INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. 2018/04/07 06:51:50 fuzzer started 2018/04/07 06:51:51 dialing manager at 10.128.0.26:38639 2018/04/07 06:51:57 kcov=true, comps=false 2018/04/07 06:52:00 executing program 0: futex(&(0x7f00000000c0), 0xc, 0xfffffffffffffffc, &(0x7f0000519ff0), &(0x7f0000000080), 0x0) 2018/04/07 06:52:00 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000b4e000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) pipe2(&(0x7f0000001ff8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000b1d000)={&(0x7f00003ba000/0x3000)=nil, 0xffff, 0x0, 0x0, &(0x7f00000b3000/0x2000)=nil}) mprotect(&(0x7f0000b1d000/0x2000)=nil, 0x2000, 0x5) vmsplice(r1, &(0x7f0000b1d000)=[{&(0x7f0000005fe3)}], 0x1, 0x0) mmap(&(0x7f0000000000/0xe62000)=nil, 0xe62000, 0x0, 0x32, 0xffffffffffffffff, 0x0) close(r0) 2018/04/07 06:52:00 executing program 7: r0 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102}) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) 2018/04/07 06:52:00 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x40101283, 0x2) 2018/04/07 06:52:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)="290000001900ff0900220000000000020a1300000000ff06800800000d0009000900001900000000f6", 0x29}], 0x1) 2018/04/07 06:52:00 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mmap(&(0x7f0000000000/0xeef000)=nil, 0xeef000, 0x4, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14}}}}, &(0x7f0000000000)=0x98) 2018/04/07 06:52:00 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000d52000)={0x14, 0xd, 0x6, 0x800000005}, 0x14}, 0x1}, 0x0) 2018/04/07 06:52:00 executing program 6: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syzkaller login: [ 42.320822] ip (3752) used greatest stack depth: 54688 bytes left [ 42.746934] ip (3787) used greatest stack depth: 54312 bytes left [ 44.114784] ip (3918) used greatest stack depth: 54296 bytes left [ 44.610523] ip (3962) used greatest stack depth: 54160 bytes left [ 46.036986] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.109203] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.155113] ip (4089) used greatest stack depth: 53976 bytes left [ 46.335901] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.352246] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.420933] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.438927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.472822] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.620652] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.290756] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.409364] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.524008] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.577765] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.598467] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.684375] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.782136] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.970972] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.020211] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.026470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.037229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.199665] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.205969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.216495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.312441] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.318775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.329760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.374836] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.381347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.398651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.430847] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.439182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.452760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.471643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.488424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.528844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.610475] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.616781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.630664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.912455] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.918760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.933822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.899749] ================================================================== [ 57.907176] BUG: KMSAN: uninit-value in inet6_rtm_delroute+0x304/0x720 [ 57.913839] CPU: 0 PID: 5082 Comm: syz-executor2 Not tainted 4.16.0+ #81 [ 57.920663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.929996] Call Trace: [ 57.932581] dump_stack+0x185/0x1d0 [ 57.936190] ? inet6_rtm_delroute+0x304/0x720 [ 57.940664] kmsan_report+0x142/0x240 [ 57.944443] __msan_warning_32+0x6c/0xb0 [ 57.948482] inet6_rtm_delroute+0x304/0x720 [ 57.952789] ? inet6_rtm_newroute+0x26a0/0x26a0 [ 57.957437] rtnetlink_rcv_msg+0xa32/0x1560 [ 57.961751] ? do_iter_write+0x30d/0xd40 [ 57.965792] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.971148] ? do_iter_readv_writev+0x7bb/0x970 [ 57.975804] ? do_iter_write+0x30d/0xd40 [ 57.979858] ? do_writev+0x3c9/0x830 [ 57.983548] ? SYSC_writev+0x9b/0xb0 [ 57.987240] ? SyS_writev+0x56/0x80 [ 57.990842] ? do_syscall_64+0x309/0x430 [ 57.994880] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.000222] ? _raw_spin_unlock_bh+0x57/0x70 [ 58.004612] ? __local_bh_enable_ip+0x3b/0x140 [ 58.009171] ? _raw_spin_unlock_bh+0x57/0x70 [ 58.013561] ? kmsan_set_origin_inline+0x6b/0x120 [ 58.018399] ? kmsan_set_origin+0x9e/0x160 [ 58.022618] netlink_rcv_skb+0x355/0x5f0 [ 58.026662] ? rtnetlink_bind+0x120/0x120 [ 58.030788] rtnetlink_rcv+0x50/0x60 [ 58.034498] netlink_unicast+0x1672/0x1750 [ 58.038721] ? rtnetlink_net_exit+0xa0/0xa0 [ 58.043032] netlink_sendmsg+0x1048/0x1310 [ 58.047270] ? netlink_getsockopt+0xc80/0xc80 [ 58.051749] sock_write_iter+0x3b9/0x470 [ 58.055790] ? sock_read_iter+0x480/0x480 [ 58.059918] do_iter_readv_writev+0x7bb/0x970 [ 58.064395] ? sock_read_iter+0x480/0x480 [ 58.068522] do_iter_write+0x30d/0xd40 [ 58.072391] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.077830] do_writev+0x3c9/0x830 [ 58.081363] ? syscall_return_slowpath+0xe9/0x700 [ 58.086187] SYSC_writev+0x9b/0xb0 [ 58.089707] SyS_writev+0x56/0x80 [ 58.093138] do_syscall_64+0x309/0x430 [ 58.097011] ? SYSC_readv+0xb0/0xb0 [ 58.100629] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.105797] RIP: 0033:0x455259 [ 58.108967] RSP: 002b:00007fedf6468c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 58.116666] RAX: ffffffffffffffda RBX: 00007fedf64696d4 RCX: 0000000000455259 [ 58.123913] RDX: 0000000000000001 RSI: 00000000200002c0 RDI: 0000000000000013 [ 58.131165] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.138681] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.145938] R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000 [ 58.153186] [ 58.154785] Uninit was created at: [ 58.158317] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 58.163406] kmsan_kmalloc+0x94/0x100 [ 58.167786] kmsan_slab_alloc+0x11/0x20 [ 58.171739] __kmalloc_node_track_caller+0xaed/0x11c0 [ 58.176907] __alloc_skb+0x2cf/0x9f0 [ 58.180600] netlink_sendmsg+0x9a6/0x1310 [ 58.184734] sock_write_iter+0x3b9/0x470 [ 58.188778] do_iter_readv_writev+0x7bb/0x970 [ 58.193252] do_iter_write+0x30d/0xd40 [ 58.197113] do_writev+0x3c9/0x830 [ 58.200629] SYSC_writev+0x9b/0xb0 [ 58.204163] SyS_writev+0x56/0x80 [ 58.207611] do_syscall_64+0x309/0x430 [ 58.211496] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.216667] ================================================================== [ 58.224017] Disabling lock debugging due to kernel taint [ 58.229462] Kernel panic - not syncing: panic_on_warn set ... [ 58.229462] [ 58.236829] CPU: 0 PID: 5082 Comm: syz-executor2 Tainted: G B 4.16.0+ #81 [ 58.244960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.254307] Call Trace: [ 58.256880] dump_stack+0x185/0x1d0 [ 58.260487] panic+0x39d/0x940 [ 58.263667] ? inet6_rtm_delroute+0x304/0x720 [ 58.268141] kmsan_report+0x238/0x240 [ 58.271930] __msan_warning_32+0x6c/0xb0 [ 58.275969] inet6_rtm_delroute+0x304/0x720 [ 58.280273] ? inet6_rtm_newroute+0x26a0/0x26a0 [ 58.284926] rtnetlink_rcv_msg+0xa32/0x1560 [ 58.289226] ? do_iter_write+0x30d/0xd40 [ 58.293262] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.298601] ? do_iter_readv_writev+0x7bb/0x970 [ 58.303243] ? do_iter_write+0x30d/0xd40 [ 58.307276] ? do_writev+0x3c9/0x830 [ 58.310964] ? SYSC_writev+0x9b/0xb0 [ 58.314650] ? SyS_writev+0x56/0x80 [ 58.318251] ? do_syscall_64+0x309/0x430 [ 58.322288] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.327627] ? _raw_spin_unlock_bh+0x57/0x70 [ 58.332015] ? __local_bh_enable_ip+0x3b/0x140 [ 58.336582] ? _raw_spin_unlock_bh+0x57/0x70 [ 58.340969] ? kmsan_set_origin_inline+0x6b/0x120 [ 58.345787] ? kmsan_set_origin+0x9e/0x160 [ 58.349997] netlink_rcv_skb+0x355/0x5f0 [ 58.354045] ? rtnetlink_bind+0x120/0x120 [ 58.358172] rtnetlink_rcv+0x50/0x60 [ 58.361863] netlink_unicast+0x1672/0x1750 [ 58.366086] ? rtnetlink_net_exit+0xa0/0xa0 [ 58.370385] netlink_sendmsg+0x1048/0x1310 [ 58.374597] ? netlink_getsockopt+0xc80/0xc80 [ 58.379069] sock_write_iter+0x3b9/0x470 [ 58.383194] ? sock_read_iter+0x480/0x480 [ 58.387315] do_iter_readv_writev+0x7bb/0x970 [ 58.391797] ? sock_read_iter+0x480/0x480 [ 58.395919] do_iter_write+0x30d/0xd40 [ 58.399784] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.405211] do_writev+0x3c9/0x830 [ 58.408729] ? syscall_return_slowpath+0xe9/0x700 [ 58.413552] SYSC_writev+0x9b/0xb0 [ 58.417069] SyS_writev+0x56/0x80 [ 58.420498] do_syscall_64+0x309/0x430 [ 58.424363] ? SYSC_readv+0xb0/0xb0 [ 58.427968] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.433133] RIP: 0033:0x455259 [ 58.436297] RSP: 002b:00007fedf6468c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 58.443982] RAX: ffffffffffffffda RBX: 00007fedf64696d4 RCX: 0000000000455259 [ 58.451239] RDX: 0000000000000001 RSI: 00000000200002c0 RDI: 0000000000000013 [ 58.458482] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.465728] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.472973] R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000 [ 58.480639] Dumping ftrace buffer: [ 58.484160] (ftrace buffer empty) [ 58.487842] Kernel Offset: disabled [ 58.491442] Rebooting in 86400 seconds..