INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. 2018/04/07 00:13:20 fuzzer started 2018/04/07 00:13:21 dialing manager at 10.128.0.26:38639 2018/04/07 00:13:27 kcov=true, comps=false 2018/04/07 00:13:30 executing program 0: mkdir(&(0x7f0000632000)='./file0\x00', 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='configfs\x00', 0x0, &(0x7f0000000080)) open(&(0x7f0000032ff8)='./file0\x00', 0x0, 0x0) 2018/04/07 00:13:30 executing program 2: mkdir(&(0x7f0000632000)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='configfs\x00', 0x0, &(0x7f0000000080)) r0 = open(&(0x7f0000032ff8)='./file0\x00', 0x0, 0x0) lseek(r0, 0xfffffffffffffffd, 0x0) 2018/04/07 00:13:30 executing program 7: mkdir(&(0x7f0000632000)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='configfs\x00', 0x0, &(0x7f0000000080)) r0 = open(&(0x7f0000032ff8)='./file0\x00', 0x0, 0x0) lseek(r0, 0x2, 0x0) 2018/04/07 00:13:30 executing program 3: perf_event_open(&(0x7f0000723f88)={0x2, 0x70, 0xc34, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000b17ff8)='./file0\x00', 0x0) r0 = open(&(0x7f0000aa0000)='./file0\x00', 0x0, 0x0) fcntl$dupfd(r0, 0x800000000402, 0xffffffffffffffff) 2018/04/07 00:13:30 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) ioctl$TIOCGSID(r0, 0x4008af22, &(0x7f0000000040)) 2018/04/07 00:13:30 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) ioctl$TIOCGSID(r0, 0x4008af10, &(0x7f0000000040)) 2018/04/07 00:13:30 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000001000)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108) r1 = syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00') readv(r1, &(0x7f0000000400)=[{&(0x7f00000001c0)=""/246, 0xf6}], 0x1) 2018/04/07 00:13:30 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) ioctl$TIOCGSID(r0, 0x4008af20, &(0x7f0000000040)) syzkaller login: [ 42.643202] ip (3766) used greatest stack depth: 54672 bytes left [ 42.982338] ip (3799) used greatest stack depth: 54312 bytes left [ 43.057182] ip (3804) used greatest stack depth: 54072 bytes left [ 46.099415] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.180290] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.220852] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.240338] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.265226] ip (4093) used greatest stack depth: 53976 bytes left [ 46.285278] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.325270] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.366121] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.499720] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.947769] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.067144] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.092170] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.155074] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.171097] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.321273] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.336135] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.525631] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.742363] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.748666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.758937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.843505] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.849809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.860805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.888634] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.895263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.925627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.950571] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.956840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.974692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.011170] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.017445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.043237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.148234] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.154513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.167118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.201086] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.210319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.231623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.293732] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.300111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.313109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 00:13:47 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000040)) 2018/04/07 00:13:47 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={&(0x7f000000f000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@delsa={0x3c, 0x11, 0x101, 0x0, 0x0, {@in, 0x0, 0x2}, [@srcaddr={0x14, 0xd, @in6=@dev={0xfe, 0x80}}]}, 0x33b}, 0x1}, 0x0) 2018/04/07 00:13:47 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) ioctl$TIOCGSID(r0, 0x4008af04, &(0x7f0000000040)) 2018/04/07 00:13:47 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) shutdown(r0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00007d1fef)='/dev/vga_arbiter\x00', 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f00001da000), 0x8}) 2018/04/07 00:13:47 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, 0x90, "93cacde4b0f2181fb6bc6926d7ff1d5bd9860bc5a7c441362f740455fc04e27973eec5a42039de770d701f62f92b9c98f49cae77a121da14a14754e1d42a472386896a00e81f8712eca90fa96ced5be45586bf594cd31a9288f671c2b71f079234b0bd8b629783652328d1164b07290232dc20a5eff72490ae8b8fbebbeb574a332f75e99b1618d4c28ef683ab0b54e4"}, &(0x7f00000011c0)=0x98) 2018/04/07 00:13:47 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00007e5000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000bc000)=@abs, 0x8) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) dup2(r2, r0) 2018/04/07 00:13:47 executing program 1: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x66, &(0x7f0000015e15)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @random="928e979c7a18", [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x14], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3], 0x1}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, 0x0) 2018/04/07 00:13:47 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000306000)={&(0x7f00003d7ff4)={0x10}, 0xc, &(0x7f00003b3000)={&(0x7f00001b87b0)=@newsa={0x104, 0x1a, 0x811, 0x0, 0x0, {{@in=@multicast1=0xe0000001, @in=@rand_addr}, {@in6, 0xffffffffffffffff, 0x2b}, @in=@loopback=0x7f000001, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in=@local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}]}, 0x104}, 0x1}, 0x0) 2018/04/07 00:13:47 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000f65000)=0x3fb, 0x4) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x1, &(0x7f0000c86000), &(0x7f0000000140)) 2018/04/07 00:13:47 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000005efff)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create(0x100000000000005) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000f6bff4)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000efd000)=0x62) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000fddfff)) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 2018/04/07 00:13:47 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000000005, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) sendto$inet(r0, &(0x7f00000001c0)="3816a915e9", 0x5, 0x0, &(0x7f0000000200)={0x2}, 0x10) 2018/04/07 00:13:47 executing program 2: syz_mount_image$ext4(&(0x7f0000000180)='ext2\x00', &(0x7f00000001c0)='./file0/control\x00', 0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000340)) 2018/04/07 00:13:47 executing program 1: syz_mount_image$reiserfs(&(0x7f0000000100)='reiserfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)) 2018/04/07 00:13:47 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000000005, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e1, &(0x7f0000000100)={r0}) 2018/04/07 00:13:47 executing program 0: syz_mount_image$reiserfs(&(0x7f0000000100)='reiserfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{@conv='conv', 0x2c}]}) 2018/04/07 00:13:47 executing program 7: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$kcm(0x29, 0x1000000000000005, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e1, &(0x7f0000000100)={r0}) 2018/04/07 00:13:48 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x30}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x1000}, 0x1c) 2018/04/07 00:13:48 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x1, 0x6b, 0xb}, 0x2c) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x1, 0x5, 0x200000000000009}, 0x2c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xc, 0x4, 0x4, 0x100000001, 0x0, r0}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00005f1000)={r1, &(0x7f0000eed000), &(0x7f0000b88000)="13"}, 0x20) 2018/04/07 00:13:48 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000000005, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 2018/04/07 00:13:48 executing program 7: socketpair$unix(0x1, 0x8000000003, 0x0, &(0x7f0000d12000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) recvmmsg(r0, &(0x7f000030efc4)=[{{&(0x7f0000413ffa)=@hci, 0x6, &(0x7f0000b60000), 0x0, &(0x7f00004f9000), 0x4}}], 0x1, 0x0, 0x0) 2018/04/07 00:13:48 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000000005, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) sendto$inet(r0, &(0x7f00000001c0)="3816a915e9", 0x5, 0x0, &(0x7f0000000200)={0x2}, 0x10) 2018/04/07 00:13:48 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000000)=@file={0x1, "e91f7189591e9233614b00"}, 0x6e) sendto$unix(r0, &(0x7f0000000080)="85", 0x1, 0x0, 0x0, 0x0) 2018/04/07 00:13:48 executing program 0: r0 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0) write$evdev(r0, &(0x7f0000000080)=[{}], 0xfffffcb2) 2018/04/07 00:13:48 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000000005, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e1, &(0x7f0000000100)={r0, r1}) 2018/04/07 00:13:48 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000000005, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e1, &(0x7f00000000c0)={r2}) [ 58.600509] ================================================================== [ 58.607932] BUG: KMSAN: uninit-value in do_error_trap+0x39b/0x600 [ 58.614171] CPU: 0 PID: 5174 Comm: syz-executor6 Not tainted 4.16.0+ #81 [ 58.621010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.630368] Call Trace: [ 58.632969] dump_stack+0x185/0x1d0 [ 58.636613] ? do_error_trap+0x39b/0x600 [ 58.640684] kmsan_report+0x142/0x240 [ 58.644497] __msan_warning_32+0x6c/0xb0 2018/04/07 00:13:48 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000000005, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 58.648567] do_error_trap+0x39b/0x600 [ 58.652464] ? kmsan_set_origin_inline+0x6b/0x120 [ 58.657322] do_invalid_op+0x46/0x50 [ 58.661048] invalid_op+0x1b/0x40 [ 58.664508] RIP: 0010:strp_done+0x13e/0x190 [ 58.668830] RSP: 0018:ffff88016758fa60 EFLAGS: 00010283 [ 58.674199] RAX: ffffffff8677f19e RBX: ffff88015e6541d0 RCX: 0000000000040000 [ 58.681472] RDX: ffffc9000295c000 RSI: 000000000000002e RDI: 000000000000002f [ 58.688748] RBP: ffff88016758fa98 R08: 0000000001080020 R09: 0000000000000002 [ 58.696034] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b6350900 [ 58.703348] R13: 0000000000000000 R14: ffff8801b6350918 R15: ffff88015e6541c8 [ 58.710656] ? strp_done+0x13e/0x190 [ 58.714421] kcm_ioctl+0x17c4/0x2a20 [ 58.718169] ? sock_ioctl+0x4da/0xbf0 [ 58.721991] ? kcm_release+0xc00/0xc00 [ 58.725899] sock_do_ioctl+0x13b/0x6b0 [ 58.729796] ? do_vfs_ioctl+0xaf0/0x2440 [ 58.733855] sock_ioctl+0x4da/0xbf0 [ 58.737473] ? SYSC_ioctl+0x1d2/0x260 [ 58.741268] ? sock_poll+0x370/0x370 [ 58.744976] do_vfs_ioctl+0xaf0/0x2440 [ 58.748856] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 58.754210] ? __fget_light+0x6b9/0x710 [ 58.758171] ? prepare_exit_to_usermode+0x149/0x3a0 [ 58.763179] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 58.768535] SYSC_ioctl+0x1d2/0x260 [ 58.772150] SyS_ioctl+0x54/0x80 [ 58.775501] do_syscall_64+0x309/0x430 [ 58.779378] ? ioctl_file_clone+0x4f0/0x4f0 [ 58.783695] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.788871] RIP: 0033:0x455259 [ 58.792048] RSP: 002b:00007f9ba4f84c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.799745] RAX: ffffffffffffffda RBX: 00007f9ba4f856d4 RCX: 0000000000455259 [ 58.807005] RDX: 0000000020000100 RSI: 00000000000089e0 RDI: 0000000000000015 [ 58.814265] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.821528] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.828782] R13: 00000000000003ab R14: 00000000006f88a8 R15: 0000000000000000 [ 58.836041] [ 58.837653] Local variable description: ----wait.i@lock_sock_nested [ 58.844038] Variable was created at: [ 58.847739] lock_sock_nested+0x3f/0x2a0 [ 58.851786] kcm_ioctl+0xd30/0x2a20 [ 58.855392] ================================================================== [ 58.862730] Disabling lock debugging due to kernel taint [ 58.868160] Kernel panic - not syncing: panic_on_warn set ... [ 58.868160] [ 58.875511] CPU: 0 PID: 5174 Comm: syz-executor6 Tainted: G B 4.16.0+ #81 [ 58.883633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.892969] Call Trace: [ 58.895545] dump_stack+0x185/0x1d0 [ 58.899161] panic+0x39d/0x940 [ 58.902362] ? do_error_trap+0x39b/0x600 [ 58.906412] kmsan_report+0x238/0x240 [ 58.910205] __msan_warning_32+0x6c/0xb0 [ 58.914254] do_error_trap+0x39b/0x600 [ 58.918135] ? kmsan_set_origin_inline+0x6b/0x120 [ 58.922971] do_invalid_op+0x46/0x50 [ 58.926675] invalid_op+0x1b/0x40 [ 58.930117] RIP: 0010:strp_done+0x13e/0x190 [ 58.934418] RSP: 0018:ffff88016758fa60 EFLAGS: 00010283 [ 58.939767] RAX: ffffffff8677f19e RBX: ffff88015e6541d0 RCX: 0000000000040000 [ 58.947029] RDX: ffffc9000295c000 RSI: 000000000000002e RDI: 000000000000002f [ 58.954295] RBP: ffff88016758fa98 R08: 0000000001080020 R09: 0000000000000002 [ 58.961551] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b6350900 [ 58.968804] R13: 0000000000000000 R14: ffff8801b6350918 R15: ffff88015e6541c8 [ 58.976067] ? strp_done+0x13e/0x190 [ 58.979768] kcm_ioctl+0x17c4/0x2a20 [ 58.983472] ? sock_ioctl+0x4da/0xbf0 [ 58.987259] ? kcm_release+0xc00/0xc00 [ 58.991138] sock_do_ioctl+0x13b/0x6b0 [ 58.995014] ? do_vfs_ioctl+0xaf0/0x2440 [ 58.999069] sock_ioctl+0x4da/0xbf0 [ 59.002681] ? SYSC_ioctl+0x1d2/0x260 [ 59.006475] ? sock_poll+0x370/0x370 [ 59.010177] do_vfs_ioctl+0xaf0/0x2440 [ 59.014057] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.019405] ? __fget_light+0x6b9/0x710 [ 59.023365] ? prepare_exit_to_usermode+0x149/0x3a0 [ 59.028368] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 59.033722] SYSC_ioctl+0x1d2/0x260 [ 59.037342] SyS_ioctl+0x54/0x80 [ 59.040698] do_syscall_64+0x309/0x430 [ 59.044576] ? ioctl_file_clone+0x4f0/0x4f0 [ 59.048891] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.054068] RIP: 0033:0x455259 [ 59.057243] RSP: 002b:00007f9ba4f84c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 59.064939] RAX: ffffffffffffffda RBX: 00007f9ba4f856d4 RCX: 0000000000455259 [ 59.072194] RDX: 0000000020000100 RSI: 00000000000089e0 RDI: 0000000000000015 [ 59.079447] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.086705] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.093960] R13: 00000000000003ab R14: 00000000006f88a8 R15: 0000000000000000 [ 59.101654] Dumping ftrace buffer: [ 59.105177] (ftrace buffer empty) [ 59.108868] Kernel Offset: disabled [ 59.112475] Rebooting in 86400 seconds..