[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.219964] random: sshd: uninitialized urandom read (32 bytes read) [ 33.542982] audit: type=1400 audit(1537853882.012:6): avc: denied { map } for pid=5480 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.573931] sshd (5478) used greatest stack depth: 16232 bytes left [ 33.603702] random: sshd: uninitialized urandom read (32 bytes read) [ 34.240545] random: sshd: uninitialized urandom read (32 bytes read) [ 41.951318] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. [ 47.804125] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 47.942240] audit: type=1400 audit(1537853896.412:7): avc: denied { map } for pid=5495 comm="syz-executor702" path="/root/syz-executor702105774" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.963740] IPVS: ftp: loaded support on port[0] = 21 [ 48.076358] FAULT_INJECTION: forcing a failure. [ 48.076358] name failslab, interval 1, probability 0, space 0, times 1 [ 48.087773] CPU: 0 PID: 5498 Comm: syz-executor702 Not tainted 4.19.0-rc5+ #31 [ 48.095161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.104599] Call Trace: [ 48.107206] dump_stack+0x1c4/0x2b4 [ 48.110847] ? dump_stack_print_info.cold.2+0x52/0x52 [ 48.116046] should_fail.cold.4+0xa/0x17 [ 48.120286] ? blk_mq_realloc_hw_ctxs+0x10d/0x1360 [ 48.125350] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 48.130583] ? mutex_trylock+0x2b0/0x2b0 [ 48.134790] ? graph_lock+0x170/0x170 [ 48.138593] ? blk_mq_sysfs_unregister+0x1af/0x210 [ 48.143635] ? lock_downgrade+0x900/0x900 [ 48.147923] ? graph_lock+0x170/0x170 [ 48.151847] ? __lock_is_held+0xb5/0x140 [ 48.155929] ? kernfs_put+0x427/0x760 [ 48.159760] ? find_held_lock+0x36/0x1c0 [ 48.163828] ? __lock_is_held+0xb5/0x140 [ 48.167990] ? ___might_sleep+0x1ed/0x300 [ 48.172143] ? arch_local_save_flags+0x40/0x40 [ 48.176837] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.182603] __should_failslab+0x124/0x180 [ 48.186845] should_failslab+0x9/0x14 [ 48.190644] kmem_cache_alloc_node_trace+0x270/0x740 [ 48.195741] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.201291] ? find_next_bit+0x104/0x130 [ 48.205751] __kmalloc_node+0x33/0x70 [ 48.209555] blk_mq_realloc_hw_ctxs+0x2c1/0x1360 [ 48.214313] ? kfree+0x107/0x230 [ 48.218237] ? kfree+0x107/0x230 [ 48.221749] ? blk_mq_free_map_and_requests+0x160/0x160 [ 48.227117] ? wait_for_completion+0x8a0/0x8a0 [ 48.231842] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 48.236977] ? find_next_bit+0x104/0x130 [ 48.241042] ? cpumask_next+0x41/0x50 [ 48.244864] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 48.249879] ? blk_mq_map_queues+0x283/0x320 [ 48.254313] ? blk_mq_update_queue_map+0x188/0x210 [ 48.259367] blk_mq_update_nr_hw_queues+0xaa5/0xe50 [ 48.264389] ? blk_mq_init_queue+0xb0/0xb0 [ 48.268780] ? __lock_acquire+0x7ec/0x4ec0 [ 48.273106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.278650] ? cred_has_capability+0x1e1/0x430 [ 48.283388] ? selinux_ipv4_output+0x50/0x50 [ 48.287798] ? mark_held_locks+0x130/0x130 [ 48.292036] nbd_start_device+0x1d2/0xcd0 [ 48.296183] ? selinux_capable+0x36/0x40 [ 48.300367] ? sock_shutdown+0x250/0x250 [ 48.304433] nbd_ioctl+0x6af/0xd40 [ 48.307971] ? avc_has_extended_perms+0x8cb/0x15a0 [ 48.312899] ? nbd_release+0x140/0x140 [ 48.316790] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 48.322716] ? kasan_check_read+0x11/0x20 [ 48.326954] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 48.332229] ? rcu_bh_qs+0xc0/0xc0 [ 48.335795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.341440] ? avc_has_extended_perms+0xab2/0x15a0 [ 48.346502] ? nbd_release+0x140/0x140 [ 48.350391] blkdev_ioctl+0x9ac/0x2010 [ 48.354298] ? blkpg_ioctl+0xc10/0xc10 [ 48.358404] ? avc_ss_reset+0x190/0x190 [ 48.362503] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 48.368493] ? kasan_check_read+0x11/0x20 [ 48.372800] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 48.378079] ? rcu_bh_qs+0xc0/0xc0 [ 48.381685] ? ___might_sleep+0x1ed/0x300 [ 48.385831] ? arch_local_save_flags+0x40/0x40 [ 48.390685] block_ioctl+0xee/0x130 [ 48.394423] ? blkdev_fallocate+0x400/0x400 [ 48.398866] do_vfs_ioctl+0x1de/0x1720 [ 48.402756] ? ioctl_preallocate+0x300/0x300 [ 48.407167] ? selinux_file_mprotect+0x620/0x620 [ 48.412055] ? __sb_end_write+0xd9/0x110 [ 48.416122] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.421789] ? fput+0x130/0x1a0 [ 48.425075] ? do_syscall_64+0x9a/0x820 [ 48.429048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.434579] ? security_file_ioctl+0x94/0xc0 [ 48.438989] ksys_ioctl+0xa9/0xd0 [ 48.442439] __x64_sys_ioctl+0x73/0xb0 [ 48.446536] do_syscall_64+0x1b9/0x820 [ 48.450662] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.456030] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.460956] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.465810] ? trace_hardirqs_on_caller+0x310/0x310 [ 48.470826] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.475857] ? prepare_exit_to_usermode+0x291/0x3b0 [ 48.480877] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.485720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.490902] RIP: 0033:0x44a429 [ 48.494093] Code: e8 ac b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.512990] RSP: 002b:00007f2a2bb33d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.520695] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044a429 [ 48.527957] RDX: 0000000000000002 RSI: 000000000000ab03 RDI: 0000000000000004 [ 48.535223] RBP: 00000000006dbc20 R08: 0000000000000001 R09: 0000000000000032 [ 48.542622] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 48.549995] R13: 00007f2a2bb33d80 R14: ffffffffffffffff R15: 0000000000000005 [ 48.560785] BUG: unable to handle kernel NULL pointer dereference at 0000000000000118 [ 48.568906] PGD 1cdc72067 P4D 1cdc72067 PUD 1cdeb4067 PMD 0 [ 48.574710] Oops: 0002 [#1] PREEMPT SMP KASAN [ 48.579201] CPU: 0 PID: 5498 Comm: syz-executor702 Not tainted 4.19.0-rc5+ #31 [ 48.586719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.596206] RIP: 0010:blk_mq_map_swqueue+0x29c/0xa70 [ 48.601418] Code: 80 3c 1a 00 0f 85 fa 06 00 00 44 89 ee bf 3f 00 00 00 4d 8b 24 24 e8 33 01 03 fe 41 83 fd 3f 0f 87 1c 05 00 00 e8 14 00 03 fe 4d 0f ab b4 24 18 01 00 00 49 8d bc 24 74 01 00 00 48 89 fa 48 [ 48.620555] RSP: 0018:ffff8801cedaf4e0 EFLAGS: 00010293 [ 48.625932] RAX: ffff8801c4f80400 RBX: dffffc0000000000 RCX: ffffffff837be3fd [ 48.633309] RDX: 0000000000000000 RSI: ffffffff837be40c RDI: 0000000000000005 [ 48.640796] RBP: ffff8801cedaf550 R08: ffff8801c4f80400 R09: 0000000000000000 [ 48.648060] R10: ffffed003a31dff0 R11: ffff8801d18eff83 R12: 0000000000000000 [ 48.655432] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8801d1fd7000 [ 48.662835] FS: 00007f2a2bb34700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 [ 48.671054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.677020] CR2: 0000000000000118 CR3: 00000001c55c5000 CR4: 00000000001406f0 [ 48.684487] Call Trace: [ 48.687074] ? blk_mq_sysfs_unregister+0x197/0x210 [ 48.692006] blk_mq_update_nr_hw_queues+0xb2a/0xe50 [ 48.697023] ? blk_mq_init_queue+0xb0/0xb0 [ 48.701297] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.706946] ? cred_has_capability+0x1e1/0x430 [ 48.711544] ? selinux_ipv4_output+0x50/0x50 [ 48.716158] ? mark_held_locks+0x130/0x130 [ 48.720396] nbd_start_device+0x1d2/0xcd0 [ 48.724636] ? selinux_capable+0x36/0x40 [ 48.728697] ? sock_shutdown+0x250/0x250 [ 48.732756] nbd_ioctl+0x6af/0xd40 [ 48.736307] ? avc_has_extended_perms+0x8cb/0x15a0 [ 48.741369] ? nbd_release+0x140/0x140 [ 48.745301] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 48.751474] ? kasan_check_read+0x11/0x20 [ 48.755627] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 48.760976] ? rcu_bh_qs+0xc0/0xc0 [ 48.764524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.770061] ? avc_has_extended_perms+0xab2/0x15a0 [ 48.774993] ? nbd_release+0x140/0x140 [ 48.778889] blkdev_ioctl+0x9ac/0x2010 [ 48.783001] ? blkpg_ioctl+0xc10/0xc10 [ 48.786892] ? avc_ss_reset+0x190/0x190 [ 48.790864] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 48.796654] ? kasan_check_read+0x11/0x20 [ 48.800800] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 48.806076] ? rcu_bh_qs+0xc0/0xc0 [ 48.809622] ? ___might_sleep+0x1ed/0x300 [ 48.813768] ? arch_local_save_flags+0x40/0x40 [ 48.818351] block_ioctl+0xee/0x130 [ 48.821973] ? blkdev_fallocate+0x400/0x400 [ 48.826307] do_vfs_ioctl+0x1de/0x1720 [ 48.830200] ? ioctl_preallocate+0x300/0x300 [ 48.834609] ? selinux_file_mprotect+0x620/0x620 [ 48.839360] ? __sb_end_write+0xd9/0x110 [ 48.843422] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.848959] ? fput+0x130/0x1a0 [ 48.852249] ? do_syscall_64+0x9a/0x820 [ 48.856370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.861989] ? security_file_ioctl+0x94/0xc0 [ 48.866403] ksys_ioctl+0xa9/0xd0 [ 48.869926] __x64_sys_ioctl+0x73/0xb0 [ 48.873888] do_syscall_64+0x1b9/0x820 [ 48.877782] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.883234] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.888182] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.893022] ? trace_hardirqs_on_caller+0x310/0x310 [ 48.898041] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.903160] ? prepare_exit_to_usermode+0x291/0x3b0 [ 48.908185] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.913108] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.918312] RIP: 0033:0x44a429 [ 48.921509] Code: e8 ac b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.940500] RSP: 002b:00007f2a2bb33d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.948314] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044a429 [ 48.955582] RDX: 0000000000000002 RSI: 000000000000ab03 RDI: 0000000000000004 [ 48.963007] RBP: 00000000006dbc20 R08: 0000000000000001 R09: 0000000000000032 [ 48.970298] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 48.977659] R13: 00007f2a2bb33d80 R14: ffffffffffffffff R15: 0000000000000005 [ 48.985148] Modules linked in: [ 48.988347] CR2: 0000000000000118 [ 48.992542] ---[ end trace cca4d386a05f3868 ]--- [ 48.997354] RIP: 0010:blk_mq_map_swqueue+0x29c/0xa70 [ 49.002459] Code: 80 3c 1a 00 0f 85 fa 06 00 00 44 89 ee bf 3f 00 00 00 4d 8b 24 24 e8 33 01 03 fe 41 83 fd 3f 0f 87 1c 05 00 00 e8 14 00 03 fe 4d 0f ab b4 24 18 01 00 00 49 8d bc 24 74 01 00 00 48 89 fa 48 [ 49.021414] RSP: 0018:ffff8801cedaf4e0 EFLAGS: 00010293 [ 49.027226] RAX: ffff8801c4f80400 RBX: dffffc0000000000 RCX: ffffffff837be3fd [ 49.034649] RDX: 0000000000000000 RSI: ffffffff837be40c RDI: 0000000000000005 [ 49.041992] RBP: ffff8801cedaf550 R08: ffff8801c4f80400 R09: 0000000000000000 [ 49.049321] R10: ffffed003a31dff0 R11: ffff8801d18eff83 R12: 0000000000000000 [ 49.056750] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8801d1fd7000 [ 49.064038] FS: 00007f2a2bb34700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 [ 49.072430] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.078342] CR2: 0000000000000118 CR3: 00000001c55c5000 CR4: 00000000001406f0 [ 49.085772] Kernel panic - not syncing: Fatal exception [ 49.092311] Kernel Offset: disabled [ 49.095947] Rebooting in 86400 seconds..