[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   21.814388] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   27.794856] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   28.152741] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   28.865615] random: sshd: uninitialized urandom read (32 bytes read, 71 bits of entropy available)
[   29.026825] random: sshd: uninitialized urandom read (32 bytes read, 73 bits of entropy available)
Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts.
[   34.536014] random: sshd: uninitialized urandom read (32 bytes read, 77 bits of entropy available)
2018/08/17 23:46:40 parsed 1 programs
[   36.112489] random: cc1: uninitialized urandom read (8 bytes read, 79 bits of entropy available)
2018/08/17 23:46:42 executed programs: 0
[   37.196515] IPVS: Creating netns size=2552 id=1
[   37.309053] IPVS: Creating netns size=2552 id=2
[   37.371573] IPVS: Creating netns size=2552 id=3
[   37.459627] IPVS: Creating netns size=2552 id=4
[   37.593344] IPVS: Creating netns size=2552 id=5
[   37.770740] IPVS: Creating netns size=2552 id=6
[   38.007416] IPVS: Creating netns size=2552 id=7
[   38.100791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.196515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.254826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.296823] IPVS: Creating netns size=2552 id=8
[   38.367946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.577317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.637008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.660899] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.728246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.783914] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.821554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   39.129309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   39.205947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   39.218218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   39.232562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.243924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.293417] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   39.302907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.314982] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.415333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.425841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.453760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   39.501188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.513426] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   39.535198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.569596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   39.581557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   39.606103] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.650234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.658368] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   39.716579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   39.813678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.825954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.061562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   40.074842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   40.127076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   40.151522] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   40.168107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   40.179255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   40.222854] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   40.236187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   40.282849] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   40.347365] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   40.432257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.455486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.491484] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   40.545593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   40.563857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   40.585123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   40.603390] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   40.632598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   40.687356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.720581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.762201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.845587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.876422] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   40.926584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   40.979805] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   41.078045] ip (4566) used greatest stack depth: 23920 bytes left
[   41.086359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   41.186997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.228599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.314295] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   41.413151] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   41.513400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.568945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   43.975793] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   43.997204] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.021450] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.211649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.307095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.329435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.466650] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.575933] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.701933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.766839] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.845421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.036675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.073320] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.293399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.355879] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.632432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/08/17 23:46:51 executed programs: 8
2018/08/17 23:46:56 executed programs: 194
2018/08/17 23:47:01 executed programs: 400
2018/08/17 23:47:06 executed programs: 599
2018/08/17 23:47:11 executed programs: 796
[   70.539082] ==================================================================
[   70.546786] BUG: KASAN: use-after-free in __lock_acquire+0x3c66/0x5270
[   70.553463] Read of size 8 at addr ffff8801d81722a0 by task syz-executor5/9717
[   70.560807] 
[   70.562437] CPU: 0 PID: 9717 Comm: syz-executor5 Not tainted 4.4.149-gf76bdbd #18
[   70.570390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.579839]  0000000000000000 616d041d9a35a7a7 ffff8800b3bf7a30 ffffffff81e1440d
[   70.588003]  ffffea0007605c00 ffff8801d81722a0 0000000000000000 ffff8801d81722a0
[   70.596023]  0000000000000000 ffff8800b3bf7a68 ffffffff81519a00 ffff8801d81722a0
[   70.604093] Call Trace:
[   70.606670]  [<ffffffff81e1440d>] dump_stack+0xc1/0x124
[   70.612046]  [<ffffffff81519a00>] print_address_description+0x6c/0x216
[   70.618765]  [<ffffffff81519d1f>] kasan_report.cold.7+0x175/0x2f7
[   70.625128]  [<ffffffff81235806>] ? __lock_acquire+0x3c66/0x5270
[   70.631298]  [<ffffffff814fd574>] __asan_report_load8_noabort+0x14/0x20
[   70.638063]  [<ffffffff81235806>] __lock_acquire+0x3c66/0x5270
[   70.644392]  [<ffffffff8156bcff>] ? dput+0x1f/0x30
[   70.649324]  [<ffffffff81526fb1>] ? __fput+0x401/0x6f0
[   70.654612]  [<ffffffff81527325>] ? ____fput+0x15/0x20
[   70.659891]  [<ffffffff8118e8ef>] ? task_work_run+0x10f/0x190
[   70.666359]  [<ffffffff8100362d>] ? exit_to_usermode_loop+0x13d/0x160
[   70.674858]  [<ffffffff81232626>] ? __lock_acquire+0xa86/0x5270
[   70.680897]  [<ffffffff81231ba0>] ? debug_check_no_locks_freed+0x210/0x210
[   70.688327]  [<ffffffff81231ba0>] ? debug_check_no_locks_freed+0x210/0x210
[   70.695340]  [<ffffffff81e770ec>] ? debug_check_no_obj_freed+0x2ec/0x940
[   70.702204]  [<ffffffff812385ee>] lock_acquire+0x15e/0x450
[   70.707833]  [<ffffffff82f2da53>] ? lock_sock_nested+0x43/0x120
[   70.713885]  [<ffffffff811ca9ad>] ? get_parent_ip+0xd/0x50
[   70.720726]  [<ffffffff82f21360>] ? sock_release+0x1c0/0x1c0
[   70.726511]  [<ffffffff838c98da>] _raw_spin_lock_bh+0x3a/0x50
[   70.732394]  [<ffffffff82f2da53>] ? lock_sock_nested+0x43/0x120
[   70.738446]  [<ffffffff82f2da53>] lock_sock_nested+0x43/0x120
[   70.744351]  [<ffffffff835af5a0>] pppol2tp_release+0x50/0x310
[   70.751451]  [<ffffffff82f21236>] sock_release+0x96/0x1c0
[   70.756985]  [<ffffffff82f21376>] sock_close+0x16/0x20
[   70.762250]  [<ffffffff81526de5>] __fput+0x235/0x6f0
[   70.767482]  [<ffffffff81527325>] ____fput+0x15/0x20
[   70.772607]  [<ffffffff8118e8ef>] task_work_run+0x10f/0x190
[   70.778310]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   70.784711]  [<ffffffff8100708e>] do_fast_syscall_32+0x61e/0x8b0
[   70.790858]  [<ffffffff838cbfc3>] sysenter_flags_fixed+0xd/0x1a
[   70.796993] 
[   70.798626] Allocated by task 9726:
[   70.802241]  [<ffffffff81034676>] save_stack_trace+0x26/0x50
[   70.808207]  [<ffffffff814fc623>] save_stack+0x43/0xd0
[   70.813728]  [<ffffffff814fc907>] kasan_kmalloc+0xc7/0xe0
[   70.819834]  [<ffffffff814f9044>] __kmalloc+0x124/0x310
[   70.825322]  [<ffffffff82f2c914>] sk_prot_alloc+0x204/0x300
[   70.831144]  [<ffffffff82f322ea>] sk_alloc+0x3a/0x3a0
[   70.836467]  [<ffffffff835ab4c3>] pppol2tp_create+0x33/0x1f0
[   70.842368]  [<ffffffff828f8286>] pppox_create+0xf6/0x200
[   70.848056]  [<ffffffff82f27760>] __sock_create+0x2f0/0x5f0
[   70.853897]  [<ffffffff82f27c90>] SyS_socket+0xf0/0x1b0
[   70.859385]  [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[   70.865669]  [<ffffffff838cbfc3>] sysenter_flags_fixed+0xd/0x1a
[   70.872915] 
[   70.874532] Freed by task 9717:
[   70.877809]  [<ffffffff81034676>] save_stack_trace+0x26/0x50
[   70.883751]  [<ffffffff814fc623>] save_stack+0x43/0xd0
[   70.889167]  [<ffffffff814fcf52>] kasan_slab_free+0x72/0xc0
[   70.895004]  [<ffffffff814fa4b4>] kfree+0xf4/0x310
[   70.900040]  [<ffffffff82f367a7>] sk_destruct+0x407/0x4c0
[   70.905705]  [<ffffffff82f368af>] __sk_free+0x4f/0x220
[   70.911123]  [<ffffffff82f36ab0>] sk_free+0x30/0x40
[   70.916353]  [<ffffffff835aea7f>] pppol2tp_session_sock_put+0x5f/0x70
[   70.923057]  [<ffffffff835a72fc>] l2tp_tunnel_closeall+0x23c/0x350
[   70.929513]  [<ffffffff835a7e8b>] l2tp_udp_encap_destroy+0x8b/0xf0
[   70.935950]  [<ffffffff83499e91>] udpv6_destroy_sock+0xb1/0xd0
[   70.942730]  [<ffffffff82f36b2d>] sk_common_release+0x6d/0x300
[   70.948841]  [<ffffffff83498b45>] udp_lib_close+0x15/0x20
[   70.954797]  [<ffffffff833004af>] inet_release+0xff/0x1d0
[   70.960567]  [<ffffffff83423140>] inet6_release+0x50/0x70
[   70.966258]  [<ffffffff82f21236>] sock_release+0x96/0x1c0
[   70.971940]  [<ffffffff82f21376>] sock_close+0x16/0x20
[   70.977343]  [<ffffffff81526de5>] __fput+0x235/0x6f0
[   70.982577]  [<ffffffff81527325>] ____fput+0x15/0x20
[   70.987881]  [<ffffffff8118e8ef>] task_work_run+0x10f/0x190
[   70.993719]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   71.000264]  [<ffffffff8100708e>] do_fast_syscall_32+0x61e/0x8b0
[   71.006742]  [<ffffffff838cbfc3>] sysenter_flags_fixed+0xd/0x1a
[   71.013052] 
[   71.014663] The buggy address belongs to the object at ffff8801d8172200
[   71.014663]  which belongs to the cache kmalloc-2048 of size 2048
[   71.027494] The buggy address is located 160 bytes inside of
[   71.027494]  2048-byte region [ffff8801d8172200, ffff8801d8172a00)
[   71.039459] The buggy address belongs to the page:
[   71.049907] ------------[ cut here ]------------
[   71.054746] WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:263 debug_print_object+0x181/0x210()
[   71.063430] ODEBUG: deactivate not available (active state 0) object type: hrtimer hint: hrtimer_wakeup+0x0/0x60
[   71.074345] Kernel panic - not syncing: panic_on_warn set ...
[   71.074345] 
[   71.082210] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.149-gf76bdbd #18
[   71.089234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.098618]  0000000000000000 68a156150ce39776 ffff8801db307aa8 ffffffff81e1440d
[   71.106774]  ffffffff83a44e40 ffff8801d9a41800 ffffffff83c159c0 0000000000000009
[   71.114855]  0000000000000107 ffff8801db307b68 ffffffff8140cf84 0000000041b58ab3
[   71.122960] Call Trace:
[   71.125977]  <IRQ>  [<ffffffff81e1440d>] dump_stack+0xc1/0x124
[   71.132132]  [<ffffffff8140cf84>] panic+0x19e/0x38d
[   71.141746]  [<ffffffff8140cde6>] ? add_taint.cold.4+0x16/0x16
[   71.147732]  [<ffffffff8140d18d>] ? warn_slowpath_common.cold.6+0x5/0x20
[   71.155052]  [<ffffffff8140d1a8>] warn_slowpath_common.cold.6+0x20/0x20
[   71.161817]  [<ffffffff81e749e1>] ? debug_print_object+0x181/0x210
[   71.168148]  [<ffffffff8129d550>] ? ktime_add_safe+0x150/0x150
[   71.174141]  [<ffffffff81132acf>] warn_slowpath_fmt+0xbf/0x100
[   71.180136]  [<ffffffff81132a10>] ? warn_slowpath_common+0x120/0x120
[   71.186645]  [<ffffffff81e749e1>] debug_print_object+0x181/0x210
[   71.192803]  [<ffffffff8129e280>] ? clock_was_set_work+0x30/0x30
[   71.199832]  [<ffffffff81e75f28>] debug_object_deactivate+0x208/0x340
[   71.209965]  [<ffffffff81e75d20>] ? debug_object_activate+0x480/0x480
[   71.218257]  [<ffffffff8122c1f2>] ? __lock_is_held+0xa2/0xf0
[   71.224555]  [<ffffffff812a0772>] __hrtimer_run_queues+0x222/0x1000
[   71.231168]  [<ffffffff812a0550>] ? retrigger_next_event+0x1c0/0x1c0
[   71.238210]  [<ffffffff810cdee3>] ? kvm_clock_read+0x23/0x40
[   71.246169]  [<ffffffff810cdf09>] ? kvm_clock_get_cycles+0x9/0x10
[   71.252603]  [<ffffffff812a20cb>] ? hrtimer_interrupt+0x20b/0x430
[   71.261470]  [<ffffffff812a2071>] hrtimer_interrupt+0x1b1/0x430
[   71.271266]  [<ffffffff810af544>] local_apic_timer_interrupt+0x74/0xa0
[   71.280190]  [<ffffffff838cd2dc>] smp_apic_timer_interrupt+0x7c/0xa0
[   71.288375]  [<ffffffff838cc220>] apic_timer_interrupt+0xa0/0xb0
[   71.294995]  <EOI>  [<ffffffff838c9b8e>] ? _raw_spin_unlock_irq+0x2e/0x50
[   71.307080]  [<ffffffff838c9b87>] ? _raw_spin_unlock_irq+0x27/0x50
[   71.316302]  [<ffffffff811a6b87>] finish_task_switch+0x1e7/0x4e0
[   71.324635]  [<ffffffff811a6b5b>] ? finish_task_switch+0x1bb/0x4e0
[   71.331410]  [<ffffffff838bae54>] ? __schedule+0x794/0x1d70
[   71.337131]  [<ffffffff838bae60>] ? __schedule+0x7a0/0x1d70
[   71.350917]  [<ffffffff838bae54>] ? __schedule+0x794/0x1d70
[   71.356650]  [<ffffffff838bae94>] __schedule+0x7d4/0x1d70
[   71.362212]  [<ffffffff81e73f4b>] ? check_preemption_disabled+0x3b/0x170
[   71.370632]  [<ffffffff838bc62a>] schedule+0x7a/0x1b0
[   71.380625]  [<ffffffff838bcdc3>] schedule_preempt_disabled+0x13/0x20
[   71.387228]  [<ffffffff8121eb32>] cpu_startup_entry+0x2c2/0x780
[   71.395914]  [<ffffffff8121e870>] ? call_cpuidle+0xe0/0xe0
[   71.402896]  [<ffffffff810ac119>] start_secondary+0x329/0x400
[   71.409249]  [<ffffffff810abdf0>] ? set_cpu_sibling_map+0x1180/0x1180
[   72.646453] Shutting down cpus with NMI
[   72.654724] Dumping ftrace buffer:
[   72.662037]    (ftrace buffer empty)
[   72.665782] Kernel Offset: disabled
[   72.669824] Rebooting in 86400 seconds..