INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2018/04/08 16:38:43 fuzzer started 2018/04/08 16:38:44 dialing manager at 10.128.0.26:40033 2018/04/08 16:38:50 kcov=true, comps=false 2018/04/08 16:38:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000220001614df77e9ebb2f6f1b0400000008001100a72fa8f23098c0772be68aa87881666dd2f2f9e599aafc3c645bc8080370d350a014e8583a3e478a7064e460440de4ae792447a8853c65fe4ae358fd7d4f3a193a298e469e1673cd15693ebcafb674385f092e4906ff16971dd80adcb42a4fb15e98bb46030f68fd9f9b28e418652112c9fa28a2b8a391613efa3c86ae12c6bd23a5d651a545481695fb0d27e88ca53410dd980ef509b977931d148ee732045866c8f8121ae8cfe3e7e43d3370a358b1bb45598eb6884944b3"], 0x1}, 0x1}, 0x0) 2018/04/08 16:38:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000001c00070f000000000000000007000000", @ANYBLOB="0000ff000a000200aaaaffaaaaaa0000"], 0x2}, 0x1}, 0x0) 2018/04/08 16:38:53 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@remote={0xfe, 0x80, [], 0xbb}, @in6=@loopback={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14}, 0x0, 0x2b}, 0x0, @in=@broadcast=0xffffffff}}, 0xe8) connect$inet6(r0, &(0x7f0000000180)={0xa}, 0x1c) 2018/04/08 16:38:53 executing program 4: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000fdb000)=@filter={'filter\x00', 0xe, 0x4, 0x340, 0xffffffff, 0xd0, 0xd0, 0x1f8, 0xffffffff, 0xffffffff, 0x300, 0x300, 0x300, 0xffffffff, 0x4, &(0x7f0000e9afc0), {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x3a0) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) tee(r1, r0, 0x9, 0x2) 2018/04/08 16:38:53 executing program 7: r0 = socket$inet6(0xa, 0x805, 0x0) connect$inet6(r0, &(0x7f00006f7000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x1}, 0x1c) 2018/04/08 16:38:53 executing program 5: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}}}, {{0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}}}]}, 0x18c) 2018/04/08 16:38:53 executing program 6: r0 = socket(0x10, 0x3, 0x0) writev(r0, &(0x7f0000011ff0)=[{&(0x7f00000000c0)="390000001300090465070075af30b500000000400400000046000107000000141900040004000000000311b2e5bacc540d02b7282198ccb91a", 0x39}], 0x1) 2018/04/08 16:38:53 executing program 3: sendmsg$netlink(0xffffffffffffffff, &(0x7f000005cfe4)={&(0x7f000003fff4)=@proc={0x10}, 0xc, &(0x7f000002dfe0)=[{&(0x7f000005c000)=ANY=[@ANYBLOB="900000ff"], 0x1}], 0x1}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$int_out(r0, 0x1, &(0x7f000005bffc)) syzkaller login: [ 41.782959] ip (3761) used greatest stack depth: 54672 bytes left [ 42.470232] ip (3827) used greatest stack depth: 54408 bytes left [ 43.470258] ip (3922) used greatest stack depth: 54200 bytes left [ 45.386130] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.491616] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.514751] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.590346] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.633684] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.746655] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.788805] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.881651] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.466143] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.547139] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.574159] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.717507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.730969] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.941507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.995747] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.009785] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.211209] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.217483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.226638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.324741] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.331169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.346723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.436418] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.442734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.457744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.492174] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.498452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.509884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.593204] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.599477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.612626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.733092] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.739410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.754694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.844855] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.851221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.862681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.901100] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.907703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.917893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.978548] netlink: 'syz-executor6': attribute type 4 has an invalid length. [ 56.986013] bridge0: Invalid MTU 4 requested, hw min 68 2018/04/08 16:39:11 executing program 0: 2018/04/08 16:39:11 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f00000000c0)={0x3, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe}) 2018/04/08 16:39:11 executing program 2: 2018/04/08 16:39:11 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0) 2018/04/08 16:39:11 executing program 5: 2018/04/08 16:39:11 executing program 7: 2018/04/08 16:39:11 executing program 3: 2018/04/08 16:39:11 executing program 6: 2018/04/08 16:39:11 executing program 2: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) readv(r0, &(0x7f0000000640)=[{&(0x7f0000000240)=""/44, 0x2c}, {&(0x7f0000000540)=""/111, 0x6f}], 0x2) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f000000e000)={&(0x7f0000000080)={0x14, 0x1c, 0xfffffffffffffffd, 0x0, 0x0, {0x1}}, 0x14}, 0x1}, 0x0) 2018/04/08 16:39:11 executing program 0: 2018/04/08 16:39:11 executing program 5: 2018/04/08 16:39:11 executing program 3: 2018/04/08 16:39:11 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'syz_tun\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000001c00070f000000000000000007000000", @ANYBLOB="1900ff000a000200aaaaaaaaaaaa0000b9f40946071194ccd0769ae4be0737e86be4b9517b88a3d36e9ce99794c142127b0a6f759a02c048257e9c1a9f56c2a64df15019e75e2936efe9cea321930ce39a37c750e349dc593d686f7da30317184236f903e7d4c31ab54901"], 0x2}, 0x1}, 0x0) 2018/04/08 16:39:11 executing program 6: 2018/04/08 16:39:11 executing program 4: 2018/04/08 16:39:11 executing program 1: 2018/04/08 16:39:11 executing program 0: 2018/04/08 16:39:11 executing program 5: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x7, 0x38}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000000080)) gettid() 2018/04/08 16:39:11 executing program 6: epoll_create1(0x0) socket$unix(0x1, 0x2, 0x0) mq_open(&(0x7f000004b000)='/$cgrouplo\x00', 0x0, 0x0, &(0x7f000004b000)={0x7ffffffc}) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f00007fbfc0), &(0x7f0000f22000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000553ff8), 0x8}) 2018/04/08 16:39:11 executing program 1: 2018/04/08 16:39:11 executing program 3: 2018/04/08 16:39:11 executing program 4: 2018/04/08 16:39:11 executing program 7: 2018/04/08 16:39:11 executing program 0: 2018/04/08 16:39:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000001c00070f000000000000000007000000", @ANYBLOB="0000ff000a00020009aaaaaaaaaa0000"], 0x2}, 0x1}, 0x0) 2018/04/08 16:39:12 executing program 5: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x7, 0x38}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp(0x2, 0x2, 0x1, &(0x7f0000000080)) gettid() 2018/04/08 16:39:12 executing program 3: 2018/04/08 16:39:12 executing program 1: 2018/04/08 16:39:12 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000400000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f00009f1000)='G', 0x1, 0x0, &(0x7f0000108fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendmmsg(r0, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000001c0)="b2", 0x1}], 0x1, &(0x7f00000003c0)}}], 0x1, 0x0) 2018/04/08 16:39:12 executing program 7: syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @link_local={0x1, 0x80, 0xc2}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0xffffa888, 0x0, @dev={0xac, 0x14, 0x14}, @remote={0xac, 0x14, 0x14, 0xbb}}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000)) 2018/04/08 16:39:12 executing program 6: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f000000cfe4)={0xa}, 0x1c) 2018/04/08 16:39:12 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.2MB.failcnt\x00', 0x2, 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00000000c0)='K', 0x1}], 0x1, 0x0) 2018/04/08 16:39:12 executing program 1: syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @link_local={0x1, 0x80, 0xc2}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x689, 0x0, @dev={0xac, 0x14, 0x14}, @remote={0xac, 0x14, 0x14, 0xbb}}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000)) 2018/04/08 16:39:12 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000c26000)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='scalable\x00', 0x3d1) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x800000020000000, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff}, 0x14) sendto$inet(r0, &(0x7f0000000140)="ae", 0x1, 0x0, &(0x7f0000000000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) 2018/04/08 16:39:12 executing program 7: 2018/04/08 16:39:12 executing program 6: 2018/04/08 16:39:12 executing program 0: 2018/04/08 16:39:12 executing program 4: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1=0xe0000001}, @igmp={0x14, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, "000000081e84d84b2db57b8a0af02ad8c4fda114"}}}}}, &(0x7f0000aed000)) 2018/04/08 16:39:12 executing program 2: 2018/04/08 16:39:12 executing program 1: 2018/04/08 16:39:12 executing program 5: 2018/04/08 16:39:12 executing program 6: 2018/04/08 16:39:12 executing program 7: 2018/04/08 16:39:12 executing program 0: mq_open(&(0x7f0000000100)='.user^!\x00', 0x0, 0x0, &(0x7f0000000140)) 2018/04/08 16:39:12 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000573fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl(r0, 0x800000080004531, &(0x7f0000979000)) 2018/04/08 16:39:13 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="d179f2508fb13583605d0008a230e7a657f9cc6e", 0x14) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000036c0)=[{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000640)="3e59fe04bae75cfd14f526e0acc3c48c", 0x10}], 0x1}], 0x1, 0x0) recvmsg(r1, &(0x7f00000001c0)={&(0x7f0000000140)=@nfc_llcp, 0x80, &(0x7f0000000200)=[{&(0x7f0000000300)=""/88, 0x1e}], 0x1, &(0x7f00009f2000)=""/190, 0xbe}, 0x0) 2018/04/08 16:39:13 executing program 6: request_key(&(0x7f00000003c0)='user\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000440)='\x00', 0xffffffffffffffff) 2018/04/08 16:39:13 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000001f88)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000bf0000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mmap(&(0x7f0000941000/0x2000)=nil, 0x2000, 0x0, 0x4011, r0, 0x0) 2018/04/08 16:39:13 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000017000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f000000d379)={&(0x7f0000000140)=ANY=[@ANYBLOB="2400000026000103000000000000000000000035ceca246581fe40fe0d55cc7d9423359cb52365f74f9cbb2c58d972d597b23c89af34c2a12bc8794c1f455d92402f03e41e7f54c9cb097aed3144174b9e2bc700161308b3052263f9938e947c3b2915"], 0x1}, 0x1}, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f0000000100)=""/31, 0xb2}], 0x1) [ 59.280672] ================================================================== [ 59.288086] BUG: KMSAN: uninit-value in gcmaes_decrypt+0x2ec/0xea0 [ 59.294400] CPU: 1 PID: 5198 Comm: syz-executor1 Not tainted 4.16.0+ #82 [ 59.301225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.310558] Call Trace: [ 59.313137] dump_stack+0x185/0x1d0 [ 59.316751] ? gcmaes_decrypt+0x2ec/0xea0 [ 59.320880] kmsan_report+0x142/0x240 [ 59.324663] __msan_warning_32+0x6c/0xb0 [ 59.328762] gcmaes_decrypt+0x2ec/0xea0 [ 59.332730] generic_gcmaes_decrypt+0x181/0x1e0 [ 59.337399] ? generic_gcmaes_encrypt+0x1e0/0x1e0 [ 59.342234] gcmaes_wrapper_decrypt+0x2f5/0x340 [ 59.346892] ? gcmaes_wrapper_encrypt+0x2d0/0x2d0 [ 59.351725] crypto_rfc4543_crypt+0xaec/0xb40 [ 59.356210] ? crypto_has_alg+0x280/0x280 [ 59.360630] crypto_rfc4543_decrypt+0x47/0x50 [ 59.365121] ? crypto_rfc4543_encrypt+0x60/0x60 [ 59.369787] aead_recvmsg+0x25b5/0x2960 [ 59.373765] sock_recvmsg+0x1d0/0x230 [ 59.377552] ? aead_sendmsg+0x1b0/0x1b0 [ 59.381511] ___sys_recvmsg+0x3fb/0x810 [ 59.385474] ? __fget_light+0x56/0x710 [ 59.389339] ? __fdget+0x4e/0x60 [ 59.392726] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.398087] ? __fget_light+0x6b9/0x710 [ 59.402064] SYSC_recvmsg+0x298/0x3c0 [ 59.405859] SyS_recvmsg+0x54/0x80 [ 59.409384] do_syscall_64+0x309/0x430 [ 59.413256] ? ___sys_recvmsg+0x810/0x810 [ 59.417403] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.422669] RIP: 0033:0x455259 [ 59.425842] RSP: 002b:00007f96eb8f5c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 59.433535] RAX: ffffffffffffffda RBX: 00007f96eb8f66d4 RCX: 0000000000455259 [ 59.440784] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000014 [ 59.448043] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.455298] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.462553] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 59.469806] [ 59.471411] Uninit was created at: [ 59.474936] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 59.480106] kmsan_kmalloc+0x94/0x100 [ 59.483886] __kmalloc+0x23c/0x350 [ 59.487411] sock_kmalloc+0x14e/0x270 [ 59.491209] af_alg_alloc_areq+0x85/0x320 [ 59.495342] aead_recvmsg+0x65a/0x2960 [ 59.499210] sock_recvmsg+0x1d0/0x230 [ 59.502992] ___sys_recvmsg+0x3fb/0x810 [ 59.506970] SYSC_recvmsg+0x298/0x3c0 [ 59.510767] SyS_recvmsg+0x54/0x80 [ 59.514293] do_syscall_64+0x309/0x430 [ 59.518161] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.523323] ================================================================== [ 59.530657] Disabling lock debugging due to kernel taint [ 59.536096] Kernel panic - not syncing: panic_on_warn set ... [ 59.536096] [ 59.543453] CPU: 1 PID: 5198 Comm: syz-executor1 Tainted: G B 4.16.0+ #82 [ 59.551569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.560905] Call Trace: [ 59.563481] dump_stack+0x185/0x1d0 [ 59.567098] panic+0x39d/0x940 [ 59.570282] ? gcmaes_decrypt+0x2ec/0xea0 [ 59.574412] kmsan_report+0x238/0x240 [ 59.578194] __msan_warning_32+0x6c/0xb0 [ 59.582246] gcmaes_decrypt+0x2ec/0xea0 [ 59.586220] generic_gcmaes_decrypt+0x181/0x1e0 [ 59.590872] ? generic_gcmaes_encrypt+0x1e0/0x1e0 [ 59.595696] gcmaes_wrapper_decrypt+0x2f5/0x340 [ 59.600361] ? gcmaes_wrapper_encrypt+0x2d0/0x2d0 [ 59.605190] crypto_rfc4543_crypt+0xaec/0xb40 [ 59.609664] ? crypto_has_alg+0x280/0x280 [ 59.613797] crypto_rfc4543_decrypt+0x47/0x50 [ 59.618290] ? crypto_rfc4543_encrypt+0x60/0x60 [ 59.622953] aead_recvmsg+0x25b5/0x2960 [ 59.626936] sock_recvmsg+0x1d0/0x230 [ 59.630723] ? aead_sendmsg+0x1b0/0x1b0 [ 59.634690] ___sys_recvmsg+0x3fb/0x810 [ 59.638660] ? __fget_light+0x56/0x710 [ 59.642534] ? __fdget+0x4e/0x60 [ 59.645892] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.651237] ? __fget_light+0x6b9/0x710 [ 59.655201] SYSC_recvmsg+0x298/0x3c0 [ 59.658989] SyS_recvmsg+0x54/0x80 [ 59.662523] do_syscall_64+0x309/0x430 [ 59.666402] ? ___sys_recvmsg+0x810/0x810 [ 59.670543] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.675721] RIP: 0033:0x455259 [ 59.678889] RSP: 002b:00007f96eb8f5c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 59.686582] RAX: ffffffffffffffda RBX: 00007f96eb8f66d4 RCX: 0000000000455259 [ 59.693849] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000014 [ 59.701107] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.708363] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.715628] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 59.723393] Dumping ftrace buffer: [ 59.726920] (ftrace buffer empty) [ 59.730603] Kernel Offset: disabled [ 59.734208] Rebooting in 86400 seconds..