[ 16.475668] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.711161] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 20.980029] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.876718] random: sshd: uninitialized urandom read (32 bytes read, 107 bits of entropy available) [ 29.613044] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) Warning: Permanently added 'ci-android-44-kasan-gce-386-2,10.128.15.194' (ECDSA) to the list of known hosts. [ 35.054229] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) executing program executing program [ 35.298031] ================================================================== [ 35.305466] BUG: KASAN: stack-out-of-bounds in strnlen+0xc1/0xd0 [ 35.311589] Read of size 1 at addr ffff8800b4287cc4 by task syzkaller536543/3341 [ 35.319100] [ 35.320707] CPU: 0 PID: 3341 Comm: syzkaller536543 Not tainted 4.4.107-g610c835 #4 [ 35.328393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.337720] 0000000000000000 63e5996f9cba928f ffff8800b4287718 ffffffff81d0457d [ 35.345722] ffffea0002d0a1c0 ffff8800b4287cc4 0000000000000000 ffff8800b4287cc4 [ 35.353683] ffffffff856b29c0 ffff8800b4287750 ffffffff814fbb23 ffff8800b4287cc4 [ 35.361641] Call Trace: [ 35.364206] [] dump_stack+0xc1/0x124 [ 35.369541] [] print_address_description+0x73/0x260 [ 35.376188] [] kasan_report+0x285/0x370 [ 35.381797] [] ? strnlen+0xc1/0xd0 [ 35.386964] [] __asan_report_load1_noabort+0x14/0x20 [ 35.393695] [] strnlen+0xc1/0xd0 [ 35.398679] [] string.isra.4+0x4c/0x240 [ 35.404273] [] ? format_decode+0x118/0xa50 [ 35.410126] [] vsnprintf+0x766/0x15f0 [ 35.415546] [] ? pointer.isra.22+0xa00/0xa00 [ 35.421574] [] vscnprintf+0x2d/0x60 [ 35.426824] [] vprintk_emit+0xdb/0x850 [ 35.432331] [] ? mark_held_locks+0xaf/0x100 [ 35.438268] [] vprintk+0x28/0x30 [ 35.443264] [] vprintk_default+0x1d/0x30 [ 35.448944] [] printk+0xb7/0xe2 [ 35.453851] [] ? pm_qos_get_value.part.4+0xb/0xb [ 35.460230] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 35.466451] [] do_ip_vs_set_ctl+0x9b7/0xba0 [ 35.472393] [] ? ip_vs_genl_set_cmd+0x9a0/0x9a0 [ 35.478687] [] ? __lock_is_held+0xa1/0xf0 [ 35.484465] [] ? mark_held_locks+0xaf/0x100 [ 35.490406] [] ? mutex_lock_nested+0x5d4/0x850 [ 35.496617] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.503438] [] ? mutex_unlock+0x9/0x10 [ 35.508950] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 35.516032] [] compat_nf_setsockopt+0xfa/0x130 [ 35.522237] [] compat_ip_setsockopt+0x9d/0xf0 [ 35.528355] [] compat_udp_setsockopt+0x45/0x80 [ 35.534570] [] compat_sock_common_setsockopt+0xb2/0x140 [ 35.541557] [] ? udp_lib_setsockopt+0x560/0x560 [ 35.547946] [] compat_SyS_setsockopt+0x149/0x290 [ 35.554324] [] ? sock_common_setsockopt+0xd0/0xd0 [ 35.560797] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 35.567357] [] ? call_rwsem_wake+0x17/0x30 [ 35.573215] [] ? do_fast_syscall_32+0xd7/0x890 [ 35.579414] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 35.585970] [] do_fast_syscall_32+0x314/0x890 [ 35.592099] [] sysenter_flags_fixed+0xd/0x17 [ 35.598130] [ 35.599724] The buggy address belongs to the page: [ 35.604624] page:ffffea0002d0a1c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 35.612744] flags: 0x4000000000000000() [ 35.616814] page dumped because: kasan: bad access detected [ 35.622490] [ 35.624084] Memory state around the buggy address: [ 35.628979] ffff8800b4287b80: 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 f2 f2 [ 35.636306] ffff8800b4287c00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 [ 35.643646] >ffff8800b4287c80: 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 00 00 [ 35.650971] ^ [ 35.656401] ffff8800b4287d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.663732] ffff8800b4287d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.671058] ================================================================== [ 35.678394] Kernel panic - not syncing: panic_on_warn set ... [ 35.678394] [ 35.685738] CPU: 0 PID: 3341 Comm: syzkaller536543 Tainted: G B 4.4.107-g610c835 #4 [ 35.694641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.703968] 0000000000000000 63e5996f9cba928f ffff8800b4287670 ffffffff81d0457d [ 35.711937] ffffffff83fb2cde ffff8800b4287748 0000000000000000 ffff8800b4287cc4 [ 35.719912] ffffffff856b29c0 ffff8800b4287738 ffffffff8141774a 0000000041b58ab3 [ 35.727910] Call Trace: [ 35.730513] [] dump_stack+0xc1/0x124 [ 35.735849] [] panic+0x1aa/0x388 [ 35.740842] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 35.747737] [] ? pm_qos_get_value.part.4+0xb/0xb [ 35.754113] [] kasan_end_report+0x50/0x50 [ 35.759887] [] kasan_report+0x15c/0x370 [ 35.765488] [] ? strnlen+0xc1/0xd0 [ 35.770652] [] __asan_report_load1_noabort+0x14/0x20 [ 35.777372] [] strnlen+0xc1/0xd0 [ 35.782360] [] string.isra.4+0x4c/0x240 [ 35.787950] [] ? format_decode+0x118/0xa50 [ 35.793803] [] vsnprintf+0x766/0x15f0 [ 35.799220] [] ? pointer.isra.22+0xa00/0xa00 [ 35.805247] [] vscnprintf+0x2d/0x60 [ 35.810498] [] vprintk_emit+0xdb/0x850 [ 35.816014] [] ? mark_held_locks+0xaf/0x100 [ 35.821956] [] vprintk+0x28/0x30 [ 35.826950] [] vprintk_default+0x1d/0x30 [ 35.832630] [] printk+0xb7/0xe2 [ 35.837526] [] ? pm_qos_get_value.part.4+0xb/0xb [ 35.843915] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 35.850117] [] do_ip_vs_set_ctl+0x9b7/0xba0 [ 35.856058] [] ? ip_vs_genl_set_cmd+0x9a0/0x9a0 [ 35.862355] [] ? __lock_is_held+0xa1/0xf0 [ 35.868124] [] ? mark_held_locks+0xaf/0x100 [ 35.874090] [] ? mutex_lock_nested+0x5d4/0x850 [ 35.880290] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.887109] [] ? mutex_unlock+0x9/0x10 [ 35.892620] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 35.899687] [] compat_nf_setsockopt+0xfa/0x130 [ 35.905900] [] compat_ip_setsockopt+0x9d/0xf0 [ 35.912024] [] compat_udp_setsockopt+0x45/0x80 [ 35.918233] [] compat_sock_common_setsockopt+0xb2/0x140 [ 35.925216] [] ? udp_lib_setsockopt+0x560/0x560 [ 35.931513] [] compat_SyS_setsockopt+0x149/0x290 [ 35.937893] [] ? sock_common_setsockopt+0xd0/0xd0 [ 35.944355] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 35.950912] [] ? call_rwsem_wake+0x17/0x30 [ 35.956773] [] ? do_fast_syscall_32+0xd7/0x890 [ 35.962980] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 35.970231] [] do_fast_syscall_32+0x314/0x890 [ 35.977040] [] sysenter_flags_fixed+0xd/0x17 [ 35.983134] Dumping ftrace buffer: [ 35.986645] (ftrace buffer empty) [ 35.990325] Kernel Offset: disabled [ 35.993934] Rebooting in 86400 seconds..