INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. 2018/04/07 05:32:27 fuzzer started 2018/04/07 05:32:28 dialing manager at 10.128.0.26:38639 2018/04/07 05:32:34 kcov=true, comps=false 2018/04/07 05:32:36 executing program 0: 2018/04/07 05:32:36 executing program 2: 2018/04/07 05:32:36 executing program 7: 2018/04/07 05:32:36 executing program 1: syz_emit_ethernet(0x2a, &(0x7f000070aef1)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @broadcast=0xffffffff}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 2018/04/07 05:32:36 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f00000026c0)='./file0\x00', 0x101002, 0x20) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000002700), &(0x7f0000002740)=0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000001000)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa, 0x0, 0x0, @dev={0xfe, 0x80}}}}, 0xfffffffffffffe8c) gettid() r1 = fcntl$getown(0xffffffffffffffff, 0x9) r2 = syz_open_procfs(r1, &(0x7f0000000400)='net/ip6_flowlabel\x00') readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/48, 0x30}, {&(0x7f0000000080)=""/244, 0xf4}, {&(0x7f0000000180)=""/222, 0xde}, {&(0x7f0000000280)=""/160, 0xa0}, {&(0x7f0000000340)=""/89, 0x59}, {&(0x7f0000000440)=""/94, 0x5e}], 0x6) 2018/04/07 05:32:36 executing program 3: mkdir(&(0x7f000002a000)='./file0\x00', 0x0) mmap(&(0x7f000002a000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000026000)='./file0\x00', 0x0, 0x0) r1 = dup(r0) getdents64(r1, &(0x7f0000029fd4)=""/48, 0x30) 2018/04/07 05:32:36 executing program 5: r0 = memfd_create(&(0x7f000001cffb)='.\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x20002) dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0xfffffffffffffffe}}], 0x1c) write$sndseq(r0, &(0x7f0000000000)=[{}], 0xffffffffffffffed) 2018/04/07 05:32:36 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000140), &(0x7f00000000c0)=0xde) syzkaller login: [ 44.122351] ip (3754) used greatest stack depth: 54672 bytes left [ 44.442541] ip (3782) used greatest stack depth: 54312 bytes left [ 45.698526] ip (3907) used greatest stack depth: 54200 bytes left [ 47.608433] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.701217] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.820810] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.852912] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.987769] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.997517] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.006904] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.060507] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.427432] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.617656] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.649602] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.692890] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.726016] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.841162] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.881451] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.054199] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.207225] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.213498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.225746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.277138] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.290657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.297979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.427928] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.434224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.446627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.483901] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.490136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.517484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.538267] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.555210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.591607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.684873] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.691200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.699178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.711232] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.717688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.730383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.000943] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.007269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.015296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 05:32:54 executing program 0: r0 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x101}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x0, &(0x7f0000000080)}) 2018/04/07 05:32:54 executing program 5: r0 = signalfd4(0xffffffffffffffff, &(0x7f000018a000), 0x8, 0x0) rt_sigprocmask(0x0, &(0x7f0000dd6000)={0x7fffffff}, &(0x7f0000839ff8), 0x8) r1 = getpid() r2 = gettid() read(r0, &(0x7f0000000000)=""/128, 0x177) sched_setaffinity(r2, 0x8, &(0x7f0000000080)=0x3d618abd) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f00000000c0)) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000140)={@multicast1=0xe0000001, @loopback=0x7f000001, @local={0xac, 0x14, 0x14, 0xaa}}, 0xc) tgkill(r1, r2, 0x1) 2018/04/07 05:32:54 executing program 3: mkdir(&(0x7f000002a000)='./file0\x00', 0x0) mmap(&(0x7f000002a000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000026000)='./file0\x00', 0x0, 0x0) r1 = dup(r0) getdents64(r1, &(0x7f0000029fd4)=""/48, 0x30) 2018/04/07 05:32:54 executing program 7: r0 = gettid() exit(0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_robust_list(r0, &(0x7f0000000340)=&(0x7f0000000300)={&(0x7f0000000240)={&(0x7f0000000200)}, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)}}, &(0x7f0000000380)=0x18) clock_gettime(0x0, &(0x7f0000000080)) 2018/04/07 05:32:54 executing program 1: r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_triestat\x00') lookup_dcookie(0x2, &(0x7f0000001600)=""/65, 0x41) ioctl$int_out(r0, 0x5462, &(0x7f0000000080)) sendfile(r0, r1, &(0x7f0000000040)=0x3, 0x10ed5b) getpid() getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000001340)={{{@in=@local, @in6=@ipv4={[], [], @multicast2}}}, {{@in6=@local}, 0x0, @in=@local}}, &(0x7f0000001440)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001480), &(0x7f00000014c0)=0xc) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a45352, &(0x7f0000001680)={{0x5, 0x6}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x4, 0xb41, 0x0, 0x0, 0x2, 0x634}) sendmsg$unix(r0, &(0x7f00000015c0)={&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001300)=[{&(0x7f00000001c0)}], 0x1, &(0x7f0000001500), 0x0, 0x4000}, 0x10) 2018/04/07 05:32:54 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@dev, @in=@loopback}}, {{@in=@local}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) exit(0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r0) 2018/04/07 05:32:54 executing program 6: r0 = syz_open_dev$sndseq(&(0x7f00000009c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000940)={0x40}) 2018/04/07 05:32:54 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='nr0\x00', 0x10) setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f0000000280)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000200)=0x764, 0x4) socketpair(0x5, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_int(r1, 0x29, 0x3b, &(0x7f0000000540), &(0x7f0000000580)=0x4) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000002c0)='nr0\x00') bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet(r0, &(0x7f0000000300), 0x6d7, 0x0, &(0x7f0000357000)={0x2, 0x4e20, @multicast2=0xe0000002}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x4, @dev={0xfe, 0x80, [], 0x200}, 0x1}, @in6={0xa, 0x4e24, 0x7, @dev={0xfe, 0x80, [], 0x17}, 0x9}, @in6={0xa, 0x4e24, 0x2, @empty, 0x1f}, @in6={0xa, 0x4e24, 0x80, @loopback={0x0, 0x1}}, @in={0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}], 0x80) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xc0, r3, 0x20, 0x70bd29, 0x25dfdbfe, {0x11}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'lo\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local={0xac, 0x14, 0x14, 0xaa}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x3f}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x44}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x779}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast2=0xe0000002}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfffffffffffffffc}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback=0x7f000001}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7ff}]}, 0xc0}, 0x1, 0x0, 0x0, 0x8000}, 0xc0c4) accept4$inet(r2, &(0x7f0000000180)={0x0, 0x0, @broadcast}, &(0x7f00000001c0)=0x10, 0x80800) ioctl$sock_ipx_SIOCGIFADDR(0xffffffffffffffff, 0x8915, &(0x7f0000000140)={'ip_vti0\x00', {0x4, 0x8, 0x8001, "202a2b3d8ba9", 0x7fffffff}}) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={@remote={0xac, 0x14, 0x14, 0xbb}, @broadcast=0xffffffff}, 0x8) 2018/04/07 05:32:54 executing program 6: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f000000bfc8)={&(0x7f0000000000)=@nl=@proc={0x10}, 0x80, &(0x7f0000002000)=[{&(0x7f0000001000)="5500000018007fafb72d1cb2a4a280930206000000a843096c26236939000900210008000000ca8a9848a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83de4411007227c43ab8220000bf0cec6bab91d4", 0x55}], 0x1, &(0x7f00000001c0)}, 0x0) sendto$inet6(r0, &(0x7f0000000080)="fec1e6f68933a4ae574685dba053a4e4b34a1718dfbd6c06b2b348e7e05e212eed67bb8abd8291ada2b35213595256c425dd7f2a9af82721b21f1b94de33aff08f84630e27d55539509ea8c4a8706669d89dff9c74a29610dbf766f0c34701c16fee56bbb663e03ed6e1fe93", 0x6c, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x70, @loopback={0x0, 0x1}}, 0x1c) 2018/04/07 05:32:54 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa}, 0x1c) sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000680), 0x0, &(0x7f00000000c0)=[{0x18, 0x29, 0xb, "3ba0"}], 0x18}}], 0x2, 0x0) 2018/04/07 05:32:54 executing program 1: r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/fib_triestat\x00') lookup_dcookie(0x2, &(0x7f0000001600)=""/65, 0x41) ioctl$int_out(r0, 0x5462, &(0x7f0000000080)) sendfile(r0, r1, &(0x7f0000000040)=0x3, 0x10ed5b) getpid() getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000001340)={{{@in=@local, @in6=@ipv4={[], [], @multicast2}}}, {{@in6=@local}, 0x0, @in=@local}}, &(0x7f0000001440)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001480), &(0x7f00000014c0)=0xc) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a45352, &(0x7f0000001680)={{0x5, 0x6}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x4, 0xb41, 0x0, 0x0, 0x2, 0x634}) sendmsg$unix(r0, &(0x7f00000015c0)={&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001300)=[{&(0x7f00000001c0)}], 0x1, &(0x7f0000001500), 0x0, 0x4000}, 0x10) 2018/04/07 05:32:54 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000002000)={0x1}) fcntl$lock(r0, 0x7, &(0x7f0000015fe0)={0x0, 0x0, 0x0, 0x80000001}) clock_gettime(0x0, &(0x7f0000000240)) fcntl$lock(r0, 0x7, &(0x7f0000155000)={0x1}) [ 59.267009] ================================================================== [ 59.274442] BUG: KMSAN: uninit-value in fib_create_info+0x554/0x8d20 [ 59.280942] CPU: 0 PID: 5095 Comm: syz-executor6 Not tainted 4.16.0+ #81 [ 59.287774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.297217] Call Trace: [ 59.299813] dump_stack+0x185/0x1d0 [ 59.303448] ? fib_create_info+0x554/0x8d20 [ 59.307769] kmsan_report+0x142/0x240 [ 59.311571] __msan_warning_32+0x6c/0xb0 [ 59.315637] fib_create_info+0x554/0x8d20 [ 59.319797] ? save_stack_trace+0xa5/0xf0 [ 59.323948] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 59.329399] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.334246] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.338916] ? inet_rtm_newroute+0x210/0x340 [ 59.343332] ? fib_table_insert+0xbc/0x2820 [ 59.347661] fib_table_insert+0x3b6/0x2820 [ 59.351904] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 59.357277] ? fib_new_table+0x247/0x670 [ 59.361350] inet_rtm_newroute+0x210/0x340 [ 59.365594] ? fib_del_ifaddr+0x35c0/0x35c0 [ 59.369922] rtnetlink_rcv_msg+0xa32/0x1560 [ 59.374253] ? SyS_sendmsg+0x54/0x80 [ 59.377976] ? netlink_sendmsg+0x9a6/0x1310 [ 59.382299] ? ___sys_sendmsg+0xec0/0x1310 [ 59.386535] ? SYSC_sendmsg+0x2a3/0x3d0 [ 59.390507] ? SyS_sendmsg+0x54/0x80 [ 59.394221] ? do_syscall_64+0x309/0x430 [ 59.398290] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.403659] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.408328] ? _raw_spin_unlock_bh+0x57/0x70 [ 59.412734] ? __local_bh_enable_ip+0x3b/0x140 [ 59.417312] ? _raw_spin_unlock_bh+0x57/0x70 [ 59.421727] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.426575] ? kmsan_set_origin+0x9e/0x160 [ 59.430814] netlink_rcv_skb+0x355/0x5f0 [ 59.434887] ? rtnetlink_bind+0x120/0x120 [ 59.439045] rtnetlink_rcv+0x50/0x60 [ 59.442761] netlink_unicast+0x1672/0x1750 [ 59.447004] ? rtnetlink_net_exit+0xa0/0xa0 [ 59.451339] netlink_sendmsg+0x1048/0x1310 [ 59.455586] ? netlink_getsockopt+0xc80/0xc80 [ 59.460080] ___sys_sendmsg+0xec0/0x1310 [ 59.464151] ? __fdget+0x4e/0x60 [ 59.467532] SYSC_sendmsg+0x2a3/0x3d0 [ 59.471340] SyS_sendmsg+0x54/0x80 [ 59.474878] do_syscall_64+0x309/0x430 [ 59.478772] ? ___sys_sendmsg+0x1310/0x1310 [ 59.483097] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.488279] RIP: 0033:0x455259 [ 59.491462] RSP: 002b:00007f539c2b1c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.499175] RAX: ffffffffffffffda RBX: 00007f539c2b26d4 RCX: 0000000000455259 [ 59.506449] RDX: 0000000000000000 RSI: 000000002000bfc8 RDI: 0000000000000013 2018/04/07 05:32:54 executing program 1: fcntl$getown(0xffffffffffffff9c, 0x9) r0 = syz_open_pts(0xffffffffffffffff, 0x400) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000001c0)=0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) r3 = open(&(0x7f000080dff6)='./control\x00', 0x0, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r5 = creat(&(0x7f0000000100)='./file0\x00', 0x48) write$sndseq(r5, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time={0x77359400}}], 0x1c) link(&(0x7f0000f3bff8)='./file0\x00', &(0x7f0000000080)='./control/file0\x00') r6 = getpid() sched_setattr(r6, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) openat(r3, &(0x7f0000000040)='./control\x00', 0x0, 0x0) getdents(r3, &(0x7f0000000000), 0x1f0) creat(&(0x7f0000000000)='./control/file0\x00', 0x0) dup2(0xffffffffffffffff, r4) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rmdir(&(0x7f000015dff6)='./control\x00') ioctl$TIOCGPGRP(r7, 0x540f, &(0x7f0000000080)=0x0) setpgid(r1, r8) 2018/04/07 05:32:54 executing program 2: r0 = perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x20000000000002}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000140)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) ftruncate(r2, 0x7) futex(&(0x7f00000000c0)=0x1, 0xd, 0x2, &(0x7f0000000100)={0x77359400}, &(0x7f0000000180), 0x1) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000200), 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x400000, 0x0) r3 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f000088c000)={@remote={0xfe, 0x80, [], 0xbb}, 0x0, 0x0, 0xff, 0x41}, 0x20) getxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB='ss\x00'], &(0x7f0000000300)=""/212, 0xd4) getsockopt$inet6_mreq(r3, 0x29, 0x1c, &(0x7f00000005c0)={@dev, 0x0}, &(0x7f0000000600)=0x14) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000680)={@ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xc}}, 0x14, r4}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80}, 0x800, 0x0, 0xff}, 0x20) sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000240)={0x27, 0x1, 0x1, 0x7, 0x6, 0x283, "82f64c5a0870a43d3fe54b789d4ba97fff09cee80e45c1203fe01d273d13fefa807056970528eadb376aa325faa58db833d7640d7a94e6920afff9b72d0619"}, 0x58, &(0x7f0000000500), 0x0, &(0x7f0000000680)=ANY=[], 0x0, 0x40000}], 0x1, 0x800) [ 59.513718] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.520993] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.528292] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 59.535564] [ 59.537185] Uninit was created at: [ 59.540745] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 59.545852] kmsan_kmalloc+0x94/0x100 [ 59.549656] kmsan_slab_alloc+0x11/0x20 [ 59.553633] __kmalloc_node_track_caller+0xaed/0x11c0 [ 59.558820] __alloc_skb+0x2cf/0x9f0 [ 59.562532] netlink_sendmsg+0x9a6/0x1310 [ 59.566677] ___sys_sendmsg+0xec0/0x1310 [ 59.570736] SYSC_sendmsg+0x2a3/0x3d0 [ 59.574529] SyS_sendmsg+0x54/0x80 [ 59.578060] do_syscall_64+0x309/0x430 [ 59.581944] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.587116] ================================================================== [ 59.594459] Disabling lock debugging due to kernel taint [ 59.599900] Kernel panic - not syncing: panic_on_warn set ... [ 59.599900] [ 59.607261] CPU: 0 PID: 5095 Comm: syz-executor6 Tainted: G B 4.16.0+ #81 [ 59.615391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.624729] Call Trace: [ 59.627316] dump_stack+0x185/0x1d0 [ 59.630945] panic+0x39d/0x940 [ 59.634158] ? fib_create_info+0x554/0x8d20 [ 59.638473] kmsan_report+0x238/0x240 [ 59.642271] __msan_warning_32+0x6c/0xb0 [ 59.646329] fib_create_info+0x554/0x8d20 [ 59.650484] ? save_stack_trace+0xa5/0xf0 [ 59.654627] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 59.660077] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.664916] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.669586] ? inet_rtm_newroute+0x210/0x340 [ 59.673992] ? fib_table_insert+0xbc/0x2820 [ 59.678310] fib_table_insert+0x3b6/0x2820 [ 59.682547] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 59.687916] ? fib_new_table+0x247/0x670 [ 59.691980] inet_rtm_newroute+0x210/0x340 [ 59.696226] ? fib_del_ifaddr+0x35c0/0x35c0 [ 59.700550] rtnetlink_rcv_msg+0xa32/0x1560 [ 59.704877] ? SyS_sendmsg+0x54/0x80 [ 59.708588] ? netlink_sendmsg+0x9a6/0x1310 [ 59.712903] ? ___sys_sendmsg+0xec0/0x1310 [ 59.717130] ? SYSC_sendmsg+0x2a3/0x3d0 [ 59.721097] ? SyS_sendmsg+0x54/0x80 [ 59.724807] ? do_syscall_64+0x309/0x430 [ 59.728864] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.734224] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.738891] ? _raw_spin_unlock_bh+0x57/0x70 [ 59.743296] ? __local_bh_enable_ip+0x3b/0x140 [ 59.747873] ? _raw_spin_unlock_bh+0x57/0x70 [ 59.752275] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.757115] ? kmsan_set_origin+0x9e/0x160 [ 59.761349] netlink_rcv_skb+0x355/0x5f0 [ 59.765408] ? rtnetlink_bind+0x120/0x120 [ 59.769555] rtnetlink_rcv+0x50/0x60 [ 59.773268] netlink_unicast+0x1672/0x1750 [ 59.777505] ? rtnetlink_net_exit+0xa0/0xa0 [ 59.781824] netlink_sendmsg+0x1048/0x1310 [ 59.786066] ? netlink_getsockopt+0xc80/0xc80 [ 59.790561] ___sys_sendmsg+0xec0/0x1310 [ 59.794626] ? __fdget+0x4e/0x60 [ 59.797999] SYSC_sendmsg+0x2a3/0x3d0 [ 59.801805] SyS_sendmsg+0x54/0x80 [ 59.805339] do_syscall_64+0x309/0x430 [ 59.809227] ? ___sys_sendmsg+0x1310/0x1310 [ 59.813553] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.818732] RIP: 0033:0x455259 [ 59.821913] RSP: 002b:00007f539c2b1c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.829613] RAX: ffffffffffffffda RBX: 00007f539c2b26d4 RCX: 0000000000455259 [ 59.836873] RDX: 0000000000000000 RSI: 000000002000bfc8 RDI: 0000000000000013 [ 59.844132] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.851395] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.858662] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 59.867569] Dumping ftrace buffer: [ 59.871101] (ftrace buffer empty) [ 59.874781] Kernel Offset: disabled [ 59.878380] Rebooting in 86400 seconds..