INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.36' (ECDSA) to the list of known hosts. 2018/04/12 10:13:55 fuzzer started 2018/04/12 10:13:56 dialing manager at 10.128.0.26:41677 2018/04/12 10:14:03 kcov=true, comps=false 2018/04/12 10:14:05 executing program 0: semtimedop(0x0, &(0x7f000001dfd6)=[{0x0, 0xfffffffffffffffb}], 0x1, &(0x7f000001fff0)={0x1fff}) r0 = gettid() timer_create(0x0, &(0x7f00005b6000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r0, 0x1000000000016) 2018/04/12 10:14:05 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000280)='ramfs\x00', 0x0, &(0x7f00000001c0)) umount2(&(0x7f0000000040)='./file0\x00', 0x2) 2018/04/12 10:14:05 executing program 7: r0 = socket$kcm(0x2, 0x1, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0xb}, 0x2c) socketpair$inet_icmp(0xb, 0x12cad8a8, 0xfffffffc, &(0x7f0000000180)) sendmsg(r0, &(0x7f0000000840)={&(0x7f0000000140)=@in={0x2}, 0x80, &(0x7f0000000480), 0x0, &(0x7f0000000800)}, 0x2044ffe0) close(r0) 2018/04/12 10:14:05 executing program 4: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f000096f000)="1f000000160007f2000094ffa4000800000000000000000000000000030004", 0x1f) recvmsg$netrom(r0, &(0x7f00009c7000)={&(0x7f0000a9bff0)=@ax25={0x3, {"98dba607110b45"}}, 0x10, &(0x7f0000fcf000), 0x0, &(0x7f00000af000)}, 0x0) recvfrom$unix(r0, &(0x7f0000000000), 0xfffffffffffffc74, 0x0, &(0x7f000040cffe)=@file={0x0, './file0\x00'}, 0x6e) 2018/04/12 10:14:06 executing program 2: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@remote={0xfe, 0x80, [], 0xbb}, @in=@multicast2=0xe0000002, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback={0x0, 0x1}, 0x0, 0x2b}, 0x0, @in=@broadcast=0xffffffff, 0x0, 0x0, 0x0, 0x9}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x4}, 0x1c) 2018/04/12 10:14:06 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)="6e65742f6d6366696c74657236007711b65f48c17fa031e2c95938d0cc3a1c07ddf89a74c9fc050093263858898491b8") preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/28, 0x1c}], 0x1, 0x10000054) 2018/04/12 10:14:06 executing program 5: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x4) recvmsg(r0, &(0x7f0000000340)={&(0x7f0000000000)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @broadcast}}}, 0x80, &(0x7f0000000240), 0x0, &(0x7f00000008c0)=""/163, 0xa3}, 0x0) sendmsg(r0, &(0x7f0000000480)={&(0x7f0000001e80)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x80, &(0x7f0000000300)=[{&(0x7f00000003c0)="96", 0x1}], 0x1, &(0x7f0000001dc0)}, 0x0) 2018/04/12 10:14:06 executing program 6: r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000019c0)={&(0x7f0000001700)=@nl=@unspec, 0x80, &(0x7f0000000000)=[{&(0x7f0000000040)="d9b33f", 0x3}], 0x1, &(0x7f0000001780)}, 0xfec0) sendmsg$kcm(r0, &(0x7f00000014c0)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000380)=[{&(0x7f0000000280)="9f52", 0x2}], 0x1, &(0x7f00000003c0)}, 0x0) syzkaller login: [ 44.527448] ip (3757) used greatest stack depth: 54672 bytes left [ 44.744262] ip (3778) used greatest stack depth: 54312 bytes left [ 45.602363] ip (3865) used greatest stack depth: 54200 bytes left [ 47.714665] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.754999] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.804507] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.851556] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.915240] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.967373] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.022215] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.089988] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.762937] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.788700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.797846] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.809329] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.823880] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.944884] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.040091] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.048855] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.498467] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.504919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.515982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.557971] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.564339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.588610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.613543] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.623341] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.629669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.650176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.672887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.698596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.713418] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.720366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.729678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.744810] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.764116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.801718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.939405] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.945872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.955909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.983461] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.989979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.006576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.423752] ================================================================== [ 59.431169] BUG: KMSAN: uninit-value in rawv6_sendmsg+0x4cb3/0x4cc0 [ 59.437579] CPU: 1 PID: 5041 Comm: syz-executor6 Not tainted 4.16.0+ #83 [ 59.444424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.453809] Call Trace: [ 59.456406] dump_stack+0x185/0x1d0 [ 59.460045] ? rawv6_sendmsg+0x4cb3/0x4cc0 [ 59.464288] kmsan_report+0x142/0x240 [ 59.468101] __msan_warning_32+0x6c/0xb0 [ 59.472171] rawv6_sendmsg+0x4cb3/0x4cc0 [ 59.476253] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 59.481626] ? rw_copy_check_uvector+0x5af/0x6c0 [ 59.486410] ? compat_rawv6_ioctl+0x30/0x30 [ 59.490742] inet_sendmsg+0x48d/0x740 [ 59.494548] ? security_socket_sendmsg+0x9e/0x210 [ 59.499397] ? inet_getname+0x500/0x500 [ 59.503377] ___sys_sendmsg+0xec0/0x1310 [ 59.507453] ? __fdget+0x4e/0x60 [ 59.510842] SYSC_sendmsg+0x2a3/0x3d0 [ 59.514664] SyS_sendmsg+0x54/0x80 [ 59.518215] do_syscall_64+0x309/0x430 [ 59.522127] ? ___sys_sendmsg+0x1310/0x1310 [ 59.526466] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.531659] RIP: 0033:0x455279 [ 59.534851] RSP: 002b:00007f97144d6c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.542561] RAX: ffffffffffffffda RBX: 00007f97144d76d4 RCX: 0000000000455279 [ 59.549837] RDX: 0000000000000000 RSI: 00000000200014c0 RDI: 0000000000000013 [ 59.557114] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.564386] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.571658] R13: 00000000000004e9 R14: 00000000006fa678 R15: 0000000000000000 [ 59.578931] [ 59.580559] Uninit was stored to memory at: [ 59.584890] kmsan_internal_chain_origin+0x12b/0x210 [ 59.590000] kmsan_memcpy_origins+0x11d/0x170 [ 59.594505] __msan_memcpy+0x19f/0x1f0 [ 59.598395] skb_copy_bits+0x63a/0xdb0 [ 59.602290] rawv6_sendmsg+0x427e/0x4cc0 [ 59.606357] inet_sendmsg+0x48d/0x740 [ 59.610162] ___sys_sendmsg+0xec0/0x1310 [ 59.614234] SYSC_sendmsg+0x2a3/0x3d0 [ 59.618039] SyS_sendmsg+0x54/0x80 [ 59.621588] do_syscall_64+0x309/0x430 [ 59.625491] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.630677] Uninit was created at: [ 59.634231] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 59.639257] kmsan_alloc_page+0x82/0xe0 [ 59.643245] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 59.648009] alloc_pages_current+0x6b5/0x970 [ 59.652426] skb_page_frag_refill+0x3ba/0x5e0 [ 59.656922] sk_page_frag_refill+0xa4/0x340 [ 59.661254] __ip6_append_data+0x1a20/0x4bb0 [ 59.665667] ip6_append_data+0x40e/0x6b0 [ 59.669733] rawv6_sendmsg+0x2787/0x4cc0 [ 59.673800] inet_sendmsg+0x48d/0x740 [ 59.677609] ___sys_sendmsg+0xec0/0x1310 [ 59.681678] SYSC_sendmsg+0x2a3/0x3d0 [ 59.685484] SyS_sendmsg+0x54/0x80 [ 59.689033] do_syscall_64+0x309/0x430 [ 59.692927] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.698114] ================================================================== [ 59.705464] Disabling lock debugging due to kernel taint [ 59.710911] Kernel panic - not syncing: panic_on_warn set ... [ 59.710911] 2018/04/12 10:14:23 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x1, 0x7e, 0x7, 0xffffffff00000001}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f0000000100), &(0x7f0000000240)="60bd2cb57db258c433868b715e2a55caa5ab27f70092702e780500000000000000b5f4548f7350e1fb6bed696d07a6282ff462e26968d934b8000000000000000000000000000000"}, 0x20) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x100) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000140)='team\x00') accept4$packet(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000002c0)=0x14, 0x80000) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000400)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000580)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0xb0, r2, 0x1, 0x70bd29, 0x25dfdbfc, {}, [{{0x8, 0x1, r3}, {0x4, 0x2}}, {{0x8, 0x1, r4}, {0x40, 0x2, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0xc, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r5}, {0x40, 0x2, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0xc, 0x4, 'hash\x00'}}}]}}]}, 0xb0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) lseek(r0, 0x0, 0x3) socket$inet_dccp(0x2, 0x6, 0x0) unlink(&(0x7f0000000100)='./file0\x00') bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r0, &(0x7f0000000100), &(0x7f00000001c0)=""/40}, 0x18) [ 59.718278] CPU: 1 PID: 5041 Comm: syz-executor6 Tainted: G B 4.16.0+ #83 [ 59.726414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.735766] Call Trace: [ 59.738370] dump_stack+0x185/0x1d0 [ 59.742008] panic+0x39d/0x940 [ 59.745238] ? rawv6_sendmsg+0x4cb3/0x4cc0 [ 59.749477] kmsan_report+0x238/0x240 [ 59.753289] __msan_warning_32+0x6c/0xb0 [ 59.757362] rawv6_sendmsg+0x4cb3/0x4cc0 [ 59.761435] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 59.766811] ? rw_copy_check_uvector+0x5af/0x6c0 [ 59.771593] ? compat_rawv6_ioctl+0x30/0x30 [ 59.775927] inet_sendmsg+0x48d/0x740 [ 59.779739] ? security_socket_sendmsg+0x9e/0x210 [ 59.784595] ? inet_getname+0x500/0x500 [ 59.788581] ___sys_sendmsg+0xec0/0x1310 [ 59.792656] ? __fdget+0x4e/0x60 [ 59.796044] SYSC_sendmsg+0x2a3/0x3d0 [ 59.799863] SyS_sendmsg+0x54/0x80 [ 59.803413] do_syscall_64+0x309/0x430 [ 59.807316] ? ___sys_sendmsg+0x1310/0x1310 [ 59.811654] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.816849] RIP: 0033:0x455279 2018/04/12 10:14:23 executing program 4: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f000096f000)="1f000000160007f2000094ffa4000800000000000000000000000000030004", 0x1f) recvmsg$netrom(r0, &(0x7f00009c7000)={&(0x7f0000a9bff0)=@ax25={0x3, {"98dba607110b45"}}, 0x10, &(0x7f0000fcf000), 0x0, &(0x7f00000af000)}, 0x0) recvfrom$unix(r0, &(0x7f0000000000), 0xfffffffffffffc74, 0x0, &(0x7f000040cffe)=@file={0x0, './file0\x00'}, 0x6e) [ 59.820036] RSP: 002b:00007f97144d6c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.827750] RAX: ffffffffffffffda RBX: 00007f97144d76d4 RCX: 0000000000455279 [ 59.835019] RDX: 0000000000000000 RSI: 00000000200014c0 RDI: 0000000000000013 [ 59.842296] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.849572] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.856858] R13: 00000000000004e9 R14: 00000000006fa678 R15: 0000000000000000 [ 59.864564] Dumping ftrace buffer: [ 59.868087] (ftrace buffer empty) [ 59.871774] Kernel Offset: disabled [ 59.875382] Rebooting in 86400 seconds..