[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.990624] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.502280] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 24.795207] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 25.803484] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) [ 28.211388] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.58' (ECDSA) to the list of known hosts. executing program [ 33.702815] ================================================================== [ 33.710204] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 [ 33.717193] Read of size 8 at addr ffff8801d2a2e140 by task syzkaller396689/3773 [ 33.724696] [ 33.726298] CPU: 0 PID: 3773 Comm: syzkaller396689 Not tainted 4.4.118-g239a415 #25 [ 33.734063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.743390] 0000000000000000 49e8436b2483c3c6 ffff8801d915f9f0 ffffffff81d0402d [ 33.751384] ffffea00074a8b80 ffff8801d2a2e140 0000000000000000 ffff8801d2a2e140 [ 33.759384] ffff8801d9218238 ffff8801d915fa28 ffffffff814fe103 ffff8801d2a2e140 [ 33.767372] Call Trace: [ 33.769935] [] dump_stack+0xc1/0x124 [ 33.775276] [] print_address_description+0x73/0x260 [ 33.781912] [] kasan_report+0x285/0x370 [ 33.787509] [] ? sg_remove_request+0xf9/0x110 [ 33.793626] [] __asan_report_load8_noabort+0x14/0x20 [ 33.800351] [] sg_remove_request+0xf9/0x110 [ 33.806295] [] sg_finish_rem_req+0x295/0x340 [ 33.812325] [] sg_read+0xa1b/0x1490 [ 33.817573] [] ? __check_object_size+0x154/0x35b [ 33.823950] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 33.830587] [] ? fsnotify+0xee0/0xee0 [ 33.836011] [] ? avc_policy_seqno+0x9/0x20 [ 33.841868] [] do_loop_readv_writev+0x141/0x1e0 [ 33.848159] [] ? security_file_permission+0x89/0x1e0 [ 33.854886] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 33.861528] [] ? sg_proc_seq_show_debug+0xda0/0xda0 [ 33.868164] [] do_readv_writev+0x5dd/0x6e0 [ 33.874019] [] ? vfs_write+0x530/0x530 [ 33.879530] [] ? _raw_spin_unlock+0x2c/0x50 [ 33.885473] [] ? do_huge_pmd_anonymous_page+0x3dd/0xa10 [ 33.892461] [] ? handle_mm_fault+0x3f2/0x3190 [ 33.898582] [] ? fasync_insert_entry+0x147/0x2e0 [ 33.905056] [] vfs_readv+0x78/0xb0 [ 33.910216] [] SyS_readv+0xd9/0x240 [ 33.915463] [] ? rw_copy_check_uvector+0x2b0/0x2b0 [ 33.922015] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 33.928567] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 33.935116] [ 33.936721] Allocated by task 0: [ 33.940055] (stack is not available) [ 33.943735] [ 33.945337] Freed by task 0: [ 33.948323] (stack is not available) [ 33.952009] [ 33.953612] The buggy address belongs to the object at ffff8801d2a2e100 [ 33.953612] which belongs to the cache fasync_cache of size 96 [ 33.966238] The buggy address is located 64 bytes inside of [ 33.966238] 96-byte region [ffff8801d2a2e100, ffff8801d2a2e160) [ 33.977908] The buggy address belongs to the page: [ 33.994271] ------------[ cut here ]------------ [ 33.999077] WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:263 debug_print_object+0x17d/0x220() [ 34.007743] ODEBUG: deactivate not available (active state 0) object type: hrtimer hint: tick_sched_timer+0x0/0x120 [ 34.018434] Kernel panic - not syncing: panic_on_warn set ... [ 34.018434] [ 34.025791] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.118-g239a415 #25 [ 34.032787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.042128] 0000000000000000 76e7db57fbb46551 ffff8801db307ac8 ffffffff81d0402d [ 34.050188] ffffffff83843b40 ffff8801db307ba0 ffffffff839feaa0 0000000000000009 [ 34.058254] 0000000000000107 ffff8801db307b90 ffffffff8141aaea 0000000041b58ab3 [ 34.066308] Call Trace: [ 34.068888] [] dump_stack+0xc1/0x124 [ 34.075007] [] panic+0x1aa/0x388 [ 34.080026] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 34.086958] [] ? warn_slowpath_common+0x10a/0x140 [ 34.093446] [] warn_slowpath_common+0x125/0x140 [ 34.099757] [] ? debug_print_object+0x17d/0x220 [ 34.106066] [] warn_slowpath_fmt+0xc1/0x110 [ 34.112036] [] ? warn_slowpath_common+0x140/0x140 [ 34.118529] [] ? ktime_add_safe+0xa0/0xa0 [ 34.124324] [] debug_print_object+0x17d/0x220 [ 34.130471] [] ? tick_sched_do_timer+0xa0/0xa0 [ 34.136700] [] debug_object_deactivate+0x25d/0x3c0 [ 34.143288] [] ? debug_object_activate+0x500/0x500 [ 34.149861] [] ? __lock_is_held+0xa1/0xf0 [ 34.155663] [] __hrtimer_run_queues+0x492/0xfe0 [ 34.161989] [] ? hrtimer_fixup_init+0x70/0x70 [ 34.168134] [] ? hrtimer_interrupt+0x131/0x440 [ 34.174367] [] hrtimer_interrupt+0x1a6/0x440 [ 34.180417] [] local_apic_timer_interrupt+0x6a/0xb0 [ 34.187082] [] smp_apic_timer_interrupt+0x76/0xa0 [ 34.193568] [] apic_timer_interrupt+0xa0/0xb0 [ 34.199701] [] ? native_safe_halt+0x6/0x10 [ 34.206349] [] ? trace_hardirqs_on+0xd/0x10 [ 34.212326] [] default_idle+0x55/0x3c0 [ 34.217871] [] arch_cpu_idle+0xa/0x10 [ 34.223327] [] default_idle_call+0x48/0x70 [ 34.229214] [] cpu_startup_entry+0x5fd/0x8f0 [ 34.235271] [] ? call_cpuidle+0xe0/0xe0 [ 34.240906] [] ? clockevents_register_device+0x122/0x230 [ 34.248004] [] start_secondary+0x304/0x3e0 [ 34.253894] [] ? set_cpu_sibling_map+0x1080/0x1080 [ 35.373683] Shutting down cpus with NMI [ 35.378129] Dumping ftrace buffer: [ 35.381922] (ftrace buffer empty) [ 35.385620] Kernel Offset: disabled [ 35.389347] Rebooting in 86400 seconds..