INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 31.449821] ================================================================== [ 31.457198] BUG: KASAN: wild-memory-access in sg_read+0x12c5/0x1470 [ 31.463578] Read of size 184 at addr ffe70873f7349000 by task syzkaller953683/3659 [ 31.464572] kasan: CONFIG_KASAN_INLINE enabled [ 31.464573] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 31.464585] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 31.464589] Dumping ftrace buffer: [ 31.464592] (ftrace buffer empty) [ 31.464594] Modules linked in: [ 31.464599] CPU: 1 PID: 3660 Comm: syzkaller953683 Not tainted 4.9.91-gbb94f9d #68 [ 31.464601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.464604] task: ffff8801c2d10000 task.stack: ffff8801c2128000 [ 31.464613] RIP: 0010:[] [] __free_pages+0x21/0x80 [ 31.464616] RSP: 0018:ffff8801c212f938 EFLAGS: 00010a07 [ 31.464618] RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff8266930b [ 31.464620] RDX: 1bd5a9d5a0000003 RSI: 0000000000000001 RDI: dead4ead0000001c [ 31.464622] RBP: ffff8801c212f948 R08: 0000000000000001 R09: 0000000000000001 [ 31.464624] R10: 0000000000000000 R11: ffff8801c2d10000 R12: 0000000000000004 [ 31.464626] R13: 0000000000000020 R14: ffff8801c2038000 R15: dffffc0000000000 [ 31.464630] FS: 00007f4def96a700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 31.464632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.464634] CR2: 0000000020979fff CR3: 00000001c3868000 CR4: 0000000000160670 [ 31.464639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.464641] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.464641] Stack: [ 31.464647] 0000000000000001 ffff8801c2038158 ffff8801c212f9a8 ffffffff82669331 [ 31.464652] ffff8801c2038170 ffffed003840702b ffffed003840702e ffff8801c2038168 [ 31.464657] dead4ead00000000 ffff8801c2038140 0000000000000000 0000000000000000 [ 31.464657] Call Trace: [ 31.464663] [] sg_remove_scat.isra.19+0x1c1/0x2d0 [ 31.464667] [] sg_finish_rem_req+0x2a6/0x320 [ 31.464671] [] sg_new_read+0x38c/0x440 [ 31.464674] [] sg_read+0x8c5/0x1470 [ 31.464679] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 31.464683] [] ? fsnotify+0x86/0xf30 [ 31.464686] [] ? fsnotify+0xf30/0xf30 [ 31.464692] [] ? avc_policy_seqno+0x9/0x20 [ 31.464698] [] do_loop_readv_writev.part.17+0xc8/0x2b0 [ 31.464702] [] do_readv_writev+0x5fd/0x740 [ 31.464706] [] ? vfs_write+0x530/0x530 [ 31.464712] [] ? exit_robust_list+0x230/0x230 [ 31.464717] [] ? __fget+0x20a/0x3b0 [ 31.464720] [] ? __fget+0x231/0x3b0 [ 31.464723] [] ? __fget+0x47/0x3b0 [ 31.464727] [] vfs_readv+0x84/0xc0 [ 31.464731] [] do_readv+0xe6/0x250 [ 31.464734] [] ? vfs_readv+0xc0/0xc0 [ 31.464740] [] ? SyS_clock_settime+0x1d0/0x1d0 [ 31.464745] [] ? do_vfs_ioctl+0x1140/0x1140 [ 31.464753] [] SyS_readv+0x27/0x30 [ 31.464757] [] ? rw_copy_check_uvector+0x2c0/0x2c0 [ 31.464762] [] do_syscall_64+0x1a4/0x490 [ 31.464768] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 31.464823] Code: e9 27 fc ff ff 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 3d [ 31.464827] RIP [] __free_pages+0x21/0x80 [ 31.464829] RSP [ 31.465068] ---[ end trace de539e4c0ef6a2cc ]--- [ 31.465071] Kernel panic - not syncing: Fatal exception [ 31.812634] [ 31.814233] CPU: 0 PID: 3659 Comm: syzkaller953683 Tainted: G D 4.9.91-gbb94f9d #68 [ 31.823120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.832446] ffff8801c21379c8 ffffffff81d95169 ffe70873f7349000 00000000000000b8 [ 31.840409] 0000000000000000 ffff8801cae02960 ffff8801c2faa240 ffff8801c2137a10 [ 31.848363] ffffffff8153da42 ffffffff8266be75 0000000000000282 5b7b47edf0d19b9f [ 31.856326] Call Trace: [ 31.858885] [] dump_stack+0xc1/0x128 [ 31.864218] [] kasan_report+0x162/0x380 [ 31.869807] [] ? sg_read+0x12c5/0x1470 [ 31.875312] [] check_memory_region+0x137/0x190 [ 31.881520] [] kasan_check_read+0x11/0x20 [ 31.887294] [] sg_read+0x12c5/0x1470 [ 31.892628] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 31.899262] [] ? fsnotify+0x86/0xf30 [ 31.904594] [] ? fsnotify+0xf30/0xf30 [ 31.910013] [] ? avc_policy_seqno+0x9/0x20 [ 31.915866] [] do_loop_readv_writev.part.17+0xc8/0x2b0 [ 31.922758] [] do_readv_writev+0x5fd/0x740 [ 31.928622] [] ? vfs_write+0x530/0x530 [ 31.934152] [] ? exit_robust_list+0x230/0x230 [ 31.940264] [] ? __fget+0x20a/0x3b0 [ 31.945511] [] ? __fget+0x231/0x3b0 [ 31.950760] [] ? __fget+0x47/0x3b0 [ 31.955915] [] vfs_readv+0x84/0xc0 [ 31.961071] [] do_readv+0xe6/0x250 [ 31.966231] [] ? vfs_readv+0xc0/0xc0 [ 31.971576] [] ? SyS_clock_settime+0x1d0/0x1d0 [ 31.977775] [] ? do_vfs_ioctl+0x1140/0x1140 [ 31.983715] [] SyS_readv+0x27/0x30 [ 31.988877] [] ? rw_copy_check_uvector+0x2c0/0x2c0 [ 31.995426] [] do_syscall_64+0x1a4/0x490 [ 32.001106] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 32.007995] ================================================================== [ 32.015690] Dumping ftrace buffer: [ 32.019228] (ftrace buffer empty) [ 32.022912] Kernel Offset: disabled [ 32.026510] Rebooting in 86400 seconds..