random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available) random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available) random: nonblocking pool is initialized IPVS: Creating netns size=2552 id=1 ================================================================== BUG: KASAN: slab-out-of-bounds in ip6_dst_idev include/net/ip6_fib.h:141 [inline] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1a2c/0x1a70 net/ipv6/ip6_output.c:237 Read of size 8 at addr ffff8801d2925a18 by task syz-executor0/4060 CPU: 1 PID: 4060 Comm: syz-executor0 Not tainted 4.4.120-gd63fdf6 #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 4c81dce1c5237610 ffff8801d74cf628 ffffffff81d0408d ffffea00074a4940 ffff8801d2925a18 0000000000000000 ffff8801d2925a18 0000000000000040 ffff8801d74cf660 ffffffff814fe143 ffff8801d2925a18 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_address_description+0x73/0x260 mm/kasan/report.c:252 [] kasan_report_error mm/kasan/report.c:351 [inline] [] kasan_report+0x285/0x370 mm/kasan/report.c:408 [] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429 [] ip6_dst_idev include/net/ip6_fib.h:141 [inline] [] ip6_xmit+0x1a2c/0x1a70 net/ipv6/ip6_output.c:237 [] inet6_csk_xmit+0x246/0x480 net/ipv6/inet6_connection_sock.c:176 [] l2tp_xmit_core net/l2tp/l2tp_core.c:1084 [inline] [] l2tp_xmit_skb+0xc2f/0xea0 net/l2tp/l2tp_core.c:1179 [] pppol2tp_sendmsg+0x584/0x7f0 net/l2tp/l2tp_ppp.c:355 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962 [] __sys_sendmsg+0xd3/0x190 net/socket.c:1996 [] C_SYSC_sendmsg net/compat.c:720 [inline] [] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:718 [] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline] [] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459 [] sysenter_flags_fixed+0xd/0x17 Allocated by task 0: (stack is not available) Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8801d2925a00 which belongs to the cache ip_dst_cache of size 208 The buggy address is located 24 bytes inside of 208-byte region [ffff8801d2925a00, ffff8801d2925ad0) The buggy address belongs to the page: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. Initializing cgroup subsys cpuset Initializing cgroup subsys cpu Initializing cgroup subsys cpuacct Initializing cgroup subsys schedtune Linux version 4.4.120-gd63fdf6 (syzkaller@ci) (gcc version 7.1.1 20170620 (GCC) ) #29 SMP PREEMPT Tue Mar 6 13:11:38 UTC 2018 Command line: BOOT_IMAGE=/vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 workqueue.watchdog_thresh=120 KERNEL supported cpus: Intel GenuineIntel AMD AuthenticAMD Centaur CentaurHauls x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 x86/fpu: Supporting XSAVE feature 0x01: 'x87 floating point registers' x86/fpu: Supporting XSAVE feature 0x02: 'SSE registers' x86/fpu: Supporting XSAVE feature 0x04: 'AVX registers' x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format. x86/fpu: Using 'eager' FPU context switches. e820: BIOS-provided physical RAM map: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved BIOS-e820: [mem 0x0000000000100000-0x00000000bfff2fff] usable BIOS-e820: [mem 0x00000000bfff3000-0x00000000bfffffff] reserved BIOS-e820: [mem 0x00000000fffbc000-0x00000000ffffffff] reserved BIOS-e820: [mem 0x0000000100000000-0x000000021fffffff] usable bootconsole [earlyser0] enabled NX (Execute Disable) protection: active SMBIOS 2.4 present. Hypervisor detected: KVM e820: last_pfn = 0x220000 max_arch_pfn = 0x400000000 x86/PAT: Configuration [0-7]: WB WC UC- UC WB WC UC- WT e820: last_pfn = 0xbfff3 max_arch_pfn = 0x400000000 found SMP MP-table at [mem 0x000f23e0-0x000f23ef] mapped at [ffff8800000f23e0] Scanning 1 areas for low memory corruption Using GB pages for direct mapping ACPI: Early table checksum verification disabled ACPI: RSDP 0x00000000000F23A0 000014 (v00 Google) ACPI: RSDT 0x00000000BFFF3430 000038 (v01 Google GOOGRSDT 00000001 GOOG 00000001) ACPI: FACP 0x00000000BFFFCF60 0000F4 (v02 Google GOOGFACP 00000001 GOOG 00000001) ACPI: DSDT 0x00000000BFFF3470 0017B2 (v01 Google GOOGDSDT 00000001 GOOG 00000001) ACPI: FACS 0x00000000BFFFCF00 000040 ACPI: FACS 0x00000000BFFFCF00 000040 ACPI: SSDT 0x00000000BFFF65F0 00690D (v01 Google GOOGSSDT 00000001 GOOG 00000001) ACPI: APIC 0x00000000BFFF5D10 000076 (v01 Google GOOGAPIC 00000001 GOOG 00000001) ACPI: WAET 0x00000000BFFF5CE0 000028 (v01 Google GOOGWAET 00000001 GOOG 00000001) ACPI: SRAT 0x00000000BFFF4C30 0000C8 (v01 Google GOOGSRAT 00000001 GOOG 00000001) kvm-clock: Using msrs 4b564d01 and 4b564d00 kvm-clock: cpu 0, msr 2:1fffd001, primary cpu clock kvm-clock: using sched offset of 2012038271 cycles clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns Zone ranges: DMA [mem 0x0000000000001000-0x0000000000ffffff] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] Normal [mem 0x0000000100000000-0x000000021fffffff] Movable zone start for each node Early memory node ranges node 0: [mem 0x0000000000001000-0x000000000009efff] node 0: [mem 0x0000000000100000-0x00000000bfff2fff] node 0: [mem 0x0000000100000000-0x000000021fffffff] Initmem setup node 0 [mem 0x0000000000001000-0x000000021fffffff] kasan: KernelAddressSanitizer initialized ACPI: PM-Timer IO Port: 0xb008 ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23 ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) Using ACPI (MADT) for SMP configuration information smpboot: Allowing 2 CPUs, 0 hotplug CPUs PM: Registered nosave memory: [mem 0x00000000-0x00000fff] PM: Registered nosave memory: [mem 0x0009f000-0x0009ffff] PM: Registered nosave memory: [mem 0x000a0000-0x000effff] PM: Registered nosave memory: [mem 0x000f0000-0x000fffff] PM: Registered nosave memory: [mem 0xbfff3000-0xbfffffff] PM: Registered nosave memory: [mem 0xc0000000-0xfffbbfff] PM: Registered nosave memory: [mem 0xfffbc000-0xffffffff] e820: [mem 0xc0000000-0xfffbbfff] available for PCI devices Booting paravirtualized kernel on KVM clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:2 nr_node_ids:1 PERCPU: Embedded 42 pages/cpu @ffff8801db200000 s134024 r8192 d29816 u1048576 Built 1 zonelists in Zone order, mobility grouping on. Total pages: 1935227 Kernel command line: BOOT_IMAGE=/vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 workqueue.watchdog_thresh=120 PID hash table entries: 4096 (order: 3, 32768 bytes) Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes) Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes) Memory: 6581404K/7863876K available (40422K kernel code, 6136K rwdata, 8808K rodata, 1848K init, 23616K bss, 1282472K reserved, 0K cma-reserved) SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 Kernel/User page tables isolation: enabled Running RCU self tests Preemptible hierarchical RCU implementation. RCU lockdep checking is enabled. Build-time adjustment of leaf fanout to 64. RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=2. RCU: Adjusting geometry for rcu_fanout_leaf=64, nr_cpu_ids=2 NR_IRQS:4352 nr_irqs:440 16 console [ttyS0] enabled console [ttyS0] enabled bootconsole [earlyser0] disabled bootconsole [earlyser0] disabled Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar ... MAX_LOCKDEP_SUBCLASSES: 8 ... MAX_LOCK_DEPTH: 48 ... MAX_LOCKDEP_KEYS: 8191 ... CLASSHASH_SIZE: 4096 ... MAX_LOCKDEP_ENTRIES: 32768 ... MAX_LOCKDEP_CHAINS: 65536 ... CHAINHASH_SIZE: 32768 memory used by lock dependency info: 8159 kB per task-struct memory footprint: 1920 bytes tsc: Detected 2300.000 MHz processor Calibrating delay loop (skipped) preset value.. 4600.00 BogoMIPS (lpj=23000000) pid_max: default: 32768 minimum: 301 ACPI: Core revision 20150930 ACPI: 2 ACPI AML tables successfully acquired and loaded Security Framework initialized SELinux: Initializing. AppArmor: AppArmor disabled by boot time parameter Mount-cache hash table entries: 16384 (order: 5, 131072 bytes) Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes) Initializing cgroup subsys io Initializing cgroup subsys freezer Initializing cgroup subsys hugetlb Initializing cgroup subsys debug CPU: Physical Processor ID: 0 mce: CPU supports 32 MCE banks Last level iTLB entries: 4KB 1024, 2MB 1024, 4MB 1024 Last level dTLB entries: 4KB 1024, 2MB 1024, 4MB 1024, 1GB 4 Spectre V2 : Vulnerable: Minimal generic ASM retpoline Freeing SMP alternatives memory: 44K ..TIMER: vector=0x30 apic1=0 pin1=0 apic2=-1 pin2=-1 smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.30GHz (family: 0x6, model: 0x3f, stepping: 0x0) Performance Events: unsupported p6 CPU model 63 no PMU driver, software events only. x86: Booting SMP configuration: .... node #0, CPUs: #1 kvm-clock: cpu 1, msr 2:1fffd041, secondary cpu clock x86: Booted up 1 node, 2 CPUs smpboot: Total of 2 processors activated (9200.00 BogoMIPS) devtmpfs: initialized clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns futex hash table entries: 512 (order: 4, 65536 bytes) xor: automatically using best checksumming function: kworker/u4:0 (21) used greatest stack depth: 27944 bytes left avx : 21712.000 MB/sec RTC time: 6:19:22, date: 03/09/18 NET: Registered protocol family 16 schedtune: init normalization constants... schedtune: no energy model data schedtune: disabled! cpuidle: using governor ladder cpuidle: using governor menu ACPI: bus type PCI registered acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5 PCI: Using configuration type 1 for base access kworker/u4:0 (45) used greatest stack depth: 27448 bytes left raid6: sse2x1 gen() 4687 MB/s raid6: sse2x1 xor() 2598 MB/s raid6: sse2x2 gen() 7064 MB/s raid6: sse2x2 xor() 4085 MB/s raid6: sse2x4 gen() 8721 MB/s raid6: sse2x4 xor() 5309 MB/s raid6: avx2x1 gen() 9469 MB/s raid6: avx2x2 gen() 14731 MB/s raid6: avx2x4 gen() 19306 MB/s raid6: using algorithm avx2x4 gen() 19306 MB/s raid6: using avx2x2 recovery algorithm ACPI: Added _OSI(Module Device) ACPI: Added _OSI(Processor Device) ACPI: Added _OSI(3.0 _SCP Extensions) ACPI: Added _OSI(Processor Aggregator Device) ACPI: Executed 2 blocks of module-level executable AML code ACPI: Interpreter enabled ACPI: (supports S0 S3 S4 S5) ACPI: Using IOAPIC for interrupt routing PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI] acpi PNP0A03:00: _OSC failed (AE_NOT_FOUND); disabling ASPM acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge. PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window] pci_bus 0000:00: root bus resource [bus 00-ff] pci 0000:00:01.3: quirk: [io 0xb000-0xb03f] claimed by PIIX4 ACPI ACPI: PCI Interrupt Link [LNKA] (IRQs 5 *10 11) ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11) ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11) ACPI: PCI Interrupt Link [LNKD] (IRQs 5 10 *11) ACPI: PCI Interrupt Link [LNKS] (IRQs *9) ACPI: Enabled 16 GPEs in block 00 to 0F vgaarb: loaded SCSI subsystem initialized ACPI: bus type USB registered usbcore: registered new interface driver usbfs usbcore: registered new interface driver hub usbcore: registered new device driver usb pps_core: LinuxPPS API ver. 1 registered pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti PTP clock support registered ioremap error for 0xbfffd000-0xc0000000, requested 0x2, got 0x0 dmi: Firmware registration failed. Advanced Linux Sound Architecture Driver Initialized. PCI: Using ACPI for IRQ routing NetLabel: Initializing NetLabel: domain hash size = 128 NetLabel: protocols = UNLABELED CIPSOv4 NetLabel: unlabeled traffic allowed by default amd_nb: Cannot enumerate AMD northbridges clocksource: Switched to clocksource kvm-clock pnp: PnP ACPI init pnp: PnP ACPI: found 7 devices clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns NET: Registered protocol family 2 TCP established hash table entries: 65536 (order: 7, 524288 bytes) TCP bind hash table entries: 65536 (order: 10, 4194304 bytes) TCP: Hash tables configured (established 65536 bind 65536) UDP hash table entries: 4096 (order: 7, 655360 bytes) UDP-Lite hash table entries: 4096 (order: 7, 655360 bytes) NET: Registered protocol family 1 pci 0000:00:00.0: Limiting direct PCI/PCI transfers PCI-DMA: Using software bounce buffering for IO (SWIOTLB) software IO TLB [mem 0xbbff3000-0xbfff3000] (64MB) mapped at [ffff8800bbff3000-ffff8800bfff2fff] RAPL PMU detected, API unit is 2^-32 Joules, 3 fixed counters 10737418240 ms ovfl timer hw unit of domain pp0-core 2^-0 Joules hw unit of domain package 2^-0 Joules hw unit of domain dram 2^-16 Joules Scanning for low memory corruption every 60 seconds audit: initializing netlink subsys (disabled) audit: type=2000 audit(1520576366.898:1): initialized HugeTLB registered 2 MB page size, pre-allocated 0 pages VFS: Disk quotas dquot_6.6.0 VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) fuse init (API version 7.23) 9p: Installing v9fs 9p2000 file system support async_tx: api initialized (async) Block layer SCSI generic (bsg) driver version 0.4 loaded (major 249) io scheduler noop registered io scheduler deadline registered io scheduler cfq registered (default) pci_hotplug: PCI Hot Plug PCI Core version: 0.5 input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: Power Button [PWRF] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 ACPI: Sleep Button [SLPF] ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 11 virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver ACPI: PCI Interrupt Link [LNKD] enabled at IRQ 10 virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A Non-volatile memory driver v1.3 Linux agpgart interface v0.103 [drm] Initialized drm 1.1.0 20060810 brd: module loaded loop: module loaded nbd: registered device at major 43