[ 15.629184] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.992996] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 20.252308] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.010503] random: sshd: uninitialized urandom read (32 bytes read, 85 bits of entropy available) [ 21.188473] random: sshd: uninitialized urandom read (32 bytes read, 90 bits of entropy available) Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. [ 26.579926] random: sshd: uninitialized urandom read (32 bytes read, 98 bits of entropy available) executing program executing program executing program [ 26.685184] ================================================================== [ 26.692562] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 [ 26.699554] Read of size 8 at addr ffff8801d39051c0 by task syzkaller222157/3318 [ 26.707054] [ 26.708658] CPU: 0 PID: 3318 Comm: syzkaller222157 Not tainted 4.4.112-g5f6325b #28 [ 26.716418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.725747] 0000000000000000 e7c1a420a8cf4664 ffff8801d1f17ab0 ffffffff81d0579d [ 26.733727] ffffea00074e4140 ffff8801d39051c0 0000000000000000 ffff8801d39051c0 [ 26.741693] ffff8801d1ea0238 ffff8801d1f17ae8 ffffffff814fd9f3 ffff8801d39051c0 [ 26.749662] Call Trace: [ 26.752226] [] dump_stack+0xc1/0x124 [ 26.757559] [] print_address_description+0x73/0x260 [ 26.764194] [] kasan_report+0x285/0x370 [ 26.769787] [] ? sg_remove_request+0xf9/0x110 [ 26.775903] [] __asan_report_load8_noabort+0x14/0x20 [ 26.782622] [] sg_remove_request+0xf9/0x110 [ 26.788562] [] sg_finish_rem_req+0x295/0x340 [ 26.794589] [] sg_read+0xa21/0x1490 [ 26.799835] [] ? do_futex+0x3e3/0x1670 [ 26.805340] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 26.811975] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.818958] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 26.825593] [] __vfs_read+0x103/0x440 [ 26.831014] [] ? vfs_iter_write+0x2d0/0x2d0 [ 26.836954] [] ? fsnotify+0x5ad/0xee0 [ 26.842372] [] ? fsnotify+0xee0/0xee0 [ 26.847791] [] ? avc_policy_seqno+0x9/0x20 [ 26.853649] [] ? selinux_file_permission+0x348/0x460 [ 26.860371] [] ? security_file_permission+0x89/0x1e0 [ 26.867099] [] ? rw_verify_area+0x100/0x2f0 [ 26.873040] [] vfs_read+0x123/0x3a0 [ 26.878288] [] SyS_read+0xd9/0x1b0 [ 26.883444] [] ? do_sendfile+0xd30/0xd30 [ 26.889128] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 26.895595] [] entry_SYSCALL_64_fastpath+0x16/0x92 [ 26.902141] [ 26.903738] Allocated by task 0: [ 26.907068] (stack is not available) [ 26.910748] [ 26.912347] Freed by task 0: [ 26.915330] (stack is not available) [ 26.919008] [ 26.920605] The buggy address belongs to the object at ffff8801d3905180 [ 26.920605] which belongs to the cache fasync_cache of size 96 [ 26.933233] The buggy address is located 64 bytes inside of [ 26.933233] 96-byte region [ffff8801d3905180, ffff8801d39051e0) [ 26.944902] The buggy address belongs to the page: [ 26.956972] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff812e284b [ 26.956972] [ 26.967998] CPU: 1 PID: 3319 Comm: Not tainted 4.4.112-g5f6325b #28 [ 26.974475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.983821] 0000000000000000 ab628381ce7e0e46 ffff8801d0037740 ffffffff81d0579d [ 26.991886] ffffffff83843020 ffff8801d0037818 0000000000000000 ffff8801d00379c0 [ 26.999934] 0000000000000001 ffff8801d0037808 ffffffff81419e6a 0000000041b58ab3 [ 27.007979] Call Trace: [ 27.010549] [ 28.149961] Shutting down cpus with NMI [ 28.154753] Dumping ftrace buffer: [ 28.158295] (ftrace buffer empty) [ 28.161992] Kernel Offset: disabled [ 28.165601] Rebooting in 86400 seconds..