INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. 2018/04/11 12:54:02 fuzzer started 2018/04/11 12:54:03 dialing manager at 10.128.0.26:36259 2018/04/11 12:54:10 kcov=true, comps=false 2018/04/11 12:54:12 executing program 0: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000029c0)={&(0x7f0000000400)={0x10}, 0xc, &(0x7f0000002980)={&(0x7f0000000440)=ANY=[]}, 0x1}, 0x0) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000f18000)={0x0, 0x0, &(0x7f000076dff0)=[{&(0x7f0000c21f67)="240000000104f50000f90000000008000c20faff0900010003e800603300000001ab001f", 0x24}], 0x1}, 0x0) 2018/04/11 12:54:12 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f0000000180)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000002e80)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f00000001c0)={0x94, r1, 0x405, 0x0, 0x0, {0x1}, [{{0x8, 0x1, r2}, {0x54, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6}}}]}}]}, 0x94}, 0x1}, 0x0) 2018/04/11 12:54:12 executing program 7: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x6, 0x21, &(0x7f0000000000)={{{@in, @in6=@local={0xfe, 0x80, [], 0xaa}}}, {{@in=@dev={0xac, 0x14, 0x14}}, 0x0, @in=@broadcast=0xffffffff}}, 0x10) 2018/04/11 12:54:12 executing program 3: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@random="cdf276000805", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "110c11", 0x38, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0x4, 0x0, 0x0, 0x0, [], {0x0, 0x6, "cb155d", 0x0, 0x2f, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}, [], "8df06558eb6a17d1"}}}}}}}, 0x0) 2018/04/11 12:54:12 executing program 1: syz_emit_ethernet(0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="cd3997030f0000000000000086dd60b40900003067000000080000000000000000ffff00000000020000000000000800000000000001210090780000000060b680fa0000000000000000000000000000ffffffffffff00000000000000000000ffffac14ffbb"], 0x0) 2018/04/11 12:54:12 executing program 4: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0xc568, 0x108000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000ec0)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000e80)={&(0x7f0000000c00)=@acquire={0x128, 0x17, 0x301, 0x0, 0x0, {{@in6=@ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}}, @in=@local={0xac, 0x14, 0x14, 0xaa}, {@in6, @in6}, {{@in=@multicast1=0xe0000001, @in6=@mcast1={0xff, 0x1, [], 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa}}}}, 0x128}, 0x1}, 0x0) 2018/04/11 12:54:12 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/11 12:54:12 executing program 6: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@random="cdf276000805", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "110c11", 0x38, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0x3, 0x0, 0x0, 0x0, [], {0x0, 0x6, "cb155d", 0x0, 0x2f, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}, [], "8df06558eb6a17d1"}}}}}}}, 0x0) syzkaller login: [ 44.929649] ip (3743) used greatest stack depth: 54688 bytes left [ 45.148955] ip (3762) used greatest stack depth: 54672 bytes left [ 45.762966] ip (3820) used greatest stack depth: 54656 bytes left [ 46.052627] ip (3849) used greatest stack depth: 53960 bytes left [ 48.654142] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.669260] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.803675] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.833989] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.907844] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.920009] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.085309] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.102177] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.541782] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.611682] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.690909] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.866338] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.931675] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.049187] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.071737] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.141649] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.422585] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.428880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.448710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.471485] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.481528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.517234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.555010] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.573264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.598721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.737516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.743756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.753810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.784603] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.793965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.843016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.884693] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.890984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.901992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.957458] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.963720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.972610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.106664] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.112995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.131978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/11 12:54:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8912, &(0x7f0000000100)={"f47158643040fc0c01dc6d00"}) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000040)) [ 59.651272] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 59.730097] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. 2018/04/11 12:54:30 executing program 0: r0 = socket$nl_generic(0x2, 0x3, 0x10) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x2, 0x0, 0xe0}, 0x243, &(0x7f0000000400)={&(0x7f0000000180)={0x14, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x14}, 0x1}, 0x0) 2018/04/11 12:54:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8912, &(0x7f0000000100)={"f47158643040fc0c01dc6d00"}) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f0000000040)) 2018/04/11 12:54:30 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$netlink(r0, 0x10e, 0x5, &(0x7f00008f9000)=""/12, &(0x7f0000000000)=0xc) 2018/04/11 12:54:30 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/11 12:54:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$netlink(r0, 0x10e, 0x9, &(0x7f00008f9000)=""/12, &(0x7f0000000000)=0xc) 2018/04/11 12:54:30 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000000)=0x50, 0x4) 2018/04/11 12:54:30 executing program 7: r0 = socket$nl_generic(0x2, 0x2, 0x88) sendmsg(r0, &(0x7f00000026c0)={&(0x7f0000000080)=@in={0x2, 0x4e24, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x80, &(0x7f0000001300), 0x0, &(0x7f0000000180)}, 0x0) 2018/04/11 12:54:30 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000cecffc), 0x4) r1 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'yam0\x00', 0x4012}) 2018/04/11 12:54:30 executing program 1: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={"d208d7f6300000ae000000880000e710", 0x101}) r1 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000001c0)={"d208d7f6300000ae000000880000e710", 0x101}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'bcsh0\x00', 0x400}) 2018/04/11 12:54:30 executing program 4: r0 = perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0x98, 0x4, 0x6, 0x901, 0x0, 0x0, {}, [@nested={0x74, 0x0, [@generic="1ded8125dea6b6ff8e443942937647f8c945d00a38ca143beef29e80ec6483f82a858b0f3b1870639e1c3ae4fb12445e74fd43011c9ac995d95f87d16427b068507292f4e5f057b1fdbe557613bfbffd1a010f3f576d4350e8c5aa6c2b09878a566ba1559fefa7e7cc1f4aff9f0afabd"]}, @nested={0x10, 0x0, [@typed={0x8, 0x0, @fd=r0}, @typed={0x4}]}]}, 0x98}, 0x1}, 0x0) 2018/04/11 12:54:30 executing program 3: 2018/04/11 12:54:30 executing program 2: 2018/04/11 12:54:30 executing program 0: 2018/04/11 12:54:30 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/11 12:54:30 executing program 7: 2018/04/11 12:54:30 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/11 12:54:30 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000006000)="1b0000001200030f07fffd946fa283bc04eee6d87986c497271d85", 0x1b}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000001440)={0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001b00)=""/4096, 0x1000}, {&(0x7f0000000040)=""/204, 0xcc}, {&(0x7f00000001c0)=""/27, 0x1b}, {&(0x7f0000000200)=""/202, 0xca}, {&(0x7f0000001500)=""/236, 0xec}, {&(0x7f0000001600)=""/163, 0xa3}], 0x6, &(0x7f0000001740)=""/236, 0xec}, 0x0) recvmsg(r0, &(0x7f00000014c0)={&(0x7f0000000000)=ANY=[], 0x0, &(0x7f0000001400), 0x0, &(0x7f0000001480)=""/53, 0x35}, 0x0) recvmsg(r0, &(0x7f0000001ac0)={&(0x7f00000013c0)=@hci, 0xc, &(0x7f0000001a40)}, 0x0) 2018/04/11 12:54:30 executing program 6: 2018/04/11 12:54:30 executing program 3: 2018/04/11 12:54:30 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8912, &(0x7f0000000040)={"f4716e6c3040fc0c01dc6d00"}) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000080)) 2018/04/11 12:54:30 executing program 2: 2018/04/11 12:54:30 executing program 4: 2018/04/11 12:54:30 executing program 7: creat(&(0x7f00000001c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) link(&(0x7f0000f3bff8)='./file0\x00', &(0x7f00009db000)='./file1\x00') [ 60.840523] netlink: 7 bytes leftover after parsing attributes in process `syz-executor0'. 2018/04/11 12:54:30 executing program 6: 2018/04/11 12:54:30 executing program 2: 2018/04/11 12:54:30 executing program 3: 2018/04/11 12:54:30 executing program 4: 2018/04/11 12:54:30 executing program 7: [ 60.927105] netlink: 7 bytes leftover after parsing attributes in process `syz-executor0'. [ 60.961706] netlink: 7 bytes leftover after parsing attributes in process `syz-executor0'. 2018/04/11 12:54:31 executing program 1: 2018/04/11 12:54:31 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) [ 61.050595] netlink: 7 bytes leftover after parsing attributes in process `syz-executor0'. 2018/04/11 12:54:31 executing program 2: [ 61.135593] netlink: 7 bytes leftover after parsing attributes in process `syz-executor0'. [ 61.223665] netlink: 7 bytes leftover after parsing attributes in process `syz-executor0'. 2018/04/11 12:54:31 executing program 6: 2018/04/11 12:54:31 executing program 3: 2018/04/11 12:54:31 executing program 4: 2018/04/11 12:54:31 executing program 7: 2018/04/11 12:54:31 executing program 1: 2018/04/11 12:54:31 executing program 2: 2018/04/11 12:54:31 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000006000)="1b0000001200030f07fffd946fa283bc04eee6d87986c497271d85", 0x1b}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000001440)={0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001b00)=""/4096, 0x1000}, {&(0x7f0000000040)=""/204, 0xcc}, {&(0x7f00000001c0)=""/27, 0x1b}, {&(0x7f0000000200)=""/202, 0xca}, {&(0x7f0000001500)=""/236, 0xec}, {&(0x7f0000001600)=""/163, 0xa3}], 0x6, &(0x7f0000001740)=""/236, 0xec}, 0x0) recvmsg(r0, &(0x7f00000014c0)={&(0x7f0000000000)=ANY=[], 0x0, &(0x7f0000001400), 0x0, &(0x7f0000001480)=""/53, 0x35}, 0x0) recvmsg(r0, &(0x7f0000001ac0)={&(0x7f00000013c0)=@hci, 0xc, &(0x7f0000001a40)}, 0x0) 2018/04/11 12:54:31 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) [ 61.283200] netlink: 7 bytes leftover after parsing attributes in process `syz-executor0'. [ 61.317301] netlink: 7 bytes leftover after parsing attributes in process `syz-executor0'. 2018/04/11 12:54:31 executing program 6: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="cdf276000805", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "110c11", 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff83, 0x0, 0x0, 0x0, [], {0x0, 0x6, "cb155d", 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}}}}}}}}, 0x0) 2018/04/11 12:54:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000002c0)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000003ac0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000005fc0)={&(0x7f0000000300)={0x10}, 0xc, &(0x7f0000005f80)={&(0x7f00000057c0)={0x60, r1, 0x1, 0x0, 0x0, {0x1}, [{{0x8, 0x1, r2}, {0x44, 0x2, [{0x40, 0x1, @name={{0x30, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1}, 0x0) 2018/04/11 12:54:31 executing program 4: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@random="cdf276000805", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "110c11", 0x38, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0x6, 0x0, 0x0, 0x0, [], {0x0, 0x6, "cb155d", 0x0, 0x2f, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}, [], "8df06558eb6a17d1"}}}}}}}, 0x0) 2018/04/11 12:54:31 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/11 12:54:31 executing program 7: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tun(&(0x7f0000000000)="2f6465762f6e6574c874756e00", 0x0, 0x2200) 2018/04/11 12:54:31 executing program 1: 2018/04/11 12:54:31 executing program 2: 2018/04/11 12:54:31 executing program 0: 2018/04/11 12:54:31 executing program 6: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="cdf276000805", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "110c11", 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff83, 0x0, 0x0, 0x0, [], {0x0, 0x6, "cb155d", 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}}}}}}}}, 0x0) 2018/04/11 12:54:31 executing program 1: 2018/04/11 12:54:31 executing program 7: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="cdf276000805", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "110c11", 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff80, 0x0, 0x0, 0x0, [], {0x0, 0x6, "cb155d", 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}}}}}}}}, 0x0) 2018/04/11 12:54:31 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={&(0x7f0000000180)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f000001000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000010000000000e000000100000000000000000000000000000000000000000200000000000b00", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000044000500ff010000000000000000000000000001000000003300000000000000e00000010000000000000000000000000000000000000000000000000000000000000000"], 0x5}, 0x1}, 0x0) 2018/04/11 12:54:31 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) ftruncate(0xffffffffffffffff, 0x7fff) sendfile(r1, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/11 12:54:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f0000000180)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000002e80)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f00000001c0)={0x94, r1, 0x405, 0x0, 0x0, {0x1}, [{{0x8, 0x1, r2}, {0x78, 0x2, [{0x64, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6}}}]}}]}, 0x94}, 0x1}, 0x0) 2018/04/11 12:54:31 executing program 0: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x2, 0x6, 0x21) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10d, 0x11, &(0x7f0000000ffc), 0x4) 2018/04/11 12:54:31 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000080)="24000000210001000700fd686fa2f8bc0200000000000000271d85946d4fc1222a8eb3e9", 0x24}], 0x1}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x480, 0x0, 0x0, 0x258, 0x398, 0x398, 0x398, 0x4, &(0x7f0000000040), {[{{@uncond, 0xf0, 0x118}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x3}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0xc}, @broadcast=0xffffffff, 0xff000000, 0xffffffff, @mac=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, {[0xff, 0x0, 0xff, 0x0, 0x0, 0xff]}, @empty, {[0xff, 0xff, 0x0, 0x0, 0x0, 0xff]}, 0x7fffffff, 0xfe4b, 0x80000001, 0x3, 0x9, 0x0, 'eql\x00', 'bond_slave\x00', {}, {}, 0x0, 0x8}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @empty, @loopback=0x7f000001, @local={0xac, 0x14, 0x14, 0xaa}, 0x5}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local={0xac, 0x14, 0x14, 0xaa}, @local={0xac, 0x14, 0x14, 0xaa}, 0x2, 0xffffffff}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4d0) 2018/04/11 12:54:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8912, &(0x7f0000000100)={"f47158643040fc0c01dc6d00"}) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) 2018/04/11 12:54:32 executing program 7: sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="0000000057b2f5718a18e21900004801005f686173685f66756e630000000000000000000000000a000020000000000b0000000c0004"], 0x1}, 0x1}, 0x0) r0 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x890c, &(0x7f0000000500)={'team0\x00'}) 2018/04/11 12:54:32 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000080)="24000000210001000700fd686fa2f8bc0200000000000000271d85946d4fc1222a8eb3e9", 0x24}], 0x1}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x480, 0x0, 0x0, 0x258, 0x398, 0x398, 0x398, 0x4, &(0x7f0000000040), {[{{@uncond, 0xf0, 0x118}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x3}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0xc}, @broadcast=0xffffffff, 0xff000000, 0xffffffff, @mac=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, {[0xff, 0x0, 0xff, 0x0, 0x0, 0xff]}, @empty, {[0xff, 0xff, 0x0, 0x0, 0x0, 0xff]}, 0x7fffffff, 0xfe4b, 0x80000001, 0x3, 0x9, 0x0, 'eql\x00', 'bond_slave\x00', {}, {}, 0x0, 0x8}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @empty, @loopback=0x7f000001, @local={0xac, 0x14, 0x14, 0xaa}, 0x5}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local={0xac, 0x14, 0x14, 0xaa}, @local={0xac, 0x14, 0x14, 0xaa}, 0x2, 0xffffffff}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4d0) 2018/04/11 12:54:32 executing program 6: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="cdf276000805", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "110c11", 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff83, 0x0, 0x0, 0x0, [], {0x0, 0x6, "cb155d", 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}}}}}}}}, 0x0) 2018/04/11 12:54:32 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00') readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/122, 0x7a}], 0x1) 2018/04/11 12:54:32 executing program 4: 2018/04/11 12:54:32 executing program 3: 2018/04/11 12:54:32 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) ftruncate(0xffffffffffffffff, 0x7fff) sendfile(r1, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/11 12:54:32 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000080)="24000000210001000700fd686fa2f8bc0200000000000000271d85946d4fc1222a8eb3e9", 0x24}], 0x1}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x480, 0x0, 0x0, 0x258, 0x398, 0x398, 0x398, 0x4, &(0x7f0000000040), {[{{@uncond, 0xf0, 0x118}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x3}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0xc}, @broadcast=0xffffffff, 0xff000000, 0xffffffff, @mac=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, {[0xff, 0x0, 0xff, 0x0, 0x0, 0xff]}, @empty, {[0xff, 0xff, 0x0, 0x0, 0x0, 0xff]}, 0x7fffffff, 0xfe4b, 0x80000001, 0x3, 0x9, 0x0, 'eql\x00', 'bond_slave\x00', {}, {}, 0x0, 0x8}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @empty, @loopback=0x7f000001, @local={0xac, 0x14, 0x14, 0xaa}, 0x5}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local={0xac, 0x14, 0x14, 0xaa}, @local={0xac, 0x14, 0x14, 0xaa}, 0x2, 0xffffffff}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4d0) 2018/04/11 12:54:32 executing program 1: msgsnd(0x0, &(0x7f000010d000), 0x8, 0x0) msgrcv(0x0, &(0x7f0000000000)={0x0, ""/56}, 0x40, 0x3, 0x3000) msgsnd(0x0, &(0x7f0000be2f0a)=ANY=[@ANYBLOB="000000e5"], 0x1, 0x0) 2018/04/11 12:54:32 executing program 4: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x10000000005}, 0xfffffffffffffe54) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x201a7f1b, 0x0, 0x201a7fd7, 0xa, 0x0, 0xffffffc0}], {0x95}}, &(0x7f0000f59000)='GPL\x00', 0x6, 0xfcb6, &(0x7f00001a7f05)=""/251}, 0x48) 2018/04/11 12:54:32 executing program 7: sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="0000000057b2f5718a18e21900004801005f686173685f66756e630000000000000000000000000a000020000000000b0000000c0004"], 0x1}, 0x1}, 0x0) r0 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x890c, &(0x7f0000000500)={'team0\x00'}) 2018/04/11 12:54:32 executing program 0: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc), 0x4) r1 = socket$inet(0x2, 0x8000000000000003, 0x2f) sendto$inet(r1, &(0x7f000014cf2c), 0x0, 0x8000, &(0x7f00005b5ff0)={0x2}, 0x10) sendto$inet(r1, &(0x7f0000000040)="20100000e37a572e", 0x8, 0x0, &(0x7f0000cf9000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10) 2018/04/11 12:54:32 executing program 6: syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="cdf276000805", @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "110c11", 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff83, 0x0, 0x0, 0x0, [], {0x0, 0x6, "cb155d", 0x0, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}}}}}}}}, 0x0) 2018/04/11 12:54:32 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000080)="24000000210001000700fd686fa2f8bc0200000000000000271d85946d4fc1222a8eb3e9", 0x24}], 0x1}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x480, 0x0, 0x0, 0x258, 0x398, 0x398, 0x398, 0x4, &(0x7f0000000040), {[{{@uncond, 0xf0, 0x118}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x3}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0xc}, @broadcast=0xffffffff, 0xff000000, 0xffffffff, @mac=@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, {[0xff, 0x0, 0xff, 0x0, 0x0, 0xff]}, @empty, {[0xff, 0xff, 0x0, 0x0, 0x0, 0xff]}, 0x7fffffff, 0xfe4b, 0x80000001, 0x3, 0x9, 0x0, 'eql\x00', 'bond_slave\x00', {}, {}, 0x0, 0x8}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @empty, @loopback=0x7f000001, @local={0xac, 0x14, 0x14, 0xaa}, 0x5}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local={0xac, 0x14, 0x14, 0xaa}, @local={0xac, 0x14, 0x14, 0xaa}, 0x2, 0xffffffff}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4d0) 2018/04/11 12:54:32 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x22, &(0x7f000002dcd8)=@raw={"050000000200020000000000000000001800000003030000ff3f00", 0x9, 0x3, 0x1, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x258, 0xffffffff, 0xffffffff, 0x258, 0xffffffff, 0x3, &(0x7f000002bfd0), {[{{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "c14000e57af108cc6c74028119fb719d84b855ae79c03bcd889e253bc457"}}, {{@uncond, 0x0, 0xa8, 0x349}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x328) 2018/04/11 12:54:32 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xfc) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) ftruncate(0xffffffffffffffff, 0x7fff) sendfile(r1, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x8000fffffffe) [ 62.510685] ================================================================== [ 62.518135] BUG: KMSAN: uninit-value in __skb_flow_dissect+0x401f/0x6580 [ 62.524977] CPU: 0 PID: 5273 Comm: syz-executor0 Not tainted 4.16.0+ #83 [ 62.531812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.541152] Call Trace: [ 62.543738] dump_stack+0x185/0x1d0 [ 62.547357] ? __skb_flow_dissect+0x401f/0x6580 [ 62.552015] kmsan_report+0x142/0x240 [ 62.555834] __msan_warning_32+0x6c/0xb0 [ 62.559882] __skb_flow_dissect+0x401f/0x6580 [ 62.564374] ? __msan_chain_origin+0x69/0xc0 [ 62.568771] ? SyS_sendto+0x8a/0xb0 [ 62.572388] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.577736] ? __dev_queue_xmit+0x22d9/0x2b60 [ 62.582216] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 62.587656] __skb_get_hash_symmetric+0x10b/0x230 [ 62.592492] packet_rcv_fanout+0x38f/0x8d0 [ 62.596726] ? packet_direct_xmit+0xbf0/0xbf0 [ 62.601216] dev_queue_xmit_nit+0x111a/0x11e0 [ 62.605702] dev_hard_start_xmit+0x27c/0xc70 [ 62.610104] __dev_queue_xmit+0x22d9/0x2b60 [ 62.614421] dev_queue_xmit+0x4b/0x60 [ 62.618213] neigh_resolve_output+0xac6/0xb60 [ 62.622700] ? neigh_event_ns+0x360/0x360 [ 62.626832] ip_finish_output2+0x1238/0x1380 [ 62.631230] ip_finish_output+0xcb0/0xff0 [ 62.635364] ip_output+0x502/0x5c0 [ 62.638887] ? ip_mc_finish_output+0x3b0/0x3b0 [ 62.643460] ? ip_finish_output+0xff0/0xff0 [ 62.647775] ip_send_skb+0x5f3/0x820 [ 62.651474] ? __ip_local_out+0x5b0/0x5b0 [ 62.655613] ip_push_pending_frames+0x105/0x170 [ 62.660271] raw_sendmsg+0x2960/0x3ed0 [ 62.664158] ? compat_raw_ioctl+0x100/0x100 [ 62.668467] inet_sendmsg+0x48d/0x740 [ 62.672257] ? security_socket_sendmsg+0x9e/0x210 [ 62.677086] ? inet_getname+0x500/0x500 [ 62.681060] SYSC_sendto+0x6c3/0x7e0 [ 62.684758] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 62.690193] ? prepare_exit_to_usermode+0x149/0x3a0 [ 62.695202] SyS_sendto+0x8a/0xb0 [ 62.698640] do_syscall_64+0x309/0x430 [ 62.702540] ? SYSC_getpeername+0x560/0x560 [ 62.706851] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.712029] RIP: 0033:0x455259 [ 62.715203] RSP: 002b:00007f9e3f308c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 62.722912] RAX: ffffffffffffffda RBX: 00007f9e3f3096d4 RCX: 0000000000455259 [ 62.730167] RDX: 0000000000000008 RSI: 0000000020000040 RDI: 0000000000000014 [ 62.737426] RBP: 000000000072bea0 R08: 0000000020cf9000 R09: 0000000000000010 [ 62.744691] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 62.751946] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 62.759201] [ 62.760805] Uninit was stored to memory at: [ 62.765115] kmsan_internal_chain_origin+0x12b/0x210 [ 62.770199] kmsan_memcpy_origins+0x11d/0x170 [ 62.774675] __msan_memcpy+0x19f/0x1f0 [ 62.778545] skb_copy_bits+0x63a/0xdb0 [ 62.782416] __skb_flow_dissect+0x3931/0x6580 [ 62.786900] __skb_get_hash_symmetric+0x10b/0x230 [ 62.791725] packet_rcv_fanout+0x38f/0x8d0 [ 62.795943] dev_queue_xmit_nit+0x111a/0x11e0 [ 62.800421] dev_hard_start_xmit+0x27c/0xc70 [ 62.804820] __dev_queue_xmit+0x22d9/0x2b60 [ 62.809125] dev_queue_xmit+0x4b/0x60 [ 62.812909] neigh_resolve_output+0xac6/0xb60 [ 62.817389] ip_finish_output2+0x1238/0x1380 [ 62.821779] ip_finish_output+0xcb0/0xff0 [ 62.825907] ip_output+0x502/0x5c0 [ 62.829429] ip_send_skb+0x5f3/0x820 [ 62.833128] ip_push_pending_frames+0x105/0x170 [ 62.837777] raw_sendmsg+0x2960/0x3ed0 [ 62.841649] inet_sendmsg+0x48d/0x740 [ 62.845436] SYSC_sendto+0x6c3/0x7e0 [ 62.849131] SyS_sendto+0x8a/0xb0 [ 62.852569] do_syscall_64+0x309/0x430 [ 62.856446] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.861610] Uninit was created at: [ 62.865135] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 62.870132] kmsan_alloc_page+0x82/0xe0 [ 62.874090] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 62.878826] alloc_pages_current+0x6b5/0x970 [ 62.883213] skb_page_frag_refill+0x3ba/0x5e0 [ 62.887693] sk_page_frag_refill+0xa4/0x340 [ 62.891997] __ip_append_data+0x107e/0x3d10 [ 62.896304] ip_append_data+0x2fb/0x440 [ 62.900263] raw_sendmsg+0x287b/0x3ed0 [ 62.904133] inet_sendmsg+0x48d/0x740 [ 62.907919] SYSC_sendto+0x6c3/0x7e0 [ 62.911620] SyS_sendto+0x8a/0xb0 [ 62.915053] do_syscall_64+0x309/0x430 [ 62.918926] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.924095] ================================================================== [ 62.931462] Disabling lock debugging due to kernel taint [ 62.936894] Kernel panic - not syncing: panic_on_warn set ... [ 62.936894] [ 62.944269] CPU: 0 PID: 5273 Comm: syz-executor0 Tainted: G B 4.16.0+ #83 [ 62.952400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.961734] Call Trace: [ 62.964309] dump_stack+0x185/0x1d0 [ 62.967920] panic+0x39d/0x940 [ 62.971114] ? __skb_flow_dissect+0x401f/0x6580 [ 62.975765] kmsan_report+0x238/0x240 [ 62.979549] __msan_warning_32+0x6c/0xb0 [ 62.983598] __skb_flow_dissect+0x401f/0x6580 [ 62.988077] ? __msan_chain_origin+0x69/0xc0 [ 62.992493] ? SyS_sendto+0x8a/0xb0 [ 62.996105] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.001460] ? __dev_queue_xmit+0x22d9/0x2b60 [ 63.005943] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 63.011386] __skb_get_hash_symmetric+0x10b/0x230 [ 63.016218] packet_rcv_fanout+0x38f/0x8d0 [ 63.020445] ? packet_direct_xmit+0xbf0/0xbf0 [ 63.024925] dev_queue_xmit_nit+0x111a/0x11e0 [ 63.029413] dev_hard_start_xmit+0x27c/0xc70 [ 63.033821] __dev_queue_xmit+0x22d9/0x2b60 [ 63.038136] dev_queue_xmit+0x4b/0x60 [ 63.041924] neigh_resolve_output+0xac6/0xb60 [ 63.046408] ? neigh_event_ns+0x360/0x360 [ 63.050542] ip_finish_output2+0x1238/0x1380 [ 63.054939] ip_finish_output+0xcb0/0xff0 [ 63.059073] ip_output+0x502/0x5c0 [ 63.062612] ? ip_mc_finish_output+0x3b0/0x3b0 [ 63.067178] ? ip_finish_output+0xff0/0xff0 [ 63.071492] ip_send_skb+0x5f3/0x820 [ 63.075189] ? __ip_local_out+0x5b0/0x5b0 [ 63.079331] ip_push_pending_frames+0x105/0x170 [ 63.083988] raw_sendmsg+0x2960/0x3ed0 [ 63.087893] ? compat_raw_ioctl+0x100/0x100 [ 63.092197] inet_sendmsg+0x48d/0x740 [ 63.095986] ? security_socket_sendmsg+0x9e/0x210 [ 63.100815] ? inet_getname+0x500/0x500 [ 63.104774] SYSC_sendto+0x6c3/0x7e0 [ 63.108474] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 63.113906] ? prepare_exit_to_usermode+0x149/0x3a0 [ 63.118915] SyS_sendto+0x8a/0xb0 [ 63.122366] do_syscall_64+0x309/0x430 [ 63.126250] ? SYSC_getpeername+0x560/0x560 [ 63.130557] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.135730] RIP: 0033:0x455259 [ 63.138903] RSP: 002b:00007f9e3f308c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 63.146592] RAX: ffffffffffffffda RBX: 00007f9e3f3096d4 RCX: 0000000000455259 [ 63.153844] RDX: 0000000000000008 RSI: 0000000020000040 RDI: 0000000000000014 [ 63.161097] RBP: 000000000072bea0 R08: 0000000020cf9000 R09: 0000000000000010 [ 63.168347] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 63.175597] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 63.183295] Dumping ftrace buffer: [ 63.186814] (ftrace buffer empty) [ 63.190501] Kernel Offset: disabled [ 63.194116] Rebooting in 86400 seconds..