INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts. 2018/04/17 14:48:35 fuzzer started 2018/04/17 14:48:36 dialing manager at 10.128.0.26:43021 2018/04/17 14:48:43 kcov=true, comps=false 2018/04/17 14:48:47 executing program 0: 2018/04/17 14:48:47 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000eb0fb8)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18}, [], {0x95}}, &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f00006ab000)=""/183}, 0x48) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='tunl0\x00', 0x10) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f00000002c0)={0xffffffffffffffff}) sendmsg$nl_xfrm(r3, &(0x7f0000000780)={&(0x7f0000000200)={0x10}, 0xc, &(0x7f0000000740)={&(0x7f0000000480)=@updpolicy={0xb8, 0x19, 0x0, 0x0, 0x0, {{@in=@loopback=0x7f000001, @in6=@mcast1={0xff, 0x1, [], 0x1}}}}, 0xffcb}, 0x1}, 0x0) 2018/04/17 14:48:47 executing program 7: syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="85a970b0146bffffffffffff86dd6076605100303afffe8000000000000000000000000000ffff020000000000000000000000000001860090780414580060c5961e0000000500000000000000000503000004000001ff020000000000000000000000000001"], 0x0) 2018/04/17 14:48:47 executing program 2: ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x281769}) bpf$PROG_LOAD(0x5, &(0x7f00006f4fb8)={0x1, 0x5, &(0x7f0000002000)=@framed={{0x18}, [@jmp={0x5}], {0x95}}, &(0x7f0000000180)='syzkaller\x00', 0xea4c, 0x312, &(0x7f000000a000)=""/195}, 0x48) 2018/04/17 14:48:47 executing program 3: futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000dac000), &(0x7f0000048000)=0x1, 0x0) 2018/04/17 14:48:47 executing program 4: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000000000), &(0x7f0000048000), 0x0) socket$inet6(0xa, 0x0, 0x0) truncate(&(0x7f0000767ff8)='./file0\x00', 0x0) 2018/04/17 14:48:47 executing program 5: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000dfdfee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000040)=""/121) 2018/04/17 14:48:47 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f00000b2000)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2, @multicast1=0xe0000001}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000c69fc0)=[{0x4}, {}, {}, {}, {}, {}, {}, {}], 0x8) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff, 0x10000007fffffff}, 0x14) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x0, 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f0000001080)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20}, [{}], "", [[], [], [], [], []]}, 0x558) syzkaller login: [ 48.920932] ip (3735) used greatest stack depth: 54672 bytes left [ 49.387808] ip (3775) used greatest stack depth: 54312 bytes left [ 50.150273] ip (3852) used greatest stack depth: 54200 bytes left [ 50.580391] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.586934] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.625210] device bridge_slave_0 entered promiscuous mode [ 50.654659] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.661220] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.679791] device bridge_slave_0 entered promiscuous mode [ 50.745394] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.752121] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.784485] device bridge_slave_0 entered promiscuous mode [ 50.802909] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.809456] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.831286] device bridge_slave_0 entered promiscuous mode [ 50.845294] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.851795] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.879129] device bridge_slave_0 entered promiscuous mode [ 50.900419] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.906936] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.917136] device bridge_slave_1 entered promiscuous mode [ 50.933914] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.940460] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.956090] device bridge_slave_0 entered promiscuous mode [ 50.963703] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.970208] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.990529] device bridge_slave_0 entered promiscuous mode [ 51.017843] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.024381] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.040783] device bridge_slave_1 entered promiscuous mode [ 51.068439] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.075132] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.097562] device bridge_slave_1 entered promiscuous mode [ 51.113862] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.120374] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.131376] device bridge_slave_1 entered promiscuous mode [ 51.141296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.151922] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.158411] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.183231] device bridge_slave_1 entered promiscuous mode [ 51.196584] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.203170] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.221236] device bridge_slave_1 entered promiscuous mode [ 51.229104] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.235622] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.259860] device bridge_slave_0 entered promiscuous mode [ 51.269401] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.277932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.285516] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.292098] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.330147] device bridge_slave_1 entered promiscuous mode [ 51.339732] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.351000] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.362021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.391218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.472179] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.478729] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.515114] device bridge_slave_1 entered promiscuous mode [ 51.526512] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.533958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.547650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.558755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.572594] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.580355] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.740915] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.826449] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.991859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.339777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.510334] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.562299] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.579944] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.592729] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.611870] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.640828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.760234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.774159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.839681] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.861716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.871898] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.885890] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.090657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.154632] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.370849] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.655639] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.729539] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.755805] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.840466] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.856784] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.876401] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.912412] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.944204] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.976346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.071981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.090883] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.126917] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.152446] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.162569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.179467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.214366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.223264] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.230551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.271672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.297411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.314563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.338748] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.348207] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.355954] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.364495] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.379187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.401068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.433358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.462880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.483414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.500219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.520461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.527671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.537206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.556282] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.565453] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.584586] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.595433] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.603106] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.611166] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.621240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.653236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.685408] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.692709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.712909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.735436] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.743373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.763881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.795430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.822820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.854855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.877598] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.905568] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.912577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.933663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.140212] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.147735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.160169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.182520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.199662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.250309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.385946] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.393812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.406813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.883837] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.890381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.897322] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.903814] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.957672] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.964357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.995812] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.002328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.009291] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.015949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.054106] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.102290] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.108816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.115752] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.122251] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.185956] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.198924] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.205502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.212487] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.219011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.275178] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.295900] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.302423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.309325] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.315824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.352133] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.370403] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.376940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.383866] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.390383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.462023] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.883471] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.890015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.896986] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.903507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.954124] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.971101] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.978021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.985090] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.991614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.017698] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.033299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.059818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.093147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.122810] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.144817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.166754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.183995] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.853678] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 66.973116] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.036574] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.121831] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.197196] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.217185] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.618170] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.697696] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.704018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.721675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.760311] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.766843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.780281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.888998] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.895304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.906932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.936429] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.970148] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.976536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.993304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.028816] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.040125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.077789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.112560] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.125576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.139107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.549969] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.556405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.564625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.899752] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.906221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.916720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/17 14:49:14 executing program 7: r0 = socket(0x400000010, 0x3, 0x0) recvmsg$kcm(r0, &(0x7f0000000340)={&(0x7f00000000c0)=@ethernet, 0x80, &(0x7f0000001500)=[{&(0x7f0000000380)=""/150, 0x96}, {&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000002c0)=""/24, 0x18}, {&(0x7f0000000440)=""/146, 0x80}, {&(0x7f0000000500)=""/4096, 0x1000}], 0x5}, 0x0) write(r0, &(0x7f0000000200)="260000005e0009fff185000024000008004665000002fb4b35ea000000000000000000000000", 0x26) 2018/04/17 14:49:16 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000001040)=[{0x10, 0x84, 0x5}], 0x10}}], 0x1, 0x0) 2018/04/17 14:49:16 executing program 2: ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x281769}) bpf$PROG_LOAD(0x5, &(0x7f00006f4fb8)={0x1, 0x5, &(0x7f0000002000)=@framed={{0x18}, [@jmp={0x5}], {0x95}}, &(0x7f0000000180)='syzkaller\x00', 0xea4c, 0x312, &(0x7f000000a000)=""/195}, 0x48) 2018/04/17 14:49:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000c6eff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000180)=""/52, 0x34}], 0x1) ioctl$TCSETSW(r0, 0x5403, &(0x7f00000000c0)) 2018/04/17 14:49:16 executing program 5: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x70, 0x1e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) write(r0, &(0x7f0000000000)="260000002200470105001e000000000000006d20002b1f00c00000000000000000c7033500b0", 0x26) 2018/04/17 14:49:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f00000004c0)="2f6578650000003d38729f71c22228f807e3c2f98d0d02812e3ca05fc31e623a2a051fc20fa5a02d84267a0067ac7888a52a771e0946989a500000000000002efdabd0512782c2474e0a8c17538091e53bdc54aa574b0615a98c9046be02000000744fcc54b400de040000000000741af382eca5fcd5c3fd0000e4c75fae864cc0fce7514c133f17a1003b735d3d5b3e10b683128034ec6e19ed879a810a401f95b9860b41b3b8683ac1b6f21c21769cbd07a9b0f2ab9711ecaaf67a7a74beef377c60b435f3eee826d174ca7516e89abcebd589104d80402acce68d7ae101c57bbc26c33df519152ef8daf388b20fbc8c55cdb7d471a822531e7d7b88bbb269d72051d90400006e53827a8bdd4f7c3fba515adeb8e68d965b0a52ec80d74eebb4c2904be489d2d473dab9f302545f6fd2973979092a404bdee5aad5d3eb20cb69f2e8c01eab7fbf98463fcdeb034f041dbd1cd779e40828d9db22f3e839a3f98a0e6ac2312fb1f95ffb6e97c6cc55353b7301984f08f9ca247456b5628692d5e443455794a27c4b194226b60a3b19bf09a2595e1d5aa5eb62934533af467d7de9c30c5f7b4db1f048c64587b71b2be65c780000000000003bc02e4e31068fdc1d11945e52ce1d1abb6d8cd96ece6412b8953e84f65ed421f44bf8f1a6f24a43c2aaa8bd43d468cc0b4393c453a571a93dbee0b82944eefc45dfd11e4200cb6dba860a79f057406b0482db01ae0099bb18458945b1f7409f84e26571cbeaa21769a739f1aaec2fa77238dd83565ed2fc11d4962822ca2ba3ae33bebb5b1acc79d9e7e6e3") fgetxattr(r0, &(0x7f0000000000)=@known='user.syz\x00', &(0x7f0000000040)=""/13, 0xd) 2018/04/17 14:49:16 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f00000b2000)=0xffffffffffffffff, 0x4) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2, @multicast1=0xe0000001}, 0x10) connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e) sendto$inet(r0, &(0x7f00005c9000), 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000c69fc0)=[{0x4}, {}, {}, {}, {}, {}, {}, {}], 0x8) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000965fec)={0x0, 0x800000000000852b, 0xffff, 0x10000007fffffff}, 0x14) sendto$inet(r0, &(0x7f0000000300)='U', 0x1, 0x0, 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f0000001080)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20}, [{}], "", [[], [], [], [], []]}, 0x558) 2018/04/17 14:49:16 executing program 7: r0 = socket(0x400000010, 0x3, 0x0) recvmsg$kcm(r0, &(0x7f0000000340)={&(0x7f00000000c0)=@ethernet, 0x80, &(0x7f0000001500)=[{&(0x7f0000000380)=""/150, 0x96}, {&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000002c0)=""/24, 0x18}, {&(0x7f0000000440)=""/146, 0x80}, {&(0x7f0000000500)=""/4096, 0x1000}], 0x5}, 0x0) write(r0, &(0x7f0000000200)="260000005e0009fff185000024000008004665000002fb4b35ea000000000000000000000000", 0x26) 2018/04/17 14:49:16 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18010000120001030000000000000000e0000001000000000000000000000000000000000000000008000c0000000000ac000700fe800000000000000000000000000000ff01000000000000000000000000000100000000000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031d68fdf4775e4380fa40e86cae100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000f000000000000000000080018000000000028001a0000000000000000000000000000000000ac14140000000000000000000000000000000000"], 0x3}, 0x1}, 0x0) 2018/04/17 14:49:16 executing program 0: ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) sendmsg(r0, &(0x7f0000021fc8)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000240)="5ab74c9a572f32741936ccd7f0f0fcc594f50d0a26c6c567e09cc8924d772b985d4031306a4ceef27ee9f607e643f2c6b041ecbc1f65b7f9c01006ad73ba0c86f99b66fc", 0x44}], 0x1, &(0x7f0000005000)}, 0xc100) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002ff0)=[{&(0x7f000002affd)="bc", 0x1}], 0x1, &(0x7f000002d000)}, 0x0) recvmsg(r0, &(0x7f0000000200)={&(0x7f0000022ff8)=@sco, 0x8, &(0x7f0000000340)=[{&(0x7f0000000380)=""/195}], 0x362, &(0x7f0000029000)=""/56, 0xfffffe86}, 0x0) 2018/04/17 14:49:16 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa}, 0x1c) 2018/04/17 14:49:16 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) migrate_pages(r1, 0x2, &(0x7f0000000200), &(0x7f0000000240)=0x101) r2 = openat$cgroup_ro(r0, &(0x7f0000000000)='rdma.current\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x7, 0xf, 0x20, 0x19, "bd03e8577e9ff380aa818dd044c05ea18d6d2244f5536b8f83659fe5d05c3647fbb20ec0e3ccf29e598c0cf01de7abc83132b176b3552c8767c9eecfa31a8d49", "95290ce976ed853f9364a9d52ac482e487eabbc9b2d5323e02955339fac7f3f3", [0x2, 0xffffffff]}) [ 75.255774] ================================================================== [ 75.263219] BUG: KMSAN: uninit-value in csum_partial+0x78e/0x850 [ 75.269384] CPU: 1 PID: 5755 Comm: syz-executor0 Not tainted 4.16.0+ #84 [ 75.276233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.285696] Call Trace: [ 75.288383] [ 75.290555] dump_stack+0x185/0x1d0 [ 75.294211] ? csum_partial+0x78e/0x850 [ 75.298559] kmsan_report+0x142/0x240 [ 75.302384] __msan_warning_32+0x6c/0xb0 [ 75.306474] csum_partial+0x78e/0x850 [ 75.310304] csum_partial_ext+0x89/0xa0 [ 75.314391] __skb_checksum+0x6d4/0x1010 [ 75.318520] ? skb_checksum+0x120/0x120 [ 75.322538] skb_checksum+0xec/0x120 [ 75.326275] ? skb_checksum+0x120/0x120 [ 75.330270] ? csum_partial_ext+0xa0/0xa0 [ 75.334499] __skb_checksum_complete+0x90/0x400 [ 75.339188] __udp6_lib_rcv+0x21e1/0x3920 [ 75.343551] ? ip6_input_finish+0x55c/0x2110 [ 75.348080] ? __msan_metadata_ptr_for_load_8+0x10/0x20 2018/04/17 14:49:16 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect(r0, &(0x7f00000fefe4)=@in6={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000000)={'bridge_slave_0\x00', {0x2, 0x4e20}}) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000706000)=@routing, 0x8) sendmsg(r0, &(0x7f00000c8fc8)={0x0, 0x0, &(0x7f00000e5000)=[{&(0x7f0000063ffb)="d5c0", 0x2}], 0x1, &(0x7f0000000100)=[{0x30, 0x103, 0xff, "deb9c0ceef64ceb74dfb62e35841bb95fac32f62aa4670166ad784"}, {0x1010, 0x97a41f435dc079e5, 0x7, "1945793c01345a0e31e44c85c0049cf13c050dc2811e03078721cc93b993dcbc2f5845d6392cbc3becbdc1e27b3b537d1bd17daba884e786724b6f8ea503940676a4c5bf8c4c665f2f5fb43d76f299db586d6fbb580841e138fbc1df992255c087337c0753e4174cbd91f45f9f2c05be4076cfbc32db6215ca33ba5a3979f939e0d4a4b51d618f7972c0542915adc32499937bee06d6f3c8be68df7193145d9d88c0ed0aa948cfd5b82a5aabb8633c70ca38608331de73781089a0945be8d5e261772a6eeb36b1cb355f1bf01a8ff6e2c9f394e0c2b25dd76a7548f7cdd549b8ae12d8d279489ff6df25355e00ee037b07149066ec0df4619cff79a3e499157af1c94ed64aa525e02ecef0f4265c03f66a5964d16993f08b401cdedcbac727d5f4262e1a40cdd5903856d7ffafff532bc50f2f1286796777bcc732ca851e24de3de6238dd62d94f4e351a8a434cf6472d4eeb25c63199e929257b95144578c453a7f39853dbe241f9bf9c9b14467daa2bcea17d4490f7a1110ecf39fa510427095c46af1ab466a139f7f6f13469d3f34f6d7e72c04cc4046585554f83edf92a0ece22928db878bd67209d6dc14aab69786ca4e8211d6d98a0ef443b249abb7a669e47748ceddd67a0ebb630014799a2883c502f01598567b66b47018e9dbbec313c78cc1397adcb8b8b9040cb301a9460849e95291ef9af08fcac7a042ead180874583b69fdfc4c27f29122e3ace9dc0044b530bedd403f8b5eaaaee6092583576d4fb88391f65413ded6acefe83c18f0ddb5aecd856b9c73a4fdc27631f144998bd7532d9d0c9b1abfe4d74a3dbb40b3935d80031dbe6d716954eb41a5a977eb74d2ab390bd27d077dfdd7a55e048c94b4842baa341c5ac41678d824420240afb02c05000064b66cfd1cf6fdbf98d5d41126f127593ccdc5f0e0d1417dba4b5d8bc9673796b2c6fa60d92cbead7bbeb0d5c9d82301d69c4d234e870ff696b3eca02d2a2672923961c0254e3de4f69f71c39a0aa2430f2a0adc9169d7a0eb37afd287b1f52a412c83bbadd85c6ac0058578eb592972c439b20972a9820119e3207f553939a61c5531bea757f047e5b9bb9e8c8b4951257d44c20bd6e170fb1fe372eba3e419ea03857d0dbc57e567522280bb5be3b97f6cfb686e538a4473b6fa2e5aed435784d99ec70addc16669a1b5e29246240cd3165b125a2320db955a6d4880b22a656bb14a6078975101d5102d71b1f9446814968ec55bb98417db63def7962828878d1fe0218673c82984ce9192b1447c9687d082d029b558dffd7ca4465a045400a87b02e07b242e47b4d78a38a18fa8c17febfc7605ed722771cf66b47e1db40543d04be9ce52cd7d90c2728e2d61bb2e13b34830fa2faf321bffebb862a4cf08e44911f1cdd5d3ab942a952e4547fec92eb6a1e90b31c65594ded3a81b6911a2303b6a4f7743f43d7a825fc5677656a73ecd3485f9dbe2bbc25c47f303097916b8c6590af20d2e8b23834c4391fcfd7971a06edc7e9c4a03c1a88e9b5ccef381850ae89bb9298394e8e43b98b3740c3d068dc64b310f0c6e7e72261e1e0c341048fb18fc453dc01aa7a59f12894f9f7a94f71ff50f6ea076952c8d7d2a459b3acc286555724ba1b020dc4194a653bd9423f0c4ede40cb5c96e1e4a78e5ded17931a29077b763f30420b11ff1d66d12126e29e457cbccc9c7cf905c6ce3ea9b8b4e7759ea4dab4b86b40683fad02851c06017e6c4b1f2a4dfce30829e933d721fe470b05537e7df3807f01112b999fdfbd6aa4a02c31f438de6e1a66e857cdeb18029177b15b9df321455a49d803e6ae83e8d6ea8d6773a9ae157327cef9df8e8d0a08d69c427c0e94b342fd20db54c7840c3a2fa64d9be09c2c355c3f597174ea6055c1ca4daf71a09571169f48641c7cb37146b453b3aad88096390c1fd2a2892384c7d933156f2182a00a299676d599d9dbd14c336bebb2a9b188ab67d69897e2a642da1574407c8b7ad38c91e0f1a97c790d3a90c8015772afa9c71e9bb326db2c7cfcbb5631f6b2400ecbf19ebb49f8cc4ea9ad83f986e8e09a0a3f0c28dc3b88a5cff1cde9ee7ed121e662852b011cd4ca593c1b316fa830e1a2308afeed040396d488a2c299e5fd333e30fd3f9f07750da1a80c7dcb4bc466b171d9a9666d99ac526e1670865712a57ee3e4e4e9d8c9f1d6887d151017b0a12ab3433beb88a772d0b93f4db5d53e55feeaacc0c9c18e187996359dcd926fc8286ccbe20c162b560c03875423457e1ab1bf46045f557fe575e6b309be8dcff3cc3162881f325868baf3978b52fd7dedb17289458f5c6ce365985ed194e602d13bc128e162ff6a8bf21f1b1d23e66deba77b3f6db29ecf6e2b9fb6b15b057530a07bc9f841580534a0d3ca16909b2b3be108e26b1c033fe08dec813d19191421ee8e32a34bfa8890a285ae2e73e0da082e0337b6774e3ad89cb9f9363bb655a4c63f1531ee88722bef13581e3f33c17b46dd09cc3dfa53e2d79fe439a47e8d8c912c48905ac80ef084e1d84f88dd4ae1cd8292ff8b05b315681f0b92698c1ee0e4279b98cc5e766dcc8b41e95678565da3b0cf4a3c6af5f292fa073b31bdff2789d50caa08d4c7e197f68ab61dcea49b62c74b884db1b65788003c66c33eab67727eaa5f06f1cd304013dad44e19d6a8f6b3e0e671f61ce5d02d9c45a1c6254ce69001175098320926e1a6f384d6e422ac8f89aced9c2e10d88dffb74a5943ad4518ef29ce07609abcdb115746cd1b1478059745acb39eb988537da29727d4385ab3aa6b8fa0cb1913a25ba3bfba233eb76464cb7d26cbd5c30e7161d82568856f049bcf991e9015ee11fa76c1b68ae135a730bead6796adbbb815af90eedd8999e2902fa86a764f9d2dd1dbebe48c587d2fe792892617b79e07da5f3868775521daab6f3b14ab82073509fa103bae044269539cb5a029d0a9e7bdb0918659f88d2eaebd4f4001ca7b34bca0212ef13d588615abb27de26989a4745501e135550c3c71b2f6e65d09c69e70c3bed5e32a4a56639337cfe3a3b9be28ebecfebb015c3aefcb6f1869ec9f107b521bdf1b23369350cad9deb1aba05c7f7486f49f0c8e787295c219f33a1460e223fdc974f46c8b1c4f7e4decd5816fe4cfe416c0e845db8db778041c58ad1fded0a0141485aae4f93ac8fb8430b27273f08ac28c5effe046c7cbe7b2bdf4df2b954846100f00ae724d6e688cbcb4a4c2557b36e62b5dffa07216b39b368185cfa64abc29be917c4dac33e84a043b1f6aebf400067be7afd2328c11b6ba3c4d364d3f1271a659589022be75ed473b016b45b065df7544589b412528cc19e40106fce35201a0d697fbecb8a222d86a5f6d601eaeba8269a1166f74c06e664a62f4fc324cc202d89f3cfdb7a9fcc528d230da50ddb6c852e5ef2ff2ad3caf2efaa77e64435c5fb12b842c36650afbe7a64bac101b06a4f9433d599fa1bf48a22a139c432a9002d4da00c04778717b3a51c6a561a930e67316ea23404b7e2de95b4433e9bbbfb69b25c2fead94eaec8649657f96c561fb15acfc4ad2fb05ab115965f8c76ee438ee888c3463f9f78b4af49776ef8bf35528f0d84155ce034897c5fb0923974b5e30f4454c26b56c2489ff2866cd1ff584723ce8dd4dfe025ea697c32aa5183ebee04c7b4f5957e67ac8aeae0e72a797e1aaf52729404e8adb5835782dfb3b47151c751649a8bbd687d1f9b197eac0db9b8266c7a3562ff1c0053b3b5945ab0737b250339f958c770d6e24c12c65aaa2e4dc830f7711622b04fb31cc4116fee2f932a582a4d01b7de696ecab3805be3bea8e60e9d46c37308530a3466ddb01585f2b0eeff0d6820a49ed1780157e787f9c3e458cf6a7a4823719ab14857b45d47b3cd6aa21f224ef38eb11463032a4bd1bf18bf13116168189fd019c815eb2e9988e6677d52883a6a50791ceeced677a73b0611e4e4d57330ceb2c17953f637f5fe04540568e41a484b77c95e020e47f913abdacbd51420d1a4468d0c97be2a4a0686c76b0d8d12eb4d01a874dec32763d9e271346360b15da59f443f75483b7988f1d439692cd0a3f801b8bf364e266a414bce82dfc44f1570da0a0fb53147f6d18d013fa8ba0332ddf70262f5a4b27eee78483bfb14c46b45aa472013ed650fb3c6da6cdecfeaa660667767da6f5732651cde6a7cd9c3461e79de88f8b075e1281894ca1768f109ae59e04651b9684c200417e64b045e954ace114b361417b583c7a4344a0a46aaa094a866462320d26612b069cce2ed31e33928faa738e046f4676b728972112692f48aeac9c6557e2dbccbf1777e8cb49cf1a2d11167d6a4f4db12265c7bed26e5db2d2783f7049f376ca6881a10d6e8ddffbaf7e9cdf9b1ab7fcbc59523b2f9464a9e8668edcddba4c64b648abdd7c400e36134fbbd16a65c62a5b773f2e9760cef16b328247d9df89685e98649515a2047c25ae8ab041979959090ee269687b5636066d1a4898f2a901ad60f98dfedac4a39acc479809073b62d4dc1797c60f6309b3e5a8d6b7faf16496e71b77da029b7e9472b8ed0a8f9c67168f63a324065b9834d34f67a3e178482ca2d0685015d520f84a1123ce361333e114f0285357796e0d795d042558db4bf254a7cba965dcd58b9c63442b3fcce4d0d7b84b146a0adecb9568af7992cf304a2460c7a7420d76b689aef5c482f1cabc96998131b961502fac8a961aa894daa8c90949f6ec1a72374ebe13ec86c920ec5aa590455a9f262ce12359fa8ca5a92ed370d4c52c95002b461978746c20c33adecb528384d1dc2200b736441bc7e479a9ce733b828de687aa9602a7ba25c9beedda0919cd1e9a5d45920a417b5545165a50f083ace326ff814fbfe8015e20b186322742cff44cf086febed6a82e4ea90be82d722004a60007695f6f471834fa29b426b65a1e2672f9541f921f4c849513d354fa31a6fb9487e8cfd4bbb28b43b84304953086fc5052963812b5ba96f3926037dcadfbec6f4b4fadff62c68219df535131afcc53523191d66b7c0db38c9d73edadfc07f26d569cc7c1fb1b1bd2c1b370618de112dbd21f32b8c4c46f2f6cdb82d6de9a750391ed05ee5623d71f486e73f40036a0d79a80cc3a4db2d0bdba8978ae78ec2fd19f7028c841025dd1c5f5823df47544adc7ac705b4f38dfdab2c6979c539fffed397d218592cde9494168a0e199355f5fc61bdff51d858d4a60fa4997f8c9cd18f9242d24f977119e69967f84e756cb8d8d5e2d79346514685d64af685006079bac5769249cd28ac6e93a7f8d41126fd9834f423ff8af76cc5fbecac8bbd743d5fda996b62b785592787c3ccf5168ad69afd080c17ebc60ec3c4642de59d320c997ea9f3f4d188f720a2a27473fb7aed1182207a8f1c65d6935562d54cd2e61c60b1f9c6607e42442ef4198f309953bc6bdbd3fa93a4448bea329038637add95cecf5ed68cbf8a6831f952fd9504ca8ee6095125ec9a2152cc61317d9d1d5c23c3adfab0b063283a775069ee2b956b7c43a4fe9ba98714c81318d9cc54a6b2bcd5bbd71f34c1af5757333f851fda3ceab77cf98c91a6c75b3538b5f8dfb0b6dad1dda0766bf3e71e8eff140a3361ff5ae3c531fb9caa2a5e40f3d5bab1ae88112a606d29999f7a0f334b0e7333a2d290852e29c85eb804c34945c75011a27991a7085f7fc65c26e63a669d798e65534896707eb110b708fafe26800e9b378672eb96eb9811f9e6ee61e648911d2a6c3a7c856c148"}], 0x1040}, 0x0) 2018/04/17 14:49:16 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0x7a) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0x2, 0x4) recvmmsg(r0, &(0x7f0000002e40)=[{{&(0x7f0000000080)=@vsock, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)=""/99, 0x63}], 0x1, &(0x7f0000000240)=""/75, 0x4b}, 0x5}, {{&(0x7f00000002c0)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000001840)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/255, 0xff}, {&(0x7f0000001440)=""/26, 0x1a}, {&(0x7f0000001480)=""/161, 0xa1}, {&(0x7f0000001540)=""/137, 0x89}, {&(0x7f0000001600)=""/215, 0xd7}, {&(0x7f0000001700)=""/47, 0x2f}, {&(0x7f0000001740)=""/53, 0x35}, {&(0x7f0000001780)=""/175, 0xaf}], 0x9, &(0x7f0000001a00)=""/232, 0xe8, 0x5}}, {{&(0x7f0000000000)=@pppoe={0x0, 0x0, {0x0, @remote}}, 0x21, &(0x7f0000002c00)=[{&(0x7f0000001980)=""/58, 0x3a}, {&(0x7f0000001b00)=""/213, 0xd5}, {&(0x7f0000001c00)=""/4096, 0x1000}], 0x3, &(0x7f0000002c40)=""/248, 0x7d, 0x4a71}, 0xfffffffffffffffb}, {{0x0, 0x0, &(0x7f0000002f40), 0x0, &(0x7f0000002d40)=""/164, 0xa4, 0x9}, 0x4}], 0x4, 0x62, 0x0) [ 75.353472] ? __local_bh_enable_ip+0x3b/0x140 [ 75.358087] udpv6_rcv+0x5c/0x70 [ 75.361496] ? udp_v6_early_demux+0x11a0/0x11a0 [ 75.366202] ip6_input_finish+0xa62/0x2110 [ 75.370471] ? ip6table_filter_hook+0xb5/0xe0 [ 75.375008] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 75.380396] ? ip6_input_finish+0x12a1/0x2110 [ 75.384917] ip6_input+0x294/0x320 [ 75.388474] ? ip6_input+0x320/0x320 [ 75.392222] ? ipv6_rcv+0x26d0/0x26d0 [ 75.396046] ipv6_rcv+0x20ec/0x26d0 [ 75.399696] ? local_bh_enable+0x40/0x40 [ 75.403793] __netif_receive_skb_core+0x47cf/0x4a80 [ 75.408835] ? try_to_wake_up+0x1ab2/0x20a0 [ 75.413187] ? kmsan_internal_memset_shadow_inline+0xc0/0xd0 [ 75.419021] ? ip6_rcv_finish+0x4d0/0x4d0 [ 75.423205] process_backlog+0x62d/0xe20 [ 75.427320] ? rps_trigger_softirq+0x2f0/0x2f0 [ 75.431935] net_rx_action+0x7c1/0x1a70 [ 75.435951] ? net_tx_action+0xab0/0xab0 [ 75.440143] __do_softirq+0x56d/0x93d [ 75.443977] do_softirq_own_stack+0x2a/0x40 [ 75.448327] [ 75.450611] __local_bh_enable_ip+0x114/0x140 2018/04/17 14:49:16 executing program 6: futex(&(0x7f0000000000), 0xf, 0x10000001, &(0x7f0000c44000)={0x77359400}, &(0x7f0000000040), 0x0) socketpair(0x3, 0x2, 0x9, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f00000000c0)) [ 75.455139] local_bh_enable+0x36/0x40 [ 75.459050] ip6_finish_output2+0x1b6c/0x1f20 [ 75.463581] ip6_finish_output+0xb3f/0xc00 [ 75.467836] ip6_output+0x597/0x6c0 [ 75.471477] ? ip6_output+0x6c0/0x6c0 [ 75.475294] ? ac6_seq_show+0x200/0x200 [ 75.479291] ip6_local_out+0x573/0x640 [ 75.483211] ? __ip6_local_out+0x4f0/0x4f0 [ 75.487471] ip6_send_skb+0xfa/0x380 [ 75.491211] udp_v6_send_skb+0x116a/0x1880 [ 75.495579] udpv6_sendmsg+0x15f4/0x45b0 [ 75.499675] ? rw_copy_check_uvector+0x5af/0x6c0 [ 75.504461] ? rw_copy_check_uvector+0x643/0x6c0 [ 75.509246] ? ip_copy_metadata+0xac0/0xac0 [ 75.513604] ? udpv6_queue_rcv_skb+0x1c60/0x1c60 [ 75.518389] inet_sendmsg+0x48d/0x740 [ 75.522218] ? security_socket_sendmsg+0x9e/0x210 [ 75.527094] ? inet_getname+0x500/0x500 [ 75.531097] ___sys_sendmsg+0xec0/0x1310 [ 75.535191] ? __fdget+0x4e/0x60 [ 75.538586] ? __fget_light+0x56/0x710 [ 75.542521] ? __fdget+0x4e/0x60 [ 75.545909] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 75.551309] ? __fget_light+0x6b9/0x710 [ 75.555322] SYSC_sendmsg+0x2a3/0x3d0 [ 75.559160] SyS_sendmsg+0x54/0x80 [ 75.562753] do_syscall_64+0x309/0x430 [ 75.566757] ? ___sys_sendmsg+0x1310/0x1310 [ 75.571130] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 75.576337] RIP: 0033:0x455329 [ 75.579677] RSP: 002b:00007f4b6fa96c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.587407] RAX: ffffffffffffffda RBX: 00007f4b6fa976d4 RCX: 0000000000455329 [ 75.594688] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000014 2018/04/17 14:49:16 executing program 6: r0 = socket(0x20004000000015, 0x80005, 0x0) getsockname(r0, &(0x7f0000000100)=@nfc, &(0x7f0000000180)=0x80) getsockopt(r0, 0x200000000114, 0x6, &(0x7f0000001000)=""/1, &(0x7f0000000080)=0x1) accept(r0, &(0x7f00000001c0)=@nfc, &(0x7f0000000240)=0x80) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000280)) r1 = getpid() socketpair(0xb36f1d091a31e752, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000540)={0x0, 0x800, 0x7, 0x7}, &(0x7f0000000580)=0x10) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000005c0)={r3, 0x67c}, 0x8) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040)=r1) [ 75.602069] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 75.609355] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 75.616650] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 75.623932] [ 75.625558] Uninit was created at: [ 75.629116] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 75.634156] kmsan_alloc_page+0x82/0xe0 [ 75.638150] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 75.642981] alloc_pages_current+0x6b5/0x970 [ 75.647411] skb_page_frag_refill+0x3ba/0x5e0 [ 75.651935] sk_page_frag_refill+0xa4/0x340 [ 75.656288] __ip6_append_data+0x1a20/0x4bb0 [ 75.660739] ip6_append_data+0x40e/0x6b0 [ 75.665440] udpv6_sendmsg+0xfd5/0x45b0 [ 75.669455] inet_sendmsg+0x48d/0x740 [ 75.673286] ___sys_sendmsg+0xec0/0x1310 [ 75.677376] SYSC_sendmsg+0x2a3/0x3d0 [ 75.681295] SyS_sendmsg+0x54/0x80 [ 75.684870] do_syscall_64+0x309/0x430 [ 75.689563] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 75.694848] ================================================================== [ 75.702230] Disabling lock debugging due to kernel taint [ 75.707695] Kernel panic - not syncing: panic_on_warn set ... [ 75.707695] [ 75.715081] CPU: 1 PID: 5755 Comm: syz-executor0 Tainted: G B 4.16.0+ #84 [ 75.723228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.732597] Call Trace: [ 75.735191] [ 75.737365] dump_stack+0x185/0x1d0 [ 75.741008] panic+0x39d/0x940 [ 75.744263] ? csum_partial+0x78e/0x850 [ 75.748258] kmsan_report+0x238/0x240 [ 75.752102] __msan_warning_32+0x6c/0xb0 [ 75.756186] csum_partial+0x78e/0x850 [ 75.760017] csum_partial_ext+0x89/0xa0 [ 75.764018] __skb_checksum+0x6d4/0x1010 [ 75.768135] ? skb_checksum+0x120/0x120 [ 75.772141] skb_checksum+0xec/0x120 [ 75.775881] ? skb_checksum+0x120/0x120 [ 75.779885] ? csum_partial_ext+0xa0/0xa0 [ 75.784069] __skb_checksum_complete+0x90/0x400 [ 75.788769] __udp6_lib_rcv+0x21e1/0x3920 [ 75.792953] ? ip6_input_finish+0x55c/0x2110 [ 75.798019] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 75.803423] ? __local_bh_enable_ip+0x3b/0x140 [ 75.808126] udpv6_rcv+0x5c/0x70 [ 75.811530] ? udp_v6_early_demux+0x11a0/0x11a0 [ 75.816352] ip6_input_finish+0xa62/0x2110 [ 75.820616] ? ip6table_filter_hook+0xb5/0xe0 [ 75.826894] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 75.832297] ? ip6_input_finish+0x12a1/0x2110 [ 75.836823] ip6_input+0x294/0x320 [ 75.840411] ? ip6_input+0x320/0x320 [ 75.844155] ? ipv6_rcv+0x26d0/0x26d0 [ 75.847981] ipv6_rcv+0x20ec/0x26d0 [ 75.851630] ? local_bh_enable+0x40/0x40 [ 75.855729] __netif_receive_skb_core+0x47cf/0x4a80 [ 75.860778] ? try_to_wake_up+0x1ab2/0x20a0 [ 75.865160] ? kmsan_internal_memset_shadow_inline+0xc0/0xd0 [ 75.871075] ? ip6_rcv_finish+0x4d0/0x4d0 [ 75.875253] process_backlog+0x62d/0xe20 [ 75.879427] ? rps_trigger_softirq+0x2f0/0x2f0 [ 75.884029] net_rx_action+0x7c1/0x1a70 [ 75.888030] ? net_tx_action+0xab0/0xab0 [ 75.892121] __do_softirq+0x56d/0x93d [ 75.895951] do_softirq_own_stack+0x2a/0x40 [ 75.900273] [ 75.902534] __local_bh_enable_ip+0x114/0x140 [ 75.907047] local_bh_enable+0x36/0x40 [ 75.910956] ip6_finish_output2+0x1b6c/0x1f20 [ 75.915481] ip6_finish_output+0xb3f/0xc00 [ 75.919751] ip6_output+0x597/0x6c0 [ 75.923395] ? ip6_output+0x6c0/0x6c0 [ 75.927215] ? ac6_seq_show+0x200/0x200 [ 75.931211] ip6_local_out+0x573/0x640 [ 75.935125] ? __ip6_local_out+0x4f0/0x4f0 [ 75.939386] ip6_send_skb+0xfa/0x380 [ 75.943126] udp_v6_send_skb+0x116a/0x1880 [ 75.947388] udpv6_sendmsg+0x15f4/0x45b0 [ 75.951480] ? rw_copy_check_uvector+0x5af/0x6c0 [ 75.956255] ? rw_copy_check_uvector+0x643/0x6c0 [ 75.961028] ? ip_copy_metadata+0xac0/0xac0 [ 75.965376] ? udpv6_queue_rcv_skb+0x1c60/0x1c60 [ 75.970148] inet_sendmsg+0x48d/0x740 [ 75.973989] ? security_socket_sendmsg+0x9e/0x210 [ 75.978860] ? inet_getname+0x500/0x500 [ 75.982864] ___sys_sendmsg+0xec0/0x1310 [ 75.986943] ? __fdget+0x4e/0x60 [ 75.990304] ? __fget_light+0x56/0x710 [ 75.994292] ? __fdget+0x4e/0x60 [ 75.997647] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 76.003095] ? __fget_light+0x6b9/0x710 [ 76.007096] SYSC_sendmsg+0x2a3/0x3d0 [ 76.010926] SyS_sendmsg+0x54/0x80 [ 76.014484] do_syscall_64+0x309/0x430 [ 76.018385] ? ___sys_sendmsg+0x1310/0x1310 [ 76.022710] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 76.027913] RIP: 0033:0x455329 [ 76.031108] RSP: 002b:00007f4b6fa96c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.038801] RAX: ffffffffffffffda RBX: 00007f4b6fa976d4 RCX: 0000000000455329 [ 76.046072] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000014 [ 76.053346] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 76.060603] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 76.067959] R13: 00000000000004cc R14: 00000000006fa3c0 R15: 0000000000000000 [ 76.075917] Dumping ftrace buffer: [ 76.079467] (ftrace buffer empty) [ 76.083152] Kernel Offset: disabled [ 76.086756] Rebooting in 86400 seconds..