[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 15.828142] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 19.242643] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[ 19.560373] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[ 20.487628] random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available)
[ 20.663216] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available)
Warning: Permanently added '10.128.15.228' (ECDSA) to the list of known hosts.
[ 25.996997] random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available)
2018/01/22 02:11:00 parsed 1 programs
2018/01/22 02:11:00 executed programs: 0
[ 26.350024] IPVS: Creating netns size=2552 id=1
[ 26.389978] IPVS: Creating netns size=2552 id=2
[ 26.426333] IPVS: Creating netns size=2552 id=3
[ 26.473313] IPVS: Creating netns size=2552 id=4
[ 26.514206] IPVS: Creating netns size=2552 id=5
[ 26.552381] IPVS: Creating netns size=2552 id=6
[ 26.595942] IPVS: Creating netns size=2552 id=7
[ 26.654026] IPVS: Creating netns size=2552 id=8
[ 31.219373] ==================================================================
[ 31.226774] BUG: KASAN: use-after-free in __lock_acquire+0x387e/0x4b50
[ 31.233418] Read of size 8 at addr ffff8801cc0ac4a0 by task syz-executor5/4342
[ 31.240747]
[ 31.242356] CPU: 1 PID: 4342 Comm: syz-executor5 Not tainted 4.4.112-g3fc4284 #32
[ 31.249950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.259278] 0000000000000000 dfa31f88588ee932 ffff8801cf2175a0 ffffffff81d054ed
[ 31.267270] ffffea0007302a00 ffff8801cc0ac4a0 0000000000000000 ffff8801cc0ac4a0
[ 31.275249] 0000000000000000 ffff8801cf2175d8 ffffffff814fd953 ffff8801cc0ac4a0
[ 31.283236] Call Trace:
[ 31.285805] [<ffffffff81d054ed>] dump_stack+0xc1/0x124
[ 31.291147] [<ffffffff814fd953>] print_address_description+0x73/0x260
[ 31.297782] [<ffffffff814fde65>] kasan_report+0x285/0x370
[ 31.303381] [<ffffffff81239c7e>] ? __lock_acquire+0x387e/0x4b50
[ 31.309502] [<ffffffff814fdfc4>] __asan_report_load8_noabort+0x14/0x20
[ 31.316225] [<ffffffff81239c7e>] __lock_acquire+0x387e/0x4b50
[ 31.322174] [<ffffffff81016b9c>] ? dump_trace+0x14c/0x350
[ 31.327777] [<ffffffff81236400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 31.334762] [<ffffffff815bf4cf>] ? free_fs_struct+0x4f/0x60
[ 31.340529] [<ffffffff814fca23>] ? save_stack+0xa3/0xd0
[ 31.345947] [<ffffffff815c0111>] ? exit_fs+0xe1/0x120
[ 31.351194] [<ffffffff81132efa>] ? do_exit+0x84a/0x2a20
[ 31.356619] [<ffffffff81139398>] ? do_group_exit+0x108/0x320
[ 31.362476] [<ffffffff8115c895>] ? get_signal+0x565/0x1660
[ 31.368164] [<ffffffff8100e7fb>] ? do_signal+0x8b/0x1d40
[ 31.373676] [<ffffffff81003602>] ? exit_to_usermode_loop+0x122/0x170
[ 31.380229] [<ffffffff81006545>] ? syscall_return_slowpath+0x1b5/0x1f0
[ 31.386966] [<ffffffff8123c7be>] lock_acquire+0x15e/0x460
[ 31.392572] [<ffffffff82df6aa3>] ? lock_sock_nested+0x43/0x120
[ 31.398609] [<ffffffff811c852d>] ? get_parent_ip+0xd/0x50
[ 31.404204] [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[ 31.409982] [<ffffffff837754aa>] _raw_spin_lock_bh+0x3a/0x50
[ 31.415840] [<ffffffff82df6aa3>] ? lock_sock_nested+0x43/0x120
[ 31.421874] [<ffffffff82df6aa3>] lock_sock_nested+0x43/0x120
[ 31.427728] [<ffffffff834674a0>] pppol2tp_release+0x50/0x310
[ 31.433586] [<ffffffff82dea37d>] sock_release+0x8d/0x1e0
[ 31.439107] [<ffffffff82dea4e6>] sock_close+0x16/0x20
[ 31.444359] [<ffffffff81522f93>] __fput+0x233/0x6d0
[ 31.449430] [<ffffffff815234b5>] ____fput+0x15/0x20
[ 31.454503] [<ffffffff8118bb54>] task_work_run+0x104/0x180
[ 31.460187] [<ffffffff81132f21>] do_exit+0x871/0x2a20
[ 31.465437] [<ffffffff811326b0>] ? release_task+0x1240/0x1240
[ 31.471383] [<ffffffff814fca23>] ? save_stack+0xa3/0xd0
[ 31.476817] [<ffffffff81150d26>] ? recalc_sigpending+0x76/0xa0
[ 31.482853] [<ffffffff81139398>] do_group_exit+0x108/0x320
[ 31.488540] [<ffffffff8115c895>] get_signal+0x565/0x1660
[ 31.494046] [<ffffffff814fe42b>] ? quarantine_put+0xab/0x180
[ 31.499899] [<ffffffff8100e7fb>] do_signal+0x8b/0x1d40
[ 31.505231] [<ffffffff81581b5a>] ? mntput_no_expire+0xca/0x680
[ 31.511256] [<ffffffff8100e770>] ? setup_sigcontext+0x780/0x780
[ 31.517377] [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[ 31.523152] [<ffffffff81581b86>] ? mntput_no_expire+0xf6/0x680
[ 31.529187] [<ffffffff81581a90>] ? mnt_get_count+0x190/0x190
[ 31.535047] [<ffffffff81567c5d>] ? dput.part.19+0x16d/0x760
[ 31.540813] [<ffffffff81567b1a>] ? dput.part.19+0x2a/0x760
[ 31.546495] [<ffffffff82dea4d0>] ? sock_release+0x1e0/0x1e0
[ 31.552263] [<ffffffff810035cc>] ? exit_to_usermode_loop+0xec/0x170
[ 31.558725] [<ffffffff81003602>] exit_to_usermode_loop+0x122/0x170
[ 31.565099] [<ffffffff81006545>] syscall_return_slowpath+0x1b5/0x1f0
[ 31.571649] [<ffffffff8377635d>] int_ret_from_sys_call+0x25/0xa3
[ 31.577851]
[ 31.579454] Allocated by task 4349:
[ 31.583049] [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[ 31.588937] [<ffffffff814fc9c3>] save_stack+0x43/0xd0
[ 31.594305] [<ffffffff814fcc8d>] kasan_kmalloc+0xad/0xe0
[ 31.599944] [<ffffffff814f8f64>] __kmalloc+0x124/0x320
[ 31.605396] [<ffffffff82df58bc>] sk_prot_alloc+0x18c/0x310
[ 31.611210] [<ffffffff82dfbc0a>] sk_alloc+0x3a/0x3a0
[ 31.616482] [<ffffffff83463283>] pppol2tp_create+0x33/0x1f0
[ 31.622381] [<ffffffff827ffe61>] pppox_create+0xf1/0x200
[ 31.628012] [<ffffffff82df07ec>] __sock_create+0x3ac/0x640
[ 31.633822] [<ffffffff82df0cb0>] SyS_socket+0xf0/0x1b0
[ 31.639277] [<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
[ 31.645940]
[ 31.647538] Freed by task 4342:
[ 31.650785] [<ffffffff81035df6>] save_stack_trace+0x26/0x50
[ 31.656670] [<ffffffff814fc9c3>] save_stack+0x43/0xd0
[ 31.662042] [<ffffffff814fd2e2>] kasan_slab_free+0x72/0xc0
[ 31.667850] [<ffffffff814f9d6c>] kfree+0xfc/0x300
[ 31.672865] [<ffffffff82dff7d7>] sk_destruct+0x3f7/0x4c0
[ 31.678484] [<ffffffff82dff8f7>] __sk_free+0x57/0x230
[ 31.683846] [<ffffffff82dffb00>] sk_free+0x30/0x40
[ 31.688946] [<ffffffff8346688f>] pppol2tp_session_sock_put+0x5f/0x70
[ 31.695609] [<ffffffff8345f284>] l2tp_tunnel_closeall+0x254/0x3b0
[ 31.702014] [<ffffffff8345fe6b>] l2tp_udp_encap_destroy+0x8b/0xf0
[ 31.708414] [<ffffffff8336e6b1>] udpv6_destroy_sock+0xb1/0xd0
[ 31.714470] [<ffffffff82e014cb>] sk_common_release+0x6b/0x300
[ 31.720525] [<ffffffff8336d665>] udp_lib_close+0x15/0x20
[ 31.726155] [<ffffffff831d16da>] inet_release+0xfa/0x1d0
[ 31.731782] [<ffffffff832f6f90>] inet6_release+0x50/0x70
[ 31.737408] [<ffffffff82dea37d>] sock_release+0x8d/0x1e0
[ 31.743030] [<ffffffff82dea4e6>] sock_close+0x16/0x20
[ 31.748389] [<ffffffff81522f93>] __fput+0x233/0x6d0
[ 31.753572] [<ffffffff815234b5>] ____fput+0x15/0x20
[ 31.758762] [<ffffffff8118bb54>] task_work_run+0x104/0x180
[ 31.764556] [<ffffffff81003625>] exit_to_usermode_loop+0x145/0x170
[ 31.771046] [<ffffffff81006545>] syscall_return_slowpath+0x1b5/0x1f0
[ 31.777707] [<ffffffff8377635d>] int_ret_from_sys_call+0x25/0xa3
[ 31.784025]
[ 31.785622] The buggy address belongs to the object at ffff8801cc0ac400
[ 31.785622] which belongs to the cache kmalloc-2048 of size 2048
[ 31.798425] The buggy address is located 160 bytes inside of
[ 31.798425] 2048-byte region [ffff8801cc0ac400, ffff8801cc0acc00)
[ 31.810351] The buggy address belongs to the page:
[ 31.836907] ------------[ cut here ]------------
[ 31.841716] WARNING: CPU: 0 PID: 3377 at fs/proc/generic.c:565 remove_proc_entry+0x20e/0x310()
[ 31.850532] ------------[ cut here ]------------
[ 31.850538] kernel BUG at include/linux/mm.h:460!
[ 31.850547] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 31.850551] Dumping ftrace buffer:
[ 31.850554] (ftrace buffer empty)
[ 31.850558] Modules linked in:
[ 31.850565] CPU: 0 PID: 3377 Comm: kpktgend_0 Not tainted 4.4.112-g3fc4284 #32
[ 31.850568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.850572] task: ffff8801d082af80 task.stack: ffff8800b3958000
[ 31.850586] RIP: 0010:[<ffffffff8148feb1>] [<ffffffff8148feb1>] dump_page_badflags+0x191/0x250
[ 31.850589] RSP: 0018:ffff8801db207d00 EFLAGS: 00010006
[ 31.850593] RAX: ffffffff8148feb1 RBX: ffff8801db207d50 RCX: ffffffff8129fe2b
[ 31.850597] RDX: 0000000000000100 RSI: ffffffff847eaab8 RDI: ffff8801cd2c2f80
[ 31.850600] RBP: ffff8801db207dd8 R08: 0000000000000001 R09: 0000000000000000
[ 31.850603] R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff1003b640fa6
[ 31.850607] R13: ffff8801cce57af0 R14: 0000000000000101 R15: ffffffff83843ba0
[ 31.850612] FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[ 31.850615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.850619] CR2: 000000000041b630 CR3: 00000001d0502000 CR4: 0000000000160670
[ 31.850624] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 31.850627] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 31.850628] Stack:
[ 31.850635] ffffffff8129fe3b ffffffff8129fd8c ffffffff81d66e00 ffff8801db207d58
[ 31.850640] ffff8801cd2c2f80 ffffffff8148feb1 0000000041b58ab3 ffffffff83fa9171
[ 31.850646] ffffffff8129fcb0 0000000000000000 ffff8801cce57b80 0000000000000000
[ 31.850648] Call Trace:
[ 31.850658] <IRQ>
[ 31.850659] [<ffffffff8129fe3b>] ? call_timer_fn+0x18b/0x860
[ 31.850664] [<ffffffff8129fd8c>] ? call_timer_fn+0xdc/0x860
[ 31.850671] [<ffffffff81d66e00>] ? debug_object_init_on_stack+0x20/0x20
[ 31.850677] [<ffffffff8148feb1>] ? dump_page_badflags+0x191/0x250
[ 31.850683] [<ffffffff8129fcb0>] ? process_timeout+0x20/0x20
[ 31.850688] [<ffffffff812a1dd3>] ? run_timer_softirq+0x493/0xbb0
[ 31.850694] [<ffffffff8148feb1>] ? dump_page_badflags+0x191/0x250
[ 31.850699] [<ffffffff812a1de5>] run_timer_softirq+0x4a5/0xbb0
[ 31.850705] [<ffffffff812a1940>] ? msleep+0xe0/0xe0
[ 31.850712] [<ffffffff810b07ea>] ? lapic_next_event+0x5a/0x90
[ 31.850717] [<ffffffff81d652eb>] ? check_preemption_disabled+0x3b/0x200
[ 31.850726] [<ffffffff837796fd>] __do_softirq+0x24d/0xa59
[ 31.850735] [<ffffffff8113da79>] irq_exit+0x119/0x140
[ 31.850740] [<ffffffff83778e3b>] smp_apic_timer_interrupt+0x7b/0xa0
[ 31.850747] [<ffffffff83777d90>] apic_timer_interrupt+0xa0/0xb0
[ 31.850755] <EOI>
[ 31.850756] [<ffffffff81268beb>] ? console_unlock+0x59b/0xa00
[ 31.850761] [<ffffffff81268bf6>] ? console_unlock+0x5a6/0xa00
[ 31.850767] [<ffffffff81269300>] ? vprintk_emit+0x2b0/0x850
[ 31.850772] [<ffffffff812695ae>] vprintk_emit+0x55e/0x850
[ 31.850778] [<ffffffff812698c8>] vprintk+0x28/0x30
[ 31.850783] [<ffffffff812698ed>] vprintk_default+0x1d/0x30
[ 31.850790] [<ffffffff8141aa1d>] printk+0xb7/0xe2
[ 31.850796] [<ffffffff8141a966>] ? pm_qos_get_value.part.4+0xb/0xb
[ 31.850803] [<ffffffff81236400>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 31.850809] [<ffffffff81236f5f>] ? __lock_acquire+0xb5f/0x4b50
[ 31.850816] [<ffffffff8167855e>] ? remove_proc_entry+0x20e/0x310
[ 31.850821] [<ffffffff8112d79e>] warn_slowpath_common+0x8e/0x140
[ 31.850827] [<ffffffff8167855e>] ? remove_proc_entry+0x20e/0x310
[ 31.850833] [<ffffffff8112d911>] warn_slowpath_fmt+0xc1/0x110
[ 31.850838] [<ffffffff8112d850>] ? warn_slowpath_common+0x140/0x140
[ 31.850845] [<ffffffff816783d0>] ? remove_proc_entry+0x80/0x310
[ 31.850851] [<ffffffff81678543>] ? remove_proc_entry+0x1f3/0x310
[ 31.850858] [<ffffffff8167855e>] remove_proc_entry+0x20e/0x310
[ 31.850864] [<ffffffff81678350>] ? proc_readdir+0x80/0x80
[ 31.850871] [<ffffffff82eb38ba>] ? pktgen_stop+0xea/0x1b0
[ 31.850878] [<ffffffff82eb2374>] ? pktgen_rem_all_ifs+0xf4/0x140
[ 31.850884] [<ffffffff82eb8e59>] pktgen_thread_worker+0xbe9/0x6d00
[ 31.850890] [<ffffffff82eb846c>] ? pktgen_thread_worker+0x1fc/0x6d00
[ 31.850896] [<ffffffff81d652eb>] ? check_preemption_disabled+0x3b/0x200
[ 31.850901] [<ffffffff81235bcb>] ? trace_hardirqs_on_caller+0x38b/0x590
[ 31.850908] [<ffffffff82eb8270>] ? pktgen_device_event+0x6c0/0x6c0
[ 31.850915] [<ffffffff83766c86>] ? __schedule+0xa26/0x1c70
[ 31.850923] [<ffffffff8121fc40>] ? prepare_to_wait_event+0x420/0x420
[ 31.850929] [<ffffffff83766cfd>] ? __schedule+0xa9d/0x1c70
[ 31.850934] [<ffffffff83767f64>] ? preempt_schedule+0x24/0x30
[ 31.850940] [<ffffffff81003058>] ? ___preempt_schedule+0x12/0x14
[ 31.850946] [<ffffffff8121fc40>] ? prepare_to_wait_event+0x420/0x420
[ 31.850953] [<ffffffff811900b4>] ? __kthread_parkme+0x164/0x230
[ 31.850960] [<ffffffff81190958>] kthread+0x268/0x300
[ 31.850965] [<ffffffff82eb8270>] ? pktgen_device_event+0x6c0/0x6c0
[ 31.850971] [<ffffffff811906f0>] ? kthread_create_on_node+0x400/0x400
[ 31.850979] [<ffffffff811906f0>] ? kthread_create_on_node+0x400/0x400
[ 31.850985] [<ffffffff837765df>] ret_from_fork+0x3f/0x70
[ 31.850991] [<ffffffff811906f0>] ? kthread_create_on_node+0x400/0x400
[ 31.851066] Code: 46 e8 c4 ff ec ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b0 ff ec ff 31 d2 48 c7 c6 20 86 8a 83 48 89 df e8 6f fe ff ff <0f> 0b e8 d8 e0 06 00 e9 21 ff ff ff 89 4d d4 e8 cb e0 06 00 8b
[ 31.851072] RIP [<ffffffff8148feb1>] dump_page_badflags+0x191/0x250
[ 31.851074] RSP <ffff8801db207d00>
[ 31.851079] ---[ end trace 0bdd4771ab9b7163 ]---
[ 31.851082] Kernel panic - not syncing: Fatal exception in interrupt
[ 32.977292] Shutting down cpus with NMI
[ 32.977741] Dumping ftrace buffer:
[ 32.977744] (ftrace buffer empty)
[ 32.977746] Kernel Offset: disabled
[ 33.525693] Rebooting in 86400 seconds..