Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.713578] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.208893] random: sshd: uninitialized urandom read (32 bytes read, 43 bits of entropy available) [ 27.680312] random: sshd: uninitialized urandom read (32 bytes read, 43 bits of entropy available) [ 28.614679] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. 2018/03/07 03:12:31 parsed 1 programs 2018/03/07 03:12:31 executed programs: 0 [ 34.610859] IPVS: Creating netns size=2552 id=1 [ 35.692458] ================================================================== [ 35.699837] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1a2c/0x1a70 [ 35.706299] Read of size 8 at addr ffff8801cccbc798 by task syz-executor0/4079 [ 35.713713] [ 35.715317] CPU: 0 PID: 4079 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 [ 35.722904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.732224] 0000000000000000 b37f73626f75f742 ffff8800aaff7628 ffffffff81d0408d [ 35.740194] ffffea0007332f00 ffff8801cccbc798 0000000000000000 ffff8801cccbc798 [ 35.748150] 0000000000000040 ffff8800aaff7660 ffffffff814fe143 ffff8801cccbc798 [ 35.756114] Call Trace: [ 35.758671] [] dump_stack+0xc1/0x124 [ 35.764006] [] print_address_description+0x73/0x260 [ 35.770641] [] kasan_report+0x285/0x370 [ 35.776237] [] ? ip6_xmit+0x1a2c/0x1a70 [ 35.781830] [] __asan_report_load8_noabort+0x14/0x20 [ 35.788552] [] ip6_xmit+0x1a2c/0x1a70 [ 35.793971] [] ? save_trace+0xe0/0x270 [ 35.799478] [] ? pskb_expand_head+0x28b/0x980 [ 35.805590] [] ? ip6_finish_output2+0x1c60/0x1c60 [ 35.812052] [] ? __lock_is_held+0xa1/0xf0 [ 35.817821] [] ? ipv4_dst_check+0x111/0x160 [ 35.823772] [] ? __sk_dst_check+0x148/0x260 [ 35.829909] [] inet6_csk_xmit+0x246/0x480 [ 35.835680] [] ? inet6_csk_xmit+0x100/0x480 [ 35.841624] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 35.848174] [] ? udp6_set_csum+0x336/0xa80 [ 35.854024] [] l2tp_xmit_skb+0xc2f/0xea0 [ 35.859700] [] pppol2tp_sendmsg+0x584/0x7f0 [ 35.865641] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 35.872098] [] ? pppol2tp_release+0x310/0x310 [ 35.878211] [] sock_sendmsg+0xca/0x110 [ 35.883715] [] ___sys_sendmsg+0x6c1/0x7c0 [ 35.889486] [] ? copy_msghdr_from_user+0x550/0x550 [ 35.896056] [] ? __alloc_pages_direct_compact+0x250/0x250 [ 35.903221] [] ? do_futex+0x3f4/0x15d0 [ 35.908733] [] ? __lock_is_held+0xa1/0xf0 [ 35.914513] [] ? exit_robust_list+0x240/0x240 [ 35.920637] [] ? do_huge_pmd_anonymous_page+0x549/0xa10 [ 35.927622] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 35.934342] [] ? __fget_light+0xa3/0x1e0 [ 35.940021] [] ? __fdget+0x18/0x20 [ 35.945178] [] ? sockfd_lookup_light+0x118/0x160 [ 35.951554] [] __sys_sendmsg+0xd3/0x190 [ 35.957146] [] ? SyS_shutdown+0x1b0/0x1b0 [ 35.962926] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 35.969048] [] ? __do_page_fault+0x380/0xa00 [ 35.975079] [] compat_SyS_sendmsg+0x2a/0x40 [ 35.981017] [] ? compat_SyS_getsockopt+0x2a0/0x2a0 [ 35.987565] [] do_fast_syscall_32+0x321/0x8a0 [ 35.993678] [] sysenter_flags_fixed+0xd/0x17 [ 35.999700] [ 36.001299] Allocated by task 0: [ 36.004630] (stack is not available) [ 36.008306] [ 36.009901] Freed by task 0: [ 36.012886] (stack is not available) [ 36.016562] [ 36.018159] The buggy address belongs to the object at ffff8801cccbc780 [ 36.018159] which belongs to the cache ip_dst_cache of size 208 [ 36.030871] The buggy address is located 24 bytes inside of [ 36.030871] 208-byte region [ffff8801cccbc780, ffff8801cccbc850) [ 36.042622] The buggy address belongs to the page: [ 36.047938] ------------[ cut here ]------------ [ 36.052698] WARNING: CPU: 1 PID: 0 at kernel/sched/sched.h:796 update_load_avg+0xc6a/0x1b80() [ 36.061482] Kernel panic - not syncing: panic_on_warn set ... [ 36.061482] [ 36.068847] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.120-gd63fdf6 #29 [ 36.075845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.085197] 0000000000000000 d7448d66f5a1c510 ffff8801d9b5fa28 ffffffff81d0408d [ 36.093254] ffffffff83843b40 ffff8801d9b5fb00 ffffffff83852b60 0000000000000009 [ 36.101293] 000000000000031c ffff8801d9b5faf0 ffffffff8141ab2a 0000000041b58ab3 [ 36.109332] Call Trace: [ 36.111912] [] dump_stack+0xc1/0x124 [ 36.117268] [] panic+0x1aa/0x388 [ 36.122282] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 36.129202] [] ? pm_qos_get_value.part.4+0xb/0xb [ 36.135601] [] ? warn_slowpath_common+0x10a/0x140 [ 36.142093] [] warn_slowpath_common+0x125/0x140 [ 36.148419] [] ? update_load_avg+0xc6a/0x1b80 [ 36.154564] [] ? dump_page_badflags+0x191/0x250 [ 36.160877] [] ? dump_page+0x9/0x30 [ 36.166145] [] warn_slowpath_null+0x29/0x30 [ 36.172105] [] update_load_avg+0xc6a/0x1b80 [ 36.178076] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 36.184910] [] ? update_stats_wait_end+0x4db/0xa30 [ 36.191477] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 36.198480] [] set_next_entity+0x2bd/0x3d0 [ 36.204364] [] pick_next_task_fair+0xb11/0x2220 [ 36.210676] [] ? check_preemption_disabled+0x3b/0x200 [ 36.217509] [] ? load_balance+0x2ca0/0x2ca0 [ 36.223472] [] __schedule+0xc44/0x1ca0 [ 36.229005] [] ? check_preemption_disabled+0x3b/0x200 [ 36.235858] [] ? assoc_array_gc+0x12f0/0x1300 [ 36.242006] [] schedule+0x7a/0x1b0 [ 36.247192] [] schedule_preempt_disabled+0x13/0x20 [ 36.253766] [] cpu_startup_entry+0x2c0/0x8f0 [ 36.259824] [] ? call_cpuidle+0xe0/0xe0 [ 36.265450] [] ? clockevents_register_device+0x122/0x230 [ 36.272550] [] start_secondary+0x304/0x3e0 [ 36.278434] [] ? set_cpu_sibling_map+0x1080/0x1080 [ 37.428653] Shutting down cpus with NMI [ 37.433475] Dumping ftrace buffer: [ 37.437232] (ftrace buffer empty) [ 37.440942] Kernel Offset: disabled [ 37.444644] Rebooting in 86400 seconds..