random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available)
==================================================================
BUG: KASAN: slab-out-of-bounds in list_empty include/linux/list.h:189 [inline]
BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 drivers/scsi/sg.c:2130
Read of size 8 at addr ffff8800b46ea140 by task syzkaller190273/3323

CPU: 1 PID: 3323 Comm: syzkaller190273 Not tainted 4.4.111-gf851888 #23
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 8e1f213f6372b590 ffff8800b418f9f0 ffffffff81d0507d
 ffffea0002d1ba80 ffff8800b46ea140 0000000000000000 ffff8800b46ea140
 ffff8801d035c438 ffff8800b418fa28 ffffffff814fd433 ffff8800b46ea140
Call Trace:
 [<ffffffff81d0507d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0507d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff814fd433>] print_address_description+0x73/0x260 mm/kasan/report.c:252
 [<ffffffff814fd945>] kasan_report_error mm/kasan/report.c:351 [inline]
 [<ffffffff814fd945>] kasan_report+0x285/0x370 mm/kasan/report.c:408
 [<ffffffff814fdaa4>] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429
 [<ffffffff825b9ce9>] list_empty include/linux/list.h:189 [inline]
 [<ffffffff825b9ce9>] sg_remove_request+0xf9/0x110 drivers/scsi/sg.c:2130
 [<ffffffff825ba265>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1848
 [<ffffffff825bc0a1>] sg_read+0xa21/0x1490 drivers/scsi/sg.c:538
 [<ffffffff8151cc51>] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680
 [<ffffffff8151efad>] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810
 [<ffffffff8151f128>] vfs_readv+0x78/0xb0 fs/read_write.c:834
 [<ffffffff81521479>] SYSC_readv fs/read_write.c:860 [inline]
 [<ffffffff81521479>] SyS_readv+0xd9/0x240 fs/read_write.c:852
 [<ffffffff83775859>] entry_SYSCALL_64_fastpath+0x16/0x92

Allocated by task 0:
(stack is not available)

Freed by task 0:
(stack is not available)

The buggy address belongs to the object at ffff8800b46ea100
 which belongs to the cache fasync_cache of size 96
The buggy address is located 64 bytes inside of
 96-byte region [ffff8800b46ea100, ffff8800b46ea160)
The buggy address belongs to the page:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 489 Comm: khugepaged Not tainted 4.4.111-gf851888 #23
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8800bb1cc740 task.stack: ffff8801d9398000
RIP: 0010:[<ffffffff81d681d8>]  [<ffffffff81d681d8>] __debug_check_no_obj_freed lib/debugobjects.c:689 [inline]
RIP: 0010:[<ffffffff81d681d8>]  [<ffffffff81d681d8>] debug_check_no_obj_freed+0x1a8/0x9b0 lib/debugobjects.c:726
RSP: 0018:ffff8801d939f8f8  EFLAGS: 00010803
RAX: 0000000000000282 RBX: ffff8800b1000000 RCX: 0000000000000003
RDX: 1d2000dc1b1d0161 RSI: ffff8801d939f988 RDI: ffffffff8148f9a9
RBP: ffff8801d939f9f0 R08: 1ffffffff0291f35 R09: ffffffff8512a880
R10: dead000000000200 R11: 1ffff1003b273ee6 R12: ed04cee8ffffff45
R13: ffff8800b0e00000 R14: e90006e0d8e80b0f R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bd8be1c100 CR3: 00000001d0026000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 0000000000000046 ffff8800bb1cc740 ffff8800bb1ccfb0 00000000000000ef
 1ffff1003b273f2d ffffffff85794ac0 ffff8800b1000000 ffff8800b1000000
 0000000000000046 ffffffff857eea48 0000000000036080 fffffbfff0af2958
Call Trace:
 [<ffffffff8142d0b9>] free_pages_prepare+0x4a9/0xb30 mm/page_alloc.c:1049
 [<ffffffff8143211c>] __free_pages_ok+0x1c/0xbd0 mm/page_alloc.c:1064
 [<ffffffff81432d2e>] free_compound_page+0x5e/0x70 mm/page_alloc.c:504
 [<ffffffff814460b1>] __put_compound_page+0xa1/0xf0 mm/swap.c:89
 [<ffffffff8144709b>] put_compound_page+0xdb/0xb80 mm/swap.c:249
 [<ffffffff81447b7d>] put_page+0x3d/0x110 mm/swap.c:275
 [<ffffffff81505fab>] khugepaged_do_scan mm/huge_memory.c:2934 [inline]
 [<ffffffff81505fab>] khugepaged+0x35b/0x2ac0 mm/huge_memory.c:2961
 [<ffffffff811908e8>] kthread+0x268/0x300 kernel/kthread.c:211
 [<ffffffff83775c5f>] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:494
Code: 48 c7 c6 40 ea 75 85 4c 8b 34 0e 4d 85 f6 0f 84 c5 03 00 00 49 ba 00 02 00 00 00 00 ad de 31 c9 48 8d 75 98 4c 89 f2 48 c1 ea 03 <42> 80 3c 3a 00 0f 85 f0 03 00 00 49 8d 7e 18 83 c1 01 49 8b 16 
RIP  [<ffffffff81d681d8>] __debug_check_no_obj_freed lib/debugobjects.c:689 [inline]
RIP  [<ffffffff81d681d8>] debug_check_no_obj_freed+0x1a8/0x9b0 lib/debugobjects.c:726
 RSP <ffff8801d939f8f8>
---[ end trace 5c798f059a3aee19 ]---