INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. 2018/04/11 12:51:56 fuzzer started 2018/04/11 12:51:56 dialing manager at 10.128.0.26:36259 2018/04/11 12:52:02 kcov=true, comps=false 2018/04/11 12:52:05 executing program 0: r0 = perf_event_open(&(0x7f00003a8000)={0x2, 0x70, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000580)="637075262bd1ee06fdfeff003c12b8d0cc69bf7fffcc364d7878b2fe44890167ffa75134df22ad89c89b0d2f370b516a8ce79ae526ff77f602d72272e82ad32838002955c2db00000000000000050fb902ae9f2109333b00e30335ecfd7e89bff18829cb97541bd006bf3dcf376e93a15906083ba783fa3e7318893c26819bee569f728184be5efc06cc650d421908182b69c3730e559e2b6ca237f264987ed574e36cd3efc75aaf3c623ee9175cac8cd745ead1044fd7e82f7f65b71c79a10e2e605929cf8ccab2eadac54d1c3e7dae98996be67c10d7c236cde0355ab2fb0aaaaccdb64cd11d4db1b927234daae71562f2a40fa04b9aa17664350a37eb524808950700") 2018/04/11 12:52:05 executing program 2: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x5451, 0x0) 2018/04/11 12:52:05 executing program 7: r0 = socket$inet(0x2b, 0x1, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000140)={{{@in=@local={0xac, 0x14, 0x14, 0xaa}, @in=@remote={0xac, 0x14, 0x14, 0xbb}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3f}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14}, 0x0, 0x33}, 0x0, @in6=@ipv4={[], [0xff, 0xff], @rand_addr}}}, 0xe8) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @multicast2=0xe0000002}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23}, 0x10) 2018/04/11 12:52:05 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x7d, 0x2}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x5, 0x0, 0x201a7fb1}], {0x95}}, &(0x7f000031cff6)='syzkaller\x00', 0x1, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 2018/04/11 12:52:05 executing program 4: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0xc568, 0x108000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xf, 0x2, &(0x7f0000000180)=@raw=[@map={0x18, 0x0, 0x1}], &(0x7f00000001c0)='GPL\x00', 0x0, 0xa2, &(0x7f0000000200)=""/162}, 0x48) 2018/04/11 12:52:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x30, r1, 0x501, 0x0, 0x0, {0x2}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1}, @IPVS_SVC_ATTR_PORT={0x8, 0x4}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2}]}]}, 0x30}, 0x1}, 0x0) 2018/04/11 12:52:05 executing program 5: r0 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'vhan0\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x0, &(0x7f0000000140)}) 2018/04/11 12:52:05 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8912, &(0x7f0000000000)={"f4716e6c30ff000000dc6d00"}) r1 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x101280) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0) syzkaller login: [ 41.610781] ip (3761) used greatest stack depth: 54688 bytes left [ 42.652681] ip (3860) used greatest stack depth: 54200 bytes left [ 45.254130] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.314249] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.331569] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.416605] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.542218] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.564115] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.597406] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.618129] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.212235] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.238221] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.336333] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.378664] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.455700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.473940] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.650812] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.660521] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.002634] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.008907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.022627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.040528] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.050440] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.074482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.107246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.135176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.167633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.200677] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.207354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.216392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.252643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.261656] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.274114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.299311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.329734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.353503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.454096] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.461466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.475802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.509530] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.518181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.547618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/11 12:52:22 executing program 2: syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x88caffff, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 2018/04/11 12:52:22 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00001400000086dd6020a17e00102b00fe8000000000000000dccf839900000000000000fe8000000000000000000000000000aa0400880b000000000000ec1e2effa950e79dee7dce0800000086dd0000000074fb258ed109891aeb230000020000000000a1459d74c899327c00000000000000000000000000000000000000000000"], 0x0) 2018/04/11 12:52:22 executing program 7: r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000001e00)={&(0x7f0000000840)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000000980)=""/188, 0xbc}, {&(0x7f0000000a40)=""/89, 0x59}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/208, 0xd0}, {&(0x7f0000001bc0)=""/228, 0xe4}], 0x5, &(0x7f0000001d40)=""/161, 0xa1}, 0x0) 2018/04/11 12:52:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0xc568, 0x108000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet(0x2, 0x80001, 0x0, &(0x7f00000000c0)) 2018/04/11 12:52:22 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 2018/04/11 12:52:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'sit0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001400010100000000000000000a000000", @ANYBLOB="14000200fe8000000000000000000000000000001400060008000000030000000000000800000000"], 0x2}, 0x1}, 0x0) 2018/04/11 12:52:22 executing program 2: syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x88caffff, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 2018/04/11 12:52:22 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000bc0)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendto$inet(r0, &(0x7f0000000c00), 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2=0xe0000002}, 0x10) 2018/04/11 12:52:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x30, r1, 0x501, 0x0, 0x0, {0x2}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1}, @IPVS_SVC_ATTR_PORT={0x8, 0x4}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2}]}]}, 0x30}, 0x1}, 0x0) [ 56.824466] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 56.832099] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. 2018/04/11 12:52:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0xc568, 0x108000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet(0x2, 0x80001, 0x0, &(0x7f00000000c0)) 2018/04/11 12:52:22 executing program 2: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)=@flushpolicy={0x10, 0x1d, 0x365dabd4b2e7ae61}, 0x10}, 0x1}, 0x0) 2018/04/11 12:52:22 executing program 6: r0 = syz_open_dev$tun(&(0x7f0000000280)="2f6465762f6e6574c874756e00", 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2000004, 0x2002002012, r0, 0x0) r1 = socket$inet(0x2, 0x6, 0x0) getsockopt$inet_mreqsrc(r1, 0x0, 0x53, &(0x7f0000000140)={@dev, @local, @broadcast}, &(0x7f0000000040)=0xc) 2018/04/11 12:52:22 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x3, 0x4) sendmsg(r0, &(0x7f0000000900)={&(0x7f00000004c0)=@in6={0xa, 0x4e21, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c, &(0x7f00000007c0), 0x0, &(0x7f0000000800)}, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f00000005c0)={&(0x7f0000000400)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @local}}}, 0x32, &(0x7f0000000480), 0x0, &(0x7f0000000500)=""/155, 0x9b}, 0x40012060) 2018/04/11 12:52:22 executing program 5: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x10000000005}, 0xfffffffffffffe54) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x201a7f1b, 0x0, 0x201a7fd7, 0xa, 0x0, 0xffffffc0}], {0x95}}, &(0x7f0000f59000)='GPL\x00', 0x6, 0xfcb6, &(0x7f00001a7f05)=""/251}, 0x48) [ 56.928320] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 56.935948] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. [ 56.949768] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 56.957273] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. 2018/04/11 12:52:23 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00004c6f8b)='mounts\x00') readv(r0, &(0x7f0000000740)=[{&(0x7f00000004c0)=""/245, 0xf5}, {&(0x7f0000000640)=""/240, 0xf0}], 0x2) [ 57.110913] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 57.118498] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. [ 57.254111] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 57.261694] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. 2018/04/11 12:52:23 executing program 3: r0 = socket$inet6(0x10, 0x800000003, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@nl=@kern={0x10}, 0x80, &(0x7f0000000040)=[{&(0x7f0000018000)="5500000018007fb1b72d1cb2a4a280a80a06390000a843020a052369250009001000001c02000000060005000200005a000000dc1338d544000a9b84226eb75afb83de448daa7227c43ab8220000060cec4fab91d4", 0x55}], 0x1, &(0x7f0000006000)}, 0x0) 2018/04/11 12:52:23 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x709000)=nil, 0x709000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) 2018/04/11 12:52:23 executing program 6: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet(r0, &(0x7f0000ac0fbb)="c4", 0x1, 0x0, &(0x7f00006e2000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2018/04/11 12:52:23 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x6, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x2, 0x270, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000140], 0x0, &(0x7f0000000000), &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x15, 0x0, 0x0, 'nr0\x00', 'teql0\x00', 'bcsf0\x00', 'rose0\x00', @empty, [], @link_local={0x1, 0x80, 0xc2}, [], 0x70, 0x70, 0xf0}, [@common=@LED={'LED\x00', 0x28, {{'syz0\x00'}}}]}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffc, 0x1, [{{{0x1d, 0x0, 0x0, 'ip6gretap0\x00', 'gretap0\x00', 'eql\x00', 'bpq0\x00', @link_local={0x1, 0x80, 0xc2}, [], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], 0x70, 0x70, 0xc0}}, @common=@IDLETIMER={'IDLETIMER\x00', 0x58, {{0x0, 'syz0\x00'}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xfffffffffffffffe}]}, 0x2e8) 2018/04/11 12:52:23 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1002, 0x5, 0x13, r0, 0x0) 2018/04/11 12:52:23 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x0, 0x0, {0x4}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}, 0x1}, 0x0) 2018/04/11 12:52:23 executing program 7: r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000001e00)={&(0x7f0000000840)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000000980)=""/188, 0xbc}, {&(0x7f0000000a40)=""/89, 0x59}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/208, 0xd0}, {&(0x7f0000001bc0)=""/228, 0xe4}], 0x5, &(0x7f0000001d40)=""/161, 0xa1}, 0x0) 2018/04/11 12:52:23 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f000001bff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000040)=0x1ff, 0x4) connect$inet(r0, &(0x7f0000024ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000000180)}, 0x0) [ 57.375797] netlink: 17 bytes leftover after parsing attributes in process `syz-executor3'. [ 57.420204] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 57.427732] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. 2018/04/11 12:52:23 executing program 2: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) 2018/04/11 12:52:23 executing program 6: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet(r0, &(0x7f0000ac0fbb)="c4", 0x1, 0x0, &(0x7f00006e2000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2018/04/11 12:52:23 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f0000001580)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000000)={&(0x7f0000000280)={0x10}, 0xc, &(0x7f0000002600)={&(0x7f0000002540)={0x60, r1, 0x2000000000801, 0x0, 0x0, {0x1}, [{{0x8, 0x1, r2}, {0x44, 0x2, [{0x37, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4}}, {0x8, 0x7}}}]}}]}, 0x60}, 0x1}, 0x0) 2018/04/11 12:52:23 executing program 0: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @multicast2=0xe0000002}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23}, 0x10) 2018/04/11 12:52:23 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x200000000000005b, &(0x7f0000000040)=[{0x8}]}, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000380)={'bridge0\x00', &(0x7f0000000040)=ANY=[]}) [ 57.531724] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 57.539255] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. 2018/04/11 12:52:23 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f000001bff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000040)=0x1ff, 0x4) connect$inet(r0, &(0x7f0000024ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000000180)}, 0x0) 2018/04/11 12:52:23 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f000001bff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000040)=0x1ff, 0x4) connect$inet(r0, &(0x7f0000024ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000000180)}, 0x0) [ 57.680466] netlink: 'syz-executor7': attribute type 29 has an invalid length. [ 57.688020] netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. 2018/04/11 12:52:23 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000003ec0)=[{{&(0x7f0000001200)=@generic, 0x80, &(0x7f0000000040), 0x2000000000000036, &(0x7f0000001480)=""/163, 0x9b}}, {{&(0x7f0000002ac0)=@l2, 0xe, &(0x7f0000003dc0), 0x0, &(0x7f00000000c0)=""/170, 0xaa}}], 0x2, 0x0, &(0x7f0000000080)={0x77359400}) write$binfmt_misc(r0, &(0x7f0000001540)=ANY=[@ANYBLOB], 0x4) close(r1) 2018/04/11 12:52:23 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f29000)={0x0, 0x0, &(0x7f00005c1ff0)={&(0x7f0000000280)=ANY=[@ANYBLOB="020a00000700000000000000000000f805001a0000000800fcff00180000000000000000fe8000000000ddffffffffefffff00000200000086c21e1af906d3aad85b0a40cbe59a5f75987a990df6ac6c059a2d3db9a7df80de7656d006902da877b77d43d30b603ed68ad737e5941a19667bcab2d80fba820b0a83670ae2a72321b4d231a2541800325aaca9e965de57f567820d6ac0fe400f7a534440b6c34185db16d505b121b2ea2c663c22cc22303eccf3a68f1c47447b7a7f25b9685ec99a2a80569486970211071a4928b58e3c8e2001f8efa3a25740e045375f64a53c3b482e3978f05ee2507f5ec4b6463bee3a8e394dd3b4f0f3a1715aae53c13519eaf9706e0c88adfc264abe28a596ee28637174273d731bc9954afdf65a36b7c3ca1d7152be9d056bbea2c8"], 0x12b}, 0x1}, 0x0) 2018/04/11 12:52:23 executing program 6: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet(r0, &(0x7f0000ac0fbb)="c4", 0x1, 0x0, &(0x7f00006e2000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2018/04/11 12:52:23 executing program 4: 2018/04/11 12:52:23 executing program 5: 2018/04/11 12:52:23 executing program 1: 2018/04/11 12:52:23 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000000)) 2018/04/11 12:52:23 executing program 7: creat(&(0x7f0000000240)='./file0\x00', 0x0) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00") 2018/04/11 12:52:23 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)) 2018/04/11 12:52:24 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x5, 0x13, r0, 0x0) 2018/04/11 12:52:24 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00') readv(r0, &(0x7f0000001400)=[{&(0x7f0000000140)=""/46, 0x2e}, {&(0x7f00000012c0)=""/226, 0xe2}], 0x2) 2018/04/11 12:52:24 executing program 0: 2018/04/11 12:52:24 executing program 4: 2018/04/11 12:52:24 executing program 1: 2018/04/11 12:52:24 executing program 2: 2018/04/11 12:52:24 executing program 7: 2018/04/11 12:52:24 executing program 3: 2018/04/11 12:52:24 executing program 6: 2018/04/11 12:52:24 executing program 5: 2018/04/11 12:52:24 executing program 4: 2018/04/11 12:52:24 executing program 1: 2018/04/11 12:52:24 executing program 3: 2018/04/11 12:52:24 executing program 7: 2018/04/11 12:52:24 executing program 0: 2018/04/11 12:52:24 executing program 6: 2018/04/11 12:52:24 executing program 2: 2018/04/11 12:52:24 executing program 5: 2018/04/11 12:52:24 executing program 3: 2018/04/11 12:52:24 executing program 0: 2018/04/11 12:52:24 executing program 7: 2018/04/11 12:52:24 executing program 4: 2018/04/11 12:52:24 executing program 1: 2018/04/11 12:52:24 executing program 2: 2018/04/11 12:52:24 executing program 6: 2018/04/11 12:52:24 executing program 3: 2018/04/11 12:52:24 executing program 5: 2018/04/11 12:52:24 executing program 0: syz_emit_ethernet(0x230, &(0x7f0000007000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @random="cf2bb43c40b8", [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, @multicast1=0xe0000001}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5}}}}}}, 0x0) 2018/04/11 12:52:24 executing program 1: syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe000, 0x0, 0x0, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 2018/04/11 12:52:24 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3f) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x36, &(0x7f0000000140)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x0, 0xf0, 0x0, 0xffffffff, 0xffffffff, 0x2a8, 0x2a8, 0x2a8, 0xffffffff, 0x4, &(0x7f0000000100), {[{{@ipv6={@remote={0xfe, 0x80, [], 0xbb}, @ipv4={[], [0xff, 0xff]}, [], [], 'syzkaller0\x00', 'eql\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}, {{@ipv6={@remote={0xfe, 0x80, [], 0xbb}, @loopback={0x0, 0x1}, [], [], 'erspan0\x00', 'eql\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x3d8) 2018/04/11 12:52:24 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x4e20}, 0x1c) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000000)=@nfc, 0x10, &(0x7f0000000080), 0xfc, &(0x7f0000000100)=""/128, 0x80}, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001000)="8e86a4b9500a1139a0d93a78de7ed00ae239537b41a4eacfcfd438dfbe84ef20bd7e66cfb9bde86f5b1d1bae840e6c373fd2d58909d8ac8f1aca1b6e95b92948d4525d", 0x43}], 0x1, &(0x7f0000002000)}, 0x8000) recvmsg(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f0000001000)=""/4096, 0x1000}, 0x0) sendmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000002ff0)=[{&(0x7f0000000040)="bce5", 0x2}], 0x1, &(0x7f000000ae80)}, 0x0) 2018/04/11 12:52:24 executing program 7: r0 = socket$inet(0x2, 0x6, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000200)="2f6465762f6e6574c874756e00", 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x2002002012, r1, 0x0) getsockopt$inet_mreqsrc(r0, 0x10d, 0x0, &(0x7f0000000080)={@dev, @local, @broadcast}, &(0x7f0000000040)=0xe3) 2018/04/11 12:52:24 executing program 6: r0 = syz_open_dev$tun(&(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00'}) 2018/04/11 12:52:24 executing program 3: 2018/04/11 12:52:25 executing program 5: r0 = socket$inet(0x2, 0x805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @local={0xac, 0x14, 0x14, 0xaa}, 0x0, 0x0, 'sh\x00', 0x0, 0x10001, 0x39}, 0x2c) [ 59.831854] ================================================================== [ 59.839258] BUG: KMSAN: uninit-value in csum_partial_copy_to_user+0x450/0x500 [ 59.846516] CPU: 0 PID: 5293 Comm: syz-executor4 Not tainted 4.16.0+ #83 [ 59.853330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.862667] Call Trace: [ 59.865240] dump_stack+0x185/0x1d0 [ 59.868848] ? csum_partial_copy_to_user+0x450/0x500 [ 59.873938] kmsan_report+0x142/0x240 [ 59.877720] __msan_warning_32+0x6c/0xb0 [ 59.881777] csum_partial_copy_to_user+0x450/0x500 [ 59.886713] csum_and_copy_to_iter+0x3dc/0x2140 [ 59.891363] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.896183] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.900844] skb_copy_and_csum_datagram+0x6d2/0x1080 [ 59.905935] skb_copy_and_csum_datagram_msg+0x557/0x960 [ 59.911283] udpv6_recvmsg+0xc65/0x29e0 [ 59.915244] ? udp6_lib_lookup_skb+0x240/0x240 [ 59.919804] inet_recvmsg+0x4c2/0x5f0 [ 59.923595] sock_recvmsg+0x1d0/0x230 [ 59.927390] ? inet_sendpage+0x8c0/0x8c0 [ 59.931433] ___sys_recvmsg+0x3fb/0x810 [ 59.935404] ? __fget_light+0x56/0x710 [ 59.939272] ? __fdget+0x4e/0x60 [ 59.942620] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.947964] ? __fget_light+0x6b9/0x710 [ 59.951943] SYSC_recvmsg+0x298/0x3c0 [ 59.955749] SyS_recvmsg+0x54/0x80 [ 59.959278] do_syscall_64+0x309/0x430 [ 59.963157] ? ___sys_recvmsg+0x810/0x810 [ 59.967294] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.972461] RIP: 0033:0x455259 [ 59.975631] RSP: 002b:00007f4344ca0c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 59.983328] RAX: ffffffffffffffda RBX: 00007f4344ca16d4 RCX: 0000000000455259 [ 59.990584] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000013 [ 59.997835] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.005090] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.012343] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 60.019603] [ 60.021207] Uninit was created at: [ 60.024729] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 60.029740] kmsan_alloc_page+0x82/0xe0 [ 60.033695] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 60.038428] alloc_pages_current+0x6b5/0x970 [ 60.042824] skb_page_frag_refill+0x3ba/0x5e0 [ 60.047304] sk_page_frag_refill+0xa4/0x340 [ 60.051627] __ip6_append_data+0x1a20/0x4bb0 [ 60.056026] ip6_append_data+0x40e/0x6b0 [ 60.060096] udpv6_sendmsg+0xfd5/0x45b0 [ 60.064069] inet_sendmsg+0x48d/0x740 [ 60.067856] ___sys_sendmsg+0xec0/0x1310 [ 60.071895] SYSC_sendmsg+0x2a3/0x3d0 [ 60.075673] SyS_sendmsg+0x54/0x80 [ 60.079193] do_syscall_64+0x309/0x430 [ 60.083068] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.088535] ================================================================== [ 60.095882] Disabling lock debugging due to kernel taint [ 60.101307] Kernel panic - not syncing: panic_on_warn set ... [ 60.101307] [ 60.108667] CPU: 0 PID: 5293 Comm: syz-executor4 Tainted: G B 4.16.0+ #83 [ 60.116802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.126157] Call Trace: [ 60.128737] dump_stack+0x185/0x1d0 [ 60.132358] panic+0x39d/0x940 [ 60.135553] ? csum_partial_copy_to_user+0x450/0x500 [ 60.140635] kmsan_report+0x238/0x240 [ 60.144427] __msan_warning_32+0x6c/0xb0 [ 60.148489] csum_partial_copy_to_user+0x450/0x500 [ 60.153412] csum_and_copy_to_iter+0x3dc/0x2140 [ 60.158078] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.162900] ? __msan_poison_alloca+0x15c/0x1d0 [ 60.167569] skb_copy_and_csum_datagram+0x6d2/0x1080 [ 60.172662] skb_copy_and_csum_datagram_msg+0x557/0x960 [ 60.178025] udpv6_recvmsg+0xc65/0x29e0 [ 60.181999] ? udp6_lib_lookup_skb+0x240/0x240 [ 60.186568] inet_recvmsg+0x4c2/0x5f0 [ 60.190362] sock_recvmsg+0x1d0/0x230 [ 60.194145] ? inet_sendpage+0x8c0/0x8c0 [ 60.198197] ___sys_recvmsg+0x3fb/0x810 [ 60.202161] ? __fget_light+0x56/0x710 [ 60.206033] ? __fdget+0x4e/0x60 [ 60.209391] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 60.214733] ? __fget_light+0x6b9/0x710 [ 60.218691] SYSC_recvmsg+0x298/0x3c0 [ 60.222477] SyS_recvmsg+0x54/0x80 [ 60.225997] do_syscall_64+0x309/0x430 [ 60.229870] ? ___sys_recvmsg+0x810/0x810 [ 60.234011] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.239185] RIP: 0033:0x455259 [ 60.242352] RSP: 002b:00007f4344ca0c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 60.250043] RAX: ffffffffffffffda RBX: 00007f4344ca16d4 RCX: 0000000000455259 [ 60.257294] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000013 [ 60.264551] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.271809] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.279066] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 60.286821] Dumping ftrace buffer: [ 60.290341] (ftrace buffer empty) [ 60.294026] Kernel Offset: disabled [ 60.297626] Rebooting in 86400 seconds..