[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.691178] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.585987] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 20.828025] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 21.784588] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) [ 21.881012] random: nonblocking pool is initialized Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. 2018/02/10 13:25:44 fuzzer started 2018/02/10 13:25:45 dialing manager at 10.128.0.26:40427 2018/02/10 13:25:47 kcov=true, comps=false 2018/02/10 13:25:48 executing program 0: mmap(&(0x7f0000000000/0x12000)=nil, 0x12000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f000000b000)='map_files\x00') renameat(r0, &(0x7f0000005000)='./file0\x00', r0, &(0x7f000000b000-0x8)='./file0\x00') 2018/02/10 13:25:48 executing program 1: mmap(&(0x7f0000000000/0xfd5000)=nil, 0xfd5000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000fd4000)={0x0}) futex(&(0x7f000000d000-0x4)=0x4, 0x80000000000b, 0x4, &(0x7f0000ee0000-0x10)={r0}, &(0x7f0000048000), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) writev(0xffffffffffffffff, &(0x7f0000012000-0x10)=[], 0x0) r1 = gettid() rt_sigsuspend(&(0x7f0000b33000), 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000880000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000009000-0x8)=0x3f) fcntl$setsig(r2, 0xa, 0x12) fcntl$setownex(r2, 0xf, &(0x7f00000ff000)={0x0, r1}) recvmsg(r3, &(0x7f000095d000-0x38)={&(0x7f0000894000-0x8)=@sco, 0x8, &(0x7f00000a5000-0x50)=[], 0x0, &(0x7f0000b30000)}, 0x0) dup2(r2, r3) tkill(r1, 0x15) 2018/02/10 13:25:48 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000b10000)=0xc2, 0x6677bbc4) bind$inet(r0, &(0x7f00000f1000-0x10)={0x2, 0x3, @multicast2=0xe0000002}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000e9c000-0x10)={0x1, &(0x7f0000f07000)=[{0x6, 0x0, 0x0, 0x101}]}, 0x10) connect$inet(r0, &(0x7f0000987000)={0x2, 0x3, @empty}, 0x10) sendto$inet(r0, &(0x7f0000746000-0x9b5)="e9e4f3008d3d7c208af23e45dd352cc0925539816cb663407b74f13eae23bedd4025bb9e250b8d9fe8ea6556e3c90cf95800b4d2adc11bff66ef7e012df218dd1e7ab8ad18ebd7ca4f6c5e8b0481a14b497cf89bd7807c3e8f0e9ffe3711542271e3c9eb189eed52bed0b58de85cf21ec2406912655f7c2086acd3117f65686d9dbbf2d60e6d71d86a23b784a1a38b3ec7e662e63ba14bc65585a5345168f2cb7fa5e6e054ee274e617be6509488daafe9123c28cd51a550d5e3e6a4e6d3ce2e6310315a43a9158a1367b5f3371a5c9b21d70b7acc176d139c8684161bbbd180dd9fcbf2a6db9c472d4a386a6f269bce7970201bd3e2f9cb5414d12db17a569092fadcb6360854cdbb1a5124032b63c5c752ce8ffa6c41d8556e01fe5317c2559ccdbfa200e6b6bc9cc8ef55b66cefdd9c35b467b89cf4e906fcc918d452715faae90dd7a56179edd90106a16d3168cc9870fbd75767111c66bee091913199a999596f78f52ef5921010b40bec752c87cf675c956e04b132f8c323c19303c90a60bfa6b5024706fffc85c400db17232c27c74a0902b7d10400f58892e933da623ed8edf694af174a2a823e1994c1a3c8cfb794f49e7f285b054682b10017a4281af742b10bcbed01fcfe36406cc60e8ae03d84d3c5aeded7c3eb419049037a5c5fec2b920dbcf930d5fe67cbae8bd2e033a53e250d4b67c0cfc25477457a28551486ccdb1f3fef83a00dcef07b713d06ba6fba6544663973e53789d7dc01c71e355e0adb916a86a44ac10e6f9e45be81c4410b2f1e95b7ac454950f8d693d56da8522b87e02607d308ab3cdb4972317d141cf67f5c6aca63bdf165db5459c552b18b718814d3879b0ea504bec7bef12cffd2dbdb2f596f7106014f622eab526dac8b0682a1fba3991c5d19068a9ffd220b159154761d476cef7a87f2f3f3f541a7e07463f5d98121705f808d148a7e23df3774c57610eea758c980762ae9e315ab99a2ad928cd2e72bbbd36a0ef3356668830aa81087ec73aecf10b5a5d534ac46d3149241368748fa7b6fe234d5414143c2d3673458834eb67a32b834a157518519869313359ac93cb612e8001f2a116851af992dc490c56686b2b4c4499fa016eccafe0f5af14ddb9a2bc1f1399ce8f540d9d6f2ff7d232bced8292a70c69c218f34b10bbadce4f67db3bf1f72624fdec96dfe6ad9f25be8dad8ed569f02c478f0d32c87b138867e0f156907b81e8ca57f1b6bf555acdd0a10a457d689138df9bf74dcc2e6160b3af55706cf1e89efa361f2be1e96e4aa95e675ee59fbffa70b18ec37b6f00a206ef51cf4245cc08db2a3b8ccca07f5e8df51f012bead34177d4faf69f46ca3ffb80cd46cec5770b37c072e10b143bfcaab4f7c676dd7fd95250f390cf01787e9f972cfebcdc8025c7390dd164a133b873e830e59150e38801931b867174ba2add0f594c779d86926081a0e25133c90a010be671300a4484409ab02ba651ac68cc49dc71f7ad2d480de9bbf90aded31b4381c2b75c46b95fbd421d3e793eb2f5321929a87b5fc50fa4260b542fc727baca74bf4f93a47c877d5aaa58c3e5a5d9269b6ca545e93a5bd3332561792c0251dbe08e6f26acfd753ebaf5aacd67bfaf69f187f439c940ad7cf05ee92727a925b558aee2e99a58b3141cee9d2e5266aed55d1c2be608a7813c4029748a18054c812d3d1714ee9ae7119242bcc9f52a3048ee30fb7d0b0da33e9592adfc363dea900076f03183fc41d3e8389d00c55dddb27c45607076af909aab764af2a378376638164c3dfc20aaa3de8f3d2f0cb34ace6bf1022e3943118b78df62e7805f3fb77506bbeb05ded14c0abc7a0b1e524bb5be4287506350ab0c814541342518e745cd4536cf5af7f1a54f32e01c734352c30a8ff5f4a05add8bda78907401739e6cd544bce290d4ed613c8f3c877973bb762ba34f418645930c88543d251ce1fc4191b6a8e9efe34bca9fe316572840d00b7e9c9d82b06b7cd94c5864dac549e25c57842aab362312b6704b6f94d4e5e89d8094a0da0fbf46afbaecd53acd78152c72ebf185e634ef103972e1ffad907d2d7273cd92a6c7654f0349020224b2fad14323ae541e33ed4f25e35edc5d96f189f580d3e21a12e677e3141a867f1ff72c29db3af030612052297ee1aa03558f26c8075881f9f50bc4df5b4bed9e6b413fdd7d1ced017abaf6767f7ea9a1b04ab074bbd581521116a1ceebc79e371afcf0bd74b954d04cb2fc00120452ac93a87e62cc02035f70bf3ab3109781402bb74af3f01156e8386c609750fa053e3c50adb621cc5a6923457f022ed060507374c75cacd349861a962dccb40a9ec175be361e03be561727f1257688ede52a338461de35e8d44c0028cef68ac1a38dca7c0b75ffff8a6045c738c1c46b36bc8fb06d5cd0284556872ca14a13b0bae0a6aeb0892831eab0420822359afc1e01ff7c5dabe1aa6a802c061044be0669c1c42cec59476d67a4bbb0ed9e0f1a7675834c4a28e86a7e4add36f35670426cfd1de5544845c133a7b19d607bae0909bf4fd6ac53ef1c471ce1069e078c154107cea42f70d8fa17eaa4b95089247ba4d78c505b3764ed597da3e4feda6bfc8cec04dd79461de5200460d76e725b14b7dae409e084bef9fe33fa148db9e03fa4449aea233bf61e5aaa09b3e54ffa488a646de3c5a4720cd2393a7f403b8c29fec2ac392309e40d36aa312717630df83fa7a8bb7b8b54d3094e08cd305856a551388d069ee1d43a993f199bf34786fed3272c27515032e2805f5da703c7fe5be4aa7805ec009c21be9ae993b505873", 0x7d3, 0x0, &(0x7f000075c000-0x10)={0x2, 0xffffffffffffffff, @rand_addr}, 0x10) shutdown(r0, 0x1) 2018/02/10 13:25:48 executing program 4: mmap(&(0x7f0000017000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000017000)='oom_score_adj\x00') mmap(&(0x7f0000f12000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000f13000-0x20)=[{&(0x7f0000018000)=""/192, 0xc0}], 0x1) 2018/02/10 13:25:48 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = request_key(&(0x7f0000756000)='cifs.spnego\x00', &(0x7f00007d8000)={0x73, 0x79, 0x7a}, &(0x7f00005f7000-0x1)='\x00', 0xfffffffffffffffe) add_key$user(&(0x7f0000099000-0x5)='user\x00', &(0x7f000098b000-0x5)={0x73, 0x79, 0x7a}, &(0x7f0000b10000)='6', 0x1, r0) keyctl$clear(0x7, r0) 2018/02/10 13:25:48 executing program 3: mmap(&(0x7f0000000000/0xff9000)=nil, 0xff9000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000000a000-0xc)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000d41000-0xc)) 2018/02/10 13:25:48 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000001000-0x8), &(0x7f0000001000)=0x8) 2018/02/10 13:25:48 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = eventfd2(0x0, 0x0) r1 = epoll_create1(0x0) r2 = dup2(r0, r1) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000bf3000)) read$eventfd(r2, &(0x7f00007b1000-0x8), 0x8) write$eventfd(r2, &(0x7f000068f000)=0xec, 0x8) [ 30.927243] IPVS: Creating netns size=2552 id=1 [ 30.998811] IPVS: Creating netns size=2552 id=2 [ 31.040948] IPVS: Creating netns size=2552 id=3 [ 31.089212] IPVS: Creating netns size=2552 id=4 [ 31.149999] IPVS: Creating netns size=2552 id=5 [ 31.222379] IPVS: Creating netns size=2552 id=6 [ 31.326198] IPVS: Creating netns size=2552 id=7 [ 31.423826] IPVS: Creating netns size=2552 id=8 2018/02/10 13:25:51 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f000070b000-0xf)='/dev/sequencer\x00', 0x0, 0x0) openat$keychord(0xffffffffffffff9c, &(0x7f0000617000-0xe)='/dev/keychord\x00', 0x0, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000000b000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000001000-0x38)={&(0x7f0000239000-0x8)=@abs, 0x8, &(0x7f0000008000)=[], 0x0, &(0x7f0000001000-0x10)=[@rights={0x200, 0x1, 0x1, [r0]}], 0x1}, 0x0) recvmsg(r2, &(0x7f000000e000)={0x0, 0x0, &(0x7f000008b000)=[], 0x0, &(0x7f000000c000), 0xfc13}, 0x0) pselect6(0x40, &(0x7f0000cc9000-0x40), &(0x7f0000cc9000-0x40), &(0x7f000070b000-0x40)={0xffffffffffffffe1}, &(0x7f00008e6000-0x10)={0x0, 0x989680}, &(0x7f0000205000-0x10)={&(0x7f0000cc9000-0x8), 0x8}) 2018/02/10 13:25:51 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000333000-0xd)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000010000-0xd)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000006000-0x2c)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000013000-0x39)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000009000-0x30)={0x8, 0x0, &(0x7f000000e000-0x8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000001000-0xb3)}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000004000-0x30)={0x10, 0x0, &(0x7f0000015000)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f0000016000)}) [ 33.747610] binder: 4822:4826 Acquire 1 refcount change on invalid ref 0 ret -22 [ 33.773862] binder: 4822:4834 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/02/10 13:25:51 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000854000-0xb)='highspeed\x00h', 0xfe76) sendto$inet(r0, &(0x7f0000fd0000), 0xfffffffffffffec1, 0x20000801, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001}, 0x10) [ 33.793356] binder: 4822:4826 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 33.817310] binder: 4822:4826 Acquire 1 refcount change on invalid ref 0 ret -22 [ 33.824945] binder: 4822:4834 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 33.837093] binder: 4822:4834 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 2018/02/10 13:25:51 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000a8c000-0x9)='net/igmp\x00') 2018/02/10 13:25:51 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r0, &(0x7f0000f40000)={&(0x7f00005ff000)=@kern={0x10}, 0xc, &(0x7f0000413000-0x10)=[{&(0x7f0000cfc000)={0x18, 0x12, 0x201, 0xffffffffffffffff, 0xffffffffffffffff, "", [@typed={0x8, 0x3}]}, 0x18}], 0x1}, 0x0) 2018/02/10 13:25:51 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000010e000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW(r0, 0x5402, &(0x7f0000444000-0x24)={0x6}) 2018/02/10 13:25:51 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000395000)='./file0\x00', 0x0) r0 = creat(&(0x7f0000016000-0xc)='./file0/bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x6) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000035000)='/dev/sequencer\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) lseek(r2, 0x0, 0x4) 2018/02/10 13:25:51 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) seccomp(0x1, 0x0, &(0x7f000003c000)={0x1, &(0x7f000003f000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) signalfd4(0xffffffffffffffff, &(0x7f000085a000), 0x8, 0x0) 2018/02/10 13:25:51 executing program 1: mmap(&(0x7f0000000000/0xfd5000)=nil, 0xfd5000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000fd4000)={0x0}) futex(&(0x7f000000d000-0x4)=0x4, 0x80000000000b, 0x4, &(0x7f0000ee0000-0x10)={r0}, &(0x7f0000048000), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) writev(0xffffffffffffffff, &(0x7f0000012000-0x10)=[], 0x0) r1 = gettid() rt_sigsuspend(&(0x7f0000b33000), 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000880000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000009000-0x8)=0x3f) fcntl$setsig(r2, 0xa, 0x12) fcntl$setownex(r2, 0xf, &(0x7f00000ff000)={0x0, r1}) recvmsg(r3, &(0x7f000095d000-0x38)={&(0x7f0000894000-0x8)=@sco, 0x8, &(0x7f00000a5000-0x50)=[], 0x0, &(0x7f0000b30000)}, 0x0) dup2(r2, r3) tkill(r1, 0x15) 2018/02/10 13:25:51 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00009ee000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000)=[], 0x80, 0x0) ppoll(&(0x7f0000b80000-0x10)=[{r2}], 0x1, &(0x7f0000346000-0x10)={0x0, r0}, &(0x7f0000d5c000), 0x8) connect$unix(r1, &(0x7f00006ee000-0x5)=@file={0x0, './file0\x00'}, 0xa) 2018/02/10 13:25:51 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000dee000-0x10)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000de2000-0x1), 0xfffffffffffffd43, 0x20008005, &(0x7f0000db5000-0x10)={0x2, 0x0, @loopback=0x7f000001}, 0x10) shutdown(r0, 0x2000000000002) recvfrom(r0, &(0x7f0000acf000)=""/101, 0xfffffffffffffefc, 0x0, 0x0, 0x0) 2018/02/10 13:25:51 executing program 4: mmap(&(0x7f0000000000/0x56000)=nil, 0x56000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f000000e000)='\x00 ', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000054000-0xd)='/dev/snd/seq\x00', 0x0, 0x101802) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f000002b000)={0x0, 0x0, 0x0, "9ede7a8c5ae95ec8672c93340f643a664f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa8faf8fb574dbcfa6dc4d"}) write$sndseq(r0, &(0x7f0000049000-0x1c)=[{0x5, 0x1ff, 0x0, 0x0, @tick, {}, {}, @control}], 0x30) 2018/02/10 13:25:51 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/rtc\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) creat(&(0x7f0000cdf000-0x8)='./file0\x00', 0x0) syz_open_dev$binder(&(0x7f0000618000)='/dev/binder#\x00', 0x0, 0x802) sync() msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) 2018/02/10 13:25:51 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000846000-0x5)='veno\x00', 0x5) connect$inet(r0, &(0x7f0000987000)={0x2, 0xffffffffffffffff, @empty}, 0x10) [ 34.234746] kasan: CONFIG_KASAN_INLINE enabled [ 34.239237] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 34.252168] Dumping ftrace buffer: [ 34.255704] (ftrace buffer empty) [ 34.259402] Modules linked in: [ 34.262710] CPU: 0 PID: 4970 Comm: syz-executor7 Not tainted 4.4.115-g0e9bcc1 #11 [ 34.270312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 2018/02/10 13:25:51 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000dff000-0xc)={0x10}, 0xc, &(0x7f000009b000)={&(0x7f00006a8000-0x90)=@newlink={0x44, 0x10, 0xb, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_IFNAME={0x14, 0x3, @syzn={0x73, 0x79, 0x7a, 0x0}}, @IFLA_VFINFO_LIST={0x10, 0x16, [{0xc, 0x1, [@typed={0x8, 0xc, @binary}]}]}]}, 0x44}, 0x1}, 0x0) 2018/02/10 13:25:51 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000499000)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a477660ae763891738ac656bb3e891941f02f1265047502f6c2dd9f655ef7131eabf3110d638f0d2e6a49a2bc4a08d63e2da7af47e6c37972352875f125bcf3ea7f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a45ea22b1f4fb") open(&(0x7f00001ea000-0x8)='./file0\x00', 0xc0, 0x0) mount(&(0x7f00001a5000-0xe)='./file0\x00', &(0x7f0000f8a000-0x8)='./file0\x00', &(0x7f000067b000)='\x00v\t', 0x1004, &(0x7f00000b2000)) readv(r0, &(0x7f000005a000)=[{&(0x7f0000d1d000)=""/203, 0x1f4}], 0x1) [ 34.279659] task: ffff8800aecf6000 task.stack: ffff8801c7e68000 [ 34.285709] RIP: 0010:[] [] __list_del_entry+0x86/0x1d0 [ 34.294410] RSP: 0018:ffff8801c7e6f5a8 EFLAGS: 00010246 [ 34.299850] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8800b2864910 [ 34.307112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800b2864918 [ 34.314374] RBP: ffff8801c7e6f5c0 R08: 0000000000000000 R09: 0000000000000000 [ 34.321632] R10: ffffffff838443e0 R11: 1ffff10038fcde84 R12: 0000000000000000 2018/02/10 13:25:51 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setrlimit(0x7, &(0x7f0000f66000)) timerfd_create(0x0, 0x0) [ 34.328891] R13: ffff8800b28648b9 R14: ffff8800b2864938 R15: 00000000ffffffde [ 34.336156] FS: 00007ff20a254700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 34.344367] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.350232] CR2: 0000000020cfc000 CR3: 00000000b3d6e000 CR4: 0000000000160670 [ 34.357489] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.364747] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.371996] Stack: [ 34.374128] ffff8800b2864938 ffff8800b2864910 ffff8800b63c19c0 ffff8801c7e6f5d8 2018/02/10 13:25:51 executing program 6: mmap(&(0x7f0000000000/0xd23000)=nil, 0xd23000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x7, &(0x7f0000d18000-0x4)=0x5, 0x4) 2018/02/10 13:25:51 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f000003e000)="002670726f63eb657972696e6740", 0x0) mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0, 0x32, 0xffffffffffffffff, 0x0) futex(&(0x7f0000125000), 0x4, 0x0, &(0x7f0000edd000-0x10), &(0x7f0000ae8000-0x4), 0x1ff) 2018/02/10 13:25:51 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000819000-0xc)='/dev/rfkill\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000a6b000)) close(r0) [ 34.382152] ffffffff81d640fd ffff8800b2864910 ffff8801c7e6f5f8 ffffffff832b0bce [ 34.390194] ffff8800baaa9980 ffff8800b2864910 ffff8801c7e6f618 ffffffff832d0123 [ 34.398226] Call Trace: [ 34.400800] [] list_del+0xd/0x70 [ 34.405808] [] xfrm_state_walk_done+0x6e/0xa0 [ 34.411934] [] xfrm_dump_sa_done+0x73/0xa0 [ 34.417792] [] ? xfrm_dump_policy_start+0x20/0x20 [ 34.424263] [] netlink_dump+0x871/0xb40 [ 34.430389] [] __netlink_dump_start+0x52e/0x7c0 [ 34.436682] [] ? __netlink_ns_capable+0xe1/0x120 [ 34.443057] [] xfrm_user_rcv_msg+0x5bd/0x6b0 [ 34.449095] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 34.455309] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 34.461349] [] ? ksize+0x92/0xf0 [ 34.466337] [] ? xfrm_user_rcv_msg+0x6b0/0x6b0 [ 34.472537] [] ? xfrm_dump_policy_start+0x20/0x20 [ 34.478999] [] ? avc_has_perm_noaudit+0x460/0x460 [ 34.485460] [] ? xfrm_netlink_rcv+0x60/0x90 [ 34.491402] [] ? mutex_lock_nested+0x560/0x850 [ 34.497606] [] ? xfrm_netlink_rcv+0x60/0x90 [ 34.503547] [] ? netlink_lookup+0xee/0x740 [ 34.509402] [] netlink_rcv_skb+0x13e/0x370 [ 34.515255] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 34.521282] [] xfrm_netlink_rcv+0x6f/0x90 [ 34.527049] [] netlink_unicast+0x522/0x760 [ 34.532902] [] ? netlink_unicast+0x44f/0x760 [ 34.538930] [] ? netlink_attachskb+0x6c0/0x6c0 [ 34.545155] [] netlink_sendmsg+0x8e8/0xc50 [ 34.551031] [] ? netlink_unicast+0x760/0x760 [ 34.557061] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 34.563528] [] ? security_socket_sendmsg+0x89/0xb0 [ 34.570079] [] ? netlink_unicast+0x760/0x760 [ 34.576109] [] sock_sendmsg+0xca/0x110 [ 34.581619] [] ___sys_sendmsg+0x6c1/0x7c0 [ 34.587384] [] ? copy_msghdr_from_user+0x550/0x550 [ 34.593933] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.600916] [] ? __fget+0x47/0x3b0 [ 34.606081] [] ? __fget+0x232/0x3b0 [ 34.611331] [] ? __fget+0x47/0x3b0 [ 34.616495] [] ? __fget_light+0xa1/0x1e0 [ 34.622179] [] ? __fdget+0x18/0x20 [ 34.627340] [] __sys_sendmsg+0xd3/0x190 [ 34.632931] [] ? SyS_shutdown+0x1b0/0x1b0 [ 34.638701] [] ? SyS_futex+0x210/0x2c0 [ 34.644205] [] ? fd_install+0x4d/0x60 [ 34.649638] [] ? move_addr_to_kernel+0x50/0x50 [ 34.655847] [] SyS_sendmsg+0x2d/0x50 [ 34.661194] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 34.667739] Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 49 39 c8 0f 85 9b 00 00 [ 34.694360] RIP [] __list_del_entry+0x86/0x1d0 [ 34.700683] RSP [ 34.707126] ---[ end trace eb6e4e2d5496f872 ]--- [ 34.711875] Kernel panic - not syncing: Fatal exception in interrupt [ 34.718858] Dumping ftrace buffer: [ 34.722380] (ftrace buffer empty) [ 34.726061] Kernel Offset: disabled [ 34.729673] Rebooting in 86400 seconds..