[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. 2020/06/06 17:03:45 fuzzer started 2020/06/06 17:03:46 dialing manager at 10.128.0.26:43479 2020/06/06 17:03:46 syscalls: 2810 2020/06/06 17:03:46 code coverage: enabled 2020/06/06 17:03:46 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/06/06 17:03:46 extra coverage: enabled 2020/06/06 17:03:46 setuid sandbox: enabled 2020/06/06 17:03:46 namespace sandbox: enabled 2020/06/06 17:03:46 Android sandbox: /sys/fs/selinux/policy does not exist 2020/06/06 17:03:46 fault injection: enabled 2020/06/06 17:03:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/06/06 17:03:46 net packet injection: enabled 2020/06/06 17:03:46 net device setup: enabled 2020/06/06 17:03:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/06/06 17:03:46 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/06/06 17:03:46 USB emulation: /dev/raw-gadget does not exist 17:07:08 executing program 0: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x151080, 0x0) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000040)=0x6bc, &(0x7f0000000080)=0x2) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x20200, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x24004090) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000240)={0x8, 0x2, 0x4, 0x40000000, 0xffffffff, {}, {0x2, 0x2, 0x6, 0x8, 0x3, 0x0, "7e86e034"}, 0x6a0, 0x4, @planes=&(0x7f0000000200)={0x800, 0xb4, @userptr=0x61f, 0x6}, 0x80000000, 0x0, 0xffffffffffffffff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = open(&(0x7f00000002c0)='./file0\x00', 0x801, 0x4) ioctl$TIOCCONS(r3, 0x541d) pipe2(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$KDADDIO(r4, 0x4b34, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f00000005c0)={0x9b0000, 0x7, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x980900, 0x5, [], @ptr=0x7}}) setsockopt$bt_BT_POWER(r5, 0x112, 0x9, &(0x7f0000000600)=0x8, 0x1) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000640)='/dev/vga_arbiter\x00', 0x200, 0x0) ioctl$TIOCGWINSZ(r6, 0x5413, &(0x7f0000000680)) r7 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendto$inet6(r7, &(0x7f00000006c0)="e24b17ec6d2dc612c38d6a71cf6c6c6746ca7cd9040136791002115bdee6ced81e088f22f6624730df441ec468679a40dc7c4a78a5423c1a8be01fd2b4e5b098d7d5bad9f616c82998f27b2a1b3448dcb22593c47f3083a3d9ad0942b41c31832a7a31cd8c2d119c44e064a94a6977b1bad18db7115139e20c77029763d1332dc518e1fbf22033771b308da7edbe2097030387e381283755bc585a21ae52ef0fa38d73511df7a67e0b140598ee9ef12ba31cd0ba1aeb326a6a021442faa3dd9908c6dbfb8e75cb85", 0xc8, 0x8000, &(0x7f00000007c0)={0xa, 0x4e23, 0x6, @mcast1, 0xc2}, 0x1c) ioctl$VIDIOC_G_ENC_INDEX(r0, 0x8818564c, &(0x7f0000000800)) r8 = perf_event_open$cgroup(&(0x7f0000001080)={0x4, 0x70, 0x98, 0x3f, 0x7f, 0x1, 0x0, 0xcb, 0x11, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000001040), 0x8}, 0x10c0, 0x0, 0x4, 0x3, 0x8, 0xd57}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x4) ioctl$FIOCLEX(r8, 0x5451) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000001140)="5516f02f29cf83137e72fa80cacf6bec25cb7f5d16d2d7cce16c6edcfdcf39950f046a27dcfc659dd92225571035844f7b2fe91c9b4288329715d4a3b231ec56a2460e1fd74b122919b7fe24677e403098037ecda556d8c9d832482508be8c2cebef019b6f942a9fcab48f438d74a7ae1fdb7b9239bc63adff26814bf1dcaf319fb1363c73ed7b16d8488ae6b676b50325ec730c4d41b872e011812a3aa3beaff8c24fca16d8569152b714ad30319889f138c19d2cdde4b66568a369f46dedf34627801ecb557fe9bbfbf67d7182800ff2e8a9c03e7260f73a00e86d23adf1ccbba5c2dea2a6ea88a794a6b03a07155a6acc500fae") syzkaller login: [ 284.919743][ T8822] IPVS: ftp: loaded support on port[0] = 21 [ 285.154714][ T8822] chnl_net:caif_netlink_parms(): no params data found [ 285.374711][ T8822] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.383796][ T8822] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.393161][ T8822] device bridge_slave_0 entered promiscuous mode [ 285.405709][ T8822] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.413434][ T8822] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.422664][ T8822] device bridge_slave_1 entered promiscuous mode [ 285.473219][ T8822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.487711][ T8822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.536095][ T8822] team0: Port device team_slave_0 added [ 285.547653][ T8822] team0: Port device team_slave_1 added [ 285.592770][ T8822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.599820][ T8822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.625917][ T8822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.639863][ T8822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.647070][ T8822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.673187][ T8822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.759780][ T8822] device hsr_slave_0 entered promiscuous mode [ 285.913754][ T8822] device hsr_slave_1 entered promiscuous mode [ 286.265491][ T8822] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 286.347317][ T8822] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 286.389072][ T8822] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 286.438714][ T8822] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 286.698509][ T8822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.730021][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 286.739324][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.758444][ T8822] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.775938][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 286.785953][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.795223][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.802470][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.826145][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 286.835702][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 286.845510][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.855141][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.862408][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.878238][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 286.904994][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 286.932343][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 286.942847][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 286.952871][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 286.963696][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 286.994446][ T8822] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 287.005025][ T8822] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 287.019125][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 287.029147][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 287.038687][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.049153][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 287.058648][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.100961][ T8822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.124019][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 287.133436][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 287.141043][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 287.179479][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 287.189317][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 287.211955][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 287.220836][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 287.244057][ T8822] device veth0_vlan entered promiscuous mode [ 287.254149][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 287.264599][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 287.283691][ T8822] device veth1_vlan entered promiscuous mode [ 287.328422][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 287.340216][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 287.349612][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 287.359405][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 287.378751][ T8822] device veth0_macvtap entered promiscuous mode [ 287.396503][ T8822] device veth1_macvtap entered promiscuous mode [ 287.427344][ T8822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.439106][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 287.449011][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 287.458200][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 287.467959][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 287.498677][ T8822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.508292][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 287.519912][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:07:11 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080), 0x800) 17:07:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x4000000028, 0x0, 0x0, 0x80000008}, {0x80000006}]}, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000080)='SMC_PNETID\x00') keyctl$session_to_parent(0x12) 17:07:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="640000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000003c00128008000100c96974003c00028008000100", @ANYRES32=r2, @ANYBLOB="06000e003f00000014000b000000000000000000000000000000010001000d000000000008000c9329cdea9ebd524bdf0400e0740000a93174d46c85c0aa24c8cee61b0af1bf1471f1b827c40f2d19f6ead26171697f31989db986f03055246d2ce4095a02c1f563cb60c8f1564489294b9b4d31427e106518d4d24be72393868e699490ce030022c57ab4da1cc9e2e1a3ea66ce1c8ab238d63c992a5a43896636af4644536415886fa36f0936154c5b371edaedc0b254a62d48349588bdb66897330f387cb478e78adc404b9073d34f7f18599f93e0efaeedb40f3d6f517d15cb2a7c6151461aa038f4ae967a637466c1a3e2d5270c4cba862b26dc9a234556d13d81e76d5baa96bed116ed749b5580ee4f9380889d2ab9274f3b7ecce0721896e8dffed30dca69fd29947f84322bc2f52b0a3d5f42ab8e2bfb230d525ce5e233d9190fcdde9728f06f55e53b2a38c05e6bf3"], 0x64}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$netlink(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x58, r5, 0xb03, 0x0, 0x0, {0x13}, [@TIPC_NLA_MON={0x2c}, @TIPC_NLA_NODE={0xe, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8}]}]}, 0x58}}, 0x0) sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000600)={0x314, r5, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x108, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @local}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x0, @private1={0xfc, 0x1, [], 0x1}, 0xfff}}}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8e6}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x101}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x98c}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}]}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x180b0822}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x200}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x62}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x49}]}, @TIPC_NLA_NODE={0x3c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4ef}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK={0x80, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}]}]}, @TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}]}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NET={0x50, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x10001}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1a}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5c44}]}, @TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf4e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}]}]}]}, 0x314}, 0x1, 0x0, 0x0, 0x41}, 0x0) [ 288.226803][ T9040] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 288.285928][ T9040] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 288.296031][ T9040] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 288.324204][ T9045] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 288.356731][ T9044] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 288.367726][ T9044] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 17:07:12 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@mcast1, @in, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x3c}, 0xa, @in=@empty, 0x0, 0x4}}, 0xe8) connect$inet6(r0, &(0x7f0000000a40)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000580)=@in={0x2, 0x4e20, @broadcast}, 0x80, 0x0}}], 0x2, 0x0) ioctl$SNDRV_PCM_IOCTL_START(0xffffffffffffffff, 0x4142, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, 0x0, 0x0) dup2(r2, r1) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f00000000c0)=@add_del={0x2, &(0x7f0000000080)='team_slave_0\x00'}) 17:07:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_GET_SECCOMP(0x15) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x24050010}, 0x2004088c) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="00000000100000df08000400", @ANYRES32=r3, @ANYBLOB="08001b0000000000"], 0x30}, 0x1, 0x0, 0x0, 0x24040082}, 0x0) sendmsg(r1, &(0x7f00000002c0)={&(0x7f0000000180)=@ipx={0x4, 0xffff, 0x2, "ad99e7ae0207", 0x9a}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000240)="4e126b4e57989d0e3fb52c1c6537ef49459709409eab43c6e6c5737c081b8263ed90c79fbf7f75fa7848dadd9c8a1bdf2b6d6d4572790b279cbb62aa4d3fe5d4916a531bbade2a0c2d0025981d", 0x4d}], 0x1, &(0x7f0000000600)=[{0xb0, 0x114, 0x4, "e43663b4bb328fcf65560cf479eb5ceb490c96087dca9ada5504ace49ebead0cc33903fdb60772241abf0dc960209b276cd9cb5f44a9960e6a65ae98e9997a3c4b18b309505ac8a6f7defd364c98a10fbf546ab511fd3f53c9958e2150e909813b318cd2b51a7ce16a88c5e186c44a33bc86bd3cb73b73ad13682ab1afc95565985e7d0e12599b88f45ea04b3c282e6ed8529ac28e7d521393ea921c"}, {0x20, 0x101, 0xf7, "cd7720c53ef5dc2ab6"}, {0x100, 0x19e, 0x4, "cfee51351ed811916dfd08b81a2debbf7ecfd48c1b20e414ef765cfc197027abf0ab839c3e4ad33bfd7ce36053307e9571bd290ad39c5f41f5f288f3102022f652a819c65d06e9e541284c182140858adb38ceaf716937f7a69104e19e0efb3c503b81d955165026d2f07893984893178b477cedbbb619d1fd96e114a0305bd17931ffbebc84f33f221b86bdd4d5b767675a0acf04ef1a7136212258a3f7aa42ce64d528915d5140d2f292b2a56f402097d57ffaaca374d73511de20f9b8b0c1a20443bfbffc8f10b020dfb17c2e83c5ed4e8146c6f6a8fe37ac5663955d33128eed1c9da77dbf9195b62666bc576c78"}, {0x108, 0x112, 0x1, "5b91598d030def6a4d9cd8d72340679910b09cfa611e63eb53a671b2b22b5f19621acaed1d505d97c65ab0f5a112699a56c764bbcca3b5fc54303525f8d64355c0c1837318a375f1127658e608ad998e909632c64c3e5c8997620cf50f2a83ec6b12ffe7b30292f6bb319c0130d6b72607fe59e6e9d9d9da576005c38496984cfb9f2f53aa3e65cb2c507f2509348cdbc1ee41a056f4ef18dc152245b8894c15d4e6c871baeeca1c163d5ed355707e2b9a0db58f41b7d8d6e1a0c36cb355ecb690505fb1337a23958c876cd1be34e4fe72ffbc21248a8d0249ed56ce66f5bf480a782bb9799c78f79fdc0e6ded86fc6ef8ef05"}, {0x30, 0x102, 0x1ff, "b6070f703d939e056a87c69f5f818d0c0e7a20db8c4a8acb2c22891085eb8c6a"}, {0xb8, 0x110, 0xcbf4, "10ccab568b4939c670eb1f2644adc3898ba586fbd0bbb7e152934d04efe23ff36ff70894b59eae2a3eaa1f577a2525153c88790aac3ab8b61c2daebfb63b1e877d288ca4863feaa632d26783d6528116204d1322206f8192d9845d7695aad8fe82127bac4ed0ade91bfb8ed600ecde67fe2714ced20e6497a89c08df391b0c2bf9b1982df6264efb952799cc87a695cbfb02830c381bb0cc91f35ab037b61392854664492898f3"}, {0xd0, 0x103, 0x6, "cac513132f18f39ebb8cc006724a0d88104506df4ee320e1f683c7a3cc29de24a71ec69ce6afe7ebec536c91782e3b1946b269ad7fb15e2a748564346a1437b69fea2f73d98c4eec8e0fece2859f959bad49cbc50988c8800e1db8c4a3eaf8dfbd220fece87c4c545d08bdcdc16c551e42cbecb827282f79243f718305e78520625299ed43a1bb19a8f8bb2f5249667dd59829a7a69cd61a0881543069ee49e6978ba76f745d3b03ca98c233ccf4947fbaa3da86dc3c2547d6d98d"}, {0x68, 0xff, 0x7fffffff, "5f0c0d052fe6f48c008db7ab01985ba3f332346beb2f2b36aee51dab2dddda518e8ce2ca6989d66c82210a82661f0589a56b4abbb5fa3aaa2bd24203797c43312d8befef026e47ba2f978cb455b3860ce2"}, {0xf8, 0x88, 0x6, "2bce5109d1ebfe0dc02577219a5d50422c7c2b2867c0c1cef330fd2b8427d0d703c85eb22c81bf010cd10628481bb512e9ec95fd17dbeed8fc42b0ec9554e4b7c2f77e83244077adfac7329071f54db51114910504ca995d229ac808c175d54adb5df6bac635e3ac0510e28675922edd73757a8e2b8746ca82cbb53dd6d0961f732eaa385c728c072e962a10fe1592ee16f1a93ace2623f0dc6ff656803905b574963dbd8eb895dbc870ecad12a64b6b88dbdeec27fc7e64882a54fc3014799763e5ba4f77d0a1f1eaa609b6a95e3b8aa3eb18840d23f50fb91deaa0f6ba95442af1e8b1df"}, {0xe8, 0x10c, 0xaec, "27665f2dbc61efdce0d546e244665ec2ba4b2fa9ea96d1bcef772485f2cbdb521d4c9ef984ca9567bb421d9ce05c7a482cf7b95a1a7205aa4490b1ca8c1a009bbb2772ee2141494a57a9e413e1c9251904889cd367afdf6e8cbd74a59aea9711da9f641bc33e51c6f011b518141452f8c478f0f11d05ee9bc8032108283ef75b0e54e53aba48e07024193d157c5e504c02c97bba9632ac086b4bd9831962e47cb772b86a9044cbd18123efbc37a1daff6df68f2c2ee0bd9edc4b75c305f26e9bbe6d36b3f8075ece5872cd74f8e559cc7d9a06d0"}], 0x6d8}, 0x8001) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x400, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb, 0x1, 'erspan\x00'}, {0xfffffffffffffc88, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x0, 0x1, r3}, @IFLA_GRE_ENCAP_SPORT={0x0, 0x10, 0x4e22}]}}}]}, 0x40}}, 0x0) [ 288.601029][ T9053] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 17:07:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_GET_SECCOMP(0x15) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x24050010}, 0x2004088c) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="00000000100000df08000400", @ANYRES32=r3, @ANYBLOB="08001b0000000000"], 0x30}, 0x1, 0x0, 0x0, 0x24040082}, 0x0) sendmsg(r1, &(0x7f00000002c0)={&(0x7f0000000180)=@ipx={0x4, 0xffff, 0x2, "ad99e7ae0207", 0x9a}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000240)="4e126b4e57989d0e3fb52c1c6537ef49459709409eab43c6e6c5737c081b8263ed90c79fbf7f75fa7848dadd9c8a1bdf2b6d6d4572790b279cbb62aa4d3fe5d4916a531bbade2a0c2d0025981d", 0x4d}], 0x1, &(0x7f0000000600)=[{0xb0, 0x114, 0x4, "e43663b4bb328fcf65560cf479eb5ceb490c96087dca9ada5504ace49ebead0cc33903fdb60772241abf0dc960209b276cd9cb5f44a9960e6a65ae98e9997a3c4b18b309505ac8a6f7defd364c98a10fbf546ab511fd3f53c9958e2150e909813b318cd2b51a7ce16a88c5e186c44a33bc86bd3cb73b73ad13682ab1afc95565985e7d0e12599b88f45ea04b3c282e6ed8529ac28e7d521393ea921c"}, {0x20, 0x101, 0xf7, "cd7720c53ef5dc2ab6"}, {0x100, 0x19e, 0x4, "cfee51351ed811916dfd08b81a2debbf7ecfd48c1b20e414ef765cfc197027abf0ab839c3e4ad33bfd7ce36053307e9571bd290ad39c5f41f5f288f3102022f652a819c65d06e9e541284c182140858adb38ceaf716937f7a69104e19e0efb3c503b81d955165026d2f07893984893178b477cedbbb619d1fd96e114a0305bd17931ffbebc84f33f221b86bdd4d5b767675a0acf04ef1a7136212258a3f7aa42ce64d528915d5140d2f292b2a56f402097d57ffaaca374d73511de20f9b8b0c1a20443bfbffc8f10b020dfb17c2e83c5ed4e8146c6f6a8fe37ac5663955d33128eed1c9da77dbf9195b62666bc576c78"}, {0x108, 0x112, 0x1, "5b91598d030def6a4d9cd8d72340679910b09cfa611e63eb53a671b2b22b5f19621acaed1d505d97c65ab0f5a112699a56c764bbcca3b5fc54303525f8d64355c0c1837318a375f1127658e608ad998e909632c64c3e5c8997620cf50f2a83ec6b12ffe7b30292f6bb319c0130d6b72607fe59e6e9d9d9da576005c38496984cfb9f2f53aa3e65cb2c507f2509348cdbc1ee41a056f4ef18dc152245b8894c15d4e6c871baeeca1c163d5ed355707e2b9a0db58f41b7d8d6e1a0c36cb355ecb690505fb1337a23958c876cd1be34e4fe72ffbc21248a8d0249ed56ce66f5bf480a782bb9799c78f79fdc0e6ded86fc6ef8ef05"}, {0x30, 0x102, 0x1ff, "b6070f703d939e056a87c69f5f818d0c0e7a20db8c4a8acb2c22891085eb8c6a"}, {0xb8, 0x110, 0xcbf4, "10ccab568b4939c670eb1f2644adc3898ba586fbd0bbb7e152934d04efe23ff36ff70894b59eae2a3eaa1f577a2525153c88790aac3ab8b61c2daebfb63b1e877d288ca4863feaa632d26783d6528116204d1322206f8192d9845d7695aad8fe82127bac4ed0ade91bfb8ed600ecde67fe2714ced20e6497a89c08df391b0c2bf9b1982df6264efb952799cc87a695cbfb02830c381bb0cc91f35ab037b61392854664492898f3"}, {0xd0, 0x103, 0x6, "cac513132f18f39ebb8cc006724a0d88104506df4ee320e1f683c7a3cc29de24a71ec69ce6afe7ebec536c91782e3b1946b269ad7fb15e2a748564346a1437b69fea2f73d98c4eec8e0fece2859f959bad49cbc50988c8800e1db8c4a3eaf8dfbd220fece87c4c545d08bdcdc16c551e42cbecb827282f79243f718305e78520625299ed43a1bb19a8f8bb2f5249667dd59829a7a69cd61a0881543069ee49e6978ba76f745d3b03ca98c233ccf4947fbaa3da86dc3c2547d6d98d"}, {0x68, 0xff, 0x7fffffff, "5f0c0d052fe6f48c008db7ab01985ba3f332346beb2f2b36aee51dab2dddda518e8ce2ca6989d66c82210a82661f0589a56b4abbb5fa3aaa2bd24203797c43312d8befef026e47ba2f978cb455b3860ce2"}, {0xf8, 0x88, 0x6, "2bce5109d1ebfe0dc02577219a5d50422c7c2b2867c0c1cef330fd2b8427d0d703c85eb22c81bf010cd10628481bb512e9ec95fd17dbeed8fc42b0ec9554e4b7c2f77e83244077adfac7329071f54db51114910504ca995d229ac808c175d54adb5df6bac635e3ac0510e28675922edd73757a8e2b8746ca82cbb53dd6d0961f732eaa385c728c072e962a10fe1592ee16f1a93ace2623f0dc6ff656803905b574963dbd8eb895dbc870ecad12a64b6b88dbdeec27fc7e64882a54fc3014799763e5ba4f77d0a1f1eaa609b6a95e3b8aa3eb18840d23f50fb91deaa0f6ba95442af1e8b1df"}, {0xe8, 0x10c, 0xaec, "27665f2dbc61efdce0d546e244665ec2ba4b2fa9ea96d1bcef772485f2cbdb521d4c9ef984ca9567bb421d9ce05c7a482cf7b95a1a7205aa4490b1ca8c1a009bbb2772ee2141494a57a9e413e1c9251904889cd367afdf6e8cbd74a59aea9711da9f641bc33e51c6f011b518141452f8c478f0f11d05ee9bc8032108283ef75b0e54e53aba48e07024193d157c5e504c02c97bba9632ac086b4bd9831962e47cb772b86a9044cbd18123efbc37a1daff6df68f2c2ee0bd9edc4b75c305f26e9bbe6d36b3f8075ece5872cd74f8e559cc7d9a06d0"}], 0x6d8}, 0x8001) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x400, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb, 0x1, 'erspan\x00'}, {0xfffffffffffffc88, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x0, 0x1, r3}, @IFLA_GRE_ENCAP_SPORT={0x0, 0x10, 0x4e22}]}}}]}, 0x40}}, 0x0) [ 288.824261][ T9057] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 17:07:12 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="dd0000000200002004000401b4"], 0x28) sendmmsg(r0, &(0x7f00000092c0), 0x400000000000064, 0x0) sendfile(r3, r1, &(0x7f00000000c0)=0x6c02, 0x7) [ 289.036401][ C1] ===================================================== [ 289.043386][ C1] BUG: KMSAN: uninit-value in ip6_parse_tlv+0x8b8/0xcb0 [ 289.050326][ C1] CPU: 1 PID: 9061 Comm: syz-executor.0 Not tainted 5.7.0-rc4-syzkaller #0 [ 289.058904][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.069749][ C1] Call Trace: [ 289.073034][ C1] [ 289.075911][ C1] dump_stack+0x1c9/0x220 [ 289.080259][ C1] kmsan_report+0xf7/0x1e0 [ 289.084672][ C1] __msan_warning+0x58/0xa0 [ 289.089187][ C1] ip6_parse_tlv+0x8b8/0xcb0 [ 289.093775][ C1] ipv6_destopt_rcv+0x5bf/0xdd0 [ 289.098625][ C1] ip6_protocol_deliver_rcu+0x181b/0x22c0 [ 289.104348][ C1] ip6_mc_input+0xdf2/0x1460 [ 289.108929][ C1] ? ip6_input+0x340/0x340 [ 289.113332][ C1] ? ip6_input_finish+0xa0/0xa0 [ 289.118164][ C1] ipv6_rcv+0x683/0x710 [ 289.122310][ C1] ? local_bh_enable+0x40/0x40 [ 289.127060][ C1] process_backlog+0xa41/0x1410 [ 289.131897][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 289.137004][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.142191][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 289.147459][ C1] net_rx_action+0x786/0x1aa0 [ 289.152217][ C1] ? net_tx_action+0xc30/0xc30 [ 289.156967][ C1] __do_softirq+0x311/0x83d [ 289.161477][ C1] do_softirq_own_stack+0x49/0x80 [ 289.166477][ C1] [ 289.169423][ C1] do_softirq+0xed/0x150 [ 289.173652][ C1] netif_rx_ni+0x202/0x3b0 [ 289.178055][ C1] dev_loopback_xmit+0x58a/0x630 [ 289.182980][ C1] ip6_finish_output2+0x2332/0x2640 [ 289.188161][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 289.193446][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.198642][ C1] ? validate_xmit_skb+0x1660/0x1660 [ 289.203924][ C1] __ip6_finish_output+0x824/0x8e0 [ 289.209031][ C1] ip6_finish_output+0x166/0x410 [ 289.213962][ C1] ip6_output+0x60a/0x770 [ 289.218304][ C1] ? ip6_output+0x770/0x770 [ 289.222791][ C1] ? ac6_seq_show+0x200/0x200 [ 289.227465][ C1] ip6_local_out+0x164/0x1d0 [ 289.232059][ C1] ip6_push_pending_frames+0x213/0x4f0 [ 289.237508][ C1] rawv6_sendmsg+0x4233/0x5c30 [ 289.242261][ C1] ? balance_callback+0x48/0x270 [ 289.247878][ C1] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 289.254030][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.259210][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 289.265007][ C1] ? udp_cmsg_send+0x5d0/0x5d0 [ 289.269766][ C1] ? compat_rawv6_ioctl+0x100/0x100 [ 289.274954][ C1] inet_sendmsg+0x2d8/0x2e0 [ 289.279445][ C1] ? inet_send_prepare+0x600/0x600 [ 289.284544][ C1] ____sys_sendmsg+0x1056/0x1350 [ 289.289487][ C1] __sys_sendmmsg+0x5fe/0xd60 [ 289.294150][ C1] ? xfrm_add_sa+0x4ea0/0x5ba0 [ 289.298908][ C1] ? kmsan_internal_set_origin+0x75/0xb0 [ 289.304531][ C1] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 289.310517][ C1] ? kmsan_copy_to_user+0x81/0x90 [ 289.315542][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.320722][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.325901][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 289.331692][ C1] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 289.337745][ C1] ? prepare_exit_to_usermode+0x1ca/0x520 [ 289.343455][ C1] __se_sys_sendmmsg+0xbd/0xe0 [ 289.348207][ C1] __x64_sys_sendmmsg+0x56/0x70 [ 289.353041][ C1] do_syscall_64+0xb8/0x160 [ 289.357546][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 289.363432][ C1] RIP: 0033:0x45ca69 [ 289.367318][ C1] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 289.388126][ C1] RSP: 002b:00007f93ec11dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 289.396520][ C1] RAX: ffffffffffffffda RBX: 00000000004fc5c0 RCX: 000000000045ca69 [ 289.404482][ C1] RDX: 0400000000000064 RSI: 00000000200092c0 RDI: 0000000000000003 [ 289.412437][ C1] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 289.420400][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 289.428358][ C1] R13: 00000000000008dd R14: 00000000004cba5f R15: 00007f93ec11e6d4 [ 289.440312][ C1] [ 289.442617][ C1] Uninit was created at: [ 289.446848][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 289.452546][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 289.457206][ C1] __kmalloc_node_track_caller+0xb40/0x1200 [ 289.463082][ C1] __alloc_skb+0x2fd/0xac0 [ 289.467481][ C1] alloc_skb_with_frags+0x18c/0xa70 [ 289.472661][ C1] sock_alloc_send_pskb+0xada/0xc60 [ 289.477863][ C1] sock_alloc_send_skb+0xca/0xe0 [ 289.482792][ C1] __ip6_append_data+0x4784/0x63e0 [ 289.487890][ C1] ip6_append_data+0x3cb/0x660 [ 289.492641][ C1] rawv6_sendmsg+0x32bb/0x5c30 [ 289.497392][ C1] inet_sendmsg+0x2d8/0x2e0 [ 289.501883][ C1] ____sys_sendmsg+0x1056/0x1350 [ 289.506803][ C1] __sys_sendmmsg+0x5fe/0xd60 [ 289.511480][ C1] __se_sys_sendmmsg+0xbd/0xe0 [ 289.516232][ C1] __x64_sys_sendmmsg+0x56/0x70 [ 289.521080][ C1] do_syscall_64+0xb8/0x160 [ 289.525566][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 289.531439][ C1] ===================================================== [ 289.538369][ C1] Disabling lock debugging due to kernel taint [ 289.544520][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 289.551095][ C1] CPU: 1 PID: 9061 Comm: syz-executor.0 Tainted: G B 5.7.0-rc4-syzkaller #0 [ 289.562000][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.572035][ C1] Call Trace: [ 289.575302][ C1] [ 289.578149][ C1] dump_stack+0x1c9/0x220 [ 289.582466][ C1] panic+0x3d5/0xc3e [ 289.589398][ C1] kmsan_report+0x1df/0x1e0 [ 289.593887][ C1] __msan_warning+0x58/0xa0 [ 289.598375][ C1] ip6_parse_tlv+0x8b8/0xcb0 [ 289.602977][ C1] ipv6_destopt_rcv+0x5bf/0xdd0 [ 289.607825][ C1] ip6_protocol_deliver_rcu+0x181b/0x22c0 [ 289.613549][ C1] ip6_mc_input+0xdf2/0x1460 [ 289.618133][ C1] ? ip6_input+0x340/0x340 [ 289.622532][ C1] ? ip6_input_finish+0xa0/0xa0 [ 289.627364][ C1] ipv6_rcv+0x683/0x710 [ 289.631509][ C1] ? local_bh_enable+0x40/0x40 [ 289.636257][ C1] process_backlog+0xa41/0x1410 [ 289.641096][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 289.646206][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.651389][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 289.656658][ C1] net_rx_action+0x786/0x1aa0 [ 289.668271][ C1] ? net_tx_action+0xc30/0xc30 [ 289.673018][ C1] __do_softirq+0x311/0x83d [ 289.677522][ C1] do_softirq_own_stack+0x49/0x80 [ 289.682523][ C1] [ 289.685443][ C1] do_softirq+0xed/0x150 [ 289.689684][ C1] netif_rx_ni+0x202/0x3b0 [ 289.694108][ C1] dev_loopback_xmit+0x58a/0x630 [ 289.699034][ C1] ip6_finish_output2+0x2332/0x2640 [ 289.704221][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 289.709490][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.714701][ C1] ? validate_xmit_skb+0x1660/0x1660 [ 289.719971][ C1] __ip6_finish_output+0x824/0x8e0 [ 289.725078][ C1] ip6_finish_output+0x166/0x410 [ 289.730007][ C1] ip6_output+0x60a/0x770 [ 289.734340][ C1] ? ip6_output+0x770/0x770 [ 289.738826][ C1] ? ac6_seq_show+0x200/0x200 [ 289.750345][ C1] ip6_local_out+0x164/0x1d0 [ 289.754921][ C1] ip6_push_pending_frames+0x213/0x4f0 [ 289.760459][ C1] rawv6_sendmsg+0x4233/0x5c30 [ 289.765212][ C1] ? balance_callback+0x48/0x270 [ 289.770139][ C1] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 289.776295][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.781477][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 289.787275][ C1] ? udp_cmsg_send+0x5d0/0x5d0 [ 289.792123][ C1] ? compat_rawv6_ioctl+0x100/0x100 [ 289.797304][ C1] inet_sendmsg+0x2d8/0x2e0 [ 289.801794][ C1] ? inet_send_prepare+0x600/0x600 [ 289.806890][ C1] ____sys_sendmsg+0x1056/0x1350 [ 289.811824][ C1] __sys_sendmmsg+0x5fe/0xd60 [ 289.816488][ C1] ? xfrm_add_sa+0x4ea0/0x5ba0 [ 289.821245][ C1] ? kmsan_internal_set_origin+0x75/0xb0 [ 289.826875][ C1] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 289.832762][ C1] ? kmsan_copy_to_user+0x81/0x90 [ 289.837767][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.842948][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 289.848477][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 289.854271][ C1] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 289.860321][ C1] ? prepare_exit_to_usermode+0x1ca/0x520 [ 289.866041][ C1] __se_sys_sendmmsg+0xbd/0xe0 [ 289.870796][ C1] __x64_sys_sendmmsg+0x56/0x70 [ 289.875666][ C1] do_syscall_64+0xb8/0x160 [ 289.880160][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 289.886031][ C1] RIP: 0033:0x45ca69 [ 289.889910][ C1] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 289.909495][ C1] RSP: 002b:00007f93ec11dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 289.917887][ C1] RAX: ffffffffffffffda RBX: 00000000004fc5c0 RCX: 000000000045ca69 [ 289.925891][ C1] RDX: 0400000000000064 RSI: 00000000200092c0 RDI: 0000000000000003 [ 289.933843][ C1] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 289.941795][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 289.949748][ C1] R13: 00000000000008dd R14: 00000000004cba5f R15: 00007f93ec11e6d4 [ 289.959031][ C1] Kernel Offset: 0x22200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 289.970663][ C1] Rebooting in 86400 seconds..