INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. 2018/04/10 08:14:46 fuzzer started 2018/04/10 08:14:46 dialing manager at 10.128.0.26:36427 2018/04/10 08:14:52 kcov=true, comps=false 2018/04/10 08:14:55 executing program 0: 2018/04/10 08:14:55 executing program 1: 2018/04/10 08:14:55 executing program 7: 2018/04/10 08:14:55 executing program 4: 2018/04/10 08:14:55 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000270031030009f8aea00c0000070000000000000000"], 0x1}, 0x1}, 0x0) 2018/04/10 08:14:55 executing program 3: unshare(0x60000000) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00', 0x0}) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000002b80)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_IFNAME={0x14, 0x3, 'ip6_vti0\x00'}]}, 0x34}, 0x1}, 0x0) 2018/04/10 08:14:55 executing program 5: r0 = socket$inet(0x2, 0x3, 0x21) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x8000, &(0x7f0000000040)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) sendto$inet(r0, &(0x7f0000000140)="d57949f20aed318be0a4049246fc645973f7b0da9642acf3db9caae9d2ac663657e17d3fc776580e36fab463658f92b8", 0x30, 0x0, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) 2018/04/10 08:14:55 executing program 6: syz_emit_ethernet(0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd606efbff003011000000000000000000000000000000010000000000000000000000ffffffffffff01009078000000006087052b000000000000000000000000000000000000000000000000000000000000ffffac1414aac6da32122d7d42811c63885588d840aed733b06e08bdc690484c7c453cf6a921d15c2c04540f9b9477a697ca85d229fe55e41b9e5f3abdf265d1c71ad91b93b3b1b4a398a762562917aabbfe6a2ec4c5af47345a65132512ae4d94db4b0c146eae"], &(0x7f0000000540)) syzkaller login: [ 41.690626] ip (3744) used greatest stack depth: 54672 bytes left [ 43.151503] ip (3880) used greatest stack depth: 54544 bytes left [ 43.205920] ip (3883) used greatest stack depth: 54200 bytes left [ 44.688859] ip (4015) used greatest stack depth: 53976 bytes left [ 45.352553] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.381230] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.474256] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.515394] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.592173] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.682343] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.799969] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.992099] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.156972] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.334204] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.439126] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.469907] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.545546] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.672918] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.713496] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.954008] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.973072] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.979285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.997747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.085421] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.091699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.106639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.218904] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.225163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.235596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.266832] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.274296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.286622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.313729] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.320243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.344688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.558766] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.565159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.576179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.605542] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.611787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.622641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.713858] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.720230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.730627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/10 08:15:12 executing program 4: syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x709000)=nil, 0x709000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) [ 56.659364] ================================================================== [ 56.666781] BUG: KMSAN: uninit-value in dccp_invalid_packet+0x3b8/0xf50 [ 56.673534] CPU: 1 PID: 5051 Comm: syz-executor5 Not tainted 4.16.0+ #82 [ 56.680540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.689887] Call Trace: [ 56.692461] [ 56.694616] dump_stack+0x185/0x1d0 [ 56.698245] ? dccp_invalid_packet+0x3b8/0xf50 [ 56.702825] kmsan_report+0x142/0x240 [ 56.706631] __msan_warning_32+0x6c/0xb0 [ 56.710693] dccp_invalid_packet+0x3b8/0xf50 [ 56.715104] ? ip_local_deliver_finish+0x6ed/0xd40 [ 56.720033] ? ip_local_deliver_finish+0x6ed/0xd40 [ 56.724964] dccp_v4_rcv+0xf7/0x2630 [ 56.728680] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 56.734042] ? raw_local_deliver+0x1462/0x1470 [ 56.738625] ? ip_local_deliver_finish+0x4a5/0xd40 [ 56.743548] ? local_bh_enable+0x40/0x40 [ 56.747609] ? local_bh_enable+0x40/0x40 [ 56.751669] ip_local_deliver_finish+0x6ed/0xd40 [ 56.756429] ip_local_deliver+0x43c/0x4e0 [ 56.760576] ? ip_local_deliver+0x4e0/0x4e0 [ 56.764902] ? ip_call_ra_chain+0x7b0/0x7b0 [ 56.769219] ip_rcv_finish+0x1253/0x16d0 [ 56.773284] ip_rcv+0x119d/0x16f0 [ 56.776738] ? ip_rcv+0x16f0/0x16f0 [ 56.780372] __netif_receive_skb_core+0x47cf/0x4a80 [ 56.785390] ? kmsan_set_origin_inline+0x6b/0x120 [ 56.790235] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 56.796035] ? ip_local_deliver_finish+0xd40/0xd40 [ 56.800966] process_backlog+0x62d/0xe20 [ 56.805036] ? rps_trigger_softirq+0x2f0/0x2f0 [ 56.809613] net_rx_action+0x7c1/0x1a70 [ 56.813590] ? net_tx_action+0xab0/0xab0 [ 56.817651] __do_softirq+0x56d/0x93d [ 56.821453] do_softirq_own_stack+0x2a/0x40 [ 56.825760] [ 56.828000] __local_bh_enable_ip+0x114/0x140 [ 56.832496] local_bh_enable+0x36/0x40 [ 56.836382] ip_finish_output2+0x124e/0x1380 [ 56.840799] ip_finish_output+0xcb0/0xff0 [ 56.844952] ip_output+0x502/0x5c0 [ 56.848492] ? ip_mc_finish_output+0x3b0/0x3b0 [ 56.853077] ? ip_finish_output+0xff0/0xff0 [ 56.857393] ip_send_skb+0x5f3/0x820 [ 56.861105] ? __ip_local_out+0x5b0/0x5b0 [ 56.865260] ip_push_pending_frames+0x105/0x170 [ 56.869934] raw_sendmsg+0x2960/0x3ed0 [ 56.873837] ? compat_raw_ioctl+0x100/0x100 [ 56.878151] inet_sendmsg+0x48d/0x740 [ 56.881944] ? security_socket_sendmsg+0x9e/0x210 [ 56.886788] ? inet_getname+0x500/0x500 [ 56.890759] SYSC_sendto+0x6c3/0x7e0 [ 56.894477] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 56.899920] ? prepare_exit_to_usermode+0x149/0x3a0 [ 56.904948] SyS_sendto+0x8a/0xb0 [ 56.908411] do_syscall_64+0x309/0x430 [ 56.912301] ? SYSC_getpeername+0x560/0x560 [ 56.916615] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.921784] RIP: 0033:0x455259 [ 56.924950] RSP: 002b:00007f154e36ec68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 56.932634] RAX: ffffffffffffffda RBX: 00007f154e36f6d4 RCX: 0000000000455259 [ 56.939877] RDX: 0000000000000030 RSI: 0000000020000140 RDI: 0000000000000013 [ 56.947139] RBP: 000000000072bea0 R08: 0000000020000000 R09: 0000000000000010 [ 56.954392] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 56.961634] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 56.968882] [ 56.970483] Uninit was stored to memory at: [ 56.974786] kmsan_internal_chain_origin+0x12b/0x210 [ 56.979862] kmsan_memcpy_origins+0x11d/0x170 [ 56.984333] __msan_memcpy+0x19f/0x1f0 [ 56.988197] skb_copy_bits+0x63a/0xdb0 [ 56.992063] __pskb_pull_tail+0x483/0x22e0 [ 56.996272] dccp_invalid_packet+0x352/0xf50 [ 57.000651] dccp_v4_rcv+0xf7/0x2630 [ 57.004338] ip_local_deliver_finish+0x6ed/0xd40 [ 57.009065] ip_local_deliver+0x43c/0x4e0 [ 57.013187] ip_rcv_finish+0x1253/0x16d0 [ 57.017220] ip_rcv+0x119d/0x16f0 [ 57.020649] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.025636] process_backlog+0x62d/0xe20 [ 57.029669] net_rx_action+0x7c1/0x1a70 [ 57.033617] __do_softirq+0x56d/0x93d [ 57.037385] Uninit was created at: [ 57.040906] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.045903] kmsan_alloc_page+0x82/0xe0 [ 57.049855] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.054586] alloc_pages_current+0x6b5/0x970 [ 57.058968] skb_page_frag_refill+0x3ba/0x5e0 [ 57.063435] sk_page_frag_refill+0xa4/0x340 [ 57.067734] __ip_append_data+0x107e/0x3d10 [ 57.072037] ip_append_data+0x2fb/0x440 [ 57.075994] raw_sendmsg+0x287b/0x3ed0 [ 57.079862] inet_sendmsg+0x48d/0x740 [ 57.083639] SYSC_sendto+0x6c3/0x7e0 [ 57.087326] SyS_sendto+0x8a/0xb0 [ 57.090755] do_syscall_64+0x309/0x430 [ 57.094623] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.099792] ================================================================== [ 57.107126] Disabling lock debugging due to kernel taint [ 57.112548] Kernel panic - not syncing: panic_on_warn set ... [ 57.112548] [ 57.119888] CPU: 1 PID: 5051 Comm: syz-executor5 Tainted: G B 4.16.0+ #82 [ 57.128001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.137335] Call Trace: [ 57.139892] [ 57.142029] dump_stack+0x185/0x1d0 [ 57.145640] panic+0x39d/0x940 [ 57.148816] ? dccp_invalid_packet+0x3b8/0xf50 [ 57.153376] kmsan_report+0x238/0x240 [ 57.157153] __msan_warning_32+0x6c/0xb0 [ 57.161189] dccp_invalid_packet+0x3b8/0xf50 [ 57.165575] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.170478] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.175389] dccp_v4_rcv+0xf7/0x2630 [ 57.179079] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.184870] ? raw_local_deliver+0x1462/0x1470 [ 57.189436] ? ip_local_deliver_finish+0x4a5/0xd40 [ 57.194341] ? local_bh_enable+0x40/0x40 [ 57.198378] ? local_bh_enable+0x40/0x40 [ 57.202414] ip_local_deliver_finish+0x6ed/0xd40 [ 57.207145] ip_local_deliver+0x43c/0x4e0 [ 57.211268] ? ip_local_deliver+0x4e0/0x4e0 [ 57.215565] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.219861] ip_rcv_finish+0x1253/0x16d0 [ 57.223900] ip_rcv+0x119d/0x16f0 [ 57.227330] ? ip_rcv+0x16f0/0x16f0 [ 57.230946] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.235939] ? kmsan_set_origin_inline+0x6b/0x120 [ 57.240756] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.246536] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.251441] process_backlog+0x62d/0xe20 [ 57.255484] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.260045] net_rx_action+0x7c1/0x1a70 [ 57.264003] ? net_tx_action+0xab0/0xab0 [ 57.268051] __do_softirq+0x56d/0x93d [ 57.271842] do_softirq_own_stack+0x2a/0x40 [ 57.276137] [ 57.278352] __local_bh_enable_ip+0x114/0x140 [ 57.282826] local_bh_enable+0x36/0x40 [ 57.286697] ip_finish_output2+0x124e/0x1380 [ 57.291085] ip_finish_output+0xcb0/0xff0 [ 57.295221] ip_output+0x502/0x5c0 [ 57.298739] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.303299] ? ip_finish_output+0xff0/0xff0 [ 57.307594] ip_send_skb+0x5f3/0x820 [ 57.311283] ? __ip_local_out+0x5b0/0x5b0 [ 57.315409] ip_push_pending_frames+0x105/0x170 [ 57.320059] raw_sendmsg+0x2960/0x3ed0 [ 57.323933] ? compat_raw_ioctl+0x100/0x100 [ 57.328229] inet_sendmsg+0x48d/0x740 [ 57.332015] ? security_socket_sendmsg+0x9e/0x210 [ 57.336844] ? inet_getname+0x500/0x500 [ 57.340793] SYSC_sendto+0x6c3/0x7e0 [ 57.344487] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.349914] ? prepare_exit_to_usermode+0x149/0x3a0 [ 57.354909] SyS_sendto+0x8a/0xb0 [ 57.358341] do_syscall_64+0x309/0x430 [ 57.362399] ? SYSC_getpeername+0x560/0x560 [ 57.366700] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.371866] RIP: 0033:0x455259 [ 57.375035] RSP: 002b:00007f154e36ec68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.382720] RAX: ffffffffffffffda RBX: 00007f154e36f6d4 RCX: 0000000000455259 [ 57.390058] RDX: 0000000000000030 RSI: 0000000020000140 RDI: 0000000000000013 [ 57.397305] RBP: 000000000072bea0 R08: 0000000020000000 R09: 0000000000000010 [ 57.404561] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.411810] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 57.419566] Dumping ftrace buffer: [ 57.423083] (ftrace buffer empty) [ 57.426764] Kernel Offset: disabled [ 57.430366] Rebooting in 86400 seconds..