[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.973869] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.708861] random: sshd: uninitialized urandom read (32 bytes read) [ 20.069369] random: sshd: uninitialized urandom read (32 bytes read) [ 20.864252] random: sshd: uninitialized urandom read (32 bytes read) [ 24.236584] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. [ 29.728905] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 29.811413] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1340 [ 29.819853] in_atomic(): 0, irqs_disabled(): 1, pid: 4424, name: syz-executor926 [ 29.828148] INFO: lockdep is turned off. [ 29.832183] irq event stamp: 0 [ 29.835362] hardirqs last enabled at (0): [<0000000000000000>] (null) [ 29.842882] hardirqs last disabled at (0): [] copy_process.part.41+0x1953/0x73f0 [ 29.851968] softirqs last enabled at (0): [] copy_process.part.41+0x19f4/0x73f0 [ 29.861052] softirqs last disabled at (0): [<0000000000000000>] (null) [ 29.868581] CPU: 0 PID: 4424 Comm: syz-executor926 Not tainted 4.18.0-rc4-next-20180712+ #6 [ 29.877072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.886429] Call Trace: [ 29.889020] dump_stack+0x1c9/0x2b4 [ 29.892644] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.897834] ___might_sleep.cold.86+0x11f/0x13a [ 29.902491] ? check_same_owner+0x340/0x340 [ 29.907786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.913316] ? trace_9p_protocol_dump+0xbe/0x3a0 [ 29.918080] __might_sleep+0x95/0x190 [ 29.921878] __do_page_fault+0x3b6/0xe50 [ 29.925936] ? mm_fault_error+0x380/0x380 [ 29.930085] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.935609] ? p9pdu_readf+0xb78/0x2170 [ 29.939566] do_page_fault+0xf6/0x8c0 [ 29.943349] ? p9pdu_writef+0xe0/0xe0 [ 29.947139] ? vmalloc_sync_all+0x30/0x30 [ 29.951269] ? ksys_dup3+0x690/0x690 [ 29.954962] ? check_same_owner+0x340/0x340 [ 29.959267] ? p9_fd_poll+0x2b0/0x2b0 [ 29.963056] ? kasan_kmalloc+0xc4/0xe0 [ 29.966925] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.971765] page_fault+0x1e/0x30 [ 29.975213] RIP: 0010:kfree+0xb2/0x260 [ 29.979078] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 a5 c1 a3 ff 49 63 75 74 48 89 df e8 59 60 a9 01 4c [ 29.998199] RSP: 0018:ffff8801ce6475d0 EFLAGS: 00010046 [ 30.003546] RAX: ffffea000022f488 RBX: ffffffff88bd22a4 RCX: ffffea000022f487 [ 30.010800] RDX: ffffea000022f480 RSI: ffffffff87700e50 RDI: ffffffff88bd22a4 [ 30.018078] RBP: ffff8801ce6475f0 R08: ffff8801b546a200 R09: ffffed0039cc8df8 [ 30.025341] R10: ffffed0036aab1b3 R11: 0000000000000001 R12: 0000000000000282 [ 30.032618] R13: 0000000000000000 R14: ffff8801ce647740 R15: ffff8801b5540380 [ 30.040089] ? p9_client_create+0xfb0/0x1770 [ 30.044494] p9_client_create+0xfea/0x1770 [ 30.048719] ? p9_client_read+0xc60/0xc60 [ 30.052855] ? lock_acquire+0x1e4/0x540 [ 30.056815] ? lock_acquire+0x1e4/0x540 [ 30.060778] ? fs_reclaim_acquire+0x20/0x20 [ 30.065089] ? lock_release+0xa30/0xa30 [ 30.069056] ? __lockdep_init_map+0x105/0x590 [ 30.073570] ? kasan_check_write+0x14/0x20 [ 30.077814] ? __init_rwsem+0x1cc/0x2a0 [ 30.081778] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 30.086806] ? __kmalloc_track_caller+0x311/0x760 [ 30.091638] ? save_stack+0xa9/0xd0 [ 30.095249] ? save_stack+0x43/0xd0 [ 30.098875] ? kasan_kmalloc+0xc4/0xe0 [ 30.102759] ? kmem_cache_alloc_trace+0x152/0x780 [ 30.107613] ? memcpy+0x45/0x50 [ 30.110896] v9fs_session_init+0x21a/0x1a80 [ 30.115303] ? rcu_note_context_switch+0x730/0x730 [ 30.120235] ? do_mount+0x69e/0x1fb0 [ 30.123938] ? lock_acquire+0x1e4/0x540 [ 30.127895] ? v9fs_show_options+0x7e0/0x7e0 [ 30.132289] ? lock_release+0xa30/0xa30 [ 30.136253] ? check_same_owner+0x340/0x340 [ 30.140558] ? lock_downgrade+0x8f0/0x8f0 [ 30.144728] ? kasan_unpoison_shadow+0x35/0x50 [ 30.149309] ? kasan_kmalloc+0xc4/0xe0 [ 30.153179] ? kmem_cache_alloc_trace+0x318/0x780 [ 30.158006] ? kasan_unpoison_shadow+0x35/0x50 [ 30.162587] ? kasan_kmalloc+0xc4/0xe0 [ 30.166477] v9fs_mount+0x7c/0x900 [ 30.170000] ? v9fs_drop_inode+0x150/0x150 [ 30.174228] legacy_get_tree+0x118/0x440 [ 30.178271] vfs_get_tree+0x1cb/0x5c0 [ 30.182065] do_mount+0x6c1/0x1fb0 [ 30.185586] ? check_same_owner+0x340/0x340 [ 30.189899] ? lock_release+0xa30/0xa30 [ 30.193865] ? copy_mount_string+0x40/0x40 [ 30.198104] ? kasan_kmalloc+0xc4/0xe0 [ 30.201976] ? kmem_cache_alloc_trace+0x318/0x780 [ 30.206809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.212331] ? _copy_from_user+0xdf/0x150 [ 30.216478] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.222000] ? copy_mount_options+0x285/0x380 [ 30.226486] ksys_mount+0x12d/0x140 [ 30.230108] __x64_sys_mount+0xbe/0x150 [ 30.234066] do_syscall_64+0x1b9/0x820 [ 30.237936] ? syscall_slow_exit_work+0x500/0x500 [ 30.242764] ? syscall_return_slowpath+0x5e0/0x5e0 [ 30.247676] ? syscall_return_slowpath+0x31d/0x5e0 [ 30.252594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.258116] ? prepare_exit_to_usermode+0x291/0x3b0 [ 30.263119] ? perf_trace_sys_enter+0xb10/0xb10 [ 30.267772] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.272621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.277793] RIP: 0033:0x440159 [ 30.280971] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 30.300124] RSP: 002b:00007ffdf085ce78 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 30.307825] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440159 [ 30.315120] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 30.322387] RBP: 00000000006ca018 R08: 00000000200001c0 R09: 00000000004002c8 [ 30.329652] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000004019e0 [ 30.336904] R13: 0000000000401a70 R14: 0000000000000000 R15: 0000000000000000 [ 30.344177] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074 [ 30.352293] PGD 1b508d067 P4D 1b508d067 PUD 1b5735067 PMD 0 [ 30.358089] Oops: 0000 [#1] SMP KASAN [ 30.361874] CPU: 0 PID: 4424 Comm: syz-executor926 Tainted: G W 4.18.0-rc4-next-20180712+ #6 [ 30.371740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.381105] RIP: 0010:kfree+0xb2/0x260 [ 30.384983] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 a5 c1 a3 ff 49 63 75 74 48 89 df e8 59 60 a9 01 4c [ 30.404648] RSP: 0018:ffff8801ce6475d0 EFLAGS: 00010046 [ 30.409996] RAX: ffffea000022f488 RBX: ffffffff88bd22a4 RCX: ffffea000022f487 [ 30.417252] RDX: ffffea000022f480 RSI: ffffffff87700e50 RDI: ffffffff88bd22a4 [ 30.424502] RBP: ffff8801ce6475f0 R08: ffff8801b546a200 R09: ffffed0039cc8df8 [ 30.431759] R10: ffffed0036aab1b3 R11: 0000000000000001 R12: 0000000000000282 [ 30.439026] R13: 0000000000000000 R14: ffff8801ce647740 R15: ffff8801b5540380 [ 30.446302] FS: 000000000268c880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 30.454511] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.460380] CR2: 0000000000000074 CR3: 00000001b515d000 CR4: 00000000001406f0 [ 30.467633] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.474909] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.482156] Call Trace: [ 30.484745] p9_client_create+0xfea/0x1770 [ 30.488965] ? p9_client_read+0xc60/0xc60 [ 30.493101] ? lock_acquire+0x1e4/0x540 [ 30.497076] ? lock_acquire+0x1e4/0x540 [ 30.501056] ? fs_reclaim_acquire+0x20/0x20 [ 30.505390] ? lock_release+0xa30/0xa30 [ 30.509349] ? __lockdep_init_map+0x105/0x590 [ 30.513851] ? kasan_check_write+0x14/0x20 [ 30.518069] ? __init_rwsem+0x1cc/0x2a0 [ 30.522110] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 30.527108] ? __kmalloc_track_caller+0x311/0x760 [ 30.531940] ? save_stack+0xa9/0xd0 [ 30.535551] ? save_stack+0x43/0xd0 [ 30.539165] ? kasan_kmalloc+0xc4/0xe0 [ 30.543046] ? kmem_cache_alloc_trace+0x152/0x780 [ 30.547877] ? memcpy+0x45/0x50 [ 30.551147] v9fs_session_init+0x21a/0x1a80 [ 30.555470] ? rcu_note_context_switch+0x730/0x730 [ 30.560384] ? do_mount+0x69e/0x1fb0 [ 30.564085] ? lock_acquire+0x1e4/0x540 [ 30.568045] ? v9fs_show_options+0x7e0/0x7e0 [ 30.572454] ? lock_release+0xa30/0xa30 [ 30.576416] ? check_same_owner+0x340/0x340 [ 30.580721] ? lock_downgrade+0x8f0/0x8f0 [ 30.584868] ? kasan_unpoison_shadow+0x35/0x50 [ 30.589442] ? kasan_kmalloc+0xc4/0xe0 [ 30.593316] ? kmem_cache_alloc_trace+0x318/0x780 [ 30.598141] ? kasan_unpoison_shadow+0x35/0x50 [ 30.602707] ? kasan_kmalloc+0xc4/0xe0 [ 30.606593] v9fs_mount+0x7c/0x900 [ 30.610115] ? v9fs_drop_inode+0x150/0x150 [ 30.614447] legacy_get_tree+0x118/0x440 [ 30.618493] vfs_get_tree+0x1cb/0x5c0 [ 30.622277] do_mount+0x6c1/0x1fb0 [ 30.625803] ? check_same_owner+0x340/0x340 [ 30.630119] ? lock_release+0xa30/0xa30 [ 30.634080] ? copy_mount_string+0x40/0x40 [ 30.638298] ? kasan_kmalloc+0xc4/0xe0 [ 30.642191] ? kmem_cache_alloc_trace+0x318/0x780 [ 30.647029] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 30.652576] ? _copy_from_user+0xdf/0x150 [ 30.656713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.662232] ? copy_mount_options+0x285/0x380 [ 30.666734] ksys_mount+0x12d/0x140 [ 30.670348] __x64_sys_mount+0xbe/0x150 [ 30.674309] do_syscall_64+0x1b9/0x820 [ 30.678183] ? syscall_slow_exit_work+0x500/0x500 [ 30.683033] ? syscall_return_slowpath+0x5e0/0x5e0 [ 30.687970] ? syscall_return_slowpath+0x31d/0x5e0 [ 30.692885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 30.698441] ? prepare_exit_to_usermode+0x291/0x3b0 [ 30.703454] ? perf_trace_sys_enter+0xb10/0xb10 [ 30.708130] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.712979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.718161] RIP: 0033:0x440159 [ 30.721330] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 30.740484] RSP: 002b:00007ffdf085ce78 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 30.748197] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440159 [ 30.755480] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 30.762743] RBP: 00000000006ca018 R08: 00000000200001c0 R09: 00000000004002c8 [ 30.770008] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000004019e0 [ 30.777290] R13: 0000000000401a70 R14: 0000000000000000 R15: 0000000000000000 [ 30.784566] Modules linked in: [ 30.787745] Dumping ftrace buffer: [ 30.791262] (ftrace buffer empty) [ 30.794958] CR2: 0000000000000074 [ 30.798412] ---[ end trace 37e94e4184b6692c ]--- [ 30.803165] RIP: 0010:kfree+0xb2/0x260 [ 30.807033] Code: 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 48 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 <49> 63 75 74 e8 a5 c1 a3 ff 49 63 75 74 48 89 df e8 59 60 a9 01 4c [ 30.826190] RSP: 0018:ffff8801ce6475d0 EFLAGS: 00010046 [ 30.831570] RAX: ffffea000022f488 RBX: ffffffff88bd22a4 RCX: ffffea000022f487 [ 30.838830] RDX: ffffea000022f480 RSI: ffffffff87700e50 RDI: ffffffff88bd22a4 [ 30.846084] RBP: ffff8801ce6475f0 R08: ffff8801b546a200 R09: ffffed0039cc8df8 [ 30.853345] R10: ffffed0036aab1b3 R11: 0000000000000001 R12: 0000000000000282 [ 30.860595] R13: 0000000000000000 R14: ffff8801ce647740 R15: ffff8801b5540380 [ 30.867847] FS: 000000000268c880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 30.876065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.881935] CR2: 0000000000000074 CR3: 00000001b515d000 CR4: 00000000001406f0 [ 30.889202] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.896456] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.903710] Kernel panic - not syncing: Fatal exception [ 30.909714] Dumping ftrace buffer: [ 30.913238] (ftrace buffer empty) [ 30.916924] Kernel Offset: disabled [ 30.920530] Rebooting in 86400 seconds..