INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.7' (ECDSA) to the list of known hosts. 2018/04/11 15:33:15 fuzzer started 2018/04/11 15:33:15 dialing manager at 10.128.0.26:36259 2018/04/11 15:33:21 kcov=true, comps=false 2018/04/11 15:33:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="180000002700638100000000000000000f0000000400070087265b1476e2f1d43dac4b88e68afaf96271d4d7706c55b712aeb5940f448fac6b806f5fc21f7a0b67055ca6d1feee675799c4c0f9326ff7f006a9bae4951cc4c0ff71b0e4213dc2d932c77486a9b9bcbc0680d5e7c51dfd375125cda73713512e4590af7a573d37b7721f3648d239cf2eeb78af638f432d260eef2d8e9b3767a033"], 0x1}, 0x1}, 0x0) 2018/04/11 15:33:24 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000060c0)=[{{&(0x7f0000005b40)=@can, 0x80, &(0x7f0000005fc0), 0x0, &(0x7f0000006040)=""/127, 0x7f}}], 0x1, 0x0, &(0x7f0000006240)={0x77359400}) connect$unix(r0, &(0x7f00000bc000)=@abs, 0x8) 2018/04/11 15:33:24 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000080)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000457000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) 2018/04/11 15:33:24 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000012000)={0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000a0eff0)={0x2, &(0x7f0000000000)=[{0x40, 0x0, 0x0, 0xfffdfffffff00000}, {0x6}]}, 0x10) 2018/04/11 15:33:24 executing program 4: syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000340)={[{@hide='hide', 0x2c}]}) 2018/04/11 15:33:24 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000000)=0x5, 0x4) syz_emit_ethernet(0x1, &(0x7f000010ef70)=ANY=[@ANYBLOB="cd390b081bf2ffffffffffff86dd6002290f00383a0000000000000000000000ffff00000000ff02000000000000000000000000000101009078000000006055cae200003a0000000000000000000000000000000000ff020000000000000000000000000001f600929f106531aa"], 0x0) 2018/04/11 15:33:24 executing program 5: quotactl(0x80000201, &(0x7f0000000180)='./file1\x00', 0x0, &(0x7f0000000000)) 2018/04/11 15:33:24 executing program 6: pipe2(&(0x7f0000989000)={0xffffffffffffffff}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) link(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./control/file0\x00') utimes(&(0x7f0000967000)='./file0\x00', &(0x7f00000000c0)={{0x77359400}}) dup2(r0, r1) syzkaller login: [ 40.528815] ip (3774) used greatest stack depth: 54672 bytes left [ 41.901396] ip (3909) used greatest stack depth: 54560 bytes left [ 41.960360] ip (3912) used greatest stack depth: 54296 bytes left [ 42.239348] ip (3939) used greatest stack depth: 54200 bytes left [ 44.080299] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.107461] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.136020] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.144488] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.156645] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.174504] ip (4106) used greatest stack depth: 53976 bytes left [ 44.202354] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.260684] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.374710] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.798667] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.978470] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.987520] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.060160] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.070357] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.184208] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.223758] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.342739] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.566112] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.572418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.584563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.815937] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.822410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.838998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.869070] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.878393] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.901754] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.909711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.937756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.978674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.014007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.036667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.054663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.076625] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.083805] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.095180] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.106614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.134792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.179224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.215149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.257641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.291240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/11 15:33:41 executing program 5: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000289000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000058000)={&(0x7f000023f000)=ANY=[@ANYBLOB="840008000000000002d27000ffffffff0000fffc0c00000000000000000000005b659a62290ffc380c2dbfdc5e9f13e1a04810d464fbc3b4c1b4e2bf501fb1bb949869c2984d914d9f04005e66cd4dd305f4c0700612dbc3080c91745fa158cf0d70309f7f1969136edfd73294c0356675ffff000044f2a432a15b4ce56aa166b5040d"], 0x83}, 0x1}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f000023f000)=0xa, 0x263) 2018/04/11 15:33:41 executing program 2: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.controllers\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f0000001d80)=[{{&(0x7f0000000000)=@in6={0xa, 0x4e21, 0x0, @loopback={0x0, 0x1}}, 0x1c, &(0x7f0000000040), 0x0, &(0x7f0000000080)}}, {{&(0x7f0000000a80)=@in={0x2, 0x4e22, @rand_addr}, 0x10, &(0x7f0000001bc0), 0x0, &(0x7f0000000040)=[{0x10, 0x0, 0x1}], 0x10}}], 0x2, 0x0) 2018/04/11 15:33:41 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) 2018/04/11 15:33:41 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c) sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000ff0)=[{&(0x7f0000000140)="0200", 0x2}], 0x1, &(0x7f0000003000)}, 0x2000c080) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000000000004000000000000000000000000000"], 0x2e) [ 55.506577] ================================================================== [ 55.514015] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4bee/0x4cc0 [ 55.520446] CPU: 1 PID: 5095 Comm: syz-executor2 Not tainted 4.16.0+ #83 [ 55.527293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.536640] Call Trace: [ 55.539233] dump_stack+0x185/0x1d0 [ 55.542862] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 55.547100] kmsan_report+0x142/0x240 [ 55.550900] __msan_warning_32+0x6c/0xb0 [ 55.554958] rawv6_sendmsg+0x4bee/0x4cc0 [ 55.559418] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 55.564874] ? futex_wait_queue_me+0x687/0x710 [ 55.569452] ? compat_rawv6_ioctl+0x30/0x30 [ 55.573754] inet_sendmsg+0x48d/0x740 [ 55.577537] ? security_socket_sendmsg+0x9e/0x210 [ 55.582363] ? inet_getname+0x500/0x500 [ 55.586328] sock_write_iter+0x3b9/0x470 [ 55.590420] ? sock_read_iter+0x480/0x480 [ 55.594567] __vfs_write+0x719/0x910 [ 55.598284] vfs_write+0x463/0x8d0 [ 55.601900] SYSC_write+0x172/0x360 [ 55.605520] SyS_write+0x55/0x80 [ 55.608873] do_syscall_64+0x309/0x430 [ 55.612753] ? SYSC_read+0x360/0x360 [ 55.616467] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 55.621652] RIP: 0033:0x455259 [ 55.624824] RSP: 002b:00007f6a6b15ec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.632512] RAX: ffffffffffffffda RBX: 00007f6a6b15f6d4 RCX: 0000000000455259 [ 55.639760] RDX: 000000000000002e RSI: 0000000020000180 RDI: 0000000000000013 [ 55.647021] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 55.654289] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 55.661542] R13: 00000000000006b9 R14: 00000000006fd1f8 R15: 0000000000000000 [ 55.668796] [ 55.670497] Uninit was stored to memory at: [ 55.674815] kmsan_internal_chain_origin+0x12b/0x210 [ 55.679904] kmsan_memcpy_origins+0x11d/0x170 [ 55.684400] __msan_memcpy+0x19f/0x1f0 [ 55.688627] skb_copy_bits+0x63a/0xdb0 [ 55.692508] rawv6_sendmsg+0x427e/0x4cc0 [ 55.696558] inet_sendmsg+0x48d/0x740 [ 55.700360] sock_write_iter+0x3b9/0x470 [ 55.704412] __vfs_write+0x719/0x910 [ 55.708107] vfs_write+0x463/0x8d0 [ 55.711639] SYSC_write+0x172/0x360 [ 55.715284] SyS_write+0x55/0x80 [ 55.718640] do_syscall_64+0x309/0x430 [ 55.722511] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 55.727682] Uninit was created at: [ 55.731212] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 55.736208] kmsan_alloc_page+0x82/0xe0 [ 55.740180] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 55.744930] alloc_pages_current+0x6b5/0x970 [ 55.749333] skb_page_frag_refill+0x3ba/0x5e0 [ 55.753817] sk_page_frag_refill+0xa4/0x340 [ 55.758125] __ip6_append_data+0x1a20/0x4bb0 [ 55.762523] ip6_append_data+0x40e/0x6b0 [ 55.767122] rawv6_sendmsg+0x2787/0x4cc0 [ 55.771190] inet_sendmsg+0x48d/0x740 [ 55.774979] sock_write_iter+0x3b9/0x470 [ 55.779040] __vfs_write+0x719/0x910 [ 55.782758] vfs_write+0x463/0x8d0 [ 55.786281] SYSC_write+0x172/0x360 [ 55.789887] SyS_write+0x55/0x80 [ 55.793235] do_syscall_64+0x309/0x430 [ 55.797117] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 55.802290] ================================================================== [ 55.809630] Disabling lock debugging due to kernel taint [ 55.815082] Kernel panic - not syncing: panic_on_warn set ... [ 55.815082] [ 55.822466] CPU: 1 PID: 5095 Comm: syz-executor2 Tainted: G B 4.16.0+ #83 [ 55.830595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.840104] Call Trace: [ 55.842681] dump_stack+0x185/0x1d0 [ 55.846299] panic+0x39d/0x940 [ 55.849489] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 55.853709] kmsan_report+0x238/0x240 [ 55.857523] __msan_warning_32+0x6c/0xb0 [ 55.861575] rawv6_sendmsg+0x4bee/0x4cc0 [ 55.865635] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 55.871071] ? futex_wait_queue_me+0x687/0x710 [ 55.875649] ? compat_rawv6_ioctl+0x30/0x30 [ 55.879958] inet_sendmsg+0x48d/0x740 [ 55.883759] ? security_socket_sendmsg+0x9e/0x210 [ 55.888584] ? inet_getname+0x500/0x500 [ 55.892545] sock_write_iter+0x3b9/0x470 [ 55.896594] ? sock_read_iter+0x480/0x480 [ 55.900727] __vfs_write+0x719/0x910 [ 55.904423] vfs_write+0x463/0x8d0 [ 55.907951] SYSC_write+0x172/0x360 [ 55.911573] SyS_write+0x55/0x80 [ 55.914934] do_syscall_64+0x309/0x430 [ 55.918809] ? SYSC_read+0x360/0x360 [ 55.922509] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 55.927684] RIP: 0033:0x455259 [ 55.930856] RSP: 002b:00007f6a6b15ec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.938557] RAX: ffffffffffffffda RBX: 00007f6a6b15f6d4 RCX: 0000000000455259 [ 55.945811] RDX: 000000000000002e RSI: 0000000020000180 RDI: 0000000000000013 [ 55.953071] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 55.960327] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 55.967586] R13: 00000000000006b9 R14: 00000000006fd1f8 R15: 0000000000000000 [ 55.975296] Dumping ftrace buffer: [ 55.978818] (ftrace buffer empty) [ 55.982501] Kernel Offset: disabled [ 55.986104] Rebooting in 86400 seconds..