INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. 2018/04/06 23:40:58 fuzzer started 2018/04/06 23:40:58 dialing manager at 10.128.0.26:38639 2018/04/06 23:41:04 kcov=true, comps=false 2018/04/06 23:41:07 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x42}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0xffffffffffffff11, &(0x7f00001a7f05)=""/251}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000000)) 2018/04/06 23:41:07 executing program 2: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000df8fd9)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) recvmsg(r0, &(0x7f00000000c0)={&(0x7f0000fb9000)=@sco, 0x80, &(0x7f0000e9c000)=[{&(0x7f0000000300)=""/219, 0x45f}, {&(0x7f0000000400)=""/43, 0x2b}, {&(0x7f0000000440)=""/54, 0x36}, {&(0x7f0000466000)=""/4096, 0x1000}, {&(0x7f0000000000)=""/142, 0x8e}, {&(0x7f0000ba9fd5)=""/43, 0x2b}, {&(0x7f0000820000)=""/185, 0xb9}, {&(0x7f0000000200)=""/243, 0xf3}, {&(0x7f00001b1ffd)=""/53, 0x35}], 0x9, &(0x7f0000000180)=""/81, 0x23}, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) 2018/04/06 23:41:07 executing program 7: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00007e5000)={0xffffffffffffffff}) bind(r0, &(0x7f0000f70000)=@un=@file={0x1, './file0\x00'}, 0xa) connect$unix(r0, &(0x7f0000c8e000)=@file={0x1, './file0\x00'}, 0xa) 2018/04/06 23:41:07 executing program 1: r0 = socket(0x18, 0x0, 0x1) connect(r0, &(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x2, {0xa}}}, 0x32) setsockopt(r0, 0x500000000000111, 0x1, &(0x7f0000000040)='\x00\x00\x00\x00', 0x4) 2018/04/06 23:41:07 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00007e5000)={0xffffffffffffffff}) connect$unix(r0, &(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e) 2018/04/06 23:41:07 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00007e5000)={0xffffffffffffffff, 0xffffffffffffffff}) bind(r0, &(0x7f0000f70000)=@un=@file={0x1, './file0\x00'}, 0xa) connect$unix(r1, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) 2018/04/06 23:41:07 executing program 5: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) gettid() syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x1, &(0x7f0000000340)=[{&(0x7f0000000140), 0x0, 0x55c3}], 0x0, &(0x7f0000000780)=ANY=[]) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) write$cgroup_pid(r0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000140)=ANY=[]], 0x4) 2018/04/06 23:41:07 executing program 6: getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000080), &(0x7f0000000100)=0x60) r0 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) fsetxattr(r0, &(0x7f0000e06fe8)=@known='system.posix_acl_access\x00', &(0x7f0000a88ff4)="020000000800001fffffe100", 0xffcc, 0x0) syzkaller login: [ 41.747430] ip (3759) used greatest stack depth: 54672 bytes left [ 41.983741] ip (3780) used greatest stack depth: 54656 bytes left [ 42.163103] ip (3800) used greatest stack depth: 54312 bytes left [ 43.278559] ip (3905) used greatest stack depth: 54200 bytes left [ 44.650527] ip (4023) used greatest stack depth: 53976 bytes left [ 45.290440] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.393898] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.427381] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.524994] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.568381] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.685122] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.789573] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.887497] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.181426] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.465359] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.546881] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.565144] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.635369] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.662210] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.726391] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.893805] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.020173] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.026416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.039587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.238943] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.245240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.253822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.287587] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.295435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.322598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.356632] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.362879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.398844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.433997] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.440319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.450101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.490066] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.513146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.533974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.565563] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.572871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.616645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.716993] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.723366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.734693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/06 23:41:24 executing program 7: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x142}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0xffffffffffffff11, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0xffffffffffffffe0, 0x730000, 0x1, &(0x7f00000003c0)) 2018/04/06 23:41:25 executing program 0: perf_event_open(&(0x7f0000fdef88)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xca, &(0x7f0000f04000)={{0xa}, {0xa}}, 0x5c) 2018/04/06 23:41:25 executing program 1: 2018/04/06 23:41:25 executing program 5: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) gettid() syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x1, &(0x7f0000000340)=[{&(0x7f0000000140), 0x0, 0x55c3}], 0x0, &(0x7f0000000780)=ANY=[]) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) write$cgroup_pid(r0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000140)=ANY=[]], 0x4) 2018/04/06 23:41:25 executing program 3: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) gettid() syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x1, &(0x7f0000000340)=[{&(0x7f0000000140), 0x0, 0x55c3}], 0x0, &(0x7f0000000780)=ANY=[]) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) write$cgroup_pid(r0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000140)=ANY=[]], 0x4) 2018/04/06 23:41:25 executing program 2: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000df8fd9)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) recvmsg(r0, &(0x7f00000000c0)={&(0x7f0000fb9000)=@sco, 0x80, &(0x7f0000e9c000)=[{&(0x7f0000000300)=""/219, 0x45f}, {&(0x7f0000000400)=""/43, 0x2b}, {&(0x7f0000000440)=""/54, 0x36}, {&(0x7f0000466000)=""/4096, 0x1000}, {&(0x7f0000000000)=""/142, 0x8e}, {&(0x7f0000ba9fd5)=""/43, 0x2b}, {&(0x7f0000820000)=""/185, 0xb9}, {&(0x7f0000000200)=""/243, 0xf3}, {&(0x7f00001b1ffd)=""/53, 0x35}], 0x9, &(0x7f0000000180)=""/81, 0x23}, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) 2018/04/06 23:41:25 executing program 7: 2018/04/06 23:41:25 executing program 6: getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000080), &(0x7f0000000100)=0x60) r0 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) fsetxattr(r0, &(0x7f0000e06fe8)=@known='system.posix_acl_access\x00', &(0x7f0000a88ff4)="020000000800001fffffe100", 0xffcc, 0x0) 2018/04/06 23:41:25 executing program 4: 2018/04/06 23:41:25 executing program 7: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000080)='H', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) shutdown(r0, 0x1) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x6c, &(0x7f0000000480)={0x0, @in={{0x2}}}, &(0x7f0000000340)=0x100) [ 57.289451] ================================================================== [ 57.296885] BUG: KMSAN: uninit-value in copy_page_to_iter+0x754/0x1b70 [ 57.303560] CPU: 0 PID: 5119 Comm: blkid Not tainted 4.16.0+ #81 [ 57.309704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.319052] Call Trace: [ 57.321644] dump_stack+0x185/0x1d0 [ 57.325273] ? kmsan_internal_check_memory+0x145/0x1d0 [ 57.330548] kmsan_report+0x142/0x240 [ 57.334353] kmsan_internal_check_memory+0x164/0x1d0 [ 57.339462] kmsan_copy_to_user+0x69/0x160 [ 57.343698] copy_page_to_iter+0x754/0x1b70 [ 57.348027] generic_file_read_iter+0x2ee8/0x43f0 [ 57.352886] blkdev_read_iter+0x20d/0x280 [ 57.357040] ? blkdev_write_iter+0x5f0/0x5f0 [ 57.361452] __vfs_read+0x6fb/0x8e0 [ 57.365084] vfs_read+0x36c/0x6c0 [ 57.368536] SYSC_read+0x172/0x360 [ 57.372061] SyS_read+0x55/0x80 [ 57.375324] do_syscall_64+0x309/0x430 [ 57.379193] ? vfs_write+0x8d0/0x8d0 [ 57.382892] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.388059] RIP: 0033:0x7f01d763e310 [ 57.391750] RSP: 002b:00007ffc9466ec48 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 57.399439] RAX: ffffffffffffffda RBX: 0000000000000c00 RCX: 00007f01d763e310 [ 57.406701] RDX: 0000000000000400 RSI: 00000000019992b8 RDI: 0000000000000003 [ 57.413950] RBP: 0000000001999290 R08: 0000000000000028 R09: 0000000001680000 [ 57.421201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001998030 [ 57.428454] R13: 0000000000000400 R14: 0000000001998080 R15: 00000000019992a8 [ 57.435704] [ 57.437308] Uninit was stored to memory at: [ 57.441611] kmsan_internal_chain_origin+0x12b/0x210 [ 57.446691] kmsan_memcpy_origins+0x11d/0x170 [ 57.451164] __msan_memcpy+0x19f/0x1f0 [ 57.455036] _copy_to_iter+0x852/0x28f0 [ 57.458992] copy_page_to_iter+0x383/0x1b70 [ 57.463298] shmem_file_read_iter+0x99f/0x1180 [ 57.467858] do_iter_readv_writev+0x7bb/0x970 [ 57.472336] do_iter_read+0x303/0xd70 [ 57.476118] vfs_iter_read+0x118/0x180 [ 57.479985] loop_queue_work+0x270e/0x3ef0 [ 57.484200] kthread_worker_fn+0x58f/0x900 [ 57.488414] loop_kthread_worker_fn+0x90/0xb0 [ 57.492886] kthread+0x539/0x720 [ 57.496232] ret_from_fork+0x35/0x40 [ 57.500927] Uninit was created at: [ 57.504456] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.509456] kmsan_alloc_page+0x82/0xe0 [ 57.513411] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.518147] alloc_pages_vma+0xcc8/0x1800 [ 57.522276] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 57.527271] shmem_getpage_gfp+0x35db/0x5770 [ 57.531661] shmem_file_read_iter+0x508/0x1180 [ 57.536220] do_iter_readv_writev+0x7bb/0x970 [ 57.540700] do_iter_read+0x303/0xd70 [ 57.544481] vfs_iter_read+0x118/0x180 [ 57.548350] loop_queue_work+0x270e/0x3ef0 [ 57.552563] kthread_worker_fn+0x58f/0x900 [ 57.556778] loop_kthread_worker_fn+0x90/0xb0 [ 57.561251] kthread+0x539/0x720 [ 57.564600] ret_from_fork+0x35/0x40 [ 57.568289] [ 57.569894] Bytes 0-1023 of 1024 are uninitialized [ 57.574798] ================================================================== [ 57.582130] Disabling lock debugging due to kernel taint [ 57.587558] Kernel panic - not syncing: panic_on_warn set ... [ 57.587558] [ 57.594906] CPU: 0 PID: 5119 Comm: blkid Tainted: G B 4.16.0+ #81 [ 57.602349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.611680] Call Trace: [ 57.614254] dump_stack+0x185/0x1d0 [ 57.617861] panic+0x39d/0x940 [ 57.621053] ? kmsan_internal_check_memory+0x145/0x1d0 [ 57.626308] kmsan_report+0x238/0x240 [ 57.630103] kmsan_internal_check_memory+0x164/0x1d0 [ 57.635188] kmsan_copy_to_user+0x69/0x160 [ 57.639404] copy_page_to_iter+0x754/0x1b70 [ 57.643713] generic_file_read_iter+0x2ee8/0x43f0 [ 57.648549] blkdev_read_iter+0x20d/0x280 [ 57.652683] ? blkdev_write_iter+0x5f0/0x5f0 [ 57.657075] __vfs_read+0x6fb/0x8e0 [ 57.660689] vfs_read+0x36c/0x6c0 [ 57.664129] SYSC_read+0x172/0x360 [ 57.667654] SyS_read+0x55/0x80 [ 57.670914] do_syscall_64+0x309/0x430 [ 57.674784] ? vfs_write+0x8d0/0x8d0 [ 57.678480] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.683651] RIP: 0033:0x7f01d763e310 [ 57.687341] RSP: 002b:00007ffc9466ec48 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 57.695035] RAX: ffffffffffffffda RBX: 0000000000000c00 RCX: 00007f01d763e310 [ 57.702284] RDX: 0000000000000400 RSI: 00000000019992b8 RDI: 0000000000000003 [ 57.709535] RBP: 0000000001999290 R08: 0000000000000028 R09: 0000000001680000 [ 57.716784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001998030 [ 57.724034] R13: 0000000000000400 R14: 0000000001998080 R15: 00000000019992a8 [ 57.731761] Dumping ftrace buffer: [ 57.735278] (ftrace buffer empty) [ 57.738959] Kernel Offset: disabled [ 57.742558] Rebooting in 86400 seconds..