INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. 2018/04/06 22:58:23 fuzzer started 2018/04/06 22:58:23 dialing manager at 10.128.0.26:38639 2018/04/06 22:58:29 kcov=true, comps=false 2018/04/06 22:58:32 executing program 0: 2018/04/06 22:58:32 executing program 1: 2018/04/06 22:58:32 executing program 7: 2018/04/06 22:58:32 executing program 2: 2018/04/06 22:58:32 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000ae1000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a45320, &(0x7f000027c000)={{0x80}, "706f7274310000004000000000000000000000d600fffffff0000000000000000000eda4000000000000000700", 0xbfffffffffffffff, 0x2}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) close(r0) 2018/04/06 22:58:32 executing program 3: pipe(&(0x7f0000055000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) vmsplice(r1, &(0x7f00007d3000)=[{&(0x7f0000fe3000)="d6", 0x1}], 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000fe5000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000041000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) writev(r3, &(0x7f000000b000)=[{&(0x7f0000066000)=',', 0x1}], 0x1) tee(r2, r1, 0x5, 0x0) 2018/04/06 22:58:32 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00') preadv(r0, &(0x7f0000001600)=[{&(0x7f0000001340)=""/212, 0xd4}], 0x1, 0x0) 2018/04/06 22:58:32 executing program 6: ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, &(0x7f0000000540)) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/loop-control\x00', 0x0, 0x0) timer_create(0x7, &(0x7f0000000040)={0x0, 0xb}, &(0x7f00000001c0)) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) dup3(0xffffffffffffffff, r0, 0x0) syzkaller login: [ 43.785263] ip (3750) used greatest stack depth: 54688 bytes left [ 43.944547] ip (3765) used greatest stack depth: 54672 bytes left [ 44.210886] ip (3793) used greatest stack depth: 54408 bytes left [ 44.337652] ip (3803) used greatest stack depth: 54312 bytes left [ 45.532959] ip (3914) used greatest stack depth: 53960 bytes left [ 47.340241] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.401710] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.663989] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.675830] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.740978] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.748421] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.756308] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.818513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.289786] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.328537] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.415079] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.519714] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.569670] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.682454] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.745946] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.772500] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.052992] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.059307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.069590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.096647] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.119538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.156098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.178984] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.188236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.218869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.293077] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.299337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.313580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.333266] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.341119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.350947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.519742] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.527899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.541652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.570644] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.582121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.603722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.631307] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.637551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.666648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/06 22:58:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000c6eff6)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) write(r0, &(0x7f0000000100)="1b", 0x1) ioctl$TCSETSW(r0, 0x5403, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffffffffffff13}) read(r1, &(0x7f0000000380)=""/181, 0xb5) 2018/04/06 22:58:49 executing program 0: 2018/04/06 22:58:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000c6eff6)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) write(r0, &(0x7f0000000100)="1b", 0x1) ioctl$TCSETSW(r0, 0x5403, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffffffffffff13}) read(r1, &(0x7f0000000380)=""/181, 0xb5) 2018/04/06 22:58:49 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000ae1000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a45320, &(0x7f000027c000)={{0x80}, "706f7274310000004000000000000000000000d600fffffff0000000000000000000eda4000000000000000700", 0xbfffffffffffffff, 0x2}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) close(r0) 2018/04/06 22:58:49 executing program 3: pipe(&(0x7f0000055000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) vmsplice(r1, &(0x7f00007d3000)=[{&(0x7f0000fe3000)="d6", 0x1}], 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000fe5000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000041000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) writev(r3, &(0x7f000000b000)=[{&(0x7f0000066000)=',', 0x1}], 0x1) tee(r2, r1, 0x5, 0x0) 2018/04/06 22:58:49 executing program 2: pipe(&(0x7f0000055000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) vmsplice(r1, &(0x7f00007d3000)=[{&(0x7f0000fe3000)="d6", 0x1}], 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000fe5000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000041000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) writev(r3, &(0x7f000000b000)=[{&(0x7f0000066000)=',', 0x1}], 0x1) tee(r2, r1, 0x5, 0x0) 2018/04/06 22:58:49 executing program 7: 2018/04/06 22:58:49 executing program 5: 2018/04/06 22:58:49 executing program 6: ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, &(0x7f0000000540)) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/loop-control\x00', 0x0, 0x0) timer_create(0x7, &(0x7f0000000040)={0x0, 0xb}, &(0x7f00000001c0)) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) dup3(0xffffffffffffffff, r0, 0x0) 2018/04/06 22:58:49 executing program 0: 2018/04/06 22:58:49 executing program 7: 2018/04/06 22:58:50 executing program 5: 2018/04/06 22:58:50 executing program 2: 2018/04/06 22:58:50 executing program 1: 2018/04/06 22:58:50 executing program 3: pipe(&(0x7f0000055000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) vmsplice(r1, &(0x7f00007d3000)=[{&(0x7f0000fe3000)="d6", 0x1}], 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000fe5000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000041000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) writev(r3, &(0x7f000000b000)=[{&(0x7f0000066000)=',', 0x1}], 0x1) tee(r2, r1, 0x5, 0x0) 2018/04/06 22:58:50 executing program 4: 2018/04/06 22:58:50 executing program 7: 2018/04/06 22:58:50 executing program 0: 2018/04/06 22:58:50 executing program 6: 2018/04/06 22:58:50 executing program 1: 2018/04/06 22:58:50 executing program 4: 2018/04/06 22:58:50 executing program 2: 2018/04/06 22:58:50 executing program 5: 2018/04/06 22:58:50 executing program 7: 2018/04/06 22:58:50 executing program 3: pipe(&(0x7f0000055000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) vmsplice(r1, &(0x7f00007d3000)=[{&(0x7f0000fe3000)="d6", 0x1}], 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000fe5000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000041000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) writev(r3, &(0x7f000000b000)=[{&(0x7f0000066000)=',', 0x1}], 0x1) tee(r2, r1, 0x5, 0x0) 2018/04/06 22:58:50 executing program 0: 2018/04/06 22:58:50 executing program 6: 2018/04/06 22:58:50 executing program 4: 2018/04/06 22:58:50 executing program 1: 2018/04/06 22:58:50 executing program 7: 2018/04/06 22:58:50 executing program 0: 2018/04/06 22:58:50 executing program 2: 2018/04/06 22:58:50 executing program 5: 2018/04/06 22:58:50 executing program 6: 2018/04/06 22:58:50 executing program 4: 2018/04/06 22:58:50 executing program 1: 2018/04/06 22:58:50 executing program 3: pipe(&(0x7f0000055000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) vmsplice(r1, &(0x7f00007d3000)=[{&(0x7f0000fe3000)="d6", 0x1}], 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000fe5000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000041000)={0xffffffffffffffff}) dup3(r1, r0, 0x0) tee(r2, r1, 0x5, 0x0) 2018/04/06 22:58:50 executing program 7: 2018/04/06 22:58:50 executing program 2: 2018/04/06 22:58:50 executing program 0: 2018/04/06 22:58:50 executing program 6: 2018/04/06 22:58:50 executing program 5: 2018/04/06 22:58:50 executing program 4: 2018/04/06 22:58:50 executing program 1: 2018/04/06 22:58:51 executing program 2: 2018/04/06 22:58:51 executing program 6: 2018/04/06 22:58:51 executing program 0: 2018/04/06 22:58:51 executing program 7: 2018/04/06 22:58:51 executing program 5: 2018/04/06 22:58:51 executing program 1: 2018/04/06 22:58:51 executing program 4: r0 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='(']}) 2018/04/06 22:58:51 executing program 3: pipe(&(0x7f0000055000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) vmsplice(r1, &(0x7f00007d3000)=[{&(0x7f0000fe3000)="d6", 0x1}], 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000fe5000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000041000)={0xffffffffffffffff}) dup3(r1, r0, 0x0) tee(r2, r1, 0x5, 0x0) 2018/04/06 22:58:51 executing program 2: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x7, 0x85}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x730000, 0xc, 0x1, &(0x7f0000000180)) 2018/04/06 22:58:51 executing program 6: 2018/04/06 22:58:51 executing program 7: 2018/04/06 22:58:51 executing program 0: 2018/04/06 22:58:52 executing program 5: 2018/04/06 22:58:52 executing program 1: 2018/04/06 22:58:52 executing program 4: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xae0000)=nil, 0xae0000, 0x4, 0x4d031, 0xffffffffffffffff, 0x0) 2018/04/06 22:58:52 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00008b7ff0)={&(0x7f00003c0fdc)={0x20, 0x0, 0x1, 0x800000001, 0x0, 0x0, {}, [@nested={0xc, 0x2, [@typed={0x8, 0x1, @ipv4=@loopback=0x7f000001}]}]}, 0x20}, 0x1}, 0x0) 2018/04/06 22:58:52 executing program 7: syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0xe800, 0x1, &(0x7f0000000200)=[{&(0x7f0000000040)="eb3c90", 0x3}], 0x0, &(0x7f0000000180)={[{@dos1xfloppy='dos1xfloppy', 0x2c}]}) 2018/04/06 22:58:52 executing program 0: shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x0) 2018/04/06 22:58:52 executing program 6: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x40000000000007c}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x930000, 0x6f2000, 0x705000, &(0x7f0000000180)) 2018/04/06 22:58:52 executing program 1: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x1001}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x324) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'ifb0\x00', 0xa201}) [ 61.287763] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. 2018/04/06 22:58:52 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00004da000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) syz_emit_ethernet(0xfddb, &(0x7f0000000080)={@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [{[], {0x8100}}], {@generic={0x800}}}, 0x0) 2018/04/06 22:58:52 executing program 4: socket$kcm(0x29, 0x2, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x21a}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x35, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x13, 0x705000, 0x705000, &(0x7f0000000240)) 2018/04/06 22:58:52 executing program 0: socket$kcm(0x29, 0x2, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x21a}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x35, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x13, 0x70b000, 0x705000, &(0x7f0000000240)) 2018/04/06 22:58:52 executing program 7: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x4e}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x2, 0x7fffffffefff, 0x6f2000, &(0x7f0000000000)) 2018/04/06 22:58:52 executing program 6: perf_event_open(&(0x7f0000001180)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x13, 0x705000, 0x730008, &(0x7f00000001c0)) 2018/04/06 22:58:52 executing program 2: syz_emit_ethernet(0x230, &(0x7f0000007000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @random="cf2bb43c40b8", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, @multicast1=0xe0000001}, @tcp={{0x0, 0x4e20, 0x42424242, 0x42424242, 0x0, 0x0, 0x5}}}}}}, 0x0) 2018/04/06 22:58:52 executing program 3: pipe(&(0x7f0000055000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) vmsplice(r1, &(0x7f00007d3000)=[{&(0x7f0000fe3000)="d6", 0x1}], 0x1, 0x0) rt_sigprocmask(0x0, &(0x7f0000fe5000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000041000)={0xffffffffffffffff}) dup3(r1, r0, 0x0) tee(r2, r1, 0x5, 0x0) 2018/04/06 22:58:52 executing program 1: syz_emit_ethernet(0x2a, &(0x7f0000000040)={@link_local={0x1, 0x80, 0xc2}, @dev={[0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0xffffff89, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 2018/04/06 22:58:52 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192\x00'}, 0x58) perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000002700)=[{0x0, 0x0, &(0x7f0000001400), 0x0, &(0x7f00000014c0)}, {0x0, 0x0, &(0x7f00000025c0)}, {0x0, 0x0, &(0x7f0000002640), 0x0, &(0x7f0000002680)=[@op={0x18, 0x117, 0x3}], 0x18}], 0x3, 0x0) 2018/04/06 22:58:52 executing program 1: perf_event_open(&(0x7f0000001180)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x13, 0x6f2000, 0x730008, &(0x7f00000001c0)) 2018/04/06 22:58:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="71e67a15cdf0311cfc093a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200), 0x256, &(0x7f0000000180)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}, 0x0) recvmsg(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/175, 0xaf}, {&(0x7f0000000900)=""/147, 0x93}], 0x2, &(0x7f00000001c0)=""/47, 0x2f}, 0x0) 2018/04/06 22:58:52 executing program 4: socket$kcm(0x29, 0x2, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x21a}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x35, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x13, 0x705000, 0x705000, &(0x7f0000000240)) 2018/04/06 22:58:52 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000c7e000)={0xffffffffffffffff, 0xffffffffffffffff}) read(r0, &(0x7f0000000000)=""/7, 0x7) sendto(r1, &(0x7f0000000040), 0xfffffffffffffe61, 0xc054, 0x0, 0xff22) 2018/04/06 22:58:52 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(poly1305-simd)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003c1000), 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000002740)=[{{&(0x7f0000001580)=@ipx={0x4, 0x0, 0x0, "02e9ae943315"}, 0x80, &(0x7f0000001800)=[{&(0x7f00000017c0)="7d766c20894bea40a6cce738f9c69735", 0x10}], 0x1, &(0x7f0000001840)}}, {{0x0, 0x0, &(0x7f0000001bc0), 0x0, &(0x7f0000001c00)}}], 0x2, 0x0) 2018/04/06 22:58:53 executing program 0: r0 = memfd_create(&(0x7f0000ee4000)='/dev/vga_arbiter\x00', 0x0) write(r0, &(0x7f0000ffdffb)='#!', 0x2) r1 = syz_open_procfs(0x0, &(0x7f0000ff5000)='net/rt_cache\x00') sendfile(r0, r1, &(0x7f00006dbff8)=0x5, 0x6) execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000000), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000) [ 62.244750] ================================================================== [ 62.252163] BUG: KMSAN: uninit-value in ghash_setkey+0x209/0x270 [ 62.258310] CPU: 1 PID: 5255 Comm: syz-executor5 Not tainted 4.16.0+ #81 [ 62.265134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.274468] Call Trace: [ 62.277054] dump_stack+0x185/0x1d0 [ 62.280669] ? ghash_setkey+0x209/0x270 [ 62.284620] kmsan_report+0x142/0x240 [ 62.288399] __msan_warning_32+0x6c/0xb0 [ 62.292458] ghash_setkey+0x209/0x270 [ 62.296255] ? ghash_final+0x1d0/0x1d0 [ 62.300131] crypto_shash_setkey+0x317/0x490 [ 62.304533] cryptd_hash_setkey+0x1a5/0x330 [ 62.308849] ? cryptd_hash_import+0x2a0/0x2a0 [ 62.313328] crypto_ahash_setkey+0x31a/0x470 [ 62.317733] ghash_async_setkey+0x1a5/0x330 [ 62.322053] ? ghash_async_import+0x3a0/0x3a0 [ 62.326534] crypto_ahash_setkey+0x31a/0x470 [ 62.330932] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 62.336468] crypto_gcm_setkey+0xa3c/0xc10 [ 62.340701] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 62.345089] crypto_aead_setkey+0x373/0x4c0 [ 62.349389] aead_setkey+0xa0/0xc0 [ 62.352906] alg_setsockopt+0x6c5/0x740 [ 62.356859] ? aead_release+0x90/0x90 [ 62.360636] ? alg_accept+0xd0/0xd0 [ 62.364246] SYSC_setsockopt+0x4b8/0x570 [ 62.368308] SyS_setsockopt+0x76/0xa0 [ 62.372094] do_syscall_64+0x309/0x430 [ 62.375966] ? SYSC_recv+0xe0/0xe0 [ 62.379488] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.384657] RIP: 0033:0x455259 [ 62.387829] RSP: 002b:00007f9033152c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 62.395515] RAX: ffffffffffffffda RBX: 00007f90331536d4 RCX: 0000000000455259 [ 62.402770] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 62.410025] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 62.417280] R10: 00000000200000c0 R11: 0000000000000246 R12: 00000000ffffffff [ 62.424525] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 62.431772] [ 62.433375] Uninit was stored to memory at: [ 62.437676] kmsan_internal_chain_origin+0x12b/0x210 [ 62.442765] __msan_chain_origin+0x69/0xc0 [ 62.446988] __crypto_xor+0x23c/0x16b0 [ 62.450870] crypto_ctr_crypt_inplace+0x29a/0x3a0 [ 62.455699] crypto_ctr_crypt+0x54c/0x7d0 [ 62.459840] skcipher_encrypt_blkcipher+0x222/0x320 [ 62.464851] crypto_gcm_setkey+0x6a3/0xc10 [ 62.469081] crypto_aead_setkey+0x373/0x4c0 [ 62.473397] aead_setkey+0xa0/0xc0 [ 62.476937] alg_setsockopt+0x6c5/0x740 [ 62.480895] SYSC_setsockopt+0x4b8/0x570 [ 62.484932] SyS_setsockopt+0x76/0xa0 [ 62.488709] do_syscall_64+0x309/0x430 [ 62.492587] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.497760] Local variable description: ----vla@crypto_ctr_crypt_inplace [ 62.504576] Variable was created at: [ 62.508277] crypto_ctr_crypt_inplace+0x19a/0x3a0 [ 62.513103] crypto_ctr_crypt+0x54c/0x7d0 [ 62.517222] ================================================================== [ 62.524553] Disabling lock debugging due to kernel taint [ 62.529975] Kernel panic - not syncing: panic_on_warn set ... [ 62.529975] [ 62.537325] CPU: 1 PID: 5255 Comm: syz-executor5 Tainted: G B 4.16.0+ #81 [ 62.545441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.554772] Call Trace: [ 62.557359] dump_stack+0x185/0x1d0 [ 62.560977] panic+0x39d/0x940 [ 62.564169] ? ghash_setkey+0x209/0x270 [ 62.568121] kmsan_report+0x238/0x240 [ 62.571909] __msan_warning_32+0x6c/0xb0 [ 62.575959] ghash_setkey+0x209/0x270 [ 62.579751] ? ghash_final+0x1d0/0x1d0 [ 62.583631] crypto_shash_setkey+0x317/0x490 [ 62.588037] cryptd_hash_setkey+0x1a5/0x330 [ 62.592346] ? cryptd_hash_import+0x2a0/0x2a0 [ 62.596818] crypto_ahash_setkey+0x31a/0x470 [ 62.601217] ghash_async_setkey+0x1a5/0x330 [ 62.605521] ? ghash_async_import+0x3a0/0x3a0 [ 62.610005] crypto_ahash_setkey+0x31a/0x470 [ 62.614405] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 62.619588] crypto_gcm_setkey+0xa3c/0xc10 [ 62.623812] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 62.628215] crypto_aead_setkey+0x373/0x4c0 [ 62.632535] aead_setkey+0xa0/0xc0 [ 62.636070] alg_setsockopt+0x6c5/0x740 [ 62.640041] ? aead_release+0x90/0x90 [ 62.643831] ? alg_accept+0xd0/0xd0 [ 62.647440] SYSC_setsockopt+0x4b8/0x570 [ 62.651483] SyS_setsockopt+0x76/0xa0 [ 62.655261] do_syscall_64+0x309/0x430 [ 62.659126] ? SYSC_recv+0xe0/0xe0 [ 62.662644] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.667813] RIP: 0033:0x455259 [ 62.670991] RSP: 002b:00007f9033152c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 62.678683] RAX: ffffffffffffffda RBX: 00007f90331536d4 RCX: 0000000000455259 [ 62.685927] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 62.693171] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 62.700425] R10: 00000000200000c0 R11: 0000000000000246 R12: 00000000ffffffff [ 62.707682] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 62.715416] Dumping ftrace buffer: [ 62.718931] (ftrace buffer empty) [ 62.722612] Kernel Offset: disabled [ 62.726209] Rebooting in 86400 seconds..