INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. 2018/04/06 23:27:01 fuzzer started 2018/04/06 23:27:02 dialing manager at 10.128.0.26:38639 2018/04/06 23:27:07 kcov=true, comps=false 2018/04/06 23:27:10 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10) 2018/04/06 23:27:10 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000400)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfa8840afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d") fstat(r0, &(0x7f0000000000)) 2018/04/06 23:27:10 executing program 7: r0 = socket(0x2, 0x3, 0xff) sendto$inet(r0, &(0x7f0000000000)="f2b0e7dc21847d9e6b88ed1e1e102c9dd9b359f9d23570ee508008e078d392187fad4d1b93376e85d990165c00ce2e84510431cd08f1ed6dc9b31b8ee23dc4e8da4488688a038a22fc10f69a0fb746e215edc7cdcddc00932f082a7f4b33f5ac5b075d8119cc05c35d16658239e476fd55e6b198930811ba304a78bee8a7b84e395340b1ad7a2c50e016f63f8657e29cf0ee0c6857abf9efc8d1c2974d7b97301fa42c85ddee7f909d927b171f29de569b5c4fc9af3da3863848364e37b260877c417b4235a8604b032cfc462a4fd6b593c590e184c8524f9a9e78e805b4389327d89281e6cb71255027d4a72b5eff4670fdb67cf5debf312e174936d442cd956d0cb4ef2ec666a5ee0e5d4de9b1d2dfba86761ec89789d24a6030a5a408365d50dc7ff632ffd2127a27ad776f8f8963db5feae84c6423515b51077196e7f42ef96da9c851fc27a57519ed2c27f9c7fc92f5fdb9ba76582e535c48f0d26ebec20da1fe3da4ef13814a48e8eff6db73b9263d69097158cb07222f0e6d2b78e5d7759d6462d084c5083ec904a7b078732dff22836fe74336e0cf6394a0903703b218739377d2137d217a9bd4985c59464e23318e0e37fbd80f387012b4e03acd897d998f2da9a6c5a8a979a10bba97051145bcffb33f944636242fbf151e76b139e6f066303a35e31b32e0e3f78383323245b30c31e058a7e4fe84ddb1ef2bac239e59d807c9a759b42b61a39eccd1c16aa653a1b44b876277b42bcf6bdfb91f4f6d049f0902b3852c7b980ea6e02434c0e63ab72869f9338914486cda84fc13393743b4b930ba833f5011390c376b8ee3a4ba04af993ed699a64653d8061a22baac79d21f3e3814c4b6417b6601ff0c9776679ad17215dd6301522960c389f3f3677359fd40dfdea498388c0f3c5afc37dba76b6d53bdf28fbb5958e7e574614d71888a0e72726633f0c5fda457d71a19a0df416153d2a6ac2aa51b20cb5205a15580b3a7da3cbf35269df24b995738236f2e322335ba60f6f221388ab373e53e64866eac2e6be5274d1a6e456c0013a127f259bddb3424acedf47830731ab351d67138ea1f60e844767a9bfddace814780ee2287456d2d91fd61b0db512c593dac2295d75dacd266a4b171fabbb66eb315fee623d255031fcbf381135b19b75b9879bb9df4db1e84b1e8ef973984428436eebfaa97efecb1579a470e4e0401fbf058a93276ffe4c4a703943c8ad9fadd4023989ab6c80a5f24e6e71f6f375d5c74f55dcdd04527588baec998f04cedce53515ba661643139f59fa922f73088f6a5856fbd697b6367a8a98680e1ad70f3436f414584cba0b98f39b6cf13169928bb9f1ce5506754f0f4129512fb3f0c2bdfbf8a2400a544e164350a1ec37f2eaec1d39102a8fac39fbff7c9e80326a0e461e7f556f0644cb58ae1baff7d70b32b15bb692bd158569f47c28cd589b968d783647f6fe5f87021b5892f7c38a857ffe10f1bcb2d0a15d60b9f6d6a72563d9efaacd6d56ba3e2f69563c68f706def54a47b2e2059b67135ffaeeb04968e4bfc0ea5aa9cf59bbf1c088f9adfc2e5a8e0de0ef58951f0a41713fb3913df106fa84e920df5b9d87698f0766f73f6a92968e1e02d9a4e3bf586f8338dc743a3f743962b1ec7c604cf3ba0f7894e9404852511070b8c61e4a4824b2fabe18e85142db0a93408fc401409aefc828d9b03671d6d168e807e998f57fa0aa0b8cf1fae0f8f56708ffa2ecb55431d73589bee32739f38bcca04de4adc1af1444679c0b60a552d40e4c09a897ff918deae5c6474116cecf668c856973d7b878512d79789540b561cbdfe7705804563e258288f5abe58370b5aaca42d96bea8d4c8d371ccc72e143350868e0008f7442920dd5794a1256859044151ca301004a93390830f1747fd390a557e635f2978df5e1f4adf226d4790cafcdee03697a48d74ad442d28ce00963af67e82a278c3d68a3f384e1ccae4696aa18c3e1b4961702b29645c3e66c70400f0515bc07a7946e9e0faff90bc52c912a2e48880248f8fc2d3d688bc13d1b1a27c4d95fb1d923dfae68f80048559dcaa07e004bb0d42380c6695e1a84005b1454888f9b43ee12a0fef", 0x5dd, 0x0, &(0x7f0000001040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) 2018/04/06 23:27:10 executing program 3: clone(0x0, &(0x7f00000002c0), &(0x7f00003c6ffc), &(0x7f0000000000), &(0x7f00007c4000)) wait4(0x0, 0x0, 0x1040080000000, &(0x7f0000000080)) 2018/04/06 23:27:10 executing program 5: clone(0x0, &(0x7f00000002c0), &(0x7f00003c6ffc), &(0x7f0000000000), &(0x7f00007c4000)) mkdir(&(0x7f000053bff8)='./file0\x00', 0x0) mount(&(0x7f0000b79ff8)='./file0\x00', &(0x7f0000db0ff8)='./file0\x00', &(0x7f0000f9cffb)='proc\x00', 0x0, &(0x7f0000000040)) r0 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000077000)=""/133, 0x139) getdents64(r0, &(0x7f0000000040)=""/1679, 0x68f) wait4(0x0, 0x0, 0x1040080000000, &(0x7f0000000080)) 2018/04/06 23:27:10 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r1 = creat(&(0x7f0000003ff8)='./file0\x00', 0x0) writev(r1, &(0x7f0000000100)=[{&(0x7f0000012fb7)='5', 0x1}], 0x1) getdents64(r1, &(0x7f000000235d)=""/69, 0x45) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00004daff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/04/06 23:27:10 executing program 6: mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0, 0x1b071, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000005000/0x4000)=nil, 0x4000) mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000004000/0x1000)=nil) remap_file_pages(&(0x7f0000003000/0x9000)=nil, 0x9000, 0x0, 0x0, 0x0) 2018/04/06 23:27:10 executing program 1: io_setup(0x6, &(0x7f0000000040)=0x0) io_cancel(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000080)}, &(0x7f0000000140)) syzkaller login: [ 42.973334] ip (3752) used greatest stack depth: 54688 bytes left [ 43.434134] ip (3794) used greatest stack depth: 54312 bytes left [ 44.724197] ip (3915) used greatest stack depth: 54200 bytes left [ 46.582176] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.626378] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.634781] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.820856] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.882131] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.901754] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.938655] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.194735] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.277185] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.713015] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.792815] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.819848] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.845701] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.925806] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.974093] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.127146] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.144488] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.150749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.165667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.464690] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.471004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.479212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.559889] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.566661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.579645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.612243] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.623944] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.630922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.660897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.687308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.715367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.745956] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.754152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.764906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.796529] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.815776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.850746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.987955] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.996349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.011613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.636416] mmap: syz-executor6 (5028) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. 2018/04/06 23:27:28 executing program 0: clone(0x0, &(0x7f00000002c0), &(0x7f00003c6ffc), &(0x7f0000000000), &(0x7f00007c4000)) mkdir(&(0x7f000053bff8)='./file0\x00', 0x0) mount(&(0x7f0000b79ff8)='./file0\x00', &(0x7f0000db0ff8)='./file0\x00', &(0x7f0000f9cffb)='proc\x00', 0x0, &(0x7f0000000040)) r0 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000077000)=""/133, 0x139) getdents64(r0, &(0x7f0000000040)=""/1679, 0x68f) wait4(0x0, 0x0, 0x1040080000000, &(0x7f0000000080)) 2018/04/06 23:27:28 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=@getlink={0x28, 0x12, 0x401, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0xe}]}, 0x28}, 0x1}, 0x0) 2018/04/06 23:27:28 executing program 7: 2018/04/06 23:27:28 executing program 2: 2018/04/06 23:27:28 executing program 1: 2018/04/06 23:27:28 executing program 3: 2018/04/06 23:27:28 executing program 5: clone(0x0, &(0x7f00000002c0), &(0x7f00003c6ffc), &(0x7f0000000000), &(0x7f00007c4000)) mkdir(&(0x7f000053bff8)='./file0\x00', 0x0) mount(&(0x7f0000b79ff8)='./file0\x00', &(0x7f0000db0ff8)='./file0\x00', &(0x7f0000f9cffb)='proc\x00', 0x0, &(0x7f0000000040)) r0 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000077000)=""/133, 0x139) getdents64(r0, &(0x7f0000000040)=""/1679, 0x68f) wait4(0x0, 0x0, 0x1040080000000, &(0x7f0000000080)) 2018/04/06 23:27:28 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r1 = creat(&(0x7f0000003ff8)='./file0\x00', 0x0) writev(r1, &(0x7f0000000100)=[{&(0x7f0000012fb7)='5', 0x1}], 0x1) getdents64(r1, &(0x7f000000235d)=""/69, 0x45) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00004daff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/04/06 23:27:29 executing program 3: clone(0x0, &(0x7f00000002c0), &(0x7f00003c6ffc), &(0x7f0000000000), &(0x7f00007c4000)) mkdir(&(0x7f000053bff8)='./file0\x00', 0x0) mount(&(0x7f0000b79ff8)='./file0\x00', &(0x7f0000db0ff8)='./file0\x00', &(0x7f0000f9cffb)='proc\x00', 0x0, &(0x7f0000000040)) r0 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000077000)=""/133, 0x139) getdents64(r0, &(0x7f0000000040)=""/1679, 0x68f) wait4(0x0, 0x0, 0x1040080000000, &(0x7f0000000080)) 2018/04/06 23:27:29 executing program 7: 2018/04/06 23:27:29 executing program 2: 2018/04/06 23:27:29 executing program 1: 2018/04/06 23:27:29 executing program 6: 2018/04/06 23:27:29 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='coredump_filter\x00') writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)='+0', 0x2}], 0x1) 2018/04/06 23:27:29 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000bbfff6)='/dev/ptmx\x00', 0x0, 0x0) close(r0) 2018/04/06 23:27:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000bbfff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x11) ioctl$int_in(r1, 0x5452, &(0x7f0000f27ff8)=0x81) write(r1, &(0x7f0000fd6000)='z', 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) dup2(r1, r0) 2018/04/06 23:27:29 executing program 0: 2018/04/06 23:27:29 executing program 7: r0 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'bcsh0\x00', 0x3}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000003c0)={'bcsh0\x00', &(0x7f00000002c0)=@ethtool_drvinfo={0x3, "ed3849b3f42c413821ba5964de8de2763da84c797fa8baee7af333fc47b32fc7", "3f8a6292723051397471416469ae5fd9ec71bf4cc7aa1484073d98b1225b123d", "70eeedfaedc6b8c63856764509825731d7843f51bca9731f8b1210a84db62f9a", "225c20e3ff621439e21706e52769ad06983fceae539a3e21b974509987f01a12", "dac3e0d3614db4b69573fe1b70fb4275917ad9a05980489d0ee9f721eca99234", "7cd1f92f80b4b460a93c550e"}}) 2018/04/06 23:27:29 executing program 5: clone(0x0, &(0x7f00000002c0), &(0x7f00003c6ffc), &(0x7f0000000000), &(0x7f00007c4000)) mkdir(&(0x7f000053bff8)='./file0\x00', 0x0) mount(&(0x7f0000b79ff8)='./file0\x00', &(0x7f0000db0ff8)='./file0\x00', &(0x7f0000f9cffb)='proc\x00', 0x0, &(0x7f0000000040)) r0 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000077000)=""/133, 0x139) getdents64(r0, &(0x7f0000000040)=""/1679, 0x68f) wait4(0x0, 0x0, 0x1040080000000, &(0x7f0000000080)) 2018/04/06 23:27:29 executing program 2: 2018/04/06 23:27:29 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="2400000043001f0014b2a9a101e9c62ef407000904000200ce37f8cd38d1ead5d5000000", 0x24) 2018/04/06 23:27:29 executing program 7: r0 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'bcsh0\x00', 0x3}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000003c0)={'bcsh0\x00', &(0x7f00000002c0)=@ethtool_drvinfo={0x3, "ed3849b3f42c413821ba5964de8de2763da84c797fa8baee7af333fc47b32fc7", "3f8a6292723051397471416469ae5fd9ec71bf4cc7aa1484073d98b1225b123d", "70eeedfaedc6b8c63856764509825731d7843f51bca9731f8b1210a84db62f9a", "225c20e3ff621439e21706e52769ad06983fceae539a3e21b974509987f01a12", "dac3e0d3614db4b69573fe1b70fb4275917ad9a05980489d0ee9f721eca99234", "7cd1f92f80b4b460a93c550e"}}) 2018/04/06 23:27:29 executing program 2: 2018/04/06 23:27:29 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000bbfff6)='/dev/ptmx\x00', 0x0, 0x0) close(r0) 2018/04/06 23:27:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000bbfff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x11) ioctl$int_in(r1, 0x5452, &(0x7f0000f27ff8)=0x81) write(r1, &(0x7f0000fd6000)='z', 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) dup2(r1, r0) 2018/04/06 23:27:29 executing program 0: 2018/04/06 23:27:29 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1c) sendmsg(r0, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000002200)}, 0x0) 2018/04/06 23:27:29 executing program 5: clone(0x0, &(0x7f00000002c0), &(0x7f00003c6ffc), &(0x7f0000000000), &(0x7f00007c4000)) mkdir(&(0x7f000053bff8)='./file0\x00', 0x0) mount(&(0x7f0000b79ff8)='./file0\x00', &(0x7f0000db0ff8)='./file0\x00', &(0x7f0000f9cffb)='proc\x00', 0x0, &(0x7f0000000040)) r0 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000077000)=""/133, 0x139) getdents64(r0, &(0x7f0000000040)=""/1679, 0x68f) wait4(0x0, 0x0, 0x1040080000000, &(0x7f0000000080)) [ 59.891190] netlink: 'syz-executor3': attribute type 2 has an invalid length. 2018/04/06 23:27:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000bbfff6)='/dev/ptmx\x00', 0x0, 0x0) readv(r0, &(0x7f0000bcafe0)=[{&(0x7f0000a04f40)=""/192, 0xc0}], 0x1) ioctl$TCSETS(r0, 0x40045431, &(0x7f000079efdc)) r1 = syz_open_pts(r0, 0x0) poll(&(0x7f00003be000)=[{r1}], 0x1, 0x5d) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000280)) 2018/04/06 23:27:29 executing program 0: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2}, 0x0, 0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x69}, 0x0, 0x0, r0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') 2018/04/06 23:27:30 executing program 6: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000300)={&(0x7f0000000000)=@nl=@proc={0x10}, 0x80, &(0x7f0000002000)=[{&(0x7f0000001000)="5500000018007fafb72d1cb2a4a280930206000000a843096c26236939000900210008000000ca8a9848a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83de4411007227c43ab8220000bf0cec6bab91d4", 0x55}], 0x1, &(0x7f00000002c0)=ANY=[]}, 0x0) 2018/04/06 23:27:30 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="2400000043001f0014b2a9a101e9c62ef407000904000200ce37f8cd38d1ead5d5000000", 0x24) 2018/04/06 23:27:30 executing program 4: r0 = memfd_create(&(0x7f0000000040)='em0proc\x00', 0xffbffffffdfffffe) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f00000000c0)={0x2, 0xe7, 0x8b6, {}, 0x80000001, 0x2}) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick=0x7, {}, {}, @note={0x80, 0x0, 0x0, 0x0, 0x2}}], 0xffffffffffffffed) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) utimes(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={{0x77359400}, {r1, r2/1000+30000}}) modify_ldt$write(0x1, &(0x7f0000000200)={0x0, 0x20000800, 0xffffffff, 0x9, 0xffff, 0x1000, 0x40, 0x9, 0x145, 0x100000001}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10) sendto$inet(r3, &(0x7f0000000080), 0xfffffffffffffd90, 0x20020003, &(0x7f0000385ff0)={0x2, 0x20000000004e21, @loopback=0x7f000001}, 0x10) recvfrom$inet(r3, &(0x7f0000000040)=""/149, 0xfffffffffffffef3, 0x100, 0x0, 0xfd69) 2018/04/06 23:27:30 executing program 7: r0 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'bcsh0\x00', 0x3}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000003c0)={'bcsh0\x00', &(0x7f00000002c0)=@ethtool_drvinfo={0x3, "ed3849b3f42c413821ba5964de8de2763da84c797fa8baee7af333fc47b32fc7", "3f8a6292723051397471416469ae5fd9ec71bf4cc7aa1484073d98b1225b123d", "70eeedfaedc6b8c63856764509825731d7843f51bca9731f8b1210a84db62f9a", "225c20e3ff621439e21706e52769ad06983fceae539a3e21b974509987f01a12", "dac3e0d3614db4b69573fe1b70fb4275917ad9a05980489d0ee9f721eca99234", "7cd1f92f80b4b460a93c550e"}}) [ 60.153643] netlink: 'syz-executor3': attribute type 2 has an invalid length. [ 60.188160] ================================================================== [ 60.195597] BUG: KMSAN: uninit-value in fib_create_info+0x554/0x8d20 [ 60.202100] CPU: 0 PID: 5178 Comm: syz-executor6 Not tainted 4.16.0+ #81 [ 60.208938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.218300] Call Trace: [ 60.220900] dump_stack+0x185/0x1d0 [ 60.224539] ? fib_create_info+0x554/0x8d20 [ 60.228862] kmsan_report+0x142/0x240 [ 60.232661] __msan_warning_32+0x6c/0xb0 [ 60.236730] fib_create_info+0x554/0x8d20 [ 60.240889] ? update_load_avg+0x218c/0x2c20 [ 60.245307] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 60.250777] ? rb_erase_cached+0x71d/0x2eb0 [ 60.255108] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.259957] ? __msan_poison_alloca+0x15c/0x1d0 [ 60.264635] ? inet_rtm_newroute+0x210/0x340 [ 60.269059] ? fib_table_insert+0xbc/0x2820 [ 60.273391] fib_table_insert+0x3b6/0x2820 [ 60.277633] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 60.283006] ? fib_new_table+0x247/0x670 [ 60.287078] inet_rtm_newroute+0x210/0x340 [ 60.291327] ? fib_del_ifaddr+0x35c0/0x35c0 [ 60.295660] rtnetlink_rcv_msg+0xa32/0x1560 [ 60.299991] ? SyS_sendmsg+0x54/0x80 [ 60.303712] ? netlink_sendmsg+0x9a6/0x1310 [ 60.308045] ? ___sys_sendmsg+0xec0/0x1310 [ 60.312289] ? SYSC_sendmsg+0x2a3/0x3d0 [ 60.316269] ? SyS_sendmsg+0x54/0x80 [ 60.319985] ? do_syscall_64+0x309/0x430 [ 60.324056] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.329510] ? __msan_poison_alloca+0x15c/0x1d0 [ 60.334186] ? _raw_spin_unlock_bh+0x57/0x70 [ 60.338601] ? __local_bh_enable_ip+0x3b/0x140 [ 60.343181] ? _raw_spin_unlock_bh+0x57/0x70 [ 60.347599] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.352455] ? kmsan_set_origin+0x9e/0x160 [ 60.356699] netlink_rcv_skb+0x355/0x5f0 [ 60.360779] ? rtnetlink_bind+0x120/0x120 [ 60.364938] rtnetlink_rcv+0x50/0x60 [ 60.368659] netlink_unicast+0x1672/0x1750 [ 60.372908] ? rtnetlink_net_exit+0xa0/0xa0 [ 60.377241] netlink_sendmsg+0x1048/0x1310 [ 60.381491] ? netlink_getsockopt+0xc80/0xc80 [ 60.385996] ___sys_sendmsg+0xec0/0x1310 [ 60.390073] ? __fdget+0x4e/0x60 [ 60.393982] SYSC_sendmsg+0x2a3/0x3d0 [ 60.397802] SyS_sendmsg+0x54/0x80 [ 60.401349] do_syscall_64+0x309/0x430 [ 60.405246] ? ___sys_sendmsg+0x1310/0x1310 [ 60.410012] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.415205] RIP: 0033:0x455259 [ 60.418390] RSP: 002b:00007f5dc9c79c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.426098] RAX: ffffffffffffffda RBX: 00007f5dc9c7a6d4 RCX: 0000000000455259 [ 60.433359] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000013 [ 60.440614] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.447962] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.455216] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 60.462476] [ 60.464082] Uninit was created at: [ 60.467619] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 60.472727] kmsan_kmalloc+0x94/0x100 [ 60.476523] kmsan_slab_alloc+0x11/0x20 [ 60.480511] __kmalloc_node_track_caller+0xaed/0x11c0 [ 60.485700] __alloc_skb+0x2cf/0x9f0 [ 60.489414] netlink_sendmsg+0x9a6/0x1310 [ 60.493555] ___sys_sendmsg+0xec0/0x1310 [ 60.497611] SYSC_sendmsg+0x2a3/0x3d0 [ 60.501389] SyS_sendmsg+0x54/0x80 [ 60.504918] do_syscall_64+0x309/0x430 [ 60.508798] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.513971] ================================================================== [ 60.521315] Disabling lock debugging due to kernel taint [ 60.526745] Kernel panic - not syncing: panic_on_warn set ... [ 60.526745] [ 60.534102] CPU: 0 PID: 5178 Comm: syz-executor6 Tainted: G B 4.16.0+ #81 [ 60.542233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.552088] Call Trace: [ 60.554681] dump_stack+0x185/0x1d0 [ 60.558313] panic+0x39d/0x940 [ 60.561529] ? fib_create_info+0x554/0x8d20 [ 60.565855] kmsan_report+0x238/0x240 [ 60.569653] __msan_warning_32+0x6c/0xb0 [ 60.573717] fib_create_info+0x554/0x8d20 [ 60.577861] ? update_load_avg+0x218c/0x2c20 [ 60.582252] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 60.587688] ? rb_erase_cached+0x71d/0x2eb0 [ 60.592003] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.596846] ? __msan_poison_alloca+0x15c/0x1d0 [ 60.601512] ? inet_rtm_newroute+0x210/0x340 [ 60.605910] ? fib_table_insert+0xbc/0x2820 [ 60.610224] fib_table_insert+0x3b6/0x2820 [ 60.614463] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 60.619820] ? fib_new_table+0x247/0x670 [ 60.623864] inet_rtm_newroute+0x210/0x340 [ 60.628088] ? fib_del_ifaddr+0x35c0/0x35c0 [ 60.632398] rtnetlink_rcv_msg+0xa32/0x1560 [ 60.636722] ? SyS_sendmsg+0x54/0x80 [ 60.640430] ? netlink_sendmsg+0x9a6/0x1310 [ 60.645263] ? ___sys_sendmsg+0xec0/0x1310 [ 60.649507] ? SYSC_sendmsg+0x2a3/0x3d0 [ 60.653471] ? SyS_sendmsg+0x54/0x80 [ 60.657165] ? do_syscall_64+0x309/0x430 [ 60.661207] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.666566] ? __msan_poison_alloca+0x15c/0x1d0 [ 60.671224] ? _raw_spin_unlock_bh+0x57/0x70 [ 60.675629] ? __local_bh_enable_ip+0x3b/0x140 [ 60.680213] ? _raw_spin_unlock_bh+0x57/0x70 [ 60.684622] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.689455] ? kmsan_set_origin+0x9e/0x160 [ 60.693684] netlink_rcv_skb+0x355/0x5f0 [ 60.697744] ? rtnetlink_bind+0x120/0x120 [ 60.701877] rtnetlink_rcv+0x50/0x60 [ 60.705573] netlink_unicast+0x1672/0x1750 [ 60.709800] ? rtnetlink_net_exit+0xa0/0xa0 [ 60.714129] netlink_sendmsg+0x1048/0x1310 [ 60.718365] ? netlink_getsockopt+0xc80/0xc80 [ 60.722865] ___sys_sendmsg+0xec0/0x1310 [ 60.726934] ? __fdget+0x4e/0x60 [ 60.730291] SYSC_sendmsg+0x2a3/0x3d0 [ 60.734091] SyS_sendmsg+0x54/0x80 [ 60.737630] do_syscall_64+0x309/0x430 [ 60.741512] ? ___sys_sendmsg+0x1310/0x1310 [ 60.745828] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.751009] RIP: 0033:0x455259 [ 60.754191] RSP: 002b:00007f5dc9c79c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.761885] RAX: ffffffffffffffda RBX: 00007f5dc9c7a6d4 RCX: 0000000000455259 [ 60.769144] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000013 [ 60.776395] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.783642] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.790904] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 60.798626] Dumping ftrace buffer: [ 60.802152] (ftrace buffer empty) [ 60.805837] Kernel Offset: disabled [ 60.809438] Rebooting in 86400 seconds..