INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. 2018/04/07 02:35:32 fuzzer started 2018/04/07 02:35:32 dialing manager at 10.128.0.26:38639 2018/04/07 02:35:39 kcov=true, comps=false 2018/04/07 02:35:41 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000500)='/dev/snd/seq\x00', 0x0, 0x40105) write$sndseq(r0, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time={0x77359400}}], 0x30) ppoll(&(0x7f0000103ff8)=[{r0}], 0x3e3, &(0x7f0000000040)={0x77359400}, &(0x7f000024bff8), 0x8) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f000023efa8)={0x80, 0x7d}) 2018/04/07 02:35:41 executing program 1: r0 = mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x3, 0x9}) mq_timedsend(r0, &(0x7f0000000040)="b0", 0x1, 0x0, &(0x7f0000000080)={0x0, 0x1c9c380}) mq_timedreceive(r0, &(0x7f0000be2f7d)=""/131, 0xfffffffffffffffd, 0x0, 0x0) 2018/04/07 02:35:41 executing program 7: r0 = socket$inet6(0xa, 0x3, 0x4000000000001) connect$inet6(r0, &(0x7f000052f000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x200000007}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000c9af18)={{{@in=@rand_addr, @in6=@dev={0xfe, 0x80}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2=0xe0000002, 0x0, 0x3c}, 0x0, @in6=@ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}}, 0xe8) sendmsg(r0, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000002400)}, 0x0) 2018/04/07 02:35:41 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000000)) 2018/04/07 02:35:41 executing program 5: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x102}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'ifb0\x00', {0x2, 0x0, @loopback=0x7f000001}}) 2018/04/07 02:35:41 executing program 6: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x0, &(0x7f000000a000)) open$dir(&(0x7f000001bff4)='./file0/bus\x00', 0x88040, 0x0) mount(&(0x7f0000033ff4)='./file0/bus\x00', &(0x7f000000fff8)='./file0\x00', &(0x7f00000003c0)='sysfs\x00', 0x7ffbf, &(0x7f0000032000)) open(&(0x7f0000033000)='./file0/bus\x00', 0x3e, 0x0) 2018/04/07 02:35:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000055dff6)='/dev/ptmx\x00', 0x40000040101, 0x0) write(r0, &(0x7f000022a000)="2f7f4be2b36c5526a5534195cbffffffffffff09000000028f549f29496490f3f2afa9fd016f97ea68e0b7400fd558010287ce86ed8d843591ec4c782f85000000097f39147a2c89310932b0f6017ef5f00dfc01000000000000ffbf13", 0x5d) ioctl$TCSETAW(r0, 0x5407, &(0x7f000079b000)={0x0, 0x3fffffffff}) 2018/04/07 02:35:41 executing program 3: mmap(&(0x7f0000045000/0x9000)=nil, 0x9000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000048000/0x3000)=nil, 0x3000, 0x7, 0x2000031, 0xffffffffffffffff, 0x0) syzkaller login: [ 42.055235] ip (3758) used greatest stack depth: 54672 bytes left [ 42.438428] ip (3798) used greatest stack depth: 54408 bytes left [ 42.531510] ip (3807) used greatest stack depth: 54072 bytes left [ 44.463786] ip (3989) used greatest stack depth: 53992 bytes left [ 45.601120] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.611287] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.623452] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.657725] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.716141] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.748838] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.805975] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.912231] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.141549] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.288537] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.299877] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.346318] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.354642] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.371794] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.408840] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.740860] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.827869] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.834151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.852373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.974738] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.980961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.995543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.061410] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.067644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.080512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.109647] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.115823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.128526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.141255] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.150184] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.161387] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.167608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.183313] ip (4931) used greatest stack depth: 53976 bytes left [ 55.211754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.239520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.271394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.294589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.309565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.551768] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.557965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.572108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 02:35:58 executing program 6: mprotect(&(0x7f0000008000/0x2000)=nil, 0x2000, 0x0) r0 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000100)={0x0, 0x382, [@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @empty, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @random="5124b9df8522"]}) 2018/04/07 02:35:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(&(0x7f000079c000), &(0x7f0000cc7fe8)) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x2) setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, &(0x7f0000000280)={{&(0x7f0000000180)=""/229, 0xe5}, &(0x7f0000000100)}, 0x20) 2018/04/07 02:35:58 executing program 1: syz_emit_ethernet(0x14, &(0x7f0000000300)={@link_local={0x1, 0x80, 0xc2}, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], {@generic={0x8864, "c42e978d77f4"}}}, &(0x7f0000000280)) 2018/04/07 02:35:58 executing program 2: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2e1, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x7fff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000001d40)={'lo\x00', 0xfff}) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 2018/04/07 02:35:58 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x24, &(0x7f0000150000)=0x2000000200, 0x4) connect$inet(r0, &(0x7f0000001ffa)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2018/04/07 02:35:58 executing program 6: r0 = syz_open_dev$sndseq(&(0x7f0000832ff3)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000b0bf74)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f000021af98)={0x0, 0x0, 0x0, {0x0, 0x989680}}) 2018/04/07 02:35:58 executing program 1: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000003fe0)) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='map_files\x00') mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000228ff8)=0xffff, 0x891, 0x0) getdents(r0, &(0x7f0000000ea9)=""/407, 0x197) 2018/04/07 02:35:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(&(0x7f000079c000), &(0x7f0000cc7fe8)) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x2) setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, &(0x7f0000000280)={{&(0x7f0000000180)=""/229, 0xe5}, &(0x7f0000000100)}, 0x20) [ 56.552089] device lo entered promiscuous mode [ 56.627744] device lo left promiscuous mode [ 56.658250] device lo entered promiscuous mode 2018/04/07 02:35:59 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 2018/04/07 02:35:59 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000dfdfee)='/dev/input/event#\x00', 0x0, 0x2) readv(r0, &(0x7f0000000000)=[{&(0x7f00008ec000)=""/219, 0xdb}], 0x1) write$evdev(r0, &(0x7f000004d000)=[{{}, 0x0, 0x1}, {{0x2}}], 0x30) 2018/04/07 02:35:59 executing program 3: sched_yield() 2018/04/07 02:35:59 executing program 1: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000003fe0)) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='map_files\x00') mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000228ff8)=0xffff, 0x891, 0x0) getdents(r0, &(0x7f0000000ea9)=""/407, 0x197) 2018/04/07 02:35:59 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup3(r0, r1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback=0x7f000001}], 0x10) sendto$inet(r0, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f000059aff8)={r3}, &(0x7f000034f000)=0x8) 2018/04/07 02:35:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x709000)=nil, 0x709000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) mbind(&(0x7f00003b5000/0x800000)=nil, 0x800000, 0x0, &(0x7f0000001ff8), 0x1, 0x2) 2018/04/07 02:35:59 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000680), 0x0, &(0x7f00000001c0)=[{0x10, 0x29, 0x8}], 0x10}}], 0x2, 0x0) 2018/04/07 02:35:59 executing program 7: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) clock_nanosleep(0x0, 0x0, &(0x7f0000011000), &(0x7f0000013000)) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00000c0ff0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/04/07 02:35:59 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f00000001c0)) 2018/04/07 02:35:59 executing program 4: r0 = socket(0x10, 0x4000000000000802, 0x0) write(r0, &(0x7f00000000c0)="1f0000001e0007f1ffffffe6070000770200282fbb968d3d6c39080001454a", 0x1f) 2018/04/07 02:36:00 executing program 0: perf_event_open(&(0x7f0000aaa000)={0x2, 0x35b, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(&(0x7f0000000180)='./file0/bus\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, &(0x7f00000001c0)) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000140)='./file0/bus\x00', 0xc33) lstat(&(0x7f00000006c0)='./file0/bus\x00', &(0x7f0000000700)) 2018/04/07 02:36:00 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x11, @loopback=0x7f000001, 0x0, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 2018/04/07 02:36:00 executing program 1: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x601, 0x0) close(0xffffffffffffffff) 2018/04/07 02:36:00 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x48000000002, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x11, &(0x7f0000003fe0)) 2018/04/07 02:36:00 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfa8840afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d") fsetxattr(r0, &(0x7f0000000140)=@known='user.syz\x00', &(0x7f0000000000)='\x00', 0x3df, 0x0) 2018/04/07 02:36:00 executing program 2: socket$inet(0x2, 0x3, 0x32) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2}, @random="063d3b650453", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @rand_addr}, @igmp={0x0, 0x0, 0x0, @multicast1=0xe0000001}}}}}, 0x0) 2018/04/07 02:36:00 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="96ca2953c43aaff584aa6046f331511d092862f446d73a0cebfe82340663b1", 0x1f) 2018/04/07 02:36:00 executing program 6: io_setup(0x401, &(0x7f000014b000)) 2018/04/07 02:36:00 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)="89af146c5c0d7436e5eb91", 0xb}], 0x1) 2018/04/07 02:36:00 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000fb6000)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, 'port1\x00', 0xa9824f69d1376637, 0x10800a}) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f00000000c0)={'HL\x00'}, &(0x7f0000000100)=0x1e) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f000019ffe9)={0xc1}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000ec6fb0)={{}, {0x80}}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000200)) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) 2018/04/07 02:36:00 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@dev={0xfe, 0x80}, @in=@multicast1=0xe0000001, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast1=0xe0000001, 0x0, 0x6c}, 0x0, @in6=@remote={0xfe, 0x80, [], 0xbb}}}, 0xe8) close(r0) 2018/04/07 02:36:00 executing program 6: semctl$SEM_STAT(0x0, 0x0, 0x12, &(0x7f00000001c0)=""/115) 2018/04/07 02:36:00 executing program 4: syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="d7ec473d000e00000000000086dd60000801000000001f00000000000000004c8a156117ce9cf95ecff498ca2f0289000000000000fbff0200000000000000000000000000070000000000000078"], 0x0) 2018/04/07 02:36:00 executing program 5: semop(0x0, &(0x7f0000ffc000)=[{0x0, 0xdf35}, {}], 0x2) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f0000000140)=""/23) 2018/04/07 02:36:00 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001ff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000002b00)=[{{&(0x7f0000000140)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000000c00), 0x0, &(0x7f0000000c40)=""/16, 0x10}}, {{0x0, 0x0, &(0x7f0000001f40), 0x38d}}], 0x2, 0x4000000002, 0x0) write(r1, &(0x7f0000000000), 0x20a) 2018/04/07 02:36:00 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)="737461747573002530acd253a34dc05b6ccb06a3f0192a3c1828b2c37051a6998c1b7be520769e15a4ca32a92388211e1e30da957d5823c0b63864fe0900000000000000000000000000000000") perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f00000007c0)=""/159, 0x9f}], 0x1) 2018/04/07 02:36:01 executing program 0: perf_event_open(&(0x7f0000723f88)={0x2, 0x70, 0xc35, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='..', 0x0, 0x0) getdents(r1, &(0x7f00000000c0)=""/22, 0x36) 2018/04/07 02:36:01 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="96ca2953c43aaff584aa6046f331511d092862f446d73a0cebfe82340663b1", 0x1f) 2018/04/07 02:36:01 executing program 2: r0 = getpid() r1 = syz_open_procfs(r0, &(0x7f0000000140)='stat\x00') readv(r1, &(0x7f0000000180)=[{&(0x7f0000001840)=""/4096, 0x1000}], 0x1) 2018/04/07 02:36:01 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000706000)=ANY=[@ANYBLOB="e2ffff0700ffff6d"], 0x1) 2018/04/07 02:36:01 executing program 3: r0 = memfd_create(&(0x7f0000000240)="926d6e657439f0344a0967000000000000", 0x0) write(r0, &(0x7f0000000040)="33c3ae3bf2c15188", 0x8) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000380)=""/222, 0xde, 0x0, &(0x7f0000000000)) 2018/04/07 02:36:01 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x8000000000002c) connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c) sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000026000)}, 0x2000c080) writev(r0, &(0x7f0000000040)=[{&(0x7f00000004c0)="0000000000a17395c0", 0x9}], 0x1) 2018/04/07 02:36:01 executing program 6: r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) read(r0, &(0x7f0000000100)=""/172, 0xac) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x7}) 2018/04/07 02:36:01 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000fb6000)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, 'port1\x00', 0xa9824f69d1376637, 0x10800a}) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f00000000c0)={'HL\x00'}, &(0x7f0000000100)=0x1e) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f000019ffe9)={0xc1}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000ec6fb0)={{}, {0x80}}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000200)) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) [ 59.683991] ================================================================== [ 59.691400] BUG: KMSAN: uninit-value in ipv6_frag_rcv+0xfa5/0x6970 [ 59.697717] CPU: 0 PID: 5222 Comm: syz-executor5 Not tainted 4.16.0+ #81 [ 59.704555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.713899] Call Trace: [ 59.716470] [ 59.718619] dump_stack+0x185/0x1d0 [ 59.722242] ? ipv6_frag_rcv+0xfa5/0x6970 [ 59.726382] kmsan_report+0x142/0x240 [ 59.730178] __msan_warning_32+0x6c/0xb0 2018/04/07 02:36:01 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) io_setup(0x2, &(0x7f0000000280)=0x0) io_submit(r1, 0x1, &(0x7f00000005c0)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000780)}]) 2018/04/07 02:36:01 executing program 2: socketpair$unix(0x1, 0x400000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000000)='dev ', 0x0) ftruncate(r2, 0x40001) sendfile(r1, r2, &(0x7f0000001000), 0x400000000fee) recvmmsg(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)=@nfc, 0x0, &(0x7f0000000940)=[{&(0x7f0000000880)=""/123}], 0x0, &(0x7f0000000680)=""/108}}, {{0x0, 0x0, &(0x7f00000007c0), 0xf7, 0x0, 0x24c}}], 0x1b1, 0x0, 0x0) [ 59.734236] ipv6_frag_rcv+0xfa5/0x6970 [ 59.738209] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 59.743575] ? ipv6_frag_exit+0x90/0x90 [ 59.747557] ip6_input_finish+0xa62/0x2110 [ 59.751793] ? ip6table_filter_hook+0xb5/0xe0 [ 59.756287] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 59.761652] ip6_input+0x294/0x320 [ 59.765189] ? ip6_input+0x320/0x320 [ 59.768901] ? ipv6_rcv+0x26d0/0x26d0 [ 59.772701] ipv6_rcv+0x20ec/0x26d0 [ 59.776324] ? local_bh_enable+0x40/0x40 [ 59.780395] __netif_receive_skb_core+0x47cf/0x4a80 [ 59.785412] ? try_to_wake_up+0x1ab2/0x20a0 [ 59.789732] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 59.795526] ? ip6_rcv_finish+0x4d0/0x4d0 [ 59.799681] ? e1000_watchdog_task+0x2fc2/0x4070 [ 59.804437] process_backlog+0x62d/0xe20 [ 59.808498] ? rps_trigger_softirq+0x2f0/0x2f0 [ 59.813075] net_rx_action+0x7c1/0x1a70 [ 59.817047] ? net_tx_action+0xab0/0xab0 [ 59.821105] __do_softirq+0x56d/0x93d [ 59.824907] do_softirq_own_stack+0x2a/0x40 [ 59.829212] 2018/04/07 02:36:01 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="96ca2953c43aaff584aa6046f331511d092862f446d73a0cebfe82340663b1", 0x1f) [ 59.831447] __local_bh_enable_ip+0x114/0x140 [ 59.835943] local_bh_enable+0x36/0x40 [ 59.839825] ip6_finish_output2+0x1b6c/0x1f20 [ 59.844328] ip6_finish_output+0xb3f/0xc00 [ 59.848567] ip6_output+0x597/0x6c0 [ 59.852192] ? ip6_output+0x6c0/0x6c0 [ 59.855995] ? ac6_seq_show+0x200/0x200 [ 59.859966] ip6_local_out+0x573/0x640 [ 59.863852] ? __ip6_local_out+0x4f0/0x4f0 [ 59.868091] ip6_push_pending_frames+0x218/0x4d0 [ 59.872849] rawv6_sendmsg+0x4500/0x4cc0 [ 59.876910] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.881753] ? futex_wait_queue_me+0x4ba/0x710 [ 59.886335] ? futex_wait_queue_me+0x4ee/0x710 [ 59.890937] ? compat_rawv6_ioctl+0x30/0x30 [ 59.895266] inet_sendmsg+0x48d/0x740 [ 59.899064] ? security_socket_sendmsg+0x9e/0x210 [ 59.903909] ? inet_getname+0x500/0x500 [ 59.907885] sock_write_iter+0x3b9/0x470 [ 59.911950] ? sock_read_iter+0x480/0x480 [ 59.916090] do_iter_readv_writev+0x7bb/0x970 [ 59.920589] ? sock_read_iter+0x480/0x480 [ 59.924730] do_iter_write+0x30d/0xd40 [ 59.928616] ? __msan_metadata_ptr_for_store_8+0x13/0x20 2018/04/07 02:36:01 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="96ca2953c43aaff584aa6046f331511d092862f446d73a0cebfe82340663b1", 0x1f) [ 59.934066] do_writev+0x3c9/0x830 [ 59.937605] ? syscall_return_slowpath+0xe9/0x700 [ 59.942446] SYSC_writev+0x9b/0xb0 [ 59.945982] SyS_writev+0x56/0x80 [ 59.949432] do_syscall_64+0x309/0x430 [ 59.953321] ? SYSC_readv+0xb0/0xb0 [ 59.956948] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.962131] RIP: 0033:0x455259 [ 59.965309] RSP: 002b:00007f89af5dec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 59.973008] RAX: ffffffffffffffda RBX: 00007f89af5df6d4 RCX: 0000000000455259 2018/04/07 02:36:01 executing program 4: capset(&(0x7f0000581ff8)={0x19980330}, &(0x7f0000000240)) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000ff5000)=[{&(0x7f000087a000)="4800000014001904090000000000010002847f0080ffe00600000000000000a2bc5603ca0000000000000000000100000100000000000000ff5bffff00c7ffed5e00000000dc0000", 0x48}], 0x1) [ 59.980268] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000013 [ 59.987537] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.994800] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.002062] R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000 [ 60.009324] [ 60.010937] Uninit was stored to memory at: [ 60.015251] kmsan_internal_chain_origin+0x12b/0x210 [ 60.020350] kmsan_memcpy_origins+0x11d/0x170 [ 60.024843] __msan_memcpy+0x19f/0x1f0 [ 60.028728] skb_copy_bits+0x63a/0xdb0 2018/04/07 02:36:02 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="96ca2953c43aaff584aa6046f331511d092862f446d73a0cebfe82340663b1", 0x1f) [ 60.032615] __pskb_pull_tail+0x483/0x22e0 [ 60.036847] ipv6_frag_rcv+0x1894/0x6970 [ 60.040904] ip6_input_finish+0xa62/0x2110 [ 60.045134] ip6_input+0x294/0x320 [ 60.048668] ipv6_rcv+0x20ec/0x26d0 [ 60.052293] __netif_receive_skb_core+0x47cf/0x4a80 [ 60.057304] process_backlog+0x62d/0xe20 [ 60.061357] net_rx_action+0x7c1/0x1a70 [ 60.062176] capability: warning: `syz-executor4' uses 32-bit capabilities (legacy support in use) [ 60.065325] __do_softirq+0x56d/0x93d [ 60.065329] Uninit was created at: [ 60.065340] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 60.065350] kmsan_alloc_page+0x82/0xe0 [ 60.065364] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 60.065374] alloc_pages_current+0x6b5/0x970 [ 60.065385] skb_page_frag_refill+0x3ba/0x5e0 [ 60.065394] sk_page_frag_refill+0xa4/0x340 [ 60.065406] __ip6_append_data+0x1a20/0x4bb0 [ 60.065418] ip6_append_data+0x40e/0x6b0 [ 60.065427] rawv6_sendmsg+0x2787/0x4cc0 [ 60.065438] inet_sendmsg+0x48d/0x740 [ 60.065451] sock_write_iter+0x3b9/0x470 [ 60.065460] do_iter_readv_writev+0x7bb/0x970 2018/04/07 02:36:02 executing program 7: bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="96ca2953c43aaff584aa6046f331511d092862f446d73a0cebfe82340663b1", 0x1f) [ 60.065471] do_iter_write+0x30d/0xd40 [ 60.065480] do_writev+0x3c9/0x830 [ 60.065491] SYSC_writev+0x9b/0xb0 [ 60.065500] SyS_writev+0x56/0x80 [ 60.065531] do_syscall_64+0x309/0x430 [ 60.151621] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.156793] ================================================================== [ 60.164137] Disabling lock debugging due to kernel taint [ 60.169573] Kernel panic - not syncing: panic_on_warn set ... [ 60.169573] [ 60.176930] CPU: 0 PID: 5222 Comm: syz-executor5 Tainted: G B 4.16.0+ #81 2018/04/07 02:36:02 executing program 3: mq_unlink(&(0x7f0000000180)='/selinux/enforce\x00') [ 60.185059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.194398] Call Trace: [ 60.196970] [ 60.199115] dump_stack+0x185/0x1d0 [ 60.202735] panic+0x39d/0x940 [ 60.205939] ? ipv6_frag_rcv+0xfa5/0x6970 [ 60.210079] kmsan_report+0x238/0x240 [ 60.213872] __msan_warning_32+0x6c/0xb0 [ 60.217926] ipv6_frag_rcv+0xfa5/0x6970 [ 60.221905] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.227275] ? ipv6_frag_exit+0x90/0x90 [ 60.231251] ip6_input_finish+0xa62/0x2110 [ 60.235490] ? ip6table_filter_hook+0xb5/0xe0 [ 60.239984] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 60.245352] ip6_input+0x294/0x320 [ 60.248892] ? ip6_input+0x320/0x320 [ 60.252605] ? ipv6_rcv+0x26d0/0x26d0 [ 60.256405] ipv6_rcv+0x20ec/0x26d0 [ 60.260029] ? local_bh_enable+0x40/0x40 [ 60.264096] __netif_receive_skb_core+0x47cf/0x4a80 [ 60.269111] ? try_to_wake_up+0x1ab2/0x20a0 [ 60.273429] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 60.279223] ? ip6_rcv_finish+0x4d0/0x4d0 2018/04/07 02:36:02 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="96ca2953c43aaff584aa6046f331511d092862f446d73a0cebfe82340663b1", 0x1f) [ 60.283367] ? e1000_watchdog_task+0x2fc2/0x4070 [ 60.288115] process_backlog+0x62d/0xe20 [ 60.292179] ? rps_trigger_softirq+0x2f0/0x2f0 [ 60.296751] net_rx_action+0x7c1/0x1a70 [ 60.300727] ? net_tx_action+0xab0/0xab0 [ 60.304784] __do_softirq+0x56d/0x93d [ 60.308583] do_softirq_own_stack+0x2a/0x40 [ 60.312887] [ 60.315121] __local_bh_enable_ip+0x114/0x140 [ 60.319615] local_bh_enable+0x36/0x40 [ 60.323497] ip6_finish_output2+0x1b6c/0x1f20 [ 60.328003] ip6_finish_output+0xb3f/0xc00 [ 60.332241] ip6_output+0x597/0x6c0 2018/04/07 02:36:02 executing program 4: syz_emit_ethernet(0x12, &(0x7f00000000c0)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "eca7cc", 0x8, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @loopback={0x0, 0x1}, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000000)) [ 60.335864] ? ip6_output+0x6c0/0x6c0 [ 60.339663] ? ac6_seq_show+0x200/0x200 [ 60.343637] ip6_local_out+0x573/0x640 [ 60.347523] ? __ip6_local_out+0x4f0/0x4f0 [ 60.351765] ip6_push_pending_frames+0x218/0x4d0 [ 60.356516] rawv6_sendmsg+0x4500/0x4cc0 [ 60.360577] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.365423] ? futex_wait_queue_me+0x4ba/0x710 [ 60.370015] ? futex_wait_queue_me+0x4ee/0x710 [ 60.374605] ? compat_rawv6_ioctl+0x30/0x30 [ 60.378925] inet_sendmsg+0x48d/0x740 2018/04/07 02:36:02 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) write(r0, &(0x7f00000001c0)='0x2', 0x3) [ 60.382722] ? security_socket_sendmsg+0x9e/0x210 [ 60.387563] ? inet_getname+0x500/0x500 [ 60.391541] sock_write_iter+0x3b9/0x470 [ 60.395604] ? sock_read_iter+0x480/0x480 [ 60.399743] do_iter_readv_writev+0x7bb/0x970 [ 60.404240] ? sock_read_iter+0x480/0x480 [ 60.408380] do_iter_write+0x30d/0xd40 [ 60.412264] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 60.417714] do_writev+0x3c9/0x830 [ 60.421259] ? syscall_return_slowpath+0xe9/0x700 [ 60.426104] SYSC_writev+0x9b/0xb0 [ 60.429643] SyS_writev+0x56/0x80 [ 60.433093] do_syscall_64+0x309/0x430 [ 60.436978] ? SYSC_readv+0xb0/0xb0 [ 60.440607] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.445790] RIP: 0033:0x455259 [ 60.448967] RSP: 002b:00007f89af5dec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 60.456670] RAX: ffffffffffffffda RBX: 00007f89af5df6d4 RCX: 0000000000455259 [ 60.463941] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000013 [ 60.471204] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.478465] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.485724] R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000 [ 60.493396] Dumping ftrace buffer: [ 60.496915] (ftrace buffer empty) [ 60.500597] Kernel Offset: disabled [ 60.504192] Rebooting in 86400 seconds..