INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. 2018/04/07 05:57:53 fuzzer started 2018/04/07 05:57:54 dialing manager at 10.128.0.26:38639 2018/04/07 05:58:00 kcov=true, comps=false 2018/04/07 05:58:03 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/07 05:58:03 executing program 2: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x200000000002, 0xc) write(r0, &(0x7f0000d7df76)="1f0000000406fd00010000f60000ff0180fff80009000180060107ec000000", 0x1f) 2018/04/07 05:58:03 executing program 7: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000)={0x7fffffff}, 0x8, 0x0) readv(r0, &(0x7f0000b9bff0)=[{&(0x7f0000000140)=""/128, 0xa9}], 0x1) timer_create(0x2, &(0x7f0000001980)={0x0, 0x19, 0x0, @thr={&(0x7f0000aa1000), &(0x7f0000b70000)}}, &(0x7f000004cffc)) timer_settime(0x0, 0x1, &(0x7f000004a000)={{0x0, 0x989680}, {0x0, 0x7}}, &(0x7f000004afe0)) 2018/04/07 05:58:03 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000013000)) 2018/04/07 05:58:03 executing program 1: syz_emit_ethernet(0xe, &(0x7f0000000000)={@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @link_local={0x1, 0x80, 0xc2}, [], {@generic={0x8906}}}, &(0x7f0000000040)) 2018/04/07 05:58:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffff70}) 2018/04/07 05:58:03 executing program 5: prctl$seccomp(0x2f, 0x4, &(0x7f0000000100)={0x0, &(0x7f0000000140)}) 2018/04/07 05:58:03 executing program 6: bpf$PROG_LOAD(0x5, &(0x7f0000a12fb8)={0x1, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000005760000000000000183f0071105000000000001500000000000000950000faa1000000"], &(0x7f00000003c0)="bcd0d62fec957b0cb79be7fbdba39382b58a29007b39cfaa5341ca8a607bcb63bc69b5ac44eba7e81ebe06531c7d4c0616ec374aa0aead02c6bfd2d86dde8e8449dcdf7533f50e1cdc105864eb4b28c750ab49eebce33cef727b5bf7c843dc612e624f4240672266d4ab0e6ef6efc4aa6f61c5fc3c9f12e96c237a3934f5d7714c10d2ce8d831ef5de43dff72f67e11b7534bedab663f00876149cc6b5e2e6b361a556393d623558bc656564848deef5be41c4ae4a086ec2389ce22c3b65e0f42035226d6ea72a5e1263911e328b938ee1a7451f5da93fcd8307001d429b4e48569c52557205e9bb341db31d7053d0e62d1378059847c6e04585a4a84a172a6a658ad8af442e", 0x7, 0xfb, &(0x7f00000002c0)=""/251}, 0x48) syzkaller login: [ 42.937820] ip (3871) used greatest stack depth: 54200 bytes left [ 43.531433] ip (3922) used greatest stack depth: 53656 bytes left [ 45.161205] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.407765] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.489894] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.588362] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.597239] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.612183] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.666495] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.807137] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.313010] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.546685] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.564288] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.666524] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.724662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.821361] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.851071] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.939543] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.059580] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.065882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.077318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.316470] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.322775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.334654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.353699] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.377501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.410763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.472973] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.479390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.487946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.539127] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.545496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.553584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.616274] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.622561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.630613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.761334] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.767635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.779371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.811891] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.821538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.843871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 05:58:21 executing program 0: 2018/04/07 05:58:21 executing program 7: 2018/04/07 05:58:21 executing program 3: 2018/04/07 05:58:21 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f000038d000)='/dev/snd/timer\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)) 2018/04/07 05:58:21 executing program 2: 2018/04/07 05:58:21 executing program 6: 2018/04/07 05:58:21 executing program 4: 2018/04/07 05:58:21 executing program 5: 2018/04/07 05:58:21 executing program 0: 2018/04/07 05:58:21 executing program 4: 2018/04/07 05:58:21 executing program 6: 2018/04/07 05:58:21 executing program 2: 2018/04/07 05:58:21 executing program 5: 2018/04/07 05:58:21 executing program 3: 2018/04/07 05:58:21 executing program 7: 2018/04/07 05:58:21 executing program 1: 2018/04/07 05:58:21 executing program 4: 2018/04/07 05:58:22 executing program 0: 2018/04/07 05:58:22 executing program 7: 2018/04/07 05:58:22 executing program 6: 2018/04/07 05:58:22 executing program 2: 2018/04/07 05:58:22 executing program 5: 2018/04/07 05:58:22 executing program 3: 2018/04/07 05:58:22 executing program 4: 2018/04/07 05:58:22 executing program 1: 2018/04/07 05:58:22 executing program 0: 2018/04/07 05:58:22 executing program 5: 2018/04/07 05:58:22 executing program 3: 2018/04/07 05:58:22 executing program 6: 2018/04/07 05:58:22 executing program 7: 2018/04/07 05:58:22 executing program 2: 2018/04/07 05:58:22 executing program 4: 2018/04/07 05:58:22 executing program 1: 2018/04/07 05:58:22 executing program 0: 2018/04/07 05:58:22 executing program 5: 2018/04/07 05:58:22 executing program 3: 2018/04/07 05:58:22 executing program 2: 2018/04/07 05:58:22 executing program 7: 2018/04/07 05:58:22 executing program 4: 2018/04/07 05:58:22 executing program 6: 2018/04/07 05:58:22 executing program 2: 2018/04/07 05:58:22 executing program 1: 2018/04/07 05:58:22 executing program 4: 2018/04/07 05:58:22 executing program 5: 2018/04/07 05:58:22 executing program 0: 2018/04/07 05:58:22 executing program 6: 2018/04/07 05:58:22 executing program 3: 2018/04/07 05:58:22 executing program 7: 2018/04/07 05:58:22 executing program 1: 2018/04/07 05:58:22 executing program 0: 2018/04/07 05:58:23 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="acee0623b36221f584"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) write(r1, &(0x7f00000005c0)="260000005e0009000000eaf83a0000000000000001000000ffffff000008db1ee9ff4435eade", 0x26) 2018/04/07 05:58:23 executing program 5: 2018/04/07 05:58:23 executing program 3: 2018/04/07 05:58:23 executing program 4: 2018/04/07 05:58:23 executing program 6: 2018/04/07 05:58:23 executing program 7: 2018/04/07 05:58:23 executing program 1: 2018/04/07 05:58:23 executing program 0: 2018/04/07 05:58:23 executing program 3: 2018/04/07 05:58:23 executing program 6: 2018/04/07 05:58:23 executing program 4: 2018/04/07 05:58:23 executing program 5: 2018/04/07 05:58:23 executing program 1: 2018/04/07 05:58:23 executing program 7: 2018/04/07 05:58:23 executing program 0: 2018/04/07 05:58:23 executing program 5: 2018/04/07 05:58:23 executing program 2: 2018/04/07 05:58:23 executing program 6: 2018/04/07 05:58:23 executing program 4: 2018/04/07 05:58:23 executing program 3: 2018/04/07 05:58:23 executing program 5: 2018/04/07 05:58:23 executing program 0: 2018/04/07 05:58:23 executing program 7: 2018/04/07 05:58:23 executing program 6: 2018/04/07 05:58:23 executing program 1: 2018/04/07 05:58:23 executing program 3: 2018/04/07 05:58:23 executing program 4: 2018/04/07 05:58:23 executing program 2: 2018/04/07 05:58:23 executing program 0: 2018/04/07 05:58:23 executing program 6: 2018/04/07 05:58:23 executing program 1: 2018/04/07 05:58:23 executing program 5: 2018/04/07 05:58:24 executing program 7: 2018/04/07 05:58:24 executing program 3: 2018/04/07 05:58:24 executing program 2: 2018/04/07 05:58:24 executing program 4: 2018/04/07 05:58:24 executing program 1: 2018/04/07 05:58:24 executing program 6: 2018/04/07 05:58:24 executing program 0: 2018/04/07 05:58:24 executing program 5: 2018/04/07 05:58:24 executing program 6: 2018/04/07 05:58:24 executing program 1: 2018/04/07 05:58:24 executing program 7: 2018/04/07 05:58:24 executing program 3: 2018/04/07 05:58:24 executing program 2: 2018/04/07 05:58:24 executing program 0: 2018/04/07 05:58:24 executing program 4: 2018/04/07 05:58:24 executing program 5: 2018/04/07 05:58:24 executing program 7: 2018/04/07 05:58:24 executing program 1: 2018/04/07 05:58:24 executing program 2: 2018/04/07 05:58:24 executing program 3: 2018/04/07 05:58:24 executing program 6: 2018/04/07 05:58:24 executing program 5: 2018/04/07 05:58:24 executing program 7: 2018/04/07 05:58:24 executing program 1: 2018/04/07 05:58:24 executing program 2: ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x48}) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x4028700f, &(0x7f0000000040)) 2018/04/07 05:58:24 executing program 4: 2018/04/07 05:58:24 executing program 0: 2018/04/07 05:58:24 executing program 6: 2018/04/07 05:58:24 executing program 3: 2018/04/07 05:58:24 executing program 5: 2018/04/07 05:58:24 executing program 1: 2018/04/07 05:58:24 executing program 7: 2018/04/07 05:58:24 executing program 0: 2018/04/07 05:58:24 executing program 4: 2018/04/07 05:58:24 executing program 2: 2018/04/07 05:58:24 executing program 6: 2018/04/07 05:58:24 executing program 3: 2018/04/07 05:58:24 executing program 1: 2018/04/07 05:58:24 executing program 5: 2018/04/07 05:58:25 executing program 4: 2018/04/07 05:58:25 executing program 0: 2018/04/07 05:58:25 executing program 2: 2018/04/07 05:58:25 executing program 7: 2018/04/07 05:58:25 executing program 6: 2018/04/07 05:58:25 executing program 5: 2018/04/07 05:58:25 executing program 1: 2018/04/07 05:58:25 executing program 3: 2018/04/07 05:58:25 executing program 2: 2018/04/07 05:58:25 executing program 4: 2018/04/07 05:58:25 executing program 7: 2018/04/07 05:58:25 executing program 0: 2018/04/07 05:58:25 executing program 6: 2018/04/07 05:58:25 executing program 5: 2018/04/07 05:58:25 executing program 3: 2018/04/07 05:58:25 executing program 1: 2018/04/07 05:58:25 executing program 0: 2018/04/07 05:58:25 executing program 4: 2018/04/07 05:58:25 executing program 2: 2018/04/07 05:58:25 executing program 7: 2018/04/07 05:58:25 executing program 6: 2018/04/07 05:58:25 executing program 0: 2018/04/07 05:58:25 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x89b1, &(0x7f0000000280)={'ipddp0\x00', @ifru_mtu}) 2018/04/07 05:58:25 executing program 4: 2018/04/07 05:58:25 executing program 3: 2018/04/07 05:58:25 executing program 5: r0 = socket(0x11, 0x4000000000080003, 0x0) bind$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x14) 2018/04/07 05:58:25 executing program 7: perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3) ioctl$int_in(r0, 0x8000000000541b, &(0x7f0000000000)) 2018/04/07 05:58:25 executing program 2: r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f00000001c0)='numa_maps\x00') readv(r1, &(0x7f0000000300)=[{&(0x7f0000000280)=""/58, 0x3a}], 0x20000000000000fa) exit(0x0) readv(r1, &(0x7f000004ffe0)=[{&(0x7f0000000000)=""/128, 0xe6}], 0x222) 2018/04/07 05:58:25 executing program 6: r0 = socket(0xa, 0x8000000000000802, 0x0) setsockopt$inet6_int(r0, 0x29, 0x80000000000004c, &(0x7f0000ee9ffc), 0xfffffe10) 2018/04/07 05:58:25 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) perf_event_open(&(0x7f000001d000)={0x0, 0x78, 0x7c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xd25000)=nil, 0xd25000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x8, 0x4, 0x1, 0x0, 0x7f, 0x7f, 0x0, 0x9}, 0x20) 2018/04/07 05:58:25 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}, {{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x2, 0x0) 2018/04/07 05:58:25 executing program 4: r0 = syz_open_dev$tun(&(0x7f00000004c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'ip6gre0\x00', 0xc811}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'syz+aller0\x00'}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x7) close(r0) socket$inet_sctp(0x2, 0x0, 0x84) 2018/04/07 05:58:25 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='/exe\x00\x00\x00\x00\x00\x00') fsetxattr(r0, &(0x7f0000000000)=@known='user.syz\x00', &(0x7f0000002140)='selinux\x00', 0x11a1, 0x0) 2018/04/07 05:58:25 executing program 5: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f00000000c0)={'ipvs\x00'}, &(0x7f0000000100)=0x1e) 2018/04/07 05:58:25 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x0, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0xe, {0x2, 0x0, @rand_addr}, "00080700000400a0b22c582bf3aed17d"}) 2018/04/07 05:58:25 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_netdev_private(r0, 0x89f7, &(0x7f00000001c0)) 2018/04/07 05:58:26 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000000c0)={r1, 0x1, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x2, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0xff54) [ 62.081797] capability: warning: `syz-executor5' uses 32-bit capabilities (legacy support in use) 2018/04/07 05:58:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f00000001c0)) readv(r1, &(0x7f0000000400)=[{&(0x7f00000003c0)=""/3, 0x2}], 0x1) [ 62.123107] device bridge0 entered promiscuous mode 2018/04/07 05:58:26 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}, {{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x2, 0x0) 2018/04/07 05:58:26 executing program 6: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f0000000140)='./file0\x00', 0x1ff) 2018/04/07 05:58:26 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00008b7ff0)={&(0x7f0000bfdfdc)={0x14, 0x0, 0xf, 0x800000001}, 0x14}, 0x1}, 0x0) 2018/04/07 05:58:26 executing program 7: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0xb, 0x4000000000080, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f000051e000)={r0, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000fccff0)={r0, &(0x7f0000fce000)}, 0x10) [ 62.323200] device bridge0 left promiscuous mode 2018/04/07 05:58:26 executing program 5: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f00000000c0)={'ipvs\x00'}, &(0x7f0000000100)=0x1e) 2018/04/07 05:58:26 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f00000000c0), 0x0) 2018/04/07 05:58:26 executing program 1: r0 = socket$inet(0x2, 0x800000000003, 0x9) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000002c0)=@broute={'broute\x00', 0x20, 0x2, 0x3d8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000340], 0x0, &(0x7f0000000100), &(0x7f0000000340)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x5, 0x0, 0x0, 'bpq0\x00', 'ip6tnl0\x00', 'teql0\x00', 'ip6gretap0\x00', @link_local={0x1, 0x80, 0xc2}, [], @empty, [], 0x70, 0x1a0, 0x1d0}, [@common=@SECMARK={'SECMARK\x00', 0x108, {{0x0, 0x0, 'system_u:object_r:modules_conf_t:s0\x00'}}}]}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8}}, {{{0x3, 0x0, 0x0, 'ipddp0\x00', 'teql0\x00', 'syzkaller1\x00', 'ip6tnl0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], @link_local={0x1, 0x80, 0xc2}, [], 0x118, 0x118, 0x148, [@ip6={'ip6\x00', 0x50, {{@dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}}}}, @vlan={'vlan\x00', 0x8}]}}, @common=@STANDARD={'\x00', 0x8}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x450) 2018/04/07 05:58:26 executing program 7: syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], {@ipv6={0x86dd, {0x0, 0x6, "8e42d6", 0x8, 0x21, 0x0, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, @mcast2={0xff, 0x2, [], 0x1}, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) 2018/04/07 05:58:26 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}, {{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x2, 0x0) 2018/04/07 05:58:26 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/route\x00') sendfile(r0, r0, &(0x7f0000000040)=0x400000, 0x400000ff) 2018/04/07 05:58:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000cc8000)="260000002a0047d2ff0800000000000000010000016800000000070000000000000000000021", 0x26) 2018/04/07 05:58:26 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-sse2\x00'}, 0x58) bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) 2018/04/07 05:58:26 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7e, 0x6, 0x1, 0x11}, 0x2c) mount(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='bpf\x00', 0x0, &(0x7f0000000200)) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000100)='./file0/file1\x00', r0}, 0x10) mount(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000180)='./file0/file1\x00', &(0x7f0000000200)='bpf\x00', 0x0, 0x0) [ 62.896136] dccp_invalid_packet: pskb_may_pull failed 2018/04/07 05:58:26 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r1, &(0x7f00003fd000)=[{&(0x7f0000853000)=""/255, 0xffffff1f}], 0x1) r2 = syz_open_dev$evdev(&(0x7f0000d09000)='/dev/input/event#\x00', 0x0, 0x0) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f0000000000)=[{}], 0x1, 0xa7, &(0x7f0000000040), 0x8) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x4}) [ 62.932637] dccp_invalid_packet: pskb_may_pull failed 2018/04/07 05:58:26 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000007000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000012000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getpeername$inet6(r0, &(0x7f0000001140), &(0x7f00000011c0)=0x1c) 2018/04/07 05:58:27 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}, {{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x2, 0x0) 2018/04/07 05:58:27 executing program 4: r0 = socket(0x200000000010, 0x2, 0x0) write(r0, &(0x7f0000000000)="240000002a007f000000000000ed7601000000ff01000000000000ffff0100ff10000b00", 0x24) 2018/04/07 05:58:27 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000ff5ffc)={0x0, 0x7, 0xfffffffffffffffe}, 0x4) close(r0) 2018/04/07 05:58:27 executing program 7: mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0, 0x1b071, 0xffffffffffffffff, 0x0) munlockall() remap_file_pages(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f0000000000/0x12000)=nil, 0x12000, 0x0, 0x0, 0x0) [ 63.178507] mmap: syz-executor7 (5489) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. 2018/04/07 05:58:28 executing program 7: pipe(&(0x7f0000e2aff8)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r1, 0x2) flock(r0, 0x2) close(r1) 2018/04/07 05:58:28 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20) r1 = socket$inet6(0xa, 0x802, 0x0) r2 = dup3(r0, r1, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@loopback={0x0, 0x1}, 0x400000000800, 0x0, 0xffffffffffffffff}, 0x20) 2018/04/07 05:58:28 executing program 3: sendmmsg(0xffffffffffffffff, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}, {{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x2, 0x0) 2018/04/07 05:58:28 executing program 4: mkdir(&(0x7f0000027000)='./file0\x00', 0x0) mount(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) r0 = open$dir(&(0x7f000001bff4)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000000)=""/250, 0x523) getdents(r0, &(0x7f00000001c0)=""/77, 0x4d) 2018/04/07 05:58:28 executing program 0: mkdir(&(0x7f0000027000)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x0, &(0x7f000000a000)) open$dir(&(0x7f000001bff4)='./file0/bus\x00', 0x88040, 0x0) mount(&(0x7f0000033ff4)='./file0/bus\x00', &(0x7f000000fff8)='./file0\x00', &(0x7f0000032ffb)='fuse\x00', 0x7ffbf, &(0x7f0000032000)) statfs(&(0x7f0000000000)='./file0/bus\x00', &(0x7f0000000040)=""/4096) 2018/04/07 05:58:28 executing program 1: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000eedffc)=0x7fe, 0x4) setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000000)=0xed5f, 0x4) sendto$inet(r0, &(0x7f0000dcfffe), 0x0, 0x0, &(0x7f0000514ff0)={0x2, 0x4e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000040)=0x8, 0x4) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eec000), 0x0, &(0x7f0000000faf)=""/81, 0x51}, 0x41002106) 2018/04/07 05:58:28 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r1, &(0x7f00003fd000)=[{&(0x7f0000853000)=""/255, 0xffffff1f}], 0x1) r2 = syz_open_dev$evdev(&(0x7f0000d09000)='/dev/input/event#\x00', 0x0, 0x0) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f0000000000)=[{}], 0x1, 0xa7, &(0x7f0000000040), 0x8) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x4}) 2018/04/07 05:58:28 executing program 6: r0 = add_key$keyring(&(0x7f0000001200)='keyring\x00', &(0x7f0000001240)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r0, 0x0) keyctl$get_security(0x11, r0, &(0x7f0000000180)=""/164, 0xffffffffffffff3d) 2018/04/07 05:58:28 executing program 2: r0 = getpid() perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) process_vm_readv(r0, &(0x7f00000028c0)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/38, 0x26}, {&(0x7f0000000500)=""/31, 0x1f}, {&(0x7f0000000540)=""/240, 0xf0}, {&(0x7f00000026c0)=""/159, 0x9f}, {&(0x7f0000000640)=""/15, 0xf}, {&(0x7f0000002780)=""/1, 0x1}, {&(0x7f00000027c0)=""/214, 0xd6}], 0x9, &(0x7f0000002a40), 0x0, 0x0) 2018/04/07 05:58:28 executing program 6: syz_emit_ethernet(0x56, &(0x7f0000000200)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "f097c4", 0x20, 0x0, 0x0, @loopback={0x0, 0x1}, @empty, {[@routing={0x3b, 0x2, 0x0, 0x0, 0x0, [@mcast2={0xff, 0x2, [], 0x1}]}], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000080)) 2018/04/07 05:58:28 executing program 4: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x304}, 0x0) sendmsg(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000640)="2400000002031f001cfffd946fa2830020200a000900020002e700000200a3a20404ff7e", 0x24}], 0x1}, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x8000) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000040)) syz_extract_tcp_res$synack(&(0x7f0000000080), 0x1, 0x0) msgctl$IPC_RMID(0x0, 0x0) 2018/04/07 05:58:28 executing program 3: r0 = socket$inet(0x10, 0x0, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}, {{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x2, 0x0) 2018/04/07 05:58:28 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000003ff0)={&(0x7f0000012f80)=ANY=[@ANYBLOB="020d0000100000000000000000040000080012000000030800000000000000001c000000000000000000000000000000e000000100000000000000000000000000000000000000000000000000000000030006000000000002000000ac14ffbb00001a5d00000000030005000000000002000000ac14ffbb0000000000000000"], 0x80}, 0x1}, 0x0) sendmsg$key(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0) 2018/04/07 05:58:29 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='sysfs\x00', 0x0, &(0x7f0000000400)) mount(&(0x7f0000000040)='./file0/bus\x00', &(0x7f00000000c0)='./file0/bus\x00', &(0x7f0000000340)='sysfs\x00', 0x0, &(0x7f00000004c0)) utimes(&(0x7f0000000080)='./file0/bus\x00', &(0x7f0000000200)) 2018/04/07 05:58:29 executing program 6: capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000cc7fe8)) r0 = syz_open_procfs(0x0, &(0x7f0000ed6ff6)='map_files\x00') fsetxattr(r0, &(0x7f0000ac7fe6)=@known='com.apple.system.Security\x00', &(0x7f0000a7a000)="656d3073656c66a673656c696e757800", 0x10, 0x0) 2018/04/07 05:58:29 executing program 2: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00006f3ff0)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGKBLED(r0, 0xc004510e, &(0x7f0000000080)) 2018/04/07 05:58:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}, {{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x2, 0x0) 2018/04/07 05:58:29 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000003ff0)={&(0x7f0000012f80)=ANY=[@ANYBLOB="020d0000100000000000000000040000080012000000030800000000000000001c000000000000000000000000000000e000000100000000000000000000000000000000000000000000000000000000030006000000000002000000ac14ffbb00001a5d00000000030005000000000002000000ac14ffbb0000000000000000"], 0x80}, 0x1}, 0x0) sendmsg$key(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0) 2018/04/07 05:58:29 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x84, 0x2727, 0xffffffff00000001}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000000), &(0x7f0000000100)}, 0x20) 2018/04/07 05:58:29 executing program 5: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={&(0x7f00000008c0)=@nl=@kern={0x10}, 0x80, &(0x7f0000002000)=[{&(0x7f0000000080)="5500000018007fafb7a41cb22da280000206000000a843096c37236939000900210008004b00ca8a9848a3090000006b7b31afdc1338d54400009b84136ef75afb83de4411003ab8220000bf0cec6bab91d4000000", 0x55}], 0x1, &(0x7f0000000500)}, 0x0) 2018/04/07 05:58:29 executing program 7: mkdir(&(0x7f0000ac6000)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f000000aff8)='./file0\x00', &(0x7f0000cd3000)='ramfs\x00', 0x1, &(0x7f000056a0e2)) mount(&(0x7f0000802ff8)='./file0\x00', &(0x7f0000b16000)='./file0\x00', &(0x7f0000905000)='devtmpfs\x00', 0x85030, &(0x7f0000e99f87)) mount(&(0x7f0000df2000)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x7fffa, &(0x7f0000751000)) [ 65.125081] ================================================================== [ 65.132537] BUG: KMSAN: uninit-value in fib_create_info+0x554/0x8d20 [ 65.139035] CPU: 1 PID: 5566 Comm: syz-executor5 Not tainted 4.16.0+ #81 [ 65.145869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.155217] Call Trace: [ 65.157820] dump_stack+0x185/0x1d0 [ 65.161467] ? fib_create_info+0x554/0x8d20 [ 65.165796] kmsan_report+0x142/0x240 [ 65.169607] __msan_warning_32+0x6c/0xb0 [ 65.173677] fib_create_info+0x554/0x8d20 [ 65.177846] ? save_stack_trace+0xa5/0xf0 [ 65.181999] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 65.187451] ? kmsan_set_origin_inline+0x6b/0x120 [ 65.192299] ? __msan_poison_alloca+0x15c/0x1d0 [ 65.196976] ? inet_rtm_newroute+0x210/0x340 [ 65.201389] ? fib_table_insert+0xbc/0x2820 [ 65.205716] fib_table_insert+0x3b6/0x2820 [ 65.209959] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 65.215330] ? fib_new_table+0x247/0x670 [ 65.219395] inet_rtm_newroute+0x210/0x340 2018/04/07 05:58:29 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00002f5ff8)={0xffffffffffffffff}) bind$unix(r1, &(0x7f0000968ff6)=@file={0x1, './file0\x00'}, 0xa) connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8) sendmmsg$unix(r0, &(0x7f0000fa3000)=[{&(0x7f0000497ff6)=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000b71000), 0x0, &(0x7f0000e55000)}], 0x1, 0x0) 2018/04/07 05:58:29 executing program 7: r0 = socket$inet6(0xa, 0x1001000000080001, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x41, &(0x7f000000e000)=""/84, &(0x7f0000000000)=0x3b) 2018/04/07 05:58:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x1, 0x0) [ 65.223636] ? fib_del_ifaddr+0x35c0/0x35c0 [ 65.227964] rtnetlink_rcv_msg+0xa32/0x1560 [ 65.232300] ? SyS_sendmsg+0x54/0x80 [ 65.236027] ? netlink_sendmsg+0x9a6/0x1310 [ 65.240356] ? ___sys_sendmsg+0xec0/0x1310 [ 65.244597] ? SYSC_sendmsg+0x2a3/0x3d0 [ 65.248581] ? SyS_sendmsg+0x54/0x80 [ 65.252291] ? do_syscall_64+0x309/0x430 [ 65.256357] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 65.261727] ? __msan_poison_alloca+0x15c/0x1d0 [ 65.266410] ? _raw_spin_unlock_bh+0x57/0x70 [ 65.270838] ? __local_bh_enable_ip+0x3b/0x140 [ 65.276014] ? _raw_spin_unlock_bh+0x57/0x70 [ 65.280433] ? kmsan_set_origin_inline+0x6b/0x120 [ 65.285283] ? kmsan_set_origin+0x9e/0x160 [ 65.289527] netlink_rcv_skb+0x355/0x5f0 [ 65.293601] ? rtnetlink_bind+0x120/0x120 [ 65.297758] rtnetlink_rcv+0x50/0x60 [ 65.301500] netlink_unicast+0x1672/0x1750 [ 65.305771] ? rtnetlink_net_exit+0xa0/0xa0 [ 65.310109] netlink_sendmsg+0x1048/0x1310 [ 65.314360] ? netlink_getsockopt+0xc80/0xc80 [ 65.318863] ___sys_sendmsg+0xec0/0x1310 [ 65.322933] ? __fdget+0x4e/0x60 2018/04/07 05:58:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x1, 0x0) [ 65.326315] SYSC_sendmsg+0x2a3/0x3d0 [ 65.330126] SyS_sendmsg+0x54/0x80 [ 65.333669] do_syscall_64+0x309/0x430 [ 65.337565] ? ___sys_sendmsg+0x1310/0x1310 [ 65.341896] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 65.347108] RIP: 0033:0x455259 [ 65.350292] RSP: 002b:00007ff4a0bafc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.357996] RAX: ffffffffffffffda RBX: 00007ff4a0bb06d4 RCX: 0000000000455259 [ 65.365262] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000013 [ 65.372528] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 65.379794] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 65.387060] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 65.394337] [ 65.395953] Uninit was created at: [ 65.399507] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 65.404618] kmsan_kmalloc+0x94/0x100 [ 65.408425] kmsan_slab_alloc+0x11/0x20 [ 65.412399] __kmalloc_node_track_caller+0xaed/0x11c0 [ 65.417597] __alloc_skb+0x2cf/0x9f0 [ 65.421325] netlink_sendmsg+0x9a6/0x1310 [ 65.425487] ___sys_sendmsg+0xec0/0x1310 [ 65.429553] SYSC_sendmsg+0x2a3/0x3d0 [ 65.433358] SyS_sendmsg+0x54/0x80 [ 65.436894] do_syscall_64+0x309/0x430 [ 65.440783] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 65.445958] ================================================================== [ 65.453308] Disabling lock debugging due to kernel taint [ 65.458751] Kernel panic - not syncing: panic_on_warn set ... [ 65.458751] [ 65.466120] CPU: 1 PID: 5566 Comm: syz-executor5 Tainted: G B 4.16.0+ #81 2018/04/07 05:58:29 executing program 4: socketpair$unix(0x1, 0x800000001, 0x0, &(0x7f0000020000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000028ffc), 0x4) r2 = dup(r1) sendto(r0, &(0x7f0000001fff)="e9a964d2797f760ef2632a2ada444295bf2141ec4120dbbc600e1e73a1a549e91f3b1dfc13560861f16ccca4268899050ebf969eb58a96cee76999f940f78babd2e9caa231dda21246c71110777ef54577f326bce3447948ab818bf4950e1e770ad2aeee5de4826cc00cb41283d6f364782fc6a20e05693748ecc9e58fe6b7bb293df99867757c69db83002ea496b130248c29901a299bd5363e107e299b0d864d506d2cdc2b96fa7950bb2292cf5e6a9f1df33f0ad0476ee7fee99698936ecdfc5ddb2903538e902782f00b099f7ef611ad5951f951c43b01789aa4d82bc27051491cc79bea21ef3ff9a1db5adff1507f267ff46546b7c87eb24c00ebb92ce5421d04b1e2444045ff5bd302a92b5791c32d3a6f31c26431b5d33c5931e8e415d5d8d8fc0d632074903eca5d9845098db235f7ddc554887584c234b66a414e85ace0e791b1259ac6dbdbbef24de34f16beadb781b0f50ec32a80ffb8b38742606653d57df0c600ad39e871260068182c679c015f32b38eb46a6c5bc2ffd6a14b5d3f3213823dbca12727907fb49ca18a15dc4790a00afb508bc0eec852798e0eaa89fc24453beb1572303b4f321d005a74021bb3e5877c1e10782d3683f40453ac3cff25d5db4f025b98f3dd8eda53b505d7d76f8eaa76c1f5fab8026a00dce99b8bdded60a800e659dcb8f8a5fb0dc86868c842ab7c1f7bc7472a52845dd2e4202de269468d392212f0d573d5874721d6f9ad2f4aa5aeb94d516ffa24bc6c5d1728a969ae747fdab97984773a13251e01869c786b246681dd10dc15f8f1fc02d130ab3b0bd0896c19ff467ca69a4b75d4afeb28e99c083adcf436a2438de739c0237f30002704002755abdafcf61d0182a83f179dcc8361bb575c12cc49513768859915b53b2e80213710814b99dbaf0af3dee89e190ba30bc121d1773f477373e07f796d421d41189dd0664647be0602d045e068be839696fd24d15d51950a2c23f0799767f33d2ac58ab10d77587d8272de0d2a3f1298ef247d83c345957df2fe703fe40b135144f5295d991c300175c41cf816fc7d3625695be193cd815b18d695a56e427798cb8269bc21e2c77102146cec3a8efb2020fb876e064355437fb222b082d835d53b3d5c7999a3b27e0a7179a2ba72af8053541e5da2fc8376681d4e38628d14a57b7eec3680ea417b2850251181c299071e66ff3235d3808d93d960ce6c29e20796aff6dfcd9b1fab67fa92b1f36559b9d364aedcc3e10cf2da5aa54d7bbe40139f85b5f458d6d7046d5f625e693db0b34256ee7bc29a1f8890f285900d39dfe67fc9b36fb4c65606202a612f6e7b0648c2175584ee89a8255ad74e36a7696bbd7f07232439767efda62e822347261c5ea986888a87aec2b6bdb586614ae6e039bf7fa4312065cfaa593a8e1049e05b9f1233be7bd6282ada8a72e961330211f06660b88dff930df65e34897a2ceb608711f9b9ecb1253673ae013942c78a9056b914d815485af95a1b5621b05af8992ad0f440c779768c4e0ae85eda4abb59085d0b4dc458b0c5ecdf3160f9b48109dbeda5d0709453ce62a90aba6b9fbae5abf8f4d9d4ba7df457874008aa731be22f5805aa1b9c3af837d310644025723f123357dbe9efe8ff0d7977d31071e1401e247c26ade654d8a834199b6e2ff2aacab289d295150e10f3387b1a6e2d1574bcdab66cf7fd9c001629a05b6157737c2d9d6df2527a0b8b2acd9aefec022acb2614db1af06e8baee6823f43385f75a63d96ba07d323625dccaa9b9d257b568aebfae1501b7168d8428ad8b4fc536722733ce29905c3952f2cabd052521fb799a7ed8b3216df959e3a1a4eae21e220288a4c9caac6630aa3b9e68d0f6381da227f7b37979c5bddd7eb598c9606bb6e4ade20f951dae3a977011326e175d6c8f17e71b8ede077da0bddc274d6cf3c2c1ad45e5662f2535cc4d07615f7f4f99adb05a78063e0180fc07409a9f18b83a9f11e6db57e43be4eb903a84db31eb3d4f2936751b57ee6735e672bc7af359d8587bb9c10b2a79828d000f9592b1c31c9fac830b1bb0868959ca3cc984986980f1d0a6bd19639921c476711bc524ec6b02c4f914c4ab53387fe658573e76aab433d6aabcad072c646901c46e59eac750f29e9938435ca6e43ebedbe2f2bab5f5b3d0ab4ae5004e2c86ef96dec08227859afe48b9267878f6bbb8904fa07f9bc8a7518af11af6b8c5d9244689d72f547fe7fd210d426327426c0606f6cee5a4a6114e2fe1f69b8012a883025e79ddfe6170e5c11df7528020e840274fc871478e8b858de2a46ed7484d069124bef03ba9cb32cce174314178acf72d2af57bf7f89f195197f96ab3b1169dccb2a594b841dd3c113ae7cf7b94a9dc3ec0727fed90cdd509fb4150d2eab5f3d988bc164b7a66075616d8147fa668a790bb3c5cad71675f2bd0a8575855dec23e3d543bca27b3f751016ec32748b541b7776fc77c006c35fa76c353a9d339477dc5883584ceb6162e7d278b6c79eeec436e254ce9f1fd9db72661a4bd97e362369d89d58c1d31718c020a54da1e2df989ac94d5f95f4864c527de5e1931a968924f3e6092487b189f4ca011ef73b441484acd5d16bed3b168d18a84a95d2f26afb0d926ab0d54c0fc44f3ada20da6d1309d9e4f046098a4a3fabe539be313a2fd3c64ea7cc1190a6e31140258212bfeab8c06cd224e32700c879dda71ebb43b6ffe113d99aa1096cccb11cf18912fcc268613115bacffbf4bb648860a1314cb0eacd7dfec7cb8a4e088c958ce7398921b26f5bfd90d27bbecbc45fd5a3bf37008f03a8be65b31b1c7320eb9e8446d1f6ccd561c7659399ac2b8e59aa812e8ffc682b94b04cb3992ab15cea1badfc9bbf3e8b8d21ded4a7fd72997a10de979fe71e61ff859799e80a8c2d6e83e1752103bcb35f3668dede83ea565a386ae849f154ed17140fc24418989c321869917f1bfc0b5e924c62f25d54c43cc86487578bfa23584be194d7cf9bc3e3168d80c0b19a27b8f1c5eee001be14541da38fd4dbff12fc5d49f5ed15dda63374a479bb3f2adac00a3241293fb7937dcc0000000000000009d1a3b538d5eeab52cdde1bb223ee3c5e3aae84088c35691d1c124322aa0540182cc82b0dd4318d8a6e2534c0ad", 0x8c1, 0x0, 0x0, 0x0) r3 = gettid() sendmsg(r0, &(0x7f000003c000)={0x0, 0x0, &(0x7f000005dfe0)=[{&(0x7f000002ff67)='}', 0x1}], 0x1, &(0x7f000003ae30)}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000000d000)={0xffffffffffffffff}) dup3(r2, r4, 0x0) close(r0) ioctl$int_in(r4, 0x5452, &(0x7f0000008ff8)=0x3e) fcntl$setown(r1, 0x8, r3) fcntl$setsig(r4, 0xa, 0x12) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) tkill(r3, 0x16) [ 65.474252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.483602] Call Trace: [ 65.486202] dump_stack+0x185/0x1d0 [ 65.489845] panic+0x39d/0x940 [ 65.493072] ? fib_create_info+0x554/0x8d20 [ 65.497399] kmsan_report+0x238/0x240 [ 65.501210] __msan_warning_32+0x6c/0xb0 [ 65.505279] fib_create_info+0x554/0x8d20 [ 65.509446] ? save_stack_trace+0xa5/0xf0 [ 65.513606] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 65.519071] ? kmsan_set_origin_inline+0x6b/0x120 2018/04/07 05:58:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000001780)=@nl=@kern={0x10}, 0x80, &(0x7f0000001840), 0x0, &(0x7f0000006c00)}}], 0x1, 0x0) [ 65.523917] ? __msan_poison_alloca+0x15c/0x1d0 [ 65.528601] ? inet_rtm_newroute+0x210/0x340 [ 65.533018] ? fib_table_insert+0xbc/0x2820 [ 65.537349] fib_table_insert+0x3b6/0x2820 [ 65.541604] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 65.546982] ? fib_new_table+0x247/0x670 [ 65.551053] inet_rtm_newroute+0x210/0x340 [ 65.555297] ? fib_del_ifaddr+0x35c0/0x35c0 [ 65.559618] rtnetlink_rcv_msg+0xa32/0x1560 [ 65.563947] ? SyS_sendmsg+0x54/0x80 [ 65.567662] ? netlink_sendmsg+0x9a6/0x1310 [ 65.571995] ? ___sys_sendmsg+0xec0/0x1310 2018/04/07 05:58:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}], 0x1, 0x0) [ 65.576235] ? SYSC_sendmsg+0x2a3/0x3d0 [ 65.580213] ? SyS_sendmsg+0x54/0x80 [ 65.583931] ? do_syscall_64+0x309/0x430 [ 65.588001] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 65.593370] ? __msan_poison_alloca+0x15c/0x1d0 [ 65.598048] ? _raw_spin_unlock_bh+0x57/0x70 [ 65.602472] ? __local_bh_enable_ip+0x3b/0x140 [ 65.607054] ? _raw_spin_unlock_bh+0x57/0x70 [ 65.611467] ? kmsan_set_origin_inline+0x6b/0x120 [ 65.616313] ? kmsan_set_origin+0x9e/0x160 [ 65.620552] netlink_rcv_skb+0x355/0x5f0 2018/04/07 05:58:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}], 0x1, 0x0) [ 65.624622] ? rtnetlink_bind+0x120/0x120 [ 65.628779] rtnetlink_rcv+0x50/0x60 [ 65.632502] netlink_unicast+0x1672/0x1750 [ 65.636762] ? rtnetlink_net_exit+0xa0/0xa0 [ 65.641101] netlink_sendmsg+0x1048/0x1310 [ 65.645349] ? netlink_getsockopt+0xc80/0xc80 [ 65.649855] ___sys_sendmsg+0xec0/0x1310 [ 65.653922] ? __fdget+0x4e/0x60 [ 65.657303] SYSC_sendmsg+0x2a3/0x3d0 [ 65.661118] SyS_sendmsg+0x54/0x80 [ 65.664663] do_syscall_64+0x309/0x430 [ 65.668564] ? ___sys_sendmsg+0x1310/0x1310 [ 65.672894] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 65.678082] RIP: 0033:0x455259 [ 65.681266] RSP: 002b:00007ff4a0bafc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.688971] RAX: ffffffffffffffda RBX: 00007ff4a0bb06d4 RCX: 0000000000455259 [ 65.696238] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000013 [ 65.703515] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 65.710786] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 65.718041] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 65.725750] Dumping ftrace buffer: [ 65.729278] (ftrace buffer empty) [ 65.732962] Kernel Offset: disabled [ 65.736564] Rebooting in 86400 seconds..