[ 16.301142] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.186705] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 20.571044] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.507323] random: sshd: uninitialized urandom read (32 bytes read, 113 bits of entropy available) [ 21.675627] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available) Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. [ 27.041567] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) executing program [ 27.133401] ================================================================== [ 27.140793] BUG: KASAN: slab-out-of-bounds in strnlen+0xc1/0xd0 [ 27.146832] Read of size 1 at addr ffff8801d13080d0 by task syzkaller046937/3318 [ 27.154332] [ 27.155932] CPU: 1 PID: 3318 Comm: syzkaller046937 Not tainted 4.4.113-ge70c132 #27 [ 27.163726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.173061] 0000000000000000 5d8b7e24007d1d61 ffff8801d0ad75c0 ffffffff81d0278d [ 27.181030] ffffea000744c200 ffff8801d13080d0 0000000000000000 ffff8801d13080d0 [ 27.189012] ffff8801d0ad7890 ffff8801d0ad75f8 ffffffff814fd053 ffff8801d13080d0 [ 27.196983] Call Trace: [ 27.199540] [] dump_stack+0xc1/0x124 [ 27.204873] [] print_address_description+0x73/0x260 [ 27.211509] [] kasan_report+0x285/0x370 [ 27.217113] [] ? strnlen+0xc1/0xd0 [ 27.222273] [] __asan_report_load1_noabort+0x14/0x20 [ 27.228993] [] strnlen+0xc1/0xd0 [ 27.233979] [] string.isra.4+0x4c/0x240 [ 27.239574] [] ? format_decode+0x118/0xa50 [ 27.245429] [] vsnprintf+0x766/0x15f0 [ 27.250847] [] ? pointer.isra.22+0xa00/0xa00 [ 27.256877] [] ? __mutex_unlock_slowpath+0x242/0x3b0 [ 27.263597] [] __request_module+0x14f/0x810 [ 27.269541] [] ? __ww_mutex_lock_interruptible+0x14d0/0x14d0 [ 27.276958] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 27.283850] [] ? __mutex_unlock_slowpath+0x208/0x3b0 [ 27.290571] [] ? mutex_unlock+0x9/0x10 [ 27.296078] [] ? xt_find_target+0x17b/0x1e0 [ 27.302037] [] xt_request_find_target+0x8b/0xb0 [ 27.308354] [] translate_compat_table+0x568/0x1760 [ 27.314919] [] ? ipt_register_table+0x1f0/0x1f0 [ 27.321246] [] ? __might_fault+0xe4/0x1d0 [ 27.327036] [] ? check_stack_object+0x68/0x140 [ 27.333254] [] ? __check_object_size+0x154/0x35b [ 27.339637] [] ? 0xffffffff810002b8 [ 27.344887] [] compat_do_replace.isra.15+0x1f1/0x410 [ 27.351611] [] ? translate_compat_table+0x1760/0x1760 [ 27.358421] [] ? mark_held_locks+0xaf/0x100 [ 27.364363] [] ? ns_capable_common+0xcf/0x160 [ 27.370475] [] compat_do_ipt_set_ctl+0x106/0x150 [ 27.376852] [] compat_nf_setsockopt+0x88/0x130 [ 27.383054] [] ? compat_do_replace.isra.15+0x410/0x410 [ 27.389949] [] compat_ip_setsockopt+0x9d/0xf0 [ 27.396063] [] compat_udp_setsockopt+0x45/0x80 [ 27.402264] [] compat_sock_common_setsockopt+0xb2/0x140 [ 27.409257] [] ? udp_lib_setsockopt+0x560/0x560 [ 27.415544] [] compat_SyS_setsockopt+0x149/0x290 [ 27.421926] [] ? sock_common_setsockopt+0xd0/0xd0 [ 27.428386] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 27.434932] [] ? vmacache_update+0xfe/0x130 [ 27.440882] [] ? do_fast_syscall_32+0xd7/0x890 [ 27.447087] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 27.453634] [] do_fast_syscall_32+0x314/0x890 [ 27.459749] [] sysenter_flags_fixed+0xd/0x17 [ 27.465773] [ 27.467370] Allocated by task 3318: [ 27.470962] [] save_stack_trace+0x26/0x50 [ 27.476847] [] save_stack+0x43/0xd0 [ 27.482222] [] kasan_kmalloc+0xad/0xe0 [ 27.487844] [] __kmalloc+0x124/0x320 [ 27.493304] [] xt_alloc_table_info+0x71/0x100 [ 27.499534] [] compat_do_replace.isra.15+0x16b/0x410 [ 27.506382] [] compat_do_ipt_set_ctl+0x106/0x150 [ 27.512881] [] compat_nf_setsockopt+0x88/0x130 [ 27.519195] [] compat_ip_setsockopt+0x9d/0xf0 [ 27.525424] [] compat_udp_setsockopt+0x45/0x80 [ 27.531743] [] compat_sock_common_setsockopt+0xb2/0x140 [ 27.538849] [] compat_SyS_setsockopt+0x149/0x290 [ 27.545344] [] do_fast_syscall_32+0x314/0x890 [ 27.551586] [] sysenter_flags_fixed+0xd/0x17 [ 27.557738] [ 27.559336] Freed by task 1799: [ 27.562585] [] save_stack_trace+0x26/0x50 [ 27.568485] [] save_stack+0x43/0xd0 [ 27.573855] [] kasan_slab_free+0x72/0xc0 [ 27.579654] [] kfree+0xfc/0x300 [ 27.584683] [] inode_doinit_with_dentry+0xa05/0x1b80 [ 27.591532] [] selinux_d_instantiate+0x27/0x40 [ 27.597848] [] security_d_instantiate+0x5a/0xe0 [ 27.604249] [] d_splice_alias+0x17b/0x680 [ 27.610146] [] ext4_lookup+0x2d2/0x3f0 [ 27.615768] [] lookup_real+0x98/0x100 [ 27.621319] [] __lookup_hash+0xea/0x100 [ 27.627028] [] walk_component+0x8f4/0xff0 [ 27.632930] [] path_lookupat+0x192/0x3f0 [ 27.638724] [] filename_lookup+0x197/0x3b0 [ 27.644693] [] user_path_at_empty+0x40/0x50 [ 27.650762] [] vfs_fstatat+0xc6/0x170 [ 27.656297] [] SYSC_newstat+0x86/0x100 [ 27.661917] [] SyS_newstat+0x1d/0x30 [ 27.667365] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 27.674030] [ 27.675627] The buggy address belongs to the object at ffff8801d1308000 [ 27.675627] which belongs to the cache kmalloc-256 of size 256 [ 27.688250] The buggy address is located 208 bytes inside of [ 27.688250] 256-byte region [ffff8801d1308000, ffff8801d1308100) [ 27.700102] The buggy address belongs to the page: [ 29.162850] PANIC: double fault, error_code: 0x0 [ 29.167643] CPU: 1 PID: 3318 Comm: syzkaller046937 Not tainted 4.4.113-ge70c132 #27 [ 29.175407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.184730] task: ffff8801d15b2f80 task.stack: ffff8801d0ad0000 [ 29.190753] RIP: 0010:[] [] dump_page_badflags+0x12/0x250 [ 29.199605] RSP: 0018:ffff880100000000 EFLAGS: 00010046 [ 29.205031] RAX: ffff8801d15b2f80 RBX: ffffea000744c200 RCX: ffffffff8148f8d0 [ 29.212271] RDX: 0000000000000000 RSI: ffffffff838a8de0 RDI: ffffea000744c200 [ 29.219518] RBP: ffff880100000020 R08: 0000000000000001 R09: 0000000000000000 [ 29.220069] ------------[ cut here ]------------ [ 29.220082] WARNING: CPU: 0 PID: 1734 at kernel/locking/lockdep.c:973 __bfs+0x2c4/0x5d0() [ 29.220085] Kernel panic - not syncing: panic_on_warn set ... [ 29.220085] [ 29.220091] CPU: 0 PID: 1734 Comm: udevd Not tainted 4.4.113-ge70c132 #27 [ 29.220094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.220103] 0000000000000000 6c542a9ec164d1ff ffff8801d3aff388 ffffffff81d0278d [ 29.220110] ffffffff838439a0 ffff8801d3aff460 ffffffff83855780 0000000000000009 [ 29.220117] 00000000000003cd ffff8801d3aff450 ffffffff81419b6a 0000000041b58ab3 [ 29.220118] Call Trace: [ 29.220128] [] dump_stack+0xc1/0x124 [ 29.220136] [] panic+0x1aa/0x388 [ 29.220144] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 29.220150] [] ? pm_qos_get_value.part.4+0xb/0xb [ 29.220158] [] ? warn_slowpath_common+0x10a/0x140 [ 29.220164] [] warn_slowpath_common+0x125/0x140 [ 29.220169] [] ? __bfs+0x2c4/0x5d0 [ 29.220175] [] warn_slowpath_null+0x29/0x30 [ 29.220180] [] __bfs+0x2c4/0x5d0 [ 29.220185] [] ? noop_count+0x40/0x40 [ 29.220191] [] check_usage_backwards+0x171/0x300 [ 29.220197] [] ? check_usage_forwards+0x310/0x310 [ 29.220205] [] ? dump_trace+0x14f/0x350 [ 29.220212] [] ? save_stack_trace+0x26/0x50 [ 29.220218] [] mark_lock+0x8b1/0xfd0 [ 29.220223] [] ? check_usage_forwards+0x310/0x310 [ 29.220229] [] __lock_acquire+0x10f0/0x4b50 [ 29.220236] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.220242] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.220248] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 29.220254] [] lock_acquire+0x15e/0x460 [ 29.220260] [] ? d_walk+0x196/0x6d0 [ 29.220266] [] ? d_invalidate+0x1b0/0x2b0 [ 29.220273] [] _raw_spin_lock_nested+0x3c/0x50 [ 29.220279] [] ? d_walk+0x196/0x6d0 [ 29.220285] [] d_walk+0x196/0x6d0 [ 29.220291] [] ? d_invalidate+0x1b0/0x2b0 [ 29.220296] [] ? d_drop+0x40/0x40 [ 29.220302] [] ? select_collect+0x220/0x220 [ 29.220308] [] d_invalidate+0x1b0/0x2b0 [ 29.220314] [] ? d_genocide+0x30/0x30 [ 29.220322] [] proc_flush_task+0x274/0x4a0 [ 29.220328] [] ? proc_task_readdir+0xbe0/0xbe0 [ 29.220334] [] ? release_task+0x106/0x1240 [ 29.220340] [] release_task+0x13c/0x1240 [ 29.220346] [] ? release_task+0x35/0x1240 [ 29.220352] [] ? __might_fault+0x114/0x1d0 [ 29.220358] [] wait_consider_task+0x14d5/0x3670 [ 29.220363] [] ? do_wait+0x365/0xa20 [ 29.220369] [] ? complete_and_exit+0x40/0x40 [ 29.220375] [] ? do_wait+0x2cf/0xa20 [ 29.220381] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 29.220387] [] do_wait+0x365/0xa20 [ 29.220393] [] ? wait_consider_task+0x3670/0x3670 [ 29.220400] [] ? rw_verify_area+0x100/0x2f0 [ 29.220406] [] SyS_wait4+0x10e/0x1d0 [ 29.220412] [] ? SyS_waitid+0x2e0/0x2e0 [ 29.220418] [] ? kill_orphaned_pgrp+0x390/0x390 [ 29.220423] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 29.220429] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 29.583039] R10: 0000000000000002 R11: fffffbfff0ad7e26 R12: 0000000000000000 [ 29.590286] R13: ffffffff838a8de0 R14: 0000000000000000 R15: 0000000000000000 [ 29.597531] FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:0000000009bae840 [ 29.605740] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 29.611598] CR2: ffff8800fffffff8 CR3: 00000001d1ec4000 CR4: 0000000000160670 [ 29.618845] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.626092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.633335] Stack: [ 29.635456] [ 29.637058] Call Trace: [ 29.639614] [ 29.641647] Code: 00 e9 50 fd ff ff e8 6e df 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 41 54 49 89 d4 <53> 48 89 fb 48 83 ec 08 e8 b1 04 ed ff 48 8d 7b 10 48 b8 00 00 [ 30.326576] Shutting down cpus with NMI [ 30.331043] Dumping ftrace buffer: [ 30.334558] (ftrace buffer empty) [ 30.338237] Kernel Offset: disabled [ 30.341834] Rebooting in 86400 seconds..