INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts. 2018/04/11 10:42:13 fuzzer started 2018/04/11 10:42:13 dialing manager at 10.128.0.26:36259 2018/04/11 10:42:19 kcov=true, comps=false 2018/04/11 10:42:22 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000516ff0)={0x2, 0x4e21, @rand_addr}, 0x10) sendto$inet(r0, &(0x7f0000588fff), 0xfffffffffffffe98, 0x20020003, &(0x7f0000385ff0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00') readv(r1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/233, 0xe9}], 0x1) 2018/04/11 10:42:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f000067aff0)=[{&(0x7f0000000080)="290000001a001bc91d001c0000fe71bb6294cb51551c21afd9da5275cbb5a24315c90b41a501f41beb", 0x29}], 0x1) 2018/04/11 10:42:22 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) rmdir(&(0x7f00000000c0)='./file0\x00') readlink(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=""/6, 0x6) 2018/04/11 10:42:22 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f000089b000)=0xffffffffffffffff, 0x4) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x807}, 0x1c) sendmmsg(r0, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000500)=[{0x10, 0x29, 0x4, "98"}], 0x10}}], 0x1, 0x0) 2018/04/11 10:42:22 executing program 4: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x100000001}, 0x0) r0 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x0, 0x0, &(0x7f0000664fc0)) mq_timedreceive(r0, &(0x7f000009d000)=""/224, 0xe0, 0x0, &(0x7f0000e6eff8)={0x77359400}) mq_timedreceive(r0, &(0x7f0000c04f55)=""/171, 0xab, 0x0, &(0x7f0000f76000)={0x77359400}) mq_timedreceive(r0, &(0x7f0000a2e000)=""/40, 0x28, 0x0, &(0x7f0000b6bff0)) 2018/04/11 10:42:22 executing program 5: 2018/04/11 10:42:22 executing program 6: 2018/04/11 10:42:22 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x101902) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1548f9d3, 0x0, 0x0, 0x0, 0xe, 0x10, "af9b361338f1a8d623b53de3089e5a230624bd8adcb137ef2254fd6249f559bf7c039f464a3da450df14e761bb1ea78b13ffbe75aad8aacf46dbb19cce7bdc1d", "aab1cc3ed18a45980c45546c8e70e80f50237cf9bc650e459d1610df5f9f6474276528158031fc57870a068c2fb6ce72258c8c52bc6fba0535dd137290762b29", "022c0dd94707ebe324bab14648893be769f6304df9bdd9fc6e2ce1fde42a8cb7", [0x9, 0xfffffffffffffffa]}) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000002c0)) syzkaller login: [ 43.866516] ip (3770) used greatest stack depth: 54688 bytes left [ 44.252392] ip (3804) used greatest stack depth: 54672 bytes left [ 45.249643] ip (3897) used greatest stack depth: 53960 bytes left [ 47.438102] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.465283] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.579593] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.694327] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.747733] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.777526] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.799762] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.849205] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.385412] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.537795] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.554864] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.645805] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.709220] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.751148] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.883341] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.973893] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.145572] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.151861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.163636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.274646] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.280968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.291775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.381950] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.388247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.397336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.428453] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.441063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.472909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.595100] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.601399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.609934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.639268] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.647888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.671607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.691932] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.700522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.719720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.766604] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.774820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.806289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/11 10:42:39 executing program 2: 2018/04/11 10:42:39 executing program 3: 2018/04/11 10:42:39 executing program 2: 2018/04/11 10:42:39 executing program 1: 2018/04/11 10:42:39 executing program 5: 2018/04/11 10:42:40 executing program 3: 2018/04/11 10:42:40 executing program 2: 2018/04/11 10:42:40 executing program 7: 2018/04/11 10:42:40 executing program 5: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000100)={0x5, 0xfffffffffffffffa}) 2018/04/11 10:42:40 executing program 0: 2018/04/11 10:42:40 executing program 7: r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000140)=[{0x18, 0x0, 0x7, "94054d"}], 0x18}, 0x0) 2018/04/11 10:42:40 executing program 1: 2018/04/11 10:42:40 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x3) 2018/04/11 10:42:40 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000080), 0x102000004) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync() 2018/04/11 10:42:40 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f00000b2000)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000c69fc0)=[{0x4}, {}, {}, {}, {}, {}, {}, {}], 0x8) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff, 0x10000007fffffff}, 0x14) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000700)=[{&(0x7f00000003c0)="fe3b57c4e3e0e17bfe736890dd0af67d28a493789283f2f477e9ffc3e3568e4926263c3f2974a6db14d8d681e9ada71e8e1a6bb8ba697f93bebcd04c7fcab600b84d006600d576c3843d1aef4ba1a2758bc820bdf9e7d66731b1f3ae5bcb1f5c0a31c1497a11804953f923d2dc347a1b9e5fe6cf9f073829b36ecf7c15ab68e6", 0x80}], 0x1) writev(r0, &(0x7f0000001040)=[{&(0x7f00000000c0)="32f68ac69c5c54f92cbbde469fe82457e84580c5762d4c6e7fd8c4393d2461a3f5553caac8a29d0b2b1d084017f56ce9fd370c8879961e4f23953c3b9262430be9b7ba0f44a22d3d04518ce33801f81d9e3c12c7db39122b92caa35c5b13d5ed2b0c380d8397b1dc7dd0eae9b798bb1c1145041c09f142336a87079e2e93c268a1d5ae7656d6f70ecfd79af30b47a31d4f61988052825e992fee6a2b6a322ef2cceae8c673f3967f4864f95740013d4f7700a9832d778ac9a06f019f64db9b5e401af5f4e534cffb21b8fbdb9095748c8bffbb525b232532d628c6810bf889a856d55f2428cdfc1c983fbe7b65c0c5c597a1524c033ff591b08eaa2c9296e393db7a71f4584b2c279bee27eb9432b287965021a2091143fb010dddb4286775a9c8f2ab9739168ca9c6928a6553a9e49a8f5554213d83e67ac008b4571e21149fd4938e39ffd2b683b9b42b6e2cf3acc189a9f84ab06c02a2e5078ed8835f788f31438b98bca659b56ae858a46d3e106324d665d6171b8b2de9a21d2b7730a337dc35ce2c4dcb647300ea34dec0b086c5e149cfe8b8310a1cc8bf131430a1c042ddc9658cecf94e19808f8ef0be7789e72e3c37bb57caefc8b842f48c0c0da9f62e911e6e790bfac55ecc3ee96d0a7f42bfd70f5491c7980e5fd52fbaa41ed52af70da561bcbcddb53a243d459dc479e7545a260592f32e1ee6d2915a52c42b4fc07a25befcc867501c41105a15", 0x20d}], 0x1) 2018/04/11 10:42:40 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000100)='tasks\x00', 0x2, 0x0) pause() readv(r1, &(0x7f0000000300)=[{&(0x7f0000000240)=""/188, 0xbc}], 0x1) [ 59.357163] raw_sendmsg: syz-executor7 forgot to set AF_INET. Fix it! 2018/04/11 10:42:40 executing program 1: 2018/04/11 10:42:40 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'gre0\x00'}, 0x18) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000002c0), &(0x7f0000000340)=0xc) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000001d00)={0x1, 'vcan0\x00'}, 0x18) [ 60.276145] print_req_error: I/O error, dev loop0, sector 0 [ 60.281992] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 60.284288] print_req_error: I/O error, dev loop0, sector 8 [ 60.295513] Buffer I/O error on dev loop0, logical block 1, lost async page write 2018/04/11 10:42:41 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000080), 0x102000004) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync() 2018/04/11 10:42:41 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00006cdfa8)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0x401, &(0x7f000014b000)=0x0) io_submit(r2, 0x1, &(0x7f0000000080)=[&(0x7f00004dbfc0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)}]) 2018/04/11 10:42:41 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000c7df60)={0x7ff, @in6={{0xa}}}, &(0x7f000064b000)=0xa0) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040)={r1}, 0x8) 2018/04/11 10:42:41 executing program 7: r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000140)=[{0x18, 0x0, 0x7, "94054d"}], 0x18}, 0x0) 2018/04/11 10:42:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000f72fcf), 0x0, 0x0, &(0x7f0000f5afe4)={0xa, 0x4e20}, 0x1c) 2018/04/11 10:42:41 executing program 1: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x7fd, 0x5db) sendto$inet(r0, &(0x7f0000dcfffe), 0x0, 0x0, &(0x7f0000514ff0)={0x2, 0x4e20}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000eebf9e)='-', 0x1) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eec000), 0x0, &(0x7f0000000faf)}, 0x41002106) 2018/04/11 10:42:41 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000080), 0x102000004) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync() 2018/04/11 10:42:41 executing program 4: r0 = socket(0x10, 0x803, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000000c0)=0x1) write(r0, &(0x7f0000df8fd9), 0x0) 2018/04/11 10:42:41 executing program 7: r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000140)=[{0x18, 0x0, 0x7, "94054d"}], 0x18}, 0x0) 2018/04/11 10:42:41 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000080)=0x100000000004) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000100)={0x5, 0xfffffffffffffffa}) 2018/04/11 10:42:41 executing program 4: r0 = socket$inet6(0xa, 0x80803, 0x2f) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x77359400}, 0x8) 2018/04/11 10:42:41 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCADDRT(r0, 0x890c, &(0x7f00000002c0)={@loopback={0x900000000000000, 0x1}, @mcast1={0xff, 0x1, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x9}) 2018/04/11 10:42:41 executing program 1: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x7fd, 0x5db) sendto$inet(r0, &(0x7f0000dcfffe), 0x0, 0x0, &(0x7f0000514ff0)={0x2, 0x4e20}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000eebf9e)='-', 0x1) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eec000), 0x0, &(0x7f0000000faf)}, 0x41002106) 2018/04/11 10:42:41 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4$netrom(0xffffffffffffff9c, &(0x7f0000000440), &(0x7f0000000480)=0x10, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)={&(0x7f0000000200)='./file0\x00', 0x0, 0x10}, 0x10) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCADDRT(r0, 0x894c, &(0x7f00000002c0)={@loopback={0x0, 0x1}, @mcast1={0xff, 0x1, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}}) setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000001c0)='tls\x00', 0x4) 2018/04/11 10:42:41 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000080), 0x102000004) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync() 2018/04/11 10:42:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=@ipv4_newroute={0x1c, 0x18, 0x5, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x1}}, 0x1c}, 0x1}, 0x0) 2018/04/11 10:42:42 executing program 7: r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000140)=[{0x18, 0x0, 0x7, "94054d"}], 0x18}, 0x0) 2018/04/11 10:42:42 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000100)={0x5, 0xfffffffffffffffa}) read(r0, &(0x7f0000000000)=""/54, 0x36) 2018/04/11 10:42:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'lo\x00'}) sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000001400110100000000000000000a000000", @ANYBLOB="140006000700000006000000000000000000ebff1400010000000000000000000000000000400001"], 0x2}, 0x1}, 0x0) 2018/04/11 10:42:42 executing program 1: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x7fd, 0x5db) sendto$inet(r0, &(0x7f0000dcfffe), 0x0, 0x0, &(0x7f0000514ff0)={0x2, 0x4e20}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000eebf9e)='-', 0x1) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eec000), 0x0, &(0x7f0000000faf)}, 0x41002106) 2018/04/11 10:42:42 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000080), 0x102000004) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync() 2018/04/11 10:42:42 executing program 6: r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0505350, &(0x7f00000003c0)={0x0, 0x0, 'client1\x00', 0x0, "80c26a3c989df43e", "29ee3ca795a73b11d317817026000e1898ccb7e7316ae7ebcab3b6a52134a4f7"}) 2018/04/11 10:42:42 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) getpeername$unix(r0, &(0x7f0000000080), &(0x7f0000000100)=0x6e) 2018/04/11 10:42:42 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000100)={'broute\x00'}, &(0x7f0000000040)=0x50) 2018/04/11 10:42:42 executing program 4: r0 = socket$inet(0x2, 0x3, 0x84) sendto$inet(r0, &(0x7f000014cf2c), 0x0, 0x8000, &(0x7f0000000080)={0x2}, 0x10) sendto$inet(r0, &(0x7f0000000100)="a562e820e91306374b8e923a4af57f73", 0x10, 0x0, &(0x7f00000000c0)={0x2}, 0x10) 2018/04/11 10:42:42 executing program 1: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x7fd, 0x5db) sendto$inet(r0, &(0x7f0000dcfffe), 0x0, 0x0, &(0x7f0000514ff0)={0x2, 0x4e20}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000eebf9e)='-', 0x1) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eec000), 0x0, &(0x7f0000000faf)}, 0x41002106) 2018/04/11 10:42:42 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000003c0)={0x2000, 0x0, 'client1\x00', 0x0, "80c26a3c989df43e", "29ee3ca795a73b11d317817026000e1898ccb7e7316ae7ebcab3b6a52134a4f7"}) 2018/04/11 10:42:42 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000713ffc)=0x3, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000ef0ffc)=0x7fe, 0x220) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000ee9ff0)={0x2, 0x4e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000087000)=0xfffffffffffffe01, 0x4) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eee000), 0x0, &(0x7f0000b18faf)=""/81, 0x3a}, 0x40002104) 2018/04/11 10:42:42 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) fremovexattr(r0, &(0x7f0000000300)=@known='security.capability\x00') 2018/04/11 10:42:42 executing program 7: sendmsg$kcm(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000140)=[{0x18, 0x0, 0x7, "94054d"}], 0x18}, 0x0) [ 61.688701] ================================================================== [ 61.696145] BUG: KMSAN: uninit-value in crc32c_pcl_intel_update+0x2af/0x500 [ 61.703256] CPU: 1 PID: 5220 Comm: syz-executor4 Not tainted 4.16.0+ #83 [ 61.710096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.719450] Call Trace: [ 61.722029] [ 61.724182] dump_stack+0x185/0x1d0 [ 61.727812] ? crc32c_pcl_intel_update+0x2af/0x500 [ 61.732749] kmsan_report+0x142/0x240 [ 61.736555] __msan_warning_32+0x6c/0xb0 [ 61.740619] crc32c_pcl_intel_update+0x2af/0x500 [ 61.745379] ? crc32c_intel_cra_init+0x80/0x80 [ 61.749960] crypto_shash_update+0x1e9/0x210 [ 61.754372] crc32c+0x155/0x210 [ 61.757651] sctp_csum_update+0x89/0xa0 [ 61.761625] __skb_checksum+0x234/0x1010 [ 61.765717] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 61.771079] ? __pskb_pull_tail+0x1154/0x22e0 [ 61.775576] ? kmsan_memcpy_origins+0xf1/0x170 [ 61.780160] ? sctp_has_association+0x160/0x160 [ 61.784826] sctp_rcv+0xf4e/0x4c90 [ 61.788372] ? raw_rcv+0x680/0x730 [ 61.791914] ? sctp_has_association+0x160/0x160 [ 61.796578] ? sctp_csum_update+0xa0/0xa0 [ 61.800732] ? sctp_csum_combine+0xa0/0xa0 [ 61.804969] ip_local_deliver_finish+0x6ed/0xd40 [ 61.809731] ip_local_deliver+0x43c/0x4e0 [ 61.813877] ? ip_local_deliver+0x4e0/0x4e0 [ 61.818195] ? ip_call_ra_chain+0x7b0/0x7b0 [ 61.822517] ip_rcv_finish+0x1253/0x16d0 [ 61.826585] ip_rcv+0x119d/0x16f0 [ 61.830045] ? ip_rcv+0x16f0/0x16f0 [ 61.833681] __netif_receive_skb_core+0x47cf/0x4a80 [ 61.838699] ? try_to_wake_up+0x1ab2/0x20a0 [ 61.843028] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 61.848829] ? ip_local_deliver_finish+0xd40/0xd40 [ 61.853767] process_backlog+0x62d/0xe20 [ 61.857835] ? rps_trigger_softirq+0x2f0/0x2f0 [ 61.862418] net_rx_action+0x7c1/0x1a70 [ 61.866396] ? net_tx_action+0xab0/0xab0 [ 61.870464] __do_softirq+0x56d/0x93d [ 61.874274] do_softirq_own_stack+0x2a/0x40 [ 61.878584] [ 61.880826] __local_bh_enable_ip+0x114/0x140 [ 61.885331] local_bh_enable+0x36/0x40 2018/04/11 10:42:42 executing program 7: r0 = socket$kcm(0x2, 0x0, 0x2) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000140)=[{0x18, 0x0, 0x7, "94054d"}], 0x18}, 0x0) 2018/04/11 10:42:42 executing program 3: r0 = syz_open_dev$sndtimer(&(0x7f0000000400)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000100)={0x100000000003, 0xfffffffffffffffa}) [ 61.889224] ip_finish_output2+0x124e/0x1380 [ 61.893641] ip_finish_output+0xcb0/0xff0 [ 61.897793] ip_output+0x502/0x5c0 [ 61.901332] ? ip_mc_finish_output+0x3b0/0x3b0 [ 61.905913] ? ip_finish_output+0xff0/0xff0 [ 61.910231] ip_send_skb+0x5f3/0x820 [ 61.913940] ? __ip_local_out+0x5b0/0x5b0 [ 61.918091] ip_push_pending_frames+0x105/0x170 [ 61.922757] raw_sendmsg+0x2960/0x3ed0 [ 61.926667] ? compat_raw_ioctl+0x100/0x100 [ 61.930986] inet_sendmsg+0x48d/0x740 [ 61.934786] ? security_socket_sendmsg+0x9e/0x210 [ 61.939631] ? inet_getname+0x500/0x500 [ 61.943606] SYSC_sendto+0x6c3/0x7e0 [ 61.947318] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 61.952768] ? prepare_exit_to_usermode+0x149/0x3a0 [ 61.957799] SyS_sendto+0x8a/0xb0 [ 61.961261] do_syscall_64+0x309/0x430 [ 61.965155] ? SYSC_getpeername+0x560/0x560 [ 61.969480] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.974667] RIP: 0033:0x455259 [ 61.977853] RSP: 002b:00007f7b1d772c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 61.985564] RAX: ffffffffffffffda RBX: 00007f7b1d7736d4 RCX: 0000000000455259 [ 61.992829] RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000013 [ 62.000102] RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000010 [ 62.007371] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 62.014639] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 62.021910] [ 62.023529] Uninit was stored to memory at: [ 62.027861] kmsan_internal_chain_origin+0x12b/0x210 [ 62.032966] kmsan_memcpy_origins+0x11d/0x170 [ 62.037462] __msan_memcpy+0x19f/0x1f0 [ 62.041351] skb_copy_bits+0x63a/0xdb0 [ 62.045239] __pskb_pull_tail+0x483/0x22e0 [ 62.049476] sctp_rcv+0x673/0x4c90 [ 62.053017] ip_local_deliver_finish+0x6ed/0xd40 [ 62.057776] ip_local_deliver+0x43c/0x4e0 [ 62.061924] ip_rcv_finish+0x1253/0x16d0 [ 62.065987] ip_rcv+0x119d/0x16f0 [ 62.069444] __netif_receive_skb_core+0x47cf/0x4a80 [ 62.074456] process_backlog+0x62d/0xe20 [ 62.078516] net_rx_action+0x7c1/0x1a70 [ 62.082492] __do_softirq+0x56d/0x93d [ 62.086278] Uninit was created at: [ 62.089818] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 62.094839] kmsan_alloc_page+0x82/0xe0 [ 62.098818] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 62.103582] alloc_pages_current+0x6b5/0x970 [ 62.107991] skb_page_frag_refill+0x3ba/0x5e0 [ 62.112502] sk_page_frag_refill+0xa4/0x340 [ 62.116828] __ip_append_data+0x107e/0x3d10 [ 62.121154] ip_append_data+0x2fb/0x440 [ 62.125132] raw_sendmsg+0x287b/0x3ed0 [ 62.129017] inet_sendmsg+0x48d/0x740 [ 62.132815] SYSC_sendto+0x6c3/0x7e0 [ 62.136528] SyS_sendto+0x8a/0xb0 [ 62.139975] do_syscall_64+0x309/0x430 [ 62.143865] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.149038] ================================================================== [ 62.156439] Disabling lock debugging due to kernel taint [ 62.161880] Kernel panic - not syncing: panic_on_warn set ... [ 62.161880] [ 62.169247] CPU: 1 PID: 5220 Comm: syz-executor4 Tainted: G B 4.16.0+ #83 [ 62.177383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.186733] Call Trace: [ 62.189315] [ 62.191471] dump_stack+0x185/0x1d0 [ 62.195099] panic+0x39d/0x940 [ 62.198316] ? crc32c_pcl_intel_update+0x2af/0x500 [ 62.203247] kmsan_report+0x238/0x240 [ 62.207054] __msan_warning_32+0x6c/0xb0 [ 62.211117] crc32c_pcl_intel_update+0x2af/0x500 [ 62.215884] ? crc32c_intel_cra_init+0x80/0x80 [ 62.220466] crypto_shash_update+0x1e9/0x210 [ 62.224880] crc32c+0x155/0x210 [ 62.228164] sctp_csum_update+0x89/0xa0 [ 62.232141] __skb_checksum+0x234/0x1010 [ 62.236203] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 62.241566] ? __pskb_pull_tail+0x1154/0x22e0 [ 62.246062] ? kmsan_memcpy_origins+0xf1/0x170 [ 62.250653] ? sctp_has_association+0x160/0x160 [ 62.255321] sctp_rcv+0xf4e/0x4c90 [ 62.258869] ? raw_rcv+0x680/0x730 [ 62.262410] ? sctp_has_association+0x160/0x160 [ 62.267076] ? sctp_csum_update+0xa0/0xa0 [ 62.271230] ? sctp_csum_combine+0xa0/0xa0 [ 62.275470] ip_local_deliver_finish+0x6ed/0xd40 [ 62.280226] ip_local_deliver+0x43c/0x4e0 [ 62.284377] ? ip_local_deliver+0x4e0/0x4e0 [ 62.288700] ? ip_call_ra_chain+0x7b0/0x7b0 [ 62.293020] ip_rcv_finish+0x1253/0x16d0 [ 62.297090] ip_rcv+0x119d/0x16f0 [ 62.300543] ? ip_rcv+0x16f0/0x16f0 [ 62.304183] __netif_receive_skb_core+0x47cf/0x4a80 [ 62.309193] ? try_to_wake_up+0x1ab2/0x20a0 [ 62.313505] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 62.319285] ? ip_local_deliver_finish+0xd40/0xd40 [ 62.324198] process_backlog+0x62d/0xe20 [ 62.328244] ? rps_trigger_softirq+0x2f0/0x2f0 [ 62.332804] net_rx_action+0x7c1/0x1a70 [ 62.336760] ? net_tx_action+0xab0/0xab0 [ 62.340800] __do_softirq+0x56d/0x93d [ 62.344586] do_softirq_own_stack+0x2a/0x40 [ 62.348891] [ 62.351112] __local_bh_enable_ip+0x114/0x140 [ 62.355586] local_bh_enable+0x36/0x40 [ 62.359452] ip_finish_output2+0x124e/0x1380 [ 62.363844] ip_finish_output+0xcb0/0xff0 [ 62.367974] ip_output+0x502/0x5c0 [ 62.371490] ? ip_mc_finish_output+0x3b0/0x3b0 [ 62.376062] ? ip_finish_output+0xff0/0xff0 [ 62.380369] ip_send_skb+0x5f3/0x820 [ 62.384070] ? __ip_local_out+0x5b0/0x5b0 [ 62.388199] ip_push_pending_frames+0x105/0x170 [ 62.392850] raw_sendmsg+0x2960/0x3ed0 [ 62.396727] ? compat_raw_ioctl+0x100/0x100 [ 62.401037] inet_sendmsg+0x48d/0x740 [ 62.404826] ? security_socket_sendmsg+0x9e/0x210 [ 62.409657] ? inet_getname+0x500/0x500 [ 62.413622] SYSC_sendto+0x6c3/0x7e0 [ 62.417316] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 62.422746] ? prepare_exit_to_usermode+0x149/0x3a0 [ 62.427751] SyS_sendto+0x8a/0xb0 [ 62.431183] do_syscall_64+0x309/0x430 [ 62.435059] ? SYSC_getpeername+0x560/0x560 [ 62.439374] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.444540] RIP: 0033:0x455259 [ 62.447712] RSP: 002b:00007f7b1d772c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 62.455398] RAX: ffffffffffffffda RBX: 00007f7b1d7736d4 RCX: 0000000000455259 [ 62.462645] RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000013 [ 62.469900] RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000010 [ 62.477173] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 62.484428] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 62.492171] Dumping ftrace buffer: [ 62.495692] (ftrace buffer empty) [ 62.499375] Kernel Offset: disabled [ 62.502976] Rebooting in 86400 seconds..