INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. 2018/04/10 12:20:37 fuzzer started 2018/04/10 12:20:38 dialing manager at 10.128.0.26:40577 2018/04/10 12:20:43 kcov=true, comps=false 2018/04/10 12:20:46 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x3}, 0x1c) sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000ff0)=[{&(0x7f0000013ffe)="0600", 0x2}], 0x1, &(0x7f0000026000)}, 0x2000c080) write(r0, &(0x7f0000000100)="d019", 0x2) 2018/04/10 12:20:46 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffff8}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000bc0)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendto$inet(r1, &(0x7f0000000100)="0d0a9716a70976e265d647963219edbaa9bf5d26cdae6379bcafe8477286211724015bb40f5462943031e614c6183b4f198065c63ce1b0f4601ca607ce10ff310ac95d089d7ea6e76f7a0bed348f302c6a89aae38d11fc09cc22be0248745645637e6fc7f517c6b29f1ad7f49caea16c2eea7def41eb80aeceb083f49310fc048a6863a794ab4da441466c8a9c013d3613b2307be07446188c1d8fbeacbca761282d675f4385a90dc259cb40049ee0c2cc0d33f29c6102e56697c24b8f1ad37f196e4c5af815d6fca6006dcdae0b6f3f0c1bddd8e4d8db7049652afbf23878718ddbbc2ff3fbef8288864cd92be50657dd170d505a6eb47f9aef5a953a914e1d54312ed0808e759655cc4c9a57f267610e92c8fe906ab49faa7bd51aa9bb3f1a6c417c82f7a5a578c758a6fafec4ecbac6354e4cda", 0x135, 0x0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2=0xe0000002}, 0x10) 2018/04/10 12:20:46 executing program 7: r0 = syz_open_dev$tun(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'bridge0\x00', 0x1ffd}) r1 = socket(0x10, 0x803, 0x0) write(r1, &(0x7f0000df8fd9)="2600000026004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) 2018/04/10 12:20:46 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$SEM_STAT(0x0, 0x0, 0x12, &(0x7f0000000200)=""/88) 2018/04/10 12:20:46 executing program 3: mkdir(&(0x7f0000027000)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x0, &(0x7f000000a000)) creat(&(0x7f0000000700)='./file0/bus\x00', 0x0) 2018/04/10 12:20:46 executing program 4: socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000240)) unshare(0x40000000) 2018/04/10 12:20:46 executing program 5: add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0x0) add_key$user(&(0x7f0000ef5000)='user\x00', &(0x7f00008fa000)={0x73, 0x79, 0x7a}, &(0x7f0000537ffd), 0x0, 0x0) add_key$user(&(0x7f0000688000)='user\x00', &(0x7f00008d9ffb)={0x73, 0x79, 0x7a}, &(0x7f0000f19edc), 0x0, 0x0) request_key(&(0x7f0000a98ffb)='user\x00', &(0x7f0000626000)={0x73, 0x79, 0x7a}, &(0x7f00000002c0)="2f6465612f7675746f66730719", 0x0) 2018/04/10 12:20:46 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x22, &(0x7f0000000240)="bd", 0x1) syzkaller login: [ 41.866197] ip (3768) used greatest stack depth: 54672 bytes left [ 42.418832] ip (3822) used greatest stack depth: 54312 bytes left [ 43.250731] ip (3896) used greatest stack depth: 54200 bytes left [ 45.203317] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.237600] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.376521] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.447245] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.460571] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.544244] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.604118] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.671599] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.875168] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.048625] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.116220] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.354470] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.363008] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.379858] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.416532] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.546099] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.639220] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.645577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.659222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.866665] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.872982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.887238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.926421] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.935673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.956596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.133471] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.139715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.152106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.175717] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.185448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.207611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.239579] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.248675] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.254916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.263698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.303631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.325513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.352831] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.366111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.377319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.726113] ================================================================== [ 55.733528] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4bee/0x4cc0 [ 55.739939] CPU: 1 PID: 4986 Comm: syz-executor0 Not tainted 4.16.0+ #83 [ 55.746771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.756118] Call Trace: [ 55.758713] dump_stack+0x185/0x1d0 [ 55.762348] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 55.766593] kmsan_report+0x142/0x240 [ 55.770400] __msan_warning_32+0x6c/0xb0 [ 55.774466] rawv6_sendmsg+0x4bee/0x4cc0 [ 55.778531] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 55.783986] ? futex_wait_queue_me+0x687/0x710 [ 55.788587] ? compat_rawv6_ioctl+0x30/0x30 [ 55.792907] inet_sendmsg+0x48d/0x740 [ 55.796712] ? security_socket_sendmsg+0x9e/0x210 [ 55.801551] ? inet_getname+0x500/0x500 [ 55.805524] sock_write_iter+0x3b9/0x470 [ 55.809593] ? sock_read_iter+0x480/0x480 [ 55.813740] __vfs_write+0x719/0x910 [ 55.817456] vfs_write+0x463/0x8d0 [ 55.821002] SYSC_write+0x172/0x360 [ 55.824627] SyS_write+0x55/0x80 [ 55.827992] do_syscall_64+0x309/0x430 [ 55.831884] ? SYSC_read+0x360/0x360 [ 55.835595] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 55.840780] RIP: 0033:0x455259 [ 55.843962] RSP: 002b:00007f7ab3df7c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.851669] RAX: ffffffffffffffda RBX: 00007f7ab3df86d4 RCX: 0000000000455259 [ 55.858938] RDX: 0000000000000002 RSI: 0000000020000100 RDI: 0000000000000013 [ 55.866204] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 55.873469] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 55.880737] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000000 [ 55.888009] [ 55.889628] Uninit was stored to memory at: [ 55.893951] kmsan_internal_chain_origin+0x12b/0x210 [ 55.899053] kmsan_memcpy_origins+0x11d/0x170 [ 55.903545] __msan_memcpy+0x19f/0x1f0 [ 55.907433] skb_copy_bits+0x63a/0xdb0 [ 55.911335] rawv6_sendmsg+0x427e/0x4cc0 [ 55.915387] inet_sendmsg+0x48d/0x740 [ 55.919182] sock_write_iter+0x3b9/0x470 [ 55.923236] __vfs_write+0x719/0x910 [ 55.926947] vfs_write+0x463/0x8d0 [ 55.930481] SYSC_write+0x172/0x360 [ 55.934106] SyS_write+0x55/0x80 [ 55.937497] do_syscall_64+0x309/0x430 [ 55.941392] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 55.946566] Uninit was created at: [ 55.950103] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 55.955116] kmsan_alloc_page+0x82/0xe0 [ 55.959087] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 55.963839] alloc_pages_current+0x6b5/0x970 [ 55.968245] skb_page_frag_refill+0x3ba/0x5e0 [ 55.972734] sk_page_frag_refill+0xa4/0x340 [ 55.977056] __ip6_append_data+0x1a20/0x4bb0 [ 55.981467] ip6_append_data+0x40e/0x6b0 [ 55.985530] rawv6_sendmsg+0x2787/0x4cc0 [ 55.989588] inet_sendmsg+0x48d/0x740 [ 55.993392] sock_write_iter+0x3b9/0x470 [ 55.997455] __vfs_write+0x719/0x910 [ 56.001170] vfs_write+0x463/0x8d0 [ 56.004703] SYSC_write+0x172/0x360 [ 56.008325] SyS_write+0x55/0x80 [ 56.011680] do_syscall_64+0x309/0x430 [ 56.015567] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.020745] ================================================================== [ 56.028096] Disabling lock debugging due to kernel taint [ 56.033541] Kernel panic - not syncing: panic_on_warn set ... [ 56.033541] [ 56.040898] CPU: 1 PID: 4986 Comm: syz-executor0 Tainted: G B 4.16.0+ #83 [ 56.049022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.058359] Call Trace: [ 56.060927] dump_stack+0x185/0x1d0 [ 56.064534] panic+0x39d/0x940 [ 56.067731] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 56.071942] kmsan_report+0x238/0x240 [ 56.075721] __msan_warning_32+0x6c/0xb0 [ 56.079761] rawv6_sendmsg+0x4bee/0x4cc0 [ 56.083802] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 56.089233] ? futex_wait_queue_me+0x687/0x710 [ 56.093801] ? compat_rawv6_ioctl+0x30/0x30 [ 56.098099] inet_sendmsg+0x48d/0x740 [ 56.101886] ? security_socket_sendmsg+0x9e/0x210 [ 56.106707] ? inet_getname+0x500/0x500 [ 56.110659] sock_write_iter+0x3b9/0x470 [ 56.114710] ? sock_read_iter+0x480/0x480 [ 56.118851] __vfs_write+0x719/0x910 [ 56.122548] vfs_write+0x463/0x8d0 [ 56.126068] SYSC_write+0x172/0x360 [ 56.129676] SyS_write+0x55/0x80 [ 56.133029] do_syscall_64+0x309/0x430 [ 56.136901] ? SYSC_read+0x360/0x360 [ 56.140596] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.145760] RIP: 0033:0x455259 [ 56.148925] RSP: 002b:00007f7ab3df7c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.156612] RAX: ffffffffffffffda RBX: 00007f7ab3df86d4 RCX: 0000000000455259 [ 56.163857] RDX: 0000000000000002 RSI: 0000000020000100 RDI: 0000000000000013 [ 56.171102] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 56.178349] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 56.185595] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000000 [ 56.193265] Dumping ftrace buffer: [ 56.196780] (ftrace buffer empty) [ 56.200462] Kernel Offset: disabled [ 56.204062] Rebooting in 86400 seconds..