INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. 2018/04/06 23:00:13 fuzzer started 2018/04/06 23:00:13 dialing manager at 10.128.0.26:38639 2018/04/06 23:00:19 kcov=true, comps=false 2018/04/06 23:00:22 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000fd1ff6)='net/tcp\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f000032df3a)=""/198, 0xc6}], 0x1, 0x0) 2018/04/06 23:00:22 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00004f7000)="649c47ad46390d006dc80000009d4d54", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000b37000)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001200)="cf19c3a1c46717cbe19f9b582bdd049d6015e6cfac8072f362535ffcd5b927c75e1d6de546098fae2f04fe6ccb39238b7310850540358de6c6b93c733afa0ec1198bd722f4f078a72f568b93", 0x4c}, {&(0x7f0000001340)}], 0x2, &(0x7f0000000000)}, 0x0) recvmsg$kcm(r1, &(0x7f0000e63000)={0x0, 0xfffffffffffffea8, &(0x7f0000000100)=[{&(0x7f0000588fa9)=""/87, 0x389}], 0x1, &(0x7f0000142000)=""/60, 0x3c}, 0x0) 2018/04/06 23:00:22 executing program 7: open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x7, 0x11, r0, 0x0) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x1, &(0x7f0000000340)=[{&(0x7f0000000140), 0x0, 0x55c3}], 0x0, &(0x7f0000000780)=ANY=[]) write$evdev(r0, &(0x7f0000000280)=[{{0x0, 0x2710}}], 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f00000001c0)="5a3f4fee0a9f48f57395acada20fff93bf0b37ae84a6bd106b4138cfe25a86785e1fb2a31b268dedf5a36e4645c8ff3f34f0822e7be26ae6b069f787a6ee3185963c36e9789ebc285ea832cf3fc0fb697d18643c6254679ed5279e32107c70dbc5ed61d3588b2fab42198a4cd5cdbd841a89a2091cbd71e32e09b3a9cb18131dd0d0271b423ed29a3eca1a3ea142e4f67835fb22e566e18d3ceba8ef", 0x9c, 0x9}], 0x8000, &(0x7f0000000540)={[{@errors_remount='errors=remount-ro', 0x2c}, {@stripe={'stripe', 0x3d, [0x3f]}, 0x2c}, {@journal_checksum='journal_checksum', 0x2c}, {@abort='abort', 0x2c}, {@journal_path={'journal_path', 0x3d, './bus'}, 0x2c}, {@auto_da_alloc='auto_da_alloc', 0x2c}, {@i_version='i_version', 0x2c}, {@prjquota='prjquota', 0x2c}, {@grpquota='grpquota', 0x2c}]}) 2018/04/06 23:00:22 executing program 1: r0 = semget$private(0x0, 0x20000000104, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x4, 0x7ffd}, {0x0, 0x8091}], 0x2, &(0x7f0000034000)={0x77359400}) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x6]) 2018/04/06 23:00:22 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)="6e65742f6465765f6d6361737400c087ea55011e14c9e347dd1f55a6026a1cb7e067f3c577981c0994a1e80d90d49d68bdbc91fab9c1c7f063e676e83c740e2d647534a1045850a23665d81ca07270193f5d003c10e34239844c5b6e8d1721c0b53a91c2f6ec1e5484645db3df") r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_adj\x00') sendfile(r1, r0, &(0x7f000058f000)=0xf, 0x100000000) 2018/04/06 23:00:22 executing program 4: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x1c}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x705000, 0x7ffffffff003, 0x11, &(0x7f0000000380)) 2018/04/06 23:00:22 executing program 5: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x1c}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x7ffffffff000, 0x7ffffffff003, 0x1, &(0x7f0000000380)) 2018/04/06 23:00:22 executing program 6: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x1c}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x705000, 0x7ffffffff003, 0x3, &(0x7f0000000380)) syzkaller login: [ 41.337916] ip (3659) used greatest stack depth: 54688 bytes left [ 41.357092] ip (3660) used greatest stack depth: 54672 bytes left [ 41.749109] ip (3696) used greatest stack depth: 54312 bytes left [ 43.111791] ip (3825) used greatest stack depth: 53960 bytes left [ 44.975513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.986442] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.994832] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.035665] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.126609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.317896] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.358471] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.458238] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.692155] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.741464] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.809385] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.863877] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.980479] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.005144] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.046808] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.274094] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.441364] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.447626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.456010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.477178] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.483589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.497553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.535824] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.543325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.573626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.678531] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.684825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.695539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.730472] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.736755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.760401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.796016] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.803873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.839156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.857654] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.878390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.904657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.170922] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.177221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.185676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.697880] ================================================================== [ 55.705309] BUG: KMSAN: uninit-value in copy_page_to_iter+0x754/0x1b70 [ 55.711976] CPU: 1 PID: 4930 Comm: blkid Not tainted 4.16.0+ #81 [ 55.718113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.727462] Call Trace: [ 55.730059] dump_stack+0x185/0x1d0 [ 55.733690] ? kmsan_internal_check_memory+0x145/0x1d0 [ 55.738962] kmsan_report+0x142/0x240 [ 55.742767] kmsan_internal_check_memory+0x164/0x1d0 [ 55.747870] kmsan_copy_to_user+0x69/0x160 [ 55.752110] copy_page_to_iter+0x754/0x1b70 [ 55.756439] generic_file_read_iter+0x2ee8/0x43f0 [ 55.761301] blkdev_read_iter+0x20d/0x280 [ 55.765456] ? blkdev_write_iter+0x5f0/0x5f0 [ 55.769864] __vfs_read+0x6fb/0x8e0 [ 55.773495] vfs_read+0x36c/0x6c0 [ 55.776951] SYSC_read+0x172/0x360 [ 55.780494] SyS_read+0x55/0x80 [ 55.783777] do_syscall_64+0x309/0x430 [ 55.787664] ? vfs_write+0x8d0/0x8d0 [ 55.791378] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 55.796580] RIP: 0033:0x7f09aec91310 [ 55.800284] RSP: 002b:00007ffce61af548 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 55.807987] RAX: ffffffffffffffda RBX: 0000000000000c00 RCX: 00007f09aec91310 [ 55.815249] RDX: 0000000000000400 RSI: 0000000001b2a2b8 RDI: 0000000000000003 [ 55.822514] RBP: 0000000001b2a290 R08: 0000000000000028 R09: 0000000001680000 [ 55.829796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001b29030 [ 55.837053] R13: 0000000000000400 R14: 0000000001b29080 R15: 0000000001b2a2a8 [ 55.844307] [ 55.845914] Uninit was stored to memory at: [ 55.850222] kmsan_internal_chain_origin+0x12b/0x210 [ 55.855319] kmsan_memcpy_origins+0x11d/0x170 [ 55.859794] __msan_memcpy+0x19f/0x1f0 [ 55.863674] _copy_to_iter+0x852/0x28f0 [ 55.867629] copy_page_to_iter+0x383/0x1b70 [ 55.871934] shmem_file_read_iter+0x99f/0x1180 [ 55.876495] do_iter_readv_writev+0x7bb/0x970 [ 55.880973] do_iter_read+0x303/0xd70 [ 55.884751] vfs_iter_read+0x118/0x180 [ 55.888621] loop_queue_work+0x270e/0x3ef0 [ 55.892836] kthread_worker_fn+0x58f/0x900 [ 55.897054] loop_kthread_worker_fn+0x90/0xb0 [ 55.901529] kthread+0x539/0x720 [ 55.904880] ret_from_fork+0x35/0x40 [ 55.908581] Uninit was created at: [ 55.912100] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 55.917095] kmsan_alloc_page+0x82/0xe0 [ 55.921058] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 55.925794] alloc_pages_vma+0xcc8/0x1800 [ 55.929923] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 55.934921] shmem_getpage_gfp+0x35db/0x5770 [ 55.939309] shmem_file_read_iter+0x508/0x1180 [ 55.943870] do_iter_readv_writev+0x7bb/0x970 [ 55.948350] do_iter_read+0x303/0xd70 [ 55.952130] vfs_iter_read+0x118/0x180 [ 55.955995] loop_queue_work+0x270e/0x3ef0 [ 55.960210] kthread_worker_fn+0x58f/0x900 [ 55.964434] loop_kthread_worker_fn+0x90/0xb0 [ 55.968912] kthread+0x539/0x720 [ 55.972261] ret_from_fork+0x35/0x40 [ 55.975948] [ 55.977553] Bytes 0-1023 of 1024 are uninitialized [ 55.982455] ================================================================== [ 55.989787] Disabling lock debugging due to kernel taint [ 55.995213] Kernel panic - not syncing: panic_on_warn set ... [ 55.995213] [ 56.002560] CPU: 1 PID: 4930 Comm: blkid Tainted: G B 4.16.0+ #81 [ 56.009983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.019320] Call Trace: [ 56.021895] dump_stack+0x185/0x1d0 [ 56.025505] panic+0x39d/0x940 [ 56.028696] ? kmsan_internal_check_memory+0x145/0x1d0 [ 56.033954] kmsan_report+0x238/0x240 [ 56.037739] kmsan_internal_check_memory+0x164/0x1d0 [ 56.042822] kmsan_copy_to_user+0x69/0x160 [ 56.047060] copy_page_to_iter+0x754/0x1b70 [ 56.051374] generic_file_read_iter+0x2ee8/0x43f0 [ 56.056213] blkdev_read_iter+0x20d/0x280 [ 56.060346] ? blkdev_write_iter+0x5f0/0x5f0 [ 56.064737] __vfs_read+0x6fb/0x8e0 [ 56.068353] vfs_read+0x36c/0x6c0 [ 56.071794] SYSC_read+0x172/0x360 [ 56.075319] SyS_read+0x55/0x80 [ 56.078581] do_syscall_64+0x309/0x430 [ 56.082450] ? vfs_write+0x8d0/0x8d0 [ 56.086146] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.091317] RIP: 0033:0x7f09aec91310 [ 56.095011] RSP: 002b:00007ffce61af548 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 56.102710] RAX: ffffffffffffffda RBX: 0000000000000c00 RCX: 00007f09aec91310 [ 56.109963] RDX: 0000000000000400 RSI: 0000000001b2a2b8 RDI: 0000000000000003 [ 56.117225] RBP: 0000000001b2a290 R08: 0000000000000028 R09: 0000000001680000 [ 56.124476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001b29030 [ 56.131727] R13: 0000000000000400 R14: 0000000001b29080 R15: 0000000001b2a2a8 [ 56.139437] Dumping ftrace buffer: [ 56.142953] (ftrace buffer empty) [ 56.146634] Kernel Offset: disabled [ 56.150238] Rebooting in 86400 seconds..