[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 16.552980] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 19.438334] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[ 19.806225] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[ 20.657928] random: sshd: uninitialized urandom read (32 bytes read, 101 bits of entropy available)
[ 20.901525] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available)
Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
[ 26.288691] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available)
executing program
[ 26.388704] ==================================================================
[ 26.396094] BUG: KASAN: use-after-free in __lock_acquire+0x387e/0x4b50
[ 26.402733] Read of size 8 at addr ffff8801d0813c38 by task syzkaller259577/3317
[ 26.410240]
[ 26.411837] CPU: 0 PID: 3317 Comm: syzkaller259577 Not tainted 4.4.113-ge70c132 #34
[ 26.419595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.428921] 0000000000000000 61501b90c7ed09df ffff8801d13a78f0 ffffffff81d0278d
[ 26.436886] ffffea0007420480 ffff8801d0813c38 0000000000000000 ffff8801d0813c38
[ 26.444846] 0000000000000000 ffff8801d13a7928 ffffffff814fd053 ffff8801d0813c38
[ 26.452820] Call Trace:
[ 26.455379] [<ffffffff81d0278d>] dump_stack+0xc1/0x124
[ 26.460711] [<ffffffff814fd053>] print_address_description+0x73/0x260
[ 26.467349] [<ffffffff814fd565>] kasan_report+0x285/0x370
[ 26.472942] [<ffffffff81239c3e>] ? __lock_acquire+0x387e/0x4b50
[ 26.479065] [<ffffffff814fd6c4>] __asan_report_load8_noabort+0x14/0x20
[ 26.485787] [<ffffffff81239c3e>] __lock_acquire+0x387e/0x4b50
[ 26.491725] [<ffffffff81236f1f>] ? __lock_acquire+0xb5f/0x4b50
[ 26.497750] [<ffffffff812363c0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 26.504732] [<ffffffff812363c0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 26.511713] [<ffffffff812357af>] ? mark_held_locks+0xaf/0x100
[ 26.517652] [<ffffffff8123c77e>] lock_acquire+0x15e/0x460
[ 26.523244] [<ffffffff8121f0a4>] ? remove_wait_queue+0x14/0x40
[ 26.529272] [<ffffffff8377172e>] _raw_spin_lock_irqsave+0x4e/0x70
[ 26.535560] [<ffffffff8121f0a4>] ? remove_wait_queue+0x14/0x40
[ 26.541586] [<ffffffff8121f0a4>] remove_wait_queue+0x14/0x40
[ 26.547440] [<ffffffff815f57d8>] ep_unregister_pollwait.isra.6+0xa8/0x220
[ 26.554421] [<ffffffff815f5844>] ? ep_unregister_pollwait.isra.6+0x114/0x220
[ 26.561664] [<ffffffff815f6630>] ? ep_free+0x1c0/0x1c0
[ 26.566998] [<ffffffff815f6503>] ep_free+0x93/0x1c0
[ 26.572078] [<ffffffff815f6630>] ? ep_free+0x1c0/0x1c0
[ 26.577412] [<ffffffff815f6674>] ep_eventpoll_release+0x44/0x60
[ 26.583532] [<ffffffff81522363>] __fput+0x233/0x6d0
[ 26.588608] [<ffffffff81522885>] ____fput+0x15/0x20
[ 26.593681] [<ffffffff8118b9d4>] task_work_run+0x104/0x180
[ 26.599362] [<ffffffff81132f7a>] do_exit+0x82a/0x2a10
[ 26.604608] [<ffffffff82c8f5a0>] ? binder_ioctl_write_read.isra.55+0xbc0/0xbc0
[ 26.612022] [<ffffffff81132750>] ? release_task+0x1240/0x1240
[ 26.617960] [<ffffffff815f85a0>] ? SyS_epoll_create+0x190/0x190
[ 26.624075] [<ffffffff81139418>] do_group_exit+0x108/0x320
[ 26.629764] [<ffffffff81003044>] ? lockdep_sys_exit_thunk+0x12/0x14
[ 26.636225] [<ffffffff8113964d>] SyS_exit_group+0x1d/0x20
[ 26.641816] [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 26.648360]
[ 26.649955] Allocated by task 3317:
[ 26.653548] [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[ 26.659433] [<ffffffff814fc0c3>] save_stack+0x43/0xd0
[ 26.664797] [<ffffffff814fc38d>] kasan_kmalloc+0xad/0xe0
[ 26.670414] [<ffffffff814f8310>] kmem_cache_alloc_trace+0x100/0x2b0
[ 26.676986] [<ffffffff82c7b46d>] binder_get_thread+0x15d/0x750
[ 26.683129] [<ffffffff82c7baaa>] binder_poll+0x4a/0x210
[ 26.688662] [<ffffffff815f9651>] SyS_epoll_ctl+0x10b1/0x2040
[ 26.694628] [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 26.701290]
[ 26.702887] Freed by task 3317:
[ 26.706130] [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[ 26.712022] [<ffffffff814fc0c3>] save_stack+0x43/0xd0
[ 26.717389] [<ffffffff814fc9e2>] kasan_slab_free+0x72/0xc0
[ 26.723189] [<ffffffff814f947c>] kfree+0xfc/0x300
[ 26.728233] [<ffffffff82c749d1>] binder_thread_dec_tmpref+0x1c1/0x250
[ 26.735210] [<ffffffff82c7550d>] binder_thread_release+0x27d/0x540
[ 26.735217] [<ffffffff82c90134>] binder_ioctl+0xb94/0x12e0
[ 26.735226] [<ffffffff815588ca>] do_vfs_ioctl+0x7aa/0xee0
[ 26.735237] [<ffffffff8155908f>] SyS_ioctl+0x8f/0xc0
[ 26.735246] [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 26.735248]
[ 26.735253] The buggy address belongs to the object at ffff8801d0813b80
[ 26.735253] which belongs to the cache kmalloc-512 of size 512
[ 26.735257] The buggy address is located 184 bytes inside of
[ 26.735257] 512-byte region [ffff8801d0813b80, ffff8801d0813d80)
[ 26.735258] The buggy address belongs to the page:
[ 26.796471] audit: type=1400 audit(1516970829.578:5): avc: denied { use } for pid=3318 comm="init" path="/dev/console" dev="devtmpfs" ino=6304 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd permissive=1
[ 26.818819] ------------[ cut here ]------------
[ 26.823599] WARNING: CPU: 1 PID: 3170 at kernel/locking/lockdep.c:3190 __lock_acquire+0x23b3/0x4b50()
[ 26.832952] DEBUG_LOCKS_WARN_ON(id >= MAX_LOCKDEP_KEYS)
[ 26.838141] Kernel panic - not syncing: panic_on_warn set ...
[ 26.838141]
[ 26.845815] CPU: 1 PID: 3170 Comm: rsyslogd Not tainted 4.4.113-ge70c132 #34
[ 26.853001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.862356] 0000000000000000 071b44b04c65ba47 ffff8800b6707850 ffffffff81d0278d
[ 26.870433] ffffffff838439a0 ffff8800b6707928 ffffffff83855780 0000000000000009
[ 26.878478] 0000000000000c76 ffff8800b6707918 ffffffff81419b6a 0000000041b58ab3
[ 26.886530] Call Trace:
[ 26.889115] [<ffffffff81d0278d>] dump_stack+0xc1/0x124
[ 26.894483] [<ffffffff81419b6a>] panic+0x1aa/0x388
[ 26.899506] [<ffffffff814199c0>] ? percpu_up_read.constprop.45+0xe1/0xe1
[ 26.906440] [<ffffffff8112d8ba>] ? warn_slowpath_common+0x10a/0x140
[ 26.912937] [<ffffffff8112d8d5>] warn_slowpath_common+0x125/0x140
[ 26.919270] [<ffffffff81238773>] ? __lock_acquire+0x23b3/0x4b50
[ 26.925420] [<ffffffff8112d9b1>] warn_slowpath_fmt+0xc1/0x110
[ 26.931396] [<ffffffff8112d8f0>] ? warn_slowpath_common+0x140/0x140
[ 26.937890] [<ffffffff8122fe00>] ? save_trace+0xe0/0x270
[ 26.943433] [<ffffffff8377112a>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[ 26.950358] [<ffffffff81234b8e>] ? mark_lock+0x45e/0xfd0
[ 26.955896] [<ffffffff81238773>] __lock_acquire+0x23b3/0x4b50
[ 26.961871] [<ffffffff812357af>] ? mark_held_locks+0xaf/0x100
[ 26.967855] [<ffffffff814fdb2b>] ? quarantine_put+0xab/0x180
[ 26.973751] [<ffffffff81235b8b>] ? trace_hardirqs_on_caller+0x38b/0x590
[ 26.980621] [<ffffffff812363c0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 26.987636] [<ffffffff81268193>] ? do_syslog+0x983/0xae0
[ 26.993180] [<ffffffff814fc9f8>] ? kasan_slab_free+0x88/0xc0
[ 26.999068] [<ffffffff814f947c>] ? kfree+0xfc/0x300
[ 27.004172] [<ffffffff812678e5>] ? do_syslog+0xd5/0xae0
[ 27.009633] [<ffffffff8123c77e>] lock_acquire+0x15e/0x460
[ 27.015260] [<ffffffff81158414>] ? force_sig_info+0x54/0x300
[ 27.021152] [<ffffffff8377172e>] _raw_spin_lock_irqsave+0x4e/0x70
[ 27.027474] [<ffffffff81158414>] ? force_sig_info+0x54/0x300
[ 27.033364] [<ffffffff81158414>] force_sig_info+0x54/0x300
[ 27.039084] [<ffffffff81514554>] ? __check_object_size+0x154/0x35b
[ 27.045496] [<ffffffff810da488>] force_sig_info_fault.constprop.20+0x158/0x1c0
[ 27.052944] [<ffffffff810da330>] ? is_prefetch.isra.17+0x380/0x380
[ 27.059356] [<ffffffff810d9fb0>] ? spurious_fault+0x370/0x370
[ 27.065331] [<ffffffff8376bf82>] ? __mutex_unlock_slowpath+0x242/0x3b0
[ 27.072090] [<ffffffff810dbb8e>] ? __bad_area_nosemaphore+0x3e/0x420
[ 27.078668] [<ffffffff810dbd6b>] __bad_area_nosemaphore+0x21b/0x420
[ 27.085171] [<ffffffff8151db7a>] ? vfs_read+0x16a/0x3a0
[ 27.090624] [<ffffffff810dbf9a>] bad_area_nosemaphore+0x2a/0x40
[ 27.096777] [<ffffffff810dc4b4>] __do_page_fault+0x144/0xa00
[ 27.102667] [<ffffffff81003030>] ? trace_hardirqs_off_thunk+0x17/0x19
[ 27.109343] [<ffffffff810dcd97>] do_page_fault+0x27/0x30
[ 27.114886] [<ffffffff83772f88>] page_fault+0x28/0x30
[ 28.249060] Shutting down cpus with NMI
[ 28.253503] Dumping ftrace buffer:
[ 28.257034] (ftrace buffer empty)
[ 28.260713] Kernel Offset: disabled
[ 28.264306] Rebooting in 86400 seconds..