INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. 2018/04/07 01:25:48 fuzzer started 2018/04/07 01:25:49 dialing manager at 10.128.0.26:38639 2018/04/07 01:25:55 kcov=true, comps=false 2018/04/07 01:25:57 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$random(&(0x7f0000a33ff4)='/dev/random\x00', 0x0, 0x0) readv(r0, &(0x7f0000001440)=[{&(0x7f0000001400)=""/57, 0x39}], 0x1) timer_create(0x0, &(0x7f0000580000)={0x0, 0x12, 0x0, @thr={&(0x7f0000f44000), &(0x7f0000ff5fd2)}}, &(0x7f00000c6000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, &(0x7f0000040000)) r1 = getpgid(0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0xfffffffffffffffe, 0x32, 0xffffffffffffffff, 0x0) tkill(r1, 0x13) 2018/04/07 01:25:57 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000d1a000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet6(0xa, 0x100000000000005, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000d11000)=0x3fb, 0x4) bind$inet6(r1, &(0x7f0000fe8fe4)={0xa, 0x4e20}, 0x1c) listen(r1, 0x2) listen(r0, 0x26) 2018/04/07 01:25:57 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)={0x2, 0x3, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_sa={0x2, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}]}, 0x38}, 0x1}, 0x0) 2018/04/07 01:25:57 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) unshare(0x60000000) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000080)=0x8) 2018/04/07 01:25:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000fe6ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000340)=0x50) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x2) 2018/04/07 01:25:57 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000fe6ff6)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create(0xf4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000340)=0x50) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r0, 0x0) ioctl$TCFLSH(r2, 0x540b, 0x2) 2018/04/07 01:25:57 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000400008fe7bb5cd4e344cd0002800000720a00ff"], &(0x7f0000000000)="47504c00bc3047eb525f484f89fc96dd6ca64da40ff023122e66f6", 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xf, 0x5, &(0x7f0000000040)=@framed={{0x18}, [@jmp={0x5, 0x0, 0xffffffcd}], {0x95}}, &(0x7f0000000200)='syzkaller\x00', 0x80000001, 0x228, &(0x7f0000000300)=""/187}, 0x48) 2018/04/07 01:25:57 executing program 6: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) connect$inet(r0, &(0x7f00000dcff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) shutdown(r0, 0x1) syzkaller login: [ 43.905401] ip (3749) used greatest stack depth: 54656 bytes left [ 44.535684] ip (3809) used greatest stack depth: 54408 bytes left [ 44.571125] ip (3812) used greatest stack depth: 54312 bytes left [ 45.550888] ip (3907) used greatest stack depth: 54200 bytes left [ 46.408241] ip (3985) used greatest stack depth: 54160 bytes left [ 47.387927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.663436] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.673397] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.706550] ip (4098) used greatest stack depth: 53976 bytes left [ 47.715860] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.806594] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.825518] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.862539] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.931092] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.961585] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.347424] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.394542] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.403734] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.443504] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.562544] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.698392] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.704846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.716572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.753863] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.764968] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.113852] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.120198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.128161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.148385] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.159162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.191902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.224516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.230759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.239574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.272357] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.282156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.336249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.364433] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.373600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.400244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.542495] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.548754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.557447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.595701] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.613654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.630246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 01:26:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200027000f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open$dir(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000013c0)=""/4096, 0x1000) getdents64(r0, &(0x7f0000000140)=""/151, 0x97) 2018/04/07 01:26:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000100)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff9c}, [@ldst={0x7, 0x1, 0x0, 0x0, 0x7a}], {0x95}}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x450, &(0x7f000000cf3d)=""/195}, 0x48) 2018/04/07 01:26:14 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x42, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f79805854fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a6621f51a480e2f3aac78a8db2c0be10f25d1fea68bbb27cf59ce6768143c7da0a5277c17be7e03ff2cd97a72d0351a82cb32b931716cad42bf9e3ec64b5fb82d5ab6bbd2d014549e66a84f9c795681f0a1df8b9edf3ce14950237ec78ece828761d8bc9245639704915d7d5d5625e9cd9707fd187d962a37d82094a688f609709697282397e835b7b1e416f488d1e93e9dd87c96a1fdfc37bdb13612dd5aa126c16417a8f366042350e9485d00b192449c56657ad3ea028ff1eb384742822414bbe5218eb51fe1b23ce8ff59358aec9153efa611c57ea26daf7533d6c3a4") sendfile(r0, r1, &(0x7f0000000040), 0x100000000081) write(0xffffffffffffffff, &(0x7f000095c000), 0x0) openat(0xffffffffffffffff, &(0x7f0000563000)='./file0\x00', 0x0, 0x0) 2018/04/07 01:26:14 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) shmctl$SHM_LOCK(0x0, 0xb) 2018/04/07 01:26:14 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, 0x14, 0x1, 0x201}, 0x14}, 0x1}, 0x0) 2018/04/07 01:26:14 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/fib_trie\x00') readv(r0, &(0x7f00009a5f80)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x10000000000001ac) 2018/04/07 01:26:14 executing program 3: ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x0, 0x0, 0x10002, 0xfb}) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x4028700f, &(0x7f0000000040)) 2018/04/07 01:26:14 executing program 4: 2018/04/07 01:26:15 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$random(&(0x7f0000a33ff4)='/dev/random\x00', 0x0, 0x0) readv(r0, &(0x7f0000001440)=[{&(0x7f0000001400)=""/57, 0x39}], 0x1) timer_create(0x0, &(0x7f0000580000)={0x0, 0x12, 0x0, @thr={&(0x7f0000f44000), &(0x7f0000ff5fd2)}}, &(0x7f00000c6000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, &(0x7f0000040000)) r1 = getpgid(0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0xfffffffffffffffe, 0x32, 0xffffffffffffffff, 0x0) tkill(r1, 0x13) 2018/04/07 01:26:15 executing program 2: 2018/04/07 01:26:15 executing program 3: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x0, &(0x7f0000000080)={{0x0, r1+30000000}}, &(0x7f00000000c0)) timerfd_settime(r0, 0x0, &(0x7f0000005000)={{0x4000000000000000}, {0x40000000000000}}, &(0x7f0000004000)) 2018/04/07 01:26:15 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x75}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000100)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff9c}, [@ldst={0x7, 0x1}], {0x95}}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x450, &(0x7f000000cf3d)=""/195}, 0x48) 2018/04/07 01:26:15 executing program 4: r0 = socket(0x20000000000000a, 0x2, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000600)={@mcast2={0xff, 0x2, [], 0x1}, @empty, @mcast2={0xff, 0x2, [], 0x1}, 0x0, 0xac4}) 2018/04/07 01:26:15 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)=@ipv6_newaddr={0x34, 0x14, 0x109, 0x0, 0x0, {0xa}, [@IFA_FLAGS={0x8, 0x8}, @IFA_ADDRESS={0xf, 0x1, @local={0xfe, 0x80, [], 0xaa}}]}, 0x34}, 0x1}, 0x0) 2018/04/07 01:26:15 executing program 7: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x8}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@ipv4={[], [0xff, 0xff], @rand_addr}, @in6=@loopback={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback=0x7f000001, 0x0, 0x2b}, 0x2, @in, 0x0, 0x4, 0x0, 0x401}}, 0xe8) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/07 01:26:15 executing program 5: r0 = socket$inet(0x2, 0x3, 0x800000000000004) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000ee9ff0)={0x2}, 0x10) setsockopt$inet_int(r0, 0x0, 0x800000000000019, &(0x7f00000002c0)=0x45, 0x4) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000087000)=0xfffffffffffffe01, 0x4) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eee000), 0x0, &(0x7f0000000240)=""/81, 0x51}, 0x0) 2018/04/07 01:26:15 executing program 2: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x8}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@ipv4={[], [0xff, 0xff], @rand_addr}, @in6=@loopback={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback=0x7f000001, 0x0, 0x2b}, 0x0, @in, 0x0, 0x4}}, 0xe8) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/07 01:26:15 executing program 4: clock_gettime(0xfffffffffffffffb, &(0x7f0000000080)) 2018/04/07 01:26:15 executing program 5: r0 = socket(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x100000002}, 0x1c) sendto$inet(r0, &(0x7f0000509f92), 0x0, 0x8002, &(0x7f0000000000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$sock_int(r0, 0x1, 0xb, &(0x7f0000000180)=0x6, 0x4) write$binfmt_elf32(r0, &(0x7f0000000880)=ANY=[@ANYBLOB="7f454c46ff02fff80900000000000000000003000800000086030000380000003802000008000000d90020000100faff000007000000000003000000ff0f000004000000000000000000000009000000010100000100000006000000990000000900000005000000e2690000000000000500000002000000b4a385bc2d39632561aa10f607897cd3f92aa03575e8b43bbb2074d7681f67c8c861ba6fcfb75a25ca5c8b1ee77456dd47c9fea04f492a36d976ccdda9a7b58a7bd8af4e54527a940ecb66a07c2f8d3808c80514458ad27d6a0c9de5aa3eb933be80241f45c45af56689fc64a1e060c7c4462109b7eea5efeabf309f2b915e2551899f9b23b9d0f52c19f376a7d6def8ff9b66f948c35004ec51510902b16eef758e293c086c53c789e93b97da055a2d6ad552ae4521a3005e28446b644f08f5652c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x5ad) 2018/04/07 01:26:15 executing program 7: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x8}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@ipv4={[], [0xff, 0xff], @rand_addr}, @in6=@loopback={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback=0x7f000001, 0x0, 0x2b}, 0x2, @in, 0x0, 0x4, 0x0, 0x401}}, 0xe8) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/07 01:26:15 executing program 1: r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000034000)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x84) clone(0x0, &(0x7f0000000100), &(0x7f0000001100), &(0x7f0000001140), &(0x7f0000001180)) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000b84000)=0x90) 2018/04/07 01:26:15 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c03, 0x0) 2018/04/07 01:26:15 executing program 6: r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x1fffe, 0x0) ftruncate(r0, 0x8001) r1 = open$dir(&(0x7f0000000500)='./file0\x00', 0x2, 0x0) read(r1, &(0x7f0000003600)=""/4096, 0x1000) sendfile(r1, r1, &(0x7f0000000040), 0x7527fb3200000000) ftruncate(r0, 0x0) add_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000000c0)="0ee661fbf58899f122c5b01ea945443fe3466a864ab6efb7570c45bb5b99c95946dbdab084875f56acec70518d9b30e94bc1e8905145386c1b64659ce621cd35be6b287ab3c78503ae80cf2c7ad6e71dcb3c5ef6376b7462d0cfa65cae6f0d71dfb4ce343d8c030d7d82ef750907356200a1166ca69279c5326ab5018143dc9a141975147ab4de2ac65e697e3f9f", 0x8e, 0xfffffffffffffffb) fallocate(r1, 0x3, 0x0, 0xffffffff000) 2018/04/07 01:26:15 executing program 7: syz_mount_image$gfs2(&(0x7f0000001540)='gfs2\x00', &(0x7f0000001580)='.\x00', 0x0, 0x0, &(0x7f0000001800), 0x0, &(0x7f0000001880)={[{@suiddir='suiddir', 0x2c}]}) 2018/04/07 01:26:16 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0xa) connect$inet6(r0, &(0x7f0000032fe4)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x5}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000040)=@hopopts={0x0, 0x2, [], [@hao={0xc9, 0x10}]}, 0x20) writev(r0, &(0x7f0000000600)=[{&(0x7f0000002340)="feeb5d94be9fae1ff37c2137843e16a13fa676fde1d22e8f057ad1af004699f7e718eb759104f8501dd736b191f161a47b59246ee85fe521f9f8e5b93e4df6853a3edbda27e40a44f2f5c70e4a02f5db0efc3a1a769131b2bb630d9b09d7d7afa55fbd611adf487be30f2c08861dd92ea124be683f502c5a2fa12b7194e9b9c387bb77725861d8ab7de6dd9f539ab3f989ecac3fb8672ff89e7f3cd781a2bd6fe06db60f186b18354f1aba11765bd9f62e0538216c66071f7028e0e5cc431325208e55afb8bd5884b18c77c328d04688821d5b01540e980040b4fa3c96cc05f879defa3fe7da8edc485504c6102c4b8cb48f0231ab1a8c373f59a3ca305cee86bfe8aa1b11f7c05545895e4c3e6be0e0907b6d72fed856802ea38c678db2b1743731fd42af44dc2a9e21161bec4ac2e161487ec0aaaafa63473a8583b6c95fc93df50a753a226c6c5292e8ffbdc8b58703b121774a9e1f29d7e2e32c12bc87e44dff20debba23d14e53a9a7cdcbc6377963b65673b548c0093498f5b72ff9eb6677df9d6a88788842fe4251d738e3966d7deec8c6c00a9a6a0d15d57c80f2e2334b1ec0e5d46059041ea0336f604d8b03f7c2ffd8e2924b1f591c6399597bbf219abb399fec9ef660335987e8039753b2c926577e1b035715da8d39a443513a2d46e8f4f04232fedc5f4ed5e19c78d2e8ab37f47ddf4b565c5aff3b81559b049996c86a4dc85516b77fc02f4835cc0f96d685f3903a9e49cfb28dbd5061180bdc5e5e504cd688ec8f4a4f9205300ddc4a88568230cd016454c905f7764b21b892a0335519222fb399b345bd56640b37c0d53cbb994fe4fc06d2c6cc924d8e8b3726146df16f9be13a6f919686a295dc78ac4fc01b0ea31428eb7e99ac376b34b8f82b0f76c33a4aad8c9fb204dd3a3190f8bebe1358ea9817c149e636b6a1373a4b2b9137176459c9b68dfa759beea3c1f6fcc62a08ef8c0f44e850c0ecdb47d0ffcdd49ddd6a507c1219a4c566ec55d16d813f3e92b241f082ea72d6839fcfdf6a405bdd8ba5cb3583a472634f82e9c8e80ae47b6331cce6c02cb6f00d6376d9c40c398b2f62a047f7fc16a14ee50df4ed18df30ae3a5c19358e2ce389782e188c31818f65c2d952972eb03a54c9903db21e73a126569cf7cefe090ed58f957a2a2c54ffe9aad5e9a51566fa4b03fd0192d35e16c1e5a3a923fff8b3154c77365b86edcb055549549cb78aa3505b8792ee0d344b86d7aecb63261a71a1b9e95f88707ab468c15d064a4d2d5e5855715930e425ba26697ece55d4db1e9ac9de00f1a002604a1fafc1365135b2c20f21725c52a04b291a01c7f7f94f264e1a2383b3f4d8805dda2defa8ecb62c971444bb97464199d6ad63851507d0c4cf4252dda10afbc7b71af53032d4c1abba1a0d3dce23072bd8260fc84b6911036631b634e7a8f0b8dbbc45db87039c174d88676eacc3e51c2d7a7209645b95601d0e16a8a026a8cbcf94aa8f72cd76208aed2af74ee3afac92cce8a3efd0c3038b8ee6d716a70eb5e42532ec36a4dfa577b87830b22e9a244b300730d8e0a6cc955f9d83c9fd11166bd89d236943382e8f24e35dcc5f1728595f24fbd24a17fbbb6c27e5f14e4a0ad46366e91b053b4a7f8df461b60ab137c5cd26160c31c3688000f8218c960d57e9da032204033b3f29d29aa34dad39525546168287f2f383314d365786ca541fe71a4461698e7fe1bc2a82dfc3841fd7336203096e3298fd87dbcd4ce696bd04c4215ae014d70cae0ef0d34b8c6f2e44a24f22c68a291b785ce15448695f6a2e8021ffc65645debce219f3ad21bdd2f9a867cb9ac3e7c488f28569573c7151c2767df684130920fc4c72df8429ef554b7e01953d79f593f9c04abc95379ab13b425e026c58524412867557cee1fb1261f7a10c0318fd94ed08ee924c4ceba9c986fb8", 0x567}], 0x1) 2018/04/07 01:26:16 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000200)={0xaa}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) fcntl$setpipe(r1, 0x407, 0x0) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000604ffc)) dup2(r2, r3) 2018/04/07 01:26:16 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0) 2018/04/07 01:26:16 executing program 5: r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x1b, &(0x7f00000000c0)) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0x4007ffffffd}, 0x8, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(r2, &(0x7f0000000000)=""/128, 0x80) 2018/04/07 01:26:16 executing program 3: open$dir(&(0x7f00000001c0)='./file0\x00', 0x1fffe, 0x0) r0 = open$dir(&(0x7f00000002c0)='./file0\x00', 0x2, 0x0) write(r0, &(0x7f0000001300)="d88a8d38144e5013d473c0ac2ca61ff3b749a4f5c7e6e9c2ce586e5cfca5d60ffc9a4df71856925b300ab39b1dd592385821faecb039bcdc475ffbacb98218", 0x3f) sendfile(r0, r0, &(0x7f0000000040), 0x7527fb3200000000) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x100) r2 = open(&(0x7f0000000080)='./file0\x00', 0x4001, 0x0) sendfile(r2, r1, &(0x7f0000002b80), 0x7fffffff) 2018/04/07 01:26:16 executing program 6: syz_mount_image$iso9660(&(0x7f00000001c0)='iso9660\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0), 0x0, &(0x7f0000000880)={[{@map_normal='map=normal', 0x2c}]}) 2018/04/07 01:26:16 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000f39ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r0, 0x5402, &(0x7f0000fd6000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7}) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = syz_open_pts(r0, 0x0) readv(r1, &(0x7f0000fd6000)=[{&(0x7f0000313f29)=""/1, 0x661}], 0x1) ioctl$TCXONC(r0, 0x540a, 0x2) 2018/04/07 01:26:16 executing program 7: r0 = socket(0x1e, 0x5, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff01000000010000000000000007e77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)='g', 0x1}], 0x1, &(0x7f0000000080)}, 0x0) close(r0) [ 60.348529] ================================================================== [ 60.355920] BUG: KMSAN: uninit-value in tipc_subscrb_rcv_cb+0x418/0xe80 [ 60.362660] CPU: 1 PID: 5017 Comm: kworker/u4:6 Not tainted 4.16.0+ #81 [ 60.369391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.378736] Workqueue: tipc_rcv tipc_recv_work [ 60.383303] Call Trace: [ 60.385882] dump_stack+0x185/0x1d0 [ 60.389497] ? tipc_subscrb_rcv_cb+0x418/0xe80 [ 60.394066] kmsan_report+0x142/0x240 [ 60.397854] __msan_warning_32+0x6c/0xb0 [ 60.401904] tipc_subscrb_rcv_cb+0x418/0xe80 [ 60.406307] tipc_receive_from_sock+0x64c/0x800 [ 60.410966] ? tipc_topsrv_start+0x650/0x650 [ 60.415367] ? tipc_accept_from_sock+0x610/0x610 [ 60.420108] tipc_recv_work+0xd8/0x1f0 [ 60.423980] ? tipc_send_work+0xe20/0xe20 [ 60.428118] process_one_work+0x12c6/0x1f60 [ 60.432433] worker_thread+0x113c/0x24f0 [ 60.436487] ? process_one_work+0x1f60/0x1f60 [ 60.440964] kthread+0x539/0x720 [ 60.444317] ? process_one_work+0x1f60/0x1f60 [ 60.448796] ? kthread_blkcg+0xf0/0xf0 [ 60.452671] ret_from_fork+0x35/0x40 [ 60.456367] [ 60.457974] Uninit was created at: [ 60.461500] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 60.466592] kmsan_kmalloc+0x94/0x100 [ 60.470376] kmem_cache_alloc+0xaab/0xb90 [ 60.474510] tipc_receive_from_sock+0x15c/0x800 [ 60.479164] tipc_recv_work+0xd8/0x1f0 [ 60.483036] process_one_work+0x12c6/0x1f60 [ 60.487344] worker_thread+0x113c/0x24f0 [ 60.491385] kthread+0x539/0x720 [ 60.494734] ret_from_fork+0x35/0x40 [ 60.498424] ================================================================== [ 60.505760] Disabling lock debugging due to kernel taint [ 60.511189] Kernel panic - not syncing: panic_on_warn set ... [ 60.511189] [ 60.518538] CPU: 1 PID: 5017 Comm: kworker/u4:6 Tainted: G B 4.16.0+ #81 [ 60.526573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.535915] Workqueue: tipc_rcv tipc_recv_work [ 60.540475] Call Trace: [ 60.543049] dump_stack+0x185/0x1d0 [ 60.546661] panic+0x39d/0x940 [ 60.549859] ? tipc_subscrb_rcv_cb+0x418/0xe80 [ 60.554431] kmsan_report+0x238/0x240 [ 60.558218] __msan_warning_32+0x6c/0xb0 [ 60.562268] tipc_subscrb_rcv_cb+0x418/0xe80 [ 60.566672] tipc_receive_from_sock+0x64c/0x800 [ 60.571329] ? tipc_topsrv_start+0x650/0x650 [ 60.575729] ? tipc_accept_from_sock+0x610/0x610 [ 60.580471] tipc_recv_work+0xd8/0x1f0 [ 60.584343] ? tipc_send_work+0xe20/0xe20 [ 60.588481] process_one_work+0x12c6/0x1f60 [ 60.592797] worker_thread+0x113c/0x24f0 [ 60.596856] ? process_one_work+0x1f60/0x1f60 [ 60.601337] kthread+0x539/0x720 [ 60.604691] ? process_one_work+0x1f60/0x1f60 [ 60.609174] ? kthread_blkcg+0xf0/0xf0 [ 60.613050] ret_from_fork+0x35/0x40 [ 61.732034] Shutting down cpus with NMI [ 61.747559] Dumping ftrace buffer: [ 61.751082] (ftrace buffer empty) [ 61.754771] Kernel Offset: disabled [ 61.758384] Rebooting in 86400 seconds..