INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. 2018/04/12 13:07:36 fuzzer started 2018/04/12 13:07:36 dialing manager at 10.128.0.26:41677 2018/04/12 13:07:43 kcov=true, comps=false 2018/04/12 13:07:45 executing program 0: 2018/04/12 13:07:45 executing program 2: 2018/04/12 13:07:45 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000000000200, &(0x7f00000006c0), &(0x7f0000c53000), &(0x7f0000f8b000), &(0x7f0000000280)) 2018/04/12 13:07:45 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000200, &(0x7f00000006c0), &(0x7f0000c53000), &(0x7f0000f8b000), &(0x7f0000000280)) 2018/04/12 13:07:45 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0xbb89, &(0x7f0000000040)=0x0) io_cancel(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000080)}, &(0x7f0000000180)) 2018/04/12 13:07:45 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000680)={&(0x7f0000000000)=@in={0x2, 0x0, @multicast2=0xe0000002}, 0x10, &(0x7f0000000440), 0x0, &(0x7f00000004c0)=[@init={0x18, 0x84}], 0x30}, 0x0) 2018/04/12 13:07:45 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = msgget$private(0x0, 0x0) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000040)=""/4) 2018/04/12 13:07:45 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000f6bfe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x800000}, 0x8000}) syzkaller login: [ 43.290419] ip (3760) used greatest stack depth: 54672 bytes left [ 43.499770] ip (3778) used greatest stack depth: 54312 bytes left [ 44.398313] ip (3868) used greatest stack depth: 53960 bytes left [ 46.566865] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.610339] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.655884] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.715774] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.781632] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.828856] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.868735] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.882694] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.401258] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.575408] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.641829] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.699070] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.708799] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.718384] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.765310] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.810097] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.128691] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.137107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.149761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.362281] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.371138] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.386641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.422888] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.431777] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.440293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.457458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.479707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.501175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.525854] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.534148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.548907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.585349] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.594469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.622641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.657815] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.664873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.679111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.693859] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.700163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.712709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/12 13:08:03 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000600)={0x10, 0x8000000000004, 0x4, 0x3, 0x0, 0x1}, 0x2c) bpf$MAP_CREATE(0x4, &(0x7f0000000880)={0x13, 0x0, 0x0, 0x0, 0x20000000, 0x0}, 0x2c) 2018/04/12 13:08:03 executing program 2: 2018/04/12 13:08:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000bea000)={&(0x7f00000001c0)=@newspdinfo={0x1c, 0x24, 0x401, 0x0, 0x0, 0x0, [@ipv4_hthresh={0x8, 0x3}]}, 0x1c}, 0x1}, 0x0) 2018/04/12 13:08:03 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000000000200, &(0x7f00000006c0), &(0x7f0000c53000), &(0x7f0000f8b000), &(0x7f0000000280)) 2018/04/12 13:08:03 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000040)={[0x30]}, 0x2) 2018/04/12 13:08:03 executing program 5: r0 = socket(0x11, 0x803, 0x0) bind$packet(r0, &(0x7f0000000000)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @random="06004ee72211"}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000922000), 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x46, &(0x7f000098dffc), 0x2) sendto$inet6(r1, &(0x7f0000000040), 0x0, 0x200408d4, &(0x7f000072e000)={0xa}, 0x1c) 2018/04/12 13:08:03 executing program 4: r0 = syz_open_dev$evdev(&(0x7f00003b4000)='/dev/input/event#\x00', 0xfffffffffffffffb, 0x0) ioctl$EVIOCGREP(r0, 0x40084503, &(0x7f00007fb000)=""/220) 2018/04/12 13:08:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="f778030000000000000058bfe34748275a4d7729a1a8a97c7f"], &(0x7f0000000640)="47504c00bc3047629662c71f3f5f26c0b48bec3e7ba6eb525f484f89fc96dd6ca64da40ff023122e66f6", 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x7, 0x5, &(0x7f0000000040)=@framed={{0x18}, [@jmp={0x5}], {0x95}}, &(0x7f0000000200)='syzkaller\x00', 0x80000001, 0x228, &(0x7f0000000300)=""/187}, 0x48) 2018/04/12 13:08:03 executing program 0: syz_emit_ethernet(0xfffffffffffffdef, &(0x7f0000002000)={@link_local={0x1, 0x80, 0xc2}, @random="b42d87402e52", [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @random="4d407a38bb1a", @remote={0xac, 0x14, 0x14, 0xbb}, @link_local={0x1, 0x80, 0xc2}, @multicast2=0xe0000002}}}}, &(0x7f0000000040)={0x0, 0x6, [0x0, 0x31d]}) 2018/04/12 13:08:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00009e7000)={&(0x7f0000789000)={0x10}, 0xc, &(0x7f0000329000)={&(0x7f0000369fa8)=@newneigh={0x24, 0x1c, 0x509, 0x0, 0x0, {0xa}, [@NDA_DST_IPV4={0x8, 0x1}]}, 0x24}, 0x1}, 0x0) 2018/04/12 13:08:03 executing program 6: clone(0x200, &(0x7f0000151000), &(0x7f0000000080), &(0x7f0000f8b000), &(0x7f00000002c0)) mknod(&(0x7f0000b75ff8)='./file0\x00', 0x2001001, 0x0) execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240), &(0x7f0000000140)) r0 = syz_open_procfs(0x0, &(0x7f000044b000)='io\x00') pread64(r0, &(0x7f0000000040)=""/53, 0x3, 0x0) lseek(r0, 0x0, 0x0) creat(&(0x7f0000b7a000)='./file0\x00', 0x0) 2018/04/12 13:08:03 executing program 3: r0 = socket(0x1f, 0x2000000000000005, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000380)={'bridge0\x00', &(0x7f00000003c0)=@ethtool_sset_info={0x12}}) 2018/04/12 13:08:03 executing program 5: r0 = socket(0x1f, 0x2000000000000005, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt(r0, 0x6, 0x0, &(0x7f00000000c0), 0x0) 2018/04/12 13:08:03 executing program 1: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) readahead(r0, 0x0, 0x0) 2018/04/12 13:08:03 executing program 4: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0xfff, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0xffff, 0x4) r1 = open(&(0x7f0000002000)='./bus\x00', 0x4002, 0x0) sendfile(r1, r0, 0x0, 0x20000) 2018/04/12 13:08:04 executing program 0: r0 = getpgid(0x0) sched_setaffinity(r0, 0x1cd, &(0x7f0000da3000)=0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000943ffc)=0xa35) read(r1, &(0x7f00003fefff)=""/1, 0x1) readv(r1, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)) 2018/04/12 13:08:04 executing program 7: r0 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$unlink(0x17, r0, 0x0) 2018/04/12 13:08:04 executing program 3: r0 = getpgid(0x0) sched_setattr(r0, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r4 = dup2(r3, r3) ioctl$TCSETS(r3, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000040)=0x8) read(r3, &(0x7f0000000080)=""/206, 0x7a8) r5 = syz_open_pts(r4, 0x0) ioctl$TCFLSH(r5, 0x540a, 0x0) 2018/04/12 13:08:04 executing program 5: clock_adjtime(0x0, &(0x7f0000476000)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x4000000011) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) 2018/04/12 13:08:04 executing program 1: syz_mount_image$iso9660(&(0x7f0000000140)='iso9660\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f00000005c0), 0x0, &(0x7f0000000640)={[{@mode={'mode', 0x3d}, 0x2c}]}) 2018/04/12 13:08:04 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00003cefe4)={&(0x7f0000000040)={0x10, 0x34000}, 0xc, &(0x7f0000007ff0)={&(0x7f0000000180)={0x18, 0x2e, 0x6fd, 0x0, 0x0, {0x2002}, [@nested={0x4}]}, 0x18}, 0x1}, 0x0) 2018/04/12 13:08:04 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000022ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback=0x7f000001}, 0x80, &(0x7f0000007f80)=[{&(0x7f000000a000)='\f', 0x1}], 0x1}, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendmsg(r1, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback=0x7f000001}, 0x80, &(0x7f0000007f80)=[{&(0x7f000000a000)='\f', 0x1}], 0x1}, 0x0) 2018/04/12 13:08:04 executing program 4: mmap(&(0x7f0000001000/0xffe000)=nil, 0xffe000, 0x0, 0x32, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000abfc0), &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f00001da000), 0x8}) 2018/04/12 13:08:05 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f00000000c0), 0x2) 2018/04/12 13:08:05 executing program 1: r0 = socket(0x1f, 0x2000000000000005, 0x0) bind$bt_rfcomm(r0, &(0x7f0000000000)={0x1f}, 0xa) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f00000004c0), &(0x7f0000000500)=0xfffffffffffffe2e) 2018/04/12 13:08:05 executing program 7: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet_sctp(r0, &(0x7f000093eee8)=[{&(0x7f0000000000)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1, &(0x7f0000000240)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x4, 0x8001, 0x5, 0xbb, 0x7f, 0x3, 0x26}}, @init={0x18, 0x84, 0x0, {0x20, 0x106, 0x1}}], 0x60, 0xffffffffffffffff}, {&(0x7f0000000040)=@in6={0xa, 0x4e20, 0x9, @local={0xfe, 0x80, [], 0xaa}, 0xc9}, 0x1c, &(0x7f0000000080), 0x0, &(0x7f000093ef10)=[@sndinfo={0x20, 0x84, 0x2}], 0x30}], 0x2, 0x200040c0) 2018/04/12 13:08:05 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000440)='hugetlb.2MB.failcnt\x00', 0x2, 0x0) read(r1, &(0x7f0000000480)=""/195, 0xffffffffffffffb4) 2018/04/12 13:08:05 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000028000006a0a00fffffff6006118"], &(0x7f0000000080)='syzkalleP\x00', 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xd, 0x5, &(0x7f0000000040)=@framed={{0x18}, [@jmp={0x5}], {0x95}}, &(0x7f0000000200)='syzkaller\x00', 0x80000001, 0x228, &(0x7f0000000300)=""/187}, 0x48) 2018/04/12 13:08:05 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) ioctl$sock_SIOCINQ(r0, 0x8941, &(0x7f0000000080)) 2018/04/12 13:08:05 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a2", 0x1) 2018/04/12 13:08:05 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x49, &(0x7f00000000c0)="1efc4568", 0x4) 2018/04/12 13:08:06 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000000000)="17", 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x0, 0x0) syz_open_dev$tun(&(0x7f0000589000)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000040)) socket$inet6_udp(0xa, 0x2, 0x0) timerfd_create(0x0, 0x0) syz_open_procfs(0x0, &(0x7f00006c6ff7)='net/igmp\x00') syz_open_procfs(0x0, &(0x7f0000000080)='attr\x00') pselect6(0x40, &(0x7f00003e0000), &(0x7f0000000000), &(0x7f0000e90000), &(0x7f0000000000)={0x77359400}, &(0x7f0000e85ff0)={&(0x7f0000c71ff8), 0x8}) 2018/04/12 13:08:06 executing program 2: r0 = socket$inet(0x2, 0x6, 0x0) setsockopt(r0, 0x0, 0x40, &(0x7f0000000000), 0x0) 2018/04/12 13:08:06 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000140), 0x0, 0x55c3}], 0x0, &(0x7f0000000780)=ANY=[]) read$eventfd(r0, &(0x7f0000000280), 0xffcb) 2018/04/12 13:08:06 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/rt6_stats\x00') r1 = socket$kcm(0x29, 0x2, 0x0) sendfile(r1, r0, &(0x7f000083c000)=0x2, 0x5) 2018/04/12 13:08:06 executing program 7: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000012ff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000008ff8)='./file1\x00', r0, &(0x7f0000012ff8)='./file0\x00') rmdir(&(0x7f0000000240)='./file0\x00') creat(&(0x7f0000020ff2)='./file0/file0\x00', 0x0) renameat(r0, &(0x7f0000020ff2)='./file1\x00', r0, &(0x7f0000002000)='./file0\x00') 2018/04/12 13:08:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004747410c0eaa820b8000007aa7c40a00afc74f8c3488"], &(0x7f0000000000)="47504c00bc3047eb525f484f89fc96dd6ca64da40ff023122e66f6", 0x0, 0xce, &(0x7f0000000300)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000028000006a0a00fffffff6006118"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x5, &(0x7f0000000040)=@framed={{0x18}, [@jmp={0x5}], {0x95}}, &(0x7f00000004c0)="73797a6b584e3e2f9afed6d0ee3d5d5de2f791e4545b69c564e359a02949ab535c1b25caa665b968d2f1a32e3febe4189befa5f044722bae83e5b6959e392e8d24e41b4ce153c97b5a23e135e38d3b1d14ad7a9eeb7069347fee053569544f1a0000000000000000", 0x80000001, 0x466, &(0x7f0000000300)=""/187}, 0x48) 2018/04/12 13:08:06 executing program 0: r0 = getpgid(0x0) sched_setaffinity(r0, 0x1cd, &(0x7f0000da3000)=0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000943ffc)=0xa35) read(r1, &(0x7f00003fefff)=""/1, 0x1) readv(r1, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)) 2018/04/12 13:08:06 executing program 3: epoll_create1(0x0) socket$unix(0x1, 0x5, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f00007fbfc0), &(0x7f0000f22000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000553ff8), 0x8}) 2018/04/12 13:08:06 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_migrate\x00', 0x2, 0x0) write(r1, &(0x7f0000000300)='5', 0x1) 2018/04/12 13:08:06 executing program 2: futex(&(0x7f000000cffc)=0x4, 0x9, 0x4, &(0x7f0000000000)={0x77359400}, &(0x7f0000048000), 0x2) futex(&(0x7f000000cffc), 0xa, 0x0, &(0x7f0000000040)={0xfffffffffffffffc, 0x100000000000000}, &(0x7f0000000080), 0x2) 2018/04/12 13:08:06 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f00000c5ff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x533, 0x600000}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/04/12 13:08:06 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000001f88)={0x1, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000f1f000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(r2, r0, 0x0) 2018/04/12 13:08:06 executing program 6: r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000434000)={{0x55c}}) 2018/04/12 13:08:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000001100)={&(0x7f0000000ec0)={0x10}, 0xc, &(0x7f00000010c0)={&(0x7f0000000f00)={0x20, r1, 0x3a28ac07e73eb23d, 0x0, 0x0, {0xa}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x100000001}]}]}, 0x20}, 0x1}, 0x0) 2018/04/12 13:08:06 executing program 5: r0 = socket(0xa, 0x1, 0x0) ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0x0, 0xffffffff, 0x41, 0x1}) ioctl(r0, 0x8916, &(0x7f0000000000)) ioctl(r0, 0x8936, &(0x7f0000000000)) 2018/04/12 13:08:06 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0xffffffffffffff40, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000500)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2}, 0x10) 2018/04/12 13:08:06 executing program 6: r0 = socket$inet(0x2, 0x8000000000003, 0x32) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000140)=ANY=[@ANYBLOB="6d616e45b0650000000000003d22bb000000e2ccf405bd9e5d690de64c09196200001900000000000000000100000000001f0000000600000068050000f8010000e8000000d0040000d0c54dd5d0d899652cda2c38"], 0x1) 2018/04/12 13:08:06 executing program 7: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) write(r0, &(0x7f00000001c0)=' ', 0x1) 2018/04/12 13:08:06 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)="2e2f6367726f7570000478d081", 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) read(r1, &(0x7f0000000040)=""/239, 0xef) 2018/04/12 13:08:06 executing program 5: r0 = socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000000)=0x60, 0x4) 2018/04/12 13:08:06 executing program 1: syz_mount_image$reiserfs(&(0x7f0000000780)='reiserfs\x00', &(0x7f00000007c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000a40), 0x0, &(0x7f0000000ac0)={[{@usrjquota_file='usrjquota=syz', 0x2c}, {@commit={'commit', 0x3d, [0x33, 0x0]}, 0x2c}]}) 2018/04/12 13:08:06 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000062ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) sendmmsg$alg(r1, &(0x7f00002f4000)=[{0x0, 0x0, &(0x7f00009cbfa0)}], 0x1, 0x0) fallocate(r2, 0x0, 0x0, 0x9) sendfile(r1, r2, &(0x7f0000e64ff8), 0x8) [ 61.921775] ================================================================== [ 61.929198] BUG: KMSAN: uninit-value in crc_t10dif_generic+0x155/0x1b0 [ 61.935870] CPU: 1 PID: 5305 Comm: syz-executor7 Not tainted 4.16.0+ #83 [ 61.942708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.952063] Call Trace: [ 61.954660] dump_stack+0x185/0x1d0 [ 61.958295] ? crc_t10dif_generic+0x155/0x1b0 [ 61.962790] kmsan_report+0x142/0x240 [ 61.966596] __msan_warning_32+0x6c/0xb0 [ 61.970659] crc_t10dif_generic+0x155/0x1b0 [ 61.974981] chksum_finup+0xc6/0x150 [ 61.978696] ? chksum_final+0xe0/0xe0 [ 61.982510] shash_ahash_finup+0x468/0xa30 [ 61.986785] shash_ahash_digest+0x5c6/0x600 [ 61.991105] ? page_mapping+0x33e/0x480 [ 61.995075] shash_async_digest+0x11c/0x1b0 [ 61.999398] crypto_ahash_op+0x89a/0xc10 [ 62.003453] ? __local_bh_enable_ip+0x3b/0x140 [ 62.008032] ? shash_async_finup+0x1b0/0x1b0 [ 62.012439] ? shash_async_finup+0x1b0/0x1b0 [ 62.016854] crypto_ahash_digest+0xe4/0x160 [ 62.021182] hash_sendpage+0xb40/0xe10 [ 62.025078] ? hash_recvmsg+0xd50/0xd50 [ 62.029057] sock_sendpage+0x1de/0x2c0 [ 62.032956] pipe_to_sendpage+0x31b/0x430 [ 62.037115] ? sock_fasync+0x2b0/0x2b0 [ 62.041020] ? propagate_umount+0x3a30/0x3a30 [ 62.045526] __splice_from_pipe+0x49a/0xf30 [ 62.049862] ? generic_splice_sendpage+0x2a0/0x2a0 [ 62.054808] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 62.060189] generic_splice_sendpage+0x1c6/0x2a0 [ 62.064960] ? iter_file_splice_write+0x1710/0x1710 [ 62.069986] ? iter_file_splice_write+0x1710/0x1710 [ 62.075012] direct_splice_actor+0x19b/0x200 [ 62.079436] splice_direct_to_actor+0x764/0x1040 [ 62.084198] ? do_splice_direct+0x540/0x540 [ 62.088525] ? security_file_permission+0x28f/0x4b0 [ 62.093550] ? rw_verify_area+0x35e/0x580 [ 62.097691] do_splice_direct+0x335/0x540 [ 62.101822] do_sendfile+0x1067/0x1e40 [ 62.105701] SYSC_sendfile64+0x1b3/0x300 [ 62.109762] SyS_sendfile64+0x64/0x90 [ 62.113562] do_syscall_64+0x309/0x430 [ 62.117450] ? SYSC_sendfile+0x320/0x320 [ 62.121496] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.126667] RIP: 0033:0x455279 [ 62.129842] RSP: 002b:00007f80164b5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 62.137545] RAX: ffffffffffffffda RBX: 00007f80164b66d4 RCX: 0000000000455279 [ 62.144807] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 62.152075] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 62.159344] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff [ 62.166610] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 62.173879] [ 62.175500] Uninit was created at: [ 62.179054] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 62.184075] kmsan_alloc_page+0x82/0xe0 [ 62.188057] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 62.192800] alloc_pages_vma+0xcc8/0x1800 [ 62.196935] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 62.202934] shmem_getpage_gfp+0x35db/0x5770 [ 62.207331] shmem_fallocate+0xde2/0x1610 [ 62.211462] vfs_fallocate+0x9dc/0xde0 [ 62.215330] SYSC_fallocate+0x119/0x1d0 [ 62.219283] SyS_fallocate+0x64/0x90 [ 62.222973] do_syscall_64+0x309/0x430 [ 62.226846] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.232025] ================================================================== [ 62.239366] Disabling lock debugging due to kernel taint [ 62.244799] Kernel panic - not syncing: panic_on_warn set ... [ 62.244799] [ 62.252139] CPU: 1 PID: 5305 Comm: syz-executor7 Tainted: G B 4.16.0+ #83 [ 62.260254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.269584] Call Trace: [ 62.272155] dump_stack+0x185/0x1d0 [ 62.275770] panic+0x39d/0x940 [ 62.278959] ? crc_t10dif_generic+0x155/0x1b0 [ 62.283436] kmsan_report+0x238/0x240 [ 62.287224] __msan_warning_32+0x6c/0xb0 [ 62.291283] crc_t10dif_generic+0x155/0x1b0 [ 62.295594] chksum_finup+0xc6/0x150 [ 62.299287] ? chksum_final+0xe0/0xe0 [ 62.303069] shash_ahash_finup+0x468/0xa30 [ 62.307295] shash_ahash_digest+0x5c6/0x600 [ 62.311616] ? page_mapping+0x33e/0x480 [ 62.315582] shash_async_digest+0x11c/0x1b0 [ 62.319888] crypto_ahash_op+0x89a/0xc10 [ 62.323940] ? __local_bh_enable_ip+0x3b/0x140 [ 62.328506] ? shash_async_finup+0x1b0/0x1b0 [ 62.332895] ? shash_async_finup+0x1b0/0x1b0 [ 62.337295] crypto_ahash_digest+0xe4/0x160 [ 62.341609] hash_sendpage+0xb40/0xe10 [ 62.345479] ? hash_recvmsg+0xd50/0xd50 [ 62.349458] sock_sendpage+0x1de/0x2c0 [ 62.353333] pipe_to_sendpage+0x31b/0x430 [ 62.357463] ? sock_fasync+0x2b0/0x2b0 [ 62.361347] ? propagate_umount+0x3a30/0x3a30 [ 62.365835] __splice_from_pipe+0x49a/0xf30 [ 62.370154] ? generic_splice_sendpage+0x2a0/0x2a0 [ 62.375088] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 62.380445] generic_splice_sendpage+0x1c6/0x2a0 [ 62.385188] ? iter_file_splice_write+0x1710/0x1710 [ 62.390198] ? iter_file_splice_write+0x1710/0x1710 [ 62.395201] direct_splice_actor+0x19b/0x200 [ 62.399595] splice_direct_to_actor+0x764/0x1040 [ 62.404336] ? do_splice_direct+0x540/0x540 [ 62.408642] ? security_file_permission+0x28f/0x4b0 [ 62.413647] ? rw_verify_area+0x35e/0x580 [ 62.417790] do_splice_direct+0x335/0x540 [ 62.421932] do_sendfile+0x1067/0x1e40 [ 62.425806] SYSC_sendfile64+0x1b3/0x300 [ 62.429848] SyS_sendfile64+0x64/0x90 [ 62.433643] do_syscall_64+0x309/0x430 [ 62.437542] ? SYSC_sendfile+0x320/0x320 [ 62.441616] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 62.446797] RIP: 0033:0x455279 [ 62.449969] RSP: 002b:00007f80164b5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 62.457696] RAX: ffffffffffffffda RBX: 00007f80164b66d4 RCX: 0000000000455279 [ 62.464953] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 62.472211] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 62.479457] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff [ 62.486714] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 62.494404] Dumping ftrace buffer: [ 62.497923] (ftrace buffer empty) [ 62.501607] Kernel Offset: disabled [ 62.505213] Rebooting in 86400 seconds..