random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) ================================================================== BUG: KASAN: slab-out-of-bounds in list_empty include/linux/list.h:189 [inline] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0xf9/0x110 drivers/scsi/sg.c:2120 Read of size 8 at addr ffff8801d29d0140 by task syzkaller754598/3322 CPU: 1 PID: 3322 Comm: syzkaller754598 Not tainted 4.4.113-gef588ef #33 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 be93389757466384 ffff8801d013fab0 ffffffff81d0278d ffffea00074a7400 ffff8801d29d0140 0000000000000000 ffff8801d29d0140 ffff8801d0afa338 ffff8801d013fae8 ffffffff814fd053 ffff8801d29d0140 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_address_description+0x73/0x260 mm/kasan/report.c:252 [] kasan_report_error mm/kasan/report.c:351 [inline] [] kasan_report+0x285/0x370 mm/kasan/report.c:408 [] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429 [] list_empty include/linux/list.h:189 [inline] [] sg_remove_request+0xf9/0x110 drivers/scsi/sg.c:2120 [] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1837 [] sg_read+0xa1b/0x1490 drivers/scsi/sg.c:537 [] __vfs_read+0x103/0x440 fs/read_write.c:432 [] vfs_read+0x123/0x3a0 fs/read_write.c:454 [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd9/0x1b0 fs/read_write.c:562 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Allocated by task 0: (stack is not available) Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8801d29d0100 which belongs to the cache fasync_cache of size 96 The buggy address is located 64 bytes inside of 96-byte region [ffff8801d29d0100, ffff8801d29d0160) The buggy address belongs to the page: kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 1 Comm: init Not tainted 4.4.113-gef588ef #33 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801da308000 task.stack: ffff8801da310000 RIP: 0010:[] [] inode_has_perm security/selinux/hooks.c:1630 [inline] RIP: 0010:[] [] path_has_perm security/selinux/hooks.c:1660 [inline] RIP: 0010:[] [] selinux_inode_getattr+0x1e4/0x300 security/selinux/hooks.c:2957 RSP: 0018:ffff8801da317c98 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 1ffff1003b462f94 RCX: ffffffff81b5cba4 RDX: 0000000000000004 RSI: ffff8801da317e70 RDI: 0000000000000020 RBP: ffff8801da317d40 R08: ffff8801da317940 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8801cf62cec8 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f06ecbad7a0(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000cc73e0 CR3: 00000001d4112000 CR4: 0000000000160670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801d0ac801c 0000000041b58ab3 ffffffff83fc9254 ffffffff81b5ca50 ffff8801da317d10 ffffffff81daaf01 ffff8801d472a820 ffff8800b6512840 ffff8801d0ac801c 0000008000000000 ffff8801d0ac8000 0000000000000000 Call Trace: [] security_inode_getattr+0xec/0x140 security/security.c:620 [] vfs_getattr+0x1c/0x50 fs/stat.c:69 [] vfs_fstatat+0xe1/0x170 fs/stat.c:110 [] vfs_stat fs/stat.c:123 [inline] [] SYSC_newstat+0x86/0x100 fs/stat.c:270 [] SyS_newstat+0x1d/0x30 fs/stat.c:266 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 1f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 65 38 49 8d 7c 24 20 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 01 0f 8e bb 00 00 00 49 8d 7c 24 1c RIP [] inode_has_perm security/selinux/hooks.c:1630 [inline] RIP [] path_has_perm security/selinux/hooks.c:1660 [inline] RIP [] selinux_inode_getattr+0x1e4/0x300 security/selinux/hooks.c:2957 RSP BUG: unable to handle kernel paging request at fffffffe051ab780 IP: [] cpuacct_charge+0x155/0x390 kernel/sched/cpuacct.c:247 PGD 420f067 PUD 0 Oops: 0000 [#2] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 3160 Comm: rsyslogd Tainted: G D 4.4.113-gef588ef #33 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8800b6ec2f80 task.stack: ffff8800b6a40000 RIP: 0010:[] [] cpuacct_charge+0x155/0x390 kernel/sched/cpuacct.c:247 RSP: 0000:ffff8800b6a47730 EFLAGS: 00010046 RAX: 1ffffffff0854fff RBX: 0000000000018528 RCX: ffffffff847eb500 RDX: fffffbffc0a356f0 RSI: fffffffe051ab780 RDI: ffffffff842a7ff8 RBP: ffff8800b6a47778 R08: 0000000000000000 R09: 0000000000000001 R10: ffffffff83844340 R11: 1ffff10016d48eb2 R12: ffffffff842a7f20 R13: dffffc0000000000 R14: 00000000473dc8bb R15: ffffffffd0138050 FS: 00007f73d127c700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffe051ab780 CR3: 00000000b7168000 CR4: 0000000000160670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff8122a430 0000000000000046 ffff8800b6a47780 ffffffff81d6253b ffff8801d1f947a0 ffffffff83844340 00000000473dc8bb ffff8801d1f947f0 ffff8801d1f94740 ffff8800b6a477c8 ffffffff811dbea7 ffff8801db31f4c0 Call Trace: [] update_curr+0x2c7/0x6c0 kernel/sched/fair.c:882 [] enqueue_entity kernel/sched/fair.c:3511 [inline] [] enqueue_task_fair+0x313/0x2940 kernel/sched/fair.c:4694 [] enqueue_task kernel/sched/core.c:856 [inline] [] activate_task+0x148/0x270 kernel/sched/core.c:872 [] ttwu_activate kernel/sched/core.c:1734 [inline] [] ttwu_do_activate.constprop.131+0xbf/0x1e0 kernel/sched/core.c:1787 [] ttwu_queue kernel/sched/core.c:1932 [inline] [] try_to_wake_up+0x68d/0xf60 kernel/sched/core.c:2066 [] wake_up_state+0x10/0x20 kernel/sched/core.c:2146 [] signal_wake_up_state+0x44/0x70 kernel/signal.c:659 [] signal_wake_up include/linux/sched.h:3307 [inline] [] zap_process+0x1c9/0x290 fs/coredump.c:301 [] zap_threads fs/coredump.c:320 [inline] [] coredump_wait fs/coredump.c:397 [inline] [] do_coredump+0x664/0x2980 fs/coredump.c:562 [] get_signal+0x5c2/0x1550 kernel/signal.c:2311 [] do_signal+0x8b/0x1d40 arch/x86/kernel/signal.c:712 [] exit_to_usermode_loop+0x11a/0x160 arch/x86/entry/common.c:247 [] prepare_exit_to_usermode+0xe3/0x100 arch/x86/entry/common.c:282 [] retint_user+0x8/0x3c Code: 49 8d bc 24 d8 00 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 9e 01 00 00 49 8b 9c 24 d8 00 00 00 80 3a 00 0f 85 0a 02 00 00 <4a> 03 1c f9 48 89 d8 48 c1 e8 03 42 80 3c 28 00 0f 85 cf 01 00 RIP [] cpuacct_charge+0x155/0x390 kernel/sched/cpuacct.c:247 RSP CR2: fffffffe051ab780 ---[ end trace ea05e9124befa970 ]---