[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.143257] random: sshd: uninitialized urandom read (32 bytes read)
[   33.394150] kauditd_printk_skb: 9 callbacks suppressed
[   33.394157] audit: type=1400 audit(1574394807.660:35): avc:  denied  { map } for  pid=6804 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   33.478090] random: sshd: uninitialized urandom read (32 bytes read)
[   34.049881] random: sshd: uninitialized urandom read (32 bytes read)
[   52.260567] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts.
[   58.136735] random: sshd: uninitialized urandom read (32 bytes read)
[   58.249913] audit: type=1400 audit(1574394832.510:36): avc:  denied  { map } for  pid=6817 comm="syz-executor008" path="/root/syz-executor008896796" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   58.500843] IPVS: ftp: loaded support on port[0] = 21
executing program
[   59.294260] audit: type=1400 audit(1574394833.560:37): avc:  denied  { create } for  pid=6824 comm="syz-executor008" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   59.318885] audit: type=1400 audit(1574394833.560:38): avc:  denied  { write } for  pid=6824 comm="syz-executor008" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   59.342935] audit: type=1400 audit(1574394833.560:39): avc:  denied  { read } for  pid=6824 comm="syz-executor008" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   59.560964] IPVS: ftp: loaded support on port[0] = 21
executing program
[   60.550987] IPVS: ftp: loaded support on port[0] = 21
executing program
[   61.560946] IPVS: ftp: loaded support on port[0] = 21
executing program
[   62.600826] IPVS: ftp: loaded support on port[0] = 21
executing program
[   63.590802] IPVS: ftp: loaded support on port[0] = 21
executing program
[   65.930398] ==================================================================
[   65.937916] BUG: KASAN: use-after-free in xfrm6_tunnel_destroy+0x52e/0x5d0
[   65.944909] Read of size 8 at addr ffff88808877d638 by task kworker/0:2/3159
[   65.952081] 
[   65.953687] CPU: 0 PID: 3159 Comm: kworker/0:2 Not tainted 4.14.155-syzkaller #0
[   65.961194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.970574] Workqueue: events xfrm_state_gc_task
[   65.980093] Call Trace:
[   65.982659]  dump_stack+0x142/0x197
[   65.986308]  ? xfrm6_tunnel_destroy+0x52e/0x5d0
[   65.990960]  print_address_description.cold+0x7c/0x1dc
[   65.996214]  ? xfrm6_tunnel_destroy+0x52e/0x5d0
[   66.000859]  kasan_report.cold+0xa9/0x2af
[   66.005027]  __asan_report_load8_noabort+0x14/0x20
[   66.009936]  xfrm6_tunnel_destroy+0x52e/0x5d0
[   66.014406]  xfrm_state_gc_task+0x3ea/0x650
[   66.018714]  ? xfrm_state_unregister_afinfo+0x1a0/0x1a0
[   66.024055]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[   66.029481]  process_one_work+0x863/0x1600
[   66.033788]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   66.038436]  worker_thread+0x5d9/0x1050
[   66.042395]  kthread+0x319/0x430
[   66.045737]  ? process_one_work+0x1600/0x1600
[   66.050206]  ? kthread_create_on_node+0xd0/0xd0
[   66.054853]  ret_from_fork+0x24/0x30
[   66.058544] 
[   66.060147] Allocated by task 6824:
[   66.063750]  save_stack_trace+0x16/0x20
[   66.067697]  save_stack+0x45/0xd0
[   66.071126]  kasan_kmalloc+0xce/0xf0
[   66.074814]  __kmalloc+0x15d/0x7a0
[   66.078334]  ops_init+0xeb/0x3d0
[   66.081690]  setup_net+0x237/0x530
[   66.085218]  copy_net_ns+0x19f/0x440
[   66.088918]  create_new_namespaces+0x37b/0x720
[   66.093479]  unshare_nsproxy_namespaces+0xab/0x1e0
[   66.098381]  SyS_unshare+0x2f3/0x7e0
[   66.102072]  do_syscall_64+0x1e8/0x640
[   66.105937]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   66.111100] 
[   66.112705] Freed by task 804:
[   66.115892]  save_stack_trace+0x16/0x20
[   66.119845]  save_stack+0x45/0xd0
[   66.123333]  kasan_slab_free+0x75/0xc0
[   66.127198]  kfree+0xcc/0x270
[   66.130281]  ops_free_list.part.0+0x1f6/0x320
[   66.134752]  cleanup_net+0x458/0x880
[   66.138442]  process_one_work+0x863/0x1600
[   66.142652]  worker_thread+0x5d9/0x1050
[   66.146601]  kthread+0x319/0x430
[   66.150221]  ret_from_fork+0x24/0x30
[   66.153969] 
[   66.155580] The buggy address belongs to the object at ffff88808877d580
[   66.155580]  which belongs to the cache kmalloc-8192 of size 8192
[   66.168735] The buggy address is located 184 bytes inside of
[   66.168735]  8192-byte region [ffff88808877d580, ffff88808877f580)
[   66.180677] The buggy address belongs to the page:
[   66.185588] page:ffffea000221df00 count:1 mapcount:0 mapping:ffff88808877d580 index:0x0 compound_mapcount: 0
[   66.195535] flags: 0x1fffc0000008100(slab|head)
[   66.200185] raw: 01fffc0000008100 ffff88808877d580 0000000000000000 0000000100000001
[   66.208042] raw: ffffea0002075720 ffffea00029c4920 ffff8880aa802080 0000000000000000
[   66.215895] page dumped because: kasan: bad access detected
[   66.221576] 
[   66.223178] Memory state around the buggy address:
[   66.228081]  ffff88808877d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   66.235415]  ffff88808877d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.242747] >ffff88808877d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.250081]                                         ^
[   66.255283]  ffff88808877d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.262623]  ffff88808877d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.269994] ==================================================================
[   66.277329] Disabling lock debugging due to kernel taint
[   66.282796] Kernel panic - not syncing: panic_on_warn set ...
[   66.282796] 
[   66.290151] CPU: 0 PID: 3159 Comm: kworker/0:2 Tainted: G    B           4.14.155-syzkaller #0
[   66.298878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.308216] Workqueue: events xfrm_state_gc_task
[   66.312948] Call Trace:
[   66.315510]  dump_stack+0x142/0x197
[   66.319113]  ? xfrm6_tunnel_destroy+0x52e/0x5d0
[   66.323756]  panic+0x1f9/0x42d
[   66.326920]  ? add_taint.cold+0x16/0x16
[   66.330871]  kasan_end_report+0x47/0x4f
[   66.334819]  kasan_report.cold+0x130/0x2af
[   66.339028]  __asan_report_load8_noabort+0x14/0x20
[   66.343933]  xfrm6_tunnel_destroy+0x52e/0x5d0
[   66.348402]  xfrm_state_gc_task+0x3ea/0x650
[   66.352701]  ? xfrm_state_unregister_afinfo+0x1a0/0x1a0
[   66.358051]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[   66.363475]  process_one_work+0x863/0x1600
[   66.367687]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   66.372333]  worker_thread+0x5d9/0x1050
[   66.376287]  kthread+0x319/0x430
[   66.379628]  ? process_one_work+0x1600/0x1600
[   66.384098]  ? kthread_create_on_node+0xd0/0xd0
[   66.388754]  ret_from_fork+0x24/0x30
[   66.393609] Kernel Offset: disabled
[   66.397229] Rebooting in 86400 seconds..