[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 15.841977] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 19.687808] random: sshd: uninitialized urandom read (32 bytes read)
[ 20.054667] random: sshd: uninitialized urandom read (32 bytes read)
[ 20.781289] random: sshd: uninitialized urandom read (32 bytes read)
[ 20.930441] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts.
[ 26.420968] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 26.743446] ==================================================================
[ 26.750857] BUG: KASAN: slab-out-of-bounds in pdu_read+0x90/0xd0
[ 26.756987] Read of size 64713 at addr ffff8801b37909ad by task syz-executor051/4470
[ 26.764845]
[ 26.766456] CPU: 1 PID: 4470 Comm: syz-executor051 Not tainted 4.18.0-rc5-next-20180719+ #11
[ 26.775005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.784342] Call Trace:
[ 26.786918] dump_stack+0x1c9/0x2b4
[ 26.790540] ? dump_stack_print_info.cold.2+0x52/0x52
[ 26.795714] ? printk+0xa7/0xcf
[ 26.798977] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 26.803980] ? pdu_read+0x90/0xd0
[ 26.807418] print_address_description+0x6c/0x20b
[ 26.812244] ? pdu_read+0x90/0xd0
[ 26.815677] kasan_report.cold.7+0x242/0x30d
[ 26.820065] check_memory_region+0x13e/0x1b0
[ 26.824466] memcpy+0x23/0x50
[ 26.827563] pdu_read+0x90/0xd0
[ 26.830835] p9pdu_readf+0x579/0x2170
[ 26.834618] ? p9pdu_writef+0xe0/0xe0
[ 26.838411] ? ksys_dup3+0x690/0x690
[ 26.842110] ? do_raw_spin_lock+0xc1/0x200
[ 26.846327] ? finish_wait+0x430/0x430
[ 26.850211] ? p9_fd_show_options+0x1c0/0x1c0
[ 26.854689] p9_client_create+0x6d0/0x1537
[ 26.858906] ? p9_client_read+0xbb0/0xbb0
[ 26.863035] ? lock_acquire+0x1e4/0x540
[ 26.866990] ? fs_reclaim_acquire+0x20/0x20
[ 26.871302] ? lock_release+0xa30/0xa30
[ 26.875262] ? __lockdep_init_map+0x105/0x590
[ 26.879751] ? kasan_check_write+0x14/0x20
[ 26.883968] ? __init_rwsem+0x1cc/0x2a0
[ 26.887931] ? do_raw_write_unlock.cold.8+0x49/0x49
[ 26.892950] ? __kmalloc_track_caller+0x311/0x760
[ 26.897792] ? save_stack+0xa9/0xd0
[ 26.901402] ? save_stack+0x43/0xd0
[ 26.905010] ? kasan_kmalloc+0xc4/0xe0
[ 26.908885] ? memcpy+0x45/0x50
[ 26.912147] v9fs_session_init+0x21a/0x1a80
[ 26.916471] ? rcu_note_context_switch+0x730/0x730
[ 26.921385] ? legacy_parse_monolithic+0xde/0x1e0
[ 26.926211] ? v9fs_show_options+0x7e0/0x7e0
[ 26.930606] ? lock_release+0xa30/0xa30
[ 26.934561] ? check_same_owner+0x340/0x340
[ 26.938864] ? lock_downgrade+0x8f0/0x8f0
[ 26.942992] ? kasan_unpoison_shadow+0x35/0x50
[ 26.947556] ? kasan_kmalloc+0xc4/0xe0
[ 26.951428] ? kmem_cache_alloc_trace+0x318/0x780
[ 26.956253] ? kasan_unpoison_shadow+0x35/0x50
[ 26.960818] ? kasan_kmalloc+0xc4/0xe0
[ 26.964689] v9fs_mount+0x7c/0x900
[ 26.968212] ? v9fs_drop_inode+0x150/0x150
[ 26.972447] legacy_get_tree+0x131/0x460
[ 26.976619] vfs_get_tree+0x1cb/0x5c0
[ 26.980417] do_mount+0x6f2/0x1e20
[ 26.983941] ? check_same_owner+0x340/0x340
[ 26.988245] ? lock_release+0xa30/0xa30
[ 26.992202] ? copy_mount_string+0x40/0x40
[ 26.996418] ? kasan_kmalloc+0xc4/0xe0
[ 27.000290] ? kmem_cache_alloc_trace+0x318/0x780
[ 27.005122] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 27.010643] ? _copy_from_user+0xdf/0x150
[ 27.014777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 27.020296] ? copy_mount_options+0x285/0x380
[ 27.024773] ksys_mount+0x12d/0x140
[ 27.028383] __x64_sys_mount+0xbe/0x150
[ 27.032348] do_syscall_64+0x1b9/0x820
[ 27.036215] ? finish_task_switch+0x1d3/0x870
[ 27.040692] ? syscall_return_slowpath+0x5e0/0x5e0
[ 27.045601] ? syscall_return_slowpath+0x31d/0x5e0
[ 27.050513] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 27.055521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 27.061052] ? prepare_exit_to_usermode+0x291/0x3b0
[ 27.066050] ? perf_trace_sys_enter+0xb10/0xb10
[ 27.070700] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 27.075538] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 27.080706] RIP: 0033:0x445ce9
[ 27.083873] Code: e8 ec ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 27.103022] RSP: 002b:00007ff7c0199da8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 27.110717] RAX: ffffffffffffffda RBX: 00000000006dbc24 RCX: 0000000000445ce9
[ 27.117981] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000
[ 27.125250] RBP: 0000000000000000 R08: 00000000200001c0 R09: 0000000000000000
[ 27.132502] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000006dbc20
[ 27.139755] R13: 0030656c69662f2e R14: 64663d736e617274 R15: 0000000000000001
[ 27.147023]
[ 27.148645] Allocated by task 4470:
[ 27.152274] save_stack+0x43/0xd0
[ 27.155706] kasan_kmalloc+0xc4/0xe0
[ 27.159399] __kmalloc+0x14e/0x760
[ 27.162920] p9_fcall_alloc+0x1e/0x90
[ 27.166707] p9_client_prepare_req.part.8+0x132/0xa00
[ 27.171876] p9_client_rpc+0x242/0x1330
[ 27.175829] p9_client_create+0xca4/0x1537
[ 27.180047] v9fs_session_init+0x21a/0x1a80
[ 27.184354] v9fs_mount+0x7c/0x900
[ 27.187880] legacy_get_tree+0x131/0x460
[ 27.191920] vfs_get_tree+0x1cb/0x5c0
[ 27.195699] do_mount+0x6f2/0x1e20
[ 27.199218] ksys_mount+0x12d/0x140
[ 27.202821] __x64_sys_mount+0xbe/0x150
[ 27.206777] do_syscall_64+0x1b9/0x820
[ 27.210649] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 27.215821]
[ 27.217423] Freed by task 0:
[ 27.220412] (stack is not available)
[ 27.224096]
[ 27.225704] The buggy address belongs to the object at ffff8801b3790980
[ 27.225704] which belongs to the cache kmalloc-16384 of size 16384
[ 27.238686] The buggy address is located 45 bytes inside of
[ 27.238686] 16384-byte region [ffff8801b3790980, ffff8801b3794980)
[ 27.250619] The buggy address belongs to the page:
[ 27.255530] page:ffffea0006cde400 count:1 mapcount:0 mapping:ffff8801da802200 index:0x0 compound_mapcount: 0
[ 27.265477] flags: 0x2fffc0000010200(slab|head)
[ 27.270155] raw: 02fffc0000010200 ffffea0006dc0608 ffff8801da801c48 ffff8801da802200
[ 27.278037] raw: 0000000000000000 ffff8801b3790980 0000000100000001 0000000000000000
[ 27.285903] page dumped because: kasan: bad access detected
[ 27.291585]
[ 27.293186] Memory state around the buggy address:
[ 27.298095] ffff8801b3792880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.305453] ffff8801b3792900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.312795] >ffff8801b3792980: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.320141] ^
[ 27.324531] ffff8801b3792a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.331878] ffff8801b3792a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.339232] ==================================================================
[ 27.346687] Kernel panic - not syncing: panic_on_warn set ...
[ 27.346687]
[ 27.354056] CPU: 1 PID: 4470 Comm: syz-executor051 Tainted: G B 4.18.0-rc5-next-20180719+ #11
[ 27.364529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 27.373873] Call Trace:
[ 27.376451] dump_stack+0x1c9/0x2b4
[ 27.380067] ? dump_stack_print_info.cold.2+0x52/0x52
[ 27.385246] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 27.389985] panic+0x238/0x4e7
[ 27.393159] ? add_taint.cold.5+0x16/0x16
[ 27.397288] ? do_raw_spin_unlock+0xa7/0x2f0
[ 27.401679] ? pdu_read+0x90/0xd0
[ 27.405120] kasan_end_report+0x47/0x4f
[ 27.409078] kasan_report.cold.7+0x76/0x30d
[ 27.413385] check_memory_region+0x13e/0x1b0
[ 27.417774] memcpy+0x23/0x50
[ 27.420863] pdu_read+0x90/0xd0
[ 27.424126] p9pdu_readf+0x579/0x2170
[ 27.427915] ? p9pdu_writef+0xe0/0xe0
[ 27.431698] ? ksys_dup3+0x690/0x690
[ 27.435397] ? do_raw_spin_lock+0xc1/0x200
[ 27.439630] ? finish_wait+0x430/0x430
[ 27.443510] ? p9_fd_show_options+0x1c0/0x1c0
[ 27.447990] p9_client_create+0x6d0/0x1537
[ 27.452213] ? p9_client_read+0xbb0/0xbb0
[ 27.456346] ? lock_acquire+0x1e4/0x540
[ 27.460302] ? fs_reclaim_acquire+0x20/0x20
[ 27.464607] ? lock_release+0xa30/0xa30
[ 27.468561] ? __lockdep_init_map+0x105/0x590
[ 27.473047] ? kasan_check_write+0x14/0x20
[ 27.477274] ? __init_rwsem+0x1cc/0x2a0
[ 27.481228] ? do_raw_write_unlock.cold.8+0x49/0x49
[ 27.486237] ? __kmalloc_track_caller+0x311/0x760
[ 27.491066] ? save_stack+0xa9/0xd0
[ 27.494681] ? save_stack+0x43/0xd0
[ 27.498289] ? kasan_kmalloc+0xc4/0xe0
[ 27.502156] ? memcpy+0x45/0x50
[ 27.505423] v9fs_session_init+0x21a/0x1a80
[ 27.509729] ? rcu_note_context_switch+0x730/0x730
[ 27.514642] ? legacy_parse_monolithic+0xde/0x1e0
[ 27.519471] ? v9fs_show_options+0x7e0/0x7e0
[ 27.523882] ? lock_release+0xa30/0xa30
[ 27.527866] ? check_same_owner+0x340/0x340
[ 27.532182] ? lock_downgrade+0x8f0/0x8f0
[ 27.536313] ? kasan_unpoison_shadow+0x35/0x50
[ 27.540874] ? kasan_kmalloc+0xc4/0xe0
[ 27.544745] ? kmem_cache_alloc_trace+0x318/0x780
[ 27.549566] ? kasan_unpoison_shadow+0x35/0x50
[ 27.554132] ? kasan_kmalloc+0xc4/0xe0
[ 27.558026] v9fs_mount+0x7c/0x900
[ 27.561555] ? v9fs_drop_inode+0x150/0x150
[ 27.565770] legacy_get_tree+0x131/0x460
[ 27.569824] vfs_get_tree+0x1cb/0x5c0
[ 27.573620] do_mount+0x6f2/0x1e20
[ 27.577149] ? check_same_owner+0x340/0x340
[ 27.581456] ? lock_release+0xa30/0xa30
[ 27.585415] ? copy_mount_string+0x40/0x40
[ 27.589630] ? kasan_kmalloc+0xc4/0xe0
[ 27.593512] ? kmem_cache_alloc_trace+0x318/0x780
[ 27.598341] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 27.603858] ? _copy_from_user+0xdf/0x150
[ 27.607991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 27.613517] ? copy_mount_options+0x285/0x380
[ 27.617998] ksys_mount+0x12d/0x140
[ 27.621616] __x64_sys_mount+0xbe/0x150
[ 27.625593] do_syscall_64+0x1b9/0x820
[ 27.629463] ? finish_task_switch+0x1d3/0x870
[ 27.633939] ? syscall_return_slowpath+0x5e0/0x5e0
[ 27.638859] ? syscall_return_slowpath+0x31d/0x5e0
[ 27.643777] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 27.648779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 27.654308] ? prepare_exit_to_usermode+0x291/0x3b0
[ 27.659311] ? perf_trace_sys_enter+0xb10/0xb10
[ 27.663971] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 27.668802] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 27.673973] RIP: 0033:0x445ce9
[ 27.677136] Code: e8 ec ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 27.696268] RSP: 002b:00007ff7c0199da8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 27.703982] RAX: ffffffffffffffda RBX: 00000000006dbc24 RCX: 0000000000445ce9
[ 27.711249] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000
[ 27.718504] RBP: 0000000000000000 R08: 00000000200001c0 R09: 0000000000000000
[ 27.725757] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000006dbc20
[ 27.733025] R13: 0030656c69662f2e R14: 64663d736e617274 R15: 0000000000000001
[ 27.740924] Dumping ftrace buffer:
[ 27.744460] (ftrace buffer empty)
[ 27.748147] Kernel Offset: disabled
[ 27.751767] Rebooting in 86400 seconds..