INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.36' (ECDSA) to the list of known hosts. 2018/04/09 10:41:14 fuzzer started 2018/04/09 10:41:15 dialing manager at 10.128.0.26:38911 2018/04/09 10:41:21 kcov=true, comps=false 2018/04/09 10:41:24 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x101902) memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x10, "af9b361338f1a8d623b53de3089e5a230624bd8adcb137ef2254fd6249f559bf7c039f464a3da450df14e761bb1ea78b13ffbe75aad8aacf46dbb19cce7bdc1d", "aab1cc3ed18a45980c45546c8e70e80f50237cf9bc650e459d1610df5f9f6474276528158031fc57870a068c2fb6ce72258c8c52bc6fba0535dd137290762b29", "022c0dd94707ebe324bab14648893be769f6304df9bdd9fc6e2ce1fde42a8cb7", [0x9, 0xfffffffffffffffa]}) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000002c0)) 2018/04/09 10:41:24 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x0) clone(0x0, &(0x7f0000000180), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000002c0)) 2018/04/09 10:41:24 executing program 7: socket$packet(0x11, 0xa, 0x300) syz_emit_ethernet(0x1, &(0x7f00000b9000)=ANY=[@ANYBLOB="ffffffffffff0180c200000008004500001c000000ffa4779078ac14ffbbe00000010000000000089078"], 0x0) 2018/04/09 10:41:24 executing program 4: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) 2018/04/09 10:41:24 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f00000010c0)=0x200000000) pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/4096, 0x1000, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) truncate(&(0x7f0000000140)='./file0\x00', 0x0) 2018/04/09 10:41:24 executing program 6: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='comm\x00') prctl$seccomp(0x16, 0x1, &(0x7f00000001c0)={0x2000000000000098, &(0x7f0000000240)}) pkey_alloc(0x0, 0x0) sendfile(r0, r0, 0x0, 0x40) 2018/04/09 10:41:24 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000680)=@migrate={0xac, 0x21, 0x3, 0x0, 0x0, {{@in=@multicast2=0xe0000002, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffffffffff}}, [@migrate={0x5c, 0x11, [{@in6=@ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, @in6=@dev={0xfe, 0x80}}, {@in6=@remote={0xfe, 0x80, [], 0xbb}, @in=@multicast2=0xe0000002}]}]}, 0xac}, 0x1}, 0x0) 2018/04/09 10:41:24 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f00000010c0)=0x200000000) pread64(r1, &(0x7f00000000c0)=""/4096, 0x1000, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c80) truncate(&(0x7f0000000140)='./file0\x00', 0x0) syzkaller login: [ 43.954636] ip (3764) used greatest stack depth: 54672 bytes left [ 44.501432] ip (3817) used greatest stack depth: 54408 bytes left [ 45.492396] ip (3907) used greatest stack depth: 54200 bytes left [ 47.396255] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.525694] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.637978] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.723096] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.732913] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.789984] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.800314] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.943992] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.386253] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.400114] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.617420] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.672528] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.687106] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.857138] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.932328] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.131871] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.144121] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.150397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.161224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.188495] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.202347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.236264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.445754] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.452111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.460732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.492963] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.501734] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.507996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.518520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.547794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.569134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.647327] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.653597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.672694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.785862] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.792190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.803747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.944677] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.950982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.960441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/09 10:41:41 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000ec3000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000100)={0x0, @in6={{0xa, 0x0, 0x0, @dev={0xfe, 0x80}}}}, &(0x7f00000001c0)=0x84) r2 = dup3(r1, r0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) recvmmsg(r1, &(0x7f0000f40000)=[{{&(0x7f0000ee8000)=@nfc_llcp, 0x60, &(0x7f0000f40000), 0x0, &(0x7f0000f40000)=""/7, 0x7}}], 0x25f, 0x0, &(0x7f0000f40ff0)={0x77359400}) add_key$user(&(0x7f0000000300)='user\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000380), 0x0, 0xfffffffffffffffe) ioctl$DRM_IOCTL_DMA(r2, 0xc0286429, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000400), &(0x7f0000000780)=[0x359e, 0x2, 0xfff, 0x0, 0x7ff], 0x15, 0x2, 0xffff, &(0x7f00000007c0)=[0x0, 0x0], &(0x7f0000000800)=[0x9]}) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)) keyctl$search(0xa, 0x0, &(0x7f0000000700)='id_resolver\x00', &(0x7f0000000740)={0x73, 0x79, 0x7a}, 0x0) [ 58.541365] audit: type=1326 audit(1523270501.539:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5028 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0x0 2018/04/09 10:41:41 executing program 1: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@random="cd390b081bf2", @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x4, 0x0, @loopback={0x4, 0x1}, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], "802a08000000006b"}}}}}}}, 0x0) 2018/04/09 10:41:41 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x101902) clone(0x0, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f0000804000)) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "af9b361338f1a8d623b53de3089e5a230624bd8adcb137ef2254fd6249f559bf7c039f464a3da450df14e761bb1ea78b13ffbe75aad8aacf46dbb19cce7bdc1d", "aab1cc3ed18a45980c45546c8e70e80f50237cf9bc650e459d1610df5f9f6474276528158031fc57870a068c2fb6ce72258c8c52bc6fba0535dd137290762b29", "022c0dd94707ebe324bab14648893be769f6304df9bdd9fc6e2ce1fde42a8cb7"}) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f00000002c0)) 2018/04/09 10:41:41 executing program 4: mlockall(0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000032e000)) chdir(&(0x7f0000f95000)='./file0\x00') r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x80203, 0x0) [ 59.405302] audit: type=1326 audit(1523270502.404:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5028 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0x0 2018/04/09 10:41:43 executing program 0: 2018/04/09 10:41:43 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x34000}, 0xc, &(0x7f0000000200)={&(0x7f0000000240)={0x18, 0x2e, 0x6ff, 0x0, 0x0, {0x2002}, [@generic='\r']}, 0x18}, 0x1}, 0x0) 2018/04/09 10:41:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000001c00070f000000000000000007000000", @ANYBLOB="0000ff000a00020079aaaac7aaaa681e"], 0x2}, 0x1}, 0x0) 2018/04/09 10:41:43 executing program 4: mlockall(0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000032e000)) chdir(&(0x7f0000f95000)='./file0\x00') r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x7fff) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x80203, 0x0) 2018/04/09 10:41:43 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x101902) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "af9b361338f1a8d623b53de3089e5a230624bd8adcb137ef2254fd6249f559bf7c039f464a3da450df14e761bb1ea78b13ffbe75aad8aacf46dbb19cce7bdc1d", "aab1cc3ed18a45980c45546c8e70e80f50237cf9bc650e459d1610df5f9f6474276528158031fc57870a068c2fb6ce72258c8c52bc6fba0535dd137290762b29", "022c0dd94707ebe324bab14648893be769f6304df9bdd9fc6e2ce1fde42a8cb7"}) 2018/04/09 10:41:43 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) shutdown(r0, 0x1) 2018/04/09 10:41:43 executing program 3: 2018/04/09 10:41:43 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x1000) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00003b8ffc)=0x51) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x3) 2018/04/09 10:41:43 executing program 1: 2018/04/09 10:41:43 executing program 0: 2018/04/09 10:41:43 executing program 5: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000fa3000)={&(0x7f0000d0b000)=@ax25, 0x10, &(0x7f00002e6f80), 0x0, &(0x7f0000878000)}, 0x0) 2018/04/09 10:41:44 executing program 7: 2018/04/09 10:41:44 executing program 3: socket$inet_sctp(0x2, 0x5, 0x84) r0 = syz_open_pts(0xffffffffffffffff, 0x40000) ioctl$TIOCNOTTY(r0, 0x5422) r1 = socket(0x11, 0x803, 0x300) syz_emit_ethernet(0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff05ffffffffff08004500002400000000002033b1e7f9ffbbe0000001000000000401907800d73cde00f53475928248487a9b529dee8b665ef123347953825c5b185b06c18263993da1c8e1e424e7f06ac93d77ea7632f834a3a9f289a4e6a15cf1899a065648b29a4703e986eefec97c3df5835131fd65f841ec33f23a786662aa6e6d738bef88dca2375e60201d456efc1228aae2afd0fc85999adfe68e9927b12d98117946def2256f8d80f1fd9dcdf50863c62752d9ede654bf49ae2604e26bbe79e6f3dcff89c0b9657babc004b8d77161ed001c716c328ec87809fe679bdee7ac9533c87540d74f209f918cddce26914450dcec7710"], 0x0) r2 = syz_open_dev$random(&(0x7f0000001000)='/dev/random\x00', 0x0, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x62000)=nil, 0x62000, 0x0, 0x11, r3, 0x0) clone(0x0, &(0x7f0000a36000), &(0x7f0000855000), &(0x7f0000006ffc), &(0x7f0000340000)) epoll_create1(0x0) preadv(r2, &(0x7f00006a6000)=[{&(0x7f0000005000)=""/2, 0x2}], 0x1, 0x0) getsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f00000001c0)=0x10000, &(0x7f0000000200)=0x4) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x7, 0x30}, 0xc) recvmmsg(r1, &(0x7f00000062c0)=[{{0x0, 0x0, &(0x7f0000005a80)=[{&(0x7f00000059c0)=""/185, 0xb9}], 0x1, &(0x7f0000005ac0)=""/27, 0x1b}}], 0x1, 0x0, 0x0) seccomp(0x1, 0x0, &(0x7f0000000380)={0x2, &(0x7f0000000000)=[{0x7f, 0x100000001, 0x7fffffff, 0xebd}, {0x5, 0x9}]}) 2018/04/09 10:41:44 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) shutdown(r0, 0x1) 2018/04/09 10:41:44 executing program 4: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0xfffffffffffffc40) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0xfb, 0xfffffffffffffecb) sendto$inet6(r0, &(0x7f00000000c0), 0xffffffffffffff87, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x100000002, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) 2018/04/09 10:41:44 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f000003e000)='\'', 0x0) r2 = syz_open_dev$sndseq(&(0x7f0000d82000)='/dev/snd/seq\x00', 0x0, 0x8000000040102) r3 = dup2(r2, r2) write$sndseq(r1, &(0x7f0000e6ffd0)=[{0x0, 0x0, 0x0, 0x3fd}], 0x30) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) sendfile(r3, r1, &(0x7f0000000040), 0x80000000) 2018/04/09 10:41:44 executing program 6: 2018/04/09 10:41:44 executing program 0: 2018/04/09 10:41:44 executing program 5: 2018/04/09 10:41:44 executing program 5: 2018/04/09 10:41:44 executing program 6: 2018/04/09 10:41:44 executing program 7: 2018/04/09 10:41:44 executing program 0: 2018/04/09 10:41:44 executing program 5: 2018/04/09 10:41:44 executing program 6: 2018/04/09 10:41:44 executing program 3: 2018/04/09 10:41:44 executing program 4: 2018/04/09 10:41:44 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f000003e000)='\'', 0x0) r2 = syz_open_dev$sndseq(&(0x7f0000d82000)='/dev/snd/seq\x00', 0x0, 0x8000000040102) r3 = dup2(r2, r2) write$sndseq(r1, &(0x7f0000e6ffd0)=[{0x0, 0x0, 0x0, 0x3fd}], 0x30) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) sendfile(r3, r1, &(0x7f0000000040), 0x80000000) 2018/04/09 10:41:44 executing program 5: 2018/04/09 10:41:44 executing program 7: 2018/04/09 10:41:44 executing program 2: 2018/04/09 10:41:44 executing program 0: 2018/04/09 10:41:44 executing program 5: 2018/04/09 10:41:44 executing program 2: 2018/04/09 10:41:44 executing program 6: 2018/04/09 10:41:44 executing program 0: 2018/04/09 10:41:44 executing program 7: 2018/04/09 10:41:44 executing program 4: 2018/04/09 10:41:44 executing program 1: 2018/04/09 10:41:44 executing program 6: 2018/04/09 10:41:44 executing program 3: perf_event_open(&(0x7f000057c000)={0x2, 0x70, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setrlimit(0x7, &(0x7f00008ec000)) eventfd(0x0) 2018/04/09 10:41:44 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0xa00000000002, 0x0, &(0x7f00009c6ff8)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000002000)={0x1}) fcntl$lock(r0, 0x6, &(0x7f0000010000)={0x0, 0x0, 0x0, 0x2}) 2018/04/09 10:41:45 executing program 7: r0 = memfd_create(&(0x7f0000485000)="402670726f626b7379721a6e6700", 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000f36000)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r2, 0xc0305302, &(0x7f0000742000)={0x0, 0x0, 0x0, {0x0, 0x1c9c380}}) 2018/04/09 10:41:45 executing program 1: r0 = socket(0x400020000000010, 0x2, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x400, 0x0) write(r0, &(0x7f0000000000)="1f00000056000d6dfcffff00bc0203030700ef2104173f8100000002000039", 0x1f) 2018/04/09 10:41:45 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x4], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000000)) 2018/04/09 10:41:45 executing program 6: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000012e000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) connect$inet(r0, &(0x7f0000987000)={0x2, 0x4e23}, 0x10) 2018/04/09 10:41:45 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f00000010c0)=0x200000000) pread64(r1, &(0x7f00000000c0)=""/4096, 0x1000, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 2018/04/09 10:41:45 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='subvolid=p']) 2018/04/09 10:41:45 executing program 3: request_key(&(0x7f0000000040)='encrypted\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a}, &(0x7f00000000c0)='\x00', 0xffffffffffffffff) 2018/04/09 10:41:45 executing program 2: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) 2018/04/09 10:41:45 executing program 6: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='subvolid=t']) 2018/04/09 10:41:45 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x4], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000000)) 2018/04/09 10:41:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f00000b2000)=0xffffffffffffffff, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='vcan0\x00', 0x10) sendto$inet(r0, &(0x7f0000000280), 0x0, 0x800000020000000, &(0x7f0000000140)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x0, 0x800000000000852b, 0xffff}, 0x14) writev(r0, &(0x7f0000818ff0)=[{&(0x7f0000000000)="0b9a95785f11e0e7b6f4de7afeabc7fc7700481d21aa090ef74dd23f6917aa54cc", 0x21}], 0x1) 2018/04/09 10:41:45 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f00000010c0)=0x200000000) pread64(r1, &(0x7f00000000c0)=""/4096, 0x1000, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) truncate(&(0x7f0000000140)='./file0\x00', 0x0) 2018/04/09 10:41:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xd25000)=nil, 0xd25000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) setrlimit(0x9, &(0x7f000091dff0)) 2018/04/09 10:41:45 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x40007) sendfile(r1, r2, &(0x7f0000000200)=0x40000, 0x8) [ 62.548489] ================================================================== [ 62.555914] BUG: KMSAN: uninit-value in crc32_le+0xb64/0xcd0 [ 62.561719] CPU: 1 PID: 5260 Comm: syz-executor7 Not tainted 4.16.0+ #82 [ 62.568555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.577906] Call Trace: [ 62.580506] dump_stack+0x185/0x1d0 [ 62.584146] ? crc32_le+0xb64/0xcd0 [ 62.587776] kmsan_report+0x142/0x240 [ 62.591582] __msan_warning_32+0x6c/0xb0 2018/04/09 10:41:45 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000b00)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$cgroup_pid(r2, &(0x7f0000000140)=ANY=[@ANYBLOB='['], 0x1) sendfile(r2, r2, &(0x7f0000000040), 0x80000001) sendfile(r2, r1, 0x0, 0xc08f) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x0) [ 62.595643] crc32_le+0xb64/0xcd0 [ 62.599095] ? __schedule+0x6a1/0x730 [ 62.602902] ? hash_walk_new_entry+0x615/0x720 [ 62.607486] crc32_pclmul_le+0x1e7/0x340 [ 62.611552] crc32_pclmul_update+0xb6/0x120 [ 62.615871] ? crc32_pclmul_init+0xe0/0xe0 [ 62.620107] shash_async_update+0x290/0x360 [ 62.624442] ? shash_async_init+0x270/0x270 [ 62.628759] hash_sendpage+0x904/0xe10 [ 62.632655] ? hash_recvmsg+0xd50/0xd50 [ 62.636632] sock_sendpage+0x1de/0x2c0 [ 62.640530] pipe_to_sendpage+0x31b/0x430 [ 62.644680] ? sock_fasync+0x2b0/0x2b0 [ 62.648578] ? propagate_umount+0x3a30/0x3a30 [ 62.653074] __splice_from_pipe+0x49a/0xf30 [ 62.657402] ? generic_splice_sendpage+0x2a0/0x2a0 [ 62.662341] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 62.667713] generic_splice_sendpage+0x1c6/0x2a0 [ 62.672479] ? iter_file_splice_write+0x1710/0x1710 [ 62.677502] ? iter_file_splice_write+0x1710/0x1710 [ 62.682528] direct_splice_actor+0x19b/0x200 [ 62.686946] splice_direct_to_actor+0x764/0x1040 [ 62.691711] ? do_splice_direct+0x540/0x540 2018/04/09 10:41:45 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a00)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) r2 = dup3(r1, r0, 0x0) pwritev(r2, &(0x7f0000000b40)=[{&(0x7f0000000100)='\'', 0x1}], 0x1, 0x0) fcntl$setstatus(r0, 0x4, 0x4000) truncate(&(0x7f0000000140)='./file1\x00', 0x9) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x34123610) 2018/04/09 10:41:45 executing program 0: shmat(0x0, &(0x7f0000ffa000/0x4000)=nil, 0x0) [ 62.696047] ? security_file_permission+0x28f/0x4b0 [ 62.701080] ? rw_verify_area+0x35e/0x580 [ 62.705242] do_splice_direct+0x335/0x540 [ 62.709402] do_sendfile+0x1067/0x1e40 [ 62.713308] SYSC_sendfile64+0x1b3/0x300 [ 62.717384] SyS_sendfile64+0x64/0x90 [ 62.721181] do_syscall_64+0x309/0x430 [ 62.725084] ? SYSC_sendfile+0x320/0x320 [ 62.729152] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.734338] RIP: 0033:0x455259 [ 62.737523] RSP: 002b:00007ff842a8ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 2018/04/09 10:41:45 executing program 1: r0 = socket(0x1e, 0x2000000000000005, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000001300)=ANY=[@ANYBLOB="0e00000000000000000008"]}) [ 62.745235] RAX: ffffffffffffffda RBX: 00007ff842a8b6d4 RCX: 0000000000455259 [ 62.752504] RDX: 0000000020000200 RSI: 0000000000000015 RDI: 0000000000000014 [ 62.759773] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 62.767040] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff [ 62.774312] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 62.781583] [ 62.783187] Uninit was created at: [ 62.786721] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 62.791716] kmsan_alloc_page+0x82/0xe0 [ 62.795685] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 62.800434] alloc_pages_vma+0xcc8/0x1800 [ 62.804565] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 62.809579] shmem_getpage_gfp+0x35db/0x5770 [ 62.813978] shmem_fallocate+0xde2/0x1610 [ 62.818106] vfs_fallocate+0x9dc/0xde0 [ 62.821976] SYSC_fallocate+0x119/0x1d0 [ 62.825926] SyS_fallocate+0x64/0x90 [ 62.829623] do_syscall_64+0x309/0x430 [ 62.833499] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.838659] ================================================================== [ 62.846001] Disabling lock debugging due to kernel taint [ 62.851436] Kernel panic - not syncing: panic_on_warn set ... [ 62.851436] [ 62.858778] CPU: 1 PID: 5260 Comm: syz-executor7 Tainted: G B 4.16.0+ #82 [ 62.866898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.876232] Call Trace: [ 62.878803] dump_stack+0x185/0x1d0 [ 62.882417] panic+0x39d/0x940 [ 62.885609] ? crc32_le+0xb64/0xcd0 [ 62.889214] kmsan_report+0x238/0x240 [ 62.892996] __msan_warning_32+0x6c/0xb0 [ 62.897048] crc32_le+0xb64/0xcd0 [ 62.900485] ? __schedule+0x6a1/0x730 [ 62.904282] ? hash_walk_new_entry+0x615/0x720 [ 62.908846] crc32_pclmul_le+0x1e7/0x340 [ 62.912890] crc32_pclmul_update+0xb6/0x120 [ 62.917204] ? crc32_pclmul_init+0xe0/0xe0 [ 62.921434] shash_async_update+0x290/0x360 [ 62.925739] ? shash_async_init+0x270/0x270 [ 62.930045] hash_sendpage+0x904/0xe10 [ 62.933921] ? hash_recvmsg+0xd50/0xd50 [ 62.937873] sock_sendpage+0x1de/0x2c0 [ 62.941743] pipe_to_sendpage+0x31b/0x430 [ 62.945886] ? sock_fasync+0x2b0/0x2b0 [ 62.949773] ? propagate_umount+0x3a30/0x3a30 [ 62.954248] __splice_from_pipe+0x49a/0xf30 [ 62.958549] ? generic_splice_sendpage+0x2a0/0x2a0 [ 62.963474] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 62.968828] generic_splice_sendpage+0x1c6/0x2a0 [ 62.973579] ? iter_file_splice_write+0x1710/0x1710 [ 62.978585] ? iter_file_splice_write+0x1710/0x1710 [ 62.983591] direct_splice_actor+0x19b/0x200 [ 62.987993] splice_direct_to_actor+0x764/0x1040 [ 62.992906] ? do_splice_direct+0x540/0x540 [ 62.997210] ? security_file_permission+0x28f/0x4b0 [ 63.002210] ? rw_verify_area+0x35e/0x580 [ 63.006348] do_splice_direct+0x335/0x540 [ 63.010476] do_sendfile+0x1067/0x1e40 [ 63.014352] SYSC_sendfile64+0x1b3/0x300 [ 63.018405] SyS_sendfile64+0x64/0x90 [ 63.022196] do_syscall_64+0x309/0x430 [ 63.026074] ? SYSC_sendfile+0x320/0x320 [ 63.030118] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.035284] RIP: 0033:0x455259 [ 63.038449] RSP: 002b:00007ff842a8ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 63.046146] RAX: ffffffffffffffda RBX: 00007ff842a8b6d4 RCX: 0000000000455259 [ 63.053394] RDX: 0000000020000200 RSI: 0000000000000015 RDI: 0000000000000014 [ 63.060644] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 63.067893] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff [ 63.075149] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 63.082870] Dumping ftrace buffer: [ 63.086392] (ftrace buffer empty) [ 63.090073] Kernel Offset: disabled [ 63.093672] Rebooting in 86400 seconds..