach_fds_compat+0x3c0/0x3c0
[   27.354538]  [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890
[   27.360654]  [<ffffffff837734ea>] sysenter_flags_fixed+0xd/0x17
[   27.366680] 
[   27.368275] Allocated by task 3310:
[   27.371865]  [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[   27.377757]  [<ffffffff814fc0c3>] save_stack+0x43/0xd0
[   27.383118]  [<ffffffff814fc38d>] kasan_kmalloc+0xad/0xe0
[   27.388741]  [<ffffffff814f8674>] __kmalloc+0x124/0x320
[   27.394188]  [<ffffffff8302de91>] xt_alloc_table_info+0x71/0x100
[   27.400418]  [<ffffffff8326b5bb>] compat_do_replace.isra.15+0x16b/0x410
[   27.407254]  [<ffffffff8326b966>] compat_do_ipt_set_ctl+0x106/0x150
[   27.413749]  [<ffffffff82f94e58>] compat_nf_setsockopt+0x88/0x130
[   27.420075]  [<ffffffff830fc26d>] compat_ip_setsockopt+0x9d/0xf0
[   27.426307]  [<ffffffff831a1ed5>] compat_udp_setsockopt+0x45/0x80
[   27.432623]  [<ffffffff82df0732>] compat_sock_common_setsockopt+0xb2/0x140
[   27.439726]  [<ffffffff82ed7659>] compat_SyS_setsockopt+0x149/0x290
[   27.446219]  [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890
[   27.452448]  [<ffffffff837734ea>] sysenter_flags_fixed+0xd/0x17
[   27.458592] 
[   27.460190] Freed by task 1768:
[   27.463434]  [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[   27.469314]  [<ffffffff814fc0c3>] save_stack+0x43/0xd0
[   27.474676]  [<ffffffff814fc9e2>] kasan_slab_free+0x72/0xc0
[   27.480470]  [<ffffffff814f947c>] kfree+0xfc/0x300
[   27.485487]  [<ffffffff8169860f>] kernfs_fop_release+0xff/0x140
[   27.491628]  [<ffffffff81522363>] __fput+0x233/0x6d0
[   27.496812]  [<ffffffff81522885>] ____fput+0x15/0x20
[   27.501998]  [<ffffffff8118b9d4>] task_work_run+0x104/0x180
[   27.507793]  [<ffffffff8100361d>] exit_to_usermode_loop+0x13d/0x160
[   27.514286]  [<ffffffff81006535>] syscall_return_slowpath+0x1b5/0x1f0
[   27.520945]  [<ffffffff83771ce9>] int_ret_from_sys_call+0x25/0xa3
[   27.527259] 
[   27.528860] The buggy address belongs to the object at ffff8801d1dfd3c0
[   27.528860]  which belongs to the cache kmalloc-256 of size 256
[   27.541487] The buggy address is located 208 bytes inside of
[   27.541487]  256-byte region [ffff8801d1dfd3c0, ffff8801d1dfd4c0)
[   27.553338] The buggy address belongs to the page:
[   27.566986] page:ffffea0007477f40 count:1 mapcount:-2146697203 mapping:          (null) index:0x0
[   27.566995] kasan: CONFIG_KASAN_INLINE enabled
[   27.567002] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   27.567006] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   27.567010] Dumping ftrace buffer:
[   27.567013]    (ftrace buffer empty)
[   27.567015] Modules linked in:
[   27.567021] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.113-ge70c132 #27
[   27.567024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.567027] task: ffffffff84217840 task.stack: ffffffff84200000
[   27.567040] RIP: 0010:[<ffffffff81d13a00>]  [<ffffffff81d13a00>] rb_insert_color+0x1d0/0xcb0
[   27.567043] RSP: 0018:ffff8801db207d18  EFLAGS: 00010806
[   27.567047] RAX: ffff8801db219c40 RBX: ffffea0007477f40 RCX: 1000000000000012
[   27.567051] RDX: dffffc0000000000 RSI: ffff8801db219710 RDI: ffffea0007477f50
[   27.567054] RBP: ffff8801db207d60 R08: ffffffff8580af08 R09: 0000000000000001
[   27.567057] R10: 0000000000000000 R11: 1ffff1003b640f62 R12: 8000000000000090
[   27.567061] R13: 8000000000000080 R14: 8000000000000080 R15: ffff8801db219c48
[   27.567066] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   27.567069] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.567073] CR2: 000055557db83100 CR3: 00000000b5b2a000 CR4: 0000000000160670
[   27.567079] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.567082] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.567084] Stack:
[   27.567091]  ffffffff842bdb20 ffffffff842180b0 0000000000000000 ffff8801db207d70
[   27.567098]  ffff8801db219c40 dffffc0000000000 0000000000000000 ffff8801db219710
[   27.567105]  ffff8800b4887e00 ffff8801db207db0 ffffffff81d20067 ffff8801db219c58
[   27.567106] Call Trace:
[   27.567116]  <IRQ> 
[   27.567116]  [<ffffffff81d20067>] timerqueue_add+0x157/0x2a0
[   27.567125]  [<ffffffff812aabb8>] enqueue_hrtimer+0x168/0x450
[   27.567131]  [<ffffffff812acc42>] __hrtimer_run_queues+0x732/0xfe0
[   27.567137]  [<ffffffff812ac510>] ? hrtimer_fixup_init+0x70/0x70
[   27.567144]  [<ffffffff812aec71>] ? hrtimer_interrupt+0x131/0x440
[   27.567150]  [<ffffffff812aece6>] hrtimer_interrupt+0x1a6/0x440
[   27.567158]  [<ffffffff810b0c7a>] local_apic_timer_interrupt+0x6a/0xb0
[   27.567182]  [<ffffffff837747b6>] smp_apic_timer_interrupt+0x76/0xa0
[   27.567188]  [<ffffffff83773710>] apic_timer_interrupt+0xa0/0xb0
[   27.567198]  <EOI> 
[   27.567198]  [<ffffffff810d0536>] ? native_safe_halt+0x6/0x10
[   27.567205]  [<ffffffff81027ed5>] default_idle+0x55/0x3c0
[   27.567211]  [<ffffffff8102945a>] arch_cpu_idle+0xa/0x10
[   27.567219]  [<ffffffff81220418>] default_idle_call+0x48/0x70
[   27.567225]  [<ffffffff81220b1d>] cpu_startup_entry+0x5fd/0x8f0
[   27.567231]  [<ffffffff8377112a>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   27.567237]  [<ffffffff81220520>] ? call_cpuidle+0xe0/0xe0
[   27.567244]  [<ffffffff8375ead9>] rest_init+0x189/0x190
[   27.567251]  [<ffffffff84821811>] start_kernel+0x6b9/0x6ee
[   27.567257]  [<ffffffff84821158>] ? thread_stack_cache_init+0xb/0xb
[   27.567263]  [<ffffffff84820120>] ? early_idt_handler_array+0x120/0x120
[   27.567270]  [<ffffffff84820120>] ? early_idt_handler_array+0x120/0x120
[   27.567276]  [<ffffffff84820312>] x86_64_start_reservations+0x2a/0x2c
[   27.567282]  [<ffffffff84820454>] x86_64_start_kernel+0x140/0x163
[   27.567366] Code: 48 c1 e9 03 80 3c 11 00 0f 85 83 06 00 00 4d 85 ed 48 89 03 74 5b 4d 8d 65 10 48 ba 00 00 00 00 00 fc ff df 4c 89 e1 48 c1 e9 03 <80> 3c 11 00 0f 85 19 07 00 00 49 3b 5d 10 0f 84 eb 04 00 00 49 
[   27.567372] RIP  [<ffffffff81d13a00>] rb_insert_color+0x1d0/0xcb0
[   27.567374]  RSP <ffff8801db207d18>
[   27.567380] ---[ end trace 8947dbf9570c1c35 ]---
[   27.567384] Kernel panic - not syncing: Fatal exception in interrupt
[   27.924308] flags: 0xffff8801db219c40(active|reserved|private|private_2|swapcache|mappedtodisk|uncached)
[   27.934862] page dumped because: VM_BUG_ON_PAGE(PageSlab(page))
[   27.940907] ------------[ cut here ]------------
[   27.945637] kernel BUG at include/linux/mm.h:460!
[   27.950454] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[   27.956261] Dumping ftrace buffer:
[   27.959770]    (ftrace buffer empty)
[   27.963456] Modules linked in:
[   27.966744] CPU: 1 PID: 3310 Comm: syzkaller419834 Tainted: G      D         4.4.113-ge70c132 #27
[   27.975726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.985144] task: ffff8800b55c5f00 task.stack: ffff8800b49e8000
[   27.991173] RIP: 0010:[<ffffffff8148f8e1>]  [<ffffffff8148f8e1>] dump_page_badflags+0x191/0x250
[   28.000110] RSP: 0018:ffff8800b1eb3570  EFLAGS: 00010082
[   28.005533] RAX: ffff8800b55c5f00 RBX: ffffea0007477f40 RCX: ffffffff8148f8bc
[   28.012778] RDX: 0000000000000000 RSI: ffffffff839fe320 RDI: ffff8800b55c676c
[   28.020025] RBP: ffff8800b1eb35a0 R08: 0000000000000001 R09: 0000000000000000
[   28.027269] R10: 0000000000000002 R11: fffffbfff0ad7e28 R12: 0000000000000000
[   28.034513] R13: ffffffff838a8de0 R14: 0000000000000000 R15: 0000000000000000
[   28.041760] FS:  0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:0000000009c83840
[   28.049958] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   28.055813] CR2: 0000000020f20000 CR3: 00000001d222e000 CR4: 0000000000160670
[   28.063060] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.070305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.077547] Stack:
[   28.079671]  0000000000000000 ffffea0007477f40 0000000000000000 ffffffff838a8de0
[   28.087657]  0000000000000000 0000000000000000 ffff8800b1eb35e0 ffffffff8148f8e1
[   28.095655]  0000000000000000 ffffea0007477f40 0000000000000000 ffffffff838a8de0
[   28.103636] Call Trace:
[   28.106195]  <UNK> 
[   28.108240] Code: [   28.110482] usercopy: kernel memory overwrite attempt detected to ffff8800b1eb3297 (names_cache) (1 bytes)
[   28.120260] ------------[ cut here ]------------
[   28.124992] kernel BUG at mm/usercopy.c:76!
[   28.129285] invalid opcode: 0000 [#3] PREEMPT SMP KASAN
[   28.135101] Dumping ftrace buffer:
[   28.138612]    (ftrace buffer empty)
[   28.142299] Modules linked in:
[   28.145590] CPU: 1 PID: 3310 Comm: syzkaller419834 Tainted: G      D         4.4.113-ge70c132 #27
[   28.154568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.163896] task: ffff8800b55c5f00 task.stack: ffff8800b49e8000
[   28.169923] RIP: 0010:[<ffffffff815145e6>]  [<ffffffff815145e6>] __check_object_size+0x1e6/0x35b
[   28.178948] RSP: 0018:ffff8800b1eb3208  EFLAGS: 00010086
[   28.184370] RAX: 000000000000005e RBX: ffff8800b1eb3297 RCX: ffffffff81269242
[   28.191612] RDX: 0000000000000000 RSI: ffffffff839fe320 RDI: ffff8800b55c676c
[   28.198857] RBP: ffff8800b1eb3248 R08: 0000000000000001 R09: 0000000000000000
[   28.206099] R10: 0000000000001100 R11: fffffbfff0ad7e2d R12: 0000000000000001
[   28.213342] R13: ffffffff838b3a20 R14: 0000000000000000 R15: ffffffff838b39e0
[   28.220586] FS:  0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:0000000009c83840
[   28.228784] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   28.234640] CR2: 0000000020f20000 CR3: 00000001d222e000 CR4: 0000000000160670
[   28.241888] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.249132] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.256376] Stack:
[   28.258498]  ffff8801db2fffc0 ffff8800b1eb3298 ffffffff838b68a0 ffff8800b1eb3297
[   28.266484]  0000000000000001 0000000000000000 ffffffff8148f8b6 ffff8800b55c5f00
[   28.274478]  ffff8800b1eb3280 ffffffff8142ac89 ffff8800b1eb34c8 ffffffff8148f8b6
[   28.282462] Call Trace:
[   28.285016]  <UNK> 
[   28.287048] Code: 3a 8b 83 4c 0f 44 ea e8 59 b6 e4 ff 48 8b 45 d0 4d 89 e1 48 89 d9 4c 89 fa 4c 89 ee 48 c7 c7 60 3a 8b 83 49 89 c0 e8 20 61 f0 ff <0f> 0b 48 89 55 c0 e8 2f b6 e4 ff 48 8b 55 c0 48 b8 ff ff ff 7f 
[   28.314207] RIP  [<ffffffff815145e6>] __check_object_size+0x1e6/0x35b
[   28.320881]  RSP <ffff8800b1eb3208>
[   28.324483] ---[ end trace 8947dbf9570c1c36 ]---
[   28.672451] Shutting down cpus with NMI
[   28.676994] Dumping ftrace buffer:
[   28.680512]    (ftrace buffer empty)
[   28.684189] Kernel Offset: disabled
[   28.687783] Rebooting in 86400 seconds..