[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   17.498488] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.960291] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   21.175101] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   22.058188] random: sshd: uninitialized urandom read (32 bytes read, 107 bits of entropy available)
[   22.240401] random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available)
Warning: Permanently added '10.128.15.233' (ECDSA) to the list of known hosts.
[   27.636376] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available)
executing program
[   27.736484] ==================================================================
[   27.743894] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   27.750988] Read of size 8 at addr ffff8800b4604140 by task syzkaller854528/3316
[   27.750989] 
[   27.750996] CPU: 0 PID: 3316 Comm: syzkaller854528 Not tainted 4.4.112-g3fc4284 #32
[   27.750999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.751013]  0000000000000000 dc43c4f23e398565 ffff8801cd60f9f0 ffffffff81d054ed
[   27.751020]  ffffea0002d18100 ffff8800b4604140 0000000000000000 ffff8800b4604140
[   27.751028]  ffff8800b4168238 ffff8801cd60fa28 ffffffff814fd953 ffff8800b4604140
[   27.751029] Call Trace:
[   27.751046]  [<ffffffff81d054ed>] dump_stack+0xc1/0x124
[   27.751055]  [<ffffffff814fd953>] print_address_description+0x73/0x260
[   27.751061]  [<ffffffff814fde65>] kasan_report+0x285/0x370
[   27.751070]  [<ffffffff825ba2c9>] ? sg_remove_request+0xf9/0x110
[   27.751076]  [<ffffffff814fdfc4>] __asan_report_load8_noabort+0x14/0x20
[   27.751082]  [<ffffffff825ba2c9>] sg_remove_request+0xf9/0x110
[   27.751088]  [<ffffffff825ba845>] sg_finish_rem_req+0x295/0x340
[   27.751094]  [<ffffffff825bc681>] sg_read+0xa21/0x1490
[   27.751102]  [<ffffffff81515144>] ? __check_object_size+0x154/0x35b
[   27.751109]  [<ffffffff825bbc60>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   27.751115]  [<ffffffff815ea0d0>] ? fsnotify+0xee0/0xee0
[   27.751124]  [<ffffffff81b4e569>] ? avc_policy_seqno+0x9/0x20
[   27.751131]  [<ffffffff8151d171>] do_loop_readv_writev+0x141/0x1e0
[   27.751137]  [<ffffffff81b45459>] ? security_file_permission+0x89/0x1e0
[   27.751144]  [<ffffffff825bbc60>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   27.751150]  [<ffffffff825bbc60>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   27.751156]  [<ffffffff8151f4cd>] do_readv_writev+0x5dd/0x6e0
[   27.751162]  [<ffffffff8151eef0>] ? vfs_write+0x530/0x530
[   27.751169]  [<ffffffff837756ac>] ? _raw_spin_unlock+0x2c/0x50
[   27.751175]  [<ffffffff8150da8d>] ? do_huge_pmd_anonymous_page+0x3dd/0xa10
[   27.751182]  [<ffffffff8149fe02>] ? handle_mm_fault+0x3f2/0x3190
[   27.751188]  [<ffffffff825b8f4d>] ? sg_fasync+0x8d/0xb0
[   27.751195]  [<ffffffff8151f648>] vfs_readv+0x78/0xb0
[   27.751200]  [<ffffffff81521999>] SyS_readv+0xd9/0x240
[   27.751206]  [<ffffffff815218c0>] ? rw_copy_check_uvector+0x2d0/0x2d0
[   27.751213]  [<ffffffff81003017>] ? trace_hardirqs_on_thunk+0x17/0x19
[   27.751219]  [<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[   27.751221] 
[   27.751224] Allocated by task 0:
[   27.751226] (stack is not available)
[   27.751227] 
[   27.751229] Freed by task 0:
[   27.751230] (stack is not available)
[   27.751231] 
[   27.751236] The buggy address belongs to the object at ffff8800b4604100
[   27.751236]  which belongs to the cache fasync_cache of size 96
[   27.751240] The buggy address is located 64 bytes inside of
[   27.751240]  96-byte region [ffff8800b4604100, ffff8800b4604160)
[   27.751242] The buggy address belongs to the page:
[   28.023070] kasan: CONFIG_KASAN_INLINE enabled
[   28.027528] BUG: unable to handle kernel paging request at fffffffdef82a740
[   28.027542] IP: [<ffffffff8122a565>] cpuacct_charge+0x155/0x390
[   28.027559] PGD 420f067 PUD 0 
[   28.027565] Oops: 0000 [#1] PREEMPT SMP KASAN
[   28.027574] Dumping ftrace buffer:
[   28.027577]    (ftrace buffer empty)
[   28.027579] Modules linked in:
[   28.027586] CPU: 1 PID: 3318 Comm: getty Not tainted 4.4.112-g3fc4284 #32
[   28.027589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.027592] task: ffff8801d2284740 task.stack: ffff8800b41e8000
[   28.027594] RIP: 0010:[<ffffffff8122a565>]  [<ffffffff8122a565>] cpuacct_charge+0x155/0x390
[   28.027603] RSP: 0018:ffff8801db307a20  EFLAGS: 00010046
[   28.027607] RAX: 1ffffffff0854dff RBX: 0000000000018528 RCX: ffffffff847ea4c0
[   28.027610] RDX: fffffbffbdf054e8 RSI: fffffffdef82a740 RDI: ffffffff842a6ff8
[   28.027612] RBP: ffff8801db307a68 R08: 0000000000000000 R09: 0000000000000000
[   28.027615] R10: ffffed0043fffa09 R11: 0000000000000000 R12: ffffffff842a6f20
[   28.027618] R13: dffffc0000000000 R14: 00000000108ced2f R15: ffffffffcd608050
[   28.027622] FS:  00007f22e542a700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   28.027625] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.027628] CR2: fffffffdef82a740 CR3: 00000000b5538000 CR4: 0000000000160670
[   28.027634] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.027636] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.027637] Stack:
[   28.027639]  ffffffff8122a470 ffffffff81d49b1e 0000000000000000 ffff8801db307a78
[   28.027646]  ffff8801d22e5f60 ffffffff83843ba0 00000000108ced2f ffff8801d22e5fb0
[   28.027652]  ffff8801d22e5f00 ffff8801db307ab8 ffffffff811dc087 ffff8801db21f4c0
[   28.027657] Call Trace:
[   28.027659]  <IRQ> [   28.027666]  [<ffffffff8122a470>] ? cpuacct_charge+0x60/0x390
[   28.027674]  [<ffffffff81d49b1e>] ? find_next_bit+0x3e/0x50
[   28.027680]  [<ffffffff811dc087>] update_curr+0x2c7/0x6c0
[   28.027685]  [<ffffffff811e4213>] enqueue_task_fair+0x313/0x2940
[   28.027693]  [<ffffffff811d44cf>] ? sched_clock_cpu+0x15f/0x1e0
[   28.027699]  [<ffffffff811bba38>] activate_task+0x148/0x270
[   28.027705]  [<ffffffff811bc9df>] ttwu_do_activate.constprop.131+0xbf/0x1e0
[   28.027710]  [<ffffffff811bfdad>] try_to_wake_up+0x68d/0xf60
[   28.027716]  [<ffffffff811c0805>] default_wake_function+0x35/0x50
[   28.027722]  [<ffffffff8121fc53>] autoremove_wake_function+0x13/0x90
[   28.027728]  [<ffffffff81d652eb>] ? check_preemption_disabled+0x3b/0x200
[   28.027734]  [<ffffffff8121e7a4>] __wake_up_common+0xb4/0x150
[   28.027740]  [<ffffffff8121e874>] __wake_up+0x34/0x50
[   28.027747]  [<ffffffff8126af56>] wake_up_klogd_work_func+0x56/0x80
[   28.027753]  [<ffffffff813e4d7a>] irq_work_run_list+0xca/0x140
[   28.027760]  [<ffffffff813e53de>] irq_work_tick+0x10e/0x170
[   28.027766]  [<ffffffff812aa192>] update_process_times+0x52/0x70
[   28.027775]  [<ffffffff812d47a5>] tick_sched_handle.isra.16+0x55/0xf0
[   28.027780]  [<ffffffff812d60c2>] tick_sched_timer+0x72/0x120
[   28.027785]  [<ffffffff812d6050>] ? tick_sched_do_timer+0xa0/0xa0
[   28.027792]  [<ffffffff812ac976>] __hrtimer_run_queues+0x306/0xfe0
[   28.027798]  [<ffffffff812ac670>] ? hrtimer_fixup_init+0x70/0x70
[   28.027805]  [<ffffffff812aedd1>] ? hrtimer_interrupt+0x131/0x440
[   28.027811]  [<ffffffff812aee46>] hrtimer_interrupt+0x1a6/0x440
[   28.027819]  [<ffffffff810b0dda>] local_apic_timer_interrupt+0x6a/0xb0
[   28.027827]  [<ffffffff83778e36>] smp_apic_timer_interrupt+0x76/0xa0
[   28.027834]  [<ffffffff83777d90>] apic_timer_interrupt+0xa0/0xb0
[   28.027836]  <EOI> [   28.027842]  [<ffffffff81268de0>] ? console_unlock+0x790/0xa00
[   28.027848]  [<ffffffff81268dea>] ? console_unlock+0x79a/0xa00
[   28.027854]  [<ffffffff837757a5>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[   28.027860]  [<ffffffff81269373>] ? vprintk_emit+0x323/0x850
[   28.027866]  [<ffffffff812695ae>] vprintk_emit+0x55e/0x850
[   28.027874]  [<ffffffff810179b8>] ? print_context_stack+0x48/0xc0
[   28.027881]  [<ffffffff812ea433>] ? __module_text_address+0x13/0x140
[   28.027887]  [<ffffffff812698c8>] vprintk+0x28/0x30
[   28.027893]  [<ffffffff812698ed>] vprintk_default+0x1d/0x30
[   28.027900]  [<ffffffff8141aa1d>] printk+0xb7/0xe2
[   28.027906]  [<ffffffff8141a966>] ? pm_qos_get_value.part.4+0xb/0xb
[   28.027913]  [<ffffffff81d652eb>] ? check_preemption_disabled+0x3b/0x200
[   28.027920]  [<ffffffff810f0d15>] ? kasan_die_handler+0x25/0x40
[   28.027925]  [<ffffffff810f0d21>] kasan_die_handler+0x31/0x40
[   28.027932]  [<ffffffff81194255>] notifier_call_chain+0x95/0x1b0
[   28.027938]  [<ffffffff8119587b>] atomic_notifier_call_chain+0x7b/0x140
[   28.027944]  [<ffffffff81195800>] ? __atomic_notifier_call_chain+0x150/0x150
[   28.027950]  [<ffffffff81195a1f>] notify_die+0xdf/0x160
[   28.027956]  [<ffffffff81195940>] ? atomic_notifier_call_chain+0x140/0x140
[   28.027961]  [<ffffffff81d65736>] ? __list_del_entry+0x86/0x1d0
[   28.027968]  [<ffffffff8118bc01>] ? search_exception_tables+0x31/0x40
[   28.027975]  [<ffffffff81011fa7>] do_general_protection+0x2f7/0x390
[   28.027980]  [<ffffffff837775a8>] general_protection+0x28/0x30
[   28.027986]  [<ffffffff81d65736>] ? __list_del_entry+0x86/0x1d0
[   28.027992]  [<ffffffff8377535e>] ? _raw_spin_lock+0x3e/0x50
[   28.027999]  [<ffffffff8148e7fa>] list_lru_del+0x6a/0x170
[   28.028005]  [<ffffffff81572350>] iput+0x480/0x960
[   28.028012]  [<ffffffff81563ddc>] __dentry_kill+0x51c/0x620
[   28.028018]  [<ffffffff81567b1a>] ? dput.part.19+0x2a/0x760
[   28.028024]  [<ffffffff81568128>] dput.part.19+0x638/0x760
[   28.028030]  [<ffffffff81567b1a>] ? dput.part.19+0x2a/0x760
[   28.028038]  [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[   28.028043]  [<ffffffff8156826f>] dput+0x1f/0x30
[   28.028050]  [<ffffffff81523171>] __fput+0x411/0x6d0
[   28.028055]  [<ffffffff815234b5>] ____fput+0x15/0x20
[   28.028061]  [<ffffffff8118bb54>] task_work_run+0x104/0x180
[   28.028067]  [<ffffffff81003625>] exit_to_usermode_loop+0x145/0x170
[   28.028074]  [<ffffffff81006545>] syscall_return_slowpath+0x1b5/0x1f0
[   28.028080]  [<ffffffff8377635d>] int_ret_from_sys_call+0x25/0xa3
[   28.028094] Code: 49 8d bc 24 d8 00 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 9e 01 00 00 49 8b 9c 24 d8 00 00 00 80 3a 00 0f 85 0a 02 00 00 <4a> 03 1c f9 48 89 d8 48 c1 e8 03 42 80 3c 28 00 0f 85 cf 01 00 
[   28.028197] RIP  [<ffffffff8122a565>] cpuacct_charge+0x155/0x390
[   28.028207]  RSP <ffff8801db307a20>
[   28.028209] CR2: fffffffdef82a740
[   28.028215] ---[ end trace b95b1b3eca16b682 ]---
[   28.028219] Kernel panic - not syncing: Fatal exception in interrupt
[   29.147765] Shutting down cpus with NMI
[   29.148200] Dumping ftrace buffer:
[   29.148203]    (ftrace buffer empty)
[   29.148205] Kernel Offset: disabled
[   29.785606] Rebooting in 86400 seconds..