[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 21.814388] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 27.794856] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[ 28.152741] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[ 28.865615] random: sshd: uninitialized urandom read (32 bytes read, 71 bits of entropy available)
[ 29.026825] random: sshd: uninitialized urandom read (32 bytes read, 73 bits of entropy available)
Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts.
[ 34.536014] random: sshd: uninitialized urandom read (32 bytes read, 77 bits of entropy available)
2018/08/17 23:46:40 parsed 1 programs
[ 36.112489] random: cc1: uninitialized urandom read (8 bytes read, 79 bits of entropy available)
2018/08/17 23:46:42 executed programs: 0
[ 37.196515] IPVS: Creating netns size=2552 id=1
[ 37.309053] IPVS: Creating netns size=2552 id=2
[ 37.371573] IPVS: Creating netns size=2552 id=3
[ 37.459627] IPVS: Creating netns size=2552 id=4
[ 37.593344] IPVS: Creating netns size=2552 id=5
[ 37.770740] IPVS: Creating netns size=2552 id=6
[ 38.007416] IPVS: Creating netns size=2552 id=7
[ 38.100791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 38.196515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 38.254826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 38.296823] IPVS: Creating netns size=2552 id=8
[ 38.367946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 38.577317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 38.637008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 38.660899] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 38.728246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 38.783914] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 38.821554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 39.129309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 39.205947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 39.218218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 39.232562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 39.243924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 39.293417] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 39.302907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 39.314982] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 39.415333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 39.425841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 39.453760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 39.501188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 39.513426] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 39.535198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 39.569596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 39.581557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 39.606103] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 39.650234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 39.658368] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 39.716579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 39.813678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 39.825954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 40.061562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 40.074842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 40.127076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 40.151522] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 40.168107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 40.179255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 40.222854] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 40.236187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 40.282849] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 40.347365] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 40.432257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 40.455486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 40.491484] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 40.545593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 40.563857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 40.585123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 40.603390] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 40.632598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 40.687356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 40.720581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 40.762201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 40.845587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 40.876422] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 40.926584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 40.979805] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 41.078045] ip (4566) used greatest stack depth: 23920 bytes left
[ 41.086359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 41.186997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 41.228599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 41.314295] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 41.413151] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 41.513400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 41.568945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 43.975793] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 43.997204] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 44.021450] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 44.211649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 44.307095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 44.329435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 44.466650] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 44.575933] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 44.701933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 44.766839] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 44.845421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.036675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.073320] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 45.293399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 45.355879] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 45.632432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/08/17 23:46:51 executed programs: 8
2018/08/17 23:46:56 executed programs: 194
2018/08/17 23:47:01 executed programs: 400
2018/08/17 23:47:06 executed programs: 599
2018/08/17 23:47:11 executed programs: 796
[ 70.539082] ==================================================================
[ 70.546786] BUG: KASAN: use-after-free in __lock_acquire+0x3c66/0x5270
[ 70.553463] Read of size 8 at addr ffff8801d81722a0 by task syz-executor5/9717
[ 70.560807]
[ 70.562437] CPU: 0 PID: 9717 Comm: syz-executor5 Not tainted 4.4.149-gf76bdbd #18
[ 70.570390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 70.579839] 0000000000000000 616d041d9a35a7a7 ffff8800b3bf7a30 ffffffff81e1440d
[ 70.588003] ffffea0007605c00 ffff8801d81722a0 0000000000000000 ffff8801d81722a0
[ 70.596023] 0000000000000000 ffff8800b3bf7a68 ffffffff81519a00 ffff8801d81722a0
[ 70.604093] Call Trace:
[ 70.606670] [<ffffffff81e1440d>] dump_stack+0xc1/0x124
[ 70.612046] [<ffffffff81519a00>] print_address_description+0x6c/0x216
[ 70.618765] [<ffffffff81519d1f>] kasan_report.cold.7+0x175/0x2f7
[ 70.625128] [<ffffffff81235806>] ? __lock_acquire+0x3c66/0x5270
[ 70.631298] [<ffffffff814fd574>] __asan_report_load8_noabort+0x14/0x20
[ 70.638063] [<ffffffff81235806>] __lock_acquire+0x3c66/0x5270
[ 70.644392] [<ffffffff8156bcff>] ? dput+0x1f/0x30
[ 70.649324] [<ffffffff81526fb1>] ? __fput+0x401/0x6f0
[ 70.654612] [<ffffffff81527325>] ? ____fput+0x15/0x20
[ 70.659891] [<ffffffff8118e8ef>] ? task_work_run+0x10f/0x190
[ 70.666359] [<ffffffff8100362d>] ? exit_to_usermode_loop+0x13d/0x160
[ 70.674858] [<ffffffff81232626>] ? __lock_acquire+0xa86/0x5270
[ 70.680897] [<ffffffff81231ba0>] ? debug_check_no_locks_freed+0x210/0x210
[ 70.688327] [<ffffffff81231ba0>] ? debug_check_no_locks_freed+0x210/0x210
[ 70.695340] [<ffffffff81e770ec>] ? debug_check_no_obj_freed+0x2ec/0x940
[ 70.702204] [<ffffffff812385ee>] lock_acquire+0x15e/0x450
[ 70.707833] [<ffffffff82f2da53>] ? lock_sock_nested+0x43/0x120
[ 70.713885] [<ffffffff811ca9ad>] ? get_parent_ip+0xd/0x50
[ 70.720726] [<ffffffff82f21360>] ? sock_release+0x1c0/0x1c0
[ 70.726511] [<ffffffff838c98da>] _raw_spin_lock_bh+0x3a/0x50
[ 70.732394] [<ffffffff82f2da53>] ? lock_sock_nested+0x43/0x120
[ 70.738446] [<ffffffff82f2da53>] lock_sock_nested+0x43/0x120
[ 70.744351] [<ffffffff835af5a0>] pppol2tp_release+0x50/0x310
[ 70.751451] [<ffffffff82f21236>] sock_release+0x96/0x1c0
[ 70.756985] [<ffffffff82f21376>] sock_close+0x16/0x20
[ 70.762250] [<ffffffff81526de5>] __fput+0x235/0x6f0
[ 70.767482] [<ffffffff81527325>] ____fput+0x15/0x20
[ 70.772607] [<ffffffff8118e8ef>] task_work_run+0x10f/0x190
[ 70.778310] [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[ 70.784711] [<ffffffff8100708e>] do_fast_syscall_32+0x61e/0x8b0
[ 70.790858] [<ffffffff838cbfc3>] sysenter_flags_fixed+0xd/0x1a
[ 70.796993]
[ 70.798626] Allocated by task 9726:
[ 70.802241] [<ffffffff81034676>] save_stack_trace+0x26/0x50
[ 70.808207] [<ffffffff814fc623>] save_stack+0x43/0xd0
[ 70.813728] [<ffffffff814fc907>] kasan_kmalloc+0xc7/0xe0
[ 70.819834] [<ffffffff814f9044>] __kmalloc+0x124/0x310
[ 70.825322] [<ffffffff82f2c914>] sk_prot_alloc+0x204/0x300
[ 70.831144] [<ffffffff82f322ea>] sk_alloc+0x3a/0x3a0
[ 70.836467] [<ffffffff835ab4c3>] pppol2tp_create+0x33/0x1f0
[ 70.842368] [<ffffffff828f8286>] pppox_create+0xf6/0x200
[ 70.848056] [<ffffffff82f27760>] __sock_create+0x2f0/0x5f0
[ 70.853897] [<ffffffff82f27c90>] SyS_socket+0xf0/0x1b0
[ 70.859385] [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[ 70.865669] [<ffffffff838cbfc3>] sysenter_flags_fixed+0xd/0x1a
[ 70.872915]
[ 70.874532] Freed by task 9717:
[ 70.877809] [<ffffffff81034676>] save_stack_trace+0x26/0x50
[ 70.883751] [<ffffffff814fc623>] save_stack+0x43/0xd0
[ 70.889167] [<ffffffff814fcf52>] kasan_slab_free+0x72/0xc0
[ 70.895004] [<ffffffff814fa4b4>] kfree+0xf4/0x310
[ 70.900040] [<ffffffff82f367a7>] sk_destruct+0x407/0x4c0
[ 70.905705] [<ffffffff82f368af>] __sk_free+0x4f/0x220
[ 70.911123] [<ffffffff82f36ab0>] sk_free+0x30/0x40
[ 70.916353] [<ffffffff835aea7f>] pppol2tp_session_sock_put+0x5f/0x70
[ 70.923057] [<ffffffff835a72fc>] l2tp_tunnel_closeall+0x23c/0x350
[ 70.929513] [<ffffffff835a7e8b>] l2tp_udp_encap_destroy+0x8b/0xf0
[ 70.935950] [<ffffffff83499e91>] udpv6_destroy_sock+0xb1/0xd0
[ 70.942730] [<ffffffff82f36b2d>] sk_common_release+0x6d/0x300
[ 70.948841] [<ffffffff83498b45>] udp_lib_close+0x15/0x20
[ 70.954797] [<ffffffff833004af>] inet_release+0xff/0x1d0
[ 70.960567] [<ffffffff83423140>] inet6_release+0x50/0x70
[ 70.966258] [<ffffffff82f21236>] sock_release+0x96/0x1c0
[ 70.971940] [<ffffffff82f21376>] sock_close+0x16/0x20
[ 70.977343] [<ffffffff81526de5>] __fput+0x235/0x6f0
[ 70.982577] [<ffffffff81527325>] ____fput+0x15/0x20
[ 70.987881] [<ffffffff8118e8ef>] task_work_run+0x10f/0x190
[ 70.993719] [<ffffffff8100362d>] exit_to_usermode_loop+0x13d/0x160
[ 71.000264] [<ffffffff8100708e>] do_fast_syscall_32+0x61e/0x8b0
[ 71.006742] [<ffffffff838cbfc3>] sysenter_flags_fixed+0xd/0x1a
[ 71.013052]
[ 71.014663] The buggy address belongs to the object at ffff8801d8172200
[ 71.014663] which belongs to the cache kmalloc-2048 of size 2048
[ 71.027494] The buggy address is located 160 bytes inside of
[ 71.027494] 2048-byte region [ffff8801d8172200, ffff8801d8172a00)
[ 71.039459] The buggy address belongs to the page:
[ 71.049907] ------------[ cut here ]------------
[ 71.054746] WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:263 debug_print_object+0x181/0x210()
[ 71.063430] ODEBUG: deactivate not available (active state 0) object type: hrtimer hint: hrtimer_wakeup+0x0/0x60
[ 71.074345] Kernel panic - not syncing: panic_on_warn set ...
[ 71.074345]
[ 71.082210] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.149-gf76bdbd #18
[ 71.089234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 71.098618] 0000000000000000 68a156150ce39776 ffff8801db307aa8 ffffffff81e1440d
[ 71.106774] ffffffff83a44e40 ffff8801d9a41800 ffffffff83c159c0 0000000000000009
[ 71.114855] 0000000000000107 ffff8801db307b68 ffffffff8140cf84 0000000041b58ab3
[ 71.122960] Call Trace:
[ 71.125977] <IRQ> [<ffffffff81e1440d>] dump_stack+0xc1/0x124
[ 71.132132] [<ffffffff8140cf84>] panic+0x19e/0x38d
[ 71.141746] [<ffffffff8140cde6>] ? add_taint.cold.4+0x16/0x16
[ 71.147732] [<ffffffff8140d18d>] ? warn_slowpath_common.cold.6+0x5/0x20
[ 71.155052] [<ffffffff8140d1a8>] warn_slowpath_common.cold.6+0x20/0x20
[ 71.161817] [<ffffffff81e749e1>] ? debug_print_object+0x181/0x210
[ 71.168148] [<ffffffff8129d550>] ? ktime_add_safe+0x150/0x150
[ 71.174141] [<ffffffff81132acf>] warn_slowpath_fmt+0xbf/0x100
[ 71.180136] [<ffffffff81132a10>] ? warn_slowpath_common+0x120/0x120
[ 71.186645] [<ffffffff81e749e1>] debug_print_object+0x181/0x210
[ 71.192803] [<ffffffff8129e280>] ? clock_was_set_work+0x30/0x30
[ 71.199832] [<ffffffff81e75f28>] debug_object_deactivate+0x208/0x340
[ 71.209965] [<ffffffff81e75d20>] ? debug_object_activate+0x480/0x480
[ 71.218257] [<ffffffff8122c1f2>] ? __lock_is_held+0xa2/0xf0
[ 71.224555] [<ffffffff812a0772>] __hrtimer_run_queues+0x222/0x1000
[ 71.231168] [<ffffffff812a0550>] ? retrigger_next_event+0x1c0/0x1c0
[ 71.238210] [<ffffffff810cdee3>] ? kvm_clock_read+0x23/0x40
[ 71.246169] [<ffffffff810cdf09>] ? kvm_clock_get_cycles+0x9/0x10
[ 71.252603] [<ffffffff812a20cb>] ? hrtimer_interrupt+0x20b/0x430
[ 71.261470] [<ffffffff812a2071>] hrtimer_interrupt+0x1b1/0x430
[ 71.271266] [<ffffffff810af544>] local_apic_timer_interrupt+0x74/0xa0
[ 71.280190] [<ffffffff838cd2dc>] smp_apic_timer_interrupt+0x7c/0xa0
[ 71.288375] [<ffffffff838cc220>] apic_timer_interrupt+0xa0/0xb0
[ 71.294995] <EOI> [<ffffffff838c9b8e>] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.307080] [<ffffffff838c9b87>] ? _raw_spin_unlock_irq+0x27/0x50
[ 71.316302] [<ffffffff811a6b87>] finish_task_switch+0x1e7/0x4e0
[ 71.324635] [<ffffffff811a6b5b>] ? finish_task_switch+0x1bb/0x4e0
[ 71.331410] [<ffffffff838bae54>] ? __schedule+0x794/0x1d70
[ 71.337131] [<ffffffff838bae60>] ? __schedule+0x7a0/0x1d70
[ 71.350917] [<ffffffff838bae54>] ? __schedule+0x794/0x1d70
[ 71.356650] [<ffffffff838bae94>] __schedule+0x7d4/0x1d70
[ 71.362212] [<ffffffff81e73f4b>] ? check_preemption_disabled+0x3b/0x170
[ 71.370632] [<ffffffff838bc62a>] schedule+0x7a/0x1b0
[ 71.380625] [<ffffffff838bcdc3>] schedule_preempt_disabled+0x13/0x20
[ 71.387228] [<ffffffff8121eb32>] cpu_startup_entry+0x2c2/0x780
[ 71.395914] [<ffffffff8121e870>] ? call_cpuidle+0xe0/0xe0
[ 71.402896] [<ffffffff810ac119>] start_secondary+0x329/0x400
[ 71.409249] [<ffffffff810abdf0>] ? set_cpu_sibling_map+0x1180/0x1180
[ 72.646453] Shutting down cpus with NMI
[ 72.654724] Dumping ftrace buffer:
[ 72.662037] (ftrace buffer empty)
[ 72.665782] Kernel Offset: disabled
[ 72.669824] Rebooting in 86400 seconds..