[   16.147489] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.314885] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   21.735901] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   22.553406] random: sshd: uninitialized urandom read (32 bytes read, 93 bits of entropy available)
[   22.720090] random: sshd: uninitialized urandom read (32 bytes read, 97 bits of entropy available)
Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts.
[   28.107552] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available)
executing program
[   28.203868] ==================================================================
[   28.211251] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   28.218233] Read of size 8 at addr ffff8801d1736140 by task syzkaller977839/3317
[   28.225731] 
[   28.227327] CPU: 1 PID: 3317 Comm: syzkaller977839 Not tainted 4.4.112-g5f6325b #21
[   28.235087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.244410]  0000000000000000 55e8a44fe8834427 ffff8801d0ba7a40 ffffffff81d0579d
[   28.252378]  ffffea000745cd80 ffff8801d1736140 0000000000000000 ffff8801d1736140
[   28.260338]  ffff8801d4574438 ffff8801d0ba7a78 ffffffff814fd9f3 ffff8801d1736140
[   28.268302] Call Trace:
[   28.270867]  [<ffffffff81d0579d>] dump_stack+0xc1/0x124
[   28.276200]  [<ffffffff814fd9f3>] print_address_description+0x73/0x260
[   28.282834]  [<ffffffff814fdf05>] kasan_report+0x285/0x370
[   28.288429]  [<ffffffff825ba579>] ? sg_remove_request+0xf9/0x110
[   28.294540]  [<ffffffff814fe064>] __asan_report_load8_noabort+0x14/0x20
[   28.301263]  [<ffffffff825ba579>] sg_remove_request+0xf9/0x110
[   28.307199]  [<ffffffff825baaf5>] sg_finish_rem_req+0x295/0x340
[   28.313226]  [<ffffffff825bc931>] sg_read+0xa21/0x1490
[   28.318473]  [<ffffffff825bbf10>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   28.325106]  [<ffffffff812364a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   28.332084]  [<ffffffff825bbf10>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   28.338717]  [<ffffffff8151c943>] __vfs_read+0x103/0x440
[   28.344136]  [<ffffffff8151c840>] ? vfs_iter_write+0x2d0/0x2d0
[   28.350074]  [<ffffffff815e983d>] ? fsnotify+0x5ad/0xee0
[   28.355489]  [<ffffffff815ea170>] ? fsnotify+0xee0/0xee0
[   28.360909]  [<ffffffff81b4e609>] ? avc_policy_seqno+0x9/0x20
[   28.366766]  [<ffffffff81b5fcf8>] ? selinux_file_permission+0x348/0x460
[   28.373491]  [<ffffffff81b454f9>] ? security_file_permission+0x89/0x1e0
[   28.380216]  [<ffffffff8151e4d0>] ? rw_verify_area+0x100/0x2f0
[   28.386153]  [<ffffffff8151e7e3>] vfs_read+0x123/0x3a0
[   28.391394]  [<ffffffff81521129>] SyS_read+0xd9/0x1b0
[   28.396551]  [<ffffffff81521050>] ? do_sendfile+0xd30/0xd30
[   28.402228]  [<ffffffff81006b47>] ? do_fast_syscall_32+0xd7/0x890
[   28.408432]  [<ffffffff81521050>] ? do_sendfile+0xd30/0xd30
[   28.414112]  [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[   28.420233]  [<ffffffff83777e2a>] sysenter_flags_fixed+0xd/0x17
[   28.426255] 
[   28.427860] Allocated by task 0:
[   28.431191] (stack is not available)
[   28.434869] 
[   28.436466] Freed by task 0:
[   28.439449] (stack is not available)
[   28.443129] 
[   28.444728] The buggy address belongs to the object at ffff8801d1736100
[   28.444728]  which belongs to the cache fasync_cache of size 96
[   28.457352] The buggy address is located 64 bytes inside of
[   28.457352]  96-byte region [ffff8801d1736100, ffff8801d1736160)
[   28.469021] The buggy address belongs to the page:
[   28.529199] kasan: CONFIG_KASAN_INLINE enabled
[   28.533640] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   28.546560] Dumping ftrace buffer:
[   28.550083]    (ftrace buffer empty)
[   28.553781] Modules linked in:
[   28.557096] CPU: 0 PID: 489 Comm: khugepaged Not tainted 4.4.112-g5f6325b #21
[   28.564361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.573714] task: ffff8800bacfc740 task.stack: ffff8800bb220000
[   28.579763] RIP: 0010:[<ffffffff81d688f8>]  [<ffffffff81d688f8>] debug_check_no_obj_freed+0x1a8/0x9b0
[   28.589259] RSP: 0018:ffff8800bb2277d8  EFLAGS: 00010803
[   28.594699] RAX: 0000000000000282 RBX: ffff8801cfd66000 RCX: 0000000000000002
[   28.601965] RDX: 1d2000dc1b1d0161 RSI: ffff8800bb227868 RDI: ffffffff8148ff69
[   28.609230] RBP: ffff8800bb2278d0 R08: 1ffffffff0291fed R09: ffffffff850f2140
[   28.616492] R10: dead000000000200 R11: 1ffff10017644ec2 R12: ecff7ee8ffffff45
[   28.623761] R13: ffff8801cfd65000 R14: e90006e0d8e80b0f R15: dffffc0000000000
[   28.631025] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   28.639244] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.645116] CR2: 0000000020f37ff7 CR3: 00000001d56e6000 CR4: 0000000000160670
[   28.652383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.659646] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.666905] Stack:
[   28.669047]  000000018122f1d1 ffffffff85184600 ffff8800bacfc740 0000000000000000
[   28.677078]  1ffff10017644f09 ffffffff85849880 ffff8801cfd66000 ffff8801cfd66000
[   28.685122]  ffff8800bb227860 ffffffff8123588f 00000000000e9e40 fffffbfff0b09310
[   28.693161] Call Trace:
[   28.695744]  [<ffffffff8123588f>] ? mark_held_locks+0xaf/0x100
[   28.701712]  [<ffffffff81d68750>] ? debug_object_active_state+0x420/0x420
[   28.708632]  [<ffffffff8142d4e9>] free_pages_prepare+0x4a9/0xb30
[   28.714783]  [<ffffffff8143331f>] free_hot_cold_page+0x3f/0x3a0
[   28.720844]  [<ffffffff8143370f>] free_hot_cold_page_list+0x8f/0x3b0
[   28.727349]  [<ffffffff81449107>] release_pages+0x1f7/0x4f0
[   28.733064]  [<ffffffff81448f10>] ? put_pages_list+0xb0/0xb0
[   28.738864]  [<ffffffff83775a6a>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   28.745794]  [<ffffffff81235c6b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   28.752642]  [<ffffffff814495c5>] pagevec_lru_move_fn+0x1c5/0x250
[   28.758878]  [<ffffffff814465b0>] ? __put_single_page+0x60/0x60
[   28.764940]  [<ffffffff814498b7>] __lru_cache_add+0x187/0x240
[   28.770830]  [<ffffffff8144a104>] lru_cache_add+0x44/0x90
[   28.776376]  [<ffffffff81457bd7>] putback_lru_page+0xa7/0x110
[   28.782268]  [<ffffffff8150832f>] khugepaged+0x211f/0x2ac0
[   28.787903]  [<ffffffff81506210>] ? set_huge_zero_page.isra.52.part.53+0x100/0x100
[   28.795612]  [<ffffffff8121fce0>] ? prepare_to_wait_event+0x420/0x420
[   28.802191]  [<ffffffff811900b4>] ? __kthread_parkme+0x164/0x230
[   28.808351]  [<ffffffff81190958>] kthread+0x268/0x300
[   28.813546]  [<ffffffff81506210>] ? set_huge_zero_page.isra.52.part.53+0x100/0x100
[   28.821257]  [<ffffffff811906f0>] ? kthread_create_on_node+0x400/0x400
[   28.827929]  [<ffffffff811906f0>] ? kthread_create_on_node+0x400/0x400
[   28.834598]  [<ffffffff8377689f>] ret_from_fork+0x3f/0x70
[   28.840141]  [<ffffffff811906f0>] ? kthread_create_on_node+0x400/0x400
[   28.846800] Code: 48 c7 c6 40 fa 75 85 4c 8b 34 0e 4d 85 f6 0f 84 c5 03 00 00 49 ba 00 02 00 00 00 00 ad de 31 c9 48 8d 75 98 4c 89 f2 48 c1 ea 03 <42> 80 3c 3a 00 0f 85 f0 03 00 00 49 8d 7e 18 83 c1 01 49 8b 16 
[   28.875068] RIP  [<ffffffff81d688f8>] debug_check_no_obj_freed+0x1a8/0x9b0
[   28.882206]  RSP <ffff8800bb2277d8>
[   28.885827] ---[ end trace 45d61856b704bff8 ]---
[   28.890574] Kernel panic - not syncing: Fatal exception
[   30.027697] Shutting down cpus with NMI
[   30.032159] Dumping ftrace buffer:
[   30.035676]    (ftrace buffer empty)
[   30.039353] Kernel Offset: disabled
[   30.042946] Rebooting in 86400 seconds..