INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. 2018/04/11 22:01:12 fuzzer started 2018/04/11 22:01:13 dialing manager at 10.128.0.26:41677 2018/04/11 22:01:19 kcov=true, comps=false 2018/04/11 22:01:22 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f00008db000)=[{{&(0x7f0000c5cfa0)=@nfc_llcp, 0x58, &(0x7f00006a9fc0)=[{&(0x7f00008cefa6)=""/90, 0x5a}, {&(0x7f0000000000)=""/225, 0xe1}, {&(0x7f0000672fb3)=""/173, 0xad}, {&(0x7f0000a2cf58)=""/174, 0xae}], 0x4, &(0x7f000042cfd2)=""/46, 0x2e}}], 0x1, 0x0, &(0x7f0000746ff0)) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21}, 0x10) sendto$inet(r0, &(0x7f0000168f26), 0x0, 0x48000, &(0x7f00008d2000)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f000029b000), 0x287, 0x0, &(0x7f0000778000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2018/04/11 22:01:22 executing program 1: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0xee}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp(0x2, 0x400000, 0x8, &(0x7f0000000340)) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x2}, 0x3c7) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r1, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp(0x730000, 0x89e0, 0xfffffffe, &(0x7f0000000180)) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1000000000000004, 0x400000a3}, 0x1b) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r2, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp(0x730000, 0x223, 0xb, &(0x7f0000000480)) socketpair$inet_icmp(0x730000, 0x5, 0x1, &(0x7f0000000740)) 2018/04/11 22:01:22 executing program 7: request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a}, &(0x7f00000001c0)='usernodev}(eth1\x00', 0x0) 2018/04/11 22:01:22 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") ioctl$fiemap(r0, 0x40086610, &(0x7f0000000080)=ANY=[]) 2018/04/11 22:01:22 executing program 5: r0 = mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x7, 0x2}) poll(&(0x7f0000023fb0)=[{r0, 0x0, 0x4}], 0x1, 0xce8) mq_timedsend(r0, &(0x7f000066c000), 0x0, 0x0, &(0x7f000066cff0)) 2018/04/11 22:01:22 executing program 2: epoll_create1(0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc\x00', 0x0, 0x0) socket$unix(0x1, 0x5, 0x0) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f00007fbfc0), &(0x7f0000f22000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000553ff8), 0x8}) 2018/04/11 22:01:22 executing program 6: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000100)='./file0\x00', 0x800000, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000011400)) 2018/04/11 22:01:22 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet(0x10, 0x2, 0x4) sendmsg(r1, &(0x7f0000014000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a61f9200000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) syzkaller login: [ 43.543397] ip (3757) used greatest stack depth: 54816 bytes left [ 44.060295] ip (3804) used greatest stack depth: 54672 bytes left [ 44.680771] ip (3868) used greatest stack depth: 54200 bytes left [ 45.802483] ip (3970) used greatest stack depth: 54160 bytes left [ 47.006829] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.057990] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.080685] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.156941] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.181780] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.205894] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.221170] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.292820] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.873959] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.971143] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.031990] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.065218] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.075807] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.196812] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.269328] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.355454] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.639965] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.646293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.655488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.773985] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.780281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.793557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.823182] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.829496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.837849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.871678] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.880479] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.887097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.904789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.936748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.955632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.982629] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.014753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.034405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.165296] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.171587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.181950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.226261] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.232708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.246622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/11 22:01:39 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000180)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x806, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}, @local={0xac, 0x14, 0x14, 0xaa}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000000000)) 2018/04/11 22:01:39 executing program 6: 2018/04/11 22:01:39 executing program 1: 2018/04/11 22:01:40 executing program 4: 2018/04/11 22:01:40 executing program 2: 2018/04/11 22:01:40 executing program 7: request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a}, &(0x7f00000001c0)='usernodev}(eth1\x00', 0x0) 2018/04/11 22:01:40 executing program 3: 2018/04/11 22:01:40 executing program 6: [ 59.260258] ================================================================== [ 59.267692] BUG: KMSAN: uninit-value in csum_partial_copy_to_user+0x450/0x500 [ 59.274972] CPU: 1 PID: 5063 Comm: syz-executor0 Not tainted 4.16.0+ #83 [ 59.281811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.291164] Call Trace: [ 59.293767] dump_stack+0x185/0x1d0 [ 59.297411] ? csum_partial_copy_to_user+0x450/0x500 [ 59.302519] kmsan_report+0x142/0x240 [ 59.306326] __msan_warning_32+0x6c/0xb0 [ 59.310393] csum_partial_copy_to_user+0x450/0x500 [ 59.315332] csum_and_copy_to_iter+0x3dc/0x2140 [ 59.320005] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.324857] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.329545] skb_copy_and_csum_datagram+0x6d2/0x1080 [ 59.334666] skb_copy_and_csum_datagram_msg+0x557/0x960 [ 59.340042] udp_recvmsg+0x99c/0x1d90 [ 59.343862] ? udp_skb_dtor_locked+0x770/0x770 [ 59.348444] inet_recvmsg+0x4c2/0x5f0 [ 59.352257] sock_recvmsg+0x1d0/0x230 [ 59.356059] ? inet_sendpage+0x8c0/0x8c0 [ 59.360155] ___sys_recvmsg+0x3fb/0x810 [ 59.364146] ? __fget_light+0x56/0x710 [ 59.368030] ? __fdget+0x4e/0x60 [ 59.371401] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.376766] ? __fget_light+0x6b9/0x710 [ 59.380756] __sys_recvmmsg+0x54e/0xdb0 [ 59.384745] ? kmsan_set_origin+0x9e/0x160 [ 59.388989] SYSC_recvmmsg+0x29b/0x3e0 [ 59.392886] SyS_recvmmsg+0x76/0xa0 [ 59.396518] do_syscall_64+0x309/0x430 [ 59.400414] ? __sys_recvmmsg+0xdb0/0xdb0 [ 59.404575] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.409761] RIP: 0033:0x455279 [ 59.412943] RSP: 002b:00007fa46fd50c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 59.420646] RAX: ffffffffffffffda RBX: 00007fa46fd516d4 RCX: 0000000000455279 [ 59.427912] RDX: 0000000000000001 RSI: 00000000208db000 RDI: 0000000000000013 [ 59.435178] RBP: 000000000072bea0 R08: 0000000020746ff0 R09: 0000000000000000 [ 59.442440] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.449708] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000000 [ 59.456977] [ 59.458597] Uninit was created at: [ 59.462143] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 59.467164] kmsan_alloc_page+0x82/0xe0 [ 59.471144] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 59.475906] alloc_pages_current+0x6b5/0x970 [ 59.480312] skb_page_frag_refill+0x3ba/0x5e0 [ 59.484810] sk_page_frag_refill+0xa4/0x340 [ 59.489122] __ip_append_data+0x107e/0x3d10 [ 59.493422] ip_append_data+0x2fb/0x440 [ 59.497374] udp_sendmsg+0x746/0x3180 [ 59.501153] inet_sendmsg+0x48d/0x740 [ 59.504930] SYSC_sendto+0x6c3/0x7e0 [ 59.508628] SyS_sendto+0x8a/0xb0 [ 59.512067] do_syscall_64+0x309/0x430 [ 59.515933] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.521092] ================================================================== [ 59.528423] Disabling lock debugging due to kernel taint [ 59.533848] Kernel panic - not syncing: panic_on_warn set ... [ 59.533848] [ 59.541191] CPU: 1 PID: 5063 Comm: syz-executor0 Tainted: G B 4.16.0+ #83 [ 59.549306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.558633] Call Trace: [ 59.561202] dump_stack+0x185/0x1d0 [ 59.564816] panic+0x39d/0x940 [ 59.568005] ? csum_partial_copy_to_user+0x450/0x500 [ 59.573096] kmsan_report+0x238/0x240 [ 59.576877] __msan_warning_32+0x6c/0xb0 [ 59.580932] csum_partial_copy_to_user+0x450/0x500 [ 59.585852] csum_and_copy_to_iter+0x3dc/0x2140 [ 59.590509] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.595330] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.599993] skb_copy_and_csum_datagram+0x6d2/0x1080 [ 59.605084] skb_copy_and_csum_datagram_msg+0x557/0x960 [ 59.610429] udp_recvmsg+0x99c/0x1d90 [ 59.614222] ? udp_skb_dtor_locked+0x770/0x770 [ 59.618780] inet_recvmsg+0x4c2/0x5f0 [ 59.622574] sock_recvmsg+0x1d0/0x230 [ 59.626351] ? inet_sendpage+0x8c0/0x8c0 [ 59.630402] ___sys_recvmsg+0x3fb/0x810 [ 59.634356] ? __fget_light+0x56/0x710 [ 59.638219] ? __fdget+0x4e/0x60 [ 59.641569] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.646911] ? __fget_light+0x6b9/0x710 [ 59.650878] __sys_recvmmsg+0x54e/0xdb0 [ 59.654835] ? kmsan_set_origin+0x9e/0x160 [ 59.659054] SYSC_recvmmsg+0x29b/0x3e0 [ 59.662927] SyS_recvmmsg+0x76/0xa0 [ 59.666541] do_syscall_64+0x309/0x430 [ 59.670417] ? __sys_recvmmsg+0xdb0/0xdb0 [ 59.674572] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.679745] RIP: 0033:0x455279 [ 59.682911] RSP: 002b:00007fa46fd50c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 59.690608] RAX: ffffffffffffffda RBX: 00007fa46fd516d4 RCX: 0000000000455279 [ 59.697859] RDX: 0000000000000001 RSI: 00000000208db000 RDI: 0000000000000013 [ 59.705112] RBP: 000000000072bea0 R08: 0000000020746ff0 R09: 0000000000000000 [ 59.712373] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.719624] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000000 [ 59.727364] Dumping ftrace buffer: [ 59.730887] (ftrace buffer empty) [ 59.734582] Kernel Offset: disabled [ 59.738183] Rebooting in 86400 seconds..