INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. 2018/04/07 09:02:19 fuzzer started 2018/04/07 09:02:20 dialing manager at 10.128.0.26:38639 2018/04/07 09:02:26 kcov=true, comps=false 2018/04/07 09:02:29 executing program 0: futex(&(0x7f0000fd4000), 0x5, 0x0, &(0x7f00001f3000), &(0x7f0000000000), 0x41000000) 2018/04/07 09:02:29 executing program 2: mkdir(&(0x7f0000040000)='./bus\x00', 0x0) r0 = open$dir(&(0x7f0000045ffc)='./bus\x00', 0x0, 0x0) getdents(r0, &(0x7f000002efec)=""/46, 0x2e) 2018/04/07 09:02:29 executing program 7: clone(0x0, &(0x7f00009e4ffd), &(0x7f00005faffc), &(0x7f00000f9ffc), &(0x7f00001c9ffe)) sysinfo(&(0x7f0000173000)=""/4096) 2018/04/07 09:02:29 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000e6a000)=@get={0x1, &(0x7f0000578f65)=""/155}) 2018/04/07 09:02:29 executing program 3: r0 = inotify_init1(0x0) ioctl$int_in(r0, 0x5452, &(0x7f000070dff8)=0x5) 2018/04/07 09:02:29 executing program 4: futex(&(0x7f00001122a1), 0x800000000008, 0x0, &(0x7f000000b000), &(0x7f0000048000), 0x0) 2018/04/07 09:02:29 executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000000eff4)) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000537000), 0x4) 2018/04/07 09:02:29 executing program 6: r0 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$inet6_int(r0, 0x29, 0x800000000000004b, &(0x7f0000a6b000), &(0x7f0000f66ffc)=0x4) syzkaller login: [ 44.208883] ip (3818) used greatest stack depth: 54072 bytes left [ 47.031332] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.260971] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.325160] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.435441] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.447869] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.474142] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.592938] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.624240] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.199397] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.377119] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.444913] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.469756] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.581551] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.597131] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.607512] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.867779] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.983593] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.989919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.998617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.216282] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.222578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.235798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.251289] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.260137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.274622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.304526] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.317990] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.324557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.340159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.376932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.405741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.438480] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.448277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.466654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.520693] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.526973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.541279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.704095] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.710416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.722725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 09:02:46 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x41, &(0x7f00008e2fba)="958e392937a186d6306a3615593baa57ff0002060000000000079ab4d5ed5cff03000000000000ffff8dffff080cf4eacc49d4df311e370043159379595d0000000000000093bffffffeffbd03ba89734f4e49fda5060255", 0x58) 2018/04/07 09:02:46 executing program 2: mkdir(&(0x7f0000937ff8)='./file0\x00', 0x0) lsetxattr(&(0x7f0000712ff8)='./file0\x00', &(0x7f0000faffe7)=@known='system.posix_acl_default\x00', &(0x7f000054afec)="0200000001000000000000010400000000000000", 0x14, 0x0) 2018/04/07 09:02:46 executing program 5: r0 = socket(0x10, 0x2, 0x0) getsockopt$netlink(r0, 0x10e, 0x3, &(0x7f0000151000)=""/198, &(0x7f0000000000)=0xc6) 2018/04/07 09:02:46 executing program 3: mkdir(&(0x7f000010eff8)='./file0\x00', 0x0) r0 = open(&(0x7f0000f1b000)='./file0\x00', 0x0, 0x0) lseek(r0, 0x1, 0x0) 2018/04/07 09:02:46 executing program 1: keyctl$update(0x2, 0x0, 0x0, 0x3e8) 2018/04/07 09:02:46 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000db9000)=0xd6, 0x4) getsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000b67000), &(0x7f0000db9ffc)=0x4) 2018/04/07 09:02:46 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000de1ff0)={0x1, &(0x7f00004d8000)=[{0x6}]}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1a, &(0x7f0000de4fff)=""/1, &(0x7f0000de3000)=0x1) 2018/04/07 09:02:46 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000981ff8)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = epoll_create(0x1000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000984ff4)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000aaf000)={0x20000004}) 2018/04/07 09:02:46 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000a7c000), 0x4) 2018/04/07 09:02:47 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x63, &(0x7f000035cfe2)=""/30, &(0x7f0000000000)=0x1e) 2018/04/07 09:02:47 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5437, &(0x7f000000f000)) 2018/04/07 09:02:47 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f000003d000)={0xffffffffffffffff, 0xffffffffffffffff}) read(r0, &(0x7f0000039fff)=""/1, 0x1) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f000002e000), 0x4) setsockopt$sock_int(r0, 0x1, 0x32, &(0x7f0000022000), 0x4) mmap(&(0x7f0000000000/0xf90000)=nil, 0xf90000, 0x3, 0x31, 0xffffffffffffffff, 0x0) close(r1) 2018/04/07 09:02:47 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000001ffc), 0x136) 2018/04/07 09:02:48 executing program 1: pipe(&(0x7f0000097ff8)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x80003) vmsplice(r1, &(0x7f00003dcfb0)=[{&(0x7f000078e000)}], 0x1, 0x0) 2018/04/07 09:02:48 executing program 2: r0 = socket(0x10, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00002fbff0)={0x3, &(0x7f000012c000)=[{0x0, 0x0, 0x0, 0x7a}, {0x45, 0x0, 0x0, 0x8}, {0x6}]}, 0x10) write(r0, &(0x7f000061cfde)="1f0000000401ffd60000010720000000000001000000ffdcffffffffffde8f", 0x1f) 2018/04/07 09:02:48 executing program 7: mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x7, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) mmap(&(0x7f000001d000/0x2000)=nil, 0x2000, 0x3, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400, 0x1}, &(0x7f000001d000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f000000d000), &(0x7f0000048000), 0x0) 2018/04/07 09:02:48 executing program 4: seccomp(0x1, 0x0, &(0x7f0000028ff0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) r0 = eventfd2(0x0, 0x0) pipe2(&(0x7f0000fb0ff8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000e22000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000008ff8)=0x3f) recvfrom(r3, &(0x7f0000012f73), 0x0, 0x0, &(0x7f0000012ff0)=@ax25={0x6, {"2d13d4162d9f33"}}, 0x10) r4 = getpgid(0x0) fcntl$setsig(r2, 0xa, 0x12) r5 = dup2(r1, r3) fcntl$setown(r2, 0x8, r4) tkill(r4, 0x13) tee(r0, r5, 0x7ff, 0x0) 2018/04/07 09:02:48 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000fc0ff8)=[0x0, 0x800]) 2018/04/07 09:02:48 executing program 0: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000001fe8)) capset(&(0x7f0000c24ff8)={0x20080522}, &(0x7f0000c6d000)={0x0, 0x0, 0x1b}) 2018/04/07 09:02:48 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00008d0ffc)=0x10000000000001, 0x4) set_mempolicy(0x4001, &(0x7f0000aebff8)=0x4, 0x8) close(r0) 2018/04/07 09:02:48 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt(r0, 0x1, 0x7, &(0x7f0000003000)=""/4096, &(0x7f0000004000)=0x1000) [ 60.120356] capability: warning: `syz-executor0' uses 32-bit capabilities (legacy support in use) [ 60.149523] audit: type=1326 audit(1523091768.148:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5135 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 09:02:48 executing program 1: clone(0x42c00, &(0x7f0000000000), &(0x7f0000000ffc), &(0x7f0000000000), &(0x7f0000001f9d)) 2018/04/07 09:02:48 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000b88ffc)=0x8000, 0x4) 2018/04/07 09:02:48 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f000075bff7)='/dev/rtc\x00', 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x7002) 2018/04/07 09:02:48 executing program 0: pipe2(&(0x7f00008df000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r1, &(0x7f000020b000)=[{&(0x7f0000b0c000)="ff2385511173befd8b633d6cddaedff34a72adad9e603388337d63f7ae0e8fd3bc7bc5933a18eb123d705e21a238a5216d7952fd5de771699553eaa81d9270ffadf128c28331b837653a14c9073482aeb4309af5d21653af1df6ffab615d06603397e79355dedaaebb79c197525f2422ff3fcd29e3bf72a9dc57da0de4f589e09fc21d89af7cf6d038ca9d82a7d58bb96226e856699100003086243c80482d59ad9d47728ccfb3fe08a4ae74fa3e6743", 0xb0}], 0x1, 0x0) mmap(&(0x7f0000000000/0xb39000)=nil, 0xb39000, 0x0, 0x32, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000dd1000)=[{&(0x7f0000fb5f50)=""/176, 0xb0}], 0x1) 2018/04/07 09:02:48 executing program 3: futex(&(0x7f0000000000), 0x5, 0x0, &(0x7f0000000000)={0x77359400}, &(0x7f0000000ffc), 0xc7fda99635440eee) 2018/04/07 09:02:48 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) 2018/04/07 09:02:48 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f000021cfe0)={@loopback={0x0, 0x1}, 0x0, 0x1, 0x0, 0x4}, 0x20) 2018/04/07 09:02:48 executing program 1: socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f000021bff8)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000021ff0)={0x2, &(0x7f0000016000)=[{0x28, 0x0, 0x0, 0xfffffffffffff010}, {0x6}]}, 0x10) write(r1, &(0x7f00001dafa4), 0x0) 2018/04/07 09:02:48 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x9) bind$netlink(r0, &(0x7f000006c000)={0x10, 0x0, 0xffffffffffffffff, 0xffffffffffffffff}, 0xc) bind$netlink(r0, &(0x7f0000d86000)={0x10}, 0xc) 2018/04/07 09:02:48 executing program 3: mkdir(&(0x7f00002a7000)='./file0\x00', 0x0) mount(&(0x7f00005da000)='./file0\x00', &(0x7f00001a1000)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f0000807000)) chdir(&(0x7f0000e69ff8)='./file0\x00') mknod(&(0x7f00002f4ff8)='./file0\x00', 0x1000, 0x0) [ 61.076526] audit: type=1326 audit(1523091769.075:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5135 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 09:02:49 executing program 0: r0 = gettid() rt_sigqueueinfo(r0, 0x103e, &(0x7f00003b5ff0)) 2018/04/07 09:02:49 executing program 4: mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x7, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) mmap(&(0x7f000001d000/0x2000)=nil, 0x2000, 0x3, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400, 0x1}, &(0x7f000001d000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f000000d000), &(0x7f0000048000), 0x0) 2018/04/07 09:02:49 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000042ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f0000d54ff8)='./file0\x00', 0x28046, 0x0) fallocate(r2, 0x0, 0x8001, 0x3f) sendfile(r1, r2, &(0x7f0000e64ff8)=0x4, 0x8e18) 2018/04/07 09:02:49 executing program 1: mkdir(&(0x7f00001a3000)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000a9eff8)='./file0\x00', &(0x7f00000db000)='ramfs\x00', 0x0, &(0x7f000000a000)) chroot(&(0x7f0000738ffc)='./file0\x00') mount(&(0x7f000097fff8)='./file0\x00', &(0x7f0000a51ff8)='./file0\x00', &(0x7f00002d6ffd)='9p\x00', 0x5000, 0x0) pivot_root(&(0x7f00006a7ff8)='./file0\x00', &(0x7f0000823000)='.') 2018/04/07 09:02:49 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00008f0a07)='pagemap\x00') r1 = syz_open_procfs(0x0, &(0x7f000045dff3)="636c6561725f72656673007edb") writev(r1, &(0x7f00009eb000)=[{&(0x7f0000523000)='4', 0x1}], 0x1) pread64(r0, &(0x7f00007e5000)=""/8, 0x8, 0x100000) 2018/04/07 09:02:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$netlink(r0, 0x10e, 0x5, &(0x7f0000118ffc)=""/4, &(0x7f00005e5ffc)=0x2) 2018/04/07 09:02:49 executing program 6: r0 = syz_open_dev$mice(&(0x7f0000a59ff0)='/dev/input/mice\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000028000)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00002b8000)={0x60000004}) epoll_pwait(r1, &(0x7f0000f30000)=[{}], 0x1, 0x0, &(0x7f0000ecbff8), 0x8) 2018/04/07 09:02:49 executing program 7: mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x7, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) mmap(&(0x7f000001d000/0x2000)=nil, 0x2000, 0x3, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400, 0x1}, &(0x7f000001d000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f000000d000), &(0x7f0000048000), 0x0) 2018/04/07 09:02:49 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00008f0a07)='pagemap\x00') pread64(r0, &(0x7f0000fd7000)=""/8, 0x8, 0x900000) [ 61.573765] ================================================================== [ 61.581235] BUG: KMSAN: uninit-value in sha512_generic_block_fn+0x237f/0x2b90 [ 61.588529] CPU: 1 PID: 5208 Comm: syz-executor5 Not tainted 4.16.0+ #81 [ 61.595374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.604726] Call Trace: [ 61.607329] dump_stack+0x185/0x1d0 [ 61.610981] ? sha512_generic_block_fn+0x237f/0x2b90 [ 61.616098] kmsan_report+0x142/0x240 [ 61.619916] __msan_warning_32+0x6c/0xb0 [ 61.623999] sha512_generic_block_fn+0x237f/0x2b90 [ 61.628951] ? __radix_tree_insert+0x250/0x580 [ 61.633560] ? kmsan_set_origin_inline+0x6b/0x120 [ 61.638424] ? find_lock_entry+0x157/0x720 [ 61.642675] ? page_mapping+0x300/0x480 [ 61.646685] crypto_sha512_update+0x4fb/0x590 [ 61.651201] ? sha224_base_init+0x220/0x220 [ 61.655532] shash_async_update+0x290/0x360 [ 61.659869] ? shash_async_init+0x270/0x270 [ 61.664198] hash_sendpage+0x904/0xe10 [ 61.668097] ? hash_recvmsg+0xd50/0xd50 [ 61.672076] sock_sendpage+0x1de/0x2c0 [ 61.675979] pipe_to_sendpage+0x31b/0x430 [ 61.680136] ? sock_fasync+0x2b0/0x2b0 [ 61.684037] ? propagate_umount+0x3a30/0x3a30 [ 61.688534] __splice_from_pipe+0x49a/0xf30 [ 61.692857] ? generic_splice_sendpage+0x2a0/0x2a0 [ 61.697795] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 61.703167] generic_splice_sendpage+0x1c6/0x2a0 [ 61.707931] ? iter_file_splice_write+0x1710/0x1710 [ 61.712947] ? iter_file_splice_write+0x1710/0x1710 [ 61.717962] direct_splice_actor+0x19b/0x200 2018/04/07 09:02:49 executing program 3: set_mempolicy(0x1, &(0x7f0000003000), 0x101) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000c22fa8)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00004f7000)="649c47ad46390d006dc80000009d4d54", 0x10) [ 61.722384] splice_direct_to_actor+0x764/0x1040 [ 61.727140] ? do_splice_direct+0x540/0x540 [ 61.731467] ? security_file_permission+0x28f/0x4b0 [ 61.736492] ? rw_verify_area+0x35e/0x580 [ 61.740646] do_splice_direct+0x335/0x540 [ 61.744798] do_sendfile+0x1067/0x1e40 [ 61.748697] SYSC_sendfile64+0x1b3/0x300 [ 61.752763] SyS_sendfile64+0x64/0x90 [ 61.756565] do_syscall_64+0x309/0x430 [ 61.760460] ? SYSC_sendfile+0x320/0x320 [ 61.764525] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.769709] RIP: 0033:0x455259 2018/04/07 09:02:49 executing program 1: pselect6(0xbe, &(0x7f0000c41000), &(0x7f0000425000), &(0x7f0000e6f000)={0x0, 0x0, 0xffff}, &(0x7f0000e85000), &(0x7f0000ff7000)={&(0x7f000055b000), 0x8}) 2018/04/07 09:02:49 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind(r0, &(0x7f00003ffff0)=@ethernet={0x0, @random="c615c6af45de"}, 0x10) [ 61.772894] RSP: 002b:00007f0ac64e9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 61.780608] RAX: ffffffffffffffda RBX: 00007f0ac64ea6d4 RCX: 0000000000455259 [ 61.787871] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 61.795132] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 61.802407] R10: 0000000000008e18 R11: 0000000000000246 R12: 00000000ffffffff [ 61.809676] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 61.816945] [ 61.818568] Uninit was created at: [ 61.822119] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 61.827136] kmsan_alloc_page+0x82/0xe0 [ 61.831120] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 61.835883] alloc_pages_vma+0xcc8/0x1800 [ 61.840040] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 61.845062] shmem_getpage_gfp+0x35db/0x5770 [ 61.849473] shmem_file_read_iter+0x508/0x1180 [ 61.854061] generic_file_splice_read+0x4e8/0x830 [ 61.858913] splice_direct_to_actor+0x4c6/0x1040 [ 61.863678] do_splice_direct+0x335/0x540 [ 61.867835] do_sendfile+0x1067/0x1e40 [ 61.871734] SYSC_sendfile64+0x1b3/0x300 [ 61.875801] SyS_sendfile64+0x64/0x90 [ 61.879605] do_syscall_64+0x309/0x430 [ 61.883496] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.888684] ================================================================== [ 61.896036] Disabling lock debugging due to kernel taint [ 61.901489] Kernel panic - not syncing: panic_on_warn set ... [ 61.901489] [ 61.908865] CPU: 1 PID: 5208 Comm: syz-executor5 Tainted: G B 4.16.0+ #81 [ 61.917009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.926372] Call Trace: [ 61.928976] dump_stack+0x185/0x1d0 [ 61.932621] panic+0x39d/0x940 [ 61.935848] ? sha512_generic_block_fn+0x237f/0x2b90 [ 61.940956] kmsan_report+0x238/0x240 [ 61.944768] __msan_warning_32+0x6c/0xb0 [ 61.948834] sha512_generic_block_fn+0x237f/0x2b90 [ 61.953773] ? __radix_tree_insert+0x250/0x580 [ 61.958375] ? kmsan_set_origin_inline+0x6b/0x120 [ 61.963230] ? find_lock_entry+0x157/0x720 [ 61.967468] ? page_mapping+0x300/0x480 [ 61.971460] crypto_sha512_update+0x4fb/0x590 [ 61.975969] ? sha224_base_init+0x220/0x220 [ 61.980291] shash_async_update+0x290/0x360 [ 61.984618] ? shash_async_init+0x270/0x270 [ 61.988940] hash_sendpage+0x904/0xe10 [ 61.992833] ? hash_recvmsg+0xd50/0xd50 [ 61.996816] sock_sendpage+0x1de/0x2c0 [ 62.000716] pipe_to_sendpage+0x31b/0x430 [ 62.004876] ? sock_fasync+0x2b0/0x2b0 [ 62.008784] ? propagate_umount+0x3a30/0x3a30 [ 62.013287] __splice_from_pipe+0x49a/0xf30 [ 62.017614] ? generic_splice_sendpage+0x2a0/0x2a0 [ 62.022554] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 62.028018] generic_splice_sendpage+0x1c6/0x2a0 [ 62.032787] ? iter_file_splice_write+0x1710/0x1710 [ 62.037808] ? iter_file_splice_write+0x1710/0x1710 [ 62.042839] direct_splice_actor+0x19b/0x200 [ 62.047263] splice_direct_to_actor+0x764/0x1040 [ 62.052031] ? do_splice_direct+0x540/0x540 [ 62.056372] ? security_file_permission+0x28f/0x4b0 [ 62.061403] ? rw_verify_area+0x35e/0x580 [ 62.065568] do_splice_direct+0x335/0x540 [ 62.069730] do_sendfile+0x1067/0x1e40 [ 62.073623] SYSC_sendfile64+0x1b3/0x300 [ 62.077692] SyS_sendfile64+0x64/0x90 [ 62.081492] do_syscall_64+0x309/0x430 [ 62.085389] ? SYSC_sendfile+0x320/0x320 [ 62.089452] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.094624] RIP: 0033:0x455259 [ 62.097798] RSP: 002b:00007f0ac64e9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 62.105513] RAX: ffffffffffffffda RBX: 00007f0ac64ea6d4 RCX: 0000000000455259 [ 62.112768] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 62.120031] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 62.127295] R10: 0000000000008e18 R11: 0000000000000246 R12: 00000000ffffffff [ 62.134548] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 62.142294] Dumping ftrace buffer: [ 62.145822] (ftrace buffer empty) [ 62.149510] Kernel Offset: disabled [ 62.153120] Rebooting in 86400 seconds..