[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. 2019/09/23 13:12:04 fuzzer started 2019/09/23 13:12:05 dialing manager at 10.128.0.105:39541 2019/09/23 13:12:05 syscalls: 2425 2019/09/23 13:12:05 code coverage: CONFIG_KCOV is not enabled 2019/09/23 13:12:05 comparison tracing: CONFIG_KCOV is not enabled 2019/09/23 13:12:05 extra coverage: CONFIG_KCOV is not enabled 2019/09/23 13:12:05 setuid sandbox: enabled 2019/09/23 13:12:05 namespace sandbox: enabled 2019/09/23 13:12:05 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/23 13:12:05 fault injection: kernel does not have systematic fault injection support 2019/09/23 13:12:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/23 13:12:05 net packet injection: enabled 2019/09/23 13:12:05 net device setup: enabled 13:12:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002012, r1, 0x0) 13:12:06 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x0, 0x0) flistxattr(r0, 0x0, 0x865fd3923afe5dbc) 13:12:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020dfff9100000000000000000000000080012000000010b000000000500000004000000000000000000000014a6c020ecb957980000000000000000ff030000000000000000000000ee9990fe00000003000600080008020200106cac14ffbbf000be0003000000030005000000000002004a3b5d632b91c520000000000098"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x2e565d7c36d98a1, 0x0) 13:12:06 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) fsync(r0) fsync(0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x0) write$P9_RWRITE(r1, 0x0, 0x0) write$P9_RREAD(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="036bc66a159861748b76459ce7456bcc33be252487948c3e961c7140b7cbac3563a4df033775c39262e391141bcfdcaa0435fe93e842162bbc76c7dcc1db70dcc5a36d081a86a06ba7ca6e7c51bb5498ccd01e3a9738833e3771edc2a8fb515ccb20db0ca8d8577be18701697fcbf695262fd34ede006c5ca967a1df3d98cc622d0a9a5448d03ef9de9312eea1e1cdde5a4137d1"], 0x94) fsync(r2) fallocate(r2, 0x0, 0x40000, 0xfff) fallocate(r1, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r2, 0x0, 0x8}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f0000000480)={'bond_slave_1\x00'}) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x9, 0x3, 0x2c8, 0x150, 0x150, 0x0, 0x150, 0x0, 0x250, 0x250, 0x250, 0x250, 0x250, 0x3, &(0x7f0000000000), {[{{@uncond, 0x0, 0xc8, 0x130, 0x0, {}, [@common=@inet=@tcp={0x30, 'tcp\x00', 0x0, {0x0, 0x4e22, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x4}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00', 0x1ff}}}, {{@uncond, 0x0, 0x98, 0x100}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x8, 0x76eaaccd, 0x3, 'netbios-ns\x00', 'syz0\x00', 0x8}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x328) 13:12:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x32, 0x0, 0x800) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x27) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000001c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) 13:12:06 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) getresgid(0x0, 0x0, &(0x7f0000000300)) fchown(r0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) syzkaller login: [ 34.284699] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 34.292880] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 34.300048] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 34.306796] IPVS: Creating netns size=2712 id=1 [ 34.307080] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 34.307450] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 34.307793] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 34.330951] IPVS: ftp: loaded support on port[0] = 21 [ 34.341454] IPVS: Creating netns size=2712 id=2 [ 34.346315] IPVS: ftp: loaded support on port[0] = 21 [ 34.361411] chnl_net:caif_netlink_parms(): no params data found [ 34.368236] ------------[ cut here ]------------ [ 34.372998] WARNING: CPU: 0 PID: 5635 at net/batman-adv/main.c:750 batadv_tvlv_container_remove+0x7b/0x80() [ 34.382900] Kernel panic - not syncing: panic_on_warn set ... [ 34.382900] [ 34.390272] CPU: 0 PID: 5635 Comm: syz-executor.3 Not tainted 4.4.194 #0 [ 34.397081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.406407] 0000000000000082 ffff8800b78c3870 ffffffff818a6f22 0000000000000000 [ 34.414418] ffffffff82e96378 ffffffff8300ac2f ffff8800b78c38e8 ffffffff8126f9bc [ 34.422420] ffff880000000008 ffff8800b78c38f8 ffff8800b78c3898 ffffffff81274e1f [ 34.430428] Call Trace: [ 34.433080] [] dump_stack+0xa1/0xdf [ 34.438326] [] panic+0xd2/0x225 [ 34.443240] [] ? printk+0x48/0x4a [ 34.448323] [] warn_slowpath_common.cold+0x16/0x16 [ 34.454891] [] warn_slowpath_null+0x15/0x20 [ 34.460841] [] batadv_tvlv_container_remove+0x7b/0x80 [ 34.467656] [] batadv_tvlv_container_register+0xb3/0x120 [ 34.474738] [] batadv_dat_tvlv_container_update+0x26/0x40 [ 34.481937] [] batadv_dat_init+0x6a/0x80 [ 34.487646] [] batadv_mesh_init+0x239/0x290 [ 34.493589] [] batadv_softif_init_late+0x271/0x2c0 [ 34.500144] [] register_netdevice+0xfa/0x450 [ 34.506182] [] rtnl_newlink+0x8a5/0x910 [ 34.511772] [] ? rtnl_newlink+0x17d/0x910 [ 34.517538] [] rtnetlink_rcv_msg+0x170/0x1e0 [ 34.523565] [] ? trace_hardirqs_on+0xd/0x10 [ 34.529505] [] ? mutex_lock_nested+0x30a/0x5a0 [ 34.535703] [] ? rtnetlink_rcv+0x17/0x30 [ 34.542076] [] ? rtnetlink_rcv+0x30/0x30 [ 34.547767] [] netlink_rcv_skb+0x31/0xc0 [ 34.553457] [] rtnetlink_rcv+0x26/0x30 [ 34.558972] [] netlink_unicast+0x168/0x210 [ 34.564834] [] netlink_sendmsg+0x1f1/0x390 [ 34.570698] [] sock_sendmsg+0x35/0x40 [ 34.576117] [] SYSC_sendto+0xed/0x160 [ 34.582054] [] ? sock_alloc_file+0x8c/0x120 [ 34.587997] [] ? fd_install+0x22/0x30 [ 34.593417] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 34.599877] [] SyS_sendto+0x9/0x10 [ 34.605045] [] entry_SYSCALL_64_fastpath+0x1c/0x7c [ 34.613257] Kernel Offset: disabled [ 34.616921] Rebooting in 86400 seconds..