INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. 2018/04/07 08:42:33 fuzzer started 2018/04/07 08:42:33 dialing manager at 10.128.0.26:38639 2018/04/07 08:42:39 kcov=true, comps=false 2018/04/07 08:42:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000c6eff6)='/dev/ptmx\x00', 0x2, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0xdf32) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) write(r0, &(0x7f00000ce000)="9b37e1fe4fbbe4a62c58a06f1b749265b041439ab45f5cb7a0fb26962a5b59746027c8e51040ac277580ffdcf048b558be78d9586af148bc76874841b63ef270c82b2d2af25d165ed1d18d7bb38500bc7309789270c0b1bcd07c8e2f63da930a", 0x60) r1 = syz_open_pts(r0, 0x0) read(r1, &(0x7f0000f23fae)=""/82, 0x52) 2018/04/07 08:42:42 executing program 2: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000ae3ff7)='/dev/sg#\x00', 0x0, 0x0) ioctl(r0, 0x2201, &(0x7f0000091000)) 2018/04/07 08:42:42 executing program 7: 2018/04/07 08:42:42 executing program 1: 2018/04/07 08:42:42 executing program 3: 2018/04/07 08:42:42 executing program 4: 2018/04/07 08:42:42 executing program 5: 2018/04/07 08:42:42 executing program 6: syzkaller login: [ 42.624182] ip (3738) used greatest stack depth: 54816 bytes left [ 43.350142] ip (3808) used greatest stack depth: 54408 bytes left [ 44.412731] ip (3912) used greatest stack depth: 54200 bytes left [ 45.940992] ip (4047) used greatest stack depth: 53976 bytes left [ 46.264395] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.336675] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.552491] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.599207] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.618156] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.636714] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.660459] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.751841] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.003239] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.071854] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.416451] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.466870] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.478008] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.547595] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.601297] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.630215] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.724106] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.730353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.744191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.873517] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.879757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.898834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.164862] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.171174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.181263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.209901] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.216222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.249912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.303863] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.310231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.322616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.352937] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.360676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.376617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.412698] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.425449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.441105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.478661] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.486817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.526600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 08:42:59 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x3, 0x8972, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000a93000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mremap(&(0x7f0000a93000/0x1000)=nil, 0x1000, 0xe000, 0x3, &(0x7f0000b18000/0xe000)=nil) ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000b1d000)={&(0x7f0000a93000/0x3000)=nil, 0x1, 0x0, 0x0, &(0x7f0000b20000/0x2000)=nil}) mprotect(&(0x7f0000b1d000/0x2000)=nil, 0x2000, 0x5) vmsplice(r0, &(0x7f0000b1d000)=[{&(0x7f0000006000)}], 0xd5, 0x0) 2018/04/07 08:42:59 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8002) write(r0, &(0x7f0000000000)="b63db85e1e8d020000000000003ef0011dcc606aed5ed2bc7018cebc9bc2feffffffffffffffe22c9b160096aa1fae1a", 0x30) mlock2(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) readv(r0, &(0x7f000085dff0)=[{&(0x7f0000e94000)=""/62, 0xffbd}], 0x1) 2018/04/07 08:42:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000705ff4)={0x10, 0x0, 0xffffffffffffffff, 0x400000000006}, 0xc) getsockopt$netlink(r0, 0x10e, 0x9, &(0x7f00000000c0)=""/8, &(0x7f0000000080)=0x2) 2018/04/07 08:42:59 executing program 2: perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) inotify_init1(0x0) unshare(0x40600) memfd_create(&(0x7f000049dfec)='\'Pvmnet0^lo-+\\wlan0\x00', 0x0) pselect6(0x40, &(0x7f0000f33fc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f0000a65ff8), 0x8}) 2018/04/07 08:42:59 executing program 5: seccomp(0x1, 0x0, &(0x7f0000c23fff)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) r0 = epoll_create(0x7f) epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x0) 2018/04/07 08:42:59 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000f12000)={0x400000010, 0x0, 0xffffffffffffffff, 0x70a1}, 0xc) r1 = dup(r0) getsockopt$netlink(r1, 0x10e, 0x9, &(0x7f00005c6000)=""/6, &(0x7f00001bb000)=0x1) 2018/04/07 08:42:59 executing program 1: mmap(&(0x7f0000000000/0xae0000)=nil, 0xae0000, 0x0, 0x4d032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x3) 2018/04/07 08:42:59 executing program 7: r0 = memfd_create(&(0x7f000043f000)='/dev/kvm\x00', 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x0, 0x8011, r0, 0x0) [ 57.701563] audit: type=1326 audit(1523090579.700:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5074 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 [ 58.562232] audit: type=1326 audit(1523090580.560:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5074 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 08:43:00 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000c6eff6)='/dev/ptmx\x00', 0x2, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0xdf32) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) write(r0, &(0x7f00000ce000)="9b37e1fe4fbbe4a62c58a06f1b749265b041439ab45f5cb7a0fb26962a5b59746027c8e51040ac277580ffdcf048b558be78d9586af148bc76874841b63ef270c82b2d2af25d165ed1d18d7bb38500bc7309789270c0b1bcd07c8e2f63da930a", 0x60) r1 = syz_open_pts(r0, 0x0) read(r1, &(0x7f0000f23fae)=""/82, 0x52) 2018/04/07 08:43:00 executing program 3: pipe2(&(0x7f0000fb0ff8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(r1, &(0x7f0000fccff0)=[{&(0x7f0000000000)='w', 0x1}], 0x1, 0x0) vmsplice(r1, &(0x7f0000cf1fd0)=[{&(0x7f00000f4ff1)}], 0x1, 0x0) vmsplice(r0, &(0x7f00000002c0)=[{&(0x7f0000000200)="c599", 0x2}], 0x1, 0x6) 2018/04/07 08:43:00 executing program 4: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f00008f4000)={&(0x7f000076fff4)={0x10}, 0xc, &(0x7f000009b000)={&(0x7f0000e2effe)=@newlink={0x28, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0xa}]}]}, 0x28}, 0x1}, 0x0) 2018/04/07 08:43:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_int(r0, 0x1, 0x38, &(0x7f0000000000), &(0x7f0000000040)=0x4) 2018/04/07 08:43:00 executing program 6: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1000004, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x2, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000001ffb)) 2018/04/07 08:43:00 executing program 1: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="240000004e001f0014f9f4070008f408020806f70d00010000000000000005007fee0001", 0x24) 2018/04/07 08:43:00 executing program 7: mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x1, 0x32, 0xffffffffffffffff, 0x0) rt_sigaction(0x25, &(0x7f0000000180), 0x0, 0x8, &(0x7f00000001c0)) 2018/04/07 08:43:00 executing program 5: r0 = socket(0x2, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000014000)={0x77359400}, 0x10) getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000000), &(0x7f0000000040)=0x10) 2018/04/07 08:43:00 executing program 2: madvise(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x40000000000c) clone(0x0, &(0x7f00005fc000), &(0x7f000044c000), &(0x7f0000837000), &(0x7f0000000000)) 2018/04/07 08:43:00 executing program 6: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1000004, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x2, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000001ffb)) 2018/04/07 08:43:00 executing program 7: r0 = perf_event_open(&(0x7f000057c000)={0x2, 0x78, 0x48}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00009c8000)="636c6561725f72656673007edb") writev(r1, &(0x7f0000b97000)=[{&(0x7f00000e9000)='4', 0x1}], 0x1) fadvise64(r0, 0x0, 0x0, 0x0) 2018/04/07 08:43:00 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000000), &(0x7f0000d11000)=0xffffffffffffffa4) 2018/04/07 08:43:00 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000ea5000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) 2018/04/07 08:43:00 executing program 4: getxattr(&(0x7f0000000000)='..', &(0x7f0000000040)=@known='security.selinux\x00', &(0x7f0000000080)=""/82, 0x52) 2018/04/07 08:43:01 executing program 6: mmap(&(0x7f0000000000/0xf82000)=nil, 0xf82000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) epoll_pwait(r0, &(0x7f0000a1efac)=[{}], 0x1, 0x0, &(0x7f0000bbfff8), 0x8) 2018/04/07 08:43:01 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x5, 0x7, 0x4, 0x3}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000040), &(0x7f00000000c0)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000040)}, 0x10) 2018/04/07 08:43:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f0000020ff0)={&(0x7f000001f000)=@ipv6_newroute={0x38, 0x18, 0x781a241f, 0xffffffffffffffff, 0xffffffffffffffff, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@RTA_MULTIPATH={0x1c, 0x9, [{0x9}, {}, {}]}]}, 0x38}, 0x1}, 0x0) 2018/04/07 08:43:01 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000cfeff8)='./file1\x00', &(0x7f00000afff8)='./file0\x00', &(0x7f0000f32000)='tmpfs\x00', 0x0, &(0x7f00006c6fee)=',') 2018/04/07 08:43:01 executing program 4: r0 = socket(0x18, 0x0, 0x1) r1 = socket(0x18, 0x0, 0x3) dup2(r0, r1) 2018/04/07 08:43:01 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x5, 0x9, 0x4, 0x3}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000040), &(0x7f00000000c0)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000040)}, 0x10) 2018/04/07 08:43:01 executing program 7: mkdir(&(0x7f000063543e)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000a9eff8)='./file0\x00', &(0x7f00007fcffa)='ramfs\x00', 0x31d406, &(0x7f000000a000)) chroot(&(0x7f0000fddff8)='./file0\x00') mount(&(0x7f0000adcff8)='./file0\x00', &(0x7f00009a2ff8)='./file0\x00', &(0x7f0000ab4000)='qnx6\x00', 0x2003002, 0x0) pivot_root(&(0x7f0000359ff8)='./file0\x00', &(0x7f00007d7ff8)='./file0\x00') 2018/04/07 08:43:01 executing program 6: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f0000011ff0)={0x77359400}, &(0x7f0000000000)={0x0}) timer_create(0x2, &(0x7f0000000040)={0x0, 0x0, 0x1, @thr={&(0x7f0000003f6d), &(0x7f0000003f5f)}}, &(0x7f0000000ffc)) timer_settime(0x0, 0x0, &(0x7f0000004fe0)={{}, {r0}}, &(0x7f0000003fe0)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, &(0x7f0000000080)) 2018/04/07 08:43:01 executing program 5: r0 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$inet6_int(r0, 0x29, 0xcf, &(0x7f0000c82ffc), &(0x7f0000000000)=0x4) 2018/04/07 08:43:01 executing program 3: mbind(&(0x7f0000459000/0x3000)=nil, 0x3000, 0x3, &(0x7f0000515ff8)=0xcbb, 0x7, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x3, &(0x7f0000000040)=0x3, 0x2, 0x0) 2018/04/07 08:43:01 executing program 5: mmap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x0, 0x6132, 0xffffffffffffffff, 0x0) mremap(&(0x7f00006bd000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000062000/0x3000)=nil) munmap(&(0x7f0000062000/0x1000)=nil, 0x1000) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000062000)='/dev/input/event#\x00', 0x0, 0x0) 2018/04/07 08:43:01 executing program 6: mmap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x0, 0x6132, 0xffffffffffffffff, 0x0) mremap(&(0x7f00006bd000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000062000/0x3000)=nil) munmap(&(0x7f0000061000/0x3000)=nil, 0x3000) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000062000)='/dev/input/event#\x00', 0x0, 0x0) 2018/04/07 08:43:01 executing program 7: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000024000/0xc00000)=nil, 0xc00000, 0x8001, &(0x7f0000c28000)=0x800003f, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000531000)='numa_maps\x00') sendfile(r0, r0, &(0x7f00009c7000)=0x400000, 0x400000ff) 2018/04/07 08:43:02 executing program 0: getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000000)={0x0, 0x1ffe000}, &(0x7f0000000040)=0x8) r0 = syz_open_dev$loop(&(0x7f000002e000)='/dev/loop#\x00', 0x0, 0x1) ioctl(r0, 0x440100000000127f, &(0x7f0000000000)) 2018/04/07 08:43:02 executing program 3: perf_event_open(&(0x7f0000000000)={0x6, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x918, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/07 08:43:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x10, &(0x7f0000000000)="18000300000001000000be5efecd883600000802030000080000060063640002b900107401011c6900bb77a107567e5b07000000000000000097ec67a1e2040049fc2d63e0000000000014000a00000000130000c88ebbfd06010000ad000000000000061475d72203000700ecf48b05000000e7ec75e848ccfbf6ba00b3b40f0000c62cc6e96c7a442ef629cd7ed089f74164536dab653670786eaec0ef151332450f779c4865c287b7e75a2af1b8fc393d2696b8c3ba5aea6096f201cd7eaf", 0xc0) 2018/04/07 08:43:02 executing program 2: r0 = socket(0x1e, 0x1, 0x0) mmap(&(0x7f00004ad000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) getsockopt(r0, 0x800000010f, 0x0, &(0x7f00004ad000), &(0x7f00004ad000)) 2018/04/07 08:43:02 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00002d2ff8)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) fcntl$lock(r1, 0x7, &(0x7f00001aa000)) fcntl$lock(r1, 0x400000000000007, &(0x7f0000a2e000)={0x1, 0x0, 0x0, 0x8}) fcntl$lock(r0, 0x7, &(0x7f0000dd7fe0)) 2018/04/07 08:43:02 executing program 5: perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f00002d3000)={0x0}) futimesat(0xffffffffffffffff, &(0x7f0000986ff8)='./file0\x00', &(0x7f0000985000)={{}, {r0}}) sigaltstack(&(0x7f0000985000/0x1000)=nil, &(0x7f0000000ff8)) sigaltstack(&(0x7f0000985000/0x1000)=nil, &(0x7f0000000000)) 2018/04/07 08:43:02 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='gid_map\x00') writev(r0, &(0x7f0000b97000)=[{&(0x7f0000962000)='5', 0x1}], 0x1) 2018/04/07 08:43:02 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000f35000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) accept(r0, 0x0, &(0x7f0000000000)) r1 = accept$alg(r0, 0x0, 0x0) close(r1) 2018/04/07 08:43:02 executing program 6: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xd, &(0x7f0000000000), 0x4) 2018/04/07 08:43:02 executing program 1: r0 = socket(0x2, 0x3, 0x1) getsockopt(r0, 0xff, 0x1, &(0x7f0000000000), &(0x7f0000000000)=0xfffffffffffffdb3) 2018/04/07 08:43:02 executing program 0: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000c54ff8)='./file0\x00', &(0x7f0000269000)='./file0\x00', &(0x7f0000d9fffa)='msdos\x00', 0x1000, 0x0) chdir(&(0x7f00003f7000)='./file0\x00') umount2(&(0x7f00003bafff)='.', 0x2) getcwd(&(0x7f0000000000), 0xffffffffffffff0c) 2018/04/07 08:43:02 executing program 2: rt_sigprocmask(0x0, &(0x7f0000a9a000)={0xfffffffffffffffe}, 0x0, 0x8) setrlimit(0x1, &(0x7f0000011000)) r0 = memfd_create(&(0x7f0000332000)=',mime_typebdev(\x00', 0x0) ftruncate(r0, 0x4) rt_sigtimedwait(&(0x7f0000000000)={0x2ff86539}, 0x0, &(0x7f0000000040), 0x8) 2018/04/07 08:43:02 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000016ffc), 0x4) write(r1, &(0x7f000001b000)='U', 0x1) read(r0, &(0x7f0000000000)=""/114, 0x72) 2018/04/07 08:43:02 executing program 5: r0 = socket(0x1000000010, 0x802, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000000)=""/113, &(0x7f0000000080)=0x1) 2018/04/07 08:43:02 executing program 4: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000c54ff8)='./file0\x00', &(0x7f0000269000)='./file0\x00', &(0x7f0000d9fffa)='msdos\x00', 0x1000, 0x0) chdir(&(0x7f00003f7000)='./file0\x00') umount2(&(0x7f00003bafff)='.', 0x0) 2018/04/07 08:43:02 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f00002f8ff6)='ns\x00') getdents(r0, &(0x7f0000f1af86)=""/122, 0x7a) getdents64(r0, &(0x7f000050cfc6)=""/58, 0x3a) 2018/04/07 08:43:02 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000000)='dev ', 0x0) ftruncate(r2, 0x40001) sendfile(r1, r2, &(0x7f0000001000), 0x400000000fee) recvmmsg(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)=@nfc, 0x0, &(0x7f0000000940)=[{&(0x7f0000000880)=""/123}], 0x0, &(0x7f0000000680)=""/108}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000700)=""/164}], 0x3c3}, 0x3}], 0x1b1, 0x0, 0x0) 2018/04/07 08:43:02 executing program 1: r0 = syz_open_dev$random(&(0x7f0000001000)='/dev/random\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000003ff4)={0x4}) epoll_pwait(r1, &(0x7f0000046ff4)=[{}], 0x1, 0x0, &(0x7f0000000000), 0x8) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffff9c, 0xc00c642e, &(0x7f0000000040)={0x0, 0x80000, 0xffffffffffffff9c}) ioctl$DRM_IOCTL_AGP_RELEASE(r2, 0x6431) poll(&(0x7f0000000040)=[{r1, 0x4080}, {r0, 0x1610}, {r1, 0x1}, {r1, 0x1000}], 0x4, 0x4) 2018/04/07 08:43:02 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000212ff8)='./file0\x00', &(0x7f000078eff8)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000653fff)) r0 = creat(&(0x7f0000015ff4)='./file0/bus\x00', 0x0) mq_notify(r0, &(0x7f0000477fa0)={0x0, 0x0, 0x0, @thr={&(0x7f0000bc8000), &(0x7f0000589000)}}) close(r0) 2018/04/07 08:43:02 executing program 6: perf_event_open(&(0x7f0000271000)={0x20000000002, 0x78, 0x0, 0x80000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000057c000)={0x2, 0x78, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000000), &(0x7f000073fffc), &(0x7f0000f85ffc), &(0x7f0000c22000)) 2018/04/07 08:43:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x6) sendmsg$nl_generic(r0, &(0x7f0000010000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000015ff0)={&(0x7f0000000100)={0x4c, 0x20, 0xafb, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@generic="e23f1559364cea5a92c3c307b8db40b00b340519e15dc88c7c8ed2b3a653a42467ae9cc84595df504a120b29de4d15897c12370748"]}, 0x4c}, 0x1}, 0x0) 2018/04/07 08:43:02 executing program 5: r0 = socket(0x2, 0x3, 0x1) getsockopt(r0, 0xff, 0x1, &(0x7f000091b000), &(0x7f0000000000)=0xfd42) 2018/04/07 08:43:02 executing program 0: r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x43, &(0x7f0000000000), 0x0) 2018/04/07 08:43:02 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x9) close(r0) 2018/04/07 08:43:02 executing program 1: r0 = socket(0x1e, 0x1, 0x0) getsockopt(r0, 0x10f, 0x82, &(0x7f0000000000)=""/4, &(0x7f0000000ffc)=0xffffffda) 2018/04/07 08:43:02 executing program 4: mkdir(&(0x7f0000639000)='./file0\x00', 0x0) clone(0x0, &(0x7f0000a60fbd), &(0x7f00004d7000), &(0x7f00005f0ffc), &(0x7f00001ba000)) lremovexattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@known='system.posix_acl_access\x00') 2018/04/07 08:43:02 executing program 2: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000001fe8)={0x0, 0x0, 0x3f}) capset(&(0x7f0000b43000)={0x19980330}, &(0x7f00006ecfe8)) 2018/04/07 08:43:02 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000016ffc), 0x4) write(r1, &(0x7f0000435ffb), 0x0) readv(r0, &(0x7f00006e4ff8)=[{&(0x7f0000649f35)=""/203, 0xcb}], 0x1) close(0xffffffffffffffff) [ 60.826382] capability: warning: `syz-executor2' uses 32-bit capabilities (legacy support in use) [ 61.329076] ================================================================== [ 61.336486] BUG: KMSAN: uninit-value in _copy_to_iter+0x1bb3/0x28f0 [ 61.342883] CPU: 1 PID: 5300 Comm: syz-executor3 Not tainted 4.16.0+ #81 [ 61.349697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.359035] Call Trace: [ 61.361611] dump_stack+0x185/0x1d0 [ 61.365217] ? kmsan_internal_check_memory+0x145/0x1d0 [ 61.370470] kmsan_report+0x142/0x240 [ 61.374250] kmsan_internal_check_memory+0x164/0x1d0 [ 61.379330] kmsan_copy_to_user+0x69/0x160 [ 61.383553] ? skb_copy_datagram_iter+0x443/0xf70 [ 61.388388] _copy_to_iter+0x1bb3/0x28f0 [ 61.392428] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 61.397869] ? __skb_try_recv_from_queue+0xc74/0xe80 [ 61.402966] skb_copy_datagram_iter+0x443/0xf70 [ 61.407617] unix_dgram_recvmsg+0xc3f/0x1940 [ 61.412013] unix_seqpacket_recvmsg+0x11a/0x180 [ 61.416671] sock_recvmsg_nosec+0x109/0x140 [ 61.420971] ? unix_seqpacket_sendmsg+0x2d0/0x2d0 [ 61.425794] ___sys_recvmsg+0x3fb/0x810 [ 61.429748] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.434395] ? _cond_resched+0x3c/0xd0 [ 61.438260] ? rcu_all_qs+0x32/0x1f0 [ 61.441949] ? _cond_resched+0x3c/0xd0 [ 61.445819] ? __sys_recvmmsg+0x908/0xdb0 [ 61.449952] ? rcu_all_qs+0x32/0x1f0 [ 61.453647] __sys_recvmmsg+0x54e/0xdb0 [ 61.457605] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.462253] SYSC_recvmmsg+0x212/0x3e0 [ 61.466119] ? SYSC_ioctl+0x233/0x260 [ 61.469899] SyS_recvmmsg+0x76/0xa0 [ 61.473723] do_syscall_64+0x309/0x430 [ 61.477598] ? __sys_recvmmsg+0xdb0/0xdb0 [ 61.481726] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.486891] RIP: 0033:0x455259 [ 61.490062] RSP: 002b:00007fa4275fac68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 61.497747] RAX: ffffffffffffffda RBX: 00007fa4275fb6d4 RCX: 0000000000455259 [ 61.504992] RDX: 00000000000001b1 RSI: 0000000020000800 RDI: 0000000000000013 [ 61.512240] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 61.519484] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.526732] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000001 [ 61.533990] [ 61.535599] Uninit was stored to memory at: [ 61.539920] kmsan_internal_chain_origin+0x12b/0x210 [ 61.545158] kmsan_memcpy_origins+0x11d/0x170 [ 61.549641] __msan_memcpy+0x19f/0x1f0 [ 61.553506] _copy_from_iter+0xefb/0x1d40 [ 61.557631] skb_copy_datagram_from_iter+0x1ff/0xcc0 [ 61.562712] unix_dgram_sendmsg+0xdce/0x3610 [ 61.567097] unix_seqpacket_sendmsg+0x262/0x2d0 [ 61.571759] kernel_sendmsg+0x228/0x2d0 [ 61.575710] sock_no_sendpage+0x1c8/0x250 [ 61.579831] sock_sendpage+0x1de/0x2c0 [ 61.583698] pipe_to_sendpage+0x31b/0x430 [ 61.587821] __splice_from_pipe+0x49a/0xf30 [ 61.592116] generic_splice_sendpage+0x1c6/0x2a0 [ 61.596849] direct_splice_actor+0x19b/0x200 [ 61.601238] splice_direct_to_actor+0x764/0x1040 [ 61.605969] do_splice_direct+0x335/0x540 [ 61.610094] do_sendfile+0x1067/0x1e40 [ 61.613962] SYSC_sendfile64+0x1b3/0x300 [ 61.618003] SyS_sendfile64+0x64/0x90 [ 61.621784] do_syscall_64+0x309/0x430 [ 61.625664] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.630825] Uninit was created at: [ 61.634338] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 61.639347] kmsan_alloc_page+0x82/0xe0 [ 61.643301] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 61.648038] alloc_pages_vma+0xcc8/0x1800 [ 61.652163] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 61.657154] shmem_getpage_gfp+0x35db/0x5770 [ 61.661538] shmem_file_read_iter+0x508/0x1180 [ 61.666094] generic_file_splice_read+0x4e8/0x830 [ 61.670913] splice_direct_to_actor+0x4c6/0x1040 [ 61.675646] do_splice_direct+0x335/0x540 [ 61.679769] do_sendfile+0x1067/0x1e40 [ 61.683631] SYSC_sendfile64+0x1b3/0x300 [ 61.687668] SyS_sendfile64+0x64/0x90 [ 61.691441] do_syscall_64+0x309/0x430 [ 61.695324] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.700481] [ 61.702084] Bytes 0-962 of 963 are uninitialized [ 61.706808] ================================================================== [ 61.714138] Disabling lock debugging due to kernel taint [ 61.719560] Kernel panic - not syncing: panic_on_warn set ... [ 61.719560] [ 61.726896] CPU: 1 PID: 5300 Comm: syz-executor3 Tainted: G B 4.16.0+ #81 [ 61.735014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.744347] Call Trace: [ 61.746919] dump_stack+0x185/0x1d0 [ 61.750523] panic+0x39d/0x940 [ 61.753699] ? kmsan_internal_check_memory+0x145/0x1d0 [ 61.758950] kmsan_report+0x238/0x240 [ 61.762728] kmsan_internal_check_memory+0x164/0x1d0 [ 61.767805] kmsan_copy_to_user+0x69/0x160 [ 61.772022] ? skb_copy_datagram_iter+0x443/0xf70 [ 61.776852] _copy_to_iter+0x1bb3/0x28f0 [ 61.780898] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 61.786334] ? __skb_try_recv_from_queue+0xc74/0xe80 [ 61.791420] skb_copy_datagram_iter+0x443/0xf70 [ 61.796076] unix_dgram_recvmsg+0xc3f/0x1940 [ 61.800466] unix_seqpacket_recvmsg+0x11a/0x180 [ 61.805113] sock_recvmsg_nosec+0x109/0x140 [ 61.809409] ? unix_seqpacket_sendmsg+0x2d0/0x2d0 [ 61.814228] ___sys_recvmsg+0x3fb/0x810 [ 61.818187] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.822832] ? _cond_resched+0x3c/0xd0 [ 61.826694] ? rcu_all_qs+0x32/0x1f0 [ 61.830382] ? _cond_resched+0x3c/0xd0 [ 61.834249] ? __sys_recvmmsg+0x908/0xdb0 [ 61.838373] ? rcu_all_qs+0x32/0x1f0 [ 61.842064] __sys_recvmmsg+0x54e/0xdb0 [ 61.846028] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.850682] SYSC_recvmmsg+0x212/0x3e0 [ 61.854548] ? SYSC_ioctl+0x233/0x260 [ 61.858325] SyS_recvmmsg+0x76/0xa0 [ 61.861928] do_syscall_64+0x309/0x430 [ 61.865794] ? __sys_recvmmsg+0xdb0/0xdb0 [ 61.869924] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.875090] RIP: 0033:0x455259 [ 61.878253] RSP: 002b:00007fa4275fac68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 61.885940] RAX: ffffffffffffffda RBX: 00007fa4275fb6d4 RCX: 0000000000455259 [ 61.893184] RDX: 00000000000001b1 RSI: 0000000020000800 RDI: 0000000000000013 [ 61.900429] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 61.907687] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.914931] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000001 [ 61.922621] Dumping ftrace buffer: [ 61.926152] (ftrace buffer empty) [ 61.929838] Kernel Offset: disabled [ 61.933443] Rebooting in 86400 seconds..