[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 19.649062] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 22.105147] random: sshd: uninitialized urandom read (32 bytes read)
[ 22.368309] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.238163] random: sshd: uninitialized urandom read (32 bytes read)
[ 23.391611] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts.
[ 28.901941] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
[ 29.003849] ==================================================================
[ 29.011346] BUG: KASAN: slab-out-of-bounds in pdu_read+0x90/0xd0
[ 29.017478] Read of size 43808 at addr ffff8801b42107ad by task syz-executor130/4569
[ 29.025336]
[ 29.026953] CPU: 0 PID: 4569 Comm: syz-executor130 Not tainted 4.18.0-rc4+ #44
[ 29.034290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.043624] Call Trace:
[ 29.046215] dump_stack+0x1c9/0x2b4
[ 29.049828] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.055002] ? printk+0xa7/0xcf
[ 29.058276] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 29.063027] ? pdu_read+0x90/0xd0
[ 29.066472] print_address_description+0x6c/0x20b
[ 29.071297] ? pdu_read+0x90/0xd0
[ 29.074732] kasan_report.cold.7+0x242/0x2fe
[ 29.079128] check_memory_region+0x13e/0x1b0
[ 29.083523] memcpy+0x23/0x50
[ 29.086613] pdu_read+0x90/0xd0
[ 29.089888] p9pdu_readf+0x579/0x2170
[ 29.093692] ? p9pdu_writef+0xe0/0xe0
[ 29.097476] ? __fget+0x414/0x670
[ 29.100929] ? rcu_is_watching+0x61/0x150
[ 29.105235] ? expand_files.part.8+0x9c0/0x9c0
[ 29.109804] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.114811] ? p9_fd_show_options+0x1c0/0x1c0
[ 29.119295] p9_client_create+0xde0/0x16c9
[ 29.123527] ? p9_client_read+0xc60/0xc60
[ 29.127660] ? find_held_lock+0x36/0x1c0
[ 29.131718] ? __lockdep_init_map+0x105/0x590
[ 29.136203] ? kasan_check_write+0x14/0x20
[ 29.140421] ? __init_rwsem+0x1cc/0x2a0
[ 29.144382] ? do_raw_write_unlock.cold.8+0x49/0x49
[ 29.149393] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.154392] ? __kmalloc_track_caller+0x5f5/0x760
[ 29.159217] ? save_stack+0xa9/0xd0
[ 29.162843] ? save_stack+0x43/0xd0
[ 29.166451] ? kasan_kmalloc+0xc4/0xe0
[ 29.170320] ? memcpy+0x45/0x50
[ 29.173589] v9fs_session_init+0x21a/0x1a80
[ 29.177901] ? find_held_lock+0x36/0x1c0
[ 29.181948] ? v9fs_show_options+0x7e0/0x7e0
[ 29.186350] ? kasan_check_read+0x11/0x20
[ 29.190490] ? rcu_is_watching+0x8c/0x150
[ 29.194620] ? rcu_pm_notify+0xc0/0xc0
[ 29.198489] ? rcu_pm_notify+0xc0/0xc0
[ 29.202371] ? v9fs_mount+0x61/0x900
[ 29.206081] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.211084] ? kmem_cache_alloc_trace+0x616/0x780
[ 29.215924] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 29.221445] v9fs_mount+0x7c/0x900
[ 29.224973] mount_fs+0xae/0x328
[ 29.228327] vfs_kern_mount.part.34+0xdc/0x4e0
[ 29.232896] ? may_umount+0xb0/0xb0
[ 29.236510] ? _raw_read_unlock+0x22/0x30
[ 29.240659] ? __get_fs_type+0x97/0xc0
[ 29.244536] do_mount+0x581/0x30e0
[ 29.248061] ? copy_mount_string+0x40/0x40
[ 29.252292] ? copy_mount_options+0x5f/0x380
[ 29.256692] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.261695] ? kmem_cache_alloc_trace+0x616/0x780
[ 29.266539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.272060] ? copy_mount_options+0x285/0x380
[ 29.276544] __ia32_compat_sys_mount+0x5d5/0x860
[ 29.281289] do_fast_syscall_32+0x34d/0xfb2
[ 29.285594] ? do_int80_syscall_32+0x890/0x890
[ 29.290166] ? do_syscall_64+0x497/0x820
[ 29.294210] ? syscall_return_slowpath+0x5e0/0x5e0
[ 29.299130] ? syscall_return_slowpath+0x31d/0x5e0
[ 29.304058] ? sysret32_from_system_call+0x5/0x46
[ 29.308907] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.313736] entry_SYSENTER_compat+0x70/0x7f
[ 29.318127] RIP: 0023:0xf7ff8cb9
[ 29.321471] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 29.340659] RSP: 002b:00000000ffe0f02c EFLAGS: 00000282 ORIG_RAX: 0000000000000015
[ 29.348354] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000140
[ 29.355604] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000020000440
[ 29.362855] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 29.370107] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 29.377366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 29.384623]
[ 29.386240] Allocated by task 4569:
[ 29.389855] save_stack+0x43/0xd0
[ 29.393289] kasan_kmalloc+0xc4/0xe0
[ 29.396981] __kmalloc+0x14e/0x760
[ 29.400519] p9_fcall_alloc+0x1e/0x90
[ 29.404302] p9_client_prepare_req.part.8+0x754/0xcd0
[ 29.409472] p9_client_rpc+0x1bd/0x1400
[ 29.413424] p9_client_create+0xd09/0x16c9
[ 29.417643] v9fs_session_init+0x21a/0x1a80
[ 29.421954] v9fs_mount+0x7c/0x900
[ 29.425476] mount_fs+0xae/0x328
[ 29.428824] vfs_kern_mount.part.34+0xdc/0x4e0
[ 29.433387] do_mount+0x581/0x30e0
[ 29.436909] __ia32_compat_sys_mount+0x5d5/0x860
[ 29.441650] do_fast_syscall_32+0x34d/0xfb2
[ 29.445968] entry_SYSENTER_compat+0x70/0x7f
[ 29.450353]
[ 29.451960] Freed by task 0:
[ 29.454950] (stack is not available)
[ 29.458662]
[ 29.460270] The buggy address belongs to the object at ffff8801b4210780
[ 29.460270] which belongs to the cache kmalloc-16384 of size 16384
[ 29.473253] The buggy address is located 45 bytes inside of
[ 29.473253] 16384-byte region [ffff8801b4210780, ffff8801b4214780)
[ 29.485193] The buggy address belongs to the page:
[ 29.490105] page:ffffea0006d08400 count:1 mapcount:0 mapping:ffff8801da802200 index:0x0 compound_mapcount: 0
[ 29.500056] flags: 0x2fffc0000008100(slab|head)
[ 29.504722] raw: 02fffc0000008100 ffffea0006b29a08 ffff8801da801c48 ffff8801da802200
[ 29.512589] raw: 0000000000000000 ffff8801b4210780 0000000100000001 0000000000000000
[ 29.520447] page dumped because: kasan: bad access detected
[ 29.526131]
[ 29.527736] Memory state around the buggy address:
[ 29.532658] ffff8801b4212680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.539995] ffff8801b4212700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.547338] >ffff8801b4212780: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.554673] ^
[ 29.559059] ffff8801b4212800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.566407] ffff8801b4212880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.574311] ==================================================================
[ 29.581647] Disabling lock debugging due to kernel taint
[ 29.587226] Kernel panic - not syncing: panic_on_warn set ...
[ 29.587226]
[ 29.594601] CPU: 0 PID: 4569 Comm: syz-executor130 Tainted: G B 4.18.0-rc4+ #44
[ 29.603352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.612683] Call Trace:
[ 29.615268] dump_stack+0x1c9/0x2b4
[ 29.618878] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.624049] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 29.628790] panic+0x238/0x4e7
[ 29.631963] ? add_taint.cold.5+0x16/0x16
[ 29.636095] ? do_raw_spin_unlock+0xa7/0x2f0
[ 29.640490] ? pdu_read+0x90/0xd0
[ 29.643924] kasan_end_report+0x47/0x4f
[ 29.647880] kasan_report.cold.7+0x76/0x2fe
[ 29.652187] check_memory_region+0x13e/0x1b0
[ 29.656585] memcpy+0x23/0x50
[ 29.659683] pdu_read+0x90/0xd0
[ 29.662943] p9pdu_readf+0x579/0x2170
[ 29.666724] ? p9pdu_writef+0xe0/0xe0
[ 29.670504] ? __fget+0x414/0x670
[ 29.673937] ? rcu_is_watching+0x61/0x150
[ 29.678066] ? expand_files.part.8+0x9c0/0x9c0
[ 29.682631] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.687632] ? p9_fd_show_options+0x1c0/0x1c0
[ 29.692121] p9_client_create+0xde0/0x16c9
[ 29.696345] ? p9_client_read+0xc60/0xc60
[ 29.700482] ? find_held_lock+0x36/0x1c0
[ 29.704527] ? __lockdep_init_map+0x105/0x590
[ 29.709007] ? kasan_check_write+0x14/0x20
[ 29.713244] ? __init_rwsem+0x1cc/0x2a0
[ 29.717212] ? do_raw_write_unlock.cold.8+0x49/0x49
[ 29.722210] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.727205] ? __kmalloc_track_caller+0x5f5/0x760
[ 29.732031] ? save_stack+0xa9/0xd0
[ 29.735640] ? save_stack+0x43/0xd0
[ 29.739254] ? kasan_kmalloc+0xc4/0xe0
[ 29.743120] ? memcpy+0x45/0x50
[ 29.746381] v9fs_session_init+0x21a/0x1a80
[ 29.750683] ? find_held_lock+0x36/0x1c0
[ 29.754726] ? v9fs_show_options+0x7e0/0x7e0
[ 29.759129] ? kasan_check_read+0x11/0x20
[ 29.763257] ? rcu_is_watching+0x8c/0x150
[ 29.767397] ? rcu_pm_notify+0xc0/0xc0
[ 29.771271] ? rcu_pm_notify+0xc0/0xc0
[ 29.775141] ? v9fs_mount+0x61/0x900
[ 29.778836] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.783837] ? kmem_cache_alloc_trace+0x616/0x780
[ 29.788670] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 29.794203] v9fs_mount+0x7c/0x900
[ 29.797728] mount_fs+0xae/0x328
[ 29.801079] vfs_kern_mount.part.34+0xdc/0x4e0
[ 29.805655] ? may_umount+0xb0/0xb0
[ 29.809275] ? _raw_read_unlock+0x22/0x30
[ 29.813403] ? __get_fs_type+0x97/0xc0
[ 29.817272] do_mount+0x581/0x30e0
[ 29.820803] ? copy_mount_string+0x40/0x40
[ 29.825031] ? copy_mount_options+0x5f/0x380
[ 29.829436] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.834437] ? kmem_cache_alloc_trace+0x616/0x780
[ 29.839265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.844782] ? copy_mount_options+0x285/0x380
[ 29.849262] __ia32_compat_sys_mount+0x5d5/0x860
[ 29.854014] do_fast_syscall_32+0x34d/0xfb2
[ 29.858331] ? do_int80_syscall_32+0x890/0x890
[ 29.862891] ? do_syscall_64+0x497/0x820
[ 29.866932] ? syscall_return_slowpath+0x5e0/0x5e0
[ 29.871846] ? syscall_return_slowpath+0x31d/0x5e0
[ 29.876760] ? sysret32_from_system_call+0x5/0x46
[ 29.881586] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.886422] entry_SYSENTER_compat+0x70/0x7f
[ 29.890825] RIP: 0023:0xf7ff8cb9
[ 29.894172] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 29.913296] RSP: 002b:00000000ffe0f02c EFLAGS: 00000282 ORIG_RAX: 0000000000000015
[ 29.920987] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000140
[ 29.928239] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000020000440
[ 29.935511] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 29.942836] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 29.950098] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 29.957868] Dumping ftrace buffer:
[ 29.961393] (ftrace buffer empty)
[ 29.965081] Kernel Offset: disabled
[ 29.968686] Rebooting in 86400 seconds..