INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. 2018/04/21 09:16:56 fuzzer started 2018/04/21 09:16:56 dialing manager at 10.128.0.26:35229 2018/04/21 09:17:03 kcov=true, comps=false 2018/04/21 09:17:06 executing program 0: r0 = perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x3, 0x0) dup3(r0, r1, 0x0) 2018/04/21 09:17:06 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='sessionid\x00') pread64(r0, &(0x7f0000fd7000)=""/8, 0x398, 0x0) 2018/04/21 09:17:06 executing program 7: pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="a2", 0x1}], 0x1, 0x0) sendmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "6ef2b69a90beb1a75b3791a1496954233d18ade9feed6df65e514e35b941fd4c9e848454ba93c6a2fc3802c7f190f2e6edc513b0ccb745662aeee58a8417d8"}, 0x58, &(0x7f0000000040), 0x0, &(0x7f0000000480)={0xc}, 0xc}, 0x0) close(r0) syz_mount_image$vfat(&(0x7f0000001800)='vfat\x00', &(0x7f0000001840)='./file0\x00', 0x0, 0xaaaaaaaaaaaab46, &(0x7f0000000440)=[{&(0x7f0000000380), 0xffffffffffffffb6}], 0x0, &(0x7f00000000c0)=ANY=[]) fsetxattr(r0, &(0x7f0000000000)=@known='system.posix_acl_access\x00', &(0x7f0000000240)='system.posix_acl_defaul0\x00', 0x19, 0x0) 2018/04/21 09:17:06 executing program 2: perf_event_open(&(0x7f00006d7000)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x5f5e882b, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f00000000c0), 0x4) getpgid(0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000080)) 2018/04/21 09:17:06 executing program 4: 2018/04/21 09:17:06 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) flistxattr(r0, &(0x7f0000000280)=""/175, 0xfffffffffffffef2) 2018/04/21 09:17:06 executing program 5: r0 = perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102}) r2 = syz_open_dev$tun(&(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x1102}) dup3(r0, r2, 0x0) 2018/04/21 09:17:06 executing program 6: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000039000)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000002c000)=[{&(0x7f0000000000)=',', 0x1}], 0x1, &(0x7f00000001c0)}, 0xc100) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000a80)="05024f8489aac2302409371ae4c589362dbfa3db172a5e73e77f6a392957e4bf226024b1c7e1c363d8f756258f2b478a4e25b98312159822", 0x38}], 0x1}, 0x0) syzkaller login: [ 42.857562] ip (3800) used greatest stack depth: 54672 bytes left [ 43.074722] ip (3821) used greatest stack depth: 54072 bytes left [ 44.022472] ip (3912) used greatest stack depth: 53960 bytes left [ 44.312397] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.318900] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.359937] device bridge_slave_0 entered promiscuous mode [ 44.400097] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.406619] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.431000] device bridge_slave_0 entered promiscuous mode [ 44.448278] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.454799] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.476774] device bridge_slave_0 entered promiscuous mode [ 44.497524] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.504103] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.521490] device bridge_slave_0 entered promiscuous mode [ 44.555729] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.562250] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.581009] device bridge_slave_0 entered promiscuous mode [ 44.604704] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.611230] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.637379] device bridge_slave_0 entered promiscuous mode [ 44.657793] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.664284] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.681017] device bridge_slave_1 entered promiscuous mode [ 44.690922] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.697409] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.711516] device bridge_slave_1 entered promiscuous mode [ 44.720513] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.727008] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.743975] device bridge_slave_0 entered promiscuous mode [ 44.754092] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.760558] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.789143] device bridge_slave_0 entered promiscuous mode [ 44.796397] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.803131] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.816995] device bridge_slave_1 entered promiscuous mode [ 44.829432] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.835916] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.848073] device bridge_slave_1 entered promiscuous mode [ 44.856981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.866658] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.873145] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.893185] device bridge_slave_1 entered promiscuous mode [ 44.902482] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.909003] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.930407] device bridge_slave_1 entered promiscuous mode [ 44.940941] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.947398] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.976457] device bridge_slave_1 entered promiscuous mode [ 45.000982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.012604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.022394] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.028825] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.053929] device bridge_slave_1 entered promiscuous mode [ 45.062898] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.070469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.105893] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.160011] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.207133] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.229636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.237714] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.256748] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.284867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.311925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.387402] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.405959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.523879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.073095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.163926] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.194111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.283625] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.302258] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.346372] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.394183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.405326] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.416220] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.427367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.493102] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.502889] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.554950] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.652329] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.663266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.754667] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.309555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.351624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.414755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.448655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.502543] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.528712] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.557305] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.651741] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.662940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.680260] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.725408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.733249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.741620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.755839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.802603] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.810272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.818724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.846924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.870328] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.881618] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.889253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.902254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.945396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.952898] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.960112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.994403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.020000] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.034185] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.047110] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.054237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.071149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.102150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.121254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.148623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.156808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.165809] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.186261] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.195415] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.218795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.235011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.268192] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.276444] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.283894] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.291085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.342868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.374838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.396942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.415534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.429651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.449719] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.457888] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.482592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.495796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.528733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.548957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.586666] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.610910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.644825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.675704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.696311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.720357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.763108] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.770949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.785957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.300916] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.307418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.314318] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.320792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.348367] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.358789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.409867] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.416355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.423264] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.429732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.499112] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.556982] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.563479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.570373] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.576841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.596726] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.709271] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.715764] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.722635] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.729140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.789617] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.807399] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.813874] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.820684] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.827152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.864258] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.037315] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.043807] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.050687] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.057142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.094010] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.111375] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.117868] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.124728] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.131182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.152303] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.171408] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.177901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.184796] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.191267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.285015] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.360287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.380184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.416636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.441883] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.476396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.494509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.501884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.716904] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.797906] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.033865] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.325907] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.401779] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.450720] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.461236] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.467493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.480646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.575925] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.582202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.592592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.625708] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.696648] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.813248] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.819511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.832715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.025704] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.032267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.041788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.233899] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.240209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.251009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.286401] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.295236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.304833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.496442] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.502768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.510805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.536472] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.556286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.586595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/21 09:17:32 executing program 1: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) 2018/04/21 09:17:32 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) readv(r0, &(0x7f0000000740)=[{&(0x7f0000000640)=""/230, 0xe6}], 0x1) readv(r0, &(0x7f0000000d40)=[{&(0x7f0000003f00)=""/4096, 0x1143}], 0x10000000000000e5) recvmsg(r0, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001600), 0x0, &(0x7f00000007c0)=""/254, 0xfe}, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f00000001c0)=""/115, 0x73}], 0x1) recvmsg(r0, &(0x7f000001cfc8)={&(0x7f0000000000)=@l2, 0x80, &(0x7f0000000100)}, 0x0) [ 66.644244] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 66.651900] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 66.764517] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 66.772128] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 66.861855] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 66.869440] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 66.932871] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 66.940431] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 66.989237] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 66.996802] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 67.022276] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 67.029800] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 67.065922] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 67.073661] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 67.128391] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 67.135944] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 67.146068] ================================================================== [ 67.153470] BUG: KMSAN: uninit-value in ipv6_destopt_rcv+0x3df/0xde0 [ 67.159960] CPU: 0 PID: 5774 Comm: syz-executor6 Not tainted 4.16.0+ #84 [ 67.166793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.176147] Call Trace: [ 67.178725] [ 67.180879] dump_stack+0x185/0x1d0 [ 67.184513] ? ipv6_destopt_rcv+0x3df/0xde0 [ 67.188837] kmsan_report+0x142/0x240 [ 67.192637] __msan_warning_32+0x6c/0xb0 [ 67.196708] ipv6_destopt_rcv+0x3df/0xde0 [ 67.200862] ? ipv6_rthdr_rcv+0x3ea0/0x3ea0 [ 67.205186] ip6_input_finish+0xa62/0x2110 [ 67.209425] ? ip6table_filter_hook+0xb5/0xe0 [ 67.213919] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 67.219289] ip6_mc_input+0x697/0x740 [ 67.223088] ? ip6_input+0x320/0x320 [ 67.225974] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 67.226798] ? ip6_input_finish+0x2110/0x2110 [ 67.226812] ipv6_rcv+0x20ec/0x26d0 [ 67.226826] ? local_bh_enable+0x40/0x40 [ 67.226850] __netif_receive_skb_core+0x47cf/0x4a80 [ 67.226861] ? rb_insert_color+0xa4/0x1300 [ 67.226875] ? kmsan_internal_memset_shadow_inline+0xc0/0xd0 [ 67.226889] ? ip6_rcv_finish+0x4d0/0x4d0 [ 67.226913] process_backlog+0x62d/0xe20 [ 67.234414] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 67.238831] ? rps_trigger_softirq+0x2f0/0x2f0 [ 67.238840] net_rx_action+0x7c1/0x1a70 [ 67.238858] ? net_tx_action+0xab0/0xab0 [ 67.238872] __do_softirq+0x56d/0x93d [ 67.238888] do_softirq_own_stack+0x2a/0x40 [ 67.238905] [ 67.260681] netlink: 'syz-executor1': attribute type 29 has an invalid length. [ 67.261561] do_softirq+0xb6/0xf0 [ 67.261578] dev_loopback_xmit+0x8b0/0x900 [ 67.261598] ip6_finish_output2+0x5e6/0x1f20 [ 67.261612] ? validate_xmit_skb+0x1320/0x1320 [ 67.261632] ip6_finish_output+0xb3f/0xc00 [ 67.261659] ip6_output+0x597/0x6c0 [ 67.265860] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. [ 67.269840] ? ip6_output+0x6c0/0x6c0 [ 67.269856] ? ac6_seq_show+0x200/0x200 [ 67.269870] ip6_local_out+0x573/0x640 [ 67.269884] ? __ip6_local_out+0x4f0/0x4f0 [ 67.269912] ip6_push_pending_frames+0x218/0x4d0 [ 67.361786] rawv6_sendmsg+0x4500/0x4cc0 [ 67.365832] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 67.371186] ? rw_copy_check_uvector+0x5af/0x6c0 [ 67.375944] ? compat_rawv6_ioctl+0x30/0x30 [ 67.380245] inet_sendmsg+0x48d/0x740 [ 67.384040] ? security_socket_sendmsg+0x9e/0x210 [ 67.388881] ? inet_getname+0x500/0x500 [ 67.392853] ___sys_sendmsg+0xec0/0x1310 [ 67.396899] ? __fdget+0x4e/0x60 [ 67.400247] ? __fget_light+0x56/0x710 [ 67.404114] ? __fdget+0x4e/0x60 [ 67.407457] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 67.412800] ? __fget_light+0x6b9/0x710 [ 67.416757] SYSC_sendmsg+0x2a3/0x3d0 [ 67.420542] SyS_sendmsg+0x54/0x80 [ 67.424062] do_syscall_64+0x309/0x430 [ 67.427929] ? ___sys_sendmsg+0x1310/0x1310 [ 67.432233] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 67.437401] RIP: 0033:0x455389 [ 67.440578] RSP: 002b:00007f9d89344c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.448289] RAX: ffffffffffffffda RBX: 00007f9d893456d4 RCX: 0000000000455389 [ 67.455539] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000013 [ 67.462796] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 67.470054] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 67.477304] R13: 00000000000004d5 R14: 00000000006fa498 R15: 0000000000000000 [ 67.484558] [ 67.486161] Uninit was stored to memory at: [ 67.490465] kmsan_internal_chain_origin+0x12b/0x210 [ 67.495556] kmsan_memcpy_origins+0x11d/0x170 [ 67.500038] __msan_memcpy+0x19f/0x1f0 [ 67.503918] skb_copy_bits+0x63a/0xdb0 [ 67.507785] __pskb_pull_tail+0x483/0x22e0 [ 67.512001] ipv6_destopt_rcv+0x660/0xde0 [ 67.516131] ip6_input_finish+0xa62/0x2110 [ 67.520353] ip6_mc_input+0x697/0x740 [ 67.524135] ipv6_rcv+0x20ec/0x26d0 [ 67.527744] __netif_receive_skb_core+0x47cf/0x4a80 [ 67.532744] process_backlog+0x62d/0xe20 [ 67.536791] net_rx_action+0x7c1/0x1a70 [ 67.540755] __do_softirq+0x56d/0x93d [ 67.544537] Uninit was created at: [ 67.548059] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 67.553758] kmsan_alloc_page+0x82/0xe0 [ 67.557714] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 67.562447] alloc_pages_current+0x6b5/0x970 [ 67.566833] skb_page_frag_refill+0x3ba/0x5e0 [ 67.571314] sk_page_frag_refill+0xa4/0x340 [ 67.575624] __ip6_append_data+0x1a20/0x4bb0 [ 67.580031] ip6_append_data+0x40e/0x6b0 [ 67.584077] rawv6_sendmsg+0x2787/0x4cc0 [ 67.588116] inet_sendmsg+0x48d/0x740 [ 67.591909] ___sys_sendmsg+0xec0/0x1310 [ 67.595948] SYSC_sendmsg+0x2a3/0x3d0 [ 67.599731] SyS_sendmsg+0x54/0x80 [ 67.603248] do_syscall_64+0x309/0x430 [ 67.607122] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 67.612291] ================================================================== [ 67.619631] Disabling lock debugging due to kernel taint [ 67.625070] Kernel panic - not syncing: panic_on_warn set ... [ 67.625070] [ 67.632427] CPU: 0 PID: 5774 Comm: syz-executor6 Tainted: G B 4.16.0+ #84 [ 67.640546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.649883] Call Trace: [ 67.652451] [ 67.654584] dump_stack+0x185/0x1d0 [ 67.658191] panic+0x39d/0x940 [ 67.661375] ? ipv6_destopt_rcv+0x3df/0xde0 [ 67.665677] kmsan_report+0x238/0x240 [ 67.669456] __msan_warning_32+0x6c/0xb0 [ 67.673507] ipv6_destopt_rcv+0x3df/0xde0 [ 67.677652] ? ipv6_rthdr_rcv+0x3ea0/0x3ea0 [ 67.681955] ip6_input_finish+0xa62/0x2110 [ 67.686169] ? ip6table_filter_hook+0xb5/0xe0 [ 67.690660] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 67.696016] ip6_mc_input+0x697/0x740 [ 67.699807] ? ip6_input+0x320/0x320 [ 67.703504] ? ip6_input_finish+0x2110/0x2110 [ 67.707978] ipv6_rcv+0x20ec/0x26d0 [ 67.711585] ? local_bh_enable+0x40/0x40 [ 67.715634] __netif_receive_skb_core+0x47cf/0x4a80 [ 67.720630] ? rb_insert_color+0xa4/0x1300 [ 67.724858] ? kmsan_internal_memset_shadow_inline+0xc0/0xd0 [ 67.730637] ? ip6_rcv_finish+0x4d0/0x4d0 [ 67.734771] process_backlog+0x62d/0xe20 [ 67.738815] ? rps_trigger_softirq+0x2f0/0x2f0 [ 67.743377] net_rx_action+0x7c1/0x1a70 [ 67.747333] ? net_tx_action+0xab0/0xab0 [ 67.751374] __do_softirq+0x56d/0x93d [ 67.755158] do_softirq_own_stack+0x2a/0x40 [ 67.759457] [ 67.761677] do_softirq+0xb6/0xf0 [ 67.765110] dev_loopback_xmit+0x8b0/0x900 [ 67.769334] ip6_finish_output2+0x5e6/0x1f20 [ 67.773738] ? validate_xmit_skb+0x1320/0x1320 [ 67.778317] ip6_finish_output+0xb3f/0xc00 [ 67.782535] ip6_output+0x597/0x6c0 [ 67.786150] ? ip6_output+0x6c0/0x6c0 [ 67.789940] ? ac6_seq_show+0x200/0x200 [ 67.793902] ip6_local_out+0x573/0x640 [ 67.797782] ? __ip6_local_out+0x4f0/0x4f0 [ 67.802000] ip6_push_pending_frames+0x218/0x4d0 [ 67.806742] rawv6_sendmsg+0x4500/0x4cc0 [ 67.810800] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 67.816158] ? rw_copy_check_uvector+0x5af/0x6c0 [ 67.820922] ? compat_rawv6_ioctl+0x30/0x30 [ 67.825235] inet_sendmsg+0x48d/0x740 [ 67.829022] ? security_socket_sendmsg+0x9e/0x210 [ 67.833854] ? inet_getname+0x500/0x500 [ 67.837819] ___sys_sendmsg+0xec0/0x1310 [ 67.841873] ? __fdget+0x4e/0x60 [ 67.845219] ? __fget_light+0x56/0x710 [ 67.849094] ? __fdget+0x4e/0x60 [ 67.852460] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 67.857816] ? __fget_light+0x6b9/0x710 [ 67.861778] SYSC_sendmsg+0x2a3/0x3d0 [ 67.865580] SyS_sendmsg+0x54/0x80 [ 67.869122] do_syscall_64+0x309/0x430 [ 67.873010] ? ___sys_sendmsg+0x1310/0x1310 [ 67.877339] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 67.882530] RIP: 0033:0x455389 [ 67.885723] RSP: 002b:00007f9d89344c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.893444] RAX: ffffffffffffffda RBX: 00007f9d893456d4 RCX: 0000000000455389 [ 67.900717] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000013 [ 67.907992] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 67.915262] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 67.922533] R13: 00000000000004d5 R14: 00000000006fa498 R15: 0000000000000000 [ 67.930282] Dumping ftrace buffer: [ 67.933810] (ftrace buffer empty) [ 67.937492] Kernel Offset: disabled [ 67.941092] Rebooting in 86400 seconds..