Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.335496] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.854945] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 22.140746] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 23.227355] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) [ 27.377822] random: nonblocking pool is initialized Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts. 2018/01/27 20:17:10 fuzzer started 2018/01/27 20:17:11 dialing manager at 10.128.0.26:37447 2018/01/27 20:17:15 kcov=true, comps=false 2018/01/27 20:17:15 executing program 0: 2018/01/27 20:17:15 executing program 7: 2018/01/27 20:17:15 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) bind$inet(r0, &(0x7f0000739000-0x10)={0x2, 0x1, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) connect(r0, &(0x7f00003e2000-0xa)=@un=@file={0x0, './file0\x00'}, 0xa) sendto$inet(r0, &(0x7f0000a64000-0x1)="", 0x0, 0x20020004, &(0x7f0000386000-0x10)={0x2, 0x1, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000f44000-0x4)=0xfffffffffffffffc, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000748000+0x47c)=[{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x4, 0x0}], 0x20000000000000a8) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000f8e000)={0x0, 0x20000000012c6, 0x1000010004, 0x0, 0x0}, 0x14) sendto$inet(r0, &(0x7f00006e2000)='!', 0x1, 0x0, 0x0, 0x0) 2018/01/27 20:17:15 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000057c000)={0x2, 0x78, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x10) r1 = socket(0x11, 0x4000000000080003, 0x0) setsockopt(r1, 0x107, 0x5, &(0x7f0000001000)="", 0xc5) dup3(r0, r1, 0x0) 2018/01/27 20:17:15 executing program 3: mmap(&(0x7f0000000000/0x15000)=nil, 0x15000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x6) sendmsg(r0, &(0x7f0000005000-0x38)={0x0, 0x0, &(0x7f0000001000-0x10)=[{&(0x7f0000012000)="1b0000001200030f07fffd94000183bc0400090000000100000085", 0x1b}], 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/27 20:17:15 executing program 4: mmap(&(0x7f0000000000/0x2c000)=nil, 0x2c000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000011000-0xc)={0x10, 0x0, 0xffffffffffffffff, 0x120202}, 0xc) getsockname(r0, &(0x7f000001c000)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x0}, 0x0}}}, &(0x7f000001d000-0x4)=0x3a) ioctl$sock_FIOGETOWN(r1, 0x400454cb, &(0x7f0000001000-0x4)=0x0) 2018/01/27 20:17:15 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0xca, &(0x7f0000000000)=0x0, 0x10) 2018/01/27 20:17:15 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x72, &(0x7f0000de3000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "a2fbc8", 0x3c, 0x3a, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, {[], @icmpv6=@dest_unreach={0x1, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0], {0x0, 0x6, "64e8c1", 0x0, 0x4, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [], "30dee35b54bd0cf2ce6d5886"}}}}}}}, 0x0) [ 33.947734] IPVS: Creating netns size=2552 id=1 [ 34.013092] IPVS: Creating netns size=2552 id=2 [ 34.067019] IPVS: Creating netns size=2552 id=3 [ 34.141782] IPVS: Creating netns size=2552 id=4 [ 34.228779] IPVS: Creating netns size=2552 id=5 [ 34.330642] IPVS: Creating netns size=2552 id=6 [ 34.466764] IPVS: Creating netns size=2552 id=7 [ 34.571682] IPVS: Creating netns size=2552 id=8 [ 37.615066] kasan: CONFIG_KASAN_INLINE enabled [ 37.619520] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 37.632361] Dumping ftrace buffer: [ 37.635877] (ftrace buffer empty) [ 37.639570] Modules linked in: [ 37.642877] CPU: 1 PID: 4445 Comm: syz-executor3 Not tainted 4.4.113-g202e079 #1 [ 37.650392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.659733] task: ffff8801d49e0000 task.stack: ffff8801d4610000 [ 37.665777] RIP: 0010:[] [] __list_del_entry+0x86/0x1d0 [ 37.674476] RSP: 0018:ffff8801d46175a8 EFLAGS: 00010246 [ 37.679902] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8801d550c090 [ 37.687142] RDX: 0000000000000000 RSI: ffffffff851c29a0 RDI: ffff8801d550c098 [ 37.694383] RBP: ffff8801d46175c0 R08: 0000000000000001 R09: 0000000000000000 [ 37.701622] R10: 0000000000000001 R11: 1ffff1003a8c2e84 R12: 0000000000000000 [ 37.708859] R13: ffff8801d550c039 R14: ffff8801d550c0b8 R15: 00000000ffffffde [ 37.716100] FS: 00007f7c82a54700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 37.724294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.730144] CR2: 0000000020012000 CR3: 00000001d3edc000 CR4: 0000000000160670 [ 37.737388] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.744643] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.751887] Stack: [ 37.754003] ffff8801d550c0b8 ffff8801d550c090 ffff8800ab5a73c0 ffff8801d46175d8 [ 37.761985] ffffffff81d62add ffff8801d550c090 ffff8801d46175f8 ffffffff832ae63e [ 37.769963] ffff8801c5430880 ffff8801d550c090 ffff8801d4617618 ffffffff832cdb93 [ 37.777927] Call Trace: [ 37.780490] [] list_del+0xd/0x70 [ 37.785571] [] xfrm_state_walk_done+0x6e/0xa0 [ 37.791685] [] xfrm_dump_sa_done+0x73/0xa0 [ 37.797540] [] ? xfrm_dump_policy_start+0x20/0x20 [ 37.804002] [] netlink_dump+0x871/0xb40 [ 37.809604] [] __netlink_dump_start+0x52e/0x7c0 [ 37.815898] [] ? __netlink_ns_capable+0xe1/0x120 [ 37.822271] [] xfrm_user_rcv_msg+0x5bd/0x6b0 [ 37.828298] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 37.834498] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 37.840524] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 37.846723] [] ? xfrm_dump_policy_start+0x20/0x20 [ 37.853188] [] ? avc_has_perm_noaudit+0x460/0x460 [ 37.859653] [] ? mark_held_locks+0xaf/0x100 [ 37.865596] [] ? mutex_lock_nested+0x5d4/0x850 [ 37.871807] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 37.878635] [] ? mutex_lock_nested+0x560/0x850 [ 37.884842] [] ? xfrm_netlink_rcv+0x60/0x90 [ 37.890782] [] ? netlink_lookup+0xee/0x740 [ 37.896633] [] netlink_rcv_skb+0x13e/0x370 [ 37.902486] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 37.908601] [] xfrm_netlink_rcv+0x6f/0x90 [ 37.914368] [] netlink_unicast+0x522/0x760 [ 37.920229] [] ? netlink_unicast+0x44f/0x760 [ 37.926262] [] ? netlink_attachskb+0x6c0/0x6c0 [ 37.932465] [] netlink_sendmsg+0x8e8/0xc50 [ 37.938319] [] ? netlink_unicast+0x760/0x760 [ 37.944352] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 37.950820] [] ? security_socket_sendmsg+0x89/0xb0 [ 37.957377] [] ? netlink_unicast+0x760/0x760 [ 37.963804] [] sock_sendmsg+0xca/0x110 [ 37.969313] [] ___sys_sendmsg+0x6c1/0x7c0 [ 37.975081] [] ? copy_msghdr_from_user+0x550/0x550 [ 37.981631] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 37.988614] [] ? __fget+0x20b/0x3b0 [ 37.993858] [] ? __fget+0x232/0x3b0 [ 37.999105] [] ? __fget+0x47/0x3b0 [ 38.004294] [] ? __fget_light+0xa1/0x1e0 [ 38.009976] [] ? __fdget+0x18/0x20 [ 38.015141] [] __sys_sendmsg+0xd3/0x190 [ 38.020747] [] ? SyS_shutdown+0x1b0/0x1b0 [ 38.026527] [] ? SyS_futex+0x210/0x2c0 [ 38.032035] [] ? fd_install+0x4d/0x60 [ 38.037455] [] ? move_addr_to_kernel+0x50/0x50 [ 38.043657] [] SyS_sendmsg+0x2d/0x50 [ 38.048993] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 38.055553] Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 49 39 c8 0f 85 9b 00 00 [ 38.082112] RIP [] __list_del_entry+0x86/0x1d0 [ 38.088441] RSP [ 38.092090] ---[ end trace 47dd83167370f9b2 ]--- [ 38.096852] Kernel panic - not syncing: Fatal exception in interrupt [ 38.103792] Dumping ftrace buffer: [ 38.107311] (ftrace buffer empty) [ 38.110996] Kernel Offset: disabled [ 38.114589] Rebooting in 86400 seconds..