INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts.
2018/04/07 05:51:24 fuzzer started
2018/04/07 05:51:24 dialing manager at 10.128.0.26:38639
2018/04/07 05:51:31 kcov=true, comps=false
2018/04/07 05:51:33 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000aba000)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x4, 0x40000a, 0xe05}, 0x14}, 0x1}, 0x0)

2018/04/07 05:51:33 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192300a11680040d8c560a0600090020e000fffffffffffffc01000004ca7f64643e89e40296788e8f94fdfbf51000020000f500bc00165923cd5dfffff50000220007000100040005007c0b1505d0ee4048", 0x58}], 0x1)

2018/04/07 05:51:33 executing program 7:
r0 = socket$inet(0x2, 0x3, 0x21)
sendmsg(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000000700)}, 0x8000)
sendto$inet(r0, &(0x7f0000000100)="d57949f20aed308be0a42f92ec763f06ffed62d98adf9a8a70f4218a94fc7faa965689d7a2b4540e5b66a68c1c2fea5b", 0x30, 0x0, &(0x7f0000000140)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)

2018/04/07 05:51:33 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000addfc8)={&(0x7f0000000340)={0x10}, 0xc, &(0x7f0000900000)={&(0x7f0000000140)=@ipv6_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {0xa}, [@RTA_PREF={0x8, 0x14}, @RTA_UID={0x8, 0x19}]}, 0x2c}, 0x1}, 0x0)

2018/04/07 05:51:33 executing program 3:
r0 = socket(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000c50000)={0x2, &(0x7f0000000000)=[{0x3}, {0x6}]}, 0x8)

2018/04/07 05:51:33 executing program 4:
r0 = socket(0x10, 0x802, 0x0)
write(r0, &(0x7f0000000000)="22000000150007010009d6f4000100040a0800000100000009000100000100000115", 0x22)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000200), &(0x7f00000002c0)=0x8)

2018/04/07 05:51:33 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f00008f0a07)='pagemap\x00')
pread64(r0, &(0x7f0000000040)=""/8, 0xfffffffffffffdfa, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000))

2018/04/07 05:51:33 executing program 6:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001f88)={0x1, 0x70, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000091b000)}}, 0x0, 0x0, r0, 0x0)

syzkaller login: [   43.844455] ip (3744) used greatest stack depth: 54192 bytes left
[   45.098556] ip (3865) used greatest stack depth: 53960 bytes left
[   47.446585] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.664859] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.692638] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.743991] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.766934] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.801005] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.882098] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   47.918433] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   56.341177] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.424459] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.520846] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.533104] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.563369] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.618894] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.643957] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.951404] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   57.108160] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.114405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.124910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.156146] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.162365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.172723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.249263] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.255530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.268901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.300269] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.307759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.342629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.376435] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.388079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.410276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.452354] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.459445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.473988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.496170] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.502648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.512799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.750143] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   57.756434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.766838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/07 05:51:50 executing program 2:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa})
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = dup(r2)
getsockopt$inet6_tcp_int(r3, 0x6, 0x1c, &(0x7f00000001c0), &(0x7f0000012ffc)=0x2b8)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
dup3(r1, r0, 0x0)

[   58.442956] netlink: 'syz-executor1': attribute type 20 has an invalid length.
[   58.638720] ==================================================================
[   58.646136] BUG: KMSAN: uninit-value in dccp_invalid_packet+0x3b8/0xf50
[   58.652888] CPU: 0 PID: 5062 Comm: syz-executor7 Not tainted 4.16.0+ #81
[   58.659717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.669062] Call Trace:
[   58.671637]  <IRQ>
[   58.673790]  dump_stack+0x185/0x1d0
[   58.677419]  ? dccp_invalid_packet+0x3b8/0xf50
[   58.681997]  kmsan_report+0x142/0x240
[   58.685797]  __msan_warning_32+0x6c/0xb0
[   58.689865]  dccp_invalid_packet+0x3b8/0xf50
[   58.694275]  ? ip_local_deliver_finish+0x6ed/0xd40
[   58.699200]  ? ip_local_deliver_finish+0x6ed/0xd40
[   58.704127]  dccp_v4_rcv+0xf7/0x2630
[   58.707839]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   58.713201]  ? raw_local_deliver+0x1462/0x1470
[   58.717786]  ? ip_local_deliver_finish+0x4a5/0xd40
[   58.722717]  ? local_bh_enable+0x40/0x40
[   58.726777]  ? local_bh_enable+0x40/0x40
[   58.730844]  ip_local_deliver_finish+0x6ed/0xd40
[   58.735603]  ip_local_deliver+0x43c/0x4e0
[   58.739744]  ? ip_local_deliver+0x4e0/0x4e0
[   58.744063]  ? ip_call_ra_chain+0x7b0/0x7b0
[   58.748377]  ip_rcv_finish+0x1253/0x16d0
[   58.752440]  ip_rcv+0x119d/0x16f0
[   58.755885]  ? ip_rcv+0x16f0/0x16f0
[   58.759517]  __netif_receive_skb_core+0x47cf/0x4a80
[   58.764532]  ? try_to_wake_up+0x1ab2/0x20a0
[   58.768856]  ? kmsan_internal_memset_shadow_inline+0xd0/0xd0
[   58.774651]  ? ip_local_deliver_finish+0xd40/0xd40
[   58.779581]  process_backlog+0x62d/0xe20
[   58.783644]  ? rps_trigger_softirq+0x2f0/0x2f0
[   58.788221]  net_rx_action+0x7c1/0x1a70
[   58.792194]  ? net_tx_action+0xab0/0xab0
[   58.796253]  __do_softirq+0x56d/0x93d
[   58.800053]  do_softirq_own_stack+0x2a/0x40
[   58.804361]  </IRQ>
[   58.806610]  __local_bh_enable_ip+0x114/0x140
[   58.811121]  local_bh_enable+0x36/0x40
[   58.815003]  ip_finish_output2+0x124e/0x1380
[   58.819413]  ip_finish_output+0xcb0/0xff0
[   58.823567]  ip_output+0x502/0x5c0
[   58.827099]  ? ip_mc_finish_output+0x3b0/0x3b0
[   58.831676]  ? ip_finish_output+0xff0/0xff0
[   58.835990]  ip_send_skb+0x5f3/0x820
[   58.839697]  ? __ip_local_out+0x5b0/0x5b0
[   58.843850]  ip_push_pending_frames+0x105/0x170
[   58.848516]  raw_sendmsg+0x2960/0x3ed0
[   58.852419]  ? compat_raw_ioctl+0x100/0x100
[   58.856734]  inet_sendmsg+0x48d/0x740
[   58.860528]  ? security_socket_sendmsg+0x9e/0x210
[   58.865370]  ? inet_getname+0x500/0x500
[   58.869341]  SYSC_sendto+0x6c3/0x7e0
[   58.873052]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[   58.878498]  ? prepare_exit_to_usermode+0x149/0x3a0
[   58.883521]  SyS_sendto+0x8a/0xb0
[   58.886971]  do_syscall_64+0x309/0x430
[   58.890861]  ? SYSC_getpeername+0x560/0x560
[   58.895179]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.900358] RIP: 0033:0x455259
[   58.903537] RSP: 002b:00007f9cad57fc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   58.911240] RAX: ffffffffffffffda RBX: 00007f9cad5806d4 RCX: 0000000000455259
[   58.918505] RDX: 0000000000000030 RSI: 0000000020000100 RDI: 0000000000000013
[   58.925773] RBP: 000000000072bea0 R08: 0000000020000140 R09: 0000000000000010
[   58.933037] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   58.940304] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000
[   58.947562] 
[   58.949168] Uninit was stored to memory at:
[   58.953478]  kmsan_internal_chain_origin+0x12b/0x210
[   58.958554]  kmsan_memcpy_origins+0x11d/0x170
[   58.963031]  __msan_memcpy+0x19f/0x1f0
[   58.966904]  skb_copy_bits+0x63a/0xdb0
[   58.970766]  __pskb_pull_tail+0x483/0x22e0
[   58.974976]  dccp_invalid_packet+0x352/0xf50
[   58.979360]  dccp_v4_rcv+0xf7/0x2630
[   58.983052]  ip_local_deliver_finish+0x6ed/0xd40
[   58.987797]  ip_local_deliver+0x43c/0x4e0
[   58.991926]  ip_rcv_finish+0x1253/0x16d0
[   58.995962]  ip_rcv+0x119d/0x16f0
[   58.999392]  __netif_receive_skb_core+0x47cf/0x4a80
[   59.004383]  process_backlog+0x62d/0xe20
[   59.008421]  net_rx_action+0x7c1/0x1a70
[   59.012374]  __do_softirq+0x56d/0x93d
[   59.016145] Uninit was created at:
[   59.019669]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   59.024659]  kmsan_alloc_page+0x82/0xe0
[   59.028618]  __alloc_pages_nodemask+0xf5b/0x5dc0
[   59.033363]  alloc_pages_current+0x6b5/0x970
[   59.037758]  skb_page_frag_refill+0x3ba/0x5e0
[   59.042245]  sk_page_frag_refill+0xa4/0x340
[   59.046557]  __ip_append_data+0x107e/0x3d10
[   59.050860]  ip_append_data+0x2fb/0x440
[   59.054808]  raw_sendmsg+0x287b/0x3ed0
[   59.058681]  inet_sendmsg+0x48d/0x740
[   59.062457]  SYSC_sendto+0x6c3/0x7e0
[   59.066150]  SyS_sendto+0x8a/0xb0
[   59.069577]  do_syscall_64+0x309/0x430
[   59.073439]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   59.078598] ==================================================================
[   59.085933] Disabling lock debugging due to kernel taint
[   59.091364] Kernel panic - not syncing: panic_on_warn set ...
[   59.091364] 
[   59.098703] CPU: 0 PID: 5062 Comm: syz-executor7 Tainted: G    B            4.16.0+ #81
[   59.106813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.116143] Call Trace:
[   59.118700]  <IRQ>
[   59.120841]  dump_stack+0x185/0x1d0
[   59.124465]  panic+0x39d/0x940
[   59.127654]  ? dccp_invalid_packet+0x3b8/0xf50
[   59.132212]  kmsan_report+0x238/0x240
[   59.135992]  __msan_warning_32+0x6c/0xb0
[   59.140041]  dccp_invalid_packet+0x3b8/0xf50
[   59.144433]  ? ip_local_deliver_finish+0x6ed/0xd40
[   59.149337]  ? ip_local_deliver_finish+0x6ed/0xd40
[   59.154247]  dccp_v4_rcv+0xf7/0x2630
[   59.157946]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   59.163289]  ? raw_local_deliver+0x1462/0x1470
[   59.167854]  ? ip_local_deliver_finish+0x4a5/0xd40
[   59.172764]  ? local_bh_enable+0x40/0x40
[   59.176811]  ? local_bh_enable+0x40/0x40
[   59.180851]  ip_local_deliver_finish+0x6ed/0xd40
[   59.185584]  ip_local_deliver+0x43c/0x4e0
[   59.189716]  ? ip_local_deliver+0x4e0/0x4e0
[   59.194034]  ? ip_call_ra_chain+0x7b0/0x7b0
[   59.198338]  ip_rcv_finish+0x1253/0x16d0
[   59.202388]  ip_rcv+0x119d/0x16f0
[   59.205826]  ? ip_rcv+0x16f0/0x16f0
[   59.209438]  __netif_receive_skb_core+0x47cf/0x4a80
[   59.214431]  ? try_to_wake_up+0x1ab2/0x20a0
[   59.218727]  ? kmsan_internal_memset_shadow_inline+0xd0/0xd0
[   59.224512]  ? ip_local_deliver_finish+0xd40/0xd40
[   59.229425]  process_backlog+0x62d/0xe20
[   59.233470]  ? rps_trigger_softirq+0x2f0/0x2f0
[   59.238042]  net_rx_action+0x7c1/0x1a70
[   59.242015]  ? net_tx_action+0xab0/0xab0
[   59.246062]  __do_softirq+0x56d/0x93d
[   59.249846]  do_softirq_own_stack+0x2a/0x40
[   59.254138]  </IRQ>
[   59.256352]  __local_bh_enable_ip+0x114/0x140
[   59.260823]  local_bh_enable+0x36/0x40
[   59.264697]  ip_finish_output2+0x124e/0x1380
[   59.269092]  ip_finish_output+0xcb0/0xff0
[   59.273226]  ip_output+0x502/0x5c0
[   59.276752]  ? ip_mc_finish_output+0x3b0/0x3b0
[   59.281310]  ? ip_finish_output+0xff0/0xff0
[   59.285616]  ip_send_skb+0x5f3/0x820
[   59.289315]  ? __ip_local_out+0x5b0/0x5b0
[   59.293455]  ip_push_pending_frames+0x105/0x170
[   59.298117]  raw_sendmsg+0x2960/0x3ed0
[   59.301999]  ? compat_raw_ioctl+0x100/0x100
[   59.306303]  inet_sendmsg+0x48d/0x740
[   59.310082]  ? security_socket_sendmsg+0x9e/0x210
[   59.314913]  ? inet_getname+0x500/0x500
[   59.318886]  SYSC_sendto+0x6c3/0x7e0
[   59.322595]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[   59.328042]  ? prepare_exit_to_usermode+0x149/0x3a0
[   59.333064]  SyS_sendto+0x8a/0xb0
[   59.336512]  do_syscall_64+0x309/0x430
[   59.340397]  ? SYSC_getpeername+0x560/0x560
[   59.344717]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   59.349899] RIP: 0033:0x455259
[   59.353074] RSP: 002b:00007f9cad57fc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   59.360761] RAX: ffffffffffffffda RBX: 00007f9cad5806d4 RCX: 0000000000455259
[   59.368023] RDX: 0000000000000030 RSI: 0000000020000100 RDI: 0000000000000013
[   59.375283] RBP: 000000000072bea0 R08: 0000000020000140 R09: 0000000000000010
[   59.382535] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   59.389784] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000
[   59.397450] Dumping ftrace buffer:
[   59.400967]    (ftrace buffer empty)
[   59.404649] Kernel Offset: disabled
[   59.408245] Rebooting in 86400 seconds..