INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts.
2018/04/07 04:17:03 fuzzer started
2018/04/07 04:17:04 dialing manager at 10.128.0.26:38639
2018/04/07 04:17:10 kcov=true, comps=false
2018/04/07 04:17:12 executing program 0:
r0 = socket$inet(0x2, 0x1, 0x0)
socket$packet(0x11, 0x2, 0x300)
r1 = dup(r0)
bind$inet(r0, &(0x7f000012e000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000e9bff0)={0x1, &(0x7f0000f07000)=[{0x6, 0x0, 0x0, 0x101}]}, 0x10)
connect$inet(r0, &(0x7f0000987000)={0x2, 0x4e23}, 0x10)
sendto$inet(r0, &(0x7f00002e8f1e)="96427feebcc603c266d2a2c2da2644124066d6c52746a66fd07a4a9370b924b494651c3febca0be535e0f30bbafe65b8b859d6696b208f558b002bbc2366429da28cdb97727474f32fcce772ce439a1b5785bb74b8040705191a3d28e775b402a04cdf7881cf1c80eb042835db0e8c24fd0e3c0f396da612f44d9999de32f883521dfa4593a5772e19b5c0c27ace555870d7fe3a1819c614a8d9447cfa592c236d96bf255bf3966b0c1c34711ce489df2032a31902ae0742b79d7334ef248790fa0e3787e4b945215cddc03c4f384e6815bab43d34b8c04eb06ff00f10743a0e25f6", 0xe2, 0x0, &(0x7f0000848ff0)={0x2, 0x0, @dev={0xac, 0x14}}, 0x10)
sendto$inet(r0, &(0x7f0000000080)="000ebcbc90d268c8865657b9dd172cdb94265651a0a75e3b6e2787cacb1ac5c5b55bff0635c7b11450593b7e4ae07265aedd269765b6e01d36df15dc17369ffc6f69b22d7c7bfa2d69962a85367a544bdb7c1221a6733f8de90df0576dfe534b9876fae7feb95ef0fb1f0175c66dba2198f3b1d57ddcd7fbf7d76a526d1526e2b202b1d5d510d2efe3630fcc9d4a0b2dcf5dccf48e21f8c4252c60e05ce718433bd4787cbea93c214f05cdfd6fd423ef3a1d766511f1ae3c2f09527d61acbf65e2", 0xc1, 0x1, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000266ffc), 0x4)
shutdown(r1, 0x1)
recvmmsg(r1, &(0x7f0000003540)=[{{&(0x7f0000000a80)=@nfc_llcp, 0x80, &(0x7f0000001dc0)=[{&(0x7f0000000dc0)=""/4096, 0x1000}], 0x1, &(0x7f0000001e00)=""/57, 0x39}}], 0x1, 0x100, &(0x7f0000003640))

2018/04/07 04:17:12 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)="2f6578650000001c03f3")
fgetxattr(r0, &(0x7f00000000c0)=@known='user.syz\x00', &(0x7f0000000000), 0x0)

2018/04/07 04:17:12 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stack\x00')
readv(r0, &(0x7f0000000580)=[{&(0x7f0000000400)=""/250, 0xfa}], 0x1000000000000181)

2018/04/07 04:17:12 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
syslog(0x3, &(0x7f0000000040)=""/4096, 0xfda2)

2018/04/07 04:17:12 executing program 3:

2018/04/07 04:17:12 executing program 4:
futex(&(0x7f000000cffc)=0x1, 0x800400000006, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0x5, 0x0, &(0x7f0000000000)={0x0, 0x1c9c380}, &(0x7f0000060ffc), 0x0)

2018/04/07 04:17:12 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a45320, &(0x7f0000aef9f9)={{0x80}, "706f7274310000004000000000000000000000d600fffffff00000000000000000000000000000000000000700", 0xfffffffff7fffffd, 0x3})
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a45320, &(0x7f0000385f58)={{0x80}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7})

2018/04/07 04:17:12 executing program 6:
r0 = socket$inet(0x2, 0x4000000805, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = dup3(r0, r1, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback=0x7f000001}], 0x10)
sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000000)=0x4, 0x4)
recvmsg(r2, &(0x7f0000001400)={&(0x7f0000000040)=@ethernet={0x0, @dev}, 0x80, &(0x7f00000012c0), 0x0, &(0x7f0000001300)=""/202, 0xca}, 0x40010002)

syzkaller login: [   44.260623] ip (3782) used greatest stack depth: 54672 bytes left
[   44.306869] ip (3787) used greatest stack depth: 54408 bytes left
[   45.513008] ip (3905) used greatest stack depth: 54200 bytes left
[   47.506547] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.592736] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.712877] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.738143] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.828544] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.844882] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.879739] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.084568] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   56.321481] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.400633] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.565103] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.575428] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.625131] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.765985] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.860195] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.909224] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.074384] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.080673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.089848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.161015] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.167338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.175964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.198323] ip (4917) used greatest stack depth: 53976 bytes left
[   57.353910] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.360177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.370111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.413538] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.423737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.435726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.467910] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.476401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.489572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.535840] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.542389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.554355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.775911] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.782172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.791906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.828643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.838077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.886429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/07 04:17:29 executing program 1:
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a45320, &(0x7f0000aef9f9)={{0x80}, "706f7274310000004000000000000000000000d600fffffff00000000000000000000000000000000000000700", 0xfffffffff7fffffd})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x2, 0x0)

[   58.529926] ==================================================================
[   58.537325] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0
[   58.544077] CPU: 0 PID: 5036 Comm: syz-executor7 Not tainted 4.16.0+ #81
[   58.550906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.560249] Call Trace:
[   58.562843]  dump_stack+0x185/0x1d0
[   58.566484]  ? kernel_text_address+0x248/0x3a0
[   58.571066]  kmsan_report+0x142/0x240
[   58.574876]  __msan_warning_32+0x6c/0xb0
[   58.578944]  kernel_text_address+0x248/0x3a0
[   58.583353]  ? __schedule+0x674/0x730
[   58.587155]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   58.592519]  ? __schedule+0x674/0x730
[   58.596326]  __kernel_text_address+0x34/0xe0
[   58.600727]  ? __schedule+0x674/0x730
[   58.604532]  unwind_get_return_address+0x8c/0x130
[   58.609377]  __save_stack_trace+0x45c/0xa80
[   58.613702]  ? __schedule+0x674/0x730
[   58.617501]  ? __msan_poison_alloca+0x15c/0x1d0
[   58.622174]  ? save_stack_trace_tsk+0x58/0x2f0
[   58.626759]  save_stack_trace_tsk+0x258/0x2f0
[   58.631258]  proc_pid_stack+0x26a/0x470
[   58.635236]  proc_single_show+0x1af/0x300
[   58.639381]  ? proc_pid_wchan+0x250/0x250
[   58.643532]  ? proc_single_open+0x90/0x90
[   58.647682]  seq_read+0xc7d/0x2260
[   58.651238]  do_iter_read+0x880/0xd70
[   58.655047]  ? seq_open+0x360/0x360
[   58.658674]  do_readv+0x295/0x5f0
[   58.662136]  ? syscall_return_slowpath+0xe9/0x700
[   58.666979]  SYSC_readv+0x9b/0xb0
[   58.670440]  SyS_readv+0x56/0x80
[   58.673804]  do_syscall_64+0x309/0x430
[   58.677695]  ? vfs_readv+0x260/0x260
[   58.681411]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.686594] RIP: 0033:0x455259
[   58.689777] RSP: 002b:00007f9f7e771c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[   58.697485] RAX: ffffffffffffffda RBX: 00007f9f7e7726d4 RCX: 0000000000455259
[   58.704759] RDX: 1000000000000181 RSI: 0000000020000580 RDI: 0000000000000013
[   58.712025] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   58.719288] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
2018/04/07 04:17:29 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x4)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000200)="5800000014001900f8ff4b41040d875602ff03000000e076489643d818fe58a2bc4a0381001dfffffff8ee11ed9e246cff0000000006007fffdd1000174100005bffff001ce1ed900000080082a4000000060200231be86e", 0x58}], 0x1)

[   58.726550] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000000
[   58.733813] 
[   58.735429] Uninit was stored to memory at:
[   58.739748]  kmsan_internal_chain_origin+0x12b/0x210
[   58.744853]  __msan_chain_origin+0x69/0xc0
[   58.749095]  update_stack_state+0x959/0xa40
[   58.753418]  __unwind_start+0x335/0x630
[   58.757394]  __save_stack_trace+0x3e1/0xa80
[   58.761717]  save_stack_trace_tsk+0x258/0x2f0
[   58.766211]  proc_pid_stack+0x26a/0x470
[   58.770181]  proc_single_show+0x1af/0x300
[   58.774330]  seq_read+0xc7d/0x2260
2018/04/07 04:17:29 executing program 1:
openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798007439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a36dca30d55e4fda59435fe1fd4262d165a6ccb3f75372e1842ce015e10aad2f3479389f8ec7abe08a38776073709fb20b39b17e9fec21147cdd6390442436826385cb97f04dadc3393024b97b203b3e121d3c67c593ee9f0787a405a1d3ec1935bee8a24cb2123e4a0b98b88796b1311ea4c0dc94e61fcf4a1090f4c360818abd0dd134ae391fe99cf200991798d0cc90367c4ee08ae49075dd74dad19937e51e0812cefa80333d3ad38d5cf07a63513")
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000080)={0x0, &(0x7f0000000040)})

[   58.777874]  do_iter_read+0x880/0xd70
[   58.781673]  do_readv+0x295/0x5f0
[   58.785125]  SYSC_readv+0x9b/0xb0
[   58.788583]  SyS_readv+0x56/0x80
[   58.791941]  do_syscall_64+0x309/0x430
[   58.795827]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.801009] Local variable description: ----oc.i.i@__alloc_pages_nodemask
[   58.807923] Variable was created at:
[   58.811640]  __alloc_pages_nodemask+0x10f/0x5dc0
[   58.816390]  alloc_pages_vma+0xcc8/0x1800
[   58.820524] ==================================================================
2018/04/07 04:17:29 executing program 1:
r0 = semget$private(0x0, 0x7, 0x0)
r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$assume_authority(0x10, r1)
unshare(0x40000)
semtimedop(r0, &(0x7f00000a8000)=[{0x3, 0xfffffffffffffff9, 0x1000}], 0x1, &(0x7f0000efe000)={0x2000})
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000003000)=[0x0, 0x0, 0x0, 0x7fff])
semtimedop(r0, &(0x7f0000000040)=[{0x3, 0x1}], 0x1, &(0x7f0000000080)={0x0, 0x1c9c380})
unshare(0x40600)

[   58.827879] Disabling lock debugging due to kernel taint
[   58.833322] Kernel panic - not syncing: panic_on_warn set ...
[   58.833322] 
[   58.840689] CPU: 0 PID: 5036 Comm: syz-executor7 Tainted: G    B            4.16.0+ #81
[   58.848824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.858170] Call Trace:
[   58.860752]  dump_stack+0x185/0x1d0
[   58.864373]  panic+0x39d/0x940
[   58.867583]  ? kernel_text_address+0x248/0x3a0
[   58.872160]  kmsan_report+0x238/0x240
[   58.875957]  __msan_warning_32+0x6c/0xb0
[   58.880019]  kernel_text_address+0x248/0x3a0
[   58.884423]  ? __schedule+0x674/0x730
[   58.888223]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   58.893589]  ? __schedule+0x674/0x730
[   58.897397]  __kernel_text_address+0x34/0xe0
[   58.901805]  ? __schedule+0x674/0x730
[   58.905608]  unwind_get_return_address+0x8c/0x130
[   58.910452]  __save_stack_trace+0x45c/0xa80
[   58.914772]  ? __schedule+0x674/0x730
[   58.918582]  ? __msan_poison_alloca+0x15c/0x1d0
[   58.923257]  ? save_stack_trace_tsk+0x58/0x2f0
[   58.927843]  save_stack_trace_tsk+0x258/0x2f0
[   58.932350]  proc_pid_stack+0x26a/0x470
[   58.936330]  proc_single_show+0x1af/0x300
[   58.940473]  ? proc_pid_wchan+0x250/0x250
[   58.944615]  ? proc_single_open+0x90/0x90
[   58.948755]  seq_read+0xc7d/0x2260
[   58.952301]  do_iter_read+0x880/0xd70
[   58.956574]  ? seq_open+0x360/0x360
[   58.960200]  do_readv+0x295/0x5f0
[   58.963661]  ? syscall_return_slowpath+0xe9/0x700
[   58.968507]  SYSC_readv+0x9b/0xb0
[   58.971962]  SyS_readv+0x56/0x80
[   58.975326]  do_syscall_64+0x309/0x430
[   58.979215]  ? vfs_readv+0x260/0x260
[   58.982932]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.988115] RIP: 0033:0x455259
[   58.991294] RSP: 002b:00007f9f7e771c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[   58.998999] RAX: ffffffffffffffda RBX: 00007f9f7e7726d4 RCX: 0000000000455259
[   59.006266] RDX: 1000000000000181 RSI: 0000000020000580 RDI: 0000000000000013
[   59.013532] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   59.020798] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   59.028059] R13: 000000000000048c R14: 00000000006f9dc0 R15: 0000000000000000
[   59.035769] Dumping ftrace buffer:
[   59.039288]    (ftrace buffer empty)
[   59.042968] Kernel Offset: disabled
[   59.046567] Rebooting in 86400 seconds..