INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2018/04/07 02:35:32 fuzzer started 2018/04/07 02:35:33 dialing manager at 10.128.0.26:38639 2018/04/07 02:35:39 kcov=true, comps=false 2018/04/07 02:35:42 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x8010000000000084) r1 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) close(r0) 2018/04/07 02:35:42 executing program 2: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x9, 0x3, 0x260, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x238, 0xffffffff, 0xffffffff, 0x238, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@ip={@local={0xac, 0x14, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14}, 0x0, 0x0, 'teql0\x00', 'bond0\x00'}, 0x0, 0x98, 0xf8}, @common=@SET={0x60, 'SET\x00'}}, {{@uncond, 0x0, 0x98, 0xd0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x2c0) r0 = socket$inet6(0xa, 0x200080003, 0xfc) sendmsg$unix(r0, &(0x7f0000000300)={&(0x7f0000000080)=@abs, 0x6e, &(0x7f00000002c0)}, 0x0) 2018/04/07 02:35:42 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000aa8000)="070a0722084fff00b1", 0x9) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f00000000c0)=""/4096, &(0x7f0000000000)=0x1000) 2018/04/07 02:35:42 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/route\x00') preadv(r0, &(0x7f0000000000), 0x200000000000022b, 0x10000003) 2018/04/07 02:35:42 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg(r0, &(0x7f0000007b40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000500)='~', 0x1}], 0x1, &(0x7f00000005c0)}}], 0x1, 0x20000840) 2018/04/07 02:35:42 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00001edff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, &(0x7f0000000040)) 2018/04/07 02:35:42 executing program 6: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x17}, 0x504) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000280)) 2018/04/07 02:35:42 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') exit(0x0) getdents(r0, &(0x7f0000004080)=""/4096, 0x1000) syzkaller login: [ 43.081693] ip (3780) used greatest stack depth: 54672 bytes left [ 44.261413] ip (3890) used greatest stack depth: 54632 bytes left [ 44.534564] ip (3915) used greatest stack depth: 54200 bytes left [ 46.449934] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.480122] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.505352] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.755653] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.781187] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.855007] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.864389] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.978455] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.266955] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.518585] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.596121] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.860820] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.950079] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.974107] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.003341] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.009650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.011276] ip (4887) used greatest stack depth: 53976 bytes left [ 56.024500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.055939] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.062935] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.316972] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.323272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.336107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.365371] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.371761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.399727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.651731] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.658098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.670147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.801958] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.808269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.816823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.846404] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.857736] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.864326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.881946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.918555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.933302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.962646] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.969222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.980588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 02:35:59 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000200)={@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "07e808", 0x8, 0x2f, 0x0, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@echo_request={0x80}}}}}}, &(0x7f0000000040)={0xfffffffffffffffe, 0x1000000000001, [0x4000000000000004]}) 2018/04/07 02:35:59 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x26, &(0x7f000001d000)) fcntl$lock(r0, 0x5, &(0x7f0000e0a000)) 2018/04/07 02:35:59 executing program 3: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f000001cff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendmsg$rds(r0, &(0x7f00000012c0)={&(0x7f0000014000)={0x2, 0x0, @rand_addr=0x31a00dfb}, 0x10, &(0x7f0000001fc0), 0x0, &(0x7f0000001280)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001480)=""/211, 0xd3}, &(0x7f0000001240)}}], 0x30}, 0x0) 2018/04/07 02:36:01 executing program 7: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x5dcb, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000200008000f8000020004000000000000000000001", 0x25}], 0x0, &(0x7f0000000400)=ANY=[]) mkdir(&(0x7f0000000040)='./file0/file0\x00', 0x0) 2018/04/07 02:36:01 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x26, &(0x7f000001d000)) fcntl$lock(r0, 0x5, &(0x7f0000e0a000)) 2018/04/07 02:36:01 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x8010000000000084) r1 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) close(r0) 2018/04/07 02:36:01 executing program 4: seccomp(0x1, 0x0, &(0x7f0000028ff0)={0x1, &(0x7f000004afe8)=[{0x6, 0x0, 0x0, 0xffffffff}]}) prctl$seccomp(0x16, 0x1, &(0x7f0000001a00)={0x0, &(0x7f00000003c0)}) 2018/04/07 02:36:01 executing program 5: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000100)="2600000022004701050007208980ff0600cc00002b1f00c0e9c1bb3d83c62b272590f240e00b", 0x26) sendto(r0, &(0x7f0000cfefee)="120000001200e7ff00ffe90009144a000ae9", 0x12, 0x0, 0x0, 0x0) 2018/04/07 02:36:01 executing program 6: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x5dcb, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000200028000f8000020004000000000000000000001", 0x25}], 0x0, &(0x7f0000000400)=ANY=[]) umount2(&(0x7f0000000180)='./file0\x00', 0x0) 2018/04/07 02:36:01 executing program 1: shmget(0xffffffffffffffff, 0x13000, 0x0, &(0x7f0000ab6000/0x13000)=nil) shmget(0x2, 0x3000, 0x0, &(0x7f0000ae9000/0x3000)=nil) 2018/04/07 02:36:01 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet6_int(r0, 0x29, 0x200000000050, &(0x7f00000000c0), &(0x7f0000000080)=0xfd) [ 59.065973] audit: type=1326 audit(1523068561.064:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5103 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 02:36:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000005500fd0300000000000000080700000004000004f22aa3a7e8b74a7d59a29c648e46046236b5cb400b2e32e3e1e999a0358ecdecbfa680448879f9a858738d12496766368bd67e4a467062c57b878fdf9ace9ad45a802807057b7ba44792278b19cf29c1aa5b1c3ec39a474b65db3010d71003cd497124b26a6452f1b58f1db6eea99bd8671dabbb5511d4e1f45643a00a64412edc6696f176692c4357ceea0a556f38d21c0afc0beb86b5d327bc3a0fb09e864e7ddebd99a6507a6b87e1417497ce8f3e1d8c2da53d7d1916b0ab3e7e8c71a6c63919b37f67715558540ce07ba2de06a4c4407ca537f584b8c67d"], 0x1}, 0x1}, 0x0) 2018/04/07 02:36:01 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fallocate(r1, 0x3, 0x0, 0xffff) fallocate(r1, 0x3, 0x0, 0xc214) 2018/04/07 02:36:01 executing program 6: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000140)="4ec8c7d7", 0x4) lseek(r0, 0xfffffffffffffffe, 0x4) 2018/04/07 02:36:01 executing program 7: sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0x9) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x948, 0x42, 0x0) 2018/04/07 02:36:01 executing program 2: r0 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"6966623000faffffffffffffff00", 0x4001}) write$tun(r0, &(0x7f0000000180)={@pi, @hdr={0x0, 0x4, 0x0, 0xffff}, @ipx={0xffff, 0x1e, 0x0, 0x0, {@current, @current}, {@current, @random="09dd57e2107c"}}}, 0x2c) 2018/04/07 02:36:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000dfb000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = epoll_create(0x401) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000e35000)) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)) readv(r1, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/233, 0xe9}], 0x1) 2018/04/07 02:36:01 executing program 4: socket$packet(0x11, 0xa, 0x300) syz_emit_ethernet(0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa8137ffff0e73000000000000ffffffffffff0000ffffffff702d084767af0000efe38f7a515b5887de213dd1ef41b916d7375881e04433fa8bcf919b02f2b7711c271824cd9396584a668d4239765cd5f156c30270eaaa2511facbb5341587db8acc69ebfb0bc830e3f2be7e9a4226f2fe667c9a0a50a0f1e7ac8779d399c10e38c1ebed8948366ca25d0b7056fb9633f7bfdfd8915ffb8df74a5cc38537e61d01bf7f4a988b68eb31827efee509fc5c578341e04e6eccde0640fad9d75c54a61a4b438fc05e02d2f3e652da8aad6e6e66576f68f7caa5a5a1b27e9a120acf79b4c9b05f83a72b12d32044be5df0344528446394d2f28c7aa469c8da50a8fea92e7d0bd9861167e5ecfab41391643cbf1de3dde3472438b6aed080ed09d527680529f341c021fe4850f55e6fc9f30c23225075a0b5d0ce0e2fb711729d8b27f37c1386e3d7faf2bee237e1eb46b9030534ab8916f4aa824d82070622375743264feae335df55b0585c216a6c326edd2142802a2fbdb347f3bc6e3acdd338ca30ed08c2ab96c4dd7911864e5bdb0d394bf5461acf3469b28fdda828e01aa723101a07b93894b08e30d932efcd06d435783827ec7e1e4b756e593eaf5e11d61a3b3735d163dc2134f1603a3a84f3a57e3f2a3e4df6cca45fd284933f7970fb27b2f9aad5fae897dc9db3198dab9089066d6142b4803e3071e495f21aacd6cbba8c96b979cebf22fd752aeda4f2b60cbcf40dd6c5966055f7226e2444f199acfcb8f0349bbd0cdf630a326eab43d23beadeccbdb71392b72e69a5318b7eeb7da72dda320dfd20fd9f94cad7a69780a7b8633cc8368848c226ca8974f12c408edce5eabf131e99651ba4765b62763196424703c018ec7d47056be7873f230c1fc1cd04d2fb7c8b153a2514f9402a0e8c4fa2674689a2f0c9be6848a321504e937e56720d6be763cac1fcf56bea6257767c1467dd092a233ed59f2aa5e824e28eafc045a113e889e77b586017bd49a137c819a2b3d0dcb37d121c9de8b30e1eb4b4b601152cd63e031001308f049674072e1f71d9826659e325d3e710dd12e276a7082ce08c4c0ba71ba26713f000b6d3281110d89ac83c8c0104b525c67c4e0ab3d63f516586f46227eb09c0ffce9e081a630f5f9d9388b28405bcb009bd4da2b49ea77c1c3abbbdca0289e9f0e86f1fc3cf723dc7e0f0ac7744fd93b1f6407e50e7e048a2bc99afa812c53d8883917c4dfac8c7a25b43d21cc975f7486b4c58fe4770f602d80d7b8f566146f608161942e41d7972b04c592469dc266cddb63680ccb6ee29619de288a1a0298e680a5298b301fc245f91e5184404fc8e22b99a9cccff4b13e980d39732c195111b92c0aff2406fd0d19bd1db38c79be590826c68b621645f66a091f623a3ec448f1b57ffa9fc1be56040f193eeaa59701e3d981849262b121617e713fe06d7dde4e718efdf30195faa97811675e1167202d7d10e5f46e23b76e9717d613ef0a9b922cd4add148d48322a5335ab7e48396fcac6bb140de45a852a644f381f4a5c9946540f16e05cfc5b6a2da25ff4a496c7b329ac5a88eb0b8603ed22a132a1866803fc725ebea5de021290d11637092f222f8d343d2f6484af3aa6dc4e38203a1ba73637cb05280a948f3ce43588ecc4e286bd461d172b7793aeecedef4183bdec846f99bd94ec777124c3ac11159156cef6e7378373151abdc5ad8a8f9f6673bfb8fce1a08c17379031853f7fb900b81e3a548db4c53ceb5be6d5f7ef3107c5f31cd10ed0fcab064f305ff93ec6c53c92229aad72b76702492a01ed895a95bcc795baad7f2630553555ed873ea3eefbc07297d934804401e99213da768c9e5f133a9febb11316beeff4fb8d1b4af2ffc86ed6834bf3406487353b55663b83deae77f9e52dee904ab3694f383648fd5c3f10ed5c3cf76ca8080386d00a72e5a44d9adc3abc3323b4481204f2d8c6f81ed472b6d2b2b0242bd365397bdbd737d8ce2b4af0439dccf70c61bfac99fe41dd88bd5cd4df472262c651593f6e1e78d434014a8db85ade0c67402531eb83f37afe6bd556790536a91020ccd5724f9e15e74a44e1004a15705d8fe177ff86e8d1bf18b74452968ef0450cc1dba0c5b009cf377d38ab2d37ec38b50a3fd4169de57b2a9d9dc4bf250da331b8009a68542e46e4bb4eae6edbc7942e4345f286e8b775623286acca3a1ad508ec2048d4b50a8e8022891aa451159cba6d4ba212722ee17fa3560c15727d5f80ea1f31078f811a1f6d7f7f66d9a0a478c82affc0aca11c468f420c5800a6629a7d4d3e0d25e1435700cc8d565617408a19fcb120e4e87b1ea93b819f6f9a9db9906631c970b240a2bc94e63ff85656279ae5fa2411a7a394e65ffd28f7522171b0f7cbe35bdb24dccd72b43b447ecdf3f4b93412b53f885dada416a466650f5463c7648d095b7efade34151fe439bba1f2e30d7b7fc044747f811064cec4ab046b30b020c10379f54f82497aa1238082f0f6648c8a92908d7e9a4fd6a4cb9b25a3fa8157d38a6aeac35a32b136973167deca162cbe23242d1c3ec1c488988c42b8d2e558f9a7707244d213c402cb4b5b486cda488cd345e20ed64e568facfb72b25c7da9d8654bb38e7452b81cc2adbf7a29e6f64321a4b5ccdf36e76922cba5655284947c7437d6f30e693cae35fc4f22bcf12c08e653db31344dd15840a9546490894f80f8221b095a4f985d5e8e9946abb023c838201625088727a37f8c927c01217e02bf1e9c7a144d8d73abbc71a9e73fc8409aeb12390a6921e44d8154c3fe2b19b702da64976ad73958ae7713473b8e5cabdece35cc90e4394bb79ef51dcdba44544deb8f64c31fdd5cdb266ab0052ff1fe49c1d5ca2eca6cdd6775dac15f15dc61be94da1a36f52de30b0bc0578e7d75d2d1f53f413d5f695a47b8fe3c501ab441a56e680f1d88d735e6286eb9b858cd2ab8c027b69669a2b447d70d37e8318a515b0bc21bb9038643c76206b286721b8f5490e851523378c5c0f466bf14913b248a065f037b4e12aefe500eeb57d86c4bf2d7695ca0d8a356843ee96f6a90a736976775644bd89ee6f5fb16a006a2fb7d6277c6711670c215bddf79b977b33fa5e2588e96a56f60c847f755bc7cc1cd1f1f06adde866c4d34d54639bfe7f565aa83f1ebdfc760c03924d79b50741f1002332183a0190946d3f66708797804ff0feb808bc9b3d0dc8fa1df39da18f1ccebf7e2d2ee62eb17307e4dd7627ce88acd22268f487e6a0eeaab5b6993f572ca1ce91b427e31db5b92f2606e88bb1c86d150ccd474565c44a216e8aae14acc9975851aedea1f81579ce0ea949e6ad819d1a3ae10aaff110ac534c9c7039b75bb1de1e9895d6a90a851deed050134dd46a5f93f534383036a0ff727d231d640505e49b8239ec43fd6aa3a4009e1d0b0d114bb641b3b7064da6ea2df865549b31c7b7c79754bb3a2684ae268ad731db07b61c815053ac4cf8c84c37c5aa39f6ef7614a98256dcd8cd98393ed5da740103e4257f5fabb48c31b82312468f5b114fe4cfd5e23202c98b901e3793b2bd9c39f08254f2bddefb167a5628faeb42a9bcd383002a59451db735b1c345b3afb96f48c09935ce63bf05ec2eceff6bea1452824b8346099b2a04e5c6cff1f68bf0f29cdf64eb3ac566a33090a06a7aa1618c8649f8599655890a8fb400b05789c8e20e761147fb10afddd33c24b9b99cd5bd6639379783e746cee723a0f8b271877d67ab2bc03c0529874b45d9f44947ea9af189b398091a3ed5eb1c7f564234c8b82f5ccb2c740279b74bdd3a9fac1399edb8ad4e31ab2a412192245af166f87d40478863e942f4f3ae530ade91a33e6383fcff1b167586e3d954d782a3c6f35da938168aa9ba1bcdf3ad7d3a2d8b47fad5c3019c0529b94eb199fc11a93d285584b95b373c36ef9ca7faefcfa1941ced5410180ebc1424eb2c72485db4926686a41b090be984a03b2a3bb5371f0d7fcc9b51492b672e3538825340825aedeb407efac16a41327fa73da723307509487cf115dee79eecdb69d3e297113801faf1527b4e52b4f4c35342049db79e51d6a687a17c93303e19c212d5b8099ad17815729f98923c2f7a9835699cda4a28099e393c096f43a359bae2b6615cc27ffb1057a00e470add7ede78f749a72d6aeefe500070fba9de7c27e3855a86747649a536f7f39e48d1ac3afd74eec0db3b1e442f2e6610f9cffc0f88cc31db3ea4e112dde390e45f4ea5cd94c8c744b5c12b08539dc398b4860e1938a7518dd83a96550c1189434fcc2ff6f5abc7e4770dc85a2d3c70e29bf771061156116aa6d37f24a360a1785268511da368ba0e07ee8945fcb8b48b52c66d6dc3536a8b01831e83a0b0d098d72baa66e0b5658711b5ff2b253ed0b39c53fc0b474bdec6e332a5826d836ac1957de7e1d42a0b91fc7aabb7c4e58b68abfa027a9903c7e36b4e1b35ff483ab261a3ed2fbe41a4b77584e5daa7be22deabc7498f7dfc299ec0c618fc2b08a0e49a1919fceb8366dbd773e17796a1a857dd5066896e3d080a0eb723d10cc611c8f6ba7e4a0b2faa0430014c071b603f8b1230186b221125d7734cb29bbbda4a365cfef9834ade963624868f7c1467a738fd697d8ba8b1481d96fa89d327b058f01cc6ffc55505d1e139fbd4740db95fbafe7a0d41991a06b95b7f7b18a1b5906a3590eb1f691c24a30dd5470321927bb7ede95c3a627afb6dc4fb4c328e13335e356e84511b409d9816598de446b25cd5b2807a6c00dcc70ec44a0b83e480660cfa8be0a3f6271b705b002ff992858226d5ca5904642c87c02452f15fc2dde164fd5c253cb64e3ad6e0eb1ab6973873a1e496dc7f72fed3ffa550c554c5692864111b7e7726a12cae9809331a1209e03fd17582edef8294aeddd26543f2d4f45d5ca0b3a88dfbe4a65be56dbb7289694207008c812fb32934d5b826ce96a4026bba9cc85dd4ceeb7fff7ceafbd7b5399de9a6b9dc39bc2b68a61f96d71c12aea2066c47f672f258757875f8e9e3a8bbf2ce88eee34abf8c466783910b7bf147a88c9ab4fac677dae1e469b39a3717c69a2a319073eb9af75347fef824f6b276cb0693a6e10339cfa12efff39fc051bbf7e44377bd087cce65c2acae99f5cff5ac91e2876007c8c14e0c9ca438b05572f1f46b8201fa0781b253da24c35a43fde48f36d80c7d1e2a8fbeb"], &(0x7f0000000000)) 2018/04/07 02:36:01 executing program 0: r0 = socket(0x10, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={"6966623000faffffffffffffff0100", 0x1302}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000002c0)={'syzkaller1\x00', 0x400}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) [ 59.847863] audit: type=1326 audit(1523068561.846:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5103 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 02:36:02 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000001c0)={@remote={0xfe, 0x80, [], 0xbb}}, 0x14) sendto$inet6(r0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c) close(r0) 2018/04/07 02:36:02 executing program 6: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000140)="4ec8c7d7", 0x4) lseek(r0, 0xfffffffffffffffe, 0x4) 2018/04/07 02:36:02 executing program 1: openat$sequencer(0xffffffffffffff9c, &(0x7f0000eef000)='/dev/sequencer\x00', 0x0, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f00007f2000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000736000)={0x0, 0x81000000200007d}) 2018/04/07 02:36:02 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='vegas\x00', 0x6) bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10) socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000140)) shutdown(r0, 0x1) 2018/04/07 02:36:02 executing program 2: r0 = socket(0x2000000000010, 0x20000000000003, 0x0) write(r0, &(0x7f0000944fde)="220000005e000721004f10f7e2ffd90000000000000000edff000000e700ff02f157", 0x22) recvfrom(r0, &(0x7f0000362f74)=""/140, 0x8c, 0x0, 0x0, 0x0) 2018/04/07 02:36:02 executing program 3: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8931, &(0x7f0000000000)={'bond0\x00'}) 2018/04/07 02:36:02 executing program 7: sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0x9) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shutdown(r0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x948, 0x42, 0x0) 2018/04/07 02:36:02 executing program 6: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000040)) clone(0x0, &(0x7f0000000040), &(0x7f0000000100), &(0x7f00000001c0), &(0x7f00000002c0)) 2018/04/07 02:36:02 executing program 5: r0 = socket$inet6(0xa, 0x80002, 0x88) recvfrom$inet6(r0, &(0x7f0000000000)=""/185, 0x67b9bef7e42dc274, 0x0, 0x0, 0xfffffffffffffdff) bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x8000000000000802, 0x88) sendmsg$inet_sctp(r1, &(0x7f0000a29000)={&(0x7f0000685ff0)=@in={0x2, 0x4e23}, 0x10, &(0x7f0000fc5fc0)}, 0x8000) mmap(&(0x7f0000000000/0xfd5000)=nil, 0xfd5000, 0x300000c, 0x32, 0xffffffffffffffff, 0x0) sendto$inet6(r1, &(0x7f00000000c0)="05076c2a38dde485f5dc048c718e2520efd2eec152ae1fb6b7c62cc3a0abeb34048aaea68307b508501dbe31812ea95c3f16786e27ac4120a66c368d854fd2bc473a39d8f7", 0x45, 0x0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}, 0x1c) 2018/04/07 02:36:03 executing program 3: syz_emit_ethernet(0x8e, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "06f526", 0x58, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x3f, {0x0, 0x6, "0a07ec", 0xae3, 0x29, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0xff, 0xff], @dev={0xac, 0x14}}, [], "a82f7ae1cd16d2e29ec370b17de075025dd0d40c29be46586985ea5d7b12d99989c2ad53524ba53f"}}}}}}}, &(0x7f0000000000)) 2018/04/07 02:36:03 executing program 2: r0 = socket(0x2000000000010, 0x20000000000003, 0x0) write(r0, &(0x7f0000944fde)="220000005e000721004f10f7e2ffd90000000000000000edff000000e700ff02f157", 0x22) recvfrom(r0, &(0x7f0000362f74)=""/140, 0x8c, 0x0, 0x0, 0x0) 2018/04/07 02:36:03 executing program 1: openat$sequencer(0xffffffffffffff9c, &(0x7f0000eef000)='/dev/sequencer\x00', 0x0, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f00007f2000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000736000)={0x0, 0x81000000200007d}) 2018/04/07 02:36:03 executing program 0: r0 = socket(0x10, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={"6966623000faffffffffffffff0100", 0x1302}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000002c0)={'syzkaller1\x00', 0x400}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) 2018/04/07 02:36:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f00000014c0)=""/4096, 0x1000}], 0x1) r1 = gettid() unshare(0x28060400) exit(0x0) syz_open_procfs(r1, &(0x7f0000000040)='ns/uts\x00') 2018/04/07 02:36:03 executing program 7: r0 = socket$inet(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x70, 0x1e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa2830007a6008000000000000000683540150024001d0004c41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/07 02:36:03 executing program 6: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000012000)=0x6, 0x4) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x1, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) 2018/04/07 02:36:03 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000001380)='./file0\x00', &(0x7f0000001340)='proc\x00', 0x0, &(0x7f0000000240)) mount(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/bus\x00', &(0x7f00000002c0)="7270635f706970656673008c7c647f0399287d03b74f09f3ebb5030000009df9a59c06000000000000f90ef07834c1c4", 0x0, &(0x7f0000000200)) [ 61.501422] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 61.509091] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. 2018/04/07 02:36:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, 0x0, 0x2, 0x0, "98fa27b05138a3bda79b003133302ee16a5fb2eedfdc338205e356129c4cbb5531a19d92d71f8bb4bcd3012a3f2f0fb696f95542f4ee81c3cb333d7da7530c37acd9736e3dc35ba030a8cc82e4536c62"}, 0xd8) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r0) 2018/04/07 02:36:03 executing program 1: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc), 0x4) r1 = socket$inet(0x2, 0x8000000000000003, 0x2f) sendto$inet(r1, &(0x7f000014cf2c), 0x0, 0x8000, &(0x7f00005b5ff0)={0x2}, 0x10) sendto$inet(r1, &(0x7f0000000000)="20100000", 0x4, 0x0, &(0x7f0000cf9000)={0x2}, 0x10) 2018/04/07 02:36:03 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0xef) read(r0, &(0x7f0000004f45)=""/187, 0xbb) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000001980)=0x1b, 0x4) sendto$inet6(r0, &(0x7f0000001ffe), 0x0, 0x0, &(0x7f0000003000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) 2018/04/07 02:36:03 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00005d3000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000aa4ff0)={&(0x7f0000c74fe0)={0x14, 0x2, 0x7, 0x804007fffffffd}, 0x14}, 0x1}, 0x0) 2018/04/07 02:36:03 executing program 6: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000280), 0x4) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000000040)="be38fc69faea5bd09bf0307006cefbafc01c3062dfedf949ad4e86bda4029155e2d6181bc9f0d25d4a23fed54bd250db05a0fbd78679ca006afa4ee44cb7b522c4a38231a9f99b3001e1d4857321a6a7c9e36ae424cc0d49fdb6c13c422fde782dd0c18a3a4018030b94ba6b7ff3f3192f8c563a1986d839c40052c8d3a78ae29126", 0x82, 0x0, &(0x7f0000000100)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000000500)="acbb915d6846975d5d248d4c727115f29ae03c05a1540f5303683cc3316fab70b8f72443207b3bc9d2b76a2124327a8dc22115702dfd81d9c5daf3734095c968bb4c931a63cd940101810cf243974b73d5c0d300e011c378c17bde5460ef55a7bcfe", 0x62, 0x4c881, 0x0, 0x0) sendto$inet(r0, &(0x7f00000001c0)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7acdec844f667da0", 0x76, 0x0, &(0x7f0000e66000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) writev(r0, &(0x7f00002e1fe0)=[{&(0x7f00000006c0)="fb9f3d0e5172e564301b29a055760259f6ab812ad231e4a5005bbfe148ad3e9f39064e09dd9c42c4e3db658f2e326c831e75c4d8b1118a6ae8ce718d7692f364b3f8be66e0f3f62991188f54220867947259e5b5b879bd5e4d8bf7f4758386c5f32baa5d2f6a608182952abb24ceeabf82fd95c2f7d638983f117b2c1a2ac0b27068f5b2", 0x84}], 0x1) shutdown(r0, 0x1) [ 61.614213] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 61.621751] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. [ 61.721536] ================================================================== [ 61.728964] BUG: KMSAN: uninit-value in __skb_flow_dissect+0x401f/0x6580 [ 61.735829] CPU: 0 PID: 5222 Comm: syz-executor1 Not tainted 4.16.0+ #81 [ 61.742673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.752023] Call Trace: [ 61.754625] dump_stack+0x185/0x1d0 [ 61.758258] ? __skb_flow_dissect+0x401f/0x6580 [ 61.762924] kmsan_report+0x142/0x240 [ 61.766727] __msan_warning_32+0x6c/0xb0 [ 61.770780] __skb_flow_dissect+0x401f/0x6580 [ 61.775268] ? __msan_chain_origin+0x69/0xc0 [ 61.779669] ? SyS_sendto+0x8a/0xb0 [ 61.783281] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.788632] ? __dev_queue_xmit+0x22d9/0x2b60 [ 61.793114] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 61.798555] __skb_get_hash_symmetric+0x10b/0x230 [ 61.803381] packet_rcv_fanout+0x38f/0x8d0 [ 61.807601] ? packet_direct_xmit+0xbf0/0xbf0 [ 61.812077] dev_queue_xmit_nit+0x111a/0x11e0 [ 61.816562] dev_hard_start_xmit+0x27c/0xc70 [ 61.820959] __dev_queue_xmit+0x22d9/0x2b60 [ 61.825270] dev_queue_xmit+0x4b/0x60 [ 61.829057] neigh_resolve_output+0xac6/0xb60 [ 61.833541] ? neigh_event_ns+0x360/0x360 [ 61.837673] ip_finish_output2+0x1238/0x1380 [ 61.842067] ip_finish_output+0xcb0/0xff0 [ 61.846198] ip_output+0x502/0x5c0 [ 61.849722] ? ip_mc_finish_output+0x3b0/0x3b0 [ 61.854284] ? ip_finish_output+0xff0/0xff0 [ 61.858584] ip_send_skb+0x5f3/0x820 [ 61.862284] ? __ip_local_out+0x5b0/0x5b0 [ 61.866419] ip_push_pending_frames+0x105/0x170 [ 61.871071] raw_sendmsg+0x2960/0x3ed0 [ 61.874962] ? compat_raw_ioctl+0x100/0x100 [ 61.879265] inet_sendmsg+0x48d/0x740 [ 61.883054] ? security_socket_sendmsg+0x9e/0x210 [ 61.887882] ? inet_getname+0x500/0x500 [ 61.891838] SYSC_sendto+0x6c3/0x7e0 [ 61.895534] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 61.900967] ? prepare_exit_to_usermode+0x149/0x3a0 [ 61.905975] SyS_sendto+0x8a/0xb0 [ 61.909407] do_syscall_64+0x309/0x430 [ 61.913279] ? SYSC_getpeername+0x560/0x560 [ 61.917584] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.922752] RIP: 0033:0x455259 [ 61.925923] RSP: 002b:00007fd98d7e4c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 61.933613] RAX: ffffffffffffffda RBX: 00007fd98d7e56d4 RCX: 0000000000455259 [ 61.940864] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000014 [ 61.948111] RBP: 000000000072bea0 R08: 0000000020cf9000 R09: 0000000000000010 [ 61.955360] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.962610] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 61.969862] [ 61.971464] Uninit was stored to memory at: [ 61.975775] kmsan_internal_chain_origin+0x12b/0x210 [ 61.980855] kmsan_memcpy_origins+0x11d/0x170 [ 61.985328] __msan_memcpy+0x19f/0x1f0 [ 61.989197] skb_copy_bits+0x63a/0xdb0 [ 61.993062] __skb_flow_dissect+0x3931/0x6580 [ 61.997534] __skb_get_hash_symmetric+0x10b/0x230 [ 62.002354] packet_rcv_fanout+0x38f/0x8d0 [ 62.006571] dev_queue_xmit_nit+0x111a/0x11e0 [ 62.011047] dev_hard_start_xmit+0x27c/0xc70 [ 62.015436] __dev_queue_xmit+0x22d9/0x2b60 [ 62.019739] dev_queue_xmit+0x4b/0x60 [ 62.023521] neigh_resolve_output+0xac6/0xb60 [ 62.027998] ip_finish_output2+0x1238/0x1380 [ 62.032387] ip_finish_output+0xcb0/0xff0 [ 62.036516] ip_output+0x502/0x5c0 [ 62.040038] ip_send_skb+0x5f3/0x820 [ 62.043731] ip_push_pending_frames+0x105/0x170 [ 62.048380] raw_sendmsg+0x2960/0x3ed0 [ 62.052249] inet_sendmsg+0x48d/0x740 [ 62.056039] SYSC_sendto+0x6c3/0x7e0 [ 62.059740] SyS_sendto+0x8a/0xb0 [ 62.063177] do_syscall_64+0x309/0x430 [ 62.067048] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.072213] Uninit was created at: [ 62.075733] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 62.080725] kmsan_alloc_page+0x82/0xe0 [ 62.084679] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 62.089415] alloc_pages_current+0x6b5/0x970 [ 62.093803] skb_page_frag_refill+0x3ba/0x5e0 [ 62.098275] sk_page_frag_refill+0xa4/0x340 [ 62.102578] __ip_append_data+0x107e/0x3d10 [ 62.106878] ip_append_data+0x2fb/0x440 [ 62.110835] raw_sendmsg+0x287b/0x3ed0 [ 62.114701] inet_sendmsg+0x48d/0x740 [ 62.118485] SYSC_sendto+0x6c3/0x7e0 [ 62.122177] SyS_sendto+0x8a/0xb0 [ 62.125610] do_syscall_64+0x309/0x430 [ 62.129486] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.134653] ================================================================== [ 62.141988] Disabling lock debugging due to kernel taint [ 62.147417] Kernel panic - not syncing: panic_on_warn set ... [ 62.147417] [ 62.154763] CPU: 0 PID: 5222 Comm: syz-executor1 Tainted: G B 4.16.0+ #81 [ 62.162878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.172207] Call Trace: [ 62.174779] dump_stack+0x185/0x1d0 [ 62.178386] panic+0x39d/0x940 [ 62.181576] ? __skb_flow_dissect+0x401f/0x6580 [ 62.186222] kmsan_report+0x238/0x240 [ 62.190006] __msan_warning_32+0x6c/0xb0 [ 62.194057] __skb_flow_dissect+0x401f/0x6580 [ 62.198531] ? __msan_chain_origin+0x69/0xc0 [ 62.202924] ? SyS_sendto+0x8a/0xb0 [ 62.206532] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.211877] ? __dev_queue_xmit+0x22d9/0x2b60 [ 62.216353] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 62.221789] __skb_get_hash_symmetric+0x10b/0x230 [ 62.226620] packet_rcv_fanout+0x38f/0x8d0 [ 62.230840] ? packet_direct_xmit+0xbf0/0xbf0 [ 62.235316] dev_queue_xmit_nit+0x111a/0x11e0 [ 62.239800] dev_hard_start_xmit+0x27c/0xc70 [ 62.244196] __dev_queue_xmit+0x22d9/0x2b60 [ 62.248513] dev_queue_xmit+0x4b/0x60 [ 62.252298] neigh_resolve_output+0xac6/0xb60 [ 62.256778] ? neigh_event_ns+0x360/0x360 [ 62.260905] ip_finish_output2+0x1238/0x1380 [ 62.265300] ip_finish_output+0xcb0/0xff0 [ 62.269430] ip_output+0x502/0x5c0 [ 62.272949] ? ip_mc_finish_output+0x3b0/0x3b0 [ 62.277514] ? ip_finish_output+0xff0/0xff0 [ 62.281812] ip_send_skb+0x5f3/0x820 [ 62.285508] ? __ip_local_out+0x5b0/0x5b0 [ 62.289641] ip_push_pending_frames+0x105/0x170 [ 62.294296] raw_sendmsg+0x2960/0x3ed0 [ 62.298184] ? compat_raw_ioctl+0x100/0x100 [ 62.302488] inet_sendmsg+0x48d/0x740 [ 62.306270] ? security_socket_sendmsg+0x9e/0x210 [ 62.311092] ? inet_getname+0x500/0x500 [ 62.315050] SYSC_sendto+0x6c3/0x7e0 [ 62.318744] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 62.324173] ? prepare_exit_to_usermode+0x149/0x3a0 [ 62.329177] SyS_sendto+0x8a/0xb0 [ 62.332609] do_syscall_64+0x309/0x430 [ 62.336482] ? SYSC_getpeername+0x560/0x560 [ 62.340786] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.345952] RIP: 0033:0x455259 [ 62.349120] RSP: 002b:00007fd98d7e4c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 62.356808] RAX: ffffffffffffffda RBX: 00007fd98d7e56d4 RCX: 0000000000455259 [ 62.364054] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000014 [ 62.371303] RBP: 000000000072bea0 R08: 0000000020cf9000 R09: 0000000000000010 [ 62.378550] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 62.385797] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 62.393430] Dumping ftrace buffer: [ 62.396944] (ftrace buffer empty) [ 62.400634] Kernel Offset: disabled [ 62.404232] Rebooting in 86400 seconds..