INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. 2018/04/04 01:37:25 parsed 1 programs 2018/04/04 01:37:25 executed programs: 0 syzkaller login: [ 27.611495] IPVS: ftp: loaded support on port[0] = 21 [ 27.651582] IPVS: ftp: loaded support on port[0] = 21 [ 27.690184] IPVS: ftp: loaded support on port[0] = 21 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 27.718887] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 27.740401] IPVS: ftp: loaded support on port[0] = 21 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 27.816714] IPVS: ftp: loaded support on port[0] = 21 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 27.886324] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 27.924487] IPVS: ftp: loaded support on port[0] = 21 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 27.947456] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.011263] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 28.075194] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.090287] IPVS: ftp: loaded support on port[0] = 21 RESULT: signal 0, coverage 0 errno 0 [ 28.146860] IPVS: ftp: loaded support on port[0] = 21 RESULT: signal 0, coverage 0 errno 0 [ 28.225332] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.246893] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.259306] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.271900] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.296475] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 28.386635] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.396793] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.412711] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.431417] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.458333] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.477640] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.513269] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.526309] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.546253] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 28.590922] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 28.606621] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -88 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.672262] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.681620] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.701271] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.767177] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.770331] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.807595] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 28.835207] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.857587] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 28.912240] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.925720] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 28.953569] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 28.954990] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 28.974207] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.077237] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 29.083699] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.108861] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.132881] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.137841] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.181284] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.197312] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.227149] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.240632] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.251077] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.425616] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.433376] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 29.445372] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.450842] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.463172] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.469578] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.488205] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.586281] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.622362] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.622931] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 29.636656] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.637916] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.664628] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.675358] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.682730] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 29.776301] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.807535] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.816595] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.826696] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.853123] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 29.853296] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.915344] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 29.948266] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.954837] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 29.969784] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 29.996748] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.045491] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.048867] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 30.074957] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 30.114372] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 30.132225] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.149512] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.163699] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.194681] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.207252] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.210119] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.277637] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.292297] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.315254] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.326433] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.348503] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.396055] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.404133] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.455599] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.476981] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.500798] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 30.519364] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 30.526346] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.558372] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.569785] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 30.592245] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.592432] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.636745] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.742402] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.785227] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.794256] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.810735] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 30.819243] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 30.933216] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 30.939925] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -88 [ 30.949212] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 30.994544] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.066936] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.087272] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.091189] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.100872] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.104245] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.132684] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.175324] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 31.251319] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.271664] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.282869] l2tp_core: tunl 2: sockfd_lookup(fd=6) returned -9 [ 31.295310] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.296961] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 31.333131] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.341459] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.356889] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 [ 31.420329] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.499276] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.502442] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.532452] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.547071] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.591065] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 31.618317] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.643984] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.655861] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.722277] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 31.736830] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.767417] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 31.781317] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.792517] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.816920] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.827999] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.838484] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.912344] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.919866] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 31.954579] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.963402] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 31.985351] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.017985] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 32.029679] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.117173] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.163299] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 32.179482] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 32.199693] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.228340] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.290240] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.307343] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.337700] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.349932] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.352268] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.373318] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.495612] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.511125] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.517774] l2tp_core: tunl 2: sockfd_lookup(fd=10) returned -9 [ 32.530247] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.534605] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.540938] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 RESULT: signal 0, coverage 0 errno 0 2018/04/04 01:37:30 executed programs: 233 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.604830] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.653734] l2tp_core: tunl 2: sockfd_lookup(fd=11) returned -9 [ 32.654095] ================================================================== [ 32.667315] BUG: KASAN: use-after-free in pppol2tp_connect+0x1ab3/0x1de0 [ 32.674151] Read of size 8 at addr ffff8801be0f1568 by task syz-executor4/5376 [ 32.682523] [ 32.684153] CPU: 0 PID: 5376 Comm: syz-executor4 Not tainted 4.16.0+ #288 [ 32.691069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.700412] Call Trace: [ 32.702995] dump_stack+0x1a7/0x27d [ 32.706620] ? arch_local_irq_restore+0x53/0x53 [ 32.711285] ? show_regs_print_info+0x18/0x18 [ 32.715782] ? kasan_check_write+0x14/0x20 [ 32.720013] ? pppol2tp_connect+0x1ab3/0x1de0 [ 32.724508] print_address_description+0x73/0x250 [ 32.729344] ? pppol2tp_connect+0x1ab3/0x1de0 [ 32.733837] kasan_report+0x23c/0x360 [ 32.737982] __asan_report_load8_noabort+0x14/0x20 [ 32.747077] pppol2tp_connect+0x1ab3/0x1de0 [ 32.751419] ? pppol2tp_recv_payload_hook+0x1b0/0x1b0 [ 32.756616] ? find_held_lock+0x35/0x1d0 [ 32.760699] ? __might_fault+0x110/0x1d0 [ 32.764775] ? lock_downgrade+0x980/0x980 [ 32.768937] ? lock_release+0xa40/0xa40 [ 32.772911] ? check_same_owner+0x320/0x320 [ 32.777240] ? __check_object_size+0x8b/0x530 [ 32.781750] ? __might_sleep+0x95/0x190 [ 32.785748] ? _copy_from_user+0x99/0x110 [ 32.789906] ? security_socket_connect+0x89/0xb0 [ 32.794678] __sys_connect+0x213/0x4a0 [ 32.798577] ? SyS_accept+0x30/0x30 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.802213] ? get_unused_fd_flags+0x121/0x190 [ 32.806813] ? compat_SyS_get_robust_list+0x300/0x300 [ 32.812015] ? SyS_userfaultfd+0x2ca/0x400 [ 32.816257] ? userfaultfd_unmap_complete+0x510/0x510 [ 32.821456] SyS_connect+0x24/0x30 [ 32.825003] ? __sys_connect+0x4a0/0x4a0 [ 32.829065] do_fast_syscall_32+0x3ec/0xf9f [ 32.833400] ? do_int80_syscall_32+0x9c0/0x9c0 [ 32.837986] ? finish_task_switch+0x1b9/0x970 [ 32.842484] ? finish_task_switch+0x17a/0x970 [ 32.846989] ? syscall_return_slowpath+0x2ac/0x550 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.852276] ? prepare_exit_to_usermode+0x350/0x350 [ 32.857307] ? sysret32_from_system_call+0x5/0x3c [ 32.862165] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.867021] entry_SYSENTER_compat+0x70/0x7f [ 32.871430] RIP: 0023:0xf7f4bc99 [ 32.874792] RSP: 002b:00000000f7f470ac EFLAGS: 00000282 ORIG_RAX: 000000000000016a [ 32.882508] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020e92000 [ 32.889780] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000000 [ 32.897053] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 RESULT: signal 0, coverage 0 errno 0 [ 32.904326] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 32.911599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.918897] [ 32.920527] Allocated by task 5386: [ 32.924164] save_stack+0x43/0xd0 [ 32.927615] kasan_kmalloc+0xad/0xe0 [ 32.931326] kasan_slab_alloc+0x12/0x20 [ 32.935301] kmem_cache_alloc+0x12e/0x760 [ 32.939538] sk_prot_alloc+0x65/0x2a0 [ 32.943339] sk_alloc+0x105/0x1450 [ 32.946877] inet_create+0x47c/0xf50 [ 32.950590] __sock_create+0x4d4/0x850 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 32.954477] __sys_socket+0xea/0x210 [ 32.958186] SyS_socket+0x24/0x30 [ 32.961640] do_fast_syscall_32+0x3ec/0xf9f [ 32.965976] entry_SYSENTER_compat+0x70/0x7f [ 32.970381] [ 32.972004] Freed by task 5211: [ 32.975284] save_stack+0x43/0xd0 [ 32.978737] __kasan_slab_free+0x11a/0x170 [ 32.982970] kasan_slab_free+0xe/0x10 [ 32.986769] kmem_cache_free+0x83/0x2a0 [ 32.990742] __sk_destruct+0x690/0x9f0 [ 32.994629] sk_destruct+0x47/0x80 [ 32.998172] __sk_free+0xf1/0x2b0 [ 33.001617] sk_free+0x2a/0x40 RESULT: signal 0, coverage 0 errno 0 [ 33.004813] l2tp_tunnel_del_work+0x474/0x6a0 [ 33.009306] process_one_work+0xc97/0x1c40 [ 33.013539] worker_thread+0x1c3/0x1380 [ 33.017509] kthread+0x33c/0x400 [ 33.020872] ret_from_fork+0x3a/0x50 [ 33.024577] [ 33.026199] The buggy address belongs to the object at ffff8801be0f1340 [ 33.026199] which belongs to the cache UDP of size 1472 [ 33.038253] The buggy address is located 552 bytes inside of [ 33.038253] 1472-byte region [ffff8801be0f1340, ffff8801be0f1900) [ 33.050216] The buggy address belongs to the page: [ 33.055142] page:ffffea0006f83c00 count:1 mapcount:0 mapping:ffff8801be0f0080 index:0x0 compound_mapcount: 0 [ 33.065119] flags: 0x2fffc0000008100(slab|head) [ 33.069796] raw: 02fffc0000008100 ffff8801be0f0080 0000000000000000 0000000100000005 [ 33.077685] raw: ffffea0007268a20 ffffea0006c00820 ffff8801d815c4c0 0000000000000000 [ 33.085564] page dumped because: kasan: bad access detected [ 33.091270] [ 33.092894] Memory state around the buggy address: [ 33.097820] ffff8801be0f1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb RESULT: signal 0, coverage 0 errno 0 [ 33.105181] ffff8801be0f1480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.112539] >ffff8801be0f1500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.119903] ^ [ 33.126664] ffff8801be0f1580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.134026] ffff8801be0f1600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.141366] ================================================================== [ 33.148700] Disabling lock debugging due to kernel taint [ 33.154386] Kernel panic - not syncing: panic_on_warn set ... [ 33.154386] [ 33.161749] CPU: 0 PID: 5376 Comm: syz-executor4 Tainted: G B 4.16.0+ #288 [ 33.169969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.179318] Call Trace: [ 33.181904] dump_stack+0x1a7/0x27d [ 33.185532] ? arch_local_irq_restore+0x53/0x53 [ 33.190203] ? kasan_end_report+0x32/0x50 [ 33.194354] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 33.199106] ? vsnprintf+0x1ed/0x1900 [ 33.202898] ? pppol2tp_connect+0x19c0/0x1de0 [ 33.207381] panic+0x1f8/0x42c [ 33.210548] ? refcount_error_report+0x214/0x214 [ 33.215282] ? do_raw_spin_unlock+0x9e/0x310 [ 33.219664] ? do_raw_spin_unlock+0x9e/0x310 [ 33.224060] ? pppol2tp_connect+0x1ab3/0x1de0 [ 33.228541] kasan_end_report+0x50/0x50 [ 33.232493] kasan_report+0x149/0x360 [ 33.236285] __asan_report_load8_noabort+0x14/0x20 [ 33.241194] pppol2tp_connect+0x1ab3/0x1de0 [ 33.245498] ? pppol2tp_recv_payload_hook+0x1b0/0x1b0 [ 33.250679] ? find_held_lock+0x35/0x1d0 [ 33.254739] ? __might_fault+0x110/0x1d0 [ 33.258779] ? lock_downgrade+0x980/0x980 [ 33.262906] ? lock_release+0xa40/0xa40 [ 33.266855] ? check_same_owner+0x320/0x320 [ 33.271164] ? __check_object_size+0x8b/0x530 [ 33.275655] ? __might_sleep+0x95/0x190 [ 33.279607] ? _copy_from_user+0x99/0x110 [ 33.283735] ? security_socket_connect+0x89/0xb0 [ 33.288479] __sys_connect+0x213/0x4a0 [ 33.292354] ? SyS_accept+0x30/0x30 [ 33.295963] ? get_unused_fd_flags+0x121/0x190 [ 33.300548] ? compat_SyS_get_robust_list+0x300/0x300 [ 33.305719] ? SyS_userfaultfd+0x2ca/0x400 [ 33.309931] ? userfaultfd_unmap_complete+0x510/0x510 [ 33.315101] SyS_connect+0x24/0x30 [ 33.318616] ? __sys_connect+0x4a0/0x4a0 [ 33.322656] do_fast_syscall_32+0x3ec/0xf9f [ 33.326955] ? do_int80_syscall_32+0x9c0/0x9c0 [ 33.331522] ? finish_task_switch+0x1b9/0x970 [ 33.335989] ? finish_task_switch+0x17a/0x970 [ 33.340467] ? syscall_return_slowpath+0x2ac/0x550 [ 33.345371] ? prepare_exit_to_usermode+0x350/0x350 [ 33.350374] ? sysret32_from_system_call+0x5/0x3c [ 33.355197] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.360034] entry_SYSENTER_compat+0x70/0x7f [ 33.364426] RIP: 0023:0xf7f4bc99 [ 33.367764] RSP: 002b:00000000f7f470ac EFLAGS: 00000282 ORIG_RAX: 000000000000016a [ 33.375456] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020e92000 [ 33.382716] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000000 [ 33.389963] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 33.397212] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 33.404456] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 33.412170] Dumping ftrace buffer: [ 33.415693] (ftrace buffer empty) [ 33.419378] Kernel Offset: disabled [ 33.422982] Rebooting in 86400 seconds..