INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. 2018/04/07 09:03:16 fuzzer started 2018/04/07 09:03:16 dialing manager at 10.128.0.26:38639 2018/04/07 09:03:22 kcov=true, comps=false 2018/04/07 09:03:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000dbaffc)='bbr\x00', 0x4) 2018/04/07 09:03:25 executing program 2: mmap(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x3, 0x8972, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000001ff8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mremap(&(0x7f0000a93000/0x1000)=nil, 0x1000, 0xe000, 0x3, &(0x7f0000b18000/0xe000)=nil) ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000b1d000)={&(0x7f0000a93000/0x3000)=nil, 0x20000002, 0x0, 0x0, &(0x7f0000b1c000/0x4000)=nil}) mprotect(&(0x7f0000b1d000/0x2000)=nil, 0x2000, 0x5) vmsplice(r0, &(0x7f0000b1d000)=[{&(0x7f0000005fe3)}], 0x1, 0x0) 2018/04/07 09:03:25 executing program 7: r0 = syz_open_dev$random(&(0x7f000031cff8)='/dev/random\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000003ff4)={0x4}) ppoll(&(0x7f00005d7000)=[{r1}], 0x1, &(0x7f0000376000), &(0x7f0000e97ff8), 0x8) 2018/04/07 09:03:25 executing program 1: mkdir(&(0x7f0000b17ff8)='./file0\x00', 0x0) r0 = open(&(0x7f0000aa0000)='./file0\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x800000000402, 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f00004e2ff8)='./file0\x00', 0x0, 0x0) fcntl$dupfd(r2, 0x402, 0xffffffffffffffff) fcntl$dupfd(r0, 0x280000000000402, r1) 2018/04/07 09:03:25 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000d5effc)) 2018/04/07 09:03:25 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) fgetxattr(r0, &(0x7f0000cf9feb)=@known='system.sockprotoname\x00', &(0x7f0000cfaffc)=""/2, 0x2) 2018/04/07 09:03:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000892ff0)=[{&(0x7f0000c10fa8)="580000001400192300a13680040d8c560aff0000000000001ffffffffffffc01000004ca7f64643e8900050028635a00040af610000240e11b001a05000000ed5dfffff5000022000d000100040408000000000004000000", 0x58}], 0x1) 2018/04/07 09:03:25 executing program 6: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000816000/0x2000)=nil, 0x2000, 0x2, &(0x7f0000fbf000)=0x200000000000009, 0x3a2, 0x0) mbind(&(0x7f0000144000/0x1000)=nil, 0x1000, 0x1, &(0x7f00003afff8), 0x2, 0x0) mbind(&(0x7f0000024000/0xc00000)=nil, 0xc00000, 0x3, &(0x7f0000c28000)=0x800003f, 0xf0, 0x0) syzkaller login: [ 43.016631] ip (3758) used greatest stack depth: 54688 bytes left [ 43.453531] ip (3799) used greatest stack depth: 54072 bytes left [ 46.491417] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.545848] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.563242] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.621418] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.647835] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.661584] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.753911] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.950782] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.252157] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.332234] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.387203] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.403819] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.648742] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.675624] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.684428] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.000441] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.006732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.022204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.056930] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.117983] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.124273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.138648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.172205] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.179730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.218174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.243302] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.250495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.286620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.416348] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.422615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.434975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.527098] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.534291] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.540615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.552941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.595207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.612624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.824216] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.830498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.841488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 09:03:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x5, &(0x7f0000002000)=@framed={{0x18}, [@call={0x85, 0x0, 0x0, 0x1}], {0x95}}, &(0x7f0000003ff6)='syzkaller\x00', 0x3, 0xc3, &(0x7f0000a45f3d)=""/195}, 0x48) 2018/04/07 09:03:42 executing program 5: setrlimit(0x8, &(0x7f0000ce9000)) mmap(&(0x7f0000ee5000/0x2000)=nil, 0x2000, 0x0, 0x2aeb4800bb21a972, 0xffffffffffffffff, 0x0) 2018/04/07 09:03:42 executing program 6: mlock2(&(0x7f0000cd0000/0x4000)=nil, 0x4000, 0x0) mbind(&(0x7f00009aa000/0x4000)=nil, 0x4000, 0x8001, &(0x7f000002bff8)=0xfffffffffffffffd, 0x5, 0x0) mbind(&(0x7f0000024000/0xc00000)=nil, 0xc00000, 0x8001, &(0x7f0000c28000)=0x3f, 0x5, 0x0) 2018/04/07 09:03:42 executing program 1: mkdir(&(0x7f0000578000)='./file0\x00', 0x0) lsetxattr(&(0x7f0000712ff8)='./file0\x00', &(0x7f0000faffe7)=@known='system.posix_acl_default\x00', &(0x7f000054afec)="0200000001000000000000000100008000000000", 0x14, 0x0) 2018/04/07 09:03:42 executing program 4: pipe(&(0x7f00005afff8)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00007f0000)=[{&(0x7f0000036fc4)="e1", 0x1}], 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000e28ff8)=0x1) write(r0, &(0x7f0000335000), 0xfc94) 2018/04/07 09:03:42 executing program 7: r0 = socket$inet6(0xa, 0x3, 0xe2) setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000000)=0x4, 0x7f774d6d) 2018/04/07 09:03:42 executing program 3: r0 = socket(0x1000000010, 0x802, 0x0) sendmsg$nl_route(r0, &(0x7f0000f72fc8)={&(0x7f00008d4000)={0x10}, 0xc, &(0x7f0000f75ff0)={&(0x7f0000bc2f88)=@newneigh={0x24, 0x1c, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, {0xc}, [@NDA_DST_IPV4={0x8, 0x1, @multicast1=0xe0000001}]}, 0x24}, 0x1}, 0x0) 2018/04/07 09:03:42 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000026f000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x40007) sendfile(r1, r2, &(0x7f0000ccb000), 0x400) [ 57.949187] ================================================================== [ 57.956607] BUG: KMSAN: uninit-value in sha256_generic_block_fn+0xb05f/0xb460 [ 57.963886] CPU: 0 PID: 5072 Comm: syz-executor2 Not tainted 4.16.0+ #81 [ 57.970723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.980072] Call Trace: [ 57.982660] dump_stack+0x185/0x1d0 [ 57.986292] ? sha256_generic_block_fn+0xb05f/0xb460 [ 57.991389] kmsan_report+0x142/0x240 [ 57.995189] __msan_warning_32+0x6c/0xb0 2018/04/07 09:03:43 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000474fec)={0x1, 0x800000000000003b, 0x7, 0x4}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000491000)={r0, &(0x7f0000e01ff8)="fc0bd02cf0ea1358", &(0x7f000006f000)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f000077cfe0)={r0, &(0x7f0000ab2000), &(0x7f0000da1000)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000146000)={r0, &(0x7f00005da000), &(0x7f0000d30000)}, 0x20) 2018/04/07 09:03:43 executing program 6: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x1, 0x5, 0x9}, 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000ef5000)={0x1, 0x7, &(0x7f0000ef2fa8)=@framed={{0x18}, [@map={0x18, 0x2, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0xc}], {0x95}}, &(0x7f0000ef2ff6)='syzkaller\x00', 0xa88d, 0x8b, &(0x7f0000ef2000)=""/139}, 0x48) [ 57.999253] sha256_generic_block_fn+0xb05f/0xb460 [ 58.004183] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.009549] ? is_bpf_text_address+0xb4/0x4b0 [ 58.014052] ? __is_insn_slot_addr+0x198/0x1c0 [ 58.018646] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.024106] ? __save_stack_trace+0x893/0xa80 [ 58.028616] crypto_sha256_finup+0x778/0x7e0 [ 58.033037] ? sha256_generic_block_fn+0xb460/0xb460 [ 58.038148] shash_ahash_finup+0x468/0xa30 [ 58.042387] shash_ahash_digest+0x5c6/0x600 [ 58.046718] shash_async_digest+0x11c/0x1b0 [ 58.051196] crypto_ahash_op+0x89a/0xc10 [ 58.055258] ? __kmalloc+0x23c/0x350 [ 58.058971] ? shash_async_finup+0x1b0/0x1b0 [ 58.063378] ? shash_async_finup+0x1b0/0x1b0 [ 58.067787] crypto_ahash_digest+0xe4/0x160 [ 58.072113] hash_sendpage+0xb40/0xe10 [ 58.076006] ? hash_recvmsg+0xd50/0xd50 [ 58.079984] sock_sendpage+0x1de/0x2c0 [ 58.083878] pipe_to_sendpage+0x31b/0x430 [ 58.088028] ? sock_fasync+0x2b0/0x2b0 [ 58.091928] ? propagate_umount+0x3a30/0x3a30 2018/04/07 09:03:43 executing program 3: r0 = socket(0x1000000010, 0x802, 0x0) sendmsg$nl_route(r0, &(0x7f0000f72fc8)={&(0x7f00008d4000)={0x10}, 0xc, &(0x7f0000f75ff0)={&(0x7f0000bc2f88)=@newneigh={0x24, 0x1c, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, {0xc}, [@NDA_DST_IPV4={0x8, 0x1, @multicast1=0xe0000001}]}, 0x24}, 0x1}, 0x0) [ 58.096428] __splice_from_pipe+0x49a/0xf30 [ 58.100749] ? generic_splice_sendpage+0x2a0/0x2a0 [ 58.105682] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.111052] generic_splice_sendpage+0x1c6/0x2a0 [ 58.115820] ? iter_file_splice_write+0x1710/0x1710 [ 58.120846] ? iter_file_splice_write+0x1710/0x1710 [ 58.125864] direct_splice_actor+0x19b/0x200 [ 58.130278] splice_direct_to_actor+0x764/0x1040 [ 58.135037] ? do_splice_direct+0x540/0x540 [ 58.139367] ? security_file_permission+0x28f/0x4b0 [ 58.144386] ? rw_verify_area+0x35e/0x580 [ 58.148538] do_splice_direct+0x335/0x540 [ 58.152696] do_sendfile+0x1067/0x1e40 [ 58.156595] SYSC_sendfile64+0x1b3/0x300 [ 58.160670] SyS_sendfile64+0x64/0x90 [ 58.164463] do_syscall_64+0x309/0x430 [ 58.168369] ? SYSC_sendfile+0x320/0x320 [ 58.172438] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.177622] RIP: 0033:0x455259 [ 58.180803] RSP: 002b:00007f0afa116c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 58.188508] RAX: ffffffffffffffda RBX: 00007f0afa1176d4 RCX: 0000000000455259 2018/04/07 09:03:43 executing program 4: r0 = socket(0x10, 0x80000000000002, 0x0) write(r0, &(0x7f0000dd2f63)="240000002400ff000000042300367700e4ffffff0100000000000000ffffffff0100ff10", 0x24) 2018/04/07 09:03:43 executing program 7: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0509000100030100ff3ffe58", 0x1f}], 0x1) [ 58.195781] RDX: 0000000020ccb000 RSI: 0000000000000015 RDI: 0000000000000014 [ 58.203071] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.210336] R10: 0000000000000400 R11: 0000000000000246 R12: 00000000ffffffff [ 58.217732] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 58.225001] [ 58.226616] Uninit was created at: [ 58.230165] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 58.235195] kmsan_alloc_page+0x82/0xe0 [ 58.239171] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 58.243925] alloc_pages_vma+0xcc8/0x1800 [ 58.248092] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 58.253106] shmem_getpage_gfp+0x35db/0x5770 [ 58.257517] shmem_fallocate+0xde2/0x1610 [ 58.261660] vfs_fallocate+0x9dc/0xde0 [ 58.265546] SYSC_fallocate+0x119/0x1d0 [ 58.269731] SyS_fallocate+0x64/0x90 [ 58.273447] do_syscall_64+0x309/0x430 [ 58.277336] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.282510] ================================================================== [ 58.289853] Disabling lock debugging due to kernel taint [ 58.295291] Kernel panic - not syncing: panic_on_warn set ... [ 58.295291] [ 58.302654] CPU: 0 PID: 5072 Comm: syz-executor2 Tainted: G B 4.16.0+ #81 [ 58.310804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.320150] Call Trace: [ 58.322739] dump_stack+0x185/0x1d0 [ 58.326373] panic+0x39d/0x940 [ 58.329589] ? sha256_generic_block_fn+0xb05f/0xb460 [ 58.334693] kmsan_report+0x238/0x240 [ 58.338496] __msan_warning_32+0x6c/0xb0 [ 58.342564] sha256_generic_block_fn+0xb05f/0xb460 [ 58.347500] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.352863] ? is_bpf_text_address+0xb4/0x4b0 [ 58.357363] ? __is_insn_slot_addr+0x198/0x1c0 [ 58.361955] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.367412] ? __save_stack_trace+0x893/0xa80 [ 58.371922] crypto_sha256_finup+0x778/0x7e0 [ 58.376336] ? sha256_generic_block_fn+0xb460/0xb460 [ 58.381435] shash_ahash_finup+0x468/0xa30 [ 58.385675] shash_ahash_digest+0x5c6/0x600 [ 58.390002] shash_async_digest+0x11c/0x1b0 [ 58.394326] crypto_ahash_op+0x89a/0xc10 [ 58.398386] ? __kmalloc+0x23c/0x350 [ 58.402096] ? shash_async_finup+0x1b0/0x1b0 [ 58.406501] ? shash_async_finup+0x1b0/0x1b0 [ 58.410913] crypto_ahash_digest+0xe4/0x160 [ 58.415237] hash_sendpage+0xb40/0xe10 [ 58.419128] ? hash_recvmsg+0xd50/0xd50 [ 58.423102] sock_sendpage+0x1de/0x2c0 [ 58.427001] pipe_to_sendpage+0x31b/0x430 [ 58.431153] ? sock_fasync+0x2b0/0x2b0 [ 58.435048] ? propagate_umount+0x3a30/0x3a30 [ 58.439549] __splice_from_pipe+0x49a/0xf30 [ 58.443870] ? generic_splice_sendpage+0x2a0/0x2a0 [ 58.448801] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.454167] generic_splice_sendpage+0x1c6/0x2a0 [ 58.458931] ? iter_file_splice_write+0x1710/0x1710 [ 58.463947] ? iter_file_splice_write+0x1710/0x1710 [ 58.468960] direct_splice_actor+0x19b/0x200 [ 58.473374] splice_direct_to_actor+0x764/0x1040 [ 58.478133] ? do_splice_direct+0x540/0x540 [ 58.482457] ? security_file_permission+0x28f/0x4b0 [ 58.487480] ? rw_verify_area+0x35e/0x580 [ 58.491639] do_splice_direct+0x335/0x540 [ 58.495792] do_sendfile+0x1067/0x1e40 [ 58.499694] SYSC_sendfile64+0x1b3/0x300 [ 58.503761] SyS_sendfile64+0x64/0x90 [ 58.507561] do_syscall_64+0x309/0x430 [ 58.511447] ? SYSC_sendfile+0x320/0x320 [ 58.515510] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.520691] RIP: 0033:0x455259 [ 58.523869] RSP: 002b:00007f0afa116c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 58.531571] RAX: ffffffffffffffda RBX: 00007f0afa1176d4 RCX: 0000000000455259 [ 58.538834] RDX: 0000000020ccb000 RSI: 0000000000000015 RDI: 0000000000000014 [ 58.546097] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.553363] R10: 0000000000000400 R11: 0000000000000246 R12: 00000000ffffffff [ 58.560627] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 58.568368] Dumping ftrace buffer: [ 58.571886] (ftrace buffer empty) [ 58.575565] Kernel Offset: disabled [ 58.579161] Rebooting in 86400 seconds..