[ 16.121831] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 20.674776] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[ 21.052248] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available)
[ 21.966207] random: sshd: uninitialized urandom read (32 bytes read, 108 bits of entropy available)
[ 22.181744] random: sshd: uninitialized urandom read (32 bytes read, 120 bits of entropy available)
[ 25.604759] random: nonblocking pool is initialized
Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts.
executing program
[ 27.674531] ==================================================================
[ 27.681939] BUG: KASAN: use-after-free in ip6_xmit+0x193a/0x1ad0
[ 27.688058] Read of size 8 at addr ffff8801d591a518 by task syzkaller506832/3315
[ 27.695555]
[ 27.697166] CPU: 0 PID: 3315 Comm: syzkaller506832 Not tainted 4.4.113-g202e079 #1
[ 27.704840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 27.714166] 0000000000000000 df02a3aeec6b30fc ffff8801d0ddf5b8 ffffffff81d0278d
[ 27.722147] ffffea0007564680 ffff8801d591a518 0000000000000000 ffff8801d591a518
[ 27.730110] 0000000000000040 ffff8801d0ddf5f0 ffffffff814fd053 ffff8801d591a518
[ 27.738076] Call Trace:
[ 27.740637] [<ffffffff81d0278d>] dump_stack+0xc1/0x124
[ 27.745986] [<ffffffff814fd053>] print_address_description+0x73/0x260
[ 27.752622] [<ffffffff814fd565>] kasan_report+0x285/0x370
[ 27.758215] [<ffffffff8330369a>] ? ip6_xmit+0x193a/0x1ad0
[ 27.763807] [<ffffffff814fd6c4>] __asan_report_load8_noabort+0x14/0x20
[ 27.770527] [<ffffffff8330369a>] ip6_xmit+0x193a/0x1ad0
[ 27.775947] [<ffffffff8122fe00>] ? save_trace+0xe0/0x270
[ 27.781454] [<ffffffff82e0efdb>] ? pskb_expand_head+0x28b/0x980
[ 27.787568] [<ffffffff83301d60>] ? ip6_finish_output2+0x1c60/0x1c60
[ 27.794028] [<ffffffff8122f101>] ? __lock_is_held+0xa1/0xf0
[ 27.799796] [<ffffffff830bf631>] ? ipv4_dst_check+0x111/0x160
[ 27.805737] [<ffffffff82df12c8>] ? __sk_dst_check+0x148/0x260
[ 27.811679] [<ffffffff833c44d6>] inet6_csk_xmit+0x246/0x480
[ 27.817446] [<ffffffff833c4390>] ? inet6_csk_xmit+0x100/0x480
[ 27.823405] [<ffffffff833c4290>] ? inet6_csk_update_pmtu+0x160/0x160
[ 27.829959] [<ffffffff83415d16>] ? udp6_set_csum+0x336/0xa80
[ 27.835814] [<ffffffff83456b8f>] l2tp_xmit_skb+0xc2f/0xea0
[ 27.841494] [<ffffffff83463674>] pppol2tp_sendmsg+0x584/0x7f0
[ 27.847438] [<ffffffff81b6729f>] ? selinux_socket_sendmsg+0x3f/0x50
[ 27.853900] [<ffffffff834630f0>] ? pppol2tp_release+0x310/0x310
[ 27.860015] [<ffffffff82dea0aa>] sock_sendmsg+0xca/0x110
[ 27.865520] [<ffffffff82deb8d2>] ___sys_sendmsg+0x312/0x7c0
[ 27.871287] [<ffffffff82deb5c0>] ? copy_msghdr_from_user+0x550/0x550
[ 27.877838] [<ffffffff812363c0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 27.884823] [<ffffffff81437400>] ? __alloc_pages_direct_compact+0x250/0x250
[ 27.891988] [<ffffffff8122f101>] ? __lock_is_held+0xa1/0xf0
[ 27.897754] [<ffffffff8122f101>] ? __lock_is_held+0xa1/0xf0
[ 27.903523] [<ffffffff81d6253b>] ? check_preemption_disabled+0x3b/0x200
[ 27.910336] [<ffffffff81284e67>] ? debug_lockdep_rcu_enabled+0x77/0x90
[ 27.917060] [<ffffffff815773e1>] ? __fget_light+0xa1/0x1e0
[ 27.922741] [<ffffffff81577538>] ? __fdget+0x18/0x20
[ 27.927901] [<ffffffff82de77a8>] ? sockfd_lookup_light+0x118/0x160
[ 27.934279] [<ffffffff82dedefc>] __sys_sendmmsg+0x11c/0x2e0
[ 27.940044] [<ffffffff82dedde0>] ? SyS_sendmsg+0x50/0x50
[ 27.945553] [<ffffffff8149f762>] ? handle_mm_fault+0x3f2/0x3190
[ 27.951669] [<ffffffff82deac32>] ? SYSC_connect+0x212/0x310
[ 27.957438] [<ffffffff82deaa20>] ? SYSC_bind+0x280/0x280
[ 27.962949] [<ffffffff810dc6f0>] ? __do_page_fault+0x380/0xa00
[ 27.968978] [<ffffffff83772718>] ? retint_user+0x18/0x3c
[ 27.974488] [<ffffffff81235b8b>] ? trace_hardirqs_on_caller+0x38b/0x590
[ 27.981299] [<ffffffff82dee0f5>] SyS_sendmmsg+0x35/0x60
[ 27.986718] [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 27.993265]
[ 27.994865] Allocated by task 3299:
[ 27.998460] [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[ 28.004346] [<ffffffff814fc0c3>] save_stack+0x43/0xd0
[ 28.009723] [<ffffffff814fc38d>] kasan_kmalloc+0xad/0xe0
[ 28.015351] [<ffffffff814fc962>] kasan_slab_alloc+0x12/0x20
[ 28.021233] [<ffffffff814f803a>] kmem_cache_alloc+0xba/0x290
[ 28.027207] [<ffffffff82e679cf>] dst_alloc+0x11f/0x1a0
[ 28.032657] [<ffffffff830bfd78>] rt_dst_alloc+0x78/0x430
[ 28.038283] [<ffffffff830c915e>] __ip_route_output_key_hash+0xa4e/0x2390
[ 28.045294] [<ffffffff83193395>] __ip4_datagram_connect+0xa15/0x1150
[ 28.051961] [<ffffffff833b54e9>] __ip6_datagram_connect+0x4d9/0x1950
[ 28.058630] [<ffffffff833b698f>] ip6_datagram_connect+0x2f/0x50
[ 28.064856] [<ffffffff831cdd6b>] inet_dgram_connect+0x16b/0x1f0
[ 28.071087] [<ffffffff82deabd6>] SYSC_connect+0x1b6/0x310
[ 28.076820] [<ffffffff82ded444>] SyS_connect+0x24/0x30
[ 28.082272] [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[ 28.088938]
[ 28.090536] Freed by task 0:
[ 28.093536] [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[ 28.099429] [<ffffffff814fc0c3>] save_stack+0x43/0xd0
[ 28.104793] [<ffffffff814fc9e2>] kasan_slab_free+0x72/0xc0
[ 28.110585] [<ffffffff814f9127>] kmem_cache_free+0xc7/0x320
[ 28.116466] [<ffffffff82e6866e>] dst_destroy+0x20e/0x330
[ 28.122087] [<ffffffff82e68cb5>] dst_destroy_rcu+0x15/0x40
[ 28.127885] [<ffffffff81294084>] rcu_process_callbacks+0x7f4/0x14a0
[ 28.134463] [<ffffffff83775057>] __do_softirq+0x227/0xa38
[ 28.140173]
[ 28.141773] The buggy address belongs to the object at ffff8801d591a500
[ 28.141773] which belongs to the cache ip_dst_cache of size 208
[ 28.154486] The buggy address is located 24 bytes inside of
[ 28.154486] 208-byte region [ffff8801d591a500, ffff8801d591a5d0)
[ 28.166241] The buggy address belongs to the page:
[ 29.687848] PANIC: double fault, error_code: 0x0
[ 29.692647] CPU: 0 PID: 3315 Comm: syzkaller506832 Not tainted 4.4.113-g202e079 #1
[ 29.700322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.709646] task: ffff8801d2155f00 task.stack: ffff8801d0dd8000
[ 29.715671] RIP: 0010:[<ffffffff8148f75d>] [<ffffffff8148f75d>] dump_page_badflags+0xd/0x250
[ 29.724438] RSP: 0018:ffff880100000000 EFLAGS: 00010046
[ 29.729854] RAX: ffff8801d2155f00 RBX: ffffea0007564680 RCX: ffffffff8148f8d0
[ 29.737095] RDX: 0000000000000000 RSI: ffffffff838a8de0 RDI: ffffea0007564680
[ 29.744340] RBP: ffff880100000018 R08: 0000000000000001 R09: 0000000000000000
[ 29.751583] R10: 0000000000000002 R11: fffffbfff0ad7e26 R12: 0000000000000000
[ 29.758822] R13: ffffffff838a8de0 R14: 0000000000000000 R15: 0000000000000000
[ 29.766064] FS: 0000000002125880(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000
[ 29.774264] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.780116] CR2: ffff8800fffffff8 CR3: 00000001d31bc000 CR4: 0000000000160670
[ 29.787358] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.794598] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.801835] Stack:
[ 29.803951]
[ 29.805547] Call Trace:
[ 29.808098] <UNK>
[ 29.810128] Code: ff e8 78 df 06 00 e9 50 fd ff ff e8 6e df 06 00 e9 1d fd ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 <41> 54 49 89 d4 53 48 89 fb 48 83 ec 08 e8 b1 04 ed ff 48 8d 7b
[ 29.837101] Kernel panic - not syncing: Machine halted.
[ 29.842439] CPU: 0 PID: 3315 Comm: syzkaller506832 Not tainted 4.4.113-g202e079 #1
[ 29.850113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.859440] 0000000000000000 df02a3aeec6b30fc ffff8801db20ce38 ffffffff81d0278d
[ 29.867411] ffffffff83837200 ffff8801db20cf10 ffffffff83808040 ffff880100000000
[ 29.875391] 0000000000000000 ffff8801db20cf00 ffffffff81419b6a 0000000041b58ab3
[ 29.883361] Call Trace:
[ 29.885912] <#DF> [<ffffffff81d0278d>] dump_stack+0xc1/0x124
[ 29.891982] [<ffffffff81419b6a>] panic+0x1aa/0x388
[ 29.896970] [<ffffffff814199c0>] ? percpu_up_read.constprop.45+0xe1/0xe1
[ 29.903868] [<ffffffff81269242>] ? vprintk_emit+0x242/0x850
[ 29.909638] [<ffffffff8148f772>] ? dump_page_badflags+0x22/0x250
[ 29.915837] [<ffffffff81269242>] ? vprintk_emit+0x242/0x850
[ 29.921604] [<ffffffff810caf6d>] df_debug+0x2d/0x30
[ 29.926677] [<ffffffff81012d2b>] do_double_fault+0x10b/0x210
[ 29.932534] [<ffffffff83772c3d>] double_fault+0x2d/0x40
[ 29.937955] [<ffffffff8148f8d0>] ? dump_page_badflags+0x180/0x250
[ 29.944246] [<ffffffff8148f75d>] ? dump_page_badflags+0xd/0x250
[ 29.950358] <<EOE>> <UNK>
[ 29.953914] Dumping ftrace buffer:
[ 29.957783] (ftrace buffer empty)
[ 29.961476] Kernel Offset: disabled
[ 29.965088] Rebooting in 86400 seconds..