INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.36' (ECDSA) to the list of known hosts. 2018/04/07 01:15:04 fuzzer started 2018/04/07 01:15:05 dialing manager at 10.128.0.26:38639 2018/04/07 01:15:10 kcov=true, comps=false 2018/04/07 01:15:13 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) r2 = dup3(r1, r0, 0x0) pwritev(r0, &(0x7f0000000b40)=[{&(0x7f0000000100)='\'', 0x1}], 0x1, 0x10000) ioctl$fiemap(r2, 0xc020660b, &(0x7f0000001b80)={0x0, 0x100, 0x1}) creat(&(0x7f0000000000)='./file1\x00', 0x0) 2018/04/07 01:15:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x202, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) write(r0, &(0x7f00000002c0)="d319", 0x2) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000000000829f, 0x0, 0x0, 0x0, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$TIOCGLCKTRMIOS(r2, 0x5412, &(0x7f0000000100)={0xffffffff}) 2018/04/07 01:15:13 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000360000)={0x0, 0x0, &(0x7f000035d000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d000010000000160000000000000003000600000000000200000031ebf8c700000000000000000300050000000000020000000000000000000000000000000800120002000103000000000000000010000000030300000000000700000500000000010100c58a472ed96c526fe7a6641552752106e5d26d566f8d45157c97"], 0x80}, 0x1}, 0x0) 2018/04/07 01:15:13 executing program 2: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x400000000e) ioctl$TCFLSH(r0, 0x540b, 0x2000000000000002) 2018/04/07 01:15:13 executing program 3: perf_event_open(&(0x7f0000723f88)={0x2, 0x70, 0xc35, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000e0000)='stack\x00') readv(r0, &(0x7f000066dff0)=[{&(0x7f00008ad000)=""/178, 0xb2}], 0x1) 2018/04/07 01:15:13 executing program 4: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) waitid(0x1, r1, &(0x7f00000000c0), 0x20000008, &(0x7f0000000100)) 2018/04/07 01:15:13 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xd705) sendto$inet6(r0, &(0x7f0000f6f000), 0x61a9ccf98d09effa, 0x20000001, &(0x7f0000faafe4)={0xa, 0x4e22}, 0x1c) 2018/04/07 01:15:13 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000380)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a402f1265047502f6c2dd9f655a08d63e2da7af47e6c37972352875f125bcf3ea7f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a45ea22b1f4fb050000000000000000000000000044b800e87953ed64ae2f3f5f53c78f80293abf2a8486bd65d593cea221df08495ace8ea1f739deb9394733c7f2a8bc8469c6ab2ec67eeec0f89c726db45b9fbf07b5e70840d3520ab33cd4619123cbd3b6246e1c0fb86835c5a2d52e02d7f8da762ba15a81fafeb2c9549175") mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000001c0)="2750e35d428fe823843c88fa") mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='.', &(0x7f0000000240)='ubifs\x00', 0x1004, 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200)) mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f00000e7000)) mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000a60000)='ramfs\x00', 0x0, &(0x7f0000d1cfff)) preadv(r0, &(0x7f0000000040)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1, 0x0) syzkaller login: [ 42.485846] ip (3746) used greatest stack depth: 54688 bytes left [ 42.997405] ip (3793) used greatest stack depth: 54672 bytes left [ 44.044214] ip (3899) used greatest stack depth: 53656 bytes left [ 46.009253] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.178429] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.235203] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.248817] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.307463] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.466083] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.506821] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.526551] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.860644] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.943823] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.026747] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.044984] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.134997] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.196643] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.302810] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.322738] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.591940] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.598214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.613454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.686836] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.693193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.703974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.765363] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.771600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.779754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.820433] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.826673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.849224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.887420] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.893612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.907393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.054879] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.061146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.075411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.169907] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.176422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.190847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.227431] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.233857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.246594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 01:15:29 executing program 1: setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000002000)={{0xa, 0x0, 0x9, @loopback={0x0, 0x1}}, {0xa, 0x0, 0x0, @empty, 0x1}}, 0x5c) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=""/4096, &(0x7f0000000000)=0x1000) r0 = socket$inet6_sctp(0xa, 0x3, 0x84) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0x4) [ 57.393843] ================================================================== [ 57.401261] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0 [ 57.408010] CPU: 1 PID: 5078 Comm: syz-executor3 Not tainted 4.16.0+ #81 [ 57.414842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.424189] Call Trace: [ 57.426777] dump_stack+0x185/0x1d0 [ 57.430411] ? kernel_text_address+0x248/0x3a0 [ 57.434992] kmsan_report+0x142/0x240 [ 57.438799] __msan_warning_32+0x6c/0xb0 [ 57.442864] kernel_text_address+0x248/0x3a0 [ 57.447267] ? __schedule+0x674/0x730 [ 57.451072] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 57.456439] ? __schedule+0x674/0x730 [ 57.460244] __kernel_text_address+0x34/0xe0 [ 57.464648] ? __schedule+0x674/0x730 [ 57.468449] unwind_get_return_address+0x8c/0x130 [ 57.473293] __save_stack_trace+0x45c/0xa80 [ 57.477616] ? __schedule+0x674/0x730 [ 57.481416] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.486085] ? save_stack_trace_tsk+0x58/0x2f0 [ 57.490674] save_stack_trace_tsk+0x258/0x2f0 [ 57.495179] proc_pid_stack+0x26a/0x470 [ 57.499151] proc_single_show+0x1af/0x300 [ 57.503297] ? proc_pid_wchan+0x250/0x250 [ 57.507438] ? proc_single_open+0x90/0x90 [ 57.511586] seq_read+0xc7d/0x2260 [ 57.515539] do_iter_read+0x880/0xd70 [ 57.519349] ? seq_open+0x360/0x360 [ 57.522977] do_readv+0x295/0x5f0 [ 57.526441] ? syscall_return_slowpath+0xe9/0x700 [ 57.531286] SYSC_readv+0x9b/0xb0 [ 57.534740] SyS_readv+0x56/0x80 [ 57.538107] do_syscall_64+0x309/0x430 [ 57.541994] ? vfs_readv+0x260/0x260 [ 57.545713] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.550896] RIP: 0033:0x455259 [ 57.554081] RSP: 002b:00007fef28ab0c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 57.561791] RAX: ffffffffffffffda RBX: 00007fef28ab16d4 RCX: 0000000000455259 [ 57.569055] RDX: 0000000000000001 RSI: 000000002066dff0 RDI: 0000000000000013 [ 57.576312] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 57.583576] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.590840] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000000 [ 57.598111] [ 57.599729] Uninit was stored to memory at: [ 57.604055] kmsan_internal_chain_origin+0x12b/0x210 [ 57.609148] __msan_chain_origin+0x69/0xc0 [ 57.613362] update_stack_state+0x959/0xa40 [ 57.617659] __unwind_start+0x335/0x630 [ 57.621611] __save_stack_trace+0x3e1/0xa80 [ 57.625903] save_stack_trace_tsk+0x258/0x2f0 [ 57.630371] proc_pid_stack+0x26a/0x470 [ 57.634324] proc_single_show+0x1af/0x300 [ 57.638448] seq_read+0xc7d/0x2260 [ 57.641963] do_iter_read+0x880/0xd70 [ 57.645736] do_readv+0x295/0x5f0 [ 57.649162] SYSC_readv+0x9b/0xb0 [ 57.652588] SyS_readv+0x56/0x80 [ 57.655926] do_syscall_64+0x309/0x430 [ 57.659787] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.664944] Local variable description: ----oc.i.i@__alloc_pages_nodemask [ 57.671836] Variable was created at: [ 57.675527] __alloc_pages_nodemask+0x10f/0x5dc0 [ 57.680255] alloc_pages_vma+0xcc8/0x1800 [ 57.684370] ================================================================== [ 57.691698] Disabling lock debugging due to kernel taint [ 57.697115] Kernel panic - not syncing: panic_on_warn set ... [ 57.697115] [ 57.704449] CPU: 1 PID: 5078 Comm: syz-executor3 Tainted: G B 4.16.0+ #81 [ 57.712560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.721886] Call Trace: [ 57.724450] dump_stack+0x185/0x1d0 [ 57.728055] panic+0x39d/0x940 [ 57.731233] ? kernel_text_address+0x248/0x3a0 [ 57.735789] kmsan_report+0x238/0x240 [ 57.739563] __msan_warning_32+0x6c/0xb0 [ 57.743597] kernel_text_address+0x248/0x3a0 [ 57.747979] ? __schedule+0x674/0x730 [ 57.751751] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 57.757090] ? __schedule+0x674/0x730 [ 57.760865] __kernel_text_address+0x34/0xe0 [ 57.765244] ? __schedule+0x674/0x730 [ 57.769029] unwind_get_return_address+0x8c/0x130 [ 57.773853] __save_stack_trace+0x45c/0xa80 [ 57.778146] ? __schedule+0x674/0x730 [ 57.781919] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.786565] ? save_stack_trace_tsk+0x58/0x2f0 [ 57.791120] save_stack_trace_tsk+0x258/0x2f0 [ 57.795589] proc_pid_stack+0x26a/0x470 [ 57.799538] proc_single_show+0x1af/0x300 [ 57.803663] ? proc_pid_wchan+0x250/0x250 [ 57.807782] ? proc_single_open+0x90/0x90 [ 57.811906] seq_read+0xc7d/0x2260 [ 57.815425] do_iter_read+0x880/0xd70 [ 57.819206] ? seq_open+0x360/0x360 [ 57.822807] do_readv+0x295/0x5f0 [ 57.826239] ? syscall_return_slowpath+0xe9/0x700 [ 57.831061] SYSC_readv+0x9b/0xb0 [ 57.834491] SyS_readv+0x56/0x80 [ 57.837832] do_syscall_64+0x309/0x430 [ 57.841699] ? vfs_readv+0x260/0x260 [ 57.845392] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.850555] RIP: 0033:0x455259 [ 57.853718] RSP: 002b:00007fef28ab0c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 57.861398] RAX: ffffffffffffffda RBX: 00007fef28ab16d4 RCX: 0000000000455259 [ 57.868639] RDX: 0000000000000001 RSI: 000000002066dff0 RDI: 0000000000000013 [ 57.875882] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 57.883123] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.890365] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000000 [ 57.898053] Dumping ftrace buffer: [ 57.901573] (ftrace buffer empty) [ 57.905252] Kernel Offset: disabled [ 57.908851] Rebooting in 86400 seconds..