[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 16.161682] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 20.560731] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[ 20.834786] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[ 21.715218] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available)
[ 21.896962] random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available)
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
[ 27.291014] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available)
executing program
[ 27.383940] ==================================================================
[ 27.391328] BUG: KASAN: use-after-free in __lock_acquire+0x387e/0x4b50
[ 27.397966] Read of size 8 at addr ffff8800b452e338 by task syzkaller122217/3318
[ 27.405463]
[ 27.407062] CPU: 0 PID: 3318 Comm: syzkaller122217 Not tainted 4.4.112-g5f6325b #28
[ 27.414829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 27.424156] 0000000000000000 1df7b856bd7928f6 ffff8801d0d8f8d0 ffffffff81d0579d
[ 27.432120] ffffea0002d14b80 ffff8800b452e338 0000000000000000 ffff8800b452e338
[ 27.440086] 0000000000000000 ffff8801d0d8f908 ffffffff814fd9f3 ffff8800b452e338
[ 27.448051] Call Trace:
[ 27.450610] [<ffffffff81d0579d>] dump_stack+0xc1/0x124
[ 27.455942] [<ffffffff814fd9f3>] print_address_description+0x73/0x260
[ 27.462576] [<ffffffff814fdf05>] kasan_report+0x285/0x370
[ 27.468169] [<ffffffff81239d1e>] ? __lock_acquire+0x387e/0x4b50
[ 27.474284] [<ffffffff814fe064>] __asan_report_load8_noabort+0x14/0x20
[ 27.481007] [<ffffffff81239d1e>] __lock_acquire+0x387e/0x4b50
[ 27.486948] [<ffffffff81236fff>] ? __lock_acquire+0xb5f/0x4b50
[ 27.492974] [<ffffffff812364a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 27.499961] [<ffffffff812364a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 27.506945] [<ffffffff8123588f>] ? mark_held_locks+0xaf/0x100
[ 27.512886] [<ffffffff8123c85e>] lock_acquire+0x15e/0x460
[ 27.518480] [<ffffffff8121f204>] ? remove_wait_queue+0x14/0x40
[ 27.524509] [<ffffffff8377606e>] _raw_spin_lock_irqsave+0x4e/0x70
[ 27.530798] [<ffffffff8121f204>] ? remove_wait_queue+0x14/0x40
[ 27.536824] [<ffffffff8121f204>] remove_wait_queue+0x14/0x40
[ 27.542681] [<ffffffff815f6df8>] ep_unregister_pollwait.isra.6+0xa8/0x220
[ 27.549664] [<ffffffff815f6e64>] ? ep_unregister_pollwait.isra.6+0x114/0x220
[ 27.556993] [<ffffffff815f7c50>] ? ep_free+0x1c0/0x1c0
[ 27.562324] [<ffffffff815f7b23>] ep_free+0x93/0x1c0
[ 27.567395] [<ffffffff815f7c50>] ? ep_free+0x1c0/0x1c0
[ 27.572728] [<ffffffff815f7c94>] ep_eventpoll_release+0x44/0x60
[ 27.578844] [<ffffffff81523033>] __fput+0x233/0x6d0
[ 27.583922] [<ffffffff81523555>] ____fput+0x15/0x20
[ 27.588999] [<ffffffff8118bb54>] task_work_run+0x104/0x180
[ 27.594681] [<ffffffff81132f21>] do_exit+0x871/0x2a20
[ 27.599929] [<ffffffff811326b0>] ? release_task+0x1240/0x1240
[ 27.605873] [<ffffffff815f9bd0>] ? SyS_epoll_create+0x190/0x190
[ 27.611989] [<ffffffff81139398>] do_group_exit+0x108/0x320
[ 27.617678] [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[ 27.624144] [<ffffffff811395cd>] SyS_exit_group+0x1d/0x20
[ 27.629752] [<ffffffff83776499>] entry_SYSCALL_64_fastpath+0x16/0x92
[ 27.636297]
[ 27.637894] Allocated by task 3318:
[ 27.641487] [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[ 27.647386] [<ffffffff814fca63>] save_stack+0x43/0xd0
[ 27.652748] [<ffffffff814fcd2d>] kasan_kmalloc+0xad/0xe0
[ 27.658381] [<ffffffff814f8ca0>] kmem_cache_alloc_trace+0x100/0x2b0
[ 27.664967] [<ffffffff82c7f5e1>] binder_get_thread+0x181/0x7a0
[ 27.671116] [<ffffffff82c7fc4a>] binder_poll+0x4a/0x210
[ 27.676651] [<ffffffff815fac81>] SyS_epoll_ctl+0x10b1/0x2050
[ 27.682623] [<ffffffff83776499>] entry_SYSCALL_64_fastpath+0x16/0x92
[ 27.689290]
[ 27.690891] Freed by task 3318:
[ 27.694136] [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[ 27.700026] [<ffffffff814fca63>] save_stack+0x43/0xd0
[ 27.705387] [<ffffffff814fd382>] kasan_slab_free+0x72/0xc0
[ 27.711182] [<ffffffff814f9e0c>] kfree+0xfc/0x300
[ 27.716200] [<ffffffff82c78b31>] binder_thread_dec_tmpref+0x1c1/0x250
[ 27.722949] [<ffffffff82c7966d>] binder_thread_release+0x27d/0x540
[ 27.729437] [<ffffffff82c942d4>] binder_ioctl+0xb94/0x12e0
[ 27.735247] [<ffffffff81559a6a>] do_vfs_ioctl+0x7aa/0xee0
[ 27.740969] [<ffffffff8155a22f>] SyS_ioctl+0x8f/0xc0
[ 27.746250] [<ffffffff83776499>] entry_SYSCALL_64_fastpath+0x16/0x92
[ 27.752921]
[ 27.754518] The buggy address belongs to the object at ffff8800b452e280
[ 27.754518] which belongs to the cache kmalloc-512 of size 512
[ 27.767143] The buggy address is located 184 bytes inside of
[ 27.767143] 512-byte region [ffff8800b452e280, ffff8800b452e480)
[ 27.778985] The buggy address belongs to the page:
[ 27.804981] ------------[ cut here ]------------
[ 27.809788] WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:263 debug_print_object+0x17d/0x220()
[ 27.818451] ODEBUG: deactivate not available (active state 0) object type: hrtimer hint: 0x8948fff8aa88e883
[ 27.828466] Kernel panic - not syncing: panic_on_warn set ...
[ 27.828466]
[ 27.835833] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.112-g5f6325b #28
[ 27.842837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 27.852187] 0000000000000000 24f88085db7b84d3 ffff8801db307ac8 ffffffff81d0579d
[ 27.860256] ffffffff83843200 ffff8801db307ba0 ffffffff839fe0a0 0000000000000009
[ 27.868304] 0000000000000107 ffff8801db307b90 ffffffff81419e6a 0000000041b58ab3
[ 27.876342] Call Trace:
[ 27.878917] <IRQ> [<ffffffff81d0579d>] dump_stack+0xc1/0x124
[ 27.885035] [<ffffffff81419e6a>] panic+0x1aa/0x388
[ 27.890056] [<ffffffff81419cc0>] ? percpu_up_read.constprop.45+0xe1/0xe1
[ 27.896992] [<ffffffff8112d81a>] ? warn_slowpath_common+0x10a/0x140
[ 27.903494] [<ffffffff8112d835>] warn_slowpath_common+0x125/0x140
[ 27.909817] [<ffffffff81d6603d>] ? debug_print_object+0x17d/0x220
[ 27.916140] [<ffffffff8112d911>] warn_slowpath_fmt+0xc1/0x110
[ 27.922118] [<ffffffff8112d850>] ? warn_slowpath_common+0x140/0x140
[ 27.928619] [<ffffffff812aa330>] ? ktime_add_safe+0xa0/0xa0
[ 27.934507] [<ffffffff81d6603d>] debug_print_object+0x17d/0x220
[ 27.940654] [<ffffffff81d6780d>] debug_object_deactivate+0x25d/0x3c0
[ 27.947239] [<ffffffff81d675b0>] ? debug_object_activate+0x500/0x500
[ 27.953817] [<ffffffff8148ff50>] ? dump_page_badflags+0x190/0x250
[ 27.960137] [<ffffffff8122f1d1>] ? __lock_is_held+0xa1/0xf0
[ 27.965943] [<ffffffff8148ff50>] ? dump_page_badflags+0x190/0x250
[ 27.972266] [<ffffffff812acba2>] __hrtimer_run_queues+0x492/0xfe0
[ 27.978590] [<ffffffff812ac710>] ? hrtimer_fixup_init+0x70/0x70
[ 27.984746] [<ffffffff812aee71>] ? hrtimer_interrupt+0x131/0x440
[ 27.990986] [<ffffffff812aeee6>] hrtimer_interrupt+0x1a6/0x440
[ 27.997049] [<ffffffff810b0dda>] local_apic_timer_interrupt+0x6a/0xb0
[ 28.003726] [<ffffffff837790f6>] smp_apic_timer_interrupt+0x76/0xa0
[ 28.010224] [<ffffffff83778050>] apic_timer_interrupt+0xa0/0xb0
[ 28.016360] <EOI> [<ffffffff810d0526>] ? native_safe_halt+0x6/0x10
[ 28.023014] [<ffffffff81235e7d>] ? trace_hardirqs_on+0xd/0x10
[ 28.028988] [<ffffffff81027ee5>] default_idle+0x55/0x3c0
[ 28.034533] [<ffffffff8102945a>] arch_cpu_idle+0xa/0x10
[ 28.039990] [<ffffffff81220578>] default_idle_call+0x48/0x70
[ 28.045892] [<ffffffff81220c85>] cpu_startup_entry+0x605/0x820
[ 28.051962] [<ffffffff81220680>] ? call_cpuidle+0xe0/0xe0
[ 28.057592] [<ffffffff812cdb02>] ? clockevents_register_device+0x122/0x230
[ 28.064698] [<ffffffff810adc64>] start_secondary+0x304/0x3e0
[ 28.070594] [<ffffffff810ad960>] ? set_cpu_sibling_map+0x1040/0x1040
[ 29.196380] Shutting down cpus with NMI
[ 29.201113] Dumping ftrace buffer:
[ 29.204917] (ftrace buffer empty)
[ 29.208604] Kernel Offset: disabled
[ 29.212339] Rebooting in 86400 seconds..