[ 15.713976] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.689534] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.108692] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.061592] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) [ 27.953699] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available) [ 30.435537] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. executing program [ 33.518925] ================================================================== [ 33.526307] BUG: KASAN: slab-out-of-bounds in strnlen+0xc1/0xd0 [ 33.532342] Read of size 1 at addr ffff8800b3d7fad0 by task syzkaller099913/3318 [ 33.539844] [ 33.541449] CPU: 1 PID: 3318 Comm: syzkaller099913 Not tainted 4.4.113-ge70c132 #34 [ 33.549215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.558547] 0000000000000000 be618883e4fbbd92 ffff8801d012f710 ffffffff81d0278d [ 33.566535] ffffea0002cf5fc0 ffff8800b3d7fad0 0000000000000000 ffff8800b3d7fad0 [ 33.574512] ffff8801d012f9e0 ffff8801d012f748 ffffffff814fd053 ffff8800b3d7fad0 [ 33.582483] Call Trace: [ 33.585043] [] dump_stack+0xc1/0x124 [ 33.590381] [] print_address_description+0x73/0x260 [ 33.597018] [] kasan_report+0x285/0x370 [ 33.602637] [] ? strnlen+0xc1/0xd0 [ 33.607818] [] __asan_report_load1_noabort+0x14/0x20 [ 33.614540] [] strnlen+0xc1/0xd0 [ 33.619531] [] string.isra.4+0x4c/0x240 [ 33.625125] [] ? format_decode+0x118/0xa50 [ 33.630983] [] vsnprintf+0x766/0x15f0 [ 33.636413] [] ? pointer.isra.22+0xa00/0xa00 [ 33.642446] [] ? __mutex_unlock_slowpath+0x242/0x3b0 [ 33.649174] [] __request_module+0x14f/0x810 [ 33.655120] [] ? __ww_mutex_lock_interruptible+0x14d0/0x14d0 [ 33.662541] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 33.669442] [] ? __mutex_unlock_slowpath+0x208/0x3b0 [ 33.676165] [] ? mutex_unlock+0x9/0x10 [ 33.681675] [] ? xt_find_target+0x17b/0x1e0 [ 33.687623] [] xt_request_find_target+0x8b/0xb0 [ 33.693922] [] translate_table+0x12c1/0x1cf0 [ 33.699959] [] ? ipt_alloc_initial_table+0x660/0x660 [ 33.706687] [] ? __might_fault+0xe4/0x1d0 [ 33.712460] [] ? check_stack_object+0x68/0x140 [ 33.718667] [] ? __check_object_size+0x154/0x35b [ 33.725040] [] ? 0xffffffff810002b8 [ 33.730292] [] do_ipt_set_ctl+0x2a3/0x450 [ 33.736067] [] ? compat_do_ipt_set_ctl+0x150/0x150 [ 33.742621] [] ? mutex_unlock+0x9/0x10 [ 33.748134] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 33.755205] [] nf_setsockopt+0x67/0xc0 [ 33.760718] [] ip_setsockopt+0xa1/0xb0 [ 33.766235] [] tcp_setsockopt+0x82/0xd0 [ 33.771843] [] sock_common_setsockopt+0x95/0xd0 [ 33.778145] [] SyS_setsockopt+0x160/0x250 [ 33.783934] [] ? vmacache_update+0xfe/0x130 [ 33.789878] [] ? SyS_recv+0x40/0x40 [ 33.795135] [] ? retint_user+0x18/0x3c [ 33.800649] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 33.807214] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 33.813767] [ 33.815367] Allocated by task 3318: [ 33.818957] [] save_stack_trace+0x26/0x50 [ 33.824850] [] save_stack+0x43/0xd0 [ 33.830215] [] kasan_kmalloc+0xad/0xe0 [ 33.835865] [] __kmalloc+0x124/0x320 [ 33.841322] [] xt_alloc_table_info+0x71/0x100 [ 33.847568] [] do_ipt_set_ctl+0x232/0x450 [ 33.853469] [] nf_setsockopt+0x67/0xc0 [ 33.859102] [] ip_setsockopt+0xa1/0xb0 [ 33.864743] [] tcp_setsockopt+0x82/0xd0 [ 33.870457] [] sock_common_setsockopt+0x95/0xd0 [ 33.876876] [] SyS_setsockopt+0x160/0x250 [ 33.882766] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 33.889433] [ 33.891032] Freed by task 1768: [ 33.894276] [] save_stack_trace+0x26/0x50 [ 33.900165] [] save_stack+0x43/0xd0 [ 33.905527] [] kasan_slab_free+0x72/0xc0 [ 33.911330] [] kfree+0xfc/0x300 [ 33.916365] [] seq_release+0x59/0x70 [ 33.921813] [] kernfs_fop_release+0xcb/0x140 [ 33.927958] [] __fput+0x233/0x6d0 [ 33.933146] [] ____fput+0x15/0x20 [ 33.938336] [] task_work_run+0x104/0x180 [ 33.944143] [] exit_to_usermode_loop+0x13d/0x160 [ 33.950631] [] syscall_return_slowpath+0x1b5/0x1f0 [ 33.957296] [] int_ret_from_sys_call+0x25/0xa3 [ 33.963616] [ 33.965215] The buggy address belongs to the object at ffff8800b3d7fa00 [ 33.965215] which belongs to the cache kmalloc-256 of size 256 [ 33.977843] The buggy address is located 208 bytes inside of [ 33.977843] 256-byte region [ffff8800b3d7fa00, ffff8800b3d7fb00) [ 33.989686] The buggy address belongs to the page: [ 35.422260] PANIC: double fault, error_code: 0x0 [ 35.427047] CPU: 1 PID: 3318 Comm: syzkaller099913 Not tainted 4.4.113-ge70c132 #34 [ 35.434808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.444134] task: ffff8800b53117c0 task.stack: ffff8801d0128000 [ 35.450159] RIP: 0010:[] [] dump_page_badflags+0x1a/0x250 [ 35.459011] RSP: 0018:ffff880100000000 EFLAGS: 00010086 [ 35.464431] RAX: ffff8800b53117c0 RBX: ffffea0002cf5fc0 RCX: ffffffff8148f8d0 [ 35.471675] RDX: 0000000000000000 RSI: ffffffff838a8de0 RDI: ffffea0002cf5fc0 [ 35.478927] RBP: ffff880100000030 R08: 0000000000000001 R09: 0000000000000000 [ 35.486177] R10: 0000000000000002 R11: fffffbfff0ad7e26 R12: 0000000000000000 [ 35.493425] R13: ffffffff838a8de0 R14: 0000000000000000 R15: 0000000000000000 [ 35.500668] FS: 000000000230b880(0063) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 35.508866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.514719] CR2: ffff8800fffffff8 CR3: 00000001d2cda000 CR4: 0000000000160670 [ 35.521970] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.529217] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.536457] Stack: [ 35.538575] [ 35.540171] Call Trace: [ 35.542722] [ 35.544750] Code: df 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 b1 04 ed ff 48 8d 7b 10 48 b8 00 00 00 00 00 fc ff df 48 89 [ 35.571626] Kernel panic - not syncing: Machine halted. [ 35.576965] CPU: 1 PID: 3318 Comm: syzkaller099913 Not tainted 4.4.113-ge70c132 #34 [ 35.584728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.594056] 0000000000000000 be618883e4fbbd92 ffff8801db30ce38 ffffffff81d0278d [ 35.602028] ffffffff83837200 ffff8801db30cf10 ffffffff83808040 ffff880100000000 [ 35.609995] 0000000000000000 ffff8801db30cf00 ffffffff81419b6a 0000000041b58ab3 [ 35.617978] Call Trace: [ 35.620530] <#DF> [] dump_stack+0xc1/0x124 [ 35.626607] [] panic+0x1aa/0x388 [ 35.631607] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 35.638516] [] ? vprintk_emit+0x242/0x850 [ 35.644288] [] ? dump_page_badflags+0x2f/0x250 [ 35.650497] [] ? vprintk_emit+0x242/0x850 [ 35.656271] [] df_debug+0x2d/0x30 [ 35.661346] [] do_double_fault+0x10b/0x210 [ 35.667207] [] double_fault+0x2d/0x40 [ 35.672632] [] ? dump_page_badflags+0x180/0x250 [ 35.678927] [] ? dump_page_badflags+0x1a/0x250 [ 35.685134] <> [ 35.688595] Dumping ftrace buffer: [ 35.692434] (ftrace buffer empty) [ 35.696115] Kernel Offset: disabled [ 35.699722] Rebooting in 86400 seconds..