INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. 2018/04/07 01:14:53 fuzzer started 2018/04/07 01:14:54 dialing manager at 10.128.0.26:38639 2018/04/07 01:15:01 kcov=true, comps=false 2018/04/07 01:15:04 executing program 0: 2018/04/07 01:15:04 executing program 1: 2018/04/07 01:15:04 executing program 7: 2018/04/07 01:15:04 executing program 2: 2018/04/07 01:15:04 executing program 3: 2018/04/07 01:15:04 executing program 4: 2018/04/07 01:15:04 executing program 5: 2018/04/07 01:15:04 executing program 6: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000000), 0x4) syzkaller login: [ 44.946404] ip (3816) used greatest stack depth: 54312 bytes left [ 46.054092] ip (3924) used greatest stack depth: 54200 bytes left [ 47.754396] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.854920] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.900533] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.985235] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.025324] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.153839] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.174542] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.217403] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.413884] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.462392] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.617955] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.677336] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.915911] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.934762] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.979153] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.079629] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.125955] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.132250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.147468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.177669] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.186596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.212954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.361207] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.367427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.377681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.424396] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.430610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.442231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.704763] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.710997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.730284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.775218] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.781511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.796092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.899761] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.906196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.916994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.937890] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.948060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.962253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 01:15:20 executing program 1: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000f86000)='./control/file0\x00') rmdir(&(0x7f00000000c0)='./control\x00') lgetxattr(&(0x7f0000000440)='./file2\x00', &(0x7f0000000480)=@random={'system.', 'bdevppp0}\x00'}, &(0x7f00000004c0)=""/76, 0x4c) clone(0x0, &(0x7f0000000040), &(0x7f0000000100), &(0x7f00000001c0), &(0x7f00000002c0)) close(r0) 2018/04/07 01:15:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00007a8000)='/dev/sequencer\x00', 0x0, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f00000b5ff1)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000d97000)={0x0, 0x1000000200007d}) 2018/04/07 01:15:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000f39ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = syz_open_pts(r0, 0x0) readv(r1, &(0x7f0000fd6000)=[{&(0x7f0000313f29)=""/1, 0x661}], 0x1) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000040)) 2018/04/07 01:15:21 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000256ff8)='status\x00') sendfile(r0, r0, &(0x7f0000000000)=0x7ffff, 0x20000000000000a) 2018/04/07 01:15:21 executing program 6: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@remote={0xfe, 0x80, [], 0xbb}, @in=@broadcast=0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14}, 0x0, 0x32}, 0x0, @in=@broadcast=0xffffffff, 0x0, 0x0, 0x0, 0x9, 0x6, 0x5}}, 0xe8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x7}, 0x1c) 2018/04/07 01:15:21 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, &(0x7f0000000140), 0x0, 0x200007ff, &(0x7f0000003e00)={0x2, 0x4e23}, 0x10) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000440)=""/171, 0xab}], 0x1) sendto$inet(r0, &(0x7f00006fd000)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x0, &(0x7f0000e66000)={0x2, 0x0, @rand_addr}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='lp\x00', 0x2) shutdown(r0, 0x1) 2018/04/07 01:15:21 executing program 3: seccomp(0x1, 0x0, &(0x7f0000158000)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000212ff8)='./file0\x00', &(0x7f000078eff8)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000653fff)) syz_mount_image$reiserfs(&(0x7f0000000140)='reiserfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000001400), 0x100008, &(0x7f0000001480)) 2018/04/07 01:15:21 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000548000)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0x10}}, 0x1c) recvmsg(r0, &(0x7f0000000080)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f00000003c0)=""/36, 0x24}, 0x2000) 2018/04/07 01:15:21 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) sendto$inet(r0, &(0x7f00009fc000), 0x5fa, 0x8000, &(0x7f0000357000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000000040)="1ce3c7", 0x3, 0x4800, &(0x7f0000000100)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) [ 59.338164] audit: type=1326 audit(1523063721.328:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5075 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 01:15:21 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000256ff8)='status\x00') sendfile(r0, r0, &(0x7f0000000000)=0x7ffff, 0x20000000000000a) 2018/04/07 01:15:21 executing program 6: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000140)=0x1, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000469ffc)=0x7fe, 0x4) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000000)=0xbfb, 0x2) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000ee9ff0)={0x2, 0x4e20}, 0x10) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f00009fdfaf)=""/81, 0x51}, 0x40002106) 2018/04/07 01:15:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x0, 0x20000004, &(0x7f0000cc7fe4)={0xa, 0x4e22}, 0x1c) shutdown(r0, 0x1) shutdown(r0, 0x1) 2018/04/07 01:15:21 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000432fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r1 = socket$netlink(0x10, 0x3, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000013000)) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000000)={&(0x7f0000012000/0x4000)=nil, 0x4000}) close(r0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000002000)={&(0x7f0000011000/0x3000)=nil, 0x3000}) [ 59.571617] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 60.211628] audit: type=1326 audit(1523063722.210:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5075 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 01:15:22 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4c}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x36, &(0x7f00001a7f05)=""/251}, 0x18) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000100)=r0, 0x4) sendmsg(r1, &(0x7f00000001c0)={&(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2=0xe0000002}}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000200)="b3de34dfcc92d69cf02fea202ce6f530bb58df6d3882867683475fc5787f40d9f48dc32e97703dfb09982dc39e08407ea3a857576451f26ed4acb889cf9a2c5e31e0aa0fb6e74b31f5fd496d1f69fa0de86b6fef44b1", 0x56}], 0x1, &(0x7f0000000000), 0x0, 0x400000e}, 0x40040) 2018/04/07 01:15:22 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00008b2000)='./file0\x00', 0x0) lsetxattr(&(0x7f0000712ff8)='./file0\x00', &(0x7f0000faffe7)=@known='security.capability\x00', &(0x7f00002b2fec)="0000000201000000000000010400000000000000", 0x14, 0x0) getxattr(&(0x7f0000586ff8)='./file0\x00', &(0x7f0000d8e000)=@known='security.capability\x00', &(0x7f0000a2af87)=""/121, 0x0) 2018/04/07 01:15:22 executing program 6: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='yeah\x00', 0x5) sendto$inet(r0, &(0x7f0000000040)="be38fc69faea5bd09bf0307006cefbafc01c3062dfedf949ad4e86bda4029155e2d6181bc9f0d25d4a23fed54bd250db05a0fbd78679ca006afa4ee44cb7b522c4a38231a9f99b3001e1d4857321a6a7c9e36ae424cc0d49fdb6c13c422fde782dd0c18a3a4018030b94ba6b7ff3f3192f8c563a1986d839c40052c8d3a78ae29126", 0x82, 0x0, &(0x7f0000000100)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000000500)="ac", 0x1, 0x4c881, 0x0, 0x0) writev(r0, &(0x7f00002e1fe0)=[{&(0x7f0000c62f65)="db", 0x1}], 0x1) 2018/04/07 01:15:22 executing program 5: r0 = memfd_create(&(0x7f0000000200)="17646a707b29b58cd4444b90b1d61dcdf520bd3fdd6962509b0d41997968122f4d800206ab464fff744ba213bd6480ade68ee28f5373574ba0f4b083c4d409b7ffe0bf544ed941758da7fb64b8848b300600000000000000a8b008666feeff52ae31486c4ebb794e49880536f6a1d14cdd0ad83a0224777854dde2b926eda80cb3a7cf67ccad357b5bcc9143d332e883b2131910ac9b464de2e1eb45cd492cef2a5ac6c9e35d9bb7d395125dfd278f4ef1b6a912ca62c28d42f13143d50177f97ac9aac204eaf49c248f2e857ac24bba184e5857aff91b84129c9b", 0x0) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4600000000000000000000000002000600000000000000000038000000000000000000000000002000010000000000000000000000030000000000000000000000000000007f000000000000000000000000000000e0eae5034824f2e00f9e7557b9846ebf3ac932b7feb9d7c41d0fdb6770a5c8c8717fa10969e875"], 0x7f) execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000) 2018/04/07 01:15:22 executing program 4: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f00000d5000)) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f00000affc0), &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f00000e0000)='stack\x00') readv(r0, &(0x7f000066dff0)=[{&(0x7f00008ad000)=""/178, 0xb2}], 0x1) readv(r0, &(0x7f00000012c0), 0x0) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x26102, 0x0) syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x0) 2018/04/07 01:15:22 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000005000)={{0x0, 0x4}}, &(0x7f00002df000)) dup3(r0, r1, 0x0) 2018/04/07 01:15:22 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ctr-serpent-sse2,tgr128-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) 2018/04/07 01:15:22 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000200)={0x0, 0xdc5}, 0x8) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000000)) ioctl$fiemap(r0, 0x40286608, &(0x7f00000000c0)=ANY=[]) 2018/04/07 01:15:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@dev={[0xaa, 0xaa, 0xaa, 0xaa]}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000000000)) 2018/04/07 01:15:22 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000005ac0), &(0x7f0000005b00)=0x8) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc\x00', 0x0, 0x0) ioctl$PIO_UNIMAPCLR(r0, 0x80287010, &(0x7f00000000c0)) 2018/04/07 01:15:22 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00008b2000)='./file0\x00', 0x0) lsetxattr(&(0x7f0000712ff8)='./file0\x00', &(0x7f0000faffe7)=@known='security.capability\x00', &(0x7f00002b2fec)="0000000201000000000000010400000000000000", 0x14, 0x0) getxattr(&(0x7f0000586ff8)='./file0\x00', &(0x7f0000d8e000)=@known='security.capability\x00', &(0x7f0000a2af87)=""/121, 0x0) 2018/04/07 01:15:22 executing program 6: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000200)={'ip_vti0\x00', @ifru_data=&(0x7f0000000180)="d61a072afa6a2e6e9105a65cf0b08be4d57565e1a85eff283ee23d954743a2e3"}) 2018/04/07 01:15:22 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@dev={[0xaa, 0xaa, 0xaa, 0xaa]}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000000000)) 2018/04/07 01:15:22 executing program 5: r0 = memfd_create(&(0x7f0000000200)="17646a707b29b58cd4444b90b1d61dcdf520bd3fdd6962509b0d41997968122f4d800206ab464fff744ba213bd6480ade68ee28f5373574ba0f4b083c4d409b7ffe0bf544ed941758da7fb64b8848b300600000000000000a8b008666feeff52ae31486c4ebb794e49880536f6a1d14cdd0ad83a0224777854dde2b926eda80cb3a7cf67ccad357b5bcc9143d332e883b2131910ac9b464de2e1eb45cd492cef2a5ac6c9e35d9bb7d395125dfd278f4ef1b6a912ca62c28d42f13143d50177f97ac9aac204eaf49c248f2e857ac24bba184e5857aff91b84129c9b", 0x0) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4600000000000000000000000002000600000000000000000038000000000000000000000000002000010000000000000000000000030000000000000000000000000000007f000000000000000000000000000000e0eae5034824f2e00f9e7557b9846ebf3ac932b7feb9d7c41d0fdb6770a5c8c8717fa10969e875"], 0x7f) execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000) 2018/04/07 01:15:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f000001b000)={@multicast2=0xe0000002, @loopback=0x7f000001, @loopback=0x7f000001}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000008000)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) r1 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r0, r1) getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000008000)=""/144, &(0x7f0000004000)=0x100d2) 2018/04/07 01:15:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ad7000)={0x1, &(0x7f0000acbff8)=[{0x6, 0x0, 0x0, 0x6}]}, 0x10) bind$inet6(r1, &(0x7f0000807fe4)={0xa, 0x4e22}, 0x1c) sendto$inet6(r1, &(0x7f0000976000), 0x0, 0x200408d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f0000000080)='h', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}, 0x1c) readv(r0, &(0x7f0000000440)=[{&(0x7f0000000640)=""/199, 0xc7}], 0x1) sendto$inet6(r1, &(0x7f0000ad6fad)='\x00', 0x1, 0x3fffffd, &(0x7f0000254000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) close(r1) 2018/04/07 01:15:22 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x38d, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r0, 0x2000000000010d, 0x4000800000000b, &(0x7f0000000280)='\a\x00\x00\x00', 0x4) 2018/04/07 01:15:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write(r0, &(0x7f0000000040)="130000001000ffdde200f49f070f050000230a009d0000000f00afa73022e5f9ec3e4fe8697ae1a3490096000001e7b93c18983ae3820d1eb0f049a1b4b88ed4fe65be0602c2d3275df1f2aa09b1267c3d5f625e77e150da8ed7d56ca466a47bd87da5cd04b27daa1e415d102c748e6dc2d26746ea50518c2c681bbce9093d468612f0ff9b20db0000009b2930d837b9cb3452bdc4e2387d886959e4ebd30961933ae9f90d1ad5b56d2a917a6f575b8b76", 0xb1) [ 61.265701] ================================================================== [ 61.273097] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0 [ 61.279841] CPU: 0 PID: 5199 Comm: syz-executor4 Not tainted 4.16.0+ #81 [ 61.286651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.295976] Call Trace: [ 61.298543] dump_stack+0x185/0x1d0 [ 61.302358] ? kernel_text_address+0x248/0x3a0 [ 61.306915] kmsan_report+0x142/0x240 [ 61.310698] __msan_warning_32+0x6c/0xb0 [ 61.314736] kernel_text_address+0x248/0x3a0 [ 61.319121] ? __schedule+0x674/0x730 [ 61.322897] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 61.328236] ? __schedule+0x674/0x730 [ 61.332024] __kernel_text_address+0x34/0xe0 [ 61.336415] ? __schedule+0x674/0x730 [ 61.340195] unwind_get_return_address+0x8c/0x130 [ 61.345029] __save_stack_trace+0x45c/0xa80 [ 61.349337] ? __schedule+0x674/0x730 [ 61.353116] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.357766] ? save_stack_trace_tsk+0x58/0x2f0 [ 61.362326] save_stack_trace_tsk+0x258/0x2f0 [ 61.366800] proc_pid_stack+0x26a/0x470 [ 61.370769] proc_single_show+0x1af/0x300 [ 61.374918] ? proc_pid_wchan+0x250/0x250 [ 61.379055] ? proc_single_open+0x90/0x90 [ 61.383187] seq_read+0xc7d/0x2260 [ 61.386719] do_iter_read+0x880/0xd70 [ 61.390507] ? seq_open+0x360/0x360 [ 61.394118] do_readv+0x295/0x5f0 [ 61.397560] ? syscall_return_slowpath+0xe9/0x700 [ 61.402388] SYSC_readv+0x9b/0xb0 [ 61.405822] SyS_readv+0x56/0x80 [ 61.409167] do_syscall_64+0x309/0x430 [ 61.413044] ? vfs_readv+0x260/0x260 [ 61.416745] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.421910] RIP: 0033:0x455259 [ 61.425076] RSP: 002b:00007f9649adbc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 61.432763] RAX: ffffffffffffffda RBX: 00007f9649adc6d4 RCX: 0000000000455259 [ 61.440014] RDX: 0000000000000001 RSI: 000000002066dff0 RDI: 0000000000000013 [ 61.447270] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 61.454517] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.461764] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000001 [ 61.469022] [ 61.470630] Uninit was stored to memory at: [ 61.474936] kmsan_internal_chain_origin+0x12b/0x210 [ 61.480019] __msan_chain_origin+0x69/0xc0 [ 61.484245] update_stack_state+0x959/0xa40 [ 61.488547] __unwind_start+0x335/0x630 [ 61.492503] __save_stack_trace+0x3e1/0xa80 [ 61.496807] save_stack_trace_tsk+0x258/0x2f0 [ 61.501281] proc_pid_stack+0x26a/0x470 [ 61.505232] proc_single_show+0x1af/0x300 [ 61.509361] seq_read+0xc7d/0x2260 [ 61.512885] do_iter_read+0x880/0xd70 [ 61.516662] do_readv+0x295/0x5f0 [ 61.520100] SYSC_readv+0x9b/0xb0 [ 61.523535] SyS_readv+0x56/0x80 [ 61.526880] do_syscall_64+0x309/0x430 [ 61.530750] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.535915] Local variable description: ----flags.i.i.i@rcu_all_qs [ 61.542204] Variable was created at: [ 61.545897] rcu_all_qs+0x32/0x1f0 [ 61.549414] _cond_resched+0x3c/0xd0 [ 61.553102] ================================================================== [ 61.560433] Disabling lock debugging due to kernel taint [ 61.565855] Kernel panic - not syncing: panic_on_warn set ... [ 61.565855] [ 61.573200] CPU: 0 PID: 5199 Comm: syz-executor4 Tainted: G B 4.16.0+ #81 [ 61.581314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.590643] Call Trace: [ 61.593211] dump_stack+0x185/0x1d0 [ 61.596820] panic+0x39d/0x940 [ 61.600015] ? kernel_text_address+0x248/0x3a0 [ 61.604587] kmsan_report+0x238/0x240 [ 61.608369] __msan_warning_32+0x6c/0xb0 [ 61.612411] kernel_text_address+0x248/0x3a0 [ 61.616798] ? __schedule+0x674/0x730 [ 61.620575] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 61.625917] ? __schedule+0x674/0x730 [ 61.629700] __kernel_text_address+0x34/0xe0 [ 61.634086] ? __schedule+0x674/0x730 [ 61.637871] unwind_get_return_address+0x8c/0x130 [ 61.642703] __save_stack_trace+0x45c/0xa80 [ 61.647007] ? __schedule+0x674/0x730 [ 61.650792] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.655444] ? save_stack_trace_tsk+0x58/0x2f0 [ 61.660011] save_stack_trace_tsk+0x258/0x2f0 [ 61.664499] proc_pid_stack+0x26a/0x470 [ 61.668457] proc_single_show+0x1af/0x300 [ 61.672584] ? proc_pid_wchan+0x250/0x250 [ 61.676717] ? proc_single_open+0x90/0x90 [ 61.680849] seq_read+0xc7d/0x2260 [ 61.684379] do_iter_read+0x880/0xd70 [ 61.688166] ? seq_open+0x360/0x360 [ 61.691775] do_readv+0x295/0x5f0 [ 61.695213] ? syscall_return_slowpath+0xe9/0x700 [ 61.700045] SYSC_readv+0x9b/0xb0 [ 61.703480] SyS_readv+0x56/0x80 [ 61.706829] do_syscall_64+0x309/0x430 [ 61.710706] ? vfs_readv+0x260/0x260 [ 61.714402] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.719567] RIP: 0033:0x455259 [ 61.722733] RSP: 002b:00007f9649adbc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 61.730423] RAX: ffffffffffffffda RBX: 00007f9649adc6d4 RCX: 0000000000455259 [ 61.737678] RDX: 0000000000000001 RSI: 000000002066dff0 RDI: 0000000000000013 [ 61.744928] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 61.752179] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.759430] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000001 [ 61.767154] Dumping ftrace buffer: [ 61.770670] (ftrace buffer empty) [ 61.774354] Kernel Offset: disabled [ 61.777951] Rebooting in 86400 seconds..