[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.043735] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.070367] random: sshd: uninitialized urandom read (32 bytes read) [ 24.487884] random: sshd: uninitialized urandom read (32 bytes read) [ 25.322480] random: sshd: uninitialized urandom read (32 bytes read) [ 25.468873] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. [ 30.926139] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program [ 31.017147] 9pnet_virtio: no channels available for device (null) [ 31.023126] 9pnet_virtio: no channels available for device (null) [ 31.028571] 9pnet_virtio: no channels available for device (null) [ 31.030674] 9pnet_virtio: no channels available for device (null) [ 31.036213] 9pnet_virtio: no channels available for device (null) [ 31.043558] 9pnet_virtio: no channels available for device (null) [ 31.048779] 9pnet_virtio: no channels available for device (null) executing program executing program executing program executing program executing program executing program executing program [ 31.058622] 9pnet: p9_fd_create_tcp (4496): problem connecting socket to 127.0.0.1 [ 31.062396] 9pnet: p9_fd_create_tcp (4500): problem connecting socket to 127.0.0.1 [ 31.069248] 9pnet_virtio: no channels available for device (null) [ 31.077531] 9pnet: p9_fd_create_tcp (4501): problem connecting socket to 127.0.0.1 [ 31.084109] 9pnet: p9_fd_create_tcp (4497): problem connecting socket to 127.0.0.1 [ 31.091640] 9pnet: p9_fd_create_tcp (4495): problem connecting socket to 127.0.0.1 [ 31.100529] 9pnet: p9_fd_create_tcp (4498): problem connecting socket to 127.0.0.1 [ 31.107489] 9pnet_virtio: no channels available for device (null) [ 31.115168] 9pnet: p9_fd_create_tcp (4499): problem connecting socket to 127.0.0.1 [ 31.122080] 9pnet: p9_fd_create_tcp (4481): problem connecting socket to 127.0.0.1 [ 31.129385] 9pnet: p9_fd_create_tcp (4506): problem connecting socket to 127.0.0.1 [ 31.136157] kasan: CONFIG_KASAN_INLINE enabled [ 31.145120] kasan: CONFIG_KASAN_INLINE enabled [ 31.148178] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 31.148196] general protection fault: 0000 [#1] SMP KASAN [ 31.152766] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 31.160087] CPU: 1 PID: 4502 Comm: syz-executor518 Not tainted 4.18.0-rc4+ #42 [ 31.160094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.160116] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 31.193809] Code: f9 44 89 ee bf 6e 00 00 00 e8 5b 82 eb f9 41 80 fd 6e 0f 84 ce 02 00 00 e8 7c 81 eb f9 4c 89 f0 4c 89 f2 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 e8 1c 00 00 45 0f b6 26 31 [ 31.212975] RSP: 0018:ffff8801bf93f0a0 EFLAGS: 00010246 [ 31.218330] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 31.225582] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 31.232832] RBP: ffff8801bf93f270 R08: ffff8801b5e9a140 R09: ffff8801bf93f464 [ 31.240081] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff888364c1 [ 31.247332] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 31.254583] FS: 0000000000000000(0000) GS:ffff8801daf00000(0063) knlGS:00000000f7efcb40 [ 31.262788] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 31.268650] CR2: 00000000f7f3dcc4 CR3: 00000001b6883000 CR4: 00000000001406e0 [ 31.275901] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.283153] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.290402] Call Trace: [ 31.292979] ? lock_set_class+0x3ef/0x820 [ 31.297116] ? simple_strtoll+0xa0/0xa0 [ 31.301082] ? kfree+0x111/0x260 [ 31.304431] ? parse_opts+0x3b8/0x500 [ 31.308213] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.313218] ? trace_hardirqs_on+0xd/0x10 [ 31.317351] ? parse_opts+0x351/0x500 [ 31.321134] ? p9_fd_poll+0x2b0/0x2b0 [ 31.324917] ? kasan_kmalloc+0xc4/0xe0 [ 31.328786] ? p9_idpool_create+0x42/0x190 [ 31.333003] ? p9_client_create+0x87a/0x16c9 [ 31.337398] ? v9fs_session_init+0x21a/0x1a80 [ 31.341877] sscanf+0xab/0xe0 [ 31.344966] ? vsscanf+0x2af0/0x2af0 [ 31.348663] ? find_held_lock+0x36/0x1c0 [ 31.352719] p9_fd_create_tcp+0x113/0x8a0 [ 31.356850] ? p9_fd_create_unix+0x370/0x370 [ 31.361240] ? kasan_check_read+0x11/0x20 [ 31.365373] ? rcu_is_watching+0x8c/0x150 [ 31.369507] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.374592] ? rcu_pm_notify+0xc0/0xc0 [ 31.378466] ? p9_idpool_create+0x42/0x190 [ 31.382693] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.387693] ? kmem_cache_alloc_trace+0x616/0x780 [ 31.392518] ? __lockdep_init_map+0x105/0x590 [ 31.396997] ? lockdep_init_map+0x9/0x10 [ 31.401040] ? __raw_spin_lock_init+0x2d/0x100 [ 31.405610] p9_client_create+0x915/0x16c9 [ 31.409833] ? p9_client_read+0xc60/0xc60 [ 31.413965] ? find_held_lock+0x36/0x1c0 [ 31.418018] ? __lockdep_init_map+0x105/0x590 [ 31.422497] ? kasan_check_write+0x14/0x20 [ 31.426712] ? __init_rwsem+0x1cc/0x2a0 [ 31.430668] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 31.435671] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.440671] ? __kmalloc_track_caller+0x5f5/0x760 [ 31.445497] ? save_stack+0xa9/0xd0 [ 31.449124] ? save_stack+0x43/0xd0 [ 31.452733] ? kasan_kmalloc+0xc4/0xe0 [ 31.456612] ? memcpy+0x45/0x50 [ 31.459878] v9fs_session_init+0x21a/0x1a80 [ 31.464193] ? find_held_lock+0x36/0x1c0 [ 31.468244] ? v9fs_show_options+0x7e0/0x7e0 [ 31.472645] ? kasan_check_read+0x11/0x20 [ 31.476773] ? rcu_is_watching+0x8c/0x150 [ 31.480899] ? rcu_pm_notify+0xc0/0xc0 [ 31.484769] ? rcu_pm_notify+0xc0/0xc0 [ 31.488640] ? v9fs_mount+0x61/0x900 [ 31.492338] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.497339] ? kmem_cache_alloc_trace+0x616/0x780 [ 31.502171] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 31.507693] v9fs_mount+0x7c/0x900 [ 31.511221] mount_fs+0xae/0x328 [ 31.514573] vfs_kern_mount.part.34+0xdc/0x4e0 [ 31.519137] ? may_umount+0xb0/0xb0 [ 31.522925] ? _raw_read_unlock+0x22/0x30 [ 31.527054] ? __get_fs_type+0x97/0xc0 [ 31.530929] do_mount+0x581/0x30e0 [ 31.534453] ? copy_mount_string+0x40/0x40 [ 31.538676] ? copy_mount_options+0x5f/0x380 [ 31.543069] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.548067] ? kmem_cache_alloc_trace+0x616/0x780 [ 31.553374] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 31.558894] ? _copy_from_user+0xdf/0x150 [ 31.563037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.568555] ? copy_mount_options+0x285/0x380 [ 31.573036] __ia32_compat_sys_mount+0x5d5/0x860 [ 31.577777] do_fast_syscall_32+0x34d/0xfb2 [ 31.582082] ? do_int80_syscall_32+0x890/0x890 [ 31.586649] ? _raw_spin_unlock_irq+0x27/0x70 [ 31.591127] ? finish_task_switch+0x1d3/0x870 [ 31.595607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.601125] ? syscall_return_slowpath+0x31d/0x5e0 [ 31.606047] ? sysret32_from_system_call+0x5/0x46 [ 31.610883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.615710] entry_SYSENTER_compat+0x70/0x7f [ 31.620099] RIP: 0023:0xf7f42cb9 [ 31.623438] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 31.642696] RSP: 002b:00000000f7efc1ec EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 31.650392] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 31.657647] RDX: 0000000020000340 RSI: 0000000000000000 RDI: 0000000020000180 [ 31.664898] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 31.672148] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 31.679484] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.686742] Modules linked in: [ 31.689917] Dumping ftrace buffer: [ 31.693432] (ftrace buffer empty) [ 31.697148] general protection fault: 0000 [#2] SMP KASAN [ 31.697220] ---[ end trace 603612217fadf6c1 ]--- [ 31.702682] CPU: 0 PID: 4504 Comm: syz-executor518 Tainted: G D 4.18.0-rc4+ #42 [ 31.702689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.702712] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 31.707448] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 31.716767] Code: f9 44 89 ee bf 6e 00 00 00 e8 [ 31.726147] Code: [ 31.730341] 5b 82 eb f9 41 80 [ 31.734584] f9 [ 31.739294] fd 6e 0f 84 ce 02 [ 31.741448] 44 [ 31.744602] 00 00 e8 7c 81 eb [ 31.746495] 89 [ 31.749649] f9 4c 89 f0 4c 89 [ 31.751540] ee [ 31.754694] f2 48 c1 e8 03 83 [ 31.756600] bf [ 31.759754] e2 07 <42> 0f b6 04 [ 31.761646] 6e [ 31.764797] 38 38 d0 7f 08 84 [ 31.766694] 00 [ 31.770021] c0 0f 85 e8 1c 00 00 [ 31.771915] 00 [ 31.775067] 45 0f b6 26 31 [ 31.775092] RSP: 0018:ffff8801af7ff0a0 EFLAGS: 00010246 [ 31.776961] 00 [ 31.780380] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 31.780387] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 31.780399] RBP: ffff8801af7ff270 R08: ffff8801b5e2a1c0 R09: ffff8801af7ff464 [ 31.782269] e8 [ 31.785169] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff888364c1 [ 31.785176] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 31.785191] FS: 0000000000000000(0000) GS:ffff8801dae00000(0063) knlGS:00000000f7efcb40 [ 31.790538] 5b [ 31.792391] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 31.792398] CR2: 0000000008090b10 CR3: 00000001b5f70000 CR4: 00000000001406f0 [ 31.792412] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.799668] 82 [ 31.806903] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.806907] Call Trace: [ 31.806929] ? lock_set_class+0x3ef/0x820 [ 31.806948] ? simple_strtoll+0xa0/0xa0 [ 31.814203] eb [ 31.816058] ? kfree+0x111/0x260 [ 31.816074] ? parse_opts+0x3b8/0x500 [ 31.823330] f9 [ 31.830574] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.830586] ? trace_hardirqs_on+0xd/0x10 [ 31.830598] ? parse_opts+0x351/0x500 [ 31.830613] ? p9_fd_poll+0x2b0/0x2b0 [ 31.838826] 41 [ 31.840681] ? kasan_kmalloc+0xc4/0xe0 [ 31.840697] ? p9_idpool_create+0x42/0x190 [ 31.846575] 80 [ 31.853816] ? p9_client_create+0x87a/0x16c9 [ 31.853828] ? v9fs_session_init+0x21a/0x1a80 [ 31.853845] sscanf+0xab/0xe0 [ 31.861101] fd [ 31.862960] ? vsscanf+0x2af0/0x2af0 [ 31.862977] ? find_held_lock+0x36/0x1c0 [ 31.870234] 6e [ 31.872785] p9_fd_create_tcp+0x113/0x8a0 [ 31.872802] ? p9_fd_create_unix+0x370/0x370 [ 31.876927] 0f [ 31.880873] ? kasan_check_read+0x11/0x20 [ 31.880882] ? rcu_is_watching+0x8c/0x150 [ 31.880900] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.882762] 84 [ 31.886097] ? rcu_pm_notify+0xc0/0xc0 [ 31.886113] ? p9_idpool_create+0x42/0x190 [ 31.886130] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.889903] ce [ 31.891763] ? kmem_cache_alloc_trace+0x616/0x780 [ 31.891781] ? __lockdep_init_map+0x105/0x590 [ 31.896777] 02 [ 31.900937] ? lockdep_init_map+0x9/0x10 [ 31.900947] ? __raw_spin_lock_init+0x2d/0x100 [ 31.900964] p9_client_create+0x915/0x16c9 [ 31.904744] 00 [ 31.908519] ? p9_client_read+0xc60/0xc60 [ 31.908535] ? find_held_lock+0x36/0x1c0 [ 31.910401] 00 [ 31.914270] ? __lockdep_init_map+0x105/0x590 [ 31.914287] ? kasan_check_write+0x14/0x20 [ 31.918501] e8 [ 31.920368] ? __init_rwsem+0x1cc/0x2a0 [ 31.920385] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 31.924773] 7c [ 31.929249] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.929261] ? __kmalloc_track_caller+0x5f5/0x760 [ 31.929277] ? save_stack+0xa9/0xd0 [ 31.932361] 81 [ 31.934223] ? save_stack+0x43/0xd0 [ 31.934234] ? kasan_kmalloc+0xc4/0xe0 [ 31.934250] ? memcpy+0x45/0x50 [ 31.937943] eb [ 31.941980] v9fs_session_init+0x21a/0x1a80 [ 31.941997] ? find_held_lock+0x36/0x1c0 [ 31.943867] f9 [ 31.947989] ? v9fs_show_options+0x7e0/0x7e0 [ 31.948006] ? kasan_check_read+0x11/0x20 [ 31.952393] 4c [ 31.954249] ? rcu_is_watching+0x8c/0x150 [ 31.954258] ? rcu_pm_notify+0xc0/0xc0 [ 31.954271] ? rcu_pm_notify+0xc0/0xc0 [ 31.958410] 89 [ 31.962518] ? v9fs_mount+0x61/0x900 [ 31.962536] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.967612] f0 [ 31.969472] ? kmem_cache_alloc_trace+0x616/0x780 [ 31.969491] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 31.973354] 4c [ 31.977561] v9fs_mount+0x7c/0x900 [ 31.977580] mount_fs+0xae/0x328 [ 31.982572] 89 [ 31.984435] vfs_kern_mount.part.34+0xdc/0x4e0 [ 31.984450] ? may_umount+0xb0/0xb0 [ 31.989273] f2 [ 31.993736] ? _raw_read_unlock+0x22/0x30 [ 31.993752] ? __get_fs_type+0x97/0xc0 [ 31.995622] 48 [ 31.999657] do_mount+0x581/0x30e0 [ 31.999674] ? copy_mount_string+0x40/0x40 [ 32.004232] c1 [ 32.008446] ? copy_mount_options+0x5f/0x380 [ 32.008464] ? rcu_read_lock_sched_held+0x108/0x120 [ 32.010330] e8 [ 32.014450] ? kmem_cache_alloc_trace+0x616/0x780 [ 32.014462] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.014479] ? _copy_from_user+0xdf/0x150 [ 32.018529] 03 [ 32.020393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.020410] ? copy_mount_options+0x285/0x380 [ 32.024891] 83 [ 32.029096] __ia32_compat_sys_mount+0x5d5/0x860 [ 32.029115] do_fast_syscall_32+0x34d/0xfb2 [ 32.030976] e2 [ 32.034923] ? do_int80_syscall_32+0x890/0x890 [ 32.034940] ? _raw_spin_unlock_irq+0x27/0x70 [ 32.039934] 07 [ 32.041792] ? finish_task_switch+0x1d3/0x870 [ 32.041809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.046804] <42> [ 32.051613] ? syscall_return_slowpath+0x31d/0x5e0 [ 32.051632] ? sysret32_from_system_call+0x5/0x46 [ 32.055235] 0f [ 32.057101] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.057117] entry_SYSENTER_compat+0x70/0x7f [ 32.060724] b6 [ 32.064580] RIP: 0023:0xf7f42cb9 [ 32.064583] Code: 55 08 [ 32.067857] 04 [ 32.069710] 8b 88 64 cd ff ff [ 32.074042] 38 [ 32.078058] 8b 98 68 cd ff ff 89 [ 32.079956] 38 [ 32.084323] c8 85 d2 74 02 89 0a [ 32.088489] d0 [ 32.090324] 5b 5d c3 8b 04 24 [ 32.094479] 7f [ 32.098322] c3 8b 1c 24 c3 51 52 [ 32.102220] 08 [ 32.104066] 55 89 e5 0f 34 cd [ 32.107781] 84 [ 32.112757] 80 <5d> 5a 59 c3 90 90 [ 32.114651] c0 [ 32.119453] 90 90 eb 0d 90 90 90 [ 32.124997] 0f [ 32.126843] 90 90 90 90 90 90 [ 32.130385] 85 [ 32.133709] 90 90 90 [ 32.133723] RSP: 002b:00000000f7efc1ec EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 32.135601] e8 [ 32.140148] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0 [ 32.140156] RDX: 0000000020000340 RSI: 0000000000000000 RDI: 0000000020000180 [ 32.140162] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 32.140173] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 32.143779] 1c [ 32.145642] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.145655] Modules linked in: [ 32.149791] 00 [ 32.153646] Dumping ftrace buffer: [ 32.153651] (ftrace buffer empty) [ 32.153760] ---[ end trace 603612217fadf6c2 ]--- [ 32.155539] 00 [ 32.159091] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 32.159098] Code: [ 32.163324] 45 [ 32.165205] f9 44 89 ee bf [ 32.169619] 0f [ 32.174621] 6e 00 [ 32.176502] b6 [ 32.181329] 00 00 [ 32.186875] 26 [ 32.191028] e8 [ 32.192916] 31 [ 32.198431] 5b 82 [ 32.204787] eb f9 [ 32.209535] RSP: 0018:ffff8801bf93f0a0 EFLAGS: 00010246 [ 32.213830] 41 80 [ 32.220279] fd 6e [ 32.224768] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 32.226634] 0f 84 [ 32.231124] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 32.236636] ce 02 [ 32.238695] RBP: ffff8801bf93f270 R08: ffff8801b5e9a140 R09: ffff8801bf93f464 [ 32.238706] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff888364c1 [ 32.243610] 00 00 [ 32.248450] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 32.250316] e8 7c [ 32.255154] FS: 0000000000000000(0000) GS:ffff8801daf00000(0063) knlGS:00000000f7efcb40 [ 32.259534] 81 eb [ 32.261420] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 32.264760] f9 4c [ 32.267430] CR2: 00000000f7f3dcc4 CR3: 00000001b6883000 CR4: 00000000001406e0 [ 32.269291] 89 f0 [ 32.272478] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.274342] 4c 89 [ 32.277789] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.279655] f2 48 [ 32.283101] Kernel panic - not syncing: Fatal exception [ 32.284969] c1 [ 32.288579] Dumping ftrace buffer: [ 32.288584] (ftrace buffer empty) [ 32.288587] Kernel Offset: disabled [ 32.532758] Rebooting in 86400 seconds..