INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. 2018/04/07 02:18:11 fuzzer started 2018/04/07 02:18:11 dialing manager at 10.128.0.26:38639 2018/04/07 02:18:17 kcov=true, comps=false 2018/04/07 02:18:20 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x101c00) ioctl(r0, 0x442000000000127c, &(0x7f0000000000)) 2018/04/07 02:18:20 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000240)=""/1, &(0x7f0000000280)=0x1) 2018/04/07 02:18:20 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) rmdir(&(0x7f0000000080)='./file0\x00') 2018/04/07 02:18:20 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_netfilter(r0, &(0x7f00009f5000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000690000)={0x18, 0xc, 0x6, 0x1, 0x0, 0x0, {}, [@nested={0x4, 0x1}]}, 0x18}, 0x1}, 0x0) 2018/04/07 02:18:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x40096101, &(0x7f00008da000)={{0x2, 0x0, @multicast2=0xe0000002, [0xfe]}, {}, 0x0, {0x2, 0x0, @dev={0xac, 0x14, 0x14}}, 'ip6tnl0\x00'}) 2018/04/07 02:18:20 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000000940)={&(0x7f0000000040)=@pppol2tpin6, 0x80, &(0x7f00000007c0), 0x0, &(0x7f0000000880)=""/139, 0x8b}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x14, 0x22, 0x331, 0x0, 0x0, {0x6}}, 0x14}, 0x1}, 0x0) 2018/04/07 02:18:20 executing program 3: r0 = socket(0x1f, 0x2, 0x4) getsockopt$inet_mreq(r0, 0x0, 0x2000024, &(0x7f0000000000)={@local, @multicast1}, &(0x7f0000000040)=0x8) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000080)=0x6ba9, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000b2000)=0xffffffffffffffff, 0x4) bind$inet(r1, &(0x7f0000490000)={0x2, 0x4e22, @loopback=0x7f000001}, 0x10) sendto$inet(r1, &(0x7f0000482000), 0xfffffffffffffd6c, 0x800000120000001, &(0x7f0000e45ff0)={0x2, 0x4e22}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x852b, 0xffff}, 0x14) shutdown(r1, 0x1) 2018/04/07 02:18:20 executing program 6: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000080)=0x1c, 0x4) syzkaller login: [ 42.783266] ip (3748) used greatest stack depth: 54688 bytes left [ 43.065271] ip (3774) used greatest stack depth: 54672 bytes left [ 43.225578] ip (3790) used greatest stack depth: 54312 bytes left [ 44.585823] ip (3920) used greatest stack depth: 54200 bytes left [ 45.030282] ip (3960) used greatest stack depth: 54144 bytes left [ 46.386181] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.400268] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.532961] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.552925] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.606065] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.684531] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.761796] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.806520] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.007874] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.224640] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.447507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.471940] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.497920] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.515639] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.594711] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.628787] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.713793] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.720105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.736454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.001790] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.008140] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.029958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.163002] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.169310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.182587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.240896] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.249123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.264674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.288489] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.298905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.312879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.343867] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.350727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.361795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.401492] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.407991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.421616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.469740] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.480390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.495665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 02:18:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x40) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f00000004c0)=0x1, 0x4) sendto$inet6(r1, &(0x7f0000eb9fff), 0xfffffd65, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = accept4(r0, &(0x7f0000c71000)=@alg, &(0x7f0000000040)=0x3dc, 0x0) dup2(r2, r1) sendmsg$alg(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001700)="97", 0x1}], 0x1, &(0x7f0000001800)}, 0x0) [ 57.163403] QAT: Stopping all acceleration devices. [ 57.198888] QAT: Stopping all acceleration devices. 2018/04/07 02:18:37 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)="2e2f6367726f7570000478d081", 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000240)='rdma.max\x00', 0x2, 0x0) pwrite64(r1, &(0x7f0000000000), 0x0, 0x0) 2018/04/07 02:18:37 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000f36000)={&(0x7f0000333f88)=ANY=[@ANYBLOB="020300090c000000ffffffffffffffff02001300020000000000000000000000030006000000000002004e20e0000001000000000000002402000100f8ffffff0000000200000000030005000000000002004e20e00000010000000000000000"], 0x60}, 0x1}, 0x0) sendmsg$key(r0, &(0x7f000033efc8)={0x0, 0x0, &(0x7f0000aa8000)={&(0x7f00009b9000)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0) 2018/04/07 02:18:38 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000010ffc)=0x4, 0x4) sendto$inet6(r0, &(0x7f0000003fd9), 0x0, 0x0, &(0x7f0000008000)={0xa, 0x0, 0x5}, 0x1c) 2018/04/07 02:18:38 executing program 0: sched_setattr(0x0, &(0x7f0000000080), 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)={0xffffffffc0000001}) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) epoll_wait(r3, &(0x7f0000cd8ff4)=[{}], 0x1, 0x4) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/04/07 02:18:38 executing program 7: r0 = socket(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000040), &(0x7f0000000080)=0xc) dup(0xffffffffffffffff) 2018/04/07 02:18:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000fd0ffc)=0x2) ioctl$TIOCGLCKTRMIOS(r1, 0x40087101, &(0x7f0000000000)) 2018/04/07 02:18:38 executing program 6: r0 = socket$packet(0x11, 0x80200000000002, 0x300) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x320, 0x4) clock_gettime(0x0, &(0x7f0000000380)={0x0}) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, &(0x7f00000003c0)={r2}, &(0x7f0000000400), 0x8) sendto$inet6(r1, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000008000)={0xa, 0x0, 0x100000002, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) 2018/04/07 02:18:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1) ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3c) fcntl$setsig(r2, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r3}], 0x1, 0xfffffffffffffff8) r4 = dup2(r2, r3) recvfrom$inet(r4, &(0x7f0000000040)=""/98, 0x62, 0x0, &(0x7f0000000100)={0x2, 0x0, @rand_addr}, 0x10) fcntl$setown(r4, 0x8, r1) tkill(r1, 0x16) 2018/04/07 02:18:38 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x3, 0x4e8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000900], 0x0, &(0x7f0000000100), &(0x7f0000000900)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x11, 0x0, 0x0, 'gre0\x00', 'rose0\x00', 'bcsh0\x00', 'syzkaller1\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], @random="887c6add101b", [], 0x1d0, 0x240, 0x2b0, [@quota={'quota\x00', 0x18}, @comment={'comment\x00', 0x100}]}, [@common=@AUDIT={'AUDIT\x00', 0x4}, @common=@log={'log\x00', 0x24, {{0x0, "01c188331261fd62d21111b8dfc6fbf2126649598b9b06f73c2188c30146"}}}]}, @common=@nflog={'nflog\x00', 0x4c, {{0x0, 0x0, 0x0, 0x0, 0x0, "58f0e525fbf515e7dc38c1a615b1890ed247ea238b0ba7c659453bbc2a089db814bd63c84cb024dcd3090514b5ffda2956f36502c72139a72ddb5a10824259b9"}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{{{0x13, 0x0, 0x883e, 'bcsf0\x00', 'ip6_vti0\x00', 'gretap0\x00', 'ifb0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0xff, 0x0, 0x0, 0xff], 0xc8, 0xc8, 0xf0, [@arp={'arp\x00', 0x34, {{0x30d, 0x4b0d, 0x4, @remote={0xac, 0x14, 0x14, 0xbb}, 0xffffffff, @dev={0xac, 0x14, 0x14, 0x13}, 0xffffffff, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0xff, 0x0, 0x0, 0xff, 0xff, 0xff], @random="93e662d6dc20", [0xff, 0x0, 0xff, 0x0, 0xff, 0xff], 0x40, 0x80}}}]}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x4, {{0x100000001}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x8848, 'bridge0\x00', 'bcsf0\x00', 'eql\x00', 'ifb0\x00', @empty, [0x0, 0xff], @empty, [0x0, 0x0, 0xff, 0x11d77b6cb5ed2861, 0x0, 0xff], 0x70, 0x70, 0xb8}}, @common=@log={'log\x00', 0x24, {{0x0, "18e94313233b9aca0488952a1f3b8ae174a64b284b2832e721af12f330c4", 0xe}}}}]}]}, 0x598) 2018/04/07 02:18:38 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000080), 0x8) 2018/04/07 02:18:39 executing program 6: r0 = socket$packet(0x11, 0x80200000000002, 0x300) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x320, 0x4) clock_gettime(0x0, &(0x7f0000000380)={0x0}) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, &(0x7f00000003c0)={r2}, &(0x7f0000000400), 0x8) sendto$inet6(r1, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000008000)={0xa, 0x0, 0x100000002, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) 2018/04/07 02:18:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1) ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3c) fcntl$setsig(r2, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r3}], 0x1, 0xfffffffffffffff8) r4 = dup2(r2, r3) recvfrom$inet(r4, &(0x7f0000000040)=""/98, 0x62, 0x0, &(0x7f0000000100)={0x2, 0x0, @rand_addr}, 0x10) fcntl$setown(r4, 0x8, r1) tkill(r1, 0x16) 2018/04/07 02:18:39 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000080), 0x8) 2018/04/07 02:18:39 executing program 7: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000380)="240000005a001fff0ff9f407180000000913171006000300ff0409ff080002ffffde0000", 0x24) 2018/04/07 02:18:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000fd0ffc)=0x2) ioctl$TIOCGLCKTRMIOS(r1, 0x40087101, &(0x7f0000000000)) 2018/04/07 02:18:39 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000400)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x8000, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000440)={0x0, @in={{0x2, 0x4e21, @broadcast=0xffffffff}}, 0x76e, 0x8, 0x81, 0x3f, 0x5}, &(0x7f0000000380)=0x98) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000580)={r3, 0x3f, 0x2, 0x100000001, 0x8000, 0x2, 0x3, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x3685, @local={0xfe, 0x80, [], 0xaa}, 0xcfb}}, 0x9, 0x51c, 0x80000001, 0x4, 0x1}}, &(0x7f0000000640)=0xb0) ioctl$KDGKBMETA(r2, 0x4b62, &(0x7f0000000040)) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000200), &(0x7f0000000240)=0x8) getpeername$packet(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f00000002c0)=0x14) ptrace(0x4207, r1) ptrace$setregset(0x4205, r1, 0x202, &(0x7f00000000c0)={&(0x7f0000000040), 0xfffffffffffffdb8}) ptrace$getregs(0xe, r1, 0x0, &(0x7f0000000100)=""/229) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000001500)={{{@in6=@mcast2, @in6=@ipv4={[], [], @loopback}}}, {{@in=@broadcast}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000001600)=0xe8) ptrace$setregs(0xf, r1, 0x100000000, &(0x7f0000000300)="3977852ffc70a908555ed33b15e31bc619b77beb1e114db0f512242b2c0fc345c3d1e892d4617d0a3bfe91ac560344cb1623965fda67683f90af164ab25e1a96ad16d8") sendmsg$netlink(r2, &(0x7f0000001980)={&(0x7f0000000080)=@proc={0x10, 0x0, 0x25dfdbff, 0x20014000}, 0xc, &(0x7f0000001940)=[{&(0x7f00000003c0)={0x10, 0x0, 0x1, 0x70bd26, 0x25dfdbfd}, 0x10}], 0x1, 0x0, 0x0, 0x408c0}, 0x0) 2018/04/07 02:18:39 executing program 4: sched_setattr(0x0, &(0x7f0000000080), 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)={0xffffffffc0000001}) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) epoll_wait(r3, &(0x7f0000cd8ff4)=[{}], 0x1, 0x4) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/04/07 02:18:39 executing program 0: sched_setattr(0x0, &(0x7f0000000080), 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)={0xffffffffc0000001}) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) epoll_wait(r3, &(0x7f0000cd8ff4)=[{}], 0x1, 0x4) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/04/07 02:18:39 executing program 7: sched_setattr(0x0, &(0x7f0000000080), 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)={0xffffffffc0000001}) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) epoll_wait(r3, &(0x7f0000cd8ff4)=[{}], 0x1, 0x4) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/04/07 02:18:39 executing program 5: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='io\x00') pread64(r0, &(0x7f00008af000), 0x21a, 0x0) 2018/04/07 02:18:39 executing program 2: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') pread64(r0, &(0x7f0000fd7000)=""/8, 0x398, 0x0) 2018/04/07 02:18:39 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x1, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), 0x4) [ 59.839611] ================================================================== [ 59.847023] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0 [ 59.853775] CPU: 1 PID: 5150 Comm: syz-executor2 Not tainted 4.16.0+ #81 [ 59.860609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.869955] Call Trace: [ 59.872548] dump_stack+0x185/0x1d0 [ 59.876181] ? kernel_text_address+0x248/0x3a0 [ 59.880762] kmsan_report+0x142/0x240 [ 59.884569] __msan_warning_32+0x6c/0xb0 [ 59.888632] kernel_text_address+0x248/0x3a0 [ 59.893038] ? futex_wait_queue_me+0x476/0x710 [ 59.897623] ? futex_wait_queue_me+0x476/0x710 [ 59.902200] __kernel_text_address+0x34/0xe0 [ 59.906610] ? futex_wait_queue_me+0x476/0x710 [ 59.911191] unwind_get_return_address+0x8c/0x130 [ 59.916040] __save_stack_trace+0x45c/0xa80 [ 59.920364] ? futex_wait_queue_me+0x476/0x710 [ 59.924948] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.929624] ? proc_pid_stack+0x26a/0x470 [ 59.933776] save_stack_trace_tsk+0x258/0x2f0 [ 59.938282] proc_pid_stack+0x26a/0x470 [ 59.942268] proc_single_show+0x1af/0x300 [ 59.946422] ? proc_pid_wchan+0x250/0x250 [ 59.950568] ? proc_single_open+0x90/0x90 [ 59.954718] seq_read+0xc7d/0x2260 [ 59.958269] ? seq_open+0x360/0x360 [ 59.961901] __vfs_read+0x19f/0x8e0 [ 59.965537] vfs_read+0x36c/0x6c0 [ 59.968990] SYSC_pread64+0x275/0x310 [ 59.972796] SyS_pread64+0x65/0x90 [ 59.976333] do_syscall_64+0x309/0x430 [ 59.980217] ? SYSC_write+0x360/0x360 [ 59.984023] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 2018/04/07 02:18:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)={@broadcast=0xffffffff, @dev={0xac, 0x14, 0x14}}, 0x10) 2018/04/07 02:18:39 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(&(0x7f0000000140), &(0x7f0000000180), 0x10000, &(0x7f0000ffe000/0x2000)=nil, 0x4) [ 59.989204] RIP: 0033:0x455259 [ 59.992383] RSP: 002b:00007fb22b702c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 60.000089] RAX: ffffffffffffffda RBX: 00007fb22b7036d4 RCX: 0000000000455259 [ 60.007353] RDX: 0000000000000398 RSI: 0000000020fd7000 RDI: 0000000000000013 [ 60.014615] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.021880] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.029144] R13: 000000000000046e R14: 00000000006f9af0 R15: 0000000000000000 [ 60.036410] [ 60.038028] Uninit was stored to memory at: [ 60.042359] kmsan_internal_chain_origin+0x12b/0x210 [ 60.047451] __msan_chain_origin+0x69/0xc0 [ 60.051679] update_stack_state+0x959/0xa40 [ 60.056002] unwind_next_frame+0x618/0xe50 [ 60.060228] __save_stack_trace+0x6d9/0xa80 [ 60.064549] save_stack_trace_tsk+0x258/0x2f0 [ 60.069041] proc_pid_stack+0x26a/0x470 [ 60.073010] proc_single_show+0x1af/0x300 [ 60.077156] seq_read+0xc7d/0x2260 [ 60.080687] __vfs_read+0x19f/0x8e0 [ 60.084309] vfs_read+0x36c/0x6c0 [ 60.087752] SYSC_pread64+0x275/0x310 [ 60.091546] SyS_pread64+0x65/0x90 [ 60.095078] do_syscall_64+0x309/0x430 [ 60.098965] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.104140] Local variable description: ----flags.i.i.i@rcu_all_qs [ 60.110439] Variable was created at: [ 60.114141] rcu_all_qs+0x32/0x1f0 [ 60.117667] _cond_resched+0x3c/0xd0 [ 60.121362] ================================================================== [ 60.128703] Disabling lock debugging due to kernel taint [ 60.134135] Kernel panic - not syncing: panic_on_warn set ... [ 60.134135] [ 60.141492] CPU: 1 PID: 5150 Comm: syz-executor2 Tainted: G B 4.16.0+ #81 [ 60.149620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.158959] Call Trace: [ 60.161545] dump_stack+0x185/0x1d0 [ 60.165164] panic+0x39d/0x940 [ 60.168375] ? kernel_text_address+0x248/0x3a0 [ 60.172953] kmsan_report+0x238/0x240 [ 60.177095] __msan_warning_32+0x6c/0xb0 [ 60.181154] kernel_text_address+0x248/0x3a0 [ 60.185554] ? futex_wait_queue_me+0x476/0x710 [ 60.190129] ? futex_wait_queue_me+0x476/0x710 [ 60.194712] __kernel_text_address+0x34/0xe0 [ 60.199122] ? futex_wait_queue_me+0x476/0x710 [ 60.203709] unwind_get_return_address+0x8c/0x130 [ 60.208542] __save_stack_trace+0x45c/0xa80 [ 60.212859] ? futex_wait_queue_me+0x476/0x710 [ 60.217438] ? __msan_poison_alloca+0x15c/0x1d0 [ 60.222104] ? proc_pid_stack+0x26a/0x470 [ 60.226255] save_stack_trace_tsk+0x258/0x2f0 [ 60.230753] proc_pid_stack+0x26a/0x470 [ 60.234724] proc_single_show+0x1af/0x300 [ 60.238864] ? proc_pid_wchan+0x250/0x250 [ 60.243008] ? proc_single_open+0x90/0x90 [ 60.247156] seq_read+0xc7d/0x2260 [ 60.250702] ? seq_open+0x360/0x360 [ 60.254325] __vfs_read+0x19f/0x8e0 [ 60.257956] vfs_read+0x36c/0x6c0 [ 60.261415] SYSC_pread64+0x275/0x310 [ 60.265214] SyS_pread64+0x65/0x90 [ 60.268748] do_syscall_64+0x309/0x430 [ 60.272636] ? SYSC_write+0x360/0x360 [ 60.276434] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.281615] RIP: 0033:0x455259 [ 60.284796] RSP: 002b:00007fb22b702c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 60.292500] RAX: ffffffffffffffda RBX: 00007fb22b7036d4 RCX: 0000000000455259 [ 60.299764] RDX: 0000000000000398 RSI: 0000000020fd7000 RDI: 0000000000000013 [ 60.307022] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.314280] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.321542] R13: 000000000000046e R14: 00000000006f9af0 R15: 0000000000000000 [ 60.329265] Dumping ftrace buffer: [ 60.332786] (ftrace buffer empty) [ 60.336467] Kernel Offset: disabled [ 60.340067] Rebooting in 86400 seconds..