INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
2018/04/12 18:33:07 fuzzer started
2018/04/12 18:33:07 dialing manager at 10.128.0.26:44405
2018/04/12 18:33:14 kcov=true, comps=false
2018/04/12 18:33:17 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = memfd_create(&(0x7f00000001c0)='\x00', 0x0)
ioctl$TUNDETACHFILTER(r1, 0x400854d6, 0x0)
fchdir(r0)
r2 = creat(&(0x7f0000000000)='./file1\x00', 0x41)
write$evdev(r2, &(0x7f0000000280), 0xffffffffffffffd4)
getsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000040), &(0x7f0000000080)=0x8)

2018/04/12 18:33:17 executing program 1:
r0 = socket$inet6(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c)
sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2f11", 0x2}], 0x1, &(0x7f0000000380)}, 0x8000)
sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="9214771a6a7acbed805dc6e00b676e09c5ad3c1cf6be52183e41698bc64826e76693de1c281679c076ae837d4c8b", 0x2e}], 0x1, &(0x7f0000003000)}, 0x0)

2018/04/12 18:33:17 executing program 7:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = memfd_create(&(0x7f00000001c0)='\x00', 0x0)
setsockopt$inet_dccp_int(r1, 0x21, 0xa, &(0x7f00000000c0)=0x7ff, 0x4)
fchdir(r0)
r2 = creat(&(0x7f0000000000)='./file1\x00', 0x41)
write$evdev(r2, &(0x7f0000000280), 0xffffffffffffffd4)

2018/04/12 18:33:17 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'ip6_vti0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000002b80)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4000000010000100000000000000000000000000", @ANYBLOB="0000000000000000140003006970365f7674693000000000000000000c000100aaaaaaaaaa000000a3197339cc7d635732f3ec4300955c18096c74da332a98ad655e52b1adb54c804b75f608921fd9fb1cbd8d53a1cc2be1157ed840105ac479c3954717fe43c07e59eaba5f7ffdb4818c5718e2aae42f372d69c707e3d306acc71cfb9a0f710a75d83112f446a678e74a8ace42af39a4ce0f2b469acb794d0cb7bb9e7d9e3b8900a067eac7076f30475fc3cd8d522ab8f184ad964f89f0a27127387c18632d8028d51333a3c79da84ed3ca3bf59160de9b04ddc77aa43cde310ccc4e1bc30581c3a5c5b0bbca8426f7f08db34fb1d391"], 0x2}, 0x1}, 0x0)

2018/04/12 18:33:17 executing program 3:

2018/04/12 18:33:17 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f000037c000)="170000001a001bed0000132100f404fffffffffffffff7", 0x17)

2018/04/12 18:33:17 executing program 5:
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000fc7000)={0x5, 0xa, 0x4000000000080, 0x2}, 0x14)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f000051e000)={r0, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000fccff0)={r0, &(0x7f0000fce000)}, 0x56)

2018/04/12 18:33:17 executing program 6:
r0 = socket$inet6(0xa, 0x806, 0x0)
connect$inet6(r0, &(0x7f000000cfe4)={0xa}, 0x1c)

syzkaller login: [   44.816441] ip (3684) used greatest stack depth: 54944 bytes left
[   44.937658] ip (3695) used greatest stack depth: 54672 bytes left
[   45.477737] ip (3746) used greatest stack depth: 54312 bytes left
[   46.294159] ip (3828) used greatest stack depth: 53976 bytes left
[   48.215929] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.382939] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.483204] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.514161] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.551265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.634225] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.673949] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.729936] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   57.183294] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.338529] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.427630] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.435861] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.454094] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.510901] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.620101] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.761705] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.937343] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.943616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.956630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.101953] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   58.108275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.121588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.179912] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   58.186178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.198654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.228632] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   58.237570] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   58.254780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.264375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.291686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.326312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.352698] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   58.358961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.377618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.400461] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   58.407918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.425385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.648021] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   58.654336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.670576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.876702] ==================================================================
[   59.884115] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4bee/0x4cc0
[   59.890523] CPU: 0 PID: 4998 Comm: syz-executor1 Not tainted 4.16.0+ #83
[   59.897358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.906710] Call Trace:
[   59.909302]  dump_stack+0x185/0x1d0
[   59.912941]  ? rawv6_sendmsg+0x4bee/0x4cc0
[   59.917176]  kmsan_report+0x142/0x240
[   59.920981]  __msan_warning_32+0x6c/0xb0
[   59.925044]  rawv6_sendmsg+0x4bee/0x4cc0
[   59.929119]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[   59.934483]  ? rw_copy_check_uvector+0x5af/0x6c0
[   59.939256]  ? compat_rawv6_ioctl+0x30/0x30
[   59.943576]  inet_sendmsg+0x48d/0x740
[   59.947374]  ? security_socket_sendmsg+0x9e/0x210
[   59.952221]  ? inet_getname+0x500/0x500
[   59.956200]  ___sys_sendmsg+0xec0/0x1310
[   59.960266]  ? __fdget+0x4e/0x60
[   59.963633]  ? __fget_light+0x56/0x710
[   59.967516]  ? __fdget+0x4e/0x60
[   59.970883]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   59.976245]  ? __fget_light+0x6b9/0x710
[   59.980231]  SYSC_sendmsg+0x2a3/0x3d0
[   59.985172]  SyS_sendmsg+0x54/0x80
[   59.988719]  do_syscall_64+0x309/0x430
[   59.992611]  ? ___sys_sendmsg+0x1310/0x1310
[   59.996940]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   60.002124] RIP: 0033:0x455279
[   60.005315] RSP: 002b:00007f7cecd6cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.013023] RAX: ffffffffffffffda RBX: 00007f7cecd6d6d4 RCX: 0000000000455279
[   60.020291] RDX: 0000000000000000 RSI: 0000000020007000 RDI: 0000000000000013
[   60.027561] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   60.034822] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   60.042087] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000
[   60.049357] 
[   60.051149] Uninit was stored to memory at:
[   60.055559]  kmsan_internal_chain_origin+0x12b/0x210
[   60.060659]  kmsan_memcpy_origins+0x11d/0x170
[   60.065152]  __msan_memcpy+0x19f/0x1f0
[   60.069034]  skb_copy_bits+0x63a/0xdb0
[   60.072920]  rawv6_sendmsg+0x427e/0x4cc0
[   60.076979]  inet_sendmsg+0x48d/0x740
[   60.080780]  ___sys_sendmsg+0xec0/0x1310
[   60.084838]  SYSC_sendmsg+0x2a3/0x3d0
[   60.088645]  SyS_sendmsg+0x54/0x80
[   60.092180]  do_syscall_64+0x309/0x430
[   60.096069]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   60.101248] Uninit was created at:
[   60.104789]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   60.109798]  kmsan_alloc_page+0x82/0xe0
[   60.113772]  __alloc_pages_nodemask+0xf5b/0x5dc0
[   60.118523]  alloc_pages_current+0x6b5/0x970
[   60.122930]  skb_page_frag_refill+0x3ba/0x5e0
[   60.127419]  sk_page_frag_refill+0xa4/0x340
[   60.131748]  __ip6_append_data+0x1a20/0x4bb0
[   60.136159]  ip6_append_data+0x40e/0x6b0
[   60.140220]  rawv6_sendmsg+0x2787/0x4cc0
[   60.144279]  inet_sendmsg+0x48d/0x740
[   60.148100]  ___sys_sendmsg+0xec0/0x1310
[   60.152160]  SYSC_sendmsg+0x2a3/0x3d0
[   60.155956]  SyS_sendmsg+0x54/0x80
[   60.159496]  do_syscall_64+0x309/0x430
[   60.163385]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   60.168560] ==================================================================
[   60.175907] Disabling lock debugging due to kernel taint
[   60.181347] Kernel panic - not syncing: panic_on_warn set ...
[   60.181347] 
[   60.188708] CPU: 0 PID: 4998 Comm: syz-executor1 Tainted: G    B            4.16.0+ #83
[   60.196838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.206179] Call Trace:
[   60.208769]  dump_stack+0x185/0x1d0
[   60.212402]  panic+0x39d/0x940
[   60.215613]  ? rawv6_sendmsg+0x4bee/0x4cc0
[   60.219852]  kmsan_report+0x238/0x240
[   60.223658]  __msan_warning_32+0x6c/0xb0
[   60.227718]  rawv6_sendmsg+0x4bee/0x4cc0
[   60.231786]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[   60.237158]  ? rw_copy_check_uvector+0x5af/0x6c0
[   60.241931]  ? compat_rawv6_ioctl+0x30/0x30
[   60.246255]  inet_sendmsg+0x48d/0x740
[   60.250054]  ? security_socket_sendmsg+0x9e/0x210
[   60.254900]  ? inet_getname+0x500/0x500
[   60.259369]  ___sys_sendmsg+0xec0/0x1310
[   60.263438]  ? __fdget+0x4e/0x60
[   60.266809]  ? __fget_light+0x56/0x710
[   60.270697]  ? __fdget+0x4e/0x60
[   60.274069]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   60.279428]  ? __fget_light+0x6b9/0x710
[   60.283409]  SYSC_sendmsg+0x2a3/0x3d0
[   60.287215]  SyS_sendmsg+0x54/0x80
[   60.290756]  do_syscall_64+0x309/0x430
[   60.294649]  ? ___sys_sendmsg+0x1310/0x1310
[   60.298976]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   60.304159] RIP: 0033:0x455279
[   60.307340] RSP: 002b:00007f7cecd6cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.315047] RAX: ffffffffffffffda RBX: 00007f7cecd6d6d4 RCX: 0000000000455279
[   60.322316] RDX: 0000000000000000 RSI: 0000000020007000 RDI: 0000000000000013
[   60.329576] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   60.336842] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   60.344106] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000
[   60.351822] Dumping ftrace buffer:
[   60.355344]    (ftrace buffer empty)
[   60.359036] Kernel Offset: disabled
[   60.362639] Rebooting in 86400 seconds..