[....] Starting OpenBSD Secure Shell server: sshd[   23.076904] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.978859] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   25.330901] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available)
[   26.395900] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available)
[   26.575697] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available)
[   26.676751] random: nonblocking pool is initialized
Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
executing program
[   32.044158] ==================================================================
[   32.051566] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110
[   32.058552] Read of size 8 at addr ffff8800b41d0140 by task syzkaller504686/4040
[   32.066053] 
[   32.068453] CPU: 0 PID: 4040 Comm: syzkaller504686 Not tainted 4.4.114-gfe09418 #3
[   32.076134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.085458]  0000000000000000 206a73368769ed68 ffff8801ca8779f0 ffffffff81d02e6d
[   32.093430]  ffffea0002d07400 ffff8800b41d0140 0000000000000000 ffff8800b41d0140
[   32.101608]  ffff8801d86ec438 ffff8801ca877a28 ffffffff814fd6f3 ffff8800b41d0140
[   32.109609] Call Trace:
[   32.112171]  [<ffffffff81d02e6d>] dump_stack+0xc1/0x124
[   32.117506]  [<ffffffff814fd6f3>] print_address_description+0x73/0x260
[   32.124138]  [<ffffffff814fdc05>] kasan_report+0x285/0x370
[   32.129734]  [<ffffffff825b75a9>] ? sg_remove_request+0xf9/0x110
[   32.135847]  [<ffffffff814fdd64>] __asan_report_load8_noabort+0x14/0x20
[   32.142567]  [<ffffffff825b75a9>] sg_remove_request+0xf9/0x110
[   32.148505]  [<ffffffff825b7b25>] sg_finish_rem_req+0x295/0x340
[   32.154531]  [<ffffffff825b99cb>] sg_read+0xa1b/0x1490
[   32.159785]  [<ffffffff81514bf4>] ? __check_object_size+0x154/0x35b
[   32.166161]  [<ffffffff825b8fb0>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   32.172795]  [<ffffffff815e92a0>] ? fsnotify+0xee0/0xee0
[   32.178233]  [<ffffffff81b4c0b9>] ? avc_policy_seqno+0x9/0x20
[   32.184097]  [<ffffffff8151cc01>] do_loop_readv_writev+0x141/0x1e0
[   32.190384]  [<ffffffff81b42fb9>] ? security_file_permission+0x89/0x1e0
[   32.197108]  [<ffffffff825b8fb0>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   32.203744]  [<ffffffff825b8fb0>] ? sg_proc_seq_show_debug+0xda0/0xda0
[   32.210377]  [<ffffffff8151ef5d>] do_readv_writev+0x5dd/0x6e0
[   32.216232]  [<ffffffff8151e980>] ? vfs_write+0x530/0x530
[   32.221740]  [<ffffffff837728dc>] ? _raw_spin_unlock+0x2c/0x50
[   32.227681]  [<ffffffff8150d5bd>] ? do_huge_pmd_anonymous_page+0x3dd/0xa10
[   32.234663]  [<ffffffff8149fdf2>] ? handle_mm_fault+0x3f2/0x3190
[   32.240785]  [<ffffffff81557927>] ? fasync_insert_entry+0x147/0x2e0
[   32.247157]  [<ffffffff8151f0d8>] vfs_readv+0x78/0xb0
[   32.252317]  [<ffffffff81521409>] SyS_readv+0xd9/0x240
[   32.257561]  [<ffffffff81521330>] ? rw_copy_check_uvector+0x2b0/0x2b0
[   32.264112]  [<ffffffff81003017>] ? trace_hardirqs_on_thunk+0x17/0x19
[   32.270660]  [<ffffffff8377341f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   32.277204] 
[   32.278804] Allocated by task 0:
[   32.282136] (stack is not available)
[   32.285814] 
[   32.287428] Freed by task 0:
[   32.290411] (stack is not available)
[   32.294089] 
[   32.295685] The buggy address belongs to the object at ffff8800b41d0100
[   32.295685]  which belongs to the cache fasync_cache of size 96
[   32.308318] The buggy address is located 64 bytes inside of
[   32.308318]  96-byte region [ffff8800b41d0100, ffff8800b41d0160)
[   32.319983] The buggy address belongs to the page:
[   33.256861] kasan: CONFIG_KASAN_INLINE enabled
[   33.261319] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   33.274291] Dumping ftrace buffer:
[   33.277824]    (ftrace buffer empty)
[   33.281533] Modules linked in:
[   33.284860] CPU: 1 PID: 4018 Comm: getty Not tainted 4.4.114-gfe09418 #3
[   33.291698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.301057] task: ffff8800ba48af80 task.stack: ffff8800baab0000
[   33.307116] RIP: 0010:[<ffffffff81d65f78>]  [<ffffffff81d65f78>] debug_check_no_obj_freed+0x1a8/0x9b0
[   33.316659] RSP: 0000:ffff8800baab7610  EFLAGS: 00010803
[   33.322122] RAX: 0000000000000296 RBX: ffff8800b25b7000 RCX: 0000000000000002
[   33.329404] RDX: 1d2000dbb71d0161 RSI: ffff8800baab76a0 RDI: ffffffff8148ff89
[   33.336770] RBP: ffff8800baab7708 R08: 1ffffffff0291ff1 R09: ffffffff8512d900
[   33.344043] R10: dead000000000200 R11: 1ffff10017556e88 R12: ed02fee8ffffff45
[   33.351317] R13: ffff8800b25b6000 R14: e90006ddb8e80b0f R15: dffffc0000000000
[   33.358595] FS:  0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   33.366825] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.372714] CR2: 00007f43221c0688 CR3: 000000000420c000 CR4: 0000000000160670
[   33.379999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.387301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.394571] Stack:
[   33.396718]  000000008122f661 0000000000000046 ffff8800ba48b7f8 ffff8800ba48af80
[   33.404772]  1ffff10017556ed0 ffffffff85820000 ffff8800b25b7000 ffff8800b25b7000
[   33.412842]  ffffffff847ebb38 ffffffff847cd020 00000000000be5c0 fffffbfff0b04000
[   33.420895] Call Trace:
[   33.423487]  [<ffffffff81d65dd0>] ? debug_object_active_state+0x420/0x420
[   33.430769]  [<ffffffff8142d849>] free_pages_prepare+0x4a9/0xb30
[   33.436930]  [<ffffffff81433852>] ? free_hot_cold_page+0x212/0x3a0
[   33.443269]  [<ffffffff81d62c1b>] ? check_preemption_disabled+0x3b/0x200
[   33.450126]  [<ffffffff81d62c1b>] ? check_preemption_disabled+0x3b/0x200
[   33.456982]  [<ffffffff8143367f>] free_hot_cold_page+0x3f/0x3a0
[   33.463061]  [<ffffffff81433a6f>] free_hot_cold_page_list+0x8f/0x3b0
[   33.469573]  [<ffffffff81449307>] release_pages+0x1f7/0x4f0
[   33.475299]  [<ffffffff81449110>] ? put_pages_list+0xb0/0xb0
[   33.481112]  [<ffffffff81d4745e>] ? find_next_bit+0x3e/0x50
[   33.486841]  [<ffffffff81d62c1b>] ? check_preemption_disabled+0x3b/0x200
[   33.493706]  [<ffffffff8144a7d4>] ? lru_add_drain_cpu+0x124/0x2a0
[   33.499954]  [<ffffffff814cfe42>] free_pages_and_swap_cache+0x102/0x140
[   33.506724]  [<ffffffff81494604>] tlb_flush_mmu_free+0xb4/0x160
[   33.512798]  [<ffffffff814972c3>] tlb_finish_mmu+0x23/0xa0
[   33.518437]  [<ffffffff814b3c14>] exit_mmap+0x1f4/0x3a0
[   33.523815]  [<ffffffff814b3a20>] ? SyS_remap_file_pages+0x960/0x960
[   33.530333]  [<ffffffff811a4d20>] ? __might_sleep+0x90/0x1a0
[   33.536141]  [<ffffffff81123548>] mmput+0xf8/0x2d0
[   33.541086]  [<ffffffff81132e64>] do_exit+0x714/0x2a10
[   33.546380]  [<ffffffff811500e1>] ? __sigqueue_free.part.14+0x51/0x60
[   33.552980]  [<ffffffff812855c3>] ? rcu_read_lock_sched_held+0x103/0x120
[   33.559835]  [<ffffffff81132750>] ? release_task+0x1240/0x1240
[   33.565829]  [<ffffffff81139418>] do_group_exit+0x108/0x320
[   33.571557]  [<ffffffff8115c872>] get_signal+0x4f2/0x1550
[   33.577107]  [<ffffffff8100e7fb>] do_signal+0x8b/0x1d40
[   33.582490]  [<ffffffff8100e770>] ? setup_sigcontext+0x780/0x780
[   33.588650]  [<ffffffff8122f661>] ? __lock_is_held+0xa1/0xf0
[   33.594464]  [<ffffffff810dbd70>] ? __bad_area_nosemaphore+0x220/0x420
[   33.601169]  [<ffffffff810dc083>] ? bad_area_access_error+0x53/0x80
[   33.607593]  [<ffffffff810035c4>] ? exit_to_usermode_loop+0xe4/0x160
[   33.614104]  [<ffffffff810035fa>] exit_to_usermode_loop+0x11a/0x160
[   33.620526]  [<ffffffff81006363>] prepare_exit_to_usermode+0xe3/0x100
[   33.627124]  [<ffffffff83773fc8>] retint_user+0x8/0x3c
[   33.632399] Code: 48 c7 c6 40 1a 76 85 4c 8b 34 0e 4d 85 f6 0f 84 c5 03 00 00 49 ba 00 02 00 00 00 00 ad de 31 c9 48 8d 75 98 4c 89 f2 48 c1 ea 03 <42> 80 3c 3a 00 0f 85 f0 03 00 00 49 8d 7e 18 83 c1 01 49 8b 16 
[   33.660122] RIP  [<ffffffff81d65f78>] debug_check_no_obj_freed+0x1a8/0x9b0
[   33.667299]  RSP <ffff8800baab7610>
[   33.670938] ---[ end trace 466ebb1c1caeef48 ]---
[   33.675703] Kernel panic - not syncing: Fatal exception
[   33.914913] PANIC: double fault, error_code: 0x0
[   33.919712] CPU: 0 PID: 4040 Comm: syzkaller504686 Tainted: G      D         4.4.114-gfe09418 #3
[   33.928610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.937939] task: ffff8801d9badf00 task.stack: ffff8801ca870000
[   33.943970] RIP: 0010:[<ffffffff8148fde8>]  [<ffffffff8148fde8>] dump_page_badflags+0x8/0x250
[   33.952743] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   33.958169] RAX: ffff8801d9badf00 RBX: ffffea0002d07400 RCX: ffffffff8148ff60
[   33.965419] RDX: 0000000000000000 RSI: ffffffff838a8e60 RDI: ffffea0002d07400
[   33.972668] RBP: ffff880100000010 R08: 0000000000000001 R09: 0000000000000000
[   33.979916] R10: 0000000000000002 R11: fffffbfff0ad7e2e R12: 0000000000000000
[   33.987166] R13: ffffffff838a8e60 R14: 0000000000000000 R15: 0000000000000000
[   33.994417] FS:  0000000000c7e880(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   34.002618] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.008480] CR2: ffff8800fffffff8 CR3: 00000000ab42e000 CR4: 0000000000160670
[   34.015730] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.023158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.030418] Stack:
[   34.032540] 
[   34.034143] Call Trace:
[   34.036706]  <UNK> 
[   34.038742] Code: 00 e9 83 fd ff ff e8 88 df 06 00 e9 50 fd ff ff e8 7e df 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 91 04 
[   34.797378] Shutting down cpus with NMI
[   34.801881] Dumping ftrace buffer:
[   34.805395]    (ftrace buffer empty)
[   34.809085] Kernel Offset: disabled
[   34.812686] Rebooting in 86400 seconds..