INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. 2018/04/09 10:38:25 fuzzer started 2018/04/09 10:38:26 dialing manager at 10.128.0.26:38911 2018/04/09 10:38:32 kcov=true, comps=false 2018/04/09 10:38:35 executing program 0: clone(0x200, &(0x7f0000000040), &(0x7f0000744000), &(0x7f0000fef000), &(0x7f0000dacfc9)) mknod(&(0x7f00000001c0)='./file0\x00', 0x103f, 0x0) execve(&(0x7f0000000180)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000280)) open$dir(&(0x7f0000000080)='./file0\x00', 0x27e, 0x0) 2018/04/09 10:38:35 executing program 2: syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000180)) 2018/04/09 10:38:35 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00006ccfe4)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x3}, 0x1c) sendto$inet6(r0, &(0x7f0000000180), 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}, 0x1c) 2018/04/09 10:38:35 executing program 3: r0 = socket(0x10, 0x400000000003, 0x0) write(r0, &(0x7f0000000140)="170000001a001bed0000132100f404fffffd9872eff0cf", 0x17) perf_event_open(&(0x7f0000223000)={0x2, 0x70, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000f7bfc0), 0xd948aa, 0x40010000, &(0x7f0000000000)={0x0, r1+10000000}) userfaultfd(0x0) 2018/04/09 10:38:35 executing program 1: syz_mount_image$ntfs(&(0x7f0000000140)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000001280), 0x0, &(0x7f00000012c0)=ANY=[@ANYBLOB="636173658273656e736974697665397965733d3d79323d7f4eea6a297856345666b5bc9817d0499c352c756d61736b"]) 2018/04/09 10:38:35 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000b00)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) creat(&(0x7f0000000100)='./file1\x00', 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f0000000580)=ANY=[], 0xfffffce5) r2 = open(&(0x7f0000aa0000)='./file0\x00', 0x0, 0x0) lseek(r2, 0x0, 0x3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 2018/04/09 10:38:35 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000008300)={'bridge0\x00', 0x800021fff}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'bridge0\x00\x00 \x00'}) 2018/04/09 10:38:35 executing program 6: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = shmat(0x0, &(0x7f0000ffe000/0x1000)=nil, 0x4000) shmdt(r2) syzkaller login: [ 42.490921] ip (3757) used greatest stack depth: 54800 bytes left [ 42.674775] ip (3768) used greatest stack depth: 54672 bytes left [ 43.021771] ip (3806) used greatest stack depth: 54408 bytes left [ 44.071201] ip (3906) used greatest stack depth: 54296 bytes left [ 44.182575] ip (3915) used greatest stack depth: 54200 bytes left [ 45.968521] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.982682] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.168732] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.235970] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.246839] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.272652] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.287269] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.425547] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.971827] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.035083] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.088752] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.136277] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.236740] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.267431] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.362828] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.452714] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.717868] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.724138] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.736699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.762866] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.772809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.787621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.880962] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.887302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.899146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.940906] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.947146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.966494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.047943] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.054208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.064851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.113970] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.120295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.137353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.204110] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.210389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.218500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.244820] ip (4939) used greatest stack depth: 53976 bytes left [ 56.255906] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.264295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.297765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/09 10:38:52 executing program 4: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc), 0x4) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 2018/04/09 10:38:52 executing program 1: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfac070afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d") fsetxattr(r0, &(0x7f0000000140)=@known='user.syz\x00', &(0x7f0000000000)='\x00', 0x3df, 0x0) [ 57.379439] device bridge0 entered promiscuous mode 2018/04/09 10:38:52 executing program 2: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_flowlabel\x00') fcntl$setpipe(r1, 0x407, 0x0) r2 = getpid() fstat(r0, &(0x7f0000000100)) fstat(r1, &(0x7f0000001380)) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000001400)) fstat(r0, &(0x7f0000001440)) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000000c0)={0x80, 0x2, 0x1, 0x16, 0x0, 0x400, 0x4, 0x4, 0x0}, &(0x7f00000001c0)=0x20) perf_event_open(&(0x7f0000000340)={0x0, 0x70, 0x2, 0x0, 0x5, 0x9b, 0x0, 0x4, 0x200, 0x5, 0x5, 0x6, 0xfffffffffffffffa, 0x5, 0x3, 0x7, 0x7ff, 0x52, 0x713, 0x7ff, 0x7, 0x80000000, 0xc746, 0x7fff, 0x6, 0x0, 0x5, 0x1, 0x7, 0x1, 0x68d, 0x2, 0x1, 0x4, 0x7ff, 0x6, 0x3, 0x10001, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000300), 0x8}, 0x4, 0x55b, 0x4, 0x0, 0x0, 0x4}, r2, 0xe, r0, 0x1) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000200)={r3, 0x7}, &(0x7f0000000240)=0x8) getgroups(0xa, &(0x7f00000014c0)=[0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0]) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001500), &(0x7f0000000080)=0xc) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001580)={{{@in=@dev, @in6}}, {{@in6=@mcast1}, 0x0, @in=@multicast2}}, &(0x7f0000001680)=0xe8) stat(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000001780)) socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r1, r1, &(0x7f0000000000)=0x7ffff, 0x20000000000000a) [ 57.442258] device bridge0 left promiscuous mode 2018/04/09 10:38:52 executing program 4: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4096}, 0x1008, 0x0, 0x0) [ 57.477424] device bridge0 entered promiscuous mode [ 57.510693] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.527097] device bridge0 left promiscuous mode 2018/04/09 10:38:52 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000540)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast1=0xe0000001}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}}}}}}, 0x0) 2018/04/09 10:38:52 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x400000002}, 0x1c) sendmmsg(r0, &(0x7f000000b180)=[{{0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000001500)}}], 0x1, 0x0) 2018/04/09 10:38:52 executing program 7: r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000034000)={0x4, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x84) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000b84000)=0x90) 2018/04/09 10:38:52 executing program 4: clock_nanosleep(0x2, 0x0, &(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) munlock(&(0x7f000044b000/0x4000)=nil, 0x4000) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000100)) 2018/04/09 10:38:53 executing program 0: clock_nanosleep(0x2, 0x0, &(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) munlock(&(0x7f000044b000/0x4000)=nil, 0x4000) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000100)) 2018/04/09 10:38:53 executing program 4: clock_nanosleep(0x2, 0x0, &(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) munlock(&(0x7f000044b000/0x4000)=nil, 0x4000) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000100)) 2018/04/09 10:38:53 executing program 6: r0 = socket$packet(0x11, 0x2, 0x300) r1 = dup2(r0, r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00007e9ffc), 0x4) r2 = socket$netlink(0x10, 0x3, 0x4) write(r2, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 2018/04/09 10:38:53 executing program 5: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfac070afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d") fsetxattr(r0, &(0x7f0000000140)=@known='user.syz\x00', &(0x7f0000000000)='\x00', 0x3df, 0x0) 2018/04/09 10:38:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000300)=@setlink={0x2c, 0x13, 0x201, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_ADDRESS={0xc, 0x1, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}]}, 0x2c}, 0x1}, 0x0) 2018/04/09 10:38:53 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x34000}, 0xc, &(0x7f0000000200)={&(0x7f0000000240)={0x18, 0x2e, 0x6ff, 0x0, 0x0, {0x2002}, [@generic='\r']}, 0x18}, 0x1}, 0x880) 2018/04/09 10:38:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast=0xffffffff}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x143) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f00000002c0)='r', 0x1, 0x4000000, &(0x7f0000000340)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 10:38:53 executing program 7: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000ab2000)=0x1002, 0x4) sendto$inet(r0, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000180)={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) 2018/04/09 10:38:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast=0xffffffff}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x143) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f00000002c0)='r', 0x1, 0x4000000, &(0x7f0000000340)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 10:38:53 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast=0xffffffff}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x143) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f00000002c0)='r', 0x1, 0x4000000, &(0x7f0000000340)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) 2018/04/09 10:38:53 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x40007) sendfile(r1, r2, &(0x7f0000000200), 0x8) 2018/04/09 10:38:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d5a66732e66617400021001000200027000f0", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) 2018/04/09 10:38:53 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_cmd={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}) 2018/04/09 10:38:54 executing program 6: [ 59.060786] ================================================================== [ 59.068194] BUG: KMSAN: uninit-value in crc32_le+0x4c2/0xcd0 [ 59.073995] CPU: 1 PID: 5145 Comm: syz-executor7 Not tainted 4.16.0+ #82 [ 59.080823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.090167] Call Trace: [ 59.092758] dump_stack+0x185/0x1d0 [ 59.096385] ? crc32_le+0x4c2/0xcd0 [ 59.100009] kmsan_report+0x142/0x240 [ 59.103811] __msan_warning_32+0x6c/0xb0 2018/04/09 10:38:54 executing program 2: 2018/04/09 10:38:54 executing program 6: [ 59.107869] crc32_le+0x4c2/0xcd0 [ 59.111331] crc32_pclmul_le+0x1e7/0x340 [ 59.115393] ? rds_send_xmit+0x87e/0x3910 [ 59.119540] crc32_pclmul_finup+0xc4/0x130 [ 59.123773] ? crc32_pclmul_final+0xd0/0xd0 [ 59.128094] shash_ahash_finup+0x468/0xa30 [ 59.132338] shash_ahash_digest+0x5c6/0x600 [ 59.136662] shash_async_digest+0x11c/0x1b0 [ 59.140987] crypto_ahash_op+0x89a/0xc10 [ 59.145052] ? __kmalloc+0x23c/0x350 [ 59.148771] ? shash_async_finup+0x1b0/0x1b0 [ 59.153179] ? shash_async_finup+0x1b0/0x1b0 [ 59.157591] crypto_ahash_digest+0xe4/0x160 [ 59.161919] hash_sendpage+0xb40/0xe10 [ 59.165812] ? hash_recvmsg+0xd50/0xd50 [ 59.169788] sock_sendpage+0x1de/0x2c0 [ 59.173687] pipe_to_sendpage+0x31b/0x430 [ 59.177833] ? sock_fasync+0x2b0/0x2b0 [ 59.181726] ? propagate_umount+0x3a30/0x3a30 [ 59.186224] __splice_from_pipe+0x49a/0xf30 [ 59.190548] ? generic_splice_sendpage+0x2a0/0x2a0 [ 59.195482] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 59.200854] generic_splice_sendpage+0x1c6/0x2a0 [ 59.205617] ? iter_file_splice_write+0x1710/0x1710 [ 59.210635] ? iter_file_splice_write+0x1710/0x1710 [ 59.215652] direct_splice_actor+0x19b/0x200 [ 59.220064] splice_direct_to_actor+0x764/0x1040 [ 59.224819] ? do_splice_direct+0x540/0x540 [ 59.229148] ? security_file_permission+0x28f/0x4b0 [ 59.234173] ? rw_verify_area+0x35e/0x580 [ 59.238332] do_splice_direct+0x335/0x540 [ 59.242488] do_sendfile+0x1067/0x1e40 [ 59.246403] SYSC_sendfile64+0x1b3/0x300 [ 59.250472] SyS_sendfile64+0x64/0x90 [ 59.254275] do_syscall_64+0x309/0x430 [ 59.258165] ? SYSC_sendfile+0x320/0x320 [ 59.262232] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.267420] RIP: 0033:0x455259 [ 59.270601] RSP: 002b:00007f0d95965c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 59.278311] RAX: ffffffffffffffda RBX: 00007f0d959666d4 RCX: 0000000000455259 [ 59.285575] RDX: 0000000020000200 RSI: 0000000000000015 RDI: 0000000000000014 [ 59.292871] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.300136] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff [ 59.307396] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 59.314644] [ 59.316249] Uninit was created at: [ 59.319773] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 59.324777] kmsan_alloc_page+0x82/0xe0 [ 59.328743] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 59.333486] alloc_pages_vma+0xcc8/0x1800 [ 59.337619] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 59.342612] shmem_getpage_gfp+0x35db/0x5770 [ 59.347004] shmem_fallocate+0xde2/0x1610 [ 59.351139] vfs_fallocate+0x9dc/0xde0 [ 59.355013] SYSC_fallocate+0x119/0x1d0 [ 59.358983] SyS_fallocate+0x64/0x90 [ 59.362681] do_syscall_64+0x309/0x430 [ 59.366550] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.371715] ================================================================== [ 59.379052] Disabling lock debugging due to kernel taint [ 59.384487] Kernel panic - not syncing: panic_on_warn set ... [ 59.384487] [ 59.391847] CPU: 1 PID: 5145 Comm: syz-executor7 Tainted: G B 4.16.0+ #82 [ 59.399963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.409291] Call Trace: [ 59.411860] dump_stack+0x185/0x1d0 [ 59.415467] panic+0x39d/0x940 [ 59.418664] ? crc32_le+0x4c2/0xcd0 [ 59.422281] kmsan_report+0x238/0x240 [ 59.426069] __msan_warning_32+0x6c/0xb0 [ 59.430117] crc32_le+0x4c2/0xcd0 [ 59.433556] crc32_pclmul_le+0x1e7/0x340 [ 59.437606] ? rds_send_xmit+0x87e/0x3910 [ 59.441744] crc32_pclmul_finup+0xc4/0x130 [ 59.445956] ? crc32_pclmul_final+0xd0/0xd0 [ 59.450261] shash_ahash_finup+0x468/0xa30 [ 59.454477] shash_ahash_digest+0x5c6/0x600 [ 59.458790] shash_async_digest+0x11c/0x1b0 [ 59.463106] crypto_ahash_op+0x89a/0xc10 [ 59.467169] ? __kmalloc+0x23c/0x350 [ 59.470871] ? shash_async_finup+0x1b0/0x1b0 [ 59.475255] ? shash_async_finup+0x1b0/0x1b0 [ 59.479645] crypto_ahash_digest+0xe4/0x160 [ 59.483949] hash_sendpage+0xb40/0xe10 [ 59.487839] ? hash_recvmsg+0xd50/0xd50 [ 59.491802] sock_sendpage+0x1de/0x2c0 [ 59.495682] pipe_to_sendpage+0x31b/0x430 [ 59.499811] ? sock_fasync+0x2b0/0x2b0 [ 59.503680] ? propagate_umount+0x3a30/0x3a30 [ 59.508162] __splice_from_pipe+0x49a/0xf30 [ 59.512470] ? generic_splice_sendpage+0x2a0/0x2a0 [ 59.517391] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 59.522744] generic_splice_sendpage+0x1c6/0x2a0 [ 59.527481] ? iter_file_splice_write+0x1710/0x1710 [ 59.532479] ? iter_file_splice_write+0x1710/0x1710 [ 59.537474] direct_splice_actor+0x19b/0x200 [ 59.541877] splice_direct_to_actor+0x764/0x1040 [ 59.546621] ? do_splice_direct+0x540/0x540 [ 59.550922] ? security_file_permission+0x28f/0x4b0 [ 59.555929] ? rw_verify_area+0x35e/0x580 [ 59.560084] do_splice_direct+0x335/0x540 [ 59.564235] do_sendfile+0x1067/0x1e40 [ 59.568121] SYSC_sendfile64+0x1b3/0x300 [ 59.572162] SyS_sendfile64+0x64/0x90 [ 59.575956] do_syscall_64+0x309/0x430 [ 59.579851] ? SYSC_sendfile+0x320/0x320 [ 59.583913] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.589098] RIP: 0033:0x455259 [ 59.592278] RSP: 002b:00007f0d95965c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 59.599984] RAX: ffffffffffffffda RBX: 00007f0d959666d4 RCX: 0000000000455259 [ 59.607245] RDX: 0000000020000200 RSI: 0000000000000015 RDI: 0000000000000014 [ 59.614514] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.621781] R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff [ 59.629048] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 59.636796] Dumping ftrace buffer: [ 59.640320] (ftrace buffer empty) [ 59.644003] Kernel Offset: disabled [ 59.647605] Rebooting in 86400 seconds..