[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 24.335070] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 26.501100] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.797944] sshd (5536) used greatest stack depth: 16680 bytes left
[ 26.819992] random: sshd: uninitialized urandom read (32 bytes read)
[ 27.603674] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts.
[ 33.231102] random: sshd: uninitialized urandom read (32 bytes read)
2018/09/12 06:14:32 fuzzer started
[ 34.472142] random: cc1: uninitialized urandom read (8 bytes read)
2018/09/12 06:14:34 dialing manager at 10.128.0.26:42863
2018/09/12 06:14:34 syscalls: 1
2018/09/12 06:14:34 code coverage: enabled
2018/09/12 06:14:34 comparison tracing: enabled
2018/09/12 06:14:34 setuid sandbox: enabled
2018/09/12 06:14:34 namespace sandbox: enabled
2018/09/12 06:14:34 fault injection: enabled
2018/09/12 06:14:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/09/12 06:14:34 net packed injection: enabled
2018/09/12 06:14:34 net device setup: enabled
[ 37.025667] random: crng init done
06:17:08 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x200000007e4d, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000340)={0x12, 0x10, 0xfa00, {&(0x7f0000000300), r2, r0}}, 0x18)
06:17:08 executing program 5:
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x14}, 0x14}}, 0x0)
syz_execute_func(&(0x7f0000000240)="428055a0876969ef69dc00d990c841ff0f1837370f38211ac4c19086d9f28fc9410feefa4e2179fbe5e54175455d0f2e1a1a010d64ac1e5d31a3b786e2989f7f")
06:17:08 executing program 0:
r0 = socket$inet6(0xa, 0x803, 0x6)
recvmmsg(0xffffffffffffffff, &(0x7f0000000c00), 0x0, 0x0, &(0x7f0000000cc0))
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet6(0xa, 0x400000000001, 0x0)
tee(r2, r0, 0x0, 0x6)
dup(r2)
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
bind$inet6(r2, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
timer_create(0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000540))
sendto$inet6(r2, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
fcntl$notify(0xffffffffffffffff, 0x402, 0x1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cgroup.stat\x00', 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000001c0)=0x1fe, 0x4)
ftruncate(r3, 0x80003)
sendfile(r2, r3, &(0x7f00000000c0), 0x8000fffffffe)
ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000400)={0x8, 0x0, 0x0, 0x0, 0x0, 0x3})
06:17:08 executing program 1:
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000200)={0x0, {{0x2, 0x0, @remote}}, {{0x2, 0x0, @local}}}, 0x108)
openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x0, 0x0)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000600)={{}, {0xa, 0x0, 0x0, @dev}}, 0x5c)
pipe(&(0x7f0000000080))
write$P9_RAUTH(0xffffffffffffffff, &(0x7f00000005c0)={0x14}, 0x14)
delete_module(&(0x7f0000000140)='\x00', 0x0)
ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, &(0x7f0000000340)=""/176)
openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000180)='cgroup.type\x00', 0x2, 0x0)
times(&(0x7f0000000040))
syncfs(0xffffffffffffffff)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
fcntl$getown(0xffffffffffffffff, 0x9)
getpgrp(0x0)
tgkill(0x0, 0x0, 0x0)
syz_execute_func(&(0x7f0000000400)="428055a08e6969ef69dc00d990c841ff0f1837c4c3397c2a060f38211a40a5c19086d9f28fc9410feefae5e54175455d0f2e1a1a010d64ac1e5d31a3b786e2989f7f")
request_key(&(0x7f0000000500)='user\x00', &(0x7f0000000540), &(0x7f0000000580)='\x00', 0xfffffffffffffffa)
06:17:08 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, 0xffffffffffffffff)
06:17:08 executing program 4:
perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x13}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x0, 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f00000000c0)={0x0, 'ip6tnl0\x00'}, 0x18)
io_setup(0x0, &(0x7f0000000040))
ustat(0x0, &(0x7f0000000340))
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x58fe6}]})
syz_execute_func(&(0x7f00000007c0)="428055a0610fef69dce9d92a5c41ff0f1837370f38211ac4c482fd2520410feefa4e2179fbe5f54175455de0932ebc2ebc0d64ac1e5d9f7f")
socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f00000001c0))
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000200)={@dev}, &(0x7f0000000280)=0x14)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140)={@local, @broadcast, @multicast2}, &(0x7f0000000180)=0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000040)={@mcast1}, &(0x7f00000000c0)=0x14)
io_submit(0x0, 0x20000000000001a9, &(0x7f00000014c0))
[ 189.737779] IPVS: ftp: loaded support on port[0] = 21
[ 189.754819] IPVS: ftp: loaded support on port[0] = 21
[ 189.778784] IPVS: ftp: loaded support on port[0] = 21
[ 189.801493] IPVS: ftp: loaded support on port[0] = 21
[ 189.821234] IPVS: ftp: loaded support on port[0] = 21
[ 189.834720] kasan: CONFIG_KASAN_INLINE enabled
[ 189.839546] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 189.839591] kobject: 'lo' (0000000008db9d6f): fill_kobj_path: path = '/devices/virtual/net/lo'
[ 189.846997] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 189.847023] CPU: 0 PID: 5581 Comm: syz-executor1 Not tainted 4.19.0-rc3-next-20180912+ #72
[ 189.847032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 189.847059] RIP: 0010:mqueue_get_tree+0xba/0x2e0
[ 189.847073] Code: 4c 8d b3 98 00 00 00 4d 85 ed 0f 84 d1 00 00 00 e8 6b 44 3f fe 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
[ 189.847081] RSP: 0018:ffff88017c457928 EFLAGS: 00010a06
[ 189.847093] RAX: dffffc0000000000 RBX: ffff8801cb8ef300 RCX: ffffffff8160aca1
[ 189.847107] RDX: 1db80048400002b7 RSI: ffffffff833deb15 RDI: edc00242000015ba
[ 189.860673] kobject: 'queues' (00000000e8819fd9): kobject_add_internal: parent: 'lo', set: '<NULL>'
[ 189.862082] RBP: ffff88017c457948 R08: fffffbfff13555fd R09: fffffbfff13555fc
[ 189.870807] kobject: 'queues' (00000000e8819fd9): kobject_uevent_env
[ 189.879808] R10: fffffbfff13555fc R11: ffffffff89aaafe3 R12: ffff8801d7507100
[ 189.879817] R13: edc00242000015b2 R14: ffff8801cb8ef398 R15: ffff8801cb8ef398
[ 189.879829] FS: 0000000002820940(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
[ 189.879837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 189.879851] CR2: 0000000000482e00 CR3: 00000001c8c72000 CR4: 00000000001406f0
[ 189.884997] kobject: 'queues' (00000000e8819fd9): kobject_uevent_env: filter function caused the event to drop!
[ 189.903494] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 189.903502] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 189.903507] Call Trace:
[ 189.903529] vfs_get_tree+0x1cb/0x5c0
[ 189.903569] mq_create_mount+0xe3/0x190
[ 189.910167] kobject: 'rx-0' (00000000eab902c7): kobject_add_internal: parent: 'queues', set: 'queues'
[ 189.916593] mq_init_ns+0x15a/0x210
[ 189.916606] copy_ipcs+0x3d2/0x580
[ 189.916623] ? ipcns_get+0xe0/0xe0
[ 189.924247] kobject: 'rx-0' (00000000eab902c7): kobject_uevent_env
[ 189.933061] ? do_mount+0x1db0/0x1db0
[ 189.933074] ? kmem_cache_alloc+0x33a/0x730
[ 189.933095] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 189.940511] kobject: 'rx-0' (00000000eab902c7): fill_kobj_path: path = '/devices/virtual/net/lo/queues/rx-0'
[ 189.946839] ? perf_event_namespaces+0x136/0x400
[ 189.946857] create_new_namespaces+0x376/0x900
[ 189.946874] ? sys_ni_syscall+0x20/0x20
[ 189.955699] kobject: 'tx-0' (0000000002673ee1): kobject_add_internal: parent: 'queues', set: 'queues'
[ 189.961398] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 189.970086] kobject: 'tx-0' (0000000002673ee1): kobject_uevent_env
[ 189.975479] ? ns_capable_common+0x13f/0x170
[ 189.975497] unshare_nsproxy_namespaces+0xc3/0x1f0
[ 189.975516] ksys_unshare+0x79c/0x10b0
[ 189.983215] kobject: 'tx-0' (0000000002673ee1): fill_kobj_path: path = '/devices/virtual/net/lo/queues/tx-0'
[ 189.993003] ? walk_process_tree+0x440/0x440
[ 189.993030] ? lock_downgrade+0x900/0x900
[ 189.993053] ? kasan_check_read+0x11/0x20
[ 190.001606] kobject: 'tunl0' (00000000950f166f): kobject_add_internal: parent: 'net', set: 'devices'
[ 190.007568] ? do_raw_spin_unlock+0xa7/0x2f0
[ 190.007582] ? do_raw_spin_trylock+0x1c0/0x1c0
[ 190.007599] ? kasan_check_write+0x14/0x20
[ 190.012497] kobject: 'tunl0' (00000000950f166f): kobject_uevent_env
[ 190.013968] ? do_raw_read_unlock+0x3f/0x60
[ 190.017947] kobject: 'tunl0' (00000000950f166f): fill_kobj_path: path = '/devices/virtual/net/tunl0'
[ 190.027269] ? do_syscall_64+0x9a/0x820
[ 190.027282] ? do_syscall_64+0x9a/0x820
[ 190.027303] ? lockdep_hardirqs_on+0x421/0x5c0
[ 190.032096] kobject: 'queues' (000000006b7e5d4f): kobject_add_internal: parent: 'tunl0', set: '<NULL>'
[ 190.034444] ? trace_hardirqs_on+0xbd/0x310
[ 190.034462] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 190.034480] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 190.038891] kobject: 'queues' (000000006b7e5d4f): kobject_uevent_env
[ 190.044354] ? __ia32_sys_prlimit64+0x8c0/0x8c0
[ 190.044373] __x64_sys_unshare+0x31/0x40
[ 190.044392] do_syscall_64+0x1b9/0x820
[ 190.050006] kobject: 'queues' (000000006b7e5d4f): kobject_uevent_env: filter function caused the event to drop!
[ 190.053440] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 190.053457] ? syscall_return_slowpath+0x5e0/0x5e0
[ 190.053476] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 190.059121] kobject: 'rx-0' (00000000030a5ae9): kobject_add_internal: parent: 'queues', set: 'queues'
[ 190.068967] ? trace_hardirqs_on_caller+0x310/0x310
[ 190.068983] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 190.069000] ? prepare_exit_to_usermode+0x291/0x3b0
[ 190.075347] kobject: 'rx-0' (00000000030a5ae9): kobject_uevent_env
[ 190.078328] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 190.082600] kobject: 'rx-0' (00000000030a5ae9): fill_kobj_path: path = '/devices/virtual/net/tunl0/queues/rx-0'
[ 190.091636] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 190.097609] kobject: 'tx-0' (00000000bf05add3): kobject_add_internal: parent: 'queues', set: 'queues'
[ 190.103459] RIP: 0033:0x459d87
[ 190.103474] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 190.103482] RSP: 002b:00007ffc8ac3a538 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 190.108866] kobject: 'tx-0' (00000000bf05add3): kobject_uevent_env
[ 190.112801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459d87
[ 190.112809] RDX: 0000000000000000 RSI: 00007ffc8ac3a540 RDI: 0000000008000000
[ 190.112817] RBP: 0000000000930b28 R08: 0000000000000000 R09: 0000000000000018
[ 190.112824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010
[ 190.112832] R13: 0000000000412cc0 R14: 0000000000000000 R15: 0000000000000000
[ 190.112845] Modules linked in:
[ 190.117858] kobject: 'tx-0' (00000000bf05add3): fill_kobj_path: path = '/devices/virtual/net/tunl0/queues/tx-0'
[ 190.126783] ---[ end trace d74f4666a41aae24 ]---
[ 190.132796] kobject: 'gre0' (000000006c84ed0b): kobject_add_internal: parent: 'net', set: 'devices'
[ 190.135381] RIP: 0010:mqueue_get_tree+0xba/0x2e0
[ 190.140380] kobject: 'gre0' (000000006c84ed0b): kobject_uevent_env
[ 190.148808] Code: 4c 8d b3 98 00 00 00 4d 85 ed 0f 84 d1 00 00 00 e8 6b 44 3f fe 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
[ 190.154220] kobject: 'gre0' (000000006c84ed0b): fill_kobj_path: path = '/devices/virtual/net/gre0'
[ 190.157796] RSP: 0018:ffff88017c457928 EFLAGS: 00010a06
[ 190.162106] kobject: 'queues' (00000000392d71a2): kobject_add_internal: parent: 'gre0', set: '<NULL>'
[ 190.173373] kobject: 'queues' (00000000392d71a2): kobject_uevent_env
[ 190.182132] RAX: dffffc0000000000 RBX: ffff8801cb8ef300 RCX: ffffffff8160aca1
[ 190.186483] kobject: 'queues' (00000000392d71a2): kobject_uevent_env: filter function caused the event to drop!
[ 190.190099] RDX: 1db80048400002b7 RSI: ffffffff833deb15 RDI: edc00242000015ba
[ 190.195238] kobject: 'rx-0' (0000000018fad2c1): kobject_add_internal: parent: 'queues', set: 'queues'
[ 190.204179] RBP: ffff88017c457948 R08: fffffbfff13555fd R09: fffffbfff13555fc
[ 190.209094] kobject: 'rx-0' (0000000018fad2c1): kobject_uevent_env
[ 190.213864] R10: fffffbfff13555fc R11: ffffffff89aaafe3 R12: ffff8801d7507100
[ 190.219813] kobject: 'rx-0' (0000000018fad2c1): fill_kobj_path: path = '/devices/virtual/net/gre0/queues/rx-0'
[ 190.225807] R13: edc00242000015b2 R14: ffff8801cb8ef398 R15: ffff8801cb8ef398
[ 190.231032] kobject: 'tx-0' (000000000814bb25): kobject_add_internal: parent: 'queues', set: 'queues'
[ 190.234538] FS: 0000000002820940(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
[ 190.239074] kobject: 'tx-0' (000000000814bb25): kobject_uevent_env
[ 190.248652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 190.248666] CR2: 0000000000482e00 CR3: 00000001c8c72000 CR4: 00000000001406f0
[ 190.254458] kobject: 'tx-0' (000000000814bb25): fill_kobj_path: path = '/devices/virtual/net/gre0/queues/tx-0'
[ 190.258973] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 190.264992] kobject: 'gre0' (000000006547380e): kobject_add_internal: parent: 'net', set: 'devices'
[ 190.273226] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 190.279701] kobject: 'gre0' (000000006547380e): kobject_uevent_env
[ 190.283263] Kernel panic - not syncing: Fatal exception
[ 190.289843] kobject: 'gre0' (000000006547380e): fill_kobj_path: path = '/devices/virtual/net/gre0'
[ 190.295669] Kernel Offset: disabled
[ 190.652221] Rebooting in 86400 seconds..