[ 13.536765] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available)
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 17.308904] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)
[ 17.628328] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)
[ 18.457663] random: sshd: uninitialized urandom read (32 bytes read, 104 bits of entropy available)
[ 18.613189] random: sshd: uninitialized urandom read (32 bytes read, 108 bits of entropy available)
Warning: Permanently added 'ci-android-44-kasan-gce-386-2,10.128.15.238' (ECDSA) to the list of known hosts.
[ 24.005064] random: sshd: uninitialized urandom read (32 bytes read, 113 bits of entropy available)
executing program
[ 24.099972] ==================================================================
[ 24.107367] BUG: KASAN: use-after-free in __lock_acquire+0x387e/0x4b50
[ 24.113998] Read of size 8 at addr ffff8800b4561c38 by task syzkaller926737/3303
[ 24.121494]
[ 24.123087] CPU: 0 PID: 3303 Comm: syzkaller926737 Not tainted 4.4.106-g1700518 #1
[ 24.130755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.140084] 0000000000000000 face907d7a8d95c7 ffff8801d17af850 ffffffff81d02f7d
[ 24.148029] ffffea0002d15800 ffff8800b4561c38 0000000000000000 ffff8800b4561c38
[ 24.155967] 0000000000000000 ffff8801d17af888 ffffffff814fa843 ffff8800b4561c38
[ 24.163911] Call Trace:
[ 24.166463] [<ffffffff81d02f7d>] dump_stack+0xc1/0x124
[ 24.171792] [<ffffffff814fa843>] print_address_description+0x73/0x260
[ 24.178421] [<ffffffff814fad55>] kasan_report+0x285/0x370
[ 24.184011] [<ffffffff81236eae>] ? __lock_acquire+0x387e/0x4b50
[ 24.190117] [<ffffffff814faeb4>] __asan_report_load8_noabort+0x14/0x20
[ 24.196832] [<ffffffff81236eae>] __lock_acquire+0x387e/0x4b50
[ 24.202767] [<ffffffff8123418f>] ? __lock_acquire+0xb5f/0x4b50
[ 24.208788] [<ffffffff81233630>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 24.215765] [<ffffffff81232dfb>] ? trace_hardirqs_on_caller+0x38b/0x590
[ 24.222568] [<ffffffff81233630>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 24.229545] [<ffffffff81233630>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 24.236519] [<ffffffff812399ee>] lock_acquire+0x15e/0x460
[ 24.242107] [<ffffffff8121c394>] ? remove_wait_queue+0x14/0x40
[ 24.248129] [<ffffffff8376eb3e>] _raw_spin_lock_irqsave+0x4e/0x70
[ 24.254411] [<ffffffff8121c394>] ? remove_wait_queue+0x14/0x40
[ 24.260432] [<ffffffff8121c394>] remove_wait_queue+0x14/0x40
[ 24.266281] [<ffffffff815f49f8>] ep_unregister_pollwait.isra.6+0xa8/0x220
[ 24.273257] [<ffffffff815f4a64>] ? ep_unregister_pollwait.isra.6+0x114/0x220
[ 24.280493] [<ffffffff815f5850>] ? ep_free+0x1c0/0x1c0
[ 24.285820] [<ffffffff815f5723>] ep_free+0x93/0x1c0
[ 24.290887] [<ffffffff815f5850>] ? ep_free+0x1c0/0x1c0
[ 24.296215] [<ffffffff815f5894>] ep_eventpoll_release+0x44/0x60
[ 24.302324] [<ffffffff8151fe83>] __fput+0x233/0x6d0
[ 24.307393] [<ffffffff815203a5>] ____fput+0x15/0x20
[ 24.312460] [<ffffffff81188c94>] task_work_run+0x104/0x180
[ 24.318137] [<ffffffff81130481>] do_exit+0x871/0x2a20
[ 24.323379] [<ffffffff8149e55d>] ? handle_mm_fault+0x192d/0x3190
[ 24.329573] [<ffffffff8149d022>] ? handle_mm_fault+0x3f2/0x3190
[ 24.335679] [<ffffffff8112fc10>] ? release_task+0x1240/0x1240
[ 24.341613] [<ffffffff811368f8>] do_group_exit+0x108/0x320
[ 24.347287] [<ffffffff81136b2d>] SyS_exit_group+0x1d/0x20
[ 24.352872] [<ffffffff81136b10>] ? do_group_exit+0x320/0x320
[ 24.358718] [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[ 24.364827] [<ffffffff837706d7>] sysenter_flags_fixed+0xd/0x17
[ 24.370845]
[ 24.372440] Allocated by task 3303:
[ 24.376027] [<ffffffff81035c86>] save_stack_trace+0x26/0x50
[ 24.381900] [<ffffffff814f98b3>] save_stack+0x43/0xd0
[ 24.387251] [<ffffffff814f9b7d>] kasan_kmalloc+0xad/0xe0
[ 24.392862] [<ffffffff814f5b30>] kmem_cache_alloc_trace+0x100/0x2b0
[ 24.399427] [<ffffffff82c784f1>] binder_get_thread+0x181/0x7a0
[ 24.405559] [<ffffffff82c78b5a>] binder_poll+0x4a/0x210
[ 24.411081] [<ffffffff815f8881>] SyS_epoll_ctl+0x10b1/0x2050
[ 24.417042] [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[ 24.423264] [<ffffffff837706d7>] sysenter_flags_fixed+0xd/0x17
[ 24.429398]
[ 24.430992] Freed by task 3303:
[ 24.434237] [<ffffffff81035c86>] save_stack_trace+0x26/0x50
[ 24.440112] [<ffffffff814f98b3>] save_stack+0x43/0xd0
[ 24.445466] [<ffffffff814fa1d2>] kasan_slab_free+0x72/0xc0
[ 24.451249] [<ffffffff814f6c59>] kfree+0xe9/0x2f0
[ 24.456252] [<ffffffff82c71a41>] binder_thread_dec_tmpref+0x1c1/0x250
[ 24.462993] [<ffffffff82c7257d>] binder_thread_release+0x27d/0x540
[ 24.469476] [<ffffffff82c8d1f4>] binder_ioctl+0xb94/0x12e0
[ 24.475269] [<ffffffff8161c27a>] compat_SyS_ioctl+0x28a/0x2540
[ 24.481406] [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890
[ 24.487626] [<ffffffff837706d7>] sysenter_flags_fixed+0xd/0x17
[ 24.493757]
[ 24.495348] The buggy address belongs to the object at ffff8800b4561b80
[ 24.495348] which belongs to the cache kmalloc-512 of size 512
[ 24.507966] The buggy address is located 184 bytes inside of
[ 24.507966] 512-byte region [ffff8800b4561b80, ffff8800b4561d80)
[ 24.519802] The buggy address belongs to the page:
[ 25.976602] PANIC: double fault, error_code: 0x0
[ 25.981374] CPU: 0 PID: 3303 Comm: syzkaller926737 Not tainted 4.4.106-g1700518 #1
[ 25.989044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 25.998363] task: ffff8801d18497c0 task.stack: ffff8801d17a8000
[ 26.004381] RIP: 0010:[<ffffffff8148d16a>] [<ffffffff8148d16a>] dump_page_badflags+0x1a/0x250
[ 26.013213] RSP: 0018:ffff880100000000 EFLAGS: 00010086
[ 26.018625] RAX: ffff8801d18497c0 RBX: ffffea0002d15800 RCX: ffffffff8148d2d0
[ 26.025859] RDX: 0000000000000000 RSI: ffffffff838a7e20 RDI: ffffea0002d15800
[ 26.033093] RBP: ffff880100000030 R08: 0000000000000001 R09: 0000000000000000
[ 26.040331] R10: 0000000000000002 R11: fffffbfff0ad581e R12: 0000000000000000
[ 26.047564] R13: ffffffff838a7e20 R14: 0000000000000000 R15: 0000000000000000
[ 26.054800] FS: 0000000000000000(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
[ 26.062993] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 26.068840] CR2: ffff8800fffffff8 CR3: 000000000420b000 CR4: 00000000001406f0
[ 26.076076] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 26.083311] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 26.090541] Stack:
[ 26.092653]
[ 26.094244] Call Trace:
[ 26.096801] <UNK>
[ 26.098824] Code: dd 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 41 54 49 89 d4 53 48 89 fb 48 83 ec 08 <e8> 51 f8 ec ff 48 8d 7b 10 48 b8 00 00 00 00 00 fc ff df 48 89
[ 26.125386] Kernel panic - not syncing: Machine halted.
[ 26.130714] CPU: 0 PID: 3303 Comm: syzkaller926737 Not tainted 4.4.106-g1700518 #1
[ 26.138382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.147700] 0000000000000000 face907d7a8d95c7 ffff8801db409e38 ffffffff81d02f7d
[ 26.155639] ffffffff83836620 ffff8801db409f10 ffffffff83808040 ffff880100000000
[ 26.163580] 0000000000000000 ffff8801db409f00 ffffffff8141654a 0000000041b58ab3
[ 26.171517] Call Trace:
[ 26.174062] <#DF> [<ffffffff81d02f7d>] dump_stack+0xc1/0x124
[ 26.180119] [<ffffffff8141654a>] panic+0x1aa/0x388
[ 26.185099] [<ffffffff814163a0>] ? percpu_up_read.constprop.46+0xe1/0xe1
[ 26.191988] [<ffffffff812664c2>] ? vprintk_emit+0x242/0x850
[ 26.197747] [<ffffffff8148d17f>] ? dump_page_badflags+0x2f/0x250
[ 26.203940] [<ffffffff812664c2>] ? vprintk_emit+0x242/0x850
[ 26.209702] [<ffffffff810c9f5d>] df_debug+0x2d/0x30
[ 26.214770] [<ffffffff81012d2b>] do_double_fault+0x10b/0x210
[ 26.220618] [<ffffffff8376ff0d>] double_fault+0x2d/0x40
[ 26.226031] [<ffffffff8148d2d0>] ? dump_page_badflags+0x180/0x250
[ 26.232311] [<ffffffff8148d16a>] ? dump_page_badflags+0x1a/0x250
[ 26.238501] <<EOE>> <UNK>
[ 26.241785] Dumping ftrace buffer:
[ 26.245574] (ftrace buffer empty)
[ 26.249246] Kernel Offset: disabled
[ 26.252835] Rebooting in 86400 seconds..