INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2018/04/09 18:48:19 fuzzer started 2018/04/09 18:48:19 dialing manager at 10.128.0.26:38911 2018/04/09 18:48:26 kcov=true, comps=false 2018/04/09 18:48:29 executing program 0: 2018/04/09 18:48:29 executing program 2: r0 = add_key$keyring(&(0x7f0000000900)='keyring\x00', &(0x7f0000000940)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$set_timeout(0xf, r0, 0x0) 2018/04/09 18:48:29 executing program 7: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00002e9000)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00002c2000)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, 0x1, 0x1, [{{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}]}, 0x110) 2018/04/09 18:48:29 executing program 1: mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_mount_image$minix(&(0x7f0000000000)='minix\x00', &(0x7f0000000100)='./file0\x00', 0x4000, 0x1, &(0x7f0000000200)=[{&(0x7f0000000040)="200010000500010005000000001c08108f13", 0x12, 0x400}], 0x0, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) 2018/04/09 18:48:29 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x4000000000002}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1c) 2018/04/09 18:48:29 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000400000084) bind$inet6(r0, &(0x7f00001c1000)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f00009f1000)='G', 0x1, 0x0, &(0x7f0000108fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f000098effc), 0x4) writev(r0, &(0x7f00007f2000)=[{&(0x7f0000001f40)="b6b23ebe2094b6c296b7f43c2ff9cec9a414ac8ab00820fbde9a0f4a1bd2773a23ca881cb2b8f6f7676ec3e23411c9a7b90c0d98413505ae48a6f9680b3b1c7d9d2083981adb57cc49d7c44eb888269d5ddad8a8ece4937a8c1bd5f6d54eb2fee4344a60a71f21a02b71241caa5bfb30ef20735987815557dd0712275e1cab0562f6e71d00f07d832fff291844ad8c73a6b27652f46020e42eebd5fd185751187d8455017d6e42c6492f282d3fcea50ef7e26862684165a175a262d5fdb1562a9dd53028ed11564d449b40c3dc6e1500aff5eb7c7ac29b27bcac0249c746425160e164ce64e5180f5b19b180bfa5a14ff6d6bac621a1723ffe9dbd05f91bed6ffd9ba2ca0ea7f3eca738786c6cf9be08976ab48f5ce579d5053ef537ba15f9ca286ef72995", 0x125}], 0x1) read(r0, &(0x7f0000000380)=""/178, 0xb2) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000300)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000003f80)=""/4096, 0x1000}], 0x1}, 0x0) 2018/04/09 18:48:29 executing program 5: r0 = socket$inet(0x2, 0x3, 0x21) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x8000, &(0x7f0000000040)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) sendto$inet(r0, &(0x7f0000000100)="d57949f20aed318be0a40492", 0xc, 0x0, &(0x7f00000000c0)={0x2, 0x3, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) 2018/04/09 18:48:29 executing program 6: io_setup(0xba, &(0x7f0000000000)=0x0) r1 = socket(0x2, 0x803, 0xff) connect$inet(r1, &(0x7f0000000100)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) io_submit(r0, 0x1, &(0x7f00000001c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000200)}]) syzkaller login: [ 41.538877] ip (3687) used greatest stack depth: 54672 bytes left [ 41.890083] ip (3716) used greatest stack depth: 54408 bytes left [ 42.259177] ip (3747) used greatest stack depth: 54104 bytes left [ 45.131438] ip (3997) used greatest stack depth: 53976 bytes left [ 45.402214] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.419346] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.532831] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.582599] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.591234] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.738525] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.757131] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.888609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.728825] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.839341] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.848788] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.941264] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.122328] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.133833] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.160704] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.288579] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.531204] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.540180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.563681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.637266] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.643641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.654625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.688734] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.704432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.738800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.761908] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.779751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.820391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.915357] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.921700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.935707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.984645] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.998423] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.005278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.028688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.071534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.105842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.134954] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.151756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.176413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.176943] ================================================================== [ 57.184392] BUG: KMSAN: uninit-value in dccp_invalid_packet+0x3b8/0xf50 [ 57.191173] CPU: 0 PID: 5002 Comm: syz-executor5 Not tainted 4.16.0+ #82 [ 57.198025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.207400] Call Trace: [ 57.209988] [ 57.212166] dump_stack+0x185/0x1d0 [ 57.215813] ? dccp_invalid_packet+0x3b8/0xf50 [ 57.220419] kmsan_report+0x142/0x240 [ 57.224249] __msan_warning_32+0x6c/0xb0 [ 57.228339] dccp_invalid_packet+0x3b8/0xf50 [ 57.232774] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.237968] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.242924] dccp_v4_rcv+0xf7/0x2630 [ 57.246669] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.252057] ? raw_local_deliver+0x1462/0x1470 [ 57.256667] ? ip_local_deliver_finish+0x4a5/0xd40 [ 57.261612] ? local_bh_enable+0x40/0x40 [ 57.265686] ? local_bh_enable+0x40/0x40 [ 57.269761] ip_local_deliver_finish+0x6ed/0xd40 [ 57.274533] ip_local_deliver+0x43c/0x4e0 [ 57.278699] ? ip_local_deliver+0x4e0/0x4e0 [ 57.283044] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.287393] ip_rcv_finish+0x1253/0x16d0 [ 57.291476] ip_rcv+0x119d/0x16f0 [ 57.294946] ? ip_rcv+0x16f0/0x16f0 [ 57.298690] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.303729] ? try_to_wake_up+0x1ab2/0x20a0 [ 57.308073] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.313902] ? nfs_file_direct_write+0x1627/0x28f0 [ 57.318852] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.323897] process_backlog+0x62d/0xe20 [ 57.327980] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.332589] net_rx_action+0x7c1/0x1a70 [ 57.336688] ? net_tx_action+0xab0/0xab0 [ 57.340771] __do_softirq+0x56d/0x93d [ 57.344591] do_softirq_own_stack+0x2a/0x40 [ 57.349374] [ 57.351638] __local_bh_enable_ip+0x114/0x140 [ 57.356180] local_bh_enable+0x36/0x40 [ 57.360078] ip_finish_output2+0x124e/0x1380 [ 57.364502] ip_finish_output+0xcb0/0xff0 [ 57.368665] ip_output+0x502/0x5c0 [ 57.372213] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.376808] ? ip_finish_output+0xff0/0xff0 [ 57.381141] ip_send_skb+0x5f3/0x820 [ 57.384864] ? __ip_local_out+0x5b0/0x5b0 [ 57.389034] ip_push_pending_frames+0x105/0x170 [ 57.393725] raw_sendmsg+0x2960/0x3ed0 [ 57.397639] ? compat_raw_ioctl+0x100/0x100 [ 57.401970] inet_sendmsg+0x48d/0x740 [ 57.405792] ? security_socket_sendmsg+0x9e/0x210 [ 57.410648] ? inet_getname+0x500/0x500 [ 57.414629] SYSC_sendto+0x6c3/0x7e0 [ 57.418359] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.423810] ? prepare_exit_to_usermode+0x149/0x3a0 [ 57.428850] SyS_sendto+0x8a/0xb0 [ 57.432307] do_syscall_64+0x309/0x430 [ 57.436205] ? SYSC_getpeername+0x560/0x560 [ 57.440524] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.445705] RIP: 0033:0x455259 [ 57.448886] RSP: 002b:00007fdde9779c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.456599] RAX: ffffffffffffffda RBX: 00007fdde977a6d4 RCX: 0000000000455259 [ 57.463859] RDX: 000000000000000c RSI: 0000000020000100 RDI: 0000000000000013 [ 57.471119] RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000010 [ 57.478379] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.485639] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 57.492985] [ 57.494598] Uninit was stored to memory at: [ 57.498917] kmsan_internal_chain_origin+0x12b/0x210 [ 57.504020] kmsan_memcpy_origins+0x11d/0x170 [ 57.508508] __msan_memcpy+0x19f/0x1f0 [ 57.512391] skb_copy_bits+0x63a/0xdb0 [ 57.516268] __pskb_pull_tail+0x483/0x22e0 [ 57.520492] dccp_invalid_packet+0x352/0xf50 [ 57.524884] dccp_v4_rcv+0xf7/0x2630 [ 57.528584] ip_local_deliver_finish+0x6ed/0xd40 [ 57.533334] ip_local_deliver+0x43c/0x4e0 [ 57.537465] ip_rcv_finish+0x1253/0x16d0 [ 57.541510] ip_rcv+0x119d/0x16f0 [ 57.544951] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.549952] process_backlog+0x62d/0xe20 [ 57.554005] net_rx_action+0x7c1/0x1a70 [ 57.557973] __do_softirq+0x56d/0x93d [ 57.561755] Uninit was created at: [ 57.565282] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.570290] kmsan_alloc_page+0x82/0xe0 [ 57.574254] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.578993] alloc_pages_current+0x6b5/0x970 [ 57.583409] skb_page_frag_refill+0x3ba/0x5e0 [ 57.587887] sk_page_frag_refill+0xa4/0x340 [ 57.592199] __ip_append_data+0x107e/0x3d10 [ 57.596504] ip_append_data+0x2fb/0x440 [ 57.600465] raw_sendmsg+0x287b/0x3ed0 [ 57.604340] inet_sendmsg+0x48d/0x740 [ 57.608147] SYSC_sendto+0x6c3/0x7e0 [ 57.611846] SyS_sendto+0x8a/0xb0 [ 57.615287] do_syscall_64+0x309/0x430 [ 57.619162] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.624330] ================================================================== [ 57.631677] Disabling lock debugging due to kernel taint [ 57.637109] Kernel panic - not syncing: panic_on_warn set ... [ 57.637109] [ 57.644474] CPU: 0 PID: 5002 Comm: syz-executor5 Tainted: G B 4.16.0+ #82 [ 57.652597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.661936] Call Trace: [ 57.664506] [ 57.666652] dump_stack+0x185/0x1d0 [ 57.670271] panic+0x39d/0x940 [ 57.673466] ? dccp_invalid_packet+0x3b8/0xf50 [ 57.678043] kmsan_report+0x238/0x240 [ 57.682028] __msan_warning_32+0x6c/0xb0 [ 57.686081] dccp_invalid_packet+0x3b8/0xf50 [ 57.690479] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.695416] ? ip_local_deliver_finish+0x6ed/0xd40 [ 57.700335] dccp_v4_rcv+0xf7/0x2630 [ 57.704038] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.709392] ? raw_local_deliver+0x1462/0x1470 [ 57.713968] ? ip_local_deliver_finish+0x4a5/0xd40 [ 57.718887] ? local_bh_enable+0x40/0x40 [ 57.722937] ? local_bh_enable+0x40/0x40 [ 57.726987] ip_local_deliver_finish+0x6ed/0xd40 [ 57.731750] ip_local_deliver+0x43c/0x4e0 [ 57.735888] ? ip_local_deliver+0x4e0/0x4e0 [ 57.740201] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.744508] ip_rcv_finish+0x1253/0x16d0 [ 57.748560] ip_rcv+0x119d/0x16f0 [ 57.752012] ? ip_rcv+0x16f0/0x16f0 [ 57.755642] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.760646] ? try_to_wake_up+0x1ab2/0x20a0 [ 57.764961] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.770751] ? nfs_file_direct_write+0x1627/0x28f0 [ 57.775666] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.780581] process_backlog+0x62d/0xe20 [ 57.784638] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.789203] net_rx_action+0x7c1/0x1a70 [ 57.793171] ? net_tx_action+0xab0/0xab0 [ 57.797225] __do_softirq+0x56d/0x93d [ 57.801025] do_softirq_own_stack+0x2a/0x40 [ 57.805602] [ 57.807826] __local_bh_enable_ip+0x114/0x140 [ 57.812318] local_bh_enable+0x36/0x40 [ 57.816195] ip_finish_output2+0x124e/0x1380 [ 57.820602] ip_finish_output+0xcb0/0xff0 [ 57.824747] ip_output+0x502/0x5c0 [ 57.828280] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.832857] ? ip_finish_output+0xff0/0xff0 [ 57.837169] ip_send_skb+0x5f3/0x820 [ 57.840880] ? __ip_local_out+0x5b0/0x5b0 [ 57.845029] ip_push_pending_frames+0x105/0x170 [ 57.849696] raw_sendmsg+0x2960/0x3ed0 [ 57.853584] ? compat_raw_ioctl+0x100/0x100 [ 57.857894] inet_sendmsg+0x48d/0x740 [ 57.861683] ? security_socket_sendmsg+0x9e/0x210 [ 57.866512] ? inet_getname+0x500/0x500 [ 57.870482] SYSC_sendto+0x6c3/0x7e0 [ 57.874200] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.879641] ? prepare_exit_to_usermode+0x149/0x3a0 [ 57.884652] SyS_sendto+0x8a/0xb0 [ 57.888095] do_syscall_64+0x309/0x430 [ 57.891974] ? SYSC_getpeername+0x560/0x560 [ 57.896292] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.901485] RIP: 0033:0x455259 [ 57.904660] RSP: 002b:00007fdde9779c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.912355] RAX: ffffffffffffffda RBX: 00007fdde977a6d4 RCX: 0000000000455259 [ 57.919707] RDX: 000000000000000c RSI: 0000000020000100 RDI: 0000000000000013 [ 57.926966] RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000010 [ 57.934221] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.941477] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 57.949469] Dumping ftrace buffer: [ 57.953006] (ftrace buffer empty) [ 57.956698] Kernel Offset: disabled [ 57.960999] Rebooting in 86400 seconds..