INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. net.ipv6.conf.syz_tun.accept_dad = 0 syzkaller login: [ 42.682670] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 42.828411] ip (4520) used greatest stack depth: 54312 bytes left [ 42.962679] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.969162] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.976577] device bridge_slave_0 entered promiscuous mode [ 42.997869] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.004273] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.011696] device bridge_slave_1 entered promiscuous mode [ 43.032677] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.053828] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.111674] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.135498] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.222944] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.230417] team0: Port device team_slave_0 added [ 43.250250] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.257770] team0: Port device team_slave_1 added [ 43.278222] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.301980] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.325751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.343971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 43.521498] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.527958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.534756] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.541148] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 44.189688] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.254989] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.320285] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.326535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.334703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.395384] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 44.751407] ================================================================== [ 44.758813] BUG: KMSAN: uninit-value in _decode_session4+0x11d3/0x1ce0 [ 44.765457] CPU: 0 PID: 4502 Comm: syz-executor427 Not tainted 4.16.0+ #87 [ 44.772444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.781776] Call Trace: [ 44.784372] dump_stack+0x185/0x1d0 [ 44.787988] ? _decode_session4+0x11d3/0x1ce0 [ 44.792465] kmsan_report+0x142/0x240 [ 44.796245] __msan_warning_32+0x6c/0xb0 [ 44.800289] _decode_session4+0x11d3/0x1ce0 [ 44.804592] __xfrm_decode_session+0x151/0x200 [ 44.809155] ? xfrm4_get_saddr+0x3c0/0x3c0 [ 44.813372] vti6_tnl_xmit+0x49b/0x2070 [ 44.817327] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 44.822671] ? vti6_dev_uninit+0x640/0x640 [ 44.826885] dev_hard_start_xmit+0x5f1/0xc70 [ 44.831290] __dev_queue_xmit+0x27ee/0x3520 [ 44.835600] ? sock_alloc_send_pskb+0xfee/0x1190 [ 44.840340] dev_queue_xmit+0x4b/0x60 [ 44.844120] ? __netdev_pick_tx+0xb60/0xb60 [ 44.848429] packet_sendmsg+0x7c70/0x8a30 [ 44.852557] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 44.857982] ? pagevec_lru_move_fn+0x490/0x4e0 [ 44.862546] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 44.867974] ? SYSC_mremap+0x228/0x1f40 [ 44.871927] ? kmsan_set_origin_inline+0x6b/0x120 [ 44.876748] ? __msan_poison_alloca+0x15c/0x1d0 [ 44.881398] ? __fdget+0x4e/0x60 [ 44.884743] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 44.890096] ? compat_packet_setsockopt+0x360/0x360 [ 44.895096] SYSC_sendto+0x6c3/0x7e0 [ 44.898820] SyS_sendto+0x8a/0xb0 [ 44.902256] do_syscall_64+0x309/0x430 [ 44.906125] ? SYSC_getpeername+0x560/0x560 [ 44.910426] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 44.915595] RIP: 0033:0x4418f9 [ 44.918766] RSP: 002b:00007ffcea97afc8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 44.926461] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004418f9 [ 44.933707] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 44.940954] RBP: 00000000006cd018 R08: 0000000020000000 R09: 000000000000001c [ 44.948202] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004025f0 [ 44.955451] R13: 0000000000402680 R14: 0000000000000000 R15: 0000000000000000 [ 44.962700] [ 44.964304] Uninit was created at: [ 44.967824] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 44.972913] kmsan_kmalloc+0x94/0x100 [ 44.976689] kmsan_slab_alloc+0x11/0x20 [ 44.980646] __kmalloc_node_track_caller+0xaed/0x11c0 [ 44.985813] __alloc_skb+0x2cf/0x9f0 [ 44.989527] alloc_skb_with_frags+0x1d4/0xb20 [ 44.994010] sock_alloc_send_pskb+0xb56/0x1190 [ 44.998581] packet_sendmsg+0x6454/0x8a30 [ 45.002708] SYSC_sendto+0x6c3/0x7e0 [ 45.006402] SyS_sendto+0x8a/0xb0 [ 45.009836] do_syscall_64+0x309/0x430 [ 45.013701] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 45.018862] ================================================================== [ 45.026194] Disabling lock debugging due to kernel taint [ 45.031620] Kernel panic - not syncing: panic_on_warn set ... [ 45.031620] [ 45.038962] CPU: 0 PID: 4502 Comm: syz-executor427 Tainted: G B 4.16.0+ #87 [ 45.047251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.056588] Call Trace: [ 45.059159] dump_stack+0x185/0x1d0 [ 45.062778] panic+0x39d/0x940 [ 45.065963] ? _decode_session4+0x11d3/0x1ce0 [ 45.070435] kmsan_report+0x238/0x240 [ 45.074213] __msan_warning_32+0x6c/0xb0 [ 45.078256] _decode_session4+0x11d3/0x1ce0 [ 45.082571] __xfrm_decode_session+0x151/0x200 [ 45.087135] ? xfrm4_get_saddr+0x3c0/0x3c0 [ 45.091365] vti6_tnl_xmit+0x49b/0x2070 [ 45.095320] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 45.100664] ? vti6_dev_uninit+0x640/0x640 [ 45.104876] dev_hard_start_xmit+0x5f1/0xc70 [ 45.109265] __dev_queue_xmit+0x27ee/0x3520 [ 45.113563] ? sock_alloc_send_pskb+0xfee/0x1190 [ 45.118300] dev_queue_xmit+0x4b/0x60 [ 45.122078] ? __netdev_pick_tx+0xb60/0xb60 [ 45.126377] packet_sendmsg+0x7c70/0x8a30 [ 45.130511] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 45.135938] ? pagevec_lru_move_fn+0x490/0x4e0 [ 45.140499] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 45.145928] ? SYSC_mremap+0x228/0x1f40 [ 45.149888] ? kmsan_set_origin_inline+0x6b/0x120 [ 45.154712] ? __msan_poison_alloca+0x15c/0x1d0 [ 45.159362] ? __fdget+0x4e/0x60 [ 45.162708] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 45.168060] ? compat_packet_setsockopt+0x360/0x360 [ 45.173065] SYSC_sendto+0x6c3/0x7e0 [ 45.176778] SyS_sendto+0x8a/0xb0 [ 45.180212] do_syscall_64+0x309/0x430 [ 45.184083] ? SYSC_getpeername+0x560/0x560 [ 45.188388] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 45.193555] RIP: 0033:0x4418f9 [ 45.196733] RSP: 002b:00007ffcea97afc8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 45.204419] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004418f9 [ 45.211668] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 45.218919] RBP: 00000000006cd018 R08: 0000000020000000 R09: 000000000000001c [ 45.226169] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004025f0 [ 45.233416] R13: 0000000000402680 R14: 0000000000000000 R15: 0000000000000000 [ 45.241126] Dumping ftrace buffer: [ 45.244642] (ftrace buffer empty) [ 45.248327] Kernel Offset: disabled [ 45.251929] Rebooting in 86400 seconds..