[....] Starting OpenBSD Secure Shell server: sshd[ 29.909210] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.942230] random: sshd: uninitialized urandom read (32 bytes read) [ 35.204223] kauditd_printk_skb: 9 callbacks suppressed [ 35.204231] audit: type=1400 audit(1566095016.761:35): avc: denied { map } for pid=6828 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.257713] random: sshd: uninitialized urandom read (32 bytes read) [ 35.737356] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts. [ 41.412668] urandom_read: 1 callbacks suppressed [ 41.412672] random: sshd: uninitialized urandom read (32 bytes read) [ 41.529911] audit: type=1400 audit(1566095023.081:36): avc: denied { map } for pid=6840 comm="syz-executor607" path="/root/syz-executor607972183" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.790860] IPVS: ftp: loaded support on port[0] = 21 executing program [ 42.750517] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1363 [ 42.759132] in_atomic(): 0, irqs_disabled(): 1, pid: 6852, name: syz-executor607 [ 42.759150] 4 locks held by syz-executor607/6852: [ 42.759153] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 42.780200] #1: (&tty->termios_rwsem){++++}, at: [] tty_unthrottle+0x20/0xf0 [ 42.789131] #2: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref+0x20/0x80 [ 42.797626] #3: (&mm->mmap_sem){++++}, at: [] __do_page_fault+0x2ca/0xb80 [ 42.806302] irq event stamp: 10 [ 42.809576] hardirqs last enabled at (9): [] do_syscall_64+0x53/0x640 [ 42.817800] hardirqs last disabled at (10): [] queue_work_on+0x95/0x1d0 [ 42.826228] softirqs last enabled at (0): [] copy_process.part.0+0x12d5/0x6a00 [ 42.835229] softirqs last disabled at (0): [< (null)>] (null) [ 42.842754] CPU: 1 PID: 6852 Comm: syz-executor607 Not tainted 4.14.139 #35 [ 42.849842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.859187] Call Trace: [ 42.861769] dump_stack+0x138/0x19c [ 42.865396] ? __mutex_lock+0xc3/0x1470 [ 42.869369] ___might_sleep.cold+0x1bd/0x1f6 [ 42.873775] __might_sleep+0x93/0xb0 [ 42.877486] __do_page_fault+0x2ed/0xb80 [ 42.881547] ? vmalloc_fault+0xe30/0xe30 [ 42.885608] do_page_fault+0x71/0x511 [ 42.889404] page_fault+0x25/0x50 [ 42.892853] RIP: 0010:queue_work_on+0x95/0x1d0 [ 42.897425] RSP: 0018:ffff88809790fad0 EFLAGS: 00010046 [ 42.902781] RAX: 0000000000000007 RBX: 0000000000000297 RCX: 0000000000000000 [ 42.910043] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880a5bd0a44 [ 42.917308] RBP: ffff88809790faf8 R08: 0000000000000001 R09: ffff8880a5bd0af0 [ 42.924589] R10: ffff8880a5bd0ad0 R11: ffff8880a5bd0200 R12: 0000000000000050 [ 42.931836] R13: 0000000000000040 R14: ffff8880aa8147c0 R15: 0000000000000000 [ 42.939097] ? slc_setup+0x260/0x260 [ 42.942793] slcan_write_wakeup+0x66/0x90 [ 42.946917] tty_wakeup+0xc9/0x100 [ 42.950434] ? pty_set_termios+0x5c0/0x5c0 [ 42.954639] pty_unthrottle+0x37/0x50 [ 42.958567] tty_unthrottle+0x88/0xf0 [ 42.962358] ? n_tty_read+0x17b0/0x17b0 [ 42.966315] __tty_perform_flush+0x1a4/0x1f0 [ 42.970704] n_tty_ioctl_helper+0x17d/0x360 [ 42.975009] n_tty_ioctl+0x4a/0x2e0 [ 42.978905] ? ldsem_down_read+0x33/0x40 [ 42.983003] tty_ioctl+0x8f7/0x1320 [ 42.986621] ? commit_echoes+0x190/0x190 [ 42.990674] ? tty_vhangup+0x30/0x30 [ 42.994368] ? __might_sleep+0x93/0xb0 [ 42.998235] ? __fget+0x210/0x370 [ 43.001669] ? tty_vhangup+0x30/0x30 [ 43.005362] do_vfs_ioctl+0x7ae/0x1060 [ 43.009227] ? selinux_file_mprotect+0x5d0/0x5d0 [ 43.013966] ? lock_downgrade+0x6e0/0x6e0 [ 43.018098] ? ioctl_preallocate+0x1c0/0x1c0 [ 43.022483] ? __fget+0x237/0x370 [ 43.025918] ? security_file_ioctl+0x7d/0xb0 [ 43.030306] ? security_file_ioctl+0x89/0xb0 [ 43.034810] SyS_ioctl+0x8f/0xc0 [ 43.038156] ? do_vfs_ioctl+0x1060/0x1060 [ 43.042295] do_syscall_64+0x1e8/0x640 [ 43.046160] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.050983] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 43.056247] RIP: 0033:0x446f29 [ 43.059423] RSP: 002b:00007f7073684c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.067110] RAX: ffffffffffffffda RBX: 00000000006ddc58 RCX: 0000000000446f29 [ 43.074358] RDX: 0000000000000000 RSI: 000000000000540b RDI: 0000000000000003 [ 43.081704] RBP: 00000000006ddc50 R08: 00007f7073685700 R09: 0000000000000000 [ 43.089072] R10: 00007f7073685700 R11: 0000000000000246 R12: 00000000006ddc5c [ 43.096329] R13: 00007ffc69903e2f R14: 00007f70736859c0 R15: 000000000000002d [ 43.103647] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050 [ 43.111741] IP: queue_work_on+0x95/0x1d0 [ 43.115778] PGD 9f69b067 P4D 9f69b067 PUD 91e03067 PMD 0 [ 43.121299] Oops: 0002 [#1] PREEMPT SMP KASAN [ 43.125828] Modules linked in: [ 43.129065] CPU: 1 PID: 6852 Comm: syz-executor607 Tainted: G W 4.14.139 #35 [ 43.137553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.146885] task: ffff8880a5bd0200 task.stack: ffff888097908000 [ 43.152921] RIP: 0010:queue_work_on+0x95/0x1d0 [ 43.157476] RSP: 0018:ffff88809790fad0 EFLAGS: 00010046 [ 43.162817] RAX: 0000000000000007 RBX: 0000000000000297 RCX: 0000000000000000 [ 43.170071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880a5bd0a44 [ 43.177471] RBP: ffff88809790faf8 R08: 0000000000000001 R09: ffff8880a5bd0af0 [ 43.184725] R10: ffff8880a5bd0ad0 R11: ffff8880a5bd0200 R12: 0000000000000050 [ 43.192115] R13: 0000000000000040 R14: ffff8880aa8147c0 R15: 0000000000000000 [ 43.199364] FS: 00007f7073685700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 43.207565] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.213426] CR2: 0000000000000050 CR3: 000000008032f000 CR4: 00000000001406e0 [ 43.220838] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.228151] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.235403] Call Trace: [ 43.237977] ? slc_setup+0x260/0x260 [ 43.241666] slcan_write_wakeup+0x66/0x90 [ 43.245801] tty_wakeup+0xc9/0x100 [ 43.249338] ? pty_set_termios+0x5c0/0x5c0 [ 43.253546] pty_unthrottle+0x37/0x50 [ 43.257320] tty_unthrottle+0x88/0xf0 [ 43.261095] ? n_tty_read+0x17b0/0x17b0 [ 43.265041] __tty_perform_flush+0x1a4/0x1f0 [ 43.269436] n_tty_ioctl_helper+0x17d/0x360 [ 43.273736] n_tty_ioctl+0x4a/0x2e0 [ 43.277618] ? ldsem_down_read+0x33/0x40 [ 43.281657] tty_ioctl+0x8f7/0x1320 [ 43.285261] ? commit_echoes+0x190/0x190 [ 43.289306] ? tty_vhangup+0x30/0x30 [ 43.293008] ? __might_sleep+0x93/0xb0 [ 43.296873] ? __fget+0x210/0x370 [ 43.300305] ? tty_vhangup+0x30/0x30 [ 43.304002] do_vfs_ioctl+0x7ae/0x1060 [ 43.307869] ? selinux_file_mprotect+0x5d0/0x5d0 [ 43.312599] ? lock_downgrade+0x6e0/0x6e0 [ 43.316724] ? ioctl_preallocate+0x1c0/0x1c0 [ 43.321106] ? __fget+0x237/0x370 [ 43.324537] ? security_file_ioctl+0x7d/0xb0 [ 43.329042] ? security_file_ioctl+0x89/0xb0 [ 43.333432] SyS_ioctl+0x8f/0xc0 [ 43.336780] ? do_vfs_ioctl+0x1060/0x1060 [ 43.340920] do_syscall_64+0x1e8/0x640 [ 43.344785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.349617] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 43.354784] RIP: 0033:0x446f29 [ 43.357954] RSP: 002b:00007f7073684c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.365636] RAX: ffffffffffffffda RBX: 00000000006ddc58 RCX: 0000000000446f29 [ 43.372884] RDX: 0000000000000000 RSI: 000000000000540b RDI: 0000000000000003 [ 43.380132] RBP: 00000000006ddc50 R08: 00007f7073685700 R09: 0000000000000000 [ 43.387378] R10: 00007f7073685700 R11: 0000000000000246 R12: 00000000006ddc5c [ 43.394624] R13: 00007ffc69903e2f R14: 00007f70736859c0 R15: 000000000000002d [ 43.401877] Code: e8 03 80 3c 10 00 0f 85 24 01 00 00 48 83 3d f2 81 34 06 00 0f 84 f0 00 00 00 e8 87 0c 20 00 fa 66 0f 1f 44 00 00 e8 3b 95 0a 00 41 0f ba 2c 24 00 41 bf 00 00 00 00 0f 83 a7 00 00 00 e8 63 [ 43.420948] RIP: queue_work_on+0x95/0x1d0 RSP: ffff88809790fad0 [ 43.426981] CR2: 0000000000000050 [ 43.430414] ---[ end trace f25f839faa3817ad ]--- [ 43.435142] Kernel panic - not syncing: Fatal exception [ 43.441571] Kernel Offset: disabled [ 43.445198] Rebooting in 86400 seconds..