[   15.608275] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.909035] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   21.138848] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[   21.957528] random: sshd: uninitialized urandom read (32 bytes read, 99 bits of entropy available)
[   85.421964] random: sshd: uninitialized urandom read (32 bytes read, 122 bits of entropy available)
Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
[   90.786714] random: sshd: uninitialized urandom read (32 bytes read, 124 bits of entropy available)
2018/01/21 01:50:57 parsed 1 programs
2018/01/21 01:50:57 executed programs: 0
[   91.139805] IPVS: Creating netns size=2552 id=1
[   91.163593] IPVS: Creating netns size=2552 id=2
[   91.190039] IPVS: Creating netns size=2552 id=3
[   91.225223] IPVS: Creating netns size=2552 id=4
[   91.261221] IPVS: Creating netns size=2552 id=5
[   91.288304] IPVS: Creating netns size=2552 id=6
[   91.314399] IPVS: Creating netns size=2552 id=7
[   91.355428] IPVS: Creating netns size=2552 id=8
2018/01/21 01:51:02 executed programs: 279
[   97.668083] ==================================================================
[   97.675501] BUG: KASAN: use-after-free in __lock_acquire+0x387e/0x4b50
[   97.682137] Read of size 8 at addr ffff8801cdcca2a0 by task syz-executor5/4737
[   97.689460] 
[   97.691059] CPU: 1 PID: 4737 Comm: syz-executor5 Not tainted 4.4.112-g3fc4284 #25
[   97.698648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.707973]  0000000000000000 b6f100aeb3596d82 ffff8801ce0bf550 ffffffff81d054ed
[   97.715940]  ffffea0007373200 ffff8801cdcca2a0 0000000000000000 ffff8801cdcca2a0
[   97.723917]  0000000000000000 ffff8801ce0bf588 ffffffff814fd953 ffff8801cdcca2a0
[   97.731889] Call Trace:
[   97.734447]  [<ffffffff81d054ed>] dump_stack+0xc1/0x124
[   97.739779]  [<ffffffff814fd953>] print_address_description+0x73/0x260
[   97.746411]  [<ffffffff814fde65>] kasan_report+0x285/0x370
[   97.752001]  [<ffffffff81239c7e>] ? __lock_acquire+0x387e/0x4b50
[   97.758112]  [<ffffffff814fdfc4>] __asan_report_load8_noabort+0x14/0x20
[   97.764835]  [<ffffffff81239c7e>] __lock_acquire+0x387e/0x4b50
[   97.770774]  [<ffffffff81016b9c>] ? dump_trace+0x14c/0x350
[   97.776365]  [<ffffffff81236400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   97.783344]  [<ffffffff815bf4cf>] ? free_fs_struct+0x4f/0x60
[   97.789107]  [<ffffffff814fca23>] ? save_stack+0xa3/0xd0
[   97.794529]  [<ffffffff81132efa>] ? do_exit+0x84a/0x2a20
[   97.799954]  [<ffffffff81139398>] ? do_group_exit+0x108/0x320
[   97.805816]  [<ffffffff8115c895>] ? get_signal+0x565/0x1660
[   97.811494]  [<ffffffff8100e7fb>] ? do_signal+0x8b/0x1d40
[   97.816996]  [<ffffffff81003602>] ? exit_to_usermode_loop+0x122/0x170
[   97.823544]  [<ffffffff83777b6a>] ? sysenter_flags_fixed+0xd/0x17
[   97.829743]  [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[   97.835334]  [<ffffffff82df6aa3>] ? lock_sock_nested+0x43/0x120
[   97.841375]  [<ffffffff811c852d>] ? get_parent_ip+0xd/0x50
[   97.846965]  [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[   97.852731]  [<ffffffff837754aa>] _raw_spin_lock_bh+0x3a/0x50
[   97.858580]  [<ffffffff82df6aa3>] ? lock_sock_nested+0x43/0x120
[   97.864608]  [<ffffffff82df6aa3>] lock_sock_nested+0x43/0x120
[   97.870462]  [<ffffffff834674a0>] pppol2tp_release+0x50/0x310
[   97.876313]  [<ffffffff82dea37d>] sock_release+0x8d/0x1e0
[   97.881817]  [<ffffffff82dea4e6>] sock_close+0x16/0x20
[   97.887061]  [<ffffffff81522f93>] __fput+0x233/0x6d0
[   97.892149]  [<ffffffff815234b5>] ____fput+0x15/0x20
[   97.897224]  [<ffffffff8118bb54>] task_work_run+0x104/0x180
[   97.902903]  [<ffffffff81132f21>] do_exit+0x871/0x2a20
[   97.908147]  [<ffffffff811326b0>] ? release_task+0x1240/0x1240
[   97.914085]  [<ffffffff814fca23>] ? save_stack+0xa3/0xd0
[   97.919503]  [<ffffffff81150d26>] ? recalc_sigpending+0x76/0xa0
[   97.925528]  [<ffffffff81139398>] do_group_exit+0x108/0x320
[   97.931206]  [<ffffffff8115c895>] get_signal+0x565/0x1660
[   97.936709]  [<ffffffff814fe42b>] ? quarantine_put+0xab/0x180
[   97.942561]  [<ffffffff8100e7fb>] do_signal+0x8b/0x1d40
[   97.947893]  [<ffffffff81581b5a>] ? mntput_no_expire+0xca/0x680
[   97.953917]  [<ffffffff8100e770>] ? setup_sigcontext+0x780/0x780
[   97.960029]  [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[   97.965808]  [<ffffffff81581b86>] ? mntput_no_expire+0xf6/0x680
[   97.971834]  [<ffffffff81581a90>] ? mnt_get_count+0x190/0x190
[   97.977692]  [<ffffffff81567c5d>] ? dput.part.19+0x16d/0x760
[   97.983460]  [<ffffffff81567b1a>] ? dput.part.19+0x2a/0x760
[   97.989155]  [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[   97.994921]  [<ffffffff810035cc>] ? exit_to_usermode_loop+0xec/0x170
[   98.001380]  [<ffffffff81003602>] exit_to_usermode_loop+0x122/0x170
[   98.007763]  [<ffffffff81007077>] do_fast_syscall_32+0x607/0x890
[   98.013879]  [<ffffffff83777b6a>] sysenter_flags_fixed+0xd/0x17
[   98.019902] 
[   98.021498] Allocated by task 4746:
[   98.025092]  [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[   98.030977]  [<ffffffff814fc9c3>] save_stack+0x43/0xd0
[   98.036339]  [<ffffffff814fcc8d>] kasan_kmalloc+0xad/0xe0
[   98.041959]  [<ffffffff814f8f64>] __kmalloc+0x124/0x320
[   98.047420]  [<ffffffff82df58bc>] sk_prot_alloc+0x18c/0x310
[   98.053216]  [<ffffffff82dfbc0a>] sk_alloc+0x3a/0x3a0
[   98.058488]  [<ffffffff83463283>] pppol2tp_create+0x33/0x1f0
[   98.064368]  [<ffffffff827ffe61>] pppox_create+0xf1/0x200
[   98.069987]  [<ffffffff82df07ec>] __sock_create+0x3ac/0x640
[   98.075779]  [<ffffffff82df0cb0>] SyS_socket+0xf0/0x1b0
[   98.081225]  [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[   98.087465]  [<ffffffff83777b6a>] sysenter_flags_fixed+0xd/0x17
[   98.093608] 
[   98.095203] Freed by task 4737:
[   98.098447]  [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[   98.104327]  [<ffffffff814fc9c3>] save_stack+0x43/0xd0
[   98.109689]  [<ffffffff814fd2e2>] kasan_slab_free+0x72/0xc0
[   98.115495]  [<ffffffff814f9d6c>] kfree+0xfc/0x300
[   98.120509]  [<ffffffff82dff7d7>] sk_destruct+0x3f7/0x4c0
[   98.126144]  [<ffffffff82dff8f7>] __sk_free+0x57/0x230
[   98.131520]  [<ffffffff82dffb00>] sk_free+0x30/0x40
[   98.136620]  [<ffffffff8346688f>] pppol2tp_session_sock_put+0x5f/0x70
[   98.143283]  [<ffffffff8345f284>] l2tp_tunnel_closeall+0x254/0x3b0
[   98.149688]  [<ffffffff8345fe6b>] l2tp_udp_encap_destroy+0x8b/0xf0
[   98.156088]  [<ffffffff8336e6b1>] udpv6_destroy_sock+0xb1/0xd0
[   98.162143]  [<ffffffff82e014cb>] sk_common_release+0x6b/0x300
[   98.168200]  [<ffffffff8336d665>] udp_lib_close+0x15/0x20
[   98.173822]  [<ffffffff831d16da>] inet_release+0xfa/0x1d0
[   98.179442]  [<ffffffff832f6f90>] inet6_release+0x50/0x70
[   98.185062]  [<ffffffff82dea37d>] sock_release+0x8d/0x1e0
[   98.190684]  [<ffffffff82dea4e6>] sock_close+0x16/0x20
[   98.196043]  [<ffffffff81522f93>] __fput+0x233/0x6d0
[   98.201251]  [<ffffffff815234b5>] ____fput+0x15/0x20
[   98.206435]  [<ffffffff8118bb54>] task_work_run+0x104/0x180
[   98.212232]  [<ffffffff81003625>] exit_to_usermode_loop+0x145/0x170
[   98.218721]  [<ffffffff81007077>] do_fast_syscall_32+0x607/0x890
[   98.224967]  [<ffffffff83777b6a>] sysenter_flags_fixed+0xd/0x17
[   98.231126] 
[   98.232722] The buggy address belongs to the object at ffff8801cdcca200
[   98.232722]  which belongs to the cache kmalloc-2048 of size 2048
[   98.245517] The buggy address is located 160 bytes inside of
[   98.245517]  2048-byte region [ffff8801cdcca200, ffff8801cdccaa00)
[   98.257443] The buggy address belongs to the page:
[   99.763176] PANIC: double fault, error_code: 0x0
[   99.767954] CPU: 1 PID: 4737 Comm: syz-executor5 Not tainted 4.4.112-g3fc4284 #25
[   99.775543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.784867] task: ffff8801ce37af80 task.stack: ffff8801ce0b8000
[   99.790890] RIP: 0010:[<ffffffff8148fd3a>]  [<ffffffff8148fd3a>] dump_page_badflags+0x1a/0x250
[   99.799725] RSP: 0018:ffff880100000000  EFLAGS: 00010086
[   99.805143] RAX: ffff8801ce37af80 RBX: ffffea0007373200 RCX: ffffffff8148fea0
[   99.812380] RDX: 0000000000000000 RSI: ffffffff838a8620 RDI: ffffea0007373200
[   99.819617] RBP: ffff880100000030 R08: 0000000000000001 R09: 0000000000000000
[   99.826855] R10: 0000000000000002 R11: fffffbfff0ad7a1e R12: 0000000000000000
[   99.834107] R13: ffffffff838a8620 R14: 0000000000000000 R15: 0000000000000000
[   99.841358] FS:  0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   99.849553] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   99.855403] CR2: ffff8800fffffff8 CR3: 000000000420c000 CR4: 0000000000160670
[   99.863520] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   99.870783] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   99.878039] Stack:
[   99.880172] 
[   99.882872] Call Trace:
[   99.885436]  <UNK> 
[   99.887478] Code: e2 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 <e8> 11 01 ed ff 48 8d 7b 10 48 b8 00 00 00 00 00 fc ff df 48 89 
[   99.914890] Kernel panic - not syncing: Machine halted.
[   99.920224] CPU: 1 PID: 4737 Comm: syz-executor5 Not tainted 4.4.112-g3fc4284 #25
[   99.927812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.937135]  0000000000000000 b6f100aeb3596d82 ffff8801db30ce38 ffffffff81d054ed
[   99.945109]  ffffffff83836a60 ffff8801db30cf10 ffffffff83808040 ffff880100000000
[   99.953083]  0000000000000000 ffff8801db30cf00 ffffffff81419dca 0000000041b58ab3
[   99.961053] Call Trace:
[   99.963603]  <#DF>  [<ffffffff81d054ed>] dump_stack+0xc1/0x124
[   99.969667]  [<ffffffff81419dca>] panic+0x1aa/0x388
[   99.974652]  [<ffffffff81419c20>] ? percpu_up_read.constprop.45+0xe1/0xe1
[   99.981558]  [<ffffffff81269292>] ? vprintk_emit+0x242/0x850
[   99.987324]  [<ffffffff8148fd4f>] ? dump_page_badflags+0x2f/0x250
[   99.993521]  [<ffffffff81269292>] ? vprintk_emit+0x242/0x850
[   99.999285]  [<ffffffff810caf5d>] df_debug+0x2d/0x30
[  100.004354]  [<ffffffff81012d2b>] do_double_fault+0x10b/0x210
[  100.010208]  [<ffffffff837772bd>] double_fault+0x2d/0x40
[  100.015625]  [<ffffffff8148fea0>] ? dump_page_badflags+0x180/0x250
[  100.021911]  [<ffffffff8148fd3a>] ? dump_page_badflags+0x1a/0x250
[  100.028109]  <<EOE>>  <UNK> 
[  100.031494] Dumping ftrace buffer:
[  100.035291]    (ftrace buffer empty)
[  100.038972] Kernel Offset: disabled
[  100.042568] Rebooting in 86400 seconds..