INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. 2018/04/07 00:51:21 fuzzer started 2018/04/07 00:51:22 dialing manager at 10.128.0.26:38639 2018/04/07 00:51:28 kcov=true, comps=false 2018/04/07 00:51:30 executing program 0: epoll_create1(0x0) socket$unix(0x1, 0x5, 0x0) unshare(0x8000400) mq_open(&(0x7f000004b000)="0b7d805374877286b5e4f2", 0x42, 0x0, &(0x7f000004b000)={0x3, 0x7, 0x3}) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f00007fbfc0), &(0x7f0000f22000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000553ff8), 0x8}) 2018/04/07 00:51:30 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000331000)={0x1, 0x1, 0x7f, 0x9}, 0x22) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000ba000)={r0, &(0x7f00002ae000), &(0x7f0000260ff8)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00001cbfe8)={r0, &(0x7f0000350000)="ed", &(0x7f0000300fce)=""/50}, 0x18) 2018/04/07 00:51:30 executing program 7: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x70, 0x1e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)={0xa, 0x1, 0x7f, 0x80000001}, 0x2c) 2018/04/07 00:51:30 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000fa8fe4)={0xa, 0x3}, 0x1c) sendto$inet6(r0, &(0x7f0000ab4f8e)="97", 0x1, 0x0, &(0x7f0000aaa000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}}, 0x1c) r1 = dup(r0) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) 2018/04/07 00:51:30 executing program 2: r0 = syz_open_dev$tun(&(0x7f00000d4000)='/dev/net/tun\x00', 0x0, 0x0) fsetxattr(r0, &(0x7f0000af1fe8)=@known="73797374656d2e706f7369785f61636c5f61636365737302", &(0x7f00009b8000)="020000000800000000000000", 0xc, 0x0) 2018/04/07 00:51:30 executing program 3: 2018/04/07 00:51:30 executing program 5: 2018/04/07 00:51:30 executing program 6: syzkaller login: [ 42.754439] ip (3811) used greatest stack depth: 54408 bytes left [ 43.604525] ip (3889) used greatest stack depth: 54200 bytes left [ 45.678916] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.811265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.905956] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.969882] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.991353] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.049439] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.094916] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.118365] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.588913] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.736580] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.823743] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.887202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.906729] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.930694] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.004289] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.129714] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.395895] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.402182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.410201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.481310] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.487553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.497007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.555244] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.561484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.576682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.660541] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.666801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.676610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.706650] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.715151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.730974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.764284] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.773324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.804206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.860908] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.867210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.880460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.007606] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.013881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.025823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 00:51:47 executing program 6: 2018/04/07 00:51:47 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000012000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) recvmsg(r0, &(0x7f0000001180)={&(0x7f0000000000)=@generic, 0x80, &(0x7f00000010c0), 0x0, &(0x7f0000000080)=""/115, 0x73}, 0x0) sendmsg(r0, &(0x7f0000001980)={0x0, 0xfffffe77, &(0x7f0000000080), 0x111}, 0x0) 2018/04/07 00:51:47 executing program 6: r0 = open(&(0x7f0000ba0000)='./file0\x00', 0xfc, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000ecfff8)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000014000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) dup3(r0, r1, 0x0) 2018/04/07 00:51:48 executing program 0: epoll_create1(0x0) socket$unix(0x1, 0x5, 0x0) unshare(0x8000400) mq_open(&(0x7f000004b000)="0b7d805374877286b5e4f2", 0x42, 0x0, &(0x7f000004b000)={0x3, 0x7, 0x3}) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f00007fbfc0), &(0x7f0000f22000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000553ff8), 0x8}) 2018/04/07 00:51:48 executing program 7: capset(&(0x7f00000fc000)={0x19980330}, &(0x7f0000244000)) socket$inet_icmp_raw(0x2, 0x3, 0x1) 2018/04/07 00:51:48 executing program 5: r0 = socket$inet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10) r1 = socket$nl_xfrm(0x11, 0x3, 0x6) sendmsg(r1, &(0x7f0000000040)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x3, @local={0xfe, 0x80, [], 0xaa}}, 0x80, &(0x7f0000000480), 0x0, &(0x7f0000000140)}, 0x0) 2018/04/07 00:51:48 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(tea-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00001ec000)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000940)=[{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000340)="b6e5db1d36b2bd8f46ae14e8a3775fd9", 0x10}], 0x1, &(0x7f0000000200)}], 0x1, 0x0) recvmsg(r1, &(0x7f000022efc8)={&(0x7f0000bb5ff0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000040)=""/121, 0x79}], 0x1, &(0x7f0000139000)=""/70, 0x46}, 0x0) 2018/04/07 00:51:48 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000331000)={0x1, 0x1, 0x7f, 0x9}, 0x22) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000ba000)={r0, &(0x7f00002ae000), &(0x7f0000260ff8)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00001cbfe8)={r0, &(0x7f0000350000)="ed", &(0x7f0000300fce)=""/50}, 0x18) 2018/04/07 00:51:48 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x0, @multicast2=0xe0000002}, {0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, {0x4, 0x0, @broadcast=0xffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='gre0\x00'}) 2018/04/07 00:51:48 executing program 6: r0 = open(&(0x7f0000ba0000)='./file0\x00', 0xfc, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000ecfff8)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000014000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) dup3(r0, r1, 0x0) 2018/04/07 00:51:48 executing program 2: r0 = syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x0) [ 57.788220] capability: warning: `syz-executor7' uses 32-bit capabilities (legacy support in use) 2018/04/07 00:51:48 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000018ff4)={0x10}, 0xc, &(0x7f0000013ff1)={&(0x7f0000000140)={0x20, 0x26, 0x1, 0x0, 0x0, {0x1}, [@typed={0xc, 0x0, @u64=0x300}]}, 0x20}, 0x1}, 0x0) 2018/04/07 00:51:49 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000010ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x9) sendfile(r1, r2, &(0x7f0000e64ff8), 0x8) 2018/04/07 00:51:49 executing program 0: epoll_create1(0x0) socket$unix(0x1, 0x5, 0x0) unshare(0x8000400) mq_open(&(0x7f000004b000)="0b7d805374877286b5e4f2", 0x42, 0x0, &(0x7f000004b000)={0x3, 0x7, 0x3}) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f00007fbfc0), &(0x7f0000f22000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000553ff8), 0x8}) 2018/04/07 00:51:49 executing program 6: r0 = open(&(0x7f0000ba0000)='./file0\x00', 0xfc, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000ecfff8)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000014000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) dup3(r0, r1, 0x0) 2018/04/07 00:51:49 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000002fdb)="240000001a00030007fffd946fa283bc0aeee6d87986c497271d856808000200d188737e", 0x24}], 0x1}, 0x0) 2018/04/07 00:51:49 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000088cff6)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b3fdc)) write(r0, &(0x7f000054bfba)="4f7ad0c9edb302486f1748144523c0c253773e00d49ba39063e2432e8de58f5930fd07000000dcf50bbc54b70c0ea17b4728dde5f9eedfc811ff1f75642558334444c9fe3d13", 0x46) getpgrp(0x0) r1 = syz_open_pts(r0, 0x2) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000180)="10", 0x1}], 0x1) ioctl$TCSETS(r1, 0x5402, &(0x7f00000000c0)={0xfffffdfd}) 2018/04/07 00:51:49 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x6, 0x4, 0x3f, 0x1, 0x0, 0xffffffffffffff9c}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r0, &(0x7f0000000100), &(0x7f0000000180)=""/145}, 0x18) 2018/04/07 00:51:49 executing program 2: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x70, 0x1e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x30, &(0x7f0000000180)={@remote={0xfe, 0x80, [], 0xbb}}, 0x20) 2018/04/07 00:51:49 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='=(&\x00') [ 58.112070] ================================================================== [ 58.119500] BUG: KMSAN: uninit-value in wp512_process_buffer+0x4ad5/0x4d90 [ 58.126516] CPU: 0 PID: 5121 Comm: syz-executor4 Not tainted 4.16.0+ #81 [ 58.133352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.142708] Call Trace: [ 58.145306] dump_stack+0x185/0x1d0 [ 58.148941] ? wp512_process_buffer+0x4ad5/0x4d90 [ 58.153787] kmsan_report+0x142/0x240 [ 58.157595] __msan_warning_32+0x6c/0xb0 2018/04/07 00:51:49 executing program 1: setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x0, 0x4}, 0x10) r0 = socket(0x11, 0x4000000000080003, 0x0) setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0xc5) [ 58.161670] wp512_process_buffer+0x4ad5/0x4d90 [ 58.166340] ? get_page_from_freelist+0xab28/0xb600 [ 58.171368] ? save_stack_trace+0xa5/0xf0 [ 58.175517] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.180968] ? update_stack_state+0x885/0xa40 [ 58.185468] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.190836] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.196294] ? update_stack_state+0x885/0xa40 [ 58.200798] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.206169] ? is_bpf_text_address+0xb4/0x4b0 [ 58.210760] ? __is_insn_slot_addr+0x198/0x1c0 [ 58.215449] ? kernel_text_address+0x34d/0x3a0 [ 58.220039] ? __kernel_text_address+0x34/0xe0 [ 58.224628] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.230086] ? __save_stack_trace+0x893/0xa80 [ 58.234592] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 58.240045] ? depot_save_stack+0x39e/0x4c0 [ 58.244374] ? __irqentry_text_end+0x1fb47e/0x1fb47e [ 58.249480] ? kmsan_internal_chain_origin+0x1d3/0x210 [ 58.254758] ? kmsan_internal_chain_origin+0x12b/0x210 [ 58.260035] ? __msan_chain_origin+0x69/0xc0 [ 58.264443] ? wp512_update+0xbd6/0xc40 [ 58.268417] ? shash_finup_unaligned+0x202/0x3f0 [ 58.273171] ? shash_ahash_finup+0x468/0xa30 [ 58.277581] ? shash_ahash_digest+0x5c6/0x600 [ 58.282074] ? shash_async_digest+0x11c/0x1b0 [ 58.286569] ? crypto_ahash_op+0x89a/0xc10 [ 58.291760] ? crypto_ahash_digest+0xe4/0x160 [ 58.296258] ? hash_sendpage+0xb40/0xe10 [ 58.300321] ? sock_sendpage+0x1de/0x2c0 [ 58.304384] ? pipe_to_sendpage+0x31b/0x430 [ 58.308703] ? __splice_from_pipe+0x49a/0xf30 2018/04/07 00:51:49 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000100)={r0}) [ 58.313203] ? generic_splice_sendpage+0x1c6/0x2a0 [ 58.318136] ? direct_splice_actor+0x19b/0x200 [ 58.322720] ? splice_direct_to_actor+0x764/0x1040 [ 58.327649] ? do_splice_direct+0x335/0x540 [ 58.331971] ? do_sendfile+0x1067/0x1e40 [ 58.336036] ? SYSC_sendfile64+0x1b3/0x300 [ 58.340273] ? SyS_sendfile64+0x64/0x90 [ 58.344245] ? do_syscall_64+0x309/0x430 [ 58.348308] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.353676] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.359039] ? is_bpf_text_address+0xb4/0x4b0 [ 58.363540] ? __is_insn_slot_addr+0x198/0x1c0 [ 58.368135] ? kmsan_memcpy_origins+0xf1/0x170 [ 58.372728] wp512_final+0x2f6/0x780 [ 58.376458] wp256_final+0x8c/0x110 [ 58.380094] ? shash_finup_unaligned+0x35c/0x3f0 [ 58.384849] ? wp384_final+0x110/0x110 [ 58.388738] ? wp384_final+0x110/0x110 [ 58.392625] shash_finup_unaligned+0x3a8/0x3f0 [ 58.397208] ? crypto_shash_finup+0x520/0x520 [ 58.401703] shash_ahash_finup+0x468/0xa30 [ 58.405942] shash_ahash_digest+0x5c6/0x600 2018/04/07 00:51:49 executing program 5: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) [ 58.410265] shash_async_digest+0x11c/0x1b0 [ 58.414591] crypto_ahash_op+0x89a/0xc10 [ 58.418653] ? __kmalloc+0x23c/0x350 [ 58.422365] ? shash_async_finup+0x1b0/0x1b0 [ 58.426769] ? shash_async_finup+0x1b0/0x1b0 [ 58.431181] crypto_ahash_digest+0xe4/0x160 [ 58.435502] hash_sendpage+0xb40/0xe10 [ 58.439393] ? hash_recvmsg+0xd50/0xd50 [ 58.443367] sock_sendpage+0x1de/0x2c0 [ 58.447274] pipe_to_sendpage+0x31b/0x430 [ 58.451425] ? sock_fasync+0x2b0/0x2b0 [ 58.455321] ? propagate_umount+0x3a30/0x3a30 [ 58.459821] __splice_from_pipe+0x49a/0xf30 [ 58.464152] ? generic_splice_sendpage+0x2a0/0x2a0 [ 58.469088] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.474454] generic_splice_sendpage+0x1c6/0x2a0 [ 58.479219] ? iter_file_splice_write+0x1710/0x1710 [ 58.484237] ? iter_file_splice_write+0x1710/0x1710 [ 58.489258] direct_splice_actor+0x19b/0x200 [ 58.493678] splice_direct_to_actor+0x764/0x1040 [ 58.498438] ? do_splice_direct+0x540/0x540 [ 58.502770] ? security_file_permission+0x28f/0x4b0 [ 58.507799] ? rw_verify_area+0x35e/0x580 [ 58.511957] do_splice_direct+0x335/0x540 [ 58.516111] do_sendfile+0x1067/0x1e40 [ 58.520017] SYSC_sendfile64+0x1b3/0x300 [ 58.524089] SyS_sendfile64+0x64/0x90 [ 58.527890] do_syscall_64+0x309/0x430 [ 58.532448] ? SYSC_sendfile+0x320/0x320 [ 58.536518] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.541704] RIP: 0033:0x455259 [ 58.544886] RSP: 002b:00007f19697f6c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 58.552595] RAX: ffffffffffffffda RBX: 00007f19697f76d4 RCX: 0000000000455259 [ 58.559863] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 58.567138] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.574413] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff [ 58.581682] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 58.588950] [ 58.590565] Uninit was stored to memory at: [ 58.594892] kmsan_internal_chain_origin+0x12b/0x210 [ 58.599992] __msan_chain_origin+0x69/0xc0 [ 58.604229] wp512_update+0x76c/0xc40 [ 58.608027] shash_finup_unaligned+0x202/0x3f0 [ 58.612605] shash_ahash_finup+0x468/0xa30 [ 58.616834] shash_ahash_digest+0x5c6/0x600 [ 58.621156] shash_async_digest+0x11c/0x1b0 [ 58.625477] crypto_ahash_op+0x89a/0xc10 [ 58.629538] crypto_ahash_digest+0xe4/0x160 [ 58.633870] hash_sendpage+0xb40/0xe10 [ 58.637762] sock_sendpage+0x1de/0x2c0 [ 58.641649] pipe_to_sendpage+0x31b/0x430 [ 58.645798] __splice_from_pipe+0x49a/0xf30 [ 58.650133] generic_splice_sendpage+0x1c6/0x2a0 [ 58.654890] direct_splice_actor+0x19b/0x200 [ 58.659302] splice_direct_to_actor+0x764/0x1040 [ 58.664057] do_splice_direct+0x335/0x540 [ 58.668203] do_sendfile+0x1067/0x1e40 [ 58.672091] SYSC_sendfile64+0x1b3/0x300 [ 58.676172] SyS_sendfile64+0x64/0x90 [ 58.679988] do_syscall_64+0x309/0x430 [ 58.683876] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.689051] Uninit was created at: [ 58.692593] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 58.697605] kmsan_alloc_page+0x82/0xe0 [ 58.701574] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 58.706323] alloc_pages_vma+0xcc8/0x1800 [ 58.710467] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 58.715481] shmem_getpage_gfp+0x35db/0x5770 [ 58.719894] shmem_fallocate+0xde2/0x1610 [ 58.724039] vfs_fallocate+0x9dc/0xde0 [ 58.727922] SYSC_fallocate+0x119/0x1d0 [ 58.731891] SyS_fallocate+0x64/0x90 [ 58.735608] do_syscall_64+0x309/0x430 [ 58.739494] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.744672] ================================================================== [ 58.752020] Disabling lock debugging due to kernel taint [ 58.757485] Kernel panic - not syncing: panic_on_warn set ... [ 58.757485] [ 58.764852] CPU: 0 PID: 5121 Comm: syz-executor4 Tainted: G B 4.16.0+ #81 [ 58.772982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.782329] Call Trace: [ 58.784916] dump_stack+0x185/0x1d0 [ 58.788541] panic+0x39d/0x940 [ 58.791756] ? wp512_process_buffer+0x4ad5/0x4d90 [ 58.796595] kmsan_report+0x238/0x240 [ 58.800396] __msan_warning_32+0x6c/0xb0 [ 58.804462] wp512_process_buffer+0x4ad5/0x4d90 [ 58.809134] ? get_page_from_freelist+0xab28/0xb600 [ 58.814162] ? save_stack_trace+0xa5/0xf0 [ 58.818312] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.823766] ? update_stack_state+0x885/0xa40 [ 58.828267] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.833632] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.839081] ? update_stack_state+0x885/0xa40 [ 58.843580] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.848943] ? is_bpf_text_address+0xb4/0x4b0 [ 58.853443] ? __is_insn_slot_addr+0x198/0x1c0 [ 58.858033] ? kernel_text_address+0x34d/0x3a0 [ 58.862619] ? __kernel_text_address+0x34/0xe0 [ 58.867200] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.872648] ? __save_stack_trace+0x893/0xa80 [ 58.877157] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 58.882610] ? depot_save_stack+0x39e/0x4c0 [ 58.886926] ? __irqentry_text_end+0x1fb47e/0x1fb47e [ 58.892019] ? kmsan_internal_chain_origin+0x1d3/0x210 [ 58.897288] ? kmsan_internal_chain_origin+0x12b/0x210 [ 58.902546] ? __msan_chain_origin+0x69/0xc0 [ 58.906940] ? wp512_update+0xbd6/0xc40 [ 58.910895] ? shash_finup_unaligned+0x202/0x3f0 [ 58.915630] ? shash_ahash_finup+0x468/0xa30 [ 58.920022] ? shash_ahash_digest+0x5c6/0x600 [ 58.924503] ? shash_async_digest+0x11c/0x1b0 [ 58.928978] ? crypto_ahash_op+0x89a/0xc10 [ 58.933195] ? crypto_ahash_digest+0xe4/0x160 [ 58.937671] ? hash_sendpage+0xb40/0xe10 [ 58.941714] ? sock_sendpage+0x1de/0x2c0 [ 58.945757] ? pipe_to_sendpage+0x31b/0x430 [ 58.950060] ? __splice_from_pipe+0x49a/0xf30 [ 58.954537] ? generic_splice_sendpage+0x1c6/0x2a0 [ 58.959452] ? direct_splice_actor+0x19b/0x200 [ 58.964022] ? splice_direct_to_actor+0x764/0x1040 [ 58.968939] ? do_splice_direct+0x335/0x540 [ 58.973243] ? do_sendfile+0x1067/0x1e40 [ 58.977295] ? SYSC_sendfile64+0x1b3/0x300 [ 58.981511] ? SyS_sendfile64+0x64/0x90 [ 58.985552] ? do_syscall_64+0x309/0x430 [ 58.989610] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.994957] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 59.000302] ? is_bpf_text_address+0xb4/0x4b0 [ 59.004781] ? __is_insn_slot_addr+0x198/0x1c0 [ 59.009346] ? kmsan_memcpy_origins+0xf1/0x170 [ 59.013919] wp512_final+0x2f6/0x780 [ 59.017623] wp256_final+0x8c/0x110 [ 59.022536] ? shash_finup_unaligned+0x35c/0x3f0 [ 59.027277] ? wp384_final+0x110/0x110 [ 59.031149] ? wp384_final+0x110/0x110 [ 59.035023] shash_finup_unaligned+0x3a8/0x3f0 [ 59.039593] ? crypto_shash_finup+0x520/0x520 [ 59.044068] shash_ahash_finup+0x468/0xa30 [ 59.048289] shash_ahash_digest+0x5c6/0x600 [ 59.052599] shash_async_digest+0x11c/0x1b0 [ 59.056906] crypto_ahash_op+0x89a/0xc10 [ 59.060950] ? __kmalloc+0x23c/0x350 [ 59.064646] ? shash_async_finup+0x1b0/0x1b0 [ 59.069041] ? shash_async_finup+0x1b0/0x1b0 [ 59.073435] crypto_ahash_digest+0xe4/0x160 [ 59.077740] hash_sendpage+0xb40/0xe10 [ 59.081614] ? hash_recvmsg+0xd50/0xd50 [ 59.085575] sock_sendpage+0x1de/0x2c0 [ 59.089453] pipe_to_sendpage+0x31b/0x430 [ 59.093584] ? sock_fasync+0x2b0/0x2b0 [ 59.097459] ? propagate_umount+0x3a30/0x3a30 [ 59.101938] __splice_from_pipe+0x49a/0xf30 [ 59.106244] ? generic_splice_sendpage+0x2a0/0x2a0 [ 59.111163] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 59.116511] generic_splice_sendpage+0x1c6/0x2a0 [ 59.121256] ? iter_file_splice_write+0x1710/0x1710 [ 59.126255] ? iter_file_splice_write+0x1710/0x1710 [ 59.131257] direct_splice_actor+0x19b/0x200 [ 59.135654] splice_direct_to_actor+0x764/0x1040 [ 59.140393] ? do_splice_direct+0x540/0x540 [ 59.144697] ? security_file_permission+0x28f/0x4b0 [ 59.149700] ? rw_verify_area+0x35e/0x580 [ 59.153838] do_splice_direct+0x335/0x540 [ 59.157977] do_sendfile+0x1067/0x1e40 [ 59.161858] SYSC_sendfile64+0x1b3/0x300 [ 59.165906] SyS_sendfile64+0x64/0x90 [ 59.169688] do_syscall_64+0x309/0x430 [ 59.173560] ? SYSC_sendfile+0x320/0x320 [ 59.177608] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.182781] RIP: 0033:0x455259 [ 59.185953] RSP: 002b:00007f19697f6c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 59.193642] RAX: ffffffffffffffda RBX: 00007f19697f76d4 RCX: 0000000000455259 [ 59.200895] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 59.208147] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.215397] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff [ 59.222646] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 59.230316] Dumping ftrace buffer: [ 59.233839] (ftrace buffer empty) [ 59.237520] Kernel Offset: disabled [ 59.241120] Rebooting in 86400 seconds..