INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. 2018/04/07 02:21:26 fuzzer started 2018/04/07 02:21:27 dialing manager at 10.128.0.26:38639 2018/04/07 02:21:32 kcov=true, comps=false 2018/04/07 02:21:35 executing program 0: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000040)='-\x00') perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000500)="e6", 0x1}], 0x1}, 0x0) 2018/04/07 02:21:35 executing program 2: socketpair(0x1, 0x1, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000c41000)={0x0, 0x0, &(0x7f0000153000), 0x0, &(0x7f0000231f05)=""/251, 0xfb}, 0x0) close(r0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r1, &(0x7f0000948000)={0x0, 0x0, &(0x7f00005dc000)=[{&(0x7f0000d43000), 0x1000002bb}], 0x1, &(0x7f0000d43000)}, 0x0) 2018/04/07 02:21:35 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc) getsockname(r0, &(0x7f0000000000)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @loopback}}}, &(0x7f00000000c0)=0x3a) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000080)={'teql0\x00', {0x2}}) 2018/04/07 02:21:35 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000001f80)={'bond0\x00', {0x2, 0x0, @dev={0xac, 0x14, 0x14}}}) 2018/04/07 02:21:35 executing program 3: r0 = socket$inet(0x2, 0x3, 0x6) mmap(&(0x7f0000009000/0xc00000)=nil, 0xc00000, 0x5, 0x2c031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xae0000)=nil, 0xae0000, 0x0, 0x13, r0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2018/04/07 02:21:35 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast2=0xe0000002, @dev={0xac, 0x14, 0x14, 0x15}}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f000023afe8)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0x10) 2018/04/07 02:21:35 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x3b) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000002dc0), 0x40000ff, 0x0) 2018/04/07 02:21:35 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000140)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00', 0x101}) syzkaller login: [ 44.087010] ip (3762) used greatest stack depth: 54672 bytes left [ 44.682368] ip (3819) used greatest stack depth: 54312 bytes left [ 45.712724] ip (3920) used greatest stack depth: 54200 bytes left [ 47.727479] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.756876] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.772490] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.795170] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.840856] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.946199] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.003528] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.028607] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.497854] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.669563] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.677221] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.944883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.959818] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.978935] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.988094] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.006999] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.259272] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.265559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.276696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.358508] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.364787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.373855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.504725] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.511017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.522306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.551209] ip (4929) used greatest stack depth: 53976 bytes left [ 57.627795] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.636151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.648458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.736137] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.742391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.753452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.795803] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.805565] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.814089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.823990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.862455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.890086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.918874] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.939754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.980633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.115643] device lo entered promiscuous mode [ 59.148467] device lo left promiscuous mode 2018/04/07 02:21:53 executing program 0: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000080)={r0}) 2018/04/07 02:21:53 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f00000011c0)) 2018/04/07 02:21:53 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000a21000)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f00005a0fff)='8', 0x1, 0x0, &(0x7f00007bcfe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value, 0x8) 2018/04/07 02:21:53 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) 2018/04/07 02:21:53 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000080)=0x40000000008, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000005b80)=[{{&(0x7f0000004800)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @remote}}}, 0x80, &(0x7f0000005ac0), 0x0, &(0x7f0000005b00)=""/105, 0x69}}], 0x1, 0x0, &(0x7f0000005cc0)) syz_emit_ethernet(0x2a, &(0x7f000070aef1)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @broadcast=0xffffffff}, @udp={0x0, 0x4e20, 0x8}}}}}, 0x0) 2018/04/07 02:21:53 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x10, 0x4, 0x4, 0x5, 0x0, 0x1}, 0x2c) gettid() bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x13, 0x0, 0x7ffff9, 0x0, 0x20000003, 0x0}, 0x2c) socketpair(0x0, 0x0, 0x6, &(0x7f00000003c0)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000180)}, 0x20) gettid() bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000240)=""/159}, 0x18) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) socketpair(0x0, 0x0, 0xfffffffffffffeff, &(0x7f0000000100)) 2018/04/07 02:21:53 executing program 6: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x3) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) 2018/04/07 02:21:53 executing program 2: perf_event_open(&(0x7f000025c000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(&(0x7f0000000340)='./file0\x00', &(0x7f000000aff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f000056a0e2)) mount(&(0x7f0000df2000)='./file0/file0\x00', &(0x7f0000a16ff8)='./file0\x00', &(0x7f0000df2ffd)='\x00v\t', 0x7fffd, &(0x7f0000751000)) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000ac0)={&(0x7f0000000a80)='./file0\x00'}, 0x10) 2018/04/07 02:21:53 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000100)='cpu&+5\x00') perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000140)) 2018/04/07 02:21:53 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xd68, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount(&(0x7f00000000c0)='./file1\x00', &(0x7f00000001c0)='./file1\x00', &(0x7f0000000280)='autofs\x00', 0x0, &(0x7f0000000240)) 2018/04/07 02:21:54 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="85000000220000000700000000009b009500000000000000"], &(0x7f00000001c0)="73797a6b616c6c65720001be826e8f833152f795b4d9f4bc3ea582523aed371b084fccfc3d2ef2cbe65d30642ca8dcd0f8479be52e66937908f1d8112489e8099d9d4edb806d81189c0fbb6818d028546c35d3363d54db0db780f54977ae6359d617c1d233d8e18abfc75f9a76cd8e1f77583bc02f07a33de6f304e95db82fd4da55ebd25162df6f88e7d1bb0654ffb31e008967", 0x1, 0x99, &(0x7f000000d000)=""/153}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x1e, 0x18, &(0x7f0000000380)="0aac1ac22028d576e0e5504088ca9e4994e25b35831f64ffd77376b81f8b", &(0x7f0000000140)=""/24}, 0x28) [ 59.948357] sctp: [Deprecated]: syz-executor7 (pid 5093) Use of struct sctp_assoc_value in delayed_ack socket option. [ 59.948357] Use struct sctp_sack_info instead 2018/04/07 02:21:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x400000000000000a, 0x1ff, 0x7fff, 0x100000043}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0x4000000000c, 0x10000000008a, 0x0, 0xea6d, 0xf}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={r0, &(0x7f0000000280)="5082574c29cd889c3fdfb47927bac937e59d6fb524efdb331bd106bdc702721a72fdf263eca91340", &(0x7f00000001c0)=""/9}, 0x18) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) gettid() r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001180)={&(0x7f00000011c0)='./file0\x00'}, 0x28d) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000001440)={&(0x7f0000001400)='./file0\x00', r1}, 0x10) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000000)={&(0x7f0000000000)='./file0\x00'}, 0x61) bpf$MAP_CREATE(0x0, &(0x7f0000c47fec)={0x6, 0x4, 0x6879, 0xb, 0x0, 0xffffffffffffffff, 0x0, [0x4]}, 0x2c) 2018/04/07 02:21:54 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x10, 0x4, 0x4, 0x5, 0x0, 0x1}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x13, 0x0, 0x77fffb, 0x0, 0x10020000000, 0x0}, 0x2c) 2018/04/07 02:21:54 executing program 7: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000780)='.', &(0x7f00000007c0)='./file0\x00', &(0x7f00000008c0)='ceph\x00', 0x0, &(0x7f0000000900)) 2018/04/07 02:21:54 executing program 1: syz_emit_ethernet(0x13e, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "3bda99", 0x108, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @remote={0xfe, 0x80, [], 0xbb}, {[], @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd}, {0x8, 0x88be, 0x0, {{0x0, 0x1}, 0x1}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2}, 0x2}}, {0x8, 0x6558, 0x0, "067fea55f9d1562b8a5cb1342442fa965a073ac7c136fcc50f1ed0b11cc06a48509abaa02c42ee0ae7ff11a0be329fd726c8003fe9f3ff3b6bf14ea417614bc81373ce63dbbc736961bf7fd9fdcde1f35b3c81e26e7fadd9fd157e54226e0dc05d6cc424f97820a67b1da5356b9ccdc91f8bc52b1733413811cecfd4727e6c2f9330bd5b7f62985c6e9b55ddeec2bf7385070d01d07c23614f3e5e47eb7940effc91e61fd032aab4e426d802ef9f3729b1eaa7a1cec7ba22946d7f2f6cd2aa5cf1f383e1"}}}}}}}, 0x0) 2018/04/07 02:21:54 executing program 4: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/igmp\x00') pread64(r0, &(0x7f00000000c0)=""/163, 0xa3, 0x0) 2018/04/07 02:21:54 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000300)=@pppoe={0x18, 0x0, {0x0, @link_local={0x1, 0x80, 0xc2}, 'ip6tnl0\x00'}}, 0x80, &(0x7f0000000380)=[{&(0x7f00000010c0)="94", 0x1}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000003600)=[{{&(0x7f0000002380)=@nfc, 0x80, &(0x7f0000002440)=[{&(0x7f0000002400)=""/44, 0x2c}], 0x1, &(0x7f0000002480)=""/245, 0xf5}}], 0x1, 0x160, &(0x7f0000002580)={0x77359400}) 2018/04/07 02:21:54 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x4e20}, 0x1c) sendmsg(r0, &(0x7f0000021fc8)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000000)="5ab74c9a572f32741936f944ac583fd2f0d5c3ccd7f0f0f3ec94f50d0a26c6c567e09c", 0x23}], 0x1, &(0x7f0000005000)}, 0xc100) sendmsg(r0, &(0x7f00000000c0)={0x0, 0xffffffffffffff80, &(0x7f0000000200), 0x3cf, &(0x7f0000000080)}, 0x0) recvmsg(r0, &(0x7f0000000280)={&(0x7f0000022ff8)=@sco, 0x80, &(0x7f0000000240)=[{&(0x7f0000000100)=""/195, 0xc3}], 0x1, &(0x7f0000029000)=""/56, 0xc38f112be815598d}, 0x0) 2018/04/07 02:21:54 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns/net\x00') perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x60000000) setns(r0, 0x0) 2018/04/07 02:21:54 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$reiserfs(&(0x7f0000000040)='reiserfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000180), 0x1000, &(0x7f00000001c0)) 2018/04/07 02:21:54 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='cgroup\x00') preadv(r0, &(0x7f00000023c0)=[{&(0x7f0000002300)=""/190, 0xbe}], 0x1, 0x0) 2018/04/07 02:21:54 executing program 1: r0 = socket$inet6_sctp(0xa, 0x408000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000080)={0x0, 0x2, 0x2, [0x0, 0xf8bf]}, 0xc) 2018/04/07 02:21:54 executing program 7: mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x2c871, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x8010004000000088) bind$inet6(r0, &(0x7f0000186fe4)={0xa, 0x4e20}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendto$inet6(r1, &(0x7f0000000200)='W', 0x1, 0x0, &(0x7f00005d6000)={0xa, 0x4e20, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c) io_setup(0x8, &(0x7f0000000080)=0x0) io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000001200)='0', 0x1}]) [ 60.849848] ================================================================== [ 60.857273] BUG: KMSAN: uninit-value in csum_partial_copy_to_user+0x450/0x500 [ 60.864554] CPU: 0 PID: 5158 Comm: syz-executor0 Not tainted 4.16.0+ #81 [ 60.871388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.880740] Call Trace: [ 60.883337] dump_stack+0x185/0x1d0 [ 60.886974] ? csum_partial_copy_to_user+0x450/0x500 [ 60.892077] kmsan_report+0x142/0x240 [ 60.895884] __msan_warning_32+0x6c/0xb0 [ 60.899952] csum_partial_copy_to_user+0x450/0x500 [ 60.904886] csum_and_copy_to_iter+0x3dc/0x2140 [ 60.909559] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.914407] ? __msan_poison_alloca+0x15c/0x1d0 [ 60.919085] skb_copy_and_csum_datagram+0x6d2/0x1080 [ 60.924206] skb_copy_and_csum_datagram_msg+0x557/0x960 [ 60.929578] udpv6_recvmsg+0xc65/0x29e0 [ 60.933568] ? udp6_lib_lookup_skb+0x240/0x240 [ 60.938151] inet_recvmsg+0x4c2/0x5f0 [ 60.941959] sock_recvmsg+0x1d0/0x230 [ 60.945762] ? inet_sendpage+0x8c0/0x8c0 [ 60.949834] ___sys_recvmsg+0x3fb/0x810 [ 60.953815] ? __fget_light+0x56/0x710 [ 60.957699] ? __fdget+0x4e/0x60 [ 60.961064] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 60.966424] ? __fget_light+0x6b9/0x710 [ 60.970411] SYSC_recvmsg+0x298/0x3c0 [ 60.974225] SyS_recvmsg+0x54/0x80 [ 60.977766] do_syscall_64+0x309/0x430 [ 60.981674] ? ___sys_recvmsg+0x810/0x810 [ 60.985834] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.991018] RIP: 0033:0x455259 [ 60.994200] RSP: 002b:00007f8bf9009c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 61.001908] RAX: ffffffffffffffda RBX: 00007f8bf900a6d4 RCX: 0000000000455259 [ 61.009433] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000013 [ 61.016703] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 61.023968] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.031239] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 61.038515] [ 61.040132] Uninit was created at: [ 61.043680] kmsan_alloc_meta_for_pages+0x161/0x3a0 2018/04/07 02:21:55 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns/net\x00') perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x60000000) setns(r0, 0x0) 2018/04/07 02:21:55 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns/net\x00') perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x60000000) setns(r0, 0x0) [ 61.048711] kmsan_alloc_page+0x82/0xe0 [ 61.052692] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 61.057444] alloc_pages_current+0x6b5/0x970 [ 61.061866] skb_page_frag_refill+0x3ba/0x5e0 [ 61.066363] sk_page_frag_refill+0xa4/0x340 [ 61.070703] __ip6_append_data+0x1a20/0x4bb0 [ 61.075114] ip6_append_data+0x40e/0x6b0 [ 61.079175] udpv6_sendmsg+0xfd5/0x45b0 [ 61.083150] inet_sendmsg+0x48d/0x740 [ 61.086951] ___sys_sendmsg+0xec0/0x1310 [ 61.091009] SYSC_sendmsg+0x2a3/0x3d0 [ 61.094821] SyS_sendmsg+0x54/0x80 2018/04/07 02:21:55 executing program 5: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000000)=0xdf8, 0x4) [ 61.098370] do_syscall_64+0x309/0x430 [ 61.102261] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.107433] ================================================================== [ 61.115220] Disabling lock debugging due to kernel taint [ 61.120671] Kernel panic - not syncing: panic_on_warn set ... [ 61.120671] [ 61.128043] CPU: 0 PID: 5158 Comm: syz-executor0 Tainted: G B 4.16.0+ #81 [ 61.136174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.145523] Call Trace: [ 61.148117] dump_stack+0x185/0x1d0 [ 61.151755] panic+0x39d/0x940 [ 61.154978] ? csum_partial_copy_to_user+0x450/0x500 [ 61.160079] kmsan_report+0x238/0x240 [ 61.163887] __msan_warning_32+0x6c/0xb0 [ 61.167950] csum_partial_copy_to_user+0x450/0x500 [ 61.172888] csum_and_copy_to_iter+0x3dc/0x2140 [ 61.177566] ? kmsan_set_origin_inline+0x6b/0x120 [ 61.182407] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.187092] skb_copy_and_csum_datagram+0x6d2/0x1080 [ 61.192210] skb_copy_and_csum_datagram_msg+0x557/0x960 [ 61.197583] udpv6_recvmsg+0xc65/0x29e0 2018/04/07 02:21:55 executing program 5: seccomp(0x1, 0x0, &(0x7f0000158000)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x00') readahead(r0, 0x9, 0x0) [ 61.201571] ? udp6_lib_lookup_skb+0x240/0x240 [ 61.206587] inet_recvmsg+0x4c2/0x5f0 [ 61.210392] sock_recvmsg+0x1d0/0x230 [ 61.214196] ? inet_sendpage+0x8c0/0x8c0 [ 61.218265] ___sys_recvmsg+0x3fb/0x810 [ 61.222249] ? __fget_light+0x56/0x710 [ 61.226138] ? __fdget+0x4e/0x60 [ 61.229506] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 61.234870] ? __fget_light+0x6b9/0x710 [ 61.238852] SYSC_recvmsg+0x298/0x3c0 [ 61.242661] SyS_recvmsg+0x54/0x80 [ 61.246193] do_syscall_64+0x309/0x430 [ 61.250066] ? ___sys_recvmsg+0x810/0x810 [ 61.254200] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.259370] RIP: 0033:0x455259 [ 61.262540] RSP: 002b:00007f8bf9009c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 61.270233] RAX: ffffffffffffffda RBX: 00007f8bf900a6d4 RCX: 0000000000455259 [ 61.277482] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000013 [ 61.284732] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 61.291982] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.299232] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 61.306956] Dumping ftrace buffer: [ 61.310474] (ftrace buffer empty) [ 61.314157] Kernel Offset: disabled [ 61.317755] Rebooting in 86400 seconds..