[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 17.629513] random: sshd: uninitialized urandom read (32 bytes read, 29 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.093348] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 20.334802] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 21.315442] random: nonblocking pool is initialized Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. 2018/04/06 05:40:46 parsed 1 programs 2018/04/06 05:40:46 executed programs: 0 [ 44.610360] IPVS: Creating netns size=2552 id=1 [ 44.649758] IPVS: Creating netns size=2552 id=2 RESULT: signal 0, coverage 0 errno 9 [ 44.687543] IPVS: Creating netns size=2552 id=3 [ 44.732684] IPVS: Creating netns size=2552 id=4 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 [ 44.759923] IPVS: Creating netns size=2552 id=5 [ 44.798287] IPVS: Creating netns size=2552 id=6 RESULT: signal 0, coverage 0 errno 9 [ 44.825160] IPVS: Creating netns size=2552 id=7 RESULT: signal 0, coverage 0 errno 9 [ 44.857183] IPVS: Creating netns size=2552 id=8 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 RESULT: signal 0, coverage 0 errno 9 [ 49.437686] kasan: CONFIG_KASAN_INLINE enabled[ 49.437812] BUG: spinlock bad magic on CPU#1, syz-executor6/3969 [ 49.437818] lock: 0xffff8801d87d8018, .magic: dead4eac, .owner: /-1, .owner_cpu: -1 [ 49.437822] CPU: 1 PID: 3969 Comm: syz-executor6 Not tainted 4.4.125-g38f41ec #21 [ 49.437824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.437826] 0000000000000000 1523322be9e1861b ffff8801db3078d8 ffffffff81d067bd [ 49.437831] ffff8801d87d8018 ffff8801c9d8c800 0000000000000001 0000000000000001 [ 49.437835] 0000000000000000 ffff8801db307918 ffffffff81246f8d 0000000000000000 [ 49.437839] Call Trace: [ 49.437841] [] dump_stack+0xc1/0x124 [ 49.437855] [] spin_dump+0x14d/0x280 [ 49.437859] [] do_raw_spin_lock+0x228/0x2c0 [ 49.437865] [] _raw_spin_lock_irqsave+0x56/0x70 [ 49.437870] [] ? __wake_up+0x1e/0x50 [ 49.437873] [] __wake_up+0x1e/0x50 [ 49.437880] [] sg_rq_end_io+0x5dc/0xbc0 [ 49.437883] [] ? sg_release+0x1f0/0x1f0 [ 49.437888] [] ? blk_account_io_done+0xb1/0x860 [ 49.437891] [] ? blk_update_request+0x64e/0xce0 [ 49.437894] [] ? sg_release+0x1f0/0x1f0 [ 49.437900] [] __blk_mq_end_request+0x54/0xc0 [ 49.437905] [] scsi_end_request+0x135/0x5b0 [ 49.437910] [] scsi_io_completion+0x15c3/0x1710 [ 49.437913] [] ? scsi_unblock_requests+0x50/0x50 [ 49.437917] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.437921] [] scsi_finish_command+0x3af/0x520 [ 49.437925] [] scsi_softirq_done+0x250/0x350 [ 49.437929] [] __blk_mq_complete_request+0x205/0x500 [ 49.437933] [] blk_mq_complete_request+0x5b/0x70 [ 49.437936] [] scsi_mq_done+0xfb/0x3c0 [ 49.437941] [] virtscsi_complete_cmd+0x5cf/0x7f0 [ 49.437945] [] ? virtscsi_remove+0x140/0x140 [ 49.437948] [] virtscsi_vq_done+0xc9/0x170 [ 49.437952] [] ? virtscsi_target_destroy+0x50/0x50 [ 49.437956] [] virtscsi_req_done+0xa7/0xd0 [ 49.437959] [] ? virtscsi_vq_done+0x170/0x170 [ 49.437964] [] vring_interrupt+0x109/0x150 [ 49.437968] [] ? vring_new_virtqueue+0x7c0/0x7c0 [ 49.437973] [] handle_irq_event_percpu+0xf1/0x960 [ 49.437977] [] handle_irq_event+0xa7/0x140 [ 49.437980] [] handle_edge_irq+0x1fa/0x8e0 [ 49.437990] [] handle_irq+0x250/0x3a0 [ 49.437995] [] ? check_preemption_disabled+0x3b/0x200 [ 49.438000] [] do_IRQ+0x89/0x1b0 [ 49.438003] [] common_interrupt+0xa0/0xa0 [ 49.438005] [] ? clear_page_c_e+0x7/0x10 [ 49.438016] [] ? clear_huge_page+0xee/0x480 [ 49.438019] [] ? __raw_spin_lock_init+0x2d/0x100 [ 49.438025] [] do_huge_pmd_anonymous_page+0x270/0xa10 [ 49.438028] [] handle_mm_fault+0x271a/0x3190 [ 49.438032] [] ? copy_page_range+0x1480/0x1480 [ 49.438036] [] ? vmacache_find+0x57/0x290 [ 49.438041] [] __do_page_fault+0x35b/0xa00 [ 49.438045] [] do_page_fault+0x27/0x30 [ 49.438049] [] page_fault+0x28/0x30 [ 49.776914] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 49.789825] Dumping ftrace buffer: [ 49.793333] (ftrace buffer empty) [ 49.797017] Modules linked in: [ 49.800298] CPU: 1 PID: 3968 Comm: syz-executor0 Not tainted 4.4.125-g38f41ec #21 [ 49.807897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.817219] task: ffff8801c95bc800 task.stack: ffff8800bab78000 [ 49.823244] RIP: 0010:[] [] __free_pages+0x21/0x90 [ 49.831486] RSP: 0018:ffff8800bab7f968 EFLAGS: 00010a07 [ 49.836903] RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff825bb1fb [ 49.844142] RDX: 1bd5a9d5a0000003 RSI: 0000000000000006 RDI: dead4ead0000001c [ 49.851380] RBP: ffff8800bab7f978 R08: 0000000048000000 R09: 0000000000001e30 [ 49.858618] R10: 0000000000002100 R11: 1ffff1001756ff0a R12: 0000000000000004 [ 49.865857] R13: 0000000000000020 R14: ffff8800bb24a100 R15: dffffc0000000000 [ 49.873107] FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000098ac900 [ 49.881300] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 49.887149] CR2: 00007f9f188466f0 CR3: 00000000bae5a000 CR4: 0000000000160670 [ 49.894391] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.901629] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.908870] Stack: [ 49.910987] 0000000000000246 ffff8800bb24a258 ffff8800bab7f9d8 ffffffff825bb221 [ 49.918957] ffff8800bb24a270 ffffed001764944b ffffed001764944e ffff8800bb24a268 [ 49.926921] dead4ead00000000 ffff8800bb24a240 0000000000000000 0000000000000000 [ 49.934887] Call Trace: [ 49.937444] [] sg_remove_scat.isra.17+0x1c1/0x2d0 [ 49.943918] [] sg_finish_rem_req+0x2a6/0x320 [ 49.949944] [] sg_new_read+0x18b/0x420 [ 49.955466] [] sg_read+0x8cf/0x14d0 [ 49.960712] [] ? compat_rw_copy_check_uvector+0x83/0x340 [ 49.967779] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 49.974410] [] ? fsnotify+0xee0/0xee0 [ 49.979828] [] ? avc_policy_seqno+0x9/0x20 [ 49.985688] [] do_loop_readv_writev+0x141/0x1e0 [ 49.991976] [] ? security_file_permission+0x89/0x1e0 [ 49.998696] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 50.005330] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 50.011966] [] compat_do_readv_writev+0x5df/0x6e0 [ 50.018427] [] ? vfs_writev+0xb0/0xb0 [ 50.023847] [] ? exit_robust_list+0x240/0x240 [ 50.029962] [] ? _raw_spin_unlock+0x2c/0x50 [ 50.035914] [] ? do_huge_pmd_anonymous_page+0x3dd/0xa10 [ 50.042898] [] ? handle_mm_fault+0x3f2/0x3190 [ 50.049023] [] compat_readv+0xd9/0x140 [ 50.054528] [] compat_SyS_readv+0xd8/0x1b0 [ 50.060392] [] ? SyS_pwritev+0x230/0x230 [ 50.066073] [] ? do_fast_syscall_32+0xd7/0x8a0 [ 50.072270] [] ? SyS_pwritev+0x230/0x230 [ 50.077959] [] do_fast_syscall_32+0x321/0x8a0 [ 50.084084] [] sysenter_flags_fixed+0xd/0x17 RESULT: signal 0, coverage 0 errno 9 2018/04/06 05:40:52 executed programs: 108 [ 50.090111] Code: c6 a0 0c 00 e9 78 fd ff ff 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 49 [ 50.116842] RIP [] __free_pages+0x21/0x90 [ 50.122728] RSP [ 50.130517] ---[ end trace f89816a2818043ed ]--- [ 50.137771] Kernel panic - not syncing: Fatal exception [ 50.143500] Dumping ftrace buffer: [ 50.147031] (ftrace buffer empty) [ 50.150725] Kernel Offset: disabled [ 50.154336] Rebooting in 86400 seconds..