[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.032971] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.882395] random: sshd: uninitialized urandom read (32 bytes read) [ 20.348564] random: sshd: uninitialized urandom read (32 bytes read) [ 21.007528] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. [ 26.911038] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/29 07:55:29 fuzzer started [ 28.116695] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/29 07:55:32 dialing manager at 10.128.0.26:36683 2018/08/29 07:55:37 syscalls: 1 2018/08/29 07:55:37 code coverage: enabled 2018/08/29 07:55:37 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/29 07:55:37 setuid sandbox: enabled 2018/08/29 07:55:37 namespace sandbox: enabled 2018/08/29 07:55:37 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/29 07:55:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/29 07:55:37 net packed injection: enabled 2018/08/29 07:55:37 net device setup: enabled [ 35.456997] random: crng init done INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes 07:56:59 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a4cc80700315f85715070") syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x2, 0x0) r1 = eventfd2(0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000d4a000)) writev(r1, &(0x7f00000007c0)=[{&(0x7f0000000740)="77b2770dbfdb54f4", 0x8}], 0x1) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r2, &(0x7f0000000300)={0x80000000000009}) socket$inet(0x2, 0x1, 0x0) clock_gettime(0x2, &(0x7f0000000000)) open(&(0x7f0000000000)='.\x00', 0x8400, 0x0) personality(0xc) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r4 = epoll_create1(0x80006) r5 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r5, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$BLKSECDISCARD(r6, 0x127d, &(0x7f0000000500)=0x6) r7 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r7, 0x9) r8 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r8, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101000, 0x0) preadv(r4, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) ppoll(&(0x7f00000001c0)=[{r8, 0x8000}, {r9, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r8, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00000002c0)) 07:56:59 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/arp\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)="6f6f6d5f61646a00000026e7080900040000") sendfile(r1, r0, &(0x7f0000000040)=0x5d, 0x1c00000000004) 07:56:59 executing program 7: syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0xffffff88, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x70}, @dev}}}}}}, &(0x7f0000000100)={0x1, 0x1}) 07:56:59 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={&(0x7f0000000000), 0xc, &(0x7f0000000500)={&(0x7f00000002c0)=@updpolicy={0xb8, 0x19, 0x21, 0x0, 0x0, {{@in, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xb8}}, 0x0) 07:56:59 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x9, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 07:56:59 executing program 4: r0 = socket(0xa, 0x802, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000006c0)=@broute={'broute\x00', 0x20, 0x2, 0x138, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000200], 0x0, &(0x7f0000000100), &(0x7f0000000200)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x17, 0x0, 0x0, 'lo\x00', 'ip6gre0\x00', 'veth1\x00', 'veth0_to_team\x00', @empty, [], @link_local, [], 0x70, 0x70, 0xa8}}, @common=@mark={'mark\x00', 0x10}}]}]}, 0x1b0) 07:56:59 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) sendmsg$key(r0, &(0x7f000033efc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00009b9000)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 07:56:59 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, &(0x7f00000001c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r1, &(0x7f0000005fc0), 0x80000000000006a, 0x0) [ 117.190219] IPVS: Creating netns size=2536 id=1 [ 117.261942] IPVS: Creating netns size=2536 id=2 [ 117.308674] IPVS: Creating netns size=2536 id=3 [ 117.348601] IPVS: Creating netns size=2536 id=4 [ 117.403199] IPVS: Creating netns size=2536 id=5 [ 117.466094] IPVS: Creating netns size=2536 id=6 [ 117.514964] IPVS: Creating netns size=2536 id=7 [ 117.602966] IPVS: Creating netns size=2536 id=8 [ 118.103896] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.170004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.285860] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.339330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.453162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.476302] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.514653] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.541673] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.553450] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 118.569876] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.604871] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.624736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 118.656304] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.673876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.725791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.739527] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 118.753314] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.794740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 118.822420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.879310] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 118.916572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.952091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 118.966932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.027115] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.039312] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.047115] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.062491] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.073730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.092912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.137844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.178962] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.190506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.198312] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.207716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.215922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.250900] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.267513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.275058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.297985] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.305560] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.363742] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.388320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.395900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.408564] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.416191] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.431214] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.455431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.484341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.495531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.514870] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.522987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.530957] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.543382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.551176] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.562714] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.577923] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.585460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.610789] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.622468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.638656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.648249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.655764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.679782] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.687648] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.695177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.704154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.711997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.720136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.733110] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.751917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.762085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.770240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.778529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.786057] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.793683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.806799] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.817505] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.826853] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.839691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.847208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.872874] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.880455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.892102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.910829] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.930868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.948305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.959727] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.975175] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.001194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.018854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.036523] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.050084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.059293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.094989] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.117919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.125515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.455158] ip (4763) used greatest stack depth: 23608 bytes left [ 123.934629] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.151505] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.164309] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.175833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.185450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.258634] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.359251] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.365522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.374793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.459704] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.468898] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.480303] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.504934] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.513340] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.528206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.535000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.698596] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.704764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.717297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.726797] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.733893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.741424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.750725] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.758063] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.774306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.782175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.808004] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.815802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.824284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 125.017192] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 125.029099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 125.039534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 126.058744] syz-executor1 (6766): /proc/6763/oom_adj is deprecated, please use /proc/6763/oom_score_adj instead. 07:57:08 executing program 1: request_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180), &(0x7f00000001c0)='\x00', 0xfffffffffffffffb) 07:57:09 executing program 1: syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000040)='./file1\x00', 0x400000002040401, 0x1, &(0x7f0000000300)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010ab801027410f0", 0x16}], 0x0, &(0x7f00000001c0)) 07:57:09 executing program 3: mkdir(&(0x7f0000000300)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rmdir(&(0x7f0000000040)='./control\x00') close(r0) [ 126.201356] FAT-fs (loop1): bogus number of directory entries (513) [ 126.249751] FAT-fs (loop1): Can't find a valid FAT filesystem 07:57:09 executing program 1: r0 = socket(0x10, 0x3, 0x9) r1 = syz_open_procfs(0x0, &(0x7f0000000180)="2f657865000000d400042a004bddd9de91be10eebf00f5e94aae22e89bb36cc7457accc3320c67a90f79805843e901d2da75af1f000000000000000045cc6158f031528844209c7ed05b160ef336721bf89686ff472f71dfca5353f6323ddf8006ffc1052d6a80985adc68017065648b35c7d321fc5c0466062fbfad5acbe7ff6cefe53c88c05ab970ceebdfa589098ad40d080deb2488f9e4069682b14483f113cb6979b2f390179a18e26b4088f1f31ed04a0a681f002e007436947475ab073711c98ae3b4259f1a1aff9b09aa66cb90ca43a1dbc6de15abb4ae739f9e8f047cd29ec76b9ef6beb7839f8071aaea4d247e6a9514748c93d0bb01a7c37ca6c856327af81f296d2c2c07c2d63b") sendfile(r0, r1, &(0x7f0000000000), 0x80000002) 07:57:09 executing program 2: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c"], 0x1) fallocate(r0, 0x0, 0x0, 0x4003ff) write$cgroup_type(r0, &(0x7f0000000240)='threaded\x00', 0xf96d) fallocate(r0, 0x3, 0x5ffe, 0x8001) fallocate(r0, 0x3, 0x5e89, 0xfff9) [ 126.334816] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=258 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 07:57:09 executing program 3: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fchmod(0xffffffffffffffff, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/full\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) fcntl$setlease(r2, 0x406, 0x0) 07:57:09 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x100, 0xff1f) sendto$inet6(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x96dd3f40b346414, &(0x7f0000000000)={0xa, 0x0, 0x40020000000005, @ipv4={[], [], @broadcast}}, 0x1c) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000006040)=[{{&(0x7f0000005ec0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000006000)=[{&(0x7f0000005f40)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, &(0x7f0000006240)={0x0, 0x989680}) 07:57:09 executing program 7: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000006000)={{}, {0x0, @random="7eb1d5afe48f"}, 0x1a, {0x2, 0x0, @remote}, 'veth0_to_team\x00'}) [ 126.394686] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=10557 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.457212] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1200 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.505172] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.519894] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=9348 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.535794] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=18630 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.548690] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=64137 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.568075] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=12712 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.587710] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=12544 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.605119] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5 sclass=netlink_audit_socket pig=6842 comm=syz-executor1 [ 126.607424] hrtimer: interrupt took 52544 ns [ 126.612073] ================================================================== [ 126.612092] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1838/0x1b80 [ 126.612098] Read of size 8 at addr ffff8801caf08a18 by task syz-executor6/6899 [ 126.612100] [ 126.612109] CPU: 0 PID: 6899 Comm: syz-executor6 Not tainted 4.9.124-g09eb2ba #31 [ 126.612126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.612141] ffff8801d963f540 ffffffff81eb95e9 ffffea00072bc200 ffff8801caf08a18 [ 126.612166] 0000000000000000 ffff8801caf08a18 0000000000000040 ffff8801d963f578 [ 126.612189] ffffffff8156c35e ffff8801caf08a18 0000000000000008 0000000000000000 [ 126.612191] Call Trace: [ 126.612202] [] dump_stack+0xc1/0x128 [ 126.612215] [] print_address_description+0x6c/0x234 [ 126.612224] [] kasan_report.cold.6+0x242/0x2fe [ 126.612234] [] ? ip6_xmit+0x1838/0x1b80 [ 126.612256] [] __asan_report_load8_noabort+0x14/0x20 [ 126.612278] [] ip6_xmit+0x1838/0x1b80 [ 126.612287] [] ? kasan_slab_free+0x72/0xc0 [ 126.612297] [] ? ip6_finish_output2+0x1d00/0x1d00 [ 126.612310] [] ? trace_hardirqs_on+0x10/0x10 [ 126.612319] [] ? __lock_is_held+0xa2/0xf0 [ 126.612328] [] ? ipv4_dst_check+0x111/0x160 [ 126.612338] [] ? __sk_dst_check+0x114/0x240 [ 126.612347] [] inet6_csk_xmit+0x27c/0x4d0 [ 126.612357] [] ? inet6_csk_xmit+0xff/0x4d0 [ 126.612379] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 126.612389] [] ? check_preemption_disabled+0x3b/0x170 [ 126.612398] [] l2tp_xmit_skb+0xc45/0xf30 [ 126.612407] [] pppol2tp_sendmsg+0x4e0/0x790 [ 126.612416] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 126.612438] [] ? pppol2tp_release+0x2e0/0x2e0 [ 126.612448] [] sock_sendmsg+0xcc/0x110 [ 126.612471] [] ___sys_sendmsg+0x47a/0x840 [ 126.612480] [] ? copy_msghdr_from_user+0x560/0x560 [ 126.612489] [] ? futex_wake+0x146/0x450 [ 126.612498] [] ? retint_kernel+0x2d/0x2d [ 126.612521] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 126.612540] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 126.612552] [] ? check_preemption_disabled+0x3b/0x170 [ 126.612560] [] ? retint_kernel+0x2d/0x2d [ 126.612571] [] ? sockfd_lookup_light+0x6e/0x160 [ 126.612580] [] ? sockfd_lookup_light+0x6e/0x160 [ 126.612588] [] __sys_sendmmsg+0x161/0x3d0 [ 126.612595] [] ? SyS_sendmsg+0x50/0x50 [ 126.612603] [] ? ip6_datagram_connect+0x3a/0x50 [ 126.612613] [] ? inet_dgram_connect+0x11e/0x200 [ 126.612621] [] ? fput+0xd2/0x140 [ 126.612630] [] ? SYSC_connect+0x22a/0x300 [ 126.612640] [] ? SYSC_bind+0x280/0x280 [ 126.612650] [] ? SyS_futex+0x206/0x310 [ 126.612658] [] ? do_futex+0x17c0/0x17c0 [ 126.612667] [] ? SyS_socket+0x121/0x1b0 [ 126.612676] [] ? move_addr_to_kernel+0x50/0x50 [ 126.612684] [] ? do_vfs_ioctl+0x11a0/0x11a0 [ 126.612692] [] SyS_sendmmsg+0x35/0x60 [ 126.612699] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 126.612707] [] do_syscall_64+0x1a6/0x490 [ 126.612723] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 126.612725] [ 126.612729] Allocated by task 0: [ 126.612731] (stack is not available) [ 126.612739] [ 126.612742] Freed by task 0: [ 126.612743] (stack is not available) [ 126.612745] [ 126.612750] The buggy address belongs to the object at ffff8801caf08a00 [ 126.612750] which belongs to the cache ip_dst_cache of size 216 [ 126.612757] The buggy address is located 24 bytes inside of [ 126.612757] 216-byte region [ffff8801caf08a00, ffff8801caf08ad8) [ 126.612759] The buggy address belongs to the page: [ 126.612768] page:ffffea00072bc200 count:1 mapcount:0 mapping: (null) index:0xffff8801caf08500 [ 126.612773] flags: 0x8000000000000080(slab) [ 126.612776] page dumped because: kasan: bad access detected [ 126.612777] [ 126.612779] Memory state around the buggy address: [ 126.612787] ffff8801caf08900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 126.612793] ffff8801caf08980: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 126.612799] >ffff8801caf08a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 126.612802] ^ [ 126.612808] ffff8801caf08a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 126.612814] ffff8801caf08b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 126.612816] ================================================================== [ 126.612818] Disabling lock debugging due to kernel taint [ 126.612861] Kernel panic - not syncing: panic_on_warn set ... [ 126.612861] [ 126.612872] CPU: 0 PID: 6899 Comm: syz-executor6 Tainted: G B 4.9.124-g09eb2ba #31 [ 126.612877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.612890] ffff8801d963f4a0 ffffffff81eb95e9 ffffffff843c828b 00000000ffffffff [ 126.612902] 0000000000000000 0000000000000000 0000000000000040 ffff8801d963f560 [ 126.612915] ffffffff81423eb5 0000000041b58ab3 ffffffff843bb8e8 ffffffff81423cf6 [ 126.612916] Call Trace: [ 126.612926] [] dump_stack+0xc1/0x128 [ 126.612937] [] panic+0x1bf/0x3bc [ 126.612947] [] ? add_taint.cold.6+0x16/0x16 [ 126.612957] [] kasan_end_report+0x47/0x4f [ 126.612965] [] kasan_report.cold.6+0x76/0x2fe [ 126.612973] [] ? ip6_xmit+0x1838/0x1b80 [ 126.612982] [] __asan_report_load8_noabort+0x14/0x20 [ 126.612991] [] ip6_xmit+0x1838/0x1b80 [ 126.612999] [] ? kasan_slab_free+0x72/0xc0 [ 126.613022] [] ? ip6_finish_output2+0x1d00/0x1d00 [ 126.613030] [] ? trace_hardirqs_on+0x10/0x10 [ 126.613039] [] ? __lock_is_held+0xa2/0xf0 [ 126.613050] [] ? ipv4_dst_check+0x111/0x160 [ 126.613072] [] ? __sk_dst_check+0x114/0x240 [ 126.613081] [] inet6_csk_xmit+0x27c/0x4d0 [ 126.613088] [] ? inet6_csk_xmit+0xff/0x4d0 [ 126.613097] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 126.613118] [] ? check_preemption_disabled+0x3b/0x170 [ 126.613126] [] l2tp_xmit_skb+0xc45/0xf30 [ 126.613136] [] pppol2tp_sendmsg+0x4e0/0x790 [ 126.613146] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 126.613153] [] ? pppol2tp_release+0x2e0/0x2e0 [ 126.613161] [] sock_sendmsg+0xcc/0x110 [ 126.613169] [] ___sys_sendmsg+0x47a/0x840 [ 126.613178] [] ? copy_msghdr_from_user+0x560/0x560 [ 126.613185] [] ? futex_wake+0x146/0x450 [ 126.613192] [] ? retint_kernel+0x2d/0x2d [ 126.613201] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 126.613208] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 126.613216] [] ? check_preemption_disabled+0x3b/0x170 [ 126.613223] [] ? retint_kernel+0x2d/0x2d [ 126.613231] [] ? sockfd_lookup_light+0x6e/0x160 [ 126.613239] [] ? sockfd_lookup_light+0x6e/0x160 [ 126.613246] [] __sys_sendmmsg+0x161/0x3d0 [ 126.613253] [] ? SyS_sendmsg+0x50/0x50 [ 126.613270] [] ? ip6_datagram_connect+0x3a/0x50 [ 126.613280] [] ? inet_dgram_connect+0x11e/0x200 [ 126.613289] [] ? fput+0xd2/0x140 [ 126.613297] [] ? SYSC_connect+0x22a/0x300 [ 126.613307] [] ? SYSC_bind+0x280/0x280 [ 126.613317] [] ? SyS_futex+0x206/0x310 [ 126.613325] [] ? do_futex+0x17c0/0x17c0 [ 126.613332] [] ? SyS_socket+0x121/0x1b0 [ 126.613341] [] ? move_addr_to_kernel+0x50/0x50 [ 126.613348] [] ? do_vfs_ioctl+0x11a0/0x11a0 [ 126.613354] [] SyS_sendmmsg+0x35/0x60 [ 126.613361] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 126.613368] [] do_syscall_64+0x1a6/0x490 [ 126.613376] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 126.617333] Dumping ftrace buffer: [ 126.617338] (ftrace buffer empty) [ 126.617341] Kernel Offset: disabled [ 127.450280] Rebooting in 86400 seconds..