[   15.451504] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.073079] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[   21.395443] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   22.188172] random: sshd: uninitialized urandom read (32 bytes read, 85 bits of entropy available)
[   22.671335] random: sshd: uninitialized urandom read (32 bytes read, 91 bits of entropy available)
Warning: Permanently added '10.128.0.58' (ECDSA) to the list of known hosts.
[   28.069827] random: sshd: uninitialized urandom read (32 bytes read, 101 bits of entropy available)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   34.566283] ==================================================================
[   34.573681] BUG: KASAN: use-after-free in pppol2tp_session_destruct+0xee/0x110
[   34.581021] Read of size 4 at addr ffff8800b4fd4000 by task syzkaller515799/3760
[   34.588531] 
[   34.590132] CPU: 1 PID: 3760 Comm: syzkaller515799 Not tainted 4.4.112-g3fc4284 #32
[   34.597892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.607214]  0000000000000000 f2d1fe4ac8580672 ffff8801d02e7c70 ffffffff81d054ed
[   34.615179]  ffffea0002d3f500 ffff8800b4fd4000 0000000000000000 ffff8800b4fd4000
[   34.623140]  ffffffff82dea4d0 ffff8801d02e7ca8 ffffffff814fd953 ffff8800b4fd4000
[   34.631111] Call Trace:
[   34.633667]  [<ffffffff81d054ed>] dump_stack+0xc1/0x124
[   34.638998]  [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[   34.644765]  [<ffffffff814fd953>] print_address_description+0x73/0x260
[   34.651399]  [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[   34.657166]  [<ffffffff814fde65>] kasan_report+0x285/0x370
[   34.662759]  [<ffffffff8346680e>] ? pppol2tp_session_destruct+0xee/0x110
[   34.669567]  [<ffffffff814fdfa4>] __asan_report_load4_noabort+0x14/0x20
[   34.676291]  [<ffffffff8346680e>] pppol2tp_session_destruct+0xee/0x110
[   34.682925]  [<ffffffff83466720>] ? pppol2tp_seq_start+0x4e0/0x4e0
[   34.689209]  [<ffffffff82dff42a>] sk_destruct+0x4a/0x4c0
[   34.694625]  [<ffffffff82dff8f7>] __sk_free+0x57/0x230
[   34.699869]  [<ffffffff82dffb00>] sk_free+0x30/0x40
[   34.704851]  [<ffffffff834676ca>] pppol2tp_release+0x27a/0x310
[   34.710790]  [<ffffffff82dea37d>] sock_release+0x8d/0x1e0
[   34.716294]  [<ffffffff82dea4e6>] sock_close+0x16/0x20
[   34.721538]  [<ffffffff81522f93>] __fput+0x233/0x6d0
[   34.726606]  [<ffffffff815234b5>] ____fput+0x15/0x20
[   34.731677]  [<ffffffff8118bb54>] task_work_run+0x104/0x180
[   34.737355]  [<ffffffff81003625>] exit_to_usermode_loop+0x145/0x170
[   34.743727]  [<ffffffff81006545>] syscall_return_slowpath+0x1b5/0x1f0
[   34.750283]  [<ffffffff8377635d>] int_ret_from_sys_call+0x25/0xa3
[   34.756481] 
[   34.758078] Allocated by task 3760:
[   34.761673]  [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[   34.767558]  [<ffffffff814fc9c3>] save_stack+0x43/0xd0
[   34.772924]  [<ffffffff814fcc8d>] kasan_kmalloc+0xad/0xe0
[   34.778544]  [<ffffffff814f8f64>] __kmalloc+0x124/0x320
[   34.783991]  [<ffffffff834604c9>] l2tp_session_create+0x39/0x10f0
[   34.790308]  [<ffffffff83464b5c>] pppol2tp_connect+0x10fc/0x1930
[   34.796535]  [<ffffffff82deed36>] SYSC_connect+0x1b6/0x310
[   34.802252]  [<ffffffff82df15a4>] SyS_connect+0x24/0x30
[   34.807702]  [<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[   34.814375] 
[   34.815974] Freed by task 3761:
[   34.819216]  [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[   34.825098]  [<ffffffff814fc9c3>] save_stack+0x43/0xd0
[   34.830459]  [<ffffffff814fd2e2>] kasan_slab_free+0x72/0xc0
[   34.836256]  [<ffffffff814f9d6c>] kfree+0xfc/0x300
[   34.841269]  [<ffffffff8345ca50>] l2tp_session_free+0x170/0x200
[   34.847411]  [<ffffffff8345f301>] l2tp_tunnel_closeall+0x2d1/0x3b0
[   34.853814]  [<ffffffff8345fe6b>] l2tp_udp_encap_destroy+0x8b/0xf0
[   34.860219]  [<ffffffff8336e6b1>] udpv6_destroy_sock+0xb1/0xd0
[   34.866278]  [<ffffffff82e014cb>] sk_common_release+0x6b/0x300
[   34.872331]  [<ffffffff8336d665>] udp_lib_close+0x15/0x20
[   34.877958]  [<ffffffff831d16da>] inet_release+0xfa/0x1d0
[   34.883580]  [<ffffffff832f6f90>] inet6_release+0x50/0x70
[   34.889202]  [<ffffffff82dea37d>] sock_release+0x8d/0x1e0
[   34.894822]  [<ffffffff82dea4e6>] sock_close+0x16/0x20
[   34.900182]  [<ffffffff81522f93>] __fput+0x233/0x6d0
[   34.905365]  [<ffffffff815234b5>] ____fput+0x15/0x20
[   34.910547]  [<ffffffff8118bb54>] task_work_run+0x104/0x180
[   34.916343]  [<ffffffff81003625>] exit_to_usermode_loop+0x145/0x170
[   34.922830]  [<ffffffff81006545>] syscall_return_slowpath+0x1b5/0x1f0
[   34.929494]  [<ffffffff8377635d>] int_ret_from_sys_call+0x25/0xa3
[   34.935808] 
[   34.937404] The buggy address belongs to the object at ffff8800b4fd4000
[   34.937404]  which belongs to the cache kmalloc-512 of size 512
[   34.950028] The buggy address is located 0 bytes inside of
[   34.950028]  512-byte region [ffff8800b4fd4000, ffff8800b4fd4200)
[   34.961695] The buggy address belongs to the page:
[   35.782915] ------------[ cut here ]------------
[   35.788397] WARNING: CPU: 0 PID: 3308 at kernel/locking/lockdep.c:3190 __lock_acquire+0x23b3/0x4b50()
[   35.797723] DEBUG_LOCKS_WARN_ON(id >= MAX_LOCKDEP_KEYS)
[   35.802878] Kernel panic - not syncing: panic_on_warn set ...
[   35.802878] 
[   35.810511] CPU: 0 PID: 3308 Comm: getty Not tainted 4.4.112-g3fc4284 #32
[   35.817406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.826730]  0000000000000000 249b217bf98dc066 ffff8800b479f3f0 ffffffff81d054ed
[   35.834701]  ffffffff83843200 ffff8800b479f4c8 ffffffff83854fe0 0000000000000009
[   35.842667]  0000000000000c76 ffff8800b479f4b8 ffffffff81419dca 0000000041b58ab3
[   35.850669] Call Trace:
[   35.853227]  [<ffffffff81d054ed>] dump_stack+0xc1/0x124
[   35.858560]  [<ffffffff81419dca>] panic+0x1aa/0x388
[   35.863579]  [<ffffffff81419c20>] ? percpu_up_read.constprop.45+0xe1/0xe1
[   35.870487]  [<ffffffff8112d81a>] ? warn_slowpath_common+0x10a/0x140
[   35.876949]  [<ffffffff8112d835>] warn_slowpath_common+0x125/0x140
[   35.883244]  [<ffffffff812387b3>] ? __lock_acquire+0x23b3/0x4b50
[   35.889365]  [<ffffffff8112d911>] warn_slowpath_fmt+0xc1/0x110
[   35.895314]  [<ffffffff8112d850>] ? warn_slowpath_common+0x140/0x140
[   35.901775]  [<ffffffff81dae593>] ? depot_save_stack+0x1c3/0x640
[   35.907900]  [<ffffffff814bdc0d>] ? unlink_anon_vmas+0x37d/0x640
[   35.914014]  [<ffffffff814fca23>] ? save_stack+0xa3/0xd0
[   35.919434]  [<ffffffff812387b3>] __lock_acquire+0x23b3/0x4b50
[   35.925385]  [<ffffffff81139398>] ? do_group_exit+0x108/0x320
[   35.931248]  [<ffffffff8115c895>] ? get_signal+0x565/0x1660
[   35.936927]  [<ffffffff8100e7fb>] ? do_signal+0x8b/0x1d40
[   35.942431]  [<ffffffff81003602>] ? exit_to_usermode_loop+0x122/0x170
[   35.948990]  [<ffffffff81006373>] ? prepare_exit_to_usermode+0xe3/0x100
[   35.955713]  [<ffffffff83776d88>] ? retint_user+0x8/0x3c
[   35.961132]  [<ffffffff81d68606>] ? debug_check_no_obj_freed+0x166/0x9b0
[   35.967941]  [<ffffffff81236400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   35.974925]  [<ffffffff837757a5>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[   35.981841]  [<ffffffff81d68772>] ? debug_check_no_obj_freed+0x2d2/0x9b0
[   35.988649]  [<ffffffff814f9459>] ? __slab_free+0x109/0x2b0
[   35.994335]  [<ffffffff814fe42b>] ? quarantine_put+0xab/0x180
[   36.000196]  [<ffffffff81235bcb>] ? trace_hardirqs_on_caller+0x38b/0x590
[   36.007003]  [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   36.012597]  [<ffffffff814aa6d5>] ? unlink_file_vma+0x75/0xb0
[   36.018451]  [<ffffffff83771441>] down_write+0x41/0xa0
[   36.023694]  [<ffffffff814aa6d5>] ? unlink_file_vma+0x75/0xb0
[   36.029559]  [<ffffffff814aa6d5>] unlink_file_vma+0x75/0xb0
[   36.035243]  [<ffffffff81498326>] free_pgtables+0x226/0x330
[   36.040921]  [<ffffffff814b3c73>] exit_mmap+0x1e3/0x3a0
[   36.046263]  [<ffffffff814b3a90>] ? SyS_remap_file_pages+0x960/0x960
[   36.052735]  [<ffffffff811a4f00>] ? __might_sleep+0x90/0x1a0
[   36.058516]  [<ffffffff81123498>] mmput+0xf8/0x2d0
[   36.063418]  [<ffffffff81132e0b>] do_exit+0x75b/0x2a20
[   36.068665]  [<ffffffff8122f131>] ? __lock_is_held+0xa1/0xf0
[   36.075162]  [<ffffffff812850d3>] ? rcu_read_lock_sched_held+0x103/0x120
[   36.081987]  [<ffffffff811326b0>] ? release_task+0x1240/0x1240
[   36.087924]  [<ffffffff81139398>] do_group_exit+0x108/0x320
[   36.093604]  [<ffffffff8115c895>] get_signal+0x565/0x1660
[   36.099110]  [<ffffffff8100e7fb>] do_signal+0x8b/0x1d40
[   36.104453]  [<ffffffff810d9fa0>] ? spurious_fault+0x370/0x370
[   36.110404]  [<ffffffff8100e770>] ? setup_sigcontext+0x780/0x780
[   36.116517]  [<ffffffff8122f131>] ? __lock_is_held+0xa1/0xf0
[   36.122282]  [<ffffffff810dbd60>] ? __bad_area_nosemaphore+0x220/0x420
[   36.128921]  [<ffffffff810dc073>] ? bad_area_access_error+0x53/0x80
[   36.135300]  [<ffffffff810035cc>] ? exit_to_usermode_loop+0xec/0x170
[   36.141769]  [<ffffffff81003602>] exit_to_usermode_loop+0x122/0x170
[   36.148141]  [<ffffffff81006373>] prepare_exit_to_usermode+0xe3/0x100
[   36.154690]  [<ffffffff83776d88>] retint_user+0x8/0x3c
[   36.536595] PANIC: double fault, error_code: 0x0
[   36.541372] CPU: 1 PID: 3760 Comm: syzkaller515799 Not tainted 4.4.112-g3fc4284 #32
[   36.549136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.558470] task: ffff8801d3548000 task.stack: ffff8801d02e0000
[   36.564495] RIP: 0010:[<ffffffff8148fd28>]  [<ffffffff8148fd28>] dump_page_badflags+0x8/0x250
[   36.573257] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   36.578672] RAX: ffff8801d3548000 RBX: ffffea0002d3f500 RCX: ffffffff8148fea0
[   36.585910] RDX: 0000000000000000 RSI: ffffffff838a8620 RDI: ffffea0002d3f500
[   36.593152] RBP: ffff880100000010 R08: 0000000000000001 R09: 0000000000000000
[   36.600390] R10: 0000000000000002 R11: fffffbfff0ad7a1e R12: 0000000000000000
[   36.607629] R13: ffffffff838a8620 R14: 0000000000000000 R15: 0000000000000000
[   36.614867] FS:  00007f57ad3f5700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   36.623061] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   36.628909] CR2: ffff8800fffffff8 CR3: 00000001d3540000 CR4: 0000000000160670
[   36.636160] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   36.643399] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   36.650635] Stack:
[   36.652749] 
[   36.654352] Call Trace:
[   36.656901]  <UNK> 
[   36.658929] Code: 00 e9 83 fd ff ff e8 a8 e2 06 00 e9 50 fd ff ff e8 9e e2 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 11 01 
[   37.223529] Shutting down cpus with NMI
[   37.227864] Dumping ftrace buffer:
[   37.231372]    (ftrace buffer empty)
[   37.235051] Kernel Offset: disabled
[   37.238644] Rebooting in 86400 seconds..