Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts.
[ 43.188041] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
[ 43.302187] audit: type=1400 audit(1567925269.469:36): avc: denied { map } for pid=6976 comm="syz-executor307" path="/root/syz-executor307587025" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 43.331609] ==================================================================
[ 43.339089] BUG: KASAN: slab-out-of-bounds in pdu_read+0x90/0xd0
[ 43.345252] Read of size 52719 at addr ffff888097ff856d by task syz-executor307/6978
[ 43.353128]
[ 43.354744] CPU: 0 PID: 6978 Comm: syz-executor307 Not tainted 4.14.142 #0
[ 43.361735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.371113] Call Trace:
[ 43.373698] dump_stack+0x138/0x197
[ 43.377341] ? pdu_read+0x90/0xd0
[ 43.380780] print_address_description.cold+0x7c/0x1dc
[ 43.386048] ? pdu_read+0x90/0xd0
[ 43.389486] kasan_report.cold+0xa9/0x2af
[ 43.393635] check_memory_region+0x123/0x190
[ 43.398044] memcpy+0x24/0x50
[ 43.401134] pdu_read+0x90/0xd0
[ 43.404396] p9pdu_readf+0x379/0x1780
[ 43.408186] ? p9_conn_create+0x4c0/0x4c0
[ 43.412316] ? pipe_poll+0x261/0x2d0
[ 43.416099] ? p9pdu_writef+0xd0/0xd0
[ 43.419885] ? p9_fd_create+0x245/0x340
[ 43.423842] ? parse_opts.part.0+0x2e0/0x2e0
[ 43.428242] p9_client_create+0xa1f/0x1120
[ 43.432615] ? p9_client_zc_rpc.constprop.0+0x1120/0x1120
[ 43.438161] ? __kmalloc_track_caller+0x372/0x790
[ 43.442996] ? __lockdep_init_map+0x10c/0x570
[ 43.447490] ? lockdep_init_map+0x9/0x10
[ 43.451541] ? __raw_spin_lock_init+0x2d/0x100
[ 43.456119] v9fs_session_init+0x1dc/0x1620
[ 43.460434] ? check_preemption_disabled+0x3c/0x250
[ 43.465444] ? v9fs_show_options+0x730/0x730
[ 43.469846] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 43.475283] ? v9fs_mount+0x5e/0x870
[ 43.478981] ? rcu_read_lock_sched_held+0x110/0x130
[ 43.483989] ? kmem_cache_alloc_trace+0x623/0x790
[ 43.488900] ? free_pages+0x46/0x50
[ 43.492516] v9fs_mount+0x7d/0x870
[ 43.496081] mount_fs+0x97/0x2a1
[ 43.499516] vfs_kern_mount.part.0+0x5e/0x3d0
[ 43.504096] do_mount+0x417/0x27d0
[ 43.507622] ? copy_mount_options+0x5c/0x2f0
[ 43.512018] ? rcu_read_lock_sched_held+0x110/0x130
[ 43.517052] ? copy_mount_string+0x40/0x40
[ 43.521275] ? copy_mount_options+0x1fe/0x2f0
[ 43.525773] SyS_mount+0xab/0x120
[ 43.529214] ? copy_mnt_ns+0x8c0/0x8c0
[ 43.533185] do_syscall_64+0x1e8/0x640
[ 43.537055] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 43.541885] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 43.547071] RIP: 0033:0x444f29
[ 43.550241] RSP: 002b:00007ffcd77aeb98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 43.557945] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444f29
[ 43.565200] RDX: 00000000200000c0 RSI: 0000000020000480 RDI: 0000000000000000
[ 43.572456] RBP: 000000000000a928 R08: 00000000200001c0 R09: 00000000004002e0
[ 43.579710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402170
[ 43.586977] R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
[ 43.594251]
[ 43.595858] Allocated by task 6978:
[ 43.599468] save_stack_trace+0x16/0x20
[ 43.603424] save_stack+0x45/0xd0
[ 43.606856] kasan_kmalloc+0xce/0xf0
[ 43.610650] __kmalloc+0x15d/0x7a0
[ 43.614173] p9_fcall_alloc+0x1d/0x90
[ 43.617967] p9_client_prepare_req.part.0+0x73a/0xa90
[ 43.623144] p9_client_rpc+0x170/0x1180
[ 43.627113] p9_client_create+0x997/0x1120
[ 43.631347] v9fs_session_init+0x1dc/0x1620
[ 43.635657] v9fs_mount+0x7d/0x870
[ 43.639217] mount_fs+0x97/0x2a1
[ 43.642566] vfs_kern_mount.part.0+0x5e/0x3d0
[ 43.647085] do_mount+0x417/0x27d0
[ 43.650619] SyS_mount+0xab/0x120
[ 43.654063] do_syscall_64+0x1e8/0x640
[ 43.657937] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 43.663144]
[ 43.664767] Freed by task 0:
[ 43.667763] (stack is not available)
[ 43.671454]
[ 43.673063] The buggy address belongs to the object at ffff888097ff8540
[ 43.673063] which belongs to the cache kmalloc-16384 of size 16384
[ 43.686177] The buggy address is located 45 bytes inside of
[ 43.686177] 16384-byte region [ffff888097ff8540, ffff888097ffc540)
[ 43.698167] The buggy address belongs to the page:
[ 43.703092] page:ffffea00025ffe00 count:1 mapcount:0 mapping:ffff888097ff8540 index:0x0 compound_mapcount: 0
[ 43.713047] flags: 0x1fffc0000008100(slab|head)
[ 43.717700] raw: 01fffc0000008100 ffff888097ff8540 0000000000000000 0000000100000001
[ 43.725565] raw: ffffea0001de8c20 ffff8880aa801c48 ffff8880aa802200 0000000000000000
[ 43.733435] page dumped because: kasan: bad access detected
[ 43.739251]
[ 43.740872] Memory state around the buggy address:
[ 43.745795] ffff888097ffa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.753138] ffff888097ffa480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.760479] >ffff888097ffa500: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 43.767838] ^
[ 43.774588] ffff888097ffa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.781959] ffff888097ffa600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.789298] ==================================================================
[ 43.796647] Disabling lock debugging due to kernel taint
[ 43.802384] Kernel panic - not syncing: panic_on_warn set ...
[ 43.802384]
[ 43.809963] CPU: 0 PID: 6978 Comm: syz-executor307 Tainted: G B 4.14.142 #0
[ 43.818183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.827702] Call Trace:
[ 43.830291] dump_stack+0x138/0x197
[ 43.834061] ? pdu_read+0x90/0xd0
[ 43.837504] panic+0x1f2/0x426
[ 43.840698] ? add_taint.cold+0x16/0x16
[ 43.844658] ? ___preempt_schedule+0x16/0x18
[ 43.849062] kasan_end_report+0x47/0x4f
[ 43.853017] kasan_report.cold+0x130/0x2af
[ 43.857230] check_memory_region+0x123/0x190
[ 43.861629] memcpy+0x24/0x50
[ 43.864821] pdu_read+0x90/0xd0
[ 43.868092] p9pdu_readf+0x379/0x1780
[ 43.871901] ? p9_conn_create+0x4c0/0x4c0
[ 43.876044] ? pipe_poll+0x261/0x2d0
[ 43.879736] ? p9pdu_writef+0xd0/0xd0
[ 43.883524] ? p9_fd_create+0x245/0x340
[ 43.887577] ? parse_opts.part.0+0x2e0/0x2e0
[ 43.891991] p9_client_create+0xa1f/0x1120
[ 43.896304] ? p9_client_zc_rpc.constprop.0+0x1120/0x1120
[ 43.902062] ? __kmalloc_track_caller+0x372/0x790
[ 43.906894] ? __lockdep_init_map+0x10c/0x570
[ 43.911373] ? lockdep_init_map+0x9/0x10
[ 43.915511] ? __raw_spin_lock_init+0x2d/0x100
[ 43.920334] v9fs_session_init+0x1dc/0x1620
[ 43.924642] ? check_preemption_disabled+0x3c/0x250
[ 43.929640] ? v9fs_show_options+0x730/0x730
[ 43.934029] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 43.939470] ? v9fs_mount+0x5e/0x870
[ 43.943163] ? rcu_read_lock_sched_held+0x110/0x130
[ 43.948172] ? kmem_cache_alloc_trace+0x623/0x790
[ 43.952996] ? free_pages+0x46/0x50
[ 43.956618] v9fs_mount+0x7d/0x870
[ 43.960146] mount_fs+0x97/0x2a1
[ 43.963498] vfs_kern_mount.part.0+0x5e/0x3d0
[ 43.967982] do_mount+0x417/0x27d0
[ 43.971925] ? copy_mount_options+0x5c/0x2f0
[ 43.976314] ? rcu_read_lock_sched_held+0x110/0x130
[ 43.981312] ? copy_mount_string+0x40/0x40
[ 43.985547] ? copy_mount_options+0x1fe/0x2f0
[ 43.990029] SyS_mount+0xab/0x120
[ 43.993470] ? copy_mnt_ns+0x8c0/0x8c0
[ 43.997359] do_syscall_64+0x1e8/0x640
[ 44.001226] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 44.006054] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 44.011225] RIP: 0033:0x444f29
[ 44.014394] RSP: 002b:00007ffcd77aeb98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 44.022090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444f29
[ 44.029388] RDX: 00000000200000c0 RSI: 0000000020000480 RDI: 0000000000000000
[ 44.036659] RBP: 000000000000a928 R08: 00000000200001c0 R09: 00000000004002e0
[ 44.043920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402170
[ 44.051175] R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
[ 44.060202] Kernel Offset: disabled
[ 44.063834] Rebooting in 86400 seconds..