[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 20.958651] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.791442] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 26.323239] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 27.023487] random: sshd: uninitialized urandom read (32 bytes read, 55 bits of entropy available) Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. [ 32.586109] random: sshd: uninitialized urandom read (32 bytes read, 63 bits of entropy available) 2018/08/21 16:04:00 fuzzer started [ 33.964668] random: cc1: uninitialized urandom read (8 bytes read, 65 bits of entropy available) 2018/08/21 16:04:03 dialing manager at 10.128.0.26:40865 2018/08/21 16:04:05 syscalls: 1 2018/08/21 16:04:05 code coverage: enabled 2018/08/21 16:04:05 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/21 16:04:05 setuid sandbox: enabled 2018/08/21 16:04:05 namespace sandbox: enabled 2018/08/21 16:04:05 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/21 16:04:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/21 16:04:05 net packed injection: enabled 2018/08/21 16:04:05 net device setup: enabled [ 38.683353] random: nonblocking pool is initialized 16:04:48 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00') readv(r0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/183, 0xb7}, {&(0x7f00000000c0)=""/123, 0x7b}, {&(0x7f0000000200)=""/220, 0xdc}, {&(0x7f0000000340)=""/223, 0xdf}], 0x4) readv(r0, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) 16:04:48 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r1 = socket$packet(0x11, 0x20000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000040)=0x2, 0x4) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x2d2) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r2, 0x1) 16:04:48 executing program 7: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000140)={0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xba07}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x2000000000000082) r2 = memfd_create(&(0x7f00000002c0)="000000000000000000000000000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6287c64dbea37a", 0x0) pwritev(r2, &(0x7f0000000700)=[{&(0x7f00000003c0)="1c", 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r1, &(0x7f0000000240), 0x20000102000007) 16:04:48 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x1b) bind(r0, &(0x7f0000000000)=@generic={0xa, "dc8130c9c166fd894c097316c4e1ac3d96c26f84271a5e6c0134327c90da11c10e07d2ae256872e53568d84873e420711c3de9d00b8a9f6ed55e01d6da1fe29318180849381c5cbec71550ba4a90d93676764ba3dfe0018b226c5341e4978f2bebdd85a0cdf8f231561c0b569fc88a8f5291937e662cce00588d11cc12d2"}, 0x80) 16:04:48 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=@bridge_newneigh={0x30, 0x1c, 0x509, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0xff0b}, [@NDA_DST_IPV6={0x14}]}, 0xff3b}}, 0x0) 16:04:48 executing program 3: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={&(0x7f0000000dc0), 0xc, &(0x7f0000000700)={&(0x7f0000002400)=@bridge_getneigh={0x20, 0x1e, 0x601}, 0x20}}, 0x0) 16:04:48 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) kexec_load(0x0, 0x1, &(0x7f0000000480)=[{&(0x7f0000000340), 0x0, 0x1}], 0x150000) ioctl$SIOCSIFHWADDR(r0, 0x8937, &(0x7f0000000000)={'bridge_slave_1\x00', @random="01003a1e2410"}) openat$zero(0xffffffffffffff9c, &(0x7f0000000880)='/dev/zero\x00', 0x8000, 0x0) 16:04:48 executing program 6: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000000040)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000480)="0a5cc80700315f85715070") write(r0, &(0x7f0000000080)="1f0000000104fffffd3b54c007110000f30501000b000200000010d10200cf", 0x1f) [ 81.049725] IPVS: Creating netns size=2552 id=1 [ 81.146087] IPVS: Creating netns size=2552 id=2 [ 81.212279] IPVS: Creating netns size=2552 id=3 [ 81.300499] IPVS: Creating netns size=2552 id=4 [ 81.423762] IPVS: Creating netns size=2552 id=5 [ 81.592649] IPVS: Creating netns size=2552 id=6 [ 81.823345] IPVS: Creating netns size=2552 id=7 [ 82.120823] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 82.125003] IPVS: Creating netns size=2552 id=8 [ 82.252187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.329182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 82.504930] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.715325] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.724187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 82.790215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.849297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.917165] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 83.084727] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 83.158829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 83.267181] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 83.304690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 83.378657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 83.425753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 83.506002] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 83.520194] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 83.534212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 83.552282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.616658] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 83.628609] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 83.642094] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 83.693923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.737852] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 83.747503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.877290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 83.915443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 83.978556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.987593] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.040037] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 84.116384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 84.214879] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 84.231531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 84.250598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 84.296341] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.316418] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 84.380215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 84.435139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.469411] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 84.520536] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 84.532740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 84.593019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.602837] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 84.611813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 84.676920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.689941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.708953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 84.760856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.792253] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 84.804512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.886010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.895821] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 84.911511] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 84.998120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.013830] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.093274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.144338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 85.252497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 85.380546] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 85.409282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.426209] ip (4485) used greatest stack depth: 24064 bytes left [ 85.434369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.493001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 85.623142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.691942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.626056] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 88.658456] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 88.894129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.002359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.045854] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.072826] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.297944] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.333945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.369465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.482087] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.607293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.773537] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.829564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.131630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.149581] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.496399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:04:59 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000002, 0x2000000000000003, 0x2) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000040)={0x0, 0x3}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='bond0\x00', 0xb5) sendto$unix(r0, &(0x7f0000000080), 0x0, 0x20000850, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) 16:04:59 executing program 0: 16:04:59 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) setrlimit(0x1, &(0x7f0000011000)) truncate(&(0x7f0000000000)='./file0\x00', 0x3) 16:04:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) openat$full(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/full\x00', 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8937, &(0x7f0000000000)={'bridge_slave_1\x00', @random="01003a1e2410"}) 16:04:59 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x2000000000000082) r1 = memfd_create(&(0x7f00000002c0)="000000000000000000000000000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6287c64dbea37a", 0x0) pwritev(r1, &(0x7f0000000700)=[{&(0x7f00000003c0)="1c", 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000240), 0x20000102000007) 16:04:59 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000400)=""/244, 0xf4}, {&(0x7f0000000500)=""/4096, 0x1000}], 0x2) 16:04:59 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000100)={@dev}, 0x14) 16:04:59 executing program 0: creat(&(0x7f0000000080)='./file0\x00', 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000640)=ANY=[], 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='devpts\x00', 0x0, 0x0) 16:04:59 executing program 1: r0 = socket$packet(0x11, 0x20000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r2, 0x1) 16:04:59 executing program 0: 16:05:00 executing program 0: 16:05:00 executing program 2: 16:05:00 executing program 7: 16:05:00 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000140)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") fcntl$setstatus(r0, 0x4, 0x4000) r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) 16:05:00 executing program 5: 16:05:00 executing program 6: 16:05:00 executing program 4: 16:05:00 executing program 2: 16:05:00 executing program 0: 16:05:00 executing program 7: 16:05:00 executing program 1: sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000200), 0xc, &(0x7f0000001540)={&(0x7f0000000280)=ANY=[]}, 0x1, 0x0, 0x0, 0x14}, 0x10020000000) gettid() r0 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000280)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000040)=[@flat={0x77682a85}], &(0x7f0000000080)=[0x0]}}], 0x0, 0x0, &(0x7f0000000340)}) 16:05:00 executing program 3: 16:05:00 executing program 5: 16:05:00 executing program 0: 16:05:00 executing program 4: [ 92.256420] netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. [ 92.271021] netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. 16:05:00 executing program 3: 16:05:00 executing program 7: 16:05:00 executing program 6: 16:05:00 executing program 5: 16:05:00 executing program 2: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x466, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') preadv(r0, &(0x7f0000000100), 0x2000000000000314, 0x10400003) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 16:05:00 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000002c0)="0a5cc80700315f85715070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x2}, 0x1c) listen(r2, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000001e, &(0x7f0000000300)=0x1, 0x4) sendto$inet6(r1, &(0x7f00002a0b14), 0x0, 0x20000000, &(0x7f000072e000)={0xa, 0x2, 0x0, @loopback}, 0x1c) 16:05:00 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, &(0x7f0000000000)=""/143, 0x8f) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000100)) r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 16:05:00 executing program 7: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) 16:05:00 executing program 4: 16:05:00 executing program 5: [ 92.350224] binder: 5965:5969 got transaction with invalid handle, 0 16:05:00 executing program 6: [ 92.428090] binder: 5965:5969 transaction failed 29201/-22, size 24-8 line 3229 [ 92.454815] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 92.496108] binder_alloc: binder_alloc_mmap_handler: 5965 20001000-20004000 already mapped failed -16 [ 92.532318] binder: BINDER_SET_CONTEXT_MGR already set [ 92.538012] binder: 5965:5969 ioctl 40046207 0 returned -16 16:05:00 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000000)={@rand_addr, @local}, 0x8) sendto$inet(r0, &(0x7f0000e76000), 0x0, 0x0, &(0x7f0000bc8ff0)={0x2, 0x4e20, @multicast1}, 0x10) 16:05:00 executing program 4: 16:05:00 executing program 5: 16:05:00 executing program 6: 16:05:00 executing program 7: 16:05:00 executing program 3: 16:05:00 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(0xffffffffffffffff, &(0x7f0000000000)=""/143, 0x8f) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000100)) r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) [ 92.545052] binder_alloc: 5965: binder_alloc_buf, no vma [ 92.565574] binder: 5965:6000 transaction failed 29189/-3, size 24-8 line 3137 [ 92.579130] binder: undelivered TRANSACTION_ERROR: 29201 [ 92.589325] binder: undelivered TRANSACTION_ERROR: 29189 16:05:00 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={&(0x7f0000000ac0), 0xc, &(0x7f0000001f80)={&(0x7f0000000000)={0x14, 0x19, 0x301, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) 16:05:00 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={&(0x7f0000000ac0), 0xc, &(0x7f0000001f80)={&(0x7f0000000000)={0x14, 0x19, 0x301}, 0x14}}, 0x0) [ 93.078124] BUG: unable to handle kernel paging request at ffffeafffd7b0020 [ 93.085489] IP: [] __split_huge_page_pmd+0x2c8/0x820 [ 93.092291] PGD 0 [ 93.094535] Oops: 0000 [#1] PREEMPT SMP KASAN [ 93.099483] Dumping ftrace buffer: [ 93.102998] (ftrace buffer empty) [ 93.106681] Modules linked in: [ 93.109969] CPU: 0 PID: 5981 Comm: syz-executor2 Not tainted 4.4.150-g5541782 #83 [ 93.117561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.126893] task: ffff8800b29d0000 task.stack: ffff8801d6820000 [ 93.132925] RIP: 0010:[] [] __split_huge_page_pmd+0x2c8/0x820 [ 93.142243] RSP: 0018:ffff8801d6827ac8 EFLAGS: 00010246 [ 93.147664] RAX: 1ffffd5fffaf6004 RBX: ffffeafffd7b0020 RCX: ffffc900022bf000 [ 93.154924] RDX: 00000000000000cb RSI: ffffffff8150e8c0 RDI: 00003fff5ec001e0 [ 93.162174] RBP: ffff8801d6827bd0 R08: ffffffff8533b500 R09: 0000000000000000 [ 93.169420] R10: 0000000000000001 R11: ffff8800b29d0000 R12: ffffeafffd7b0000 [ 93.176665] R13: dffffc0000000000 R14: ffff8801cf332800 R15: ffff8801cf332800 [ 93.183914] FS: 00007f781bdb3700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 93.192115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.197986] CR2: ffffeafffd7b0020 CR3: 00000001ce012000 CR4: 00000000001606f0 [ 93.205234] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 93.212478] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 93.219720] Stack: [ 93.221841] ffffffff814ac4b5 ffff8800b29d0920 ffffffff853d1f10 fffffbfff0882602 [ 93.229831] ffff8800b29d08d8 ffff8800b29d0928 ffff8800b29d08e0 ffff8801d381dd10 [ 93.237824] 1ffff1003ad04f69 ffff88024f332000 0000000000000000 0000000020200000 [ 93.245811] Call Trace: [ 93.248380] [] ? do_munmap+0x235/0xe50 [ 93.253907] [] ? __khugepaged_exit+0x300/0x300 [ 93.260116] [] ? vmacache_find+0x57/0x290 [ 93.265907] [] split_huge_page_pmd_mm+0x7a/0x90 [ 93.272206] [] split_huge_page_address+0x1d1/0x220 [ 93.278760] [] vma_adjust_trans_huge+0x21b/0x2c0 [ 93.285138] [] vma_adjust+0xd50/0x13d0 [ 93.290654] [] ? up_write+0x1a/0x60 [ 93.295912] [] ? anon_vma_clone+0x321/0x4b0 [ 93.301864] [] __split_vma.isra.40+0x5cf/0x750 [ 93.308099] [] do_munmap+0x235/0xe50 [ 93.313439] [] SyS_mremap+0x8aa/0xd90 [ 93.318861] [] ? move_vma+0x9a0/0x9a0 [ 93.324293] [] ? do_futex+0x17f0/0x17f0 [ 93.329892] [] ? SyS_preadv+0x138/0x230 [ 93.335491] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 93.341961] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 93.348510] Code: 48 c1 eb 06 48 01 d8 48 8d 58 20 48 89 85 68 ff ff ff 48 89 d8 48 c1 e8 03 42 80 3c 28 00 0f 85 fd 04 00 00 4c 8b a5 68 ff ff ff <4d> 8b 74 24 20 41 f6 c6 01 0f 85 b1 03 00 00 e8 d4 5b e4 ff 49 [ 93.375394] RIP [] __split_huge_page_pmd+0x2c8/0x820 [ 93.382261] RSP [ 93.385857] CR2: ffffeafffd7b0020 [ 93.389291] ---[ end trace 3c30a63386e47c3e ]--- [ 93.394018] Kernel panic - not syncing: Fatal exception [ 93.399657] Dumping ftrace buffer: [ 93.403180] (ftrace buffer empty) [ 93.406863] Kernel Offset: disabled [ 93.410469] Rebooting in 86400 seconds.. Connection to ssh-serialport.googleapis.com closed by remote host.