[ 16.269086] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.646899] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.004044] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.745215] random: sshd: uninitialized urandom read (32 bytes read, 79 bits of entropy available) [ 29.867240] random: sshd: uninitialized urandom read (32 bytes read, 87 bits of entropy available) Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. [ 35.331981] random: sshd: uninitialized urandom read (32 bytes read, 95 bits of entropy available) executing program executing program executing program [ 35.433901] ================================================================== [ 35.441278] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 [ 35.448257] Read of size 8 at addr ffff8801d0b0c240 by task syzkaller344361/3329 [ 35.455750] [ 35.457347] CPU: 0 PID: 3329 Comm: syzkaller344361 Not tainted 4.4.111-gf851888 #23 [ 35.465102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.474425] 0000000000000000 426244f8e70a0c1f ffff8801d03a7ab0 ffffffff81d0507d [ 35.482369] ffffea000742c300 ffff8801d0b0c240 0000000000000000 ffff8801d0b0c240 [ 35.490520] ffff8801d4cd4438 ffff8801d03a7ae8 ffffffff814fd433 ffff8801d0b0c240 [ 35.498469] Call Trace: [ 35.501022] [] dump_stack+0xc1/0x124 [ 35.506349] [] print_address_description+0x73/0x260 [ 35.512975] [] kasan_report+0x285/0x370 [ 35.518566] [] ? sg_remove_request+0xf9/0x110 [ 35.524674] [] __asan_report_load8_noabort+0x14/0x20 [ 35.531391] [] sg_remove_request+0xf9/0x110 [ 35.537331] [] sg_finish_rem_req+0x295/0x340 [ 35.543354] [] sg_read+0xa21/0x1490 [ 35.548594] [] ? do_futex+0x3e3/0x1670 [ 35.554094] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 35.560726] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 35.567702] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 35.574359] [] __vfs_read+0x103/0x440 [ 35.579783] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 35.586762] [] ? vfs_iter_write+0x2d0/0x2d0 [ 35.592712] [] ? fsnotify+0x5ad/0xee0 [ 35.598128] [] ? fsnotify+0xee0/0xee0 [ 35.603555] [] ? avc_policy_seqno+0x9/0x20 [ 35.609407] [] ? selinux_file_permission+0x348/0x460 [ 35.616131] [] ? security_file_permission+0x89/0x1e0 [ 35.622855] [] ? rw_verify_area+0x100/0x2f0 [ 35.628804] [] vfs_read+0x123/0x3a0 [ 35.634043] [] SyS_read+0xd9/0x1b0 [ 35.639208] [] ? do_sendfile+0xd30/0xd30 [ 35.644888] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 35.651354] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 35.657898] [ 35.659491] Allocated by task 0: [ 35.662819] (stack is not available) [ 35.666493] [ 35.668084] Freed by task 0: [ 35.671065] (stack is not available) [ 35.674741] [ 35.676336] The buggy address belongs to the object at ffff8801d0b0c200 [ 35.676336] which belongs to the cache fasync_cache of size 96 [ 35.688967] The buggy address is located 64 bytes inside of [ 35.688967] 96-byte region [ffff8801d0b0c200, ffff8801d0b0c260) [ 35.700643] The buggy address belongs to the page: [ 35.724727] BUG: unable to handle kernel paging request at ffffebe000000028 [ 35.732140] IP: [] __list_del_entry+0x30/0x1d0 [ 35.738407] PGD 0 [ 35.740671] Oops: 0000 [#1] PREEMPT SMP KASAN [ 35.745737] Dumping ftrace buffer: [ 35.749265] (ftrace buffer empty) [ 35.752961] Modules linked in: [ 35.756270] CPU: 1 PID: 7 Comm: rcu_preempt Not tainted 4.4.111-gf851888 #23 [ 35.763436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.772783] task: ffff8801da3717c0 task.stack: ffff8801da388000 [ 35.778831] RIP: 0010:[] [] __list_del_entry+0x30/0x1d0 [ 35.787540] RSP: 0018:ffff8801da38f900 EFLAGS: 00010246 [ 35.792984] RAX: dffffc0000000000 RBX: ffffebe000000020 RCX: ffffebe000000020 [ 35.800245] RDX: ffffebe000000020 RSI: ffff8801da372030 RDI: ffffebe000000028 [ 35.807594] RBP: ffff8801da38f918 R08: 0000000000000001 R09: ffffffff850e28e0 [ 35.814863] R10: 0000000000000001 R11: 1ffff1003b471ef0 R12: ffff8801cc940a00 [ 35.822127] R13: 0000000080000000 R14: 000077ff80000000 R15: dffffc0000000000 [ 35.829395] FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 35.837627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.843516] CR2: ffffebe000000028 CR3: 00000001d0b7c000 CR4: 0000000000160670 [ 35.850800] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.858067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.865326] Stack: [ 35.867465] 0000000000000000 ffffebe000000020 ffff8801cc940a00 ffff8801da38f930 [ 35.875492] ffffffff81d6541d 0000000000000000 ffff8801da38f960 ffffffff810e93e3 [ 35.883519] ffff8801cc940a00 ffff8801cc940d40 0000000000000000 0000000000000000 [ 35.891546] Call Trace: [ 35.894124] [] list_del+0xd/0x70 [ 35.899133] [] pgd_free+0x63/0x100 [ 35.904410] [] __mmdrop+0x66/0x260 [ 35.909581] [] finish_task_switch+0x213/0x4e0 [ 35.915697] [] ? finish_task_switch+0x1bb/0x4e0 [ 35.921988] [] ? __schedule+0xa26/0x1c70 [ 35.927668] [] __schedule+0xa9d/0x1c70 [ 35.933173] [] ? check_preemption_disabled+0x3b/0x200 [ 35.939986] [] schedule+0x9a/0x1c0 [ 35.945143] [] schedule_timeout+0x356/0x970 [ 35.951078] [] ? prepare_to_wait_event+0x114/0x420 [ 35.957618] [] ? usleep_range+0x140/0x140 [ 35.963381] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.970184] [] ? init_timer_key+0x360/0x360 [ 35.976121] [] ? __might_sleep+0x90/0x1a0 [ 35.981898] [] rcu_gp_kthread+0xe09/0x2220 [ 35.987749] [] ? force_qs_rnp+0x3e0/0x3e0 [ 35.993511] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.000344] [] ? _raw_spin_unlock_irq+0x38/0x50 [ 36.006629] [] ? __schedule+0x1006/0x1c70 [ 36.012392] [] ? preempt_schedule+0x24/0x30 [ 36.018331] [] ? ___preempt_schedule+0x12/0x14 [ 36.024526] [] ? prepare_to_wait_event+0x420/0x420 [ 36.031071] [] ? __kthread_parkme+0x164/0x230 [ 36.037180] [] kthread+0x268/0x300 [ 36.042339] [] ? force_qs_rnp+0x3e0/0x3e0 [ 36.048101] [] ? kthread_create_on_node+0x400/0x400 [ 36.054732] [] ? kthread_create_on_node+0x400/0x400 [ 36.061362] [] ret_from_fork+0x3f/0x70 [ 36.066862] [] ? kthread_create_on_node+0x400/0x400 [ 36.073490] Code: 00 00 fc ff df 48 89 f9 55 48 83 c7 08 48 89 fa 48 89 e5 41 54 48 c1 ea 03 53 48 83 ec 08 80 3c 02 00 0f 85 87 01 00 00 48 89 ca <48> 8b 59 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 [ 36.099809] RIP [] __list_del_entry+0x30/0x1d0 [ 36.106117] RSP [ 36.109705] CR2: ffffebe000000028 [ 36.113126] ---[ end trace e82b13d9aad6e8f3 ]--- [ 36.117847] Kernel panic - not syncing: Fatal exception [ 37.185956] Shutting down cpus with NMI [ 37.190355] Dumping ftrace buffer: [ 37.193864] (ftrace buffer empty) [ 37.197538] Kernel Offset: disabled [ 37.201132] Rebooting in 86400 seconds..