INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. 2018/04/06 23:46:34 fuzzer started 2018/04/06 23:46:35 dialing manager at 10.128.0.26:38639 2018/04/06 23:46:41 kcov=true, comps=false 2018/04/06 23:46:43 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f0000000140)=@ethtool_cmd={0xa}}) 2018/04/06 23:46:44 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) 2018/04/06 23:46:44 executing program 7: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000380)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') mkdir(&(0x7f0000000180)='./control/file0\x00', 0x0) close(r0) 2018/04/06 23:46:44 executing program 1: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x1, &(0x7f0000000340)=[{&(0x7f0000000140), 0x0, 0x55c3}], 0x0, &(0x7f0000000780)=ANY=[]) write$evdev(r0, &(0x7f0000000280)=[{{0x0, 0x2710}}], 0x10) 2018/04/06 23:46:44 executing program 4: 2018/04/06 23:46:44 executing program 3: 2018/04/06 23:46:44 executing program 5: 2018/04/06 23:46:44 executing program 6: syzkaller login: [ 43.178287] ip (3743) used greatest stack depth: 54688 bytes left [ 43.733910] ip (3795) used greatest stack depth: 54672 bytes left [ 43.992970] ip (3818) used greatest stack depth: 54312 bytes left [ 44.861961] ip (3901) used greatest stack depth: 54296 bytes left [ 45.327453] ip (3944) used greatest stack depth: 54256 bytes left [ 46.844183] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.859884] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.048871] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.075586] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.147989] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.180095] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.256846] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.332914] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.576534] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.731789] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.854643] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.889408] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.063725] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.075054] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.084987] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.122173] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.286945] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.293280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.304602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.521094] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.527315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.540545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.622096] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.628330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.639589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.669078] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.679438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.710819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.735577] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.751156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.775933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.841285] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.847529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.858118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.910795] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.917340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.936719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.955789] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.965835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.015504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/06 23:47:00 executing program 5: [ 57.875745] ================================================================== [ 57.883170] BUG: KMSAN: uninit-value in copy_page_to_iter+0x754/0x1b70 [ 57.889837] CPU: 0 PID: 5041 Comm: blkid Not tainted 4.16.0+ #81 [ 57.895972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.905320] Call Trace: [ 57.907910] dump_stack+0x185/0x1d0 [ 57.911544] ? kmsan_internal_check_memory+0x145/0x1d0 [ 57.916819] kmsan_report+0x142/0x240 [ 57.920622] kmsan_internal_check_memory+0x164/0x1d0 [ 57.925721] kmsan_copy_to_user+0x69/0x160 [ 57.929959] copy_page_to_iter+0x754/0x1b70 [ 57.934289] generic_file_read_iter+0x2ee8/0x43f0 [ 57.939151] blkdev_read_iter+0x20d/0x280 [ 57.943305] ? blkdev_write_iter+0x5f0/0x5f0 [ 57.947707] __vfs_read+0x6fb/0x8e0 [ 57.951335] vfs_read+0x36c/0x6c0 [ 57.954790] SYSC_read+0x172/0x360 [ 57.958329] SyS_read+0x55/0x80 [ 57.961605] do_syscall_64+0x309/0x430 [ 57.965494] ? vfs_write+0x8d0/0x8d0 [ 57.969215] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.974399] RIP: 0033:0x7fe46ce45310 [ 57.978103] RSP: 002b:00007ffebacf7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 57.985807] RAX: ffffffffffffffda RBX: 0000000000000c00 RCX: 00007fe46ce45310 [ 57.993072] RDX: 0000000000000400 RSI: 00000000024a62b8 RDI: 0000000000000003 [ 58.000333] RBP: 00000000024a6290 R08: 0000000000000028 R09: 0000000001680000 [ 58.007598] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000024a5030 [ 58.014859] R13: 0000000000000400 R14: 00000000024a5080 R15: 00000000024a62a8 [ 58.022123] [ 58.023740] Uninit was stored to memory at: [ 58.028060] kmsan_internal_chain_origin+0x12b/0x210 [ 58.033160] kmsan_memcpy_origins+0x11d/0x170 [ 58.037650] __msan_memcpy+0x19f/0x1f0 [ 58.041534] _copy_to_iter+0x852/0x28f0 [ 58.045506] copy_page_to_iter+0x383/0x1b70 [ 58.049822] shmem_file_read_iter+0x99f/0x1180 [ 58.054397] do_iter_readv_writev+0x7bb/0x970 [ 58.058889] do_iter_read+0x303/0xd70 [ 58.062684] vfs_iter_read+0x118/0x180 [ 58.066571] loop_queue_work+0x270e/0x3ef0 [ 58.070802] kthread_worker_fn+0x58f/0x900 [ 58.075036] loop_kthread_worker_fn+0x90/0xb0 [ 58.079525] kthread+0x539/0x720 [ 58.082893] ret_from_fork+0x35/0x40 [ 58.086594] Uninit was created at: [ 58.090130] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 58.095139] kmsan_alloc_page+0x82/0xe0 [ 58.099112] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 58.103866] alloc_pages_vma+0xcc8/0x1800 [ 58.108023] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 58.113040] shmem_getpage_gfp+0x35db/0x5770 [ 58.117445] shmem_file_read_iter+0x508/0x1180 [ 58.122030] do_iter_readv_writev+0x7bb/0x970 [ 58.126521] do_iter_read+0x303/0xd70 [ 58.130318] vfs_iter_read+0x118/0x180 [ 58.134196] loop_queue_work+0x270e/0x3ef0 [ 58.138425] kthread_worker_fn+0x58f/0x900 [ 58.142652] loop_kthread_worker_fn+0x90/0xb0 [ 58.147144] kthread+0x539/0x720 [ 58.150509] ret_from_fork+0x35/0x40 [ 58.154214] [ 58.155835] Bytes 0-1023 of 1024 are uninitialized [ 58.160746] ================================================================== [ 58.168093] Disabling lock debugging due to kernel taint [ 58.173532] Kernel panic - not syncing: panic_on_warn set ... [ 58.173532] [ 58.180895] CPU: 0 PID: 5041 Comm: blkid Tainted: G B 4.16.0+ #81 [ 58.188328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.197672] Call Trace: [ 58.200258] dump_stack+0x185/0x1d0 [ 58.203883] panic+0x39d/0x940 [ 58.207093] ? kmsan_internal_check_memory+0x145/0x1d0 [ 58.212364] kmsan_report+0x238/0x240 [ 58.216166] kmsan_internal_check_memory+0x164/0x1d0 [ 58.221273] kmsan_copy_to_user+0x69/0x160 [ 58.225511] copy_page_to_iter+0x754/0x1b70 [ 58.229838] generic_file_read_iter+0x2ee8/0x43f0 [ 58.234694] blkdev_read_iter+0x20d/0x280 [ 58.238846] ? blkdev_write_iter+0x5f0/0x5f0 [ 58.243251] __vfs_read+0x6fb/0x8e0 [ 58.246883] vfs_read+0x36c/0x6c0 [ 58.250338] SYSC_read+0x172/0x360 [ 58.253882] SyS_read+0x55/0x80 [ 58.257162] do_syscall_64+0x309/0x430 [ 58.261053] ? vfs_write+0x8d0/0x8d0 [ 58.264769] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.269955] RIP: 0033:0x7fe46ce45310 [ 58.273656] RSP: 002b:00007ffebacf7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 58.281362] RAX: ffffffffffffffda RBX: 0000000000000c00 RCX: 00007fe46ce45310 [ 58.288623] RDX: 0000000000000400 RSI: 00000000024a62b8 RDI: 0000000000000003 [ 58.295885] RBP: 00000000024a6290 R08: 0000000000000028 R09: 0000000001680000 [ 58.303147] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000024a5030 [ 58.310410] R13: 0000000000000400 R14: 00000000024a5080 R15: 00000000024a62a8 [ 58.318131] Dumping ftrace buffer: [ 58.321654] (ftrace buffer empty) [ 58.325337] Kernel Offset: disabled [ 58.328938] Rebooting in 86400 seconds..