INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. 2018/04/11 14:57:22 fuzzer started 2018/04/11 14:57:23 dialing manager at 10.128.0.26:36259 2018/04/11 14:57:29 kcov=true, comps=false 2018/04/11 14:57:32 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000080)) 2018/04/11 14:57:32 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000925fe4)={0xa, 0x4e23}, 0x1c) listen(r0, 0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x14) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) connect$inet6(r1, &(0x7f00008c0000)={0xa, 0x8000000000004e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/11 14:57:32 executing program 7: r0 = socket$inet6(0xa, 0x3, 0x8000000000002c) connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c) sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000100)}, 0x2000c080) socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x9b, 0x0, 0x6, 0x0, 0x152, 0x40, 0x0, 0x8, 0x0, 0x38, 0x1, 0x0, 0x7fff}, [{0x7, 0x0, 0xc51, 0x0, 0x9, 0x0, 0x8}], "8815871944271384e6dde0184efb1854db34e65a453d02ba0df67531f349ce2317cc17a0dc80f35221e289099f2fbf3117a0f7c395d06466430bc764cd70f7a3fa18ce8baf2efd1816db40e420230e537b829a1f566da0db5ffa7d6d896850d3cc527e1a6a21857ce91047018f0f2412cd285ad9bfc8aacbf6d196c238d04feb0ba1b65e4c7b5a20988048460947864c5f0678e5ddd22afba72ec112e35d14ef65effd36f354058f1bdf9a0e043c7e41480ba416bcf91476269cc89a4e9a4f1e0f5f8b248d2245dd17c7eabd3a03f236650def7b6eb5d8cb7ded8614a190ed", [[], [], [], [], [], [], []]}, 0x857) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00\a', 0x8}], 0x1) 2018/04/11 14:57:32 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88) close(r0) 2018/04/11 14:57:32 executing program 5: 2018/04/11 14:57:32 executing program 4: 2018/04/11 14:57:32 executing program 6: 2018/04/11 14:57:32 executing program 1: r0 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'bcsh0\x00', 0x2001}) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000180)={'bcsh0\x00'}) syzkaller login: [ 42.980464] ip (3792) used greatest stack depth: 54672 bytes left [ 43.212850] ip (3815) used greatest stack depth: 54312 bytes left [ 44.205081] ip (3902) used greatest stack depth: 54200 bytes left [ 44.861641] ip (3962) used greatest stack depth: 54160 bytes left [ 46.342732] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.353766] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.364353] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.375987] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.385233] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.434133] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.598951] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.708394] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.426786] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.447895] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.686443] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.694243] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.723801] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.766124] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.894890] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.009470] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.202594] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.208921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.223740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.250132] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.265178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.275646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.485107] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.491489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.515147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.544932] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.553178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.570853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.585441] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.599148] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.612698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.637889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.675771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.707891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.784436] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.790992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.802995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.937461] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.943809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.955993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/11 14:57:49 executing program 3: 2018/04/11 14:57:49 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000bd7000)={&(0x7f0000648eac)=ANY=[@ANYBLOB="54010000100017070000000000000000ff02000000000000000000000000000100000000000000000000ffffac14ffaa00000000000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000033000000000000000000000000000000c100000000000000000000000000ef62000000770229200000000000000000d1951f0084af712a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8000000000000000000000200000000000000000000001c0004000000000000000000fe800000000000000000000000000000480001006d64350000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x3}, 0x1}, 0x0) 2018/04/11 14:57:49 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040), 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) dup3(r1, r0, 0x0) 2018/04/11 14:57:49 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000040)={0x0, 0x2aaaaaaaaaaaac18}) 2018/04/11 14:57:49 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'bcsh0\x00', 0x2001}) r1 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8923, &(0x7f0000000180)={'bcsh0\x00', 0x1}) 2018/04/11 14:57:50 executing program 6: syz_open_procfs(0x0, &(0x7f0000000000)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") 2018/04/11 14:57:50 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000925fe4)={0xa, 0x4e23}, 0x1c) listen(r0, 0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x14) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) connect$inet6(r1, &(0x7f00008c0000)={0xa, 0x8000000000004e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 58.109366] : renamed from bcsh0 [ 58.392521] ================================================================== [ 58.399976] BUG: KMSAN: uninit-value in ipv6_frag_rcv+0xfa5/0x6970 [ 58.406309] CPU: 1 PID: 5094 Comm: syz-executor7 Not tainted 4.16.0+ #83 [ 58.413157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.422520] Call Trace: [ 58.425102] [ 58.427267] dump_stack+0x185/0x1d0 [ 58.430899] ? ipv6_frag_rcv+0xfa5/0x6970 [ 58.435049] kmsan_report+0x142/0x240 [ 58.438851] __msan_warning_32+0x6c/0xb0 [ 58.442918] ipv6_frag_rcv+0xfa5/0x6970 [ 58.446900] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.452282] ? ipv6_frag_exit+0x90/0x90 [ 58.456257] ip6_input_finish+0xa62/0x2110 [ 58.460492] ? ip6table_filter_hook+0xb5/0xe0 [ 58.464991] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 58.470346] ip6_input+0x294/0x320 [ 58.473869] ? ip6_input+0x320/0x320 [ 58.477564] ? ipv6_rcv+0x26d0/0x26d0 [ 58.481342] ipv6_rcv+0x20ec/0x26d0 [ 58.484957] ? local_bh_enable+0x40/0x40 [ 58.489020] __netif_receive_skb_core+0x47cf/0x4a80 [ 58.494035] ? rb_insert_color+0xa4/0x1300 [ 58.498256] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 58.504048] ? ip6_rcv_finish+0x4d0/0x4d0 [ 58.508190] process_backlog+0x62d/0xe20 [ 58.512245] ? rps_trigger_softirq+0x2f0/0x2f0 [ 58.516806] net_rx_action+0x7c1/0x1a70 [ 58.520771] ? net_tx_action+0xab0/0xab0 [ 58.524826] __do_softirq+0x56d/0x93d [ 58.528611] do_softirq_own_stack+0x2a/0x40 [ 58.532911] [ 58.535147] __local_bh_enable_ip+0x114/0x140 [ 58.539642] local_bh_enable+0x36/0x40 [ 58.543517] ip6_finish_output2+0x1b6c/0x1f20 [ 58.547998] ip6_finish_output+0xb3f/0xc00 [ 58.552223] ip6_output+0x597/0x6c0 [ 58.555836] ? ip6_output+0x6c0/0x6c0 [ 58.559617] ? ac6_seq_show+0x200/0x200 [ 58.563568] ip6_local_out+0x573/0x640 [ 58.567436] ? __ip6_local_out+0x4f0/0x4f0 [ 58.571653] ip6_push_pending_frames+0x218/0x4d0 [ 58.576389] rawv6_sendmsg+0x4500/0x4cc0 [ 58.580441] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.585881] ? futex_wait_queue_me+0x687/0x710 [ 58.590452] ? compat_rawv6_ioctl+0x30/0x30 [ 58.594750] inet_sendmsg+0x48d/0x740 [ 58.598540] ? security_socket_sendmsg+0x9e/0x210 [ 58.603368] ? inet_getname+0x500/0x500 [ 58.607321] sock_write_iter+0x3b9/0x470 [ 58.611364] ? sock_read_iter+0x480/0x480 [ 58.615491] __vfs_write+0x719/0x910 [ 58.619187] vfs_write+0x463/0x8d0 [ 58.622709] SYSC_write+0x172/0x360 [ 58.626318] SyS_write+0x55/0x80 [ 58.629665] do_syscall_64+0x309/0x430 [ 58.633531] ? SYSC_read+0x360/0x360 [ 58.637224] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.642394] RIP: 0033:0x455259 [ 58.645566] RSP: 002b:00007f4a1a2dbc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.653251] RAX: ffffffffffffffda RBX: 00007f4a1a2dc6d4 RCX: 0000000000455259 [ 58.660501] RDX: 0000000000000857 RSI: 0000000020000180 RDI: 0000000000000013 [ 58.667748] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.675006] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.682263] R13: 00000000000006b9 R14: 00000000006fd1f8 R15: 0000000000000000 [ 58.689515] [ 58.691132] Uninit was stored to memory at: [ 58.695438] kmsan_internal_chain_origin+0x12b/0x210 [ 58.700518] kmsan_memcpy_origins+0x11d/0x170 [ 58.704992] __msan_memcpy+0x19f/0x1f0 [ 58.708865] skb_copy_bits+0x63a/0xdb0 [ 58.712730] __pskb_pull_tail+0x483/0x22e0 [ 58.716945] ipv6_frag_rcv+0x1894/0x6970 [ 58.720987] ip6_input_finish+0xa62/0x2110 [ 58.725200] ip6_input+0x294/0x320 [ 58.728718] ipv6_rcv+0x20ec/0x26d0 [ 58.732335] __netif_receive_skb_core+0x47cf/0x4a80 [ 58.737337] process_backlog+0x62d/0xe20 [ 58.741381] net_rx_action+0x7c1/0x1a70 [ 58.745342] __do_softirq+0x56d/0x93d [ 58.749115] Uninit was created at: [ 58.752646] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 58.757650] kmsan_alloc_page+0x82/0xe0 [ 58.761610] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 58.766352] alloc_pages_current+0x6b5/0x970 [ 58.770739] skb_page_frag_refill+0x3ba/0x5e0 [ 58.775209] sk_page_frag_refill+0xa4/0x340 [ 58.779521] __ip6_append_data+0x1a20/0x4bb0 [ 58.783926] ip6_append_data+0x40e/0x6b0 [ 58.787974] rawv6_sendmsg+0x2787/0x4cc0 [ 58.792016] inet_sendmsg+0x48d/0x740 [ 58.795804] sock_write_iter+0x3b9/0x470 [ 58.799842] __vfs_write+0x719/0x910 [ 58.803532] vfs_write+0x463/0x8d0 [ 58.807057] SYSC_write+0x172/0x360 [ 58.810676] SyS_write+0x55/0x80 [ 58.814035] do_syscall_64+0x309/0x430 [ 58.817907] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.823072] ================================================================== [ 58.830404] Disabling lock debugging due to kernel taint [ 58.835832] Kernel panic - not syncing: panic_on_warn set ... [ 58.835832] [ 58.843176] CPU: 1 PID: 5094 Comm: syz-executor7 Tainted: G B 4.16.0+ #83 [ 58.851292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.860630] Call Trace: [ 58.863200] [ 58.865331] dump_stack+0x185/0x1d0 [ 58.868939] panic+0x39d/0x940 [ 58.872209] ? ipv6_frag_rcv+0xfa5/0x6970 [ 58.876333] kmsan_report+0x238/0x240 [ 58.880112] __msan_warning_32+0x6c/0xb0 [ 58.884153] ipv6_frag_rcv+0xfa5/0x6970 [ 58.888108] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.893458] ? ipv6_frag_exit+0x90/0x90 [ 58.897413] ip6_input_finish+0xa62/0x2110 [ 58.901640] ? ip6table_filter_hook+0xb5/0xe0 [ 58.906114] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 58.911466] ip6_input+0x294/0x320 [ 58.914986] ? ip6_input+0x320/0x320 [ 58.918681] ? ipv6_rcv+0x26d0/0x26d0 [ 58.922460] ipv6_rcv+0x20ec/0x26d0 [ 58.926074] ? local_bh_enable+0x40/0x40 [ 58.930132] __netif_receive_skb_core+0x47cf/0x4a80 [ 58.935129] ? rb_insert_color+0xa4/0x1300 [ 58.939355] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 58.945145] ? ip6_rcv_finish+0x4d0/0x4d0 [ 58.949275] process_backlog+0x62d/0xe20 [ 58.953321] ? rps_trigger_softirq+0x2f0/0x2f0 [ 58.957883] net_rx_action+0x7c1/0x1a70 [ 58.961841] ? net_tx_action+0xab0/0xab0 [ 58.965882] __do_softirq+0x56d/0x93d [ 58.969665] do_softirq_own_stack+0x2a/0x40 [ 58.973965] [ 58.976203] __local_bh_enable_ip+0x114/0x140 [ 58.980687] local_bh_enable+0x36/0x40 [ 58.984564] ip6_finish_output2+0x1b6c/0x1f20 [ 58.989057] ip6_finish_output+0xb3f/0xc00 [ 58.993280] ip6_output+0x597/0x6c0 [ 58.996886] ? ip6_output+0x6c0/0x6c0 [ 59.000675] ? ac6_seq_show+0x200/0x200 [ 59.004633] ip6_local_out+0x573/0x640 [ 59.008502] ? __ip6_local_out+0x4f0/0x4f0 [ 59.012731] ip6_push_pending_frames+0x218/0x4d0 [ 59.017474] rawv6_sendmsg+0x4500/0x4cc0 [ 59.021516] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 59.026951] ? futex_wait_queue_me+0x687/0x710 [ 59.031519] ? compat_rawv6_ioctl+0x30/0x30 [ 59.035824] inet_sendmsg+0x48d/0x740 [ 59.039605] ? security_socket_sendmsg+0x9e/0x210 [ 59.044443] ? inet_getname+0x500/0x500 [ 59.048406] sock_write_iter+0x3b9/0x470 [ 59.052463] ? sock_read_iter+0x480/0x480 [ 59.056592] __vfs_write+0x719/0x910 [ 59.060288] vfs_write+0x463/0x8d0 [ 59.063826] SYSC_write+0x172/0x360 [ 59.067447] SyS_write+0x55/0x80 [ 59.070791] do_syscall_64+0x309/0x430 [ 59.074658] ? SYSC_read+0x360/0x360 [ 59.078354] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.083528] RIP: 0033:0x455259 [ 59.086695] RSP: 002b:00007f4a1a2dbc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 59.094381] RAX: ffffffffffffffda RBX: 00007f4a1a2dc6d4 RCX: 0000000000455259 [ 59.101634] RDX: 0000000000000857 RSI: 0000000020000180 RDI: 0000000000000013 [ 59.108886] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.116148] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.123407] R13: 00000000000006b9 R14: 00000000006fd1f8 R15: 0000000000000000 [ 59.131111] Dumping ftrace buffer: [ 59.134640] (ftrace buffer empty) [ 59.138322] Kernel Offset: disabled [ 59.141927] Rebooting in 86400 seconds..