[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.695212] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.298510] random: sshd: uninitialized urandom read (32 bytes read)
[   22.622167] random: sshd: uninitialized urandom read (32 bytes read)
[   23.153013] random: sshd: uninitialized urandom read (32 bytes read)
[   23.874146] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts.
[   29.357131] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   29.455897] FAT-fs (loop0): bogus number of reserved sectors
[   29.462247] FAT-fs (loop0): Can't find a valid FAT filesystem
[   29.474544] kasan: CONFIG_KASAN_INLINE enabled
[   29.479357] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   29.486850] general protection fault: 0000 [#1] SMP KASAN
[   29.492414] CPU: 1 PID: 4364 Comm: syz-executor208 Not tainted 4.18.0-rc8+ #182
[   29.499869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.509235] RIP: 0010:vsscanf+0x3c1/0x2af0
[   29.513450] Code: fa 44 89 ee bf 6e 00 00 00 e8 4b 7a d4 fa 41 80 fd 6e 0f 84 ce 02 00 00 e8 6c 79 d4 fa 4c 89 f0 4c 89 f2 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 e8 1c 00 00 45 0f b6 26 31 
[   29.532590] RSP: 0018:ffff8801b7a6f0e0 EFLAGS: 00010246
[   29.537942] RAX: 0000000000000000 RBX: ffffffff8785bf81 RCX: ffffffff86a79ed5
[   29.545236] RDX: 0000000000000000 RSI: ffffffff86a79ee4 RDI: 0000000000000001
[   29.552498] RBP: ffff8801b7a6f2b0 R08: ffff8801bcb28080 R09: ffff8801b7a6f4a4
[   29.559758] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8785bf81
[   29.567063] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000
[   29.574390] FS:  0000000001e6a880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[   29.582614] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   29.588502] CR2: 0000000000b44e80 CR3: 00000001b9b24000 CR4: 00000000001406e0
[   29.595781] Call Trace:
[   29.598389]  ? __lock_acquire+0x4b8f/0x5020
[   29.602701]  ? simple_strtoll+0xa0/0xa0
[   29.606666]  ? kfree+0x111/0x260
[   29.610051]  ? parse_opts+0x3b8/0x500
[   29.613946]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.618956]  ? trace_hardirqs_on+0xd/0x10
[   29.623126]  ? parse_opts+0x351/0x500
[   29.626918]  ? p9_fd_poll+0x2b0/0x2b0
[   29.630717]  ? kasan_kmalloc+0xc4/0xe0
[   29.634606]  ? p9_idpool_create+0x42/0x190
[   29.638832]  ? p9_client_create+0x852/0x1770
[   29.643229]  ? v9fs_session_init+0x21a/0x1a80
[   29.647714]  sscanf+0xab/0xe0
[   29.650834]  ? vsscanf+0x2af0/0x2af0
[   29.654538]  ? find_held_lock+0x36/0x1c0
[   29.658590]  p9_fd_create_tcp+0x113/0x8a0
[   29.662754]  ? p9_fd_create_unix+0x370/0x370
[   29.667172]  ? kasan_check_read+0x11/0x20
[   29.671312]  ? rcu_is_watching+0x8c/0x150
[   29.675450]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   29.680553]  ? rcu_pm_notify+0xc0/0xc0
[   29.684434]  ? p9_idpool_create+0x42/0x190
[   29.688670]  ? rcu_read_lock_sched_held+0x108/0x120
[   29.693688]  ? kmem_cache_alloc_trace+0x616/0x780
[   29.698522]  ? __lockdep_init_map+0x105/0x590
[   29.703013]  ? lockdep_init_map+0x9/0x10
[   29.707079]  ? __raw_spin_lock_init+0x2d/0x100
[   29.711669]  p9_client_create+0x8ed/0x1770
[   29.715918]  ? p9_client_read+0xc60/0xc60
[   29.720093]  ? find_held_lock+0x36/0x1c0
[   29.724152]  ? __lockdep_init_map+0x105/0x590
[   29.728642]  ? kasan_check_write+0x14/0x20
[   29.732878]  ? __init_rwsem+0x1cc/0x2a0
[   29.736842]  ? do_raw_write_unlock.cold.8+0x49/0x49
[   29.741877]  ? rcu_read_lock_sched_held+0x108/0x120
[   29.746905]  ? __kmalloc_track_caller+0x5f5/0x760
[   29.751751]  ? save_stack+0xa9/0xd0
[   29.755493]  ? save_stack+0x43/0xd0
[   29.759112]  ? kasan_kmalloc+0xc4/0xe0
[   29.762995]  ? kmem_cache_alloc_trace+0x152/0x780
[   29.767839]  ? memcpy+0x45/0x50
[   29.771120]  v9fs_session_init+0x21a/0x1a80
[   29.775440]  ? find_held_lock+0x36/0x1c0
[   29.779502]  ? v9fs_show_options+0x7e0/0x7e0
[   29.783928]  ? kasan_check_read+0x11/0x20
[   29.788105]  ? rcu_is_watching+0x8c/0x150
[   29.792251]  ? rcu_pm_notify+0xc0/0xc0
[   29.796151]  ? v9fs_mount+0x61/0x900
[   29.799875]  ? rcu_read_lock_sched_held+0x108/0x120
[   29.804900]  ? kmem_cache_alloc_trace+0x616/0x780
[   29.809739]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   29.815268]  v9fs_mount+0x7c/0x900
[   29.818800]  mount_fs+0xae/0x328
[   29.822155]  vfs_kern_mount.part.34+0xdc/0x4e0
[   29.826731]  ? may_umount+0xb0/0xb0
[   29.830345]  ? _raw_read_unlock+0x22/0x30
[   29.834486]  ? __get_fs_type+0x97/0xc0
[   29.838362]  do_mount+0x581/0x30e0
[   29.841891]  ? copy_mount_string+0x40/0x40
[   29.846113]  ? copy_mount_options+0x5f/0x380
[   29.850511]  ? rcu_read_lock_sched_held+0x108/0x120
[   29.855514]  ? kmem_cache_alloc_trace+0x616/0x780
[   29.860347]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   29.865872]  ? _copy_from_user+0xdf/0x150
[   29.870017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.875559]  ? copy_mount_options+0x285/0x380
[   29.880054]  ksys_mount+0x12d/0x140
[   29.883679]  __x64_sys_mount+0xbe/0x150
[   29.887653]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.892662]  do_syscall_64+0x1b9/0x820
[   29.896550]  ? syscall_return_slowpath+0x5e0/0x5e0
[   29.901492]  ? syscall_return_slowpath+0x31d/0x5e0
[   29.906416]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   29.911773]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.916626]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   29.921804] RIP: 0033:0x444239
[   29.924973] Code: 0d d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[   29.944128] RSP: 002b:00007ffcc8483028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   29.951827] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000444239
[   29.959099] RDX: 0000000020000040 RSI: 00000000200000c0 RDI: 0000000000000000
[   29.966372] RBP: 00000000006cf018 R08: 00000000200001c0 R09: 0000000020000240
[   29.973632] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000401ea0
[   29.980892] R13: 0000000000401f30 R14: 0000000000000000 R15: 0000000000000000
[   29.988150] Modules linked in:
[   29.991348] Dumping ftrace buffer:
[   29.994870]    (ftrace buffer empty)
[   29.998868] ---[ end trace eb82439475c6d986 ]---
[   30.003690] RIP: 0010:vsscanf+0x3c1/0x2af0
[   30.007963] Code: fa 44 89 ee bf 6e 00 00 00 e8 4b 7a d4 fa 41 80 fd 6e 0f 84 ce 02 00 00 e8 6c 79 d4 fa 4c 89 f0 4c 89 f2 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 e8 1c 00 00 45 0f b6 26 31 
[   30.027339] RSP: 0018:ffff8801b7a6f0e0 EFLAGS: 00010246
[   30.032739] RAX: 0000000000000000 RBX: ffffffff8785bf81 RCX: ffffffff86a79ed5
[   30.040166] RDX: 0000000000000000 RSI: ffffffff86a79ee4 RDI: 0000000000000001
[   30.047491] RBP: ffff8801b7a6f2b0 R08: ffff8801bcb28080 R09: ffff8801b7a6f4a4
[   30.054817] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8785bf81
[   30.062123] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000
[   30.069425] FS:  0000000001e6a880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[   30.077674] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.083622] CR2: 0000000000b44e80 CR3: 00000001b9b24000 CR4: 00000000001406e0
[   30.090919] Kernel panic - not syncing: Fatal exception
[   30.096612] Dumping ftrace buffer:
[   30.100150]    (ftrace buffer empty)
[   30.103843] Kernel Offset: disabled
[   30.107454] Rebooting in 86400 seconds..