[   15.349720] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.017513] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   21.606133] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   22.509615] random: sshd: uninitialized urandom read (32 bytes read, 99 bits of entropy available)
[   34.230512] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available)
Warning: Permanently added '10.128.15.212' (ECDSA) to the list of known hosts.
[   39.609283] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available)
executing program
[   39.713388] ==================================================================
[   39.720802] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   39.727789] Read of size 8 at addr ffff8801d29d0140 by task syzkaller754598/3322
[   39.735291] 
[   39.736891] CPU: 1 PID: 3322 Comm: syzkaller754598 Not tainted 4.4.113-gef588ef #33
[   39.744653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.753978]  0000000000000000 be93389757466384 ffff8801d013fab0 ffffffff81d0278d
[   39.761956]  ffffea00074a7400 ffff8801d29d0140 0000000000000000 ffff8801d29d0140
[   39.769927]  ffff8801d0afa338 ffff8801d013fae8 ffffffff814fd053 ffff8801d29d0140
[   39.777898] Call Trace:
[   39.780463]  [<ffffffff81d0278d>] dump_stack+0xc1/0x124
[   39.785800]  [<ffffffff814fd053>] print_address_description+0x73/0x260
[   39.792434]  [<ffffffff814fd565>] kasan_report+0x285/0x370
[   39.798033]  [<ffffffff825b6d79>] ? sg_remove_request+0xf9/0x110
[   39.804147]  [<ffffffff814fd6c4>] __asan_report_load8_noabort+0x14/0x20
[   39.810871]  [<ffffffff825b6d79>] sg_remove_request+0xf9/0x110
[   39.816827]  [<ffffffff825b72f5>] sg_finish_rem_req+0x295/0x340
[   39.822855]  [<ffffffff825b919b>] sg_read+0xa1b/0x1490
[   39.828103]  [<ffffffff825b8780>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   39.834743]  [<ffffffff814f60ef>] ? new_slab+0x2df/0x3b0
[   39.840163]  [<ffffffff825b8780>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   39.846800]  [<ffffffff8151bc93>] __vfs_read+0x103/0x440
[   39.852231]  [<ffffffff812363c0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   39.859216]  [<ffffffff8151bb90>] ? vfs_iter_write+0x2d0/0x2d0
[   39.865158]  [<ffffffff815e829d>] ? fsnotify+0x5ad/0xee0
[   39.870575]  [<ffffffff815e8bd0>] ? fsnotify+0xee0/0xee0
[   39.875995]  [<ffffffff8123070b>] ? lockdep_init_map+0xeb/0x1690
[   39.882114]  [<ffffffff81b4b9c9>] ? avc_policy_seqno+0x9/0x20
[   39.887971]  [<ffffffff81b5d098>] ? selinux_file_permission+0x348/0x460
[   39.894694]  [<ffffffff81b428c9>] ? security_file_permission+0x89/0x1e0
[   39.901415]  [<ffffffff8151d820>] ? rw_verify_area+0x100/0x2f0
[   39.907357]  [<ffffffff8151db33>] vfs_read+0x123/0x3a0
[   39.912605]  [<ffffffff81520479>] SyS_read+0xd9/0x1b0
[   39.917765]  [<ffffffff815203a0>] ? do_sendfile+0xd30/0xd30
[   39.923449]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   39.929913]  [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   39.936461] 
[   39.938060] Allocated by task 0:
[   39.941392] (stack is not available)
[   39.945071] 
[   39.946666] Freed by task 0:
[   39.949649] (stack is not available)
[   39.953326] 
[   39.954929] The buggy address belongs to the object at ffff8801d29d0100
[   39.954929]  which belongs to the cache fasync_cache of size 96
[   39.967560] The buggy address is located 64 bytes inside of
[   39.967560]  96-byte region [ffff8801d29d0100, ffff8801d29d0160)
[   39.979229] The buggy address belongs to the page:
[   40.619501] kasan: CONFIG_KASAN_INLINE enabled
[   40.623959] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   40.636808] Dumping ftrace buffer:
[   40.640315]    (ftrace buffer empty)
[   40.643994] Modules linked in:
[   40.647273] CPU: 0 PID: 1 Comm: init Not tainted 4.4.113-gef588ef #33
[   40.653816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.663139] task: ffff8801da308000 task.stack: ffff8801da310000
[   40.669163] RIP: 0010:[<ffffffff81b5cc34>]  [<ffffffff81b5cc34>] selinux_inode_getattr+0x1e4/0x300
[   40.678351] RSP: 0018:ffff8801da317c98  EFLAGS: 00010202
[   40.683767] RAX: dffffc0000000000 RBX: 1ffff1003b462f94 RCX: ffffffff81b5cba4
[   40.691005] RDX: 0000000000000004 RSI: ffff8801da317e70 RDI: 0000000000000020
[   40.698246] RBP: ffff8801da317d40 R08: ffff8801da317940 R09: 0000000000000000
[   40.705485] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   40.712723] R13: ffff8801cf62cec8 R14: 0000000000000001 R15: 0000000000000000
[   40.719961] FS:  00007f06ecbad7a0(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   40.728153] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.734013] CR2: 0000000000cc73e0 CR3: 00000001d4112000 CR4: 0000000000160670
[   40.741258] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   40.748497] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   40.755735] Stack:
[   40.757850]  ffff8801d0ac801c 0000000041b58ab3 ffffffff83fc9254 ffffffff81b5ca50
[   40.765814]  ffff8801da317d10 ffffffff81daaf01 ffff8801d472a820 ffff8800b6512840
[   40.773776]  ffff8801d0ac801c 0000008000000000 ffff8801d0ac8000 0000000000000000
[   40.781756] Call Trace:
[   40.784311]  [<ffffffff81b5ca50>] ? selinux_file_open+0x550/0x550
[   40.790511]  [<ffffffff81daaf01>] ? strncpy_from_user+0x1e1/0x2c0
[   40.796725]  [<ffffffff81b41dfc>] security_inode_getattr+0xec/0x140
[   40.803099]  [<ffffffff8152a49c>] vfs_getattr+0x1c/0x50
[   40.808428]  [<ffffffff8152a621>] vfs_fstatat+0xe1/0x170
[   40.813856]  [<ffffffff8152a540>] ? vfs_fstat+0x70/0x70
[   40.819189]  [<ffffffff8152b7e6>] SYSC_newstat+0x86/0x100
[   40.824695]  [<ffffffff8152b760>] ? cp_new_stat+0x5c0/0x5c0
[   40.830377]  [<ffffffff810dc6f0>] ? __do_page_fault+0x380/0xa00
[   40.836405]  [<ffffffff83772718>] ? retint_user+0x18/0x3c
[   40.841912]  [<ffffffff81235b8b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   40.848719]  [<ffffffff81003017>] ? trace_hardirqs_on_thunk+0x17/0x19
[   40.855266]  [<ffffffff8152bc0d>] SyS_newstat+0x1d/0x30
[   40.860596]  [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   40.867139] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 1f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 65 38 49 8d 7c 24 20 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 01 0f 8e bb 00 00 00 49 8d 7c 24 1c 
[   40.893707] RIP  [<ffffffff81b5cc34>] selinux_inode_getattr+0x1e4/0x300
[   40.900549]  RSP <ffff8801da317c98>
[   40.904588] BUG: unable to handle kernel paging request at fffffffe051ab780
[   40.911894] IP: [<ffffffff8122a525>] cpuacct_charge+0x155/0x390
[   40.918043] PGD 420f067 PUD 0 
[   40.921436] Oops: 0000 [#2] PREEMPT SMP KASAN
[   40.926366] Dumping ftrace buffer:
[   40.929871]    (ftrace buffer empty)
[   40.933549] Modules linked in:
[   40.936838] CPU: 0 PID: 3160 Comm: rsyslogd Tainted: G      D         4.4.113-gef588ef #33
[   40.945204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.954524] task: ffff8800b6ec2f80 task.stack: ffff8800b6a40000
[   40.960546] RIP: 0010:[<ffffffff8122a525>]  [<ffffffff8122a525>] cpuacct_charge+0x155/0x390
[   40.969120] RSP: 0000:ffff8800b6a47730  EFLAGS: 00010046
[   40.974538] RAX: 1ffffffff0854fff RBX: 0000000000018528 RCX: ffffffff847eb500
[   40.981774] RDX: fffffbffc0a356f0 RSI: fffffffe051ab780 RDI: ffffffff842a7ff8
[   40.989011] RBP: ffff8800b6a47778 R08: 0000000000000000 R09: 0000000000000001
[   40.996251] R10: ffffffff83844340 R11: 1ffff10016d48eb2 R12: ffffffff842a7f20
[   41.003501] R13: dffffc0000000000 R14: 00000000473dc8bb R15: ffffffffd0138050
[   41.010740] FS:  00007f73d127c700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   41.018933] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.024793] CR2: fffffffe051ab780 CR3: 00000000b7168000 CR4: 0000000000160670
[   41.032048] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   41.039298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   41.046534] Stack:
[   41.048658]  ffffffff8122a430 0000000000000046 ffff8800b6a47780 ffffffff81d6253b
[   41.056622]  ffff8801d1f947a0 ffffffff83844340 00000000473dc8bb ffff8801d1f947f0
[   41.064599]  ffff8801d1f94740 ffff8800b6a477c8 ffffffff811dbea7 ffff8801db31f4c0
[   41.072559] Call Trace:
[   41.075117]  [<ffffffff8122a430>] ? cpuacct_charge+0x60/0x390
[   41.080972]  [<ffffffff81d6253b>] ? check_preemption_disabled+0x3b/0x200
[   41.087782]  [<ffffffff811dbea7>] update_curr+0x2c7/0x6c0
[   41.093287]  [<ffffffff811e4033>] enqueue_task_fair+0x313/0x2940
[   41.099399]  [<ffffffff811d42ef>] ? sched_clock_cpu+0x15f/0x1e0
[   41.105425]  [<ffffffff811bb7f8>] activate_task+0x148/0x270
[   41.111114]  [<ffffffff811bc79f>] ttwu_do_activate.constprop.131+0xbf/0x1e0
[   41.118181]  [<ffffffff811bfb8d>] try_to_wake_up+0x68d/0xf60
[   41.123945]  [<ffffffff811c2710>] wake_up_state+0x10/0x20
[   41.129451]  [<ffffffff81153c14>] signal_wake_up_state+0x44/0x70
[   41.135577]  [<ffffffff816407c9>] zap_process+0x1c9/0x290
[   41.141084]  [<ffffffff81641db4>] do_coredump+0x664/0x2980
[   41.146676]  [<ffffffff81641750>] ? dump_align+0x80/0x80
[   41.152097]  [<ffffffff812363c0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   41.159078]  [<ffffffff81d6253b>] ? check_preemption_disabled+0x3b/0x200
[   41.165883]  [<ffffffff8122de6d>] ? trace_hardirqs_off+0xd/0x10
[   41.171910]  [<ffffffff814fdb64>] ? quarantine_put+0xe4/0x180
[   41.177762]  [<ffffffff811500e1>] ? __sigqueue_free.part.14+0x51/0x60
[   41.184309]  [<ffffffff814fc9f8>] ? kasan_slab_free+0x88/0xc0
[   41.190164]  [<ffffffff814f91f7>] ? kmem_cache_free+0x197/0x320
[   41.196190]  [<ffffffff81150cc9>] ? recalc_sigpending_tsk+0x139/0x180
[   41.202736]  [<ffffffff8115c8d8>] ? get_signal+0x558/0x1550
[   41.208413]  [<ffffffff8115c942>] get_signal+0x5c2/0x1550
[   41.213921]  [<ffffffff81514554>] ? __check_object_size+0x154/0x35b
[   41.220296]  [<ffffffff8100e7fb>] do_signal+0x8b/0x1d40
[   41.225631]  [<ffffffff810da330>] ? is_prefetch.isra.17+0x380/0x380
[   41.232004]  [<ffffffff8100e770>] ? setup_sigcontext+0x780/0x780
[   41.238123]  [<ffffffff8376c0f9>] ? mutex_unlock+0x9/0x10
[   41.243631]  [<ffffffff8376bf48>] ? __mutex_unlock_slowpath+0x208/0x3b0
[   41.250352]  [<ffffffff810dbd70>] ? __bad_area_nosemaphore+0x220/0x420
[   41.256985]  [<ffffffff810dbf9a>] ? bad_area_nosemaphore+0x2a/0x40
[   41.263272]  [<ffffffff810035fa>] exit_to_usermode_loop+0x11a/0x160
[   41.269645]  [<ffffffff81006363>] prepare_exit_to_usermode+0xe3/0x100
[   41.276191]  [<ffffffff83772708>] retint_user+0x8/0x3c
[   41.281436] Code: 49 8d bc 24 d8 00 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 9e 01 00 00 49 8b 9c 24 d8 00 00 00 80 3a 00 0f 85 0a 02 00 00 <4a> 03 1c f9 48 89 d8 48 c1 e8 03 42 80 3c 28 00 0f 85 cf 01 00 
[   41.307996] RIP  [<ffffffff8122a525>] cpuacct_charge+0x155/0x390
[   41.314231]  RSP <ffff8800b6a47730>
[   41.317824] CR2: fffffffe051ab780
[   41.321246] ---[ end trace ea05e9124befa970 ]---
[   41.325967] Kernel panic - not syncing: Fatal exception
[   41.420799] PANIC: double fault, error_code: 0x0
[   41.425580] CPU: 1 PID: 3322 Comm: syzkaller754598 Tainted: G      D         4.4.113-gef588ef #33
[   41.434564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.443891] task: ffff8801d1f94740 task.stack: ffff8801d0138000
[   41.449917] RIP: 0010:[<ffffffff8148f758>]  [<ffffffff8148f758>] dump_page_badflags+0x8/0x250
[   41.458674] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   41.464102] RAX: ffff8801d1f94740 RBX: ffffea00074a7400 RCX: ffffffff8148f8d0
[   41.471341] RDX: 0000000000000000 RSI: ffffffff838a8de0 RDI: ffffea00074a7400
[   41.478592] RBP: ffff880100000010 R08: 0000000000000001 R09: 0000000000000000
[   41.485830] R10: 0000000000000002 R11: fffffbfff0ad7e26 R12: 0000000000000000
[   41.493070] R13: ffffffff838a8de0 R14: 0000000000000000 R15: 0000000000000000
[   41.500324] FS:  00000000020c5880(0063) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   41.508517] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.514367] CR2: ffff8800fffffff8 CR3: 00000001d2cb4000 CR4: 0000000000160670
[   41.521610] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   41.528847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   41.536085] Stack:
[   41.538201] 
[   41.539795] Call Trace:
[   41.542345]  <UNK> 
[   41.544372] Code: 00 e9 83 fd ff ff e8 78 df 06 00 e9 50 fd ff ff e8 6e df 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 b1 04 
[   42.415757] Shutting down cpus with NMI
[   42.420174] Dumping ftrace buffer:
[   42.423684]    (ftrace buffer empty)
[   42.427361] Kernel Offset: disabled
[   42.430953] Rebooting in 86400 seconds..