[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 14.391509] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.037926] random: sshd: uninitialized urandom read (32 bytes read) [ 19.478665] random: sshd: uninitialized urandom read (32 bytes read) [ 19.983222] random: sshd: uninitialized urandom read (32 bytes read) [ 20.127988] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. [ 25.788495] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 25.886084] IPVS: Creating netns size=2536 id=1 [ 25.898637] ================================================================== [ 25.906014] BUG: KASAN: slab-out-of-bounds in strcpy+0x9e/0xb0 [ 25.911977] Write of size 1 at addr ffff8801da3bd20b by task syz-executor501/3794 [ 25.919637] [ 25.921254] CPU: 0 PID: 3794 Comm: syz-executor501 Not tainted 4.9.122-g54068d6 #78 [ 25.929062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.938410] ffff8801b7aef4c8 ffffffff81eb8829 ffffea000768ee00 ffff8801da3bd20b [ 25.946412] 0000000000000001 ffff8801da3bd20b dffffc0000000000 ffff8801b7aef500 [ 25.954409] ffffffff8156b6be ffff8801da3bd20b 0000000000000001 0000000000000001 [ 25.962390] Call Trace: [ 25.964956] [] dump_stack+0xc1/0x128 [ 25.970347] [] print_address_description+0x6c/0x234 [ 25.977015] [] kasan_report.cold.6+0x242/0x2fe [ 25.983254] [] ? strcpy+0x9e/0xb0 [ 25.988400] [] __asan_report_store1_noabort+0x17/0x20 [ 25.995339] [] strcpy+0x9e/0xb0 [ 26.000290] [] selinux_sb_copy_data+0x207/0x380 [ 26.006798] [] security_sb_copy_data+0x7b/0xb0 [ 26.013030] [] parse_security_options+0x36/0x90 [ 26.019345] [] btrfs_mount+0x2f3/0x2bc0 [ 26.024962] [] ? btrfs_remount+0x1360/0x1360 [ 26.031014] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.037934] [] ? _find_next_bit.part.0+0xe0/0x120 [ 26.044542] [] ? find_next_bit+0x43/0x50 [ 26.050242] [] ? pcpu_alloc+0x483/0xad0 [ 26.055895] [] ? pcpu_create_chunk+0x430/0x430 [ 26.062120] [] ? __raw_spin_lock_init+0x1c/0x100 [ 26.068518] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.075437] [] ? lockdep_init_map+0x105/0x4f0 [ 26.081576] [] ? lockdep_init_map+0x105/0x4f0 [ 26.087763] [] mount_fs+0x28c/0x370 [ 26.093076] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.099487] [] vfs_kern_mount+0x40/0x60 [ 26.105157] [] btrfs_mount+0x40b/0x2bc0 [ 26.110775] [] ? btrfs_remount+0x1360/0x1360 [ 26.116832] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.123745] [] ? _find_next_bit.part.0+0xe0/0x120 [ 26.130231] [] ? find_next_bit+0x43/0x50 [ 26.135986] [] ? pcpu_alloc+0x483/0xad0 [ 26.141599] [] ? pcpu_create_chunk+0x430/0x430 [ 26.147817] [] ? __raw_spin_lock_init+0x1c/0x100 [ 26.154207] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.161151] [] ? lockdep_init_map+0x105/0x4f0 [ 26.167407] [] ? lockdep_init_map+0x105/0x4f0 [ 26.173628] [] mount_fs+0x28c/0x370 [ 26.178888] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.185284] [] ? ns_capable_common+0x12a/0x150 [ 26.191508] [] do_mount+0x3c9/0x2740 [ 26.196852] [] ? copy_mount_string+0x40/0x40 [ 26.202933] [] ? kasan_unpoison_shadow+0x35/0x50 [ 26.209329] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.215033] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.221601] [] ? copy_mount_options+0x5f/0x320 [ 26.227815] [] ? copy_mount_options+0x1e5/0x320 [ 26.234116] [] SyS_mount+0xfe/0x110 [ 26.239378] [] ? copy_mnt_ns+0x8e0/0x8e0 [ 26.245070] [] do_syscall_64+0x1a6/0x490 [ 26.250761] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.257708] [ 26.259322] Allocated by task 3794: [ 26.262944] save_stack_trace+0x16/0x20 [ 26.266907] save_stack+0x43/0xd0 [ 26.270338] kasan_kmalloc+0xc7/0xe0 [ 26.274038] __kmalloc+0x11d/0x300 [ 26.277563] btrfs_mount+0x1c6/0x2bc0 [ 26.281341] mount_fs+0x28c/0x370 [ 26.284774] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.289335] do_mount+0x3c9/0x2740 [ 26.292858] SyS_mount+0xfe/0x110 [ 26.296288] do_syscall_64+0x1a6/0x490 [ 26.300207] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.305295] [ 26.306904] Freed by task 0: [ 26.309899] (stack is not available) [ 26.313589] [ 26.315194] The buggy address belongs to the object at ffff8801da3bc200 [ 26.315194] which belongs to the cache kmalloc-8192 of size 8192 [ 26.328008] The buggy address is located 4107 bytes inside of [ 26.328008] 8192-byte region [ffff8801da3bc200, ffff8801da3be200) [ 26.340038] The buggy address belongs to the page: [ 26.344951] page:ffffea000768ee00 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 26.355146] flags: 0x8000000000004080(slab|head) [ 26.359877] page dumped because: kasan: bad access detected [ 26.365562] [ 26.367164] Memory state around the buggy address: [ 26.372068] ffff8801da3bd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.379408] ffff8801da3bd180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.386749] >ffff8801da3bd200: 00 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.394090] ^ [ 26.397694] ffff8801da3bd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.405080] ffff8801da3bd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.412425] ================================================================== [ 26.419763] Disabling lock debugging due to kernel taint [ 26.425670] Kernel panic - not syncing: panic_on_warn set ... [ 26.425670] [ 26.433043] CPU: 0 PID: 3794 Comm: syz-executor501 Tainted: G B 4.9.122-g54068d6 #78 [ 26.442035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.451417] ffff8801b7aef428 ffffffff81eb8829 ffffffff843c81db 00000000ffffffff [ 26.459473] 0000000000000000 0000000000000000 dffffc0000000000 ffff8801b7aef4e8 [ 26.467534] ffffffff81423f35 0000000041b58ab3 ffffffff843bb838 ffffffff81423d76 [ 26.475655] Call Trace: [ 26.478222] [] dump_stack+0xc1/0x128 [ 26.483569] [] panic+0x1bf/0x3bc [ 26.488606] [] ? add_taint.cold.6+0x16/0x16 [ 26.494562] [] ? ___preempt_schedule+0x16/0x18 [ 26.500776] [] kasan_end_report+0x47/0x4f [ 26.506596] [] kasan_report.cold.6+0x76/0x2fe [ 26.512733] [] ? strcpy+0x9e/0xb0 [ 26.517878] [] __asan_report_store1_noabort+0x17/0x20 [ 26.524707] [] strcpy+0x9e/0xb0 [ 26.529665] [] selinux_sb_copy_data+0x207/0x380 [ 26.536012] [] security_sb_copy_data+0x7b/0xb0 [ 26.542233] [] parse_security_options+0x36/0x90 [ 26.548532] [] btrfs_mount+0x2f3/0x2bc0 [ 26.554137] [] ? btrfs_remount+0x1360/0x1360 [ 26.560175] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.567083] [] ? _find_next_bit.part.0+0xe0/0x120 [ 26.573560] [] ? find_next_bit+0x43/0x50 [ 26.579252] [] ? pcpu_alloc+0x483/0xad0 [ 26.584857] [] ? pcpu_create_chunk+0x430/0x430 [ 26.591071] [] ? __raw_spin_lock_init+0x1c/0x100 [ 26.597466] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.604292] [] ? lockdep_init_map+0x105/0x4f0 [ 26.610425] [] ? lockdep_init_map+0x105/0x4f0 [ 26.616609] [] mount_fs+0x28c/0x370 [ 26.621942] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.628388] [] vfs_kern_mount+0x40/0x60 [ 26.634040] [] btrfs_mount+0x40b/0x2bc0 [ 26.639655] [] ? btrfs_remount+0x1360/0x1360 [ 26.645695] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.652605] [] ? _find_next_bit.part.0+0xe0/0x120 [ 26.659078] [] ? find_next_bit+0x43/0x50 [ 26.664770] [] ? pcpu_alloc+0x483/0xad0 [ 26.670379] [] ? pcpu_create_chunk+0x430/0x430 [ 26.676603] [] ? __raw_spin_lock_init+0x1c/0x100 [ 26.682993] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.689812] [] ? lockdep_init_map+0x105/0x4f0 [ 26.696155] [] ? lockdep_init_map+0x105/0x4f0 [ 26.702279] [] mount_fs+0x28c/0x370 [ 26.707533] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.713919] [] ? ns_capable_common+0x12a/0x150 [ 26.720135] [] do_mount+0x3c9/0x2740 [ 26.725520] [] ? copy_mount_string+0x40/0x40 [ 26.731563] [] ? kasan_unpoison_shadow+0x35/0x50 [ 26.738001] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.743703] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.750303] [] ? copy_mount_options+0x5f/0x320 [ 26.756570] [] ? copy_mount_options+0x1e5/0x320 [ 26.762924] [] SyS_mount+0xfe/0x110 [ 26.768231] [] ? copy_mnt_ns+0x8e0/0x8e0 [ 26.773927] [] do_syscall_64+0x1a6/0x490 [ 26.779655] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.786864] Dumping ftrace buffer: [ 26.790390] (ftrace buffer empty) [ 26.794083] Kernel Offset: disabled [ 26.797694] Rebooting in 86400 seconds..