[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.681940] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.511343] random: sshd: uninitialized urandom read (32 bytes read) [ 19.779147] random: sshd: uninitialized urandom read (32 bytes read) [ 20.483928] random: sshd: uninitialized urandom read (32 bytes read) [ 20.616668] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts. [ 26.064393] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 26.143862] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1340 [ 26.152295] in_atomic(): 0, irqs_disabled(): 1, pid: 4427, name: syz-executor294 [ 26.159801] INFO: lockdep is turned off. [ 26.163834] irq event stamp: 0 [ 26.167001] hardirqs last enabled at (0): [<0000000000000000>] (null) [ 26.174518] hardirqs last disabled at (0): [] copy_process.part.41+0x18cb/0x7340 [ 26.183595] softirqs last enabled at (0): [] copy_process.part.41+0x196c/0x7340 [ 26.192669] softirqs last disabled at (0): [<0000000000000000>] (null) [ 26.200184] CPU: 0 PID: 4427 Comm: syz-executor294 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 26.208646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.217974] Call Trace: [ 26.220550] dump_stack+0x1c9/0x2b4 [ 26.224156] ? dump_stack_print_info.cold.2+0x52/0x52 [ 26.229330] ___might_sleep.cold.86+0x11f/0x13a [ 26.233977] ? check_same_owner+0x340/0x340 [ 26.238285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.243801] ? trace_9p_protocol_dump+0xbe/0x3a0 [ 26.248535] __might_sleep+0x95/0x190 [ 26.252326] __do_page_fault+0x3b6/0xe50 [ 26.256367] ? mm_fault_error+0x380/0x380 [ 26.260495] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 26.266024] ? p9pdu_readf+0xb78/0x2170 [ 26.269992] do_page_fault+0xf6/0x8c0 [ 26.273774] ? p9pdu_writef+0xe0/0xe0 [ 26.277552] ? vmalloc_sync_all+0x30/0x30 [ 26.281680] ? ksys_dup3+0x690/0x690 [ 26.285373] ? check_same_owner+0x340/0x340 [ 26.289670] ? p9_fd_poll+0x2b0/0x2b0 [ 26.293453] ? kasan_kmalloc+0xc4/0xe0 [ 26.297325] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.302150] page_fault+0x1e/0x30 [ 26.305580] RIP: 0010:kfree+0xb2/0x260 [ 26.309437] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 26.328556] RSP: 0018:ffff8801ac6b75d0 EFLAGS: 00010046 [ 26.333900] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 26.341152] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 26.348400] RBP: ffff8801ac6b75f0 R08: ffff8801abce2000 R09: ffffed00358d6df8 [ 26.355650] R10: ffffed003584fe8b R11: 0000000000000001 R12: 0000000000000282 [ 26.362898] R13: 0000000000000000 R14: ffff8801ac6b7740 R15: ffff8801ac2f8380 [ 26.370170] ? p9_client_create+0xf09/0x16c9 [ 26.374557] p9_client_create+0xf43/0x16c9 [ 26.378782] ? p9_client_read+0xc60/0xc60 [ 26.382910] ? lock_acquire+0x1e4/0x540 [ 26.386867] ? lock_acquire+0x1e4/0x540 [ 26.390819] ? fs_reclaim_acquire+0x20/0x20 [ 26.395119] ? lock_release+0xa30/0xa30 [ 26.399076] ? __lockdep_init_map+0x105/0x590 [ 26.403553] ? kasan_check_write+0x14/0x20 [ 26.407765] ? __init_rwsem+0x1cc/0x2a0 [ 26.411717] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 26.416713] ? __kmalloc_track_caller+0x311/0x760 [ 26.421534] ? save_stack+0xa9/0xd0 [ 26.425140] ? save_stack+0x43/0xd0 [ 26.428746] ? kasan_kmalloc+0xc4/0xe0 [ 26.432613] ? kmem_cache_alloc_trace+0x152/0x780 [ 26.437435] ? memcpy+0x45/0x50 [ 26.440695] v9fs_session_init+0x21a/0x1a80 [ 26.445643] ? rcu_note_context_switch+0x730/0x730 [ 26.450560] ? do_mount+0x69e/0x1fb0 [ 26.454256] ? v9fs_show_options+0x7e0/0x7e0 [ 26.458645] ? kasan_check_read+0x11/0x20 [ 26.462772] ? do_raw_spin_unlock+0xa7/0x2f0 [ 26.467157] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 26.471719] ? kasan_unpoison_shadow+0x35/0x50 [ 26.476291] ? kasan_kmalloc+0xc4/0xe0 [ 26.480159] ? kmem_cache_alloc_trace+0x318/0x780 [ 26.484996] v9fs_mount+0x7c/0x900 [ 26.488515] ? v9fs_drop_inode+0x150/0x150 [ 26.492732] legacy_get_tree+0x118/0x440 [ 26.496774] vfs_get_tree+0x1cb/0x5c0 [ 26.500556] do_mount+0x6c1/0x1fb0 [ 26.504081] ? check_same_owner+0x340/0x340 [ 26.508382] ? lock_release+0xa30/0xa30 [ 26.512338] ? copy_mount_string+0x40/0x40 [ 26.516552] ? kasan_kmalloc+0xc4/0xe0 [ 26.520418] ? kmem_cache_alloc_trace+0x318/0x780 [ 26.525243] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 26.530758] ? _copy_from_user+0xdf/0x150 [ 26.534896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.540413] ? copy_mount_options+0x285/0x380 [ 26.544897] ksys_mount+0x12d/0x140 [ 26.548502] __x64_sys_mount+0xbe/0x150 [ 26.552457] do_syscall_64+0x1b9/0x820 [ 26.556325] ? syscall_slow_exit_work+0x500/0x500 [ 26.561148] ? syscall_return_slowpath+0x5e0/0x5e0 [ 26.566065] ? syscall_return_slowpath+0x31d/0x5e0 [ 26.570983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.576500] ? prepare_exit_to_usermode+0x291/0x3b0 [ 26.581495] ? perf_trace_sys_enter+0xb10/0xb10 [ 26.586142] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.590979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.596146] RIP: 0033:0x440149 [ 26.599311] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 26.618422] RSP: 002b:00007ffe1360d868 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 26.626107] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440149 [ 26.633355] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 26.640610] RBP: 00000000006ca018 R08: 00000000200001c0 R09: 00000000004002c8 [ 26.647855] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000004019d0 [ 26.655102] R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000 [ 26.662366] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074 [ 26.670316] PGD 1abd09067 P4D 1abd09067 PUD 1ac2e1067 PMD 0 [ 26.676100] Oops: 0000 [#1] SMP KASAN [ 26.679894] CPU: 0 PID: 4427 Comm: syz-executor294 Tainted: G W 4.18.0-rc4-next-20180710+ #3 [ 26.689745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.699081] RIP: 0010:kfree+0xb2/0x260 [ 26.702941] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 26.722056] RSP: 0018:ffff8801ac6b75d0 EFLAGS: 00010046 [ 26.727399] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 26.734646] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 26.741894] RBP: ffff8801ac6b75f0 R08: ffff8801abce2000 R09: ffffed00358d6df8 [ 26.749140] R10: ffffed003584fe8b R11: 0000000000000001 R12: 0000000000000282 [ 26.756387] R13: 0000000000000000 R14: ffff8801ac6b7740 R15: ffff8801ac2f8380 [ 26.763635] FS: 0000000001c85880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 26.771839] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.777697] CR2: 0000000000000074 CR3: 00000001ac275000 CR4: 00000000001406f0 [ 26.784955] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.792201] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.799446] Call Trace: [ 26.802022] p9_client_create+0xf43/0x16c9 [ 26.806246] ? p9_client_read+0xc60/0xc60 [ 26.810374] ? lock_acquire+0x1e4/0x540 [ 26.814327] ? lock_acquire+0x1e4/0x540 [ 26.818285] ? fs_reclaim_acquire+0x20/0x20 [ 26.822584] ? lock_release+0xa30/0xa30 [ 26.826538] ? __lockdep_init_map+0x105/0x590 [ 26.831019] ? kasan_check_write+0x14/0x20 [ 26.835232] ? __init_rwsem+0x1cc/0x2a0 [ 26.839183] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 26.844180] ? __kmalloc_track_caller+0x311/0x760 [ 26.849002] ? save_stack+0xa9/0xd0 [ 26.852605] ? save_stack+0x43/0xd0 [ 26.856209] ? kasan_kmalloc+0xc4/0xe0 [ 26.860074] ? kmem_cache_alloc_trace+0x152/0x780 [ 26.864890] ? memcpy+0x45/0x50 [ 26.868151] v9fs_session_init+0x21a/0x1a80 [ 26.872449] ? rcu_note_context_switch+0x730/0x730 [ 26.877355] ? do_mount+0x69e/0x1fb0 [ 26.881049] ? v9fs_show_options+0x7e0/0x7e0 [ 26.885439] ? kasan_check_read+0x11/0x20 [ 26.889566] ? do_raw_spin_unlock+0xa7/0x2f0 [ 26.893970] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 26.898534] ? kasan_unpoison_shadow+0x35/0x50 [ 26.903096] ? kasan_kmalloc+0xc4/0xe0 [ 26.906971] ? kmem_cache_alloc_trace+0x318/0x780 [ 26.911793] v9fs_mount+0x7c/0x900 [ 26.915315] ? v9fs_drop_inode+0x150/0x150 [ 26.919527] legacy_get_tree+0x118/0x440 [ 26.923567] vfs_get_tree+0x1cb/0x5c0 [ 26.927347] do_mount+0x6c1/0x1fb0 [ 26.930872] ? check_same_owner+0x340/0x340 [ 26.935173] ? lock_release+0xa30/0xa30 [ 26.939125] ? copy_mount_string+0x40/0x40 [ 26.943337] ? kasan_kmalloc+0xc4/0xe0 [ 26.947202] ? kmem_cache_alloc_trace+0x318/0x780 [ 26.952025] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 26.957548] ? _copy_from_user+0xdf/0x150 [ 26.961676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 26.967189] ? copy_mount_options+0x285/0x380 [ 26.971662] ksys_mount+0x12d/0x140 [ 26.975268] __x64_sys_mount+0xbe/0x150 [ 26.979224] do_syscall_64+0x1b9/0x820 [ 26.983091] ? syscall_slow_exit_work+0x500/0x500 [ 26.987912] ? syscall_return_slowpath+0x5e0/0x5e0 [ 26.992822] ? syscall_return_slowpath+0x31d/0x5e0 [ 26.997732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.003248] ? prepare_exit_to_usermode+0x291/0x3b0 [ 27.008241] ? perf_trace_sys_enter+0xb10/0xb10 [ 27.012888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.017711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.022879] RIP: 0033:0x440149 [ 27.026044] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.045169] RSP: 002b:00007ffe1360d868 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 27.052862] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440149 [ 27.060109] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 27.067358] RBP: 00000000006ca018 R08: 00000000200001c0 R09: 00000000004002c8 [ 27.074605] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000004019d0 [ 27.081853] R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000 [ 27.089102] Modules linked in: [ 27.092285] Dumping ftrace buffer: [ 27.095812] (ftrace buffer empty) [ 27.099501] CR2: 0000000000000074 [ 27.102934] ---[ end trace 28bd42574ebb5eeb ]--- [ 27.107692] RIP: 0010:kfree+0xb2/0x260 [ 27.111568] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 27.130789] RSP: 0018:ffff8801ac6b75d0 EFLAGS: 00010046 [ 27.136146] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 27.143394] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 27.150655] RBP: ffff8801ac6b75f0 R08: ffff8801abce2000 R09: ffffed00358d6df8 [ 27.157909] R10: ffffed003584fe8b R11: 0000000000000001 R12: 0000000000000282 [ 27.165162] R13: 0000000000000000 R14: ffff8801ac6b7740 R15: ffff8801ac2f8380 [ 27.172408] FS: 0000000001c85880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 27.180611] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.186468] CR2: 0000000000000074 CR3: 00000001ac275000 CR4: 00000000001406f0 [ 27.193715] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.200962] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.208216] Kernel panic - not syncing: Fatal exception [ 27.214163] Dumping ftrace buffer: [ 27.218062] (ftrace buffer empty) [ 27.221812] Kernel Offset: disabled [ 27.225432] Rebooting in 86400 seconds..