INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2018/04/12 13:57:48 fuzzer started 2018/04/12 13:57:48 dialing manager at 10.128.0.26:41677 2018/04/12 13:57:55 kcov=true, comps=false 2018/04/12 13:57:57 executing program 0: 2018/04/12 13:57:57 executing program 2: 2018/04/12 13:57:57 executing program 7: 2018/04/12 13:57:57 executing program 1: 2018/04/12 13:57:57 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x2003e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000085000)='./control\x00', 0x28042, 0x0) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000200)='./control\x00', 0xffffffffffffffff, r1) 2018/04/12 13:57:57 executing program 3: io_setup(0x280006, &(0x7f00000004c0)) 2018/04/12 13:57:57 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000d04000)='clear_refs\x00') writev(r0, &(0x7f0000000040)=[{&(0x7f0000514fff)='3', 0x1}], 0x1) 2018/04/12 13:57:57 executing program 6: r0 = shmget$private(0x0, 0x2000, 0x188b, &(0x7f0000155000/0x2000)=nil) shmctl$IPC_RMID(r0, 0x0) syzkaller login: [ 42.973622] ip (3673) used greatest stack depth: 54672 bytes left [ 43.533917] ip (3725) used greatest stack depth: 54408 bytes left [ 44.690808] ip (3839) used greatest stack depth: 54200 bytes left [ 46.415870] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.578328] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.587281] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.650471] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.703880] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.712848] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.738972] ip (4015) used greatest stack depth: 53976 bytes left [ 46.849262] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.918799] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.227791] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.287779] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.365876] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.478396] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.543908] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.606881] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.632960] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.774536] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.975905] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.982135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.993578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.064620] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.070965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.084923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.119078] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.125319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.139964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.230884] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.237162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.247556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.333566] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.341780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.355670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.389777] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.396122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.414633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.473303] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.481584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.493352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.610376] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.616694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.627383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/12 13:58:15 executing program 0: syz_mount_image$ext4(&(0x7f0000000140)='c\x00', &(0x7f0000000100)='/\x00', 0x0, 0x0, &(0x7f0000000180), 0x28020, &(0x7f0000000040)={[{@journal_path={'journal_path', 0x3d, './file0'}, 0x2c}]}) 2018/04/12 13:58:15 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000080)={0x0, {{0x2, 0x0, @multicast1=0xe0000001}}, {{0x2, 0x0, @dev={0xac, 0x14, 0x14}}}}, 0x108) 2018/04/12 13:58:15 executing program 3: unshare(0x100) 2018/04/12 13:58:15 executing program 5: r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000080)=[{}, {0x0, 0xfffffffffffff065}], 0x2, &(0x7f00000000c0)={0x0, 0x1c9c380}) semtimedop(r0, &(0x7f00000a8000)=[{0x3, 0xfffffffffffffff9}], 0x1, &(0x7f0000efe000)={0x2000}) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000003000)=[0x0, 0x0, 0x0, 0x7fff]) 2018/04/12 13:58:15 executing program 7: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='hybla\x00', 0xfe12) sendto$inet(r0, &(0x7f0000000bc0)="1ead7755d47bd6975c78c3765d65736f918745774ce7ce945bfa9268d5eb6deb1fca6318a507beaec853f16e463ba20747330037ef4c09961231f637024afbc06f850dbcffe9890bb1fc7c89ca10a6af35038920fe8dae329e4cc489ed5abce0ab9fbf8ba64aa7f0eb726434dd18b3976d1dfd61b6ba66558ce0d57fd8acc7e36a629d2a865a3853ad85d8d65176c69f350cf73bea4e9f0d9c7eae26956690dea2c9d0a0e94f57c01f7c643ca78f819a28ae070aa400039889f3e25fec01ed47a5a5539494", 0xc5, 0x0, &(0x7f00000000c0)={0x2}, 0x10) recvfrom$inet(r0, &(0x7f00009be000)=""/11, 0xe8, 0x0, 0x0, 0xffffffffffffff4e) shutdown(r0, 0x1) 2018/04/12 13:58:15 executing program 2: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x6}, 0x1c) sendmsg$key(r0, &(0x7f0000000040)={0x20480, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, [@sadb_x_sec_ctx={0x3, 0x18, 0x0, 0x0, 0x9, "e83d3d6c2f44ab03e6"}]}, 0x28}, 0x1}, 0x0) 2018/04/12 13:58:15 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpgid(0x0) setpriority(0x2, r0, 0x0) 2018/04/12 13:58:15 executing program 1: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) r0 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x0) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = creat(&(0x7f00001d3ff4)='./file0/bus\x00', 0x0) dup2(r1, r0) 2018/04/12 13:58:15 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x81) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) close(r0) 2018/04/12 13:58:15 executing program 4: syz_mount_image$bfs(&(0x7f0000001440)='bfs\x00', &(0x7f0000001480)='./file0\x00', 0x0, 0x0, &(0x7f00000015c0), 0x8000, 0x0) 2018/04/12 13:58:15 executing program 2: timer_create(0x3, &(0x7f0000001100)={0x0, 0x34, 0x0, @thr={&(0x7f00000000c0), &(0x7f0000000100)}}, &(0x7f0000001140)) futex(&(0x7f0000000040)=0x4, 0x0, 0x4, &(0x7f0000000000)={0x77359400}, &(0x7f0000000080), 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) 2018/04/12 13:58:15 executing program 1: mkdir(&(0x7f0000f4eff8)='./file0\x00', 0x0) mount(&(0x7f0000000040)='./file0/control/file0\x00', &(0x7f000000aff8)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f000001c000)) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000000)='./file1\x00', r0, &(0x7f0000000180)='./file1\x00') symlinkat(&(0x7f0000000080)='./file0\x00', r0, &(0x7f00000002c0)='./file0\x00') renameat(r0, &(0x7f0000000100)='./file0\x00', r0, &(0x7f0000000140)='./file1\x00') 2018/04/12 13:58:15 executing program 0: timer_create(0x800005, &(0x7f0000000000), &(0x7f0000000080)) 2018/04/12 13:58:15 executing program 6: clock_settime(0xa, &(0x7f0000000180)) 2018/04/12 13:58:15 executing program 6: mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000040)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af04, &(0x7f0000002c40)) 2018/04/12 13:58:15 executing program 7: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='hybla\x00', 0xfe12) sendto$inet(r0, &(0x7f0000000bc0)="1ead7755d47bd6975c78c3765d65736f918745774ce7ce945bfa9268d5eb6deb1fca6318a507beaec853f16e463ba20747330037ef4c09961231f637024afbc06f850dbcffe9890bb1fc7c89ca10a6af35038920fe8dae329e4cc489ed5abce0ab9fbf8ba64aa7f0eb726434dd18b3976d1dfd61b6ba66558ce0d57fd8acc7e36a629d2a865a3853ad85d8d65176c69f350cf73bea4e9f0d9c7eae26956690dea2c9d0a0e94f57c01f7c643ca78f819a28ae070aa400039889f3e25fec01ed47a5a5539494", 0xc5, 0x0, &(0x7f00000000c0)={0x2}, 0x10) recvfrom$inet(r0, &(0x7f00009be000)=""/11, 0xe8, 0x0, 0x0, 0xffffffffffffff4e) shutdown(r0, 0x1) 2018/04/12 13:58:15 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x3, &(0x7f0000000080)=[&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil], 0x0, &(0x7f00000000c0)=[0x0, 0x0], 0x0) arch_prctl(0x2002, &(0x7f0000000000)) 2018/04/12 13:58:15 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0x4) r1 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00009b2ff0)={0x1, &(0x7f0000a7dff8)=[{0x6, 0x0, 0x0, 0x400000000000003}]}, 0x10) sendmsg(r1, &(0x7f0000ff1000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)='q', 0x1}], 0x1}, 0x2000c000) accept(r0, &(0x7f0000000140)=@vsock={0x0, 0x0, 0x0, @hyper}, &(0x7f00000000c0)=0xfffffe47) close(r1) 2018/04/12 13:58:15 executing program 4: r0 = socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) 2018/04/12 13:58:16 executing program 4: r0 = memfd_create(&(0x7f00002ce000)="1a6465762f6b766d00", 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x2012, r0, 0x0) pkey_mprotect(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x4, 0xffffffffffffffff) 2018/04/12 13:58:16 executing program 5: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="a2", 0x1}], 0x1, 0x0) 2018/04/12 13:58:16 executing program 7: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) fallocate(r0, 0x0, 0xffff, 0x4) pwrite64(r0, &(0x7f0000000300)="88", 0x1, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x81, 0x0) sendfile(r1, r0, 0x0, 0x4) sendfile(r0, r0, 0x0, 0xf283d) 2018/04/12 13:58:16 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000040)="b3", 0x1}], 0x1) fallocate(r0, 0x11, 0x0, 0x4000003) 2018/04/12 13:58:16 executing program 6: mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000040)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af04, &(0x7f0000002c40)) 2018/04/12 13:58:16 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000f72ffc)=0xb6c, 0x4) sendto$inet6(r0, &(0x7f0000000300), 0x0, 0x0, &(0x7f0000f5afe4)={0xa, 0x4e23}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x40040010000004a, &(0x7f00000001c0)=0xb3, 0x24) recvfrom$inet6(r0, &(0x7f0000219000)=""/246, 0xf6, 0x23fff9, 0x0, 0x0) 2018/04/12 13:58:16 executing program 1: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0) r2 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a}, &(0x7f00000002c0)="28a7", 0x2, r1) r3 = add_key$user(&(0x7f0000fc0ffb)='user\x00', &(0x7f0000752ffb)={0x73, 0x79, 0x7a}, &(0x7f00003eb000)="b3", 0x1, r1) keyctl$update(0x2, r3, &(0x7f0000000140)="2af29f4abaffa8aba4f58b775bb2b6e9cc3913eda4b7e1a743e0451404f88ef61a5551f5cca618165110413f7abbcb6a2d4b5e43832c8382027598154987778f6872eb13056f11c881b7417247d1c88b6830599f77e2b4a07476eb5669ad2150162ac7a415a45b40998ee0d7f37b414e89f26c31829879cb5b3e563b1ee9d29b0499d31cf93bb4dfdce649e0851c54745d195a3335f7cb336732d13ca0c6f3eed492c37613a3642ff4dac6df4c9361c3aafdefcad8888be691f562240375cb26", 0xc0) keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r3, r2}, &(0x7f0000a53ffb)=""/5, 0x5, &(0x7f0000c61fc8)={&(0x7f0000a3dffa)={'sha3-512\x00'}}) 2018/04/12 13:58:16 executing program 6: mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000040)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af04, &(0x7f0000002c40)) 2018/04/12 13:58:16 executing program 4: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x1, 0xfffffffffffffffe}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x1}, 0x10) dup3(r0, r1, 0x0) 2018/04/12 13:58:16 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000ed1000)={0x6, 0x400000000000004, 0x9, 0xfffffffffffffff6}, 0x2c) 2018/04/12 13:58:16 executing program 5: r0 = socket$nl_generic(0x2, 0x2, 0x88) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x88, 0xb, &(0x7f0000000240)=0x9, 0x312) 2018/04/12 13:58:16 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000008000)={&(0x7f000000c000)={0x10, 0x34000}, 0xc, &(0x7f0000007ff0)={&(0x7f0000000040)={0x18, 0x2a, 0x821, 0x0, 0x0, {0x4}, [@nested={0x4}]}, 0x18}, 0x1}, 0x0) 2018/04/12 13:58:16 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000018000)={&(0x7f0000a4c000)={0x10}, 0xc, &(0x7f00003c4ff0)={&(0x7f00002a0e50)={0x1c, 0x1d, 0xffffffffffffffff, 0x0, 0x0, {0x1}, [@nested={0x8, 0x3, [@generic='\n']}]}, 0x1c}, 0x1}, 0x0) 2018/04/12 13:58:16 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@remote={0xfe, 0x80, [], 0xbb}, @in6=@mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xa0}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local={0xac, 0x14, 0x14, 0xaa}, 0x0, 0x32}, 0x0, @in=@local={0xac, 0x14, 0x14, 0xaa}}}, 0xe8) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet(r0, &(0x7f0000000040)={0x2, 0x2004e20, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) 2018/04/12 13:58:16 executing program 6: mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000040)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af04, &(0x7f0000002c40)) 2018/04/12 13:58:16 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000400)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{&(0x7f0000000300)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000000880), 0x0, &(0x7f0000000900)=""/4096, 0x1000}}, {{0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f00000019c0)=""/68, 0x44}}], 0x2, 0x0, &(0x7f0000001ac0)={0x0, 0x1c9c380}) 2018/04/12 13:58:16 executing program 4: iopl(0x3) 2018/04/12 13:58:16 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000180)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") preadv(r0, &(0x7f0000001780)=[{&(0x7f0000001680)=""/212, 0xd4}], 0x1, 0xffffffff000) [ 59.989472] ================================================================== [ 59.996895] BUG: KMSAN: uninit-value in crypto_inc+0x2ab/0x2f0 [ 60.002871] CPU: 1 PID: 5166 Comm: syz-executor0 Not tainted 4.16.0+ #83 [ 60.009708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.019054] Call Trace: [ 60.021648] dump_stack+0x185/0x1d0 [ 60.025286] ? crypto_inc+0x2ab/0x2f0 [ 60.029088] kmsan_report+0x142/0x240 [ 60.032894] __msan_warning_32+0x6c/0xb0 [ 60.036959] crypto_inc+0x2ab/0x2f0 [ 60.040587] drbg_ctr_update+0x3a04/0x3d10 [ 60.044930] ? drbg_hash_df+0xc70/0xc70 [ 60.048914] drbg_seed+0xcba/0xe90 [ 60.052462] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.057830] ? add_random_ready_callback+0x4c/0x3c0 [ 60.062849] ? __kmalloc+0x23c/0x350 [ 60.066563] ? _cond_resched+0x3c/0xd0 [ 60.070445] ? drbg_kcapi_seed+0x129f/0x2270 [ 60.074846] drbg_kcapi_seed+0x1c97/0x2270 [ 60.079082] ? drbg_kcapi_random+0xc20/0xc20 [ 60.083474] crypto_rng_reset+0x262/0x310 [ 60.087603] rng_setkey+0x8b/0xa0 [ 60.091049] alg_setsockopt+0x6c5/0x740 [ 60.095018] ? rng_release+0x50/0x50 [ 60.098720] ? alg_accept+0xd0/0xd0 [ 60.102328] SYSC_setsockopt+0x4b8/0x570 [ 60.106368] SyS_setsockopt+0x76/0xa0 [ 60.110156] do_syscall_64+0x309/0x430 [ 60.114038] ? SYSC_recv+0xe0/0xe0 [ 60.117567] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.122742] RIP: 0033:0x455279 [ 60.125919] RSP: 002b:00007f34d7c1fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 60.133606] RAX: ffffffffffffffda RBX: 00007f34d7c206d4 RCX: 0000000000455279 [ 60.140854] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 60.148101] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.155347] R10: 0000000020000040 R11: 0000000000000246 R12: 00000000ffffffff [ 60.162595] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 60.169842] [ 60.171442] Uninit was stored to memory at: [ 60.175742] kmsan_internal_chain_origin+0x12b/0x210 [ 60.180820] kmsan_memcpy_origins+0x11d/0x170 [ 60.185291] __msan_memcpy+0x19f/0x1f0 [ 60.189153] drbg_ctr_update+0x393a/0x3d10 [ 60.193368] drbg_seed+0xcba/0xe90 [ 60.196886] drbg_kcapi_seed+0x1c97/0x2270 [ 60.201105] crypto_rng_reset+0x262/0x310 [ 60.205235] rng_setkey+0x8b/0xa0 [ 60.208666] alg_setsockopt+0x6c5/0x740 [ 60.212617] SYSC_setsockopt+0x4b8/0x570 [ 60.216667] SyS_setsockopt+0x76/0xa0 [ 60.220450] do_syscall_64+0x309/0x430 [ 60.224316] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.229477] Uninit was stored to memory at: [ 60.233780] kmsan_internal_chain_origin+0x12b/0x210 [ 60.238872] kmsan_memcpy_origins+0x11d/0x170 [ 60.243367] __msan_memcpy+0x19f/0x1f0 [ 60.247242] drbg_kcapi_sym_ctr+0x6e8/0x840 [ 60.251542] drbg_ctr_update+0x349a/0x3d10 [ 60.255765] drbg_seed+0xcba/0xe90 [ 60.259297] drbg_kcapi_seed+0x1c97/0x2270 [ 60.263518] crypto_rng_reset+0x262/0x310 [ 60.267653] rng_setkey+0x8b/0xa0 [ 60.271085] alg_setsockopt+0x6c5/0x740 [ 60.275047] SYSC_setsockopt+0x4b8/0x570 [ 60.279105] SyS_setsockopt+0x76/0xa0 [ 60.282890] do_syscall_64+0x309/0x430 [ 60.286756] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.291919] Uninit was created at: [ 60.295440] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 60.300522] kmsan_kmalloc+0x94/0x100 [ 60.304305] __kmalloc+0x23c/0x350 [ 60.307822] drbg_init_sym_kernel+0x8ca/0xcc0 [ 60.312295] drbg_kcapi_seed+0xa5a/0x2270 [ 60.316422] crypto_rng_reset+0x262/0x310 [ 60.320557] rng_setkey+0x8b/0xa0 [ 60.323989] alg_setsockopt+0x6c5/0x740 [ 60.327946] SYSC_setsockopt+0x4b8/0x570 [ 60.331985] SyS_setsockopt+0x76/0xa0 [ 60.335766] do_syscall_64+0x309/0x430 [ 60.339637] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.344797] ================================================================== [ 60.352140] Disabling lock debugging due to kernel taint [ 60.357565] Kernel panic - not syncing: panic_on_warn set ... [ 60.357565] [ 60.364907] CPU: 1 PID: 5166 Comm: syz-executor0 Tainted: G B 4.16.0+ #83 [ 60.373028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.382366] Call Trace: [ 60.384935] dump_stack+0x185/0x1d0 [ 60.388546] panic+0x39d/0x940 [ 60.391729] ? crypto_inc+0x2ab/0x2f0 [ 60.395510] kmsan_report+0x238/0x240 [ 60.399303] __msan_warning_32+0x6c/0xb0 [ 60.403354] crypto_inc+0x2ab/0x2f0 [ 60.406958] drbg_ctr_update+0x3a04/0x3d10 [ 60.411176] ? drbg_hash_df+0xc70/0xc70 [ 60.415131] drbg_seed+0xcba/0xe90 [ 60.418654] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.423997] ? add_random_ready_callback+0x4c/0x3c0 [ 60.428996] ? __kmalloc+0x23c/0x350 [ 60.432696] ? _cond_resched+0x3c/0xd0 [ 60.436563] ? drbg_kcapi_seed+0x129f/0x2270 [ 60.440954] drbg_kcapi_seed+0x1c97/0x2270 [ 60.445558] ? drbg_kcapi_random+0xc20/0xc20 [ 60.449948] crypto_rng_reset+0x262/0x310 [ 60.454093] rng_setkey+0x8b/0xa0 [ 60.457534] alg_setsockopt+0x6c5/0x740 [ 60.461488] ? rng_release+0x50/0x50 [ 60.465182] ? alg_accept+0xd0/0xd0 [ 60.468792] SYSC_setsockopt+0x4b8/0x570 [ 60.472858] SyS_setsockopt+0x76/0xa0 [ 60.476647] do_syscall_64+0x309/0x430 [ 60.480513] ? SYSC_recv+0xe0/0xe0 [ 60.484046] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.489222] RIP: 0033:0x455279 [ 60.492399] RSP: 002b:00007f34d7c1fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 60.500085] RAX: ffffffffffffffda RBX: 00007f34d7c206d4 RCX: 0000000000455279 [ 60.507335] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 60.514584] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.521839] R10: 0000000020000040 R11: 0000000000000246 R12: 00000000ffffffff [ 60.529085] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 60.536808] Dumping ftrace buffer: [ 60.540328] (ftrace buffer empty) [ 60.544010] Kernel Offset: disabled [ 60.547610] Rebooting in 86400 seconds..