INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
2018/04/09 14:47:46 fuzzer started
2018/04/09 14:47:46 dialing manager at 10.128.0.26:38911
2018/04/09 14:47:52 kcov=true, comps=false
2018/04/09 14:47:55 executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000333f88)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}]}, 0x50}, 0x1}, 0x0)

2018/04/09 14:47:55 executing program 1:
r0 = socket$inet(0x2, 0x3, 0x21)
sendto$inet(r0, &(0x7f0000000000), 0x0, 0x8000, &(0x7f0000000040)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
sendto$inet(r0, &(0x7f0000000100)="d57949f20aed308be0a42f92", 0xc, 0x0, &(0x7f00000000c0)={0x2, 0x3, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)

2018/04/09 14:47:55 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xaa1000)=nil, 0xaa1000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)

2018/04/09 14:47:55 executing program 2:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000180)='+#vmnet1ppp0&posix_acl_accessppp1vboxnet0\x00', 0x0)
ioctl$TCSETA(r0, 0x4030582a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000d8})

2018/04/09 14:47:55 executing program 4:

2018/04/09 14:47:55 executing program 5:

2018/04/09 14:47:55 executing program 6:

2018/04/09 14:47:55 executing program 3:

syzkaller login: [   42.209981] ip (3797) used greatest stack depth: 54440 bytes left
[   43.354691] ip (3911) used greatest stack depth: 54296 bytes left
[   43.614100] ip (3931) used greatest stack depth: 54200 bytes left
[   44.070152] ip (3970) used greatest stack depth: 54144 bytes left
[   45.399958] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.519986] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.571011] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.580611] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.634011] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.656840] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.725901] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.893398] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   54.394679] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.412109] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.468895] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.537220] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.663216] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.739103] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.812758] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.920876] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.182927] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   55.189250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.200154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.234734] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   55.243155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.257792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.286590] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   55.292822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.319663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.355694] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   55.362117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.373662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.471687] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   55.478016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.489837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.590164] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   55.596469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.609933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.631708] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   55.637999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.656955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.744684] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   55.750977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.762186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.501190] ==================================================================
[   56.508608] BUG: KMSAN: uninit-value in dccp_invalid_packet+0x3b8/0xf50
[   56.515364] CPU: 1 PID: 5042 Comm: syz-executor1 Not tainted 4.16.0+ #82
[   56.522195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.531542] Call Trace:
[   56.534116]  <IRQ>
[   56.536268]  dump_stack+0x185/0x1d0
[   56.539893]  ? dccp_invalid_packet+0x3b8/0xf50
[   56.544471]  kmsan_report+0x142/0x240
[   56.548269]  __msan_warning_32+0x6c/0xb0
[   56.552329]  dccp_invalid_packet+0x3b8/0xf50
[   56.556737]  ? ip_local_deliver_finish+0x6ed/0xd40
[   56.561663]  ? ip_local_deliver_finish+0x6ed/0xd40
[   56.566586]  dccp_v4_rcv+0xf7/0x2630
[   56.570293]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   56.575658]  ? raw_local_deliver+0x1462/0x1470
[   56.580246]  ? ip_local_deliver_finish+0x4a5/0xd40
[   56.585175]  ? local_bh_enable+0x40/0x40
[   56.589234]  ? local_bh_enable+0x40/0x40
[   56.593297]  ip_local_deliver_finish+0x6ed/0xd40
[   56.598057]  ip_local_deliver+0x43c/0x4e0
[   56.602203]  ? ip_local_deliver+0x4e0/0x4e0
[   56.606610]  ? ip_call_ra_chain+0x7b0/0x7b0
[   56.610926]  ip_rcv_finish+0x1253/0x16d0
[   56.614996]  ip_rcv+0x119d/0x16f0
[   56.618448]  ? ip_rcv+0x16f0/0x16f0
[   56.622081]  __netif_receive_skb_core+0x47cf/0x4a80
[   56.627096]  ? try_to_wake_up+0x1ab2/0x20a0
[   56.631423]  ? kmsan_internal_memset_shadow_inline+0xd0/0xd0
[   56.637222]  ? ip_local_deliver_finish+0xd40/0xd40
[   56.642150]  process_backlog+0x62d/0xe20
[   56.646214]  ? rps_trigger_softirq+0x2f0/0x2f0
2018/04/09 14:48:12 executing program 4:

2018/04/09 14:48:12 executing program 4:

[   56.650802]  net_rx_action+0x7c1/0x1a70
[   56.654780]  ? net_tx_action+0xab0/0xab0
[   56.658838]  __do_softirq+0x56d/0x93d
[   56.662640]  do_softirq_own_stack+0x2a/0x40
[   56.666948]  </IRQ>
[   56.669183]  __local_bh_enable_ip+0x114/0x140
[   56.673679]  local_bh_enable+0x36/0x40
[   56.677565]  ip_finish_output2+0x124e/0x1380
[   56.681982]  ip_finish_output+0xcb0/0xff0
[   56.686136]  ip_output+0x502/0x5c0
[   56.689676]  ? ip_mc_finish_output+0x3b0/0x3b0
[   56.694260]  ? ip_finish_output+0xff0/0xff0
[   56.698579]  ip_send_skb+0x5f3/0x820
[   56.702291]  ? __ip_local_out+0x5b0/0x5b0
[   56.706443]  ip_push_pending_frames+0x105/0x170
[   56.711111]  raw_sendmsg+0x2960/0x3ed0
[   56.715014]  ? compat_raw_ioctl+0x100/0x100
[   56.719330]  inet_sendmsg+0x48d/0x740
[   56.723125]  ? security_socket_sendmsg+0x9e/0x210
[   56.727965]  ? inet_getname+0x500/0x500
[   56.731940]  SYSC_sendto+0x6c3/0x7e0
[   56.735652]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[   56.741098]  ? prepare_exit_to_usermode+0x149/0x3a0
[   56.746127]  SyS_sendto+0x8a/0xb0
[   56.749577]  do_syscall_64+0x309/0x430
[   56.753467]  ? SYSC_getpeername+0x560/0x560
[   56.757790]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   56.762974] RIP: 0033:0x455259
[   56.766154] RSP: 002b:00007f4989234c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   56.773859] RAX: ffffffffffffffda RBX: 00007f49892356d4 RCX: 0000000000455259
[   56.781124] RDX: 000000000000000c RSI: 0000000020000100 RDI: 0000000000000013
[   56.788390] RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000010
[   56.795664] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
2018/04/09 14:48:12 executing program 4:

2018/04/09 14:48:12 executing program 3:

[   56.802928] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000
[   56.810197] 
[   56.811813] Uninit was stored to memory at:
[   56.816131]  kmsan_internal_chain_origin+0x12b/0x210
[   56.821233]  kmsan_memcpy_origins+0x11d/0x170
[   56.825721]  __msan_memcpy+0x19f/0x1f0
[   56.829606]  skb_copy_bits+0x63a/0xdb0
[   56.833487]  __pskb_pull_tail+0x483/0x22e0
[   56.837720]  dccp_invalid_packet+0x352/0xf50
[   56.842128]  dccp_v4_rcv+0xf7/0x2630
[   56.845848]  ip_local_deliver_finish+0x6ed/0xd40
[   56.850598]  ip_local_deliver+0x43c/0x4e0
[   56.854738]  ip_rcv_finish+0x1253/0x16d0
[   56.858792]  ip_rcv+0x119d/0x16f0
[   56.862243]  __netif_receive_skb_core+0x47cf/0x4a80
[   56.867253]  process_backlog+0x62d/0xe20
[   56.871308]  net_rx_action+0x7c1/0x1a70
[   56.875282]  __do_softirq+0x56d/0x93d
[   56.879064] Uninit was created at:
[   56.882602]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   56.887610]  kmsan_alloc_page+0x82/0xe0
[   56.891581]  __alloc_pages_nodemask+0xf5b/0x5dc0
[   56.896330]  alloc_pages_current+0x6b5/0x970
2018/04/09 14:48:12 executing program 4:
perf_event_open(&(0x7f0000220000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000740)='net/fib_trie\x00')
readv(r0, &(0x7f00000004c0)=[{&(0x7f00000001c0)=""/151, 0x97}, {&(0x7f0000000340)=""/112, 0x70}], 0x2)

2018/04/09 14:48:12 executing program 3:
perf_event_open(&(0x7f0000220000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000e11ff0)=[{&(0x7f0000299f3e)="580000001400192340834b80040d8c5602067fffffff810000000000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1)

[   56.900730]  skb_page_frag_refill+0x3ba/0x5e0
[   56.905219]  sk_page_frag_refill+0xa4/0x340
[   56.909533]  __ip_append_data+0x107e/0x3d10
[   56.913846]  ip_append_data+0x2fb/0x440
[   56.917811]  raw_sendmsg+0x287b/0x3ed0
[   56.921694]  inet_sendmsg+0x48d/0x740
[   56.925489]  SYSC_sendto+0x6c3/0x7e0
[   56.929200]  SyS_sendto+0x8a/0xb0
[   56.932648]  do_syscall_64+0x309/0x430
[   56.936534]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   56.941706] ==================================================================
[   56.949056] Disabling lock debugging due to kernel taint
[   56.954499] Kernel panic - not syncing: panic_on_warn set ...
[   56.954499] 
[   56.961870] CPU: 1 PID: 5042 Comm: syz-executor1 Tainted: G    B            4.16.0+ #82
[   56.970004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.979354] Call Trace:
[   56.981935]  <IRQ>
[   56.984086]  dump_stack+0x185/0x1d0
[   56.987715]  panic+0x39d/0x940
[   56.990929]  ? dccp_invalid_packet+0x3b8/0xf50
[   56.995511]  kmsan_report+0x238/0x240
[   56.999312]  __msan_warning_32+0x6c/0xb0
2018/04/09 14:48:13 executing program 4:
r0 = socket$inet6(0xa, 0x1, 0x0)
set_mempolicy(0x1, &(0x7f0000000040), 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f5ffe0)={@loopback={0x0, 0x1}, 0x0, 0x0, 0x400000000000003, 0x10001}, 0x28)

[   57.003372]  dccp_invalid_packet+0x3b8/0xf50
[   57.007785]  ? ip_local_deliver_finish+0x6ed/0xd40
[   57.012710]  ? ip_local_deliver_finish+0x6ed/0xd40
[   57.017634]  dccp_v4_rcv+0xf7/0x2630
[   57.021348]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   57.027057]  ? raw_local_deliver+0x1462/0x1470
[   57.031642]  ? ip_local_deliver_finish+0x4a5/0xd40
[   57.036565]  ? local_bh_enable+0x40/0x40
[   57.040620]  ? local_bh_enable+0x40/0x40
[   57.044678]  ip_local_deliver_finish+0x6ed/0xd40
[   57.049441]  ip_local_deliver+0x43c/0x4e0
[   57.053585]  ? ip_local_deliver+0x4e0/0x4e0
[   57.057903]  ? ip_call_ra_chain+0x7b0/0x7b0
[   57.062220]  ip_rcv_finish+0x1253/0x16d0
[   57.066286]  ip_rcv+0x119d/0x16f0
[   57.069736]  ? ip_rcv+0x16f0/0x16f0
[   57.073372]  __netif_receive_skb_core+0x47cf/0x4a80
[   57.078387]  ? try_to_wake_up+0x1ab2/0x20a0
[   57.082720]  ? kmsan_internal_memset_shadow_inline+0xd0/0xd0
[   57.088522]  ? ip_local_deliver_finish+0xd40/0xd40
[   57.093456]  process_backlog+0x62d/0xe20
[   57.097522]  ? rps_trigger_softirq+0x2f0/0x2f0
2018/04/09 14:48:13 executing program 4:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000333f88)={0x2, 0x3, 0x0, 0x9, 0xc, 0x0, 0x0, 0x0, [@sadb_x_sa2={0x2, 0x13, 0x2}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}, @sadb_sa={0x2, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1=0xe0000001}}]}, 0x60}, 0x1}, 0x0)

[   57.102103]  net_rx_action+0x7c1/0x1a70
[   57.106086]  ? net_tx_action+0xab0/0xab0
[   57.110151]  __do_softirq+0x56d/0x93d
[   57.113959]  do_softirq_own_stack+0x2a/0x40
[   57.118274]  </IRQ>
[   57.120514]  __local_bh_enable_ip+0x114/0x140
[   57.125011]  local_bh_enable+0x36/0x40
[   57.128899]  ip_finish_output2+0x124e/0x1380
[   57.133311]  ip_finish_output+0xcb0/0xff0
[   57.137464]  ip_output+0x502/0x5c0
[   57.140999]  ? ip_mc_finish_output+0x3b0/0x3b0
[   57.145584]  ? ip_finish_output+0xff0/0xff0
[   57.149901]  ip_send_skb+0x5f3/0x820
[   57.153613]  ? __ip_local_out+0x5b0/0x5b0
[   57.157765]  ip_push_pending_frames+0x105/0x170
[   57.162439]  raw_sendmsg+0x2960/0x3ed0
[   57.166346]  ? compat_raw_ioctl+0x100/0x100
[   57.170663]  inet_sendmsg+0x48d/0x740
[   57.174461]  ? security_socket_sendmsg+0x9e/0x210
[   57.179306]  ? inet_getname+0x500/0x500
[   57.183285]  SYSC_sendto+0x6c3/0x7e0
[   57.187001]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[   57.192453]  ? prepare_exit_to_usermode+0x149/0x3a0
[   57.197485]  SyS_sendto+0x8a/0xb0
[   57.200936]  do_syscall_64+0x309/0x430
[   57.204824]  ? SYSC_getpeername+0x560/0x560
[   57.209147]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   57.214325] RIP: 0033:0x455259
[   57.217509] RSP: 002b:00007f4989234c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   57.225216] RAX: ffffffffffffffda RBX: 00007f49892356d4 RCX: 0000000000455259
[   57.232481] RDX: 000000000000000c RSI: 0000000020000100 RDI: 0000000000000013
[   57.239750] RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000010
[   57.247017] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   57.254285] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000
[   57.261981] Dumping ftrace buffer:
[   57.265498]    (ftrace buffer empty)
[   57.269179] Kernel Offset: disabled
[   57.272777] Rebooting in 86400 seconds..