[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   21.653040] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.020748] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   26.388914] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   27.152015] random: sshd: uninitialized urandom read (32 bytes read, 73 bits of entropy available)
[   27.324630] random: sshd: uninitialized urandom read (32 bytes read, 75 bits of entropy available)
Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts.
[   32.773489] random: sshd: uninitialized urandom read (32 bytes read, 80 bits of entropy available)
2018/08/03 15:45:25 parsed 1 programs
[   34.595117] random: cc1: uninitialized urandom read (8 bytes read, 82 bits of entropy available)
2018/08/03 15:45:28 executed programs: 0
[   36.053793] IPVS: Creating netns size=2552 id=1
[   36.129551] IPVS: Creating netns size=2552 id=2
[   36.221399] IPVS: Creating netns size=2552 id=3
[   36.301577] IPVS: Creating netns size=2552 id=4
[   36.444633] IPVS: Creating netns size=2552 id=5
[   36.651280] IPVS: Creating netns size=2552 id=6
[   36.745747] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   36.782858] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   36.847455] IPVS: Creating netns size=2552 id=7
[   37.128268] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   37.188137] IPVS: Creating netns size=2552 id=8
[   37.238181] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   37.359081] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.427568] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.441998] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.561782] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.757942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   37.818032] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.829033] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   37.890681] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.899786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.945477] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.015371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   38.050786] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.127389] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.135479] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.145779] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.171905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.368560] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.431542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.479318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.500386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.598061] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   38.610376] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   38.740905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   38.750482] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   38.772906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.790872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   38.832132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.848217] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.861059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   38.869844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   38.945914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   38.957200] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.991260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   39.001285] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.073250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   39.134485] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.260364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.342985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.358140] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   39.370322] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.416582] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   39.446823] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   39.471514] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.543811] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   39.636952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.666065] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.679852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.756847] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.846812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.867948] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   39.927654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.956539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   39.969298] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   40.031990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.058873] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   40.110408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.532405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   40.631223] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   40.707189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.772536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   43.494551] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   43.744789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.385516] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.603834] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.621075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.732453] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.850216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.883267] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.027379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.082296] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.146858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.197644] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.371300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.466496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/08/03 15:45:38 executed programs: 8
[   46.028736] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   46.246847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/08/03 15:45:43 executed programs: 167
2018/08/03 15:45:48 executed programs: 390
[   58.520671] ==================================================================
[   58.528109] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x177c/0x1a00
[   58.534618] Read of size 8 at addr ffff8801d2ca8f18 by task syz-executor7/8742
[   58.541970] 
[   58.543602] CPU: 1 PID: 8742 Comm: syz-executor7 Not tainted 4.4.145-g2241aa9 #14
[   58.551218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.560575]  0000000000000000 e5b65ae149c9eb3c ffff8800adb8f548 ffffffff81e123cd
[   58.568670]  ffffea00074b2a00 ffff8801d2ca8f18 0000000000000000 ffff8801d2ca8f18
[   58.576719]  0000000000001200 ffff8800adb8f580 ffffffff81517d66 ffff8801d2ca8f18
[   58.584742] Call Trace:
[   58.587314]  [<ffffffff81e123cd>] dump_stack+0xc1/0x124
[   58.592671]  [<ffffffff81517d66>] print_address_description+0x6c/0x216
[   58.599333]  [<ffffffff81518085>] kasan_report.cold.7+0x175/0x2f7
[   58.605563]  [<ffffffff8343200c>] ? ip6_xmit+0x177c/0x1a00
[   58.611187]  [<ffffffff814fbb74>] __asan_report_load8_noabort+0x14/0x20
[   58.617940]  [<ffffffff8343200c>] ip6_xmit+0x177c/0x1a00
[   58.623393]  [<ffffffff814fb552>] ? kasan_slab_free+0x72/0xc0
[   58.629273]  [<ffffffff814f8a54>] ? kfree+0xf4/0x310
[   58.634374]  [<ffffffff82f45f63>] ? pskb_expand_head+0x683/0x970
[   58.640515]  [<ffffffff83430890>] ? ip6_finish_output2+0x1ca0/0x1ca0
[   58.647005]  [<ffffffff8122b912>] ? __lock_is_held+0xa2/0xf0
[   58.652799]  [<ffffffff831edd81>] ? ipv4_dst_check+0x111/0x160
[   58.658766]  [<ffffffff82f29fe4>] ? __sk_dst_check+0x114/0x270
[   58.664756]  [<ffffffff834f2055>] inet6_csk_xmit+0x245/0x490
[   58.670561]  [<ffffffff834f1f0f>] ? inet6_csk_xmit+0xff/0x490
[   58.676440]  [<ffffffff834f1e10>] ? inet6_csk_update_pmtu+0x160/0x160
[   58.683026]  [<ffffffff83560743>] ? udp6_set_csum+0xd3/0xa70
[   58.688827]  [<ffffffff835a169b>] l2tp_xmit_skb+0xbeb/0xeb0
[   58.694534]  [<ffffffff835adbd0>] pppol2tp_sendmsg+0x4e0/0x7d0
[   58.700501]  [<ffffffff81c7254f>] ? selinux_socket_sendmsg+0x3f/0x50
[   58.706989]  [<ffffffff835ad6f0>] ? pppol2tp_release+0x310/0x310
[   58.713142]  [<ffffffff82f22e1c>] sock_sendmsg+0xcc/0x110
[   58.718686]  [<ffffffff82f245e1>] ___sys_sendmsg+0x441/0x880
[   58.724494]  [<ffffffff82f241a0>] ? copy_msghdr_from_user+0x550/0x550
[   58.731080]  [<ffffffff8157b15f>] ? __fget_light+0x9f/0x1f0
[   58.736816]  [<ffffffff8157b2c8>] ? __fdget+0x18/0x20
[   58.742011]  [<ffffffff82f1fd46>] ? sockfd_lookup_light+0xb6/0x160
[   58.748329]  [<ffffffff82f26c64>] __sys_sendmmsg+0x1d4/0x2e0
[   58.754136]  [<ffffffff82f26a90>] ? SyS_sendmsg+0x50/0x50
[   58.759668]  [<ffffffff83010662>] compat_SyS_sendmmsg+0x32/0x40
[   58.765722]  [<ffffffff83010630>] ? compat_SyS_sendmsg+0x40/0x40
[   58.771863]  [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[   58.778014]  [<ffffffff838c9e43>] sysenter_flags_fixed+0xd/0x1a
[   58.784056] 
[   58.785685] Allocated by task 6724:
[   58.789286]  [<ffffffff81034676>] save_stack_trace+0x26/0x50
[   58.795196]  [<ffffffff814fac23>] save_stack+0x43/0xd0
[   58.800606]  [<ffffffff814faf07>] kasan_kmalloc+0xc7/0xe0
[   58.806277]  [<ffffffff814fb4d2>] kasan_slab_alloc+0x12/0x20
[   58.812207]  [<ffffffff814f6fce>] kmem_cache_alloc+0xbe/0x2a0
[   58.818218]  [<ffffffff82fa1375>] dst_alloc+0xb5/0x1a0
[   58.823632]  [<ffffffff831ee4c8>] rt_dst_alloc+0x78/0x430
[   58.829278]  [<ffffffff831f798c>] __ip_route_output_key_hash+0x9ac/0x2380
[   58.836323]  [<ffffffff831f9e39>] ip_route_output_flow+0x29/0xa0
[   58.842675]  [<ffffffff832c3dc3>] __ip4_datagram_connect+0x663/0xfe0
[   58.849286]  [<ffffffff834e2fb5>] __ip6_datagram_connect+0x5b5/0x1960
[   58.856000]  [<ffffffff834e438f>] ip6_datagram_connect+0x2f/0x50
[   58.862272]  [<ffffffff832feed7>] inet_dgram_connect+0x117/0x200
[   58.868540]  [<ffffffff82f23798>] SYSC_connect+0x1b8/0x300
[   58.874291]  [<ffffffff82f260d4>] SyS_connect+0x24/0x30
[   58.879778]  [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[   58.886059]  [<ffffffff838c9e43>] sysenter_flags_fixed+0xd/0x1a
[   58.892249] 
[   58.893857] Freed by task 0:
[   58.896853] (stack is not available)
[   58.900552] 
[   58.902159] The buggy address belongs to the object at ffff8801d2ca8dc0
[   58.902159]  which belongs to the cache ip_dst_cache of size 208
[   58.914895] The buggy address is located 136 bytes to the right of
[   58.914895]  208-byte region [ffff8801d2ca8dc0, ffff8801d2ca8e90)
[   58.927295] The buggy address belongs to the page:
[   58.933579] kasan: CONFIG_KASAN_INLINE enabled
[   58.938021] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   58.950994] Dumping ftrace buffer:
[   58.954534]    (ftrace buffer empty)
[   58.958245] Modules linked in:
[   58.961573] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.145-g2241aa9 #14
[   58.968588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.977953] task: ffffffff84417840 task.stack: ffffffff84400000
[   58.984021] RIP: 0010:[<ffffffff810e96a6>]  [<ffffffff810e96a6>] load_new_mm_cr3+0x56/0xa0
[   58.992583] RSP: 0018:ffffffff84407d20  EFLAGS: 00010046
[   58.998034] RAX: 0000000000000000 RBX: 00006200074b2a00 RCX: 0000000000000049
[   59.005311] RDX: 0000000000000000 RSI: ffffffff81e71efb RDI: 00006200074b2a00
[   59.012593] RBP: ffffffff84407d28 R08: ffffffff83a456e0 R09: ffffffff84a16c38
[   59.019870] R10: dffffc0000000000 R11: ffffffff84417840 R12: ffff8800b1e4f700
[   59.027245] R13: 0000000000000000 R14: ffff8800ad56ad00 R15: 0000000000000c84
[   59.034531] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   59.042767] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   59.048662] CR2: 00000000f7726db0 CR3: 00000000bb085000 CR4: 00000000001606f0
[   59.055951] Stack:
[   59.058103]  ffff8800ad56ad00 ffffffff84407d70 ffffffff810ea3a8 ffff8801db21fe68
[   59.066191]  ffffffff83a456e0 ffff8801db21f540 ffff8800b1e4f700 ffff8800ad56ad00
[   59.074282]  ffffffff84417ce0 ffffffff83a456e0 ffffffff84407df8 ffffffff838b8c3a
[   59.082368] Call Trace:
[   59.084966]  [<ffffffff810ea3a8>] switch_mm_irqs_off+0x148/0xd20
[   59.091141]  [<ffffffff838b8c3a>] __schedule+0x6fa/0x1d70
[   59.096703]  [<ffffffff81e71efb>] ? check_preemption_disabled+0x3b/0x170
[   59.103573]  [<ffffffff838ba4aa>] schedule+0x7a/0x1b0
[   59.108790]  [<ffffffff838bac43>] schedule_preempt_disabled+0x13/0x20
[   59.115391]  [<ffffffff8121e252>] cpu_startup_entry+0x2c2/0x780
[   59.121470]  [<ffffffff8121df90>] ? call_cpuidle+0xe0/0xe0
[   59.127111]  [<ffffffff838b5611>] rest_init+0x188/0x18e
[   59.132508]  [<ffffffff84a4d8a1>] start_kernel+0x6b3/0x6e7
[   59.138165]  [<ffffffff84a4d1ee>] ? thread_stack_cache_init+0xb/0xb
[   59.144599]  [<ffffffff84a4c120>] ? early_idt_handler_array+0x120/0x120
[   59.151377]  [<ffffffff84a4c120>] ? early_idt_handler_array+0x120/0x120
[   59.158169]  [<ffffffff84a4c30f>] x86_64_start_reservations+0x29/0x2b
[   59.164770]  [<ffffffff84a4c450>] x86_64_start_kernel+0x13f/0x162
[   59.171011] Code: a1 84 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1e 8b 05 71 d5 92 03 85 c0 75 0d 48 89 df <0f> 22 df 0f 1f 40 00 5b 5d c3 e8 9b 4f 00 00 eb ec e8 84 24 41 
[   59.198928] RIP  [<ffffffff810e96a6>] load_new_mm_cr3+0x56/0xa0
[   59.205135]  RSP <ffffffff84407d20>
[   59.208772] ---[ end trace 5ec7f89f6897b67d ]---
[   59.213539] Kernel panic - not syncing: Fatal exception
[   60.337973] Shutting down cpus with NMI
[   60.342554] Dumping ftrace buffer:
[   60.346105]    (ftrace buffer empty)
[   60.349801] Kernel Offset: disabled
[   60.353410] Rebooting in 86400 seconds..