[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 16.681018] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 17.850236] random: sshd: uninitialized urandom read (32 bytes read)
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 18.254387] random: sshd: uninitialized urandom read (32 bytes read)
[ 19.064694] random: sshd: uninitialized urandom read (32 bytes read)
[ 19.209895] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts.
[ 24.618318] random: sshd: uninitialized urandom read (32 bytes read)
2018/05/18 02:48:46 parsed 1 programs
2018/05/18 02:48:46 executed programs: 0
[ 25.143422] IPVS: Creating netns size=2536 id=1
[ 25.218220] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 25.229961] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 25.263746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 25.274969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 25.308994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 25.321000] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 25.333400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 25.346120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 25.642223] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 25.668454] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 25.674648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 25.682182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/05/18 02:48:51 executed programs: 110
2018/05/18 02:48:56 executed programs: 221
[ 35.390393] ==================================================================
[ 35.397786] BUG: KASAN: use-after-free in l2tp_session_queue_purge+0xf4/0x100
[ 35.405035] Read of size 4 at addr ffff8801c91fb900 by task syz-executor0/5420
[ 35.412362]
[ 35.413991] CPU: 1 PID: 5420 Comm: syz-executor0 Not tainted 4.9.100-g73fdfa3 #29
[ 35.421580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.430912] ffff8801c7657868 ffffffff81eb0f09 ffffea0007247e80 ffff8801c91fb900
[ 35.438909] 0000000000000000 ffff8801c91fb900 ffffffff8300fbe0 ffff8801c76578a0
[ 35.446895] ffffffff8156532b ffff8801c91fb900 0000000000000004 0000000000000000
[ 35.454873] Call Trace:
[ 35.457436] [<ffffffff81eb0f09>] dump_stack+0xc1/0x128
[ 35.462776] [<ffffffff8300fbe0>] ? sock_release+0x1c0/0x1c0
[ 35.468548] [<ffffffff8156532b>] print_address_description+0x6c/0x234
[ 35.475186] [<ffffffff8300fbe0>] ? sock_release+0x1c0/0x1c0
[ 35.480963] [<ffffffff81565735>] kasan_report.cold.6+0x242/0x2fe
[ 35.487199] [<ffffffff836b6534>] ? l2tp_session_queue_purge+0xf4/0x100
[ 35.493923] [<ffffffff81539394>] __asan_report_load4_noabort+0x14/0x20
[ 35.500647] [<ffffffff836b6534>] l2tp_session_queue_purge+0xf4/0x100
[ 35.507197] [<ffffffff8300fbe0>] ? sock_release+0x1c0/0x1c0
[ 35.512973] [<ffffffff836c21bb>] pppol2tp_release+0x1fb/0x2e0
[ 35.518924] [<ffffffff8300fab6>] sock_release+0x96/0x1c0
[ 35.524457] [<ffffffff8300fbf6>] sock_close+0x16/0x20
[ 35.529739] [<ffffffff81575a33>] __fput+0x263/0x700
[ 35.534816] [<ffffffff81575f55>] ____fput+0x15/0x20
[ 35.539894] [<ffffffff8119603c>] task_work_run+0x10c/0x180
[ 35.545666] [<ffffffff8113ec91>] do_exit+0x9e1/0x27c0
[ 35.550926] [<ffffffff81234380>] ? debug_check_no_locks_freed+0x210/0x210
[ 35.557934] [<ffffffff812349d4>] ? __lock_acquire+0x654/0x4070
[ 35.563971] [<ffffffff8113e2b0>] ? release_task.part.19+0x1210/0x1210
[ 35.570631] [<ffffffff8122e3f2>] ? __lock_is_held+0xa2/0xf0
[ 35.576404] [<ffffffff8115d042>] ? recalc_sigpending+0x72/0x90
[ 35.582437] [<ffffffff81144d91>] do_group_exit+0x111/0x340
[ 35.588129] [<ffffffff81167b8f>] get_signal+0x4cf/0x1450
[ 35.593729] [<ffffffff810524d7>] do_signal+0x87/0x19f0
[ 35.599158] [<ffffffff815d4d2a>] ? __fd_install+0x24a/0x5d0
[ 35.604928] [<ffffffff815d4ae0>] ? get_unused_fd_flags+0xd0/0xd0
[ 35.611138] [<ffffffff815d4ae0>] ? get_unused_fd_flags+0xd0/0xd0
[ 35.617352] [<ffffffff81052450>] ? setup_sigcontext+0x7d0/0x7d0
[ 35.623471] [<ffffffff815d50fd>] ? fd_install+0x4d/0x60
[ 35.628904] [<ffffffff812d7cd0>] ? compat_SyS_get_robust_list+0x310/0x310
[ 35.635894] [<ffffffff83015951>] ? SyS_socket+0x121/0x1b0
[ 35.641493] [<ffffffff8100554c>] ? exit_to_usermode_loop+0xac/0x120
[ 35.647957] [<ffffffff81005581>] exit_to_usermode_loop+0xe1/0x120
[ 35.654254] [<ffffffff81007073>] do_fast_syscall_32+0x5c3/0x870
[ 35.660639] [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.667296] [<ffffffff839f5d10>] entry_SYSENTER_compat+0x90/0xa2
[ 35.673503]
[ 35.675104] Allocated by task 5416:
[ 35.678706] save_stack_trace+0x16/0x20
[ 35.682653] save_stack+0x43/0xd0
[ 35.686075] kasan_kmalloc+0xc7/0xe0
[ 35.689767] __kmalloc+0x11d/0x300
[ 35.693283] l2tp_session_create+0x38/0x16f0
[ 35.697669] pppol2tp_connect+0x10d7/0x18f0
[ 35.701965] SYSC_connect+0x1b8/0x300
[ 35.705742] SyS_connect+0x24/0x30
[ 35.709260] do_fast_syscall_32+0x2f7/0x870
[ 35.713552] entry_SYSENTER_compat+0x90/0xa2
[ 35.717929]
[ 35.719529] Freed by task 5399:
[ 35.722792] save_stack_trace+0x16/0x20
[ 35.726739] save_stack+0x43/0xd0
[ 35.730162] kasan_slab_free+0x72/0xc0
[ 35.734035] kfree+0xfb/0x310
[ 35.737113] l2tp_session_free+0x166/0x200
[ 35.741321] l2tp_tunnel_closeall+0x284/0x350
[ 35.745787] l2tp_udp_encap_destroy+0x87/0xe0
[ 35.750253] udpv6_destroy_sock+0xb1/0xd0
[ 35.754373] sk_common_release+0x6d/0x300
[ 35.758496] udp_lib_close+0x15/0x20
[ 35.762184] inet_release+0xff/0x1d0
[ 35.765870] inet6_release+0x50/0x70
[ 35.769556] sock_release+0x96/0x1c0
[ 35.773243] sock_close+0x16/0x20
[ 35.776670] __fput+0x263/0x700
[ 35.779920] ____fput+0x15/0x20
[ 35.783173] task_work_run+0x10c/0x180
[ 35.787031] do_exit+0x9e1/0x27c0
[ 35.790456] do_group_exit+0x111/0x340
[ 35.794315] SyS_exit_group+0x1d/0x20
[ 35.798087] do_fast_syscall_32+0x2f7/0x870
[ 35.802382] entry_SYSENTER_compat+0x90/0xa2
[ 35.806757]
[ 35.808357] The buggy address belongs to the object at ffff8801c91fb900
[ 35.808357] which belongs to the cache kmalloc-512 of size 512
[ 35.820985] The buggy address is located 0 bytes inside of
[ 35.820985] 512-byte region [ffff8801c91fb900, ffff8801c91fbb00)
[ 35.832657] The buggy address belongs to the page:
[ 35.837559] page:ffffea0007247e80 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0
[ 35.847731] flags: 0x8000000000004080(slab|head)
[ 35.852455] page dumped because: kasan: bad access detected
[ 35.858137]
[ 35.859735] Memory state around the buggy address:
[ 35.864636] ffff8801c91fb800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.871967] ffff8801c91fb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 35.879297] >ffff8801c91fb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.886627] ^
[ 35.889963] ffff8801c91fb980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.897289] ffff8801c91fba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.904618] ==================================================================
[ 35.911946] Disabling lock debugging due to kernel taint
[ 35.917761] Kernel panic - not syncing: panic_on_warn set ...
[ 35.917761]
[ 35.925121] CPU: 1 PID: 5420 Comm: syz-executor0 Tainted: G B 4.9.100-g73fdfa3 #29
[ 35.933940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.943267] ffff8801c76577c8 ffffffff81eb0f09 ffffffff843c50e5 00000000ffffffff
[ 35.951249] 0000000000000000 0000000000000001 ffffffff8300fbe0 ffff8801c7657888
[ 35.959216] ffffffff8141f895 0000000041b58ab3 ffffffff843b87e8 ffffffff8141f6d6
[ 35.967202] Call Trace:
[ 35.969764] [<ffffffff81eb0f09>] dump_stack+0xc1/0x128
[ 35.975102] [<ffffffff8300fbe0>] ? sock_release+0x1c0/0x1c0
[ 35.980878] [<ffffffff8141f895>] panic+0x1bf/0x3bc
[ 35.985864] [<ffffffff8141f6d6>] ? add_taint.cold.6+0x16/0x16
[ 35.991804] [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[ 35.998017] [<ffffffff81565248>] kasan_end_report+0x47/0x4f
[ 36.003787] [<ffffffff81565569>] kasan_report.cold.6+0x76/0x2fe
[ 36.009903] [<ffffffff836b6534>] ? l2tp_session_queue_purge+0xf4/0x100
[ 36.016625] [<ffffffff81539394>] __asan_report_load4_noabort+0x14/0x20
[ 36.023348] [<ffffffff836b6534>] l2tp_session_queue_purge+0xf4/0x100
[ 36.029905] [<ffffffff8300fbe0>] ? sock_release+0x1c0/0x1c0
[ 36.035678] [<ffffffff836c21bb>] pppol2tp_release+0x1fb/0x2e0
[ 36.041621] [<ffffffff8300fab6>] sock_release+0x96/0x1c0
[ 36.047127] [<ffffffff8300fbf6>] sock_close+0x16/0x20
[ 36.052384] [<ffffffff81575a33>] __fput+0x263/0x700
[ 36.057465] [<ffffffff81575f55>] ____fput+0x15/0x20
[ 36.062542] [<ffffffff8119603c>] task_work_run+0x10c/0x180
[ 36.068226] [<ffffffff8113ec91>] do_exit+0x9e1/0x27c0
[ 36.073477] [<ffffffff81234380>] ? debug_check_no_locks_freed+0x210/0x210
[ 36.080461] [<ffffffff812349d4>] ? __lock_acquire+0x654/0x4070
[ 36.086490] [<ffffffff8113e2b0>] ? release_task.part.19+0x1210/0x1210
[ 36.093126] [<ffffffff8122e3f2>] ? __lock_is_held+0xa2/0xf0
[ 36.098894] [<ffffffff8115d042>] ? recalc_sigpending+0x72/0x90
[ 36.104921] [<ffffffff81144d91>] do_group_exit+0x111/0x340
[ 36.110608] [<ffffffff81167b8f>] get_signal+0x4cf/0x1450
[ 36.116125] [<ffffffff810524d7>] do_signal+0x87/0x19f0
[ 36.121459] [<ffffffff815d4d2a>] ? __fd_install+0x24a/0x5d0
[ 36.127239] [<ffffffff815d4ae0>] ? get_unused_fd_flags+0xd0/0xd0
[ 36.133443] [<ffffffff815d4ae0>] ? get_unused_fd_flags+0xd0/0xd0
[ 36.139656] [<ffffffff81052450>] ? setup_sigcontext+0x7d0/0x7d0
[ 36.145775] [<ffffffff815d50fd>] ? fd_install+0x4d/0x60
[ 36.151202] [<ffffffff812d7cd0>] ? compat_SyS_get_robust_list+0x310/0x310
[ 36.158196] [<ffffffff83015951>] ? SyS_socket+0x121/0x1b0
[ 36.163793] [<ffffffff8100554c>] ? exit_to_usermode_loop+0xac/0x120
[ 36.170259] [<ffffffff81005581>] exit_to_usermode_loop+0xe1/0x120
[ 36.176550] [<ffffffff81007073>] do_fast_syscall_32+0x5c3/0x870
[ 36.182669] [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 36.189311] [<ffffffff839f5d10>] entry_SYSENTER_compat+0x90/0xa2
[ 36.196096] Dumping ftrace buffer:
[ 36.199612] (ftrace buffer empty)
[ 36.203297] Kernel Offset: disabled
[ 36.206900] Rebooting in 86400 seconds..