[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 14.613987] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.066117] random: sshd: uninitialized urandom read (32 bytes read) [ 19.364407] random: sshd: uninitialized urandom read (32 bytes read) [ 20.089216] random: sshd: uninitialized urandom read (32 bytes read) [ 23.582474] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. [ 29.063852] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 29.150672] 9pnet: Insufficient options for proto=fd [ 29.156543] FAULT_INJECTION: forcing a failure. [ 29.156543] name failslab, interval 1, probability 0, space 0, times 1 [ 29.167767] CPU: 1 PID: 4386 Comm: syz-executor227 Not tainted 4.18.0-rc5-next-20180719+ #11 [ 29.176345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.185697] Call Trace: [ 29.188289] dump_stack+0x1c9/0x2b4 [ 29.191903] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.197100] ? perf_trace_lock+0x920/0x920 [ 29.201336] should_fail.cold.4+0xa/0x11 [ 29.205394] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 29.210490] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 29.215320] ? is_bpf_text_address+0xae/0x170 [ 29.219821] ? __debug_object_init+0x581/0x12e0 [ 29.224488] ? lock_downgrade+0x8f0/0x8f0 [ 29.228629] ? lock_downgrade+0x8f0/0x8f0 [ 29.232784] ? kasan_check_read+0x11/0x20 [ 29.236933] ? do_raw_spin_unlock+0xa7/0x2f0 [ 29.241334] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 29.245921] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 29.250500] ? kasan_check_write+0x14/0x20 [ 29.254729] ? check_same_owner+0x340/0x340 [ 29.259064] ? add_wait_queue+0x1b9/0x2b0 [ 29.263201] ? rcu_note_context_switch+0x730/0x730 [ 29.268115] __should_failslab+0x124/0x180 [ 29.272339] should_failslab+0x9/0x14 [ 29.276138] kmem_cache_alloc+0x2af/0x760 [ 29.280282] ? kasan_check_write+0x14/0x20 [ 29.284506] ? do_raw_spin_lock+0xc1/0x200 [ 29.288728] p9_client_prepare_req.part.8+0xbc/0xa00 [ 29.293842] ? trace_9p_protocol_dump+0x3a0/0x3a0 [ 29.298698] ? lock_acquire+0x1e4/0x540 [ 29.302655] ? __fget+0x4ac/0x740 [ 29.306097] ? p9_pollwait+0x83/0x230 [ 29.309885] ? p9_conn_create+0x730/0x730 [ 29.314029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.319553] ? pipe_poll+0x2bd/0x340 [ 29.323263] p9_client_rpc+0x242/0x1330 [ 29.327230] ? p9_conn_create+0x55b/0x730 [ 29.331375] ? p9_client_prepare_req.part.8+0xa00/0xa00 [ 29.336735] ? ksys_dup3+0x690/0x690 [ 29.340453] ? check_same_owner+0x340/0x340 [ 29.344768] ? p9_fd_poll+0x2b0/0x2b0 [ 29.348555] ? kasan_kmalloc+0xc4/0xe0 [ 29.352432] ? p9_fd_show_options+0x1c0/0x1c0 [ 29.356926] p9_client_create+0xca4/0x1537 [ 29.361191] ? p9_client_read+0xbb0/0xbb0 [ 29.365336] ? lock_acquire+0x1e4/0x540 [ 29.369315] ? fs_reclaim_acquire+0x20/0x20 [ 29.373639] ? lock_downgrade+0x8f0/0x8f0 [ 29.377791] ? lock_release+0xa30/0xa30 [ 29.381764] ? __lockdep_init_map+0x105/0x590 [ 29.386262] ? kasan_check_write+0x14/0x20 [ 29.390489] ? __init_rwsem+0x1cc/0x2a0 [ 29.394451] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 29.399457] ? __kmalloc_track_caller+0x311/0x760 [ 29.404308] ? save_stack+0xa9/0xd0 [ 29.407934] ? save_stack+0x43/0xd0 [ 29.411554] ? kasan_kmalloc+0xc4/0xe0 [ 29.415430] ? memcpy+0x45/0x50 [ 29.418698] v9fs_session_init+0x21a/0x1a80 [ 29.423004] ? rcu_note_context_switch+0x730/0x730 [ 29.427923] ? legacy_parse_monolithic+0xde/0x1e0 [ 29.432757] ? v9fs_show_options+0x7e0/0x7e0 [ 29.437151] ? lock_downgrade+0x8f0/0x8f0 [ 29.441295] ? kasan_check_read+0x11/0x20 [ 29.445427] ? do_raw_spin_unlock+0xa7/0x2f0 [ 29.449818] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 29.454380] ? kasan_unpoison_shadow+0x35/0x50 [ 29.458953] ? kasan_kmalloc+0xc4/0xe0 [ 29.462835] ? kmem_cache_alloc_trace+0x318/0x780 [ 29.467675] v9fs_mount+0x7c/0x900 [ 29.471201] ? v9fs_drop_inode+0x150/0x150 [ 29.475422] legacy_get_tree+0x131/0x460 [ 29.479471] vfs_get_tree+0x1cb/0x5c0 [ 29.483263] do_mount+0x6f2/0x1e20 [ 29.486785] ? check_same_owner+0x340/0x340 [ 29.491094] ? lock_release+0xa30/0xa30 [ 29.495076] ? copy_mount_string+0x40/0x40 [ 29.499303] ? kasan_kmalloc+0xc4/0xe0 [ 29.503179] ? kmem_cache_alloc_trace+0x318/0x780 [ 29.508023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.513554] ? _copy_from_user+0xdf/0x150 [ 29.517694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.523226] ? copy_mount_options+0x285/0x380 [ 29.527715] ksys_mount+0x12d/0x140 [ 29.531326] __x64_sys_mount+0xbe/0x150 [ 29.535282] do_syscall_64+0x1b9/0x820 [ 29.539159] ? syscall_slow_exit_work+0x500/0x500 [ 29.543993] ? syscall_return_slowpath+0x5e0/0x5e0 [ 29.548905] ? syscall_return_slowpath+0x31d/0x5e0 [ 29.553840] ? prepare_exit_to_usermode+0x291/0x3b0 [ 29.558875] ? perf_trace_sys_enter+0xb10/0xb10 [ 29.563543] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.568383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.573567] RIP: 0033:0x440719 [ 29.576744] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 29.595984] RSP: 002b:00007ffc432a9cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 29.603691] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440719 [ 29.610951] RDX: 0000000020000900 RSI: 0000000020000000 RDI: 0000000000000000 [ 29.618215] RBP: 0000000000000000 R08: 0000000020000840 R09: 0000000000003831 [ 29.625478] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc432a9cd0 [ 29.632755] R13: 0030656c69662f2e R14: 64663d736e617274 R15: 0000000000000006 [ 29.640100] kasan: CONFIG_KASAN_INLINE enabled [ 29.644739] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 29.652157] general protection fault: 0000 [#1] SMP KASAN [ 29.657706] CPU: 1 PID: 4386 Comm: syz-executor227 Not tainted 4.18.0-rc5-next-20180719+ #11 [ 29.666281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.675640] RIP: 0010:p9_client_prepare_req.part.8+0x392/0xa00 [ 29.681601] Code: ff 0f 87 6a 02 00 00 e8 bc 39 0c fa 0f be 85 f4 fe ff ff 4c 89 f2 48 c1 ea 03 89 85 f4 fe ff ff 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 89 05 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b [ 29.700761] RSP: 0018:ffff8801bd8c7250 EFLAGS: 00010206 [ 29.706119] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000600040 [ 29.713373] RDX: 000000000000000a RSI: ffffffff87706d04 RDI: ffff8801b9efa378 [ 29.720625] RBP: ffff8801bd8c7380 R08: ffff8801b9f24080 R09: ffffed0037b18de4 [ 29.727888] R10: ffffed0037b18de4 R11: 0000000000000003 R12: ffff8801b9efa340 [ 29.735140] R13: 0000000000002000 R14: 0000000000000050 R15: ffff8801b9efa37c [ 29.742395] FS: 0000000001ba1880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 29.750605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.756477] CR2: 0000000020000200 CR3: 00000001b994e000 CR4: 00000000001406e0 [ 29.763732] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.770992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.778252] Call Trace: [ 29.780840] ? trace_9p_protocol_dump+0x3a0/0x3a0 [ 29.785679] ? lock_acquire+0x1e4/0x540 [ 29.789656] ? __fget+0x4ac/0x740 [ 29.793101] ? p9_pollwait+0x83/0x230 [ 29.796886] ? p9_conn_create+0x730/0x730 [ 29.801022] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.806547] ? pipe_poll+0x2bd/0x340 [ 29.810247] p9_client_rpc+0x242/0x1330 [ 29.814213] ? p9_conn_create+0x55b/0x730 [ 29.818344] ? p9_client_prepare_req.part.8+0xa00/0xa00 [ 29.823699] ? ksys_dup3+0x690/0x690 [ 29.827393] ? check_same_owner+0x340/0x340 [ 29.831708] ? p9_fd_poll+0x2b0/0x2b0 [ 29.835503] ? kasan_kmalloc+0xc4/0xe0 [ 29.839390] ? p9_fd_show_options+0x1c0/0x1c0 [ 29.843897] p9_client_create+0xca4/0x1537 [ 29.848134] ? p9_client_read+0xbb0/0xbb0 [ 29.852266] ? lock_acquire+0x1e4/0x540 [ 29.856226] ? fs_reclaim_acquire+0x20/0x20 [ 29.860539] ? lock_downgrade+0x8f0/0x8f0 [ 29.864681] ? lock_release+0xa30/0xa30 [ 29.868665] ? __lockdep_init_map+0x105/0x590 [ 29.873155] ? kasan_check_write+0x14/0x20 [ 29.877398] ? __init_rwsem+0x1cc/0x2a0 [ 29.881368] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 29.886387] ? __kmalloc_track_caller+0x311/0x760 [ 29.891227] ? save_stack+0xa9/0xd0 [ 29.894925] ? save_stack+0x43/0xd0 [ 29.898556] ? kasan_kmalloc+0xc4/0xe0 [ 29.902438] ? memcpy+0x45/0x50 [ 29.905713] v9fs_session_init+0x21a/0x1a80 [ 29.910049] ? rcu_note_context_switch+0x730/0x730 [ 29.914973] ? legacy_parse_monolithic+0xde/0x1e0 [ 29.919805] ? v9fs_show_options+0x7e0/0x7e0 [ 29.924203] ? lock_downgrade+0x8f0/0x8f0 [ 29.928338] ? kasan_check_read+0x11/0x20 [ 29.932562] ? do_raw_spin_unlock+0xa7/0x2f0 [ 29.936966] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 29.941542] ? kasan_unpoison_shadow+0x35/0x50 [ 29.946130] ? kasan_kmalloc+0xc4/0xe0 [ 29.950017] ? kmem_cache_alloc_trace+0x318/0x780 [ 29.954857] v9fs_mount+0x7c/0x900 [ 29.958404] ? v9fs_drop_inode+0x150/0x150 [ 29.962632] legacy_get_tree+0x131/0x460 [ 29.966685] vfs_get_tree+0x1cb/0x5c0 [ 29.970482] do_mount+0x6f2/0x1e20 [ 29.974015] ? check_same_owner+0x340/0x340 [ 29.978327] ? lock_release+0xa30/0xa30 [ 29.982301] ? copy_mount_string+0x40/0x40 [ 29.986518] ? kasan_kmalloc+0xc4/0xe0 [ 29.990393] ? kmem_cache_alloc_trace+0x318/0x780 [ 29.995229] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.000763] ? _copy_from_user+0xdf/0x150 [ 30.004896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.010423] ? copy_mount_options+0x285/0x380 [ 30.015004] ksys_mount+0x12d/0x140 [ 30.018629] __x64_sys_mount+0xbe/0x150 [ 30.022595] do_syscall_64+0x1b9/0x820 [ 30.026463] ? syscall_slow_exit_work+0x500/0x500 [ 30.031303] ? syscall_return_slowpath+0x5e0/0x5e0 [ 30.036223] ? syscall_return_slowpath+0x31d/0x5e0 [ 30.041151] ? prepare_exit_to_usermode+0x291/0x3b0 [ 30.046172] ? perf_trace_sys_enter+0xb10/0xb10 [ 30.050841] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.055771] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.060963] RIP: 0033:0x440719 [ 30.064145] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 30.083392] RSP: 002b:00007ffc432a9cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 30.091093] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440719 [ 30.098354] RDX: 0000000020000900 RSI: 0000000020000000 RDI: 0000000000000000 [ 30.105611] RBP: 0000000000000000 R08: 0000000020000840 R09: 0000000000003831 [ 30.112877] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc432a9cd0 [ 30.120233] R13: 0030656c69662f2e R14: 64663d736e617274 R15: 0000000000000006 [ 30.127490] Modules linked in: [ 30.130681] Dumping ftrace buffer: [ 30.134203] (ftrace buffer empty) [ 30.138058] ---[ end trace bae3d5802518770f ]--- [ 30.142844] RIP: 0010:p9_client_prepare_req.part.8+0x392/0xa00 [ 30.148840] Code: ff 0f 87 6a 02 00 00 e8 bc 39 0c fa 0f be 85 f4 fe ff ff 4c 89 f2 48 c1 ea 03 89 85 f4 fe ff ff 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 89 05 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b [ 30.168185] RSP: 0018:ffff8801bd8c7250 EFLAGS: 00010206 [ 30.173567] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000600040 [ 30.180881] RDX: 000000000000000a RSI: ffffffff87706d04 RDI: ffff8801b9efa378 [ 30.188191] RBP: ffff8801bd8c7380 R08: ffff8801b9f24080 R09: ffffed0037b18de4 [ 30.195489] R10: ffffed0037b18de4 R11: 0000000000000003 R12: ffff8801b9efa340 [ 30.202777] R13: 0000000000002000 R14: 0000000000000050 R15: ffff8801b9efa37c [ 30.210077] FS: 0000000001ba1880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 30.218318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.224207] CR2: 0000000020000200 CR3: 00000001b994e000 CR4: 00000000001406e0 [ 30.231503] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.238804] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.246109] Kernel panic - not syncing: Fatal exception [ 30.252048] Dumping ftrace buffer: [ 30.255593] (ftrace buffer empty) [ 30.259309] Kernel Offset: disabled [ 30.262957] Rebooting in 86400 seconds..