INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. 2018/04/07 02:15:13 fuzzer started 2018/04/07 02:15:14 dialing manager at 10.128.0.26:38639 2018/04/07 02:15:21 kcov=true, comps=false 2018/04/07 02:15:23 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14}}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000100)={r1}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f00000000c0)=0x20) 2018/04/07 02:15:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051bff6)='/dev/ptmx\x00', 0x802, 0x0) readv(r0, &(0x7f00007f3000)=[{&(0x7f0000d25000)=""/4096, 0x1000}], 0x1) 2018/04/07 02:15:23 executing program 7: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$setregs(0xf, r1, 0x0, &(0x7f0000000000)) 2018/04/07 02:15:23 executing program 4: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}}, 0x108) r1 = syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00') preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000280)=""/124, 0x7c}, {&(0x7f0000000480)=""/138, 0x8a}], 0x2, 0x0) 2018/04/07 02:15:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000080), 0x4) 2018/04/07 02:15:23 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f00005b7000)='environ\x00') open(&(0x7f00000ed000)='./file0\x00', 0x0, 0x0) dup3(r0, r1, 0x0) 2018/04/07 02:15:23 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000010b, 0x4, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r0, 0x1000000000013) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000c44000)={0x77359400}, &(0x7f0000048000), 0x0) 2018/04/07 02:15:23 executing program 6: r0 = socket(0x10, 0x20000000802, 0x0) write(r0, &(0x7f0000f61fe1)="1f000000520007f2000094fef5000f430a0017d200000028b4a500ffffb92b", 0x1f) syzkaller login: [ 42.211631] ip (3764) used greatest stack depth: 54672 bytes left [ 42.578972] ip (3801) used greatest stack depth: 54656 bytes left [ 42.668447] ip (3808) used greatest stack depth: 54312 bytes left [ 43.743930] ip (3910) used greatest stack depth: 53960 bytes left [ 45.631871] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.726329] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.798530] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.849833] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.874932] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.912971] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.940303] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.950863] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.297005] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.419879] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.545558] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.623241] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.705240] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.735463] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.743276] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.832547] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.006507] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.012937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.023552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.109859] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.116156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.124796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.346903] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.353150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.366562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.436960] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.443186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.455099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.483334] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.489729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.500819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.527095] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.534364] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.541535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.578937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.594772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.613566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.628516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.638523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.653796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 02:15:40 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000040)={'lo\x00', {0x2}}) 2018/04/07 02:15:40 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000280), 0x4) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000000040)="be38fc69faea5bd09bf0307006cefbafc01c3062dfedf949ad4e86bda4029155e2d6181bc9f0d25d4a23fed54bd250db05a0fbd78679ca006afa4ee44cb7b522c4a38231a9f99b3001e1d4857321a6a7c9e36ae424cc0d49fdb6c13c422fde782dd0c18a3a4018030b94ba6b7ff3f3192f8c563a1986d839c40052c8d3a78ae29126", 0x82, 0x0, &(0x7f0000000100)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000000500)="acbb915d6846975d5d248d4c727115f29ae03c05a1540f5303683cc3316fab70b8f72443207b3bc9d2b76a2124327a8dc22115702dfd81d9c5daf3734095c968bb4c931a63cd940101810cf2", 0x4c, 0x4c881, 0x0, 0x0) sendto$inet(r0, &(0x7f00000001c0)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7acdec844f667da0", 0x76, 0x0, &(0x7f0000e66000)={0x2, 0x0, @rand_addr}, 0x10) writev(r0, &(0x7f00002e1fe0)=[{&(0x7f0000c62f65)="db", 0x1}], 0x1) shutdown(r0, 0x1) 2018/04/07 02:15:40 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000040)={'lo\x00', {0x2}}) 2018/04/07 02:15:40 executing program 7: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00002b0ff8)=0x7) bind$inet(r0, &(0x7f0000312000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x20000801, &(0x7f0000000000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) shutdown(r0, 0x1) 2018/04/07 02:15:40 executing program 6: r0 = socket$inet(0x2, 0x200000000000003, 0x2) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) syz_emit_ethernet(0x11e, &(0x7f0000000100)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @random="7d73cf61100f", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @broadcast=0xffffffff}, @igmp={0x0, 0x0, 0x0, @multicast2=0xe0000002}}}}}, &(0x7f0000000140)) 2018/04/07 02:15:40 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'syz_tun\x00', 0x3}, 0x18) time(&(0x7f0000000080)) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) 2018/04/07 02:15:40 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000939f01)='stack\x00') preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000140)=""/93, 0x5d}], 0x1, 0x0) 2018/04/07 02:15:40 executing program 6: r0 = socket$inet(0x2, 0x200000000000003, 0x2) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) syz_emit_ethernet(0x11e, &(0x7f0000000100)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @random="7d73cf61100f", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @broadcast=0xffffffff}, @igmp={0x0, 0x0, 0x0, @multicast2=0xe0000002}}}}}, &(0x7f0000000140)) [ 56.960397] ================================================================== [ 56.967816] BUG: KMSAN: uninit-value in kernel_text_address+0x248/0x3a0 [ 56.974567] CPU: 0 PID: 5095 Comm: syz-executor3 Not tainted 4.16.0+ #81 [ 56.981401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.990746] Call Trace: [ 56.993337] dump_stack+0x185/0x1d0 [ 56.996967] ? kernel_text_address+0x248/0x3a0 [ 57.001552] kmsan_report+0x142/0x240 [ 57.005356] __msan_warning_32+0x6c/0xb0 [ 57.009425] kernel_text_address+0x248/0x3a0 [ 57.013833] ? __schedule+0x674/0x730 [ 57.017634] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 57.022995] ? __schedule+0x674/0x730 [ 57.026802] __kernel_text_address+0x34/0xe0 [ 57.031208] ? __schedule+0x674/0x730 [ 57.035016] unwind_get_return_address+0x8c/0x130 [ 57.039866] __save_stack_trace+0x45c/0xa80 [ 57.044188] ? __schedule+0x674/0x730 [ 57.047992] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.052671] ? save_stack_trace_tsk+0x58/0x2f0 [ 57.057255] save_stack_trace_tsk+0x258/0x2f0 [ 57.061754] proc_pid_stack+0x26a/0x470 [ 57.065736] proc_single_show+0x1af/0x300 [ 57.069888] ? proc_pid_wchan+0x250/0x250 [ 57.074036] ? proc_single_open+0x90/0x90 [ 57.078184] seq_read+0xc7d/0x2260 [ 57.081742] do_iter_read+0x880/0xd70 [ 57.085549] ? seq_open+0x360/0x360 [ 57.089175] do_preadv+0x3a1/0x580 [ 57.092719] ? syscall_return_slowpath+0xe9/0x700 [ 57.097565] SYSC_preadv+0xc6/0xe0 [ 57.101112] SyS_preadv+0x77/0xa0 [ 57.104566] do_syscall_64+0x309/0x430 [ 57.108454] ? SYSC_writev+0xb0/0xb0 [ 57.112169] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.117348] RIP: 0033:0x455259 [ 57.120532] RSP: 002b:00007fa8c9c13c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 57.128236] RAX: ffffffffffffffda RBX: 00007fa8c9c146d4 RCX: 0000000000455259 [ 57.135500] RDX: 0000000000000001 RSI: 0000000020000200 RDI: 0000000000000014 [ 57.142760] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 57.150028] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.157297] R13: 000000000000046f R14: 00000000006f9b08 R15: 0000000000000000 [ 57.164563] [ 57.166178] Uninit was stored to memory at: [ 57.170501] kmsan_internal_chain_origin+0x12b/0x210 [ 57.175602] __msan_chain_origin+0x69/0xc0 [ 57.179844] update_stack_state+0x959/0xa40 [ 57.184168] __unwind_start+0x335/0x630 [ 57.188142] __save_stack_trace+0x3e1/0xa80 [ 57.192464] save_stack_trace_tsk+0x258/0x2f0 [ 57.196959] proc_pid_stack+0x26a/0x470 [ 57.200931] proc_single_show+0x1af/0x300 [ 57.205077] seq_read+0xc7d/0x2260 [ 57.208615] do_iter_read+0x880/0xd70 [ 57.212412] do_preadv+0x3a1/0x580 [ 57.215956] SYSC_preadv+0xc6/0xe0 [ 57.219500] SyS_preadv+0x77/0xa0 [ 57.222948] do_syscall_64+0x309/0x430 [ 57.226835] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.232016] Local variable description: ----oc.i.i@__alloc_pages_nodemask [ 57.238929] Variable was created at: [ 57.242644] __alloc_pages_nodemask+0x10f/0x5dc0 [ 57.247399] alloc_pages_vma+0xcc8/0x1800 [ 57.251537] ================================================================== [ 57.258886] Disabling lock debugging due to kernel taint [ 57.264329] Kernel panic - not syncing: panic_on_warn set ... [ 57.264329] [ 57.271695] CPU: 0 PID: 5095 Comm: syz-executor3 Tainted: G B 4.16.0+ #81 [ 57.279830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.289179] Call Trace: [ 57.291771] dump_stack+0x185/0x1d0 [ 57.295401] panic+0x39d/0x940 [ 57.298620] ? kernel_text_address+0x248/0x3a0 [ 57.303194] kmsan_report+0x238/0x240 [ 57.306978] __msan_warning_32+0x6c/0xb0 [ 57.311034] kernel_text_address+0x248/0x3a0 [ 57.315431] ? __schedule+0x674/0x730 [ 57.319211] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 57.324551] ? __schedule+0x674/0x730 [ 57.328329] __kernel_text_address+0x34/0xe0 [ 57.332716] ? __schedule+0x674/0x730 [ 57.336508] unwind_get_return_address+0x8c/0x130 [ 57.341343] __save_stack_trace+0x45c/0xa80 [ 57.345639] ? __schedule+0x674/0x730 [ 57.349416] ? __msan_poison_alloca+0x15c/0x1d0 [ 57.354064] ? save_stack_trace_tsk+0x58/0x2f0 [ 57.358623] save_stack_trace_tsk+0x258/0x2f0 [ 57.363102] proc_pid_stack+0x26a/0x470 [ 57.367070] proc_single_show+0x1af/0x300 [ 57.371202] ? proc_pid_wchan+0x250/0x250 [ 57.375334] ? proc_single_open+0x90/0x90 [ 57.379466] seq_read+0xc7d/0x2260 [ 57.382987] do_iter_read+0x880/0xd70 [ 57.386771] ? seq_open+0x360/0x360 [ 57.390374] do_preadv+0x3a1/0x580 [ 57.393895] ? syscall_return_slowpath+0xe9/0x700 [ 57.398714] SYSC_preadv+0xc6/0xe0 [ 57.402230] SyS_preadv+0x77/0xa0 [ 57.405672] do_syscall_64+0x309/0x430 [ 57.409543] ? SYSC_writev+0xb0/0xb0 [ 57.413236] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.418401] RIP: 0033:0x455259 [ 57.421567] RSP: 002b:00007fa8c9c13c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 57.429247] RAX: ffffffffffffffda RBX: 00007fa8c9c146d4 RCX: 0000000000455259 [ 57.436491] RDX: 0000000000000001 RSI: 0000000020000200 RDI: 0000000000000014 [ 57.443734] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 57.450977] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.458222] R13: 000000000000046f R14: 00000000006f9b08 R15: 0000000000000000 [ 57.465886] Dumping ftrace buffer: [ 57.469399] (ftrace buffer empty) [ 57.473079] Kernel Offset: disabled [ 57.476675] Rebooting in 86400 seconds..