INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. 2018/04/11 08:47:38 fuzzer started 2018/04/11 08:47:38 dialing manager at 10.128.0.26:36259 2018/04/11 08:47:45 kcov=true, comps=false 2018/04/11 08:47:48 executing program 0: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x40000028000001) 2018/04/11 08:47:48 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r0, 0xffffffffffffffc1) 2018/04/11 08:47:48 executing program 7: 2018/04/11 08:47:48 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000000)='dev ', 0x0) ftruncate(r2, 0x40001) sendfile(r1, r2, &(0x7f0000001000), 0x400000000fee) unshare(0x600) recvmmsg(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)=@nfc, 0x0, &(0x7f0000000940)=[{&(0x7f0000000880)=""/123}], 0x0, &(0x7f0000000680)=""/108}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000700)=""/164}], 0x3c3}, 0x3}], 0x1b1, 0x0, 0x0) 2018/04/11 08:47:48 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) request_key(&(0x7f00000000c0)='id_legacy\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a}, &(0x7f0000000240)='md5sum.system#vmnet1\x00', 0xfffffffffffffffe) 2018/04/11 08:47:48 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) utimes(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{}, {0x0, 0x2710}}) 2018/04/11 08:47:48 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000000600), 0x0, &(0x7f00000006c0), 0x0, 0x0) 2018/04/11 08:47:48 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00') pread64(r0, &(0x7f0000000200)=""/8, 0x5a, 0xa2) syzkaller login: [ 41.850434] ip (3775) used greatest stack depth: 54688 bytes left [ 42.251061] ip (3813) used greatest stack depth: 54312 bytes left [ 43.329717] ip (3914) used greatest stack depth: 54200 bytes left [ 43.483622] ip (3925) used greatest stack depth: 53960 bytes left [ 44.883820] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.241125] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.435854] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.457190] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.600931] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.641836] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.690254] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.699937] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.779912] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.017210] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.435808] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.466424] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.493883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.520534] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.570160] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.576435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.584983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.732524] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.805350] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.813990] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.820259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.831656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.197241] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.203536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.216600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.249702] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.256015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.284429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.305636] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.311970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.320972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.347718] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.369630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.410996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.569277] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.575590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.594897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.713760] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.720147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.732847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.980487] ================================================================== [ 56.987903] BUG: KMSAN: uninit-value in _copy_to_iter+0x1bb3/0x28f0 [ 56.994302] CPU: 1 PID: 5074 Comm: syz-executor4 Not tainted 4.16.0+ #83 [ 57.001114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.010446] Call Trace: [ 57.013036] dump_stack+0x185/0x1d0 [ 57.016658] ? kmsan_internal_check_memory+0x145/0x1d0 [ 57.021914] kmsan_report+0x142/0x240 [ 57.025697] kmsan_internal_check_memory+0x164/0x1d0 [ 57.030784] kmsan_copy_to_user+0x69/0x160 [ 57.035009] ? skb_copy_datagram_iter+0x443/0xf70 [ 57.039831] _copy_to_iter+0x1bb3/0x28f0 [ 57.043905] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.049349] ? __skb_try_recv_from_queue+0xc74/0xe80 [ 57.054451] skb_copy_datagram_iter+0x443/0xf70 [ 57.059110] unix_dgram_recvmsg+0xc3f/0x1940 [ 57.063521] unix_seqpacket_recvmsg+0x11a/0x180 [ 57.068188] sock_recvmsg_nosec+0x109/0x140 [ 57.072498] ? unix_seqpacket_sendmsg+0x2d0/0x2d0 [ 57.077337] ___sys_recvmsg+0x3fb/0x810 [ 57.081294] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.085942] ? _cond_resched+0x3c/0xd0 [ 57.089807] ? rcu_all_qs+0x32/0x1f0 [ 57.093498] ? _cond_resched+0x3c/0xd0 [ 57.097363] ? __sys_recvmmsg+0x908/0xdb0 [ 57.101501] ? rcu_all_qs+0x32/0x1f0 [ 57.105196] __sys_recvmmsg+0x54e/0xdb0 [ 57.109169] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.113826] SYSC_recvmmsg+0x212/0x3e0 [ 57.117721] SyS_recvmmsg+0x76/0xa0 [ 57.121341] do_syscall_64+0x309/0x430 [ 57.125227] ? __sys_recvmmsg+0xdb0/0xdb0 [ 57.129377] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.134557] RIP: 0033:0x455259 [ 57.137742] RSP: 002b:00007f2152090c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 57.145428] RAX: ffffffffffffffda RBX: 00007f21520916d4 RCX: 0000000000455259 [ 57.152675] RDX: 00000000000001b1 RSI: 0000000020000800 RDI: 0000000000000013 [ 57.159920] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 57.167169] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.174417] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000001 [ 57.181668] [ 57.183269] Uninit was stored to memory at: [ 57.187587] kmsan_internal_chain_origin+0x12b/0x210 [ 57.192683] kmsan_memcpy_origins+0x11d/0x170 [ 57.197170] __msan_memcpy+0x19f/0x1f0 [ 57.201045] _copy_from_iter+0xefb/0x1d40 [ 57.205178] skb_copy_datagram_from_iter+0x1ff/0xcc0 [ 57.210258] unix_dgram_sendmsg+0xdce/0x3610 [ 57.214645] unix_seqpacket_sendmsg+0x262/0x2d0 [ 57.219302] kernel_sendmsg+0x228/0x2d0 [ 57.223264] sock_no_sendpage+0x1c8/0x250 [ 57.227390] sock_sendpage+0x1de/0x2c0 [ 57.231261] pipe_to_sendpage+0x31b/0x430 [ 57.235392] __splice_from_pipe+0x49a/0xf30 [ 57.239695] generic_splice_sendpage+0x1c6/0x2a0 [ 57.244427] direct_splice_actor+0x19b/0x200 [ 57.248813] splice_direct_to_actor+0x764/0x1040 [ 57.253549] do_splice_direct+0x335/0x540 [ 57.257684] do_sendfile+0x1067/0x1e40 [ 57.261557] SYSC_sendfile64+0x1b3/0x300 [ 57.266121] SyS_sendfile64+0x64/0x90 [ 57.269918] do_syscall_64+0x309/0x430 [ 57.273788] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.278948] Uninit was created at: [ 57.282464] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.287456] kmsan_alloc_page+0x82/0xe0 [ 57.291413] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.296146] alloc_pages_vma+0xcc8/0x1800 [ 57.300276] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 57.305271] shmem_getpage_gfp+0x35db/0x5770 [ 57.309656] shmem_file_read_iter+0x508/0x1180 [ 57.314224] generic_file_splice_read+0x4e8/0x830 [ 57.319059] splice_direct_to_actor+0x4c6/0x1040 [ 57.323793] do_splice_direct+0x335/0x540 [ 57.327921] do_sendfile+0x1067/0x1e40 [ 57.331785] SYSC_sendfile64+0x1b3/0x300 [ 57.335822] SyS_sendfile64+0x64/0x90 [ 57.339602] do_syscall_64+0x309/0x430 [ 57.343467] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.348626] [ 57.350229] Bytes 0-962 of 963 are uninitialized [ 57.355047] ================================================================== [ 57.362561] Disabling lock debugging due to kernel taint [ 57.367984] Kernel panic - not syncing: panic_on_warn set ... [ 57.367984] [ 57.375331] CPU: 1 PID: 5074 Comm: syz-executor4 Tainted: G B 4.16.0+ #83 [ 57.383448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.392780] Call Trace: [ 57.395362] dump_stack+0x185/0x1d0 [ 57.398982] panic+0x39d/0x940 [ 57.402188] ? kmsan_internal_check_memory+0x145/0x1d0 [ 57.407459] kmsan_report+0x238/0x240 [ 57.411242] kmsan_internal_check_memory+0x164/0x1d0 [ 57.416328] kmsan_copy_to_user+0x69/0x160 [ 57.420546] ? skb_copy_datagram_iter+0x443/0xf70 [ 57.425368] _copy_to_iter+0x1bb3/0x28f0 [ 57.429407] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.434852] ? __skb_try_recv_from_queue+0xc74/0xe80 [ 57.439942] skb_copy_datagram_iter+0x443/0xf70 [ 57.444611] unix_dgram_recvmsg+0xc3f/0x1940 [ 57.449118] unix_seqpacket_recvmsg+0x11a/0x180 [ 57.453770] sock_recvmsg_nosec+0x109/0x140 [ 57.458082] ? unix_seqpacket_sendmsg+0x2d0/0x2d0 [ 57.462911] ___sys_recvmsg+0x3fb/0x810 [ 57.466957] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.471623] ? _cond_resched+0x3c/0xd0 [ 57.475492] ? rcu_all_qs+0x32/0x1f0 [ 57.479692] ? _cond_resched+0x3c/0xd0 [ 57.483557] ? __sys_recvmmsg+0x908/0xdb0 [ 57.487683] ? rcu_all_qs+0x32/0x1f0 [ 57.491376] __sys_recvmmsg+0x54e/0xdb0 [ 57.495333] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.499984] SYSC_recvmmsg+0x212/0x3e0 [ 57.503852] SyS_recvmmsg+0x76/0xa0 [ 57.507455] do_syscall_64+0x309/0x430 [ 57.511322] ? __sys_recvmmsg+0xdb0/0xdb0 [ 57.515450] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.520615] RIP: 0033:0x455259 [ 57.523789] RSP: 002b:00007f2152090c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 57.531483] RAX: ffffffffffffffda RBX: 00007f21520916d4 RCX: 0000000000455259 [ 57.538730] RDX: 00000000000001b1 RSI: 0000000020000800 RDI: 0000000000000013 [ 57.545984] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 57.553231] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.560476] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000001 [ 57.568187] Dumping ftrace buffer: [ 57.571703] (ftrace buffer empty) [ 57.575386] Kernel Offset: disabled [ 57.578997] Rebooting in 86400 seconds..