[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 18.784526] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 19.350193] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [ 19.596217] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.528854] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts. 2018/02/20 19:02:52 fuzzer started 2018/02/20 19:02:52 dialing manager at 10.128.0.26:40191 2018/02/20 19:02:56 kcov=true, comps=false 2018/02/20 19:02:56 executing program 0: r0 = socket$inet(0x2, 0x80005, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2c, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x1, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000080], 0x0, &(0x7f0000000000), &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0x0, 0x0, []}, {0x0, '\x00', 0x0, 0x0, 0x0, []}, {0x0, '\x00', 0x1, 0x0, 0x0, []}]}, 0x108) 2018/02/20 19:02:56 executing program 1: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000f18000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="240000000105f50000001c000000060020200a003f0003006ae800ca0700000000ac16ff", 0x24}], 0x1}, 0x0) 2018/02/20 19:02:56 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) recvmsg(r0, &(0x7f0000001700)={&(0x7f0000000000)=@nfc, 0x10, &(0x7f0000001580)=[{&(0x7f0000000080)=""/102, 0x66}, {&(0x7f0000000100)=""/213, 0xd5}, {&(0x7f0000000200)=""/91, 0x5b}, {&(0x7f0000000340)=""/19, 0x13}, {&(0x7f0000000580)=""/4096, 0x1000}], 0x5, &(0x7f0000001640)=""/139, 0x8b}, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000776000)=[{&(0x7f0000000000)="240000003a00fd0207ff03966fa283bc0ae6e60000000000f10b5a00000003a2d189737e", 0x24}], 0x1}, 0x0) 2018/02/20 19:02:56 executing program 3: r0 = socket$inet(0x2, 0x80005, 0x0) r1 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) 2018/02/20 19:02:56 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) modify_ldt$write2(0x11, &(0x7f0000000ff0), 0x10) modify_ldt$read(0x0, &(0x7f0000550f57)=""/169, 0xa9) 2018/02/20 19:02:56 executing program 5: unshare(0x20020000) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='anon_inodefs\x00', 0x0, 0x0) mkdir(&(0x7f00001a3000)='./file0\x00', 0x0) mount(&(0x7f00000000c0)='./file0\x00', &(0x7f000092f000)='./file0\x00', &(0x7f0000dcd000)='ramfs\x00', 0x0, &(0x7f000002f000)) accept$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, &(0x7f0000000040)=0x8) poll(&(0x7f00007a7fe8)=[], 0x0, 0x7f) getpid() rmdir(&(0x7f0000d19000)='./file0\x00') 2018/02/20 19:02:56 executing program 7: socket$inet(0x10, 0x2, 0x0) 2018/02/20 19:02:56 executing program 6: [ 30.337752] IPVS: Creating netns size=2552 id=1 [ 30.410483] IPVS: Creating netns size=2552 id=2 [ 30.457762] IPVS: Creating netns size=2552 id=3 [ 30.521362] IPVS: Creating netns size=2552 id=4 [ 30.593147] IPVS: Creating netns size=2552 id=5 [ 30.656053] IPVS: Creating netns size=2552 id=6 [ 30.752994] IPVS: Creating netns size=2552 id=7 [ 30.833898] IPVS: Creating netns size=2552 id=8 [ 33.105303] audit: type=1400 audit(1519153379.633:5): avc: denied { create } for pid=4728 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 2018/02/20 19:03:00 executing program 0: 2018/02/20 19:03:00 executing program 1: 2018/02/20 19:03:00 executing program 5: mkdir(&(0x7f000019fff8)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000000)='/', r0, &(0x7f0000000080)='./file0\x00') linkat(r0, &(0x7f0000b0dff2)='./file0/file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='/', 0x0) 2018/02/20 19:03:00 executing program 7: syz_emit_ethernet(0x188, &(0x7f0000000180)={@local={[0xaa, 0xaa, 0xaa, 0xaa], 0x0, 0xaa}, @random="8f2ae2367c70", [], {@ipv6={0x86dd, {0x0, 0x6, "6e8693", 0x0, 0x2c, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14}}, @mcast2={0xff, 0x2, [], 0x1}, {[@routing={0x0, 0x0, 0x0, 0x0, 0x0, [@mcast2={0xff, 0x2, [], 0x1}]}], @icmpv6=@mld={0x0, 0x0, 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}}}}, 0x0) 2018/02/20 19:03:00 executing program 2: 2018/02/20 19:03:00 executing program 3: 2018/02/20 19:03:00 executing program 6: 2018/02/20 19:03:00 executing program 4: 2018/02/20 19:03:00 executing program 1: 2018/02/20 19:03:00 executing program 0: 2018/02/20 19:03:00 executing program 6: 2018/02/20 19:03:00 executing program 1: 2018/02/20 19:03:00 executing program 7: 2018/02/20 19:03:00 executing program 0: 2018/02/20 19:03:00 executing program 6: 2018/02/20 19:03:00 executing program 3: 2018/02/20 19:03:00 executing program 2: 2018/02/20 19:03:00 executing program 5: 2018/02/20 19:03:00 executing program 4: 2018/02/20 19:03:00 executing program 3: 2018/02/20 19:03:00 executing program 1: 2018/02/20 19:03:00 executing program 5: 2018/02/20 19:03:00 executing program 2: r0 = socket$inet(0x10, 0x400000000000003, 0x6) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000000)="1b0000001200030207fffd946fa283080700030000000000000085", 0x1b}], 0x1}, 0x0) 2018/02/20 19:03:00 executing program 7: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000003000)=[{&(0x7f000000a000)="240000002d00030207fffd94090000000a00000003000005000000000000000000000000", 0x24}], 0x1}, 0x0) 2018/02/20 19:03:00 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000f8000)={@random="cd390b081bf2", @dev={[0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "0aff0f", 0x38, 0x3a, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, [], "80002a0800000000"}}}}}}}, 0x0) 2018/02/20 19:03:00 executing program 6: mmap(&(0x7f0000000000/0x24000)=nil, 0x24000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x5411, &(0x7f0000000fd8)={@syzn={0x73, 0x79, 0x7a}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 2018/02/20 19:03:00 executing program 5: mkdir(&(0x7f0000000000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f000028f000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000f86000)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') creat(&(0x7f000018c000)='./control/file0\x00', 0x0) rmdir(&(0x7f00002ccff0)='./control/file0\x00') close(r0) 2018/02/20 19:03:00 executing program 3: ptrace$peek(0xffffffffffffffff, 0x0, &(0x7f0000002ff8)) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000000)='status\x00') r2 = syz_open_procfs(0x0, &(0x7f00003a0000)='projid_map\x00') getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x1000000000000}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000000c0)={r3, 0x80, 0xffff, 0x245}, 0x10) sendfile(r2, r1, &(0x7f000030f000), 0x7563) 2018/02/20 19:03:00 executing program 1: r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4) r1 = socket$inet6(0xa, 0x5, 0xfffffffffffffffc) sysfs$3(0x3) setsockopt$inet6_int(r1, 0x29, 0x7c, &(0x7f00000000c0)=0x3, 0x4) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) 2018/02/20 19:03:00 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x8000000000) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000faa000)={{0x2}}) flock(r0, 0x1) r1 = socket(0x5, 0x807, 0x3f) setsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000)=0x2, 0x4) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x80) getpeername$llc(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty}, &(0x7f0000000080)=0x10) 2018/02/20 19:03:00 executing program 7: mkdir(&(0x7f0000b28000)='./file0\x00', 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000000)) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) r0 = socket$unix(0x1, 0xfffffffffffffffd, 0x0) sendto$unix(r0, &(0x7f0000db4f8e), 0x0, 0x0, &(0x7f000093dff6)=@file={0x1, './file0\x00'}, 0xa) [ 33.697464] kasan: CONFIG_KASAN_INLINE enabled [ 33.701952] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 33.714871] Dumping ftrace buffer: [ 33.718394] (ftrace buffer empty) [ 33.722089] Modules linked in: [ 33.725400] CPU: 0 PID: 4928 Comm: syz-executor2 Not tainted 4.4.116-g20ddb25 #15 [ 33.733011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.742354] task: ffff8801d1ab9800 task.stack: ffff8801cb2b8000 [ 33.748394] RIP: 0010:[] [] __list_del_entry+0x86/0x1d0 [ 33.757085] RSP: 0018:ffff8801cb2bf5a8 EFLAGS: 00010246 [ 33.762514] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8800b1f80d90 [ 33.769766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800b1f80d98 [ 33.777024] RBP: ffff8801cb2bf5c0 R08: 0000000000000000 R09: 0000000000000000 [ 33.784273] R10: ffffffff838443e0 R11: 1ffff10039657e84 R12: 0000000000000000 [ 33.791516] R13: ffff8800b1f80d39 R14: ffff8800b1f80db8 R15: 00000000ffffffde [ 33.798756] FS: 00007ff2c698b700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 33.806955] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.812808] CR2: 0000000020004fc8 CR3: 00000001cf234000 CR4: 0000000000160670 [ 33.820053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.827303] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.834555] Stack: [ 33.836686] ffff8800b1f80db8 ffff8800b1f80d90 ffff8801d89ad5c0 ffff8801cb2bf5d8 [ 33.844661] ffffffff81d642bd ffff8800b1f80d90 ffff8801cb2bf5f8 ffffffff832b10ae [ 33.852628] ffff8801c5f6aa80 ffff8800b1f80d90 ffff8801cb2bf618 ffffffff832d0603 [ 33.860596] Call Trace: [ 33.863163] [] list_del+0xd/0x70 [ 33.868152] [] xfrm_state_walk_done+0x6e/0xa0 [ 33.874271] [] xfrm_dump_sa_done+0x73/0xa0 [ 33.880125] [] ? xfrm_dump_policy_start+0x20/0x20 [ 33.886586] [] netlink_dump+0x871/0xb40 [ 33.892179] [] __netlink_dump_start+0x52e/0x7c0 [ 33.898474] [] ? __netlink_ns_capable+0xe1/0x120 [ 33.904846] [] xfrm_user_rcv_msg+0x5bd/0x6b0 [ 33.910878] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 33.917088] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 33.923120] [] ? ksize+0x92/0xf0 [ 33.928109] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 33.934309] [] ? xfrm_dump_policy_start+0x20/0x20 [ 33.940772] [] ? avc_has_perm_noaudit+0x460/0x460 [ 33.947232] [] ? xfrm_netlink_rcv+0x60/0x90 [ 33.953183] [] ? mutex_lock_nested+0x560/0x850 [ 33.959387] [] ? xfrm_netlink_rcv+0x60/0x90 [ 33.965326] [] ? netlink_lookup+0xee/0x740 [ 33.971182] [] netlink_rcv_skb+0x13e/0x370 [ 33.977036] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 33.983063] [] xfrm_netlink_rcv+0x6f/0x90 [ 33.988839] [] netlink_unicast+0x522/0x760 [ 33.994693] [] ? netlink_unicast+0x44f/0x760 [ 34.000734] [] ? netlink_attachskb+0x6c0/0x6c0 [ 34.006949] [] netlink_sendmsg+0x8e8/0xc50 [ 34.012804] [] ? netlink_unicast+0x760/0x760 [ 34.018834] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 34.025300] [] ? security_socket_sendmsg+0x89/0xb0 [ 34.031847] [] ? netlink_unicast+0x760/0x760 [ 34.037874] [] sock_sendmsg+0xca/0x110 [ 34.043385] [] ___sys_sendmsg+0x6c1/0x7c0 [ 34.049165] [] ? copy_msghdr_from_user+0x550/0x550 [ 34.055727] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.062720] [] ? __fget+0x47/0x3b0 [ 34.067878] [] ? __fget+0x20b/0x3b0 [ 34.073122] [] ? __fget+0x232/0x3b0 [ 34.078368] [] ? __fget+0x47/0x3b0 [ 34.083537] [] ? __fget_light+0xa1/0x1e0 [ 34.089225] [] ? __fdget+0x18/0x20 [ 34.094388] [] __sys_sendmsg+0xd3/0x190 [ 34.099983] [] ? SyS_shutdown+0x1b0/0x1b0 [ 34.105759] [] ? SyS_futex+0x210/0x2c0 [ 34.111265] [] ? fd_install+0x4d/0x60 [ 34.116687] [] ? move_addr_to_kernel+0x50/0x50 [ 34.122888] [] SyS_sendmsg+0x2d/0x50 [ 34.128226] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 34.134768] Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 49 39 c8 0f 85 9b 00 00 [ 34.161370] RIP [] __list_del_entry+0x86/0x1d0 [ 34.167690] RSP [ 34.171325] ---[ end trace e7d86adf616d02d9 ]--- [ 34.176062] Kernel panic - not syncing: Fatal exception in interrupt [ 34.182992] Dumping ftrace buffer: [ 34.186507] (ftrace buffer empty) [ 34.190186] Kernel Offset: disabled [ 34.193780] Rebooting in 86400 seconds..