[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   21.482695] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.463479] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   26.966246] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available)
[   27.685604] random: sshd: uninitialized urandom read (32 bytes read, 72 bits of entropy available)
[   37.993483] random: sshd: uninitialized urandom read (32 bytes read, 79 bits of entropy available)
Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
[   43.628165] random: sshd: uninitialized urandom read (32 bytes read, 83 bits of entropy available)
[   43.727144] IPVS: Creating netns size=2552 id=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
Error: argument "bridge0" is wrong: Device does not exist

Error: argument "bridge0" is wrong: Device does not exist

[   43.902600] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   43.917978] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
Error: argument "bond0" is wrong: Device does not exist

Error: argument "bond0" is wrong: Device does not exist

[   43.996594] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   44.011752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
Error: argument "team0" is wrong: Device does not exist

Error: argument "team0" is wrong: Device does not exist

[   44.092083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   44.108454] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.124611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.141173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
Cannot find device "bridge0"
Cannot find device "bridge0"
Cannot find device "bridge0"
Cannot find device "bridge0"
Cannot find device "vcan0"
Cannot find device "vcan0"
Cannot find device "vcan0"
Cannot find device "vcan0"
RTNETLINK answers: Operation not supported
Cannot find device "gre0"
Cannot find device "gre0"
Cannot find device "gre0"
Cannot find device "gre0"
Cannot find device "gretap0"
Cannot find device "gretap0"
Cannot find device "gretap0"
Cannot find device "gretap0"
Cannot find device "ip_vti0"
Cannot find device "ip_vti0"
Cannot find device "ip_vti0"
Cannot find device "ip_vti0"
Cannot find device "ip6_vti0"
Cannot find device "ip6_vti0"
Cannot find device "ip6_vti0"
Cannot find device "ip6_vti0"
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
Cannot find device "erspan0"
Cannot find device "erspan0"
Cannot find device "erspan0"
Cannot find device "erspan0"
Cannot find device "bond0"
Cannot find device "bond0"
Cannot find device "bond0"
Cannot find device "bond0"
Cannot find device "team0"
Cannot find device "team0"
[   44.851635] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.890044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
Cannot find device "team0"
Cannot find device "team0"
executing program
executing program
[   45.171486] syz-executor808 (4186) used greatest stack depth: 23264 bytes left
[   45.175765] ==================================================================
[   45.175777] BUG: KASAN: slab-out-of-bounds in ip6_tnl_xmit2+0x2043/0x20d0
[   45.175781] Read of size 16 at addr ffff8801d7c1c730 by task syz-executor808/4187
[   45.175781] 
[   45.175787] CPU: 1 PID: 4187 Comm: syz-executor808 Not tainted 4.4.147-ga5fc665 #16
[   45.175789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.175796]  0000000000000000 2fd84b2ece1ebb4e ffff8801d7006a70 ffffffff81e12a4d
[   45.175802]  ffffea00075f0700 ffff8801d7c1c730 0000000000000000 ffff8801d7c1c738
[   45.175807]  ffff8800abd1d500 ffff8801d7006aa8 ffffffff81517fd6 ffff8801d7c1c730
[   45.175808] Call Trace:
[   45.175815]  [<ffffffff81e12a4d>] dump_stack+0xc1/0x124
[   45.175821]  [<ffffffff81517fd6>] print_address_description+0x6c/0x216
[   45.175825]  [<ffffffff815182f5>] kasan_report.cold.7+0x175/0x2f7
[   45.175829]  [<ffffffff8354d403>] ? ip6_tnl_xmit2+0x2043/0x20d0
[   45.175835]  [<ffffffff814fbebf>] __asan_report_load_n_noabort+0xf/0x20
[   45.175839]  [<ffffffff8354d403>] ip6_tnl_xmit2+0x2043/0x20d0
[   45.175846]  [<ffffffff8122ecd0>] ? check_usage_backwards+0x2e0/0x2e0
[   45.175850]  [<ffffffff8354b3c0>] ? ip6ip6_err+0x530/0x530
[   45.175856]  [<ffffffff8113fc2a>] ? __local_bh_enable_ip+0x6a/0xd0
[   45.175863]  [<ffffffff81322890>] ? make_kuid+0xf0/0x180
[   45.175867]  [<ffffffff8354dda0>] ip6_tnl_xmit+0x910/0xc60
[   45.175871]  [<ffffffff8354d490>] ? ip6_tnl_xmit2+0x20d0/0x20d0
[   45.175876]  [<ffffffff812312c0>] ? debug_check_no_locks_freed+0x210/0x210
[   45.175881]  [<ffffffff812312c0>] ? debug_check_no_locks_freed+0x210/0x210
[   45.175888]  [<ffffffff82f8ede1>] dev_hard_start_xmit+0x7b1/0x11c0
[   45.175893]  [<ffffffff82f91170>] __dev_queue_xmit+0x16c0/0x1c80
[   45.175901]  [<ffffffff82f8fc87>] ? __dev_queue_xmit+0x1d7/0x1c80
[   45.175906]  [<ffffffff812312c0>] ? debug_check_no_locks_freed+0x210/0x210
[   45.175911]  [<ffffffff82f8fab0>] ? netdev_pick_tx+0x2c0/0x2c0
[   45.175917]  [<ffffffff8311ae00>] ? ctnetlink_expect_event+0x770/0x770
[   45.175924]  [<ffffffff81e7257b>] ? check_preemption_disabled+0x3b/0x170
[   45.175928]  [<ffffffff82f91747>] dev_queue_xmit+0x17/0x20
[   45.175933]  [<ffffffff82fa2f75>] neigh_direct_output+0x15/0x20
[   45.175939]  [<ffffffff8321ba6b>] ip_finish_output2+0x6ab/0x1110
[   45.175943]  [<ffffffff8321b5d2>] ? ip_finish_output2+0x212/0x1110
[   45.175947]  [<ffffffff83101e35>] ? nf_ct_deliver_cached_events+0x335/0x560
[   45.175951]  [<ffffffff83101b83>] ? nf_ct_deliver_cached_events+0x83/0x560
[   45.175955]  [<ffffffff8321b3c0>] ? ip_copy_metadata+0x830/0x830
[   45.175959]  [<ffffffff832162ec>] ? ip_options_fragment+0x1ac/0x280
[   45.175963]  [<ffffffff8321de9c>] ip_do_fragment+0x19cc/0x2190
[   45.175967]  [<ffffffff8321b3c0>] ? ip_copy_metadata+0x830/0x830
[   45.175972]  [<ffffffff8321e7a3>] ip_fragment.constprop.51+0x143/0x200
[   45.175976]  [<ffffffff8321ecea>] ip_finish_output+0x48a/0xc00
[   45.175980]  [<ffffffff83222a79>] ip_output+0x219/0x4c0
[   45.175983]  [<ffffffff83222860>] ? ip_mc_output+0x980/0x980
[   45.175988]  [<ffffffff8321e860>] ? ip_fragment.constprop.51+0x200/0x200
[   45.175991]  [<ffffffff83224e39>] ? __ip_make_skb+0xe59/0x16a0
[   45.175995]  [<ffffffff8321f93b>] ip_local_out+0x9b/0x180
[   45.175999]  [<ffffffff832256bc>] ip_send_skb+0x3c/0xc0
[   45.176003]  [<ffffffff832ce4a3>] udp_send_skb+0x5c3/0xc60
[   45.176007]  [<ffffffff832ceb8e>] udp_push_pending_frames+0x4e/0xe0
[   45.176011]  [<ffffffff832d6ad7>] udp_sendmsg+0x1147/0x1c70
[   45.176015]  [<ffffffff832179a0>] ? ip_reply_glue_bits+0xc0/0xc0
[   45.176019]  [<ffffffff832d5990>] ? udp4_lib_lookup+0x60/0x60
[   45.176023]  [<ffffffff8113fc2a>] ? __local_bh_enable_ip+0x6a/0xd0
[   45.176028]  [<ffffffff81230b4b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   45.176033]  [<ffffffff82f31046>] ? release_sock+0x3b6/0x500
[   45.176037]  [<ffffffff81230d5d>] ? trace_hardirqs_on+0xd/0x10
[   45.176041]  [<ffffffff8113fc2a>] ? __local_bh_enable_ip+0x6a/0xd0
[   45.176047]  [<ffffffff838c8140>] ? _raw_spin_unlock_bh+0x30/0x40
[   45.176051]  [<ffffffff81231d46>] ? __lock_acquire+0xa86/0x5270
[   45.176055]  [<ffffffff82fa0d30>] ? dst_release+0x70/0xb0
[   45.176063]  [<ffffffff8349cec9>] udpv6_sendmsg+0x1d59/0x24c0
[   45.176068]  [<ffffffff812312c0>] ? debug_check_no_locks_freed+0x210/0x210
[   45.176072]  [<ffffffff8349b170>] ? udp6_lib_lookup2+0x990/0x990
[   45.176077]  [<ffffffff812312c0>] ? debug_check_no_locks_freed+0x210/0x210
[   45.176082]  [<ffffffff81c727a1>] ? sock_has_perm+0x1c1/0x400
[   45.176087]  [<ffffffff81c7287f>] ? sock_has_perm+0x29f/0x400
[   45.176090]  [<ffffffff81c7267f>] ? sock_has_perm+0x9f/0x400
[   45.176097]  [<ffffffff83306bc3>] ? inet_sendmsg+0x143/0x4d0
[   45.176101]  [<ffffffff83306c83>] inet_sendmsg+0x203/0x4d0
[   45.176105]  [<ffffffff83306af3>] ? inet_sendmsg+0x73/0x4d0
[   45.176109]  [<ffffffff83306a80>] ? inet_recvmsg+0x4c0/0x4c0
[   45.176114]  [<ffffffff82f2391c>] sock_sendmsg+0xcc/0x110
[   45.176118]  [<ffffffff82f250e1>] ___sys_sendmsg+0x441/0x880
[   45.176122]  [<ffffffff82f24ca0>] ? copy_msghdr_from_user+0x550/0x550
[   45.176126]  [<ffffffff81c7287f>] ? sock_has_perm+0x29f/0x400
[   45.176130]  [<ffffffff81c7267f>] ? sock_has_perm+0x9f/0x400
[   45.176135]  [<ffffffff83306bc3>] ? inet_sendmsg+0x143/0x4d0
[   45.176139]  [<ffffffff83306c8a>] ? inet_sendmsg+0x20a/0x4d0
[   45.176143]  [<ffffffff83306af3>] ? inet_sendmsg+0x73/0x4d0
[   45.176147]  [<ffffffff83306a80>] ? inet_recvmsg+0x4c0/0x4c0
[   45.176152]  [<ffffffff81279757>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   45.176157]  [<ffffffff8157b3cf>] ? __fget_light+0x9f/0x1f0
[   45.176161]  [<ffffffff8157b538>] ? __fdget+0x18/0x20
[   45.176166]  [<ffffffff82f20846>] ? sockfd_lookup_light+0xb6/0x160
[   45.176170]  [<ffffffff82f27764>] __sys_sendmmsg+0x1d4/0x2e0
[   45.176174]  [<ffffffff82f27590>] ? SyS_sendmsg+0x50/0x50
[   45.176179]  [<ffffffff834e4afa>] ? ip6_datagram_connect+0x3a/0x50
[   45.176183]  [<ffffffff832ff6ae>] ? inet_dgram_connect+0x11e/0x200
[   45.176188]  [<ffffffff82f2430a>] ? SYSC_connect+0x22a/0x300
[   45.176193]  [<ffffffff83011172>] compat_SyS_sendmmsg+0x32/0x40
[   45.176197]  [<ffffffff83011140>] ? compat_SyS_sendmsg+0x40/0x40
[   45.176201]  [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[   45.176207]  [<ffffffff838ca5c3>] sysenter_flags_fixed+0xd/0x1a
[   45.176208] 
[   45.176210] Allocated by task 4187:
[   45.176216]  [<ffffffff81034676>] save_stack_trace+0x26/0x50
[   45.176221]  [<ffffffff814fae93>] save_stack+0x43/0xd0
[   45.176228]  [<ffffffff814fb177>] kasan_kmalloc+0xc7/0xe0
[   45.176232]  [<ffffffff814f7894>] __kmalloc+0x124/0x310
[   45.176237]  [<ffffffff82fb3d56>] __neigh_create+0x1d6/0x1b20
[   45.176241]  [<ffffffff831f46ad>] ipv4_neigh_lookup+0x4dd/0x700
[   45.176246]  [<ffffffff8354b9d3>] ip6_tnl_xmit2+0x613/0x20d0
[   45.176250]  [<ffffffff8354dda0>] ip6_tnl_xmit+0x910/0xc60
[   45.176255]  [<ffffffff82f8ede1>] dev_hard_start_xmit+0x7b1/0x11c0
[   45.176259]  [<ffffffff82f91170>] __dev_queue_xmit+0x16c0/0x1c80
[   45.176264]  [<ffffffff82f91747>] dev_queue_xmit+0x17/0x20
[   45.176268]  [<ffffffff82fa2f75>] neigh_direct_output+0x15/0x20
[   45.176273]  [<ffffffff8321ba6b>] ip_finish_output2+0x6ab/0x1110
[   45.176277]  [<ffffffff8321de9c>] ip_do_fragment+0x19cc/0x2190
[   45.176282]  [<ffffffff8321e7a3>] ip_fragment.constprop.51+0x143/0x200
[   45.176286]  [<ffffffff8321ecea>] ip_finish_output+0x48a/0xc00
[   45.176290]  [<ffffffff83222a79>] ip_output+0x219/0x4c0
[   45.176294]  [<ffffffff8321f93b>] ip_local_out+0x9b/0x180
[   45.176298]  [<ffffffff832256bc>] ip_send_skb+0x3c/0xc0
[   45.176302]  [<ffffffff832ce4a3>] udp_send_skb+0x5c3/0xc60
[   45.176306]  [<ffffffff832ceb8e>] udp_push_pending_frames+0x4e/0xe0
[   45.176310]  [<ffffffff832d6ad7>] udp_sendmsg+0x1147/0x1c70
[   45.176314]  [<ffffffff8349cec9>] udpv6_sendmsg+0x1d59/0x24c0
[   45.176319]  [<ffffffff83306c83>] inet_sendmsg+0x203/0x4d0
[   45.176323]  [<ffffffff82f2391c>] sock_sendmsg+0xcc/0x110
[   45.176328]  [<ffffffff82f250e1>] ___sys_sendmsg+0x441/0x880
[   45.176332]  [<ffffffff82f27764>] __sys_sendmmsg+0x1d4/0x2e0
[   45.176336]  [<ffffffff83011172>] compat_SyS_sendmmsg+0x32/0x40
[   45.176340]  [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[   45.176345]  [<ffffffff838ca5c3>] sysenter_flags_fixed+0xd/0x1a
[   45.176346] 
[   45.176347] Freed by task 2542:
[   45.176352]  [<ffffffff81034676>] save_stack_trace+0x26/0x50
[   45.176356]  [<ffffffff814fae93>] save_stack+0x43/0xd0
[   45.176361]  [<ffffffff814fb7c2>] kasan_slab_free+0x72/0xc0
[   45.176364]  [<ffffffff814f8cc4>] kfree+0xf4/0x310
[   45.176370]  [<ffffffff8153a960>] free_pipe_info+0x210/0x2c0
[   45.176375]  [<ffffffff8153aac8>] put_pipe_info+0xb8/0xe0
[   45.176379]  [<ffffffff8153ac9f>] pipe_release+0x1af/0x250
[   45.176383]  [<ffffffff815253c5>] __fput+0x235/0x6f0
[   45.176388]  [<ffffffff81525905>] ____fput+0x15/0x20
[   45.176393]  [<ffffffff8118e00f>] task_work_run+0x10f/0x190
[   45.176397]  [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[   45.176402]  [<ffffffff81006535>] syscall_return_slowpath+0x1b5/0x1f0
[   45.176406]  [<ffffffff838c8df5>] int_ret_from_sys_call+0x25/0xa3
[   45.176407] 
[   45.176410] The buggy address belongs to the object at ffff8801d7c1c480
[   45.176410]  which belongs to the cache kmalloc-1024 of size 1024
[   45.176413] The buggy address is located 688 bytes inside of
[   45.176413]  1024-byte region [ffff8801d7c1c480, ffff8801d7c1c880)
[   45.176414] The buggy address belongs to the page:
[   45.179205] kasan: CONFIG_KASAN_INLINE enabled
[   45.179211] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   45.179214] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   45.179218] Dumping ftrace buffer:
[   45.179220]    (ftrace buffer empty)
[   45.179223] Modules linked in:
[   45.179228] CPU: 0 PID: 4186 Comm: syz-executor808 Not tainted 4.4.147-ga5fc665 #16
[   45.179230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.179233] task: ffff8800ba3fe000 task.stack: ffff8800b9890000
[   45.179243] RIP: 0010:[<ffffffff814f8963>]  [<ffffffff814f8963>] kmem_cache_free+0xd3/0x340
[   45.179246] RSP: 0018:ffff8801db207df8  EFLAGS: 00010287
[   45.179248] RAX: 0000000000000000 RBX: ffff8801d843f300 RCX: ffff8801d7c1c480
[   45.179251] RDX: 0000000000000000 RSI: 00000000000000fb RDI: ffffed003b087e60
[   45.179253] RBP: ffff8801db207e20 R08: ffff8801d843f2ff R09: ffffed003b087e60
[   45.179255] R10: 0000000000000001 R11: 0000000000000001 R12: ffffea0007610fc0
[   45.179258] R13: ffff8801d6d8bdc0 R14: ffffffff8118b2c9 R15: 0000000000000246
[   45.179262] FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   45.179264] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   45.179267] CR2: 00000000080d78a0 CR3: 000000000440c000 CR4: 00000000001606f0
[   45.179272] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   45.179274] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   45.179275] Stack:
[   45.179280]  ffff8801d843f300 ffff8800acc30000 0000000000000006 dffffc0000000000
[   45.179284]  ffff8801d843f328 ffff8801db207e40 ffffffff8118b2c9 ffff8801d843f320
[   45.179289]  ffff8801d9734230 ffff8801db207e58 ffffffff8118b316 ffff8801d843f320
[   45.179290] Call Trace:
[   45.179298]  <IRQ> 
[   45.179298]  [<ffffffff8118b2c9>] put_pid+0xf9/0x130
[   45.179302]  [<ffffffff8118b316>] delayed_put_pid+0x16/0x20
[   45.179309]  [<ffffffff81287fc7>] rcu_process_callbacks+0x927/0x1440
[   45.179313]  [<ffffffff812880b2>] ? rcu_process_callbacks+0xa12/0x1440
[   45.179316]  [<ffffffff8118b300>] ? put_pid+0x130/0x130
[   45.179322]  [<ffffffff838cc17c>] __do_softirq+0x22c/0xa1a
[   45.179328]  [<ffffffff81141a8d>] irq_exit+0x10d/0x140
[   45.179332]  [<ffffffff838cb8e1>] smp_apic_timer_interrupt+0x81/0xa0
[   45.179336]  [<ffffffff838ca820>] apic_timer_interrupt+0xa0/0xb0
[   45.179342]  <EOI> 
[   45.179342]  [<ffffffff8125ef09>] ? console_unlock+0x659/0xa10
[   45.179346]  [<ffffffff8125ef14>] ? console_unlock+0x664/0xa10
[   45.179350]  [<ffffffff8125f7de>] vprintk_emit+0x51e/0x840
[   45.179355]  [<ffffffff8125fb28>] vprintk+0x28/0x30
[   45.179358]  [<ffffffff8125fb4d>] vprintk_default+0x1d/0x30
[   45.179365]  [<ffffffff81417848>] printk+0xaf/0xd7
[   45.179369]  [<ffffffff81417799>] ? log_wakeup_reason.cold.1+0x13f/0x13f
[   45.179373]  [<ffffffff811382cb>] ? do_exit+0x183b/0x26b0
[   45.179379]  [<ffffffff838c8737>] ? _raw_write_unlock_irq+0x27/0x50
[   45.179384]  [<ffffffff8140cb9c>] do_exit.cold.21+0x5d/0x2bb
[   45.179389]  [<ffffffff8149ec58>] ? handle_mm_fault+0x19d8/0x30b0
[   45.179393]  [<ffffffff81136a90>] ? release_task.part.17+0x1200/0x1200
[   45.179397]  [<ffffffff8113d3b1>] do_group_exit+0x111/0x330
[   45.179400]  [<ffffffff8113d5d0>] ? do_group_exit+0x330/0x330
[   45.179404]  [<ffffffff8113d5ed>] SyS_exit_group+0x1d/0x20
[   45.179410]  [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[   45.179414]  [<ffffffff838ca5c3>] sysenter_flags_fixed+0xd/0x1a
[   45.179471] Code: 41 f6 45 0a 40 0f 84 c9 00 00 00 48 89 de 4c 89 ef e8 02 2e 00 00 49 8b 45 08 25 00 00 08 08 48 3d 00 00 00 08 74 50 49 8b 4d 00 <65> 48 8b 51 08 48 89 c8 65 48 03 05 bd d7 b1 7e 48 8b 70 08 48 
[   45.179475] RIP  [<ffffffff814f8963>] kmem_cache_free+0xd3/0x340
[   45.179476]  RSP <ffff8801db207df8>
[   45.179482] ---[ end trace f41d395388bb95e9 ]---
[   45.179485] Kernel panic - not syncing: Fatal exception in interrupt
[   46.279958] Shutting down cpus with NMI
[   46.280848] Dumping ftrace buffer:
[   46.280851]    (ftrace buffer empty)
[   46.280853] Kernel Offset: disabled
[   47.535398] Rebooting in 86400 seconds..