[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.335070] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.501100] random: sshd: uninitialized urandom read (32 bytes read) [ 26.797944] sshd (5536) used greatest stack depth: 16680 bytes left [ 26.819992] random: sshd: uninitialized urandom read (32 bytes read) [ 27.603674] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. [ 33.231102] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/12 06:14:32 fuzzer started [ 34.472142] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/12 06:14:34 dialing manager at 10.128.0.26:42863 2018/09/12 06:14:34 syscalls: 1 2018/09/12 06:14:34 code coverage: enabled 2018/09/12 06:14:34 comparison tracing: enabled 2018/09/12 06:14:34 setuid sandbox: enabled 2018/09/12 06:14:34 namespace sandbox: enabled 2018/09/12 06:14:34 fault injection: enabled 2018/09/12 06:14:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/09/12 06:14:34 net packed injection: enabled 2018/09/12 06:14:34 net device setup: enabled [ 37.025667] random: crng init done 06:17:08 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x200000007e4d, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000340)={0x12, 0x10, 0xfa00, {&(0x7f0000000300), r2, r0}}, 0x18) 06:17:08 executing program 5: mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x14}, 0x14}}, 0x0) syz_execute_func(&(0x7f0000000240)="428055a0876969ef69dc00d990c841ff0f1837370f38211ac4c19086d9f28fc9410feefa4e2179fbe5e54175455d0f2e1a1a010d64ac1e5d31a3b786e2989f7f") 06:17:08 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x6) recvmmsg(0xffffffffffffffff, &(0x7f0000000c00), 0x0, 0x0, &(0x7f0000000cc0)) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) tee(r2, r0, 0x0, 0x6) dup(r2) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) bind$inet6(r2, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) timer_create(0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000540)) sendto$inet6(r2, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) fcntl$notify(0xffffffffffffffff, 0x402, 0x1) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cgroup.stat\x00', 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000001c0)=0x1fe, 0x4) ftruncate(r3, 0x80003) sendfile(r2, r3, &(0x7f00000000c0), 0x8000fffffffe) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000400)={0x8, 0x0, 0x0, 0x0, 0x0, 0x3}) 06:17:08 executing program 1: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000200)={0x0, {{0x2, 0x0, @remote}}, {{0x2, 0x0, @local}}}, 0x108) openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000600)={{}, {0xa, 0x0, 0x0, @dev}}, 0x5c) pipe(&(0x7f0000000080)) write$P9_RAUTH(0xffffffffffffffff, &(0x7f00000005c0)={0x14}, 0x14) delete_module(&(0x7f0000000140)='\x00', 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, &(0x7f0000000340)=""/176) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000180)='cgroup.type\x00', 0x2, 0x0) times(&(0x7f0000000040)) syncfs(0xffffffffffffffff) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) fcntl$getown(0xffffffffffffffff, 0x9) getpgrp(0x0) tgkill(0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000000400)="428055a08e6969ef69dc00d990c841ff0f1837c4c3397c2a060f38211a40a5c19086d9f28fc9410feefae5e54175455d0f2e1a1a010d64ac1e5d31a3b786e2989f7f") request_key(&(0x7f0000000500)='user\x00', &(0x7f0000000540), &(0x7f0000000580)='\x00', 0xfffffffffffffffa) 06:17:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, 0xffffffffffffffff) 06:17:08 executing program 4: perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x13}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x0, 0x0) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f00000000c0)={0x0, 'ip6tnl0\x00'}, 0x18) io_setup(0x0, &(0x7f0000000040)) ustat(0x0, &(0x7f0000000340)) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x58fe6}]}) syz_execute_func(&(0x7f00000007c0)="428055a0610fef69dce9d92a5c41ff0f1837370f38211ac4c482fd2520410feefa4e2179fbe5f54175455de0932ebc2ebc0d64ac1e5d9f7f") socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f00000001c0)) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000200)={@dev}, &(0x7f0000000280)=0x14) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140)={@local, @broadcast, @multicast2}, &(0x7f0000000180)=0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000040)={@mcast1}, &(0x7f00000000c0)=0x14) io_submit(0x0, 0x20000000000001a9, &(0x7f00000014c0)) [ 189.737779] IPVS: ftp: loaded support on port[0] = 21 [ 189.754819] IPVS: ftp: loaded support on port[0] = 21 [ 189.778784] IPVS: ftp: loaded support on port[0] = 21 [ 189.801493] IPVS: ftp: loaded support on port[0] = 21 [ 189.821234] IPVS: ftp: loaded support on port[0] = 21 [ 189.834720] kasan: CONFIG_KASAN_INLINE enabled [ 189.839546] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 189.839591] kobject: 'lo' (0000000008db9d6f): fill_kobj_path: path = '/devices/virtual/net/lo' [ 189.846997] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 189.847023] CPU: 0 PID: 5581 Comm: syz-executor1 Not tainted 4.19.0-rc3-next-20180912+ #72 [ 189.847032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.847059] RIP: 0010:mqueue_get_tree+0xba/0x2e0 [ 189.847073] Code: 4c 8d b3 98 00 00 00 4d 85 ed 0f 84 d1 00 00 00 e8 6b 44 3f fe 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b [ 189.847081] RSP: 0018:ffff88017c457928 EFLAGS: 00010a06 [ 189.847093] RAX: dffffc0000000000 RBX: ffff8801cb8ef300 RCX: ffffffff8160aca1 [ 189.847107] RDX: 1db80048400002b7 RSI: ffffffff833deb15 RDI: edc00242000015ba [ 189.860673] kobject: 'queues' (00000000e8819fd9): kobject_add_internal: parent: 'lo', set: '' [ 189.862082] RBP: ffff88017c457948 R08: fffffbfff13555fd R09: fffffbfff13555fc [ 189.870807] kobject: 'queues' (00000000e8819fd9): kobject_uevent_env [ 189.879808] R10: fffffbfff13555fc R11: ffffffff89aaafe3 R12: ffff8801d7507100 [ 189.879817] R13: edc00242000015b2 R14: ffff8801cb8ef398 R15: ffff8801cb8ef398 [ 189.879829] FS: 0000000002820940(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 [ 189.879837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 189.879851] CR2: 0000000000482e00 CR3: 00000001c8c72000 CR4: 00000000001406f0 [ 189.884997] kobject: 'queues' (00000000e8819fd9): kobject_uevent_env: filter function caused the event to drop! [ 189.903494] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 189.903502] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 189.903507] Call Trace: [ 189.903529] vfs_get_tree+0x1cb/0x5c0 [ 189.903569] mq_create_mount+0xe3/0x190 [ 189.910167] kobject: 'rx-0' (00000000eab902c7): kobject_add_internal: parent: 'queues', set: 'queues' [ 189.916593] mq_init_ns+0x15a/0x210 [ 189.916606] copy_ipcs+0x3d2/0x580 [ 189.916623] ? ipcns_get+0xe0/0xe0 [ 189.924247] kobject: 'rx-0' (00000000eab902c7): kobject_uevent_env [ 189.933061] ? do_mount+0x1db0/0x1db0 [ 189.933074] ? kmem_cache_alloc+0x33a/0x730 [ 189.933095] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.940511] kobject: 'rx-0' (00000000eab902c7): fill_kobj_path: path = '/devices/virtual/net/lo/queues/rx-0' [ 189.946839] ? perf_event_namespaces+0x136/0x400 [ 189.946857] create_new_namespaces+0x376/0x900 [ 189.946874] ? sys_ni_syscall+0x20/0x20 [ 189.955699] kobject: 'tx-0' (0000000002673ee1): kobject_add_internal: parent: 'queues', set: 'queues' [ 189.961398] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.970086] kobject: 'tx-0' (0000000002673ee1): kobject_uevent_env [ 189.975479] ? ns_capable_common+0x13f/0x170 [ 189.975497] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 189.975516] ksys_unshare+0x79c/0x10b0 [ 189.983215] kobject: 'tx-0' (0000000002673ee1): fill_kobj_path: path = '/devices/virtual/net/lo/queues/tx-0' [ 189.993003] ? walk_process_tree+0x440/0x440 [ 189.993030] ? lock_downgrade+0x900/0x900 [ 189.993053] ? kasan_check_read+0x11/0x20 [ 190.001606] kobject: 'tunl0' (00000000950f166f): kobject_add_internal: parent: 'net', set: 'devices' [ 190.007568] ? do_raw_spin_unlock+0xa7/0x2f0 [ 190.007582] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 190.007599] ? kasan_check_write+0x14/0x20 [ 190.012497] kobject: 'tunl0' (00000000950f166f): kobject_uevent_env [ 190.013968] ? do_raw_read_unlock+0x3f/0x60 [ 190.017947] kobject: 'tunl0' (00000000950f166f): fill_kobj_path: path = '/devices/virtual/net/tunl0' [ 190.027269] ? do_syscall_64+0x9a/0x820 [ 190.027282] ? do_syscall_64+0x9a/0x820 [ 190.027303] ? lockdep_hardirqs_on+0x421/0x5c0 [ 190.032096] kobject: 'queues' (000000006b7e5d4f): kobject_add_internal: parent: 'tunl0', set: '' [ 190.034444] ? trace_hardirqs_on+0xbd/0x310 [ 190.034462] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.034480] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 190.038891] kobject: 'queues' (000000006b7e5d4f): kobject_uevent_env [ 190.044354] ? __ia32_sys_prlimit64+0x8c0/0x8c0 [ 190.044373] __x64_sys_unshare+0x31/0x40 [ 190.044392] do_syscall_64+0x1b9/0x820 [ 190.050006] kobject: 'queues' (000000006b7e5d4f): kobject_uevent_env: filter function caused the event to drop! [ 190.053440] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 190.053457] ? syscall_return_slowpath+0x5e0/0x5e0 [ 190.053476] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 190.059121] kobject: 'rx-0' (00000000030a5ae9): kobject_add_internal: parent: 'queues', set: 'queues' [ 190.068967] ? trace_hardirqs_on_caller+0x310/0x310 [ 190.068983] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 190.069000] ? prepare_exit_to_usermode+0x291/0x3b0 [ 190.075347] kobject: 'rx-0' (00000000030a5ae9): kobject_uevent_env [ 190.078328] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 190.082600] kobject: 'rx-0' (00000000030a5ae9): fill_kobj_path: path = '/devices/virtual/net/tunl0/queues/rx-0' [ 190.091636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.097609] kobject: 'tx-0' (00000000bf05add3): kobject_add_internal: parent: 'queues', set: 'queues' [ 190.103459] RIP: 0033:0x459d87 [ 190.103474] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.103482] RSP: 002b:00007ffc8ac3a538 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 190.108866] kobject: 'tx-0' (00000000bf05add3): kobject_uevent_env [ 190.112801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459d87 [ 190.112809] RDX: 0000000000000000 RSI: 00007ffc8ac3a540 RDI: 0000000008000000 [ 190.112817] RBP: 0000000000930b28 R08: 0000000000000000 R09: 0000000000000018 [ 190.112824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010 [ 190.112832] R13: 0000000000412cc0 R14: 0000000000000000 R15: 0000000000000000 [ 190.112845] Modules linked in: [ 190.117858] kobject: 'tx-0' (00000000bf05add3): fill_kobj_path: path = '/devices/virtual/net/tunl0/queues/tx-0' [ 190.126783] ---[ end trace d74f4666a41aae24 ]--- [ 190.132796] kobject: 'gre0' (000000006c84ed0b): kobject_add_internal: parent: 'net', set: 'devices' [ 190.135381] RIP: 0010:mqueue_get_tree+0xba/0x2e0 [ 190.140380] kobject: 'gre0' (000000006c84ed0b): kobject_uevent_env [ 190.148808] Code: 4c 8d b3 98 00 00 00 4d 85 ed 0f 84 d1 00 00 00 e8 6b 44 3f fe 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b [ 190.154220] kobject: 'gre0' (000000006c84ed0b): fill_kobj_path: path = '/devices/virtual/net/gre0' [ 190.157796] RSP: 0018:ffff88017c457928 EFLAGS: 00010a06 [ 190.162106] kobject: 'queues' (00000000392d71a2): kobject_add_internal: parent: 'gre0', set: '' [ 190.173373] kobject: 'queues' (00000000392d71a2): kobject_uevent_env [ 190.182132] RAX: dffffc0000000000 RBX: ffff8801cb8ef300 RCX: ffffffff8160aca1 [ 190.186483] kobject: 'queues' (00000000392d71a2): kobject_uevent_env: filter function caused the event to drop! [ 190.190099] RDX: 1db80048400002b7 RSI: ffffffff833deb15 RDI: edc00242000015ba [ 190.195238] kobject: 'rx-0' (0000000018fad2c1): kobject_add_internal: parent: 'queues', set: 'queues' [ 190.204179] RBP: ffff88017c457948 R08: fffffbfff13555fd R09: fffffbfff13555fc [ 190.209094] kobject: 'rx-0' (0000000018fad2c1): kobject_uevent_env [ 190.213864] R10: fffffbfff13555fc R11: ffffffff89aaafe3 R12: ffff8801d7507100 [ 190.219813] kobject: 'rx-0' (0000000018fad2c1): fill_kobj_path: path = '/devices/virtual/net/gre0/queues/rx-0' [ 190.225807] R13: edc00242000015b2 R14: ffff8801cb8ef398 R15: ffff8801cb8ef398 [ 190.231032] kobject: 'tx-0' (000000000814bb25): kobject_add_internal: parent: 'queues', set: 'queues' [ 190.234538] FS: 0000000002820940(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 [ 190.239074] kobject: 'tx-0' (000000000814bb25): kobject_uevent_env [ 190.248652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.248666] CR2: 0000000000482e00 CR3: 00000001c8c72000 CR4: 00000000001406f0 [ 190.254458] kobject: 'tx-0' (000000000814bb25): fill_kobj_path: path = '/devices/virtual/net/gre0/queues/tx-0' [ 190.258973] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 190.264992] kobject: 'gre0' (000000006547380e): kobject_add_internal: parent: 'net', set: 'devices' [ 190.273226] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 190.279701] kobject: 'gre0' (000000006547380e): kobject_uevent_env [ 190.283263] Kernel panic - not syncing: Fatal exception [ 190.289843] kobject: 'gre0' (000000006547380e): fill_kobj_path: path = '/devices/virtual/net/gre0' [ 190.295669] Kernel Offset: disabled [ 190.652221] Rebooting in 86400 seconds..