INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts. 2018/04/09 13:48:57 fuzzer started 2018/04/09 13:48:58 dialing manager at 10.128.0.26:38911 2018/04/09 13:49:04 kcov=true, comps=false 2018/04/09 13:49:07 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000080)={&(0x7f0000000480)=@in={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10, &(0x7f0000002d00)=[{&(0x7f0000000880)="a1", 0x1}], 0x1}, 0x4841) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) 2018/04/09 13:49:07 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x2, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@rand_addr, @in6=@mcast1={0xff, 0x1, [], 0x1}}]}, 0x38}, 0x1}, 0x0) 2018/04/09 13:49:07 executing program 7: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) rt_sigqueueinfo(r1, 0x38, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffd}) 2018/04/09 13:49:07 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000004ff4)) sendmsg$alg(r1, &(0x7f0000007fe4)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000006000)='~', 0x1}], 0x1}, 0x0) 2018/04/09 13:49:07 executing program 4: 2018/04/09 13:49:07 executing program 5: 2018/04/09 13:49:07 executing program 6: 2018/04/09 13:49:07 executing program 3: syzkaller login: [ 41.611479] ip (3760) used greatest stack depth: 54816 bytes left [ 42.175619] ip (3813) used greatest stack depth: 54312 bytes left [ 43.216673] ip (3915) used greatest stack depth: 54296 bytes left [ 45.131174] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.182440] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.309670] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.386790] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.533956] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.562900] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.638120] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.675834] ip (4124) used greatest stack depth: 53976 bytes left [ 45.789227] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.149767] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.165794] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.338782] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.494121] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.523701] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.540642] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.552767] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.772789] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.875014] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.881347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.893656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.935220] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.941460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.953873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.117332] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.123611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.136162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.238870] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.245207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.255445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.349256] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.355520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.365583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.397967] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.407306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.421588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.447587] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.453907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.467568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.614019] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.620355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.632987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/09 13:49:24 executing program 7: 2018/04/09 13:49:24 executing program 6: 2018/04/09 13:49:24 executing program 7: 2018/04/09 13:49:24 executing program 1: 2018/04/09 13:49:24 executing program 3: mkdir(&(0x7f0000021000)='./file0\x00', 0x0) mkdir(&(0x7f0000024ff0)='./file0/control\x00', 0x0) mkdir(&(0x7f0000d6fff2)='./file0/file0\x00', 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000000)='./file0/control\x00', &(0x7f00000005c0)='./file0/file0/file0\x00') 2018/04/09 13:49:24 executing program 5: 2018/04/09 13:49:24 executing program 4: 2018/04/09 13:49:24 executing program 2: 2018/04/09 13:49:24 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) 2018/04/09 13:49:24 executing program 5: r0 = socket$inet(0x2, 0x3, 0x21) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x8000, &(0x7f0000000040)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) sendto$inet(r0, &(0x7f0000000100)="d57949f20aed308be0a42f92", 0xc, 0x0, &(0x7f0000000140)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) 2018/04/09 13:49:24 executing program 4: mq_open(&(0x7f0000000000)='-$\x00', 0x83, 0x0, &(0x7f0000000280)) 2018/04/09 13:49:24 executing program 6: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x20000000000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000797ff7)='/dev/sg#\x00', 0x0, 0x0) ioctl(r0, 0x20000000002285, &(0x7f0000000040)="53000000012e2a6824f8fc7300000000000000000000000000000004ce8ab6089358ca9d84a2fd2b2d4e07d1f6") 2018/04/09 13:49:24 executing program 7: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$KDSETLED(r0, 0x4b32, 0x3f) unshare(0x8000400) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000100)) 2018/04/09 13:49:24 executing program 1: r0 = accept$netrom(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000040)=0x10) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000000, 0x80010, r0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'yam0\x00', r1}) r2 = socket(0x10, 0x803, 0x5) write(r2, &(0x7f00000000c0)="2600000022004701050007008980e80700006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.events\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000100)='./file0\x00', 0x30) sendto(r2, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) [ 56.940912] ================================================================== [ 56.948340] BUG: KMSAN: uninit-value in dccp_invalid_packet+0x3b8/0xf50 [ 56.955105] CPU: 0 PID: 5102 Comm: syz-executor5 Not tainted 4.16.0+ #82 [ 56.961950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.971305] Call Trace: [ 56.973887] [ 56.976050] dump_stack+0x185/0x1d0 [ 56.979687] ? dccp_invalid_packet+0x3b8/0xf50 [ 56.984269] kmsan_report+0x142/0x240 [ 56.988074] __msan_warning_32+0x6c/0xb0 [ 56.992141] dccp_invalid_packet+0x3b8/0xf50 [ 56.996556] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.001491] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.006430] dccp_v4_rcv+0xf7/0x2630 [ 57.010154] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.016129] ? raw_local_deliver+0x1462/0x1470 [ 57.020719] ? ip_local_deliver_finish+0x4a5/0xd40 [ 57.025648] ? local_bh_enable+0x40/0x40 [ 57.029714] ? local_bh_enable+0x40/0x40 [ 57.033773] ip_local_deliver_finish+0x6ed/0xd40 [ 57.038539] ip_local_deliver+0x43c/0x4e0 [ 57.042690] ? ip_local_deliver+0x4e0/0x4e0 [ 57.047015] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.052071] ip_rcv_finish+0x1253/0x16d0 [ 57.056139] ip_rcv+0x119d/0x16f0 [ 57.059587] ? ip_rcv+0x16f0/0x16f0 [ 57.063228] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.068243] ? try_to_wake_up+0x1ab2/0x20a0 [ 57.072567] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.078371] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.083306] process_backlog+0x62d/0xe20 [ 57.087374] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.091958] net_rx_action+0x7c1/0x1a70 [ 57.095940] ? net_tx_action+0xab0/0xab0 [ 57.100008] __do_softirq+0x56d/0x93d [ 57.103817] do_softirq_own_stack+0x2a/0x40 [ 57.108130] [ 57.110377] __local_bh_enable_ip+0x114/0x140 [ 57.114881] local_bh_enable+0x36/0x40 [ 57.118765] ip_finish_output2+0x124e/0x1380 [ 57.123183] ip_finish_output+0xcb0/0xff0 [ 57.127337] ip_output+0x502/0x5c0 [ 57.130877] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.135461] ? ip_finish_output+0xff0/0xff0 [ 57.139780] ip_send_skb+0x5f3/0x820 [ 57.143497] ? __ip_local_out+0x5b0/0x5b0 [ 57.147648] ip_push_pending_frames+0x105/0x170 [ 57.152315] raw_sendmsg+0x2960/0x3ed0 [ 57.156219] ? compat_raw_ioctl+0x100/0x100 [ 57.160536] inet_sendmsg+0x48d/0x740 [ 57.164425] ? security_socket_sendmsg+0x9e/0x210 [ 57.169267] ? inet_getname+0x500/0x500 [ 57.173242] SYSC_sendto+0x6c3/0x7e0 [ 57.177049] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.182500] ? prepare_exit_to_usermode+0x149/0x3a0 [ 57.187528] SyS_sendto+0x8a/0xb0 [ 57.190979] do_syscall_64+0x309/0x430 [ 57.194865] ? SYSC_getpeername+0x560/0x560 [ 57.199188] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.204368] RIP: 0033:0x455259 [ 57.207548] RSP: 002b:00007f6b79c60c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.215248] RAX: ffffffffffffffda RBX: 00007f6b79c616d4 RCX: 0000000000455259 [ 57.222516] RDX: 000000000000000c RSI: 0000000020000100 RDI: 0000000000000013 [ 57.229780] RBP: 000000000072bea0 R08: 0000000020000140 R09: 0000000000000010 [ 57.237042] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.244310] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 57.251589] [ 57.253206] Uninit was stored to memory at: [ 57.257533] kmsan_internal_chain_origin+0x12b/0x210 [ 57.262638] kmsan_memcpy_origins+0x11d/0x170 [ 57.267128] __msan_memcpy+0x19f/0x1f0 [ 57.271013] skb_copy_bits+0x63a/0xdb0 [ 57.274900] __pskb_pull_tail+0x483/0x22e0 [ 57.279126] dccp_invalid_packet+0x352/0xf50 [ 57.283513] dccp_v4_rcv+0xf7/0x2630 [ 57.287204] ip_local_deliver_finish+0x6ed/0xd40 [ 57.291936] ip_local_deliver+0x43c/0x4e0 [ 57.296063] ip_rcv_finish+0x1253/0x16d0 [ 57.300106] ip_rcv+0x119d/0x16f0 [ 57.303536] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.308534] process_backlog+0x62d/0xe20 [ 57.312575] net_rx_action+0x7c1/0x1a70 [ 57.316526] __do_softirq+0x56d/0x93d [ 57.320298] Uninit was created at: [ 57.323813] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.328813] kmsan_alloc_page+0x82/0xe0 [ 57.332775] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.337524] alloc_pages_current+0x6b5/0x970 [ 57.341910] skb_page_frag_refill+0x3ba/0x5e0 [ 57.346378] sk_page_frag_refill+0xa4/0x340 [ 57.350681] __ip_append_data+0x107e/0x3d10 [ 57.354992] ip_append_data+0x2fb/0x440 [ 57.358953] raw_sendmsg+0x287b/0x3ed0 [ 57.362838] inet_sendmsg+0x48d/0x740 [ 57.366626] SYSC_sendto+0x6c3/0x7e0 [ 57.370321] SyS_sendto+0x8a/0xb0 [ 57.373752] do_syscall_64+0x309/0x430 [ 57.377626] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.382789] ================================================================== [ 57.390135] Disabling lock debugging due to kernel taint [ 57.395557] Kernel panic - not syncing: panic_on_warn set ... [ 57.395557] [ 57.402898] CPU: 0 PID: 5102 Comm: syz-executor5 Tainted: G B 4.16.0+ #82 [ 57.411017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.420354] Call Trace: [ 57.422913] [ 57.425060] dump_stack+0x185/0x1d0 [ 57.428683] panic+0x39d/0x940 [ 57.431880] ? dccp_invalid_packet+0x3b8/0xf50 [ 57.436453] kmsan_report+0x238/0x240 [ 57.440233] __msan_warning_32+0x6c/0xb0 [ 57.444272] dccp_invalid_packet+0x3b8/0xf50 [ 57.448678] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.453584] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.458500] dccp_v4_rcv+0xf7/0x2630 [ 57.462199] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.467540] ? raw_local_deliver+0x1462/0x1470 [ 57.472102] ? ip_local_deliver_finish+0x4a5/0xd40 [ 57.477010] ? local_bh_enable+0x40/0x40 [ 57.481057] ? local_bh_enable+0x40/0x40 [ 57.485110] ip_local_deliver_finish+0x6ed/0xd40 [ 57.489849] ip_local_deliver+0x43c/0x4e0 [ 57.493981] ? ip_local_deliver+0x4e0/0x4e0 [ 57.498306] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.502629] ip_rcv_finish+0x1253/0x16d0 [ 57.506667] ip_rcv+0x119d/0x16f0 [ 57.510095] ? ip_rcv+0x16f0/0x16f0 [ 57.513702] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.518696] ? try_to_wake_up+0x1ab2/0x20a0 [ 57.523005] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.528790] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.533781] process_backlog+0x62d/0xe20 [ 57.537822] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.542384] net_rx_action+0x7c1/0x1a70 [ 57.546347] ? net_tx_action+0xab0/0xab0 [ 57.550388] __do_softirq+0x56d/0x93d [ 57.554171] do_softirq_own_stack+0x2a/0x40 [ 57.558466] [ 57.560689] __local_bh_enable_ip+0x114/0x140 [ 57.565178] local_bh_enable+0x36/0x40 [ 57.569054] ip_finish_output2+0x124e/0x1380 [ 57.573440] ip_finish_output+0xcb0/0xff0 [ 57.577565] ip_output+0x502/0x5c0 [ 57.581083] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.585642] ? ip_finish_output+0xff0/0xff0 [ 57.589939] ip_send_skb+0x5f3/0x820 [ 57.593627] ? __ip_local_out+0x5b0/0x5b0 [ 57.597754] ip_push_pending_frames+0x105/0x170 [ 57.602406] raw_sendmsg+0x2960/0x3ed0 [ 57.606301] ? compat_raw_ioctl+0x100/0x100 [ 57.610618] inet_sendmsg+0x48d/0x740 [ 57.614405] ? security_socket_sendmsg+0x9e/0x210 [ 57.619226] ? inet_getname+0x500/0x500 [ 57.623175] SYSC_sendto+0x6c3/0x7e0 [ 57.626869] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.632293] ? prepare_exit_to_usermode+0x149/0x3a0 [ 57.637302] SyS_sendto+0x8a/0xb0 [ 57.640747] do_syscall_64+0x309/0x430 [ 57.644622] ? SYSC_getpeername+0x560/0x560 [ 57.648920] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.654091] RIP: 0033:0x455259 [ 57.657267] RSP: 002b:00007f6b79c60c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.664965] RAX: ffffffffffffffda RBX: 00007f6b79c616d4 RCX: 0000000000455259 [ 57.672218] RDX: 000000000000000c RSI: 0000000020000100 RDI: 0000000000000013 [ 57.679463] RBP: 000000000072bea0 R08: 0000000020000140 R09: 0000000000000010 [ 57.686710] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.693961] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 57.701655] Dumping ftrace buffer: [ 57.705168] (ftrace buffer empty) [ 57.708851] Kernel Offset: disabled [ 57.712452] Rebooting in 86400 seconds..