random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) ================================================================== BUG: KASAN: slab-out-of-bounds in list_empty include/linux/list.h:189 [inline] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 drivers/scsi/sg.c:2130 Read of size 8 at addr ffff8801d3335140 by task syzkaller623262/3310 CPU: 1 PID: 3310 Comm: syzkaller623262 Not tainted 4.4.112-gca0ebb4 #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 41fc311189bfccda ffff8801d0a97ab0 ffffffff81d056fd ffffea00074ccd40 ffff8801d3335140 0000000000000000 ffff8801d3335140 ffff8801d187a338 ffff8801d0a97ae8 ffffffff814fd953 ffff8801d3335140 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_address_description+0x73/0x260 mm/kasan/report.c:252 [] kasan_report_error mm/kasan/report.c:351 [inline] [] kasan_report+0x285/0x370 mm/kasan/report.c:408 [] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429 [] list_empty include/linux/list.h:189 [inline] [] sg_remove_request+0xf9/0x110 drivers/scsi/sg.c:2130 [] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1848 [] sg_read+0xa21/0x1490 drivers/scsi/sg.c:538 [] __vfs_read+0x103/0x440 fs/read_write.c:432 [] vfs_read+0x123/0x3a0 fs/read_write.c:454 [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd9/0x1b0 fs/read_write.c:562 [] entry_SYSCALL_64_fastpath+0x16/0x92 Allocated by task 0: (stack is not available) Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8801d3335100 which belongs to the cache fasync_cache of size 96 The buggy address is located 64 bytes inside of 96-byte region [ffff8801d3335100, ffff8801d3335160) The buggy address belongs to the page: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 3285 at kernel/locking/lockdep.c:3190 __lock_acquire+0x23b3/0x4b50 kernel/locking/lockdep.c:3190() DEBUG_LOCKS_WARN_ON(id >= MAX_LOCKDEP_KEYS) Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 3285 Comm: getty Not tainted 4.4.112-gca0ebb4 #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 d67ee22f3f75c18b ffff8800b50873f0 ffffffff81d056fd ffffffff83843200 ffff8800b50874c8 ffffffff83854fe0 0000000000000009 0000000000000c76 ffff8800b50874b8 ffffffff81419dca 0000000041b58ab3 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] panic+0x1aa/0x388 kernel/panic.c:112 [] warn_slowpath_common+0x125/0x140 kernel/panic.c:455 [] warn_slowpath_fmt+0xc1/0x110 kernel/panic.c:471 [] __lock_acquire+0x23b3/0x4b50 kernel/locking/lockdep.c:3190 [] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592 [] down_write+0x41/0xa0 kernel/locking/rwsem.c:49 [] i_mmap_lock_write include/linux/fs.h:502 [inline] [] unlink_file_vma+0x75/0xb0 mm/mmap.c:273 [] free_pgtables+0xef/0x330 mm/memory.c:541 [] exit_mmap+0x1e3/0x3a0 mm/mmap.c:2926 [] __mmput kernel/fork.c:715 [inline] [] mmput+0xf8/0x2d0 kernel/fork.c:735 [] exit_mm kernel/exit.c:440 [inline] [] do_exit+0x75b/0x2a20 kernel/exit.c:742 [] do_group_exit+0x108/0x320 kernel/exit.c:885 [] get_signal+0x565/0x1660 kernel/signal.c:2317 [] do_signal+0x8b/0x1d40 arch/x86/kernel/signal.c:712 [] exit_to_usermode_loop+0x122/0x170 arch/x86/entry/common.c:247 [] prepare_exit_to_usermode+0xe3/0x100 arch/x86/entry/common.c:282 [] retint_user+0x8/0x3c Shutting down cpus with NMI Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..