[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.369803] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.945158] random: sshd: uninitialized urandom read (32 bytes read) [ 25.371730] random: sshd: uninitialized urandom read (32 bytes read) [ 26.255047] random: sshd: uninitialized urandom read (32 bytes read) [ 26.416742] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. [ 31.927278] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 32.036437] 9pnet_virtio: no channels available for device (null) [ 32.036441] 9pnet_virtio: no channels available for device (null) [ 32.036772] 9pnet_virtio: no channels available for device (null) [ 32.043210] 9pnet_virtio: no channels available for device (null) [ 32.051830] 9pnet: p9_fd_create_tcp (4526): problem connecting socket to 127.0.0.1 [ 32.058948] 9pnet: p9_fd_create_tcp (4542): problem connecting socket to 127.0.0.1 [ 32.062290] 9pnet_virtio: no channels available for device (null) executing program executing program executing program [ 32.070252] 9pnet_virtio: no channels available for device (null) [ 32.077826] 9pnet_virtio: no channels available for device (null) [ 32.086182] 9pnet: p9_fd_create_tcp (4543): problem connecting socket to 127.0.0.1 [ 32.091215] 9pnet: p9_fd_create_tcp (4532): problem connecting socket to 127.0.0.1 [ 32.098221] kasan: CONFIG_KASAN_INLINE enabled [ 32.105349] 9pnet: p9_fd_create_tcp (4535): problem connecting socket to 127.0.0.1 [ 32.112120] kasan: GPF could be caused by NULL-ptr deref or user memory access executing program [ 32.118141] 9pnet: p9_fd_create_tcp (4541): problem connecting socket to 127.0.0.1 [ 32.124507] general protection fault: 0000 [#1] SMP KASAN [ 32.132722] 9pnet: p9_fd_create_tcp (4544): problem connecting socket to 127.0.0.1 [ 32.139508] CPU: 0 PID: 4539 Comm: syz-executor021 Not tainted 4.18.0-rc4+ #141 [ 32.139513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.139534] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 32.139537] Code: f9 [ 32.145922] 9pnet: p9_fd_create_tcp (4549): problem connecting socket to 127.0.0.1 [ 32.152753] 44 89 ee bf 6e 00 00 00 e8 5b 82 eb f9 41 80 fd 6e 0f 84 ce 02 [ 32.161499] kasan: CONFIG_KASAN_INLINE enabled [ 32.169607] 00 00 e8 7c 81 eb f9 [ 32.173875] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 32.176244] 4c 89 f0 4c 89 f2 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 e8 1c 00 00 45 0f b6 26 31 [ 32.217332] RSP: 0018:ffff8801bb0bf0e0 EFLAGS: 00010246 [ 32.222676] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 32.229927] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 32.237179] RBP: ffff8801bb0bf2b0 R08: ffff8801ac6fe440 R09: ffff8801bb0bf4a4 [ 32.244431] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff888364c1 [ 32.251774] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 32.259033] FS: 00007f6372039700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 32.267242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.273221] CR2: 00007f6372017e78 CR3: 00000001d9304000 CR4: 00000000001406f0 [ 32.280477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.287738] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.294997] Call Trace: [ 32.297592] ? lock_set_class+0x3ef/0x820 [ 32.301728] ? simple_strtoll+0xa0/0xa0 [ 32.305688] ? kfree+0x111/0x260 [ 32.309039] ? parse_opts+0x3b8/0x500 [ 32.312825] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.317829] ? trace_hardirqs_on+0xd/0x10 [ 32.321971] ? parse_opts+0x351/0x500 [ 32.326203] ? p9_fd_poll+0x2b0/0x2b0 [ 32.329991] ? kasan_kmalloc+0xc4/0xe0 [ 32.333863] ? p9_idpool_create+0x42/0x190 [ 32.338081] ? p9_client_create+0x87a/0x16c9 [ 32.342475] ? v9fs_session_init+0x21a/0x1a80 [ 32.346956] sscanf+0xab/0xe0 [ 32.350045] ? vsscanf+0x2af0/0x2af0 [ 32.353829] ? find_held_lock+0x36/0x1c0 [ 32.357964] p9_fd_create_tcp+0x113/0x8a0 [ 32.362101] ? p9_fd_create_unix+0x370/0x370 [ 32.366495] ? kasan_check_read+0x11/0x20 [ 32.370628] ? rcu_is_watching+0x8c/0x150 [ 32.374760] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.379845] ? rcu_pm_notify+0xc0/0xc0 [ 32.383719] ? p9_idpool_create+0x42/0x190 [ 32.387935] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.392941] ? kmem_cache_alloc_trace+0x616/0x780 [ 32.397771] ? __lockdep_init_map+0x105/0x590 [ 32.402253] ? lockdep_init_map+0x9/0x10 [ 32.406299] ? __raw_spin_lock_init+0x2d/0x100 [ 32.410866] p9_client_create+0x915/0x16c9 [ 32.415101] ? p9_client_read+0xc60/0xc60 [ 32.419233] ? find_held_lock+0x36/0x1c0 [ 32.423289] ? __lockdep_init_map+0x105/0x590 [ 32.427770] ? kasan_check_write+0x14/0x20 [ 32.431986] ? __init_rwsem+0x1cc/0x2a0 [ 32.435943] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 32.440946] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.445945] ? __kmalloc_track_caller+0x5f5/0x760 [ 32.450773] ? save_stack+0xa9/0xd0 [ 32.454389] ? save_stack+0x43/0xd0 [ 32.457997] ? kasan_kmalloc+0xc4/0xe0 [ 32.461865] ? kmem_cache_alloc_trace+0x152/0x780 [ 32.466699] ? memcpy+0x45/0x50 [ 32.469975] v9fs_session_init+0x21a/0x1a80 [ 32.474280] ? find_held_lock+0x36/0x1c0 [ 32.478328] ? v9fs_show_options+0x7e0/0x7e0 [ 32.482721] ? kasan_check_read+0x11/0x20 [ 32.486852] ? rcu_is_watching+0x8c/0x150 [ 32.490987] ? rcu_pm_notify+0xc0/0xc0 [ 32.494861] ? v9fs_mount+0x61/0x900 [ 32.498577] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.503601] ? kmem_cache_alloc_trace+0x616/0x780 [ 32.508433] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 32.513975] v9fs_mount+0x7c/0x900 [ 32.517504] mount_fs+0xae/0x328 [ 32.520867] vfs_kern_mount.part.34+0xdc/0x4e0 [ 32.525436] ? may_umount+0xb0/0xb0 [ 32.529059] ? _raw_read_unlock+0x22/0x30 [ 32.533197] ? __get_fs_type+0x97/0xc0 [ 32.537070] do_mount+0x581/0x30e0 [ 32.540594] ? do_raw_spin_unlock+0xa7/0x2f0 [ 32.544990] ? copy_mount_string+0x40/0x40 [ 32.549214] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 32.553964] ? retint_kernel+0x10/0x10 [ 32.557935] ? copy_mount_options+0x1e3/0x380 [ 32.562422] ? copy_mount_options+0x1f0/0x380 [ 32.566904] ? copy_mount_options+0x1fa/0x380 [ 32.571384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.576912] ? copy_mount_options+0x285/0x380 [ 32.581394] ksys_mount+0x12d/0x140 [ 32.585016] __x64_sys_mount+0xbe/0x150 [ 32.588982] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.593982] do_syscall_64+0x1b9/0x820 [ 32.597951] ? finish_task_switch+0x1d3/0x870 [ 32.602431] ? syscall_return_slowpath+0x5e0/0x5e0 [ 32.607345] ? syscall_return_slowpath+0x31d/0x5e0 [ 32.612269] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 32.617626] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.622545] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.627720] RIP: 0033:0x445a99 [ 32.630888] Code: e8 bc e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 32.650069] RSP: 002b:00007f6372038da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 32.657765] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445a99 [ 32.665020] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 32.672281] RBP: 00000000006dac38 R08: 0000000020000180 R09: 0000000000000000 [ 32.679539] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 32.686794] R13: 63743d736e617274 R14: 2e302e302e373231 R15: 0000000000000001 [ 32.694060] Modules linked in: [ 32.697253] Dumping ftrace buffer: [ 32.700771] (ftrace buffer empty) [ 32.704480] general protection fault: 0000 [#2] SMP KASAN [ 32.704580] ---[ end trace c1135eabce25c6f9 ]--- [ 32.710017] CPU: 1 PID: 4550 Comm: syz-executor021 Tainted: G D 4.18.0-rc4+ #141 [ 32.710023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.710042] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 32.710049] Code: [ 32.714820] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 32.723614] f9 44 89 ee bf 6e 00 [ 32.732996] Code: [ 32.737287] 00 00 e8 5b 82 eb f9 [ 32.739444] f9 [ 32.743655] 41 80 fd 6e 0f 84 ce [ 32.747118] 44 [ 32.749230] 02 00 00 e8 7c [ 32.752684] 89 [ 32.754540] 81 eb f9 4c 89 [ 32.758006] ee [ 32.759866] f0 4c 89 f2 48 c1 [ 32.762803] bf [ 32.764657] e8 03 83 e2 07 <42> [ 32.767601] 6e [ 32.769452] 0f b6 04 38 38 d0 [ 32.772664] 00 [ 32.774525] 7f 08 84 c0 0f 85 [ 32.777906] 00 [ 32.779756] e8 1c 00 00 45 0f [ 32.782952] 00 [ 32.784803] b6 26 31 [ 32.784823] RSP: 0018:ffff8801bd2b70e0 EFLAGS: 00010246 [ 32.788092] e8 [ 32.789952] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 32.789959] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 32.789970] RBP: ffff8801bd2b72b0 R08: ffff8801d9164700 R09: ffff8801bd2b74a4 [ 32.793140] 5b [ 32.794999] R10: 00000000853704de R11: ffff8801daf236b3 R12: ffffffff888364c1 [ 32.795007] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 32.795017] FS: 00007f6372018700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 32.795029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.797418] 82 [ 32.802747] CR2: 00007f6372017e78 CR3: 00000001ac4f7000 CR4: 00000000001406e0 [ 32.802757] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.802768] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.804651] eb [ 32.811892] Call Trace: [ 32.811918] ? lock_set_class+0x3ef/0x820 [ 32.811937] ? simple_strtoll+0xa0/0xa0 [ 32.819183] f9 [ 32.826432] ? __kasan_slab_free+0x131/0x170 [ 32.826448] ? trace_hardirqs_on+0xd/0x10 [ 32.828325] 41 [ 32.835575] ? parse_opts+0x351/0x500 [ 32.835592] ? p9_fd_poll+0x2b0/0x2b0 [ 32.842866] 80 [ 32.851068] ? kasan_kmalloc+0xc4/0xe0 [ 32.851080] ? p9_idpool_create+0x42/0x190 [ 32.851095] ? p9_client_create+0x87a/0x16c9 [ 32.856971] fd [ 32.858835] ? v9fs_session_init+0x21a/0x1a80 [ 32.858853] sscanf+0xab/0xe0 [ 32.866127] 6e [ 32.873373] ? vsscanf+0x2af0/0x2af0 [ 32.873383] ? kasan_slab_free+0xe/0x10 [ 32.873399] ? v9fs_mount+0x7c/0x900 [ 32.880668] 0f [ 32.882526] ? mount_fs+0xae/0x328 [ 32.882543] ? vfs_kern_mount.part.34+0xdc/0x4e0 [ 32.885110] 84 [ 32.889228] ? do_mount+0x581/0x30e0 [ 32.889240] ? __x64_sys_mount+0xbe/0x150 [ 32.889258] p9_fd_create_tcp+0x113/0x8a0 [ 32.893750] ce [ 32.895614] ? lock_downgrade+0x8f0/0x8f0 [ 32.895632] ? p9_fd_create_unix+0x370/0x370 [ 32.900032] 02 [ 32.904153] ? check_same_owner+0x340/0x340 [ 32.904167] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 32.904187] ? kasan_unpoison_shadow+0x35/0x50 [ 32.906085] 00 [ 32.909863] ? kasan_kmalloc+0xc4/0xe0 [ 32.909881] ? kmem_cache_alloc_trace+0x318/0x780 [ 32.913659] 00 [ 32.915526] ? __lockdep_init_map+0x105/0x590 [ 32.915543] ? lockdep_init_map+0x9/0x10 [ 32.919414] e8 [ 32.923622] ? __raw_spin_lock_init+0x2d/0x100 [ 32.923641] p9_client_create+0x915/0x16c9 [ 32.928120] 7c [ 32.929998] ? p9_client_read+0xc60/0xc60 [ 32.930018] ? kasan_check_read+0x11/0x20 [ 32.934500] 81 [ 32.937580] ? lock_acquire+0x1e4/0x540 [ 32.937596] ? fs_reclaim_acquire+0x20/0x20 [ 32.939472] eb [ 32.943161] ? lock_release+0xa30/0xa30 [ 32.943177] ? __lockdep_init_map+0x105/0x590 [ 32.947231] f9 [ 32.950922] ? kasan_check_write+0x14/0x20 [ 32.950937] ? __init_rwsem+0x1cc/0x2a0 [ 32.952804] 4c [ 32.956316] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 32.956333] ? __kmalloc_track_caller+0x311/0x760 [ 32.961061] 89 [ 32.962925] ? save_stack+0xa9/0xd0 [ 32.962941] ? save_stack+0x43/0xd0 [ 32.966628] f0 [ 32.970751] ? kasan_kmalloc+0xc4/0xe0 [ 32.970766] ? kmem_cache_alloc_trace+0x152/0x780 [ 32.974890] 4c [ 32.976756] ? memcpy+0x45/0x50 [ 32.976776] v9fs_session_init+0x21a/0x1a80 [ 32.980899] 89 [ 32.985285] ? lock_acquire+0x1e4/0x540 [ 32.985300] ? v9fs_show_options+0x7e0/0x7e0 [ 32.987169] f2 [ 32.991462] ? lock_release+0xa30/0xa30 [ 32.991478] ? check_same_owner+0x340/0x340 [ 32.996822] 48 [ 33.001389] ? quarantine_put+0x10d/0x1b0 [ 33.001403] ? kasan_unpoison_shadow+0x35/0x50 [ 33.001420] ? kasan_kmalloc+0xc4/0xe0 [ 33.003287] c1 [ 33.007149] ? kmem_cache_alloc_trace+0x318/0x780 [ 33.007172] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 33.012016] e8 [ 33.013890] v9fs_mount+0x7c/0x900 [ 33.013907] mount_fs+0xae/0x328 [ 33.018382] 03 [ 33.022417] vfs_kern_mount.part.34+0xdc/0x4e0 [ 33.022432] ? may_umount+0xb0/0xb0 [ 33.024317] 83 [ 33.028884] ? _raw_read_unlock+0x22/0x30 [ 33.028899] ? __get_fs_type+0x97/0xc0 [ 33.033124] e2 [ 33.034999] do_mount+0x581/0x30e0 [ 33.035018] ? do_raw_spin_unlock+0xa7/0x2f0 [ 33.039144] 07 [ 33.043281] ? copy_mount_string+0x40/0x40 [ 33.043302] ? kasan_unpoison_shadow+0x35/0x50 [ 33.045167] <42> [ 33.049131] ? kasan_kmalloc+0xc4/0xe0 [ 33.049150] ? kmem_cache_alloc_trace+0x318/0x780 [ 33.053456] 0f [ 33.055318] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.055335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.059288] b6 [ 33.063756] ? copy_mount_options+0x285/0x380 [ 33.063772] ksys_mount+0x12d/0x140 [ 33.065637] 04 [ 33.069849] __x64_sys_mount+0xbe/0x150 [ 33.069867] do_syscall_64+0x1b9/0x820 [ 33.074175] 38 [ 33.076036] ? finish_task_switch+0x1d3/0x870 [ 33.076053] ? syscall_return_slowpath+0x5e0/0x5e0 [ 33.081045] 38 [ 33.086035] ? syscall_return_slowpath+0x31d/0x5e0 [ 33.086047] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 33.086064] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.088016] d0 [ 33.091641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.091653] RIP: 0033:0x445a99 [ 33.095526] 7f [ 33.097377] Code: e8 bc e7 [ 33.101269] 08 [ 33.106080] ff ff 48 83 c4 18 c3 [ 33.107975] 84 [ 33.111222] 0f 1f 80 00 00 00 00 [ 33.115650] c0 [ 33.117499] 48 89 f8 48 89 f7 48 [ 33.121482] 0f [ 33.125852] 89 d6 48 89 ca 4d 89 [ 33.127761] 85 [ 33.131698] c2 4d 89 c8 4c 8b [ 33.136026] e8 [ 33.137875] 4c 24 08 0f 05 <48> [ 33.142025] 1c [ 33.146567] 3d 01 f0 ff ff 0f [ 33.150459] 00 [ 33.152311] 83 2b 0e fc ff [ 33.157151] 00 [ 33.162651] c3 66 2e 0f 1f [ 33.164540] 45 [ 33.168042] 84 00 00 00 00 [ 33.171425] 0f [ 33.173281] RSP: 002b:00007f6372017da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 33.173293] RAX: ffffffffffffffda RBX: 00000000006dac54 RCX: 0000000000445a99 [ 33.173304] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 33.177874] b6 [ 33.181465] RBP: 00000000006dac50 R08: 0000000020000180 R09: 0000000000000000 [ 33.181473] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 33.181484] R13: 63743d736e617274 R14: 2e302e302e373231 R15: 0000000000000001 [ 33.183352] 26 [ 33.187482] Modules linked in: [ 33.187495] Dumping ftrace buffer: [ 33.191388] 31 [ 33.193240] (ftrace buffer empty) [ 33.193587] ---[ end trace c1135eabce25c6fa ]--- [ 33.201285] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 33.201292] Code: [ 33.203354] RSP: 0018:ffff8801bb0bf0e0 EFLAGS: 00010246 [ 33.207746] f9 [ 33.214359] 44 89 [ 33.218245] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 33.223082] ee bf [ 33.224971] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 33.230495] 6e [ 33.236029] RBP: ffff8801bb0bf2b0 R08: ffff8801ac6fe440 R09: ffff8801bb0bf4a4 [ 33.237913] 00 00 [ 33.242411] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff888364c1 [ 33.246032] 00 [ 33.247914] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 33.251870] e8 5b [ 33.255859] FS: 00007f6372039700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 33.257729] 82 eb [ 33.262329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.267252] f9 [ 33.269131] CR2: 00007f6372017e78 CR3: 00000001d9304000 CR4: 00000000001406f0 [ 33.274043] 41 [ 33.279059] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.283897] 80 [ 33.285771] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.285781] Kernel panic - not syncing: Fatal exception [ 33.290961] fd [ 33.294650] Dumping ftrace buffer: [ 33.294655] (ftrace buffer empty) [ 33.294658] Kernel Offset: disabled [ 33.540377] Rebooting in 86400 seconds..