INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. 2018/04/07 06:00:51 fuzzer started 2018/04/07 06:00:52 dialing manager at 10.128.0.26:38639 2018/04/07 06:00:58 kcov=true, comps=false 2018/04/07 06:01:01 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={&(0x7f0000000240)={0x10}, 0xc, &(0x7f00004ca000)={&(0x7f0000000280)={0x1c, 0xc, 0x206, 0x1, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@generic='p']}]}, 0x1c}, 0x1}, 0x0) 2018/04/07 06:01:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000943ffc)=0xa35) r1 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1) ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000fb9000)) fcntl$setsig(r2, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r3}], 0x1, 0xfffffffffffffff8) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000ccb000)) r4 = dup2(r2, r3) fcntl$setown(r4, 0x8, r1) tkill(r1, 0x16) 2018/04/07 06:01:01 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x4e20}, 0x1c) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000000)=@nfc, 0x80, &(0x7f0000000940)=[{&(0x7f0000000180)=""/69, 0x45}], 0x1, &(0x7f0000000100)=""/128, 0x80}, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001000)="8e86a4b9500a1139a0d93a78de7ed00ae239537b41a4eacfcfd438dfbe84ef20bd7e66cfb9bde86f5b1d1bae840e6c373fd2d58909d8ac8f1aca1b6e95b92948d4525d", 0x43}], 0x1, &(0x7f0000002000)}, 0x8000) sendmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000002ff0)=[{&(0x7f0000000040)="bce5", 0x2}], 0x1, &(0x7f000000ae80)}, 0x0) 2018/04/07 06:01:01 executing program 1: r0 = socket$packet(0x11, 0x20000000000003, 0x300) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x32, 0xffffffffffffffff, 0x0) setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000040), 0x4) 2018/04/07 06:01:01 executing program 3: r0 = semget$private(0x0, 0x20000000102, 0x0) semtimedop(r0, &(0x7f0000033816)=[{}, {0x0, 0x8091}], 0x2, &(0x7f0000034000)={0x77359400}) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$GETVAL(r0, 0x0, 0xc, &(0x7f0000000240)=""/231) 2018/04/07 06:01:01 executing program 4: r0 = syz_open_dev$tun(&(0x7f0000000440)='/dev/net/tun\x00', 0x0, 0xa) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkalleZ0\x00', 0x1401}) pwritev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)='M', 0x1}], 0x1, 0x0) 2018/04/07 06:01:01 executing program 5: mmap(&(0x7f000087d000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000952fff)="80", 0x0) 2018/04/07 06:01:01 executing program 6: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000c7df60)={0x7ff, @in6={{0xa}}}, &(0x7f000064b000)=0xa0) r2 = dup2(r0, r0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000180)={r1}, 0x8) syzkaller login: [ 43.658953] ip (3762) used greatest stack depth: 54672 bytes left [ 44.602275] ip (3853) used greatest stack depth: 54200 bytes left [ 45.885006] ip (3968) used greatest stack depth: 54160 bytes left [ 47.217559] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.309243] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.365737] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.398131] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.483675] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.569145] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.589581] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.688976] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.196134] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.346257] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.438478] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.497930] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.589936] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.742970] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.753976] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.895569] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.000092] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.006379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.016643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.164282] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.171521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.186690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.228397] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.234668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.243773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.285798] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.296200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.320740] ip (4926) used greatest stack depth: 53976 bytes left [ 57.322451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.393843] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.400170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.411599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.528082] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.534373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.547627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.657158] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.663567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.674697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.817981] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.824677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.832672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 06:01:18 executing program 5: r0 = socket(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000001280)={&(0x7f0000000040)=@can, 0x80, &(0x7f0000001240)=[{&(0x7f0000000100)=""/109, 0x6d}, {&(0x7f0000000180)=""/4096, 0x1000}, {&(0x7f0000001180)=""/113, 0x71}, {&(0x7f0000001200)=""/29, 0x1d}], 0x4}, 0x0) write(r0, &(0x7f0000df8fd9)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) [ 59.553908] ================================================================== [ 59.561322] BUG: KMSAN: uninit-value in csum_partial_copy_to_user+0x450/0x500 [ 59.568576] CPU: 0 PID: 5069 Comm: syz-executor7 Not tainted 4.16.0+ #81 [ 59.575395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.584825] Call Trace: [ 59.587397] dump_stack+0x185/0x1d0 [ 59.591006] ? csum_partial_copy_to_user+0x450/0x500 [ 59.596099] kmsan_report+0x142/0x240 [ 59.599889] __msan_warning_32+0x6c/0xb0 [ 59.603932] csum_partial_copy_to_user+0x450/0x500 [ 59.608860] csum_and_copy_to_iter+0x3dc/0x2140 [ 59.613521] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.618345] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.622998] skb_copy_and_csum_datagram+0x6d2/0x1080 [ 59.628084] skb_copy_and_csum_datagram_msg+0x557/0x960 [ 59.633450] udpv6_recvmsg+0xc65/0x29e0 [ 59.637430] ? udp6_lib_lookup_skb+0x240/0x240 [ 59.641989] inet_recvmsg+0x4c2/0x5f0 [ 59.645777] sock_recvmsg+0x1d0/0x230 [ 59.649557] ? inet_sendpage+0x8c0/0x8c0 [ 59.653601] ___sys_recvmsg+0x3fb/0x810 [ 59.657561] ? __fget_light+0x56/0x710 [ 59.661429] ? __fdget+0x4e/0x60 [ 59.664793] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.670156] ? __fget_light+0x6b9/0x710 [ 59.674121] SYSC_recvmsg+0x298/0x3c0 [ 59.677919] SyS_recvmsg+0x54/0x80 [ 59.681440] do_syscall_64+0x309/0x430 [ 59.685319] ? ___sys_recvmsg+0x810/0x810 [ 59.689459] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.694625] RIP: 0033:0x455259 [ 59.697791] RSP: 002b:00007f1cd8b0ec68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 59.705474] RAX: ffffffffffffffda RBX: 00007f1cd8b0f6d4 RCX: 0000000000455259 [ 59.712721] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000013 [ 59.719968] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.727216] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.734488] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 59.741738] [ 59.743356] Uninit was created at: [ 59.746882] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 59.751879] kmsan_alloc_page+0x82/0xe0 [ 59.755834] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 59.760566] alloc_pages_current+0x6b5/0x970 [ 59.765859] skb_page_frag_refill+0x3ba/0x5e0 [ 59.770349] sk_page_frag_refill+0xa4/0x340 [ 59.774666] __ip6_append_data+0x1a20/0x4bb0 [ 59.780503] ip6_append_data+0x40e/0x6b0 [ 59.784845] udpv6_sendmsg+0xfd5/0x45b0 [ 59.789017] inet_sendmsg+0x48d/0x740 [ 59.792810] ___sys_sendmsg+0xec0/0x1310 [ 59.796853] SYSC_sendmsg+0x2a3/0x3d0 [ 59.800653] SyS_sendmsg+0x54/0x80 [ 59.804183] do_syscall_64+0x309/0x430 [ 59.808058] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.813227] ================================================================== [ 59.820561] Disabling lock debugging due to kernel taint [ 59.825986] Kernel panic - not syncing: panic_on_warn set ... [ 59.825986] [ 59.833328] CPU: 0 PID: 5069 Comm: syz-executor7 Tainted: G B 4.16.0+ #81 [ 59.841442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.850772] Call Trace: [ 59.853342] dump_stack+0x185/0x1d0 [ 59.856946] panic+0x39d/0x940 [ 59.860126] ? csum_partial_copy_to_user+0x450/0x500 [ 59.865207] kmsan_report+0x238/0x240 [ 59.868989] __msan_warning_32+0x6c/0xb0 [ 59.873040] csum_partial_copy_to_user+0x450/0x500 [ 59.877955] csum_and_copy_to_iter+0x3dc/0x2140 [ 59.882602] ? kmsan_set_origin_inline+0x6b/0x120 [ 59.887425] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.892098] skb_copy_and_csum_datagram+0x6d2/0x1080 [ 59.897201] skb_copy_and_csum_datagram_msg+0x557/0x960 [ 59.902549] udpv6_recvmsg+0xc65/0x29e0 [ 59.906507] ? udp6_lib_lookup_skb+0x240/0x240 [ 59.911074] inet_recvmsg+0x4c2/0x5f0 [ 59.914866] sock_recvmsg+0x1d0/0x230 [ 59.918643] ? inet_sendpage+0x8c0/0x8c0 [ 59.922684] ___sys_recvmsg+0x3fb/0x810 [ 59.926639] ? __fget_light+0x56/0x710 [ 59.930502] ? __fdget+0x4e/0x60 [ 59.933846] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.939188] ? __fget_light+0x6b9/0x710 [ 59.943151] SYSC_recvmsg+0x298/0x3c0 [ 59.946931] SyS_recvmsg+0x54/0x80 [ 59.950455] do_syscall_64+0x309/0x430 [ 59.954321] ? ___sys_recvmsg+0x810/0x810 [ 59.958457] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.963628] RIP: 0033:0x455259 [ 59.966795] RSP: 002b:00007f1cd8b0ec68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 59.974480] RAX: ffffffffffffffda RBX: 00007f1cd8b0f6d4 RCX: 0000000000455259 [ 59.981725] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000013 [ 59.988972] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.996222] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 60.003471] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 60.011245] Dumping ftrace buffer: [ 60.014764] (ftrace buffer empty) [ 60.018521] Kernel Offset: disabled [ 60.022122] Rebooting in 86400 seconds..