[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.378959] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.727826] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.008917] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.952893] random: sshd: uninitialized urandom read (32 bytes read, 108 bits of entropy available) [ 23.126883] random: sshd: uninitialized urandom read (32 bytes read, 114 bits of entropy available) Warning: Permanently added '10.128.15.232' (ECDSA) to the list of known hosts. [ 28.518859] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available) executing program [ 28.612757] ================================================================== [ 28.620128] BUG: KASAN: slab-out-of-bounds in strnlen+0xc1/0xd0 [ 28.626152] Read of size 1 at addr ffff8801d0aca5d0 by task syzkaller724216/3311 [ 28.633648] [ 28.635244] CPU: 0 PID: 3311 Comm: syzkaller724216 Not tainted 4.4.113-ge70c132 #34 [ 28.643000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.652321] 0000000000000000 e93aa0721bcd09ea ffff8801d080f718 ffffffff81d0278d [ 28.660511] ffffea000742b280 ffff8801d0aca5d0 0000000000000000 ffff8801d0aca5d0 [ 28.668466] ffff8801d080f9e8 ffff8801d080f750 ffffffff814fd053 ffff8801d0aca5d0 [ 28.676427] Call Trace: [ 28.678985] [] dump_stack+0xc1/0x124 [ 28.684315] [] print_address_description+0x73/0x260 [ 28.690948] [] kasan_report+0x285/0x370 [ 28.696537] [] ? strnlen+0xc1/0xd0 [ 28.701693] [] __asan_report_load1_noabort+0x14/0x20 [ 28.708413] [] strnlen+0xc1/0xd0 [ 28.713396] [] string.isra.4+0x4c/0x240 [ 28.718996] [] ? format_decode+0x118/0xa50 [ 28.724849] [] vsnprintf+0x766/0x15f0 [ 28.730265] [] ? pointer.isra.22+0xa00/0xa00 [ 28.736293] [] ? __mutex_unlock_slowpath+0x242/0x3b0 [ 28.743151] [] __request_module+0x14f/0x810 [ 28.749090] [] ? __ww_mutex_lock_interruptible+0x14d0/0x14d0 [ 28.756506] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 28.763401] [] ? __mutex_unlock_slowpath+0x208/0x3b0 [ 28.770136] [] ? mutex_unlock+0x9/0x10 [ 28.775638] [] ? xt_find_target+0x17b/0x1e0 [ 28.781575] [] xt_request_find_target+0x8b/0xb0 [ 28.787864] [] translate_table+0x12c1/0x1cf0 [ 28.793896] [] ? ipt_alloc_initial_table+0x660/0x660 [ 28.800617] [] ? __might_fault+0xe4/0x1d0 [ 28.806382] [] ? check_stack_object+0x68/0x140 [ 28.812583] [] ? __check_object_size+0x154/0x35b [ 28.818954] [] ? 0xffffffff810002b8 [ 28.824199] [] do_ipt_set_ctl+0x2a3/0x450 [ 28.829967] [] ? compat_do_ipt_set_ctl+0x150/0x150 [ 28.836515] [] ? mutex_unlock+0x9/0x10 [ 28.842018] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 28.849084] [] nf_setsockopt+0x67/0xc0 [ 28.854587] [] ip_setsockopt+0xa1/0xb0 [ 28.860091] [] udp_setsockopt+0x45/0x80 [ 28.865683] [] sock_common_setsockopt+0x95/0xd0 [ 28.871969] [] SyS_setsockopt+0x160/0x250 [ 28.877735] [] ? vmacache_update+0xfe/0x130 [ 28.883673] [] ? SyS_recv+0x40/0x40 [ 28.888918] [] ? retint_user+0x18/0x3c [ 28.894424] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 28.900970] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.907525] [ 28.909123] Allocated by task 3311: [ 28.912715] [] save_stack_trace+0x26/0x50 [ 28.918598] [] save_stack+0x43/0xd0 [ 28.923961] [] kasan_kmalloc+0xad/0xe0 [ 28.929580] [] __kmalloc+0x124/0x320 [ 28.935035] [] xt_alloc_table_info+0x71/0x100 [ 28.941267] [] do_ipt_set_ctl+0x232/0x450 [ 28.947146] [] nf_setsockopt+0x67/0xc0 [ 28.952767] [] ip_setsockopt+0xa1/0xb0 [ 28.958385] [] udp_setsockopt+0x45/0x80 [ 28.964088] [] sock_common_setsockopt+0x95/0xd0 [ 28.970490] [] SyS_setsockopt+0x160/0x250 [ 28.976371] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 28.983035] [ 28.984632] Freed by task 1794: [ 28.987874] [] save_stack_trace+0x26/0x50 [ 28.993753] [] save_stack+0x43/0xd0 [ 28.999109] [] kasan_slab_free+0x72/0xc0 [ 29.004900] [] kfree+0xfc/0x300 [ 29.009919] [] kernfs_fop_release+0xff/0x140 [ 29.016058] [] __fput+0x233/0x6d0 [ 29.021243] [] ____fput+0x15/0x20 [ 29.026428] [] task_work_run+0x104/0x180 [ 29.032219] [] exit_to_usermode_loop+0x13d/0x160 [ 29.038707] [] syscall_return_slowpath+0x1b5/0x1f0 [ 29.045369] [] int_ret_from_sys_call+0x25/0xa3 [ 29.051687] [ 29.053283] The buggy address belongs to the object at ffff8801d0aca500 [ 29.053283] which belongs to the cache kmalloc-256 of size 256 [ 29.065905] The buggy address is located 208 bytes inside of [ 29.065905] 256-byte region [ffff8801d0aca500, ffff8801d0aca600) [ 29.077750] The buggy address belongs to the page: [ 30.486206] PANIC: double fault, error_code: 0x0 [ 30.491101] CPU: 0 PID: 3311 Comm: syzkaller724216 Not tainted 4.4.113-ge70c132 #34 [ 30.498863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.508182] task: ffff8800b4444740 task.stack: ffff8801d0808000 [ 30.514203] RIP: 0010:[] [] __sanitizer_cov_trace_pc+0x0/0x50 [ 30.523384] RSP: 0018:ffff880100000000 EFLAGS: 00010092 [ 30.528799] RAX: ffff8800b4444740 RBX: ffffea000742b280 RCX: ffffffff8148f8d0 [ 30.536037] RDX: 0000000000000000 RSI: ffffffff838a8de0 RDI: ffffea000742b280 [ 30.543566] RBP: ffff880100000038 R08: 0000000000000001 R09: 0000000000000000 [ 30.550805] R10: 0000000000000002 R11: fffffbfff0ad7e26 R12: 0000000000000000 [ 30.556472] ------------[ cut here ]------------ [ 30.556484] WARNING: CPU: 1 PID: 1 at kernel/locking/lockdep.c:3190 __lock_acquire+0x23b3/0x4b50() [ 30.556490] DEBUG_LOCKS_WARN_ON(id >= MAX_LOCKDEP_KEYS) [ 30.556491] Kernel panic - not syncing: panic_on_warn set ... [ 30.556491] [ 30.556496] CPU: 1 PID: 1 Comm: init Not tainted 4.4.113-ge70c132 #34 [ 30.556499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.556507] 0000000000000000 e96a2bde10df8327 ffff8801da317310 ffffffff81d0278d [ 30.556514] ffffffff838439a0 ffff8801da3173e8 ffffffff83855780 0000000000000009 [ 30.556521] 0000000000000c76 ffff8801da3173d8 ffffffff81419b6a 0000000041b58ab3 [ 30.556523] Call Trace: [ 30.556532] [] dump_stack+0xc1/0x124 [ 30.556540] [] panic+0x1aa/0x388 [ 30.556547] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 30.556555] [] ? warn_slowpath_common+0x10a/0x140 [ 30.556561] [] warn_slowpath_common+0x125/0x140 [ 30.556566] [] ? __lock_acquire+0x23b3/0x4b50 [ 30.556572] [] warn_slowpath_fmt+0xc1/0x110 [ 30.556577] [] ? warn_slowpath_common+0x140/0x140 [ 30.556583] [] ? save_trace+0xe0/0x270 [ 30.556588] [] ? mark_lock+0x45e/0xfd0 [ 30.556594] [] __lock_acquire+0x23b3/0x4b50 [ 30.556600] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.556607] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 30.556614] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.556620] [] ? debug_object_free+0x202/0x3a0 [ 30.556626] [] ? schedule_hrtimeout_range_clock+0x223/0x330 [ 30.556632] [] ? hrtimer_nanosleep_restart+0x1e0/0x1e0 [ 30.556639] [] ? clock_was_set_work+0x30/0x30 [ 30.556644] [] lock_acquire+0x15e/0x460 [ 30.556651] [] ? remove_wait_queue+0x14/0x40 [ 30.556658] [] _raw_spin_lock_irqsave+0x4e/0x70 [ 30.556663] [] ? remove_wait_queue+0x14/0x40 [ 30.556669] [] remove_wait_queue+0x14/0x40 [ 30.556676] [] poll_freewait+0xd2/0x250 [ 30.556682] [] do_select+0xff4/0x13e0 [ 30.556687] [] ? do_select+0xc5/0x13e0 [ 30.556695] [] ? poll_select_set_timeout+0x110/0x110 [ 30.556700] [] ? __lock_acquire+0xb5f/0x4b50 [ 30.556707] [] ? save_stack+0xa3/0xd0 [ 30.556714] [] ? save_stack_trace+0x26/0x50 [ 30.556720] [] ? set_fd_set.part.0+0x60/0x60 [ 30.556726] [] ? __lock_acquire+0xb5f/0x4b50 [ 30.556732] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 30.556738] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.556744] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.556750] [] ? __lock_acquire+0xb5f/0x4b50 [ 30.556756] [] ? __lock_acquire+0xb5f/0x4b50 [ 30.556762] [] ? __might_fault+0xe4/0x1d0 [ 30.556769] [] ? check_stack_object+0x68/0x140 [ 30.556775] [] ? __check_object_size+0x154/0x35b [ 30.556781] [] core_sys_select+0x3d8/0x740 [ 30.556787] [] ? core_sys_select+0xa2/0x740 [ 30.556793] [] ? do_select+0x13e0/0x13e0 [ 30.556800] [] ? kvm_clock_read+0x23/0x40 [ 30.556807] [] ? kvm_clock_get_cycles+0x9/0x10 [ 30.556812] [] ? ktime_get_ts64+0x1ea/0x2d0 [ 30.556818] [] ? poll_select_set_timeout+0xa6/0x110 [ 30.556824] [] ? timespec_add_safe+0x116/0x160 [ 30.556830] [] SyS_select+0x14a/0x1d0 [ 30.556836] [] ? core_sys_select+0x740/0x740 [ 30.556843] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 30.556849] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 30.944799] R13: ffffffff838a8de0 R14: 0000000000000000 R15: 0000000000000000 [ 30.952044] FS: 0000000002162880(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 30.960240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.966093] CR2: ffff8800fffffff8 CR3: 00000001d09da000 CR4: 0000000000160670 [ 30.973336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.980580] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.987822] Stack: [ 30.989944] [ 30.991544] Call Trace: [ 30.994098] [ 30.996129] Code: 4c 89 e7 e8 b3 da 19 00 eb b4 e8 4c db 19 00 eb 86 4c 89 ff e8 42 db 19 00 e9 64 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <55> 48 89 e5 65 48 8b 04 25 00 67 01 00 65 8b 15 5c 6a cb 7e 81 [ 31.662871] Shutting down cpus with NMI [ 31.667261] Dumping ftrace buffer: [ 31.670774] (ftrace buffer empty) [ 31.674450] Kernel Offset: disabled [ 31.678040] Rebooting in 86400 seconds..