[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 19.958281] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 24.964153] random: sshd: uninitialized urandom read (32 bytes read)
[ 25.355795] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.117625] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.278085] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts.
[ 31.772852] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 31.865184] ==================================================================
[ 31.872673] BUG: KASAN: slab-out-of-bounds in nla_strlcpy+0x13d/0x150
[ 31.879245] Read of size 1 at addr ffff8801ac96bc9d by task syz-executor545/4491
[ 31.886762]
[ 31.888383] CPU: 1 PID: 4491 Comm: syz-executor545 Not tainted 4.17.0-rc6+ #67
[ 31.895723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.905070] Call Trace:
[ 31.907678] dump_stack+0x1b9/0x294
[ 31.911298] ? dump_stack_print_info.cold.2+0x52/0x52
[ 31.916481] ? printk+0x9e/0xba
[ 31.919745] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 31.924486] ? kasan_check_write+0x14/0x20
[ 31.928714] print_address_description+0x6c/0x20b
[ 31.934375] ? nla_strlcpy+0x13d/0x150
[ 31.938562] kasan_report.cold.7+0x242/0x2fe
[ 31.942957] __asan_report_load1_noabort+0x14/0x20
[ 31.947884] nla_strlcpy+0x13d/0x150
[ 31.951581] nfnl_acct_new+0x574/0xc50
[ 31.955457] ? nfnl_acct_overquota+0x380/0x380
[ 31.960022] ? debug_check_no_locks_freed+0x310/0x310
[ 31.965192] ? graph_lock+0x170/0x170
[ 31.968976] ? retint_kernel+0x10/0x10
[ 31.972845] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 31.977843] ? print_usage_bug+0xc0/0xc0
[ 31.981910] ? find_held_lock+0x36/0x1c0
[ 31.985971] ? graph_lock+0x170/0x170
[ 31.989772] ? lock_downgrade+0x8e0/0x8e0
[ 31.993916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.999479] ? __lock_is_held+0xb5/0x140
[ 32.003526] ? nfnl_acct_overquota+0x380/0x380
[ 32.008100] nfnetlink_rcv_msg+0xdb5/0xff0
[ 32.012335] ? __sanitizer_cov_trace_cmp1+0x17/0x20
[ 32.017331] ? nfnetlink_rcv_msg+0x3bc/0xff0
[ 32.021724] ? nfnetlink_bind+0x3a0/0x3a0
[ 32.025868] ? graph_lock+0x170/0x170
[ 32.029648] ? find_held_lock+0x36/0x1c0
[ 32.033693] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.039213] netlink_rcv_skb+0x172/0x440
[ 32.043349] ? nfnetlink_bind+0x3a0/0x3a0
[ 32.047476] ? netlink_ack+0xbc0/0xbc0
[ 32.051347] ? __netlink_ns_capable+0x100/0x130
[ 32.055998] nfnetlink_rcv+0x1fe/0x1ba0
[ 32.059955] ? kasan_check_read+0x11/0x20
[ 32.064085] ? rcu_is_watching+0x85/0x140
[ 32.068217] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 32.073391] ? nfnl_err_reset+0x2d0/0x2d0
[ 32.077523] ? netlink_remove_tap+0x610/0x610
[ 32.082008] ? refcount_add_not_zero+0x320/0x320
[ 32.086762] ? kasan_check_read+0x11/0x20
[ 32.090893] ? rcu_is_watching+0x85/0x140
[ 32.095023] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 32.100206] ? netlink_skb_destructor+0x210/0x210
[ 32.105036] ? kasan_check_write+0x14/0x20
[ 32.109256] netlink_unicast+0x58b/0x740
[ 32.113303] ? netlink_attachskb+0x970/0x970
[ 32.117700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.123221] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 32.128222] ? security_netlink_send+0x88/0xb0
[ 32.132787] netlink_sendmsg+0x9f0/0xfa0
[ 32.136837] ? netlink_unicast+0x740/0x740
[ 32.141054] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.146573] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.152090] ? security_socket_sendmsg+0x94/0xc0
[ 32.156826] ? netlink_unicast+0x740/0x740
[ 32.161050] sock_sendmsg+0xd5/0x120
[ 32.164745] sock_write_iter+0x35a/0x5a0
[ 32.168788] ? sock_sendmsg+0x120/0x120
[ 32.172744] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 32.178265] ? iov_iter_init+0xc9/0x1f0
[ 32.182308] __vfs_write+0x64d/0x960
[ 32.186006] ? kernel_read+0x120/0x120
[ 32.189887] ? lock_downgrade+0x8e0/0x8e0
[ 32.194018] ? handle_mm_fault+0x8c0/0xc70
[ 32.198234] ? handle_mm_fault+0x55a/0xc70
[ 32.202456] ? rw_verify_area+0x118/0x360
[ 32.206585] vfs_write+0x1f8/0x560
[ 32.210107] ksys_write+0xf9/0x250
[ 32.213639] ? __ia32_sys_read+0xb0/0xb0
[ 32.217682] ? __ia32_sys_fallocate+0xf0/0xf0
[ 32.222164] __x64_sys_write+0x73/0xb0
[ 32.226036] do_syscall_64+0x1b1/0x800
[ 32.230087] ? syscall_return_slowpath+0x5c0/0x5c0
[ 32.235004] ? syscall_return_slowpath+0x30f/0x5c0
[ 32.239920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.245450] ? retint_user+0x18/0x18
[ 32.249151] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.253977] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.259156] RIP: 0033:0x43fcc9
[ 32.262328] RSP: 002b:00007ffe6a18bd68 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[ 32.270019] RAX: ffffffffffffffda RBX: 00000000004a0fb8 RCX: 000000000043fcc9
[ 32.277282] RDX: 000000000000007b RSI: 0000000020000080 RDI: 0000000000000003
[ 32.284540] RBP: 0000000020000080 R08: 00000000004002c8 R09: 00000000004002c8
[ 32.291815] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000200000000002
[ 32.299075] R13: 0000000000401680 R14: 0000000000000000 R15: 0000000000000000
[ 32.306342]
[ 32.307962] Allocated by task 4484:
[ 32.311581] save_stack+0x43/0xd0
[ 32.315017] kasan_kmalloc+0xc4/0xe0
[ 32.318711] kasan_slab_alloc+0x12/0x20
[ 32.322667] kmem_cache_alloc+0x12e/0x760
[ 32.326807] getname_kernel+0x54/0x370
[ 32.330687] open_exec+0x17/0x70
[ 32.334035] load_elf_binary+0x968/0x5610
[ 32.338165] search_binary_handler+0x17d/0x570
[ 32.342729] __do_execve_file.isra.34+0x16fe/0x2610
[ 32.347732] __x64_sys_execve+0x8f/0xc0
[ 32.351689] do_syscall_64+0x1b1/0x800
[ 32.355575] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.360740]
[ 32.362352] Freed by task 4484:
[ 32.365624] save_stack+0x43/0xd0
[ 32.369067] __kasan_slab_free+0x11a/0x170
[ 32.373294] kasan_slab_free+0xe/0x10
[ 32.377088] kmem_cache_free+0x86/0x2d0
[ 32.381044] putname+0xf2/0x130
[ 32.384306] open_exec+0x5e/0x70
[ 32.387666] load_elf_binary+0x968/0x5610
[ 32.391820] search_binary_handler+0x17d/0x570
[ 32.396387] __do_execve_file.isra.34+0x16fe/0x2610
[ 32.401383] __x64_sys_execve+0x8f/0xc0
[ 32.405345] do_syscall_64+0x1b1/0x800
[ 32.409214] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.414384]
[ 32.416013] The buggy address belongs to the object at ffff8801ac96a4c0
[ 32.416013] which belongs to the cache names_cache of size 4096
[ 32.428739] The buggy address is located 2013 bytes to the right of
[ 32.428739] 4096-byte region [ffff8801ac96a4c0, ffff8801ac96b4c0)
[ 32.441289] The buggy address belongs to the page:
[ 32.446208] page:ffffea0006b25a80 count:1 mapcount:0 mapping:ffff8801ac96a4c0 index:0x0 compound_mapcount: 0
[ 32.456158] flags: 0x2fffc0000008100(slab|head)
[ 32.460811] raw: 02fffc0000008100 ffff8801ac96a4c0 0000000000000000 0000000100000001
[ 32.468674] raw: ffffea0006b24ea0 ffffea0006b268a0 ffff8801da988dc0 0000000000000000
[ 32.476529] page dumped because: kasan: bad access detected
[ 32.482219]
[ 32.483822] Memory state around the buggy address:
[ 32.488729] ffff8801ac96bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.496239] ffff8801ac96bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.503587] >ffff8801ac96bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.510923] ^
[ 32.515051] ffff8801ac96bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.522393] ffff8801ac96bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 32.529840] ==================================================================
[ 32.537177] Disabling lock debugging due to kernel taint
[ 32.542675] Kernel panic - not syncing: panic_on_warn set ...
[ 32.542675]
[ 32.550030] CPU: 1 PID: 4491 Comm: syz-executor545 Tainted: G B 4.17.0-rc6+ #67
[ 32.558765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.568098] Call Trace:
[ 32.570759] dump_stack+0x1b9/0x294
[ 32.574402] ? dump_stack_print_info.cold.2+0x52/0x52
[ 32.579611] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 32.584369] ? nla_strlcpy+0xc0/0x150
[ 32.588153] panic+0x22f/0x4de
[ 32.591420] ? add_taint.cold.5+0x16/0x16
[ 32.595566] ? do_raw_spin_unlock+0x9e/0x2e0
[ 32.599952] ? do_raw_spin_unlock+0x9e/0x2e0
[ 32.604433] ? nla_strlcpy+0x13d/0x150
[ 32.608301] kasan_end_report+0x47/0x4f
[ 32.612252] kasan_report.cold.7+0x76/0x2fe
[ 32.616726] __asan_report_load1_noabort+0x14/0x20
[ 32.621632] nla_strlcpy+0x13d/0x150
[ 32.625324] nfnl_acct_new+0x574/0xc50
[ 32.629190] ? nfnl_acct_overquota+0x380/0x380
[ 32.633749] ? debug_check_no_locks_freed+0x310/0x310
[ 32.638916] ? graph_lock+0x170/0x170
[ 32.642694] ? retint_kernel+0x10/0x10
[ 32.646558] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 32.651552] ? print_usage_bug+0xc0/0xc0
[ 32.655591] ? find_held_lock+0x36/0x1c0
[ 32.659630] ? graph_lock+0x170/0x170
[ 32.663424] ? lock_downgrade+0x8e0/0x8e0
[ 32.667555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.673346] ? __lock_is_held+0xb5/0x140
[ 32.677537] ? nfnl_acct_overquota+0x380/0x380
[ 32.682196] nfnetlink_rcv_msg+0xdb5/0xff0
[ 32.686434] ? __sanitizer_cov_trace_cmp1+0x17/0x20
[ 32.691437] ? nfnetlink_rcv_msg+0x3bc/0xff0
[ 32.695829] ? nfnetlink_bind+0x3a0/0x3a0
[ 32.699968] ? graph_lock+0x170/0x170
[ 32.703792] ? find_held_lock+0x36/0x1c0
[ 32.707836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.713357] netlink_rcv_skb+0x172/0x440
[ 32.717400] ? nfnetlink_bind+0x3a0/0x3a0
[ 32.721537] ? netlink_ack+0xbc0/0xbc0
[ 32.725407] ? __netlink_ns_capable+0x100/0x130
[ 32.730065] nfnetlink_rcv+0x1fe/0x1ba0
[ 32.734020] ? kasan_check_read+0x11/0x20
[ 32.738146] ? rcu_is_watching+0x85/0x140
[ 32.742281] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 32.747452] ? nfnl_err_reset+0x2d0/0x2d0
[ 32.751586] ? netlink_remove_tap+0x610/0x610
[ 32.756068] ? refcount_add_not_zero+0x320/0x320
[ 32.760822] ? kasan_check_read+0x11/0x20
[ 32.764965] ? rcu_is_watching+0x85/0x140
[ 32.769092] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 32.774263] ? netlink_skb_destructor+0x210/0x210
[ 32.779086] ? kasan_check_write+0x14/0x20
[ 32.783307] netlink_unicast+0x58b/0x740
[ 32.787348] ? netlink_attachskb+0x970/0x970
[ 32.791746] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.797263] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 32.802258] ? security_netlink_send+0x88/0xb0
[ 32.806833] netlink_sendmsg+0x9f0/0xfa0
[ 32.810874] ? netlink_unicast+0x740/0x740
[ 32.815091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.820609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.826130] ? security_socket_sendmsg+0x94/0xc0
[ 32.830864] ? netlink_unicast+0x740/0x740
[ 32.835078] sock_sendmsg+0xd5/0x120
[ 32.838769] sock_write_iter+0x35a/0x5a0
[ 32.842817] ? sock_sendmsg+0x120/0x120
[ 32.846772] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 32.852285] ? iov_iter_init+0xc9/0x1f0
[ 32.856244] __vfs_write+0x64d/0x960
[ 32.859960] ? kernel_read+0x120/0x120
[ 32.863826] ? lock_downgrade+0x8e0/0x8e0
[ 32.867952] ? handle_mm_fault+0x8c0/0xc70
[ 32.872167] ? handle_mm_fault+0x55a/0xc70
[ 32.876386] ? rw_verify_area+0x118/0x360
[ 32.880535] vfs_write+0x1f8/0x560
[ 32.884054] ksys_write+0xf9/0x250
[ 32.887575] ? __ia32_sys_read+0xb0/0xb0
[ 32.891620] ? __ia32_sys_fallocate+0xf0/0xf0
[ 32.896204] __x64_sys_write+0x73/0xb0
[ 32.900164] do_syscall_64+0x1b1/0x800
[ 32.904036] ? syscall_return_slowpath+0x5c0/0x5c0
[ 32.908948] ? syscall_return_slowpath+0x30f/0x5c0
[ 32.913861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.919380] ? retint_user+0x18/0x18
[ 32.923088] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.927938] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.933129] RIP: 0033:0x43fcc9
[ 32.936300] RSP: 002b:00007ffe6a18bd68 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[ 32.944159] RAX: ffffffffffffffda RBX: 00000000004a0fb8 RCX: 000000000043fcc9
[ 32.951408] RDX: 000000000000007b RSI: 0000000020000080 RDI: 0000000000000003
[ 32.958660] RBP: 0000000020000080 R08: 00000000004002c8 R09: 00000000004002c8
[ 32.965910] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000200000000002
[ 32.973157] R13: 0000000000401680 R14: 0000000000000000 R15: 0000000000000000
[ 32.980798] Dumping ftrace buffer:
[ 32.984320] (ftrace buffer empty)
[ 32.988008] Kernel Offset: disabled
[ 32.991615] Rebooting in 86400 seconds..