[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.390208] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.840547] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)
[   18.268424] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)
[   19.048059] random: sshd: uninitialized urandom read (32 bytes read, 83 bits of entropy available)
[   20.106410] random: sshd: uninitialized urandom read (32 bytes read, 89 bits of entropy available)
Warning: Permanently added '10.128.15.219' (ECDSA) to the list of known hosts.
[   25.464597] random: sshd: uninitialized urandom read (32 bytes read, 97 bits of entropy available)
executing program
[   25.561799] ==================================================================
[   25.569165] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   25.576144] Read of size 8 at addr ffff8801d2247140 by task syzkaller455472/3312
[   25.583657] 
[   25.585255] CPU: 1 PID: 3312 Comm: syzkaller455472 Not tainted 4.4.112-g3fc4284 #32
[   25.593013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.602340]  0000000000000000 859da19eb456a9db ffff8801d22679f0 ffffffff81d054ed
[   25.610305]  ffffea00074891c0 ffff8801d2247140 0000000000000000 ffff8801d2247140
[   25.618264]  ffff8801d0f8a338 ffff8801d2267a28 ffffffff814fd953 ffff8801d2247140
[   25.626225] Call Trace:
[   25.628784]  [<ffffffff81d054ed>] dump_stack+0xc1/0x124
[   25.634118]  [<ffffffff814fd953>] print_address_description+0x73/0x260
[   25.640754]  [<ffffffff814fde65>] kasan_report+0x285/0x370
[   25.646350]  [<ffffffff825ba2c9>] ? sg_remove_request+0xf9/0x110
[   25.652463]  [<ffffffff814fdfc4>] __asan_report_load8_noabort+0x14/0x20
[   25.659183]  [<ffffffff825ba2c9>] sg_remove_request+0xf9/0x110
[   25.665118]  [<ffffffff825ba845>] sg_finish_rem_req+0x295/0x340
[   25.671141]  [<ffffffff825bc681>] sg_read+0xa21/0x1490
[   25.676386]  [<ffffffff81515144>] ? __check_object_size+0x154/0x35b
[   25.682757]  [<ffffffff825bbc60>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   25.689388]  [<ffffffff815ea0d0>] ? fsnotify+0xee0/0xee0
[   25.694804]  [<ffffffff81b4e569>] ? avc_policy_seqno+0x9/0x20
[   25.700658]  [<ffffffff8151d171>] do_loop_readv_writev+0x141/0x1e0
[   25.706944]  [<ffffffff81b45459>] ? security_file_permission+0x89/0x1e0
[   25.713664]  [<ffffffff825bbc60>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   25.720298]  [<ffffffff825bbc60>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   25.726932]  [<ffffffff8151f4cd>] do_readv_writev+0x5dd/0x6e0
[   25.732787]  [<ffffffff8151eef0>] ? vfs_write+0x530/0x530
[   25.738293]  [<ffffffff837756ac>] ? _raw_spin_unlock+0x2c/0x50
[   25.744231]  [<ffffffff8150da8d>] ? do_huge_pmd_anonymous_page+0x3dd/0xa10
[   25.751213]  [<ffffffff8149fe02>] ? handle_mm_fault+0x3f2/0x3190
[   25.757327]  [<ffffffff8151f648>] vfs_readv+0x78/0xb0
[   25.762482]  [<ffffffff81521999>] SyS_readv+0xd9/0x240
[   25.767724]  [<ffffffff815218c0>] ? rw_copy_check_uvector+0x2d0/0x2d0
[   25.774275]  [<ffffffff81003017>] ? trace_hardirqs_on_thunk+0x17/0x19
[   25.780823]  [<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[   25.787365] 
[   25.788960] Allocated by task 0:
[   25.792291] (stack is not available)
[   25.795966] 
[   25.797559] Freed by task 0:
[   25.800541] (stack is not available)
[   25.804219] 
[   25.805813] The buggy address belongs to the object at ffff8801d2247100
[   25.805813]  which belongs to the cache fasync_cache of size 96
[   25.818431] The buggy address is located 64 bytes inside of
[   25.818431]  96-byte region [ffff8801d2247100, ffff8801d2247160)
[   25.830095] The buggy address belongs to the page:
[   25.920799] kasan: CONFIG_KASAN_INLINE enabled
[   25.925243] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   25.938162] Dumping ftrace buffer:
[   25.941700]    (ftrace buffer empty)
[   25.945406] Modules linked in:
[   25.948722] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.112-g3fc4284 #32
[   25.955729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.965078] task: ffffffff84217840 task.stack: ffffffff84200000
[   25.971125] RIP: 0010:[<ffffffff81d674a6>]  [<ffffffff81d674a6>] debug_object_deactivate+0x1a6/0x3c0
[   25.980536] RSP: 0018:ffff8801db207d10  EFLAGS: 00010803
[   25.985975] RAX: 0000000000000096 RBX: e90006e0d8e80b0f RCX: ffff8800b7bafaf0
[   25.993234] RDX: 1d2000dc1b1d0164 RSI: ffffffff842c2560 RDI: e90006e0d8e80b27
[   26.000576] RBP: ffff8801db207dd8 R08: 1ffff10039a9c1ae R09: ffffffff85133d90
[   26.007842] R10: 0000000000000001 R11: 1ffff1003b640f68 R12: 1ffff1003b640fa6
[   26.015103] R13: 0000000000000003 R14: dffffc0000000000 R15: ffffffff857cea08
[   26.022368] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   26.030585] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.036462] CR2: 00005561e7130110 CR3: 00000000b6a4a000 CR4: 0000000000160670
[   26.043731] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.050994] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.058253] Stack:
[   26.060395]  0000000000000000 0000000000000000 ffffffff842c2560 ffff8800b7bafaf0
[   26.068458]  0000000041b58ab3 ffffffff83fccf59 ffffffff81d67300 ffffffff812a1f4c
[   26.076490]  ffffffff00000000 ffffffff00000000 0000000000000000 ffffffff838691c0
[   26.084529] Call Trace:
[   26.087096]  <IRQ> 
[   26.089149]  [<ffffffff81d67300>] ? debug_object_activate+0x500/0x500
[   26.096020]  [<ffffffff812a1f4c>] ? run_timer_softirq+0x60c/0xbb0
[   26.102247]  [<ffffffff83775737>] ? _raw_spin_unlock_irq+0x27/0x50
[   26.108560]  [<ffffffff8129fc90>] ? init_timer_key+0x360/0x360
[   26.114531]  [<ffffffff8129fc90>] ? init_timer_key+0x360/0x360
[   26.120505]  [<ffffffff8129fc90>] ? init_timer_key+0x360/0x360
[   26.126477]  [<ffffffff812a1c76>] run_timer_softirq+0x336/0xbb0
[   26.132532]  [<ffffffff812a1940>] ? msleep+0xe0/0xe0
[   26.137638]  [<ffffffff837796fd>] __do_softirq+0x24d/0xa59
[   26.143258]  [<ffffffff8113da79>] irq_exit+0x119/0x140
[   26.148534]  [<ffffffff83778e3b>] smp_apic_timer_interrupt+0x7b/0xa0
[   26.155023]  [<ffffffff83777d90>] apic_timer_interrupt+0xa0/0xb0
[   26.161152]  <EOI> 
[   26.163213]  [<ffffffff810d0526>] ? native_safe_halt+0x6/0x10
[   26.169401]  [<ffffffff81027ee5>] default_idle+0x55/0x3c0
[   26.174931]  [<ffffffff8102945a>] arch_cpu_idle+0xa/0x10
[   26.180379]  [<ffffffff812204d8>] default_idle_call+0x48/0x70
[   26.186262]  [<ffffffff81220be5>] cpu_startup_entry+0x605/0x820
[   26.192319]  [<ffffffff812205e0>] ? call_cpuidle+0xe0/0xe0
[   26.197939]  [<ffffffff83763159>] rest_init+0x189/0x190
[   26.203296]  [<ffffffff84820811>] start_kernel+0x6b9/0x6ee
[   26.208914]  [<ffffffff84820158>] ? thread_stack_cache_init+0xb/0xb
[   26.215315]  [<ffffffff8481f120>] ? early_idt_handler_array+0x120/0x120
[   26.222065]  [<ffffffff8481f120>] ? early_idt_handler_array+0x120/0x120
[   26.228815]  [<ffffffff8481f312>] x86_64_start_reservations+0x2a/0x2c
[   26.235393]  [<ffffffff8481f454>] x86_64_start_kernel+0x140/0x163
[   26.241612] Code: eb 1a 48 89 da 48 c1 ea 03 42 80 3c 32 00 0f 85 86 01 00 00 48 8b 1b 48 85 db 74 7a 48 8d 7b 18 41 83 c5 01 48 89 fa 48 c1 ea 03 <42> 80 3c 32 00 0f 85 3c 01 00 00 48 3b 4b 18 75 c6 48 8d 7b 10 
[   26.269097] RIP  [<ffffffff81d674a6>] debug_object_deactivate+0x1a6/0x3c0
[   26.276145]  RSP <ffff8801db207d10>
[   26.279762] ---[ end trace b6f6716181a16c76 ]---
[   26.284502] Kernel panic - not syncing: Fatal exception in interrupt
[   27.420156] Shutting down cpus with NMI
[   27.424908] Dumping ftrace buffer:
[   27.428430]    (ftrace buffer empty)
[   27.432107] Kernel Offset: disabled
[   27.435703] Rebooting in 86400 seconds..