[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.637497] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.105637] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 22.559159] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 23.460448] random: sshd: uninitialized urandom read (32 bytes read, 76 bits of entropy available) Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. [ 29.348154] random: sshd: uninitialized urandom read (32 bytes read, 82 bits of entropy available) 2018/08/29 04:05:30 fuzzer started [ 30.638673] random: cc1: uninitialized urandom read (8 bytes read, 84 bits of entropy available) 2018/08/29 04:05:32 dialing manager at 10.128.0.26:34473 2018/08/29 04:05:33 syscalls: 1 2018/08/29 04:05:33 code coverage: enabled 2018/08/29 04:05:33 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/29 04:05:33 setuid sandbox: enabled 2018/08/29 04:05:33 namespace sandbox: enabled 2018/08/29 04:05:33 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/29 04:05:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/29 04:05:33 net packed injection: enabled 2018/08/29 04:05:33 net device setup: enabled [ 33.950389] random: nonblocking pool is initialized 04:06:09 executing program 0: getgid() add_key(&(0x7f0000000900)='cifs.spnego\x00', &(0x7f0000000940), &(0x7f0000000980), 0x0, 0xfffffffffffffffc) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r1, 0x0) r2 = accept4(r1, 0x0, &(0x7f0000000000), 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @remote}}, 0x0, 0x2, [{}, {{0xa, 0x0, 0x0, @mcast2}}]}, 0x190) creat(&(0x7f0000000040)="e91f7189591e9233614b00", 0xdc) 04:06:09 executing program 1: pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) times(&(0x7f0000000040)) write$P9_RFSYNC(r0, &(0x7f0000000000)={0x7, 0x33, 0x2}, 0x7) 04:06:09 executing program 2: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) r3 = timerfd_create(0x0, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000ab4000)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001aff4)) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000021ff4)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000019000)) 04:06:09 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x10, 0x0, &(0x7f0000000300)=ANY=[@ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00)'], @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done], 0x0, 0x0, &(0x7f0000000180)}) 04:06:09 executing program 4: 04:06:09 executing program 3: 04:06:09 executing program 5: 04:06:09 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80141, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) write$P9_RCREATE(r0, &(0x7f0000000480)={0x18}, 0x0) [ 68.946338] IPVS: Creating netns size=2552 id=1 [ 69.068196] IPVS: Creating netns size=2552 id=2 [ 69.125948] IPVS: Creating netns size=2552 id=3 [ 69.227319] IPVS: Creating netns size=2552 id=4 [ 69.321574] IPVS: Creating netns size=2552 id=5 [ 69.479368] IPVS: Creating netns size=2552 id=6 [ 69.692858] IPVS: Creating netns size=2552 id=7 [ 69.915837] IPVS: Creating netns size=2552 id=8 [ 70.011205] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 70.092129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.537045] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.547684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 70.604792] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.626562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.796141] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 70.877699] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.069073] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 71.150223] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.168932] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 71.230581] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.303542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.317526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.416791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 71.452083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.460503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.513786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.557191] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.590896] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 71.657732] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.753385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.784665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.914568] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 71.922482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.932862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.946387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 71.963671] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.986637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.048334] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.056740] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.077779] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.140966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.149781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.166978] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.216035] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 72.233045] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.307365] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.325354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.438452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.493774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.586061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.599632] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.611183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.650500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.686648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.712716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.722886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.749328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.771745] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.801049] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.815773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.837691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.858732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.939148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.958312] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.242770] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 73.327923] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.412837] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 73.429210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.512957] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.530733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.631167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.704530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.522694] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 76.645292] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 76.829814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.929583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.957141] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.174097] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.276281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.291121] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.395329] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.510807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.590032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.714580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.811115] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.981994] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.129876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.309392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:06:20 executing program 0: clone(0x0, &(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000180), &(0x7f0000000080)) listen(0xffffffffffffffff, 0x0) 04:06:20 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r1 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc0305302, &(0x7f0000dc5f98)) 04:06:20 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r1, &(0x7f0000005fc0), 0x80000000000006a, 0x0) [ 79.308074] SELinux: failure in selinux_parse_skb(), unable to parse packet [ 79.315536] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8343632e [ 79.315536] [ 79.326691] CPU: 1 PID: 5894 Comm: syz-executor1 Not tainted 4.4.153-g5e24b4e #26 [ 79.334541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.343944] 0000000000000000 b156bd65a2f18e26 ffff8800a2467500 ffffffff81e162ed [ 79.352077] ffffffff83a44c60 00000000ffffffff ffff8801cc800640 ffff8800a2467840 [ 79.360176] 0000000000001000 ffff8800a24675c0 ffffffff8140d474 0000000041b58ab3 [ 79.368230] Call Trace: [ 79.370815] [] dump_stack+0xc1/0x124 [ 79.376188] [] panic+0x19e/0x38d [ 79.381201] [] ? add_taint.cold.4+0x16/0x16 [ 79.387166] [] ? nf_iterate+0x210/0x210 [ 79.392785] [] ? ip6_xmit+0x18ae/0x1a00 [ 79.398407] [] ? ip6_xmit+0x18ae/0x1a00 [ 79.404029] [] __stack_chk_fail+0x22/0x30 [ 79.409821] [] ip6_xmit+0x18ae/0x1a00 [ 79.415282] [] ? kasan_slab_free+0x72/0xc0 [ 79.421164] [] ? kfree+0xf4/0x310 [ 79.426268] [] ? pskb_expand_head+0x683/0x970 [ 79.432411] [] ? ip6_finish_output2+0x1ca0/0x1ca0 [ 79.438910] [] ? __lock_is_held+0xa2/0xf0 [ 79.444707] [] ? ipv4_dst_check+0x111/0x160 [ 79.450680] [] ? ip6_append_data+0x2b0/0x2b0 [ 79.456740] [] inet6_csk_xmit+0x245/0x490 [ 79.462534] [] ? inet6_csk_xmit+0xff/0x490 [ 79.468417] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 79.474993] [] ? udp6_set_csum+0xd3/0xa70 [ 79.480795] [] l2tp_xmit_skb+0xb9c/0xe80 [ 79.486517] [] pppol2tp_sendmsg+0x4e0/0x7d0 [ 79.492484] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 79.498976] [] ? pppol2tp_release+0x310/0x310 [ 79.505118] [] sock_sendmsg+0xcc/0x110 [ 79.510656] [] ___sys_sendmsg+0x441/0x880 [ 79.516449] [] ? copy_msghdr_from_user+0x550/0x550 [ 79.523028] [] ? __fget+0x148/0x3b0 [ 79.528301] [] ? __fget+0x16f/0x3b0 [ 79.533569] [] ? __fget+0x47/0x3b0 [ 79.538751] [] ? __fget_light+0x9f/0x1f0 [ 79.544451] [] ? __fdget+0x18/0x20 [ 79.549637] [] ? sockfd_lookup_light+0xb6/0x160 [ 79.555954] [] __sys_sendmmsg+0x1d4/0x2e0 [ 79.561747] [] ? SyS_sendmsg+0x50/0x50 [ 79.567282] [] ? ip6_datagram_connect+0x3a/0x50 [ 79.573597] [] ? inet_dgram_connect+0x11e/0x200 [ 79.579919] [] ? fput+0x20/0x150 [ 79.584933] [] ? SYSC_connect+0x22a/0x300 [ 79.590725] [] ? SYSC_bind+0x280/0x280 [ 79.596260] [] ? compat_SyS_futex+0x1e1/0x2f0 [ 79.602491] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 79.609496] [] ? SyS_socket+0x121/0x1b0 [ 79.615114] [] ? move_addr_to_kernel+0x50/0x50 [ 79.621367] [] compat_SyS_sendmmsg+0x32/0x40 [ 79.627423] [] ? compat_SyS_sendmsg+0x40/0x40 [ 79.633567] [] do_fast_syscall_32+0x324/0x8b0 [ 79.639707] [] sysenter_flags_fixed+0xd/0x1a [ 79.646200] Dumping ftrace buffer: [ 79.649761] (ftrace buffer empty) [ 79.653454] Kernel Offset: disabled [ 79.657077] Rebooting in 86400 seconds..