INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. 2018/04/20 18:33:43 fuzzer started 2018/04/20 18:33:44 dialing manager at 10.128.0.26:40315 2018/04/20 18:33:50 kcov=true, comps=false 2018/04/20 18:33:53 executing program 0: 2018/04/20 18:33:53 executing program 2: 2018/04/20 18:33:53 executing program 7: 2018/04/20 18:33:53 executing program 1: 2018/04/20 18:33:53 executing program 3: 2018/04/20 18:33:53 executing program 4: 2018/04/20 18:33:53 executing program 5: 2018/04/20 18:33:53 executing program 6: syzkaller login: [ 44.807461] ip (3777) used greatest stack depth: 54440 bytes left [ 45.057972] ip (3804) used greatest stack depth: 54408 bytes left [ 45.271641] ip (3821) used greatest stack depth: 54312 bytes left [ 46.113947] ip (3906) used greatest stack depth: 54200 bytes left [ 46.527816] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.534308] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.543930] ip (3940) used greatest stack depth: 53656 bytes left [ 46.564390] device bridge_slave_0 entered promiscuous mode [ 46.584095] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.590548] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.630229] device bridge_slave_0 entered promiscuous mode [ 46.653416] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.659877] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.688844] device bridge_slave_0 entered promiscuous mode [ 46.710905] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.717399] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.754725] device bridge_slave_0 entered promiscuous mode [ 46.781024] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.787541] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.815958] device bridge_slave_0 entered promiscuous mode [ 46.828720] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.835197] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.851974] device bridge_slave_1 entered promiscuous mode [ 46.861971] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.868396] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.887973] device bridge_slave_1 entered promiscuous mode [ 46.897674] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.904133] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.924395] device bridge_slave_0 entered promiscuous mode [ 46.941983] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.948493] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.975017] device bridge_slave_0 entered promiscuous mode [ 46.986455] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.992964] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.009779] device bridge_slave_0 entered promiscuous mode [ 47.017454] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.023922] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.034161] device bridge_slave_1 entered promiscuous mode [ 47.047686] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.055654] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.062142] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.096246] device bridge_slave_1 entered promiscuous mode [ 47.110303] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.118163] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.124629] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.147666] device bridge_slave_1 entered promiscuous mode [ 47.155228] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.161686] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.184177] device bridge_slave_1 entered promiscuous mode [ 47.207088] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.224602] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.233451] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.240077] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.266339] device bridge_slave_1 entered promiscuous mode [ 47.291245] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.297746] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.320830] device bridge_slave_1 entered promiscuous mode [ 47.328638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.336269] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.345857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.353464] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.385856] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.425892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.525081] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.547810] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.558162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.568545] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.679737] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.719818] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.159674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.362072] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.408293] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.454973] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.519330] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.566339] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.591292] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.601954] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.620695] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.656285] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.668478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.732621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.823303] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.838797] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.848602] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.858008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.337942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.539800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.594301] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.681671] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.751310] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.758476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.773103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.805830] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.816269] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.828526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.836618] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.846974] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.858539] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.873504] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.992632] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.999833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.013488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.038687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.050825] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.061330] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.072542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.083727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.119486] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.127116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.135482] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.144959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.163968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.199255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.258662] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.265842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.277912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.313506] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.320734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.350159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.370827] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.380163] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.388291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.395329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.417111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.444580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.465966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.481633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.491591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.501850] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.513381] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.525967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.536768] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.543892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.555174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.569252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.582848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.599644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.621780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.633886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.655764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.666568] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.696331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.715792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.757909] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.765974] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.773177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.807763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.840620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.867802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.559239] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.565731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.572601] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.579060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.623609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.630849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.782198] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.788688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.795560] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.802013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.843317] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.867376] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.873836] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.880674] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.887123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.925219] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.938259] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.944739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.951603] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.958099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.997352] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.004530] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.010973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.017760] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.024210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.064980] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.080771] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.087246] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.094155] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.100629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.124090] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.133804] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.140270] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.147098] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.153546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.185973] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.219402] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.225896] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.232723] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.239162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.316109] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.664821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.683436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.709227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.723017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.730620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.739123] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.746996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.827602] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.288352] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.331714] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.376279] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.389725] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.420812] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.465186] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.640934] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.647184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.658196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.670158] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.036229] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 63.042510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.050991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.081749] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 63.095518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.106667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.128243] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 63.137544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.152766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.186451] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 63.192827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.211739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.314353] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 63.320629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.331554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.375108] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 63.383610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.399878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.504101] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 63.510331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.521268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/20 18:34:19 executing program 2: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f0000804000)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f0000a7bfc8), &(0x7f00006fcff0)) recvmsg(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000000040)=ANY=[], 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000400)=""/17, 0x11}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='attr/fscreate\x00') pwritev(r0, &(0x7f0000001400), 0x2a6, 0x0) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000340), &(0x7f00000000c0)) creat(&(0x7f0000000040)='./file0\x00', 0x0) 2018/04/20 18:34:19 executing program 6: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='/exe\x00\x00\x00\x00\x00\x00') fcntl$setstatus(r0, 0x4, 0x4000000000046800) io_setup(0x8000000007, &(0x7f0000000140)=0x0) io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000200)="30bfff3c45f732fbd4a8b85478382238dc455864074c85e9a64e89d56db57f2ca5aec9bd93d5ba4f2e4545715d4740cb34dc4742c8a37d368395f31e3990320771e86ec357e24d4239063c60dba6ffd0488c074de1a8806590d36ed3c1b0514f958d79117ec174be838a214b3d493fc6b51511ff13961dc0a72dde3d92404b319a98c2c72b9bad03f6ff985dfa79cd49bd512b1b656876dc8c2cfeb8791dae605d2d37515534fd712e9595f5a7d51020bc5e08b55e2e9242b23bd846fe3412b406075e86914ee00a97da6bc732be9fc89ba4a75b0ae7e1cc21f2e2cb83d2bc4a09d445ed8fa05f4849afcc3fe84f1e6598e3f36a938386c114263747c5db325533a2288fb1c5a5ae46c30616a347466fd0da1732c871acd62464f3b09128143e244a8a0769882a321c64a72229c9d0b80a5ab185981ba598643438cc7071e48e73775c5f37b1d85b302e1489691a3b641c174b9727585054f7c6f31e3b188d96e58e4ad31019e7d269ac6d577bad905b691558525d8f69ae8266fa2a0b77aac91c837e167b669e13c513e0591fe854340f61dacb1f362a9edc611a6aed623f88e4aa102ea816548ed0f512835a3a66a64211df80fa57cc8aed54a2259e2b430eb6c8653af000eb1c5d23bb3b4f68afe5bc6f05000363c1afc262a99c794fbca1b79d87ce770266592cdf645c375d94bb9e6a0c2ab33f8394a09c7949c8243e5f", 0x200}]) 2018/04/20 18:34:19 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) flistxattr(r0, &(0x7f00000a5ffc)=""/4, 0x11) 2018/04/20 18:34:19 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x0) 2018/04/20 18:34:19 executing program 6: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000100), &(0x7f0000000140)=0x8) 2018/04/20 18:34:20 executing program 1: r0 = socket(0x40000000015, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setresuid(0x0, r1, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 2018/04/20 18:34:20 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpu.weight.nice\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000040), 0x1) 2018/04/20 18:34:20 executing program 3: r0 = socket$bt_rfcomm(0x1f, 0x3, 0x3) recvfrom(r0, &(0x7f0000000180)=""/72, 0x48, 0x1, &(0x7f0000000280)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}}}, 0x80) 2018/04/20 18:34:20 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000ffefa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(twofish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000bfef9b9d2a4b20079fffffffffffffe000225070097c11ed4c2c4dc42ffa86eb9", 0x30) sendmmsg$alg(r1, &(0x7f0000001940)=[{0x0, 0x0, &(0x7f0000000500), 0x0, &(0x7f0000000580)=[@iv={0x28, 0x117, 0x2, 0x10, "35c774fb8c70979cdb87efb58a0ee1d3"}], 0x28}], 0x1, 0x0) 2018/04/20 18:34:20 executing program 6: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000100), &(0x7f0000000140)=0x8) 2018/04/20 18:34:20 executing program 3: r0 = socket$inet(0x10, 0x400000000000003, 0x6) recvmsg(r0, &(0x7f0000001200)={&(0x7f0000000200)=@l2, 0x80, &(0x7f00000011c0)}, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000000)="1b0000001200030207fffd946fa283080700190000000000000085", 0x1b}], 0x1}, 0x0) 2018/04/20 18:34:20 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrusage(0x1, &(0x7f0000000140)) 2018/04/20 18:34:20 executing program 7: r0 = memfd_create(&(0x7f0000029000)='\\\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000032ff3)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r2, 0x40bc5311, &(0x7f000004d000)={0x80, 0x1, 'client1\x00', 0x0, "ffffffff2b000006", "a6e7fdc21ca077ef1dae8000000000000000f6ff2ecd959baa11b5dda31cd901"}) 2018/04/20 18:34:20 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000af5000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000f59000), 0x4) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x3, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000467000)="c3401c344654f3c7d9fe1ba48c8e399aa4eedc3d6bd8ebd65c856a45d61154adc2b2a976fbffffffffffffff38e9dd18c58f6bd779650fc30f09000000ecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x81, &(0x7f0000e66000)={0x2, 0x0, @multicast2=0xe0000002}, 0x10) r1 = dup(r0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f00000003c0)={0x9}, 0x4) writev(r0, &(0x7f000042a000)=[{&(0x7f00001e3f5a)="2db4ff107e00a32a96ccd7785697535fe7e2d1cdf701f5079cde041c224ff8b177c81383265194f55b510ce5107c9164cfda3f99716d35b53be37a7b2a301f9d41650662b66dd4ffca8cf7641b6b5d4d65b9eb195c4666a99f69f89106ee3fc6c6d98f0afc8b4d26aacc19373135822e00f7982a4346d3b304cac13828ca5bede4cf", 0x82}], 0x1) sendto$inet(r0, &(0x7f0000000040)="b70ffadecec8090a31bfe03e98cbfa63bf3142872fce35024a3a88d604afc36da44be24dc90160512af8c5d1faf299fc630c08e89b42a31f054fc83bff8461ec2bcb1db8a2a22d9d5e7b247bb61e7691049ed06edd09a7ee783362c3ab813cdb995aa3fa64dba6d820005f83ec236c3cbe656b59bd3a", 0x76, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00002ab000)="19", 0x1, 0x0, &(0x7f00009f7ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) 2018/04/20 18:34:20 executing program 2: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f0000804000)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f0000a7bfc8), &(0x7f00006fcff0)) recvmsg(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000000040)=ANY=[], 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000400)=""/17, 0x11}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='attr/fscreate\x00') pwritev(r0, &(0x7f0000001400), 0x2a6, 0x0) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000340), &(0x7f00000000c0)) creat(&(0x7f0000000040)='./file0\x00', 0x0) 2018/04/20 18:34:20 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001e80)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000001e40)={&(0x7f0000001d80)=@mpls_delroute={0x1c, 0x19, 0x3, 0x0, 0x0, {0x1c}}, 0x1c}, 0x1}, 0x0) 2018/04/20 18:34:20 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000223fd4)=[@in6={0xa, 0x4e23}], 0x1c) sendto$inet(r0, &(0x7f0000ac0fbb)="c4", 0x1, 0x0, &(0x7f00006e2000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000014c0), 0x4) recvmsg(r0, &(0x7f00000013c0)={&(0x7f0000000100)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000380), 0x0, &(0x7f00000003c0)=""/4096, 0x1000}, 0x0) 2018/04/20 18:34:20 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGUNIQ(r0, 0x80404508, &(0x7f0000000400)=""/234) 2018/04/20 18:34:20 executing program 1: request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000080)='vboxnet0em0selinux-\x00', 0xfffffffffffffffe) 2018/04/20 18:34:20 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0xffffffffffffffff) capget(&(0x7f0000000040)={0x20080522, r0}, &(0x7f00000000c0)={0x0, 0x7fffffff, 0x0, 0x100000001, 0x0, 0x7}) [ 69.855414] ================================================================== [ 69.862828] BUG: KMSAN: uninit-value in move_addr_to_user+0x32e/0x530 [ 69.869409] CPU: 0 PID: 5823 Comm: syz-executor4 Not tainted 4.16.0+ #84 [ 69.876238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.885584] Call Trace: [ 69.888172] dump_stack+0x185/0x1d0 [ 69.891802] ? kmsan_internal_check_memory+0x155/0x1e0 [ 69.897076] kmsan_report+0x142/0x240 2018/04/20 18:34:20 executing program 1: prlimit64(0x0, 0x1, &(0x7f0000000680)={0x1, 0x26}, &(0x7f00000006c0)) add_key(&(0x7f00000000c0)='big_key\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a}, &(0x7f0000000140)="7a1f7f740a0d67ae38129446b415b69557f5c87f40a2495b818ec56d0dae339c59692ec285399af5b59a25c1b6aad604caddd2fc3db6d948241b2cd6b3c33f4565672c4964a88aa38c375d170510b542369f1089721443e4677784d50fc67641a89718c9f5c382892bd43403677048b8db031e51a90257328f52c29dfaed0a18fdd9ac5121ac550d39e5e3fe9cad8e410ea8e4c11eb54d04458f8e7b721121bc8acc44585039ab0dbe5df02fe94a3250a0dec2f5f730dac298df8e486af0ec27ecaec0a0db320e7ec1a2205a55ada68bf633f9fd26b3867d4abc27ae73de42fe909fc92b66b39765f854432facb17dcb212a9c9153fce50b8904f076e797bc126fcd3c5e863f0f7a37567feb9c6789342cacfc6fc333c1c35046b0f5ca1ac38be6220eaec9bd3f7e719a853bb4c6f2bfb091404d0003108bcf9d421fe699c37d5352c49485eeb7902b1e70591a28b6044ec8adba3adbfa0e74b23c416b2c7a5f19f77434db04a27e3c92bf558edf8396fa610dcefd933515293f3beff618c4ab1c0c21bcca6922d19cee00d05d504e08835d2c376564cbee916664d49781096ca7ea647787358cc953b7fadc5df1213421f3fa9f0035ef138680ec53a59f1deaf32df46afacaca3e386289e3c262876647d55e0adf63c71db8be429fed33c383d93b2a04fcaff05d438dc6f64cd4eddcf595602f12342b1d4af0ac702106da96f4b917af9f29d1cbb7666418505a03c2572a4620f5144d1874c80f563b9ff38073ddae0fed6a21e7a4d87dd68c23eb92afd95171a764cbac6d9422a87c0d89a4ea5ea99eeaf779460b338ef898f5361c73d17594c3412abb199ba83e9a6d6c3123ce3db8c7a189332009f8f05621c2d254e177b5d62560230d01ffcd04c17cddff282393089888ebaf4e00f299cc1d8f88ee085f73a3b247ecc8c4b4939c95b46fb0a791e0ef085726ee7e6ae54dc43f0cb774d68bcb19f440d88c09a3d333c9cc3abcef6383be1be7bb8354c3ee57f8ee117e9d6d51fd5990faff83d1cd7a843ff3267fb7357000039bbdde4d7c74d12bbefc48ba4ab335edd10838086d9177a93aedb168bd42e97a3b2095bb54567a75b6af0fdf7aec69ab46afcf093d82f07118ca215203930eba95226403e22aeab46cdad5c273e76ca4cc87f0b5ce227c317904b8243fc9c400b1c4cf59f9d8aacf86effd9bd003034bfca9768f5408a6eab02ffbd4d3bc6211988744a524a298de1f3e00eb8964da79d1fec20b19ada8f46390417315a3d1be933cb493f7812c6e4076239618235788f26de68b5d4a70e24c838e4d2b33dd665c22dfdd4aa1e37d1d6be16cdafe7c096230e9965faddd3780ec50db2d4a5687002d1be9276a2d2ad909ba839999e75b22aa796d879973040fce480790229a4791ca5dd31fd6fee26c2b8ce482230267686f555f56e81bbc8f35847d471307ece7ae662a29a2b26ba3daeee658d0c869678ec534d83f4aa76921aadaa9b824cb342a723190a4c9c5cf22aa841a214bcdfd341098c6650425de71d785b2d02bfa6ac2d3c5a2ab171192a817ed4f5d14b5ad22e6d63390cc64e6368f276d9bbb69b015fad0931760d030d0241021eb312a20efc2e399a415758d2e2b6a0d7109b2f6a78ae6f6ab5d8246d437a53ec11166e13bb9c11c9b6b8b18df601b105e2e8a17ea05dcc179be4257e147cf77e64d780e9bbc4c497cc4b2bad53382f60e1f850153860b583102be", 0x4d1, 0xfffffffffffffffe) [ 69.900885] kmsan_internal_check_memory+0x174/0x1e0 [ 69.905997] kmsan_copy_to_user+0x69/0x160 [ 69.910240] move_addr_to_user+0x32e/0x530 [ 69.914479] ___sys_recvmsg+0x4e2/0x810 [ 69.918460] ? __fget_light+0x56/0x710 [ 69.922340] ? __fdget+0x4e/0x60 [ 69.925704] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 69.931067] ? __fget_light+0x6b9/0x710 [ 69.935056] SYSC_recvmsg+0x298/0x3c0 [ 69.938867] SyS_recvmsg+0x54/0x80 [ 69.942409] do_syscall_64+0x309/0x430 [ 69.946305] ? ___sys_recvmsg+0x810/0x810 [ 69.950459] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 69.955644] RIP: 0033:0x455379 [ 69.958828] RSP: 002b:00007f369ccbac68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 69.966534] RAX: ffffffffffffffda RBX: 00007f369ccbb6d4 RCX: 0000000000455379 [ 69.973800] RDX: 0000000000000000 RSI: 00000000200013c0 RDI: 0000000000000013 [ 69.981064] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 69.988333] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 69.995604] R13: 000000000000049f R14: 00000000006f9f88 R15: 0000000000000000 [ 70.002870] [ 70.004490] Local variable description: ----addr@___sys_recvmsg [ 70.010534] Variable was created at: [ 70.014250] ___sys_recvmsg+0xd5/0x810 [ 70.018140] SYSC_recvmsg+0x298/0x3c0 [ 70.021930] [ 70.023554] Bytes 8-15 of 16 are uninitialized [ 70.028122] ================================================================== [ 70.035470] Disabling lock debugging due to kernel taint [ 70.040901] Kernel panic - not syncing: panic_on_warn set ... [ 70.040901] [ 70.048262] CPU: 0 PID: 5823 Comm: syz-executor4 Tainted: G B 4.16.0+ #84 [ 70.056376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.065705] Call Trace: [ 70.068282] dump_stack+0x185/0x1d0 [ 70.071897] panic+0x39d/0x940 [ 70.075103] ? kmsan_internal_check_memory+0x155/0x1e0 [ 70.080372] kmsan_report+0x238/0x240 [ 70.084164] kmsan_internal_check_memory+0x174/0x1e0 [ 70.089257] kmsan_copy_to_user+0x69/0x160 [ 70.093473] move_addr_to_user+0x32e/0x530 [ 70.097704] ___sys_recvmsg+0x4e2/0x810 [ 70.101668] ? __fget_light+0x56/0x710 [ 70.105542] ? __fdget+0x4e/0x60 [ 70.108907] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 70.114264] ? __fget_light+0x6b9/0x710 [ 70.118225] SYSC_recvmsg+0x298/0x3c0 [ 70.122014] SyS_recvmsg+0x54/0x80 [ 70.125543] do_syscall_64+0x309/0x430 [ 70.129425] ? ___sys_recvmsg+0x810/0x810 [ 70.133563] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 70.138730] RIP: 0033:0x455379 [ 70.141900] RSP: 002b:00007f369ccbac68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 70.149604] RAX: ffffffffffffffda RBX: 00007f369ccbb6d4 RCX: 0000000000455379 [ 70.156857] RDX: 0000000000000000 RSI: 00000000200013c0 RDI: 0000000000000013 [ 70.164114] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 70.171363] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 70.178612] R13: 000000000000049f R14: 00000000006f9f88 R15: 0000000000000000 [ 70.186344] Dumping ftrace buffer: [ 70.189861] (ftrace buffer empty) [ 70.193543] Kernel Offset: disabled [ 70.197145] Rebooting in 86400 seconds..