[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 15.214066] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 30.082825] random: sshd: uninitialized urandom read (32 bytes read)
[ 30.417522] random: sshd: uninitialized urandom read (32 bytes read)
[ 31.127967] random: sshd: uninitialized urandom read (32 bytes read)
[ 35.502041] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
[ 41.064515] random: sshd: uninitialized urandom read (32 bytes read)
2018/08/02 06:16:29 parsed 1 programs
[ 42.113482] random: cc1: uninitialized urandom read (8 bytes read)
2018/08/02 06:16:31 executed programs: 0
[ 43.122875] IPVS: Creating netns size=2536 id=1
[ 43.159026] IPVS: Creating netns size=2536 id=2
[ 43.194984] IPVS: Creating netns size=2536 id=3
[ 43.230809] IPVS: Creating netns size=2536 id=4
[ 43.267302] IPVS: Creating netns size=2536 id=5
[ 43.304657] IPVS: Creating netns size=2536 id=6
[ 43.326752] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 43.343495] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 43.363422] IPVS: Creating netns size=2536 id=7
[ 43.393700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 43.411778] IPVS: Creating netns size=2536 id=8
[ 43.413009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 43.483915] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 43.518073] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 43.537322] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 43.561265] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 43.574219] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 43.598002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 43.674548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 43.689398] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 43.700743] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 43.713279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 43.722567] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 43.730226] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 43.743052] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 43.755793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 43.776903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 43.785761] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 43.797587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 43.807160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 43.824093] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 43.855774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 43.876062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 43.886140] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 43.902906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 43.926806] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 43.950337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 43.978435] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 43.985894] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 43.995321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 44.012636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 44.022973] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 44.051320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 44.063876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 44.078342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 44.089156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 44.100569] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 44.139991] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 44.152994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 44.166497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 44.185530] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 44.201149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 44.213154] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 44.236229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 44.252907] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 44.260047] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 44.270926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 44.287499] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 44.302800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 44.309979] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 44.320267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 44.328179] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 44.335923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 44.344322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 44.352547] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 44.365205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 44.374068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 44.381538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 44.390468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 44.405427] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 44.412699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 44.420085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 44.434554] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 44.464450] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 44.502806] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 44.510838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 44.519786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 44.530587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 44.542910] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 44.554051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 44.561466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 44.569581] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 44.601886] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 44.609093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 44.618826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 44.636858] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 44.646725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 44.658325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 46.348605] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 46.479266] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 46.497055] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 46.508113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 46.515821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 46.526740] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 46.638054] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 46.657351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 46.664819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 46.675560] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 46.685720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 46.693118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.079068] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 47.130822] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 47.146132] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 47.193144] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 47.214632] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 47.220845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 47.227946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.298665] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 47.305036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 47.312877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.325146] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 47.333472] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 47.341168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 47.353702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.360704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 47.372510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.381005] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 47.512088] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 47.523362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 47.530098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/08/02 06:16:36 executed programs: 8
[ 48.542120] ==================================================================
[ 48.549507] BUG: KASAN: use-after-free in l2tp_session_queue_purge+0xf4/0x100
[ 48.556765] Read of size 4 at addr ffff8801d3ae2a00 by task syz-executor5/6843
[ 48.564106]
[ 48.565714] CPU: 0 PID: 6843 Comm: syz-executor5 Not tainted 4.9.116-g0137ea2 #70
[ 48.573309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 48.582644] ffff8801b7bc7cb0 ffffffff81eb46a9 ffffea00074eb880 ffff8801d3ae2a00
[ 48.590630] 0000000000000000 ffff8801d3ae2a00 ffffffff83014be0 ffff8801b7bc7ce8
[ 48.598624] ffffffff81567d49 ffff8801d3ae2a00 0000000000000004 0000000000000000
[ 48.606619] Call Trace:
[ 48.609188] [<ffffffff81eb46a9>] dump_stack+0xc1/0x128
[ 48.614525] [<ffffffff83014be0>] ? sock_release+0x1c0/0x1c0
[ 48.620297] [<ffffffff81567d49>] print_address_description+0x6c/0x234
[ 48.626936] [<ffffffff83014be0>] ? sock_release+0x1c0/0x1c0
[ 48.632707] [<ffffffff81568153>] kasan_report.cold.6+0x242/0x2fe
[ 48.638914] [<ffffffff836bd844>] ? l2tp_session_queue_purge+0xf4/0x100
[ 48.645640] [<ffffffff8153bcb4>] __asan_report_load4_noabort+0x14/0x20
[ 48.652367] [<ffffffff836bd844>] l2tp_session_queue_purge+0xf4/0x100
[ 48.658921] [<ffffffff83014be0>] ? sock_release+0x1c0/0x1c0
[ 48.664695] [<ffffffff836c94cb>] pppol2tp_release+0x1fb/0x2e0
[ 48.670640] [<ffffffff83014ab6>] sock_release+0x96/0x1c0
[ 48.676162] [<ffffffff83014bf6>] sock_close+0x16/0x20
[ 48.681414] [<ffffffff81578453>] __fput+0x263/0x700
[ 48.686494] [<ffffffff81578975>] ____fput+0x15/0x20
[ 48.691572] [<ffffffff8119838c>] task_work_run+0x10c/0x180
[ 48.697258] [<ffffffff8100559c>] exit_to_usermode_loop+0xfc/0x120
[ 48.703561] [<ffffffff810064d4>] do_syscall_64+0x364/0x490
[ 48.709248] [<ffffffff839fbc13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[ 48.716144]
[ 48.717747] Allocated by task 6843:
[ 48.721356] save_stack_trace+0x16/0x20
[ 48.725303] save_stack+0x43/0xd0
[ 48.728730] kasan_kmalloc+0xc7/0xe0
[ 48.732425] __kmalloc+0x11d/0x300
[ 48.735937] l2tp_session_create+0x38/0x16f0
[ 48.740320] pppol2tp_connect+0x10d7/0x18f0
[ 48.744617] SYSC_connect+0x1b8/0x300
[ 48.748392] SyS_connect+0x24/0x30
[ 48.751914] do_syscall_64+0x1a6/0x490
[ 48.755785] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[ 48.760860]
[ 48.762464] Freed by task 6617:
[ 48.765722] save_stack_trace+0x16/0x20
[ 48.769671] save_stack+0x43/0xd0
[ 48.773102] kasan_slab_free+0x72/0xc0
[ 48.776964] kfree+0xfb/0x310
[ 48.780045] l2tp_session_free+0x166/0x200
[ 48.784260] l2tp_tunnel_closeall+0x284/0x350
[ 48.788727] l2tp_udp_encap_destroy+0x87/0xe0
[ 48.793198] udpv6_destroy_sock+0xb1/0xd0
[ 48.797327] sk_common_release+0x6d/0x300
[ 48.801460] udp_lib_close+0x15/0x20
[ 48.805151] inet_release+0xff/0x1d0
[ 48.808839] inet6_release+0x50/0x70
[ 48.812531] sock_release+0x96/0x1c0
[ 48.816223] sock_close+0x16/0x20
[ 48.819653] __fput+0x263/0x700
[ 48.822920] ____fput+0x15/0x20
[ 48.826179] task_work_run+0x10c/0x180
[ 48.830043] exit_to_usermode_loop+0xfc/0x120
[ 48.834513] do_syscall_64+0x364/0x490
[ 48.838380] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[ 48.843459]
[ 48.845062] The buggy address belongs to the object at ffff8801d3ae2a00
[ 48.845062] which belongs to the cache kmalloc-512 of size 512
[ 48.857696] The buggy address is located 0 bytes inside of
[ 48.857696] 512-byte region [ffff8801d3ae2a00, ffff8801d3ae2c00)
[ 48.869373] The buggy address belongs to the page:
[ 48.874286] page:ffffea00074eb880 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0
[ 48.884470] flags: 0x8000000000004080(slab|head)
[ 48.889202] page dumped because: kasan: bad access detected
[ 48.894903]
[ 48.896530] Memory state around the buggy address:
[ 48.901453] ffff8801d3ae2900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 48.908805] ffff8801d3ae2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.916155] >ffff8801d3ae2a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.923500] ^
[ 48.926858] ffff8801d3ae2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.934201] ffff8801d3ae2b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.941545] ==================================================================
[ 48.948883] Disabling lock debugging due to kernel taint
[ 48.956946] Kernel panic - not syncing: panic_on_warn set ...
[ 48.956946]
[ 48.964332] CPU: 0 PID: 6843 Comm: syz-executor5 Tainted: G B 4.9.116-g0137ea2 #70
[ 48.973143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 48.982475] ffff8801b7bc7c10 ffffffff81eb46a9 ffffffff843c88df 00000000ffffffff
[ 48.990487] 0000000000000000 0000000000000000 ffffffff83014be0 ffff8801b7bc7cd0
[ 48.998478] ffffffff81421a75 0000000041b58ab3 ffffffff843bbff8 ffffffff814218b6
[ 49.006478] Call Trace:
[ 49.009043] [<ffffffff81eb46a9>] dump_stack+0xc1/0x128
[ 49.014384] [<ffffffff83014be0>] ? sock_release+0x1c0/0x1c0
[ 49.020154] [<ffffffff81421a75>] panic+0x1bf/0x3bc
[ 49.025144] [<ffffffff814218b6>] ? add_taint.cold.6+0x16/0x16
[ 49.031090] [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[ 49.037294] [<ffffffff81567c66>] kasan_end_report+0x47/0x4f
[ 49.043069] [<ffffffff81567f87>] kasan_report.cold.6+0x76/0x2fe
[ 49.049188] [<ffffffff836bd844>] ? l2tp_session_queue_purge+0xf4/0x100
[ 49.055914] [<ffffffff8153bcb4>] __asan_report_load4_noabort+0x14/0x20
[ 49.062642] [<ffffffff836bd844>] l2tp_session_queue_purge+0xf4/0x100
[ 49.069195] [<ffffffff83014be0>] ? sock_release+0x1c0/0x1c0
[ 49.074965] [<ffffffff836c94cb>] pppol2tp_release+0x1fb/0x2e0
[ 49.080908] [<ffffffff83014ab6>] sock_release+0x96/0x1c0
[ 49.086417] [<ffffffff83014bf6>] sock_close+0x16/0x20
[ 49.091679] [<ffffffff81578453>] __fput+0x263/0x700
[ 49.096766] [<ffffffff81578975>] ____fput+0x15/0x20
[ 49.101846] [<ffffffff8119838c>] task_work_run+0x10c/0x180
[ 49.107529] [<ffffffff8100559c>] exit_to_usermode_loop+0xfc/0x120
[ 49.113819] [<ffffffff810064d4>] do_syscall_64+0x364/0x490
[ 49.119504] [<ffffffff839fbc13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[ 49.126826] Dumping ftrace buffer:
[ 49.130341] (ftrace buffer empty)
[ 49.134024] Kernel Offset: disabled
[ 49.137624] Rebooting in 86400 seconds..