INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. 2018/04/10 14:47:51 fuzzer started 2018/04/10 14:47:51 dialing manager at 10.128.0.26:40577 2018/04/10 14:47:58 kcov=true, comps=false 2018/04/10 14:48:01 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2b, 'pids', 0x20}]}, 0x6) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'pids', 0x20}]}, 0x6) 2018/04/10 14:48:01 executing program 2: syz_emit_ethernet(0x66, &(0x7f0000000200)={@link_local={0x1, 0x80, 0xc2}, @random="34467c488ae6", [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x3a, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0xffffff80, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @loopback={0x0, 0x1}, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}}}}}}}}, 0x0) 2018/04/10 14:48:01 executing program 7: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000403000)={&(0x7f00000001c0)={0x14, 0x3, 0x1, 0xffffffffffffffff}, 0x14}, 0x1}, 0x0) 2018/04/10 14:48:01 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) 2018/04/10 14:48:01 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 2018/04/10 14:48:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000016fd0)={0x28, 0x2a, 0x301, 0x0, 0x0, {}, [@typed={0x14, 0x0, @ipv6=@ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}]}, 0x28}, 0x1}, 0x0) 2018/04/10 14:48:01 executing program 6: 2018/04/10 14:48:01 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200027000f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000000780)='./file0/file0\x00', 0x3fffa, 0x0) r1 = open(&(0x7f0000000280)='./file0/file0\x00', 0x4001, 0x0) sendfile(r1, r0, &(0x7f0000000380), 0x7fffffff) syzkaller login: [ 47.710231] ip (3755) used greatest stack depth: 54672 bytes left [ 48.387749] ip (3816) used greatest stack depth: 54408 bytes left [ 49.267323] ip (3898) used greatest stack depth: 54200 bytes left [ 51.388592] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.412202] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.603965] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.871918] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.920574] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.946665] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.991142] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.035326] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.831884] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.022554] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.080713] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.440165] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.449553] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.496446] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.528517] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.587569] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.593793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.606697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.643748] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.842481] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.848739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.863202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.882304] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.900815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.934191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.206093] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.212381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.228948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.290222] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.296533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.304944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.336683] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.344975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.356100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.394774] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.401205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.411655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.460104] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.466499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.474729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/10 14:48:19 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2b, 'pids', 0x20}]}, 0x6) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'pids', 0x20}]}, 0x6) 2018/04/10 14:48:19 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000000c0)='cgroup.procs\x00', 0x2, 0x0) pread64(r1, &(0x7f0000000280)=""/156, 0x9c, 0x0) 2018/04/10 14:48:19 executing program 7: 2018/04/10 14:48:19 executing program 6: 2018/04/10 14:48:19 executing program 5: 2018/04/10 14:48:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) 2018/04/10 14:48:19 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) 2018/04/10 14:48:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 2018/04/10 14:48:19 executing program 7: 2018/04/10 14:48:19 executing program 5: 2018/04/10 14:48:19 executing program 6: 2018/04/10 14:48:19 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2b, 'pids', 0x20}]}, 0x6) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'pids', 0x20}]}, 0x6) 2018/04/10 14:48:19 executing program 2: 2018/04/10 14:48:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) 2018/04/10 14:48:19 executing program 4: 2018/04/10 14:48:20 executing program 6: 2018/04/10 14:48:20 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) 2018/04/10 14:48:20 executing program 5: 2018/04/10 14:48:20 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x400000000000001, 0x0) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000100)=""/226, &(0x7f0000000200)=0xe2) 2018/04/10 14:48:20 executing program 2: 2018/04/10 14:48:20 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2b, 'pids', 0x20}]}, 0x6) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'pids', 0x20}]}, 0x6) 2018/04/10 14:48:20 executing program 4: 2018/04/10 14:48:20 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) 2018/04/10 14:48:20 executing program 5: 2018/04/10 14:48:20 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) write$binfmt_elf64(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) 2018/04/10 14:48:20 executing program 6: 2018/04/10 14:48:20 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200027000f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) 2018/04/10 14:48:20 executing program 6: r0 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c) sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000ff0)=[{&(0x7f0000000140)="0200", 0x2}], 0x1, &(0x7f0000003000)}, 0x2000c080) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000000000004000000000000000000000000000"], 0x2e) 2018/04/10 14:48:20 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000012000)=0x6, 0x4) sendto$inet6(r0, &(0x7f0000003fd9), 0x0, 0x0, &(0x7f0000008000)={0xa, 0x0, 0xe, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) 2018/04/10 14:48:20 executing program 5: r0 = socket(0x200000000010, 0x3, 0x0) write(r0, &(0x7f0000000040)="2400000024007ffc0000120000000100000ff6ff0100000004560f1c2b24009557d9c48c", 0x24) 2018/04/10 14:48:20 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'pids', 0x20}]}, 0x6) 2018/04/10 14:48:20 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) [ 64.541352] ================================================================== [ 64.548775] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4bee/0x4cc0 [ 64.555193] CPU: 0 PID: 5148 Comm: syz-executor6 Not tainted 4.16.0+ #83 [ 64.562032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.571396] Call Trace: [ 64.574001] dump_stack+0x185/0x1d0 [ 64.577646] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 64.581896] kmsan_report+0x142/0x240 [ 64.585709] __msan_warning_32+0x6c/0xb0 [ 64.589778] rawv6_sendmsg+0x4bee/0x4cc0 [ 64.593851] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 64.599316] ? futex_wait_queue_me+0x687/0x710 [ 64.603933] ? compat_rawv6_ioctl+0x30/0x30 [ 64.608273] inet_sendmsg+0x48d/0x740 [ 64.612087] ? security_socket_sendmsg+0x9e/0x210 [ 64.616939] ? inet_getname+0x500/0x500 [ 64.620926] sock_write_iter+0x3b9/0x470 [ 64.625000] ? sock_read_iter+0x480/0x480 [ 64.629157] __vfs_write+0x719/0x910 [ 64.632884] vfs_write+0x463/0x8d0 [ 64.636431] SYSC_write+0x172/0x360 2018/04/10 14:48:20 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x800000000000852b, 0xffffffffffffff01, 0x10000007fffffff}, 0x14) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x1, 0x0, 0x0) 2018/04/10 14:48:20 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'pids', 0x20}]}, 0x6) [ 64.640062] SyS_write+0x55/0x80 [ 64.643433] do_syscall_64+0x309/0x430 [ 64.647337] ? SYSC_read+0x360/0x360 [ 64.651239] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 64.656442] RIP: 0033:0x455259 [ 64.659633] RSP: 002b:00007f1c1c8fdc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 64.667349] RAX: ffffffffffffffda RBX: 00007f1c1c8fe6d4 RCX: 0000000000455259 [ 64.674622] RDX: 000000000000002e RSI: 0000000020000040 RDI: 0000000000000013 [ 64.681900] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 64.689272] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 64.696553] R13: 00000000000006b9 R14: 00000000006fd1f8 R15: 0000000000000000 [ 64.703855] [ 64.705493] Uninit was stored to memory at: [ 64.709834] kmsan_internal_chain_origin+0x12b/0x210 [ 64.714948] kmsan_memcpy_origins+0x11d/0x170 [ 64.719444] __msan_memcpy+0x19f/0x1f0 [ 64.723333] skb_copy_bits+0x63a/0xdb0 [ 64.727218] rawv6_sendmsg+0x427e/0x4cc0 [ 64.731279] inet_sendmsg+0x48d/0x740 [ 64.735082] sock_write_iter+0x3b9/0x470 [ 64.739149] __vfs_write+0x719/0x910 [ 64.742860] vfs_write+0x463/0x8d0 [ 64.746397] SYSC_write+0x172/0x360 [ 64.750021] SyS_write+0x55/0x80 [ 64.753381] do_syscall_64+0x309/0x430 [ 64.757265] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 64.762438] Uninit was created at: [ 64.765977] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 64.770988] kmsan_alloc_page+0x82/0xe0 [ 64.774961] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 64.779711] alloc_pages_current+0x6b5/0x970 [ 64.784116] skb_page_frag_refill+0x3ba/0x5e0 [ 64.788613] sk_page_frag_refill+0xa4/0x340 [ 64.792932] __ip6_append_data+0x1a20/0x4bb0 [ 64.797335] ip6_append_data+0x40e/0x6b0 [ 64.801393] rawv6_sendmsg+0x2787/0x4cc0 [ 64.805457] inet_sendmsg+0x48d/0x740 [ 64.809259] sock_write_iter+0x3b9/0x470 [ 64.813328] __vfs_write+0x719/0x910 [ 64.817052] vfs_write+0x463/0x8d0 [ 64.820603] SYSC_write+0x172/0x360 [ 64.824247] SyS_write+0x55/0x80 [ 64.827623] do_syscall_64+0x309/0x430 [ 64.831618] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 64.836802] ================================================================== [ 64.844325] Disabling lock debugging due to kernel taint [ 64.849874] Kernel panic - not syncing: panic_on_warn set ... [ 64.849874] [ 64.857775] CPU: 0 PID: 5148 Comm: syz-executor6 Tainted: G B 4.16.0+ #83 [ 64.865932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.875399] Call Trace: [ 64.878008] dump_stack+0x185/0x1d0 [ 64.881654] panic+0x39d/0x940 [ 64.884881] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 64.889917] kmsan_report+0x238/0x240 [ 64.893745] __msan_warning_32+0x6c/0xb0 [ 64.897825] rawv6_sendmsg+0x4bee/0x4cc0 [ 64.901904] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 64.907466] ? futex_wait_queue_me+0x687/0x710 [ 64.912094] ? compat_rawv6_ioctl+0x30/0x30 [ 64.916435] inet_sendmsg+0x48d/0x740 [ 64.920342] ? security_socket_sendmsg+0x9e/0x210 [ 64.925221] ? inet_getname+0x500/0x500 [ 64.929572] sock_write_iter+0x3b9/0x470 [ 64.933750] ? sock_read_iter+0x480/0x480 [ 64.937912] __vfs_write+0x719/0x910 [ 64.941648] vfs_write+0x463/0x8d0 [ 64.945222] SYSC_write+0x172/0x360 [ 64.948872] SyS_write+0x55/0x80 [ 64.952250] do_syscall_64+0x309/0x430 [ 64.956160] ? SYSC_read+0x360/0x360 [ 64.959922] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 64.965118] RIP: 0033:0x455259 [ 64.970795] RSP: 002b:00007f1c1c8fdc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 64.978599] RAX: ffffffffffffffda RBX: 00007f1c1c8fe6d4 RCX: 0000000000455259 [ 64.985995] RDX: 000000000000002e RSI: 0000000020000040 RDI: 0000000000000013 [ 64.993445] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 65.000730] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 65.008010] R13: 00000000000006b9 R14: 00000000006fd1f8 R15: 0000000000000000 [ 65.016406] Dumping ftrace buffer: [ 65.019959] (ftrace buffer empty) [ 65.023663] Kernel Offset: disabled [ 65.027296] Rebooting in 86400 seconds..