[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 19.309299] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 20.686180] random: sshd: uninitialized urandom read (32 bytes read)
[ 20.939416] random: sshd: uninitialized urandom read (32 bytes read)
[ 21.808525] random: sshd: uninitialized urandom read (32 bytes read)
[ 47.102253] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts.
[ 52.547796] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[ 52.642168] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[ 52.672307] ==================================================================
[ 52.679775] BUG: KASAN: slab-out-of-bounds in pdu_read+0x90/0xd0
[ 52.685911] Read of size 17044 at addr ffff8801c2d705ed by task syz-executor999/4571
[ 52.693786]
[ 52.695421] CPU: 1 PID: 4571 Comm: syz-executor999 Not tainted 4.18.0-rc3+ #137
[ 52.702844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.712184] Call Trace:
[ 52.714766] dump_stack+0x1c9/0x2b4
[ 52.718374] ? dump_stack_print_info.cold.2+0x52/0x52
[ 52.723543] ? printk+0xa7/0xcf
[ 52.726811] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 52.731549] ? pdu_read+0x90/0xd0
[ 52.734987] print_address_description+0x6c/0x20b
[ 52.739812] ? pdu_read+0x90/0xd0
[ 52.743245] kasan_report.cold.7+0x242/0x2fe
[ 52.747650] check_memory_region+0x13e/0x1b0
[ 52.752043] memcpy+0x23/0x50
[ 52.755131] pdu_read+0x90/0xd0
[ 52.758396] p9pdu_readf+0x579/0x2170
[ 52.762183] ? p9pdu_writef+0xe0/0xe0
[ 52.765968] ? __fget+0x414/0x670
[ 52.769423] ? rcu_is_watching+0x61/0x150
[ 52.773556] ? expand_files.part.8+0x9c0/0x9c0
[ 52.778126] ? rcu_read_lock_sched_held+0x108/0x120
[ 52.783138] ? p9_fd_show_options+0x1c0/0x1c0
[ 52.787620] p9_client_create+0xde0/0x16c9
[ 52.791855] ? p9_client_read+0xc60/0xc60
[ 52.795996] ? find_held_lock+0x36/0x1c0
[ 52.800048] ? __lockdep_init_map+0x105/0x590
[ 52.804529] ? kasan_check_write+0x14/0x20
[ 52.808747] ? __init_rwsem+0x1cc/0x2a0
[ 52.812712] ? do_raw_write_unlock.cold.8+0x49/0x49
[ 52.817715] ? rcu_read_lock_sched_held+0x108/0x120
[ 52.822720] ? __kmalloc_track_caller+0x5f5/0x760
[ 52.827554] ? save_stack+0xa9/0xd0
[ 52.831168] ? save_stack+0x43/0xd0
[ 52.834783] ? kasan_kmalloc+0xc4/0xe0
[ 52.838662] ? kmem_cache_alloc_trace+0x152/0x780
[ 52.843760] ? memcpy+0x45/0x50
[ 52.847027] v9fs_session_init+0x21a/0x1a80
[ 52.851332] ? find_held_lock+0x36/0x1c0
[ 52.855381] ? v9fs_show_options+0x7e0/0x7e0
[ 52.859786] ? kasan_check_read+0x11/0x20
[ 52.863920] ? rcu_is_watching+0x8c/0x150
[ 52.868052] ? rcu_pm_notify+0xc0/0xc0
[ 52.871938] ? v9fs_mount+0x61/0x900
[ 52.875648] ? rcu_read_lock_sched_held+0x108/0x120
[ 52.880665] ? kmem_cache_alloc_trace+0x616/0x780
[ 52.885496] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 52.891023] v9fs_mount+0x7c/0x900
[ 52.894556] mount_fs+0xae/0x328
[ 52.897916] vfs_kern_mount.part.34+0xdc/0x4e0
[ 52.902478] ? may_umount+0xb0/0xb0
[ 52.906091] ? _raw_read_unlock+0x22/0x30
[ 52.910225] ? __get_fs_type+0x97/0xc0
[ 52.914104] do_mount+0x581/0x30e0
[ 52.917735] ? copy_mount_string+0x40/0x40
[ 52.921953] ? copy_mount_options+0x5f/0x380
[ 52.926345] ? rcu_read_lock_sched_held+0x108/0x120
[ 52.931345] ? kmem_cache_alloc_trace+0x616/0x780
[ 52.936175] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 52.941694] ? _copy_from_user+0xdf/0x150
[ 52.945828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 52.951347] ? copy_mount_options+0x285/0x380
[ 52.955832] ksys_mount+0x12d/0x140
[ 52.959444] __x64_sys_mount+0xbe/0x150
[ 52.963418] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 52.968422] do_syscall_64+0x1b9/0x820
[ 52.972303] ? syscall_return_slowpath+0x5e0/0x5e0
[ 52.977225] ? syscall_return_slowpath+0x31d/0x5e0
[ 52.982151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 52.987759] ? retint_user+0x18/0x18
[ 52.991808] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 52.996636] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 53.001805] RIP: 0033:0x440979
[ 53.004973] Code: e8 8c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 53.024262] RSP: 002b:00007ffd4d3788b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 53.031955] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440979
[ 53.039219] RDX: 0000000020000100 RSI: 00000000200000c0 RDI: 0000000000000000
[ 53.046472] RBP: 0000000000000000 R08: 0000000020000180 R09: 00000000004002c8
[ 53.053724] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000cdb9
[ 53.060990] R13: 0000000000401ed0 R14: 0000000000000000 R15: 0000000000000000
[ 53.068249]
[ 53.069865] Allocated by task 4571:
[ 53.073474] save_stack+0x43/0xd0
[ 53.077957] kasan_kmalloc+0xc4/0xe0
[ 53.081649] __kmalloc+0x14e/0x760
[ 53.085180] p9_fcall_alloc+0x1e/0x90
[ 53.088960] p9_client_prepare_req.part.8+0x754/0xcd0
[ 53.094131] p9_client_rpc+0x1bd/0x1400
[ 53.098093] p9_client_create+0xd09/0x16c9
[ 53.102530] v9fs_session_init+0x21a/0x1a80
[ 53.106836] v9fs_mount+0x7c/0x900
[ 53.110374] mount_fs+0xae/0x328
[ 53.113735] vfs_kern_mount.part.34+0xdc/0x4e0
[ 53.118301] do_mount+0x581/0x30e0
[ 53.121824] ksys_mount+0x12d/0x140
[ 53.126181] __x64_sys_mount+0xbe/0x150
[ 53.130388] do_syscall_64+0x1b9/0x820
[ 53.134296] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 53.139466]
[ 53.141077] Freed by task 0:
[ 53.144071] (stack is not available)
[ 53.147762]
[ 53.149369] The buggy address belongs to the object at ffff8801c2d705c0
[ 53.149369] which belongs to the cache kmalloc-16384 of size 16384
[ 53.162356] The buggy address is located 45 bytes inside of
[ 53.162356] 16384-byte region [ffff8801c2d705c0, ffff8801c2d745c0)
[ 53.174300] The buggy address belongs to the page:
[ 53.179213] page:ffffea00070b5c00 count:1 mapcount:0 mapping:ffff8801da802200 index:0x0 compound_mapcount: 0
[ 53.189175] flags: 0x2fffc0000008100(slab|head)
[ 53.193826] raw: 02fffc0000008100 ffffea0006b29608 ffff8801da801c48 ffff8801da802200
[ 53.201690] raw: 0000000000000000 ffff8801c2d705c0 0000000100000001 0000000000000000
[ 53.209554] page dumped because: kasan: bad access detected
[ 53.215247]
[ 53.216850] Memory state around the buggy address:
[ 53.221771] ffff8801c2d72480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.229489] ffff8801c2d72500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.236830] >ffff8801c2d72580: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 53.244167] ^
[ 53.250639] ffff8801c2d72600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.257993] ffff8801c2d72680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.265329] ==================================================================
[ 53.272664] Disabling lock debugging due to kernel taint
[ 53.278199] Kernel panic - not syncing: panic_on_warn set ...
[ 53.278199]
[ 53.285555] CPU: 1 PID: 4571 Comm: syz-executor999 Tainted: G B 4.18.0-rc3+ #137
[ 53.294370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 53.303702] Call Trace:
[ 53.306277] dump_stack+0x1c9/0x2b4
[ 53.309884] ? dump_stack_print_info.cold.2+0x52/0x52
[ 53.315055] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 53.319792] panic+0x238/0x4e7
[ 53.322965] ? add_taint.cold.5+0x16/0x16
[ 53.327093] ? do_raw_spin_unlock+0xa7/0x2f0
[ 53.331482] ? pdu_read+0x90/0xd0
[ 53.334923] kasan_end_report+0x47/0x4f
[ 53.338886] kasan_report.cold.7+0x76/0x2fe
[ 53.343186] check_memory_region+0x13e/0x1b0
[ 53.348963] memcpy+0x23/0x50
[ 53.352056] pdu_read+0x90/0xd0
[ 53.355319] p9pdu_readf+0x579/0x2170
[ 53.359097] ? p9pdu_writef+0xe0/0xe0
[ 53.362964] ? __fget+0x414/0x670
[ 53.366396] ? rcu_is_watching+0x61/0x150
[ 53.370523] ? expand_files.part.8+0x9c0/0x9c0
[ 53.375099] ? rcu_read_lock_sched_held+0x108/0x120
[ 53.380099] ? p9_fd_show_options+0x1c0/0x1c0
[ 53.384577] p9_client_create+0xde0/0x16c9
[ 53.388802] ? p9_client_read+0xc60/0xc60
[ 53.392929] ? find_held_lock+0x36/0x1c0
[ 53.396971] ? __lockdep_init_map+0x105/0x590
[ 53.401536] ? kasan_check_write+0x14/0x20
[ 53.405846] ? __init_rwsem+0x1cc/0x2a0
[ 53.409900] ? do_raw_write_unlock.cold.8+0x49/0x49
[ 53.414918] ? rcu_read_lock_sched_held+0x108/0x120
[ 53.419929] ? __kmalloc_track_caller+0x5f5/0x760
[ 53.424759] ? save_stack+0xa9/0xd0
[ 53.428365] ? save_stack+0x43/0xd0
[ 53.431977] ? kasan_kmalloc+0xc4/0xe0
[ 53.435845] ? kmem_cache_alloc_trace+0x152/0x780
[ 53.440668] ? memcpy+0x45/0x50
[ 53.443930] v9fs_session_init+0x21a/0x1a80
[ 53.448234] ? find_held_lock+0x36/0x1c0
[ 53.452275] ? v9fs_show_options+0x7e0/0x7e0
[ 53.456665] ? kasan_check_read+0x11/0x20
[ 53.460789] ? rcu_is_watching+0x8c/0x150
[ 53.464919] ? rcu_pm_notify+0xc0/0xc0
[ 53.468798] ? v9fs_mount+0x61/0x900
[ 53.472503] ? rcu_read_lock_sched_held+0x108/0x120
[ 53.477506] ? kmem_cache_alloc_trace+0x616/0x780
[ 53.482331] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 53.487869] v9fs_mount+0x7c/0x900
[ 53.491391] mount_fs+0xae/0x328
[ 53.494741] vfs_kern_mount.part.34+0xdc/0x4e0
[ 53.499312] ? may_umount+0xb0/0xb0
[ 53.502920] ? _raw_read_unlock+0x22/0x30
[ 53.507046] ? __get_fs_type+0x97/0xc0
[ 53.510912] do_mount+0x581/0x30e0
[ 53.514440] ? copy_mount_string+0x40/0x40
[ 53.518662] ? copy_mount_options+0x5f/0x380
[ 53.523068] ? rcu_read_lock_sched_held+0x108/0x120
[ 53.528064] ? kmem_cache_alloc_trace+0x616/0x780
[ 53.532889] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 53.538410] ? _copy_from_user+0xdf/0x150
[ 53.542541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 53.548068] ? copy_mount_options+0x285/0x380
[ 53.552541] ksys_mount+0x12d/0x140
[ 53.556145] __x64_sys_mount+0xbe/0x150
[ 53.560106] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 53.565110] do_syscall_64+0x1b9/0x820
[ 53.568996] ? syscall_return_slowpath+0x5e0/0x5e0
[ 53.573909] ? syscall_return_slowpath+0x31d/0x5e0
[ 53.578828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 53.584345] ? retint_user+0x18/0x18
[ 53.588039] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 53.592864] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 53.598031] RIP: 0033:0x440979
[ 53.601220] Code: e8 8c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 53.620397] RSP: 002b:00007ffd4d3788b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 53.628083] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440979
[ 53.635332] RDX: 0000000020000100 RSI: 00000000200000c0 RDI: 0000000000000000
[ 53.642578] RBP: 0000000000000000 R08: 0000000020000180 R09: 00000000004002c8
[ 53.649831] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000cdb9
[ 53.657091] R13: 0000000000401ed0 R14: 0000000000000000 R15: 0000000000000000
[ 53.664776] Dumping ftrace buffer:
[ 53.668292] (ftrace buffer empty)
[ 53.671989] Kernel Offset: disabled
[ 53.675596] Rebooting in 86400 seconds..