[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.343320] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. [ 21.115878] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 [ 21.559519] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) syzkaller login: [ 22.552152] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. 2018/06/07 17:57:54 parsed 1 programs 2018/06/07 17:57:56 executed programs: 0 [ 37.991674] IPVS: Creating netns size=2552 id=1 [ 38.210596] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 38.225041] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 38.299845] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 38.314292] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 38.387440] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 38.401207] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 38.416285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.431818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.072578] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.110312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.322216] ================================================================== [ 40.329590] BUG: KASAN: use-after-free in tcp_write_xmit+0x3fc2/0x4cb0 [ 40.336224] Read of size 2 at addr ffff8800ba98f1b0 by task syz-executor0/4209 [ 40.343547] [ 40.345144] CPU: 0 PID: 4209 Comm: syz-executor0 Not tainted 4.4.136-gfb7e319 #57 [ 40.352729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.362051] 0000000000000000 bead00a411c184e7 ffff8801d6fe76c8 ffffffff81e0edad [ 40.370015] ffffea0002ea6380 ffff8800ba98f1b0 0000000000000000 ffff8800ba98f1b0 [ 40.377987] dffffc0000000000 ffff8801d6fe7700 ffffffff815159b6 ffff8800ba98f1b0 [ 40.385955] Call Trace: [ 40.388523] [] dump_stack+0xc1/0x124 [ 40.393854] [] print_address_description+0x6c/0x216 [ 40.400487] [] kasan_report.cold.7+0x175/0x2f7 [ 40.406686] [] ? tcp_write_xmit+0x3fc2/0x4cb0 [ 40.412801] [] __asan_report_load2_noabort+0x14/0x20 [ 40.419520] [] tcp_write_xmit+0x3fc2/0x4cb0 [ 40.425460] [] ? tcp_current_mss+0x1fd/0x350 [ 40.431487] [] ? tcp_mtup_init+0x340/0x340 [ 40.437340] [] ? mark_held_locks+0xc7/0x130 [ 40.443281] [] __tcp_push_pending_frames+0xa0/0x290 [ 40.449916] [] tcp_send_fin+0x176/0xab0 [ 40.455507] [] ? tcp_set_state+0x165/0x3f0 [ 40.461359] [] tcp_close+0xca0/0xf70 [ 40.466691] [] ? ip_mc_drop_socket+0x1d3/0x230 [ 40.472890] [] ? sock_release+0x1c0/0x1c0 [ 40.478656] [] inet_release+0xff/0x1d0 [ 40.484160] [] sock_release+0x96/0x1c0 [ 40.489663] [] sock_close+0x16/0x20 [ 40.494909] [] __fput+0x235/0x6f0 [ 40.499978] [] ____fput+0x15/0x20 [ 40.505049] [] task_work_run+0x10f/0x190 [ 40.510725] [] do_exit+0x9e5/0x26b0 [ 40.515971] [] ? release_task.part.17+0x1200/0x1200 [ 40.522607] [] ? recalc_sigpending+0x76/0xa0 [ 40.528660] [] do_group_exit+0x111/0x330 [ 40.534337] [] get_signal+0x4ec/0x14b0