[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.827338] FAULT_INJECTION: forcing a failure. [ 27.827338] name failslab, interval 1, probability 0, space 0, times 1 [ 27.838897] CPU: 0 PID: 7981 Comm: syz-executor249 Not tainted 4.14.281-syzkaller #0 [ 27.846775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.856106] Call Trace: [ 27.858677] dump_stack+0x1b2/0x281 [ 27.862384] should_fail.cold+0x10a/0x149 [ 27.866514] should_failslab+0xd6/0x130 [ 27.870467] kmem_cache_alloc_node_trace+0x25a/0x400 [ 27.875551] blk_mq_init_tags+0x5e/0x280 [ 27.879589] blk_mq_alloc_rq_map+0x90/0x220 [ 27.883887] blk_mq_sched_alloc_tags+0xaa/0x240 [ 27.888553] blk_mq_sched_init_hctx+0x5e/0x200 [ 27.893114] blk_mq_realloc_hw_ctxs+0x64e/0xe00 [ 27.897786] ? blk_mq_update_queue_map+0x158/0x1f0 [ 27.902694] blk_mq_update_nr_hw_queues+0x1f3/0x3e0 [ 27.907695] nbd_start_device+0x1d7/0xca0 [ 27.911820] nbd_ioctl+0x3a8/0xa80 [ 27.915339] ? get_pid_task+0x91/0x130 [ 27.919202] ? nbd_disconnect_and_put+0x140/0x140 [ 27.924022] ? lock_downgrade+0x740/0x740 [ 27.928145] ? nbd_disconnect_and_put+0x140/0x140 [ 27.932981] blkdev_ioctl+0x540/0x1830 [ 27.936861] ? proc_fail_nth_write+0x7b/0x180 [ 27.941335] ? blkpg_ioctl+0x8d0/0x8d0 [ 27.945207] ? fsnotify+0x974/0x11b0 [ 27.948905] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.953810] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.958819] block_ioctl+0xd9/0x120 [ 27.962422] ? blkdev_fallocate+0x3a0/0x3a0 [ 27.966733] do_vfs_ioctl+0x75a/0xff0 [ 27.970510] ? ioctl_preallocate+0x1a0/0x1a0 [ 27.974905] ? vfs_write+0x319/0x4d0 [ 27.978611] ? SyS_write+0x14d/0x210 [ 27.982311] ? security_file_ioctl+0x83/0xb0 [ 27.986703] SyS_ioctl+0x7f/0xb0 [ 27.990053] ? do_vfs_ioctl+0xff0/0xff0 [ 27.994009] do_syscall_64+0x1d5/0x640 [ 27.997880] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.003046] RIP: 0033:0x7fd6b180bdd9 [ 28.006753] RSP: 002b:00007fff22def958 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.014540] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd6b180bdd9 [ 28.021786] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 [ 28.029035] RBP: 00007fff22def960 R08: 0000000000000002 R09: 00007fd6b1003331 [ 28.036280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 28.043527] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 28.053066] BUG: unable to handle kernel NULL pointer dereference at 0000000000000120 [ 28.061053] IP: blk_mq_map_swqueue+0x253/0x990 [ 28.065620] PGD af312067 P4D af312067 PUD af151067 PMD 0 [ 28.071137] Oops: 0002 [#1] PREEMPT SMP KASAN [ 28.075693] Modules linked in: [ 28.078870] CPU: 0 PID: 7981 Comm: syz-executor249 Not tainted 4.14.281-syzkaller #0 [ 28.086722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.096050] task: ffff8880a8ccc400 task.stack: ffff888092980000 [ 28.102089] RIP: 0010:blk_mq_map_swqueue+0x253/0x990 [ 28.107162] RSP: 0018:ffff888092987a80 EFLAGS: 00010297 [ 28.112498] RAX: ffff8880a8ccc400 RBX: ffff8880ae8f30b0 RCX: 1ffff11015d00611 [ 28.119740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff88cc9d68 [ 28.126997] RBP: 0000000000000001 R08: ffff8880ae803080 R09: 0000000000000000 [ 28.134241] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 28.141488] R13: ffff8882386845c0 R14: 0000000000000000 R15: dffffc0000000000 [ 28.148734] FS: 000055555580d300(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 28.156946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.162813] CR2: 0000000000000120 CR3: 00000000a5e29000 CR4: 00000000003406f0 [ 28.170059] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.177306] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.184550] Call Trace: [ 28.187118] blk_mq_update_nr_hw_queues+0x246/0x3e0 [ 28.192109] nbd_start_device+0x1d7/0xca0 [ 28.196231] nbd_ioctl+0x3a8/0xa80 [ 28.199746] ? get_pid_task+0x91/0x130 [ 28.203612] ? nbd_disconnect_and_put+0x140/0x140 [ 28.208448] ? lock_downgrade+0x740/0x740 [ 28.212570] ? nbd_disconnect_and_put+0x140/0x140 [ 28.217387] blkdev_ioctl+0x540/0x1830 [ 28.221264] ? proc_fail_nth_write+0x7b/0x180 [ 28.225735] ? blkpg_ioctl+0x8d0/0x8d0 [ 28.229600] ? fsnotify+0x974/0x11b0 [ 28.233303] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.238209] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.243287] block_ioctl+0xd9/0x120 [ 28.246896] ? blkdev_fallocate+0x3a0/0x3a0 [ 28.251195] do_vfs_ioctl+0x75a/0xff0 [ 28.254969] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.259352] ? vfs_write+0x319/0x4d0 [ 28.263039] ? SyS_write+0x14d/0x210 [ 28.266742] ? security_file_ioctl+0x83/0xb0 [ 28.271141] SyS_ioctl+0x7f/0xb0 [ 28.274480] ? do_vfs_ioctl+0xff0/0xff0 [ 28.278455] do_syscall_64+0x1d5/0x640 [ 28.282340] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.287505] RIP: 0033:0x7fd6b180bdd9 [ 28.291190] RSP: 002b:00007fff22def958 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.298870] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd6b180bdd9 [ 28.306113] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 [ 28.313372] RBP: 00007fff22def960 R08: 0000000000000002 R09: 00007fd6b1003331 [ 28.320617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 28.327863] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 28.335105] Code: 4d 8d 34 c8 4c 89 f1 48 c1 e9 03 42 80 3c 39 00 0f 85 37 05 00 00 83 fd 07 4d 8b 36 0f 87 42 04 00 00 48 89 04 24 e8 1d 4c 4a fe 4d 0f ab a6 20 01 00 00 49 8d be 78 01 00 00 48 8b 04 24 48 [ 28.354168] RIP: blk_mq_map_swqueue+0x253/0x990 RSP: ffff888092987a80 [ 28.360717] CR2: 0000000000000120 [ 28.364163] ---[ end trace 1348812cce64e506 ]--- [ 28.368896] Kernel panic - not syncing: Fatal exception [ 28.374402] Kernel Offset: disabled [ 28.378015] Rebooting in 86400 seconds..