INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. 2018/04/07 08:47:17 fuzzer started 2018/04/07 08:47:18 dialing manager at 10.128.0.26:38639 2018/04/07 08:47:24 kcov=true, comps=false 2018/04/07 08:47:27 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000331000)={0x1, 0x2, 0x7f, 0x9}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000ba000)={r0, &(0x7f00002ae000), &(0x7f0000260ff8)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000394000)={r0, &(0x7f00002d0000), &(0x7f00000a8fe5)=""/27}, 0x18) 2018/04/07 08:47:27 executing program 2: r0 = add_key$keyring(&(0x7f00001ba000)='keyring\x00', &(0x7f0000317ffb)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f000044f000)='/dev/snd/pcmC#D#c\x00') 2018/04/07 08:47:27 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000797ff7)='/dev/sg#\x00', 0x0, 0x0) ioctl(r0, 0x20000000002285, &(0x7f000097d000)="53000000012e2a6824f7ac05") 2018/04/07 08:47:27 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000014000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000021000)={0x0, 0x3, 0x3}) 2018/04/07 08:47:27 executing program 4: mkdir(&(0x7f00006a2000)='./file0\x00', 0x6a) capset(&(0x7f00001b4ff8)={0x19980330}, &(0x7f000077ffe8)) chroot(&(0x7f00009ad000)='./file0\x00') 2018/04/07 08:47:27 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000822000)='/dev/input/event#\x00', 0x0, 0x0) ioctl(r0, 0x800000080004533, &(0x7f0000824000)) 2018/04/07 08:47:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000859000)='/dev/usbmon#\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x0, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 2018/04/07 08:47:27 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000072fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000506ff0)=""/16) syzkaller login: [ 44.140581] ip (3812) used greatest stack depth: 54312 bytes left [ 45.086739] ip (3905) used greatest stack depth: 54200 bytes left [ 45.836856] ip (3965) used greatest stack depth: 54024 bytes left [ 46.989931] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.156818] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.246274] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.257699] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.289069] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.309350] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.393947] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.579956] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.747976] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.921917] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.124947] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.185749] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.208546] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.238095] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.513638] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.522107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.535166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.569363] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.584737] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.730928] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.737284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.750581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.842272] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.848536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.857651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.964579] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.970877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.979643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.015159] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.021417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.034449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.072549] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.078812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.089817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.345313] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.351612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.366234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.403391] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.413168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.452480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.800821] capability: warning: `syz-executor4' uses 32-bit capabilities (legacy support in use) 2018/04/07 08:47:44 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x3000000000000022, &(0x7f0000356000)=0x5, 0x4) 2018/04/07 08:47:44 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000fb1fee)='/dev/input/event#\x00', 0x20, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80284504, &(0x7f0000ed2fd8)={0x0, 0x2, 0x0, 0x0, "fe6498d653b4278058225586db142cdec67a4c17545274946a94771f398b4046"}) 2018/04/07 08:47:44 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00005a5000)={&(0x7f0000d1e000)={0x10}, 0xc, &(0x7f0000007000)={&(0x7f0000a08000)={0x1c, 0x10000000000018, 0x109, 0xffffffffffffffff, 0xffffffffffffffff, {0x40000001}, [@nested={0x8, 0x3, [@generic="d0"]}]}, 0x1c}, 0x1}, 0x0) 2018/04/07 08:47:44 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000237fee)='/dev/input/event#\x00', 0x2, 0x28001) write$evdev(r0, &(0x7f0000f15fd0)=[{{}, 0x1, 0x63, 0x2}, {}], 0x20) 2018/04/07 08:47:44 executing program 6: splice(0xffffffffffffffff, &(0x7f0000002ff8), 0xffffffffffffffff, &(0x7f0000001ff8), 0x4, 0xb55e82d11ed2204) 2018/04/07 08:47:44 executing program 7: perf_event_open(&(0x7f0000857f88)={0x2, 0x78, 0x160bea5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00001d3000)='./file0\x00', 0x0) fcntl$lock(r0, 0x6, &(0x7f0000d36000)) 2018/04/07 08:47:44 executing program 2: mkdir(&(0x7f0000639000)='./file0\x00', 0x0) r0 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x0) unshare(0x40600) pwrite64(r0, &(0x7f0000682000), 0x0, 0x0) 2018/04/07 08:47:44 executing program 1: bpf$BPF_GET_MAP_INFO(0xb, &(0x7f0000001ff0)={0x1, 0x28, &(0x7f0000008000)}, 0x10) 2018/04/07 08:47:44 executing program 6: pipe2(&(0x7f00008bfff8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r0, 0x407, 0x0) write$evdev(r1, &(0x7f00005d7fa0)=[{{0x77359400}}], 0x18) vmsplice(r1, &(0x7f0000fccff0)=[{&(0x7f0000011fff)}], 0x1, 0x3) 2018/04/07 08:47:44 executing program 0: ioprio_set$uid(0x0, 0x0, 0x34f3) 2018/04/07 08:47:44 executing program 1: munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) get_mempolicy(&(0x7f0000000580), &(0x7f00000005c0), 0x7ffd, &(0x7f0000000000/0x2000)=nil, 0x4) 2018/04/07 08:47:44 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000040), 0x1) 2018/04/07 08:47:44 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) 2018/04/07 08:47:44 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) fsetxattr(r0, &(0x7f0000002000)=@random={'btrfs.\x00', '\x00'}, &(0x7f0000013000)='\x00', 0x1, 0x0) 2018/04/07 08:47:44 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) clone(0x20080100, &(0x7f0000000280), &(0x7f0000000100), &(0x7f0000bd1000), &(0x7f0000000140)) 2018/04/07 08:47:44 executing program 5: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) open(&(0x7f0000d90ff8)='./file0\x00', 0xff78784f70e1668e, 0x0) 2018/04/07 08:47:44 executing program 7: mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x2000, 0x0, &(0x7f0000005000/0x2000)=nil) mremap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3000, 0x0, &(0x7f0000003000/0x3000)=nil) 2018/04/07 08:47:44 executing program 0: r0 = socket(0x1e, 0x1, 0x0) listen(r0, 0x0) ppoll(&(0x7f00006ae000)=[{r0}], 0x1, &(0x7f0000c36000)={0x0, 0x989680}, &(0x7f0000a7b000), 0x8) 2018/04/07 08:47:45 executing program 6: pipe2(&(0x7f00008bfff8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r0, 0x407, 0x0) write$evdev(r1, &(0x7f00005d7fa0)=[{{0x77359400}}], 0x18) vmsplice(r1, &(0x7f0000fccff0)=[{&(0x7f0000011fff)}], 0x1, 0x3) 2018/04/07 08:47:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x0) ioctl(r0, 0x2288, &(0x7f0000c95ffe)) 2018/04/07 08:47:45 executing program 3: unshare(0x20000400) r0 = socket(0x10, 0x2, 0x0) fstatfs(r0, &(0x7f0000000f90)=""/112) 2018/04/07 08:47:45 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_int(r0, 0x0, 0x13, &(0x7f000089cffc), &(0x7f0000466000)=0x4) 2018/04/07 08:47:45 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0xd, &(0x7f0000f05000), 0x4) 2018/04/07 08:47:45 executing program 0: setrlimit(0x1000000000000007, &(0x7f000068d000)) mq_open(&(0x7f0000000000)='-$\x00', 0x0, 0x0, &(0x7f0000664fc0)) 2018/04/07 08:47:45 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000001, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000799ffc), &(0x7f000085f000)=0x4) 2018/04/07 08:47:45 executing program 7: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x5, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt(r0, 0x114, 0x5, &(0x7f0000000ffc)="04000000", 0x4) 2018/04/07 08:47:45 executing program 0: keyctl$dh_compute(0x17, &(0x7f000003e000), &(0x7f0000000000)=""/4096, 0x1000, &(0x7f0000000000)={&(0x7f0000000000)={'rmd320-generic\x00'}, &(0x7f0000a5afed)}) 2018/04/07 08:47:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000004fc8)={&(0x7f00002c8ff4)={0x10}, 0xc, &(0x7f0000015000)={&(0x7f0000016918)={0x24, 0x2000002c, 0x443, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@nested={0x10, 0x0, [@typed={0xc, 0x0, @pid}]}]}, 0x24}, 0x1}, 0x0) 2018/04/07 08:47:45 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00007a7000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x1000000009376, &(0x7f00007c7fa2)) 2018/04/07 08:47:45 executing program 6: perf_event_open(&(0x7f000001d000)={0x0, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000ab5ff7)='/dev/sg#\x00', 0x0, 0x0) ioctl(r0, 0x2287, &(0x7f0000000fff)) 2018/04/07 08:47:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000028000)={0x0}, &(0x7f0000028000)=0xc) capget(&(0x7f0000004000)={0x20080522, r1}, &(0x7f000001a000)) 2018/04/07 08:47:45 executing program 4: mkdir(&(0x7f0000632000)='./file0\x00', 0x0) mount(&(0x7f0000e84ff8)='./file0\x00', &(0x7f0000014ff8)='./file0\x00', &(0x7f00009ee000)='autofs\x00', 0x0, &(0x7f00005b7f24)="936602ffb5312b579d0c7d6fce26fbd19847e8af260b25ee22b126df259e8b3f3901d252260518d2d1d83c86a457490d996a28ffcaf9982375ab6b44431f1f40ad57ff810f52765be6442c") 2018/04/07 08:47:45 executing program 7: r0 = socket$inet(0x2, 0x1, 0x0) getsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000221ffc), &(0x7f0000956000)=0x4) 2018/04/07 08:47:45 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000984000)='setgroups\x00') mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000b97000)=[{&(0x7f0000962000)='1', 0x1}], 0x1) 2018/04/07 08:47:45 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl(r0, 0x2271, &(0x7f0000001000)) 2018/04/07 08:47:45 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000074000), 0x4) getsockopt$inet_tcp_buf(r1, 0x6, 0xb, &(0x7f0000aa8000)=""/202, &(0x7f0000384000)=0xca) 2018/04/07 08:47:45 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f0000cdfff4)=@proc={0x10, 0x0, 0xffffffffffffffff, 0x800}, 0xc) getpeername$netlink(r0, &(0x7f0000195000), &(0x7f000075effc)=0xc) 2018/04/07 08:47:45 executing program 6: r0 = syz_open_dev$evdev(&(0x7f000000a000)='/dev/input/event#\x00', 0x2, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f000000a000)) 2018/04/07 08:47:45 executing program 0: timer_create(0x0, &(0x7f0000adafa0)={0x0, 0x1c, 0x0, @thr={&(0x7f00003b6000), &(0x7f00001a2fa8)}}, &(0x7f000019cffc)) r0 = syz_open_procfs(0x0, &(0x7f0000337ff2)='timers\x00') timer_create(0x0, &(0x7f0000477fa0)={0x0, 0x0, 0x1, @thr={&(0x7f00004e1000), &(0x7f0000bb4000)}}, &(0x7f0000b01ffc)) preadv(r0, &(0x7f00005e2ff0)=[{&(0x7f000036b000)=""/100, 0x64}], 0x1, 0x0) 2018/04/07 08:47:45 executing program 7: r0 = socket$packet(0x11, 0x800000000000003, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000c34000), 0x4) getsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000f68000), &(0x7f0000b52ffc)=0x4) 2018/04/07 08:47:45 executing program 2: r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r0, 0x10d, 0x800000000e, &(0x7f0000000fff), 0x0) 2018/04/07 08:47:45 executing program 5: r0 = inotify_init1(0x0) r1 = getpgid(0x0) fcntl$setown(r0, 0x8, r1) fcntl$getownex(r0, 0x10, &(0x7f0000001000)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x400000000) 2018/04/07 08:47:45 executing program 4: clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_create(0xb, &(0x7f00003a3fa8)={0x0, 0x0, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000b23ffc)) timer_settime(0x0, 0x0, &(0x7f0000687000)={{r0}, {0x0, r1}}, &(0x7f0000956000)) timer_gettime(0x0, &(0x7f0000c13ff0)) 2018/04/07 08:47:45 executing program 3: r0 = socket(0x20000000000000a, 0x2, 0x0) connect(r0, &(0x7f0000622f80)=@generic={0x3, "dc9ce0fa7349447a5180e20d42dd0930e26e1709aa7aaa0f5a7e8ab61bd27c891495e60100db0d2772febfd6a9657a04a2cf779b09770089adc94bb9baca63a49ddb220f8732eb22d74ca029005b9932dd12aa0deb7be64e411cdc7b22deafaa78e25ce6f6ea0689bc4ae551aa2a8ad8508ae3bc4917e596b85af88e0ef5"}, 0x80) 2018/04/07 08:47:45 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) fremovexattr(r0, &(0x7f0000498fec)=@known='security.capability\x00') 2018/04/07 08:47:45 executing program 1: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00009d3f6c)="80af0a9684df8699e66871165a64f2181e886a5572b4d98f2c226f4959336ea948648584fbf248ab49c8ea2621089ad5fcb46ec6047362b89a246edfa7553590a583d10a5078ac9a0e3aa12953ed7fd3a0a05a8e4bd9d14977c8a10564e7d823cef09ecc401d5e1e5d3e1b35096dd799bd23e644041ad3c81c9d02432e6d66b2661d3e3236389e0188deaabb2d2906271931d6167a9eb1c8f38065041aaba7d76a3bde47c185764ad6895e299b0f5edce6e304e657e30ec5a1570e4e33e3f185fb44d4c2317c2e198ce6ecbfe36474af25988a0a0eea051b8280b03beb487274928e67083d33e4beb923f33aea35f570d30e1c6bf8f0bf478af00856f84d0d6d54ebf697d7886a22e6add0") 2018/04/07 08:47:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2018/04/07 08:47:46 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00003dd000)='./file0\x00', &(0x7f00004f5ff8)='./file0\x00', &(0x7f00000e1000)='ramfs\x00', 0x801, &(0x7f000092f000)) statfs(&(0x7f0000b08000)='./file0\x00', &(0x7f0000ac6781)=""/50) 2018/04/07 08:47:46 executing program 7: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_int(r0, 0x0, 0x15, &(0x7f00006adffc), 0x0) 2018/04/07 08:47:46 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000449ffc)=0x4, 0x48b) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000fa1ffe)=""/72, &(0x7f00006e3000)=0x48) 2018/04/07 08:47:46 executing program 4: r0 = perf_event_open(&(0x7f0000001f88)={0x1, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000f1f000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) mbind(&(0x7f0000f1f000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000ff8)=0xffff, 0x2, 0x0) 2018/04/07 08:47:46 executing program 3: r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x11, &(0x7f00009dcff0)={0x0, 0x0, 0x6}) rt_sigtimedwait(&(0x7f0000076000)={0x3ffff}, &(0x7f00007cb000), &(0x7f0000ff7ff0), 0x8) 2018/04/07 08:47:46 executing program 6: clock_adjtime(0x0, &(0x7f0000000f30)={0xfffffffffffffe03, 0x0, 0x4000000000000000}) 2018/04/07 08:47:46 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000463000), &(0x7f000088effc)=0x4) 2018/04/07 08:47:46 executing program 0: r0 = memfd_create(&(0x7f0000df9fc9)="657468312474727573746564776c616e3076626f786e657430747275737465646574683126766d6e65743010757365726e6f6465765d00", 0x400000000004) fallocate(r0, 0x20, 0x0, 0x87dc) 2018/04/07 08:47:46 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000042ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x73e0) sendfile(r1, r2, &(0x7f0000e64ff8), 0x8e18) sendfile(r1, r2, &(0x7f00007ed000), 0x2b) 2018/04/07 08:47:46 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x8000000000000003}, &(0x7f0000001ffc)=0x111) setsockopt$packet_int(r0, 0x107, 0x1, &(0x7f0000000000)=0x3, 0x327) 2018/04/07 08:47:46 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8002) write(r0, &(0x7f0000bfa000)="b6d3b85e1e8d225db3f3b29d7300000005cc796aed5ed2bc7018ce2c9b97ae21914d870000ffffbc9b16", 0x2a) write(r0, &(0x7f0000e8efa7)="dbef803e3d9f5de1e52055bb7c8a326fe46092b6682d9ad789c5d7acad0e771f13d8cb59029b011ded54a09c41c6cfcfbcd743cc665c32af223d42438b496a0304891c88697aff07d4a70f330e6fe3a1c9c76f314ffab329", 0x58) writev(r0, &(0x7f00001b6f90)=[{&(0x7f0000e43000)="e59bc053dce404317bb51f597ea6feb27c6371100ca6f5c53ded1c2f0fd1c92c1f8082c212f7feadb3af", 0x2a}], 0x1) ppoll(&(0x7f0000563fe0)=[{r0}], 0x1, &(0x7f0000313ff0), &(0x7f0000cee000), 0x8) 2018/04/07 08:47:46 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x8000001, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f00003b3ffc), &(0x7f0000b72000)=0x4) 2018/04/07 08:47:46 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x10, &(0x7f0000d6a000)=0x7, 0x4) 2018/04/07 08:47:46 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000449ffc)=0x4, 0x48b) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000fa1ffe)=""/72, &(0x7f00006e3000)=0x48) 2018/04/07 08:47:46 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000cd9ff4)='/dev/rfkill\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f000084fffc)) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000cba000)='/dev/rfkill\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000828000)) dup3(r1, r0, 0x0) 2018/04/07 08:47:46 executing program 2: r0 = memfd_create(&(0x7f0000834000)='I', 0x0) pwrite64(r0, &(0x7f00000a9000)="da1ed4c6dded1b78fc32304d94d0495eb57495f26bd5e020039135e969d62de70774035020e85d75ca98aa392bd9112c8139f55a2a9aee87aa62b0c9a368a1866279463154ba1d39b42c188aa87a1db69f69fbfd67731bfaf62b639f911c4fe5aa163574d70d3127cad9d17ea2b888dfd9b4338d606825114f0aec9522b8eb85", 0x80, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2000005, 0x11, r0, 0x0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000734000)='./file0\x00') readlink(&(0x7f0000fdf000)='./file0\x00', &(0x7f0000c9ffff)=""/1, 0x1) [ 60.428869] ================================================================== [ 60.436303] BUG: KMSAN: uninit-value in sha512_generic_block_fn+0x237f/0x2b90 [ 60.443582] CPU: 0 PID: 5254 Comm: syz-executor4 Not tainted 4.16.0+ #81 [ 60.450415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.459760] Call Trace: [ 60.459787] dump_stack+0x185/0x1d0 [ 60.459808] ? sha512_generic_block_fn+0x237f/0x2b90 [ 60.459821] kmsan_report+0x142/0x240 [ 60.459838] __msan_warning_32+0x6c/0xb0 [ 60.459855] sha512_generic_block_fn+0x237f/0x2b90 [ 60.459879] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.459893] ? find_lock_entry+0x157/0x720 [ 60.459920] ? page_mapping+0x300/0x480 [ 60.496965] crypto_sha512_update+0x4fb/0x590 [ 60.501471] ? sha224_base_init+0x220/0x220 [ 60.505802] shash_async_update+0x290/0x360 [ 60.510130] ? shash_async_init+0x270/0x270 [ 60.514456] hash_sendpage+0x904/0xe10 [ 60.518345] ? hash_recvmsg+0xd50/0xd50 [ 60.522323] sock_sendpage+0x1de/0x2c0 [ 60.526219] pipe_to_sendpage+0x31b/0x430 [ 60.530370] ? sock_fasync+0x2b0/0x2b0 [ 60.534266] ? propagate_umount+0x3a30/0x3a30 [ 60.538765] __splice_from_pipe+0x49a/0xf30 [ 60.543088] ? generic_splice_sendpage+0x2a0/0x2a0 [ 60.548022] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.553393] generic_splice_sendpage+0x1c6/0x2a0 [ 60.558154] ? iter_file_splice_write+0x1710/0x1710 [ 60.563172] ? iter_file_splice_write+0x1710/0x1710 [ 60.568535] direct_splice_actor+0x19b/0x200 [ 60.572950] splice_direct_to_actor+0x764/0x1040 [ 60.577710] ? do_splice_direct+0x540/0x540 [ 60.582038] ? security_file_permission+0x28f/0x4b0 [ 60.587061] ? rw_verify_area+0x35e/0x580 [ 60.591218] do_splice_direct+0x335/0x540 [ 60.595376] do_sendfile+0x1067/0x1e40 [ 60.599284] SYSC_sendfile64+0x1b3/0x300 [ 60.603353] SyS_sendfile64+0x64/0x90 [ 60.607154] do_syscall_64+0x309/0x430 [ 60.611050] ? SYSC_sendfile+0x320/0x320 [ 60.615117] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.620305] RIP: 0033:0x455259 [ 60.623489] RSP: 002b:00007f80a83dfc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 60.631198] RAX: ffffffffffffffda RBX: 00007f80a83e06d4 RCX: 0000000000455259 [ 60.631206] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 60.631213] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.631221] R10: 0000000000008e18 R11: 0000000000000246 R12: 00000000ffffffff [ 60.631228] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 60.631239] [ 60.631242] Uninit was created at: [ 60.631260] kmsan_alloc_meta_for_pages+0x161/0x3a0 2018/04/07 08:47:46 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000cd9ff4)='/dev/rfkill\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f000084fffc)) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000cba000)='/dev/rfkill\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000828000)) dup3(r1, r0, 0x0) 2018/04/07 08:47:46 executing program 6: capset(&(0x7f000043fff8)={0x19980330}, &(0x7f0000be5000)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x800400000484, &(0x7f0000e27fd4), 0x0) 2018/04/07 08:47:46 executing program 5: timer_create(0x800000000007, &(0x7f0000b3d000)={0x0, 0x3c, 0x0, @thr={&(0x7f000022f000), &(0x7f0000298000)}}, &(0x7f0000a7e000)) clock_gettime(0x0, &(0x7f000041aff0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f000005bfe0)={{}, {0x0, r0+30000000}}, &(0x7f0000046000)) timer_settime(0x0, 0x0, &(0x7f0000147000), &(0x7f0000040000)) [ 60.631271] kmsan_alloc_page+0x82/0xe0 [ 60.631285] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 60.631296] alloc_pages_vma+0xcc8/0x1800 [ 60.631310] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 60.631321] shmem_getpage_gfp+0x35db/0x5770 [ 60.631346] shmem_fallocate+0xde2/0x1610 [ 60.704172] vfs_fallocate+0x9dc/0xde0 [ 60.708061] SYSC_fallocate+0x119/0x1d0 [ 60.712030] SyS_fallocate+0x64/0x90 [ 60.715739] do_syscall_64+0x309/0x430 [ 60.719627] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.724801] ================================================================== [ 60.732146] Disabling lock debugging due to kernel taint [ 60.737587] Kernel panic - not syncing: panic_on_warn set ... [ 60.737587] [ 60.744972] CPU: 0 PID: 5254 Comm: syz-executor4 Tainted: G B 4.16.0+ #81 [ 60.753105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.762450] Call Trace: [ 60.765038] dump_stack+0x185/0x1d0 [ 60.768667] panic+0x39d/0x940 [ 60.771879] ? sha512_generic_block_fn+0x237f/0x2b90 2018/04/07 08:47:46 executing program 0: mkdir(&(0x7f00008e3ff8)='./file0\x00', 0x0) mount(&(0x7f000047dff8)='./file0\x00', &(0x7f00006e7ff8)='./file0\x00', &(0x7f00003ceff5)='securityfs\x00', 0x0, &(0x7f0000771fff)) [ 60.776979] kmsan_report+0x238/0x240 [ 60.780778] __msan_warning_32+0x6c/0xb0 [ 60.784843] sha512_generic_block_fn+0x237f/0x2b90 [ 60.789785] ? kmsan_set_origin_inline+0x6b/0x120 [ 60.794630] ? find_lock_entry+0x157/0x720 [ 60.798974] ? page_mapping+0x300/0x480 [ 60.802961] crypto_sha512_update+0x4fb/0x590 [ 60.807465] ? sha224_base_init+0x220/0x220 [ 60.811783] shash_async_update+0x290/0x360 [ 60.816106] ? shash_async_init+0x270/0x270 [ 60.820431] hash_sendpage+0x904/0xe10 [ 60.824322] ? hash_recvmsg+0xd50/0xd50 2018/04/07 08:47:46 executing program 6: r0 = socket(0x40000000015, 0x5, 0x0) connect$llc(r0, &(0x7f00008e2ff0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="2202ce37e7a3"}, 0x10) [ 60.828308] sock_sendpage+0x1de/0x2c0 [ 60.832201] pipe_to_sendpage+0x31b/0x430 [ 60.836347] ? sock_fasync+0x2b0/0x2b0 [ 60.840244] ? propagate_umount+0x3a30/0x3a30 [ 60.844746] __splice_from_pipe+0x49a/0xf30 [ 60.849070] ? generic_splice_sendpage+0x2a0/0x2a0 [ 60.854002] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.859369] generic_splice_sendpage+0x1c6/0x2a0 [ 60.864130] ? iter_file_splice_write+0x1710/0x1710 [ 60.869161] ? iter_file_splice_write+0x1710/0x1710 [ 60.874187] direct_splice_actor+0x19b/0x200 [ 60.878610] splice_direct_to_actor+0x764/0x1040 [ 60.883371] ? do_splice_direct+0x540/0x540 [ 60.887697] ? security_file_permission+0x28f/0x4b0 [ 60.892718] ? rw_verify_area+0x35e/0x580 [ 60.896869] do_splice_direct+0x335/0x540 [ 60.901026] do_sendfile+0x1067/0x1e40 [ 60.904931] SYSC_sendfile64+0x1b3/0x300 [ 60.909000] SyS_sendfile64+0x64/0x90 [ 60.912805] do_syscall_64+0x309/0x430 [ 60.916696] ? SYSC_sendfile+0x320/0x320 [ 60.920763] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.925948] RIP: 0033:0x455259 [ 60.929128] RSP: 002b:00007f80a83dfc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 60.936825] RAX: ffffffffffffffda RBX: 00007f80a83e06d4 RCX: 0000000000455259 [ 60.944087] RDX: 0000000020e64ff8 RSI: 0000000000000015 RDI: 0000000000000014 [ 60.951354] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.958622] R10: 0000000000008e18 R11: 0000000000000246 R12: 00000000ffffffff [ 60.965890] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 60.973638] Dumping ftrace buffer: [ 60.977162] (ftrace buffer empty) [ 60.980846] Kernel Offset: disabled [ 60.984445] Rebooting in 86400 seconds..