[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.250334] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.188684] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.657238] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 22.772275] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) [ 22.893369] random: nonblocking pool is initialized Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts. 2018/01/23 23:45:38 fuzzer started 2018/01/23 23:45:38 dialing manager at 10.128.0.26:44435 2018/01/23 23:45:43 kcov=true, comps=false 2018/01/23 23:45:44 executing program 0: mmap(&(0x7f0000000000/0xf94000)=nil, 0xf94000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000f93000)='user\x00', &(0x7f0000f94000-0x5)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, &(0x7f00000cb000)=';', 0x1, 0xfffffffffffffffb) keyctl$update(0x2, r0, &(0x7f00002a3000-0x33)="", 0x0) 2018/01/23 23:45:44 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f00002c9000-0x8)=0x9) clone(0x600, &(0x7f0000687000)="", &(0x7f0000b4c000)=0x0, &(0x7f0000553000-0x4)=0x0, &(0x7f00007a5000-0x8f)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00001ea000)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f0000c71000)=[]) r1 = syz_open_procfs(0x0, &(0x7f000042d000-0xc)='io\x00') preadv(r1, &(0x7f0000fc0000)=[{&(0x7f0000411000-0x81)=""/129, 0x81}], 0x20000000000001f9, 0x0) open$dir(&(0x7f0000131000+0x8d6)='./file0\x00', 0x26102, 0x0) 2018/01/23 23:45:44 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$tun(&(0x7f00006e3000-0xd)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00006b0000-0x28)={@common='gre0\x00', @ifru_map={0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}) dup2(r0, r1) 2018/01/23 23:45:44 executing program 7: mmap(&(0x7f0000000000/0x360000)=nil, 0x360000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000239000-0x38)={&(0x7f000028b000-0x1c)=@in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}, 0x1c, &(0x7f000035f000)=[], 0x0, &(0x7f00000c1000-0xe0)=[{0x10, 0x29, 0x5, "6f0202"}], 0x10, 0x0}, 0x0) 2018/01/23 23:45:44 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000042000-0x8)='./file0\x00', 0x1, 0x0) execve(&(0x7f00001ea000)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f0000c71000)=[]) 2018/01/23 23:45:44 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000785000-0x11)='/dev/vga_arbiter\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00006fb000)={0xa0000013, 0x0}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000db8000)={0x0, 0x0}) epoll_wait(r0, &(0x7f0000586000)=[{0x0, 0x0}], 0x1, 0x0) 2018/01/23 23:45:44 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x600, &(0x7f0000687000)="", &(0x7f0000b4c000)=0x0, &(0x7f0000553000-0x4)=0x0, &(0x7f00007a5000-0x8f)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00001ea000)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f0000c71000)=[]) r0 = syz_open_procfs(0x0, &(0x7f000042d000-0xc)='io\x00') preadv(r0, &(0x7f0000fc0000)=[{&(0x7f0000411000-0x81)=""/129, 0x81}], 0x20000000000001f9, 0x0) pread64(r0, &(0x7f0000c20000-0x9)=""/9, 0x9, 0x0) open$dir(&(0x7f0000131000+0x8d6)='./file0\x00', 0x26102, 0x0) 2018/01/23 23:45:44 executing program 6: mmap(&(0x7f0000000000/0x16000)=nil, 0x16000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0x0}, 0xc, &(0x7f000000b000)=[{&(0x7f0000006000-0x57)="5500000020007fadb72d13b2a4a2809302000000030343026c26236925000400fe740000bd2dca8a9848a3c7f8f1c46b7b31bedc1338d544000000f60000f75a0083de448d000000000000da1e00bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000013000)=[], 0x0, 0x0}, 0x0) [ 33.886408] IPVS: Creating netns size=2552 id=1 [ 33.929892] IPVS: Creating netns size=2552 id=2 [ 33.983065] IPVS: Creating netns size=2552 id=3 [ 34.060204] IPVS: Creating netns size=2552 id=4 [ 34.131965] IPVS: Creating netns size=2552 id=5 [ 34.233146] IPVS: Creating netns size=2552 id=6 [ 34.363074] IPVS: Creating netns size=2552 id=7 [ 34.500297] IPVS: Creating netns size=2552 id=8 [ 37.662522] netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. [ 37.673417] netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. 2018/01/23 23:45:48 executing program 0: 2018/01/23 23:45:48 executing program 4: 2018/01/23 23:45:48 executing program 1: 2018/01/23 23:45:48 executing program 2: 2018/01/23 23:45:48 executing program 7: 2018/01/23 23:45:48 executing program 3: 2018/01/23 23:45:48 executing program 5: 2018/01/23 23:45:48 executing program 6: mmap(&(0x7f0000000000/0x16000)=nil, 0x16000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0x0}, 0xc, &(0x7f000000b000)=[{&(0x7f0000006000-0x57)="5500000020007fadb72d13b2a4a2809302000000030343026c26236925000400fe740000bd2dca8a9848a3c7f8f1c46b7b31bedc1338d544000000f60000f75a0083de448d000000000000da1e00bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000013000)=[], 0x0, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 1: 2018/01/23 23:45:48 executing program 7: 2018/01/23 23:45:48 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000011000-0xc)={0x10, 0x0, 0xffffffffffffffff, 0x120202}, 0xc) getsockname(r0, &(0x7f000001c000)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x0}, 0x0}}}, &(0x7f000001d000-0x4)=0x3a) ioctl$sock_FIOGETOWN(r1, 0x401054d5, &(0x7f0000023000-0x4)=0x0) 2018/01/23 23:45:48 executing program 2: mmap(&(0x7f0000000000/0xd99000)=nil, 0xd99000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000117000-0x4)=0x0) 2018/01/23 23:45:48 executing program 5: mmap(&(0x7f0000000000/0xf86000)=nil, 0xf86000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008ff000-0x10)={&(0x7f0000300000-0x58)={0x2, 0x3, 0x0, 0x0, 0xb, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, [@sadb_x_nat_t_type={0x1, 0x14, 0x0, [0x0, 0x0, 0x0]}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xffffffffffffffff, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @sadb_sa={0x2, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0xffffffffffffffff, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 7: 2018/01/23 23:45:48 executing program 3: 2018/01/23 23:45:48 executing program 0: [ 37.858396] netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. 2018/01/23 23:45:48 executing program 1: mmap(&(0x7f0000000000/0xaab000)=nil, 0xaab000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000002000-0x10)={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) r1 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000000)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0x0}, 0xc, &(0x7f000000b000)=[{&(0x7f0000010000)="5500000020007fafb72d13b2a4a2809302000000030343046c2623692500010007000149bd2dca8a9848a3c728f1c46b7b31afdc1338d544000000000000f75ae583de448daa7227c43ab8220000bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000011000-0x80)=[], 0x0, 0x0}, 0x0) sendmsg(r0, &(0x7f00006b7000-0x38)={0x0, 0x0, &(0x7f0000aab000-0x70)=[], 0x0, &(0x7f0000a9d000)=[], 0x0, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 3: 2018/01/23 23:45:48 executing program 7: 2018/01/23 23:45:48 executing program 0: mmap(&(0x7f0000000000/0xd99000)=nil, 0xd99000, 0x4, 0x32, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000117000-0x4)=0x0) 2018/01/23 23:45:48 executing program 2: mmap(&(0x7f0000000000/0x360000)=nil, 0x360000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000239000-0x38)={&(0x7f000028b000-0x1c)=@in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}, 0x1c, &(0x7f000035f000)=[], 0x0, &(0x7f00000c1000-0xe0)=[{0x18, 0x29, 0x5, "6f0202"}], 0x18, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000939000-0xc)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x0, 0xaa}, 0x0}, 0xfd15) syz_emit_ethernet(0x2a, &(0x7f0000792000-0x2f)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x0}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x0}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x0, @broadcast=0xffffffff, {[]}}, @igmp={0x0, 0x0, 0x0, @multicast2=0xe0000002, ""}}}}}, &(0x7f0000ae3000)={0x0, 0x1, [0x0]}) 2018/01/23 23:45:48 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000890000-0x12)='/dev/loop-control\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f000013e000)={0x0, 0x0}, &(0x7f0000765000)=0x8) ioctl$LOOP_CTL_ADD(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c80, 0x0) 2018/01/23 23:45:48 executing program 6: mmap(&(0x7f0000000000/0x16000)=nil, 0x16000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0x0}, 0xc, &(0x7f000000b000)=[{&(0x7f0000006000-0x57)="5500000020007fadb72d13b2a4a2809302000000030343026c26236925000400fe740000bd2dca8a9848a3c7f8f1c46b7b31bedc1338d544000000f60000f75a0083de448d000000000000da1e00bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000013000)=[], 0x0, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 0: mmap(&(0x7f0000000000/0x360000)=nil, 0x360000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000239000-0x38)={&(0x7f000028b000-0x1c)=@in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}, 0x1c, &(0x7f000035f000)=[], 0x0, &(0x7f00000c1000-0xe0)=[{0x18, 0x29, 0x5, "6f3d02"}], 0x18, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x18, 0x0, 0x1) sendmmsg(0xffffffffffffffff, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000003000-0x30)=[], 0x0, &(0x7f0000008000-0x2a0)=[], 0x0, 0x0}, 0x0}], 0x1, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000011000)=[{{&(0x7f0000003000)=@in6={0xa, 0xffffffffffffffff, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}, 0x1c, &(0x7f0000005000-0x60)=[{&(0x7f0000002000)="4c5614c00401a0dbf8a669ebdedd102c4f7a79e606457dfdf09e2ec2ed253b", 0x1f}], 0x1, &(0x7f0000003000-0x2d0)=[], 0x0, 0x0}, 0x0}], 0x1, 0x0) connect(r0, &(0x7f0000002000)=@sco={0x1f, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x26) setsockopt(r0, 0x111, 0x1, &(0x7f000000c000-0x5)="0ed4550f", 0x4) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000d23000)=0x0) 2018/01/23 23:45:48 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00004c0000)='net/rt_acct\x00') pread64(r0, &(0x7f000018c000)=""/0, 0x0, 0x0) 2018/01/23 23:45:48 executing program 6: mmap(&(0x7f0000000000/0x16000)=nil, 0x16000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0x0}, 0xc, &(0x7f000000b000)=[{&(0x7f0000006000-0x57)="5500000020007fadb72d13b2a4a2809302000000030343026c26236925000400fe740000bd2dca8a9848a3c7f8f1c46b7b31bedc1338d544000000f60000f75a0083de448d000000000000da1e00bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000013000)=[], 0x0, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 3: 2018/01/23 23:45:48 executing program 3: [ 37.966810] netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. [ 37.991763] netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. [ 38.006318] netlink: 17 bytes leftover after parsing attributes in process `syz-executor1'. [ 38.041153] netlink: 17 bytes leftover after parsing attributes in process `syz-executor1'. 2018/01/23 23:45:48 executing program 0: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000a59000-0xd)='/dev/snd/seq\x00', 0x0, 0x0) 2018/01/23 23:45:48 executing program 2: 2018/01/23 23:45:48 executing program 6: mmap(&(0x7f0000000000/0x16000)=nil, 0x16000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x0, 0x0}, 0xc, &(0x7f000000b000)=[{&(0x7f0000006000-0x57)="5500000020007fadb72d13b2a4a2809302000000030343026c26236925000400fe740000bd2dca8a9848a3c7f8f1c46b7b31bedc1338d544000000f60000f75a0083de448d000000000000da1e00bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000013000)=[], 0x0, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 5: 2018/01/23 23:45:48 executing program 4: 2018/01/23 23:45:48 executing program 3: 2018/01/23 23:45:48 executing program 7: 2018/01/23 23:45:48 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00006e5000)=0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)={{0x0, 0x0}, {0x0, 0x0}}) socketpair$unix(0x1, 0x800000000002, 0x0, &(0x7f0000013000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r2, 0x7, &(0x7f0000002000)={0x1, 0x0, 0x0, 0x0, 0x0}) unshare(0x400) fcntl$lock(r2, 0x7, &(0x7f0000c9d000-0x20)={0x0, 0x0, 0x0, 0x0, 0x0}) tkill(r0, 0x1000000000016) dup3(r1, r2, 0x0) 2018/01/23 23:45:48 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0xf, 0x0, 0x0, &(0x7f0000438000-0x8)={0x0, 0x0}) 2018/01/23 23:45:48 executing program 7: mmap(&(0x7f0000000000/0x1e000)=nil, 0x1e000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x6) sendmsg$nl_generic(r0, &(0x7f0000016000)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f000000d000+0x379)={&(0x7f000000f000)={0x24, 0x12, 0x301, 0xffffffffffffffff, 0xffffffffffffffff, {0x6, 0x0, 0x0}, [@nested={0x10, 0x0, [@typed={0xc, 0x3, @uid=0x0}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/23 23:45:48 executing program 5: 2018/01/23 23:45:48 executing program 4: 2018/01/23 23:45:48 executing program 0: [ 38.133938] netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. [ 38.139361] kasan: CONFIG_KASAN_INLINE enabled [ 38.139370] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 38.139375] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 38.139380] Dumping ftrace buffer: [ 38.139384] (ftrace buffer empty) [ 38.139387] Modules linked in: [ 38.139395] CPU: 1 PID: 4551 Comm: syz-executor7 Not tainted 4.4.113-gef588ef #33 [ 38.139398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.139403] task: ffff8800b71f8000 task.stack: ffff8800b9b78000 [ 38.139417] RIP: 0010:[] [] __list_del_entry+0x86/0x1d0 [ 38.139421] RSP: 0018:ffff8800b9b7f5a8 EFLAGS: 00010246 [ 38.139425] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8800aa8b8510 [ 38.139429] RDX: 0000000000000000 RSI: ffffffff851d2a20 RDI: ffff8800aa8b8518 [ 38.139433] RBP: ffff8800b9b7f5c0 R08: 0000000000000001 R09: 0000000000000000 [ 38.139437] R10: 0000000000000001 R11: 1ffff1001736fe84 R12: 0000000000000000 [ 38.139440] R13: ffff8800aa8b84b9 R14: ffff8800aa8b8538 R15: 00000000ffffffde [ 38.139446] FS: 00007f0d39a8b700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 38.139450] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.139454] CR2: 000000002000f000 CR3: 00000000bbbb0000 CR4: 0000000000160670 [ 38.139461] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.139465] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.139466] Stack: [ 38.139475] ffff8800aa8b8538 ffff8800aa8b8510 ffff8801c59f37c0 ffff8800b9b7f5d8 [ 38.139482] ffffffff81d62add ffff8800aa8b8510 ffff8800b9b7f5f8 ffffffff832ae63e [ 38.139490] ffff8801ce7bcc80 ffff8800aa8b8510 ffff8800b9b7f618 ffffffff832cdb93 [ 38.139492] Call Trace: [ 38.139499] [] list_del+0xd/0x70 [ 38.139508] [] xfrm_state_walk_done+0x6e/0xa0 [ 38.139514] [] xfrm_dump_sa_done+0x73/0xa0 [ 38.139520] [] ? xfrm_dump_policy_start+0x20/0x20 [ 38.139528] [] netlink_dump+0x871/0xb40 [ 38.139535] [] __netlink_dump_start+0x52e/0x7c0 [ 38.139542] [] ? __netlink_ns_capable+0xe1/0x120 [ 38.139549] [] xfrm_user_rcv_msg+0x5bd/0x6b0 [ 38.139560] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 38.139567] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 38.139573] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 38.139580] [] ? xfrm_dump_policy_start+0x20/0x20 [ 38.139589] [] ? avc_has_perm_noaudit+0x460/0x460 [ 38.139598] [] ? mark_held_locks+0xaf/0x100 [ 38.139607] [] ? mutex_lock_nested+0x5d4/0x850 [ 38.139614] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 38.139622] [] ? mutex_lock_nested+0x560/0x850 [ 38.139628] [] ? xfrm_netlink_rcv+0x60/0x90 [ 38.139635] [] ? netlink_lookup+0xee/0x740 [ 38.139642] [] netlink_rcv_skb+0x13e/0x370 [ 38.139649] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 38.139655] [] xfrm_netlink_rcv+0x6f/0x90 [ 38.139662] [] netlink_unicast+0x522/0x760 [ 38.139669] [] ? netlink_unicast+0x44f/0x760 [ 38.139676] [] ? netlink_attachskb+0x6c0/0x6c0 [ 38.139683] [] netlink_sendmsg+0x8e8/0xc50 [ 38.139690] [] ? netlink_unicast+0x760/0x760 [ 38.139698] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 38.139706] [] ? security_socket_sendmsg+0x89/0xb0 [ 38.139713] [] ? netlink_unicast+0x760/0x760 [ 38.139721] [] sock_sendmsg+0xca/0x110 [ 38.139727] [] ___sys_sendmsg+0x6c1/0x7c0 [ 38.139735] [] ? copy_msghdr_from_user+0x550/0x550 [ 38.139742] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 38.139750] [] ? __fget+0x232/0x3b0 [ 38.139756] [] ? __fget+0x47/0x3b0 [ 38.139763] [] ? __fget_light+0xa1/0x1e0 [ 38.139769] [] ? __fdget+0x18/0x20 [ 38.139776] [] __sys_sendmsg+0xd3/0x190 [ 38.139783] [] ? SyS_shutdown+0x1b0/0x1b0 [ 38.139796] [] ? SyS_futex+0x210/0x2c0 [ 38.139802] [] ? fd_install+0x4d/0x60 [ 38.139809] [] ? move_addr_to_kernel+0x50/0x50 [ 38.139817] [] SyS_sendmsg+0x2d/0x50 [ 38.139826] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 38.139931] Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 49 39 c8 0f 85 9b 00 00 [ 38.139938] RIP [] __list_del_entry+0x86/0x1d0 [ 38.139940] RSP [ 38.139966] ---[ end trace 57abf9832c676fca ]--- [ 38.139971] Kernel panic - not syncing: Fatal exception in interrupt [ 38.142902] Dumping ftrace buffer: [ 38.142905] (ftrace buffer empty) [ 38.142907] Kernel Offset: disabled [ 38.626882] Rebooting in 86400 seconds..