[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.784526] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   19.350193] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available)
[   19.596217] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.528854] random: nonblocking pool is initialized
Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts.
2018/02/20 19:02:52 fuzzer started
2018/02/20 19:02:52 dialing manager at 10.128.0.26:40191
2018/02/20 19:02:56 kcov=true, comps=false
2018/02/20 19:02:56 executing program 0:
r0 = socket$inet(0x2, 0x80005, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2c, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x1, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000080], 0x0, &(0x7f0000000000), &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0x0, 0x0, []}, {0x0, '\x00', 0x0, 0x0, 0x0, []}, {0x0, '\x00', 0x1, 0x0, 0x0, []}]}, 0x108)

2018/02/20 19:02:56 executing program 1:
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000f18000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="240000000105f50000001c000000060020200a003f0003006ae800ca0700000000ac16ff", 0x24}], 0x1}, 0x0)

2018/02/20 19:02:56 executing program 2:
r0 = socket$inet(0x10, 0x3, 0x0)
recvmsg(r0, &(0x7f0000001700)={&(0x7f0000000000)=@nfc, 0x10, &(0x7f0000001580)=[{&(0x7f0000000080)=""/102, 0x66}, {&(0x7f0000000100)=""/213, 0xd5}, {&(0x7f0000000200)=""/91, 0x5b}, {&(0x7f0000000340)=""/19, 0x13}, {&(0x7f0000000580)=""/4096, 0x1000}], 0x5, &(0x7f0000001640)=""/139, 0x8b}, 0x0)
sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000776000)=[{&(0x7f0000000000)="240000003a00fd0207ff03966fa283bc0ae6e60000000000f10b5a00000003a2d189737e", 0x24}], 0x1}, 0x0)

2018/02/20 19:02:56 executing program 3:
r0 = socket$inet(0x2, 0x80005, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)

2018/02/20 19:02:56 executing program 4:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000ff0), 0x10)
modify_ldt$read(0x0, &(0x7f0000550f57)=""/169, 0xa9)

2018/02/20 19:02:56 executing program 5:
unshare(0x20020000)
mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='anon_inodefs\x00', 0x0, 0x0)
mkdir(&(0x7f00001a3000)='./file0\x00', 0x0)
mount(&(0x7f00000000c0)='./file0\x00', &(0x7f000092f000)='./file0\x00', &(0x7f0000dcd000)='ramfs\x00', 0x0, &(0x7f000002f000))
accept$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, &(0x7f0000000040)=0x8)
poll(&(0x7f00007a7fe8)=[], 0x0, 0x7f)
getpid()
rmdir(&(0x7f0000d19000)='./file0\x00')

2018/02/20 19:02:56 executing program 7:
socket$inet(0x10, 0x2, 0x0)

2018/02/20 19:02:56 executing program 6:

[   30.337752] IPVS: Creating netns size=2552 id=1
[   30.410483] IPVS: Creating netns size=2552 id=2
[   30.457762] IPVS: Creating netns size=2552 id=3
[   30.521362] IPVS: Creating netns size=2552 id=4
[   30.593147] IPVS: Creating netns size=2552 id=5
[   30.656053] IPVS: Creating netns size=2552 id=6
[   30.752994] IPVS: Creating netns size=2552 id=7
[   30.833898] IPVS: Creating netns size=2552 id=8
[   33.105303] audit: type=1400 audit(1519153379.633:5): avc:  denied  { create } for  pid=4728 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
2018/02/20 19:03:00 executing program 0:

2018/02/20 19:03:00 executing program 1:

2018/02/20 19:03:00 executing program 5:
mkdir(&(0x7f000019fff8)='./file0\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000000)='/', r0, &(0x7f0000000080)='./file0\x00')
linkat(r0, &(0x7f0000b0dff2)='./file0/file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='/', 0x0)

2018/02/20 19:03:00 executing program 7:
syz_emit_ethernet(0x188, &(0x7f0000000180)={@local={[0xaa, 0xaa, 0xaa, 0xaa], 0x0, 0xaa}, @random="8f2ae2367c70", [], {@ipv6={0x86dd, {0x0, 0x6, "6e8693", 0x0, 0x2c, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14}}, @mcast2={0xff, 0x2, [], 0x1}, {[@routing={0x0, 0x0, 0x0, 0x0, 0x0, [@mcast2={0xff, 0x2, [], 0x1}]}], @icmpv6=@mld={0x0, 0x0, 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}}}}, 0x0)

2018/02/20 19:03:00 executing program 2:

2018/02/20 19:03:00 executing program 3:

2018/02/20 19:03:00 executing program 6:

2018/02/20 19:03:00 executing program 4:

2018/02/20 19:03:00 executing program 1:

2018/02/20 19:03:00 executing program 0:

2018/02/20 19:03:00 executing program 6:

2018/02/20 19:03:00 executing program 1:

2018/02/20 19:03:00 executing program 7:

2018/02/20 19:03:00 executing program 0:

2018/02/20 19:03:00 executing program 6:

2018/02/20 19:03:00 executing program 3:

2018/02/20 19:03:00 executing program 2:

2018/02/20 19:03:00 executing program 5:

2018/02/20 19:03:00 executing program 4:

2018/02/20 19:03:00 executing program 3:

2018/02/20 19:03:00 executing program 1:

2018/02/20 19:03:00 executing program 5:

2018/02/20 19:03:00 executing program 2:
r0 = socket$inet(0x10, 0x400000000000003, 0x6)
sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000000)="1b0000001200030207fffd946fa283080700030000000000000085", 0x1b}], 0x1}, 0x0)

2018/02/20 19:03:00 executing program 7:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000003000)=[{&(0x7f000000a000)="240000002d00030207fffd94090000000a00000003000005000000000000000000000000", 0x24}], 0x1}, 0x0)

2018/02/20 19:03:00 executing program 0:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x6e, &(0x7f00000f8000)={@random="cd390b081bf2", @dev={[0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "0aff0f", 0x38, 0x3a, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, [], "80002a0800000000"}}}}}}}, 0x0)

2018/02/20 19:03:00 executing program 6:
mmap(&(0x7f0000000000/0x24000)=nil, 0x24000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x5411, &(0x7f0000000fd8)={@syzn={0x73, 0x79, 0x7a}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})

2018/02/20 19:03:00 executing program 5:
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = creat(&(0x7f000028f000)='./control/file0\x00', 0x0)
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
unlink(&(0x7f0000f86000)='./control/file0\x00')
rmdir(&(0x7f000015dff6)='./control\x00')
creat(&(0x7f000018c000)='./control/file0\x00', 0x0)
rmdir(&(0x7f00002ccff0)='./control/file0\x00')
close(r0)

2018/02/20 19:03:00 executing program 3:
ptrace$peek(0xffffffffffffffff, 0x0, &(0x7f0000002ff8))
r0 = gettid()
r1 = syz_open_procfs(r0, &(0x7f0000000000)='status\x00')
r2 = syz_open_procfs(0x0, &(0x7f00003a0000)='projid_map\x00')
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000040)={<r3=>0x0, 0x1000000000000}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000000c0)={r3, 0x80, 0xffff, 0x245}, 0x10)
sendfile(r2, r1, &(0x7f000030f000), 0x7563)

2018/02/20 19:03:00 executing program 1:
r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4)
r1 = socket$inet6(0xa, 0x5, 0xfffffffffffffffc)
sysfs$3(0x3)
setsockopt$inet6_int(r1, 0x29, 0x7c, &(0x7f00000000c0)=0x3, 0x4)
socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080))

2018/02/20 19:03:00 executing program 4:
r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x8000000000)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000faa000)={{0x2}})
flock(r0, 0x1)
r1 = socket(0x5, 0x807, 0x3f)
setsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000)=0x2, 0x4)
syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x80)
getpeername$llc(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty}, &(0x7f0000000080)=0x10)

2018/02/20 19:03:00 executing program 7:
mkdir(&(0x7f0000b28000)='./file0\x00', 0x0)
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000000))
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280))
r0 = socket$unix(0x1, 0xfffffffffffffffd, 0x0)
sendto$unix(r0, &(0x7f0000db4f8e), 0x0, 0x0, &(0x7f000093dff6)=@file={0x1, './file0\x00'}, 0xa)

[   33.697464] kasan: CONFIG_KASAN_INLINE enabled
[   33.701952] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
[   33.714871] Dumping ftrace buffer:
[   33.718394]    (ftrace buffer empty)
[   33.722089] Modules linked in:
[   33.725400] CPU: 0 PID: 4928 Comm: syz-executor2 Not tainted 4.4.116-g20ddb25 #15
[   33.733011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.742354] task: ffff8801d1ab9800 task.stack: ffff8801cb2b8000
[   33.748394] RIP: 0010:[<ffffffff81d64166>]  [<ffffffff81d64166>] __list_del_entry+0x86/0x1d0
[   33.757085] RSP: 0018:ffff8801cb2bf5a8  EFLAGS: 00010246
[   33.762514] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8800b1f80d90
[   33.769766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800b1f80d98
[   33.777024] RBP: ffff8801cb2bf5c0 R08: 0000000000000000 R09: 0000000000000000
[   33.784273] R10: ffffffff838443e0 R11: 1ffff10039657e84 R12: 0000000000000000
[   33.791516] R13: ffff8800b1f80d39 R14: ffff8800b1f80db8 R15: 00000000ffffffde
[   33.798756] FS:  00007ff2c698b700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   33.806955] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.812808] CR2: 0000000020004fc8 CR3: 00000001cf234000 CR4: 0000000000160670
[   33.820053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.827303] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.834555] Stack:
[   33.836686]  ffff8800b1f80db8 ffff8800b1f80d90 ffff8801d89ad5c0 ffff8801cb2bf5d8
[   33.844661]  ffffffff81d642bd ffff8800b1f80d90 ffff8801cb2bf5f8 ffffffff832b10ae
[   33.852628]  ffff8801c5f6aa80 ffff8800b1f80d90 ffff8801cb2bf618 ffffffff832d0603
[   33.860596] Call Trace:
[   33.863163]  [<ffffffff81d642bd>] list_del+0xd/0x70
[   33.868152]  [<ffffffff832b10ae>] xfrm_state_walk_done+0x6e/0xa0
[   33.874271]  [<ffffffff832d0603>] xfrm_dump_sa_done+0x73/0xa0
[   33.880125]  [<ffffffff832d0590>] ? xfrm_dump_policy_start+0x20/0x20
[   33.886586]  [<ffffffff82f80831>] netlink_dump+0x871/0xb40
[   33.892179]  [<ffffffff82f8501e>] __netlink_dump_start+0x52e/0x7c0
[   33.898474]  [<ffffffff82f7c801>] ? __netlink_ns_capable+0xe1/0x120
[   33.904846]  [<ffffffff832d0bed>] xfrm_user_rcv_msg+0x5bd/0x6b0
[   33.910878]  [<ffffffff832d0ce0>] ? xfrm_user_rcv_msg+0x6b0/0x6b0
[   33.917088]  [<ffffffff832d0630>] ? xfrm_dump_sa_done+0xa0/0xa0
[   33.923120]  [<ffffffff814f6ad2>] ? ksize+0x92/0xf0
[   33.928109]  [<ffffffff832d0ce0>] ? xfrm_user_rcv_msg+0x6b0/0x6b0
[   33.934309]  [<ffffffff832d0590>] ? xfrm_dump_policy_start+0x20/0x20
[   33.940772]  [<ffffffff81b4c680>] ? avc_has_perm_noaudit+0x460/0x460
[   33.947232]  [<ffffffff832ccf70>] ? xfrm_netlink_rcv+0x60/0x90
[   33.953183]  [<ffffffff8376b8e0>] ? mutex_lock_nested+0x560/0x850
[   33.959387]  [<ffffffff832ccf70>] ? xfrm_netlink_rcv+0x60/0x90
[   33.965326]  [<ffffffff82f8449e>] ? netlink_lookup+0xee/0x740
[   33.971182]  [<ffffffff82f8a70e>] netlink_rcv_skb+0x13e/0x370
[   33.977036]  [<ffffffff832d0630>] ? xfrm_dump_sa_done+0xa0/0xa0
[   33.983063]  [<ffffffff832ccf7f>] xfrm_netlink_rcv+0x6f/0x90
[   33.988839]  [<ffffffff82f89292>] netlink_unicast+0x522/0x760
[   33.994693]  [<ffffffff82f891bf>] ? netlink_unicast+0x44f/0x760
[   34.000734]  [<ffffffff82f88d70>] ? netlink_attachskb+0x6c0/0x6c0
[   34.006949]  [<ffffffff82f89db8>] netlink_sendmsg+0x8e8/0xc50
[   34.012804]  [<ffffffff82f894d0>] ? netlink_unicast+0x760/0x760
[   34.018834]  [<ffffffff81b6898f>] ? selinux_socket_sendmsg+0x3f/0x50
[   34.025300]  [<ffffffff81b46e79>] ? security_socket_sendmsg+0x89/0xb0
[   34.031847]  [<ffffffff82f894d0>] ? netlink_unicast+0x760/0x760
[   34.037874]  [<ffffffff82debb4a>] sock_sendmsg+0xca/0x110
[   34.043385]  [<ffffffff82ded721>] ___sys_sendmsg+0x6c1/0x7c0
[   34.049165]  [<ffffffff82ded060>] ? copy_msghdr_from_user+0x550/0x550
[   34.055727]  [<ffffffff81237470>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   34.062720]  [<ffffffff81578587>] ? __fget+0x47/0x3b0
[   34.067878]  [<ffffffff8157874b>] ? __fget+0x20b/0x3b0
[   34.073122]  [<ffffffff81578772>] ? __fget+0x232/0x3b0
[   34.078368]  [<ffffffff81578587>] ? __fget+0x47/0x3b0
[   34.083537]  [<ffffffff815789d1>] ? __fget_light+0xa1/0x1e0
[   34.089225]  [<ffffffff81578b28>] ? __fdget+0x18/0x20
[   34.094388]  [<ffffffff82def773>] __sys_sendmsg+0xd3/0x190
[   34.099983]  [<ffffffff82def6a0>] ? SyS_shutdown+0x1b0/0x1b0
[   34.105759]  [<ffffffff812e1fe0>] ? SyS_futex+0x210/0x2c0
[   34.111265]  [<ffffffff8157a60d>] ? fd_install+0x4d/0x60
[   34.116687]  [<ffffffff82dee500>] ? move_addr_to_kernel+0x50/0x50
[   34.122888]  [<ffffffff82def85d>] SyS_sendmsg+0x2d/0x50
[   34.128226]  [<ffffffff83774a1f>] entry_SYSCALL_64_fastpath+0x1c/0x98
[   34.134768] Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 49 39 c8 0f 85 9b 00 00 
[   34.161370] RIP  [<ffffffff81d64166>] __list_del_entry+0x86/0x1d0
[   34.167690]  RSP <ffff8801cb2bf5a8>
[   34.171325] ---[ end trace e7d86adf616d02d9 ]---
[   34.176062] Kernel panic - not syncing: Fatal exception in interrupt
[   34.182992] Dumping ftrace buffer:
[   34.186507]    (ftrace buffer empty)
[   34.190186] Kernel Offset: disabled
[   34.193780] Rebooting in 86400 seconds..