[   15.664738] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.823874] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   21.214785] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   22.144794] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available)
[   31.389289] random: nonblocking pool is initialized
Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   38.593618] ==================================================================
[   38.601056] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   38.608052] Read of size 8 at addr ffff8801d14ec5c0 by task syzkaller397963/3319
[   38.615564] 
[   38.617166] CPU: 0 PID: 3319 Comm: syzkaller397963 Not tainted 4.4.111-gc2f631b #20
[   38.624940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.634265]  0000000000000000 952a9c5aa52bf785 ffff8801d06d7a40 ffffffff81d0513d
[   38.642248]  ffffea0007453b00 ffff8801d14ec5c0 0000000000000000 ffff8801d14ec5c0
[   38.650232]  ffff8800b3c48238 ffff8801d06d7a78 ffffffff814fd433 ffff8801d14ec5c0
[   38.658221] Call Trace:
[   38.660780]  [<ffffffff81d0513d>] dump_stack+0xc1/0x124
[   38.666120]  [<ffffffff814fd433>] print_address_description+0x73/0x260
[   38.672756]  [<ffffffff814fd945>] kasan_report+0x285/0x370
[   38.678348]  [<ffffffff825b9da9>] ? sg_remove_request+0xf9/0x110
[   38.684463]  [<ffffffff814fdaa4>] __asan_report_load8_noabort+0x14/0x20
[   38.691188]  [<ffffffff825b9da9>] sg_remove_request+0xf9/0x110
[   38.697129]  [<ffffffff825ba325>] sg_finish_rem_req+0x295/0x340
[   38.703160]  [<ffffffff825bc161>] sg_read+0xa21/0x1490
[   38.708422]  [<ffffffff812dfc23>] ? do_futex+0x3e3/0x1670
[   38.713939]  [<ffffffff825bb740>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   38.720586]  [<ffffffff81236430>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   38.727573]  [<ffffffff814af5cb>] ? vma_set_page_prot+0x10b/0x150
[   38.733792]  [<ffffffff825bb740>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   38.740434]  [<ffffffff8151c383>] __vfs_read+0x103/0x440
[   38.745866]  [<ffffffff8151c280>] ? vfs_iter_write+0x2d0/0x2d0
[   38.751816]  [<ffffffff815e927d>] ? fsnotify+0x5ad/0xee0
[   38.757234]  [<ffffffff815e9bb0>] ? fsnotify+0xee0/0xee0
[   38.762655]  [<ffffffff81b4e009>] ? avc_policy_seqno+0x9/0x20
[   38.768521]  [<ffffffff81b5f6f8>] ? selinux_file_permission+0x348/0x460
[   38.775247]  [<ffffffff81b44ef9>] ? security_file_permission+0x89/0x1e0
[   38.781986]  [<ffffffff8151df10>] ? rw_verify_area+0x100/0x2f0
[   38.787926]  [<ffffffff8151e223>] vfs_read+0x123/0x3a0
[   38.793177]  [<ffffffff81520b69>] SyS_read+0xd9/0x1b0
[   38.798335]  [<ffffffff81520a90>] ? do_sendfile+0xd30/0xd30
[   38.804027]  [<ffffffff8148ac3e>] ? vmacache_update+0xfe/0x130
[   38.810146]  [<ffffffff81006b47>] ? do_fast_syscall_32+0xd7/0x890
[   38.816346]  [<ffffffff81520a90>] ? do_sendfile+0xd30/0xd30
[   38.822027]  [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[   38.828144]  [<ffffffff837772aa>] sysenter_flags_fixed+0xd/0x17
[   38.834173] 
[   38.835774] Allocated by task 0:
[   38.839110] (stack is not available)
[   38.843227] 
[   38.844826] Freed by task 0:
[   38.847812] (stack is not available)
[   38.851493] 
[   38.853109] The buggy address belongs to the object at ffff8801d14ec580
[   38.853109]  which belongs to the cache fasync_cache of size 96
[   38.865738] The buggy address is located 64 bytes inside of
[   38.865738]  96-byte region [ffff8801d14ec580, ffff8801d14ec5e0)
[   38.877419] The buggy address belongs to the page:
[   38.882559] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff812e27db
[   38.882559] 
[   38.893611] CPU: 1 PID: 3320 Comm: syzkaller397963 Not tainted 4.4.111-gc2f631b #20
[   38.901632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.910959]  0000000000000000 a9e667e17918375a ffff8801d061f6d8 ffffffff81d0513d
[   38.918943]  ffffffff83842d80 ffff8801d061f7b0 0000000000000000 ffff8801d061f958
[   38.926912]  0000000000000001 ffff8801d061f7a0 ffffffff81419a3a 0000000041b58ab3
[   38.934879] Call Trace:
[   38.937452]  [<ffffffff81d0513d>] dump_stack+0xc1/0x124
[   38.942798]  [<ffffffff81419a3a>] panic+0x1aa/0x388
[   38.947784]  [<ffffffff81419890>] ? percpu_up_read.constprop.45+0xe1/0xe1
[   38.954681]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   38.960973]  [<ffffffff812e27db>] ? smp_call_function_single+0x34b/0x3b0
[   38.967794]  [<ffffffff8112d3ca>] ? __stack_chk_fail+0xa/0x30
[   38.973754]  [<ffffffff812e27db>] ? smp_call_function_single+0x34b/0x3b0
[   38.980563]  [<ffffffff8112d3e2>] __stack_chk_fail+0x22/0x30
[   38.986328]  [<ffffffff812e27db>] smp_call_function_single+0x34b/0x3b0
[   38.992966]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   38.999251]  [<ffffffff812e2490>] ? generic_exec_single+0x330/0x330
[   39.005626]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.011913]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.018200]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.024498]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.030785]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.037073]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.043361]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.049660]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.055947]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.062252]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.069280]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.075577]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.081875]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.088162]  [<ffffffff814a7e60>] ? vma_compute_subtree_gap+0x190/0x200
[   39.094881]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.101179]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.107464]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.113752]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.120049]  [<ffffffff814afa33>] ? mmap_region+0x423/0x1250
[   39.125815]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.132114]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.138401]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.144704]  [<ffffffff814b0d5d>] ? do_mmap+0x4fd/0x9d0
[   39.150036]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.156321]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.162622]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.168920]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.175218]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.181515]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.187801]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.194087]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.200386]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.206672]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.212962]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   39.219248]  [<ffffffff8148f991>] ? dump_page_badflags+0x191/0x250
[   40.306570] Shutting down cpus with NMI
[   40.311412] Dumping ftrace buffer:
[   40.315050]    (ftrace buffer empty)
[   40.318743] Kernel Offset: disabled
[   40.322376] Rebooting in 86400 seconds..