[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 18.912854] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 23.053711] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.437450] random: sshd: uninitialized urandom read (32 bytes read)
[ 24.195318] random: sshd: uninitialized urandom read (32 bytes read)
[ 29.355160] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts.
[ 34.787236] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 34.873753] ==================================================================
[ 34.881176] BUG: KASAN: slab-out-of-bounds in nla_strlcpy+0x13d/0x150
[ 34.887732] Read of size 1 at addr ffff8801acb8451d by task syz-executor834/4496
[ 34.895238]
[ 34.896846] CPU: 0 PID: 4496 Comm: syz-executor834 Not tainted 4.17.0-rc6+ #62
[ 34.904181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.913511] Call Trace:
[ 34.916077] dump_stack+0x1b9/0x294
[ 34.919689] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.924858] ? printk+0x9e/0xba
[ 34.928123] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 34.933903] ? kasan_check_write+0x14/0x20
[ 34.938118] print_address_description+0x6c/0x20b
[ 34.942939] ? nla_strlcpy+0x13d/0x150
[ 34.946808] kasan_report.cold.7+0x242/0x2fe
[ 34.951199] __asan_report_load1_noabort+0x14/0x20
[ 34.956113] nla_strlcpy+0x13d/0x150
[ 34.959807] nfnl_acct_new+0x574/0xc50
[ 34.963675] ? nfnl_acct_overquota+0x380/0x380
[ 34.968240] ? debug_check_no_locks_freed+0x310/0x310
[ 34.973411] ? graph_lock+0x170/0x170
[ 34.977189] ? print_usage_bug+0xc0/0xc0
[ 34.981234] ? print_usage_bug+0xc0/0xc0
[ 34.985310] ? find_held_lock+0x36/0x1c0
[ 34.989362] ? graph_lock+0x170/0x170
[ 34.993143] ? lock_downgrade+0x8e0/0x8e0
[ 34.997273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.002791] ? __lock_is_held+0xb5/0x140
[ 35.006834] ? nfnl_acct_overquota+0x380/0x380
[ 35.011396] nfnetlink_rcv_msg+0xdb5/0xff0
[ 35.015618] ? __sanitizer_cov_trace_cmp1+0x17/0x20
[ 35.020612] ? nfnetlink_rcv_msg+0x3bc/0xff0
[ 35.025011] ? nfnetlink_bind+0x3a0/0x3a0
[ 35.029146] ? graph_lock+0x170/0x170
[ 35.032924] ? find_held_lock+0x36/0x1c0
[ 35.036967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.042494] netlink_rcv_skb+0x172/0x440
[ 35.046535] ? nfnetlink_bind+0x3a0/0x3a0
[ 35.050661] ? netlink_ack+0xbc0/0xbc0
[ 35.054530] ? __netlink_ns_capable+0x100/0x130
[ 35.059177] nfnetlink_rcv+0x1fe/0x1ba0
[ 35.063133] ? kasan_check_read+0x11/0x20
[ 35.067261] ? rcu_is_watching+0x85/0x140
[ 35.071393] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 35.076565] ? nfnl_err_reset+0x2d0/0x2d0
[ 35.080700] ? netlink_remove_tap+0x610/0x610
[ 35.085177] ? refcount_add_not_zero+0x320/0x320
[ 35.089915] ? kasan_check_read+0x11/0x20
[ 35.094044] ? rcu_is_watching+0x85/0x140
[ 35.098175] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 35.103343] ? netlink_skb_destructor+0x210/0x210
[ 35.108168] ? kasan_check_write+0x14/0x20
[ 35.112382] netlink_unicast+0x58b/0x740
[ 35.116426] ? netlink_attachskb+0x970/0x970
[ 35.120816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.126335] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 35.131333] ? security_netlink_send+0x88/0xb0
[ 35.135902] netlink_sendmsg+0x9f0/0xfa0
[ 35.139947] ? netlink_unicast+0x740/0x740
[ 35.144169] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.149689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.155212] ? security_socket_sendmsg+0x94/0xc0
[ 35.159945] ? netlink_unicast+0x740/0x740
[ 35.164169] sock_sendmsg+0xd5/0x120
[ 35.167862] sock_write_iter+0x35a/0x5a0
[ 35.171904] ? sock_sendmsg+0x120/0x120
[ 35.175862] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 35.181379] ? iov_iter_init+0xc9/0x1f0
[ 35.185343] __vfs_write+0x64d/0x960
[ 35.189045] ? kernel_read+0x120/0x120
[ 35.192919] ? lock_downgrade+0x8e0/0x8e0
[ 35.197048] ? handle_mm_fault+0x8c0/0xc70
[ 35.201266] ? handle_mm_fault+0x55a/0xc70
[ 35.205483] ? rw_verify_area+0x118/0x360
[ 35.209611] vfs_write+0x1f8/0x560
[ 35.213131] ksys_write+0xf9/0x250
[ 35.216650] ? __ia32_sys_read+0xb0/0xb0
[ 35.220689] ? __ia32_sys_fallocate+0xf0/0xf0
[ 35.225166] __x64_sys_write+0x73/0xb0
[ 35.229041] do_syscall_64+0x1b1/0x800
[ 35.232908] ? syscall_return_slowpath+0x5c0/0x5c0
[ 35.237816] ? syscall_return_slowpath+0x30f/0x5c0
[ 35.242725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.248242] ? retint_user+0x18/0x18
[ 35.251948] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.256773] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.261941] RIP: 0033:0x43fcf9
[ 35.265108] RSP: 002b:00007fff83e9ee78 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[ 35.272795] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fcf9
[ 35.280052] RDX: 000000000000001f RSI: 0000000020000040 RDI: 0000000000000003
[ 35.287308] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 35.294561] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401620
[ 35.301809] R13: 00000000004016b0 R14: 0000000000000000 R15: 0000000000000000
[ 35.309063]
[ 35.310667] Allocated by task 2836:
[ 35.314279] save_stack+0x43/0xd0
[ 35.317718] kasan_kmalloc+0xc4/0xe0
[ 35.321408] kasan_slab_alloc+0x12/0x20
[ 35.325358] kmem_cache_alloc+0x12e/0x760
[ 35.329481] getname_flags+0xd0/0x5a0
[ 35.333256] getname+0x19/0x20
[ 35.336425] do_sys_open+0x39a/0x740
[ 35.340114] __x64_sys_open+0x7e/0xc0
[ 35.343892] do_syscall_64+0x1b1/0x800
[ 35.347757] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.353229]
[ 35.354836] Freed by task 2836:
[ 35.358094] save_stack+0x43/0xd0
[ 35.361531] __kasan_slab_free+0x11a/0x170
[ 35.365748] kasan_slab_free+0xe/0x10
[ 35.369534] kmem_cache_free+0x86/0x2d0
[ 35.373486] putname+0xf2/0x130
[ 35.376746] do_sys_open+0x554/0x740
[ 35.380435] __x64_sys_open+0x7e/0xc0
[ 35.384218] do_syscall_64+0x1b1/0x800
[ 35.388086] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.393252]
[ 35.394860] The buggy address belongs to the object at ffff8801acb849c0
[ 35.394860] which belongs to the cache names_cache of size 4096
[ 35.407595] The buggy address is located 1187 bytes to the left of
[ 35.407595] 4096-byte region [ffff8801acb849c0, ffff8801acb859c0)
[ 35.420056] The buggy address belongs to the page:
[ 35.424965] page:ffffea0006b2e100 count:1 mapcount:0 mapping:ffff8801acb849c0 index:0x0 compound_mapcount: 0
[ 35.434915] flags: 0x2fffc0000008100(slab|head)
[ 35.439569] raw: 02fffc0000008100 ffff8801acb849c0 0000000000000000 0000000100000001
[ 35.447433] raw: ffffea0006b2f2a0 ffffea0006b2e6a0 ffff8801da988dc0 0000000000000000
[ 35.455302] page dumped because: kasan: bad access detected
[ 35.461002]
[ 35.462624] Memory state around the buggy address:
[ 35.467534] ffff8801acb84400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 35.474871] ffff8801acb84480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 35.482208] >ffff8801acb84500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 35.489541] ^
[ 35.493665] ffff8801acb84580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 35.500999] ffff8801acb84600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 35.508330] ==================================================================
[ 35.515685] Disabling lock debugging due to kernel taint
[ 35.521191] Kernel panic - not syncing: panic_on_warn set ...
[ 35.521191]
[ 35.528538] CPU: 0 PID: 4496 Comm: syz-executor834 Tainted: G B 4.17.0-rc6+ #62
[ 35.537259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.546587] Call Trace:
[ 35.549155] dump_stack+0x1b9/0x294
[ 35.552760] ? dump_stack_print_info.cold.2+0x52/0x52
[ 35.557934] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 35.562669] ? nla_strlcpy+0x110/0x150
[ 35.566532] panic+0x22f/0x4de
[ 35.569700] ? add_taint.cold.5+0x16/0x16
[ 35.573825] ? do_raw_spin_unlock+0x9e/0x2e0
[ 35.578210] ? do_raw_spin_unlock+0x9e/0x2e0
[ 35.582594] ? nla_strlcpy+0x13d/0x150
[ 35.586461] kasan_end_report+0x47/0x4f
[ 35.590413] kasan_report.cold.7+0x76/0x2fe
[ 35.594714] __asan_report_load1_noabort+0x14/0x20
[ 35.599621] nla_strlcpy+0x13d/0x150
[ 35.603313] nfnl_acct_new+0x574/0xc50
[ 35.607176] ? nfnl_acct_overquota+0x380/0x380
[ 35.611735] ? debug_check_no_locks_freed+0x310/0x310
[ 35.616899] ? graph_lock+0x170/0x170
[ 35.620678] ? print_usage_bug+0xc0/0xc0
[ 35.624716] ? print_usage_bug+0xc0/0xc0
[ 35.628759] ? find_held_lock+0x36/0x1c0
[ 35.632797] ? graph_lock+0x170/0x170
[ 35.636576] ? lock_downgrade+0x8e0/0x8e0
[ 35.640708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.646226] ? __lock_is_held+0xb5/0x140
[ 35.650266] ? nfnl_acct_overquota+0x380/0x380
[ 35.654822] nfnetlink_rcv_msg+0xdb5/0xff0
[ 35.659035] ? __sanitizer_cov_trace_cmp1+0x17/0x20
[ 35.664030] ? nfnetlink_rcv_msg+0x3bc/0xff0
[ 35.668420] ? nfnetlink_bind+0x3a0/0x3a0
[ 35.672545] ? graph_lock+0x170/0x170
[ 35.676322] ? find_held_lock+0x36/0x1c0
[ 35.680359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.685871] netlink_rcv_skb+0x172/0x440
[ 35.689908] ? nfnetlink_bind+0x3a0/0x3a0
[ 35.694034] ? netlink_ack+0xbc0/0xbc0
[ 35.697899] ? __netlink_ns_capable+0x100/0x130
[ 35.702543] nfnetlink_rcv+0x1fe/0x1ba0
[ 35.706496] ? kasan_check_read+0x11/0x20
[ 35.710620] ? rcu_is_watching+0x85/0x140
[ 35.714751] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 35.719923] ? nfnl_err_reset+0x2d0/0x2d0
[ 35.724048] ? netlink_remove_tap+0x610/0x610
[ 35.728522] ? refcount_add_not_zero+0x320/0x320
[ 35.733256] ? kasan_check_read+0x11/0x20
[ 35.737380] ? rcu_is_watching+0x85/0x140
[ 35.741506] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 35.746671] ? netlink_skb_destructor+0x210/0x210
[ 35.751493] ? kasan_check_write+0x14/0x20
[ 35.755707] netlink_unicast+0x58b/0x740
[ 35.759750] ? netlink_attachskb+0x970/0x970
[ 35.764136] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.769649] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 35.774641] ? security_netlink_send+0x88/0xb0
[ 35.779199] netlink_sendmsg+0x9f0/0xfa0
[ 35.783237] ? netlink_unicast+0x740/0x740
[ 35.787447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.792961] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.798472] ? security_socket_sendmsg+0x94/0xc0
[ 35.803203] ? netlink_unicast+0x740/0x740
[ 35.807416] sock_sendmsg+0xd5/0x120
[ 35.811106] sock_write_iter+0x35a/0x5a0
[ 35.815144] ? sock_sendmsg+0x120/0x120
[ 35.819097] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 35.824608] ? iov_iter_init+0xc9/0x1f0
[ 35.828561] __vfs_write+0x64d/0x960
[ 35.832253] ? kernel_read+0x120/0x120
[ 35.836117] ? lock_downgrade+0x8e0/0x8e0
[ 35.840240] ? handle_mm_fault+0x8c0/0xc70
[ 35.844451] ? handle_mm_fault+0x55a/0xc70
[ 35.848662] ? rw_verify_area+0x118/0x360
[ 35.852785] vfs_write+0x1f8/0x560
[ 35.856303] ksys_write+0xf9/0x250
[ 35.859821] ? __ia32_sys_read+0xb0/0xb0
[ 35.863858] ? __ia32_sys_fallocate+0xf0/0xf0
[ 35.868326] __x64_sys_write+0x73/0xb0
[ 35.872191] do_syscall_64+0x1b1/0x800
[ 35.876056] ? syscall_return_slowpath+0x5c0/0x5c0
[ 35.880962] ? syscall_return_slowpath+0x30f/0x5c0
[ 35.885870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.891384] ? retint_user+0x18/0x18
[ 35.895076] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.899984] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.905146] RIP: 0033:0x43fcf9
[ 35.908312] RSP: 002b:00007fff83e9ee78 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[ 35.915996] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fcf9
[ 35.923241] RDX: 000000000000001f RSI: 0000000020000040 RDI: 0000000000000003
[ 35.930489] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 35.937738] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401620
[ 35.944983] R13: 00000000004016b0 R14: 0000000000000000 R15: 0000000000000000
[ 35.952603] Dumping ftrace buffer:
[ 35.956114] (ftrace buffer empty)
[ 35.959797] Kernel Offset: disabled
[ 35.963409] Rebooting in 86400 seconds..