[ 16.455243] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.099005] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.388410] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.272124] random: sshd: uninitialized urandom read (32 bytes read, 103 bits of entropy available) [ 32.836213] random: sshd: uninitialized urandom read (32 bytes read, 113 bits of entropy available) Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 38.204265] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available) executing program [ 38.306170] ================================================================== [ 38.313593] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 [ 38.320580] Read of size 8 at addr ffff8800b4cbb140 by task syzkaller953681/3332 [ 38.328081] [ 38.329683] CPU: 0 PID: 3332 Comm: syzkaller953681 Not tainted 4.4.113-ge70c132 #34 [ 38.337443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.346769] 0000000000000000 05b59cd789f70565 ffff8801cd2979f0 ffffffff81d0278d [ 38.354737] ffffea0002d32ec0 ffff8800b4cbb140 0000000000000000 ffff8800b4cbb140 [ 38.362703] ffff8800b3f60238 ffff8801cd297a28 ffffffff814fd053 ffff8800b4cbb140 [ 38.370667] Call Trace: [ 38.373224] [] dump_stack+0xc1/0x124 [ 38.378560] [] print_address_description+0x73/0x260 [ 38.385194] [] kasan_report+0x285/0x370 [ 38.390788] [] ? sg_remove_request+0xf9/0x110 [ 38.396903] [] __asan_report_load8_noabort+0x14/0x20 [ 38.403625] [] sg_remove_request+0xf9/0x110 [ 38.409567] [] sg_finish_rem_req+0x295/0x340 [ 38.415594] [] sg_read+0xa1b/0x1490 [ 38.420842] [] ? __check_object_size+0x154/0x35b [ 38.427217] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 38.433856] [] ? fsnotify+0xee0/0xee0 [ 38.439278] [] ? avc_policy_seqno+0x9/0x20 [ 38.445134] [] do_loop_readv_writev+0x141/0x1e0 [ 38.451422] [] ? security_file_permission+0x89/0x1e0 [ 38.458145] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 38.464781] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 38.471415] [] do_readv_writev+0x5dd/0x6e0 [ 38.477268] [] ? vfs_write+0x530/0x530 [ 38.482777] [] ? _raw_spin_unlock+0x2c/0x50 [ 38.488718] [] ? do_huge_pmd_anonymous_page+0x3dd/0xa10 [ 38.495705] [] ? handle_mm_fault+0x3f2/0x3190 [ 38.501819] [] ? sg_fasync+0x8d/0xb0 [ 38.507150] [] vfs_readv+0x78/0xb0 [ 38.512306] [] SyS_readv+0xd9/0x240 [ 38.517552] [] ? rw_copy_check_uvector+0x2b0/0x2b0 [ 38.524102] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 38.530660] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 38.537994] [ 38.539595] Allocated by task 0: [ 38.542924] (stack is not available) [ 38.546604] [ 38.548198] Freed by task 0: [ 38.551181] (stack is not available) [ 38.554859] [ 38.556456] The buggy address belongs to the object at ffff8800b4cbb100 [ 38.556456] which belongs to the cache fasync_cache of size 96 [ 38.569078] The buggy address is located 64 bytes inside of [ 38.569078] 96-byte region [ffff8800b4cbb100, ffff8800b4cbb160) [ 38.580747] The buggy address belongs to the page: [ 40.043122] PANIC: double fault, error_code: 0x0 [ 40.047918] CPU: 0 PID: 3332 Comm: syzkaller953681 Not tainted 4.4.113-ge70c132 #34 [ 40.055694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.065023] task: ffff8800b5692f80 task.stack: ffff8801cd290000 [ 40.071061] RIP: 0010:[] [] dump_page_badflags+0x8/0x250 [ 40.079829] RSP: 0018:ffff880100000000 EFLAGS: 00010046 [ 40.085249] RAX: ffff8800b5692f80 RBX: ffffea0002d32ec0 RCX: ffffffff8148f8d0 [ 40.092503] RDX: 0000000000000000 RSI: ffffffff838a8de0 RDI: ffffea0002d32ec0 [ 40.099742] RBP: ffff880100000010 R08: 0000000000000001 R09: 0000000000000000 [ 40.106983] R10: 0000000000000002 R11: fffffbfff0ad7e26 R12: 0000000000000000 [ 40.114225] R13: ffffffff838a8de0 R14: 0000000000000000 R15: 0000000000000000 [ 40.121470] FS: 0000000000de3880(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 40.129668] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.135521] CR2: ffff8800fffffff8 CR3: 00000001d5374000 CR4: 0000000000160670 [ 40.142766] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.150008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.157250] Stack: [ 40.159369] [ 40.160967] Call Trace: [ 40.163541] [ 40.165571] Code: 00 e9 83 fd ff ff e8 78 df 06 00 e9 50 fd ff ff e8 6e df 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 b1 04 [ 40.192576] Kernel panic - not syncing: Machine halted. [ 40.197915] CPU: 0 PID: 3332 Comm: syzkaller953681 Not tainted 4.4.113-ge70c132 #34 [ 40.205679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.215003] 0000000000000000 05b59cd789f70565 ffff8801db20ce38 ffffffff81d0278d [ 40.222975] ffffffff83837200 ffff8801db20cf10 ffffffff83808040 ffff880100000000 [ 40.230949] 0000000000000000 ffff8801db20cf00 ffffffff81419b6a 0000000041b58ab3 [ 40.239009] Call Trace: [ 40.241565] <#DF> [] dump_stack+0xc1/0x124 [ 40.247652] [] panic+0x1aa/0x388 [ 40.252643] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 40.259543] [] ? vprintk_emit+0x242/0x850 [ 40.265314] [] ? dump_page_badflags+0x1d/0x250 [ 40.271521] [] ? vprintk_emit+0x242/0x850 [ 40.277289] [] df_debug+0x2d/0x30 [ 40.282366] [] do_double_fault+0x10b/0x210 [ 40.288223] [] double_fault+0x2d/0x40 [ 40.293645] [] ? dump_page_badflags+0x180/0x250 [ 40.299931] [] ? dump_page_badflags+0x8/0x250 [ 40.306044] <> [ 40.309468] Dumping ftrace buffer: [ 40.313317] (ftrace buffer empty) [ 40.316999] Kernel Offset: disabled [ 40.320609] Rebooting in 86400 seconds..