Starting mcstransd: [ 18.596184] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.714456] random: sshd: uninitialized urandom read (32 bytes read, 35 bits of entropy available) [ 21.129753] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 22.066341] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts. 2018/02/06 16:42:34 fuzzer started 2018/02/06 16:42:34 dialing manager at 10.128.0.26:46389 2018/02/06 16:42:38 kcov=true, comps=false 2018/02/06 16:42:39 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000849000-0x1f)="1f0000001e0007f1ffffffff0700007700000041536b8d3d9339080001454a", 0x1f) 2018/02/06 16:42:39 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000740000)={0x2, 0x78, 0x47, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000ccf000-0xb)='/dev/loop#\x00', 0x0, 0x8200) r1 = creat(&(0x7f0000d28000-0x8)='./file0\x00', 0x101) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 2018/02/06 16:42:39 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x40000100, &(0x7f00008cd000)="f355", &(0x7f0000ba6000), &(0x7f0000bf3000-0x4), &(0x7f00003b9000-0xcd)) r0 = open(&(0x7f0000f0d000-0x8)='./file0\x00', 0x0, 0x41) fcntl$setlease(r0, 0x400, 0x2) symlinkat(&(0x7f0000472000)='./file0/file0\x00', 0xffffffffffffffff, &(0x7f000073f000)='./file0/file0\x00') accept4$inet6(r0, 0x0, &(0x7f0000631000), 0x80000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00007e7000-0xc)={0x0, 0x0}, &(0x7f0000078000)=0xc) recvmmsg(r0, &(0x7f0000fcf000)=[{{0x0, 0x0, &(0x7f0000f6f000)=[{&(0x7f0000a75000)=""/10, 0xa}, {&(0x7f0000dac000)=""/134, 0x86}, {&(0x7f0000664000-0xfa)=""/250, 0xfa}, {&(0x7f0000452000-0xdd)=""/221, 0xdd}, {&(0x7f0000918000-0xcc)=""/204, 0xcc}, {&(0x7f0000c3c000-0x4e)=""/78, 0x4e}, {&(0x7f0000cd4000-0x3f)=""/63, 0x3f}, {&(0x7f0000b05000-0x7d)=""/125, 0x7d}], 0x8, 0x0, 0x0, 0xff}, 0x67}], 0x1, 0x40, 0x0) getresgid(&(0x7f00008b1000), &(0x7f0000672000-0x4)=0x0, &(0x7f0000868000-0x4)) chown(&(0x7f0000588000)='./file0\x00', r1, r2) open$dir(&(0x7f00000a0000)='./file0/file0\x00', 0x80, 0x20) socket$inet6_udp(0xa, 0x2, 0x0) 2018/02/06 16:42:39 executing program 1: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000001000)='/selinux/policy\x00', 0x0, 0x0) readv(r0, &(0x7f0000001000-0x20)=[{&(0x7f0000d58000)=""/57, 0x39}], 0x1) 2018/02/06 16:42:39 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) capset(&(0x7f0000001000-0x8)={0x20071026}, &(0x7f0000000000)) mq_open(&(0x7f000087d000)='GPL\x00', 0x0, 0x0, &(0x7f0000382000)) 2018/02/06 16:42:39 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000740000)={0x2, 0x78, 0x47, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000ccf000-0xb)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 2018/02/06 16:42:39 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4a, &(0x7f000015c000-0xd4)={@local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, [], {@ipv4={0x800, {{0x8, 0x4, 0x0, 0x0, 0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @rand_addr=0xfffffffffffffe01, @dev={0xac, 0x14}, {[@rr={0x7, 0xb, 0x5, [@dev={0xac, 0x14}, @multicast1=0xe0000001]}]}}, @icmp=@source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @multicast1=0xe0000001, @multicast1=0xe0000001, {[]}}}}}}}, &(0x7f0000d46000)={0x0, 0x1, [0x0]}) 2018/02/06 16:42:39 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000ccd000-0x78)={0x2, 0x78, 0xe12, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00008f8000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) [ 32.338015] IPVS: Creating netns size=2552 id=1 [ 32.381988] IPVS: Creating netns size=2552 id=2 [ 32.442257] IPVS: Creating netns size=2552 id=3 [ 32.490491] IPVS: Creating netns size=2552 id=4 [ 32.552928] IPVS: Creating netns size=2552 id=5 [ 32.639477] IPVS: Creating netns size=2552 id=6 [ 32.728131] IPVS: Creating netns size=2552 id=7 [ 32.866729] IPVS: Creating netns size=2552 id=8 2018/02/06 16:42:41 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000000000)={0x0, @in={{0x2, 0xffffffffffffffff, @empty}}}, 0x8c) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000fd8000)='/dev/rfkill\x00', 0x0, 0x0) mincore(&(0x7f00001f6000/0x3000)=nil, 0x3000, &(0x7f000011e000-0x30)=""/137) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f000088c000-0x10)=@common='gretap0\x00') 2018/02/06 16:42:41 executing program 7: 2018/02/06 16:42:41 executing program 7: 2018/02/06 16:42:41 executing program 7: 2018/02/06 16:42:41 executing program 7: 2018/02/06 16:42:42 executing program 7: 2018/02/06 16:42:42 executing program 7: 2018/02/06 16:42:42 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000ccf000-0xb)='/dev/loop#\x00', 0x0, 0x0) r1 = creat(&(0x7f0000d28000-0x8)='./file0\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) [ 35.337061] IPVS: Creating netns size=2552 id=9 [ 35.410111] pktgen: kernel_thread() failed for cpu 0 [ 35.422451] pktgen: Cannot create thread for cpu 0 (-4) [ 35.437838] pktgen: kernel_thread() failed for cpu 1 [ 35.447787] pktgen: Cannot create thread for cpu 1 (-4) [ 35.461336] pktgen: Initialization failed for all threads [ 35.525413] capability: warning: `syz-executor2' uses deprecated v2 capabilities in a way that may be insecure [ 35.553480] kasan: CONFIG_KASAN_INLINE enabled [ 35.557976] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 35.570904] Dumping ftrace buffer: [ 35.574419] (ftrace buffer empty) [ 35.578105] Modules linked in: [ 35.581389] CPU: 1 PID: 4867 Comm: syz-executor3 Not tainted 4.4.115-g037d237 #8 [ 35.588890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.598213] task: ffff8800ad9d3000 task.stack: ffff8800b12f0000 [ 35.604238] RIP: 0010:[] [] nfqnl_nf_hook_drop+0x190/0x3a0 [ 35.613164] RSP: 0018:ffff8800b12f7998 EFLAGS: 00010202 [ 35.618588] RAX: 0000000000000007 RBX: 0000000000000003 RCX: ffffffff82f9d1a9 [ 35.625826] RDX: 0000000000010000 RSI: ffffc900018b9000 RDI: ffffffff84418180 [ 35.633065] RBP: ffff8800b12f79c8 R08: 0000000000000000 R09: 0000000000000000 [ 35.640306] R10: ffffffff838443e0 R11: 1ffff1001625eefe R12: dffffc0000000000 [ 35.647544] R13: ffff8801c8251188 R14: 0000000000000038 R15: 00000000000000b8 [ 35.654784] FS: 00007f07401d7700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 35.662978] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.668831] CR2: 000000000061c218 CR3: 00000001c2574000 CR4: 0000000000160670 [ 35.676079] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.683318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.690555] Stack: [ 35.692673] ffffffff82f9d120 ffffffff83cc6620 ffff8801caff9e00 ffff8801c8251188 [ 35.700640] ffff8801c8251188 ffff8801c8251180 ffff8800b12f79f8 ffffffff82f9506e [ 35.708608] ffffffff82f94fb0 ffffffff843e37e0 ffff8801caffa8b8 dffffc0000000000 [ 35.716583] Call Trace: [ 35.719143] [] ? nfqnl_nf_hook_drop+0x100/0x3a0 [ 35.725431] [] nf_queue_nf_hook_drop+0xbe/0x1d0 [ 35.731720] [] ? nf_queue_entry_release_refs+0x150/0x150 [ 35.738800] [] nf_unregister_net_hook+0x2ab/0x350 [ 35.745262] [] netfilter_net_exit+0x40/0xb0 [ 35.751204] [] ? nf_unregister_net_hooks+0x60/0x60 [ 35.757755] [] ops_exit_list.isra.4+0xae/0x150 [ 35.763975] [] setup_net+0x221/0x3e0 [ 35.769312] [] ? ops_init+0x3a0/0x3a0 [ 35.774732] [] ? kasan_slab_alloc+0x12/0x20 [ 35.780672] [] copy_net_ns+0xd2/0x190 [ 35.786101] [] create_new_namespaces+0x2f6/0x610 [ 35.792473] [] copy_namespaces+0x291/0x320 [ 35.798326] [] ? copy_namespaces+0x3e/0x320 [ 35.804266] [] copy_process+0x1d98/0x6120 [ 35.810040] [] ? vma_wants_writenotify+0x49/0x370 [ 35.816499] [] ? vma_set_page_prot+0x10b/0x150 [ 35.822709] [] ? __cleanup_sighand+0x50/0x50 [ 35.828738] [] ? up_write+0x1a/0x60 [ 35.833984] [] ? vm_mmap_pgoff+0xdf/0x1c0 [ 35.839758] [] _do_fork+0x151/0xe00 [ 35.845008] [] ? fork_idle+0x270/0x270 [ 35.850522] [] ? do_futex+0x15d0/0x15d0 [ 35.856122] [] ? vm_stat_account+0x130/0x130 [ 35.862149] [] ? move_addr_to_kernel+0x50/0x50 [ 35.868347] [] ? __might_fault+0x18e/0x1d0 [ 35.874200] [] SyS_clone+0x37/0x50 [ 35.879359] [] entry_SYSCALL_64_fastpath+0x1c/0x98 [ 35.885904] Code: df 83 01 00 0f 84 d8 00 00 00 4d 8d 77 38 49 bc 00 00 00 00 00 fc ff df 49 81 c7 b8 00 00 00 e8 d7 3b 3c fe 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 0f 85 f4 01 00 00 49 8b 1e e8 7d 8c 2e fe 48 85 [ 35.912488] RIP [] nfqnl_nf_hook_drop+0x190/0x3a0 [ 35.919073] RSP [ 35.922892] ---[ end trace daff416620ceaa2a ]--- [ 35.927639] Kernel panic - not syncing: Fatal exception [ 35.933435] Dumping ftrace buffer: [ 35.936947] (ftrace buffer empty) [ 35.940635] Kernel Offset: disabled [ 35.944231] Rebooting in 86400 seconds..