[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 21.151023] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 24.706663] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[ 24.949903] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[ 25.906108] random: sshd: uninitialized urandom read (32 bytes read, 107 bits of entropy available)
[ 35.271198] random: sshd: uninitialized urandom read (32 bytes read, 115 bits of entropy available)
Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts.
[ 40.667612] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available)
2018/03/14 18:36:46 parsed 1 programs
2018/03/14 18:36:46 executed programs: 0
[ 41.032211] IPVS: Creating netns size=2552 id=1
[ 41.055907] IPVS: Creating netns size=2552 id=2
[ 41.079639] IPVS: Creating netns size=2552 id=3
[ 41.115589] IPVS: Creating netns size=2552 id=4
[ 41.175225] IPVS: Creating netns size=2552 id=5
[ 41.210882] IPVS: Creating netns size=2552 id=6
[ 41.256301] IPVS: Creating netns size=2552 id=7
[ 41.295191] IPVS: Creating netns size=2552 id=8
[ 41.973058] l2tp_core: tunl 3: fd 3 wrong protocol, got 1, expected 17
[ 45.532554] l2tp_core: tunl 3: fd 3 wrong protocol, got 1, expected 17
2018/03/14 18:36:51 executed programs: 731
[ 47.156173] ==================================================================
[ 47.163577] BUG: KASAN: use-after-free in l2tp_session_create+0xf94/0x10f0
[ 47.170571] Read of size 4 at addr ffff8801d2c10790 by task syz-executor0/6463
[ 47.177909]
[ 47.179515] CPU: 1 PID: 6463 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29
[ 47.187103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 47.196433] 0000000000000000 9497418fb8cc092a ffff8801d2e0fa30 ffffffff81d0408d
[ 47.204414] ffffea00074b0400 ffff8801d2c10790 0000000000000000 ffff8801d2c10790
[ 47.212389] ffff8801d2c10780 ffff8801d2e0fa68 ffffffff814fe143 ffff8801d2c10790
[ 47.220367] Call Trace:
[ 47.222927] [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[ 47.228263] [<ffffffff814fe143>] print_address_description+0x73/0x260
[ 47.234900] [<ffffffff814fe655>] kasan_report+0x285/0x370
[ 47.240497] [<ffffffff8345fe14>] ? l2tp_session_create+0xf94/0x10f0
[ 47.246958] [<ffffffff814fe794>] __asan_report_load4_noabort+0x14/0x20
[ 47.253679] [<ffffffff8345fe14>] l2tp_session_create+0xf94/0x10f0
[ 47.259970] [<ffffffff8113bd95>] ? __local_bh_enable_ip+0xc5/0xd0
[ 47.266260] [<ffffffff8346354c>] pppol2tp_connect+0x10fc/0x1930
[ 47.272377] [<ffffffff83462450>] ? pppol2tp_recv+0x330/0x330
[ 47.278235] [<ffffffff81495684>] ? __might_fault+0xe4/0x1d0
[ 47.284003] [<ffffffff81515418>] ? check_stack_object+0x68/0x140
[ 47.290208] [<ffffffff81b46db9>] ? security_socket_connect+0x89/0xb0
[ 47.296758] [<ffffffff82dec596>] SYSC_connect+0x1b6/0x310
[ 47.302355] [<ffffffff82dec3e0>] ? SYSC_bind+0x280/0x280
[ 47.307862] [<ffffffff81579f50>] ? get_unused_fd_flags+0xd0/0xd0
[ 47.314064] [<ffffffff83772e2c>] ? _raw_spin_unlock+0x2c/0x50
[ 47.320003] [<ffffffff81579b63>] ? __alloc_fd+0x1e3/0x500
[ 47.325597] [<ffffffff812e26a0>] ? compat_SyS_get_robust_list+0x300/0x300
[ 47.332578] [<ffffffff82dee541>] ? SyS_socket+0x121/0x1b0
[ 47.338174] [<ffffffff82dee420>] ? move_addr_to_kernel+0x50/0x50
[ 47.344377] [<ffffffff82deee04>] SyS_connect+0x24/0x30
[ 47.349711] [<ffffffff82deede0>] ? SyS_accept+0x30/0x30
[ 47.355135] [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0
[ 47.361254] [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
[ 47.367276]
[ 47.368877] Allocated by task 6463:
[ 47.372470] [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[ 47.378359] [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[ 47.383751] [<ffffffff814fd47d>] kasan_kmalloc+0xad/0xe0
[ 47.389377] [<ffffffff814f9764>] __kmalloc+0x124/0x320
[ 47.394832] [<ffffffff8345eeb9>] l2tp_session_create+0x39/0x10f0
[ 47.401156] [<ffffffff8346354c>] pppol2tp_connect+0x10fc/0x1930
[ 47.407388] [<ffffffff82dec596>] SYSC_connect+0x1b6/0x310
[ 47.413106] [<ffffffff82deee04>] SyS_connect+0x24/0x30
[ 47.418559] [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0
[ 47.424792] [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
[ 47.430936]
[ 47.432534] Freed by task 6472:
[ 47.435780] [<ffffffff81035d96>] save_stack_trace+0x26/0x50
[ 47.441750] [<ffffffff814fd1b3>] save_stack+0x43/0xd0
[ 47.447119] [<ffffffff814fdad2>] kasan_slab_free+0x72/0xc0
[ 47.452916] [<ffffffff814fa56c>] kfree+0xfc/0x300
[ 47.457930] [<ffffffff8345b440>] l2tp_session_free+0x170/0x200
[ 47.464079] [<ffffffff8345dcf1>] l2tp_tunnel_closeall+0x2d1/0x3b0
[ 47.470494] [<ffffffff8345e85b>] l2tp_udp_encap_destroy+0x8b/0xf0
[ 47.476901] [<ffffffff8336cc51>] udpv6_destroy_sock+0xb1/0xd0
[ 47.482962] [<ffffffff82dfecdb>] sk_common_release+0x6b/0x300
[ 47.489025] [<ffffffff8336bc05>] udp_lib_close+0x15/0x20
[ 47.494650] [<ffffffff831cfdda>] inet_release+0xfa/0x1d0
[ 47.500288] [<ffffffff832f55a0>] inet6_release+0x50/0x70
[ 47.505921] [<ffffffff82de7bdd>] sock_release+0x8d/0x1e0
[ 47.511546] [<ffffffff82de7d46>] sock_close+0x16/0x20
[ 47.516914] [<ffffffff81523603>] __fput+0x233/0x6d0
[ 47.522102] [<ffffffff81523b25>] ____fput+0x15/0x20
[ 47.527292] [<ffffffff8118b984>] task_work_run+0x104/0x180
[ 47.533093] [<ffffffff8100361d>] exit_to_usermode_loop+0x13d/0x160
[ 47.539590] [<ffffffff81007084>] do_fast_syscall_32+0x614/0x8a0
[ 47.545825] [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
[ 47.551974]
[ 47.553574] The buggy address belongs to the object at ffff8801d2c10780
[ 47.553574] which belongs to the cache kmalloc-512 of size 512
[ 47.566201] The buggy address is located 16 bytes inside of
[ 47.566201] 512-byte region [ffff8801d2c10780, ffff8801d2c10980)
[ 47.577957] The buggy address belongs to the page:
[ 47.587504] kasan: CONFIG_KASAN_INLINE enabled
[ 47.591923] kasan: GPF could be caused by NULL-ptr deref or user memory access[ 47.599390] ------------[ cut here ]------------
[ 47.604139] WARNING: CPU: 0 PID: 0 at kernel/rcu/update.c:211 __rcu_read_unlock+0x140/0x1a0()
[ 47.612784] Kernel panic - not syncing: panic_on_warn set ...
[ 47.612784]
[ 47.620135] CPU: 0 PID: 0 Comm: Not tainted 4.4.120-gd63fdf6 #29
[ 47.626349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 47.635688] 0000000000000000 57dc64149ced132b ffff8801db207968 ffffffff81d0408d
[ 47.643733] ffffffff83843b40 ffff8801db207a40 ffffffff83865e00 0000000000000009
[ 47.651762] 00000000000000d3 ffff8801db207a30 ffffffff8141ab2a 0000000041b58ab3
[ 47.659799] Call Trace:
[ 47.662370] <IRQ> [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[ 47.668478] [<ffffffff8141ab2a>] panic+0x1aa/0x388
[ 47.673495] [<ffffffff8141a980>] ? percpu_up_read.constprop.45+0xe1/0xe1
[ 47.680416] [<ffffffff8141b6c6>] ? pm_qos_get_value.part.4+0xb/0xb
[ 47.686824] [<ffffffff8112d86a>] ? warn_slowpath_common+0x10a/0x140
[ 47.693320] [<ffffffff8112d885>] warn_slowpath_common+0x125/0x140
[ 47.699635] [<ffffffff812862d0>] ? __rcu_read_unlock+0x140/0x1a0
[ 47.705864] [<ffffffff8112dae9>] warn_slowpath_null+0x29/0x30
[ 47.711838] [<ffffffff812862d0>] __rcu_read_unlock+0x140/0x1a0
[ 47.717893] [<ffffffff8119566e>] atomic_notifier_call_chain+0x9e/0x140
[ 47.724640] [<ffffffff811955d0>] ? __atomic_notifier_call_chain+0x150/0x150
[ 47.731830] [<ffffffff811957ef>] notify_die+0xdf/0x160
[ 47.737188] [<ffffffff81195710>] ? atomic_notifier_call_chain+0x140/0x140
[ 47.744199] [<ffffffff8122b8e6>] ? cpuacct_account_field+0x136/0x300
[ 47.750779] [<ffffffff8118ba31>] ? search_exception_tables+0x31/0x40
[ 47.757363] [<ffffffff81011fa7>] do_general_protection+0x2f7/0x390
[ 47.763766] [<ffffffff83774d28>] general_protection+0x28/0x30
[ 47.769740] [<ffffffff8122b8e6>] ? cpuacct_account_field+0x136/0x300
[ 47.776315] [<ffffffff8122b7b0>] ? cpuacct_charge+0x390/0x390
[ 47.782286] [<ffffffff811d4982>] account_system_time+0x172/0x4d0
[ 47.788514] [<ffffffff811d56bf>] account_process_tick+0xef/0x310
[ 47.794740] [<ffffffff812ab0d3>] update_process_times+0x23/0x70
[ 47.800888] [<ffffffff812d5765>] tick_sched_handle.isra.16+0x55/0xf0
[ 47.807468] [<ffffffff812d7082>] tick_sched_timer+0x72/0x120
[ 47.813347] [<ffffffff812d7010>] ? tick_sched_do_timer+0xa0/0xa0
[ 47.819576] [<ffffffff812ad926>] __hrtimer_run_queues+0x306/0xfe0
[ 47.825892] [<ffffffff812ad620>] ? hrtimer_fixup_init+0x70/0x70
[ 47.832039] [<ffffffff812afd91>] ? hrtimer_interrupt+0x131/0x440
[ 47.838266] [<ffffffff812afe06>] hrtimer_interrupt+0x1a6/0x440
[ 47.844323] [<ffffffff810b0dea>] local_apic_timer_interrupt+0x6a/0xb0
[ 47.850987] [<ffffffff837765b6>] smp_apic_timer_interrupt+0x76/0xa0
[ 47.857477] [<ffffffff83775510>] apic_timer_interrupt+0xa0/0xb0
[ 47.863607] <EOI>
[ 48.976248] Shutting down cpus with NMI
[ 48.981039] Dumping ftrace buffer:
[ 48.984558] (ftrace buffer empty)
[ 48.988237] Kernel Offset: disabled
[ 48.991830] ------------[ cut here ]------------
[ 48.996561] WARNING: CPU: 0 PID: 0 at kernel/rcu/update.c:211 __rcu_read_unlock+0x140/0x1a0()
[ 49.005187] Modules linked in:
[ 49.008478] CPU: 0 PID: 0 Comm: Not tainted 4.4.120-gd63fdf6 #29
[ 49.014672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.024309] 0000000000000000 57dc64149ced132b ffff8801db2078b8 ffffffff81d0408d
[ 49.032274] 0000000000000000 ffff8801d2c51800 ffffffff83865e00 0000000000000009
[ 49.040234] 00000000000000d3 ffff8801db2078f8 ffffffff8112d839 ffffffff812862d0
[ 49.048247] Call Trace:
[ 49.050798] <IRQ> [<ffffffff81d0408d>] dump_stack+0xc1/0x124
[ 49.056867] [<ffffffff8112d839>] warn_slowpath_common+0xd9/0x140
[ 49.063065] [<ffffffff812862d0>] ? __rcu_read_unlock+0x140/0x1a0
[ 49.069263] [<ffffffff8112dae9>] warn_slowpath_null+0x29/0x30
[ 49.075202] [<ffffffff812862d0>] __rcu_read_unlock+0x140/0x1a0
[ 49.081227] [<ffffffff8119566e>] atomic_notifier_call_chain+0x9e/0x140
[ 49.087944] [<ffffffff811955d0>] ? __atomic_notifier_call_chain+0x150/0x150
[ 49.095097] [<ffffffff8141ab89>] panic+0x209/0x388
[ 49.100080] [<ffffffff8141a980>] ? percpu_up_read.constprop.45+0xe1/0xe1
[ 49.106986] [<ffffffff8141b6c6>] ? pm_qos_get_value.part.4+0xb/0xb
[ 49.113364] [<ffffffff8112d86a>] ? warn_slowpath_common+0x10a/0x140
[ 49.119824] [<ffffffff8112d885>] warn_slowpath_common+0x125/0x140
[ 49.126108] [<ffffffff812862d0>] ? __rcu_read_unlock+0x140/0x1a0
[ 49.132308] [<ffffffff8112dae9>] warn_slowpath_null+0x29/0x30
[ 49.138248] [<ffffffff812862d0>] __rcu_read_unlock+0x140/0x1a0
[ 49.144273] [<ffffffff8119566e>] atomic_notifier_call_chain+0x9e/0x140
[ 49.150994] [<ffffffff811955d0>] ? __atomic_notifier_call_chain+0x150/0x150
[ 49.158149] [<ffffffff811957ef>] notify_die+0xdf/0x160
[ 49.163478] [<ffffffff81195710>] ? atomic_notifier_call_chain+0x140/0x140
[ 49.170459] [<ffffffff8122b8e6>] ? cpuacct_account_field+0x136/0x300
[ 49.177007] [<ffffffff8118ba31>] ? search_exception_tables+0x31/0x40
[ 49.183555] [<ffffffff81011fa7>] do_general_protection+0x2f7/0x390
[ 49.189928] [<ffffffff83774d28>] general_protection+0x28/0x30
[ 49.195866] [<ffffffff8122b8e6>] ? cpuacct_account_field+0x136/0x300
[ 49.202411] [<ffffffff8122b7b0>] ? cpuacct_charge+0x390/0x390
[ 49.208352] [<ffffffff811d4982>] account_system_time+0x172/0x4d0
[ 49.214552] [<ffffffff811d56bf>] account_process_tick+0xef/0x310
[ 49.220753] [<ffffffff812ab0d3>] update_process_times+0x23/0x70
[ 49.226876] [<ffffffff812d5765>] tick_sched_handle.isra.16+0x55/0xf0
[ 49.233423] [<ffffffff812d7082>] tick_sched_timer+0x72/0x120
[ 49.239273] [<ffffffff812d7010>] ? tick_sched_do_timer+0xa0/0xa0
[ 49.245476] [<ffffffff812ad926>] __hrtimer_run_queues+0x306/0xfe0
[ 49.251760] [<ffffffff812ad620>] ? hrtimer_fixup_init+0x70/0x70
[ 49.257875] [<ffffffff812afd91>] ? hrtimer_interrupt+0x131/0x440
[ 49.264168] [<ffffffff812afe06>] hrtimer_interrupt+0x1a6/0x440
[ 49.270196] [<ffffffff810b0dea>] local_apic_timer_interrupt+0x6a/0xb0
[ 49.276832] [<ffffffff837765b6>] smp_apic_timer_interrupt+0x76/0xa0
[ 49.283291] [<ffffffff83775510>] apic_timer_interrupt+0xa0/0xb0
[ 49.289398] <EOI>
[ 49.291429] ---[ end trace a814b9c4f29aef22 ]---
[ 49.296448] Rebooting in 86400 seconds..