INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. 2018/04/11 10:41:51 fuzzer started 2018/04/11 10:41:51 dialing manager at 10.128.0.26:36259 2018/04/11 10:41:57 kcov=true, comps=false 2018/04/11 10:42:00 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81) mq_timedsend(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)={0x77359400}) close(r0) 2018/04/11 10:42:00 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0xa, 0x40000000000005, 0x403, 0x9, 0x0, 0xffffffffffffffff, 0x0, [0x140]}, 0x2c) 2018/04/11 10:42:00 executing program 7: semtimedop(0x0, &(0x7f0000000000)=[{}, {}], 0x2, &(0x7f0000034000)={0x77359400}) semtimedop(0x0, &(0x7f0000000140)=[{0x4, 0xffff, 0x1800}], 0x1, &(0x7f00000001c0)) 2018/04/11 10:42:00 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x10000000033) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x9}, 0x1c) sendto$inet6(r0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0) 2018/04/11 10:42:00 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000f80)=@broute={'broute\x00', 0x20, 0x3, 0xd78, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000140], 0x0, &(0x7f0000000000), &(0x7f0000000140)=[{}, {0x0, '\x00', 0x0, 0x0, 0x1, [{{{0x3, 0x0, 0x0, 'tunl0\x00', 'yam0\x00', 'ip6gre0\x00', 'eql\x00', @empty, [], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], 0x924, 0x994, 0xac0, [@among={'among\x00', 0x858, {{0x0, 0x0, 0x0, {[], 0x2, [{[], @dev={0xac, 0x14, 0x14}}, {}]}, {[], 0x3, [{[], @local={0xac, 0x14, 0x14, 0xaa}}, {[], @dev={0xac, 0x14, 0x14}}, {[], @local={0xac, 0x14, 0x14, 0xaa}}]}}}}, @statistic={'statistic\x00', 0x14}]}, [@common=@nflog={'nflog\x00', 0x4c, {{0x0, 0x0, 0x0, 0x0, 0x0, "7eb3f3901b7a80d415bee2ca07f74de82803fd872b9495a29855539fabef47d4e27f4332553b3a2199b9caa799e50577129225b7c8dcd0228013b83d371b1f4c"}}}]}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x0, 0x0, 'system_u:object_r:public_content_rw_t:s0\x00'}}}}]}, {0x0, '\x00', 0x1, 0x0, 0x2, [{{{0x0, 0x0, 0x0, 'vlan0\x00', '\x00', 'rose0\x00', 'rose0\x00', @link_local={0x1, 0x80, 0xc2}, [], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], 0x70, 0xb8, 0xe4}, [@common=@log={'log\x00', 0x24, {{0x0, "f6dd9d6f3fb840596b40d6cab7f5bceb407cf1276a857e1bc23e60f029fd"}}}]}, @common=@mark={'mark\x00', 0x8}}, {{{0x9, 0x0, 0x0, 'ipddp0\x00', 'erspan0\x00', 'ip_vti0\x00', 'ipddp0\x00', @random="4aa76834b59f", [], @empty, [], 0x70, 0x108, 0x144}, [@common=@CONNSECMARK={'CONNSECMARK\x00', 0x4}, @common=@NFLOG={'NFLOG\x00', 0x4c, {{0x0, 0x0, 0x0, 0x0, 0x0, "70bd546c1049d54a9d43705215e77dd117c45bd8fa51bf1a9a70b03c8a108080308d720fb7017575eb672fd11604ab43f5091cff606ba17576c1bb5c995922fa"}}}]}, @common=@RATEEST={'RATEEST\x00', 0x18, {{'syz1\x00'}}}}]}]}, 0xe38) 2018/04/11 10:42:00 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000003c0)={0x0, 0x0, 'client1\x00', 0x0, "80c26a3c989df43e", "29ee3ca795a73b11d317817026000e1898ccb7e7316ae7ebcab3b6a52134a4f7"}) 2018/04/11 10:42:00 executing program 2: r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000140)=[{0x18, 0x0, 0x7, "9403"}], 0x18}, 0x0) 2018/04/11 10:42:00 executing program 3: syz_open_procfs(0x0, &(0x7f0000000040)="006400ecff0345") syzkaller login: [ 42.827322] ip (3763) used greatest stack depth: 54672 bytes left [ 43.278075] ip (3809) used greatest stack depth: 54312 bytes left [ 44.372362] ip (3912) used greatest stack depth: 54296 bytes left [ 45.092420] ip (3976) used greatest stack depth: 54160 bytes left [ 46.139846] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.328750] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.412529] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.435293] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.454777] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.514935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.595020] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.614413] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.959472] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.145347] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.225787] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.234676] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.249108] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.287564] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.353241] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.539202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.704640] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.710904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.724562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.865425] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.871702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.886468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.976912] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.983161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.993595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.033936] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.040718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.050731] ip (4924) used greatest stack depth: 53976 bytes left [ 56.073533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.095760] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.104774] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.112374] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.119292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.143180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.168573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.190277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.199887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.213505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.395879] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.402190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.414609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/11 10:42:17 executing program 5: r0 = socket$inet(0x2, 0x80003, 0x7) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000500)=@broute={'broute\x00', 0x20, 0x3, 0x2dc, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000600], 0x0, &(0x7f00000005c0), &(0x7f0000000600)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x2, [{{{0x15, 0x0, 0x0, 'syzkaller0\x00', 'ipddp0\x00', '\x00', 'bcsf0\x00', @empty, [], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], 0x70, 0xc0, 0xe8}, [@common=@NFQUEUE0={'NFQUEUE\x00', 0x4}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x4}]}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x4}}, {{{0x9, 0x0, 0x0, 'ip6_vti0\x00', 'sit0\x00', 'irlan0\x00', 'syz_tun\x00', @empty, [], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], 0x70, 0x70, 0x9c}}, @common=@mark={'mark\x00', 0x8}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0x5, 0x0, 0x0, 'yam0\x00', 'ifb0\x00', 'rose0\x00', 'vlan0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], 0x70, 0x70, 0x98}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x4}}]}, {0x0, '\x00', 0x3, 0xffffffffffffffff}]}, 0x380) 2018/04/11 10:42:17 executing program 4: r0 = socket$inet(0x2, 0x100000003, 0x200000000fe) io_setup(0x4, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000002680)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000180)}]) 2018/04/11 10:42:17 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r0, &(0x7f0000000000)="9e", 0x1, 0x0, 0x0, 0x0) sendto(r0, &(0x7f00000000c0)="aa", 0x1, 0x0, 0x0, 0x0) readv(r1, &(0x7f0000ba1000)=[{&(0x7f0000ba1f26)=""/2, 0x2}], 0x1) 2018/04/11 10:42:17 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x800) r1 = dup2(r0, r0) ioctl$sock_bt(r1, 0x541b, &(0x7f0000000100)) 2018/04/11 10:42:17 executing program 6: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x5, 0x488, [0x20000540, 0x0, 0x0, 0x200007f0, 0x20000820], 0x0, &(0x7f00000000c0), &(0x7f0000000540)=[{0x0, '\x00', 0x0, 0x0, 0x2, [{{{0x11, 0x0, 0x0, 'bond0\x00', 'ip6tnl0\x00', 'sit0\x00', 'yam0\x00', @link_local={0x1, 0x80, 0xc2}, [], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], 0xd4, 0x100, 0x130, [@cpu={'cpu\x00', 0x8}, @owner={'owner\x00', 0x14}]}, [@common=@mark={'mark\x00', 0x8}]}, @snat={'snat\x00', 0xc, {{@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}}}}, {{{0x0, 0x0, 0x0, 'erspan0\x00', 'ip6gre0\x00', 'gretap0\x00', 'ip6gretap0\x00', @random="d44e25d4db16", [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0xb8, 0xe8, 0x118, [@helper={'helper\x00', 0x24, {{0x0, 'amanda\x00'}}}]}, [@arpreply={'arpreply\x00', 0xc, {{@random="fbe592da9d36"}}}]}, @arpreply={'arpreply\x00', 0xc, {{@link_local={0x1, 0x80, 0xc2}}}}}]}, {0x0, '\x00', 0x2, 0x0, 0x1, [{{{0x0, 0x0, 0x0, 'lo\x00', 'ip6_vti0\x00', 'vlan0\x00', 'rose0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0x70, 0xa0, 0xd0}, [@snat={'snat\x00', 0xc, {{@random="c1e7342a6f35"}}}]}, @arpreply={'arpreply\x00', 0xc, {{@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}}}}]}, {0x0, '\x00', 0x4, 0x0, 0x1, [{{{0x0, 0x0, 0x0, 'gretap0\x00', 'bcsf0\x00', 'rose0\x00', 'bridge0\x00', @empty, [], @link_local={0x1, 0x80, 0xc2}, [], 0x70, 0x70, 0xe0}}, @common=@nflog={'nflog\x00', 0x4c, {{0x0, 0x0, 0x0, 0x0, 0x0, "e4c69c3309710756798cd631e4ba11bafef96707802f9d3088335bc7d4ba356386213aee6f7ec8a0847ba66b7f37ca30435035f6947708a48dae4d2439ecb02e"}}}}]}]}, 0x550) 2018/04/11 10:42:17 executing program 7: syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @remote={0xac, 0x14, 0x223, 0xbb}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @remote={0xac, 0x14, 0x14, 0xbb}}}}}, &(0x7f0000000000)) 2018/04/11 10:42:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=@bridge_newneigh={0x3c, 0x1c, 0x405, 0x0, 0x0, {0x2}, [@NDA_LLADDR={0xc, 0x2, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, @NDA_DST_IPV6={0x14, 0x1}]}, 0x3c}, 0x1}, 0x0) 2018/04/11 10:42:17 executing program 4: r0 = socket$inet(0x2, 0x100000003, 0x200000000fe) io_setup(0x4, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000002680)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000180)}]) [ 57.639726] raw_sendmsg: syz-executor2 forgot to set AF_INET. Fix it! 2018/04/11 10:42:17 executing program 7: 2018/04/11 10:42:17 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_setup(0x5, &(0x7f0000000200)=0x0) io_submit(r1, 0x1, &(0x7f0000002540)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000240)}]) 2018/04/11 10:42:17 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81) mq_timedsend(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)={0x77359400}) close(r0) 2018/04/11 10:42:17 executing program 1: 2018/04/11 10:42:17 executing program 3: setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x10) r0 = socket(0x20000000011, 0x4000000000080002, 0x0) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'bond0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14) setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0x59) 2018/04/11 10:42:17 executing program 5: 2018/04/11 10:42:17 executing program 4: 2018/04/11 10:42:17 executing program 2: 2018/04/11 10:42:17 executing program 4: 2018/04/11 10:42:17 executing program 5: 2018/04/11 10:42:18 executing program 7: 2018/04/11 10:42:18 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000002c0)) 2018/04/11 10:42:18 executing program 2: r0 = socket$inet(0x2, 0x80003, 0x7) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000500)=@broute={'broute\x00', 0x20, 0x3, 0x2dc, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000600], 0x0, &(0x7f00000005c0), &(0x7f0000000600)=[{}, {0x0, '\x00', 0x0, 0x0, 0x2, [{{{0x15, 0x0, 0x0, 'syzkaller0\x00', 'ipddp0\x00', '\x00', 'bcsf0\x00', @empty, [], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], 0x70, 0xc0, 0xe8}, [@common=@NFQUEUE0={'NFQUEUE\x00', 0x4}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x4}]}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x4}}, {{{0x9, 0x0, 0x0, 'ip6_vti0\x00', 'sit0\x00', 'irlan0\x00', 'syz_tun\x00', @empty, [], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], 0x70, 0x70, 0x9c}}, @common=@mark={'mark\x00', 0x8}}]}, {0x0, '\x00', 0x2, 0x0, 0x1, [{{{0x0, 0x0, 0x0, 'yam0\x00', 'ifb0\x00', 'rose0\x00', 'vlan0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], 0x70, 0x70, 0x98}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x4}}]}, {0x0, '\x00', 0x3}]}, 0x380) 2018/04/11 10:42:18 executing program 6: 2018/04/11 10:42:18 executing program 3: 2018/04/11 10:42:18 executing program 4: 2018/04/11 10:42:18 executing program 0: 2018/04/11 10:42:18 executing program 5: 2018/04/11 10:42:18 executing program 0: 2018/04/11 10:42:18 executing program 6: 2018/04/11 10:42:18 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000140)={@dev={0xfe, 0x80}}, 0x14) 2018/04/11 10:42:18 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000100)=@broute={'broute\x00', 0x20, 0x1, 0x1e8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000540], 0x0, &(0x7f0000000040), &(0x7f0000000540)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0100000003000000000000000000736974300000000000000000000000007465716c300000000000000000000000626f6e64300000000000000000000000766c616e300000000000000000000000aaaaaaaaaa000000000000000000000000000000000000000000e8000000e80000005801000074696d65000000000000000000000000000000000000000000000000000000001800000000000000000000000000008000000000000000000000000074696d6500000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000006e666c6f670000000000000000000000000000000000000000000000000000004c00000000000000000000000000000031344f5c77c13c452071b57d7f112107152fd759ef5b13598682000c771a50811c84641d1493318164aff9e66eeb414d2d6462e970fd01e428190883c493f6af00000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff00000000"]}, 0x260) 2018/04/11 10:42:18 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000004dc0)=[{{&(0x7f0000000a80)=@un=@abs, 0x80, &(0x7f0000000b40), 0x0, &(0x7f0000000b80)}}, {{&(0x7f0000001080)=@can={0x1d}, 0x80, &(0x7f00000011c0), 0x0, &(0x7f0000001200)=[{0x10, 0x1, 0x1, "85d583db"}], 0x10}}], 0x2, 0x0) 2018/04/11 10:42:18 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendto(r1, &(0x7f0000000340)="d1b35711e96902f46ec5c13d0998c228", 0x10, 0x0, &(0x7f0000000440)=@nl=@kern={0x10}, 0x80) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000000080)=@ethernet, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)=""/170, 0xffffffb7}], 0x1, &(0x7f0000000240)=""/148, 0xfffffffffffffe78}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000940), 0x0, &(0x7f0000000cc0)}, 0x0) 2018/04/11 10:42:18 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000340)="006400ecff0345") 2018/04/11 10:42:18 executing program 2: r0 = memfd_create(&(0x7f0000000100)='\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000272000)='net/mcfilter\x00') sendfile(r0, r1, &(0x7f0000000240), 0xb7f) 2018/04/11 10:42:19 executing program 6: 2018/04/11 10:42:19 executing program 0: 2018/04/11 10:42:19 executing program 5: 2018/04/11 10:42:19 executing program 3: request_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a}, &(0x7f0000000100)='io', 0xffffffffffffffff) 2018/04/11 10:42:19 executing program 7: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000c7df60)={0x7ff, @in6={{0xa}}}, &(0x7f000064b000)=0xa0) 2018/04/11 10:42:19 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96", 0x118, 0x10000}, {&(0x7f0000013900)="000000000000000000070064656661756c7401000000000000000000000000000000030000000000000000100000000000000000000000000000010000000000000000000000ed41000000000000000000000000000000000000000000000000", 0x60, 0x405c80}], 0x0, &(0x7f00000000c0)=ANY=[]) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = creat(&(0x7f0000001900)="2f2f66696c65300200", 0x100) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000001940)={{0x9, 0x9}, 'port1\x00', 0x40, 0x10420, 0x3, 0x1, 0x6, 0x100000000, 0xff, 0x0, 0x6, 0x5df}) mount(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)='hugetlbfs\x00', 0x0, 0x0) r1 = open(&(0x7f00000002c0)='./file0/bus\x00', 0x40, 0x0) fcntl$dupfd(r1, 0x40a, 0xffffffffffffffff) 2018/04/11 10:42:19 executing program 2: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) sendmmsg(r0, &(0x7f0000005140)=[{{&(0x7f0000000140)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000380)}}], 0x1, 0x0) 2018/04/11 10:42:19 executing program 4: r0 = socket$inet(0x2, 0x3, 0x84) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB="000004000000005d05e8ea"], &(0x7f0000000040)=0x2) sendto$inet(r0, &(0x7f000014cf2c), 0x0, 0x8000, &(0x7f0000000080)={0x2}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x1c, 0x0, &(0x7f00000000c0)={0x2}, 0x10) 2018/04/11 10:42:19 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x101902) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000800)) 2018/04/11 10:42:19 executing program 3: 2018/04/11 10:42:19 executing program 5: 2018/04/11 10:42:19 executing program 6: [ 59.461353] ================================================================== [ 59.468789] BUG: KMSAN: uninit-value in crc32c_pcl_intel_update+0x2af/0x500 [ 59.475891] CPU: 0 PID: 5188 Comm: syz-executor4 Not tainted 4.16.0+ #83 [ 59.482724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.492070] Call Trace: [ 59.494645] [ 59.496795] dump_stack+0x185/0x1d0 [ 59.500429] ? crc32c_pcl_intel_update+0x2af/0x500 [ 59.505355] kmsan_report+0x142/0x240 [ 59.509158] __msan_warning_32+0x6c/0xb0 [ 59.513218] crc32c_pcl_intel_update+0x2af/0x500 [ 59.517977] ? crc32c_intel_cra_init+0x80/0x80 [ 59.522559] crypto_shash_update+0x1e9/0x210 [ 59.526968] crc32c+0x155/0x210 [ 59.530250] sctp_csum_update+0x89/0xa0 [ 59.534226] __skb_checksum+0x234/0x1010 [ 59.538285] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 59.543649] ? __pskb_pull_tail+0x1154/0x22e0 [ 59.548141] ? kmsan_memcpy_origins+0xf1/0x170 [ 59.552723] ? sctp_has_association+0x160/0x160 [ 59.557390] sctp_rcv+0xf4e/0x4c90 [ 59.561026] ? raw_rcv+0x680/0x730 [ 59.564569] ? sctp_has_association+0x160/0x160 [ 59.569236] ? sctp_csum_update+0xa0/0xa0 [ 59.573397] ? sctp_csum_combine+0xa0/0xa0 [ 59.577635] ip_local_deliver_finish+0x6ed/0xd40 [ 59.582399] ip_local_deliver+0x43c/0x4e0 [ 59.586549] ? ip_local_deliver+0x4e0/0x4e0 [ 59.590876] ? ip_call_ra_chain+0x7b0/0x7b0 [ 59.595194] ip_rcv_finish+0x1253/0x16d0 [ 59.599259] ip_rcv+0x119d/0x16f0 [ 59.602796] ? ip_rcv+0x16f0/0x16f0 [ 59.606435] __netif_receive_skb_core+0x47cf/0x4a80 [ 59.611476] ? rb_insert_color+0xa4/0x1300 [ 59.615715] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 59.621520] ? ip_local_deliver_finish+0xd40/0xd40 [ 59.626449] process_backlog+0x62d/0xe20 [ 59.630516] ? rps_trigger_softirq+0x2f0/0x2f0 [ 59.635089] net_rx_action+0x7c1/0x1a70 [ 59.639139] ? net_tx_action+0xab0/0xab0 [ 59.643204] __do_softirq+0x56d/0x93d [ 59.646992] do_softirq_own_stack+0x2a/0x40 [ 59.651292] [ 59.653515] __local_bh_enable_ip+0x114/0x140 [ 59.657992] local_bh_enable+0x36/0x40 [ 59.661863] ip_finish_output2+0x124e/0x1380 [ 59.666257] ip_finish_output+0xcb0/0xff0 [ 59.670391] ip_output+0x502/0x5c0 [ 59.673917] ? ip_mc_finish_output+0x3b0/0x3b0 [ 59.678483] ? ip_finish_output+0xff0/0xff0 [ 59.682787] ip_send_skb+0x5f3/0x820 [ 59.686486] ? __ip_local_out+0x5b0/0x5b0 [ 59.690619] ip_push_pending_frames+0x105/0x170 [ 59.695273] raw_sendmsg+0x2960/0x3ed0 [ 59.699159] ? compat_raw_ioctl+0x100/0x100 [ 59.703463] inet_sendmsg+0x48d/0x740 [ 59.707246] ? security_socket_sendmsg+0x9e/0x210 [ 59.712073] ? inet_getname+0x500/0x500 [ 59.716033] SYSC_sendto+0x6c3/0x7e0 [ 59.719731] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 59.725162] ? prepare_exit_to_usermode+0x149/0x3a0 [ 59.730161] ? SYSC_getsockopt+0x196/0x570 [ 59.734382] SyS_sendto+0x8a/0xb0 [ 59.737818] do_syscall_64+0x309/0x430 [ 59.741688] ? SYSC_getpeername+0x560/0x560 [ 59.745992] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.751166] RIP: 0033:0x455259 [ 59.754339] RSP: 002b:00007fdd8d3fdc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 59.762030] RAX: ffffffffffffffda RBX: 00007fdd8d3fe6d4 RCX: 0000000000455259 [ 59.769283] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000013 [ 59.776535] RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000010 [ 59.783784] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.791034] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 59.798286] [ 59.799892] Uninit was stored to memory at: [ 59.804196] kmsan_internal_chain_origin+0x12b/0x210 [ 59.809277] kmsan_memcpy_origins+0x11d/0x170 [ 59.813750] __msan_memcpy+0x19f/0x1f0 [ 59.817618] skb_copy_bits+0x63a/0xdb0 [ 59.821487] __pskb_pull_tail+0x483/0x22e0 [ 59.825703] sctp_rcv+0x673/0x4c90 [ 59.829225] ip_local_deliver_finish+0x6ed/0xd40 [ 59.833961] ip_local_deliver+0x43c/0x4e0 [ 59.838088] ip_rcv_finish+0x1253/0x16d0 [ 59.842128] ip_rcv+0x119d/0x16f0 [ 59.845563] __netif_receive_skb_core+0x47cf/0x4a80 [ 59.850558] process_backlog+0x62d/0xe20 [ 59.854597] net_rx_action+0x7c1/0x1a70 [ 59.858552] __do_softirq+0x56d/0x93d [ 59.862327] Uninit was created at: [ 59.865848] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 59.870844] kmsan_alloc_page+0x82/0xe0 [ 59.874800] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 59.879538] alloc_pages_current+0x6b5/0x970 [ 59.883926] skb_page_frag_refill+0x3ba/0x5e0 [ 59.888403] sk_page_frag_refill+0xa4/0x340 [ 59.892704] __ip_append_data+0x107e/0x3d10 [ 59.897009] ip_append_data+0x2fb/0x440 [ 59.900970] raw_sendmsg+0x287b/0x3ed0 [ 59.904838] inet_sendmsg+0x48d/0x740 [ 59.908619] SYSC_sendto+0x6c3/0x7e0 [ 59.912314] SyS_sendto+0x8a/0xb0 [ 59.915746] do_syscall_64+0x309/0x430 [ 59.919615] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.924779] ================================================================== [ 59.932113] Disabling lock debugging due to kernel taint [ 59.937538] Kernel panic - not syncing: panic_on_warn set ... [ 59.937538] [ 59.944884] CPU: 0 PID: 5188 Comm: syz-executor4 Tainted: G B 4.16.0+ #83 [ 59.953002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.962338] Call Trace: [ 59.964900] [ 59.967039] dump_stack+0x185/0x1d0 [ 59.970650] panic+0x39d/0x940 [ 59.973839] ? crc32c_pcl_intel_update+0x2af/0x500 [ 59.978748] kmsan_report+0x238/0x240 [ 59.982532] __msan_warning_32+0x6c/0xb0 [ 59.986580] crc32c_pcl_intel_update+0x2af/0x500 [ 59.991322] ? crc32c_intel_cra_init+0x80/0x80 [ 59.995885] crypto_shash_update+0x1e9/0x210 [ 60.000278] crc32c+0x155/0x210 [ 60.003541] sctp_csum_update+0x89/0xa0 [ 60.007501] __skb_checksum+0x234/0x1010 [ 60.011545] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 60.016889] ? __pskb_pull_tail+0x1154/0x22e0 [ 60.021367] ? kmsan_memcpy_origins+0xf1/0x170 [ 60.025931] ? sctp_has_association+0x160/0x160 [ 60.030581] sctp_rcv+0xf4e/0x4c90 [ 60.034104] ? raw_rcv+0x680/0x730 [ 60.037626] ? sctp_has_association+0x160/0x160 [ 60.042274] ? sctp_csum_update+0xa0/0xa0 [ 60.046414] ? sctp_csum_combine+0xa0/0xa0 [ 60.050630] ip_local_deliver_finish+0x6ed/0xd40 [ 60.055371] ip_local_deliver+0x43c/0x4e0 [ 60.059503] ? ip_local_deliver+0x4e0/0x4e0 [ 60.063806] ? ip_call_ra_chain+0x7b0/0x7b0 [ 60.068109] ip_rcv_finish+0x1253/0x16d0 [ 60.072156] ip_rcv+0x119d/0x16f0 [ 60.075594] ? ip_rcv+0x16f0/0x16f0 [ 60.079212] __netif_receive_skb_core+0x47cf/0x4a80 [ 60.084210] ? rb_insert_color+0xa4/0x1300 [ 60.088428] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 60.094208] ? ip_local_deliver_finish+0xd40/0xd40 [ 60.099121] process_backlog+0x62d/0xe20 [ 60.103168] ? rps_trigger_softirq+0x2f0/0x2f0 [ 60.107731] net_rx_action+0x7c1/0x1a70 [ 60.111692] ? net_tx_action+0xab0/0xab0 [ 60.115736] __do_softirq+0x56d/0x93d [ 60.119523] do_softirq_own_stack+0x2a/0x40 [ 60.123819] [ 60.126041] __local_bh_enable_ip+0x114/0x140 [ 60.130518] local_bh_enable+0x36/0x40 [ 60.134391] ip_finish_output2+0x124e/0x1380 [ 60.138788] ip_finish_output+0xcb0/0xff0 [ 60.142919] ip_output+0x502/0x5c0 [ 60.146442] ? ip_mc_finish_output+0x3b0/0x3b0 [ 60.151009] ? ip_finish_output+0xff0/0xff0 [ 60.155315] ip_send_skb+0x5f3/0x820 [ 60.159013] ? __ip_local_out+0x5b0/0x5b0 [ 60.163149] ip_push_pending_frames+0x105/0x170 [ 60.167801] raw_sendmsg+0x2960/0x3ed0 [ 60.171685] ? compat_raw_ioctl+0x100/0x100 [ 60.175987] inet_sendmsg+0x48d/0x740 [ 60.179770] ? security_socket_sendmsg+0x9e/0x210 [ 60.184595] ? inet_getname+0x500/0x500 [ 60.188551] SYSC_sendto+0x6c3/0x7e0 [ 60.192248] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 60.197677] ? prepare_exit_to_usermode+0x149/0x3a0 [ 60.202677] ? SYSC_getsockopt+0x196/0x570 [ 60.206896] SyS_sendto+0x8a/0xb0 [ 60.210329] do_syscall_64+0x309/0x430 [ 60.214200] ? SYSC_getpeername+0x560/0x560 [ 60.218504] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.223671] RIP: 0033:0x455259 [ 60.226841] RSP: 002b:00007fdd8d3fdc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 60.234532] RAX: ffffffffffffffda RBX: 00007fdd8d3fe6d4 RCX: 0000000000455259 [ 60.241782] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000013 [ 60.249034] RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000010 [ 60.256286] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.263551] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 60.271284] Dumping ftrace buffer: [ 60.274811] (ftrace buffer empty) [ 60.278497] Kernel Offset: disabled [ 60.282100] Rebooting in 86400 seconds..