INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. 2018/04/05 22:56:34 fuzzer started 2018/04/05 22:56:35 dialing manager at 10.128.0.26:37565 syzkaller login: [ 34.346594] can: request_module (can-proto-0) failed. [ 34.356684] can: request_module (can-proto-0) failed. 2018/04/05 22:56:43 kcov=true, comps=true 2018/04/05 22:56:49 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000100)=0x3) r0 = syz_open_procfs(0x0, &(0x7f0000000140)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfa8840afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d") flistxattr(r0, &(0x7f0000000000)=""/2, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') 2018/04/05 22:56:49 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x5, 0x4, 0x119, 0x0, 0x25dfdbfe}, 0x14}, 0x1}, 0x0) 2018/04/05 22:56:49 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f0000000100)=ANY=[], 0x1023c) truncate(&(0x7f0000000100)='./file0\x00', 0x0) write(r1, &(0x7f0000000180)="15", 0x1) r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000300)='./file0\x00', 0x1, 0x0) sendfile(r3, r2, &(0x7f0000002b80), 0x7fffffff) 2018/04/05 22:56:49 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000308000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x1276, &(0x7f0000000000)={0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "3900ea631d00000000020000010000009f00000023f7b7d65f90b0e6330ee739b319d8f6aa6bd58d1443474482e85040fb4947ebb55bd19f335b5bffff0001f3", "cfa430745a540dc1c149b7b81579f6a41c51f7d51933223e82ab867dac761faf"}) 2018/04/05 22:56:49 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x101902) mlock2(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="aa", 0x1}], 0x1, 0x81003) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@multicast2, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@broadcast}}, &(0x7f00000003c0)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000400)={{{@in=@rand_addr=0xffffffffffffff81, @in6=@ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x0, 0x2, 0x4e21, 0x8048, 0x2, 0x80, 0x80, 0x3b, r2, r3}, {0x0, 0x725dfb99, 0x0, 0x0, 0x3ca07082, 0x0, 0x0, 0xfffffffe000}, {0x3f, 0x5da, 0x7fff}, 0x20, 0x0, 0x1}, {{@in6=@mcast2={0xff, 0x2, [], 0x1}, 0x4d5, 0xff}, 0x0, @in6=@mcast2={0xff, 0x2, [], 0x1}, 0x34ff, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1}}, 0xe8) sendfile(r0, r1, &(0x7f00000ddff8), 0x102000001) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYBLOB="f774cf1b08f7a344dbfcfedbf6552f5eb13a21fc539bfacde8d1ea099694482daec57a1bbc72b081700d68a6938d2806ca2cd596c713c30c01898803ef5f476904fd55e83f1f0b2618bffadcf329cbd66a8b3736377f84a35cf78e9c8947605c51f7db7fd3c29dfb203a434aaf1c9fca7f7ae2523684a6dcc1c37c87f73992b4762ac29641400ba02f75119d00ce43c8a1ac8b4189b302a29819c9dc7fe6f3001534b6c53f07f373b594573780fe20599479e8edbc3db9e887"], &(0x7f0000000040)=0x2) 2018/04/05 22:56:50 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x2, 0x170, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000140], 0x0, &(0x7f0000000100), &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0x0, 0x1, [{{{0x0, 0x0, 0x0, 'gre0\x00', 'rose0\x00', 'bcsh0\x00', 'syzkaller1\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], @random="887c6add101b", [], 0x70, 0x70, 0xe0}}, @common=@nflog={'nflog\x00', 0x4c, {{0x0, 0x0, 0x0, 0x0, 0x0, "58f0e525fbf515e7dc38c1a615b1890ed247ea238b0ba7c659453bbc2a089db814bd63c84cb024dcd3090514b5ffda2956f36502c72139a72ddb5a10824259b9"}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}]}, 0x1f0) 2018/04/05 22:56:50 executing program 5: syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000400)={{{@in=@rand_addr, @in6=@ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, {}, {0x3f, 0x5da}}, {{@in6=@mcast2={0xff, 0x2, [], 0x1}}, 0x0, @in6=@mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xe8) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x8) 2018/04/05 22:56:50 executing program 6: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000100)=@file={0x1, "e91f7189591e9233614b00"}, 0x6e) listen(r1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) connect(r2, &(0x7f0000931ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc) connect(r0, &(0x7f0000987ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r1, 0x5) [ 41.398743] IPVS: ftp: loaded support on port[0] = 21 [ 41.410791] IPVS: ftp: loaded support on port[0] = 21 [ 41.410895] IPVS: ftp: loaded support on port[0] = 21 [ 41.420968] IPVS: ftp: loaded support on port[0] = 21 [ 41.473215] IPVS: ftp: loaded support on port[0] = 21 [ 41.484151] IPVS: ftp: loaded support on port[0] = 21 [ 41.515902] IPVS: ftp: loaded support on port[0] = 21 [ 41.533280] IPVS: ftp: loaded support on port[0] = 21 [ 44.598652] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.625651] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.638955] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.664250] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.684095] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.691601] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.701620] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.711509] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.442660] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.449264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.587878] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.594052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.619448] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.625590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.650304] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.656459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.673504] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.679669] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.692313] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.698635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.726577] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.732727] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.777264] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.783412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.909048] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.075662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.123899] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.135620] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.160733] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.170896] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.180969] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.286248] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.404942] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.413192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.428887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/05 22:56:59 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000140)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfa8840afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d") flistxattr(r0, &(0x7f0000000000)=""/2, 0x2) [ 50.587665] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.593929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.608202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.635267] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.645374] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.653594] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.660705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.673470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/05 22:56:59 executing program 5: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_unlink(&(0x7f0000fc4ffb)='eth0\x00') perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0x0, &(0x7f0000e0b000)) mq_timedsend(r0, &(0x7f0000307ffd), 0x0, 0x0, &(0x7f0000fbc000)) close(r0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f00000000c0)={'ipddp0\x00'}) [ 50.698537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.705912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.713790] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.721927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.747295] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.755735] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.761940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.769566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.783850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.792474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/05 22:56:59 executing program 5: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_unlink(&(0x7f0000fc4ffb)='eth0\x00') perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0x0, &(0x7f0000e0b000)) mq_timedsend(r0, &(0x7f0000307ffd), 0x0, 0x0, &(0x7f0000fbc000)) close(r0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f00000000c0)={'ipddp0\x00'}) 2018/04/05 22:56:59 executing program 7: socket$unix(0x1, 0x5, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000412fd6)="29000000140007b7ffffffff0300e0eb01001000e0a40e07fff00f06000000ffff0100002a00f3ff09", 0x29) [ 50.922775] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.929234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.947769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/05 22:56:59 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) tgkill(0x0, 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f000004cff3)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0x9208, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="5fb88c750196077aa3214bebc13f7d74ad4d9320611cf5a33f2a3f09e1c926359dcfe20001c781cb67f79cb0c6f5f4bf8ed60dce2176c22a20b22b9b24172b5569ec67906e7df93b05b19ba5360f2eab62812070fc181a2483366595113b240804d882a7dcd7ac4ba53e06d02558968b978122716d1823dcc7d40155c1bc1e8433f5ba15f5ee48c0ca941fce872e497d1377e2a5bde956f003caaf58c7520f82d7346c266e8ea70dab3bb7af6d78602a31ab8d232b07f6e3ef524b552ed88a1b1c02bc89f4f671855d40a2c1c173d4bb121bc86270c32d39c4c0d09a29b8983169914d8df86417a802b772bb638f72ccdcbb46267b5751816c77b6739f484292d5ca5e1bc4efee06f4e07e6a795faee2af27a8f21298055806494ee0e961cd5bd077bd7756f9e39dd3abdbe5c598cc5cbd44c5c319af923fbc4731545ff134749c2f42ee8454bf33ef309a6323dc847676d5be2fcb9abc717fc1e29396943ec0e264a80d64ca66ef2c42a57112a8a146097d9f4256ef6e6fd73be26e9a5f79b21dae42066d9cf4441021d64a2d6fd61c7ea709948d4be380e0fa4b76dff6aeef45", 0x1a1, 0x0, &(0x7f0000001000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}, 0x1c) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket(0x1f, 0x3, 0x299) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x1ff, 0x7}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000280)={r3, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}}, 0x21, 0x8}, 0x90) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f00000001c0)={'sit0\x00', @ifru_data=&(0x7f0000000180)="d61a072afa6a2e6e9105a65cf0b08be4d57565e1a85eff283ee23d954743a2e3"}) memfd_create(&(0x7f0000000540)='\x00', 0x1) perf_event_open(&(0x7f00000005c0)={0x7, 0x70, 0x8, 0x9, 0x0, 0x8, 0x0, 0xfffffffffffffe01, 0x0, 0x1, 0x0, 0x3, 0x6, 0x9, 0x4, 0x5, 0x100000000, 0x8, 0x6, 0x9, 0x1, 0x8, 0x3, 0x800, 0x74, 0xfff, 0x9, 0xf4ca, 0x7, 0x4, 0x1, 0x800, 0x3ff, 0x0, 0x0, 0x1ff, 0x80000000, 0xffffffff00000001, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000580), 0x1}, 0x10000, 0xfd, 0xb6, 0x7, 0x6, 0xf21, 0x976}, 0x0, 0x5, 0xffffffffffffffff, 0x0) 2018/04/05 22:56:59 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000180)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07004adee901d2da75af1f020002000000a071fb35331ce39c5a") fcntl$setstatus(r0, 0x4, 0x800000000044004) read$eventfd(r0, &(0x7f0000000200), 0x8000) 2018/04/05 22:56:59 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x802, 0x0) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000003c0)={0xa, 0x4e23, 0x0, @mcast1={0xff, 0x1, [], 0x1}}, 0x1c) [ 51.060095] kernel msg: ebtables bug: please report to author: Wrong len argument [ 51.111145] ================================================================== [ 51.118694] BUG: KASAN: stack-out-of-bounds in ipip6_tunnel_locate+0x63b/0xaa0 [ 51.126078] Write of size 33 at addr ffff8801d93cf6d8 by task syz-executor1/5845 [ 51.133619] [ 51.135271] CPU: 0 PID: 5845 Comm: syz-executor1 Not tainted 4.16.0+ #2 [ 51.142030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.151395] Call Trace: [ 51.154003] dump_stack+0x1b9/0x29f [ 51.157664] ? arch_local_irq_restore+0x52/0x52 [ 51.162338] ? printk+0x9e/0xba [ 51.165616] ? show_regs_print_info+0x18/0x18 [ 51.170107] ? kasan_check_write+0x14/0x20 [ 51.174339] print_address_description+0x6c/0x20b [ 51.179174] ? ipip6_tunnel_locate+0x63b/0xaa0 [ 51.183746] kasan_report.cold.7+0xac/0x2f5 [ 51.188063] check_memory_region+0x13e/0x1b0 [ 51.192462] memcpy+0x37/0x50 [ 51.195561] ipip6_tunnel_locate+0x63b/0xaa0 [ 51.199964] ? ipip6_tunnel_update+0xaa0/0xaa0 [ 51.204545] ? __might_sleep+0x95/0x190 [ 51.208518] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.214050] ? _copy_from_user+0xdf/0x150 [ 51.218199] ipip6_tunnel_ioctl+0xe71/0x241b [ 51.222608] ? sit_tunnel_xmit+0x30b0/0x30b0 [ 51.227027] ? perf_trace_lock+0x900/0x900 [ 51.231260] ? graph_lock+0x170/0x170 [ 51.235051] ? perf_trace_lock+0x900/0x900 [ 51.239277] ? do_futex+0x249/0x27d0 [ 51.242984] ? graph_lock+0x170/0x170 [ 51.246786] ? find_held_lock+0x36/0x1c0 [ 51.250864] ? sit_tunnel_xmit+0x30b0/0x30b0 [ 51.255262] dev_ifsioc+0x43e/0xb90 [ 51.258880] ? sit_tunnel_xmit+0x30b0/0x30b0 [ 51.263274] ? dev_ifsioc+0x43e/0xb90 [ 51.267064] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 51.272245] ? register_gifconf+0x70/0x70 [ 51.276480] dev_ioctl+0x69a/0xcc0 [ 51.280022] sock_ioctl+0x47e/0x680 [ 51.283642] ? dlci_ioctl_set+0x40/0x40 [ 51.287610] ? expand_files.part.8+0x9a0/0x9a0 [ 51.292177] ? __fget_light+0x2ef/0x430 [ 51.296154] ? dlci_ioctl_set+0x40/0x40 [ 51.300119] do_vfs_ioctl+0x1cf/0x1650 [ 51.303998] ? __sock_create+0x11e/0x920 [ 51.308060] ? ioctl_preallocate+0x2e0/0x2e0 [ 51.312460] ? fget_raw+0x20/0x20 [ 51.315907] ? sockfd_lookup_light+0xc5/0x160 [ 51.320398] ? SyS_futex+0x3a4/0x56d [ 51.324105] ? do_futex+0x27d0/0x27d0 [ 51.327896] ? security_file_ioctl+0x9b/0xd0 [ 51.332300] ksys_ioctl+0xa9/0xd0 [ 51.335748] SyS_ioctl+0x24/0x30 [ 51.339103] ? ksys_ioctl+0xd0/0xd0 [ 51.342720] do_syscall_64+0x29e/0x9d0 [ 51.346594] ? vmalloc_sync_all+0x30/0x30 [ 51.350730] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.355214] ? finish_task_switch+0x1ca/0x820 [ 51.359700] ? syscall_return_slowpath+0x5c0/0x5c0 [ 51.364620] ? syscall_return_slowpath+0x30f/0x5c0 [ 51.369546] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 51.374905] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.379745] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 51.384924] RIP: 0033:0x4552d9 [ 51.388098] RSP: 002b:00007f8833798c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.395802] RAX: ffffffffffffffda RBX: 00007f88337996d4 RCX: 00000000004552d9 [ 51.403058] RDX: 00000000200001c0 RSI: 00000000000089f1 RDI: 0000000000000015 [ 51.410322] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 51.417577] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 51.424834] R13: 0000000000000380 R14: 00000000006f84a0 R15: 0000000000000000 [ 51.432116] [ 51.433728] The buggy address belongs to the page: [ 51.438646] page:ffffea000764f3c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 51.446775] flags: 0x2fffc0000000000() [ 51.450742] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 51.458613] raw: 0000000000000000 ffffea0007640101 0000000000000000 0000000000000000 [ 51.466476] page dumped because: kasan: bad access detected [ 51.472166] [ 51.473775] Memory state around the buggy address: [ 51.478705] ffff8801d93cf580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.486051] ffff8801d93cf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 51.493401] >ffff8801d93cf680: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 00 [ 51.500745] ^ [ 51.507485] ffff8801d93cf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.514829] ffff8801d93cf780: 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 [ 51.522168] ================================================================== [ 51.529510] Disabling lock debugging due to kernel taint [ 51.536479] Kernel panic - not syncing: panic_on_warn set ... [ 51.536479] [ 51.543878] CPU: 0 PID: 5845 Comm: syz-executor1 Tainted: G B 4.16.0+ #2 [ 51.551965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.561332] Call Trace: [ 51.563931] dump_stack+0x1b9/0x29f [ 51.567570] ? arch_local_irq_restore+0x52/0x52 [ 51.572258] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 51.577033] ? ipip6_tunnel_locate+0x540/0xaa0 [ 51.581620] panic+0x22f/0x4de [ 51.584806] ? add_taint.cold.5+0x16/0x16 [ 51.588948] ? do_raw_spin_unlock+0x9e/0x2e0 [ 51.593342] ? do_raw_spin_unlock+0x9e/0x2e0 [ 51.597740] ? ipip6_tunnel_locate+0x63b/0xaa0 [ 51.602313] kasan_end_report+0x47/0x4f [ 51.606280] kasan_report.cold.7+0xc9/0x2f5 [ 51.610589] check_memory_region+0x13e/0x1b0 [ 51.614985] memcpy+0x37/0x50 [ 51.618105] ipip6_tunnel_locate+0x63b/0xaa0 [ 51.622516] ? ipip6_tunnel_update+0xaa0/0xaa0 [ 51.627087] ? __might_sleep+0x95/0x190 [ 51.631065] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.636593] ? _copy_from_user+0xdf/0x150 [ 51.640732] ipip6_tunnel_ioctl+0xe71/0x241b [ 51.645130] ? sit_tunnel_xmit+0x30b0/0x30b0 [ 51.649538] ? perf_trace_lock+0x900/0x900 [ 51.653767] ? graph_lock+0x170/0x170 [ 51.657564] ? perf_trace_lock+0x900/0x900 [ 51.661795] ? do_futex+0x249/0x27d0 [ 51.665508] ? graph_lock+0x170/0x170 [ 51.669804] ? find_held_lock+0x36/0x1c0 [ 51.673867] ? sit_tunnel_xmit+0x30b0/0x30b0 [ 51.678264] dev_ifsioc+0x43e/0xb90 [ 51.681882] ? sit_tunnel_xmit+0x30b0/0x30b0 [ 51.686304] ? dev_ifsioc+0x43e/0xb90 [ 51.690113] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 51.695317] ? register_gifconf+0x70/0x70 [ 51.699490] dev_ioctl+0x69a/0xcc0 [ 51.703052] sock_ioctl+0x47e/0x680 [ 51.706693] ? dlci_ioctl_set+0x40/0x40 [ 51.710690] ? expand_files.part.8+0x9a0/0x9a0 [ 51.715283] ? __fget_light+0x2ef/0x430 [ 51.719259] ? dlci_ioctl_set+0x40/0x40 [ 51.723223] do_vfs_ioctl+0x1cf/0x1650 [ 51.727107] ? __sock_create+0x11e/0x920 [ 51.731169] ? ioctl_preallocate+0x2e0/0x2e0 [ 51.735568] ? fget_raw+0x20/0x20 [ 51.739009] ? sockfd_lookup_light+0xc5/0x160 [ 51.743506] ? SyS_futex+0x3a4/0x56d [ 51.747215] ? do_futex+0x27d0/0x27d0 [ 51.751031] ? security_file_ioctl+0x9b/0xd0 [ 51.755436] ksys_ioctl+0xa9/0xd0 [ 51.758880] SyS_ioctl+0x24/0x30 [ 51.762232] ? ksys_ioctl+0xd0/0xd0 [ 51.765849] do_syscall_64+0x29e/0x9d0 [ 51.769724] ? vmalloc_sync_all+0x30/0x30 [ 51.773860] ? _raw_spin_unlock_irq+0x27/0x70 [ 51.778344] ? finish_task_switch+0x1ca/0x820 [ 51.782835] ? syscall_return_slowpath+0x5c0/0x5c0 [ 51.787753] ? syscall_return_slowpath+0x30f/0x5c0 [ 51.792680] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 51.798053] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.802893] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 51.808072] RIP: 0033:0x4552d9 [ 51.811245] RSP: 002b:00007f8833798c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.819039] RAX: ffffffffffffffda RBX: 00007f88337996d4 RCX: 00000000004552d9 [ 51.826298] RDX: 00000000200001c0 RSI: 00000000000089f1 RDI: 0000000000000015 [ 51.833552] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 51.840826] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 51.848100] R13: 0000000000000380 R14: 00000000006f84a0 R15: 0000000000000000 [ 51.855865] Dumping ftrace buffer: [ 51.859390] (ftrace buffer empty) [ 51.863079] Kernel Offset: disabled [ 51.866694] Rebooting in 86400 seconds..