INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. 2018/04/13 13:00:26 fuzzer started 2018/04/13 13:00:27 dialing manager at 10.128.0.26:33379 2018/04/13 13:00:33 kcov=true, comps=false 2018/04/13 13:00:36 executing program 0: 2018/04/13 13:00:36 executing program 1: 2018/04/13 13:00:36 executing program 7: 2018/04/13 13:00:36 executing program 4: 2018/04/13 13:00:36 executing program 2: 2018/04/13 13:00:36 executing program 3: 2018/04/13 13:00:36 executing program 5: 2018/04/13 13:00:36 executing program 6: syzkaller login: [ 43.139615] ip (3809) used greatest stack depth: 54312 bytes left [ 44.105567] ip (3896) used greatest stack depth: 54200 bytes left [ 44.479784] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.486291] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.524977] device bridge_slave_0 entered promiscuous mode [ 44.558283] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.564812] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.599958] device bridge_slave_0 entered promiscuous mode [ 44.646022] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.652602] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.683673] device bridge_slave_0 entered promiscuous mode [ 44.711119] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.717614] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.749976] device bridge_slave_0 entered promiscuous mode [ 44.765227] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.771715] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.795415] device bridge_slave_1 entered promiscuous mode [ 44.817864] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.824394] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.860930] device bridge_slave_0 entered promiscuous mode [ 44.877369] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.883849] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.893782] device bridge_slave_0 entered promiscuous mode [ 44.902698] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.909257] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.930228] device bridge_slave_1 entered promiscuous mode [ 44.936754] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.943218] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.960008] device bridge_slave_0 entered promiscuous mode [ 44.971174] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.977709] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.990708] device bridge_slave_1 entered promiscuous mode [ 44.998311] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.004829] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.021597] device bridge_slave_1 entered promiscuous mode [ 45.031109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.039092] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.045571] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.089521] device bridge_slave_0 entered promiscuous mode [ 45.113193] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.119673] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.142851] device bridge_slave_1 entered promiscuous mode [ 45.157995] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.168556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.177382] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.183853] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.207673] device bridge_slave_1 entered promiscuous mode [ 45.224801] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.231289] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.256211] device bridge_slave_1 entered promiscuous mode [ 45.263296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.275439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.285219] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.291697] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.329508] device bridge_slave_1 entered promiscuous mode [ 45.351463] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.373792] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.394838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.415616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.487764] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.501600] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.513800] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.610141] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.617780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.686522] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.739643] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.166994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.353600] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.366813] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.462531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.471806] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.531605] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.567834] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.621021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.686598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.698066] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.725943] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.763806] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.773186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.842249] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.954208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.976831] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.254865] ip (4126) used greatest stack depth: 53656 bytes left [ 47.443477] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.522352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.686533] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.695210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.749361] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.758247] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.776002] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.863628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.909481] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.917299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.935784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.965565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.979539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.987394] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.002498] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.015444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.024394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.042349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.080561] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.091361] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.133480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.140801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.149789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.184880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.202454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.239888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.256703] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.277941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.298498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.311300] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.318399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.334434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.355464] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.363714] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.370638] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.390110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.424735] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.437356] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.444680] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.451904] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.471642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.496306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.515824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.537923] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.545465] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.567778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.605463] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.615282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.630827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.664920] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.673327] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.681392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.714730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.740640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.759969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.780307] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.809990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.831784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.876364] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.884986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.901736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.033519] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.040814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.058716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.543525] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.550103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.557010] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.563510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.633883] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.640678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.744601] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.751135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.758070] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.764562] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.830782] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.850985] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.857488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.864408] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.870901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.881531] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.895094] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.901558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.908391] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.914852] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.976686] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.084881] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.091399] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.098328] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.104833] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.144790] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.342136] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.348633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.355501] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.361974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.372392] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.385933] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.392432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.399347] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.405819] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.452776] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.465398] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.471882] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.478774] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.485243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.515113] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.680231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.693713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.726748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.737769] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.746594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.759222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.766729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.171938] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.252486] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.298241] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.403425] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.630880] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.650019] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.752231] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.913139] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.993999] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.000361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.011716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.063224] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.069561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.088835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.133188] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.139437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.158716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.213263] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.222445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.232993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.424793] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.431174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.447841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.488980] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.495348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.507426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.572960] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.579325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.587905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.780739] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.787136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.798742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/13 13:01:02 executing program 6: 2018/04/13 13:01:02 executing program 7: r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'lo\x00'}, 0x18) 2018/04/13 13:01:03 executing program 0: 2018/04/13 13:01:03 executing program 6: r0 = socket$kcm(0x2, 0x4000000005, 0x0) sendmsg(r0, &(0x7f0000000300)={&(0x7f0000000200)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000280)="d9", 0x1}], 0x1, &(0x7f00000004c0)}, 0x0) 2018/04/13 13:01:03 executing program 3: 2018/04/13 13:01:03 executing program 7: 2018/04/13 13:01:03 executing program 1: 2018/04/13 13:01:03 executing program 2: 2018/04/13 13:01:03 executing program 4: 2018/04/13 13:01:03 executing program 5: 2018/04/13 13:01:03 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$sndseq(r0, &(0x7f00000005c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0x30) write$cgroup_int(r0, &(0x7f0000000040)={[0x0]}, 0x1) fcntl$getflags(0xffffffffffffffff, 0x0) 2018/04/13 13:01:03 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000000)=0x8, 0x4) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000000040), 0x3e1, 0x40881, &(0x7f0000000140)={0x2, 0x0, @multicast2=0xe0000002}, 0x10) writev(0xffffffffffffffff, &(0x7f0000793fa0), 0x0) 2018/04/13 13:01:04 executing program 4: 2018/04/13 13:01:04 executing program 3: setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x0, @broadcast=0xffffffff}, @in={0x2, 0x0, @multicast1=0xe0000001}, @in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}], 0xc) r0 = socket$inet_tcp(0x2, 0x1, 0x0) syz_emit_ethernet(0x56, &(0x7f00000000c0)={@link_local={0x1, 0x80, 0xc2}, @random="00901c739a8c", [], {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "46f1531b46502da97771b7f63aeb1083ef8e43a33f869c0fd1937f0301241083ee75e214d6378b7d8e2893f8262510c057df3171395d62ee461fd287c7e5269a"}}}}, &(0x7f0000000140)) setsockopt$inet_buf(r0, 0x0, 0x60, &(0x7f0000000000), 0x0) 2018/04/13 13:01:04 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f000060c000)='oom_score_adj\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000100)="6e65742f69665f696e6574360093fdd81f12659f45e9cb89f8ffffffd451bea0bcf166e408aa93f2de9c7a1786a0b83e1c0da5210d01b9336480d24bf721df26e12a6152f604622b86f9e8a6d4e0e52b4d4518804bc3d131a1c20cee863e600711d0f8cdebab9c16f184f3835747b5fcfb4a8c439d37279d64119874b715ecd26d08c0b9f7b98e72b9401bf0496339354aaf1e011da685dbc8ee74625b3974533f2e05355dadea49035c03b2809c55c2ece8b4e17928fb1361c58fe2024cfa4798878692a6cfcad49eb3c51b78c9453e001eb16c27a6a39ca29de3e43b781daa7dd4348012f3b554bb56240130d542005d2e50fe46373cfc76a6a49c1b8050c99c08ab6aa3ec304a505456d90803f21ef70a51f56c6f4998e6fbb1d9d09e754b10d4b8f03d7621be8ab07b006d8081d8c353648c513e4d06bc9a3ecd201848931a11f7db75d319c2d37f4298ff0a48ad3e2a1f1a4c3813c47084b80fd1bacef8681897d56a3b0952d1d0d60a1d3db780d2aad06d6f0ac83cb479cc667cb00e0d4133539b1ea8a2c5ffdcd9e6f82000824ed364cdb3d9aef2b4f74545e77ecc557beb1d694fc99c505392916ed300ecd94fe0a7b30886d5c4ef01db53002a4185d19fa71fd8728f0b09de4d8ff1444fa7e59f884f27c0b3fe86fd51a3f63c6adbb36ca81d182d25b311a045ba13") sendfile(r0, r1, &(0x7f00000000c0)=0x4, 0xff) 2018/04/13 13:01:04 executing program 7: unshare(0x8000400) r0 = syz_open_procfs(0x0, &(0x7f0000000240)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") getdents(r0, &(0x7f0000000880)=""/223, 0xdf) 2018/04/13 13:01:04 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) pread64(r2, &(0x7f0000000080)=""/73, 0x49, 0x0) ftruncate(r1, 0x7) 2018/04/13 13:01:04 executing program 6: r0 = socket$kcm(0x2, 0x4000000005, 0x0) sendmsg(r0, &(0x7f0000000300)={&(0x7f0000000200)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000280)="d9", 0x1}], 0x1, &(0x7f00000004c0)}, 0x0) 2018/04/13 13:01:04 executing program 2: 2018/04/13 13:01:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create(0x10007fff) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r0, 0x2400) dup3(r1, r0, 0x0) close(r2) 2018/04/13 13:01:04 executing program 2: 2018/04/13 13:01:04 executing program 4: 2018/04/13 13:01:04 executing program 0: 2018/04/13 13:01:04 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_netfilter(r0, &(0x7f0000000240)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f0000403000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000000301ffff009f0400000001000008dda0"], 0x14}, 0x1}, 0x0) fdatasync(r0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x2000, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000040)) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000}) recvmsg(r0, &(0x7f0000000b40)={&(0x7f0000000680)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @multicast2}}}, 0x80, &(0x7f0000000b00), 0x0, &(0x7f00000005c0)=""/129, 0x81}, 0x0) 2018/04/13 13:01:04 executing program 6: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f000037c000)="170000001a001bed0000132100f404fffffffffffffff7", 0x17) chroot(&(0x7f0000000000)='./file0\x00') recvmmsg(r0, &(0x7f0000000000), 0x80000000000036b, 0x0, &(0x7f00000070c0)={0x77359400}) 2018/04/13 13:01:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create(0x10007fff) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r0, 0x2400) dup3(r1, r0, 0x0) close(r2) 2018/04/13 13:01:04 executing program 7: setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x0, @broadcast=0xffffffff}, @in={0x2, 0x0, @multicast1=0xe0000001}, @in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}], 0xc) r0 = socket$inet_tcp(0x2, 0x1, 0x0) syz_emit_ethernet(0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="0180c200000000901c739a8c000d0000007dbc85bd5d8685d9900e000000000046f1531b46502da97771b7f63aeb1083ef8e43a3"], &(0x7f0000000140)) setsockopt$inet_buf(r0, 0x0, 0x60, &(0x7f0000000000), 0x0) 2018/04/13 13:01:04 executing program 5: 2018/04/13 13:01:05 executing program 4: 2018/04/13 13:01:05 executing program 2: 2018/04/13 13:01:05 executing program 0: 2018/04/13 13:01:05 executing program 5: 2018/04/13 13:01:05 executing program 1: 2018/04/13 13:01:05 executing program 7: 2018/04/13 13:01:05 executing program 0: 2018/04/13 13:01:05 executing program 4: 2018/04/13 13:01:05 executing program 2: 2018/04/13 13:01:05 executing program 5: 2018/04/13 13:01:05 executing program 1: 2018/04/13 13:01:05 executing program 3: 2018/04/13 13:01:05 executing program 4: 2018/04/13 13:01:05 executing program 7: 2018/04/13 13:01:05 executing program 0: 2018/04/13 13:01:05 executing program 6: 2018/04/13 13:01:05 executing program 3: 2018/04/13 13:01:05 executing program 2: 2018/04/13 13:01:05 executing program 1: 2018/04/13 13:01:05 executing program 5: 2018/04/13 13:01:05 executing program 0: 2018/04/13 13:01:05 executing program 3: 2018/04/13 13:01:05 executing program 2: 2018/04/13 13:01:05 executing program 6: 2018/04/13 13:01:05 executing program 7: 2018/04/13 13:01:06 executing program 4: 2018/04/13 13:01:06 executing program 1: 2018/04/13 13:01:06 executing program 5: 2018/04/13 13:01:06 executing program 0: 2018/04/13 13:01:06 executing program 7: 2018/04/13 13:01:06 executing program 3: 2018/04/13 13:01:06 executing program 2: 2018/04/13 13:01:06 executing program 6: 2018/04/13 13:01:06 executing program 0: 2018/04/13 13:01:06 executing program 7: 2018/04/13 13:01:06 executing program 3: 2018/04/13 13:01:06 executing program 5: 2018/04/13 13:01:06 executing program 4: 2018/04/13 13:01:06 executing program 6: 2018/04/13 13:01:06 executing program 1: 2018/04/13 13:01:06 executing program 2: 2018/04/13 13:01:06 executing program 6: 2018/04/13 13:01:06 executing program 0: 2018/04/13 13:01:06 executing program 3: 2018/04/13 13:01:06 executing program 4: 2018/04/13 13:01:06 executing program 1: 2018/04/13 13:01:06 executing program 7: 2018/04/13 13:01:06 executing program 5: 2018/04/13 13:01:06 executing program 2: 2018/04/13 13:01:06 executing program 0: 2018/04/13 13:01:06 executing program 4: 2018/04/13 13:01:06 executing program 1: 2018/04/13 13:01:06 executing program 2: 2018/04/13 13:01:06 executing program 5: 2018/04/13 13:01:06 executing program 7: 2018/04/13 13:01:06 executing program 6: 2018/04/13 13:01:06 executing program 0: 2018/04/13 13:01:06 executing program 3: 2018/04/13 13:01:06 executing program 5: 2018/04/13 13:01:06 executing program 3: 2018/04/13 13:01:06 executing program 4: 2018/04/13 13:01:07 executing program 2: 2018/04/13 13:01:07 executing program 1: 2018/04/13 13:01:07 executing program 0: r0 = socket$inet(0x2, 0x4008000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x20000802, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000080), 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f00000000c0)=']', 0x1, 0x0, &(0x7f00000001c0)={0x2}, 0x10) 2018/04/13 13:01:07 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000001f000)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(sha3-224-generic,cbc-camellia-asm)\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x2) 2018/04/13 13:01:07 executing program 7: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x7, 0x2}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp(0x6f2000, 0x5460, 0x6f2000, &(0x7f00000001c0)) socketpair$inet_icmp(0x6f2000, 0x930000, 0x705000, &(0x7f00000002c0)) 2018/04/13 13:01:07 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) capset(&(0x7f00000fc000)={0x19980330}, &(0x7f000047efe8)) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x2}, 0x20) 2018/04/13 13:01:07 executing program 1: 2018/04/13 13:01:07 executing program 5: 2018/04/13 13:01:07 executing program 3: [ 71.332234] capability: warning: `syz-executor2' uses 32-bit capabilities (legacy support in use) 2018/04/13 13:01:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={&(0x7f0000000280)={0x10}, 0xc, &(0x7f0000029000)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x18, 0xd19, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x8, 0x15, 0x4}]}, 0x24}, 0x1}, 0x0) 2018/04/13 13:01:07 executing program 0: 2018/04/13 13:01:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000015ff0)={&(0x7f000000afd4)=ANY=[@ANYBLOB="2c0000002100ff0a00000000080000000a000000fe000000040000000c00150000000000"], 0x1}, 0x1}, 0x0) 2018/04/13 13:01:07 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000001f000)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(sha3-224-generic,cbc-camellia-asm)\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x2) 2018/04/13 13:01:07 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f0000001d80)=[{{&(0x7f0000000000)=@in6={0xa, 0x4e21, 0x0, @loopback={0x0, 0x1}}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000080)}}], 0x1, 0x0) 2018/04/13 13:01:07 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/sequencer\x00', 0x800, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) read$eventfd(r1, &(0x7f0000000000), 0x8) 2018/04/13 13:01:07 executing program 7: r0 = socket(0x11, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14) close(r0) 2018/04/13 13:01:07 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000012000)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [], 0xe}, 0x2}, 0x1c) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000380)={0x0, 0x400}, 0x14) [ 71.546139] netlink: 'syz-executor4': attribute type 21 has an invalid length. 2018/04/13 13:01:07 executing program 0: r0 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'bcsh0\x00', 0x2001}) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'bcsh0:\x00', 0x1}) 2018/04/13 13:01:07 executing program 1: seccomp(0x1, 0x0, &(0x7f0000044ff0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240)='/dev/rfkill\x00', 0x0, 0x0) read(r0, &(0x7f0000000280)=""/226, 0xe2) seccomp(0x1, 0x1, &(0x7f0000947ff0)={0x1, &(0x7f000005eff0)=[{0x6}]}) 2018/04/13 13:01:07 executing program 5: 2018/04/13 13:01:07 executing program 6: 2018/04/13 13:01:07 executing program 3: [ 71.681996] audit: type=1326 audit(1523624467.680:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=6016 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455319 code=0xffff0000 2018/04/13 13:01:08 executing program 7: 2018/04/13 13:01:08 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x0) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)}, 0x0) 2018/04/13 13:01:08 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8002) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0186415, &(0x7f0000000040)={&(0x7f0000ffe000/0x2000)=nil, 0xcd4, 0x0, 0x21, &(0x7f0000ffd000/0x1000)=nil}) writev(r0, &(0x7f0000000040), 0x8) 2018/04/13 13:01:08 executing program 6: pipe(&(0x7f00005dcff8)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f00005de000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) vmsplice(r1, &(0x7f00004e8000)=[{&(0x7f00005dff57)=';', 0x1}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000400)=[{&(0x7f00000003c0)='\v', 0x1}], 0x1, 0x0) 2018/04/13 13:01:08 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00004da000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000d40)={0x1, &(0x7f0000000080)=[{0x40006, 0x0, 0x0, 0x7}]}, 0x8) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendto$inet(r1, &(0x7f0000000fc0), 0x0, 0x2004c044, &(0x7f0000000000)={0x2, 0x4e25, @multicast2=0xe0000002}, 0x10) sendto$inet(r1, &(0x7f00000019c0)="a6a9a3f56583431111ba5e897aeb82bf99870a903fd52ddac5a9f76974f34ffb5f4ced5be82df85383e128236b5af596afdba07c93374f1f946ab4414901f8ad2b55739bcd6ec77e48900767778c4a5ef746d174e4789acc2ba8c039282b4f9887843471ed1743c0128e740d609686f86be951c00ddf5cf32d2fc01624bfa68690c55ac0cca0f5227056687455008fc3cdf1be7aac994572aca8a11295adcb67fbcf545075daeb36662a03625be2f56ca6d3ef9594cd1970911d4849e96dd60a70d62a2f7cdb16554ec0036df682271c3814cae02f7292c25b8b5b87f896b4c69075779f2cab7cdf6235def9f147155c38dc705b245eaf5838e784dc0a76546044e7ff110583265f05ea28f70a15fd0c95f3b2344e58fc45b88473016fc265a37eaea26e33168d8636515a5d906918be01d6edaf5457264694703861d43f623c0704ea04fe7648c86bb84dc8f01bc107719300574444cf3c8cebf5f2247d22a49c51195e737712ca338fdffb3081230a1ebe56b1affe539a7592685e79a908d28e72d2d6da033f45cabb4a4f37ac2dc37f02a119b7702e70e9d110006ad0b0c9f43cb258a98d905301983ff6eabd1f1c8d6acea7028d17b8c6ea93c691f3360ea9ae73a7eed340b9d9c8644634165ab56875a7b830414878bf390b3b56898d8d9ee7bae76bdfca53074ddc6131fbe946b136fe73f5eabb23823ee23a7852e57e36ab7b1d5318d2a6d0a44611c94a625b777fbc8695793edb17c49a44a17f08d85c9606d4b37164c8db72ddef88fc2556600abecc8a316eee77cb6c1b4c4ba7fb3ecbbb411a96481e9ec910852bc7e5fff6d7ac7a33f9ca7123d46d1f26559c67b1148865da8756e1f7ea7470dda73dbc2ba6e15833a152d7742bf853ee807c82570c193edfa852d67b9eb5d4b86f40b8ae2eee660e2922d4b07efd9450305a5919f29d6e887eef7700f038888cb52fa710c6b196d1445abbfbc2d167223a56a6a1c2dbbbbe454e2a473bf7f45c18eba2f8fb6f80874bc76de999de8805da9dea7ac23673592564b8ce27ad613ce54d5b7e5c616681b05177fba960720efc62e5150687734de121214d85a03d1c6ebe8c5126400fea6c8863c319ee307fa055d332a2af3862acce8c9c1a3191c7c99c40ed267635464634c05337fad5863cc3b5ccd8aaea780610d12456c55d6362a8dfd7ae26e09fcaee810623a61afb7f2729e7f5e9b2fd5a59d05b4ccb78342362325b6448d7bed7cc0e656aece332424abb6bce15156fc1278828cf8889bd073f7d5944bc6d9605eee647b4ff89131bab47bc9833ecdc56f28d8cfd47edaf1138cbed1949e1b358bb7b62f6e35d05ae59cbf92925250ee30e8d4adbbe01e845457564f8748bba11e0c3bcb09a719d65eb7914cbd24983c791912933e81635339e1cec1cdcede387954d89df271731ecaf419831b50bf41104530f3a9f4a2f2e19f04fe4ad8900649ae80be14c3230537c683ac4cd2fe32a26622b275f2346d955be48d95adf7aaa248dc5a755871a54563b27a80de21411993c0d30982bd0708375ecca4ba0d5332a921006913db049e0de8a52cc7af87171bf254d346f645edb9fa8a37c7f2b3b367094f6906df83dfcbec96138fb4923a0a881425a74e05799abc5299b9f46deb09f5495ead5d564027d491485d703df248db057392a51f81ba11e681266e6a6c71662fa1d6e434b79eadf767e24690939b366d666c004436b8572da8259c661ba83b8432ead8265c79c817d3653330de85b61718553e0dd1d99a80231e073a69b411026c739468f8db80e8a8b656cd3fe963ec267b4cd6094bf0849c8864f4ecc0016e0a2c18486d4bbb22aa06cce4f8fe12303d5a94b1cf57463a945557aaa980ffb0ab065fde4c3d0807f4cb304de62f3b57209926d68b0d598890e8e92668994e56ea2a7283355997b733d9881f7547718b143adab6fd53205cb62b7e781d434d9147db410b9310d4257dcde2bfac8d28ac5875736957ee9e440977f427de3f3df7b18e1b1a40c6583701413a656afd4f51af34e38", 0x5ad, 0x8000, &(0x7f00000000c0)={0x2, 0x0, @rand_addr}, 0x10) sendto$inet(r1, &(0x7f0000000c80), 0x0, 0x0, &(0x7f0000000b40)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/13 13:01:08 executing program 0: r0 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'bcsh0\x00', 0x2001}) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'bcsh0:\x00', 0x1}) 2018/04/13 13:01:08 executing program 1: 2018/04/13 13:01:08 executing program 2: socketpair(0x0, 0x0, 0x0, &(0x7f0000000200)) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x101, 0x3, 0x800000008, 0x1}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x13, 0x0, 0x7ffff9, 0x0, 0x20000000, 0x0}, 0x2c) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x13, 0x0, 0x710000, 0x0, 0x6e8000}, 0x14) [ 72.483116] audit: type=1326 audit(1523624468.480:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=6016 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455319 code=0x0 [ 72.513169] audit: type=1326 audit(1523624468.505:5): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=6016 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45813a code=0x0 2018/04/13 13:01:08 executing program 7: 2018/04/13 13:01:08 executing program 3: 2018/04/13 13:01:08 executing program 1: 2018/04/13 13:01:08 executing program 4: 2018/04/13 13:01:08 executing program 5: 2018/04/13 13:01:08 executing program 6: pipe(&(0x7f00005dcff8)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f00005de000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) vmsplice(r1, &(0x7f00004e8000)=[{&(0x7f00005dff57)=';', 0x1}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000400)=[{&(0x7f00000003c0)='\v', 0x1}], 0x1, 0x0) 2018/04/13 13:01:08 executing program 0: 2018/04/13 13:01:08 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000380)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a402f1265047502f6c2dd9f655a08d63e2da7af47e6c37972352875f125bcf3ea7f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a45ea22b1f4fb050000000000000000000000000044b800e87953ed64ae2f3f5f53c78f80293abf2a8486bd65d593cea221df08495ace8ea1f739deb9394733c7f2a8bc8469c6ab2ec67eeec0f89c726db45b9fbf07b5e70840d3520ab33cd4619123cbd3b6246e1c0fb86835c5a2d52e02d7f8da762ba15a81fafeb2c9549175") preadv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1, 0x0) [ 72.877113] ================================================================== [ 72.884559] BUG: KMSAN: uninit-value in copy_page_to_iter+0x754/0x1b70 [ 72.891253] CPU: 1 PID: 6073 Comm: syz-executor5 Not tainted 4.16.0+ #83 [ 72.898091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.907469] Call Trace: [ 72.910071] dump_stack+0x185/0x1d0 [ 72.913710] ? kmsan_internal_check_memory+0x145/0x1d0 [ 72.918995] kmsan_report+0x142/0x240 [ 72.922804] kmsan_internal_check_memory+0x164/0x1d0 [ 72.927919] kmsan_copy_to_user+0x69/0x160 [ 72.932166] copy_page_to_iter+0x754/0x1b70 [ 72.936507] skb_copy_datagram_iter+0x7fd/0xf70 [ 72.941191] tun_do_read+0x2a29/0x30c0 [ 72.945082] ? arch_local_irq_disable+0x10/0x10 [ 72.949758] tun_chr_read_iter+0x21f/0x460 [ 72.953997] ? tun_cleanup+0x60/0x60 [ 72.957714] __vfs_read+0x6fb/0x8e0 [ 72.961348] vfs_read+0x36c/0x6c0 [ 72.964806] SYSC_read+0x172/0x360 [ 72.968349] SyS_read+0x55/0x80 [ 72.971634] do_syscall_64+0x309/0x430 2018/04/13 13:01:08 executing program 0: 2018/04/13 13:01:08 executing program 7: [ 72.975521] ? vfs_write+0x8d0/0x8d0 [ 72.979238] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 72.984422] RIP: 0033:0x40f370 [ 72.987606] RSP: 002b:0000000000a3eaa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 72.995317] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 000000000040f370 [ 73.002588] RDX: 00000000000003e8 RSI: 0000000000a3f930 RDI: 00000000000000fc [ 73.009862] RBP: 0000000000000013 R08: 0000000000000000 R09: 00000000019f9940 [ 73.017144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013 2018/04/13 13:01:09 executing program 4: [ 73.024419] R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000001380 [ 73.031686] [ 73.033309] Uninit was created at: [ 73.036858] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 73.041875] kmsan_alloc_page+0x82/0xe0 [ 73.045853] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 73.050608] alloc_pages_current+0x6b5/0x970 [ 73.055023] skb_page_frag_refill+0x3ba/0x5e0 [ 73.060221] sk_page_frag_refill+0xa4/0x340 [ 73.064546] __ip_append_data+0x107e/0x3d10 [ 73.068869] ip_append_data+0x2fb/0x440 [ 73.072850] udp_sendmsg+0x746/0x3180 [ 73.076657] inet_sendmsg+0x48d/0x740 [ 73.080457] SYSC_sendto+0x6c3/0x7e0 [ 73.084173] SyS_sendto+0x8a/0xb0 [ 73.087632] do_syscall_64+0x309/0x430 [ 73.091520] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 73.096719] [ 73.098344] Bytes 0-957 of 958 are uninitialized [ 73.103089] ================================================================== [ 73.110440] Disabling lock debugging due to kernel taint [ 73.115884] Kernel panic - not syncing: panic_on_warn set ... [ 73.115884] 2018/04/13 13:01:09 executing program 0: [ 73.123259] CPU: 1 PID: 6073 Comm: syz-executor5 Tainted: G B 4.16.0+ #83 [ 73.131398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.141575] Call Trace: [ 73.144173] dump_stack+0x185/0x1d0 [ 73.147799] panic+0x39d/0x940 [ 73.151009] ? kmsan_internal_check_memory+0x145/0x1d0 [ 73.156290] kmsan_report+0x238/0x240 [ 73.160105] kmsan_internal_check_memory+0x164/0x1d0 [ 73.165215] kmsan_copy_to_user+0x69/0x160 [ 73.169455] copy_page_to_iter+0x754/0x1b70 [ 73.173795] skb_copy_datagram_iter+0x7fd/0xf70 2018/04/13 13:01:09 executing program 2: 2018/04/13 13:01:09 executing program 4: [ 73.178476] tun_do_read+0x2a29/0x30c0 [ 73.182373] ? arch_local_irq_disable+0x10/0x10 [ 73.187053] tun_chr_read_iter+0x21f/0x460 [ 73.191297] ? tun_cleanup+0x60/0x60 [ 73.195018] __vfs_read+0x6fb/0x8e0 [ 73.198660] vfs_read+0x36c/0x6c0 [ 73.202118] SYSC_read+0x172/0x360 [ 73.205671] SyS_read+0x55/0x80 [ 73.208951] do_syscall_64+0x309/0x430 [ 73.212843] ? vfs_write+0x8d0/0x8d0 [ 73.216563] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 73.221751] RIP: 0033:0x40f370 2018/04/13 13:01:09 executing program 7: r0 = mq_open(&(0x7f0000000080)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x7}) close(r0) mq_unlink(&(0x7f0000000140)) r1 = shmget(0x2, 0x1000, 0x78000405, &(0x7f0000ffd000/0x1000)=nil) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x10000, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000180)={{0x2e, 0xcd, 0x0, 0x1000, 0x2}, 0x3, 0x9, 0x101}) syz_mount_image$bfs(&(0x7f00000001c0)='bfs\x00', &(0x7f0000000200)='./file0\x00', 0x67, 0x1, &(0x7f0000000340)=[{&(0x7f0000000240)="9f2cd3837e039e077f74b4327c9c32cfdd05b25b491db2b553f800635a45a265c5ab390894e98d77a2965778e7e4bbb3c17869bf4bb013fad0710c552c40c96899a23f7be58fdffdd7e021932c411ad9548ef0067c0cce5cf0aa1fe662b1c1fbc7b7d35cba5be2e031fb947e02843a9e8217dd6dab943370ac779564f120378cde38a460cb61cfbc75a26c1b46ea58a8d92fa7fbc00d22e319e48fcbfa74dfb41ab508f4401cada332c58b1d3b27699c53816926b97e49de2386edbde289416b2158c717f6eb196ba056e916a8b29f12d8ff5745cf893a509cbdd86df85f1106", 0xe0}], 0x20, 0x0) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000380)=""/167) [ 73.224935] RSP: 002b:0000000000a3eaa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 73.232644] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 000000000040f370 [ 73.239913] RDX: 00000000000003e8 RSI: 0000000000a3f930 RDI: 00000000000000fc [ 73.247182] RBP: 0000000000000013 R08: 0000000000000000 R09: 00000000019f9940 [ 73.254453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013 [ 73.261719] R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000001380 [ 73.269532] Dumping ftrace buffer: [ 73.273059] (ftrace buffer empty) [ 73.276760] Kernel Offset: disabled [ 73.280359] Rebooting in 86400 seconds..