[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.674488] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.584201] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   25.924683] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   26.888473] random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available)
[   27.069752] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available)
Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts.
[   32.495201] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   32.607436] IPVS: Creating netns size=2552 id=1
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   32.654323] IPVS: Creating netns size=2552 id=2
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   32.684136] ==================================================================
[   32.691530] BUG: KASAN: out-of-bounds in sg_remove_request+0xf9/0x110
[   32.698098] Read of size 8 at addr ffff8801c8524640 by task syzkaller285508/3807
[   32.705609] 
[   32.707216] CPU: 0 PID: 3807 Comm: syzkaller285508 Not tainted 4.4.120-gd63fdf6 #28
[   32.714980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.724315]  0000000000000000 caf93c131ec682a6 ffff8801c6947ab0 ffffffff81d0408d
[   32.732350]  ffffea0007214900 ffff8801c8524640[   32.735349] kasan: CONFIG_KASAN_INLINE enabledkasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   32.735367] Dumping ftrace buffer:
[   32.735371]    (ftrace buffer empty)
[   32.735373] Modules linked in:
[   32.735381] CPU: 1 PID: 3809 Comm: syzkaller285508 Not tainted 4.4.120-gd63fdf6 #28
[   32.735385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.735389] task: ffff8801c719b000 task.stack: ffff8800aa488000
[   32.735392] RIP: 0010:[<ffffffff81237a2f>]  [<ffffffff81237a2f>] __lock_acquire+0x61f/0x4b50
[   32.735408] RSP: 0018:ffff8800aa48f8f0  EFLAGS: 00010086
[   32.735412] RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff8123ac8e
[   32.735416] RDX: 1ffff100390a5fe0 RSI: 0000000000000008 RDI: ffff8801c852ff00
[   32.735419] RBP: ffff8800aa48fa90 R08: 0000000000000001 R09: 0000000000000001
[   32.735423] R10: 0000000000000001 R11: 1ffff10015491f30 R12: 0000000000000000
[   32.735426] R13: ffff8801c719b000 R14: ffff8801c852fef8 R15: 0000000000000000
[   32.735431] FS:  00007fd1299a0700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   32.735435] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   32.735438] CR2: 00007fd12999fe78 CR3: 00000000b11d4000 CR4: 0000000000160670
[   32.735446] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   32.735449] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   32.735450] Stack:
[   32.735452]  ffff8801da0018c0 ffff8800aa48fb28 ffffffff814fd213 0000004000000009
[   32.735460]  ffff8800aa48f920 ffffffff00000000 ffff8801c719b000 ffff8801c719b8d0
[   32.735468]  0000000000000285 ffff8801c719b000 0000000000000002 0000000000000002
[   32.735475] Call Trace:
[   32.735485]  [<ffffffff814fd213>] ? save_stack+0xa3/0xd0
[   32.735492]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   32.735499]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   32.735505]  [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[   32.735516]  [<ffffffff825b83a9>] ? sg_remove_request+0x69/0x110
[   32.735525]  [<ffffffff8377361e>] _raw_write_lock_irqsave+0x4e/0x70
[   32.735531]  [<ffffffff825b83a9>] ? sg_remove_request+0x69/0x110
[   32.735537]  [<ffffffff825b83a9>] sg_remove_request+0x69/0x110
[   32.735543]  [<ffffffff825b89b5>] sg_finish_rem_req+0x295/0x340
[   32.735549]  [<ffffffff825ba85b>] sg_read+0xa1b/0x1490
[   32.735556]  [<ffffffff825b9e40>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   32.735562]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   32.735569]  [<ffffffff825b9e40>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   32.735577]  [<ffffffff8151cf33>] __vfs_read+0x103/0x440
[   32.735584]  [<ffffffff8151ce30>] ? vfs_iter_write+0x2d0/0x2d0
[   32.735590]  [<ffffffff815e984d>] ? fsnotify+0x5ad/0xee0
[   32.735595]  [<ffffffff815ea180>] ? fsnotify+0xee0/0xee0
[   32.735603]  [<ffffffff81b4d1e9>] ? avc_policy_seqno+0x9/0x20
[   32.735610]  [<ffffffff81b5e8b8>] ? selinux_file_permission+0x348/0x460
[   32.735616]  [<ffffffff81b440e9>] ? security_file_permission+0x89/0x1e0
[   32.735622]  [<ffffffff8151eac0>] ? rw_verify_area+0x100/0x2f0
[   32.735627]  [<ffffffff8151edd3>] vfs_read+0x123/0x3a0
[   32.735632]  [<ffffffff81521719>] SyS_read+0xd9/0x1b0
[   32.735637]  [<ffffffff81521640>] ? do_sendfile+0xd30/0xd30
[   32.735645]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   32.735651]  [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   32.735653] Code: 00 fc ff df 44 89 e3 49 8d 7c de 08 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b6 37 00 00 49 8b 5c de 08 48 85 db 0f 84 28 fb ff ff <f0> ff 83 98 01 00 00 49 8d 85 c8 08 00 00 48 89 c2 48 89 44 24 
[   32.735753] RIP  [<ffffffff81237a2f>] __lock_acquire+0x61f/0x4b50
[   32.735760]  RSP <ffff8800aa48f8f0>
[   32.735766] ---[ end trace a63e6f9c92475dcb ]---
[   32.735770] Kernel panic - not syncing: Fatal exception

[   33.105793]  0000000000000000 ffff8801c8524648
[   33.110884]  ffff8801c4e08238 ffff8801c6947ae8 ffffffff814fe143 ffff8801c8524640
[   33.118872] Call Trace:
[   33.121440]  [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[   33.126784]  [<ffffffff814fe143>] print_address_description+0x73/0x260
[   33.133422]  [<ffffffff814fe655>] kasan_report+0x285/0x370
[   33.139024]  [<ffffffff825b8439>] ? sg_remove_request+0xf9/0x110
[   33.145140]  [<ffffffff814fe7b4>] __asan_report_load8_noabort+0x14/0x20
[   33.151865]  [<ffffffff825b8439>] sg_remove_request+0xf9/0x110
[   33.157811]  [<ffffffff825b89b5>] sg_finish_rem_req+0x295/0x340
[   33.163843]  [<ffffffff825ba85b>] sg_read+0xa1b/0x1490
[   33.169097]  [<ffffffff825b9e40>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   33.175739]  [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   33.182728]  [<ffffffff825b9e40>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   33.189372]  [<ffffffff8151cf33>] __vfs_read+0x103/0x440
[   33.194797]  [<ffffffff8151ce30>] ? vfs_iter_write+0x2d0/0x2d0
[   33.200744]  [<ffffffff815e984d>] ? fsnotify+0x5ad/0xee0
[   33.206166]  [<ffffffff815ea180>] ? fsnotify+0xee0/0xee0
[   33.211593]  [<ffffffff81b4d1e9>] ? avc_policy_seqno+0x9/0x20
[   33.217455]  [<ffffffff81b5e8b8>] ? selinux_file_permission+0x348/0x460
[   33.224182]  [<ffffffff81b440e9>] ? security_file_permission+0x89/0x1e0
[   33.230907]  [<ffffffff8151eac0>] ? rw_verify_area+0x100/0x2f0
[   33.236848]  [<ffffffff8151edd3>] vfs_read+0x123/0x3a0
[   33.242095]  [<ffffffff81521719>] SyS_read+0xd9/0x1b0
[   33.247257]  [<ffffffff81521640>] ? do_sendfile+0xd30/0xd30
[   33.252944]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   33.259414]  [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   33.265964] 
[   33.267568] Allocated by task 3805:
[   33.271167]  [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[   33.277061]  [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[   33.282436]  [<ffffffff814fd47d>] kasan_kmalloc+0xad/0xe0
[   33.288071]  [<ffffffff814fda52>] kasan_slab_alloc+0x12/0x20
[   33.293963]  [<ffffffff814f912a>] kmem_cache_alloc+0xba/0x290
[   33.299941]  [<ffffffff81558917>] fasync_helper+0x37/0xb0
[   33.305573]  [<ffffffff825b70b6>] sg_fasync+0x86/0xb0
[   33.310856]  [<ffffffff81559f81>] do_vfs_ioctl+0x981/0xee0
[   33.316578]  [<ffffffff8155a56f>] SyS_ioctl+0x8f/0xc0
[   33.321863]  [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   33.328537] 
[   33.330140] Freed by task 0:
[   33.333127] (stack is not available)
[   33.336808] 
[   33.338418] The buggy address belongs to the object at ffff8801c8524600
[   33.338418]  which belongs to the cache fasync_cache of size 96
[   33.351050] The buggy address is located 64 bytes inside of
[   33.351050]  96-byte region [ffff8801c8524600, ffff8801c8524660)
[   33.362723] The buggy address belongs to the page:
[   33.857060] Shutting down cpus with NMI
[   33.861526] Dumping ftrace buffer:
[   33.865054]    (ftrace buffer empty)
[   33.868734] Kernel Offset: disabled
[   33.872329] Rebooting in 86400 seconds..