INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. 2018/04/09 20:50:33 fuzzer started 2018/04/09 20:50:34 dialing manager at 10.128.0.26:36427 2018/04/09 20:50:40 kcov=true, comps=false 2018/04/09 20:50:43 executing program 0: 2018/04/09 20:50:43 executing program 1: 2018/04/09 20:50:43 executing program 7: 2018/04/09 20:50:43 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f00000002c0)={0x10}, 0xc) sendmmsg(r0, &(0x7f0000008780)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001480)="0ee53b984ef9729d7e2ba1479ae0da52", 0x10}], 0x1, &(0x7f0000001540)}}, {{&(0x7f0000007100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x80, &(0x7f0000007180), 0x0, &(0x7f00000071c0)}}], 0x2, 0x0) 2018/04/09 20:50:43 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)=@delneigh={0x1c, 0x1d, 0x801}, 0x1c}, 0x1}, 0x0) 2018/04/09 20:50:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@ipmr_getroute={0x14, 0x1a, 0x101, 0x0, 0x0, {0x80}}, 0x14}, 0x1}, 0x0) 2018/04/09 20:50:43 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000a44000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0) r3 = dup3(r1, r0, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x34123610) ftruncate(r1, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180), 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) 2018/04/09 20:50:43 executing program 6: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000176000)="00640001000445") getdents64(r0, &(0x7f0000000df0)=""/528, 0xff95) syzkaller login: [ 46.153015] ip (3779) used greatest stack depth: 54312 bytes left [ 47.376745] ip (3893) used greatest stack depth: 54200 bytes left [ 49.230826] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.311649] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.514502] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.556732] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.598476] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.630356] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.703265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.942812] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.203262] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.339769] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.580869] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.704095] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.724798] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.905533] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.977804] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.984178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.996055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.042766] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.090398] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.096670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.103962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.137128] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.414223] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.420527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.434825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.475620] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.482097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.498965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.530135] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.537372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.554778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.792643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.798991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.811661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.837101] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.854900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.881897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.921918] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.928701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.964731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/09 20:51:00 executing program 7: ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000a00)) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f00000000c0)=0x3, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xfffffffffffffdbc) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ip6_flowlabel\x00') preadv(r0, &(0x7f0000000000), 0x200000000000022b, 0x10000003) socket$packet(0x11, 0x0, 0x300) syz_open_dev$tun(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000100)=""/55, 0x37, 0x0, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000140)={0x400}, &(0x7f0000000240), 0x8) write(0xffffffffffffffff, &(0x7f0000df8fd9), 0x0) 2018/04/09 20:51:00 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000080), 0xfffffffffffffd90, 0x20020003, &(0x7f0000385ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) shutdown(r0, 0x0) 2018/04/09 20:51:00 executing program 1: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x1001}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x304) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'ifb0\x00', 0xa201}) 2018/04/09 20:51:00 executing program 7: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x8, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 2018/04/09 20:51:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000001dfc8)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000007c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000000018000105000000000f0000000a000000000000000000000014000500000000110000001800000065d028c73da8cad5da92909f160000faff02"], 0x1}, 0x1}, 0x0) 2018/04/09 20:51:01 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) recvmsg(0xffffffffffffffff, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0) r2 = dup3(r1, r0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x34123610) ftruncate(r1, 0x0) 2018/04/09 20:51:01 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x8) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000002640)="5b5331d25a71c6a64f00d90720f785f88f9e63f90f76c48feee314083a181eefab2af8a65643ebc8c2b907fdebdd7b6aabd04ebe5b3133ae10d25c8992f969f3462f985649a0d1aeb7d535535fe9ce30e21dc14811cdff61456d7141cc19a8c86d8c80ccc6639cbb396c5307933f3d1c5a346d2d3a47311974a4970abaccab9b06afbdf003eb24b16c82af83155e9b5533db3eeb4e9c0722105fdc7585c77f5238ae3d12f08c8ab6dcf0edb2490a54ac46932250eb853d86d10cff49f40797062fee0affd74773c634", 0xc9}], 0x1, &(0x7f0000003640)}}], 0x1, 0x0) shutdown(r0, 0x1) clock_gettime(0x0, &(0x7f0000004d00)={0x0, 0x0}) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in={{0x2, 0x0, @loopback=0x7f000001}}, 0x0, 0x40, 0x0, "bb7d979a5ee032056dff2fc639ba6368d0d71d898a4e124cf21cd30cb70965e6517b9cd90bda9821886e8cd3637def26f925ad25edc2a48d5320748f0957c324fe23baa6085747576770b4aaa4b7bab6"}, 0xd8) recvmmsg(r0, &(0x7f0000004b00)=[{{&(0x7f0000002500)=@sco, 0x80, &(0x7f0000004340)=[{&(0x7f00000041c0)=""/215, 0xd7}], 0x1, &(0x7f0000000180)=""/186, 0xba}}, {{&(0x7f0000004600)=@nfc_llcp, 0x80, &(0x7f0000004a40), 0x0, &(0x7f0000004ac0)}}], 0x2, 0x0, &(0x7f0000000140)={0x0, r1+30000000}) 2018/04/09 20:51:01 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000000080), 0xfffffffffffffd90, 0x20020003, &(0x7f0000385ff0)={0x2, 0x20000000004e21, @loopback=0x7f000001}, 0x10) recvfrom$inet(r0, &(0x7f0000769f0f)=""/241, 0xfffffffffffffdd4, 0x0, &(0x7f0000497ff0)={0x2, 0x0, @broadcast=0xffffffff}, 0x4e) read(0xffffffffffffffff, &(0x7f00000001c0)=""/252, 0xfc) recvfrom$inet(r0, &(0x7f00000004c0)=""/149, 0xffffffffffffff38, 0x10100, 0x0, 0x0) 2018/04/09 20:51:01 executing program 4: syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000140)={[{@discard_size={'discard', 0x3d, [0x36]}, 0x2c}]}) 2018/04/09 20:51:01 executing program 6: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) close(r0) 2018/04/09 20:51:01 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000a44000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0) r3 = dup3(r1, r0, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x34123610) ftruncate(r1, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180), 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) 2018/04/09 20:51:01 executing program 3: perf_event_open(&(0x7f0000d2af88)={0x2, 0x70, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil) shmctl$IPC_SET(r0, 0x1, &(0x7f0000000300)) 2018/04/09 20:51:01 executing program 0: r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x0, 0x0, 0x101, 0x1}, 0x20) close(r0) 2018/04/09 20:51:01 executing program 3: perf_event_open(&(0x7f0000d2af88)={0x2, 0x70, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil) shmctl$IPC_SET(r0, 0x1, &(0x7f0000000300)) 2018/04/09 20:51:01 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) mmap(&(0x7f0000000000/0xae0000)=nil, 0xae0000, 0xfffffffffffffffe, 0x4d031, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000e77fff), 0xfe31, 0x0, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/09 20:51:02 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000030c0)={&(0x7f0000002e00)={0x10}, 0xc, &(0x7f0000003080)={&(0x7f0000002e40)=@setlink={0x2c, 0x13, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x50a}, [@IFLA_PROTO_DOWN={0x8, 0x27}, @IFLA_IFALIASn={0x4, 0x14}]}, 0x2c}, 0x1}, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000740), &(0x7f0000000780)=0xc) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000b00)=""/160, &(0x7f0000000a40)=0xa0) 2018/04/09 20:51:02 executing program 0: r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x0, 0x0, 0x101, 0x1}, 0x20) close(r0) 2018/04/09 20:51:02 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) mmap(&(0x7f0000000000/0xae0000)=nil, 0xae0000, 0xfffffffffffffffe, 0x4d031, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000e77fff), 0xfe31, 0x0, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/09 20:51:02 executing program 3: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'ifb0\x00', 0xa201}) 2018/04/09 20:51:02 executing program 6: syz_emit_ethernet(0x7b, &(0x7f0000001440)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0xffffff87, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f00000002c0)) 2018/04/09 20:51:02 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000000080), 0xfffffffffffffd90, 0x20020003, &(0x7f0000385ff0)={0x2, 0x20000000004e21, @loopback=0x7f000001}, 0x10) recvfrom$inet(r0, &(0x7f0000769f0f)=""/241, 0xfffffffffffffdd4, 0x0, &(0x7f0000497ff0)={0x2, 0x0, @broadcast=0xffffffff}, 0x4e) read(0xffffffffffffffff, &(0x7f00000001c0)=""/252, 0xfc) recvfrom$inet(r0, &(0x7f00000004c0)=""/149, 0xffffffffffffff38, 0x10100, 0x0, 0x0) 2018/04/09 20:51:02 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000b00)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f0000000580)=ANY=[], 0xfffffce5) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) lseek(r2, 0x10000, 0x3) 2018/04/09 20:51:02 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000a44000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0) r3 = dup3(r1, r0, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x34123610) ftruncate(r1, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180), 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) [ 62.668483] netlink: 'syz-executor4': attribute type 39 has an invalid length. [ 62.692703] netlink: 'syz-executor4': attribute type 39 has an invalid length. 2018/04/09 20:51:02 executing program 6: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f00000d5000)) mknod(&(0x7f0000000200)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f00000affc0), &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='personality\x00') readv(r0, &(0x7f000066dff0)=[{&(0x7f00008ad000)=""/178, 0xb2}], 0x1) r1 = getpid() process_vm_readv(r1, &(0x7f0000de4000)=[{&(0x7f00009e0000)=""/225, 0xe1}], 0x1, &(0x7f0000d65fb8)=[{&(0x7f000082efb5)=""/75, 0x4b}], 0x1, 0x0) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x26102, 0x0) 2018/04/09 20:51:02 executing program 0: r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x0, 0x0, 0x101, 0x1}, 0x20) close(r0) 2018/04/09 20:51:02 executing program 1: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) close(r0) 2018/04/09 20:51:02 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) shutdown(r0, 0x2) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, &(0x7f0000000380), &(0x7f00000003c0), 0x8) 2018/04/09 20:51:02 executing program 3: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'ifb0\x00', 0xa201}) 2018/04/09 20:51:02 executing program 4: add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000140)="a1", 0x1, 0xfffffffffffffffb) 2018/04/09 20:51:03 executing program 0: r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x0, 0x0, 0x101, 0x1}, 0x20) close(r0) 2018/04/09 20:51:03 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0xfa}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp(0x9, 0xfffffffb, 0xfffffffc, &(0x7f0000000180)) 2018/04/09 20:51:03 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8, 0x1b}]}, 0x28}, 0x1}, 0x0) 2018/04/09 20:51:03 executing program 3: perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x4, 0x44031, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/if_inet6\x00') 2018/04/09 20:51:03 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000a44000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0) r3 = dup3(r1, r0, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x34123610) ftruncate(r1, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180), 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) 2018/04/09 20:51:03 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000000080), 0xfffffffffffffd90, 0x20020003, &(0x7f0000385ff0)={0x2, 0x20000000004e21, @loopback=0x7f000001}, 0x10) recvfrom$inet(r0, &(0x7f0000769f0f)=""/241, 0xfffffffffffffdd4, 0x0, &(0x7f0000497ff0)={0x2, 0x0, @broadcast=0xffffffff}, 0x4e) read(0xffffffffffffffff, &(0x7f00000001c0)=""/252, 0xfc) recvfrom$inet(r0, &(0x7f00000004c0)=""/149, 0xffffffffffffff38, 0x10100, 0x0, 0x0) 2018/04/09 20:51:03 executing program 1: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f00000d5000)) mknod(&(0x7f0000000200)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f00000affc0), &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='personality\x00') readv(r0, &(0x7f000066dff0)=[{&(0x7f00008ad000)=""/178, 0xb2}], 0x1) r1 = getpid() process_vm_readv(r1, &(0x7f0000de4000)=[{&(0x7f00009e0000)=""/225, 0xe1}], 0x1, &(0x7f0000d65fb8)=[{&(0x7f000082efb5)=""/75, 0x4b}], 0x1, 0x0) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x26102, 0x0) 2018/04/09 20:51:03 executing program 6: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f00000d5000)) mknod(&(0x7f0000000200)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f00000affc0), &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='personality\x00') readv(r0, &(0x7f000066dff0)=[{&(0x7f00008ad000)=""/178, 0xb2}], 0x1) r1 = getpid() process_vm_readv(r1, &(0x7f0000de4000)=[{&(0x7f00009e0000)=""/225, 0xe1}], 0x1, &(0x7f0000d65fb8)=[{&(0x7f000082efb5)=""/75, 0x4b}], 0x1, 0x0) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x26102, 0x0) 2018/04/09 20:51:03 executing program 0: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000014000)='ramfs\x00', 0x0, &(0x7f0000000000)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f000001effd)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chroot(&(0x7f0000157000)='./file0\x00') umount2(&(0x7f0000000140)='./file0/file0/file0/file0\x00', 0x0) chmod(&(0x7f0000000080)='./file0\x00', 0x0) 2018/04/09 20:51:03 executing program 4: r0 = socket(0xa, 0x1, 0x0) ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x00\x00\x00\b']) ioctl(r0, 0x8918, &(0x7f0000000000)) 2018/04/09 20:51:04 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f000000cfe4)={0xa}, 0x1c) sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[]}}], 0x2, 0x0) 2018/04/09 20:51:04 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000787ff3)='net/anycast6\x00') preadv(r0, &(0x7f000055ff80)=[{&(0x7f00002f0f89)=""/204, 0xcc}], 0x1, 0x0) 2018/04/09 20:51:04 executing program 0: perf_event_open(&(0x7f0000220000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpeername$unix(0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000200)=0x6e) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000000340)="1f0000000104fffffd06000000000000000501000b000100030423ca0000cf", 0x1f) 2018/04/09 20:51:04 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) recvmsg(0xffffffffffffffff, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0) r2 = dup3(r1, r0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x34123610) ftruncate(r1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000000)={0x7, 0xffffffffffffffae, 0x1000, 0x1}, 0x14) 2018/04/09 20:51:04 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000265ff7)='/dev/sg#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0x2284, &(0x7f000097e000)) [ 64.709179] ================================================================== [ 64.716703] BUG: KMSAN: uninit-value in copy_page_to_iter+0x754/0x1b70 [ 64.723385] CPU: 0 PID: 5236 Comm: syz-executor6 Not tainted 4.16.0+ #82 [ 64.730231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.739615] Call Trace: [ 64.742230] dump_stack+0x185/0x1d0 [ 64.745878] ? kmsan_internal_check_memory+0x145/0x1d0 [ 64.751170] kmsan_report+0x142/0x240 [ 64.754993] kmsan_internal_check_memory+0x164/0x1d0 [ 64.760204] ? copy_page_to_iter+0x5f6/0x1b70 [ 64.764719] kmsan_copy_to_user+0x69/0x160 [ 64.768971] copy_page_to_iter+0x754/0x1b70 [ 64.773316] process_vm_rw_core+0xf6a/0x1930 [ 64.777751] ? process_vm_rw+0x356/0x500 [ 64.781824] process_vm_rw+0x3d5/0x500 [ 64.785731] ? syscall_return_slowpath+0xe9/0x700 [ 64.790582] ? prepare_exit_to_usermode+0x4a/0x3a0 [ 64.795524] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 64.800981] ? prepare_exit_to_usermode+0x149/0x3a0 [ 64.806016] SYSC_process_vm_readv+0x126/0x140 [ 64.810613] SyS_process_vm_readv+0x8a/0xb0 [ 64.814950] do_syscall_64+0x309/0x430 [ 64.818851] ? s_show+0xe80/0xe80 [ 64.822322] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 64.827509] RIP: 0033:0x455259 [ 64.830698] RSP: 002b:00007f24e2981c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 64.838417] RAX: ffffffffffffffda RBX: 00007f24e29826d4 RCX: 0000000000455259 [ 64.845701] RDX: 0000000000000001 RSI: 0000000020de4000 RDI: 00000000000000b9 [ 64.852979] RBP: 000000000072c010 R08: 0000000000000001 R09: 0000000000000000 [ 64.860256] R10: 0000000020d65fb8 R11: 0000000000000246 R12: 00000000ffffffff [ 64.867530] R13: 0000000000000471 R14: 00000000006f9b38 R15: 0000000000000002 [ 64.874806] [ 64.876432] Uninit was created at: [ 64.879986] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 64.885018] kmsan_alloc_page+0x82/0xe0 [ 64.889013] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 64.893788] alloc_pages_vma+0x1565/0x1800 [ 64.898028] do_huge_pmd_anonymous_page+0xf80/0x2520 [ 64.903148] handle_mm_fault+0x30ba/0x7ba0 [ 64.907389] __do_page_fault+0xec4/0x1a10 [ 64.911543] do_page_fault+0xd3/0x260 [ 64.915352] page_fault+0x25/0x50 [ 64.918815] copy_user_generic_unrolled+0x89/0xc0 [ 64.923758] seq_read+0x1c5f/0x2260 [ 64.927390] do_iter_read+0x880/0xd70 [ 64.931191] do_readv+0x295/0x5f0 [ 64.934647] SYSC_readv+0x9b/0xb0 [ 64.938108] SyS_readv+0x56/0x80 [ 64.941478] do_syscall_64+0x309/0x430 [ 64.945370] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 64.950549] [ 64.952175] Bytes 0-74 of 75 are uninitialized [ 64.956745] ================================================================== [ 64.964095] Disabling lock debugging due to kernel taint [ 64.969542] Kernel panic - not syncing: panic_on_warn set ... [ 64.969542] [ 64.976911] CPU: 0 PID: 5236 Comm: syz-executor6 Tainted: G B 4.16.0+ #82 [ 64.985048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.994406] Call Trace: [ 64.997009] dump_stack+0x185/0x1d0 [ 65.000645] panic+0x39d/0x940 [ 65.003866] ? kmsan_internal_check_memory+0x145/0x1d0 [ 65.009146] kmsan_report+0x238/0x240 [ 65.012960] kmsan_internal_check_memory+0x164/0x1d0 [ 65.018070] ? copy_page_to_iter+0x5f6/0x1b70 [ 65.022573] kmsan_copy_to_user+0x69/0x160 [ 65.026815] copy_page_to_iter+0x754/0x1b70 [ 65.031154] process_vm_rw_core+0xf6a/0x1930 [ 65.035590] ? process_vm_rw+0x356/0x500 [ 65.039664] process_vm_rw+0x3d5/0x500 [ 65.043566] ? syscall_return_slowpath+0xe9/0x700 [ 65.048414] ? prepare_exit_to_usermode+0x4a/0x3a0 [ 65.053356] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 65.058811] ? prepare_exit_to_usermode+0x149/0x3a0 [ 65.063839] SYSC_process_vm_readv+0x126/0x140 [ 65.068433] SyS_process_vm_readv+0x8a/0xb0 [ 65.072766] do_syscall_64+0x309/0x430 [ 65.076660] ? s_show+0xe80/0xe80 [ 65.080122] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 65.085310] RIP: 0033:0x455259 [ 65.088587] RSP: 002b:00007f24e2981c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 65.096305] RAX: ffffffffffffffda RBX: 00007f24e29826d4 RCX: 0000000000455259 [ 65.103585] RDX: 0000000000000001 RSI: 0000000020de4000 RDI: 00000000000000b9 [ 65.110861] RBP: 000000000072c010 R08: 0000000000000001 R09: 0000000000000000 [ 65.118136] R10: 0000000020d65fb8 R11: 0000000000000246 R12: 00000000ffffffff [ 65.125409] R13: 0000000000000471 R14: 00000000006f9b38 R15: 0000000000000002 [ 65.133125] Dumping ftrace buffer: [ 65.136652] (ftrace buffer empty) [ 65.140425] Kernel Offset: disabled [ 65.144030] Rebooting in 86400 seconds..