INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. 2018/04/09 11:47:03 fuzzer started 2018/04/09 11:47:03 dialing manager at 10.128.0.26:38911 2018/04/09 11:47:09 kcov=true, comps=false 2018/04/09 11:47:12 executing program 0: socketpair$packet(0x11, 0x0, 0x300, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setlease(r0, 0x400, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0x1) 2018/04/09 11:47:12 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r1 = memfd_create(&(0x7f0000000100)="237d00d3fc1ee4671fbaa0a455e73e678b8e96f7fd829d4d39f1828ebf765e220913b73db94f6d495077c32cf6d22b4c4f8d", 0x0) ftruncate(r1, 0x40001) sendfile(r0, r1, &(0x7f000000a000), 0x7ffff) 2018/04/09 11:47:12 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000140)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000080), 0x102000004) sync() dup2(r1, r0) 2018/04/09 11:47:12 executing program 4: 2018/04/09 11:47:12 executing program 2: 2018/04/09 11:47:12 executing program 3: 2018/04/09 11:47:12 executing program 5: 2018/04/09 11:47:12 executing program 6: syzkaller login: [ 44.323374] ip (3766) used greatest stack depth: 54688 bytes left [ 44.607469] ip (3791) used greatest stack depth: 54672 bytes left [ 45.255684] ip (3852) used greatest stack depth: 54200 bytes left [ 47.832110] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.894912] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.948484] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.155849] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.224925] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.247403] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.256778] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.359237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.690265] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.870840] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.896596] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.206834] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.353459] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.439951] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.460819] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.480729] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.487084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.503677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.528566] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.650771] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.657870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.666730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.741996] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.750143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.768237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.010788] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.017326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.029112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.192244] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.198568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.209623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.267198] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.273583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.292663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.320328] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.329751] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.336549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.373704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.412267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.437695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/09 11:47:31 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000140)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000080), 0x102000004) sync() dup2(r1, r0) 2018/04/09 11:47:31 executing program 4: 2018/04/09 11:47:31 executing program 5: 2018/04/09 11:47:31 executing program 6: sendto$inet6(0xffffffffffffffff, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000001d40)={'lo\x00'}) 2018/04/09 11:47:31 executing program 2: 2018/04/09 11:47:31 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000002fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000ff0)=[{&(0x7f0000000000)="ef6d", 0x2}], 0x1, &(0x7f0000026000)}, 0x2000c080) write(r0, &(0x7f0000000100)="d09f9f171299", 0x6) 2018/04/09 11:47:31 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000140)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000040)="aa", 0x1}], 0x1, 0x81006) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000080), 0x102000004) sync() dup2(r1, r0) 2018/04/09 11:47:31 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r1 = memfd_create(&(0x7f0000000100)="237d00d3fc1ee4671fbaa0a455e73e678b8e96f7fd829d4d39f1828ebf765e220913b73db94f6d495077c32cf6d22b4c4f8d", 0x0) ftruncate(r1, 0x40001) sendfile(r0, r1, &(0x7f000000a000), 0x7ffff) [ 60.261797] ================================================================== [ 60.269239] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4bee/0x4cc0 [ 60.275654] CPU: 0 PID: 5089 Comm: syz-executor3 Not tainted 4.16.0+ #82 [ 60.282497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.291857] Call Trace: [ 60.294460] dump_stack+0x185/0x1d0 [ 60.298096] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 60.302337] kmsan_report+0x142/0x240 [ 60.306152] __msan_warning_32+0x6c/0xb0 [ 60.310223] rawv6_sendmsg+0x4bee/0x4cc0 [ 60.314305] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 60.319769] ? futex_wait_queue_me+0x687/0x710 [ 60.324380] ? compat_rawv6_ioctl+0x30/0x30 [ 60.328716] inet_sendmsg+0x48d/0x740 [ 60.332526] ? security_socket_sendmsg+0x9e/0x210 [ 60.337376] ? inet_getname+0x500/0x500 [ 60.341340] sock_write_iter+0x3b9/0x470 [ 60.345398] ? sock_read_iter+0x480/0x480 [ 60.349537] __vfs_write+0x719/0x910 [ 60.353240] vfs_write+0x463/0x8d0 [ 60.356773] SYSC_write+0x172/0x360 [ 60.360392] SyS_write+0x55/0x80 [ 60.363746] do_syscall_64+0x309/0x430 [ 60.367620] ? SYSC_read+0x360/0x360 [ 60.371323] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.376493] RIP: 0033:0x455259 [ 60.379667] RSP: 002b:00007fd43f294c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 60.387369] RAX: ffffffffffffffda RBX: 00007fd43f2956d4 RCX: 0000000000455259 [ 60.394626] RDX: 0000000000000006 RSI: 0000000020000100 RDI: 0000000000000013 [ 60.401884] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.409226] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.416483] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000000 [ 60.423741] [ 60.425347] Uninit was stored to memory at: [ 60.429656] kmsan_internal_chain_origin+0x12b/0x210 [ 60.434740] kmsan_memcpy_origins+0x11d/0x170 [ 60.439216] __msan_memcpy+0x19f/0x1f0 [ 60.443088] skb_copy_bits+0x63a/0xdb0 [ 60.446957] rawv6_sendmsg+0x427e/0x4cc0 [ 60.451006] inet_sendmsg+0x48d/0x740 [ 60.454795] sock_write_iter+0x3b9/0x470 [ 60.458878] __vfs_write+0x719/0x910 [ 60.462939] vfs_write+0x463/0x8d0 [ 60.466464] SYSC_write+0x172/0x360 [ 60.470077] SyS_write+0x55/0x80 [ 60.473428] do_syscall_64+0x309/0x430 [ 60.477301] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.482466] Uninit was created at: [ 60.486003] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 60.491006] kmsan_alloc_page+0x82/0xe0 [ 60.494968] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 60.499794] alloc_pages_current+0x6b5/0x970 [ 60.504199] skb_page_frag_refill+0x3ba/0x5e0 [ 60.508688] sk_page_frag_refill+0xa4/0x340 [ 60.512993] __ip6_append_data+0x1a20/0x4bb0 [ 60.517385] ip6_append_data+0x40e/0x6b0 [ 60.521427] rawv6_sendmsg+0x2787/0x4cc0 [ 60.525472] inet_sendmsg+0x48d/0x740 [ 60.529268] sock_write_iter+0x3b9/0x470 [ 60.533328] __vfs_write+0x719/0x910 [ 60.537031] vfs_write+0x463/0x8d0 [ 60.540558] SYSC_write+0x172/0x360 [ 60.544173] SyS_write+0x55/0x80 [ 60.547528] do_syscall_64+0x309/0x430 [ 60.551408] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.556586] ================================================================== [ 60.563929] Disabling lock debugging due to kernel taint [ 60.569369] Kernel panic - not syncing: panic_on_warn set ... [ 60.569369] [ 60.576727] CPU: 0 PID: 5089 Comm: syz-executor3 Tainted: G B 4.16.0+ #82 [ 60.584880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.594225] Call Trace: [ 60.596812] dump_stack+0x185/0x1d0 [ 60.600431] panic+0x39d/0x940 [ 60.603628] ? rawv6_sendmsg+0x4bee/0x4cc0 [ 60.607855] kmsan_report+0x238/0x240 [ 60.611649] __msan_warning_32+0x6c/0xb0 [ 60.615875] rawv6_sendmsg+0x4bee/0x4cc0 [ 60.619930] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 60.625371] ? futex_wait_queue_me+0x687/0x710 [ 60.629955] ? compat_rawv6_ioctl+0x30/0x30 [ 60.634357] inet_sendmsg+0x48d/0x740 [ 60.638140] ? security_socket_sendmsg+0x9e/0x210 [ 60.642966] ? inet_getname+0x500/0x500 [ 60.646937] sock_write_iter+0x3b9/0x470 [ 60.650996] ? sock_read_iter+0x480/0x480 [ 60.655137] __vfs_write+0x719/0x910 [ 60.658846] vfs_write+0x463/0x8d0 [ 60.662375] SYSC_write+0x172/0x360 [ 60.665991] SyS_write+0x55/0x80 [ 60.669353] do_syscall_64+0x309/0x430 [ 60.673236] ? SYSC_read+0x360/0x360 [ 60.676962] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.682139] RIP: 0033:0x455259 [ 60.685312] RSP: 002b:00007fd43f294c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 60.693006] RAX: ffffffffffffffda RBX: 00007fd43f2956d4 RCX: 0000000000455259 [ 60.700264] RDX: 0000000000000006 RSI: 0000000020000100 RDI: 0000000000000013 [ 60.707526] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 60.714783] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.722038] R13: 00000000000006b6 R14: 00000000006fd1b0 R15: 0000000000000000 [ 60.729943] Dumping ftrace buffer: [ 60.733467] (ftrace buffer empty) [ 60.737152] Kernel Offset: disabled [ 60.740756] Rebooting in 86400 seconds..