[   23.323760] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.867478] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   27.087356] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   28.070306] random: sshd: uninitialized urandom read (32 bytes read, 107 bits of entropy available)
[   28.250585] random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available)
Warning: Permanently added '10.128.15.218' (ECDSA) to the list of known hosts.
[   33.651428] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available)
executing program
[   33.754724] ==================================================================
[   33.762120] BUG: KASAN: use-after-free in __lock_acquire+0x387e/0x4b50
[   33.768764] Read of size 8 at addr ffff8800ad23f9b8 by task syzkaller103734/4058
[   33.776267] 
[   33.777870] CPU: 1 PID: 4058 Comm: syzkaller103734 Not tainted 4.4.114-ga81d322 #4
[   33.785546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.794873]  0000000000000000 3857ec35d32e2232 ffff8800b964f650 ffffffff81d0394d
[   33.813954]  ffffea0002b48f80 ffff8800ad23f9b8 0000000000000000 ffff8800ad23f9b8
[   33.821937]  0000000000000000 ffff8800b964f688 ffffffff814fe1d3 ffff8800ad23f9b8
[   33.829908] Call Trace:
[   33.832477]  [<ffffffff81d0394d>] dump_stack+0xc1/0x124
[   33.837823]  [<ffffffff814fe1d3>] print_address_description+0x73/0x260
[   33.844459]  [<ffffffff814fe6e5>] kasan_report+0x285/0x370
[   33.850051]  [<ffffffff8123ac7e>] ? __lock_acquire+0x387e/0x4b50
[   33.856359]  [<ffffffff814fe844>] __asan_report_load8_noabort+0x14/0x20
[   33.863085]  [<ffffffff8123ac7e>] __lock_acquire+0x387e/0x4b50
[   33.869029]  [<ffffffff81237f5f>] ? __lock_acquire+0xb5f/0x4b50
[   33.875074]  [<ffffffff81237400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   33.882057]  [<ffffffff81237400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   33.889043]  [<ffffffff812367ef>] ? mark_held_locks+0xaf/0x100
[   33.894986]  [<ffffffff8123d7be>] lock_acquire+0x15e/0x460
[   33.900592]  [<ffffffff812200e4>] ? remove_wait_queue+0x14/0x40
[   33.906632]  [<ffffffff83773ace>] _raw_spin_lock_irqsave+0x4e/0x70
[   33.912922]  [<ffffffff812200e4>] ? remove_wait_queue+0x14/0x40
[   33.918952]  [<ffffffff812200e4>] remove_wait_queue+0x14/0x40
[   33.924812]  [<ffffffff815f6988>] ep_unregister_pollwait.isra.6+0xa8/0x220
[   33.931795]  [<ffffffff815f69f4>] ? ep_unregister_pollwait.isra.6+0x114/0x220
[   33.939040]  [<ffffffff815f77e0>] ? ep_free+0x1c0/0x1c0
[   33.944382]  [<ffffffff815f76b3>] ep_free+0x93/0x1c0
[   33.949454]  [<ffffffff815f77e0>] ? ep_free+0x1c0/0x1c0
[   33.954786]  [<ffffffff815f7824>] ep_eventpoll_release+0x44/0x60
[   33.960900]  [<ffffffff815234e3>] __fput+0x233/0x6d0
[   33.965974]  [<ffffffff81523a05>] ____fput+0x15/0x20
[   33.971046]  [<ffffffff8118b9d4>] task_work_run+0x104/0x180
[   33.976727]  [<ffffffff81132f7a>] do_exit+0x82a/0x2a10
[   33.981985]  [<ffffffff81132750>] ? release_task+0x1240/0x1240
[   33.987925]  [<ffffffff812dac40>] ? hash_futex+0x210/0x210
[   33.993521]  [<ffffffff81150d86>] ? recalc_sigpending+0x76/0xa0
[   33.999548]  [<ffffffff81139418>] do_group_exit+0x108/0x320
[   34.005228]  [<ffffffff8115c872>] get_signal+0x4f2/0x1550
[   34.010741]  [<ffffffff8100e7fb>] do_signal+0x8b/0x1d40
[   34.016080]  [<ffffffff81236bcb>] ? trace_hardirqs_on_caller+0x38b/0x590
[   34.022888]  [<ffffffff8100e770>] ? setup_sigcontext+0x780/0x780
[   34.029005]  [<ffffffff82c908b0>] ? binder_ioctl_write_read.isra.55+0xbc0/0xbc0
[   34.036422]  [<ffffffff81559728>] ? do_vfs_ioctl+0x468/0xee0
[   34.042193]  [<ffffffff812e1ff0>] ? SyS_futex+0x210/0x2c0
[   34.047699]  [<ffffffff810035c4>] ? exit_to_usermode_loop+0xe4/0x160
[   34.054159]  [<ffffffff810035fa>] exit_to_usermode_loop+0x11a/0x160
[   34.060534]  [<ffffffff81006535>] syscall_return_slowpath+0x1b5/0x1f0
[   34.067089]  [<ffffffff83774069>] int_ret_from_sys_call+0x25/0xa3
[   34.073289] 
[   34.074888] Allocated by task 4058:
[   34.078479]  [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[   34.084365]  [<ffffffff814fd243>] save_stack+0x43/0xd0
[   34.089733]  [<ffffffff814fd50d>] kasan_kmalloc+0xad/0xe0
[   34.095356]  [<ffffffff814f9490>] kmem_cache_alloc_trace+0x100/0x2b0
[   34.101936]  [<ffffffff82c7c77d>] binder_get_thread+0x15d/0x750
[   34.108088]  [<ffffffff82c7cdba>] binder_poll+0x4a/0x210
[   34.113636]  [<ffffffff815fa801>] SyS_epoll_ctl+0x10b1/0x2040
[   34.119629]  [<ffffffff83773edf>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   34.126299] 
[   34.127899] Freed by task 4058:
[   34.131143]  [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[   34.137035]  [<ffffffff814fd243>] save_stack+0x43/0xd0
[   34.142397]  [<ffffffff814fdb62>] kasan_slab_free+0x72/0xc0
[   34.148193]  [<ffffffff814fa5fc>] kfree+0xfc/0x300
[   34.153207]  [<ffffffff82c75ce1>] binder_thread_dec_tmpref+0x1c1/0x250
[   34.159960]  [<ffffffff82c7681d>] binder_thread_release+0x27d/0x540
[   34.166448]  [<ffffffff82c91444>] binder_ioctl+0xb94/0x12e0
[   34.172246]  [<ffffffff81559a6a>] do_vfs_ioctl+0x7aa/0xee0
[   34.177958]  [<ffffffff8155a22f>] SyS_ioctl+0x8f/0xc0
[   34.183235]  [<ffffffff83773edf>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   34.189908] 
[   34.191508] The buggy address belongs to the object at ffff8800ad23f900
[   34.191508]  which belongs to the cache kmalloc-512 of size 512
[   34.204133] The buggy address is located 184 bytes inside of
[   34.204133]  512-byte region [ffff8800ad23f900, ffff8800ad23fb00)
[   34.215985] The buggy address belongs to the page:
[   34.300805] BUG: unable to handle kernel paging request at ffffffff847dd808
[   34.308225] IP: [<ffffffff81027efd>] default_idle+0x7d/0x3c0
[   34.314166] PGD 420f067 PUD 4210063 PMD b6e1e063 PTE 0
[   34.319971] Oops: 0000 [#1] PREEMPT SMP KASAN
[   34.324991] BUG: unable to handle kernel paging request at ffffffff847ed1f0
[   34.332352] IP: [<ffffffff8139ff4e>] trace_init_global_iter+0xde/0x2c0
[   34.339146] PGD 420f067 PUD 4210063 PMD b6e1e063 PTE 0
[   34.344960] Oops: 0000 [#2] PREEMPT SMP KASAN
[   34.349971] Modules linked in:
[   34.353298] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.114-ga81d322 #4
[   34.360212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.369561] task: ffffffff84217840 task.stack: ffffffff84200000
[   34.375615] RIP: 0010:[<ffffffff8139ff4e>]  [<ffffffff8139ff4e>] trace_init_global_iter+0xde/0x2c0
[   34.384857] RSP: 0018:ffffffff84207930  EFLAGS: 00010046
[   34.390304] RAX: dffffc0000000000 RBX: ffffffff8572bd80 RCX: ffffffff8139ff2f
[   34.397575] RDX: 1ffffffff08fda3e RSI: 0000000000000001 RDI: ffffffff847ed1f0
[   34.404843] RBP: ffffffff84207950 R08: 0000000000000000 R09: 0000000000000001
[   34.412111] R10: ffffffff838443e0 R11: 1ffffffff0840f10 R12: ffffffff842e5ed8
[   34.419379] R13: ffffffff847ed1c0 R14: ffffffff8572bd90 R15: 1ffffffff08fd994
[   34.426654] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   34.434878] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.440765] CR2: ffffffff847ed1f0 CR3: 000000000420c000 CR4: 0000000000160670
[   34.448041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.455421] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.462679] Stack:
[   34.464823]  00000000ffffffff dffffc0000000000 dffffc0000000000 0000000000000007
[   34.472877]  ffffffff842079a0 ffffffff813a01da 000000000000a078 0000000000000093
[   34.480936]  0000000200000000 0000000000000002 dffffc0000000000 00000000fffffffd
[   34.488994] Call Trace:
[   34.491581]  [<ffffffff813a01da>] ftrace_dump+0xaa/0x4b0
[   34.497033]  [<ffffffff813a061b>] trace_die_handler+0x3b/0x50
[   34.502917]  [<ffffffff81194075>] notifier_call_chain+0x95/0x1b0
[   34.509069]  [<ffffffff8119569b>] atomic_notifier_call_chain+0x7b/0x140
[   34.515829]  [<ffffffff81195620>] ? __atomic_notifier_call_chain+0x150/0x150
[   34.523017]  [<ffffffff8119583f>] notify_die+0xdf/0x160
[   34.528385]  [<ffffffff81195760>] ? atomic_notifier_call_chain+0x140/0x140
[   34.535405]  [<ffffffff810dad40>] ? vmalloc_fault+0x850/0x850
[   34.541297]  [<ffffffff8126a282>] ? vprintk_emit+0x242/0x850
[   34.547096]  [<ffffffff8101790c>] __die+0x8c/0xf0
[   34.551944]  [<ffffffff810db659>] no_context+0x349/0x840
[   34.557397]  [<ffffffff810db310>] ? pgtable_bad+0x110/0x110
[   34.563106]  [<ffffffff81237f5f>] ? __lock_acquire+0xb5f/0x4b50
[   34.569166]  [<ffffffff81237400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   34.576176]  [<ffffffff81237f5f>] ? __lock_acquire+0xb5f/0x4b50
[   34.582229]  [<ffffffff81230141>] ? __lock_is_held+0xa1/0xf0
[   34.588028]  [<ffffffff810dbd9b>] __bad_area_nosemaphore+0x24b/0x420
[   34.594520]  [<ffffffff810dbf9a>] bad_area_nosemaphore+0x2a/0x40
[   34.600666]  [<ffffffff810dc4b4>] __do_page_fault+0x144/0xa00
[   34.606550]  [<ffffffff81003030>] ? trace_hardirqs_off_thunk+0x17/0x19
SeaBIOS (version 1.8.2-20171012_061934-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2     Max CPUs supported: 256
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2850: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...