[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 20.734257] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 25.702202] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available)
[ 26.261138] random: sshd: uninitialized urandom read (32 bytes read, 41 bits of entropy available)
[ 27.200955] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available)
[ 27.395751] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available)
Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
[ 32.787193] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available)
executing program
[ 32.881724] ==================================================================
[ 32.889097] BUG: KASAN: use-after-free in ip6_xmit+0x1a2c/0x1a70
[ 32.895211] Read of size 8 at addr ffff8800b774e658 by task syzkaller141870/3753
[ 32.902707]
[ 32.904306] CPU: 1 PID: 3753 Comm: syzkaller141870 Not tainted 4.4.120-gd63fdf6 #28
[ 32.912064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.921385] 0000000000000000 ae83b1d13a004493 ffff8801ca0377e0 ffffffff81d0408d
[ 32.929347] ffffea0002ddd380 ffff8800b774e658 0000000000000000 ffff8800b774e658
[ 32.937304] 0000000000000040 ffff8801ca037818 ffffffff814fe143 ffff8800b774e658
[ 32.945279] Call Trace:
[ 32.947839] [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[ 32.953172] [<ffffffff814fe143>] print_address_description+0x73/0x260
[ 32.959803] [<ffffffff814fe655>] kasan_report+0x285/0x370
[ 32.965396] [<ffffffff8330649c>] ? ip6_xmit+0x1a2c/0x1a70
[ 32.970990] [<ffffffff814fe7b4>] __asan_report_load8_noabort+0x14/0x20
[ 32.977710] [<ffffffff8330649c>] ip6_xmit+0x1a2c/0x1a70
[ 32.983128] [<ffffffff814fa56c>] ? kfree+0xfc/0x300
[ 32.988198] [<ffffffff82e1099b>] ? pskb_expand_head+0x28b/0x980
[ 32.994310] [<ffffffff83459a1e>] ? l2tp_xmit_skb+0xa5e/0xea0
[ 33.000163] [<ffffffff83304a70>] ? ip6_finish_output2+0x1c60/0x1c60
[ 33.006624] [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
[ 33.012389] [<ffffffff830c2091>] ? ipv4_dst_check+0x111/0x160
[ 33.018325] [<ffffffff82df2c88>] ? __sk_dst_check+0x148/0x260
[ 33.024263] [<ffffffff833c70f6>] inet6_csk_xmit+0x246/0x480
[ 33.030036] [<ffffffff833c6fb0>] ? inet6_csk_xmit+0x100/0x480
[ 33.035974] [<ffffffff833c6eb0>] ? inet6_csk_update_pmtu+0x160/0x160
[ 33.042521] [<ffffffff83418d76>] ? udp6_set_csum+0x336/0xa80
[ 33.048370] [<ffffffff83459bef>] l2tp_xmit_skb+0xc2f/0xea0
[ 33.054047] [<ffffffff834666d4>] pppol2tp_sendmsg+0x584/0x7f0
[ 33.059986] [<ffffffff81b68adf>] ? selinux_socket_sendmsg+0x3f/0x50
[ 33.066447] [<ffffffff83466150>] ? pppol2tp_release+0x310/0x310
[ 33.072562] [<ffffffff82deba6a>] sock_sendmsg+0xca/0x110
[ 33.078065] [<ffffffff82dec9b8>] SYSC_sendto+0x2c8/0x340
[ 33.083566] [<ffffffff82dec6f0>] ? SYSC_connect+0x310/0x310
[ 33.089335] [<ffffffff82df437c>] ? lock_sock_nested+0xdc/0x120
[ 33.095359] [<ffffffff833b95ba>] ? ip6_datagram_connect+0x3a/0x50
[ 33.101647] [<ffffffff831d0a22>] ? inet_dgram_connect+0x172/0x1f0
[ 33.107931] [<ffffffff82dec5f2>] ? SYSC_connect+0x212/0x310
[ 33.113698] [<ffffffff83774518>] ? retint_user+0x18/0x3c
[ 33.119203] [<ffffffff82deeeb0>] SyS_sendto+0x40/0x50
[ 33.124448] [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 33.130994]
[ 33.132594] Allocated by task 3734:
[ 33.136188] [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[ 33.142071] [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[ 33.147433] [<ffffffff814fd47d>] kasan_kmalloc+0xad/0xe0
[ 33.153055] [<ffffffff814fda52>] kasan_slab_alloc+0x12/0x20
[ 33.158936] [<ffffffff814f912a>] kmem_cache_alloc+0xba/0x290
[ 33.164904] [<ffffffff82e6964f>] dst_alloc+0x11f/0x1a0
[ 33.170351] [<ffffffff830c27d8>] rt_dst_alloc+0x78/0x430
[ 33.175978] [<ffffffff830cbc6e>] __ip_route_output_key_hash+0xa4e/0x2390
[ 33.182987] [<ffffffff83195fc5>] __ip4_datagram_connect+0xa15/0x1150
[ 33.189648] [<ffffffff833b8109>] __ip6_datagram_connect+0x4d9/0x1950
[ 33.196309] [<ffffffff833b95af>] ip6_datagram_connect+0x2f/0x50
[ 33.202533] [<ffffffff831d0a1b>] inet_dgram_connect+0x16b/0x1f0
[ 33.208757] [<ffffffff82dec596>] SYSC_connect+0x1b6/0x310
[ 33.214461] [<ffffffff82deee04>] SyS_connect+0x24/0x30
[ 33.219910] [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 33.226579]
[ 33.228173] Freed by task 0:
[ 33.231156] [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[ 33.237038] [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[ 33.242393] [<ffffffff814fdad2>] kasan_slab_free+0x72/0xc0
[ 33.248186] [<ffffffff814fa217>] kmem_cache_free+0xc7/0x320
[ 33.254063] [<ffffffff82e6a2ee>] dst_destroy+0x20e/0x330
[ 33.259683] [<ffffffff82e6a935>] dst_destroy_rcu+0x15/0x40
[ 33.265476] [<ffffffff812950d4>] rcu_process_callbacks+0x7f4/0x14a0
[ 33.272053] [<ffffffff83776e57>] __do_softirq+0x227/0xa38
[ 33.277762]
[ 33.279360] The buggy address belongs to the object at ffff8800b774e640
[ 33.279360] which belongs to the cache ip_dst_cache of size 208
[ 33.292078] The buggy address is located 24 bytes inside of
[ 33.292078] 208-byte region [ffff8800b774e640, ffff8800b774e710)
[ 33.303840] The buggy address belongs to the page:
[ 34.738830] ------------[ cut here ]------------
[ 34.743608] WARNING: CPU: 1 PID: -951831168 at kernel/locking/lockdep.c:3123 __lock_acquire+0x1625/0x4b50()
[ 34.753451] DEBUG_LOCKS_WARN_ON(depth >= MAX_LOCK_DEPTH)
[ 34.758692] Kernel panic - not syncing: panic_on_warn set ...
[ 34.758692]
[ 34.766311] CPU: 1 PID: -951831168 Comm: `������� Not tainted 4.4.120-gd63fdf6 #28
[ 34.773983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.783312] 0000000000000000 ae83b1d13a004493 ffff8801db30c940 ffffffff81d0408d
[ 34.791275] ffffffff83843b40 ffff8801db30ca18 ffffffff83855920 0000000000000009
[ 34.799237] 0000000000000c33 ffff8801db30ca08 ffffffff8141ab2a 0000000041b58ab3
[ 34.807194] Call Trace:
[ 34.809751] <#DF> [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[ 34.815815] [<ffffffff8141ab2a>] panic+0x1aa/0x388
[ 34.820798] [<ffffffff8141a980>] ? percpu_up_read.constprop.45+0xe1/0xe1
[ 34.827691] [<ffffffff8112d86a>] ? warn_slowpath_common+0x10a/0x140
[ 34.834149] [<ffffffff8112d885>] warn_slowpath_common+0x125/0x140
[ 34.840439] [<ffffffff81238a35>] ? __lock_acquire+0x1625/0x4b50
[ 34.846555] [<ffffffff8112d961>] warn_slowpath_fmt+0xc1/0x110
[ 34.852491] [<ffffffff8112d8a0>] ? warn_slowpath_common+0x140/0x140
[ 34.858948] [<ffffffff81238a35>] __lock_acquire+0x1625/0x4b50
[ 34.864886] [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 34.871865] [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460
[ 34.877455] [<ffffffff8126a0f5>] ? vprintk_emit+0xa5/0x850
[ 34.883134] [<ffffffff83772ad6>] _raw_spin_lock+0x36/0x50
[ 34.888724] [<ffffffff8126a0f5>] ? vprintk_emit+0xa5/0x850
[ 34.894400] [<ffffffff8126a0f5>] vprintk_emit+0xa5/0x850
[ 34.899905] [<ffffffff810c83f0>] ? kprobe_exceptions_notify+0x80/0x160
[ 34.906630] [<ffffffff810f0d38>] ? kasan_die_handler+0x18/0x40
[ 34.912655] [<ffffffff8126a8c8>] vprintk+0x28/0x30
[ 34.917636] [<ffffffff8126a8ed>] vprintk_default+0x1d/0x30
[ 34.923315] [<ffffffff8141b77d>] printk+0xb7/0xe2
[ 34.928210] [<ffffffff8141b6c6>] ? pm_qos_get_value.part.4+0xb/0xb
[ 34.934588] [<ffffffff810caf54>] df_debug+0x14/0x30
[ 34.939660] [<ffffffff81012d2b>] do_double_fault+0x10b/0x210
[ 34.945525] [<ffffffff83774a3d>] double_fault+0x2d/0x40
[ 34.950950] [<ffffffff814909b0>] ? dump_page_badflags+0x180/0x250
[ 34.957238] [<ffffffff81490834>] ? dump_page_badflags+0x4/0x250
[ 34.963346] <<EOE>> <UNK>
[ 34.966810] Dumping ftrace buffer:
[ 34.970615] (ftrace buffer empty)
[ 34.974293] Kernel Offset: disabled
[ 34.977887] Rebooting in 86400 seconds..