[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.820905] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.014859] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.964371] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available) [ 35.766893] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) [ 35.887817] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts. [ 41.284009] IPVS: Creating netns size=2552 id=1 executing program executing program [ 41.307219] IPVS: Creating netns size=2552 id=2 [ 41.328246] kasan: CONFIG_KASAN_INLINE enabled [ 41.332638] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 41.345523] Dumping ftrace buffer: [ 41.349031] (ftrace buffer empty) [ 41.352358] IPVS: Creating netns size=2552 id=3 [ 41.357341] Modules linked in: [ 41.360632] CPU: 0 PID: 3670 Comm: syzkaller680556 Not tainted 4.4.118-g239a415 #25 [ 41.368395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.368599] kasan: CONFIG_KASAN_INLINE enabled [ 41.382258] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 41.382258] task: ffff8801cbb23000 task.stack: ffff8800b5810000 [ 41.395601] RIP: 0010:[] [] __free_pages+0x21/0x90 [ 41.403830] RSP: 0018:ffff8800b58179f0 EFLAGS: 00010a07 [ 41.409256] RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff825b855b [ 41.416492] RDX: 1bd5a9d5a0000003 RSI: 0000000000000006 RDI: dead4ead0000001c [ 41.423732] RBP: ffff8800b5817a00 R08: 0000000048000000 R09: 0000000000001e30 [ 41.430968] R10: 0000000000002100 R11: 1ffff10016b02f1c R12: 0000000000000004 [ 41.438205] R13: 0000000000000020 R14: ffff8801d9834200 R15: dffffc0000000000 [ 41.445452] FS: 00007f73de234700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 41.453647] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.459495] CR2: 0000000020e94000 CR3: 00000001d102a000 CR4: 0000000000160670 [ 41.466737] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.473976] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.481214] Stack: [ 41.483331] 0000000000000246 ffff8801d9834358 ffff8800b5817a60 ffffffff825b8581 [ 41.491294] ffff8801d9834370 ffffed003b30686b ffffed003b30686e ffff8801d9834368 [ 41.499275] dead4ead00000000 ffff8801d9834340 0000000000000000 0000000000000000 [ 41.507238] Call Trace: [ 41.509798] [] sg_remove_scat.isra.17+0x1c1/0x2d0 [ 41.516260] [] sg_finish_rem_req+0x2b5/0x340 [ 41.522286] [] sg_new_read.isra.18+0x17d/0x3c0 [ 41.528485] [] sg_read+0x8bc/0x1490 [ 41.533740] [] ? __check_object_size+0x154/0x35b [ 41.540113] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 41.546744] [] ? fsnotify+0xee0/0xee0 [ 41.552162] [] ? avc_policy_seqno+0x9/0x20 [ 41.558013] [] do_loop_readv_writev+0x141/0x1e0 [ 41.564299] [] ? security_file_permission+0x89/0x1e0 [ 41.571017] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 41.577648] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 41.584278] [] do_readv_writev+0x5dd/0x6e0 [ 41.590128] [] ? vfs_write+0x530/0x530 [ 41.595631] [] ? sg_ioctl+0x29f0/0x29f0 [ 41.601221] [] ? __vfs_write+0x10b/0x450 [ 41.606902] [] ? quarantine_put+0xab/0x180 [ 41.612754] [] ? __fget+0x213/0x3b0 [ 41.618008] [] ? __fget+0x23a/0x3b0 [ 41.623252] [] ? __fget+0x47/0x3b0 [ 41.628410] [] vfs_readv+0x78/0xb0 [ 41.633568] [] SyS_readv+0xd9/0x240 [ 41.638809] [] ? rw_copy_check_uvector+0x2b0/0x2b0 [ 41.645353] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 41.651813] [] entry_SYSCALL_64_fastpath+0x1c/0x98 executing program [ 41.658354] Code: c6 a0 0c 00 e9 78 fd ff ff 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 49 [ 41.685027] RIP [] __free_pages+0x21/0x90 [ 41.690908] RSP [ 41.694513] general protection fault: 0000 [#2] [ 41.694800] ---[ end trace ff49899e65d9649c ]--- [ 41.694803] Kernel panic - not syncing: Fatal exception [ 41.709137] PREEMPT SMP KASAN [ 41.712847] Dumping ftrace buffer: [ 41.716354] (ftrace buffer empty) [ 41.720030] Modules linked in: [ 41.723306] CPU: 1 PID: 3673 Comm: syzkaller680556 Tainted: G D 4.4.118-g239a415 #25 [ 41.732282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.741608] task: ffff8801cd7f0000 task.stack: ffff8801cd7f8000 [ 41.747632] RIP: 0010:[] [] __free_pages+0x21/0x90 [ 41.755866] RSP: 0018:ffff8801cd7ff9f0 EFLAGS: 00010a07 [ 41.761282] RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff825b855b [ 41.768524] RDX: 1bd5a9d5a0000003 RSI: 0000000000000006 RDI: dead4ead0000001c [ 41.775770] RBP: ffff8801cd7ffa00 R08: 0000000048000000 R09: 0000000000001e30 [ 41.783006] R10: 0000000000002100 R11: 1ffff10039afff1c R12: 0000000000000004 [ 41.790245] R13: 0000000000000020 R14: ffff8801d9592100 R15: dffffc0000000000 [ 41.797483] FS: 00007f73de213700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 41.805673] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.811523] CR2: 00007f73de212e78 CR3: 00000001d102a000 CR4: 0000000000160670 [ 41.818766] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.826006] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.833247] Stack: [ 41.835371] 0000000000000246 ffff8801d9592258 ffff8801cd7ffa60 ffffffff825b8581 [ 41.843341] ffff8801d9592270 ffffed003b2b244b ffffed003b2b244e ffff8801d9592268 [ 41.851310] dead4ead00000000 ffff8801d9592240 0000000000000000 0000000000000000 [ 41.859274] Call Trace: [ 41.861834] [] sg_remove_scat.isra.17+0x1c1/0x2d0 [ 41.868295] [] sg_finish_rem_req+0x2b5/0x340 [ 41.874319] [] sg_new_read.isra.18+0x17d/0x3c0 [ 41.880516] [] sg_read+0x8bc/0x1490 [ 41.885760] [] ? __check_object_size+0x154/0x35b [ 41.892129] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 41.898761] [] ? fsnotify+0xee0/0xee0 [ 41.904183] [] ? avc_policy_seqno+0x9/0x20 [ 41.910036] [] do_loop_readv_writev+0x141/0x1e0 [ 41.916325] [] ? security_file_permission+0x89/0x1e0 [ 41.923044] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 41.929677] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 41.936311] [] do_readv_writev+0x5dd/0x6e0 [ 41.942163] [] ? vfs_write+0x530/0x530 [ 41.947665] [] ? sg_ioctl+0x29f0/0x29f0 [ 41.953256] [] ? __vfs_write+0x10b/0x450 [ 41.958934] [] ? __fget+0x47/0x3b0 [ 41.964094] [] ? avc_policy_seqno+0x9/0x20 [ 41.969944] [] ? __fget+0x213/0x3b0 [ 41.975186] [] ? __fget+0x23a/0x3b0 [ 41.980426] [] ? __fget+0x47/0x3b0 [ 41.985583] [] vfs_readv+0x78/0xb0 [ 41.990742] [] SyS_readv+0xd9/0x240 [ 41.995984] [] ? rw_copy_check_uvector+0x2b0/0x2b0 [ 42.002530] [] ? finish_task_switch+0x1e7/0x4e0 [ 42.008817] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 42.015282] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 42.021824] Code: c6 a0 0c 00 e9 78 fd ff ff 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 49 [ 42.048377] RIP [] __free_pages+0x21/0x90 [ 42.054257] RSP [ 42.058186] Dumping ftrace buffer: [ 42.061717] (ftrace buffer empty) [ 42.065394] Kernel Offset: disabled [ 42.068989] Rebooting in 86400 seconds..