INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. 2018/04/11 03:39:24 fuzzer started 2018/04/11 03:39:24 dialing manager at 10.128.0.26:40599 2018/04/11 03:39:30 kcov=true, comps=false 2018/04/11 03:39:33 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c) sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000ff0)=[{&(0x7f0000000140)="0200", 0x2}], 0x1, &(0x7f0000003000)}, 0x2000c080) write$binfmt_elf64(r0, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 2018/04/11 03:39:33 executing program 2: r0 = socket(0x11, 0x4000000000080003, 0x0) sendmsg$nfc_llcp(r0, &(0x7f0000000600)={&(0x7f00000000c0)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "57fae839cadc593634a4649fa20e6a2157ab7eadc92590a697a15b1b82269a12677f3b622d19acae977f2e6ac607eb139eeccb9baf117ee61d03c712ebf2c4"}, 0x58, &(0x7f0000000040), 0x0, &(0x7f00000005c0)={0xc, 0x1}, 0xc}, 0x0) 2018/04/11 03:39:33 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000001200)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) connect$inet6(r0, &(0x7f0000012000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) recvmsg(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000001100)=@generic, 0xfe9f, &(0x7f00000010c0)=[{&(0x7f00000000c0)=""/4096, 0xffe4}], 0x3b5, &(0x7f0000000000)=""/115, 0xfdaf}, 0x0) sendmsg(r0, &(0x7f0000001980)={0x0, 0xfffffffffffffdf5, &(0x7f0000000080), 0x111}, 0x0) recvmmsg(r0, &(0x7f0000005180)=[{{&(0x7f0000003e80)=@sco, 0x80, &(0x7f00000050c0), 0x0, &(0x7f0000005100)=""/123, 0x7b}}], 0x1, 0x0, &(0x7f0000005200)) 2018/04/11 03:39:33 executing program 7: setitimer(0x3, &(0x7f0000000080)={{0x77359400}}, &(0x7f0000000180)) 2018/04/11 03:39:33 executing program 4: 2018/04/11 03:39:33 executing program 3: 2018/04/11 03:39:33 executing program 5: 2018/04/11 03:39:33 executing program 6: syzkaller login: [ 43.072319] ip (3748) used greatest stack depth: 54672 bytes left [ 43.763009] ip (3811) used greatest stack depth: 54408 bytes left [ 44.705456] ip (3901) used greatest stack depth: 54296 bytes left [ 45.316817] ip (3955) used greatest stack depth: 54256 bytes left [ 45.593819] ip (3980) used greatest stack depth: 54232 bytes left [ 46.729786] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.741747] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.787779] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.872086] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.022008] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.037401] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.046281] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.117405] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.515419] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.666611] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.791780] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.868824] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.919260] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.062095] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.080000] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.152023] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.270933] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.277187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.291946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.403982] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.410272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.420741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.506933] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.513779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.528674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.747457] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.753708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.762674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.785436] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.803232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.836718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.864380] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.870577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.883966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.907735] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.917243] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.923480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.931643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.961681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.980091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/11 03:39:50 executing program 4: 2018/04/11 03:39:50 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000001200)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) connect$inet6(r0, &(0x7f0000012000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) recvmsg(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000001100)=@generic, 0xfe9f, &(0x7f00000010c0)=[{&(0x7f00000000c0)=""/4096, 0xffe4}], 0x3b5, &(0x7f0000000000)=""/115, 0xfdaf}, 0x0) sendmsg(r0, &(0x7f0000001980)={0x0, 0xfffffffffffffdf5, &(0x7f0000000080), 0x111}, 0x0) recvmmsg(r0, &(0x7f0000005180)=[{{&(0x7f0000003e80)=@sco, 0x80, &(0x7f00000050c0), 0x0, &(0x7f0000005100)=""/123, 0x7b}}], 0x1, 0x0, &(0x7f0000005200)) 2018/04/11 03:39:50 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000001200)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) connect$inet6(r0, &(0x7f0000012000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) recvmsg(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000001100)=@generic, 0xfe9f, &(0x7f00000010c0)=[{&(0x7f00000000c0)=""/4096, 0xffe4}], 0x3b5, &(0x7f0000000000)=""/115, 0xfdaf}, 0x0) sendmsg(r0, &(0x7f0000001980)={0x0, 0xfffffffffffffdf5, &(0x7f0000000080), 0x111}, 0x0) recvmmsg(r0, &(0x7f0000005180)=[{{&(0x7f0000003e80)=@sco, 0x80, &(0x7f00000050c0), 0x0, &(0x7f0000005100)=""/123, 0x7b}}], 0x1, 0x0, &(0x7f0000005200)) 2018/04/11 03:39:50 executing program 2: [ 57.870231] ================================================================== [ 57.877638] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4bee/0x4cc0 [ 57.884046] CPU: 1 PID: 5043 Comm: syz-executor0 Not tainted 4.16.0+ #83 [ 57.890885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.900233] Call Trace: [ 57.902825] dump_stack+0x185/0x1d0 [ 57.906455] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 57.910688] kmsan_report+0x142/0x240 [ 57.914486] __msan_warning_32+0x6c/0xb0 [ 57.918554] rawv6_sendmsg+0x4bee/0x4cc0 [ 57.922612] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 57.928062] ? futex_wait_queue_me+0x687/0x710 [ 57.932664] ? compat_rawv6_ioctl+0x30/0x30 [ 57.936983] inet_sendmsg+0x48d/0x740 [ 57.940788] ? security_socket_sendmsg+0x9e/0x210 [ 57.945635] ? inet_getname+0x500/0x500 [ 57.949619] sock_write_iter+0x3b9/0x470 [ 57.953692] ? sock_read_iter+0x480/0x480 [ 57.957840] __vfs_write+0x719/0x910 [ 57.961560] vfs_write+0x463/0x8d0 [ 57.965108] SYSC_write+0x172/0x360 [ 57.968752] SyS_write+0x55/0x80 [ 57.972211] do_syscall_64+0x309/0x430 [ 57.976106] ? SYSC_read+0x360/0x360 [ 57.979830] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.985016] RIP: 0033:0x455259 [ 57.988202] RSP: 002b:00007f32bcbdec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.995942] RAX: ffffffffffffffda RBX: 00007f32bcbdf6d4 RCX: 0000000000455259 [ 58.003214] RDX: 0000000000000078 RSI: 0000000020000040 RDI: 0000000000000013 [ 58.010482] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.017747] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.025017] R13: 00000000000006b9 R14: 00000000006fd1f8 R15: 0000000000000000 [ 58.032288] [ 58.033909] Uninit was stored to memory at: [ 58.038232] kmsan_internal_chain_origin+0x12b/0x210 [ 58.043503] kmsan_memcpy_origins+0x11d/0x170 [ 58.047989] __msan_memcpy+0x19f/0x1f0 [ 58.051877] skb_copy_bits+0x63a/0xdb0 [ 58.055759] rawv6_sendmsg+0x427e/0x4cc0 [ 58.059814] inet_sendmsg+0x48d/0x740 [ 58.063617] sock_write_iter+0x3b9/0x470 [ 58.067677] __vfs_write+0x719/0x910 [ 58.071389] vfs_write+0x463/0x8d0 [ 58.074926] SYSC_write+0x172/0x360 [ 58.078556] SyS_write+0x55/0x80 [ 58.081929] do_syscall_64+0x309/0x430 [ 58.085821] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.090999] Uninit was created at: [ 58.094546] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 58.099824] kmsan_alloc_page+0x82/0xe0 [ 58.103800] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 58.108552] alloc_pages_current+0x6b5/0x970 [ 58.112961] skb_page_frag_refill+0x3ba/0x5e0 [ 58.117454] sk_page_frag_refill+0xa4/0x340 [ 58.121777] __ip6_append_data+0x1a20/0x4bb0 [ 58.126187] ip6_append_data+0x40e/0x6b0 [ 58.130245] rawv6_sendmsg+0x2787/0x4cc0 [ 58.134304] inet_sendmsg+0x48d/0x740 [ 58.138103] sock_write_iter+0x3b9/0x470 [ 58.142160] __vfs_write+0x719/0x910 [ 58.145870] vfs_write+0x463/0x8d0 [ 58.149408] SYSC_write+0x172/0x360 [ 58.153028] SyS_write+0x55/0x80 [ 58.156394] do_syscall_64+0x309/0x430 [ 58.160285] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.165463] ================================================================== [ 58.172810] Disabling lock debugging due to kernel taint [ 58.178250] Kernel panic - not syncing: panic_on_warn set ... [ 58.178250] [ 58.185611] CPU: 1 PID: 5043 Comm: syz-executor0 Tainted: G B 4.16.0+ #83 [ 58.193743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.203091] Call Trace: [ 58.205685] dump_stack+0x185/0x1d0 [ 58.209316] panic+0x39d/0x940 [ 58.212528] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 58.216758] kmsan_report+0x238/0x240 2018/04/11 03:39:50 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r1 = memfd_create(&(0x7f0000000040)='nodev\x00', 0x0) ftruncate(r1, 0x40001) sendfile(r0, r1, &(0x7f000000a000), 0x2) 2018/04/11 03:39:50 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f000000cff8)='./file0\x00', 0x80040, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) 2018/04/11 03:39:51 executing program 1: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000040)='.\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x8000000000802) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000041f74)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000e50)=[{0x0, 0xced, 0x0, 0x0, @time={0x77359400}, {}, {}, @time}], 0x30) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f00000001c0)={0x123, @time}) 2018/04/11 03:39:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000002000)={0x0, 0x0, &(0x7f0000ac3000)=@raw, &(0x7f0000000080)="47505d04", 0x17, 0xffffffffffffffe4, &(0x7f0000004f99)=""/103}, 0xfffffffffffffd49) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x5, &(0x7f0000002000)=@framed={{0x18}, [@call={0x85, 0x0, 0x0, 0x7}], {0x95}}, &(0x7f000000a000)='syzkaller\x00', 0x1, 0xc3, &(0x7f0000011f3d)=""/195}, 0x48) [ 58.220563] __msan_warning_32+0x6c/0xb0 [ 58.224622] rawv6_sendmsg+0x4bee/0x4cc0 [ 58.228686] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.234135] ? futex_wait_queue_me+0x687/0x710 [ 58.238736] ? compat_rawv6_ioctl+0x30/0x30 [ 58.243064] inet_sendmsg+0x48d/0x740 [ 58.246867] ? security_socket_sendmsg+0x9e/0x210 [ 58.251716] ? inet_getname+0x500/0x500 [ 58.255689] sock_write_iter+0x3b9/0x470 [ 58.259757] ? sock_read_iter+0x480/0x480 [ 58.263905] __vfs_write+0x719/0x910 [ 58.267628] vfs_write+0x463/0x8d0 [ 58.271179] SYSC_write+0x172/0x360 [ 58.274991] SyS_write+0x55/0x80 [ 58.278360] do_syscall_64+0x309/0x430 [ 58.282248] ? SYSC_read+0x360/0x360 [ 58.285962] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.291143] RIP: 0033:0x455259 [ 58.294326] RSP: 002b:00007f32bcbdec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.302032] RAX: ffffffffffffffda RBX: 00007f32bcbdf6d4 RCX: 0000000000455259 [ 58.309301] RDX: 0000000000000078 RSI: 0000000020000040 RDI: 0000000000000013 [ 58.316568] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.323835] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.331103] R13: 00000000000006b9 R14: 00000000006fd1f8 R15: 0000000000000000 [ 58.338815] Dumping ftrace buffer: [ 58.342337] (ftrace buffer empty) [ 58.346021] Kernel Offset: disabled [ 58.349620] Rebooting in 86400 seconds..