[   16.490776] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.869033] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   21.187923] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   22.020899] random: sshd: uninitialized urandom read (32 bytes read, 96 bits of entropy available)
[   22.197513] random: sshd: uninitialized urandom read (32 bytes read, 101 bits of entropy available)
Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
[   27.584909] random: sshd: uninitialized urandom read (32 bytes read, 110 bits of entropy available)
executing program
executing program
[   27.687541] ==================================================================
[   27.694925] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   27.701909] Read of size 8 at addr ffff8801cccfd240 by task syzkaller083154/3313
[   27.709410] 
[   27.711013] CPU: 1 PID: 3313 Comm: syzkaller083154 Not tainted 4.4.111-g1849cd3 #26
[   27.718785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.728119]  0000000000000000 3efcaa7c11b01050 ffff8800b40afab0 ffffffff81d0509d
[   27.736105]  ffffea0007333f40 ffff8801cccfd240 0000000000000000 ffff8801cccfd240
[   27.744078]  ffff8801d0e1c438 ffff8800b40afae8 ffffffff814fd433 ffff8801cccfd240
[   27.752052] Call Trace:
[   27.754613]  [<ffffffff81d0509d>] dump_stack+0xc1/0x124
[   27.759949]  [<ffffffff814fd433>] print_address_description+0x73/0x260
[   27.766582]  [<ffffffff814fd945>] kasan_report+0x285/0x370
[   27.772186]  [<ffffffff825b9d09>] ? sg_remove_request+0xf9/0x110
[   27.778299]  [<ffffffff814fdaa4>] __asan_report_load8_noabort+0x14/0x20
[   27.785018]  [<ffffffff825b9d09>] sg_remove_request+0xf9/0x110
[   27.790963]  [<ffffffff825ba285>] sg_finish_rem_req+0x295/0x340
[   27.796989]  [<ffffffff825bc0c1>] sg_read+0xa21/0x1490
[   27.802233]  [<ffffffff812dfc23>] ? do_futex+0x3e3/0x1670
[   27.807739]  [<ffffffff825bb6a0>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   27.814375]  [<ffffffff81236430>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   27.821357]  [<ffffffff825bb6a0>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   27.827991]  [<ffffffff8151c383>] __vfs_read+0x103/0x440
[   27.833410]  [<ffffffff8151c280>] ? vfs_iter_write+0x2d0/0x2d0
[   27.839359]  [<ffffffff815e927d>] ? fsnotify+0x5ad/0xee0
[   27.844790]  [<ffffffff815e9bb0>] ? fsnotify+0xee0/0xee0
[   27.850212]  [<ffffffff81b4dfe9>] ? avc_policy_seqno+0x9/0x20
[   27.856067]  [<ffffffff81b5f6d8>] ? selinux_file_permission+0x348/0x460
[   27.862798]  [<ffffffff81b44ed9>] ? security_file_permission+0x89/0x1e0
[   27.869520]  [<ffffffff8151df10>] ? rw_verify_area+0x100/0x2f0
[   27.875459]  [<ffffffff8151e223>] vfs_read+0x123/0x3a0
[   27.880707]  [<ffffffff81520b69>] SyS_read+0xd9/0x1b0
[   27.885867]  [<ffffffff81520a90>] ? do_sendfile+0xd30/0xd30
[   27.891548]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   27.898009]  [<ffffffff83775899>] entry_SYSCALL_64_fastpath+0x16/0x92
[   27.904551] 
[   27.906151] Allocated by task 0:
[   27.909491] (stack is not available)
[   27.913171] 
[   27.914768] Freed by task 0:
[   27.917754] (stack is not available)
[   27.921442] 
[   27.923039] The buggy address belongs to the object at ffff8801cccfd200
[   27.923039]  which belongs to the cache fasync_cache of size 96
[   27.935667] The buggy address is located 64 bytes inside of
[   27.935667]  96-byte region [ffff8801cccfd200, ffff8801cccfd260)
[   27.947345] The buggy address belongs to the page:
[   27.969224] kasan: CONFIG_KASAN_INLINE enabled
[   27.973671] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   27.986616] Dumping ftrace buffer:
[   27.990146]    (ftrace buffer empty)
[   27.993852] Modules linked in:
[   27.997170] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.111-g1849cd3 #26
[   28.004171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.013525] task: ffffffff84217840 task.stack: ffffffff84200000
[   28.019582] RIP: 0010:[<ffffffff81d161cf>]  [<ffffffff81d161cf>] rb_insert_color+0x9f/0xcb0
[   28.028222] RSP: 0018:ffff8801db207d18  EFLAGS: 00010003
[   28.033666] RAX: 0a0508a8e82a0be9 RBX: ffffffff838a8360 RCX: ffffffff838a8360
[   28.040933] RDX: 1ffffffff071506d RSI: ffff8801db219710 RDI: ffff8801db219c40
[   28.048206] RBP: ffff8801db207d60 R08: ffffffff85807f08 R09: 0000000000000001
[   28.055473] R10: 0000000000000000 R11: 1ffff1003b640f62 R12: ffff8800b1ddf638
[   28.062746] R13: 5028454741505f4e R14: ffff8801db219c40 R15: dffffc0000000000
[   28.070021] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   28.078248] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.084132] CR2: 00000000201f1000 CR3: 00000001d0d20000 CR4: 0000000000160670
[   28.091407] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   28.098676] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   28.105943] Stack:
[   28.108091]  ffffffff842bcb20 ffffffff842180b0 0000000000000000 ffff8801db207d70
[   28.116167]  ffff8801db219c40 dffffc0000000000 0000000000000000 ffff8801db219710
[   28.124221]  ffff8800b1ddf640 ffff8801db207db0 ffffffff81d22967 ffff8801db219c58
[   28.132277] Call Trace:
[   28.134845]  <IRQ> 
[   28.136903]  [<ffffffff81d22967>] timerqueue_add+0x157/0x2a0
[   28.143003]  [<ffffffff812aad48>] enqueue_hrtimer+0x168/0x450
[   28.148891]  [<ffffffff812acdd2>] __hrtimer_run_queues+0x732/0xfe0
[   28.155216]  [<ffffffff812ac6a0>] ? hrtimer_fixup_init+0x70/0x70
[   28.161370]  [<ffffffff812aee01>] ? hrtimer_interrupt+0x131/0x440
[   28.167609]  [<ffffffff812aee76>] hrtimer_interrupt+0x1a6/0x440
[   28.173684]  [<ffffffff810b091a>] local_apic_timer_interrupt+0x6a/0xb0
[   28.180359]  [<ffffffff837784f6>] smp_apic_timer_interrupt+0x76/0xa0
[   28.186859]  [<ffffffff83777450>] apic_timer_interrupt+0xa0/0xb0
[   28.192996]  <EOI> 
[   28.195063]  [<ffffffff810d0526>] ? native_safe_halt+0x6/0x10
[   28.201259]  [<ffffffff81027e15>] default_idle+0x55/0x3c0
[   28.206802]  [<ffffffff8102938a>] arch_cpu_idle+0xa/0x10
[   28.212258]  [<ffffffff81220508>] default_idle_call+0x48/0x70
[   28.218146]  [<ffffffff81220c15>] cpu_startup_entry+0x605/0x820
[   28.224209]  [<ffffffff81220610>] ? call_cpuidle+0xe0/0xe0
[   28.229842]  [<ffffffff837628b9>] rest_init+0x189/0x190
[   28.235253]  [<ffffffff84820811>] start_kernel+0x6b9/0x6ee
[   28.240890]  [<ffffffff84820158>] ? thread_stack_cache_init+0xb/0xb
[   28.247304]  [<ffffffff8481f120>] ? early_idt_handler_array+0x120/0x120
[   28.254059]  [<ffffffff8481f120>] ? early_idt_handler_array+0x120/0x120
[   28.260816]  [<ffffffff8481f312>] x86_64_start_reservations+0x2a/0x2c
[   28.267404]  [<ffffffff8481f454>] x86_64_start_kernel+0x140/0x163
[   28.273639] Code: 48 89 c2 48 c1 ea 03 42 80 3c 3a 00 0f 85 94 09 00 00 4c 8b 6b 08 4d 39 e5 0f 84 b0 01 00 00 4d 85 ed 74 1d 4c 89 e8 48 c1 e8 03 <42> 80 3c 38 00 0f 85 95 09 00 00 41 f6 45 00 01 0f 84 20 03 00 
[   28.301328] RIP  [<ffffffff81d161cf>] rb_insert_color+0x9f/0xcb0
[   28.307602]  RSP <ffff8801db207d18>
[   28.311241] ---[ end trace d552a6442c2bd086 ]---
[   28.315990] Kernel panic - not syncing: Fatal exception in interrupt
[   29.428001] Shutting down cpus with NMI
[   29.432576] Dumping ftrace buffer:
[   29.436095]    (ftrace buffer empty)
[   29.439775] Kernel Offset: disabled
[   29.443379] Rebooting in 86400 seconds..