[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.085783] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.627109] random: sshd: uninitialized urandom read (32 bytes read) [ 43.966523] random: sshd: uninitialized urandom read (32 bytes read) [ 44.475465] random: sshd: uninitialized urandom read (32 bytes read) [ 58.086656] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.58' (ECDSA) to the list of known hosts. [ 63.526973] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 63.609242] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1340 [ 63.617809] in_atomic(): 0, irqs_disabled(): 1, pid: 4461, name: syz-executor603 [ 63.625319] INFO: lockdep is turned off. [ 63.629353] irq event stamp: 0 [ 63.632526] hardirqs last enabled at (0): [<0000000000000000>] (null) [ 63.640047] hardirqs last disabled at (0): [] copy_process.part.41+0x18cb/0x7340 [ 63.649123] softirqs last enabled at (0): [] copy_process.part.41+0x196c/0x7340 [ 63.658194] softirqs last disabled at (0): [<0000000000000000>] (null) [ 63.665718] CPU: 0 PID: 4461 Comm: syz-executor603 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 63.674186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.683514] Call Trace: [ 63.686087] dump_stack+0x1c9/0x2b4 [ 63.689690] ? dump_stack_print_info.cold.2+0x52/0x52 [ 63.694871] ___might_sleep.cold.86+0x11f/0x13a [ 63.699533] ? check_same_owner+0x340/0x340 [ 63.703838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.709358] ? trace_9p_protocol_dump+0xbe/0x3a0 [ 63.714093] __might_sleep+0x95/0x190 [ 63.717875] __do_page_fault+0x3b6/0xe50 [ 63.721917] ? mm_fault_error+0x380/0x380 [ 63.726046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.731576] ? p9pdu_readf+0xb78/0x2170 [ 63.735535] do_page_fault+0xf6/0x8c0 [ 63.739314] ? p9pdu_writef+0xe0/0xe0 [ 63.743091] ? vmalloc_sync_all+0x30/0x30 [ 63.747218] ? ksys_dup3+0x690/0x690 [ 63.750927] ? check_same_owner+0x340/0x340 [ 63.755226] ? p9_fd_poll+0x2b0/0x2b0 [ 63.759026] ? kasan_kmalloc+0xc4/0xe0 [ 63.762918] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.767756] page_fault+0x1e/0x30 [ 63.771288] RIP: 0010:kfree+0xb2/0x260 [ 63.775157] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 63.794292] RSP: 0018:ffff8801cb9c75d0 EFLAGS: 00010046 [ 63.799633] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 63.806880] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 63.814130] RBP: ffff8801cb9c75f0 R08: ffff8801acc26080 R09: ffffed0039738e8a [ 63.821377] R10: ffffed0035a45a13 R11: 0000000000000003 R12: 0000000000000282 [ 63.828642] R13: 0000000000000000 R14: ffff8801cb9c7740 R15: ffff8801acdf0340 [ 63.835913] ? p9_client_create+0xf09/0x16c9 [ 63.840304] p9_client_create+0xf43/0x16c9 [ 63.844521] ? p9_client_read+0xc60/0xc60 [ 63.848652] ? lock_acquire+0x1e4/0x540 [ 63.852604] ? lock_acquire+0x1e4/0x540 [ 63.856557] ? fs_reclaim_acquire+0x20/0x20 [ 63.860860] ? lock_release+0xa30/0xa30 [ 63.864811] ? __lockdep_init_map+0x105/0x590 [ 63.869292] ? kasan_check_write+0x14/0x20 [ 63.873507] ? __init_rwsem+0x1cc/0x2a0 [ 63.877477] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 63.882476] ? __kmalloc_track_caller+0x311/0x760 [ 63.887383] ? save_stack+0xa9/0xd0 [ 63.890989] ? save_stack+0x43/0xd0 [ 63.894594] ? kasan_kmalloc+0xc4/0xe0 [ 63.898464] ? kmem_cache_alloc_trace+0x152/0x780 [ 63.903285] ? memcpy+0x45/0x50 [ 63.906544] v9fs_session_init+0x21a/0x1a80 [ 63.910842] ? rcu_note_context_switch+0x730/0x730 [ 63.915751] ? do_mount+0x69e/0x1fb0 [ 63.919449] ? lock_acquire+0x1e4/0x540 [ 63.923400] ? v9fs_show_options+0x7e0/0x7e0 [ 63.927797] ? lock_release+0xa30/0xa30 [ 63.931753] ? check_same_owner+0x340/0x340 [ 63.936064] ? lock_downgrade+0x8f0/0x8f0 [ 63.940195] ? kasan_unpoison_shadow+0x35/0x50 [ 63.944756] ? kasan_kmalloc+0xc4/0xe0 [ 63.948635] ? kmem_cache_alloc_trace+0x318/0x780 [ 63.953470] ? kasan_unpoison_shadow+0x35/0x50 [ 63.958033] ? kasan_kmalloc+0xc4/0xe0 [ 63.961901] v9fs_mount+0x7c/0x900 [ 63.965424] ? v9fs_drop_inode+0x150/0x150 [ 63.969647] legacy_get_tree+0x118/0x440 [ 63.973724] vfs_get_tree+0x1cb/0x5c0 [ 63.977529] do_mount+0x6c1/0x1fb0 [ 63.981058] ? check_same_owner+0x340/0x340 [ 63.985367] ? lock_release+0xa30/0xa30 [ 63.989325] ? copy_mount_string+0x40/0x40 [ 63.993545] ? kasan_kmalloc+0xc4/0xe0 [ 63.997426] ? kmem_cache_alloc_trace+0x318/0x780 [ 64.002253] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.007775] ? _copy_from_user+0xdf/0x150 [ 64.011904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.017422] ? copy_mount_options+0x285/0x380 [ 64.021906] ksys_mount+0x12d/0x140 [ 64.025516] __x64_sys_mount+0xbe/0x150 [ 64.029471] do_syscall_64+0x1b9/0x820 [ 64.033341] ? syscall_slow_exit_work+0x500/0x500 [ 64.038162] ? syscall_return_slowpath+0x5e0/0x5e0 [ 64.043070] ? syscall_return_slowpath+0x31d/0x5e0 [ 64.047978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.053501] ? prepare_exit_to_usermode+0x291/0x3b0 [ 64.058499] ? perf_trace_sys_enter+0xb10/0xb10 [ 64.063164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 64.067992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.073172] RIP: 0033:0x440179 [ 64.076349] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.095573] RSP: 002b:00007ffeadc8a138 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 64.103262] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440179 [ 64.110513] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000000000000 [ 64.117775] RBP: 00000000006ca018 R08: 0000000020000200 R09: 00000000004002c8 [ 64.125023] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000401a00 [ 64.132272] R13: 0000000000401a90 R14: 0000000000000000 R15: 0000000000000000 [ 64.139541] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074 [ 64.147495] PGD 1b6207067 P4D 1b6207067 PUD 1b620b067 PMD 0 [ 64.153298] Oops: 0000 [#1] SMP KASAN [ 64.157083] CPU: 0 PID: 4461 Comm: syz-executor603 Tainted: G W 4.18.0-rc4-next-20180710+ #3 [ 64.166944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.176287] RIP: 0010:kfree+0xb2/0x260 [ 64.180147] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 64.199266] RSP: 0018:ffff8801cb9c75d0 EFLAGS: 00010046 [ 64.204612] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 64.211859] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 64.219118] RBP: ffff8801cb9c75f0 R08: ffff8801acc26080 R09: ffffed0039738e8a [ 64.226366] R10: ffffed0035a45a13 R11: 0000000000000003 R12: 0000000000000282 [ 64.233616] R13: 0000000000000000 R14: ffff8801cb9c7740 R15: ffff8801acdf0340 [ 64.240868] FS: 000000000215d880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 64.249071] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.254942] CR2: 0000000000000074 CR3: 00000001adb45000 CR4: 00000000001406f0 [ 64.262192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.269441] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.276687] Call Trace: [ 64.279265] p9_client_create+0xf43/0x16c9 [ 64.283492] ? p9_client_read+0xc60/0xc60 [ 64.287624] ? lock_acquire+0x1e4/0x540 [ 64.291589] ? lock_acquire+0x1e4/0x540 [ 64.295553] ? fs_reclaim_acquire+0x20/0x20 [ 64.299854] ? lock_release+0xa30/0xa30 [ 64.303808] ? __lockdep_init_map+0x105/0x590 [ 64.308291] ? kasan_check_write+0x14/0x20 [ 64.312502] ? __init_rwsem+0x1cc/0x2a0 [ 64.316478] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 64.321482] ? __kmalloc_track_caller+0x311/0x760 [ 64.326317] ? save_stack+0xa9/0xd0 [ 64.329934] ? save_stack+0x43/0xd0 [ 64.333539] ? kasan_kmalloc+0xc4/0xe0 [ 64.337407] ? kmem_cache_alloc_trace+0x152/0x780 [ 64.342241] ? memcpy+0x45/0x50 [ 64.345504] v9fs_session_init+0x21a/0x1a80 [ 64.349805] ? rcu_note_context_switch+0x730/0x730 [ 64.354726] ? do_mount+0x69e/0x1fb0 [ 64.358424] ? lock_acquire+0x1e4/0x540 [ 64.362385] ? v9fs_show_options+0x7e0/0x7e0 [ 64.366776] ? lock_release+0xa30/0xa30 [ 64.370731] ? check_same_owner+0x340/0x340 [ 64.375030] ? lock_downgrade+0x8f0/0x8f0 [ 64.379161] ? kasan_unpoison_shadow+0x35/0x50 [ 64.383720] ? kasan_kmalloc+0xc4/0xe0 [ 64.387585] ? kmem_cache_alloc_trace+0x318/0x780 [ 64.392404] ? kasan_unpoison_shadow+0x35/0x50 [ 64.396964] ? kasan_kmalloc+0xc4/0xe0 [ 64.400833] v9fs_mount+0x7c/0x900 [ 64.404352] ? v9fs_drop_inode+0x150/0x150 [ 64.408566] legacy_get_tree+0x118/0x440 [ 64.412619] vfs_get_tree+0x1cb/0x5c0 [ 64.416412] do_mount+0x6c1/0x1fb0 [ 64.419948] ? check_same_owner+0x340/0x340 [ 64.424250] ? lock_release+0xa30/0xa30 [ 64.428214] ? copy_mount_string+0x40/0x40 [ 64.432428] ? kasan_kmalloc+0xc4/0xe0 [ 64.436292] ? kmem_cache_alloc_trace+0x318/0x780 [ 64.441130] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.446647] ? _copy_from_user+0xdf/0x150 [ 64.450776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.456294] ? copy_mount_options+0x285/0x380 [ 64.460771] ksys_mount+0x12d/0x140 [ 64.464378] __x64_sys_mount+0xbe/0x150 [ 64.468335] do_syscall_64+0x1b9/0x820 [ 64.472200] ? syscall_slow_exit_work+0x500/0x500 [ 64.477020] ? syscall_return_slowpath+0x5e0/0x5e0 [ 64.481928] ? syscall_return_slowpath+0x31d/0x5e0 [ 64.486850] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.492377] ? prepare_exit_to_usermode+0x291/0x3b0 [ 64.497372] ? perf_trace_sys_enter+0xb10/0xb10 [ 64.502021] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 64.506852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.512020] RIP: 0033:0x440179 [ 64.515200] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.534314] RSP: 002b:00007ffeadc8a138 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 64.542011] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440179 [ 64.549261] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000000000000 [ 64.556512] RBP: 00000000006ca018 R08: 0000000020000200 R09: 00000000004002c8 [ 64.563773] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000401a00 [ 64.571021] R13: 0000000000401a90 R14: 0000000000000000 R15: 0000000000000000 [ 64.578274] Modules linked in: [ 64.581452] Dumping ftrace buffer: [ 64.584965] (ftrace buffer empty) [ 64.588651] CR2: 0000000000000074 [ 64.592084] ---[ end trace 124248cd7d01d335 ]--- [ 64.596826] RIP: 0010:kfree+0xb2/0x260 [ 64.600686] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 e5 be a3 ff 49 63 75 74 48 89 df e8 79 83 a9 01 4c [ 64.619808] RSP: 0018:ffff8801cb9c75d0 EFLAGS: 00010046 [ 64.625164] RAX: ffffea000022f848 RBX: ffffffff88be17dc RCX: ffffea000022f847 [ 64.632415] RDX: ffffea000022f840 RSI: ffffffff876ff2e9 RDI: ffffffff88be17dc [ 64.639668] RBP: ffff8801cb9c75f0 R08: ffff8801acc26080 R09: ffffed0039738e8a [ 64.646916] R10: ffffed0035a45a13 R11: 0000000000000003 R12: 0000000000000282 [ 64.654165] R13: 0000000000000000 R14: ffff8801cb9c7740 R15: ffff8801acdf0340 [ 64.661415] FS: 000000000215d880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 64.669628] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.675487] CR2: 0000000000000074 CR3: 00000001adb45000 CR4: 00000000001406f0 [ 64.682736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.690061] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.697325] Kernel panic - not syncing: Fatal exception [ 64.703053] Dumping ftrace buffer: [ 64.707300] (ftrace buffer empty) [ 64.711005] Kernel Offset: disabled [ 64.714618] Rebooting in 86400 seconds..