INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. 2018/04/21 02:37:11 fuzzer started 2018/04/21 02:37:12 dialing manager at 10.128.0.26:39431 syzkaller login: [ 58.623531] can: request_module (can-proto-0) failed. [ 58.632775] can: request_module (can-proto-0) failed. 2018/04/21 02:37:41 kcov=true, comps=true 2018/04/21 02:37:47 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000007ffc)={0x0, 0x2}, 0x4) sendto$inet6(r0, &(0x7f000023effe)="7f", 0x1, 0x0, &(0x7f000010e000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/21 02:37:47 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001b4ff6)='/dev/ptmx\x00', 0x106, 0x0) writev(r0, &(0x7f00000b5000)=[{&(0x7f0000000000)="ebb29c2aa804af648d63b2908439b40213", 0x11}], 0x1) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x80000001) ioctl$TCSETA(r0, 0x5402, &(0x7f0000a26fec)) 2018/04/21 02:37:47 executing program 7: r0 = socket(0x40000000015, 0x805, 0x0) bind$inet(r0, &(0x7f00000a9000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000dbf000), 0x0, 0x0, &(0x7f0000b2d000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000fc2000), 0x0, 0x0, &(0x7f000069affb)={0x2, 0x0, @loopback=0x7f000001}, 0x10) close(r0) 2018/04/21 02:37:47 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x7f, 0x1, 0x3, 0x0, 0xffffffffffffff9c}, 0x2c) perf_event_open(&(0x7f00000017c0)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0xc, 0x4, 0x4, 0x7fffffff, 0x0, r0, 0x0, [0x305f]}, 0x2c) 2018/04/21 02:37:47 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x416}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 2018/04/21 02:37:47 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) sendmsg$alg(r1, &(0x7f0000166000)={0x0, 0x0, &(0x7f000019f000), 0x0, &(0x7f0000282fb8)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c", 0x20) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) 2018/04/21 02:37:47 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa}, 0x1c) sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x2, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000240)=[{0x10, 0x29, 0x2}], 0x10}}], 0x2, 0x0) 2018/04/21 02:37:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000013c0)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {0x2}, [@RTA_ENCAP_TYPE={0x8, 0x15}]}, 0x24}, 0x1}, 0x0) [ 66.604756] IPVS: ftp: loaded support on port[0] = 21 [ 66.691153] IPVS: ftp: loaded support on port[0] = 21 [ 66.718175] IPVS: ftp: loaded support on port[0] = 21 [ 66.722500] IPVS: ftp: loaded support on port[0] = 21 [ 66.734575] IPVS: ftp: loaded support on port[0] = 21 [ 66.750288] IPVS: ftp: loaded support on port[0] = 21 [ 66.778677] IPVS: ftp: loaded support on port[0] = 21 [ 66.824153] IPVS: ftp: loaded support on port[0] = 21 [ 68.771808] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.778408] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.798593] device bridge_slave_0 entered promiscuous mode [ 68.929847] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.936288] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.953742] device bridge_slave_0 entered promiscuous mode [ 68.971155] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.977585] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.000319] device bridge_slave_0 entered promiscuous mode [ 69.010276] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.016707] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.024472] device bridge_slave_0 entered promiscuous mode [ 69.034799] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.041205] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.049623] device bridge_slave_0 entered promiscuous mode [ 69.057336] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.063718] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.075122] device bridge_slave_1 entered promiscuous mode [ 69.083991] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.090408] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.107604] device bridge_slave_0 entered promiscuous mode [ 69.115722] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.122151] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.129965] device bridge_slave_0 entered promiscuous mode [ 69.140293] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.146766] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.155384] device bridge_slave_0 entered promiscuous mode [ 69.164638] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.171050] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.180426] device bridge_slave_1 entered promiscuous mode [ 69.197006] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.203459] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.221139] device bridge_slave_1 entered promiscuous mode [ 69.228910] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.235353] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.243380] device bridge_slave_1 entered promiscuous mode [ 69.251503] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.257890] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.273943] device bridge_slave_1 entered promiscuous mode [ 69.281089] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.290039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.300393] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.310522] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.317075] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.344496] device bridge_slave_1 entered promiscuous mode [ 69.369226] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.375674] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.386368] device bridge_slave_1 entered promiscuous mode [ 69.393339] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.399759] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.407060] device bridge_slave_1 entered promiscuous mode [ 69.415625] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.424356] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.432984] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.441479] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.451559] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.462446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.478386] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.514952] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.552204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.600533] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.609577] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.634359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.685425] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.844768] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.893511] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.908549] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.936321] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.978730] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.999433] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.011668] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 70.036990] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 70.046730] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.066991] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.084016] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.105819] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 70.132119] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.170384] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.188826] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.203984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.210953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.228886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.236582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.251136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.260000] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.278720] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.286812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.302715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.344683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.353290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.360708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.379328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.389866] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.398539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.412867] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.421580] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.428683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.436443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.451394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.481661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.505784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.526919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.536647] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.581377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.603309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.611403] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.619284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.646795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.674822] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.681995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.699237] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.715318] team0: Port device team_slave_0 added [ 70.848837] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 70.872437] team0: Port device team_slave_1 added [ 70.888997] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.906843] team0: Port device team_slave_0 added [ 70.921847] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.937255] team0: Port device team_slave_0 added [ 70.946156] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.961826] team0: Port device team_slave_0 added [ 70.969797] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.983800] team0: Port device team_slave_0 added [ 71.011899] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 71.028750] team0: Port device team_slave_0 added [ 71.038553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.058826] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 71.071644] team0: Port device team_slave_0 added [ 71.080389] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.095011] team0: Port device team_slave_1 added [ 71.108779] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.125120] team0: Port device team_slave_1 added [ 71.130528] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.143143] team0: Port device team_slave_1 added [ 71.151810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.167303] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 71.186484] team0: Port device team_slave_0 added [ 71.193989] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.205218] team0: Port device team_slave_1 added [ 71.213757] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.221201] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.228619] team0: Port device team_slave_1 added [ 71.241935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.259720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.274687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.294490] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.302879] team0: Port device team_slave_1 added [ 71.310762] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.318317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.328375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.337413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.346318] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 71.353728] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.364382] team0: Port device team_slave_1 added [ 71.390814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.404549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.422391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.441379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.450384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.461881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.469420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.477252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.484684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.492542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.500939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.508168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.516525] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.527791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.536531] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.545333] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.555382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.562936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.570166] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.577715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.621702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.651464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.674633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.682378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.690206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.697707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.705648] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.713261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.721150] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.728580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.736414] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.745677] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.754650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.763868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.771919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.782603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.791962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.806818] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.821445] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.830151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.842854] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.850226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.858498] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.868584] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.876501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.909883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.932748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.948725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.958185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.967934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.975744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.983630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.992207] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 71.999426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.007720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.017609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 72.027071] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.035886] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.046704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.055968] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.063160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.088351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.113485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.135329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.152485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.160482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.168327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.176333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.184149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.191897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.205784] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 72.226609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.258496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.289381] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.296791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.328109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.358521] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.376398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.399652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.164268] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.170819] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.177831] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.184262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.209005] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.304233] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.457096] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.463531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.470213] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.476601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.504624] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.523343] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.529750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.536421] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.542816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.555983] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.565738] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.572156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.578876] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.585283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.620344] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.629349] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.635755] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.642438] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.648849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.662299] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.680958] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.687393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.694112] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.700496] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.732096] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.856257] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.863066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.869741] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.876146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.885160] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 74.014718] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.021121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.027802] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.034202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.047753] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 74.336549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.347680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.379163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.394797] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.401999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.409472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.416955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 78.486265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.563164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.643430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.682249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.850047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.894163] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.954603] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.008987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.043301] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.055593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.170765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.193274] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.329908] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.384151] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.396166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.406558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.471830] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.478335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.489412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.524522] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.533827] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.547679] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.553991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.561449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.694060] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.701406] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.707751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.721564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.856804] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.863102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.876541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.901380] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.013671] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.029111] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 80.038210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.053798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.090728] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 80.103821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.127567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.156341] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.193310] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 80.199543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.223800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.265303] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.306488] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.650152] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.667554] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.689115] 8021q: adding VLAN 0 to HW filter on device team0 2018/04/21 02:38:04 executing program 2: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) keyctl$dh_compute(0x17, &(0x7f00000002c0), &(0x7f0000000300)=""/176, 0xb0, &(0x7f0000000480)={&(0x7f0000000440)={'ghash\x00'}}) 2018/04/21 02:38:04 executing program 7: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={"020081007f001e0020008ca7cc991735"}) r0 = socket$nl_xfrm(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) sendmsg(r0, &(0x7f00000008c0)={&(0x7f0000000000)=@can={0x1d, r1}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000300)="d80929d309d708db35cdfe5fe2d7", 0xe}], 0x1, &(0x7f00000000c0), 0x0, 0x1000}, 0x0) 2018/04/21 02:38:04 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000012000)=0xffffffffad36b24d, 0x4) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000000), 0x4) sendmsg$key(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f000001b000)={&(0x7f000001bf30)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0) read(r0, &(0x7f0000000040)=""/69, 0x45) 2018/04/21 02:38:04 executing program 2: r0 = socket$inet(0x2, 0x6, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000840)=@nat={'nat\x00', 0x19, 0x1, 0x200, [0x20000940, 0x0, 0x0, 0x20000970, 0x200009a0], 0x0, &(0x7f0000000800), &(0x7f0000000940)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0xb, 0x0, 0x0, 'teql0\x00', 'ip6gretap0\x00', 'ip_vti0\x00', 'nr0\x00', @empty, [], @link_local={0x1, 0x80, 0xc2}, [], 0x100, 0x138, 0x170, [@time={'time\x00', 0x18}, @nfacct={'nfacct\x00', 0x28, {{'syz1\x00'}}}]}, [@snat={'snat\x00', 0x10, {{@random="07901c8f0140"}}}]}, @common=@dnat={'dnat\x00', 0x10, {{@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}}}}]}]}, 0x278) [ 82.995332] netlink: 'syz-executor3': attribute type 21 has an invalid length. 2018/04/21 02:38:04 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000180)='hfsplus\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001100), 0x0, &(0x7f0000000200)={[{@nls={'nls', 0x3d, 'cp855'}, 0x2c}]}) 2018/04/21 02:38:04 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f0000000280)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f00000002c0)={0x18, 0x27, 0x1ff307543bf68163, 0x0, 0x0, {0x14}, [@nested={0x4, 0x7}]}, 0x18}, 0x1}, 0x0) [ 83.191174] xt_nfacct: accounting object `syz1' does not exists [ 83.237047] hfsplus: unable to find HFS+ superblock [ 83.331371] hfsplus: unable to find HFS+ superblock 2018/04/21 02:38:05 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x416}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 2018/04/21 02:38:05 executing program 2: r0 = memfd_create(&(0x7f0000002000)="2f7b06003170707031253a656d30f9", 0x0) write$evdev(r0, &(0x7f0000001000)=[{{}, 0x0, 0x0, 0x80000004}], 0x18) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000001000)={{}, {0x0, 0x989680}}, &(0x7f0000005000)) 2018/04/21 02:38:05 executing program 7: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "6cb782e4ad88b89d1fd309169f44812107130ee55db70510420aaa96759ecbc36eb9bb12b6124793608dd0e7316d1d4f4dbac39806e4ac714b7ecefa8a934a"}, 0x60) close(r0) 2018/04/21 02:38:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000012000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000000)="b9b70b00000f32263e0f0119642ef466baa00066b8fe0066ef66baf80cb8681c7085ef66bafc0cb867790000efc4e169e12bc4e1711425bad1ff06670f01c8b9e6020000b808000000ba000000000f300f01cb", 0x53}], 0x1, 0x60, &(0x7f00000001c0), 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2018/04/21 02:38:05 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000001000)={{0xa}, {0xa, 0x0, 0x200000, @dev={0xfe, 0x80}}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x5c) setsockopt$inet_int(r0, 0x0, 0x40, &(0x7f0000000ffc), 0x4) 2018/04/21 02:38:05 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x416}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 2018/04/21 02:38:05 executing program 1: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000e7d000), 0x8, 0x0) fstat(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r1, 0x0) setfsgid(r1) 2018/04/21 02:38:05 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) sendmsg$alg(r1, &(0x7f0000166000)={0x0, 0x0, &(0x7f000019f000), 0x0, &(0x7f0000282fb8)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c", 0x20) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) 2018/04/21 02:38:05 executing program 2: r0 = memfd_create(&(0x7f00000000c0)='vmnet1GPLkeyring\x00', 0x0) ftruncate(r0, 0xffff) write(r0, &(0x7f0000cbd000)='v', 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xfec) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xe3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) symlinkat(&(0x7f0000001000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00') 2018/04/21 02:38:05 executing program 7: r0 = eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f000092fffc)=0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) io_submit(r1, 0x2, &(0x7f00000015c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, r2}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000240)}]) 2018/04/21 02:38:05 executing program 1: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) pipe2(&(0x7f0000989000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x8000000032, 0xffffffffffffffff, 0x3c) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x4c}) statx(r1, &(0x7f0000000000)='./file0\x00', 0x6000, 0x80, &(0x7f0000000480)) r3 = creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time={0x77359400}}], 0x227) munmap(&(0x7f0000012000/0x1000)=nil, 0x1000) dup2(r0, r2) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000000)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r5, &(0x7f0000000040)={[0x2c, 0x31]}, 0x2) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e20, @multicast1=0xe0000001}}, [0xff, 0x7, 0x800, 0x100, 0x3, 0x1, 0x24000000000, 0x101, 0x3f, 0x5, 0xd5, 0x6, 0x200, 0x1ff, 0x81]}, &(0x7f0000000440)=0x100) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) r7 = socket$nl_route(0x10, 0x3, 0x0) arch_prctl(0x1003, &(0x7f0000000280)) sendmsg$nl_route(r7, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2040001}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=@dellink={0x34, 0x11, 0x0, 0x0, 0xb, {0x0, 0x0, 0x0, r6, 0x21800, 0x8000}, [@IFLA_PHYS_SWITCH_ID={0x14, 0x24, "b7eaa8d0e070a82b2940f54471f4ec9d"}]}, 0x34}, 0x1}, 0x40000) write(r1, &(0x7f00000000c0)="fdec755dc804ec665179f07282941267fef42fe3f9fdfc5f19f4e9f38cb11775d852e2ecd2284dd3111e346abe8862c2152f5d4443611bad390183ca680780e503d33f246a1ae6874b46950a8e02b64ea2", 0x51) gettid() 2018/04/21 02:38:05 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) sendmsg$alg(r1, &(0x7f0000166000)={0x0, 0x0, &(0x7f000019f000), 0x0, &(0x7f0000282fb8)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c", 0x20) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) 2018/04/21 02:38:05 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x416}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 2018/04/21 02:38:05 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x416}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 2018/04/21 02:38:05 executing program 2: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000000)={0x7fff, 0x80000000, 0xffffffff, 0x9144, 0x4, 0x80000000, 0x3f, 0x5, 0x1000, 0x100000001}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x400000000e) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000240)=0x7ff) 2018/04/21 02:38:05 executing program 3: r0 = memfd_create(&(0x7f0000000240)="926d6e657439f0344a0967000000000000", 0x0) write(r0, &(0x7f00000001c0)="596bc7485f", 0x5) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000380)=""/222, 0xde, 0x0, &(0x7f0000000000)) 2018/04/21 02:38:05 executing program 4: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000832ff3)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000003c0)={0x0, @time}) 2018/04/21 02:38:05 executing program 1: socketpair(0x8000000000001e, 0x1, 0x0, &(0x7f0000a77ff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000002e00)=[{{&(0x7f0000002280)=@alg, 0x58, &(0x7f0000002440)=[{&(0x7f00000023c0)=""/76, 0x4c}], 0x1, &(0x7f0000002480)=""/137, 0x89}}, {{&(0x7f0000002540)=@nfc, 0x10, &(0x7f0000002a80)=[{&(0x7f0000002980)=""/212, 0xd4}], 0x1, &(0x7f0000002b00)=""/73, 0x49}}], 0x2, 0x2, &(0x7f0000172ff0)={0x77359400}) r2 = dup2(r0, r0) dup3(r1, r2, 0x0) 2018/04/21 02:38:05 executing program 2: r0 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @multicast2=0xe0000002}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x404e23}, 0x10) getpeername(r0, &(0x7f00000001c0)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @broadcast}}}, &(0x7f0000000240)=0x80) 2018/04/21 02:38:05 executing program 7: mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_fuseblk_mount(&(0x7f00000d4000)='./file0\x00', &(0x7f00006f0ff8)='./file0\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f00001d8000)) 2018/04/21 02:38:05 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter\x00') bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(blowfish)\x00'}, 0x58) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="40020020", 0x4) sendfile(r2, r1, &(0x7f0000807000), 0x3f) 2018/04/21 02:38:05 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) sendmsg$alg(r1, &(0x7f0000166000)={0x0, 0x0, &(0x7f000019f000), 0x0, &(0x7f0000282fb8)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c", 0x20) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) 2018/04/21 02:38:05 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x416}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 2018/04/21 02:38:05 executing program 4: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000832ff3)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000003c0)={0x0, @time}) 2018/04/21 02:38:05 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x416}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 2018/04/21 02:38:05 executing program 3: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000003000)={0x1e86, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x84}]}, 0x8) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000000)={{{@in=@rand_addr, @in6=@dev={0xfe, 0x80}}}, {{@in=@multicast2=0xe0000002}, 0x0, @in=@multicast2=0xe0000002}}, 0xe8) 2018/04/21 02:38:05 executing program 6: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='io.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="393a340d231c04e0c2b076b1172946c7ba3d30"], 0x13) 2018/04/21 02:38:05 executing program 7: mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_fuseblk_mount(&(0x7f00000d4000)='./file0\x00', &(0x7f00006f0ff8)='./file0\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f00001d8000)) 2018/04/21 02:38:06 executing program 2: r0 = socket(0x10, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x2) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'ifb0\x00', 0x1}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) write$tun(r1, &(0x7f0000000340)={@pi={0x0, 0xd}, @void, @ipv6={0x0, 0x6, "2d56cc", 0x14, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @loopback={0x0, 0x1}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}, 0x40) 2018/04/21 02:38:06 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) capset(&(0x7f0000000140)={0x19980330}, &(0x7f00000001c0)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5412, &(0x7f0000000000)) 2018/04/21 02:38:06 executing program 4: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000832ff3)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000003c0)={0x0, @time}) 2018/04/21 02:38:06 executing program 6: r0 = socket$inet(0x2, 0x200000000000003, 0x9) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000200)={"66696c7465720200", 0x4}, 0x68) 2018/04/21 02:38:06 executing program 7: mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_fuseblk_mount(&(0x7f00000d4000)='./file0\x00', &(0x7f00006f0ff8)='./file0\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f00001d8000)) 2018/04/21 02:38:06 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000062bfc8)={&(0x7f0000315ff5)={0x10}, 0xc, &(0x7f0000bea000)={&(0x7f0000e52ec0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in, @in6=@dev={0xfe, 0x80}}, {@in=@broadcast=0xffffffff, 0x0, 0x32}, @in=@loopback=0x7f000001, {}, {}, {}, 0x0, 0x0, 0xa, 0x1}, [@tfcpad={0x8, 0x16}, @algo_auth={0x48, 0x1, {{'digest_null\x00'}}}]}, 0x140}, 0x1}, 0x0) 2018/04/21 02:38:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f000000cf90)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000005000)}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000ffd0)={0x0, 0x0, &(0x7f000000f000), 0x1, 0x0, &(0x7f000000ef31)='b'}) mmap$binder(&(0x7f000000c000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x4c, 0x0, &(0x7f00000004c0)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f0000000440)}}}], 0x0, 0x0, &(0x7f00000000c0)}) poll(&(0x7f0000000080), 0x0, 0xfffffffffffffffb) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/04/21 02:38:06 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000ac0)={&(0x7f0000000700)={0x10}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)=@updpolicy={0xb8, 0x19, 0x303, 0x0, 0x0, {{@in6=@remote={0xfe, 0x80, [], 0xbb}, @in=@loopback=0x7f000001, 0x0, 0x0, 0x0, 0x0, 0xa, 0xa0}}}, 0xb8}, 0x1}, 0x0) 2018/04/21 02:38:06 executing program 7: mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_fuseblk_mount(&(0x7f00000d4000)='./file0\x00', &(0x7f00006f0ff8)='./file0\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f00001d8000)) 2018/04/21 02:38:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x18, 0x2d, 0x100000b01, 0x0, 0x0, {0x3}, [@generic="be"]}, 0x18}, 0x1}, 0x0) 2018/04/21 02:38:06 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x0, @loopback=0x7f000001}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @loopback=0x7f000001}], 0x10) 2018/04/21 02:38:06 executing program 6: capset(&(0x7f00000fc000)={0x819980330}, &(0x7f000047efe8)) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0x1e, 0x4) [ 84.958968] capability: warning: `syz-executor0' uses 32-bit capabilities (legacy support in use) [ 84.989773] PF_CAN: dropped non conform CAN FD skbuf: dev type 65534, len 60, datalen 0 [ 85.076578] ================================================================== [ 85.084138] BUG: KASAN: slab-out-of-bounds in __sctp_v6_cmp_addr+0x4c7/0x530 [ 85.091350] Read of size 8 at addr ffff8801d68c85d0 by task syz-executor5/6793 [ 85.098694] [ 85.100313] CPU: 1 PID: 6793 Comm: syz-executor5 Not tainted 4.17.0-rc1+ #10 [ 85.107484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.116821] Call Trace: [ 85.119412] dump_stack+0x1b9/0x294 [ 85.123041] ? dump_stack_print_info.cold.2+0x52/0x52 [ 85.128221] ? printk+0x9e/0xba [ 85.131493] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 85.136240] ? kasan_check_write+0x14/0x20 [ 85.140470] print_address_description+0x6c/0x20b [ 85.145304] ? __sctp_v6_cmp_addr+0x4c7/0x530 [ 85.149800] kasan_report.cold.7+0x242/0x2fe [ 85.154215] __asan_report_load8_noabort+0x14/0x20 [ 85.159142] __sctp_v6_cmp_addr+0x4c7/0x530 [ 85.163463] sctp_inet6_cmp_addr+0x169/0x1a0 [ 85.167865] sctp_bind_addr_match+0x20b/0x400 [ 85.172354] ? sctp_bind_addrs_to_raw+0x370/0x370 [ 85.177281] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 85.182805] ? sctp_v4_available+0x1b1/0x200 [ 85.187209] ? sctp_inet6_bind_verify+0xb2/0x500 [ 85.191956] sctp_do_bind+0x1c0/0x5f0 [ 85.195769] sctp_bindx_add+0x90/0x1a0 [ 85.199656] sctp_setsockopt_bindx+0x2ad/0x320 [ 85.204238] sctp_setsockopt+0x12c4/0x7000 [ 85.208467] ? __lock_acquire+0x7f5/0x5140 [ 85.212705] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 85.218421] ? debug_check_no_locks_freed+0x310/0x310 [ 85.223610] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 85.229141] ? drop_futex_key_refs.isra.13+0x6d/0xe0 [ 85.234239] ? futex_wait+0x5c1/0x9f0 [ 85.238045] ? futex_wait_setup+0x400/0x400 [ 85.242363] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 85.247547] ? perf_trace_lock+0xd6/0x900 [ 85.251688] ? perf_trace_lock_acquire+0xe3/0x980 [ 85.256524] ? zap_class+0x720/0x720 [ 85.260229] ? perf_trace_lock+0x900/0x900 [ 85.264455] ? get_futex_key+0x1e90/0x1e90 [ 85.268686] ? graph_lock+0x170/0x170 [ 85.272491] ? sock_alloc_file+0x1f3/0x4e0 [ 85.276723] ? __x64_sys_socket+0x73/0xb0 [ 85.280867] ? find_held_lock+0x36/0x1c0 [ 85.284935] ? lock_downgrade+0x8e0/0x8e0 [ 85.289096] ? rcu_is_watching+0x85/0x140 [ 85.293243] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 85.298436] ? __fget+0x40c/0x650 [ 85.301889] ? expand_files.part.8+0x9a0/0x9a0 [ 85.306466] ? lock_downgrade+0x8e0/0x8e0 [ 85.310624] ? __lock_is_held+0xb5/0x140 [ 85.314679] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 85.319876] ? __fget_light+0x2ef/0x430 [ 85.323848] ? fget_raw+0x20/0x20 [ 85.327297] ? get_unused_fd_flags+0x190/0x190 [ 85.331889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.337415] ? alloc_file+0x44/0x3e0 [ 85.341122] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.346651] ? sock_alloc_file+0x2a4/0x4e0 [ 85.350885] sock_common_setsockopt+0x9a/0xe0 [ 85.355375] __sys_setsockopt+0x1bd/0x390 [ 85.359519] ? kernel_accept+0x310/0x310 [ 85.363584] ? do_futex+0x27d0/0x27d0 [ 85.367376] ? fput+0x130/0x1a0 [ 85.370652] __x64_sys_setsockopt+0xbe/0x150 [ 85.375049] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 85.380061] do_syscall_64+0x1b1/0x800 [ 85.384202] ? finish_task_switch+0x1ca/0x810 [ 85.388690] ? syscall_return_slowpath+0x5c0/0x5c0 [ 85.393611] ? syscall_return_slowpath+0x30f/0x5c0 [ 85.398536] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 85.403897] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 85.408736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.413924] RIP: 0033:0x455389 [ 85.417111] RSP: 002b:00007ff78a9bac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 85.424813] RAX: ffffffffffffffda RBX: 00007ff78a9bb6d4 RCX: 0000000000455389 [ 85.432072] RDX: 0000000000000064 RSI: 0000000000000084 RDI: 0000000000000014 [ 85.439330] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 85.446592] R10: 0000000020000180 R11: 0000000000000246 R12: 00000000ffffffff [ 85.453850] R13: 00000000000005a3 R14: 00000000006fb7e8 R15: 0000000000000000 [ 85.461123] [ 85.462743] Allocated by task 6793: [ 85.466363] save_stack+0x43/0xd0 [ 85.469819] kasan_kmalloc+0xc4/0xe0 [ 85.473521] __kmalloc_node+0x47/0x70 [ 85.477313] kvmalloc_node+0x6b/0x100 [ 85.481101] vmemdup_user+0x2d/0xa0 [ 85.484717] sctp_setsockopt_bindx+0x5d/0x320 [ 85.489202] sctp_setsockopt+0x12c4/0x7000 [ 85.493425] sock_common_setsockopt+0x9a/0xe0 [ 85.497907] __sys_setsockopt+0x1bd/0x390 [ 85.502047] __x64_sys_setsockopt+0xbe/0x150 [ 85.506451] do_syscall_64+0x1b1/0x800 [ 85.510335] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.515505] [ 85.517129] Freed by task 1: [ 85.520144] save_stack+0x43/0xd0 [ 85.523585] __kasan_slab_free+0x11a/0x170 [ 85.527811] kasan_slab_free+0xe/0x10 [ 85.531602] kfree+0xd9/0x260 [ 85.534699] acpi_ns_evaluate+0x97f/0x9bc [ 85.538845] acpi_evaluate_object+0x484/0x8b7 [ 85.543330] acpi_evaluate_integer+0x121/0x260 [ 85.547901] acpi_bus_get_status_handle+0x26/0xa0 [ 85.552731] acpi_bus_check_add+0x393/0xb40 [ 85.557044] acpi_ns_walk_namespace+0x224/0x400 [ 85.561698] acpi_walk_namespace+0xf2/0x12c [ 85.566011] acpi_bus_scan+0x138/0x160 [ 85.569894] acpi_scan_init+0x404/0x8df [ 85.573853] acpi_init+0x936/0x9fa [ 85.577388] do_one_initcall+0x127/0x913 [ 85.581434] kernel_init_freeable+0x49b/0x58e [ 85.585918] kernel_init+0x11/0x1b3 [ 85.589531] ret_from_fork+0x3a/0x50 [ 85.593233] [ 85.594856] The buggy address belongs to the object at ffff8801d68c85c0 [ 85.594856] which belongs to the cache kmalloc-32 of size 32 [ 85.607328] The buggy address is located 16 bytes inside of [ 85.607328] 32-byte region [ffff8801d68c85c0, ffff8801d68c85e0) [ 85.619018] The buggy address belongs to the page: [ 85.623940] page:ffffea00075a3200 count:1 mapcount:0 mapping:ffff8801d68c8000 index:0xffff8801d68c8fc1 [ 85.633375] flags: 0x2fffc0000000100(slab) [ 85.637601] raw: 02fffc0000000100 ffff8801d68c8000 ffff8801d68c8fc1 0000000100000029 [ 85.645471] raw: ffffea00075a3360 ffff8801da801238 ffff8801da8001c0 0000000000000000 [ 85.653334] page dumped because: kasan: bad access detected [ 85.659036] [ 85.660644] Memory state around the buggy address: [ 85.665560] ffff8801d68c8480: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 85.672905] ffff8801d68c8500: 00 00 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 85.680249] >ffff8801d68c8580: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 85.687596] ^ [ 85.693557] ffff8801d68c8600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 85.700919] ffff8801d68c8680: 00 00 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 85.708261] ================================================================== [ 85.715603] Disabling lock debugging due to kernel taint [ 85.722378] Kernel panic - not syncing: panic_on_warn set ... [ 85.722378] 2018/04/21 02:38:07 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={&(0x7f0000000200)={0x10}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)=@ipv6_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0xa}, [@RTA_GATEWAY={0x14, 0x5, @remote={0xfe, 0x80, [], 0xbb}}]}, 0x30}, 0x1}, 0x0) 2018/04/21 02:38:07 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xfffffffffffffff9, 0x40020011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f000026c000)=[@ptr={0x73622a85, 0x0, &(0x7f00004edf8a), 0x1}], &(0x7f000000afd0)}}], 0x0, 0x0, &(0x7f0000009000)}) connect$inet6(r0, &(0x7f00007b9fe4)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000a06000)=""/4096, &(0x7f0000000000)=0x1000) [ 85.729772] CPU: 1 PID: 6793 Comm: syz-executor5 Tainted: G B 4.17.0-rc1+ #10 [ 85.738345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.747701] Call Trace: [ 85.750304] dump_stack+0x1b9/0x294 [ 85.753943] ? dump_stack_print_info.cold.2+0x52/0x52 [ 85.760120] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.764893] ? __sctp_v6_cmp_addr+0x4a0/0x530 [ 85.769393] panic+0x22f/0x4de [ 85.772594] ? add_taint.cold.5+0x16/0x16 [ 85.776762] ? do_raw_spin_unlock+0x9e/0x2e0 [ 85.777326] binder: BINDER_SET_CONTEXT_MGR already set [ 85.781174] ? do_raw_spin_unlock+0x9e/0x2e0 [ 85.781191] ? __sctp_v6_cmp_addr+0x4c7/0x530 [ 85.781204] kasan_end_report+0x47/0x4f [ 85.781221] kasan_report.cold.7+0x76/0x2fe [ 85.790508] binder: 6798:6800 ioctl 40046207 0 returned -16 [ 85.790885] __asan_report_load8_noabort+0x14/0x20 [ 85.797248] binder_alloc: 6768: binder_alloc_buf, no vma [ 85.799309] __sctp_v6_cmp_addr+0x4c7/0x530 [ 85.799325] sctp_inet6_cmp_addr+0x169/0x1a0 2018/04/21 02:38:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x18, 0x2d, 0x100000b01, 0x0, 0x0, {0x3}, [@generic="be"]}, 0x18}, 0x1}, 0x0) [ 85.799343] sctp_bind_addr_match+0x20b/0x400 [ 85.799361] ? sctp_bind_addrs_to_raw+0x370/0x370 [ 85.803701] binder: 6798:6800 transaction failed 29189/-3, size 40-0 line 2963 [ 85.809362] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 85.809373] ? sctp_v4_available+0x1b1/0x200 [ 85.809390] ? sctp_inet6_bind_verify+0xb2/0x500 [ 85.859729] sctp_do_bind+0x1c0/0x5f0 [ 85.863540] sctp_bindx_add+0x90/0x1a0 [ 85.867432] sctp_setsockopt_bindx+0x2ad/0x320 [ 85.872021] sctp_setsockopt+0x12c4/0x7000 [ 85.876265] ? __lock_acquire+0x7f5/0x5140 2018/04/21 02:38:07 executing program 6: capset(&(0x7f00000fc000)={0x819980330}, &(0x7f000047efe8)) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0x1e, 0x4) [ 85.880506] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 85.886229] ? debug_check_no_locks_freed+0x310/0x310 [ 85.891433] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 85.896975] ? drop_futex_key_refs.isra.13+0x6d/0xe0 [ 85.902085] ? futex_wait+0x5c1/0x9f0 [ 85.905896] ? futex_wait_setup+0x400/0x400 [ 85.910228] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 85.915425] ? perf_trace_lock+0xd6/0x900 [ 85.919578] ? perf_trace_lock_acquire+0xe3/0x980 [ 85.924428] ? zap_class+0x720/0x720 [ 85.928147] ? perf_trace_lock+0x900/0x900 [ 85.932386] ? get_futex_key+0x1e90/0x1e90 [ 85.936625] ? graph_lock+0x170/0x170 [ 85.940437] ? sock_alloc_file+0x1f3/0x4e0 [ 85.944676] ? __x64_sys_socket+0x73/0xb0 [ 85.948833] ? find_held_lock+0x36/0x1c0 [ 85.952905] ? lock_downgrade+0x8e0/0x8e0 [ 85.957060] ? rcu_is_watching+0x85/0x140 [ 85.961212] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 85.966391] ? __fget+0x40c/0x650 [ 85.969846] ? expand_files.part.8+0x9a0/0x9a0 [ 85.974418] ? lock_downgrade+0x8e0/0x8e0 [ 85.978559] ? __lock_is_held+0xb5/0x140 [ 85.982610] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 85.987785] ? __fget_light+0x2ef/0x430 [ 85.991747] ? fget_raw+0x20/0x20 [ 85.995187] ? get_unused_fd_flags+0x190/0x190 [ 85.999760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.005282] ? alloc_file+0x44/0x3e0 [ 86.008981] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 86.014514] ? sock_alloc_file+0x2a4/0x4e0 [ 86.018737] sock_common_setsockopt+0x9a/0xe0 [ 86.023220] __sys_setsockopt+0x1bd/0x390 [ 86.027358] ? kernel_accept+0x310/0x310 [ 86.031406] ? do_futex+0x27d0/0x27d0 [ 86.035200] ? fput+0x130/0x1a0 [ 86.038470] __x64_sys_setsockopt+0xbe/0x150 [ 86.042865] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 86.047871] do_syscall_64+0x1b1/0x800 [ 86.051746] ? finish_task_switch+0x1ca/0x810 [ 86.056237] ? syscall_return_slowpath+0x5c0/0x5c0 [ 86.061165] ? syscall_return_slowpath+0x30f/0x5c0 [ 86.066084] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 86.071445] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 86.076277] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.081448] RIP: 0033:0x455389 [ 86.084619] RSP: 002b:00007ff78a9bac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 86.092312] RAX: ffffffffffffffda RBX: 00007ff78a9bb6d4 RCX: 0000000000455389 [ 86.099565] RDX: 0000000000000064 RSI: 0000000000000084 RDI: 0000000000000014 [ 86.106821] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 86.114075] R10: 0000000020000180 R11: 0000000000000246 R12: 00000000ffffffff [ 86.121330] R13: 00000000000005a3 R14: 00000000006fb7e8 R15: 0000000000000000 [ 86.129045] Dumping ftrace buffer: [ 86.132572] (ftrace buffer empty) [ 86.136260] Kernel Offset: disabled [ 86.139866] Rebooting in 86400 seconds..