[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.732377] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.491459] random: sshd: uninitialized urandom read (32 bytes read) [ 20.842246] random: sshd: uninitialized urandom read (32 bytes read) [ 21.563317] random: sshd: uninitialized urandom read (32 bytes read) [ 21.697901] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. [ 27.174814] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 27.256592] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1340 [ 27.265039] in_atomic(): 0, irqs_disabled(): 1, pid: 4451, name: syz-executor223 [ 27.272554] INFO: lockdep is turned off. [ 27.276609] irq event stamp: 0 [ 27.279789] hardirqs last enabled at (0): [<0000000000000000>] (null) [ 27.287347] hardirqs last disabled at (0): [] copy_process.part.41+0x1953/0x73f0 [ 27.296438] softirqs last enabled at (0): [] copy_process.part.41+0x19f4/0x73f0 [ 27.305704] softirqs last disabled at (0): [<0000000000000000>] (null) [ 27.313233] CPU: 0 PID: 4451 Comm: syz-executor223 Not tainted 4.18.0-rc4-next-20180712+ #5 [ 27.321802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.331138] Call Trace: [ 27.333719] dump_stack+0x1c9/0x2b4 [ 27.337331] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.342508] ___might_sleep.cold.86+0x11f/0x13a [ 27.347175] ? check_same_owner+0x340/0x340 [ 27.351665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.357200] ? trace_9p_protocol_dump+0xbe/0x3a0 [ 27.361957] __might_sleep+0x95/0x190 [ 27.365749] __do_page_fault+0x3b6/0xe50 [ 27.369805] ? mm_fault_error+0x380/0x380 [ 27.373948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 27.379478] ? p9pdu_readf+0xb78/0x2170 [ 27.383463] do_page_fault+0xf6/0x8c0 [ 27.387243] ? p9pdu_writef+0xe0/0xe0 [ 27.391031] ? vmalloc_sync_all+0x30/0x30 [ 27.395163] ? ksys_dup3+0x690/0x690 [ 27.398855] ? check_same_owner+0x340/0x340 [ 27.403165] ? p9_fd_poll+0x2b0/0x2b0 [ 27.406946] ? kasan_kmalloc+0xc4/0xe0 [ 27.410821] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.415651] page_fault+0x1e/0x30 [ 27.419098] RIP: 0010:kfree+0xb2/0x260 [ 27.422958] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 a5 c1 a3 ff 49 63 75 74 48 89 df e8 59 60 a9 01 4c [ 27.442221] RSP: 0018:ffff8801bdab75d0 EFLAGS: 00010046 [ 27.447572] RAX: ffffea000022f488 RBX: ffffffff88bd22a4 RCX: ffffea000022f487 [ 27.454842] RDX: ffffea000022f480 RSI: ffffffff87700e50 RDI: ffffffff88bd22a4 [ 27.462109] RBP: ffff8801bdab75f0 R08: ffff8801b082a4c0 R09: ffffed0037b56df8 [ 27.469360] R10: ffffed00361401fb R11: 0000000000000001 R12: 0000000000000282 [ 27.476617] R13: 0000000000000000 R14: ffff8801bdab7740 R15: ffff8801b0968380 [ 27.484590] ? p9_client_create+0xfb0/0x1770 [ 27.488987] p9_client_create+0xfea/0x1770 [ 27.493247] ? p9_client_read+0xc60/0xc60 [ 27.497412] ? lock_acquire+0x1e4/0x540 [ 27.501378] ? lock_acquire+0x1e4/0x540 [ 27.505363] ? fs_reclaim_acquire+0x20/0x20 [ 27.509688] ? lock_release+0xa30/0xa30 [ 27.513653] ? __lockdep_init_map+0x105/0x590 [ 27.518150] ? kasan_check_write+0x14/0x20 [ 27.522365] ? __init_rwsem+0x1cc/0x2a0 [ 27.526319] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 27.531325] ? __kmalloc_track_caller+0x311/0x760 [ 27.536158] ? save_stack+0xa9/0xd0 [ 27.539766] ? save_stack+0x43/0xd0 [ 27.543382] ? kasan_kmalloc+0xc4/0xe0 [ 27.547249] ? kmem_cache_alloc_trace+0x152/0x780 [ 27.552072] ? memcpy+0x45/0x50 [ 27.555333] v9fs_session_init+0x21a/0x1a80 [ 27.559634] ? rcu_note_context_switch+0x730/0x730 [ 27.564560] ? do_mount+0x69e/0x1fb0 [ 27.568256] ? lock_acquire+0x1e4/0x540 [ 27.572209] ? v9fs_show_options+0x7e0/0x7e0 [ 27.576605] ? lock_release+0xa30/0xa30 [ 27.580565] ? check_same_owner+0x340/0x340 [ 27.584872] ? lock_downgrade+0x8f0/0x8f0 [ 27.589031] ? kasan_unpoison_shadow+0x35/0x50 [ 27.593607] ? kasan_kmalloc+0xc4/0xe0 [ 27.597503] ? kmem_cache_alloc_trace+0x318/0x780 [ 27.602332] ? kasan_unpoison_shadow+0x35/0x50 [ 27.606905] ? kasan_kmalloc+0xc4/0xe0 [ 27.610788] v9fs_mount+0x7c/0x900 [ 27.614322] ? v9fs_drop_inode+0x150/0x150 [ 27.618556] legacy_get_tree+0x118/0x440 [ 27.622603] vfs_get_tree+0x1cb/0x5c0 [ 27.626389] do_mount+0x6c1/0x1fb0 [ 27.629924] ? check_same_owner+0x340/0x340 [ 27.634237] ? lock_release+0xa30/0xa30 [ 27.638198] ? copy_mount_string+0x40/0x40 [ 27.642422] ? kasan_kmalloc+0xc4/0xe0 [ 27.646384] ? kmem_cache_alloc_trace+0x318/0x780 [ 27.651231] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 27.656757] ? _copy_from_user+0xdf/0x150 [ 27.660892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.666423] ? copy_mount_options+0x285/0x380 [ 27.670926] ksys_mount+0x12d/0x140 [ 27.674538] __x64_sys_mount+0xbe/0x150 [ 27.678496] do_syscall_64+0x1b9/0x820 [ 27.682372] ? syscall_return_slowpath+0x5e0/0x5e0 [ 27.687284] ? syscall_return_slowpath+0x31d/0x5e0 [ 27.692203] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 27.697201] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.702721] ? prepare_exit_to_usermode+0x291/0x3b0 [ 27.707813] ? perf_trace_sys_enter+0xb10/0xb10 [ 27.712471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.717297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.722488] RIP: 0033:0x440149 [ 27.725662] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.744788] RSP: 002b:00007ffdd4a2d278 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 27.752570] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440149 [ 27.760286] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 27.767637] RBP: 00000000006ca018 R08: 00000000200001c0 R09: 00000000004002c8 [ 27.774894] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000004019d0 [ 27.782163] R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000 [ 27.789443] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074 [ 27.797478] PGD 1b21f6067 P4D 1b21f6067 PUD 1ab98e067 PMD 0 [ 27.803268] Oops: 0000 [#1] SMP KASAN [ 27.807070] CPU: 0 PID: 4451 Comm: syz-executor223 Tainted: G W 4.18.0-rc4-next-20180712+ #5 [ 27.816925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.826272] RIP: 0010:kfree+0xb2/0x260 [ 27.830163] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 a5 c1 a3 ff 49 63 75 74 48 89 df e8 59 60 a9 01 4c [ 27.849319] RSP: 0018:ffff8801bdab75d0 EFLAGS: 00010046 [ 27.854671] RAX: ffffea000022f488 RBX: ffffffff88bd22a4 RCX: ffffea000022f487 [ 27.861923] RDX: ffffea000022f480 RSI: ffffffff87700e50 RDI: ffffffff88bd22a4 [ 27.869282] RBP: ffff8801bdab75f0 R08: ffff8801b082a4c0 R09: ffffed0037b56df8 [ 27.876557] R10: ffffed00361401fb R11: 0000000000000001 R12: 0000000000000282 [ 27.883830] R13: 0000000000000000 R14: ffff8801bdab7740 R15: ffff8801b0968380 [ 27.891101] FS: 0000000000994880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 27.899315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.905178] CR2: 0000000000000074 CR3: 00000001bf5bf000 CR4: 00000000001406f0 [ 27.912451] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.919700] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.926954] Call Trace: [ 27.929527] p9_client_create+0xfea/0x1770 [ 27.933744] ? p9_client_read+0xc60/0xc60 [ 27.937882] ? lock_acquire+0x1e4/0x540 [ 27.941840] ? lock_acquire+0x1e4/0x540 [ 27.945795] ? fs_reclaim_acquire+0x20/0x20 [ 27.950116] ? lock_release+0xa30/0xa30 [ 27.954074] ? __lockdep_init_map+0x105/0x590 [ 27.958552] ? kasan_check_write+0x14/0x20 [ 27.962768] ? __init_rwsem+0x1cc/0x2a0 [ 27.966721] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 27.971722] ? __kmalloc_track_caller+0x311/0x760 [ 27.976549] ? save_stack+0xa9/0xd0 [ 27.980179] ? save_stack+0x43/0xd0 [ 27.983796] ? kasan_kmalloc+0xc4/0xe0 [ 27.987672] ? kmem_cache_alloc_trace+0x152/0x780 [ 27.992504] ? memcpy+0x45/0x50 [ 27.995777] v9fs_session_init+0x21a/0x1a80 [ 28.000080] ? rcu_note_context_switch+0x730/0x730 [ 28.004988] ? do_mount+0x69e/0x1fb0 [ 28.008690] ? lock_acquire+0x1e4/0x540 [ 28.012644] ? v9fs_show_options+0x7e0/0x7e0 [ 28.017120] ? lock_release+0xa30/0xa30 [ 28.021097] ? check_same_owner+0x340/0x340 [ 28.025575] ? lock_downgrade+0x8f0/0x8f0 [ 28.029709] ? kasan_unpoison_shadow+0x35/0x50 [ 28.034269] ? kasan_kmalloc+0xc4/0xe0 [ 28.038137] ? kmem_cache_alloc_trace+0x318/0x780 [ 28.042957] ? kasan_unpoison_shadow+0x35/0x50 [ 28.047535] ? kasan_kmalloc+0xc4/0xe0 [ 28.051406] v9fs_mount+0x7c/0x900 [ 28.054925] ? v9fs_drop_inode+0x150/0x150 [ 28.059152] legacy_get_tree+0x118/0x440 [ 28.063196] vfs_get_tree+0x1cb/0x5c0 [ 28.066977] do_mount+0x6c1/0x1fb0 [ 28.070584] ? check_same_owner+0x340/0x340 [ 28.074899] ? lock_release+0xa30/0xa30 [ 28.078867] ? copy_mount_string+0x40/0x40 [ 28.083083] ? kasan_kmalloc+0xc4/0xe0 [ 28.086963] ? kmem_cache_alloc_trace+0x318/0x780 [ 28.091788] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 28.097326] ? _copy_from_user+0xdf/0x150 [ 28.101456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.106979] ? copy_mount_options+0x285/0x380 [ 28.111461] ksys_mount+0x12d/0x140 [ 28.115078] __x64_sys_mount+0xbe/0x150 [ 28.119057] do_syscall_64+0x1b9/0x820 [ 28.123026] ? syscall_return_slowpath+0x5e0/0x5e0 [ 28.127945] ? syscall_return_slowpath+0x31d/0x5e0 [ 28.132875] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 28.138403] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.143935] ? prepare_exit_to_usermode+0x291/0x3b0 [ 28.148944] ? perf_trace_sys_enter+0xb10/0xb10 [ 28.153601] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.158441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.163608] RIP: 0033:0x440149 [ 28.166791] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 28.186007] RSP: 002b:00007ffdd4a2d278 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 28.193714] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440149 [ 28.200969] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 28.208229] RBP: 00000000006ca018 R08: 00000000200001c0 R09: 00000000004002c8 [ 28.215481] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000004019d0 [ 28.222734] R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000 [ 28.230080] Modules linked in: [ 28.233263] Dumping ftrace buffer: [ 28.236799] (ftrace buffer empty) [ 28.240489] CR2: 0000000000000074 [ 28.243944] ---[ end trace cb663f3aae4a3aaa ]--- [ 28.248687] RIP: 0010:kfree+0xb2/0x260 [ 28.252548] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 a5 c1 a3 ff 49 63 75 74 48 89 df e8 59 60 a9 01 4c [ 28.271758] RSP: 0018:ffff8801bdab75d0 EFLAGS: 00010046 [ 28.277115] RAX: ffffea000022f488 RBX: ffffffff88bd22a4 RCX: ffffea000022f487 [ 28.284366] RDX: ffffea000022f480 RSI: ffffffff87700e50 RDI: ffffffff88bd22a4 [ 28.291624] RBP: ffff8801bdab75f0 R08: ffff8801b082a4c0 R09: ffffed0037b56df8 [ 28.298877] R10: ffffed00361401fb R11: 0000000000000001 R12: 0000000000000282 [ 28.306226] R13: 0000000000000000 R14: ffff8801bdab7740 R15: ffff8801b0968380 [ 28.313495] FS: 0000000000994880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 28.321822] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.327708] CR2: 0000000000000074 CR3: 00000001bf5bf000 CR4: 00000000001406f0 [ 28.334961] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.342229] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.349489] Kernel panic - not syncing: Fatal exception [ 28.355430] Dumping ftrace buffer: [ 28.358958] (ftrace buffer empty) [ 28.362660] Kernel Offset: disabled [ 28.366270] Rebooting in 86400 seconds..