[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.046082] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.249880] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   24.547149] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   25.753856] random: sshd: uninitialized urandom read (32 bytes read, 98 bits of entropy available)
[   61.432034] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available)
Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts.
[   66.852100] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available)
2018/07/09 10:59:46 parsed 1 programs
[   68.273223] random: cc1: uninitialized urandom read (8 bytes read, 122 bits of entropy available)
2018/07/09 10:59:48 executed programs: 0
[   69.531294] IPVS: Creating netns size=2552 id=1
[   69.593652] IPVS: Creating netns size=2552 id=2
[   69.637602] IPVS: Creating netns size=2552 id=3
[   69.706530] IPVS: Creating netns size=2552 id=4
[   69.783749] IPVS: Creating netns size=2552 id=5
[   69.851440] IPVS: Creating netns size=2552 id=6
[   69.956031] IPVS: Creating netns size=2552 id=7
[   70.040454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   70.073710] IPVS: Creating netns size=2552 id=8
[   70.091241] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   70.335822] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   70.396335] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   70.409010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   70.427433] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   70.481523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   70.526980] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   70.616402] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   70.662996] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   70.670616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   70.706101] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   70.745060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   70.846742] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   70.854990] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   70.915730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   70.923426] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   70.931121] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   70.977332] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   70.985236] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   70.997427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   71.008694] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   71.033725] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   71.043716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   71.073439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   71.101520] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   71.158611] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   71.167061] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   71.224584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   71.234565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   71.277055] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   71.285483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   71.382134] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   71.425938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   71.442904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   71.453766] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   71.468893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   71.507414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   71.526255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   71.548216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   71.556528] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   71.600603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   71.663705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   71.677992] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   71.690357] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   71.745156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   71.801444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   71.874186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   71.911730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   71.925728] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   71.950136] ip (4511) used greatest stack depth: 24288 bytes left
[   71.979069] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   72.021008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   72.040150] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   72.053204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   72.109646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   72.136607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   72.155833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   72.179799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   72.204460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   72.234319] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   72.250338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   72.301062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   72.372723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   72.426050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   74.557338] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.609737] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.687742] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.750892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.839686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.864454] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.922042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.103854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.207235] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   75.248086] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   75.335489] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   75.422758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.457538] random: nonblocking pool is initialized
[   75.492683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.584072] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.601049] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   75.789987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/07/09 10:59:55 executed programs: 8
2018/07/09 11:00:00 executed programs: 215
2018/07/09 11:00:05 executed programs: 446
2018/07/09 11:00:10 executed programs: 673
2018/07/09 11:00:15 executed programs: 889
2018/07/09 11:00:20 executed programs: 1110
2018/07/09 11:00:25 executed programs: 1318
2018/07/09 11:00:30 executed programs: 1523
2018/07/09 11:00:35 executed programs: 1737
INIT: Id "5" respawning too fast: disabled for 5 minutes
INIT: Id "6" respawning too fast: disabled for 5 minutes
INIT: Id "2" respawning too fast: disabled for 5 minutes
INIT: Id "3" respawning too fast: disabled for 5 minutes
INIT: Id "1" respawning too fast: disabled for 5 minutes
INIT: Id "4" respawning too fast: disabled for 5 minutes
2018/07/09 11:00:40 executed programs: 1967
2018/07/09 11:00:46 executed programs: 2189
2018/07/09 11:00:51 executed programs: 2420
2018/07/09 11:00:56 executed programs: 2643
2018/07/09 11:01:01 executed programs: 2856
2018/07/09 11:01:06 executed programs: 3080
2018/07/09 11:01:11 executed programs: 3291
2018/07/09 11:01:16 executed programs: 3521
2018/07/09 11:01:21 executed programs: 3747
2018/07/09 11:01:26 executed programs: 3973
2018/07/09 11:01:31 executed programs: 4189
2018/07/09 11:01:36 executed programs: 4419
2018/07/09 11:01:41 executed programs: 4640
2018/07/09 11:01:46 executed programs: 4869
2018/07/09 11:01:51 executed programs: 5099
2018/07/09 11:01:56 executed programs: 5312
2018/07/09 11:02:01 executed programs: 5531
2018/07/09 11:02:06 executed programs: 5755
2018/07/09 11:02:11 executed programs: 5973
2018/07/09 11:02:16 executed programs: 6197
2018/07/09 11:02:21 executed programs: 6425
2018/07/09 11:02:26 executed programs: 6659
2018/07/09 11:02:31 executed programs: 6881
2018/07/09 11:02:36 executed programs: 7111
2018/07/09 11:02:41 executed programs: 7332
[  243.983089] ==================================================================
[  243.990513] BUG: KASAN: use-after-free in __lock_acquire+0x3c66/0x5270
[  243.997166] Read of size 8 at addr ffff8800b91b2b20 by task syz-executor3/3120
[  244.004514] 
[  244.006133] CPU: 0 PID: 3120 Comm: syz-executor3 Not tainted 4.4.139-g7ba5557 #2
[  244.013648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  244.022990]  0000000000000000 aee4700576d5e4f2 ffff8801cd897a30 ffffffff81e0d58d
[  244.031029]  ffffea0002e46c00 ffff8800b91b2b20 0000000000000000 ffff8800b91b2b20
[  244.039064]  0000000000000000 ffff8801cd897a68 ffffffff81515a16 ffff8800b91b2b20
[  244.047141] Call Trace:
[  244.049855]  [<ffffffff81e0d58d>] dump_stack+0xc1/0x124
[  244.055207]  [<ffffffff81515a16>] print_address_description+0x6c/0x216
[  244.061860]  [<ffffffff81515d35>] kasan_report.cold.7+0x175/0x2f7
[  244.068077]  [<ffffffff81232c96>] ? __lock_acquire+0x3c66/0x5270
[  244.074208]  [<ffffffff814f9824>] __asan_report_load8_noabort+0x14/0x20
[  244.080936]  [<ffffffff81232c96>] __lock_acquire+0x3c66/0x5270
[  244.086887]  [<ffffffff81567d1f>] ? dput+0x1f/0x30
[  244.091813]  [<ffffffff81522fd1>] ? __fput+0x401/0x6f0
[  244.097074]  [<ffffffff81523345>] ? ____fput+0x15/0x20
[  244.102333]  [<ffffffff8118bd7f>] ? task_work_run+0x10f/0x190
[  244.108300]  [<ffffffff8100362d>] ? exit_to_usermode_loop+0x13d/0x160
[  244.114867]  [<ffffffff8122fab6>] ? __lock_acquire+0xa86/0x5270
[  244.121606]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[  244.128616]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[  244.135623]  [<ffffffff81e702bc>] ? debug_check_no_obj_freed+0x2ec/0x940
[  244.142463]  [<ffffffff81235a7e>] lock_acquire+0x15e/0x450
[  244.148081]  [<ffffffff82f257e3>] ? lock_sock_nested+0x43/0x120
[  244.154117]  [<ffffffff811c7e3d>] ? get_parent_ip+0xd/0x50
[  244.159726]  [<ffffffff82f19100>] ? sock_release+0x1c0/0x1c0
[  244.165524]  [<ffffffff838c0aca>] _raw_spin_lock_bh+0x3a/0x50
[  244.171911]  [<ffffffff82f257e3>] ? lock_sock_nested+0x43/0x120
[  244.177959]  [<ffffffff82f257e3>] lock_sock_nested+0x43/0x120
[  244.183841]  [<ffffffff835a67f0>] pppol2tp_release+0x50/0x310
[  244.189702]  [<ffffffff82f18fd6>] sock_release+0x96/0x1c0
[  244.195216]  [<ffffffff82f19116>] sock_close+0x16/0x20
[  244.200473]  [<ffffffff81522e05>] __fput+0x235/0x6f0
[  244.205557]  [<ffffffff81523345>] ____fput+0x15/0x20
[  244.210637]  [<ffffffff8118bd7f>] task_work_run+0x10f/0x190
[  244.216328]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[  244.222711]  [<ffffffff81007090>] do_fast_syscall_32+0x620/0x8b0
[  244.228848]  [<ffffffff838c31aa>] sysenter_flags_fixed+0xd/0x17
[  244.234895] 
[  244.236500] Allocated by task 3142:
[  244.240103]  [<ffffffff81033e46>] save_stack_trace+0x26/0x50
[  244.246004]  [<ffffffff814f88d3>] save_stack+0x43/0xd0
[  244.251399]  [<ffffffff814f8bb7>] kasan_kmalloc+0xc7/0xe0
[  244.257059]  [<ffffffff814f52d4>] __kmalloc+0x124/0x310
[  244.262530]  [<ffffffff82f246a4>] sk_prot_alloc+0x204/0x300
[  244.268337]  [<ffffffff82f2a07a>] sk_alloc+0x3a/0x3a0
[  244.273638]  [<ffffffff835a2713>] pppol2tp_create+0x33/0x1f0
[  244.279806]  [<ffffffff828f0a76>] pppox_create+0xf6/0x200
[  244.285447]  [<ffffffff82f1f500>] __sock_create+0x2f0/0x5f0
[  244.291255]  [<ffffffff82f1fa30>] SyS_socket+0xf0/0x1b0
[  244.296718]  [<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0
[  244.302974]  [<ffffffff838c31aa>] sysenter_flags_fixed+0xd/0x17
[  244.309132] 
[  244.310735] Freed by task 3120:
[  244.313986]  [<ffffffff81033e46>] save_stack_trace+0x26/0x50
[  244.319907]  [<ffffffff814f88d3>] save_stack+0x43/0xd0
[  244.325380]  [<ffffffff814f9202>] kasan_slab_free+0x72/0xc0
[  244.331194]  [<ffffffff814f6704>] kfree+0xf4/0x310
[  244.336218]  [<ffffffff82f2e527>] sk_destruct+0x407/0x4c0
[  244.341863]  [<ffffffff82f2e62f>] __sk_free+0x4f/0x220
[  244.347242]  [<ffffffff82f2e830>] sk_free+0x30/0x40
[  244.352374]  [<ffffffff835a5ccf>] pppol2tp_session_sock_put+0x5f/0x70
[  244.359070]  [<ffffffff8359e54c>] l2tp_tunnel_closeall+0x23c/0x350
[  244.365489]  [<ffffffff8359f0db>] l2tp_udp_encap_destroy+0x8b/0xf0
[  244.371910]  [<ffffffff83491411>] udpv6_destroy_sock+0xb1/0xd0
[  244.377989]  [<ffffffff82f2e8ad>] sk_common_release+0x6d/0x300
[  244.384057]  [<ffffffff834900c5>] udp_lib_close+0x15/0x20
[  244.389712]  [<ffffffff832f7b8f>] inet_release+0xff/0x1d0
[  244.395364]  [<ffffffff8341a7f0>] inet6_release+0x50/0x70
[  244.400998]  [<ffffffff82f18fd6>] sock_release+0x96/0x1c0
[  244.406631]  [<ffffffff82f19116>] sock_close+0x16/0x20
[  244.412005]  [<ffffffff81522e05>] __fput+0x235/0x6f0
[  244.417208]  [<ffffffff81523345>] ____fput+0x15/0x20
[  244.422412]  [<ffffffff8118bd7f>] task_work_run+0x10f/0x190
[  244.428232]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[  244.434750]  [<ffffffff81007090>] do_fast_syscall_32+0x620/0x8b0
[  244.440990]  [<ffffffff838c31aa>] sysenter_flags_fixed+0xd/0x17
[  244.447167] 
[  244.448795] The buggy address belongs to the object at ffff8800b91b2a80
[  244.448795]  which belongs to the cache kmalloc-2048 of size 2048
[  244.461699] The buggy address is located 160 bytes inside of
[  244.461699]  2048-byte region [ffff8800b91b2a80, ffff8800b91b3280)
[  244.473655] The buggy address belongs to the page:
[  244.502233] ------------[ cut here ]------------
[  244.507037] WARNING: CPU: 1 PID: 3898 at kernel/locking/lockdep.c:3190 __lock_acquire+0x265f/0x5270()
[  244.516391] DEBUG_LOCKS_WARN_ON(id >= MAX_LOCKDEP_KEYS)
[  244.521588] Kernel panic - not syncing: panic_on_warn set ...
[  244.521588] 
[  244.529269] CPU: 1 PID: 3898 Comm: syz-executor3 Not tainted 4.4.139-g7ba5557 #2
[  244.536830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  244.546192]  0000000000000000 88be353273ee2f47 ffff8801d8e67870 ffffffff81e0d58d
[  244.554285]  ffffffff83a43da0 ffff8801d9726000 ffffffff83a55c00 0000000000000009
[  244.562357]  0000000000000c76 ffff8801d8e67930 ffffffff8140a184 0000000041b58ab3
[  244.570426] Call Trace:
[  244.573013]  [<ffffffff81e0d58d>] dump_stack+0xc1/0x124
[  244.578383]  [<ffffffff8140a184>] panic+0x19e/0x38d
[  244.583407]  [<ffffffff81409fe6>] ? add_taint.cold.4+0x16/0x16
[  244.589565]  [<ffffffff8140a38d>] ? warn_slowpath_common.cold.6+0x5/0x20
[  244.596414]  [<ffffffff8140a3a8>] warn_slowpath_common.cold.6+0x20/0x20
[  244.603171]  [<ffffffff8123168f>] ? __lock_acquire+0x265f/0x5270
[  244.609326]  [<ffffffff8112ffff>] warn_slowpath_fmt+0xbf/0x100
[  244.615307]  [<ffffffff8112ff40>] ? warn_slowpath_common+0x120/0x120
[  244.621809]  [<ffffffff8122a1c0>] ? save_trace+0xe0/0x250
[  244.627356]  [<ffffffff8122d40f>] ? mark_lock+0x28f/0x1280
[  244.632987]  [<ffffffff8123168f>] __lock_acquire+0x265f/0x5270
[  244.639878]  [<ffffffff8122f030>] ? debug_check_no_locks_freed+0x210/0x210
[  244.646921]  [<ffffffff8129ad5b>] ? hrtimer_active+0x1cb/0x260
[  244.652904]  [<ffffffff811a3feb>] ? finish_task_switch+0x1bb/0x4e0
[  244.659234]  [<ffffffff838b1fe2>] ? __schedule+0x732/0x1d70
[  244.665108]  [<ffffffff81e6dd1e>] ? free_object+0x1e/0x2a0
[  244.670744]  [<ffffffff81235a7e>] lock_acquire+0x15e/0x450
[  244.676391]  [<ffffffff8115a164>] ? force_sig_info+0x54/0x310
[  244.682295]  [<ffffffff838c0de5>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[  244.689249]  [<ffffffff838c148e>] _raw_spin_lock_irqsave+0x4e/0x70
[  244.695579]  [<ffffffff8115a164>] ? force_sig_info+0x54/0x310
[  244.701504]  [<ffffffff8115a164>] force_sig_info+0x54/0x310
[  244.707223]  [<ffffffff81510857>] ? __check_object_size+0x217/0x327
[  244.713644]  [<ffffffff810d56d8>] force_sig_info_fault.constprop.23+0x158/0x1b0
[  244.721104]  [<ffffffff810d5580>] ? is_prefetch.isra.20+0x390/0x390
[  244.727519]  [<ffffffff810d51f0>] ? spurious_fault_check+0xb0/0xb0
[  244.733854]  [<ffffffff81229682>] ? __lock_is_held+0xa2/0xf0
[  244.739662]  [<ffffffff810d7249>] __bad_area_nosemaphore+0x219/0x310
[  244.746186]  [<ffffffff810d73e6>] bad_area+0x66/0x80
[  244.751304]  [<ffffffff810d7ea7>] __do_page_fault+0x767/0xa10
[  244.757201]  [<ffffffff810d8177>] do_page_fault+0x27/0x30
[  244.762752]  [<ffffffff838c2c48>] page_fault+0x28/0x30
[  245.911539] Shutting down cpus with NMI
[  245.916717] Dumping ftrace buffer:
[  245.920337]    (ftrace buffer empty)
[  245.924037] Kernel Offset: disabled
[  245.927637] Rebooting in 86400 seconds..