INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts. 2018/04/07 01:47:07 fuzzer started 2018/04/07 01:47:07 dialing manager at 10.128.0.26:38639 2018/04/07 01:47:13 kcov=true, comps=false 2018/04/07 01:47:16 executing program 0: syz_mount_image$gfs2(&(0x7f0000000080)='gfs2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@nobarrier='nobarrier', 0x2c}]}) 2018/04/07 01:47:16 executing program 1: r0 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000140)={'yam0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}) 2018/04/07 01:47:16 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000333f88)={0x2, 0x402, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}]}, 0x50}, 0x1}, 0x0) 2018/04/07 01:47:16 executing program 2: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f00000d5000)) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f00000affc0), &(0x7f0000000240)=[&(0x7f0000000200)='\\\x00']) r0 = syz_open_procfs(0x0, &(0x7f00000e0000)='stack\x00') readv(r0, &(0x7f000066dff0)=[{&(0x7f00008ad000)=""/178, 0xb2}], 0x1) r1 = getpid() process_vm_readv(r1, &(0x7f0000de4000)=[{&(0x7f00009e0000)=""/225, 0xe1}], 0x1, &(0x7f0000d65fb8)=[{&(0x7f000082efb5)=""/75, 0x4b}], 0x1, 0x0) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x26102, 0x0) 2018/04/07 01:47:16 executing program 3: syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000240)={'nouuid,'}) 2018/04/07 01:47:16 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000000)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f000019ffe9)={0x3}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000380)) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='limits\x00') ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000100)) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) 2018/04/07 01:47:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x100000000106, 0x0) writev(r0, &(0x7f000036bfd0)=[{&(0x7f0000b51000)="eb", 0x1}], 0x1) ioctl$TCSETAW(0xffffffffffffffff, 0x5402, &(0x7f0000cdf000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x4000000058) read(r0, &(0x7f00000000c0)=""/1, 0x1) 2018/04/07 01:47:16 executing program 6: dup(0xffffffffffffffff) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, &(0x7f00000000c0)=@generic) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x6}], 0x1c) syzkaller login: [ 41.693254] ip (3751) used greatest stack depth: 54688 bytes left [ 42.327808] ip (3811) used greatest stack depth: 54312 bytes left [ 43.319746] ip (3908) used greatest stack depth: 54200 bytes left [ 45.070869] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.103241] ip (4066) used greatest stack depth: 53976 bytes left [ 45.236619] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.394587] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.476690] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.492821] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.518082] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.538876] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.651833] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.799327] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.814339] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.131463] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.146005] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.234112] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.254401] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.294451] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.357808] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.508530] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.514764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.523676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.554643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.566225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.589554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.862580] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.868828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.882125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.977546] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.983822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.997921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.030513] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.036765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.049591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.075873] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.082105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.095849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.124753] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.136382] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.148534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.177219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.205614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.228251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.123472] ================================================================== [ 57.130866] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0 [ 57.137599] CPU: 1 PID: 5097 Comm: syz-executor2 Not tainted 4.16.0+ #81 [ 57.144414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.153742] Call Trace: [ 57.156306] dump_stack+0x185/0x1d0 [ 57.159912] ? kernel_text_address+0x248/0x3a0 [ 57.164472] kmsan_report+0x142/0x240 [ 57.168250] __msan_warning_32+0x6c/0xb0 [ 57.172290] kernel_text_address+0x248/0x3a0 [ 57.176675] ? __schedule+0x674/0x730 [ 57.180453] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 57.185790] ? __schedule+0x674/0x730 [ 57.189569] __kernel_text_address+0x34/0xe0 [ 57.193954] ? __schedule+0x674/0x730 [ 57.197734] unwind_get_return_address+0x8c/0x130 [ 57.202555] __save_stack_trace+0x45c/0xa80 [ 57.206852] ? __schedule+0x674/0x730 [ 57.210631] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.215281] ? save_stack_trace_tsk+0x58/0x2f0 [ 57.219841] save_stack_trace_tsk+0x258/0x2f0 [ 57.224313] proc_pid_stack+0x26a/0x470 [ 57.228281] proc_single_show+0x1af/0x300 [ 57.232443] ? proc_pid_wchan+0x250/0x250 [ 57.236596] ? proc_single_open+0x90/0x90 [ 57.240728] seq_read+0xc7d/0x2260 [ 57.244263] do_iter_read+0x880/0xd70 [ 57.248057] ? seq_open+0x360/0x360 [ 57.251667] do_readv+0x295/0x5f0 [ 57.255109] ? syscall_return_slowpath+0xe9/0x700 [ 57.259935] SYSC_readv+0x9b/0xb0 [ 57.263372] SyS_readv+0x56/0x80 [ 57.266719] do_syscall_64+0x309/0x430 [ 57.270590] ? vfs_readv+0x260/0x260 [ 57.274290] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.279456] RIP: 0033:0x455259 [ 57.282623] RSP: 002b:00007f24b878bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 57.290313] RAX: ffffffffffffffda RBX: 00007f24b878c6d4 RCX: 0000000000455259 [ 57.297563] RDX: 0000000000000001 RSI: 000000002066dff0 RDI: 0000000000000013 [ 57.304813] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 57.312062] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.319309] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000001 [ 57.326559] [ 57.328165] Uninit was stored to memory at: [ 57.332474] kmsan_internal_chain_origin+0x12b/0x210 [ 57.337555] __msan_chain_origin+0x69/0xc0 [ 57.341773] update_stack_state+0x959/0xa40 [ 57.346078] __unwind_start+0x335/0x630 [ 57.350042] __save_stack_trace+0x3e1/0xa80 [ 57.354346] save_stack_trace_tsk+0x258/0x2f0 [ 57.358823] proc_pid_stack+0x26a/0x470 [ 57.362775] proc_single_show+0x1af/0x300 [ 57.366904] seq_read+0xc7d/0x2260 [ 57.370422] do_iter_read+0x880/0xd70 [ 57.374199] do_readv+0x295/0x5f0 [ 57.377632] SYSC_readv+0x9b/0xb0 [ 57.381067] SyS_readv+0x56/0x80 [ 57.384410] do_syscall_64+0x309/0x430 [ 57.388276] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.393438] Local variable description: ----flags.i.i.i@rcu_all_qs [ 57.399725] Variable was created at: [ 57.403416] rcu_all_qs+0x32/0x1f0 [ 57.406931] _cond_resched+0x3c/0xd0 [ 57.410617] ================================================================== [ 57.417948] Disabling lock debugging due to kernel taint [ 57.423374] Kernel panic - not syncing: panic_on_warn set ... [ 57.423374] [ 57.430717] CPU: 1 PID: 5097 Comm: syz-executor2 Tainted: G B 4.16.0+ #81 [ 57.438933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.448261] Call Trace: [ 57.450831] dump_stack+0x185/0x1d0 [ 57.454438] panic+0x39d/0x940 [ 57.457627] ? kernel_text_address+0x248/0x3a0 [ 57.462190] kmsan_report+0x238/0x240 [ 57.465997] __msan_warning_32+0x6c/0xb0 [ 57.470064] kernel_text_address+0x248/0x3a0 [ 57.474452] ? __schedule+0x674/0x730 [ 57.478235] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 57.483577] ? __schedule+0x674/0x730 [ 57.487357] __kernel_text_address+0x34/0xe0 [ 57.491743] ? __schedule+0x674/0x730 [ 57.495528] unwind_get_return_address+0x8c/0x130 [ 57.500356] __save_stack_trace+0x45c/0xa80 [ 57.504657] ? __schedule+0x674/0x730 [ 57.508440] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.513096] ? save_stack_trace_tsk+0x58/0x2f0 [ 57.517661] save_stack_trace_tsk+0x258/0x2f0 [ 57.522139] proc_pid_stack+0x26a/0x470 [ 57.526094] proc_single_show+0x1af/0x300 [ 57.530226] ? proc_pid_wchan+0x250/0x250 [ 57.534352] ? proc_single_open+0x90/0x90 [ 57.538486] seq_read+0xc7d/0x2260 [ 57.542021] do_iter_read+0x880/0xd70 [ 57.545813] ? seq_open+0x360/0x360 [ 57.549417] do_readv+0x295/0x5f0 [ 57.552861] ? syscall_return_slowpath+0xe9/0x700 [ 57.557687] SYSC_readv+0x9b/0xb0 [ 57.561127] SyS_readv+0x56/0x80 [ 57.564474] do_syscall_64+0x309/0x430 [ 57.568344] ? vfs_readv+0x260/0x260 [ 57.572047] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.577217] RIP: 0033:0x455259 [ 57.580385] RSP: 002b:00007f24b878bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 57.588072] RAX: ffffffffffffffda RBX: 00007f24b878c6d4 RCX: 0000000000455259 [ 57.595319] RDX: 0000000000000001 RSI: 000000002066dff0 RDI: 0000000000000013 [ 57.602566] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 57.609812] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.617060] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000001 [ 57.624715] Dumping ftrace buffer: [ 57.628230] (ftrace buffer empty) [ 57.631912] Kernel Offset: disabled [ 57.635511] Rebooting in 86400 seconds..