[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 19.434782] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 24.397204] random: sshd: uninitialized urandom read (32 bytes read)
[ 24.845742] random: sshd: uninitialized urandom read (32 bytes read)
[ 25.694979] random: sshd: uninitialized urandom read (32 bytes read)
[ 100.739436] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.58' (ECDSA) to the list of known hosts.
[ 106.169905] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/09 07:42:00 parsed 1 programs
[ 107.804158] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/09 07:42:03 executed programs: 0
[ 109.512613] IPVS: ftp: loaded support on port[0] = 21
[ 109.699712] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.706359] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.713840] device bridge_slave_0 entered promiscuous mode
[ 109.732044] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.738706] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.745708] device bridge_slave_1 entered promiscuous mode
[ 109.761228] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 109.776515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 109.816251] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 109.834264] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 109.897186] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 109.904472] team0: Port device team_slave_0 added
[ 109.919228] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 109.926332] team0: Port device team_slave_1 added
[ 109.940534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 109.956578] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 109.973819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 109.990198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 110.103677] bridge0: port 2(bridge_slave_1) entered blocking state
[ 110.110168] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 110.117030] bridge0: port 1(bridge_slave_0) entered blocking state
[ 110.123396] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 110.530562] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 110.536719] 8021q: adding VLAN 0 to HW filter on device bond0
[ 110.580235] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 110.623217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 110.630732] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 110.666904] 8021q: adding VLAN 0 to HW filter on device team0
[ 110.908879] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[ 111.390776] ==================================================================
[ 111.398280] BUG: KASAN: slab-out-of-bounds in pdu_read+0x90/0xd0
[ 111.404406] Read of size 58954 at addr ffff8801d7082fed by task syz-executor0/4893
[ 111.412103]
[ 111.413717] CPU: 0 PID: 4893 Comm: syz-executor0 Not tainted 4.18.0-rc3+ #40
[ 111.421154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 111.430485] Call Trace:
[ 111.433074] dump_stack+0x1c9/0x2b4
[ 111.436689] ? dump_stack_print_info.cold.2+0x52/0x52
[ 111.441860] ? printk+0xa7/0xcf
[ 111.445117] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 111.449858] ? pdu_read+0x90/0xd0
[ 111.453305] print_address_description+0x6c/0x20b
[ 111.458132] ? pdu_read+0x90/0xd0
[ 111.461564] kasan_report.cold.7+0x242/0x2fe
[ 111.465953] check_memory_region+0x13e/0x1b0
[ 111.470342] memcpy+0x23/0x50
[ 111.473430] pdu_read+0x90/0xd0
[ 111.476691] p9pdu_readf+0x579/0x2170
[ 111.480473] ? p9pdu_writef+0xe0/0xe0
[ 111.484253] ? __fget+0x414/0x670
[ 111.487688] ? rcu_is_watching+0x61/0x150
[ 111.491831] ? expand_files.part.8+0x9c0/0x9c0
[ 111.496406] ? rcu_read_lock_sched_held+0x108/0x120
[ 111.501407] ? p9_fd_show_options+0x1c0/0x1c0
[ 111.505886] p9_client_create+0xde0/0x16c9
[ 111.510115] ? p9_client_read+0xc60/0xc60
[ 111.514249] ? find_held_lock+0x36/0x1c0
[ 111.518383] ? __lockdep_init_map+0x105/0x590
[ 111.522862] ? kasan_check_write+0x14/0x20
[ 111.527085] ? __init_rwsem+0x1cc/0x2a0
[ 111.531044] ? do_raw_write_unlock.cold.8+0x49/0x49
[ 111.536042] ? rcu_read_lock_sched_held+0x108/0x120
[ 111.541037] ? __kmalloc_track_caller+0x5f5/0x760
[ 111.545859] ? save_stack+0xa9/0xd0
[ 111.549462] ? save_stack+0x43/0xd0
[ 111.553096] ? kasan_kmalloc+0xc4/0xe0
[ 111.556963] ? memcpy+0x45/0x50
[ 111.560233] v9fs_session_init+0x21a/0x1a80
[ 111.564536] ? find_held_lock+0x36/0x1c0
[ 111.568580] ? v9fs_show_options+0x7e0/0x7e0
[ 111.572970] ? kasan_check_read+0x11/0x20
[ 111.577098] ? rcu_is_watching+0x8c/0x150
[ 111.581222] ? rcu_pm_notify+0xc0/0xc0
[ 111.585089] ? rcu_pm_notify+0xc0/0xc0
[ 111.588961] ? v9fs_mount+0x61/0x900
[ 111.592650] ? rcu_read_lock_sched_held+0x108/0x120
[ 111.597644] ? kmem_cache_alloc_trace+0x616/0x780
[ 111.602468] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 111.608085] v9fs_mount+0x7c/0x900
[ 111.611621] mount_fs+0xae/0x328
[ 111.614969] vfs_kern_mount.part.34+0xdc/0x4e0
[ 111.619531] ? may_umount+0xb0/0xb0
[ 111.623137] ? _raw_read_unlock+0x22/0x30
[ 111.627260] ? __get_fs_type+0x97/0xc0
[ 111.631128] do_mount+0x581/0x30e0
[ 111.634647] ? do_raw_spin_unlock+0xa7/0x2f0
[ 111.639035] ? copy_mount_string+0x40/0x40
[ 111.643251] ? copy_mount_options+0x5f/0x380
[ 111.647639] ? rcu_read_lock_sched_held+0x108/0x120
[ 111.652981] ? kmem_cache_alloc_trace+0x616/0x780
[ 111.657956] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 111.663491] ? _copy_from_user+0xdf/0x150
[ 111.667670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 111.673195] ? copy_mount_options+0x285/0x380
[ 111.677693] __ia32_compat_sys_mount+0x5d5/0x860
[ 111.682439] do_fast_syscall_32+0x34d/0xfb2
[ 111.686746] ? do_int80_syscall_32+0x890/0x890
[ 111.691310] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 111.696055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 111.701575] ? syscall_return_slowpath+0x31d/0x5e0
[ 111.706506] ? sysret32_from_system_call+0x5/0x46
[ 111.711354] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 111.716533] entry_SYSENTER_compat+0x70/0x7f
[ 111.720922] RIP: 0023:0xf7f15cb9
[ 111.724263] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 111.743443] RSP: 002b:00000000ffecc4ac EFLAGS: 00000282 ORIG_RAX: 0000000000000015
[ 111.751138] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0
[ 111.759519] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000020000180
[ 111.766782] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 111.774037] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 111.781289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 111.788547]
[ 111.790154] Allocated by task 4893:
[ 111.793769] save_stack+0x43/0xd0
[ 111.797206] kasan_kmalloc+0xc4/0xe0
[ 111.800902] __kmalloc+0x14e/0x760
[ 111.804424] p9_fcall_alloc+0x1e/0x90
[ 111.808206] p9_client_prepare_req.part.8+0x754/0xcd0
[ 111.813379] p9_client_rpc+0x1bd/0x1400
[ 111.817347] p9_client_create+0xd09/0x16c9
[ 111.821565] v9fs_session_init+0x21a/0x1a80
[ 111.825867] v9fs_mount+0x7c/0x900
[ 111.829389] mount_fs+0xae/0x328
[ 111.832746] vfs_kern_mount.part.34+0xdc/0x4e0
[ 111.837310] do_mount+0x581/0x30e0
[ 111.840833] __ia32_compat_sys_mount+0x5d5/0x860
[ 111.845568] do_fast_syscall_32+0x34d/0xfb2
[ 111.849871] entry_SYSENTER_compat+0x70/0x7f
[ 111.854254]
[ 111.855859] Freed by task 0:
[ 111.858858] (stack is not available)
[ 111.862559]
[ 111.864170] The buggy address belongs to the object at ffff8801d7082fc0
[ 111.864170] which belongs to the cache kmalloc-16384 of size 16384
[ 111.877578] The buggy address is located 45 bytes inside of
[ 111.877578] 16384-byte region [ffff8801d7082fc0, ffff8801d7086fc0)
[ 111.889521] The buggy address belongs to the page:
[ 111.894444] page:ffffea00075c2000 count:1 mapcount:0 mapping:ffff8801da802200 index:0x0 compound_mapcount: 0
[ 111.904405] flags: 0x2fffc0000008100(slab|head)
[ 111.909069] raw: 02fffc0000008100 ffffea00075b4208 ffff8801da801c48 ffff8801da802200
[ 111.916948] raw: 0000000000000000 ffff8801d7082fc0 0000000100000001 0000000000000000
[ 111.924804] page dumped because: kasan: bad access detected
[ 111.930489]
[ 111.932093] Memory state around the buggy address:
[ 111.937016] ffff8801d7084e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.944360] ffff8801d7084f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.951701] >ffff8801d7084f80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 111.959049] ^
[ 111.965531] ffff8801d7085000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.972873] ffff8801d7085080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.980210] ==================================================================
[ 111.987554] Disabling lock debugging due to kernel taint
[ 111.993475] Kernel panic - not syncing: panic_on_warn set ...
[ 111.993475]
[ 112.000855] CPU: 0 PID: 4893 Comm: syz-executor0 Tainted: G B 4.18.0-rc3+ #40
[ 112.009435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 112.018767] Call Trace:
[ 112.021345] dump_stack+0x1c9/0x2b4
[ 112.024961] ? dump_stack_print_info.cold.2+0x52/0x52
[ 112.030135] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 112.034877] panic+0x238/0x4e7
[ 112.038054] ? add_taint.cold.5+0x16/0x16
[ 112.042188] ? do_raw_spin_unlock+0xa7/0x2f0
[ 112.046576] ? pdu_read+0x90/0xd0
[ 112.050011] kasan_end_report+0x47/0x4f
[ 112.053975] kasan_report.cold.7+0x76/0x2fe
[ 112.058278] check_memory_region+0x13e/0x1b0
[ 112.062667] memcpy+0x23/0x50
[ 112.065774] pdu_read+0x90/0xd0
[ 112.069036] p9pdu_readf+0x579/0x2170
[ 112.072823] ? p9pdu_writef+0xe0/0xe0
[ 112.076605] ? __fget+0x414/0x670
[ 112.080044] ? rcu_is_watching+0x61/0x150
[ 112.084174] ? expand_files.part.8+0x9c0/0x9c0
[ 112.088738] ? rcu_read_lock_sched_held+0x108/0x120
[ 112.093738] ? p9_fd_show_options+0x1c0/0x1c0
[ 112.098226] p9_client_create+0xde0/0x16c9
[ 112.102446] ? p9_client_read+0xc60/0xc60
[ 112.106576] ? find_held_lock+0x36/0x1c0
[ 112.110627] ? __lockdep_init_map+0x105/0x590
[ 112.115106] ? kasan_check_write+0x14/0x20
[ 112.119322] ? __init_rwsem+0x1cc/0x2a0
[ 112.123284] ? do_raw_write_unlock.cold.8+0x49/0x49
[ 112.128294] ? rcu_read_lock_sched_held+0x108/0x120
[ 112.133289] ? __kmalloc_track_caller+0x5f5/0x760
[ 112.138122] ? save_stack+0xa9/0xd0
[ 112.141730] ? save_stack+0x43/0xd0
[ 112.145336] ? kasan_kmalloc+0xc4/0xe0
[ 112.149203] ? memcpy+0x45/0x50
[ 112.152466] v9fs_session_init+0x21a/0x1a80
[ 112.156779] ? find_held_lock+0x36/0x1c0
[ 112.160824] ? v9fs_show_options+0x7e0/0x7e0
[ 112.165213] ? kasan_check_read+0x11/0x20
[ 112.169365] ? rcu_is_watching+0x8c/0x150
[ 112.173491] ? rcu_pm_notify+0xc0/0xc0
[ 112.177356] ? rcu_pm_notify+0xc0/0xc0
[ 112.181224] ? v9fs_mount+0x61/0x900
[ 112.184918] ? rcu_read_lock_sched_held+0x108/0x120
[ 112.189917] ? kmem_cache_alloc_trace+0x616/0x780
[ 112.194745] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 112.200266] v9fs_mount+0x7c/0x900
[ 112.203791] mount_fs+0xae/0x328
[ 112.207150] vfs_kern_mount.part.34+0xdc/0x4e0
[ 112.211713] ? may_umount+0xb0/0xb0
[ 112.215323] ? _raw_read_unlock+0x22/0x30
[ 112.219451] ? __get_fs_type+0x97/0xc0
[ 112.223330] do_mount+0x581/0x30e0
[ 112.226850] ? do_raw_spin_unlock+0xa7/0x2f0
[ 112.231240] ? copy_mount_string+0x40/0x40
[ 112.235456] ? copy_mount_options+0x5f/0x380
[ 112.239847] ? rcu_read_lock_sched_held+0x108/0x120
[ 112.244843] ? kmem_cache_alloc_trace+0x616/0x780
[ 112.249679] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 112.255200] ? _copy_from_user+0xdf/0x150
[ 112.259329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 112.264858] ? copy_mount_options+0x285/0x380
[ 112.269338] __ia32_compat_sys_mount+0x5d5/0x860
[ 112.274095] do_fast_syscall_32+0x34d/0xfb2
[ 112.278413] ? do_int80_syscall_32+0x890/0x890
[ 112.282976] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 112.287714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 112.293234] ? syscall_return_slowpath+0x31d/0x5e0
[ 112.298157] ? sysret32_from_system_call+0x5/0x46
[ 112.303270] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 112.308110] entry_SYSENTER_compat+0x70/0x7f
[ 112.312500] RIP: 0023:0xf7f15cb9
[ 112.315843] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 112.334981] RSP: 002b:00000000ffecc4ac EFLAGS: 00000282 ORIG_RAX: 0000000000000015
[ 112.342692] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0
[ 112.349956] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000020000180
[ 112.357209] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 112.364462] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 112.371712] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 112.379552] Dumping ftrace buffer:
[ 112.383079] (ftrace buffer empty)
[ 112.386770] Kernel Offset: disabled
[ 112.390387] Rebooting in 86400 seconds..