INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.58' (ECDSA) to the list of known hosts. 2018/04/07 02:12:52 fuzzer started 2018/04/07 02:12:53 dialing manager at 10.128.0.26:38639 2018/04/07 02:13:00 kcov=true, comps=false 2018/04/07 02:13:02 executing program 0: r0 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x6) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) write$tun(r0, &(0x7f0000000140)={@pi, @hdr={0x3, 0x0, 0x0, 0x0, 0x40fa}, @eth={@link_local={0x1, 0x80, 0xc2}, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [{[], {0x8100}}], {@x25={0x805, {0x0, 0x0, 0x0, "cbb9a12bcd267dbdeb119e3b08"}}}}}, 0x30) 2018/04/07 02:13:02 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") open(&(0x7f0000000000)='./bus\x00', 0x100000141842, 0x0) syz_mount_image$ntfs(&(0x7f0000000440)='ntfs\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x1000, &(0x7f0000000740)=ANY=[]) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x7, 0x11, r1, 0x0) syz_mount_image$hfs(&(0x7f0000000040)='hfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000300), 0x0, 0x55c3}], 0x0, &(0x7f0000001500)=ANY=[]) read$eventfd(r0, &(0x7f0000000200), 0xfffffe08) 2018/04/07 02:13:02 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r1, 0x29, 0xd3, &(0x7f0000001000)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80}}, {0xa, 0x100000000000000, 0xffffffffffffffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x5c) setsockopt$inet_int(r0, 0x0, 0x40, &(0x7f0000000ffc), 0x4) 2018/04/07 02:13:02 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x8000000014, &(0x7f0000beeffc)=0xfffffffffffffffd, 0x4) sendto$inet(r0, &(0x7f0000a2d000), 0xffffffffffffff8e, 0x20000000, &(0x7f00007f4000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000d75000)={0x0, 0x400, 0x10000}, 0x14) setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f0000fb1ffc)=0x297, 0x4) 2018/04/07 02:13:02 executing program 5: r0 = socket(0x10, 0x80002, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000000)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) connect$netlink(r0, &(0x7f0000000100)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) sendto(r0, &(0x7f0000cfefee), 0x209, 0x0, 0x0, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000040)=0x993, 0x4) 2018/04/07 02:13:02 executing program 6: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4e}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000fb0ff8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r1, &(0x7f00007a4000)=[{&(0x7f0000000080)="0690f276511dad1a8c63a331d7dc56905fbb69157d47b52f5f77b19fc394b0e8f4df7e0606e947408eb4eb03ce1608308585c3beadecf0cc069604", 0x3b}], 0x1, 0x0) read(r0, &(0x7f00007b9000)=""/58, 0x3a) 2018/04/07 02:13:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00001edff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x14, 0x4) recvmsg(r0, &(0x7f0000000300)={&(0x7f00000001c0)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000280)}, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000c95ffd), 0x0, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) 2018/04/07 02:13:02 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000058ff7)='/dev/sg#\x00', 0x0, 0x40002) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) ioctl(r0, 0x1, &(0x7f000005affe)) syzkaller login: [ 42.941411] ip (3758) used greatest stack depth: 54688 bytes left [ 43.945917] ip (3855) used greatest stack depth: 54200 bytes left [ 46.559349] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.609138] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.622740] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.691846] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.717803] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.738481] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.786514] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.928594] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.324281] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.376850] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.434608] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.456531] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.535818] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.640218] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.648615] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.750074] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.052284] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.058566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.067829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.130801] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.137115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.152573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.184686] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.200369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.231538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.251873] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.264198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.303910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.329221] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.339172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.363611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.438865] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.445175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.453608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.493835] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.501965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.536604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.584078] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.590271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.602825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 02:13:19 executing program 6: perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x52a5, &(0x7f0000000580)=0x0) io_destroy(r0) [ 57.628025] syz-executor7: vmalloc: allocation failure: 17179869180 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 57.640078] syz-executor7 cpuset=syz7 mems_allowed=0 [ 57.645337] CPU: 0 PID: 5061 Comm: syz-executor7 Not tainted 4.16.0+ #81 [ 57.652213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.661583] Call Trace: [ 57.664222] dump_stack+0x185/0x1d0 [ 57.667897] warn_alloc+0x3fc/0x660 [ 57.671537] ================================================================== [ 57.678903] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0 [ 57.685653] CPU: 0 PID: 5061 Comm: syz-executor7 Not tainted 4.16.0+ #81 [ 57.692477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.701823] Call Trace: [ 57.704415] dump_stack+0x14a/0x1d0 [ 57.708049] ? kernel_text_address+0x248/0x3a0 [ 57.712636] kmsan_report+0x142/0x240 [ 57.716442] __msan_warning_32+0x6c/0xb0 [ 57.720509] kernel_text_address+0x248/0x3a0 [ 57.724922] __kernel_text_address+0x34/0xe0 [ 57.729332] show_trace_log_lvl+0x954/0x1030 [ 57.733743] ? __vmalloc_node_range+0xa6f/0x1140 [ 57.738512] show_stack+0xfc/0x150 [ 57.742053] ? print_worker_info+0x1b0/0x660 [ 57.746465] dump_stack+0x185/0x1d0 [ 57.750098] warn_alloc+0x3fc/0x660 [ 57.753753] ? __irqentry_text_end+0x1fb47e/0x1fb47e [ 57.758849] ? __vmalloc_node_range+0x10b/0x1140 [ 57.763589] __vmalloc_node_range+0xa6f/0x1140 [ 57.768162] __vmalloc_node_flags_caller+0x102/0x120 [ 57.773253] ? xt_alloc_entry_offsets+0x62/0x70 [ 57.777902] ? xt_alloc_entry_offsets+0x62/0x70 [ 57.782554] kvmalloc_node+0x2a6/0x2e0 [ 57.786428] xt_alloc_entry_offsets+0x62/0x70 [ 57.790907] translate_table+0x216/0x37c0 [ 57.795042] ? __kmalloc_node+0xdec/0x1190 [ 57.799265] ? kvmalloc_node+0x1a1/0x2e0 [ 57.803315] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 57.808659] do_ipt_set_ctl+0x60c/0x930 [ 57.812616] ? cleanup_entry+0x5a0/0x5a0 [ 57.816661] nf_setsockopt+0x476/0x4d0 [ 57.820532] ip_setsockopt+0x24b/0x2b0 [ 57.824405] ? ipv4_pktinfo_prepare+0x650/0x650 [ 57.829057] tcp_setsockopt+0x1bb/0x1f0 [ 57.833016] ? tcp_disconnect+0x15e0/0x15e0 [ 57.837323] sock_common_setsockopt+0x136/0x170 [ 57.841973] ? sock_common_recvmsg+0x270/0x270 [ 57.846535] SYSC_setsockopt+0x4b8/0x570 [ 57.850579] SyS_setsockopt+0x76/0xa0 [ 57.854365] do_syscall_64+0x309/0x430 [ 57.858235] ? SYSC_recv+0xe0/0xe0 [ 57.861762] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.866931] RIP: 0033:0x455259 [ 57.870100] RSP: 002b:00007f172610ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 57.877788] RAX: ffffffffffffffda RBX: 00007f172610b6d4 RCX: 0000000000455259 [ 57.885039] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013 [ 57.892291] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 57.899538] R10: 0000000020000ffc R11: 0000000000000246 R12: 00000000ffffffff [ 57.906785] R13: 000000000000056e R14: 00000000006fb2f0 R15: 0000000000000000 [ 57.914038] [ 57.915641] Local variable description: ----wait.i@try_charge [ 57.921502] Variable was created at: [ 57.925199] try_charge+0x105/0x2fd0 [ 57.928894] memcg_kmem_charge_memcg+0xda/0x280 [ 57.933535] ================================================================== [ 57.940871] Disabling lock debugging due to kernel taint [ 57.946297] Kernel panic - not syncing: panic_on_warn set ... [ 57.946297] [ 57.953643] CPU: 0 PID: 5061 Comm: syz-executor7 Tainted: G B 4.16.0+ #81 [ 57.961758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.971089] Call Trace: [ 57.973663] dump_stack+0x14a/0x1d0 [ 57.977275] panic+0x39d/0x940 [ 57.980466] ? kernel_text_address+0x248/0x3a0 [ 57.985035] kmsan_report+0x238/0x240 [ 57.988820] __msan_warning_32+0x6c/0xb0 [ 57.992865] kernel_text_address+0x248/0x3a0 [ 57.997257] __kernel_text_address+0x34/0xe0 [ 58.001652] show_trace_log_lvl+0x954/0x1030 [ 58.006047] ? __vmalloc_node_range+0xa6f/0x1140 [ 58.010790] show_stack+0xfc/0x150 [ 58.014311] ? print_worker_info+0x1b0/0x660 [ 58.018698] dump_stack+0x185/0x1d0 [ 58.022307] warn_alloc+0x3fc/0x660 [ 58.025929] ? __irqentry_text_end+0x1fb47e/0x1fb47e [ 58.031016] ? __vmalloc_node_range+0x10b/0x1140 [ 58.035760] __vmalloc_node_range+0xa6f/0x1140 [ 58.040326] __vmalloc_node_flags_caller+0x102/0x120 [ 58.045412] ? xt_alloc_entry_offsets+0x62/0x70 [ 58.050063] ? xt_alloc_entry_offsets+0x62/0x70 [ 58.054723] kvmalloc_node+0x2a6/0x2e0 [ 58.058597] xt_alloc_entry_offsets+0x62/0x70 [ 58.063076] translate_table+0x216/0x37c0 [ 58.067208] ? __kmalloc_node+0xdec/0x1190 [ 58.071425] ? kvmalloc_node+0x1a1/0x2e0 [ 58.075478] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 58.080823] do_ipt_set_ctl+0x60c/0x930 [ 58.084784] ? cleanup_entry+0x5a0/0x5a0 [ 58.088826] nf_setsockopt+0x476/0x4d0 [ 58.092698] ip_setsockopt+0x24b/0x2b0 [ 58.096571] ? ipv4_pktinfo_prepare+0x650/0x650 [ 58.101225] tcp_setsockopt+0x1bb/0x1f0 [ 58.105187] ? tcp_disconnect+0x15e0/0x15e0 [ 58.109493] sock_common_setsockopt+0x136/0x170 [ 58.114145] ? sock_common_recvmsg+0x270/0x270 [ 58.118713] SYSC_setsockopt+0x4b8/0x570 [ 58.122760] SyS_setsockopt+0x76/0xa0 [ 58.126544] do_syscall_64+0x309/0x430 [ 58.130411] ? SYSC_recv+0xe0/0xe0 [ 58.133937] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.139106] RIP: 0033:0x455259 [ 58.142274] RSP: 002b:00007f172610ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 58.149962] RAX: ffffffffffffffda RBX: 00007f172610b6d4 RCX: 0000000000455259 [ 58.157211] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013 [ 58.164457] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 58.171706] R10: 0000000020000ffc R11: 0000000000000246 R12: 00000000ffffffff [ 58.178954] R13: 000000000000056e R14: 00000000006fb2f0 R15: 0000000000000000 [ 58.186614] Dumping ftrace buffer: [ 58.190133] (ftrace buffer empty) [ 58.193816] Kernel Offset: disabled [ 58.197414] Rebooting in 86400 seconds..