INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. 2018/04/07 01:14:54 fuzzer started 2018/04/07 01:14:54 dialing manager at 10.128.0.26:38639 2018/04/07 01:15:00 kcov=true, comps=false 2018/04/07 01:15:03 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x20000000004e24, @multicast2=0xe0000002}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) 2018/04/07 01:15:03 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x46, &(0x7f0000006280)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x6, "7f69a2", 0x10, 0x0, 0x0, @empty, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "2a7e1d", 0x0, "1fe189"}}}}}}}, &(0x7f0000775000)) 2018/04/07 01:15:03 executing program 4: syz_emit_ethernet(0x3e, &(0x7f0000660000)={@link_local={0x1, 0x80, 0xc2}, @random="e2701bb60689", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast=0xffffffff}, @icmp=@parameter_prob={0x21, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @multicast1=0xe0000001}}}}}}, &(0x7f0000000000)) 2018/04/07 01:15:03 executing program 7: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00002e9000)='task\x00') getdents(r0, &(0x7f0000720fd4)=""/44, 0x1b3) 2018/04/07 01:15:03 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f000089b000)=0xffffffffffffffff, 0x4) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x807}, 0x1c) sendmmsg(r0, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000000290000000b0000006e5e0f64"], 0x10}}], 0x1, 0x0) 2018/04/07 01:15:03 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0xcc, &(0x7f0000000000), 0xfffffc5e) 2018/04/07 01:15:03 executing program 3: socket$inet_sctp(0x2, 0x1, 0x84) syz_emit_ethernet(0x4e, &(0x7f0000005faa)={@random="ff3997ffcd00", @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "c8fba2", 0x18, 0x4000ffffff88, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@mld={0x0, 0xd, 0x0, 0x4, 0x18, @mcast2={0xff, 0x2, [], 0x1}}}}}}}, 0x0) 2018/04/07 01:15:03 executing program 6: r0 = socket$inet(0x2, 0x3, 0x11) sendmsg(r0, &(0x7f00000008c0)={&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x10, &(0x7f0000000640), 0x0, &(0x7f0000000700)}, 0x8000) sendmsg(r0, &(0x7f0000000380)={&(0x7f0000000240)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)="b3dc02c16be45dc0", 0x8}], 0x1, &(0x7f0000000140)}, 0x0) syzkaller login: [ 42.021269] ip (3750) used greatest stack depth: 54672 bytes left [ 42.537635] ip (3800) used greatest stack depth: 54312 bytes left [ 43.651715] ip (3904) used greatest stack depth: 54200 bytes left [ 45.714942] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.740807] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.794981] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.835565] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.851866] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.878284] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.899598] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.021869] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.604654] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.624567] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.632526] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.647979] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.824904] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.834164] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.841881] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.849846] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.333974] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.340262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.350608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.395266] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.413092] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.420207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.445829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.468820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.493205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.523698] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.532755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.567961] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.585756] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.594148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.605399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.633623] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.639878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.669666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.700116] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.708938] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.717626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.727950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.761662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.782649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.643376] ================================================================== [ 56.650784] BUG: KMSAN: uninit-value in __udp4_lib_rcv+0x628/0x4740 [ 56.657188] CPU: 1 PID: 5043 Comm: syz-executor6 Not tainted 4.16.0+ #81 [ 56.664016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.673370] Call Trace: [ 56.676570] [ 56.678723] dump_stack+0x185/0x1d0 [ 56.682349] ? __udp4_lib_rcv+0x628/0x4740 [ 56.686578] kmsan_report+0x142/0x240 [ 56.690380] __msan_warning_32+0x6c/0xb0 [ 56.694440] __udp4_lib_rcv+0x628/0x4740 [ 56.698507] ? raw_local_deliver+0x1462/0x1470 [ 56.703089] udp_rcv+0x5c/0x70 [ 56.706272] ? udp_v4_early_demux+0x1cd0/0x1cd0 [ 56.710938] ip_local_deliver_finish+0x6ed/0xd40 [ 56.715702] ip_local_deliver+0x43c/0x4e0 [ 56.719861] ? ip_local_deliver+0x4e0/0x4e0 [ 56.724179] ? ip_call_ra_chain+0x7b0/0x7b0 [ 56.728494] ip_rcv_finish+0x1253/0x16d0 [ 56.732556] ip_rcv+0x119d/0x16f0 [ 56.736006] ? ip_rcv+0x16f0/0x16f0 [ 56.739638] __netif_receive_skb_core+0x47cf/0x4a80 [ 56.744647] ? rb_insert_color+0x1122/0x1300 [ 56.749054] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 56.754852] ? ip_local_deliver_finish+0xd40/0xd40 [ 56.759777] process_backlog+0x62d/0xe20 [ 56.763841] ? rps_trigger_softirq+0x2f0/0x2f0 [ 56.768417] net_rx_action+0x7c1/0x1a70 [ 56.772392] ? net_tx_action+0xab0/0xab0 [ 56.776450] __do_softirq+0x56d/0x93d [ 56.780259] do_softirq_own_stack+0x2a/0x40 [ 56.784568] [ 56.786807] __local_bh_enable_ip+0x114/0x140 [ 56.791302] local_bh_enable+0x36/0x40 [ 56.795182] ip_finish_output2+0x124e/0x1380 [ 56.799595] ip_finish_output+0xcb0/0xff0 [ 56.803745] ip_output+0x502/0x5c0 [ 56.807288] ? ip_mc_finish_output+0x3b0/0x3b0 [ 56.811868] ? ip_finish_output+0xff0/0xff0 [ 56.816182] ip_send_skb+0x5f3/0x820 [ 56.819892] ? __ip_local_out+0x5b0/0x5b0 [ 56.824127] ip_push_pending_frames+0x105/0x170 [ 56.828801] raw_sendmsg+0x2960/0x3ed0 [ 56.832693] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 56.838070] ? compat_raw_ioctl+0x100/0x100 [ 56.842386] inet_sendmsg+0x48d/0x740 [ 56.846186] ? security_socket_sendmsg+0x9e/0x210 [ 56.851029] ? inet_getname+0x500/0x500 [ 56.855001] ___sys_sendmsg+0xec0/0x1310 [ 56.859063] ? __fdget+0x4e/0x60 [ 56.862434] SYSC_sendmsg+0x2a3/0x3d0 [ 56.866238] SyS_sendmsg+0x54/0x80 [ 56.869773] do_syscall_64+0x309/0x430 [ 56.873660] ? ___sys_sendmsg+0x1310/0x1310 [ 56.877985] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.883165] RIP: 0033:0x455259 [ 56.886347] RSP: 002b:00007f92f23fdc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.894052] RAX: ffffffffffffffda RBX: 00007f92f23fe6d4 RCX: 0000000000455259 [ 56.901316] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000013 [ 56.908576] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 56.915836] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 56.923100] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 56.930365] [ 56.931981] Uninit was stored to memory at: [ 56.936302] kmsan_internal_chain_origin+0x12b/0x210 [ 56.941401] kmsan_memcpy_origins+0x11d/0x170 [ 56.945892] __msan_memcpy+0x19f/0x1f0 [ 56.949774] skb_copy_bits+0x63a/0xdb0 [ 56.953659] __pskb_pull_tail+0x483/0x22e0 [ 56.957884] __udp4_lib_rcv+0x55f/0x4740 [ 56.961939] udp_rcv+0x5c/0x70 [ 56.965135] ip_local_deliver_finish+0x6ed/0xd40 [ 56.969882] ip_local_deliver+0x43c/0x4e0 [ 56.974025] ip_rcv_finish+0x1253/0x16d0 [ 56.978087] ip_rcv+0x119d/0x16f0 [ 56.981543] __netif_receive_skb_core+0x47cf/0x4a80 [ 56.986552] process_backlog+0x62d/0xe20 [ 56.990608] net_rx_action+0x7c1/0x1a70 [ 56.994582] __do_softirq+0x56d/0x93d [ 56.998373] Uninit was created at: [ 57.001911] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.006920] kmsan_alloc_page+0x82/0xe0 [ 57.010894] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.015650] alloc_pages_current+0x6b5/0x970 [ 57.020056] skb_page_frag_refill+0x3ba/0x5e0 [ 57.024544] sk_page_frag_refill+0xa4/0x340 [ 57.028860] __ip_append_data+0x107e/0x3d10 [ 57.033173] ip_append_data+0x2fb/0x440 [ 57.037141] raw_sendmsg+0x287b/0x3ed0 [ 57.041020] inet_sendmsg+0x48d/0x740 [ 57.044817] ___sys_sendmsg+0xec0/0x1310 [ 57.048875] SYSC_sendmsg+0x2a3/0x3d0 [ 57.052673] SyS_sendmsg+0x54/0x80 [ 57.056210] do_syscall_64+0x309/0x430 [ 57.060094] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.065264] ================================================================== [ 57.072610] Disabling lock debugging due to kernel taint [ 57.078052] Kernel panic - not syncing: panic_on_warn set ... [ 57.078052] [ 57.085419] CPU: 1 PID: 5043 Comm: syz-executor6 Tainted: G B 4.16.0+ #81 [ 57.093554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.102902] Call Trace: [ 57.105477] [ 57.107630] dump_stack+0x185/0x1d0 [ 57.111256] panic+0x39d/0x940 [ 57.114461] ? __udp4_lib_rcv+0x628/0x4740 [ 57.118692] kmsan_report+0x238/0x240 [ 57.122492] __msan_warning_32+0x6c/0xb0 [ 57.126555] __udp4_lib_rcv+0x628/0x4740 [ 57.130616] ? raw_local_deliver+0x1462/0x1470 [ 57.135184] udp_rcv+0x5c/0x70 [ 57.138357] ? udp_v4_early_demux+0x1cd0/0x1cd0 [ 57.143010] ip_local_deliver_finish+0x6ed/0xd40 [ 57.147752] ip_local_deliver+0x43c/0x4e0 [ 57.151874] ? ip_local_deliver+0x4e0/0x4e0 [ 57.156174] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.160470] ip_rcv_finish+0x1253/0x16d0 [ 57.164520] ip_rcv+0x119d/0x16f0 [ 57.167977] ? ip_rcv+0x16f0/0x16f0 [ 57.171593] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.176587] ? rb_insert_color+0x1122/0x1300 [ 57.180997] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.186779] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.191686] process_backlog+0x62d/0xe20 [ 57.195724] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.200279] net_rx_action+0x7c1/0x1a70 [ 57.204234] ? net_tx_action+0xab0/0xab0 [ 57.208273] __do_softirq+0x56d/0x93d [ 57.212066] do_softirq_own_stack+0x2a/0x40 [ 57.216376] [ 57.218610] __local_bh_enable_ip+0x114/0x140 [ 57.223093] local_bh_enable+0x36/0x40 [ 57.226962] ip_finish_output2+0x124e/0x1380 [ 57.231349] ip_finish_output+0xcb0/0xff0 [ 57.235479] ip_output+0x502/0x5c0 [ 57.239007] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.243587] ? ip_finish_output+0xff0/0xff0 [ 57.247894] ip_send_skb+0x5f3/0x820 [ 57.251592] ? __ip_local_out+0x5b0/0x5b0 [ 57.255724] ip_push_pending_frames+0x105/0x170 [ 57.260372] raw_sendmsg+0x2960/0x3ed0 [ 57.264251] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 57.269608] ? compat_raw_ioctl+0x100/0x100 [ 57.273912] inet_sendmsg+0x48d/0x740 [ 57.277691] ? security_socket_sendmsg+0x9e/0x210 [ 57.282520] ? inet_getname+0x500/0x500 [ 57.286472] ___sys_sendmsg+0xec0/0x1310 [ 57.290513] ? __fdget+0x4e/0x60 [ 57.293862] SYSC_sendmsg+0x2a3/0x3d0 [ 57.297643] SyS_sendmsg+0x54/0x80 [ 57.301160] do_syscall_64+0x309/0x430 [ 57.305038] ? ___sys_sendmsg+0x1310/0x1310 [ 57.309347] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.314517] RIP: 0033:0x455259 [ 57.317679] RSP: 002b:00007f92f23fdc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.325367] RAX: ffffffffffffffda RBX: 00007f92f23fe6d4 RCX: 0000000000455259 [ 57.332610] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000013 [ 57.339858] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 57.347201] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.354451] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 57.362169] Dumping ftrace buffer: [ 57.365685] (ftrace buffer empty) [ 57.369365] Kernel Offset: disabled [ 57.372977] Rebooting in 86400 seconds..