[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.565333] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.571181] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   29.017996] random: sshd: uninitialized urandom read (32 bytes read, 40 bits of entropy available)
[   29.922267] random: sshd: uninitialized urandom read (32 bytes read, 84 bits of entropy available)
Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts.
[   35.549942] random: sshd: uninitialized urandom read (32 bytes read, 91 bits of entropy available)
2018/08/27 20:45:58 fuzzer started
[   36.793866] random: cc1: uninitialized urandom read (8 bytes read, 93 bits of entropy available)
2018/08/27 20:46:00 dialing manager at 10.128.0.26:33579
2018/08/27 20:46:01 syscalls: 1
2018/08/27 20:46:01 code coverage: enabled
2018/08/27 20:46:01 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/08/27 20:46:01 setuid sandbox: enabled
2018/08/27 20:46:01 namespace sandbox: enabled
2018/08/27 20:46:01 fault injection: CONFIG_FAULT_INJECTION is not enabled
2018/08/27 20:46:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/08/27 20:46:01 net packed injection: enabled
2018/08/27 20:46:01 net device setup: enabled
[   41.335739] random: nonblocking pool is initialized
20:46:38 executing program 0:

20:46:38 executing program 1:

20:46:38 executing program 2:

20:46:38 executing program 4:

20:46:38 executing program 5:

20:46:38 executing program 6:

20:46:38 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c)
sendmmsg(r1, &(0x7f0000005fc0), 0x80000000000006a, 0x0)

20:46:38 executing program 3:

[   76.363347] IPVS: Creating netns size=2552 id=1
[   76.473535] IPVS: Creating netns size=2552 id=2
[   76.541922] IPVS: Creating netns size=2552 id=3
[   76.658504] IPVS: Creating netns size=2552 id=4
[   76.816461] IPVS: Creating netns size=2552 id=5
[   77.003058] IPVS: Creating netns size=2552 id=6
[   77.258006] IPVS: Creating netns size=2552 id=7
[   77.534206] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.546605] IPVS: Creating netns size=2552 id=8
[   77.639552] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.753913] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.850484] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   77.864020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   77.984359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   78.095913] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   78.254588] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   78.409840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   78.500658] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   78.510844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   78.603436] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   78.620456] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   78.739492] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   78.818127] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   78.890139] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   78.905609] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   78.963420] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   79.000020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   79.071041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   79.108223] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   79.117005] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   79.125354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   79.191206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.239526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   79.248575] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   79.262097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.381687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.450549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   79.459328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   79.532542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.547101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.626667] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.635608] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   79.645091] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   79.679923] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.703271] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   79.802405] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   79.859934] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   80.001863] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   80.086297] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   80.104214] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   80.137367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   80.194707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   80.214087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   80.242698] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   80.254675] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   80.282617] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   80.313655] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   80.382615] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   80.413553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   80.460979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   80.469534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   80.558441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   80.656534] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   80.732768] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   81.008637] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   81.166196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   81.220878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   81.253557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   81.329439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   81.345345] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   81.452629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   81.556348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   84.160700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   84.490741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   84.551157] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   84.670758] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   84.723503] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   84.924080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.009334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.043226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.157758] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   85.382809] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   85.501085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.726559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.793650] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   86.090702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   86.121552] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   86.470062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
20:46:49 executing program 0:

20:46:49 executing program 0:

20:46:49 executing program 0:

20:46:49 executing program 0:

20:46:50 executing program 0:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0x40605346, &(0x7f0000000340)={0x0, 0x0, 0x3, "717565756531fdfdffff000000000000003f00"})
connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x26)

20:46:50 executing program 2:
exit(0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000080))

20:46:50 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000040)="0a5cc80700315f85715070")
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'lo\x00', <r2=>0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x4000000001b, &(0x7f00000001c0)={@remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffa4]}, r2}, 0x14)

20:46:50 executing program 0:
r0 = socket$inet6(0xa, 0x10000000003, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000440)=@newlink={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_ADDRESS={0xc, 0x1, @local}]}, 0x2c}}, 0x0)

20:46:50 executing program 1:
r0 = memfd_create(&(0x7f000000e000)='\x00 ', 0x0)
syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0)
r1 = dup2(r0, r0)
write$sndseq(0xffffffffffffffff, &(0x7f00000004c0), 0xe872501d84754fbc)
ioprio_get$uid(0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00N\\\x00'})
mq_open(&(0x7f0000000000)='mime_type[[ppp1vmnet0}3\'\x00', 0x0, 0x8d, &(0x7f0000000040)={0x20, 0x3ff, 0xcb, 0xfffffffffffffc00, 0x40, 0x2, 0x7, 0x8000})

20:46:50 executing program 4:
r0 = socket(0xa, 0x1, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x3, 0x0, {0x2, 0x1, 0x0, '{'}}, 0x22)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'veth1\x00', &(0x7f0000000080)=@ethtool_cmd={0x1f}})
getresgid(&(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000140))

20:46:50 executing program 0:
r0 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/member\x00', 0x2, 0x0)
poll(&(0x7f00000000c0)=[{r0, 0x8001}], 0x1, 0x9)
r1 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000240)=0x280, 0xfffffffffffffdc9)
sendmmsg(r1, &(0x7f00000002c0), 0x400000000000174, 0x0)

[   87.808049] SELinux: failure in selinux_parse_skb(), unable to parse packet
[   87.815504] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8343602e
[   87.815504] 
[   87.826527] CPU: 0 PID: 5941 Comm: syz-executor7 Not tainted 4.4.152-ge5c5f1f #25
[   87.834144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.843491]  0000000000000000 73e0ee74bdeeeaeb ffff8800baa2f500 ffffffff81e15fed
[   87.851574]  ffffffff83a44c60 00000000ffffffff ffff8800b6a30640 ffff8800baa2f840
[   87.859643]  0000000000001000 ffff8800baa2f5c0 ffffffff8140d424 0000000041b58ab3
[   87.867702] Call Trace:
[   87.870298]  [<ffffffff81e15fed>] dump_stack+0xc1/0x124
[   87.875661]  [<ffffffff8140d424>] panic+0x19e/0x38d
[   87.880673]  [<ffffffff8140d286>] ? add_taint.cold.4+0x16/0x16
[   87.886641]  [<ffffffff830cb430>] ? nf_iterate+0x210/0x210
[   87.892276]  [<ffffffff8343602e>] ? ip6_xmit+0x18ae/0x1a00
[   87.897896]  [<ffffffff8343602e>] ? ip6_xmit+0x18ae/0x1a00
[   87.903520]  [<ffffffff81132b72>] __stack_chk_fail+0x22/0x30
[   87.909312]  [<ffffffff8343602e>] ip6_xmit+0x18ae/0x1a00
[   87.914759]  [<ffffffff814fe102>] ? kasan_slab_free+0x72/0xc0
[   87.920643]  [<ffffffff814fb664>] ? kfree+0xf4/0x310
[   87.925746]  [<ffffffff82f4a3e3>] ? pskb_expand_head+0x683/0x970
[   87.931886]  [<ffffffff83434780>] ? ip6_finish_output2+0x1ca0/0x1ca0
[   87.938378]  [<ffffffff8122c752>] ? __lock_is_held+0xa2/0xf0
[   87.944171]  [<ffffffff831f2281>] ? ipv4_dst_check+0x111/0x160
[   87.950139]  [<ffffffff8342fae0>] ? ip6_append_data+0x2b0/0x2b0
[   87.956194]  [<ffffffff834f60c5>] inet6_csk_xmit+0x245/0x490
[   87.961989]  [<ffffffff834f5f7f>] ? inet6_csk_xmit+0xff/0x490
[   87.967873]  [<ffffffff834f5e80>] ? inet6_csk_update_pmtu+0x160/0x160
[   87.974451]  [<ffffffff835647b3>] ? udp6_set_csum+0xd3/0xa70
[   87.980254]  [<ffffffff835a570c>] l2tp_xmit_skb+0xb9c/0xe80
[   87.985980]  [<ffffffff835b1c60>] pppol2tp_sendmsg+0x4e0/0x7d0
[   87.992163]  [<ffffffff81c7633f>] ? selinux_socket_sendmsg+0x3f/0x50
[   87.998667]  [<ffffffff835b1780>] ? pppol2tp_release+0x310/0x310
[   88.004824]  [<ffffffff82f2727c>] sock_sendmsg+0xcc/0x110
[   88.010360]  [<ffffffff82f28a41>] ___sys_sendmsg+0x441/0x880
[   88.016155]  [<ffffffff82f28600>] ? copy_msghdr_from_user+0x550/0x550
[   88.022736]  [<ffffffff8157e568>] ? __fget+0x148/0x3b0
[   88.028009]  [<ffffffff8157e58f>] ? __fget+0x16f/0x3b0
[   88.033288]  [<ffffffff8157e467>] ? __fget+0x47/0x3b0
[   88.038473]  [<ffffffff8157e8af>] ? __fget_light+0x9f/0x1f0
[   88.044177]  [<ffffffff8157ea18>] ? __fdget+0x18/0x20
[   88.049363]  [<ffffffff82f24186>] ? sockfd_lookup_light+0xb6/0x160
[   88.055680]  [<ffffffff82f2b0d4>] __sys_sendmmsg+0x1d4/0x2e0
[   88.061475]  [<ffffffff82f2af00>] ? SyS_sendmsg+0x50/0x50
[   88.067008]  [<ffffffff834e840a>] ? ip6_datagram_connect+0x3a/0x50
[   88.073319]  [<ffffffff8330305e>] ? inet_dgram_connect+0x11e/0x200
[   88.079647]  [<ffffffff81528510>] ? fput+0x20/0x150
[   88.084692]  [<ffffffff82f27c6a>] ? SYSC_connect+0x22a/0x300
[   88.090660]  [<ffffffff82f27a40>] ? SYSC_bind+0x280/0x280
[   88.096190]  [<ffffffff812d5ad1>] ? compat_SyS_futex+0x1e1/0x2f0
[   88.102333]  [<ffffffff812d58f0>] ? compat_SyS_get_robust_list+0x310/0x310
[   88.109341]  [<ffffffff82f29c61>] ? SyS_socket+0x121/0x1b0
[   88.114970]  [<ffffffff82f29b40>] ? move_addr_to_kernel+0x50/0x50
[   88.121199]  [<ffffffff83014b22>] compat_SyS_sendmmsg+0x32/0x40
[   88.127254]  [<ffffffff83014af0>] ? compat_SyS_sendmsg+0x40/0x40
[   88.133396]  [<ffffffff81006d94>] do_fast_syscall_32+0x324/0x8b0
[   88.139536]  [<ffffffff838cdec3>] sysenter_flags_fixed+0xd/0x1a
[   88.145975] Dumping ftrace buffer:
[   88.149575]    (ftrace buffer empty)
[   88.153264] Kernel Offset: disabled
[   88.156887] Rebooting in 86400 seconds..