INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. 2018/04/07 09:04:51 fuzzer started 2018/04/07 09:04:51 dialing manager at 10.128.0.26:38639 2018/04/07 09:04:57 kcov=true, comps=false 2018/04/07 09:05:00 executing program 0: utimensat(0xffffffffffffffff, &(0x7f0000c23000)='./file0\x00', &(0x7f0000864000)={{0x0, 0x2710}}, 0x1) 2018/04/07 09:05:00 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000dbb000)="440d0500ae17000000000002da", 0xd) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000d10000), &(0x7f000011d000)) 2018/04/07 09:05:00 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000ee1fa8)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000b78ff0)="a23364fd5e580ef24d71a19dd93fc727", 0x10) r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0) fallocate(r2, 0x0, 0x0, 0x1) sendfile(r1, r2, &(0x7f0000e64ff8), 0x8) readv(r1, &(0x7f00008bafc0)=[{&(0x7f0000df8000)=""/4096, 0x1000}], 0x1) 2018/04/07 09:05:00 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000002000)='net/protocols\x00') preadv(r0, &(0x7f0000001000)=[{&(0x7f0000001000)=""/246, 0xf6}, {&(0x7f0000001000)=""/160, 0xa0}], 0x2, 0x0) 2018/04/07 09:05:00 executing program 3: mmap(&(0x7f0000000000/0x709000)=nil, 0x709000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a9e000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f00004b6000/0x1000)=nil) 2018/04/07 09:05:01 executing program 7: mkdir(&(0x7f0000fb3000)='./file0\x00', 0x0) mount(&(0x7f0000212ff8)='./file0\x00', &(0x7f000078eff8)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f00008a3f69)) r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000f19000)=@file={0x200000001, './file0/bus\x00'}, 0xe) 2018/04/07 09:05:01 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00002d2ff8)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) fcntl$lock(r1, 0x7, &(0x7f00001aa000)) fcntl$lock(r1, 0x400000000000007, &(0x7f0000a2e000)={0x2, 0x0, 0x4, 0xfffffffffffffffd}) fcntl$lock(r0, 0x7, &(0x7f0000dd7fe0)={0x0, 0x0, 0x6}) 2018/04/07 09:05:01 executing program 5: unshare(0x40600) mkdir(&(0x7f0000e50ff8)='./file0\x00', 0x0) mount(&(0x7f00007a3ff8)='./file0\x00', &(0x7f00004f5ff8)='./file0\x00', &(0x7f00000e1000)='ramfs\x00', 0x8409, &(0x7f0000c81ffe)) r0 = openat(0xffffffffffffff9c, &(0x7f0000012ff8)='./file0\x00', 0x0, 0x0) fremovexattr(r0, &(0x7f00006f8000)=@random={'os2.\x00', 'eth1\x00'}) syzkaller login: [ 44.739281] ip (3804) used greatest stack depth: 54672 bytes left [ 44.973671] ip (3827) used greatest stack depth: 54312 bytes left [ 45.839568] ip (3909) used greatest stack depth: 54296 bytes left [ 46.825946] ip (3995) used greatest stack depth: 54232 bytes left [ 47.899912] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.000176] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.025521] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.046872] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.171919] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.186193] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.225758] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.327483] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.794668] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.881622] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.977323] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.985598] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.157819] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.206604] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.221129] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.400566] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.535939] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.542237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.553973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.679531] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.685810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.702983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.731617] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.739245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.763316] ip (4927) used greatest stack depth: 53976 bytes left [ 57.770922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.793770] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.802210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.817674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.983799] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.990136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.005618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.027802] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.038886] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.051452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.096234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.129646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.165636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.205440] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.211886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.236255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.974710] ================================================================== [ 58.982135] BUG: KMSAN: uninit-value in _copy_to_iter+0x46d/0x28f0 [ 58.988464] CPU: 1 PID: 5014 Comm: syz-executor6 Not tainted 4.16.0+ #81 [ 58.995292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.004729] Call Trace: [ 59.007322] dump_stack+0x185/0x1d0 [ 59.010952] ? kmsan_internal_check_memory+0x106/0x1d0 [ 59.016224] kmsan_report+0x142/0x240 [ 59.020030] kmsan_internal_check_memory+0x125/0x1d0 [ 59.025139] kmsan_copy_to_user+0x69/0x160 [ 59.029376] _copy_to_iter+0x46d/0x28f0 [ 59.033356] ? ghash_async_final+0x26d/0x290 [ 59.037772] ? crypto_ahash_op+0x89a/0xc10 [ 59.042015] ? ghash_async_update+0x2b0/0x2b0 [ 59.046518] hash_recvmsg+0x88e/0xd50 [ 59.050328] hash_recvmsg_nokey+0x129/0x160 [ 59.054656] ? hash_sendmsg_nokey+0x140/0x140 [ 59.059154] sock_read_iter+0x405/0x480 [ 59.063143] ? kernel_sock_ip_overhead+0x350/0x350 [ 59.068870] do_iter_readv_writev+0x7bb/0x970 [ 59.073381] ? kernel_sock_ip_overhead+0x350/0x350 [ 59.078312] do_iter_read+0x303/0xd70 [ 59.082116] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 59.087567] do_readv+0x295/0x5f0 [ 59.091027] ? syscall_return_slowpath+0xe9/0x700 [ 59.095869] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 59.101232] SYSC_readv+0x9b/0xb0 [ 59.104690] SyS_readv+0x56/0x80 [ 59.108051] do_syscall_64+0x309/0x430 [ 59.111946] ? vfs_readv+0x260/0x260 [ 59.115664] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.120845] RIP: 0033:0x455259 [ 59.124036] RSP: 002b:00007f22d8564c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 59.131744] RAX: ffffffffffffffda RBX: 00007f22d85656d4 RCX: 0000000000455259 [ 59.139007] RDX: 0000000000000001 RSI: 00000000208bafc0 RDI: 0000000000000014 [ 59.146275] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.153540] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.160803] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000000 [ 59.168066] [ 59.169681] Uninit was stored to memory at: 2018/04/07 09:05:18 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000626fe0)={0x2, 0x2}) 2018/04/07 09:05:18 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) fcntl$setownex(r0, 0xf, &(0x7f00003ee000)={0x2}) fcntl$getown(r0, 0x9) [ 59.174005] kmsan_internal_chain_origin+0x12b/0x210 [ 59.179107] kmsan_memcpy_origins+0x11d/0x170 [ 59.183599] __msan_memcpy+0x19f/0x1f0 [ 59.187488] ghash_final+0x168/0x1d0 [ 59.191200] crypto_shash_final+0x198/0x1c0 [ 59.195524] ghash_async_final+0x26d/0x290 [ 59.199761] crypto_ahash_op+0x89a/0xc10 [ 59.203823] crypto_ahash_final+0x8c/0xb0 [ 59.207971] hash_recvmsg+0x56d/0xd50 [ 59.211767] hash_recvmsg_nokey+0x129/0x160 [ 59.216091] sock_read_iter+0x405/0x480 [ 59.220062] do_iter_readv_writev+0x7bb/0x970 [ 59.224558] do_iter_read+0x303/0xd70 [ 59.228351] do_readv+0x295/0x5f0 [ 59.231804] SYSC_readv+0x9b/0xb0 [ 59.235253] SyS_readv+0x56/0x80 [ 59.238617] do_syscall_64+0x309/0x430 [ 59.242503] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.247681] Uninit was stored to memory at: [ 59.252002] kmsan_internal_chain_origin+0x12b/0x210 [ 59.257101] __msan_chain_origin+0x69/0xc0 [ 59.261330] ghash_update+0xb74/0x1060 [ 59.265213] shash_ahash_update+0x293/0x360 [ 59.269533] ghash_async_update+0x294/0x2b0 [ 59.273853] hash_sendpage+0x904/0xe10 [ 59.277744] hash_sendpage_nokey+0x153/0x180 [ 59.282155] sock_sendpage+0x1de/0x2c0 [ 59.286049] pipe_to_sendpage+0x31b/0x430 [ 59.290203] __splice_from_pipe+0x49a/0xf30 [ 59.294529] generic_splice_sendpage+0x1c6/0x2a0 [ 59.299286] direct_splice_actor+0x19b/0x200 [ 59.303693] splice_direct_to_actor+0x764/0x1040 [ 59.308450] do_splice_direct+0x335/0x540 [ 59.312592] do_sendfile+0x1067/0x1e40 [ 59.316486] SYSC_sendfile64+0x1b3/0x300 [ 59.320551] SyS_sendfile64+0x64/0x90 [ 59.324344] do_syscall_64+0x309/0x430 [ 59.328232] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.333408] Uninit was created at: [ 59.336947] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 59.341960] kmsan_alloc_page+0x82/0xe0 [ 59.345941] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 59.350716] alloc_pages_vma+0xcc8/0x1800 [ 59.354864] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 59.359882] shmem_getpage_gfp+0x35db/0x5770 [ 59.364288] shmem_fallocate+0xde2/0x1610 [ 59.368434] vfs_fallocate+0x9dc/0xde0 [ 59.372316] SYSC_fallocate+0x119/0x1d0 [ 59.376290] SyS_fallocate+0x64/0x90 [ 59.380000] do_syscall_64+0x309/0x430 [ 59.383890] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.389067] [ 59.390688] Byte 0 of 16 is uninitialized [ 59.394821] ================================================================== [ 59.402170] Disabling lock debugging due to kernel taint [ 59.407611] Kernel panic - not syncing: panic_on_warn set ... [ 59.407611] [ 59.414975] CPU: 1 PID: 5014 Comm: syz-executor6 Tainted: G B 4.16.0+ #81 [ 59.423101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.432453] Call Trace: [ 59.435044] dump_stack+0x185/0x1d0 [ 59.438675] panic+0x39d/0x940 [ 59.441891] ? kmsan_internal_check_memory+0x106/0x1d0 [ 59.447170] kmsan_report+0x238/0x240 [ 59.450977] kmsan_internal_check_memory+0x125/0x1d0 [ 59.456086] kmsan_copy_to_user+0x69/0x160 [ 59.460327] _copy_to_iter+0x46d/0x28f0 [ 59.464309] ? ghash_async_final+0x26d/0x290 [ 59.468726] ? crypto_ahash_op+0x89a/0xc10 [ 59.472961] ? ghash_async_update+0x2b0/0x2b0 [ 59.477455] hash_recvmsg+0x88e/0xd50 [ 59.481258] hash_recvmsg_nokey+0x129/0x160 [ 59.485577] ? hash_sendmsg_nokey+0x140/0x140 [ 59.490078] sock_read_iter+0x405/0x480 [ 59.494063] ? kernel_sock_ip_overhead+0x350/0x350 [ 59.498988] do_iter_readv_writev+0x7bb/0x970 [ 59.503481] ? kernel_sock_ip_overhead+0x350/0x350 [ 59.508399] do_iter_read+0x303/0xd70 [ 59.512190] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 59.517628] do_readv+0x295/0x5f0 [ 59.521071] ? syscall_return_slowpath+0xe9/0x700 [ 59.525895] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 59.531240] SYSC_readv+0x9b/0xb0 [ 59.534677] SyS_readv+0x56/0x80 [ 59.538028] do_syscall_64+0x309/0x430 [ 59.541901] ? vfs_readv+0x260/0x260 [ 59.545602] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.550770] RIP: 0033:0x455259 [ 59.553940] RSP: 002b:00007f22d8564c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 59.561629] RAX: ffffffffffffffda RBX: 00007f22d85656d4 RCX: 0000000000455259 [ 59.568875] RDX: 0000000000000001 RSI: 00000000208bafc0 RDI: 0000000000000014 [ 59.576126] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.583372] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.590623] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000000 [ 59.598335] Dumping ftrace buffer: [ 59.601852] (ftrace buffer empty) [ 59.605532] Kernel Offset: disabled [ 59.609130] Rebooting in 86400 seconds..