[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.050839] random: sshd: uninitialized urandom read (32 bytes read) [ 33.332618] kauditd_printk_skb: 9 callbacks suppressed [ 33.332626] audit: type=1400 audit(1565061344.312:35): avc: denied { map } for pid=6886 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.383792] random: sshd: uninitialized urandom read (32 bytes read) [ 33.964226] random: sshd: uninitialized urandom read (32 bytes read) [ 44.445376] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. [ 50.025424] random: sshd: uninitialized urandom read (32 bytes read) [ 50.143173] audit: type=1400 audit(1565061361.122:36): avc: denied { map } for pid=6899 comm="syz-executor131" path="/root/syz-executor131694240" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 50.461182] IPVS: ftp: loaded support on port[0] = 21 executing program [ 51.253766] overlayfs: fs on 'file0' does not support file handles, falling back to index=off. [ 51.264947] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1366 [ 51.273357] in_atomic(): 0, irqs_disabled(): 1, pid: 6901, name: syz-executor131 [ 51.280945] no locks held by syz-executor131/6901. [ 51.285883] irq event stamp: 1423 [ 51.289329] hardirqs last enabled at (1423): [] _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 51.299485] hardirqs last disabled at (1422): [] _raw_spin_lock_irqsave+0x6f/0xcd [ 51.308717] softirqs last enabled at (1360): [] unix_create1+0x42b/0x500 [ 51.317299] softirqs last disabled at (1358): [] unix_create1+0x385/0x500 [ 51.326159] CPU: 0 PID: 6901 Comm: syz-executor131 Not tainted 4.14.136 #32 [ 51.333307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.342649] Call Trace: [ 51.345225] dump_stack+0x138/0x19c [ 51.348840] ? add_wait_queue+0x4c/0x170 [ 51.352888] ___might_sleep.cold+0x1bd/0x1f6 [ 51.357277] __might_sleep+0x93/0xb0 [ 51.360970] __do_page_fault+0x2ed/0xb80 [ 51.365010] ? is_bpf_text_address+0x7f/0x120 [ 51.369493] ? vmalloc_fault+0xe30/0xe30 [ 51.373553] do_page_fault+0x71/0x511 [ 51.377390] page_fault+0x25/0x50 [ 51.380846] RIP: 0010:__lock_acquire+0x20c/0x4620 [ 51.385669] RSP: 0018:ffff88808bf67480 EFLAGS: 00010086 [ 51.391188] RAX: ffffffffffffffff RBX: 0000000000000001 RCX: 0000000000000001 [ 51.398449] RDX: 1ffff110101ba8a8 RSI: 0000000000000000 RDI: ffff888080dd4540 [ 51.405794] RBP: ffff88808bf67630 R08: 0000000000000001 R09: 0000000000000000 [ 51.413042] R10: 0000000000000000 R11: ffff888084e7a640 R12: ffff888080dd4538 [ 51.420639] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 51.428010] ? trace_hardirqs_on+0x10/0x10 [ 51.432232] ? __lock_acquire+0x5f7/0x4620 [ 51.436472] ? save_trace+0x290/0x290 [ 51.440259] ? trace_hardirqs_on+0x10/0x10 [ 51.444624] ? add_wait_queue+0x112/0x170 [ 51.448754] ? find_held_lock+0x35/0x130 [ 51.452856] ? add_wait_queue+0x112/0x170 [ 51.457116] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 51.462204] lock_acquire+0x16f/0x430 [ 51.466080] ? kernfs_fop_poll+0x11f/0x280 [ 51.470297] kernfs_get_active+0xb6/0xe0 [ 51.474340] ? kernfs_fop_poll+0x11f/0x280 [ 51.478552] kernfs_fop_poll+0x11f/0x280 [ 51.482730] ? kernfs_vma_open+0x1d0/0x1d0 [ 51.486960] do_select+0x8c0/0x13b0 [ 51.490587] ? select_estimate_accuracy+0x2c0/0x2c0 [ 51.495713] ? lock_downgrade+0x6e0/0x6e0 [ 51.499902] ? poll_initwait+0x180/0x180 [ 51.503959] ? set_fd_set.part.0+0x70/0x70 [ 51.508229] ? set_fd_set.part.0+0x70/0x70 [ 51.512457] ? set_fd_set.part.0+0x70/0x70 [ 51.516679] ? __lock_acquire+0x5f7/0x4620 [ 51.520985] ? depot_save_stack+0x11c/0x410 [ 51.525310] ? trace_hardirqs_on+0x10/0x10 [ 51.529595] ? save_stack+0xa9/0xd0 [ 51.533225] ? save_trace+0x290/0x290 [ 51.537020] ? trace_hardirqs_on+0x10/0x10 [ 51.541268] ? __might_fault+0x110/0x1d0 [ 51.545460] ? find_held_lock+0x35/0x130 [ 51.549519] ? __might_fault+0x110/0x1d0 [ 51.553570] ? lock_downgrade+0x6e0/0x6e0 [ 51.557710] core_sys_select+0x461/0x6d0 [ 51.561769] ? core_sys_select+0x461/0x6d0 [ 51.566050] ? poll_select_set_timeout+0x120/0x120 [ 51.570993] ? save_trace+0x290/0x290 [ 51.574872] ? save_trace+0x290/0x290 [ 51.578712] ? find_held_lock+0x35/0x130 [ 51.582894] ? __lock_is_held+0xb6/0x140 [ 51.587159] ? lock_downgrade+0x6e0/0x6e0 [ 51.591296] ? __fd_install+0x236/0x5f0 [ 51.595256] ? get_unused_fd_flags+0xd0/0xd0 [ 51.599700] ? lock_downgrade+0x6e0/0x6e0 [ 51.603939] SyS_pselect6+0x3f2/0x460 [ 51.607729] ? SyS_select+0x180/0x180 [ 51.611517] ? fd_install+0x4d/0x60 [ 51.615129] ? SyS_pipe+0x77/0x110 [ 51.618648] ? SyS_pipe2+0x120/0x120 [ 51.622351] ? do_syscall_64+0x53/0x640 [ 51.626417] ? SyS_select+0x180/0x180 [ 51.630205] do_syscall_64+0x1e8/0x640 [ 51.634122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.639046] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 51.644220] RIP: 0033:0x441d99 [ 51.647392] RSP: 002b:00007ffd826c0108 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 51.655082] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441d99 [ 51.662349] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000040 [ 51.669607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 51.676865] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 [ 51.684219] R13: 0000000000402ba0 R14: 0000000000000000 R15: 0000000000000000 [ 51.691492] BUG: unable to handle kernel NULL pointer dereference at 0000000000000137 [ 51.699467] IP: __lock_acquire+0x20c/0x4620 [ 51.703781] PGD 844ba067 P4D 844ba067 PUD 9ae72067 PMD 0 [ 51.709307] Oops: 0002 [#1] PREEMPT SMP KASAN [ 51.713796] Modules linked in: [ 51.716986] CPU: 0 PID: 6901 Comm: syz-executor131 Tainted: G W 4.14.136 #32 [ 51.725401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.734793] task: ffff888084e7a640 task.stack: ffff88808bf60000 [ 51.740847] RIP: 0010:__lock_acquire+0x20c/0x4620 [ 51.745665] RSP: 0018:ffff88808bf67480 EFLAGS: 00010086 [ 51.751214] RAX: ffffffffffffffff RBX: 0000000000000001 RCX: 0000000000000001 [ 51.758563] RDX: 1ffff110101ba8a8 RSI: 0000000000000000 RDI: ffff888080dd4540 [ 51.765864] RBP: ffff88808bf67630 R08: 0000000000000001 R09: 0000000000000000 [ 51.773128] R10: 0000000000000000 R11: ffff888084e7a640 R12: ffff888080dd4538 [ 51.780394] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 51.787693] FS: 000000000158e880(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 51.795908] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.801943] CR2: 0000000000000137 CR3: 000000008b7d8000 CR4: 00000000001406f0 [ 51.809192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.816451] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.823704] Call Trace: [ 51.826277] ? trace_hardirqs_on+0x10/0x10 [ 51.830499] ? __lock_acquire+0x5f7/0x4620 [ 51.834777] ? save_trace+0x290/0x290 [ 51.838907] ? trace_hardirqs_on+0x10/0x10 [ 51.843137] ? add_wait_queue+0x112/0x170 [ 51.847269] ? find_held_lock+0x35/0x130 [ 51.851378] ? add_wait_queue+0x112/0x170 [ 51.855707] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 51.861083] lock_acquire+0x16f/0x430 [ 51.864879] ? kernfs_fop_poll+0x11f/0x280 [ 51.869162] kernfs_get_active+0xb6/0xe0 [ 51.873358] ? kernfs_fop_poll+0x11f/0x280 [ 51.877876] kernfs_fop_poll+0x11f/0x280 [ 51.882185] ? kernfs_vma_open+0x1d0/0x1d0 [ 51.886459] do_select+0x8c0/0x13b0 [ 51.890215] ? select_estimate_accuracy+0x2c0/0x2c0 [ 51.896133] ? lock_downgrade+0x6e0/0x6e0 [ 51.900275] ? poll_initwait+0x180/0x180 [ 51.904328] ? set_fd_set.part.0+0x70/0x70 [ 51.908546] ? set_fd_set.part.0+0x70/0x70 [ 51.912781] ? set_fd_set.part.0+0x70/0x70 [ 51.917013] ? __lock_acquire+0x5f7/0x4620 [ 51.921292] ? depot_save_stack+0x11c/0x410 [ 51.925632] ? trace_hardirqs_on+0x10/0x10 [ 51.930003] ? save_stack+0xa9/0xd0 [ 51.933624] ? save_trace+0x290/0x290 [ 51.937405] ? trace_hardirqs_on+0x10/0x10 [ 51.941635] ? __might_fault+0x110/0x1d0 [ 51.945741] ? find_held_lock+0x35/0x130 [ 51.949802] ? __might_fault+0x110/0x1d0 [ 51.953870] ? lock_downgrade+0x6e0/0x6e0 [ 51.958023] core_sys_select+0x461/0x6d0 [ 51.962967] ? core_sys_select+0x461/0x6d0 [ 51.967281] ? poll_select_set_timeout+0x120/0x120 [ 51.972291] ? save_trace+0x290/0x290 [ 51.976075] ? save_trace+0x290/0x290 [ 51.980105] ? find_held_lock+0x35/0x130 [ 51.984157] ? __lock_is_held+0xb6/0x140 [ 51.988200] ? lock_downgrade+0x6e0/0x6e0 [ 51.992353] ? __fd_install+0x236/0x5f0 [ 51.996309] ? get_unused_fd_flags+0xd0/0xd0 [ 52.000698] ? lock_downgrade+0x6e0/0x6e0 [ 52.004829] SyS_pselect6+0x3f2/0x460 [ 52.008744] ? SyS_select+0x180/0x180 [ 52.012626] ? fd_install+0x4d/0x60 [ 52.016247] ? SyS_pipe+0x77/0x110 [ 52.019766] ? SyS_pipe2+0x120/0x120 [ 52.023516] ? do_syscall_64+0x53/0x640 [ 52.027491] ? SyS_select+0x180/0x180 [ 52.031292] do_syscall_64+0x1e8/0x640 [ 52.035170] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.040084] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 52.045325] RIP: 0033:0x441d99 [ 52.048604] RSP: 002b:00007ffd826c0108 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 52.056390] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441d99 [ 52.063659] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000040 [ 52.070997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 52.078310] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 [ 52.085571] R13: 0000000000402ba0 R14: 0000000000000000 R15: 0000000000000000 [ 52.093115] Code: 00 fc ff df 41 89 f5 4b 8d 7c ec 08 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 2e 00 00 4b 8b 44 ec 08 48 85 c0 0f 84 15 ff ff ff ff 80 38 01 00 00 49 8d b3 78 08 00 00 48 ba 00 00 00 00 00 [ 52.112365] RIP: __lock_acquire+0x20c/0x4620 RSP: ffff88808bf67480 [ 52.118669] CR2: 0000000000000137 [ 52.122110] ---[ end trace d7ca4bb2b86ae2a7 ]--- [ 52.126852] Kernel panic - not syncing: Fatal exception [ 52.133566] Kernel Offset: disabled [ 52.137539] Rebooting in 86400 seconds..