INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. 2018/04/07 08:17:41 fuzzer started 2018/04/07 08:17:41 dialing manager at 10.128.0.26:38639 2018/04/07 08:17:47 kcov=true, comps=false 2018/04/07 08:17:50 executing program 0: 2018/04/07 08:17:50 executing program 2: 2018/04/07 08:17:50 executing program 7: 2018/04/07 08:17:50 executing program 3: 2018/04/07 08:17:50 executing program 1: 2018/04/07 08:17:50 executing program 4: 2018/04/07 08:17:50 executing program 5: 2018/04/07 08:17:50 executing program 6: syzkaller login: [ 38.936451] ip (3764) used greatest stack depth: 54672 bytes left [ 39.224201] ip (3790) used greatest stack depth: 54408 bytes left [ 40.431162] ip (3908) used greatest stack depth: 54296 bytes left [ 41.276714] ip (3981) used greatest stack depth: 54160 bytes left [ 42.469264] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.531172] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.549826] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.639537] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.667823] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.734652] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.746975] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.872251] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.362665] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.388305] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.466228] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.546626] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.630618] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.725412] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.820858] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.887196] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.110013] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.116504] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.131759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.163506] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.172352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.204315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.253837] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.260251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.275423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.308004] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.314353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.337774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.376643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.390995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.422835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.545221] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.553337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.566993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.633946] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.640271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.659426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.703848] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.710265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.729078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 08:18:07 executing program 0: 2018/04/07 08:18:07 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000140)="6f6f6d5f61646a00f692a04b18700e9c521cd905e6359c95d0f35bb2bb8bc9cf4d5abbfa208020d71575c7f7b4c5c7b8aa08a5b1e6eb17f4f27b59b08bf8b4a87f8ce42561b85fa6e7c26a444a4f955ffe4b55") preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000080)=""/1, 0x1}], 0x2000000000000021, 0x0) 2018/04/07 08:18:07 executing program 2: clone(0x1047ffd, &(0x7f0000597f1c), &(0x7f0000000280), &(0x7f0000000240), &(0x7f0000000240)) wait4(0x0, &(0x7f0000000000), 0x40000008, &(0x7f0000000000)) 2018/04/07 08:18:07 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000fbeff8), 0x3, 0x0) mprotect(&(0x7f00007f3000/0x4000)=nil, 0x4000, 0x0) mbind(&(0x7f0000024000/0xc00000)=nil, 0xc00000, 0x3, &(0x7f0000c28000)=0x800003f, 0xf0, 0x0) 2018/04/07 08:18:07 executing program 7: 2018/04/07 08:18:07 executing program 5: 2018/04/07 08:18:07 executing program 4: 2018/04/07 08:18:07 executing program 6: 2018/04/07 08:18:07 executing program 6: 2018/04/07 08:18:07 executing program 0: r0 = semget(0x2, 0x0, 0x10) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000180)=""/20) mkdir(&(0x7f0000800ff8)='./file0\x00', 0x0) mount(&(0x7f0000879ff8)='./file0\x00', &(0x7f0000106ff8)='./file0\x00', &(0x7f00008d2ffa)='ramfs\x00', 0x0, &(0x7f000063bffe)) mount(&(0x7f0000037000)='./file0\x00', &(0x7f0000c4fff8)='./file0\x00', &(0x7f000002effa)='ramfs\x00', 0x100000, &(0x7f0000ce3000)) mount(&(0x7f0000442ff8)='./file0\x00', &(0x7f0000455ff8)='./file0\x00', &(0x7f0000ff6000)='9p\x00', 0xc1800, 0x0) gettid() msgget$private(0x0, 0x48) pivot_root(&(0x7f00001a5ff8)='./file0\x00', &(0x7f0000432000)='.') 2018/04/07 08:18:07 executing program 5: r0 = socket(0x20000000000000a, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80}, 0x7f}, 0x1c) getsockopt$sock_buf(r0, 0x1, 0x19, &(0x7f0000e530e9)=""/16, &(0x7f0000000000)=0x4) 2018/04/07 08:18:07 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000001c0), 0xfddd) 2018/04/07 08:18:07 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@bridge_getlink={0x34, 0x12, 0x401, 0x0, 0x0, {0x7}, [@IFLA_IFNAME={0x14, 0x3, 'bpq0\x00'}]}, 0x34}, 0x1}, 0x0) 2018/04/07 08:18:08 executing program 1: unshare(0x40600) r0 = bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0x3, 0x4, 0x4, 0x100000001}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f000041bfe4)={0xc, 0x0, 0x0, 0x0, 0x0, r0}, 0x1c) 2018/04/07 08:18:08 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x4e20, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x4e20, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) shutdown(r0, 0x1) mmap(&(0x7f0000000000/0xd25000)=nil, 0xd25000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f000062fff8), 0x8) 2018/04/07 08:18:08 executing program 2: clone(0x0, &(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000140)) getrusage(0x0, &(0x7f0000000040)) 2018/04/07 08:18:09 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x2}, 0x1c) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x2}, 0x19) 2018/04/07 08:18:09 executing program 5: mkdir(&(0x7f0000c5dff6)='./control\x00', 0x0) r0 = open(&(0x7f0000ac3000)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00004f0ff6)='./control\x00', 0x0) mkdirat(r0, &(0x7f0000016ff8)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f0000563000)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f0000000040)='./control/file0\x00') renameat2(r0, &(0x7f000001dff6)='./control\x00', r1, &(0x7f0000e14ff6)='./control\x00', 0x0) 2018/04/07 08:18:09 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') writev(r0, &(0x7f000000a000)=[{&(0x7f0000000140)='+', 0x1}], 0x1) 2018/04/07 08:18:09 executing program 4: r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000080)='children\x00') exit(0x0) readv(r1, &(0x7f000004ffe0)=[{&(0x7f0000000000)=""/128, 0xe6}], 0x222) 2018/04/07 08:18:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000ed4ff0)=[{&(0x7f0000000000)="390000001100094701bc61e1c30500ff070000000200000045efffff08009b0019001a000f0000034000090004e9ffae06ff07000000000000", 0x39}], 0x1) 2018/04/07 08:18:09 executing program 7: bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x2}, 0x14) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) sigaltstack(&(0x7f0000000000/0x3000)=nil, &(0x7f0000000040)) 2018/04/07 08:18:09 executing program 3: mkdir(&(0x7f0000014000)='./file0\x00', 0x0) mount(&(0x7f000000a000)='//file0\x00', &(0x7f0000014ff8)='./file0\x00', &(0x7f0000014000)='ramfs\x00', 0x0, &(0x7f000000a000)) r0 = openat(0xffffffffffffff9c, &(0x7f0000012ff8)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000080)='/') 2018/04/07 08:18:09 executing program 2: set_mempolicy(0x1, &(0x7f0000001ff8), 0x6) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0xd, 0x4) 2018/04/07 08:18:09 executing program 3: r0 = getpgrp(0xffffffffffffffff) perf_event_open(&(0x7f0000aaa000)={0x2, 0x78, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x400080}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r2) 2018/04/07 08:18:09 executing program 2: r0 = socket(0x1000000010, 0x802, 0x0) sendmsg$nl_route(r0, &(0x7f0000f72fc8)={&(0x7f00008d4000)={0x10}, 0xc, &(0x7f0000f75ff0)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {0x2}, [@RTA_DST={0x8, 0x1, @loopback=0x7f000001}]}, 0x24}, 0x1}, 0x0) 2018/04/07 08:18:09 executing program 6: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000578fe8)={0x0, 0x7f, 0x9}) prctl$intptr(0x200000002f, 0x2) 2018/04/07 08:18:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000013c0)={&(0x7f0000000240)={0x10}, 0xc, &(0x7f0000001380)={&(0x7f0000000300)=@ipv4_newroute={0x2c, 0x18, 0xbf7a5c1dd4a899b9, 0x0, 0x0, {0x2}, [@RTA_PREFSRC={0x8, 0x7, @loopback=0x7f000001}, @RTA_OIF={0x8, 0x4}]}, 0x2c}, 0x1}, 0x0) 2018/04/07 08:18:09 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x0, 0x0) getsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 2018/04/07 08:18:09 executing program 5: mkdir(&(0x7f0000c5dff6)='./control\x00', 0x0) r0 = open(&(0x7f0000ac3000)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00004f0ff6)='./control\x00', 0x0) mkdirat(r0, &(0x7f0000016ff8)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f0000563000)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f0000000040)='./control/file0\x00') renameat2(r0, &(0x7f000001dff6)='./control\x00', r1, &(0x7f0000e14ff6)='./control\x00', 0x0) [ 55.328689] capability: warning: `syz-executor6' uses 32-bit capabilities (legacy support in use) 2018/04/07 08:18:10 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000c4c000)='pagemap\x00') pread64(r0, &(0x7f0000000040), 0xd0, 0x1000000000) 2018/04/07 08:18:10 executing program 3: r0 = socket$inet6(0xa, 0x100000000000002, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000002922)="2ee9877d580ad32fd7906bb6af10cce4cd9781039daf1d4c619c10da629f37f69fe52fc9a1db2ab68ad2d1d81f03be2b21c223240b00ac504a9711cb87e8e838091ac9dde39f031dfa745327f88e2a2cb0ad5932d4d7da2af5a38a8bd7d6a636256d53b445585db233e1941ee1eb9dfaa72dc3bfa5c6469cbbfa3e7b34d9e1a2ac873e3f1c4a0d1d0e39da0fb5974aa8cd68814f901aaca4279ef13e964e0f4f93a0dd8e9d36522f4360e398368decd1f38663ebc54e956b8b3ff14ebce778e3f17b3a3cc645f6a695ef91d16f65c95082ac366f8d6cbd06feb19495babd266bab156feb3cca31400573bbd4880c777c457aa04b980214e69f46e893876e19689c8867ee83636d30aca382f86d72083253f160b025bd519f1f46663f8df8f7677a50a4696db052b81c38c8305d4d688c919a32b777978335a9f095c2706ddefa9a014ef8ede5886f28de598c36aee9d47d9989f5ba26c6dbfc963e67e9a85f033c6dc7d2164b8aef22d8913601d919927e1cb93afbfaa2974e819ac4158ba3e7c765ca03e0fe03ed66271ea1654195be293bfc10e4402e067258d21a5487a5ca1ba0934b30ab3b04df26c9cf97b1c542d740fd24ae6a4be0414ff0624d0c8bede8e3561822f8cb5b7aeec20d891da54aee46c104746dc8b7655c8bda7d1323a22b1a02e67a67113c5fc2b67b1b269493b5cf4f4e010d6844027770eb6e889cd013504a51dd6499726b2486d2b73b17c9f8bc2799e7f5eed6f610cb1f6c7fdafe17fcf156196010029bc7aa56a27e919648ad24f1315c89c8e9d24503295f63ef7a4f48c2b7e030c74ebbb06811c766b09e26267a9a3c2117ce50ca870e261518bd0416e1008e569d6c684ded77b58c2d9bbd7164823497eb8b32b3f3d639d0b877ade55b1626b12d691f5abac8d3b7c5a9b289d5038c4e4d8477f3a58a4e7a9ed8f218dfafe75d287ac580cba97fb4567875d368220bd630a769b2a0a53ee8ebaf2bf5437d0c1d7ec2d66ed14eeb06321aaca2fcdf68948656b86af6e76ac051d22c86dd4f818bd6f13f6c4171c8bcf10aad699200260c38db51004dca2b762834925dec85533caba5e50fa7795b598f56773c10a073cf24b15c7242ba2f1f094432f9eddedd9c84c687e13b8535d05caa4e6b7ec2d6660fb3305c6514c9e93dabb76060bc639d8f3ca5a6cd10a0dca86a1a9be0c5ccc6d00e364e38d62b3002390614aadd076ccebb514938f9175868091eb43c9f512d75e4d2a7dae66e1c077d3f27df15d4ecb423546310413ec56153aa645df29a5c5a1effe2cb27a6cd51c6f8e477bb8cfc762cde032a537422f73862e7d30676c35abfb92d69730882f0c44047eab3acfaf90839a0b47abfd066076965f03d1fa36b005c9b845df2d3ce98e4af83fbe255faad745acf387d29e98cce3c6a1e7d87fd2fc35ac1c91693d8929ef8993e3b2aeb5fa42098ff906d4e6831b70c57d0347efb95485db304484273ad8f5e086bcf4913746afc60607a0d4f05366e5ba69502e052615f4fa8d8fc77ac34e6e5d413c6d16aab778ca95d9e0cfb06616d24a79f06ac901556ac71eff9b46c78455e3e31f495090673edf428bf609ffc9fccde62de8670b5b8d3157065fa75ce9cb053c93c8f294a59770565b4a130593b9f9dd68668578d70a42e40b19c6c1c3d2262aa15ce67f4938d576c78ec737eb3dca3cbc7f7651250688cdffb4e44e7615c1430c20ca7a51eff361dae35a5c91e4b98862bbc2c76ed4b784814ecc47c16ee4d0c8b5a16645714b77dba21540b104930da71a11ae51db21c02dba5aeec527ca602c3af8e04407d6d0b4d65061ba5146cd2551145c6d6e87b1d795d743418744ff65469669649ba3662ee16aa6ec69df225027e6b516720b14d3ad6e386f0e67d87424d94d2270b9ae3aae03f350cf20cef17d2b776a303d191316ae78cb4a9d04c8516530970af3cc76636c50dec1483f08e66d8c43693f7395bb94d7dda3c50a5e9c0c1f5eb8830bfbed07838a502bf07f999f43d1443b4b01d1401ecbcd82ed97c2d36682e4c4d985b4c7d31e903f271e064073d20c39090728d96508620aa5e1c10305f29a8d195feb08ae3398fd1f8026ae78d143a07b35dd514ba9e0bffbbda8fcc6db5b3accbf27949b71672496c0c6e263e0a25667d759e99753e0cc05db875cb6e5940a95464c278b46216d765bcf018010dc36d314c954fbac89f0d750bf5c5c085a74f8287de4eb254bce04f52f0edc3881c88ce479d99a5511c97a09a5d4da3ce90093e1c7741010477e4ac4a9c0e5de9bbe32c81a37a7e7137dd6b93376ab70710513ac3e9763f5ce928cbe2cd74070eb9f2af75f694cd79bb5e9665f8623824b1a1463e9227a924703e31f84b20109ec484a76cf3b75e0cb8c89071a51081e772e1c0ac23766f11647835860d438c159f3b474dc8c5c2902835e606ea6a7b2b14ec50f1128a361d648389e48dc6e8333e18", 0x6df) 2018/04/07 08:18:10 executing program 2: syz_emit_ethernet(0xde, &(0x7f0000000000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @dev={[0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "c38a4a", 0xa8, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @empty, {[@routing={0x0, 0x12, 0x0, 0x0, 0x0, [@remote={0xfe, 0x80, [], 0xbb}, @empty, @remote={0xfe, 0x80, [], 0xbb}, @dev={0xfe, 0x80}, @remote={0xfe, 0x80, [], 0xbb}, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, @remote={0xfe, 0x80, [], 0xbb}, @mcast1={0xff, 0x1, [], 0x1}, @local={0xfe, 0x80, [], 0xaa}]}], @dccp={{0x4e20, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "1dd6ae", 0x0, "13a42a"}}}}}}}, 0x0) 2018/04/07 08:18:10 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x0, 0x0) getsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 2018/04/07 08:18:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001b4ff6)='/dev/ptmx\x00', 0x106, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)=0x8) writev(r0, &(0x7f00000b5000)=[{&(0x7f0000b51000)="ebb29c2aa804af648d63b2908439b40213", 0x11}], 0x1) ppoll(&(0x7f00005fbff8)=[{r0}], 0x1, &(0x7f0000ff1000)={0x77359400}, &(0x7f0000679000), 0x8) ioctl$TCSETA(r0, 0x5402, &(0x7f0000a26fec)) 2018/04/07 08:18:10 executing program 6: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="26000000110043f1eb14c1f8000022ff001000e301000000010000000000000006001000064b", 0x26) 2018/04/07 08:18:10 executing program 7: mkdir(&(0x7f000000dff6)='./control\x00', 0x0) open$dir(&(0x7f00000000c0)='./control\x00', 0x0, 0x0) open(&(0x7f0000000100)='./control\x00', 0x0, 0x0) rmdir(&(0x7f0000398000)='./control\x00') 2018/04/07 08:18:10 executing program 5: mkdir(&(0x7f0000c5dff6)='./control\x00', 0x0) r0 = open(&(0x7f0000ac3000)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00004f0ff6)='./control\x00', 0x0) mkdirat(r0, &(0x7f0000016ff8)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f0000563000)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f0000000040)='./control/file0\x00') renameat2(r0, &(0x7f000001dff6)='./control\x00', r1, &(0x7f0000e14ff6)='./control\x00', 0x0) [ 56.090806] netlink: 'syz-executor6': attribute type 16 has an invalid length. 2018/04/07 08:18:10 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00001ee000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x73e0) sendfile(r1, r2, &(0x7f0000e64ff8), 0x40) 2018/04/07 08:18:10 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000000c0)={r1, 0x1, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000280)={r1, 0x1, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x10) 2018/04/07 08:18:10 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f000002efe2)=[{}], 0x1) 2018/04/07 08:18:10 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt(r0, 0x400000000000003a, 0x1, &(0x7f00000000c0)=""/188, &(0x7f0000953000)=0xfffffffffffffd25) 2018/04/07 08:18:10 executing program 3: set_mempolicy(0x1, &(0x7f0000fac000), 0x5) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000008000)={0x1, {{0x2, 0x4e20, @multicast2=0xe0000002}}}, 0x90) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x30, &(0x7f0000678f70)={0x1, {{0x2, 0x4e20, @multicast2=0xe0000002}}}, 0x27a) 2018/04/07 08:18:10 executing program 5: mkdir(&(0x7f0000c5dff6)='./control\x00', 0x0) r0 = open(&(0x7f0000ac3000)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00004f0ff6)='./control\x00', 0x0) mkdirat(r0, &(0x7f0000016ff8)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f0000563000)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f0000000040)='./control/file0\x00') renameat2(r0, &(0x7f000001dff6)='./control\x00', r1, &(0x7f0000e14ff6)='./control\x00', 0x0) 2018/04/07 08:18:10 executing program 4: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x2c0, 0x0) fcntl$addseals(r0, 0x409, 0x0) [ 56.285432] ================================================================== [ 56.292847] BUG: KMSAN: uninit-value in sha_transform+0x58ec/0x6320 [ 56.296117] device syz_tun entered promiscuous mode [ 56.299254] CPU: 0 PID: 5189 Comm: syz-executor0 Not tainted 4.16.0+ #81 [ 56.299261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.299265] Call Trace: [ 56.299287] dump_stack+0x185/0x1d0 [ 56.299303] ? sha_transform+0x58ec/0x6320 [ 56.299314] kmsan_report+0x142/0x240 [ 56.299328] __msan_warning_32+0x6c/0xb0 [ 56.299355] sha_transform+0x58ec/0x6320 [ 56.342809] ? kernel_text_address+0x34d/0x3a0 [ 56.347404] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 56.352861] ? __msan_poison_alloca+0x15c/0x1d0 [ 56.357534] ? shash_ahash_finup+0x468/0xa30 [ 56.361955] crypto_sha1_finup+0x51c/0x600 [ 56.366209] ? crypto_hash_walk_first+0x210/0x380 [ 56.371060] ? shash_ahash_finup+0x5e/0xa30 [ 56.375381] ? shash_ahash_finup+0x3e8/0xa30 [ 56.379797] ? crypto_sha1_update+0x5b0/0x5b0 2018/04/07 08:18:10 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x400080}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x32, 0xffffffffffffffff, 0x0) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000280), 0x4) umount2(&(0x7f0000000240)='./file0\x00', 0x0) [ 56.384292] ? crypto_sha1_update+0x5b0/0x5b0 [ 56.388791] shash_ahash_finup+0x468/0xa30 [ 56.393033] shash_ahash_digest+0x5c6/0x600 [ 56.397360] shash_async_digest+0x11c/0x1b0 [ 56.401686] crypto_ahash_op+0x89a/0xc10 [ 56.405749] ? __kmalloc+0x23c/0x350 [ 56.409465] ? shash_async_finup+0x1b0/0x1b0 [ 56.413869] ? shash_async_finup+0x1b0/0x1b0 [ 56.418276] crypto_ahash_digest+0xe4/0x160 [ 56.422598] hash_sendpage+0xb40/0xe10 [ 56.426487] ? hash_recvmsg+0xd50/0xd50 [ 56.430463] sock_sendpage+0x1de/0x2c0 2018/04/07 08:18:10 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x4, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2d, &(0x7f0000001fc4)={0x0, {{0xa, 0x4e20, 0x0, @dev={0xfe, 0x80}}}, {{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x108) [ 56.434361] pipe_to_sendpage+0x31b/0x430 [ 56.438512] ? sock_fasync+0x2b0/0x2b0 [ 56.442408] ? propagate_umount+0x3a30/0x3a30 [ 56.446903] __splice_from_pipe+0x49a/0xf30 [ 56.451224] ? generic_splice_sendpage+0x2a0/0x2a0 [ 56.456154] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 56.461519] generic_splice_sendpage+0x1c6/0x2a0 [ 56.466279] ? iter_file_splice_write+0x1710/0x1710 [ 56.471296] ? iter_file_splice_write+0x1710/0x1710 [ 56.476311] direct_splice_actor+0x19b/0x200 [ 56.480726] splice_direct_to_actor+0x764/0x1040 2018/04/07 08:18:10 executing program 5: mkdir(&(0x7f0000c5dff6)='./control\x00', 0x0) r0 = open(&(0x7f0000ac3000)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00004f0ff6)='./control\x00', 0x0) mkdirat(r0, &(0x7f0000016ff8)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f0000563000)='./file0\x00', 0x0, 0x0) renameat2(r0, &(0x7f000001dff6)='./control\x00', r1, &(0x7f0000e14ff6)='./control\x00', 0x0) [ 56.485481] ? do_splice_direct+0x540/0x540 [ 56.489808] ? security_file_permission+0x28f/0x4b0 [ 56.494828] ? rw_verify_area+0x35e/0x580 [ 56.498986] do_splice_direct+0x335/0x540 [ 56.503140] do_sendfile+0x1067/0x1e40 [ 56.507043] SYSC_sendfile64+0x1b3/0x300 [ 56.511111] SyS_sendfile64+0x64/0x90 [ 56.514910] do_syscall_64+0x309/0x430 [ 56.518814] ? SYSC_sendfile+0x320/0x320 [ 56.522882] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.528065] RIP: 0033:0x455259 [ 56.531248] RSP: 002b:00007f03d3f86c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 56.538954] RAX: ffffffffffffffda RBX: 00007f03d3f876d4 RCX: 0000000000455259 [ 56.546220] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 56.553483] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 56.560745] R10: 0000000000000040 R11: 0000000000000246 R12: 00000000ffffffff [ 56.568018] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 56.575287] [ 56.576901] Uninit was created at: [ 56.580445] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 56.585462] kmsan_alloc_page+0x82/0xe0 [ 56.589435] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 56.594185] alloc_pages_vma+0xcc8/0x1800 [ 56.598335] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 56.603349] shmem_getpage_gfp+0x35db/0x5770 [ 56.607760] shmem_fallocate+0xde2/0x1610 [ 56.611906] vfs_fallocate+0x9dc/0xde0 [ 56.615794] SYSC_fallocate+0x119/0x1d0 [ 56.619763] SyS_fallocate+0x64/0x90 [ 56.623472] do_syscall_64+0x309/0x430 [ 56.627362] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 2018/04/07 08:18:10 executing program 4: setrlimit(0x9, &(0x7f0000012000)) mmap(&(0x7f00005c3000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) [ 56.632541] ================================================================== [ 56.639884] Disabling lock debugging due to kernel taint [ 56.645332] Kernel panic - not syncing: panic_on_warn set ... [ 56.645332] [ 56.652695] CPU: 0 PID: 5189 Comm: syz-executor0 Tainted: G B 4.16.0+ #81 [ 56.660830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.670180] Call Trace: [ 56.672778] dump_stack+0x185/0x1d0 [ 56.676409] panic+0x39d/0x940 [ 56.679625] ? sha_transform+0x58ec/0x6320 2018/04/07 08:18:10 executing program 5: mkdir(&(0x7f0000c5dff6)='./control\x00', 0x0) r0 = open(&(0x7f0000ac3000)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00004f0ff6)='./control\x00', 0x0) mkdirat(r0, &(0x7f0000016ff8)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f0000563000)='./file0\x00', 0x0, 0x0) renameat2(r0, &(0x7f000001dff6)='./control\x00', r1, &(0x7f0000e14ff6)='./control\x00', 0x0) [ 56.683861] kmsan_report+0x238/0x240 [ 56.687672] __msan_warning_32+0x6c/0xb0 [ 56.691735] sha_transform+0x58ec/0x6320 [ 56.695804] ? kernel_text_address+0x34d/0x3a0 [ 56.700387] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 56.705844] ? __msan_poison_alloca+0x15c/0x1d0 [ 56.710507] ? shash_ahash_finup+0x468/0xa30 [ 56.714924] crypto_sha1_finup+0x51c/0x600 [ 56.719167] ? crypto_hash_walk_first+0x210/0x380 [ 56.724010] ? shash_ahash_finup+0x5e/0xa30 [ 56.728333] ? shash_ahash_finup+0x3e8/0xa30 [ 56.732745] ? crypto_sha1_update+0x5b0/0x5b0 [ 56.737245] ? crypto_sha1_update+0x5b0/0x5b0 [ 56.741740] shash_ahash_finup+0x468/0xa30 [ 56.745980] shash_ahash_digest+0x5c6/0x600 [ 56.750299] shash_async_digest+0x11c/0x1b0 [ 56.754625] crypto_ahash_op+0x89a/0xc10 [ 56.758687] ? __kmalloc+0x23c/0x350 [ 56.762399] ? shash_async_finup+0x1b0/0x1b0 [ 56.766807] ? shash_async_finup+0x1b0/0x1b0 [ 56.771220] crypto_ahash_digest+0xe4/0x160 [ 56.775543] hash_sendpage+0xb40/0xe10 [ 56.779434] ? hash_recvmsg+0xd50/0xd50 [ 56.783411] sock_sendpage+0x1de/0x2c0 [ 56.787304] pipe_to_sendpage+0x31b/0x430 [ 56.791454] ? sock_fasync+0x2b0/0x2b0 [ 56.795345] ? propagate_umount+0x3a30/0x3a30 [ 56.799843] __splice_from_pipe+0x49a/0xf30 [ 56.804169] ? generic_splice_sendpage+0x2a0/0x2a0 [ 56.809102] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 56.814466] generic_splice_sendpage+0x1c6/0x2a0 [ 56.819225] ? iter_file_splice_write+0x1710/0x1710 [ 56.824237] ? iter_file_splice_write+0x1710/0x1710 [ 56.829250] direct_splice_actor+0x19b/0x200 [ 56.833660] splice_direct_to_actor+0x764/0x1040 [ 56.838416] ? do_splice_direct+0x540/0x540 [ 56.842740] ? security_file_permission+0x28f/0x4b0 [ 56.847759] ? rw_verify_area+0x35e/0x580 [ 56.851917] do_splice_direct+0x335/0x540 [ 56.856070] do_sendfile+0x1067/0x1e40 [ 56.859963] SYSC_sendfile64+0x1b3/0x300 [ 56.864025] SyS_sendfile64+0x64/0x90 [ 56.867829] do_syscall_64+0x309/0x430 [ 56.871716] ? SYSC_sendfile+0x320/0x320 [ 56.875786] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.880968] RIP: 0033:0x455259 [ 56.884152] RSP: 002b:00007f03d3f86c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 56.891859] RAX: ffffffffffffffda RBX: 00007f03d3f876d4 RCX: 0000000000455259 [ 56.899127] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 56.906389] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 56.913652] R10: 0000000000000040 R11: 0000000000000246 R12: 00000000ffffffff [ 56.920915] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 56.928667] Dumping ftrace buffer: [ 56.932185] (ftrace buffer empty) [ 56.935866] Kernel Offset: disabled [ 56.939464] Rebooting in 86400 seconds..