[ 16.858404] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.894625] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 22.362690] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 23.177668] random: sshd: uninitialized urandom read (32 bytes read, 97 bits of entropy available) [ 32.715834] random: sshd: uninitialized urandom read (32 bytes read, 108 bits of entropy available) Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. [ 38.117557] random: sshd: uninitialized urandom read (32 bytes read, 114 bits of entropy available) executing program [ 38.213489] ================================================================== [ 38.220988] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 [ 38.227974] Read of size 8 at addr ffff8801ccdeb140 by task syzkaller230113/3334 [ 38.235471] [ 38.237068] CPU: 1 PID: 3334 Comm: syzkaller230113 Not tainted 4.4.111-g3301b55 #17 [ 38.244827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.254149] 0000000000000000 7d71c916291935bb ffff8801d0ac7a40 ffffffff81d0509d [ 38.262104] ffffea0007337ac0 ffff8801ccdeb140 0000000000000000 ffff8801ccdeb140 [ 38.270051] ffff8801d0aa8238 ffff8801d0ac7a78 ffffffff814fd433 ffff8801ccdeb140 [ 38.278022] Call Trace: [ 38.280585] [] dump_stack+0xc1/0x124 [ 38.285915] [] print_address_description+0x73/0x260 [ 38.292556] [] kasan_report+0x285/0x370 [ 38.298328] [] ? sg_remove_request+0xf9/0x110 [ 38.304451] [] __asan_report_load8_noabort+0x14/0x20 [ 38.311170] [] sg_remove_request+0xf9/0x110 [ 38.317110] [] sg_finish_rem_req+0x295/0x340 [ 38.323136] [] sg_read+0xa21/0x1490 [ 38.328381] [] ? sg_fasync+0x8d/0xb0 [ 38.333716] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 38.340350] [] ? debug_check_no_obj_freed+0x166/0x9b0 [ 38.347156] [] ? sg_proc_seq_show_debug+0xd30/0xd30 [ 38.353800] [] __vfs_read+0x103/0x440 [ 38.359221] [] ? vfs_iter_write+0x2d0/0x2d0 [ 38.365158] [] ? fsnotify+0x5ad/0xee0 [ 38.370581] [] ? fsnotify+0xee0/0xee0 [ 38.376007] [] ? compat_SyS_ioctl+0x117/0x2540 [ 38.382212] [] ? avc_policy_seqno+0x9/0x20 [ 38.388076] [] ? selinux_file_permission+0x348/0x460 [ 38.394800] [] ? security_file_permission+0x89/0x1e0 [ 38.401522] [] ? rw_verify_area+0x100/0x2f0 [ 38.407469] [] vfs_read+0x123/0x3a0 [ 38.412714] [] SyS_read+0xd9/0x1b0 [ 38.417869] [] ? do_sendfile+0xd30/0xd30 [ 38.423549] [] ? do_fast_syscall_32+0xd7/0x890 [ 38.429745] [] ? do_sendfile+0xd30/0xd30 [ 38.435420] [] do_fast_syscall_32+0x314/0x890 [ 38.441540] [] sysenter_flags_fixed+0xd/0x17 [ 38.447569] [ 38.449166] Allocated by task 0: [ 38.452500] (stack is not available) [ 38.456176] [ 38.457769] Freed by task 0: [ 38.460752] (stack is not available) [ 38.464435] [ 38.466029] The buggy address belongs to the object at ffff8801ccdeb100 [ 38.466029] which belongs to the cache fasync_cache of size 96 [ 38.478658] The buggy address is located 64 bytes inside of [ 38.478658] 96-byte region [ffff8801ccdeb100, ffff8801ccdeb160) [ 38.490324] The buggy address belongs to the page: [ 40.037486] ------------[ cut here ]------------ [ 40.042264] WARNING: CPU: 1 PID: -794518304 at kernel/locking/lockdep.c:3123 __lock_acquire+0x1625/0x4b50() [ 40.052111] DEBUG_LOCKS_WARN_ON(depth >= MAX_LOCK_DEPTH) [ 40.057361] Kernel panic - not syncing: panic_on_warn set ... [ 40.057361] [ 40.064978] CPU: 1 PID: -794518304 Comm: ƒŠƒÿÿÿÿ Not tainted 4.4.111-g3301b55 #17 [ 40.072650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.081975] 0000000000000000 7d71c916291935bb ffff8801db30c940 ffffffff81d0509d [ 40.089944] ffffffff83842f60 ffff8801db30ca18 ffffffff83854d40 0000000000000009 [ 40.097905] 0000000000000c33 ffff8801db30ca08 ffffffff81419a3a 0000000041b58ab3 [ 40.105872] Call Trace: [ 40.108422] <#DF> [] dump_stack+0xc1/0x124 [ 40.114482] [] panic+0x1aa/0x388 [ 40.119472] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 40.126374] [] ? warn_slowpath_common+0x10a/0x140 [ 40.132843] [] warn_slowpath_common+0x125/0x140 [ 40.139129] [] ? __lock_acquire+0x1625/0x4b50 [ 40.145239] [] warn_slowpath_fmt+0xc1/0x110 [ 40.151176] [] ? warn_slowpath_common+0x140/0x140 [ 40.157636] [] __lock_acquire+0x1625/0x4b50 [ 40.163572] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 40.170550] [] lock_acquire+0x15e/0x460 [ 40.176141] [] ? vprintk_emit+0xa5/0x850 [ 40.181830] [] _raw_spin_lock+0x36/0x50 [ 40.187423] [] ? vprintk_emit+0xa5/0x850 [ 40.193100] [] vprintk_emit+0xa5/0x850 [ 40.198605] [] ? kprobe_exceptions_notify+0x80/0x160 [ 40.205332] [] ? kasan_die_handler+0x18/0x40 [ 40.211364] [] vprintk+0x28/0x30 [ 40.216346] [] vprintk_default+0x1d/0x30 [ 40.222025] [] printk+0xb7/0xe2 [ 40.226927] [] ? pm_qos_get_value.part.4+0xb/0xb [ 40.233300] [] df_debug+0x14/0x30 [ 40.238371] [] do_double_fault+0x10b/0x210 [ 40.244221] [] double_fault+0x2d/0x40 [ 40.249908] [] ? dump_page_badflags+0x180/0x250 [ 40.256190] [] ? dump_page_badflags+0x12/0x250 [ 40.262386] <> [ 40.265715] Dumping ftrace buffer: [ 40.269509] (ftrace buffer empty) [ 40.273186] Kernel Offset: disabled [ 40.276780] Rebooting in 86400 seconds..