[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.940145] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.409538] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   20.752523] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   21.559742] random: sshd: uninitialized urandom read (32 bytes read, 97 bits of entropy available)
[   23.454140] random: sshd: uninitialized urandom read (32 bytes read, 104 bits of entropy available)
Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
[   28.855271] random: sshd: uninitialized urandom read (32 bytes read, 112 bits of entropy available)
executing program
[   28.954775] ==================================================================
[   28.962179] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   28.969164] Read of size 8 at addr ffff8800b4702140 by task syzkaller480232/3326
[   28.976663] 
[   28.978262] CPU: 1 PID: 3326 Comm: syzkaller480232 Not tainted 4.4.111-g3301b55 #24
[   28.986020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.995350]  0000000000000000 5adc522b9192a519 ffff8801d042fab0 ffffffff81d0509d
[   29.003304]  ffffea0002d1c080 ffff8800b4702140 0000000000000000 ffff8800b4702140
[   29.011277]  ffff8801d09e2338 ffff8801d042fae8 ffffffff814fd433 ffff8800b4702140
[   29.019232] Call Trace:
[   29.021793]  [<ffffffff81d0509d>] dump_stack+0xc1/0x124
[   29.027126]  [<ffffffff814fd433>] print_address_description+0x73/0x260
[   29.033760]  [<ffffffff814fd945>] kasan_report+0x285/0x370
[   29.039353]  [<ffffffff825b9d09>] ? sg_remove_request+0xf9/0x110
[   29.045466]  [<ffffffff814fdaa4>] __asan_report_load8_noabort+0x14/0x20
[   29.052198]  [<ffffffff825b9d09>] sg_remove_request+0xf9/0x110
[   29.058146]  [<ffffffff825ba285>] sg_finish_rem_req+0x295/0x340
[   29.064172]  [<ffffffff825bc0c1>] sg_read+0xa21/0x1490
[   29.069417]  [<ffffffff814f642f>] ? new_slab+0x24f/0x3b0
[   29.074836]  [<ffffffff825bb6a0>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   29.081471]  [<ffffffff8124575c>] ? __raw_spin_lock_init+0x1c/0x100
[   29.087843]  [<ffffffff8123076b>] ? lockdep_init_map+0xeb/0x1690
[   29.093953]  [<ffffffff825bb6a0>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   29.100587]  [<ffffffff8151c383>] __vfs_read+0x103/0x440
[   29.106004]  [<ffffffff8151c280>] ? vfs_iter_write+0x2d0/0x2d0
[   29.111940]  [<ffffffff815e927d>] ? fsnotify+0x5ad/0xee0
[   29.117354]  [<ffffffff815e9bb0>] ? fsnotify+0xee0/0xee0
[   29.122770]  [<ffffffff8155804a>] ? fasync_helper+0x7a/0xb0
[   29.128451]  [<ffffffff81b4dfe9>] ? avc_policy_seqno+0x9/0x20
[   29.134301]  [<ffffffff81b5f6d8>] ? selinux_file_permission+0x348/0x460
[   29.141019]  [<ffffffff81b44ed9>] ? security_file_permission+0x89/0x1e0
[   29.147740]  [<ffffffff8151df10>] ? rw_verify_area+0x100/0x2f0
[   29.153677]  [<ffffffff8151e223>] vfs_read+0x123/0x3a0
[   29.158916]  [<ffffffff81520b69>] SyS_read+0xd9/0x1b0
[   29.164078]  [<ffffffff81520a90>] ? do_sendfile+0xd30/0xd30
[   29.169767]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   29.176229]  [<ffffffff83775899>] entry_SYSCALL_64_fastpath+0x16/0x92
[   29.182779] 
[   29.184374] Allocated by task 0:
[   29.187700] (stack is not available)
[   29.191377] 
[   29.192969] Freed by task 0:
[   29.195947] (stack is not available)
[   29.199630] 
[   29.201226] The buggy address belongs to the object at ffff8800b4702100
[   29.201226]  which belongs to the cache fasync_cache of size 96
[   29.213857] The buggy address is located 64 bytes inside of
[   29.213857]  96-byte region [ffff8800b4702100, ffff8800b4702160)
[   29.225539] The buggy address belongs to the page:
[   30.734624] PANIC: double fault, error_code: 0x0
[   30.739407] CPU: 1 PID: 3326 Comm: syzkaller480232 Not tainted 4.4.111-g3301b55 #24
[   30.747167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.756493] task: ffff8800b4c3c740 task.stack: ffff8801d0428000
[   30.762526] RIP: 0010:[<ffffffff8148f808>]  [<ffffffff8148f808>] dump_page_badflags+0x8/0x250
[   30.771279] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   30.776702] RAX: ffff8800b4c3c740 RBX: ffffea0002d1c080 RCX: ffffffff8148f980
[   30.783941] RDX: 0000000000000000 RSI: ffffffff838a83a0 RDI: ffffea0002d1c080
[   30.791187] RBP: ffff880100000010 R08: 0000000000000001 R09: 0000000000000000
[   30.798430] R10: 0000000000000002 R11: fffffbfff0ad781e R12: 0000000000000000
[   30.805667] R13: ffffffff838a83a0 R14: 0000000000000000 R15: 0000000000000000
[   30.812905] FS:  0000000002508880(0063) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   30.821106] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.826954] CR2: ffff8800fffffff8 CR3: 00000001d5126000 CR4: 0000000000160670
[   30.834192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.841439] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.848674] Stack:
[   30.850788] 
[   30.852382] Call Trace:
[   30.854929]  <UNK> 
[   30.856956] Code: 00 e9 83 fd ff ff e8 a8 e2 06 00 e9 50 fd ff ff e8 9e e2 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 61 06 
[   30.883709] Kernel panic - not syncing: Machine halted.
[   30.889042] CPU: 1 PID: 3326 Comm: syzkaller480232 Not tainted 4.4.111-g3301b55 #24
[   30.896805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.906136]  0000000000000000 5adc522b9192a519 ffff8801db30ce38 ffffffff81d0509d
[   30.914108]  ffffffff838367c0 ffff8801db30cf10 ffffffff83808040 ffff880100000000
[   30.922065]  0000000000000000 ffff8801db30cf00 ffffffff81419a3a 0000000041b58ab3
[   30.930020] Call Trace:
[   30.932568]  <#DF>  [<ffffffff81d0509d>] dump_stack+0xc1/0x124
[   30.938636]  [<ffffffff81419a3a>] panic+0x1aa/0x388
[   30.943620]  [<ffffffff81419890>] ? percpu_up_read.constprop.45+0xe1/0xe1
[   30.950519]  [<ffffffff812692c2>] ? vprintk_emit+0x242/0x850
[   30.956300]  [<ffffffff8148f81d>] ? dump_page_badflags+0x1d/0x250
[   30.960586] kasan: CONFIG_KASAN_INLINE enabled
[   30.960593] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   30.960597] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   30.960603] Dumping ftrace buffer:
[   30.960607]    (ftrace buffer empty)
[   30.960611] Modules linked in:
[   30.960618] CPU: 0 PID: 6 Comm: kworker/u4:0 Not tainted 4.4.111-g3301b55 #24
[   30.960621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.960637] Workqueue: writeback wb_workfn (flush-8:0)
[   30.960640] task: ffff8801da370000 task.stack: ffff8801da378000
[   30.960651] RIP: 0010:[<ffffffff81d652e6>]  [<ffffffff81d652e6>] __list_del_entry+0x86/0x1d0
[   30.960655] RSP: 0018:ffff8801da37f828  EFLAGS: 00010246
[   30.960659] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8801cf57dab8
[   30.960662] RDX: 0000000000000000 RSI: ffff8800b9586668 RDI: ffff8801cf57dac0
[   30.960665] RBP: ffff8801da37f840 R08: 0000000000000001 R09: ffffffff850c8e50
[   30.960669] R10: 0000000000000001 R11: 1ffff1003b46fefe R12: ffffffff838a83a0
[   30.960672] R13: dffffc0000000000 R14: ffff8801da37fa10 R15: 0000000000000000
[   30.960677] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   30.960681] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.960684] CR2: 0000561d0b869100 CR3: 00000001d510e000 CR4: 0000000000160670
[   30.960690] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.960694] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.960695] Stack:
[   30.960702]  67ab90b4c389961c ffff8801cf57dab8 ffff8800b9586658 ffff8801da37f958
[   30.960709]  ffffffff8159ce30 dffffc0000000000 1ffff1003b46ff12 ffff8800b9586668
[   30.960716]  fffffbfff08fdc12 0000000000000000 00000000da370000 0000000000000000
[   30.960717] Call Trace:
[   30.960725]  [<ffffffff8159ce30>] move_expired_inodes+0x120/0x5f0
[   30.960731]  [<ffffffff8159cd10>] ? wb_wakeup+0xb0/0xb0
[   30.960739]  [<ffffffff811fbe40>] ? update_sd_lb_stats+0x30a0/0x30a0
[   30.960746]  [<ffffffff8159e377>] queue_io+0x157/0x520
[   30.960752]  [<ffffffff815a3783>] wb_writeback+0x6b3/0xd20
[   30.960760]  [<ffffffff815a30d0>] ? writeback_inodes_wb.constprop.56+0x190/0x190
[   30.960768]  [<ffffffff81d49650>] ? _find_next_bit.part.0+0xe0/0x120
[   30.960776]  [<ffffffff8157396a>] ? get_nr_dirty_inodes+0xfa/0x170
[   30.960782]  [<ffffffff815b0346>] wb_workfn+0x496/0xf70
[   30.960788]  [<ffffffff81d6711d>] ? debug_object_deactivate+0x26d/0x3c0
[   30.960795]  [<ffffffff815afeb0>] ? inode_wait_for_writeback+0x40/0x40
[   30.960805]  [<ffffffff8117fe37>] process_one_work+0x7d7/0x16e0
[   30.960811]  [<ffffffff8117fd57>] ? process_one_work+0x6f7/0x16e0
[   30.960817]  [<ffffffff8117f660>] ? pwq_dec_nr_in_flight+0x280/0x280
[   30.960823]  [<ffffffff81180fc4>] ? worker_thread+0x284/0xfe0
[   30.960829]  [<ffffffff81180e1f>] worker_thread+0xdf/0xfe0
[   30.960835]  [<ffffffff811908e8>] kthread+0x268/0x300
[   30.960841]  [<ffffffff81180d40>] ? process_one_work+0x16e0/0x16e0
[   30.960848]  [<ffffffff81190680>] ? kthread_create_on_node+0x400/0x400
[   30.960855]  [<ffffffff81190680>] ? kthread_create_on_node+0x400/0x400
[   30.960864]  [<ffffffff83775c9f>] ret_from_fork+0x3f/0x70
[   30.960871]  [<ffffffff81190680>] ? kthread_create_on_node+0x400/0x400
[   30.960953] Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 49 39 c8 0f 85 9b 00 00 
[   30.960959] RIP  [<ffffffff81d652e6>] __list_del_entry+0x86/0x1d0
[   30.960961]  RSP <ffff8801da37f828>
[   30.960967] ---[ end trace 15d87e8e111f9c22 ]---
[   31.300942]  [<ffffffff812692c2>] ? vprintk_emit+0x242/0x850
[   31.306717]  [<ffffffff810caf5d>] df_debug+0x2d/0x30
[   31.311794]  [<ffffffff81012d2b>] do_double_fault+0x10b/0x210
[   31.317659]  [<ffffffff8377697d>] double_fault+0x2d/0x40
[   31.323088]  [<ffffffff8148f980>] ? dump_page_badflags+0x180/0x250
[   31.329374]  [<ffffffff8148f808>] ? dump_page_badflags+0x8/0x250
[   31.335487]  <<EOE>>  <UNK> 
[   32.448538] Shutting down cpus with NMI
[   32.453324] Dumping ftrace buffer:
[   32.456847]    (ftrace buffer empty)
[   32.460533] Kernel Offset: disabled
[   32.464128] Rebooting in 86400 seconds..