[ 17.536566] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.248892] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 21.531765] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 22.440442] random: sshd: uninitialized urandom read (32 bytes read, 114 bits of entropy available) [ 22.621558] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available) Warning: Permanently added '10.128.15.217' (ECDSA) to the list of known hosts. [ 28.651686] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) executing program [ 28.763079] sg_write: data in/out 30202/1 bytes for SCSI command 0x2c-- guessing data in; [ 28.763079] program syzkaller089051 not setting count and/or reply_len properly [ 28.780664] kasan: CONFIG_KASAN_INLINE enabled [ 28.785061] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 28.797949] Dumping ftrace buffer: [ 28.801506] (ftrace buffer empty) [ 28.805185] Modules linked in: [ 28.808470] CPU: 0 PID: 3325 Comm: syzkaller089051 Not tainted 4.4.110-gdac1439 #20 [ 28.816234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.825561] task: ffff8800b56c4740 task.stack: ffff8801d0c58000 [ 28.831582] RIP: 0010:[] [] __free_pages+0x21/0x90 [ 28.839813] RSP: 0018:ffff8801d0c5f9f0 EFLAGS: 00010a07 [ 28.845240] RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff825b9c5b [ 28.852484] RDX: 1bd5a9d5a0000003 RSI: 0000000000000001 RDI: dead4ead0000001c [ 28.859723] RBP: ffff8801d0c5fa00 R08: 0000000000000001 R09: 0000000000000001 [ 28.866969] R10: 0000000000000000 R11: 1ffff1003a18bf1c R12: 0000000000000004 [ 28.874215] R13: 0000000000000020 R14: ffff8800b3d00000 R15: dffffc0000000000 [ 28.881455] FS: 00000000012b6880(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 28.889658] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.895509] CR2: 0000000020aaaf6b CR3: 00000000b7c3e000 CR4: 0000000000160670 [ 28.902768] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.910017] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.917255] Stack: [ 28.919370] ffffffff837761e9 ffff8800b3d00158 ffff8801d0c5fa60 ffffffff825b9c81 [ 28.927319] ffff8800b3d00170 ffffed00167a002b ffffed00167a002e ffff8800b3d00168 [ 28.935274] dead4ead00000000 ffff8800b3d00140 0000000000000000 0000000000000000 [ 28.943239] Call Trace: [ 28.945797] [] ? retint_kernel+0x2d/0x2d [ 28.951483] [] sg_remove_scat.isra.17+0x1c1/0x2d0 [ 28.957946] [] sg_finish_rem_req+0x2b5/0x340 [ 28.963969] [] sg_new_read.isra.18+0x336/0x3c0 [ 28.970164] [] sg_read+0x8c2/0x1490 [ 28.975408] [] ? __check_object_size+0x154/0x35b [ 28.981787] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 28.988506] [] ? fsnotify+0xee0/0xee0 [ 28.994016] [] ? avc_policy_seqno+0x9/0x20 [ 28.999876] [] do_loop_readv_writev+0x141/0x1e0 [ 29.006159] [] ? security_file_permission+0x89/0x1e0 [ 29.012883] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 29.019524] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 29.026161] [] do_readv_writev+0x5dd/0x6e0 [ 29.032019] [] ? vfs_write+0x530/0x530 [ 29.037525] [] ? sg_ioctl+0x2c20/0x2c20 [ 29.043115] [] ? __vfs_write+0x10b/0x450 [ 29.048915] [] ? handle_mm_fault+0x3f2/0x3190 [ 29.055028] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 29.061834] [] ? __fsnotify_parent+0xbc/0x340 [ 29.067944] [] ? avc_policy_seqno+0x9/0x20 [ 29.073796] [] ? fsnotify+0x5ad/0xee0 [ 29.079218] [] ? fsnotify+0xee0/0xee0 [ 29.084638] [] ? rw_verify_area+0x100/0x2f0 [ 29.090576] [] vfs_readv+0x78/0xb0 [ 29.095734] [] SyS_readv+0xd9/0x240 [ 29.100981] [] ? rw_copy_check_uvector+0x2d0/0x2d0 [ 29.107541] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 29.114001] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 29.120543] Code: 96 a4 0c 00 e9 78 fd ff ff 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 49 [ 29.148280] RIP [] __free_pages+0x21/0x90 [ 29.154162] RSP [ 29.158034] ---[ end trace 51898583cac6f780 ]--- [ 29.162774] Kernel panic - not syncing: Fatal exception [ 29.169088] Dumping ftrace buffer: [ 29.172611] (ftrace buffer empty) [ 29.176288] Kernel Offset: disabled [ 29.179881] Rebooting in 86400 seconds..