INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
2018/04/07 06:49:29 fuzzer started
2018/04/07 06:49:29 dialing manager at 10.128.0.26:38639
2018/04/07 06:49:35 kcov=true, comps=false
2018/04/07 06:49:38 executing program 0:

2018/04/07 06:49:38 executing program 2:

2018/04/07 06:49:38 executing program 7:

2018/04/07 06:49:38 executing program 3:

2018/04/07 06:49:38 executing program 5:

2018/04/07 06:49:38 executing program 6:

2018/04/07 06:49:38 executing program 1:

2018/04/07 06:49:38 executing program 4:

syzkaller login: [   42.690640] ip (3620) used greatest stack depth: 54672 bytes left
[   43.492270] ip (3692) used greatest stack depth: 54312 bytes left
[   44.612407] ip (3797) used greatest stack depth: 53960 bytes left
[   44.661255] ip (3802) used greatest stack depth: 53656 bytes left
[   46.376996] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.675335] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.699990] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.711443] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.793691] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.802867] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.810447] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   46.950748] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   55.507069] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.527665] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.607950] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.716172] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.739745] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.754123] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.781174] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.790474] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   56.238917] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.245178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.258846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.315869] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.322214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.334239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.370366] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.378068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.415016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.451743] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.459305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.486783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.513104] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.519468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.533574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.572639] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.581726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.605619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.670911] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.679221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.689681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.711414] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   56.717675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.730805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/07 06:49:55 executing program 0:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000001f88)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000f21000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
dup2(r1, r0)

2018/04/07 06:49:55 executing program 2:

2018/04/07 06:49:55 executing program 1:
r0 = memfd_create(&(0x7f0000002901)='dev ', 0x0)
write(r0, &(0x7f0000000100)="164690f1942a0d00d45fa386de33906a4cf41ac8cff5c27ec4bd5bc4e55ffbc341e0959357371c00af7f056d313d3a0eec140a0a303c13f3c4070ce2916d1d187b731094", 0x44)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0)
rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000040), 0x8)

2018/04/07 06:49:55 executing program 4:
r0 = socket$inet(0x2, 0x2, 0x0)
read(r0, &(0x7f0000000000)=""/188, 0xbc)
bind$inet(r0, &(0x7f0000b9aff0)={0x2, 0x4e20}, 0x10)
sendto$inet(r0, &(0x7f0000e78a42), 0xd, 0x8084, &(0x7f00004d4000)={0x2, 0x4e20}, 0x10)
sendto$inet(r0, &(0x7f0000f66f90)="fbf327899de7fe7e0c02fe5cbb35491715b7af550749e32dbeda8d7e3749bb6ac7383d2bfac27aa9c48c5d847fdc41ddc4b7c3add1701f2c", 0x38, 0x0, &(0x7f0000a6d000)={0x2, 0x0, @rand_addr}, 0x10)

2018/04/07 06:49:55 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00')
openat(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

2018/04/07 06:49:55 executing program 7:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x2, &(0x7f00000000c0)=@raw=[@map={0x18, 0x0, 0x1}], &(0x7f0000000100)='GPL\x00', 0x0, 0xdf, &(0x7f0000000140)=""/223, 0x41000}, 0x48)

2018/04/07 06:49:55 executing program 3:
r0 = gettid()
r1 = syz_open_procfs(r0, &(0x7f0000000100)='maps\x00')
exit(0x0)
sendfile(r1, r1, &(0x7f0000000180)=0x24, 0x5)

2018/04/07 06:49:55 executing program 6:
r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x0)
fadvise64(r0, 0x1, 0x5, 0x4)

2018/04/07 06:49:55 executing program 2:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='sessionid\x00')
pread64(r0, &(0x7f0000fd7000)=""/8, 0x8, 0x0)

2018/04/07 06:49:55 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000065fc8)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000fd1000)={&(0x7f0000001600)={0x14, 0xa, 0xa, 0xfffffffffffffffd, 0x0, 0x0, {0x2}}, 0x14}, 0x1}, 0x0)

2018/04/07 06:49:56 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000000b40)="ac", 0x1, 0x20020003, &(0x7f0000000b00)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000f43ffc)=0xfffffffffffffffc, 0x4)
sendto$inet(r0, &(0x7f0000000dc0)="9a06ac42afee253140fed88b03cdc9d30224a0e6fd2e83b04e6c11d4893edcb09ba740bab1e35217bb94c21d1aea3bb70b876b050a63e1ecdab6bac700feb887551849aad39aa63be6259f6204d10aaede72bacbda0bcf0b80e92d370d3f1b08c17a73e8f9bca9f1e1d23ad5d57d2acfe7139f14a96685a9c33592e8a650b8e42d8710faec9be060496a11c63071f8847efea22e2a6ad4919d944124bbe01e108e8f442c5da2d9ac12ca8f547b8fc9d1a44db3288cde39d9188da405e6f939e00b4734229568ae92010d251ab1ec30774b2344d06989acd94abf2076f86b54d1d622f810e6f3128f1a0b334ce5c18ea6cc668c3feb4c2e2c7b90ee6d1a9196164e7e33239d9cfcb53160a8a80058248754ce8a45fb281e8351fba27decc1ae191ad735a6e0544d7bf98740ba661380ef0983d3e59a2375056e960ecc72bedd2c1225902ffcefb975fe1dc79caf88331ce4844659241804ca9e910cd91281c4b488e64ea9fea6a481ef9ab43e39f6b3eddae2e0b7d6695a071ed9be3573ad917f83dad89e050d6a313df63640e28407b56da0bf299683dd20f8ded01611ebc78f7929aa6816e957cf9201117f2f15af0e9a4cb2913789dcdc646c51ac6130ec32cc4d8a5ad86799ea0840a5fca4e7a08b39096bd57fab468aac886cefc2f0526b97e0b1121a72b33638940181f23b717f38ccf53d5fb41a9ba3e135fae7c02d64aaa8f857aa1a1ebbc3330821c514e85e7f29c85fa471cca434", 0x219, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000b80)="9f7845697e7dddd5cedfaf20e3a81f60ea5a414c6145d9935f70a24de18f54cf8b2eb45d067d7c6863eb78a823f9ce83ef67cbf0ccb7fe5ed25ac87367d47952a96c429b76090c0342bcf7c020412a93e61f7eae3e84fe68bdd3b1847ae1ade49ddf8686f65660ef3bffe19d040087243243b98a003f99010db5c19c543fd1aaed6bf39b0aef871f916db4f88b7f9c96b7c62a5f8ec3992a3e3a9da2720ffd6c5f557002b12ba7d5b99bffe479e3e06560caea1ff14fd9641e942b84534598f61a398c06263fe9b2562b0365f0a739ea4668b4615f40c01c5e323beb329d32e2789e1ef9e55dd07ef9165599933cf5f7c6c7a921985e5eecb7d4e56d6f94bf53cbc91e15a8cdee3fbe678ada055af48ec222eef31164bf0538a5eb3465812f190f92ccfbc93ccbd1726cd7d9bb009ace5e33d551a5a6a9e99970bb440a3a70b32250ddaff94e6fd38c8564e87a493b7a5264dcc7bb4fdbd0f5b3965e3a26a4cc7784371b8b6d04cf3fdae74f02791e7825de3b951a8357a01599cb2844bd353ebce468d1c184e67f86e37d783e099cbfcf9226828887f609355151411f1dd4e713eb94b3cf9aeb5a2292e6d318dca6b0e3333f30781cd57761f42232655b57ab07d727f1ee7a0b37c3ae0d05118af7e066949b7f9120d89c150c1cdcd3d983982fa2088ad8346a06722d0cf64975332d4ad0d2488c6311fc5e5a775fe3b3f0dccbf8d69e4735a54bfe7b22fc3024983d9ffcfbf776835a", 0x217, 0x8041, &(0x7f0000000200)={0x2, 0x0, @broadcast=0xffffffff}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x7fff, 0x80000001}, 0x14)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0xfffffffffffff001, 0x4)
sendto$inet(r0, &(0x7f00000000c0)="92f4", 0x2, 0x0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14}}, 0x10)

2018/04/07 06:49:56 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000b48000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000b78ff0)="a23364fd", 0x4)
writev(r1, &(0x7f0000001380)=[{&(0x7f0000000100)}, {&(0x7f0000000240)}, {&(0x7f00000012c0)="ee", 0x1}], 0x3)

2018/04/07 06:49:56 executing program 7:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f00009f5000)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00004ca000)={&(0x7f0000690000)={0x1c, 0x6, 0x6, 0x1, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@generic="06"]}]}, 0x1c}, 0x1}, 0x0)

[   58.706234] ==================================================================
[   58.713628] BUG: KMSAN: uninit-value in csum_partial_copy_to_user+0x450/0x500
[   58.720902] CPU: 0 PID: 4955 Comm: syz-executor4 Not tainted 4.16.0+ #81
[   58.727731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.737074] Call Trace:
[   58.739669]  dump_stack+0x185/0x1d0
[   58.743306]  ? csum_partial_copy_to_user+0x450/0x500
[   58.748411]  kmsan_report+0x142/0x240
[   58.752207]  __msan_warning_32+0x6c/0xb0
[   58.756258]  csum_partial_copy_to_user+0x450/0x500
[   58.761169]  csum_and_copy_to_iter+0x3dc/0x2140
[   58.765828]  ? kmsan_set_origin_inline+0x6b/0x120
[   58.770774]  ? __msan_poison_alloca+0x15c/0x1d0
[   58.775432]  skb_copy_and_csum_datagram+0x6d2/0x1080
[   58.780529]  skb_copy_and_csum_datagram_msg+0x557/0x960
[   58.785887]  udp_recvmsg+0x99c/0x1d90
[   58.789700]  ? udp_skb_dtor_locked+0x770/0x770
[   58.794266]  inet_recvmsg+0x4c2/0x5f0
[   58.798054]  ? inet_sendpage+0x8c0/0x8c0
[   58.802099]  sock_read_iter+0x405/0x480
[   58.806066]  ? kernel_sock_ip_overhead+0x350/0x350
[   58.810984]  __vfs_read+0x6fb/0x8e0
[   58.814595]  vfs_read+0x36c/0x6c0
[   58.818044]  SYSC_read+0x172/0x360
[   58.821566]  SyS_read+0x55/0x80
[   58.824840]  do_syscall_64+0x309/0x430
[   58.828712]  ? vfs_write+0x8d0/0x8d0
[   58.832524]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.837693] RIP: 0033:0x455259
[   58.840857] RSP: 002b:00007f6471f79c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   58.848540] RAX: ffffffffffffffda RBX: 00007f6471f7a6d4 RCX: 0000000000455259
[   58.855788] RDX: 00000000000000bc RSI: 0000000020000000 RDI: 0000000000000013
[   58.863048] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   58.870296] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   58.877547] R13: 0000000000000487 R14: 00000000006f9d48 R15: 0000000000000000
[   58.884831] 
[   58.886450] Uninit was created at:
[   58.889987]  kmsan_alloc_meta_for_pages+0x161/0x3a0
[   58.894999]  kmsan_alloc_page+0x82/0xe0
[   58.898975]  __alloc_pages_nodemask+0xf5b/0x5dc0
[   58.903729]  alloc_pages_current+0x6b5/0x970
[   58.908135]  skb_page_frag_refill+0x3ba/0x5e0
[   58.912629]  sk_page_frag_refill+0xa4/0x340
[   58.916948]  __ip_append_data+0x107e/0x3d10
[   58.921268]  ip_append_data+0x2fb/0x440
[   58.925236]  udp_sendmsg+0x746/0x3180
[   58.929027]  inet_sendmsg+0x48d/0x740
[   58.932827]  SYSC_sendto+0x6c3/0x7e0
[   58.936552]  SyS_sendto+0x8a/0xb0
[   58.939995]  do_syscall_64+0x309/0x430
[   58.943868]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   58.949034] ==================================================================
[   58.956375] Disabling lock debugging due to kernel taint
[   58.961806] Kernel panic - not syncing: panic_on_warn set ...
[   58.961806] 
[   58.969145] CPU: 0 PID: 4955 Comm: syz-executor4 Tainted: G    B            4.16.0+ #81
[   58.977273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.986601] Call Trace:
[   58.989176]  dump_stack+0x185/0x1d0
[   58.992781]  panic+0x39d/0x940
[   58.995962]  ? csum_partial_copy_to_user+0x450/0x500
[   59.001055]  kmsan_report+0x238/0x240
[   59.004837]  __msan_warning_32+0x6c/0xb0
[   59.008878]  csum_partial_copy_to_user+0x450/0x500
[   59.013785]  csum_and_copy_to_iter+0x3dc/0x2140
[   59.018432]  ? kmsan_set_origin_inline+0x6b/0x120
[   59.023249]  ? __msan_poison_alloca+0x15c/0x1d0
[   59.027903]  skb_copy_and_csum_datagram+0x6d2/0x1080
[   59.032987]  skb_copy_and_csum_datagram_msg+0x557/0x960
[   59.038332]  udp_recvmsg+0x99c/0x1d90
[   59.042116]  ? udp_skb_dtor_locked+0x770/0x770
[   59.046674]  inet_recvmsg+0x4c2/0x5f0
[   59.050450]  ? inet_sendpage+0x8c0/0x8c0
[   59.054489]  sock_read_iter+0x405/0x480
[   59.058443]  ? kernel_sock_ip_overhead+0x350/0x350
[   59.063348]  __vfs_read+0x6fb/0x8e0
[   59.066954]  vfs_read+0x36c/0x6c0
[   59.070390]  SYSC_read+0x172/0x360
[   59.073908]  SyS_read+0x55/0x80
[   59.077170]  do_syscall_64+0x309/0x430
[   59.081048]  ? vfs_write+0x8d0/0x8d0
[   59.084742]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   59.089906] RIP: 0033:0x455259
[   59.093078] RSP: 002b:00007f6471f79c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   59.100775] RAX: ffffffffffffffda RBX: 00007f6471f7a6d4 RCX: 0000000000455259
[   59.108024] RDX: 00000000000000bc RSI: 0000000020000000 RDI: 0000000000000013
[   59.115280] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   59.122532] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   59.129896] R13: 0000000000000487 R14: 00000000006f9d48 R15: 0000000000000000
[   59.137537] Dumping ftrace buffer:
[   59.141055]    (ftrace buffer empty)
[   59.144738] Kernel Offset: disabled
[   59.148335] Rebooting in 86400 seconds..