INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
2018/04/07 07:40:24 fuzzer started
2018/04/07 07:40:25 dialing manager at 10.128.0.26:38639
2018/04/07 07:40:31 kcov=true, comps=false
2018/04/07 07:40:34 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000366000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10)
sendto$inet(r0, &(0x7f0000fd0000), 0xfffffffffffffec1, 0x20000801, &(0x7f0000deaff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10)
getsockopt$inet_int(r0, 0x0, 0xe, &(0x7f0000000640), &(0x7f0000000680)=0x4)

2018/04/07 07:40:34 executing program 2:
r0 = socket$inet(0x2, 0x3, 0x400000011)
sendmsg(r0, &(0x7f00000008c0)={&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x10, &(0x7f0000000640), 0x0, &(0x7f0000000700)}, 0x8000)
sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000440)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000680)="f6e676c7b563e65f", 0x8}], 0x1, &(0x7f0000000140)}, 0x20040000)

2018/04/07 07:40:34 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_mr_vif\x00')
preadv(r0, &(0x7f0000000a80)=[{&(0x7f0000001040)=""/4096, 0x1000}], 0x1, 0x0)

2018/04/07 07:40:34 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000080)="2f65786500000000000409004bddd9f191be10eebf000ee9ff0700000000000054fad2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e3332653000000000000")

2018/04/07 07:40:34 executing program 5:

2018/04/07 07:40:34 executing program 4:

2018/04/07 07:40:34 executing program 6:

2018/04/07 07:40:34 executing program 1:
creat(&(0x7f00009e9ff8)='./file0\x00', 0x0)
r0 = open(&(0x7f0000317000)='./file1\x00', 0x400000000040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
rename(&(0x7f0000fdbff8)='./file0\x00', &(0x7f0000887ff8)='./file1\x00')

syzkaller login: [   43.760881] ip (3692) used greatest stack depth: 54672 bytes left
[   45.182378] ip (3828) used greatest stack depth: 54200 bytes left
[   47.293768] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.359777] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.443147] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.504725] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.524599] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.631233] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.645694] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.815768] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   56.182593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.274716] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.386782] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.398137] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.406511] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.518647] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.749308] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.792538] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.960566] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.966944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.977613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.054531] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.060792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.074691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.111978] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.119504] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.149673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.225328] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.231587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.240236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.271750] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.278735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.306634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.328481] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.345437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.379907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.577918] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.584278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.599642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.628380] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.639121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.674229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.183352] ==================================================================
[   58.190767] BUG: KMSAN: uninit-value in __udp4_lib_rcv+0x628/0x4740
[   58.197177] CPU: 0 PID: 4943 Comm: syz-executor2 Not tainted 4.16.0+ #81
[   58.204004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.213353] Call Trace:
[   58.215930]  <IRQ>
[   58.218081]  dump_stack+0x185/0x1d0
[   58.221711]  ? __udp4_lib_rcv+0x628/0x4740
[   58.225943]  kmsan_report+0x142/0x240
[   58.229743]  __msan_warning_32+0x6c/0xb0
[   58.233805]  __udp4_lib_rcv+0x628/0x4740
[   58.237869]  ? raw_local_deliver+0x1462/0x1470
[   58.242454]  udp_rcv+0x5c/0x70
[   58.245641]  ? udp_v4_early_demux+0x1cd0/0x1cd0
[   58.250314]  ip_local_deliver_finish+0x6ed/0xd40
[   58.255071]  ip_local_deliver+0x43c/0x4e0
[   58.259212]  ? ip_local_deliver+0x4e0/0x4e0
[   58.263532]  ? ip_call_ra_chain+0x7b0/0x7b0
[   58.267848]  ip_rcv_finish+0x1253/0x16d0
[   58.271908]  ip_rcv+0x119d/0x16f0
[   58.275354]  ? ip_rcv+0x16f0/0x16f0
[   58.278980]  __netif_receive_skb_core+0x47cf/0x4a80
[   58.283993]  ? kmsan_set_origin_inline+0x6b/0x120
[   58.288831]  ? kmsan_internal_memset_shadow_inline+0xd0/0xd0
[   58.294626]  ? ip_local_deliver_finish+0xd40/0xd40
[   58.299556]  process_backlog+0x62d/0xe20
[   58.303615]  ? rps_trigger_softirq+0x2f0/0x2f0
[   58.308186]  net_rx_action+0x7c1/0x1a70
[   58.312160]  ? net_tx_action+0xab0/0xab0
[   58.316221]  __do_softirq+0x56d/0x93d
[   58.320021]  do_softirq_own_stack+0x2a/0x40
[   58.324327]  </IRQ>
[   58.326566]  __local_bh_enable_ip+0x114/0x140
[   58.331062]  local_bh_enable+0x36/0x40
[   58.334944]  ip_finish_output2+0x124e/0x1380
[   58.339354]  ip_finish_output+0xcb0/0xff0
[   58.343501]  ip_output+0x502/0x5c0
[   58.347035]  ? ip_mc_finish_output+0x3b0/0x3b0
[   58.351619]  ? ip_finish_output+0xff0/0xff0
[   58.355936]  ip_send_skb+0x5f3/0x820
[   58.359644]  ? __ip_local_out+0x5b0/0x5b0
[   58.363791]  ip_push_pending_frames+0x105/0x170
[   58.368459]  raw_sendmsg+0x2960/0x3ed0
[   58.372348]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[   58.377729]  ? compat_raw_ioctl+0x100/0x100
[   58.382049]  inet_sendmsg+0x48d/0x740
[   58.385846]  ? security_socket_sendmsg+0x9e/0x210
[   58.390694]  ? inet_getname+0x500/0x500
[   58.394671]  ___sys_sendmsg+0xec0/0x1310
[   58.398733]  ? __fdget+0x4e/0x60
[   58.402114]  SYSC_sendmsg+0x2a3/0x3d0
[   58.405921]  SyS_sendmsg+0x54/0x80
[   58.409458]  do_syscall_64+0x309/0x430
[   58.413343]  ? ___sys_sendmsg+0x1310/0x1310
[   58.417668]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.422849] RIP: 0033:0x455259
[   58.426027] RSP: 002b:00007f035817fc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
2018/04/07 07:40:51 executing program 3:

2018/04/07 07:40:51 executing program 3:
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000002fc8)={&(0x7f0000010ff4)=@nl=@kern={0x10}, 0x80, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000019007fafb72d1cb2a4a280930a06000000a843dc91052369390009002f000000000000001900050000000000000000081338d54400009b84136ef75afb83de448daa7227c43ab8220000060cec4fab91d4", 0x55}], 0x1, &(0x7f0000002000)}, 0x0)

[   58.433730] RAX: ffffffffffffffda RBX: 00007f03581806d4 RCX: 0000000000455259
[   58.440993] RDX: 0000000020040000 RSI: 00000000200002c0 RDI: 0000000000000013
[   58.448253] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   58.455515] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   58.462774] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000
[   58.470040] 
[   58.471653] Uninit was stored to memory at:
[   58.475977]  kmsan_internal_chain_origin+0x12b/0x210
[   58.481074]  kmsan_memcpy_origins+0x11d/0x170
[   58.485566]  __msan_memcpy+0x19f/0x1f0
[   58.489452]  skb_copy_bits+0x63a/0xdb0
[   58.493338]  __pskb_pull_tail+0x483/0x22e0
[   58.497570]  __udp4_lib_rcv+0x55f/0x4740
[   58.501622]  udp_rcv+0x5c/0x70
[   58.504809]  ip_local_deliver_finish+0x6ed/0xd40
[   58.509558]  ip_local_deliver+0x43c/0x4e0
[   58.513699]  ip_rcv_finish+0x1253/0x16d0
[   58.517753]  ip_rcv+0x119d/0x16f0
[   58.521207]  __netif_receive_skb_core+0x47cf/0x4a80
[   58.526217]  process_backlog+0x62d/0xe20
[   58.530270]  net_rx_action+0x7c1/0x1a70
[   58.534241]  __do_softirq+0x56d/0x93d
[   58.538024] Uninit was created at:
[   58.541558]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   58.546565]  kmsan_alloc_page+0x82/0xe0
[   58.550536]  __alloc_pages_nodemask+0xf5b/0x5dc0
[   58.555289]  alloc_pages_current+0x6b5/0x970
[   58.559709]  skb_page_frag_refill+0x3ba/0x5e0
[   58.564200]  sk_page_frag_refill+0xa4/0x340
[   58.568519]  __ip_append_data+0x107e/0x3d10
[   58.572837]  ip_append_data+0x2fb/0x440
[   58.576812]  raw_sendmsg+0x287b/0x3ed0
[   58.580698]  inet_sendmsg+0x48d/0x740
[   58.584496]  ___sys_sendmsg+0xec0/0x1310
[   58.588551]  SYSC_sendmsg+0x2a3/0x3d0
[   58.592344]  SyS_sendmsg+0x54/0x80
[   58.595880]  do_syscall_64+0x309/0x430
[   58.599765]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.604940] ==================================================================
[   58.612282] Disabling lock debugging due to kernel taint
[   58.617722] Kernel panic - not syncing: panic_on_warn set ...
[   58.617722] 
[   58.625084] CPU: 0 PID: 4943 Comm: syz-executor2 Tainted: G    B            4.16.0+ #81
[   58.633213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.642562] Call Trace:
[   58.645136]  <IRQ>
[   58.647284]  dump_stack+0x185/0x1d0
[   58.650910]  panic+0x39d/0x940
[   58.654119]  ? __udp4_lib_rcv+0x628/0x4740
[   58.658355]  kmsan_report+0x238/0x240
[   58.662158]  __msan_warning_32+0x6c/0xb0
[   58.666214]  __udp4_lib_rcv+0x628/0x4740
[   58.670276]  ? raw_local_deliver+0x1462/0x1470
[   58.674860]  udp_rcv+0x5c/0x70
[   58.678051]  ? udp_v4_early_demux+0x1cd0/0x1cd0
[   58.682718]  ip_local_deliver_finish+0x6ed/0xd40
[   58.687470]  ip_local_deliver+0x43c/0x4e0
[   58.691618]  ? ip_local_deliver+0x4e0/0x4e0
[   58.695938]  ? ip_call_ra_chain+0x7b0/0x7b0
[   58.700259]  ip_rcv_finish+0x1253/0x16d0
[   58.704322]  ip_rcv+0x119d/0x16f0
[   58.707771]  ? ip_rcv+0x16f0/0x16f0
[   58.711416]  __netif_receive_skb_core+0x47cf/0x4a80
[   58.716434]  ? kmsan_set_origin_inline+0x6b/0x120
[   58.721278]  ? kmsan_internal_memset_shadow_inline+0xd0/0xd0
[   58.727081]  ? ip_local_deliver_finish+0xd40/0xd40
[   58.732008]  process_backlog+0x62d/0xe20
[   58.736077]  ? rps_trigger_softirq+0x2f0/0x2f0
[   58.740657]  net_rx_action+0x7c1/0x1a70
[   58.744641]  ? net_tx_action+0xab0/0xab0
[   58.748721]  __do_softirq+0x56d/0x93d
[   58.752527]  do_softirq_own_stack+0x2a/0x40
[   58.756837]  </IRQ>
[   58.759072]  __local_bh_enable_ip+0x114/0x140
[   58.763610]  local_bh_enable+0x36/0x40
[   58.767493]  ip_finish_output2+0x124e/0x1380
[   58.771904]  ip_finish_output+0xcb0/0xff0
[   58.776054]  ip_output+0x502/0x5c0
[   58.779591]  ? ip_mc_finish_output+0x3b0/0x3b0
[   58.784175]  ? ip_finish_output+0xff0/0xff0
[   58.788492]  ip_send_skb+0x5f3/0x820
[   58.792211]  ? __ip_local_out+0x5b0/0x5b0
[   58.796358]  ip_push_pending_frames+0x105/0x170
[   58.801025]  raw_sendmsg+0x2960/0x3ed0
[   58.804923]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[   58.810309]  ? compat_raw_ioctl+0x100/0x100
[   58.814626]  inet_sendmsg+0x48d/0x740
[   58.818424]  ? security_socket_sendmsg+0x9e/0x210
[   58.823265]  ? inet_getname+0x500/0x500
[   58.827231]  ___sys_sendmsg+0xec0/0x1310
[   58.831293]  ? __fdget+0x4e/0x60
[   58.834660]  SYSC_sendmsg+0x2a3/0x3d0
[   58.838469]  SyS_sendmsg+0x54/0x80
[   58.842005]  do_syscall_64+0x309/0x430
[   58.845897]  ? ___sys_sendmsg+0x1310/0x1310
[   58.850224]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.855403] RIP: 0033:0x455259
[   58.858585] RSP: 002b:00007f035817fc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.866286] RAX: ffffffffffffffda RBX: 00007f03581806d4 RCX: 0000000000455259
[   58.873552] RDX: 0000000020040000 RSI: 00000000200002c0 RDI: 0000000000000013
[   58.880817] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   58.888083] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   58.895341] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000
[   58.903072] Dumping ftrace buffer:
[   58.906589]    (ftrace buffer empty)
[   58.910267] Kernel Offset: disabled
[   58.913864] Rebooting in 86400 seconds..