[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.989717] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.864524] random: sshd: uninitialized urandom read (32 bytes read) [ 24.302541] random: sshd: uninitialized urandom read (32 bytes read) [ 25.128236] random: sshd: uninitialized urandom read (32 bytes read) [ 25.284546] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. [ 30.777667] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program [ 30.874928] 9pnet_virtio: no channels available for device (null) [ 30.875675] 9pnet_virtio: no channels available for device (null) [ 30.883095] 9pnet_virtio: no channels available for device (null) [ 30.892027] 9pnet_virtio: no channels available for device (null) [ 30.897799] 9pnet_virtio: no channels available for device (null) [ 30.900723] 9pnet_virtio: no channels available for device (null) [ 30.907085] 9pnet_virtio: no channels available for device (null) [ 30.913252] 9pnet_virtio: no channels available for device (null) executing program executing program executing program executing program [ 30.922267] 9pnet: p9_fd_create_tcp (4530): problem connecting socket to 127.0.0.1 [ 30.926708] 9pnet: p9_fd_create_tcp (4529): problem connecting socket to 127.0.0.1 [ 30.934230] kasan: CONFIG_KASAN_INLINE enabled [ 30.942081] 9pnet: p9_fd_create_tcp (4535): problem connecting socket to 127.0.0.1 [ 30.945609] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 30.954231] 9pnet: p9_fd_create_tcp (4531): problem connecting socket to 127.0.0.1 [ 30.960694] general protection fault: 0000 [#1] SMP KASAN executing program [ 30.969970] 9pnet_virtio: no channels available for device (null) [ 30.973889] CPU: 0 PID: 4518 Comm: syz-executor886 Not tainted 4.18.0-rc4+ #140 [ 30.973900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.980812] kasan: CONFIG_KASAN_INLINE enabled [ 30.987544] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 30.987551] Code: [ 30.996897] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 31.001438] f9 44 89 ee bf 6e 00 00 00 e8 5b 82 eb f9 41 80 fd 6e 0f 84 ce 02 00 00 e8 7c 81 eb f9 4c 89 f0 4c 89 f2 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 e8 1c 00 00 45 0f b6 26 31 [ 31.033744] RSP: 0018:ffff8801ba7bf0e0 EFLAGS: 00010246 [ 31.039085] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 31.046333] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 31.053583] RBP: ffff8801ba7bf2b0 R08: ffff8801af6cc1c0 R09: ffff8801ba7bf4a4 [ 31.060830] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff888364c1 [ 31.068076] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 31.075328] FS: 00007fb396b37700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 31.083548] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.089407] CR2: 00007fb396af4e78 CR3: 00000001af024000 CR4: 00000000001406f0 [ 31.096659] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.103907] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.111150] Call Trace: [ 31.113728] ? lock_set_class+0x3ef/0x820 [ 31.117858] ? simple_strtoll+0xa0/0xa0 [ 31.121830] ? kfree+0x111/0x260 [ 31.125181] ? parse_opts+0x3b8/0x500 [ 31.128962] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.133961] ? trace_hardirqs_on+0xd/0x10 [ 31.138092] ? parse_opts+0x351/0x500 [ 31.141877] ? p9_fd_poll+0x2b0/0x2b0 [ 31.145658] ? kasan_kmalloc+0xc4/0xe0 [ 31.149525] ? p9_idpool_create+0x42/0x190 [ 31.153740] ? p9_client_create+0x87a/0x16c9 [ 31.158137] ? v9fs_session_init+0x21a/0x1a80 [ 31.162622] sscanf+0xab/0xe0 [ 31.165728] ? vsscanf+0x2af0/0x2af0 [ 31.170030] ? find_held_lock+0x36/0x1c0 [ 31.174076] p9_fd_create_tcp+0x113/0x8a0 [ 31.178206] ? p9_fd_create_unix+0x370/0x370 [ 31.182595] ? kasan_check_read+0x11/0x20 [ 31.186733] ? rcu_is_watching+0x8c/0x150 [ 31.190865] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.195947] ? rcu_pm_notify+0xc0/0xc0 [ 31.199819] ? p9_idpool_create+0x42/0x190 [ 31.204035] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.209031] ? kmem_cache_alloc_trace+0x616/0x780 [ 31.213855] ? __lockdep_init_map+0x105/0x590 [ 31.218331] ? lockdep_init_map+0x9/0x10 [ 31.222372] ? __raw_spin_lock_init+0x2d/0x100 [ 31.226935] p9_client_create+0x915/0x16c9 [ 31.231155] ? p9_client_read+0xc60/0xc60 [ 31.235292] ? find_held_lock+0x36/0x1c0 [ 31.239340] ? __lockdep_init_map+0x105/0x590 [ 31.243820] ? kasan_check_write+0x14/0x20 [ 31.248037] ? __init_rwsem+0x1cc/0x2a0 [ 31.251992] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 31.256993] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.261995] ? __kmalloc_track_caller+0x5f5/0x760 [ 31.266827] ? save_stack+0xa9/0xd0 [ 31.270435] ? save_stack+0x43/0xd0 [ 31.274043] ? kasan_kmalloc+0xc4/0xe0 [ 31.277998] ? kmem_cache_alloc_trace+0x152/0x780 [ 31.282821] ? memcpy+0x45/0x50 [ 31.286083] v9fs_session_init+0x21a/0x1a80 [ 31.290385] ? find_held_lock+0x36/0x1c0 [ 31.294429] ? v9fs_show_options+0x7e0/0x7e0 [ 31.298828] ? kasan_check_read+0x11/0x20 [ 31.302964] ? rcu_is_watching+0x8c/0x150 [ 31.307091] ? rcu_pm_notify+0xc0/0xc0 [ 31.310976] ? v9fs_mount+0x61/0x900 [ 31.314682] ? rcu_read_lock_sched_held+0x108/0x120 [ 31.319679] ? kmem_cache_alloc_trace+0x616/0x780 [ 31.324512] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 31.330029] v9fs_mount+0x7c/0x900 [ 31.333553] mount_fs+0xae/0x328 [ 31.336901] vfs_kern_mount.part.34+0xdc/0x4e0 [ 31.341463] ? may_umount+0xb0/0xb0 [ 31.345075] ? _raw_read_unlock+0x22/0x30 [ 31.349202] ? __get_fs_type+0x97/0xc0 [ 31.353073] do_mount+0x581/0x30e0 [ 31.356592] ? do_raw_spin_unlock+0xa7/0x2f0 [ 31.360983] ? copy_mount_string+0x40/0x40 [ 31.365202] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.369940] ? retint_kernel+0x10/0x10 [ 31.373810] ? copy_mount_options+0x1e3/0x380 [ 31.378284] ? copy_mount_options+0x1f0/0x380 [ 31.382758] ? copy_mount_options+0x1fa/0x380 [ 31.387234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.392750] ? copy_mount_options+0x285/0x380 [ 31.397225] ksys_mount+0x12d/0x140 [ 31.400836] __x64_sys_mount+0xbe/0x150 [ 31.404791] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.409798] do_syscall_64+0x1b9/0x820 [ 31.413673] ? finish_task_switch+0x1d3/0x870 [ 31.418149] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.423069] ? syscall_return_slowpath+0x31d/0x5e0 [ 31.427982] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 31.433336] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.438164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.443332] RIP: 0033:0x445a99 [ 31.446497] Code: e8 bc e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 31.465670] RSP: 002b:00007fb396b36da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 31.473360] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445a99 [ 31.480609] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 31.487869] RBP: 00000000006dac20 R08: 0000000020000180 R09: 0000000000000000 [ 31.495117] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 31.502365] R13: 63743d736e617274 R14: 2e302e302e373231 R15: 0000000000000001 [ 31.509626] Modules linked in: [ 31.512807] Dumping ftrace buffer: [ 31.516322] (ftrace buffer empty) [ 31.520028] general protection fault: 0000 [#2] SMP KASAN [ 31.520093] ---[ end trace 339be624a7bff85d ]--- [ 31.525740] CPU: 1 PID: 4539 Comm: syz-executor886 Tainted: G D 4.18.0-rc4+ #140 [ 31.525747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.525772] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 31.530509] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 31.539291] Code: f9 44 89 ee bf [ 31.548658] Code: [ 31.553121] 6e 00 00 00 e8 5b [ 31.557362] f9 [ 31.560770] 82 eb f9 41 80 fd [ 31.562924] 44 [ 31.566081] 6e 0f 84 ce 02 00 00 e8 [ 31.567980] 89 [ 31.571131] 7c 81 eb f9 4c 89 [ 31.573022] ee [ 31.576694] f0 4c 89 f2 48 c1 [ 31.578585] bf [ 31.581740] e8 03 83 e2 07 <42> [ 31.583634] 6e [ 31.586789] 0f b6 04 38 38 d0 [ 31.588683] 00 [ 31.592008] 7f 08 84 c0 0f 85 e8 [ 31.593903] 00 [ 31.597057] 1c 00 00 45 0f b6 [ 31.598959] 00 [ 31.602370] 26 31 [ 31.602383] RSP: 0018:ffff8801bb4b70e0 EFLAGS: 00010246 [ 31.604265] e8 [ 31.607421] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 31.607428] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 31.607440] RBP: ffff8801bb4b72b0 R08: ffff8801af5ca6c0 R09: ffff8801bb4b74a4 [ 31.609305] 5b [ 31.611419] R10: 00000000853704de R11: ffff8801daf236b3 R12: ffffffff888364c1 [ 31.611427] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 31.611441] FS: 00007fb396af5700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 31.616791] 82 [ 31.618652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.618659] CR2: 00007fb396af4e78 CR3: 00000001af091000 CR4: 00000000001406e0 [ 31.618671] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.625922] eb [ 31.633158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.633163] Call Trace: [ 31.633190] ? lock_set_class+0x3ef/0x820 [ 31.640433] f9 [ 31.642294] ? simple_strtoll+0xa0/0xa0 [ 31.642313] ? __kasan_slab_free+0x131/0x170 [ 31.649569] 41 [ 31.657207] ? trace_hardirqs_on+0xd/0x10 [ 31.657225] ? parse_opts+0x351/0x500 [ 31.657241] ? p9_fd_poll+0x2b0/0x2b0 [ 31.665451] 80 [ 31.667312] ? kasan_kmalloc+0xc4/0xe0 [ 31.667328] ? p9_idpool_create+0x42/0x190 [ 31.673188] fd [ 31.680429] ? p9_client_create+0x87a/0x16c9 [ 31.680442] ? v9fs_session_init+0x21a/0x1a80 [ 31.680459] sscanf+0xab/0xe0 [ 31.687706] 6e [ 31.689565] ? vsscanf+0x2af0/0x2af0 [ 31.689591] ? kasan_slab_free+0xe/0x10 [ 31.696830] 0f [ 31.699386] ? v9fs_mount+0x7c/0x900 [ 31.699404] ? mount_fs+0xae/0x328 [ 31.703525] 84 [ 31.705385] ? vfs_kern_mount.part.34+0xdc/0x4e0 [ 31.705401] ? do_mount+0x581/0x30e0 [ 31.709350] ce [ 31.713726] ? __x64_sys_mount+0xbe/0x150 [ 31.713740] p9_fd_create_tcp+0x113/0x8a0 [ 31.713754] ? lock_downgrade+0x8f0/0x8f0 [ 31.713771] ? p9_fd_create_unix+0x370/0x370 [ 31.715638] 02 [ 31.719759] ? check_same_owner+0x340/0x340 [ 31.719778] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 31.723553] 00 [ 31.727325] ? kasan_unpoison_shadow+0x35/0x50 [ 31.727341] ? kasan_kmalloc+0xc4/0xe0 [ 31.729204] 00 [ 31.733066] ? kmem_cache_alloc_trace+0x318/0x780 [ 31.733086] ? __lockdep_init_map+0x105/0x590 [ 31.737295] e8 [ 31.739157] ? lockdep_init_map+0x9/0x10 [ 31.739172] ? __raw_spin_lock_init+0x2d/0x100 [ 31.743554] 7c [ 31.748022] p9_client_create+0x915/0x16c9 [ 31.748040] ? p9_client_read+0xc60/0xc60 [ 31.751119] 81 [ 31.752983] ? kasan_check_read+0x11/0x20 [ 31.752999] ? lock_acquire+0x1e4/0x540 [ 31.756688] eb [ 31.760632] ? fs_reclaim_acquire+0x20/0x20 [ 31.760650] ? lock_release+0xa30/0xa30 [ 31.762515] f9 [ 31.766209] ? __lockdep_init_map+0x105/0x590 [ 31.766228] ? kasan_check_write+0x14/0x20 [ 31.769741] 4c [ 31.771603] ? __init_rwsem+0x1cc/0x2a0 [ 31.771618] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 31.776351] 89 [ 31.780036] ? __kmalloc_track_caller+0x311/0x760 [ 31.780046] ? save_stack+0xa9/0xd0 [ 31.780063] ? save_stack+0x43/0xd0 [ 31.781929] f0 [ 31.786048] ? kasan_kmalloc+0xc4/0xe0 [ 31.786059] ? kmem_cache_alloc_trace+0x152/0x780 [ 31.786074] ? memcpy+0x45/0x50 [ 31.790203] 4c [ 31.794326] v9fs_session_init+0x21a/0x1a80 [ 31.794345] ? lock_acquire+0x1e4/0x540 [ 31.798729] 89 [ 31.800597] ? v9fs_show_options+0x7e0/0x7e0 [ 31.800613] ? lock_release+0xa30/0xa30 [ 31.804908] f2 [ 31.809982] ? check_same_owner+0x340/0x340 [ 31.809998] ? quarantine_put+0x10d/0x1b0 [ 31.811863] 48 [ 31.816421] ? kasan_unpoison_shadow+0x35/0x50 [ 31.816437] ? kasan_kmalloc+0xc4/0xe0 [ 31.820699] c1 [ 31.822560] ? kmem_cache_alloc_trace+0x318/0x780 [ 31.822581] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 31.827396] e8 [ 31.831863] v9fs_mount+0x7c/0x900 [ 31.831881] mount_fs+0xae/0x328 [ 31.833742] 03 [ 31.837775] vfs_kern_mount.part.34+0xdc/0x4e0 [ 31.837790] ? may_umount+0xb0/0xb0 [ 31.842348] 83 [ 31.844212] ? _raw_read_unlock+0x22/0x30 [ 31.844226] ? __get_fs_type+0x97/0xc0 [ 31.848438] e2 [ 31.852555] do_mount+0x581/0x30e0 [ 31.852575] ? lock_release+0xa30/0xa30 [ 31.854436] 07 [ 31.858562] ? copy_mount_string+0x40/0x40 [ 31.858579] ? check_same_owner+0x340/0x340 [ 31.862529] <42> [ 31.864392] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.864409] ? retint_kernel+0x10/0x10 [ 31.868704] 0f [ 31.872649] ? copy_mount_options+0x1e3/0x380 [ 31.872665] ? copy_mount_options+0x1f0/0x380 [ 31.874539] b6 [ 31.879004] ? copy_mount_options+0x1f6/0x380 [ 31.879017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.879033] ? copy_mount_options+0x285/0x380 [ 31.883242] 04 [ 31.885103] ksys_mount+0x12d/0x140 [ 31.885120] __x64_sys_mount+0xbe/0x150 [ 31.889070] 38 [ 31.894057] do_syscall_64+0x1b9/0x820 [ 31.894067] ? finish_task_switch+0x1d3/0x870 [ 31.894084] ? syscall_return_slowpath+0x5e0/0x5e0 [ 31.895947] 38 [ 31.900761] ? syscall_return_slowpath+0x31d/0x5e0 [ 31.900779] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 31.904383] d0 [ 31.907982] ? prepare_exit_to_usermode+0x291/0x3b0 [ 31.907998] ? perf_trace_sys_enter+0xb10/0xb10 [ 31.909874] 7f [ 31.913722] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.913743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 31.918559] 08 [ 31.921806] RIP: 0033:0x445a99 [ 31.921809] Code: e8 [ 31.923689] 84 [ 31.927971] bc e7 ff ff 48 83 c4 [ 31.931955] c0 [ 31.933811] 18 c3 0f 1f 80 00 [ 31.938231] 0f [ 31.942164] 00 00 00 48 89 f8 48 [ 31.944061] 85 [ 31.948348] 89 f7 48 89 d6 48 89 [ 31.952509] e8 [ 31.954360] ca 4d 89 c2 4d 89 [ 31.958945] 1c [ 31.962791] c8 4c 8b 4c 24 08 [ 31.964681] 00 [ 31.969597] 0f 05 <48> 3d 01 f0 ff [ 31.975141] 00 [ 31.976989] ff 0f 83 2b 0e fc ff c3 66 2e [ 31.980546] 45 [ 31.983874] 0f 1f 84 00 00 00 [ 31.985766] 0f [ 31.990309] 00 [ 31.990319] RSP: 002b:00007fb396af4da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 31.990335] RAX: ffffffffffffffda RBX: 00000000006dac54 RCX: 0000000000445a99 [ 31.993939] b6 [ 31.995796] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 31.995803] RBP: 00000000006dac50 R08: 0000000020000180 R09: 0000000000000000 [ 31.995814] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 31.999945] 26 [ 32.003793] R13: 63743d736e617274 R14: 2e302e302e373231 R15: 0000000000000001 [ 32.003805] Modules linked in: [ 32.005683] 31 [ 32.009190] Dumping ftrace buffer: [ 32.009195] (ftrace buffer empty) [ 32.009333] ---[ end trace 339be624a7bff85e ]--- [ 32.015061] RIP: 0010:vsscanf+0x3c1/0x2af0 [ 32.019361] RSP: 0018:ffff8801ba7bf0e0 EFLAGS: 00010246 [ 32.023659] Code: f9 [ 32.030450] 44 89 [ 32.034334] RAX: 0000000000000000 RBX: ffffffff888364c1 RCX: ffffffff87908a15 [ 32.036199] ee bf [ 32.040694] RDX: 0000000000000000 RSI: ffffffff87908a24 RDI: 0000000000000001 [ 32.045161] 6e 00 [ 32.047049] RBP: ffff8801ba7bf2b0 R08: ffff8801af6cc1c0 R09: ffff8801ba7bf4a4 [ 32.051519] 00 00 [ 32.057055] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff888364c1 [ 32.061529] e8 5b [ 32.063418] R13: 0000000000000064 R14: 0000000000000000 R15: dffffc0000000000 [ 32.067020] 82 eb [ 32.070998] FS: 00007fb396b37700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 32.072865] f9 41 [ 32.076746] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.076758] CR2: 00007fb396af4e78 CR3: 00000001af024000 CR4: 00000000001406f0 [ 32.081228] 80 fd [ 32.086172] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.088039] 6e 0f 84 [ 32.092972] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.097969] ce 02 [ 32.099850] Kernel panic - not syncing: Fatal exception [ 32.104844] 00 [ 32.109933] Dumping ftrace buffer: [ 32.109938] (ftrace buffer empty) [ 32.109942] Kernel Offset: disabled [ 32.368108] Rebooting in 86400 seconds..