[   16.949123] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.785861] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   20.074426] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   21.036400] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available)
[   21.249599] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available)
Warning: Permanently added '10.128.15.235' (ECDSA) to the list of known hosts.
[   26.624860] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available)
executing program
[   26.726937] ==================================================================
[   26.734336] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   26.741334] Read of size 8 at addr ffff8801d129d140 by task syzkaller607658/3316
[   26.748848] 
[   26.750452] CPU: 1 PID: 3316 Comm: syzkaller607658 Not tainted 4.4.111-g1849cd3 #19
[   26.758215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.767545]  0000000000000000 08b5108fcdfc1d42 ffff8801d0cef970 ffffffff81d0509d
[   26.775529]  ffffea000744a740 ffff8801d129d140 0000000000000000 ffff8801d129d140
[   26.783519]  ffff8801d0454438 ffff8801d0cef9a8 ffffffff814fd433 ffff8801d129d140
[   26.791494] Call Trace:
[   26.794059]  [<ffffffff81d0509d>] dump_stack+0xc1/0x124
[   26.799401]  [<ffffffff814fd433>] print_address_description+0x73/0x260
[   26.806042]  [<ffffffff814fd945>] kasan_report+0x285/0x370
[   26.811657]  [<ffffffff825b9d09>] ? sg_remove_request+0xf9/0x110
[   26.817789]  [<ffffffff814fdaa4>] __asan_report_load8_noabort+0x14/0x20
[   26.824516]  [<ffffffff825b9d09>] sg_remove_request+0xf9/0x110
[   26.830458]  [<ffffffff825ba285>] sg_finish_rem_req+0x295/0x340
[   26.836490]  [<ffffffff825bc0c1>] sg_read+0xa21/0x1490
[   26.841746]  [<ffffffff810dcd87>] ? do_page_fault+0x27/0x30
[   26.847434]  [<ffffffff83776cc8>] ? page_fault+0x28/0x30
[   26.852861]  [<ffffffff825bb6a0>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   26.859499]  [<ffffffff815e9bb0>] ? fsnotify+0xee0/0xee0
[   26.864926]  [<ffffffff81b4dfe9>] ? avc_policy_seqno+0x9/0x20
[   26.870786]  [<ffffffff8151cc51>] do_loop_readv_writev+0x141/0x1e0
[   26.877082]  [<ffffffff81b44ed9>] ? security_file_permission+0x89/0x1e0
[   26.883820]  [<ffffffff825bb6a0>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   26.890462]  [<ffffffff825bb6a0>] ? sg_proc_seq_show_debug+0xd30/0xd30
[   26.897109]  [<ffffffff8151f7ef>] compat_do_readv_writev+0x5df/0x6e0
[   26.903575]  [<ffffffff8151f210>] ? vfs_writev+0xb0/0xb0
[   26.909011]  [<ffffffff83774d5c>] ? _raw_spin_unlock+0x2c/0x50
[   26.914958]  [<ffffffff8149f8e2>] ? handle_mm_fault+0x3f2/0x3190
[   26.921077]  [<ffffffff8154f55e>] ? putname+0xee/0x130
[   26.926332]  [<ffffffff81285103>] ? rcu_read_lock_sched_held+0x103/0x120
[   26.933149]  [<ffffffff814f96d4>] ? kmem_cache_free+0x2a4/0x320
[   26.939187]  [<ffffffff8151f9c9>] compat_readv+0xd9/0x140
[   26.944704]  [<ffffffff81521d58>] compat_SyS_readv+0xd8/0x1b0
[   26.950562]  [<ffffffff81521c80>] ? SyS_pwritev+0x230/0x230
[   26.956248]  [<ffffffff81006b47>] ? do_fast_syscall_32+0xd7/0x890
[   26.962452]  [<ffffffff81521c80>] ? SyS_pwritev+0x230/0x230
[   26.968138]  [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[   26.974264]  [<ffffffff8377722a>] sysenter_flags_fixed+0xd/0x17
[   26.980293] 
[   26.981909] Allocated by task 0:
[   26.985243] (stack is not available)
[   26.988923] 
[   26.990520] Freed by task 0:
[   26.993505] (stack is not available)
[   26.997194] 
[   26.998801] The buggy address belongs to the object at ffff8801d129d100
[   26.998801]  which belongs to the cache fasync_cache of size 96
[   27.011436] The buggy address is located 64 bytes inside of
[   27.011436]  96-byte region [ffff8801d129d100, ffff8801d129d160)
[   27.023111] The buggy address belongs to the page:
[   27.179913] kasan: CONFIG_KASAN_INLINE enabled
[   27.184377] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   27.197388] Dumping ftrace buffer:
[   27.200939]    (ftrace buffer empty)
[   27.204674] Modules linked in:
[   27.208036] CPU: 0 PID: 3294 Comm: getty Not tainted 4.4.111-g1849cd3 #19
[   27.214969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.224337] task: ffff8800b647af80 task.stack: ffff8800b66f0000
[   27.230403] RIP: 0010:[<ffffffff81d681f8>]  [<ffffffff81d681f8>] debug_check_no_obj_freed+0x1a8/0x9b0
[   27.239937] RSP: 0018:ffff8800b66f7b60  EFLAGS: 00010007
[   27.245394] RAX: 0000000000000292 RBX: ffff8801d2c47590 RCX: 0000000000000003
[   27.252678] RDX: 09ebe8eaa84be9aa RSI: ffff8800b66f7bf0 RDI: ffffffff838a8378
[   27.259959] RBP: ffff8800b66f7c58 R08: 1ffffffff071506f R09: ffffffff8512a880
[   27.267242] R10: dead000000000200 R11: 1ffff10016cdef32 R12: 0000292965676170
[   27.274525] R13: ffff8801d2c474d8 R14: 4f5f4755425f4d56 R15: dffffc0000000000
[   27.281904] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   27.290141] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.296037] CR2: 000055d4c0d59110 CR3: 000000000420c000 CR4: 0000000000160670
[   27.303329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.310611] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.317895] Stack:
[   27.320050]  0000000000000079 ffff8800b66f7bf0 0000000000000003 0000000000000292
[   27.328129]  1ffff10016cdef7a ffffffff857a3b00 ffff8801d2c48000 ffff8801d2c47590
[   27.336206]  dead000000000200 4f5f4755425f4d56 00000000000450c0 fffffbfff0af4760
[   27.344300] Call Trace:
[   27.346928]  [<ffffffff81d68050>] ? debug_object_active_state+0x420/0x420
[   27.353879]  [<ffffffff814f94cd>] ? kmem_cache_free+0x9d/0x320
[   27.359879]  [<ffffffff81c896d2>] ? put_io_context+0x112/0x150
[   27.365877]  [<ffffffff81c896d2>] ? put_io_context+0x112/0x150
[   27.371876]  [<ffffffff814f94ec>] kmem_cache_free+0xbc/0x320
[   27.377699]  [<ffffffff81c896d2>] put_io_context+0x112/0x150
[   27.383522]  [<ffffffff81c899a4>] put_io_context_active+0x294/0x370
[   27.389951]  [<ffffffff81c89ae6>] exit_io_context+0x66/0x80
[   27.395688]  [<ffffffff81133a00>] do_exit+0x13c0/0x2a20
[   27.401106]  [<ffffffff81d67732>] ? debug_object_free+0x202/0x3a0
[   27.407435]  [<ffffffff81132640>] ? release_task+0x1240/0x1240
[   27.413433]  [<ffffffff812ab0c0>] ? clock_was_set_work+0x30/0x30
[   27.419607]  [<ffffffff8377341c>] ? do_nanosleep+0x19c/0x4f0
[   27.425442]  [<ffffffff81139328>] do_group_exit+0x108/0x320
[   27.431174]  [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[   27.437699]  [<ffffffff8113955d>] SyS_exit_group+0x1d/0x20
[   27.443347]  [<ffffffff83775899>] entry_SYSCALL_64_fastpath+0x16/0x92
[   27.449960] Code: 48 c7 c6 40 ea 75 85 4c 8b 34 0e 4d 85 f6 0f 84 c5 03 00 00 49 ba 00 02 00 00 00 00 ad de 31 c9 48 8d 75 98 4c 89 f2 48 c1 ea 03 <42> 80 3c 3a 00 0f 85 f0 03 00 00 49 8d 7e 18 83 c1 01 49 8b 16 
[   27.477766] RIP  [<ffffffff81d681f8>] debug_check_no_obj_freed+0x1a8/0x9b0
[   27.484936]  RSP <ffff8800b66f7b60>
[   27.488570] ---[ end trace b6aeae0e1e6f5764 ]---
[   27.493332] Kernel panic - not syncing: Fatal exception
[   28.626360] Shutting down cpus with NMI
[   28.630865] Dumping ftrace buffer:
[   28.634396]    (ftrace buffer empty)
[   28.638077] Kernel Offset: disabled
[   28.641679] Rebooting in 86400 seconds..