INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts.
2018/04/06 23:27:24 fuzzer started
2018/04/06 23:27:24 dialing manager at 10.128.0.26:38639
2018/04/06 23:27:30 kcov=true, comps=false
2018/04/06 23:27:33 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000400)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfa8840afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d")
flistxattr(r0, &(0x7f0000000280)=""/9, 0x9)

2018/04/06 23:27:33 executing program 1:
r0 = socket$inet6(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c)
sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000ff0)=[{&(0x7f0000013ffe)="0600", 0x2}], 0x1, &(0x7f0000026000)}, 0x2000c080)
write(r0, &(0x7f00000003c0)="d09f9f1712997927094b2cd9844f18daaefd4969bda4f23acbe2b0e1456889ab90ac5da998fcc792df265b3d643a", 0x2e)

2018/04/06 23:27:33 executing program 7:
r0 = socket(0x2, 0x2, 0x0)
unshare(0x400)
listen(r0, 0x0)

2018/04/06 23:27:33 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x4e20, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c)
sendmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000002ff0), 0x0, &(0x7f000000ae80)}, 0x0)

2018/04/06 23:27:33 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendto$inet(r0, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10)
shutdown(r0, 0x1)

2018/04/06 23:27:33 executing program 4:
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_settime(0x932d3f0689119724, &(0x7f0000e75ff0)={0x77359400})

2018/04/06 23:27:33 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup(r0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x20000000000002, &(0x7f00007b1000)=0x81, 0x4)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xfc)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c)

2018/04/06 23:27:33 executing program 6:
perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000080)=""/242, &(0x7f0000000180)=0xf2)

syzkaller login: [   43.319874] ip (3742) used greatest stack depth: 54688 bytes left
[   43.931406] ip (3799) used greatest stack depth: 54672 bytes left
[   44.523693] ip (3853) used greatest stack depth: 53960 bytes left
[   46.950785] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.056824] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.068557] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.172651] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.192573] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.202533] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.314923] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.504182] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   55.706240] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.841405] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.917302] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.933834] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.008352] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.106200] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.139697] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.149205] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.450267] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.456548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.467829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.615911] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.622181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.632536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.702951] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.709216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.719682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.746015] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.752353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.778599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.804180] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.810606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.847576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.878223] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.900412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.912217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.938628] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.948185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.998189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.034913] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.043533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.066692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/06 23:27:49 executing program 7:
r0 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'vhan0\x00', 0x200})

[   58.082399] ==================================================================
[   58.089834] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4bee/0x4cc0
[   58.096241] CPU: 0 PID: 5062 Comm: syz-executor1 Not tainted 4.16.0+ #81
[   58.103071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.112416] Call Trace:
[   58.115009]  dump_stack+0x185/0x1d0
[   58.118642]  ? rawv6_sendmsg+0x4bee/0x4cc0
[   58.122880]  kmsan_report+0x142/0x240
[   58.126688]  __msan_warning_32+0x6c/0xb0
[   58.130756]  rawv6_sendmsg+0x4bee/0x4cc0
[   58.134820]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   58.140274]  ? futex_wait_queue_me+0x687/0x710
[   58.144879]  ? compat_rawv6_ioctl+0x30/0x30
[   58.149201]  inet_sendmsg+0x48d/0x740
[   58.153003]  ? security_socket_sendmsg+0x9e/0x210
[   58.157846]  ? inet_getname+0x500/0x500
[   58.161824]  sock_write_iter+0x3b9/0x470
[   58.165890]  ? sock_read_iter+0x480/0x480
[   58.170126]  __vfs_write+0x719/0x910
[   58.173847]  vfs_write+0x463/0x8d0
[   58.177394]  SYSC_write+0x172/0x360
[   58.181028]  SyS_write+0x55/0x80
[   58.184394]  do_syscall_64+0x309/0x430
[   58.188288]  ? SYSC_read+0x360/0x360
[   58.192010]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.197195] RIP: 0033:0x455259
[   58.200386] RSP: 002b:00007f9ec46e6c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   58.208184] RAX: ffffffffffffffda RBX: 00007f9ec46e76d4 RCX: 0000000000455259
[   58.215447] RDX: 000000000000002e RSI: 00000000200003c0 RDI: 0000000000000013
[   58.222713] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   58.229980] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   58.237240] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000000
[   58.244505] 
[   58.246114] Uninit was stored to memory at:
[   58.250419]  kmsan_internal_chain_origin+0x12b/0x210
[   58.255498]  kmsan_memcpy_origins+0x11d/0x170
[   58.259972]  __msan_memcpy+0x19f/0x1f0
[   58.263849]  skb_copy_bits+0x63a/0xdb0
[   58.267722]  rawv6_sendmsg+0x427e/0x4cc0
[   58.271763]  inet_sendmsg+0x48d/0x740
[   58.275540]  sock_write_iter+0x3b9/0x470
[   58.279576]  __vfs_write+0x719/0x910
[   58.283273]  vfs_write+0x463/0x8d0
[   58.286791]  SYSC_write+0x172/0x360
[   58.290394]  SyS_write+0x55/0x80
[   58.293735]  do_syscall_64+0x309/0x430
[   58.297603]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.302768] Uninit was created at:
[   58.306293]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   58.311293]  kmsan_alloc_page+0x82/0xe0
[   58.315260]  __alloc_pages_nodemask+0xf5b/0x5dc0
[   58.320000]  alloc_pages_current+0x6b5/0x970
[   58.324392]  skb_page_frag_refill+0x3ba/0x5e0
[   58.328861]  sk_page_frag_refill+0xa4/0x340
[   58.333163]  __ip6_append_data+0x1a20/0x4bb0
[   58.337546]  ip6_append_data+0x40e/0x6b0
[   58.341583]  rawv6_sendmsg+0x2787/0x4cc0
[   58.345621]  inet_sendmsg+0x48d/0x740
[   58.349401]  sock_write_iter+0x3b9/0x470
[   58.353442]  __vfs_write+0x719/0x910
[   58.357222]  vfs_write+0x463/0x8d0
[   58.360739]  SYSC_write+0x172/0x360
[   58.364352]  SyS_write+0x55/0x80
[   58.367711]  do_syscall_64+0x309/0x430
[   58.371588]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.376754] ==================================================================
[   58.384089] Disabling lock debugging due to kernel taint
[   58.389511] Kernel panic - not syncing: panic_on_warn set ...
[   58.389511] 
[   58.396854] CPU: 0 PID: 5062 Comm: syz-executor1 Tainted: G    B            4.16.0+ #81
[   58.404973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.414301] Call Trace:
[   58.416871]  dump_stack+0x185/0x1d0
[   58.420479]  panic+0x39d/0x940
[   58.423680]  ? rawv6_sendmsg+0x4bee/0x4cc0
[   58.427913]  kmsan_report+0x238/0x240
[   58.431698]  __msan_warning_32+0x6c/0xb0
[   58.435739]  rawv6_sendmsg+0x4bee/0x4cc0
[   58.439780]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   58.445211]  ? futex_wait_queue_me+0x687/0x710
[   58.449782]  ? compat_rawv6_ioctl+0x30/0x30
[   58.454085]  inet_sendmsg+0x48d/0x740
[   58.457868]  ? security_socket_sendmsg+0x9e/0x210
[   58.462704]  ? inet_getname+0x500/0x500
[   58.466661]  sock_write_iter+0x3b9/0x470
[   58.470717]  ? sock_read_iter+0x480/0x480
[   58.474851]  __vfs_write+0x719/0x910
[   58.478563]  vfs_write+0x463/0x8d0
[   58.482086]  SYSC_write+0x172/0x360
[   58.485698]  SyS_write+0x55/0x80
[   58.489049]  do_syscall_64+0x309/0x430
[   58.492922]  ? SYSC_read+0x360/0x360
[   58.496630]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.501803] RIP: 0033:0x455259
[   58.504980] RSP: 002b:00007f9ec46e6c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   58.512673] RAX: ffffffffffffffda RBX: 00007f9ec46e76d4 RCX: 0000000000455259
[   58.519919] RDX: 000000000000002e RSI: 00000000200003c0 RDI: 0000000000000013
[   58.527167] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   58.534414] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   58.541662] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000000
[   58.549376] Dumping ftrace buffer:
[   58.552894]    (ftrace buffer empty)
[   58.556578] Kernel Offset: disabled
[   58.560177] Rebooting in 86400 seconds..