[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.107696] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.912420] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   21.313031] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   22.124160] random: sshd: uninitialized urandom read (32 bytes read, 93 bits of entropy available)
[   22.296012] random: sshd: uninitialized urandom read (32 bytes read, 98 bits of entropy available)
Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts.
[   27.676596] random: sshd: uninitialized urandom read (32 bytes read, 106 bits of entropy available)
executing program
[   27.778403] ==================================================================
[   27.785781] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   27.792764] Read of size 8 at addr ffff8801d1a58140 by task syzkaller252492/3313
[   27.800263] 
[   27.801861] CPU: 0 PID: 3313 Comm: syzkaller252492 Not tainted 4.4.112-gca0ebb4 #29
[   27.809623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.818950]  0000000000000000 6915d7946e213a80 ffff8801d0d3fab0 ffffffff81d056fd
[   27.826908]  ffffea0007469600 ffff8801d1a58140 0000000000000000 ffff8801d1a58140
[   27.834868]  ffff8801d0f14438 ffff8801d0d3fae8 ffffffff814fd953 ffff8801d1a58140
[   27.842835] Call Trace:
[   27.845395]  [<ffffffff81d056fd>] dump_stack+0xc1/0x124
[   27.850730]  [<ffffffff814fd953>] print_address_description+0x73/0x260
[   27.857363]  [<ffffffff814fde65>] kasan_report+0x285/0x370
[   27.862955]  [<ffffffff825ba4d9>] ? sg_remove_request+0xf9/0x110
[   27.869067]  [<ffffffff814fdfc4>] __asan_report_load8_noabort+0x14/0x20
[   27.875790]  [<ffffffff825ba4d9>] sg_remove_request+0xf9/0x110
[   27.881731]  [<ffffffff825baa55>] sg_finish_rem_req+0x295/0x340
[   27.887766]  [<ffffffff825bc891>] sg_read+0xa21/0x1490
[   27.893009]  [<ffffffff814f694f>] ? new_slab+0x24f/0x3b0
[   27.898426]  [<ffffffff825bbe70>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   27.905061]  [<ffffffff8124572c>] ? __raw_spin_lock_init+0x1c/0x100
[   27.911434]  [<ffffffff8123073b>] ? lockdep_init_map+0xeb/0x1690
[   27.917547]  [<ffffffff825bbe70>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   27.924184]  [<ffffffff8151c8a3>] __vfs_read+0x103/0x440
[   27.929618]  [<ffffffff8151c7a0>] ? vfs_iter_write+0x2d0/0x2d0
[   27.935565]  [<ffffffff815e979d>] ? fsnotify+0x5ad/0xee0
[   27.940983]  [<ffffffff815ea0d0>] ? fsnotify+0xee0/0xee0
[   27.946404]  [<ffffffff8155856a>] ? fasync_helper+0x7a/0xb0
[   27.952083]  [<ffffffff81b4e569>] ? avc_policy_seqno+0x9/0x20
[   27.957941]  [<ffffffff81b5fc58>] ? selinux_file_permission+0x348/0x460
[   27.964672]  [<ffffffff81b45459>] ? security_file_permission+0x89/0x1e0
[   27.971394]  [<ffffffff8151e430>] ? rw_verify_area+0x100/0x2f0
[   27.977346]  [<ffffffff8151e743>] vfs_read+0x123/0x3a0
[   27.982590]  [<ffffffff81521089>] SyS_read+0xd9/0x1b0
[   27.987747]  [<ffffffff81520fb0>] ? do_sendfile+0xd30/0xd30
[   27.993436]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   27.999913]  [<ffffffff837763d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[   28.006461] 
[   28.008066] Allocated by task 0:
[   28.011395] (stack is not available)
[   28.015075] 
[   28.016671] Freed by task 0:
[   28.019653] (stack is not available)
[   28.023332] 
[   28.024934] The buggy address belongs to the object at ffff8801d1a58100
[   28.024934]  which belongs to the cache fasync_cache of size 96
[   28.037558] The buggy address is located 64 bytes inside of
[   28.037558]  96-byte region [ffff8801d1a58100, ffff8801d1a58160)
[   28.049226] The buggy address belongs to the page:
[   28.192083] ------------[ cut here ]------------
[   28.196863] WARNING: CPU: 1 PID: 0 at kernel/bpf/core.c:724 __bpf_prog_run+0x423c/0x5290()
[   28.205263] unknown opcode 00
[   28.208403] Kernel panic - not syncing: panic_on_warn set ...
[   28.208403] 
[   28.215747] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.112-gca0ebb4 #29
[   28.222727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.232050]  0000000000000000 8edfa441c485c877 ffff8801db306dd0 ffffffff81d056fd
[   28.240019]  ffffffff83843200 ffff8801db306ea8 ffffffff83896fa0 0000000000000009
[   28.247984]  00000000000002d4 ffff8801db306e98 ffffffff81419dca 0000000041b58ab3
[   28.255944] Call Trace:
[   28.258494]  <IRQ>  [<ffffffff81d056fd>] dump_stack+0xc1/0x124
[   28.264561]  [<ffffffff81419dca>] panic+0x1aa/0x388
[   28.269547]  [<ffffffff81419c20>] ? percpu_up_read.constprop.45+0xe1/0xe1
[   28.276442]  [<ffffffff8112d81a>] ? warn_slowpath_common+0x10a/0x140
[   28.282904]  [<ffffffff8112d835>] warn_slowpath_common+0x125/0x140
[   28.289199]  [<ffffffff813ea7fc>] ? __bpf_prog_run+0x423c/0x5290
[   28.295311]  [<ffffffff8112d911>] warn_slowpath_fmt+0xc1/0x110
[   28.301248]  [<ffffffff8112d850>] ? warn_slowpath_common+0x140/0x140
[   28.307709]  [<ffffffff837759ca>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   28.314615]  [<ffffffff81235aa6>] ? trace_hardirqs_on_caller+0x266/0x590
[   28.321429]  [<ffffffff837759b5>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[   28.328324]  [<ffffffff81d14fa3>] ? ___ratelimit+0x53/0x3e0
[   28.334004]  [<ffffffff813ea7fc>] __bpf_prog_run+0x423c/0x5290
[   28.339943]  [<ffffffff813e65c0>] ? bpf_prog_select_runtime+0x340/0x340
[   28.346666]  [<ffffffff812357ef>] ? mark_held_locks+0xaf/0x100
[   28.352619]  [<ffffffff837759ca>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   28.359515]  [<ffffffff81236f5f>] ? __lock_acquire+0xb5f/0x4b50
[   28.365544]  [<ffffffff81dae7a3>] ? depot_save_stack+0x1c3/0x640
[   28.371673]  [<ffffffff81b66395>] ? selinux_socket_sock_rcv_skb+0x2c5/0x690
[   28.378742]  [<ffffffff81236400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   28.385726]  [<ffffffff814f892a>] ? kmem_cache_alloc+0xba/0x290
[   28.391755]  [<ffffffff82e0b622>] ? skb_clone+0x142/0x2c0
[   28.397260]  [<ffffffff82e59a4c>] ? dev_hard_start_xmit+0x32c/0x1220
[   28.403730]  [<ffffffff82ee1fb1>] ? sch_direct_xmit+0x2c1/0x760
[   28.409762]  [<ffffffff82e5bfb8>] ? __dev_queue_xmit+0x1368/0x1a70
[   28.416058]  [<ffffffff82e5c6d7>] ? dev_queue_xmit+0x17/0x20
[   28.421825]  [<ffffffff830f0798>] ? ip_finish_output2+0xbe8/0x1060
[   28.428110]  [<ffffffff830f3db4>] ? ip_finish_output+0x784/0xb00
[   28.434220]  [<ffffffff830f728f>] ? ip_output+0x1cf/0x4c0
[   28.439734]  [<ffffffff830f45f5>] ? ip_local_out+0x95/0x170
[   28.445421]  [<ffffffff81236400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   28.452403]  [<ffffffff8122f131>] ? __lock_is_held+0xa1/0xf0
[   28.458255]  [<ffffffff82e97e69>] sk_filter_trim_cap+0x249/0x6d0
[   28.464368]  [<ffffffff82e97d18>] ? sk_filter_trim_cap+0xf8/0x6d0
[   28.470579]  [<ffffffff82e97c20>] ? bpf_skb_set_tunnel_key+0x2e0/0x2e0
[   28.477216]  [<ffffffff82dfccc7>] sock_queue_rcv_skb+0xa7/0xb70
[   28.483243]  [<ffffffff81d2253a>] ? strlcpy+0x9a/0x120
[   28.488498]  [<ffffffff834322d3>] packet_rcv_spkt+0x3b3/0x4c0
[   28.494351]  [<ffffffff83431f20>] ? packet_rcv_fanout+0x620/0x620
[   28.500550]  [<ffffffff82e59d4b>] dev_hard_start_xmit+0x62b/0x1220
[   28.506847]  [<ffffffff82e597c6>] ? dev_hard_start_xmit+0xa6/0x1220
[   28.513834]  [<ffffffff82ee1fb1>] sch_direct_xmit+0x2c1/0x760
[   28.519691]  [<ffffffff82ee1cf0>] ? dev_deactivate_queue.constprop.34+0x150/0x150
[   28.527294]  [<ffffffff82e5bfb8>] __dev_queue_xmit+0x1368/0x1a70
[   28.533405]  [<ffffffff82e5adf6>] ? __dev_queue_xmit+0x1a6/0x1a70
[   28.539606]  [<ffffffff82e5ac50>] ? netdev_pick_tx+0x310/0x310
[   28.545548]  [<ffffffff812357ef>] ? mark_held_locks+0xaf/0x100
[   28.551490]  [<ffffffff830f0614>] ? ip_finish_output2+0xa64/0x1060
[   28.557777]  [<ffffffff82e5c6d7>] dev_queue_xmit+0x17/0x20
[   28.563369]  [<ffffffff830f0798>] ip_finish_output2+0xbe8/0x1060
[   28.569482]  [<ffffffff830f3db4>] ? ip_finish_output+0x784/0xb00
[   28.575596]  [<ffffffff830efbb0>] ? dst_output+0x150/0x150
[   28.581189]  [<ffffffff8122f131>] ? __lock_is_held+0xa1/0xf0
[   28.586959]  [<ffffffff830f3db4>] ip_finish_output+0x784/0xb00
[   28.592914]  [<ffffffff830f728f>] ip_output+0x1cf/0x4c0
[   28.598245]  [<ffffffff830f70c0>] ? ip_mc_output+0x980/0x980
[   28.604012]  [<ffffffff830f3630>] ? ip_fragment.constprop.49+0x200/0x200
[   28.610824]  [<ffffffff830f45f5>] ip_local_out+0x95/0x170
[   28.616331]  [<ffffffff830f58fb>] ip_queue_xmit+0x87b/0x16c0
[   28.622097]  [<ffffffff830f50bf>] ? ip_queue_xmit+0x3f/0x16c0
[   28.627956]  [<ffffffff8317d51f>] ? __tcp_v4_send_check+0x1bf/0x350
[   28.634329]  [<ffffffff8315aa48>] tcp_transmit_skb+0x17a8/0x2ce0
[   28.640442]  [<ffffffff83286090>] ? bictcp_cong_avoid+0xee0/0xee0
[   28.646642]  [<ffffffff831592a0>] ? __tcp_select_window+0x520/0x520
[   28.653020]  [<ffffffff831d6980>] ? ipip_gro_complete+0x100/0x100
[   28.659234]  [<ffffffff810d00d3>] ? kvm_clock_read+0x23/0x40
[   28.665007]  [<ffffffff810d00f9>] ? kvm_clock_get_cycles+0x9/0x10
[   28.671207]  [<ffffffff8316501f>] __tcp_retransmit_skb+0x47f/0x17b0
[   28.677579]  [<ffffffff83166a33>] tcp_retransmit_skb+0x23/0x2c0
[   28.683604]  [<ffffffff8316c570>] tcp_retransmit_timer+0xa60/0x1f10
[   28.689977]  [<ffffffff8316dc3e>] tcp_write_timer_handler+0x21e/0x6d0
[   28.696525]  [<ffffffff8316e191>] tcp_write_timer+0xa1/0xd0
[   28.702205]  [<ffffffff8129fe3b>] call_timer_fn+0x18b/0x860
[   28.707881]  [<ffffffff8129fd8c>] ? call_timer_fn+0xdc/0x860
[   28.713647]  [<ffffffff8316e0f0>] ? tcp_write_timer_handler+0x6d0/0x6d0
[   28.720368]  [<ffffffff8129fcb0>] ? process_timeout+0x20/0x20
[   28.726223]  [<ffffffff83775947>] ? _raw_spin_unlock_irq+0x27/0x50
[   28.732513]  [<ffffffff8316e0f0>] ? tcp_write_timer_handler+0x6d0/0x6d0
[   28.739234]  [<ffffffff81235aa6>] ? trace_hardirqs_on_caller+0x266/0x590
[   28.746050]  [<ffffffff8316e0f0>] ? tcp_write_timer_handler+0x6d0/0x6d0
[   28.752772]  [<ffffffff812a1f44>] run_timer_softirq+0x604/0xbb0
[   28.758799]  [<ffffffff812a1940>] ? msleep+0xe0/0xe0
[   28.763882]  [<ffffffff837798fd>] __do_softirq+0x24d/0xa59
[   28.769477]  [<ffffffff8113da79>] irq_exit+0x119/0x140
[   28.774722]  [<ffffffff8377903b>] smp_apic_timer_interrupt+0x7b/0xa0
[   28.781181]  [<ffffffff83777f90>] apic_timer_interrupt+0xa0/0xb0
[   28.787303]  <EOI>  [<ffffffff810d0526>] ? native_safe_halt+0x6/0x10
[   28.793885]  [<ffffffff81235ddd>] ? trace_hardirqs_on+0xd/0x10
[   28.799826]  [<ffffffff81027ee5>] default_idle+0x55/0x3c0
[   28.805340]  [<ffffffff8102945a>] arch_cpu_idle+0xa/0x10
[   28.810760]  [<ffffffff812204d8>] default_idle_call+0x48/0x70
[   28.816613]  [<ffffffff81220be5>] cpu_startup_entry+0x605/0x820
[   28.822649]  [<ffffffff81235bcb>] ? trace_hardirqs_on_caller+0x38b/0x590
[   28.829457]  [<ffffffff812205e0>] ? call_cpuidle+0xe0/0xe0
[   28.835053]  [<ffffffff812cda62>] ? clockevents_register_device+0x122/0x230
[   28.842131]  [<ffffffff810adc64>] start_secondary+0x304/0x3e0
[   28.847998]  [<ffffffff810ad960>] ? set_cpu_sibling_map+0x1040/0x1040
[   29.557383] PANIC: double fault, error_code: 0x0
[   29.562158] CPU: 0 PID: 3313 Comm: syzkaller252492 Not tainted 4.4.112-gca0ebb4 #29
[   29.569927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.579250] task: ffff8800b51fc740 task.stack: ffff8801d0d38000
[   29.585281] RIP: 0010:[<ffffffff8148fd28>]  [<ffffffff8148fd28>] dump_page_badflags+0x8/0x250
[   29.594033] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   29.599446] RAX: ffff8800b51fc740 RBX: ffffea0007469600 RCX: ffffffff8148fea0
[   29.606683] RDX: 0000000000000000 RSI: ffffffff838a8620 RDI: ffffea0007469600
[   29.613919] RBP: ffff880100000010 R08: 0000000000000001 R09: 0000000000000000
[   29.621158] R10: 0000000000000002 R11: fffffbfff0ad7a1e R12: 0000000000000000
[   29.628395] R13: ffffffff838a8620 R14: 0000000000000000 R15: 0000000000000000
[   29.635633] FS:  0000000000a75880(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   29.643825] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   29.649674] CR2: ffff8800fffffff8 CR3: 00000001d1a40000 CR4: 0000000000160670
[   29.656915] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   29.664152] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   29.671386] Stack:
[   29.673498] 
[   29.675096] Call Trace:
[   29.677648]  <UNK> 
[   29.679674] Code: 00 e9 83 fd ff ff e8 a8 e2 06 00 e9 50 fd ff ff e8 9e e2 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 11 01 
[   29.985580] Shutting down cpus with NMI
[   29.989987] Dumping ftrace buffer:
[   29.993602]    (ftrace buffer empty)
[   29.997281] Kernel Offset: disabled
[   30.000936] Rebooting in 86400 seconds..