[ 16.451385] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.430144] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 20.645094] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.458339] random: sshd: uninitialized urandom read (32 bytes read, 95 bits of entropy available) [ 21.630126] random: sshd: uninitialized urandom read (32 bytes read, 100 bits of entropy available) Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. [ 27.023952] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available) executing program [ 27.117065] ================================================================== [ 27.124462] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 [ 27.131448] Read of size 8 at addr ffff8801d342e140 by task syzkaller995887/3317 [ 27.138952] [ 27.140549] CPU: 1 PID: 3317 Comm: syzkaller995887 Not tainted 4.4.111-g7902639 #18 [ 27.148307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.157632] 0000000000000000 d045bffc9ac7ce19 ffff8800ba8efa40 ffffffff81d0509d [ 27.165601] ffffea00074d0b80 ffff8801d342e140 0000000000000000 ffff8801d342e140 [ 27.173556] ffff8801d0978238 ffff8800ba8efa78 ffffffff814fd433 ffff8801d342e140 [ 27.181937] Call Trace: [ 27.184490] [] dump_stack+0xc1/0x124 [ 27.189826] [] print_address_description+0x73/0x260 [ 27.196460] [] kasan_report+0x285/0x370 [ 27.202051] [] ? sg_remove_request+0xf9/0x110 [ 27.208163] [] __asan_report_load8_noabort+0x14/0x20 [ 27.214881] [] sg_remove_request+0xf9/0x110 [ 27.220829] [] sg_finish_rem_req+0x295/0x340 [ 27.226852] [] sg_read+0xa21/0x1490 [ 27.232093] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 27.238727] [] ? __raw_spin_lock_init+0x1c/0x100 [ 27.245097] [] ? lockdep_init_map+0xeb/0x1690 [ 27.251208] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 27.257841] [] __vfs_read+0x103/0x440 [ 27.263256] [] ? vfs_iter_write+0x2d0/0x2d0 [ 27.269193] [] ? fsnotify+0x5ad/0xee0 [ 27.274614] [] ? fsnotify+0xee0/0xee0 [ 27.280033] [] ? avc_policy_seqno+0x9/0x20 [ 27.285882] [] ? selinux_file_permission+0x348/0x460 [ 27.292601] [] ? security_file_permission+0x89/0x1e0 [ 27.299321] [] ? rw_verify_area+0x100/0x2f0 [ 27.305260] [] vfs_read+0x123/0x3a0 [ 27.310503] [] SyS_read+0xd9/0x1b0 [ 27.315656] [] ? do_sendfile+0xd30/0xd30 [ 27.321332] [] ? vmacache_update+0xfe/0x130 [ 27.328154] [] ? do_fast_syscall_32+0xd7/0x890 [ 27.334351] [] ? do_sendfile+0xd30/0xd30 [ 27.340026] [] do_fast_syscall_32+0x314/0x890 [ 27.346136] [] sysenter_flags_fixed+0xd/0x17 [ 27.352155] [ 27.353747] Allocated by task 0: [ 27.357075] (stack is not available) [ 27.360762] [ 27.362352] Freed by task 0: [ 27.365330] (stack is not available) [ 27.369007] [ 27.370604] The buggy address belongs to the object at ffff8801d342e100 [ 27.370604] which belongs to the cache fasync_cache of size 96 [ 27.383232] The buggy address is located 64 bytes inside of [ 27.383232] 96-byte region [ffff8801d342e100, ffff8801d342e160) [ 27.394897] The buggy address belongs to the page: [ 27.407718] kasan: CONFIG_KASAN_INLINE enabled[ 27.408007] page:ffffea00074d0b80 count:1 mapcount:-2145386463 mapping: (null) index:0x0 [ 27.408010] flags: 0xffff8801db219c40(active|reserved|private|private_2|swapcache|mappedtodisk|uncached) [ 27.408025] page dumped because: VM_BUG_ON_PAGE(PageSlab(page)) [ 27.408045] ------------[ cut here ]------------ [ 27.408048] kernel BUG at include/linux/mm.h:460! [ 27.408051] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 27.408060] Dumping ftrace buffer: [ 27.408063] (ftrace buffer empty) [ 27.408065] Modules linked in: [ 27.408073] CPU: 1 PID: 3317 Comm: syzkaller995887 Not tainted 4.4.111-g7902639 #18 [ 27.408076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.408079] task: ffff8800b4e6df00 task.stack: ffff8800ba8e8000 [ 27.408083] RIP: 0010:[] [] dump_page_badflags+0x191/0x250 [ 27.408097] RSP: 0018:ffff8800b8c00030 EFLAGS: 00010082 [ 27.408101] RAX: ffff8800b4e6df00 RBX: ffffea00074d0b80 RCX: ffffffff8148f96c [ 27.408104] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8800b4e6e76c [ 27.408107] RBP: ffff8800b8c00060 R08: 0000000000000001 R09: 0000000000000000 [ 27.408110] R10: 0000000000000002 R11: fffffbfff0ad8d1a R12: 0000000000000000 [ 27.408114] R13: ffffffff838a8360 R14: 0000000000000000 R15: 0000000000000000 [ 27.408119] FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:0000000008596840 [ 27.408123] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 27.408126] CR2: 00000000205c5fc7 CR3: 00000001d1b44000 CR4: 0000000000160670 [ 27.408132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.408135] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.408136] Stack: [ 27.408138] 0000000000000000 ffffea00074d0b80 0000000000000000 ffffffff838a8360 [ 27.408146] 0000000000000000 0000000000000000 ffff8800b8c000a0 ffffffff8148f991 [ 27.408153] 0000000000000000 ffffea00074d0b80 0000000000000000 ffffffff838a8360 [ 27.408160] Call Trace: [ 27.408163] Code: 46 e8 14 05 ed ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 00 05 ed ff 31 d2 48 c7 c6 60 83 8a 83 48 89 df e8 6f fe ff ff <0f> 0b e8 d8 e0 06 00 e9 21 ff ff ff 89 4d d4 e8 cb e0 06 00 8b [ 27.408263] RIP [] dump_page_badflags+0x191/0x250 [ 27.408271] RSP [ 27.408276] ---[ end trace c5303ec364e598fa ]--- [ 27.408280] Kernel panic - not syncing: Fatal exception [ 27.649960] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#2] PREEMPT SMP KASAN [ 27.662767] Dumping ftrace buffer: [ 27.666272] (ftrace buffer empty) [ 27.669952] Modules linked in: [ 27.673233] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 4.4.111-g7902639 #18 [ 27.681427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.690750] task: ffffffff84217840 task.stack: ffffffff84200000 [ 27.696774] RIP: 0010:[] [] rb_insert_color+0x1d0/0xcb0 [ 27.705437] RSP: 0018:ffff8801db207d18 EFLAGS: 00010806 [ 27.710852] RAX: ffff8801db219c40 RBX: ffffea00074d0b80 RCX: 1000000000000012 [ 27.718091] RDX: dffffc0000000000 RSI: ffff8801db219710 RDI: ffffea00074d0b90 [ 27.725329] RBP: ffff8801db207d60 R08: ffffffff85807f08 R09: 0000000000000001 [ 27.732567] R10: 0000000000000000 R11: 1ffff1003b640f62 R12: 8000000000000090 [ 27.739809] R13: 8000000000000080 R14: 8000000000000080 R15: ffff8801db219c48 [ 27.747050] FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 27.755250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.761099] CR2: 000055d60123a100 CR3: 00000000b49ec000 CR4: 0000000000160670 [ 27.768340] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.775577] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.782820] Stack: [ 27.784935] ffffffff842bcb20 ffffffff842180b0 0000000000000000 ffff8801db207d70 [ 27.792911] ffff8801db219c40 dffffc0000000000 0000000000000000 ffff8801db219710 [ 27.800869] ffff8800b950f640 ffff8801db207db0 ffffffff81d22967 ffff8801db219c58 [ 27.808844] Call Trace: [ 27.811392] [ 27.813432] [] timerqueue_add+0x157/0x2a0 [ 27.819489] [] enqueue_hrtimer+0x168/0x450 [ 27.825341] [] __hrtimer_run_queues+0x732/0xfe0 [ 27.831632] [] ? hrtimer_fixup_init+0x70/0x70 [ 27.837746] [] ? hrtimer_interrupt+0x131/0x440 [ 27.843945] [] hrtimer_interrupt+0x1a6/0x440 [ 27.849984] [] local_apic_timer_interrupt+0x6a/0xb0 [ 27.856631] [] smp_apic_timer_interrupt+0x76/0xa0 [ 27.863092] [] apic_timer_interrupt+0xa0/0xb0 [ 27.869201] [ 27.871236] [] ? native_safe_halt+0x6/0x10 [ 27.877376] [] default_idle+0x55/0x3c0 [ 27.882883] [] arch_cpu_idle+0xa/0x10 [ 27.888301] [] default_idle_call+0x48/0x70 [ 27.894154] [] cpu_startup_entry+0x605/0x820 [ 27.900184] [] ? call_cpuidle+0xe0/0xe0 [ 27.905783] [] rest_init+0x189/0x190 [ 27.911117] [] start_kernel+0x6b9/0x6ee [ 27.916708] [] ? thread_stack_cache_init+0xb/0xb [ 27.923081] [] ? early_idt_handler_array+0x120/0x120 [ 27.929810] [] ? early_idt_handler_array+0x120/0x120 [ 27.936532] [] x86_64_start_reservations+0x2a/0x2c [ 27.943080] [] x86_64_start_kernel+0x140/0x163 [ 27.949274] Code: 48 c1 e9 03 80 3c 11 00 0f 85 83 06 00 00 4d 85 ed 48 89 03 74 5b 4d 8d 65 10 48 ba 00 00 00 00 00 fc ff df 4c 89 e1 48 c1 e9 03 <80> 3c 11 00 0f 85 19 07 00 00 49 3b 5d 10 0f 84 eb 04 00 00 49 [ 27.975738] RIP [] rb_insert_color+0x1d0/0xcb0 [ 27.982061] RSP [ 27.985658] ---[ end trace c5303ec364e598fb ]--- [ 28.519662] Shutting down cpus with NMI [ 28.524046] Dumping ftrace buffer: [ 28.527561] (ftrace buffer empty) [ 28.531237] Kernel Offset: disabled [ 28.534826] Rebooting in 86400 seconds..