INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. 2018/04/10 21:09:45 fuzzer started 2018/04/10 21:09:45 dialing manager at 10.128.0.26:40599 2018/04/10 21:09:51 kcov=true, comps=false 2018/04/10 21:09:54 executing program 0: mknod(&(0x7f0000f80000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='.', &(0x7f0000000240)='ubifs\x00', 0x1004, 0x0) 2018/04/10 21:09:54 executing program 2: capset(&(0x7f0000581ff8)={0x19980330}, &(0x7f00005ccfe8)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) 2018/04/10 21:09:54 executing program 7: mkdir(&(0x7f0000f4eff8)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f000000aff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000001c000)) mkdir(&(0x7f0000914ff0)='./file0/control\x00', 0x0) rmdir(&(0x7f00000000c0)='./file0/control\x00') 2018/04/10 21:09:54 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000003000)={&(0x7f000001b000)=@in={0x2, 0x4e23, @rand_addr}, 0x80, &(0x7f0000000680), 0x0, &(0x7f000001ef80)=ANY=[@ANYBLOB="18000000000000000800000001000000001f000000000000"], 0x18}, 0x0) 2018/04/10 21:09:54 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f0000d2af88)={0x2, 0x78, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x7, 0x401, 'queue0\x00'}) close(r0) 2018/04/10 21:09:54 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @random="f49657a503ca"}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000000c0)={r1, 0x1, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x4) write(r2, &(0x7f0000000180)="2700000014000707030e0000120f0a00110001002945222027bbb57a3e0e49d6a90600d6ec0000", 0x27) 2018/04/10 21:09:54 executing program 6: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000001440)=@broute={'broute\x00', 0x20, 0x2, 0x390, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20001080], 0x0, &(0x7f00000006c0), &(0x7f0000001080)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x5, 0x0, 0x0, 'gretap0\x00', 'nr0\x00', 'gretap0\x00', 'syz_tun\x00', @random="0709274525a3", [], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], 0x110, 0x110, 0x240, [@rateest={'rateest\x00', 0x48, {{'vcan0\x00', 'ip6gre0\x00', 0x2}}}, @cgroup0={'cgroup\x00', 0x8}]}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x0, 0x0, 'system_u:object_r:fonts_t:s0\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{{{0x1b, 0x0, 0x0, 'bcsf0\x00', 'teql0\x00', 'ip_vti0\x00', 'erspan0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], @random="c8992de4105a", [], 0x70, 0x70, 0xc0}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}]}, 0x408) 2018/04/10 21:09:54 executing program 1: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000b32fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd}, 0x0, 0x0, r0, 0x0) perf_event_open(&(0x7f0000940000)={0x1, 0x70}, 0x0, 0x0, r1, 0x0) syzkaller login: [ 44.073517] ip (3758) used greatest stack depth: 54672 bytes left [ 44.787303] ip (3823) used greatest stack depth: 54408 bytes left [ 45.722839] ip (3911) used greatest stack depth: 54200 bytes left [ 47.615164] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.797481] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.886824] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.904704] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.921657] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.956521] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.044110] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.239218] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.776913] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.910759] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.960087] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.997692] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.023843] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.200429] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.282667] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.296247] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.549539] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.555900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.564685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.656617] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.663177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.679650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.713978] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.720365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.744709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.783607] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.793620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.810810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.848797] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.855407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.889871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.986508] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.992890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.007413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.109115] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.115507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.136833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.166668] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.173502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.201701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/10 21:10:12 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000003000)={&(0x7f000001b000)=@in={0x2, 0x4e23, @rand_addr}, 0x80, &(0x7f0000000680), 0x0, &(0x7f000001ef80)=ANY=[@ANYBLOB="18000000000000000800000001000000001f000000000000"], 0x18}, 0x0) [ 59.069892] capability: warning: `syz-executor2' uses 32-bit capabilities (legacy support in use) [ 59.467507] device bridge0 entered promiscuous mode 2018/04/10 21:10:12 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000100)={[0x38, 0x39]}, 0x2) 2018/04/10 21:10:12 executing program 1: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'ifb0\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 0x4012}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'ifb0\x00', {0x2, 0x0, @loopback=0x7f000001}}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'ifb0\x00', 0xa1fd}) 2018/04/10 21:10:12 executing program 7: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) clone(0x0, &(0x7f0000597f1c)="a4", &(0x7f00009b9ffc), &(0x7f0000005ffc), &(0x7f0000aca000)) mlock(&(0x7f000045e000/0x3000)=nil, 0x3000) 2018/04/10 21:10:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2661, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$setname(0xf, &(0x7f0000000140)='*:md5sumeth1ppp1bdevcgroup\x00') 2018/04/10 21:10:12 executing program 2: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000424000)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000fa3000)={&(0x7f0000d0b000)=@ax25, 0x10, &(0x7f00002b3000), 0x0, &(0x7f0000878000)}, 0x0) recvmsg(r0, &(0x7f0000f8efc8)={&(0x7f00008ba000)=@hci, 0x80, &(0x7f0000000040)=[{&(0x7f0000a13000)=""/4096, 0x1000}, {&(0x7f0000439f80)=""/128, 0x80}], 0x2, &(0x7f0000000000)=""/62, 0x3e}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080), 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'syz_tun\x00'}, 0x18) 2018/04/10 21:10:12 executing program 4: r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2=0xe0000002, @in=@multicast1=0xe0000001}}, {{@in6}, 0x0, @in=@rand_addr}}, 0xe8) perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000140)={@multicast1=0xe0000001, @multicast2=0xe0000002}, 0xc) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000180)=ANY=[], 0x0) 2018/04/10 21:10:12 executing program 5: perf_event_open(&(0x7f0000220000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x7, 0x1, &(0x7f00000015c0)=[{&(0x7f0000000280)}], 0x0, &(0x7f0000001680)=ANY=[@ANYBLOB='datasum,nobarrier,device=.']) 2018/04/10 21:10:12 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x28, 0x14, 0x7, 0x0, 0x0, {0x1}, [@generic="8738124d2f050000fab45e529840ffe4b3"]}, 0x28}, 0x1}, 0x0) [ 59.566929] device bridge0 left promiscuous mode [ 59.646731] device ifb0 entered promiscuous mode 2018/04/10 21:10:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2661, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$setname(0xf, &(0x7f0000000140)='*:md5sumeth1ppp1bdevcgroup\x00') 2018/04/10 21:10:12 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000100)={[0x38, 0x39]}, 0x2) 2018/04/10 21:10:12 executing program 6: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2661, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$setname(0xf, &(0x7f0000000140)='*:md5sumeth1ppp1bdevcgroup\x00') 2018/04/10 21:10:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="ace8060000cacf942f"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x28}, [], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 2018/04/10 21:10:13 executing program 1: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'ifb0\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 0x4012}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'ifb0\x00', {0x2, 0x0, @loopback=0x7f000001}}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'ifb0\x00', 0xa1fd}) 2018/04/10 21:10:13 executing program 5: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'ifb0\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 0x4012}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'ifb0\x00', {0x2, 0x0, @loopback=0x7f000001}}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'ifb0\x00', 0xa1fd}) 2018/04/10 21:10:13 executing program 2: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000424000)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000fa3000)={&(0x7f0000d0b000)=@ax25, 0x10, &(0x7f00002b3000), 0x0, &(0x7f0000878000)}, 0x0) recvmsg(r0, &(0x7f0000f8efc8)={&(0x7f00008ba000)=@hci, 0x80, &(0x7f0000000040)=[{&(0x7f0000a13000)=""/4096, 0x1000}, {&(0x7f0000439f80)=""/128, 0x80}], 0x2, &(0x7f0000000000)=""/62, 0x3e}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080), 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'syz_tun\x00'}, 0x18) 2018/04/10 21:10:13 executing program 7: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) clone(0x0, &(0x7f0000597f1c)="a4", &(0x7f00009b9ffc), &(0x7f0000005ffc), &(0x7f0000aca000)) mlock(&(0x7f000045e000/0x3000)=nil, 0x3000) 2018/04/10 21:10:13 executing program 3: socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setrlimit(0x7, &(0x7f0000becff0)={0x16, 0x88}) fcntl$dupfd(r0, 0x0, r1) 2018/04/10 21:10:13 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000b48000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x1ff) sendfile(r1, r2, &(0x7f0000000240)=0x13, 0x6) 2018/04/10 21:10:13 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/dev_mcast\x00') r1 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller0\x00', 0x3}) preadv(r0, &(0x7f0000000480)=[{&(0x7f00000003c0)=""/58, 0x3a}, {&(0x7f0000000780)=""/4096, 0x1000}], 0x2, 0x0) [ 60.095478] device ifb0 entered promiscuous mode [ 60.129920] device ifb0 entered promiscuous mode [ 60.136099] ================================================================== [ 60.143499] BUG: KMSAN: uninit-value in __crc32c_pcl_intel_finup+0x3b2/0x4b0 [ 60.150691] CPU: 0 PID: 5137 Comm: syz-executor0 Not tainted 4.16.0+ #83 [ 60.157531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.167710] Call Trace: [ 60.170311] dump_stack+0x185/0x1d0 [ 60.173955] ? __crc32c_pcl_intel_finup+0x3b2/0x4b0 [ 60.178979] kmsan_report+0x142/0x240 [ 60.182793] __msan_warning_32+0x6c/0xb0 [ 60.186863] __crc32c_pcl_intel_finup+0x3b2/0x4b0 [ 60.191720] crc32c_pcl_intel_finup+0xb5/0xe0 [ 60.196247] ? crc32c_pcl_intel_update+0x500/0x500 [ 60.201182] shash_ahash_finup+0x468/0xa30 [ 60.205435] shash_ahash_digest+0x5c6/0x600 [ 60.209769] shash_async_digest+0x11c/0x1b0 [ 60.214104] crypto_ahash_op+0x89a/0xc10 [ 60.218168] ? __kmalloc+0x23c/0x350 [ 60.221890] ? shash_async_finup+0x1b0/0x1b0 [ 60.226298] ? shash_async_finup+0x1b0/0x1b0 [ 60.230721] crypto_ahash_digest+0xe4/0x160 [ 60.235059] hash_sendpage+0xb40/0xe10 [ 60.238962] ? hash_recvmsg+0xd50/0xd50 [ 60.242953] sock_sendpage+0x1de/0x2c0 [ 60.246857] pipe_to_sendpage+0x31b/0x430 [ 60.251036] ? sock_fasync+0x2b0/0x2b0 [ 60.254934] ? propagate_umount+0x3a30/0x3a30 [ 60.259438] __splice_from_pipe+0x49a/0xf30 [ 60.263770] ? generic_splice_sendpage+0x2a0/0x2a0 [ 60.268713] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.274092] generic_splice_sendpage+0x1c6/0x2a0 2018/04/10 21:10:13 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'lo\x00'}) 2018/04/10 21:10:13 executing program 3: syz_emit_ethernet(0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6050a09c00081100fe800000000000000000000000000000000000aa00004e2000089078000000000000000000000000"], &(0x7f0000000040)) 2018/04/10 21:10:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="ace8060000cacf942f"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x28}, [], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 60.278861] ? iter_file_splice_write+0x1710/0x1710 [ 60.283882] ? iter_file_splice_write+0x1710/0x1710 [ 60.288919] direct_splice_actor+0x19b/0x200 [ 60.293346] splice_direct_to_actor+0x764/0x1040 [ 60.298106] ? do_splice_direct+0x540/0x540 [ 60.302437] ? security_file_permission+0x28f/0x4b0 [ 60.307463] ? rw_verify_area+0x35e/0x580 [ 60.311619] do_splice_direct+0x335/0x540 [ 60.315778] do_sendfile+0x1067/0x1e40 [ 60.319682] SYSC_sendfile64+0x1b3/0x300 [ 60.323753] SyS_sendfile64+0x64/0x90 [ 60.327564] do_syscall_64+0x309/0x430 [ 60.331468] ? SYSC_sendfile+0x320/0x320 [ 60.335540] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.340728] RIP: 0033:0x455259 [ 60.343911] RSP: 002b:00007f9f1e735c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 60.351618] RAX: ffffffffffffffda RBX: 00007f9f1e7366d4 RCX: 0000000000455259 [ 60.358893] RDX: 0000000020000240 RSI: 0000000000000015 RDI: 0000000000000014 [ 60.366162] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.373431] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000ffffffff [ 60.380701] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 60.387967] [ 60.389586] Uninit was created at: [ 60.393130] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 60.398143] kmsan_alloc_page+0x82/0xe0 [ 60.402121] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 60.406872] alloc_pages_vma+0xcc8/0x1800 [ 60.411020] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 60.416034] shmem_getpage_gfp+0x35db/0x5770 [ 60.420440] shmem_fallocate+0xde2/0x1610 [ 60.424580] vfs_fallocate+0x9dc/0xde0 2018/04/10 21:10:13 executing program 3: sched_setattr(0x0, &(0x7f0000000080), 0x0) 2018/04/10 21:10:13 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000180)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") mmap(&(0x7f0000000000/0xd25000)=nil, 0xd25000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000000)={0x2fa, &(0x7f0000000040)}) [ 60.428461] SYSC_fallocate+0x119/0x1d0 [ 60.432433] SyS_fallocate+0x64/0x90 [ 60.436139] do_syscall_64+0x309/0x430 [ 60.440035] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.445310] ================================================================== [ 60.452800] Disabling lock debugging due to kernel taint [ 60.458250] Kernel panic - not syncing: panic_on_warn set ... [ 60.458250] [ 60.465625] CPU: 0 PID: 5137 Comm: syz-executor0 Tainted: G B 4.16.0+ #83 [ 60.473771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.483135] Call Trace: [ 60.485735] dump_stack+0x185/0x1d0 [ 60.489378] panic+0x39d/0x940 [ 60.492600] ? __crc32c_pcl_intel_finup+0x3b2/0x4b0 [ 60.497622] kmsan_report+0x238/0x240 [ 60.501433] __msan_warning_32+0x6c/0xb0 [ 60.505512] __crc32c_pcl_intel_finup+0x3b2/0x4b0 [ 60.510368] crc32c_pcl_intel_finup+0xb5/0xe0 [ 60.514874] ? crc32c_pcl_intel_update+0x500/0x500 [ 60.519818] shash_ahash_finup+0x468/0xa30 [ 60.524080] shash_ahash_digest+0x5c6/0x600 [ 60.528410] shash_async_digest+0x11c/0x1b0 [ 60.532739] crypto_ahash_op+0x89a/0xc10 [ 60.536808] ? __kmalloc+0x23c/0x350 [ 60.540527] ? shash_async_finup+0x1b0/0x1b0 [ 60.544941] ? shash_async_finup+0x1b0/0x1b0 [ 60.549352] crypto_ahash_digest+0xe4/0x160 [ 60.553682] hash_sendpage+0xb40/0xe10 [ 60.557578] ? hash_recvmsg+0xd50/0xd50 [ 60.561560] sock_sendpage+0x1de/0x2c0 [ 60.565459] pipe_to_sendpage+0x31b/0x430 [ 60.569613] ? sock_fasync+0x2b0/0x2b0 [ 60.573535] ? propagate_umount+0x3a30/0x3a30 [ 60.578036] __splice_from_pipe+0x49a/0xf30 [ 60.582363] ? generic_splice_sendpage+0x2a0/0x2a0 [ 60.587299] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.592668] generic_splice_sendpage+0x1c6/0x2a0 [ 60.597436] ? iter_file_splice_write+0x1710/0x1710 [ 60.602458] ? iter_file_splice_write+0x1710/0x1710 [ 60.607477] direct_splice_actor+0x19b/0x200 [ 60.611899] splice_direct_to_actor+0x764/0x1040 [ 60.616653] ? do_splice_direct+0x540/0x540 [ 60.620981] ? security_file_permission+0x28f/0x4b0 [ 60.626011] ? rw_verify_area+0x35e/0x580 [ 60.630180] do_splice_direct+0x335/0x540 [ 60.634343] do_sendfile+0x1067/0x1e40 [ 60.638248] SYSC_sendfile64+0x1b3/0x300 [ 60.642317] SyS_sendfile64+0x64/0x90 [ 60.646116] do_syscall_64+0x309/0x430 [ 60.650016] ? SYSC_sendfile+0x320/0x320 [ 60.654083] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.659267] RIP: 0033:0x455259 [ 60.662450] RSP: 002b:00007f9f1e735c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 60.670167] RAX: ffffffffffffffda RBX: 00007f9f1e7366d4 RCX: 0000000000455259 [ 60.677445] RDX: 0000000020000240 RSI: 0000000000000015 RDI: 0000000000000014 [ 60.684717] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.691975] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000ffffffff [ 60.699249] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 60.706977] Dumping ftrace buffer: [ 60.710509] (ftrace buffer empty) [ 60.714194] Kernel Offset: disabled [ 60.717795] Rebooting in 86400 seconds..