INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. 2018/04/07 06:06:21 fuzzer started 2018/04/07 06:06:22 dialing manager at 10.128.0.26:38639 2018/04/07 06:06:28 kcov=true, comps=false 2018/04/07 06:06:31 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0x2bf90000, 0x4) 2018/04/07 06:06:31 executing program 2: r0 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x101}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000000)) 2018/04/07 06:06:31 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a}, &(0x7f0000000400)='V', 0x1, 0xffffffffffffffff) keyctl$setperm(0x5, r0, 0x100) r1 = socket(0x40000000015, 0x5, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setreuid(0x0, r2) keyctl$setperm(0x11, r0, 0x0) 2018/04/07 06:06:31 executing program 1: pipe(&(0x7f00005db000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00005e2000)=[{&(0x7f00002ef000)="f8", 0x1}], 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000001000)) vmsplice(r1, &(0x7f00005d8000)=[{&(0x7f000021efe9)='3', 0x1}], 0x1, 0x0) 2018/04/07 06:06:31 executing program 4: r0 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000380)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0) add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a}, 0x0, 0x0, r1) keyctl$link(0x8, r1, r0) 2018/04/07 06:06:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f000000d379)={&(0x7f0000013db4)={0x2c, 0x20, 0x2ff, 0x0, 0x0, {0xa}, [@typed={0xc, 0x0, @u32}, @typed={0xc, 0x11, @fd}]}, 0x2c}, 0x1}, 0x0) 2018/04/07 06:06:31 executing program 5: r0 = socket$inet(0x2, 0x5, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x84, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x3) 2018/04/07 06:06:31 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000500)={&(0x7f00000002c0)={0x10}, 0xc, &(0x7f00000004c0)={&(0x7f0000000bc0)={0x24, r1, 0x421, 0x0, 0x0, {0xc}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4}]}, 0x24}, 0x1}, 0x0) syzkaller login: [ 41.397217] ip (3734) used greatest stack depth: 54688 bytes left [ 41.830623] ip (3776) used greatest stack depth: 54672 bytes left [ 42.536553] ip (3844) used greatest stack depth: 54200 bytes left [ 43.672628] ip (3949) used greatest stack depth: 54160 bytes left [ 44.780761] ip (4044) used greatest stack depth: 53976 bytes left [ 45.059339] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.168094] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.213277] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.419253] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.492813] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.520557] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.530265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.575999] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.768856] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.999818] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.176265] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.236310] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.460569] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.513443] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.519737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.528676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.567321] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.606836] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.620239] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.771412] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.777923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.788587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.018117] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.024646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.036852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.063115] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.077633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.086706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.288222] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.294489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.302443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.336484] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.351559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.364572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.432819] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.439131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.449714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.527136] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.534142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.545799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 06:06:48 executing program 1: capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)) r0 = semget$private(0x0, 0x4, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000)) 2018/04/07 06:06:48 executing program 3: r0 = socket$inet(0x10, 0x3, 0x4) sendmsg(r0, &(0x7f0000014000)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6002700000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) 2018/04/07 06:06:48 executing program 7: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x401) 2018/04/07 06:06:48 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000000)) 2018/04/07 06:06:48 executing program 5: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) pwrite64(r0, &(0x7f0000000040)='9', 0x1, 0x0) 2018/04/07 06:06:48 executing program 2: r0 = open(&(0x7f000084aff8)='./file0\x00', 0x400000000060842, 0x0) fsetxattr(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="757365722e098581d808017fc7ba6d65c66c993c5e3d1fe38a4a798ac6d93638053440d15dfa295b4e5f8f107ec0aaf63385"], &(0x7f00009cc000)='GPLbdev{nodevem1@\x00', 0x12, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) flistxattr(r1, &(0x7f0000429fce)=""/50, 0x32) 2018/04/07 06:06:48 executing program 4: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x0) 2018/04/07 06:06:48 executing program 6: add_key(&(0x7f0000000200)='asymmetric\x00', &(0x7f0000000240)={0x73, 0x79, 0x7a}, &(0x7f0000000280)='?O', 0x2, 0xffffffffffffffff) 2018/04/07 06:06:48 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000eeaff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCCBRK(r0, 0x5428) [ 56.776612] capability: warning: `syz-executor1' uses 32-bit capabilities (legacy support in use) 2018/04/07 06:06:48 executing program 5: r0 = signalfd(0xffffffffffffffff, &(0x7f00007d0ff8), 0x8) r1 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000e80ff4)) signalfd(r0, &(0x7f0000e82000), 0x8) 2018/04/07 06:06:48 executing program 4: r0 = eventfd2(0x0, 0x0) r1 = epoll_create1(0x0) r2 = dup2(r0, r1) read$eventfd(r2, &(0x7f00007b0ff8), 0x8) read$eventfd(r0, &(0x7f0000000280), 0x8) write$eventfd(r2, &(0x7f000068f000)=0xec, 0x8) 2018/04/07 06:06:48 executing program 3: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000b90ffc), 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00007a2000)=[@in6={0xa}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000080)={0x0, 0x15c, "ea172adaeb01f7ffffff000000c55bd0d6725d24d6567607f8d8669305b91afaaff2d8d48fec8f362a42147d1cdddcdff50f66e1e0922bd46c4d598a13b77116816ac7e89fab99a4198b917ab484cb59c4fae63c118bd24b53021bacc1b122b7482ca8504980a3f92077431313bbb98553df134a9aadd637a94be45e8f8c107c449a16f0f73519748a6f36b2259ff76251c22f6966e211cf1a9244f8dfb989c2186fb8eee5e921d97fc50b3d878f684daae55661318a6787570b40f683c00ea0000000000000000020e919f4d85f6ce5a0699ef55fc2f2b9cfc91491eb39700331e26d53eedbeac08cfbb9782622309c2ed3de99447694dad5a1d67f603e24fbe3daf0b12206d0b6e1512952c890a8b16619f81de9e07ddb8e0146cac7ca1d1443925041e88a5782bd56c2b7acb38c9150636c759926e8a2c1cd8a36a9cdf7f7787e11b191c739da7859a31fbb5b3b9c2429400cd73c39348049d8b5"}, &(0x7f0000000040)=0x164) 2018/04/07 06:06:48 executing program 7: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x26, &(0x7f00003efff0)={0x0, 0x0, 0x7ffffff7}) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0) read(r2, &(0x7f0000deefe7)=""/128, 0x80) 2018/04/07 06:06:48 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000000c0)='cgroup.procs\x00', 0x2, 0x0) fchmod(r1, 0x0) 2018/04/07 06:06:48 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='loginuid\x00') pread64(r0, &(0x7f00000001c0)=""/4096, 0x1000, 0xfffffe) 2018/04/07 06:06:49 executing program 1: capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)) r0 = semget$private(0x0, 0x4, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000)) 2018/04/07 06:06:49 executing program 5: r0 = signalfd(0xffffffffffffffff, &(0x7f00007d0ff8), 0x8) r1 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000e80ff4)) signalfd(r0, &(0x7f0000e82000), 0x8) 2018/04/07 06:06:49 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000240)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)=@ipv6_newroute={0x1c, 0x18, 0x7de1124c6ffd611d, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}, 0x1}, 0x0) 2018/04/07 06:06:49 executing program 3: r0 = syz_open_dev$tun(&(0x7f00000004c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syz+aller0\x00', 0xfffffffffffffffe}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x7) close(r0) 2018/04/07 06:06:49 executing program 0: futex(&(0x7f0000000ffc), 0x85, 0x0, &(0x7f0000003ff0), &(0x7f0000000000), 0x193d584e) 2018/04/07 06:06:49 executing program 7: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xca9000)=nil, 0xca9000, 0x5, 0x10, 0xffffffffffffffff, 0x0) ptrace(0x4207, r1) ptrace$getenv(0x4201, r1, 0x0, &(0x7f00000001c0)) 2018/04/07 06:06:49 executing program 2: timer_create(0x9, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000080)}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) timer_settime(0x0, 0x1, &(0x7f0000000080)={{}, {0x0, 0x1c9c380}}, &(0x7f00000000c0)) 2018/04/07 06:06:49 executing program 1: capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)) r0 = semget$private(0x0, 0x4, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000)) 2018/04/07 06:06:49 executing program 5: move_pages(0x0, 0x7, &(0x7f0000000040)=[&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil], &(0x7f0000000080), &(0x7f00000000c0), 0x0) kexec_load(0x0, 0x2, &(0x7f0000000040), 0x0) 2018/04/07 06:06:49 executing program 4: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1) faccessat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x5, 0x0) [ 58.013432] IPv6: NLM_F_REPLACE set, but no existing node found! 2018/04/07 06:06:50 executing program 0: capset(&(0x7f00003d8ff8)={0x19980330}, &(0x7f00006fafe8)) r0 = socket(0xa, 0x5, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000180)={'IDLETIMER\x00'}, &(0x7f00000001c0)=0x1e) 2018/04/07 06:06:50 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x8000000000002c) connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c) sendmsg(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0), 0x1, &(0x7f0000026000)}, 0x2000c080) writev(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\a', 0x8}], 0x1) 2018/04/07 06:06:50 executing program 2: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f0000000080)='./control\x00', &(0x7f0000000100)='./control\x00', &(0x7f0000000000)='devtmpfs\x00', 0x0, &(0x7f0000000140)) [ 58.230378] ================================================================== [ 58.237797] BUG: KMSAN: uninit-value in ipv6_frag_rcv+0xfa5/0x6970 [ 58.244116] CPU: 1 PID: 5173 Comm: syz-executor3 Not tainted 4.16.0+ #81 [ 58.250950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.260299] Call Trace: [ 58.262879] [ 58.265037] dump_stack+0x185/0x1d0 [ 58.268669] ? ipv6_frag_rcv+0xfa5/0x6970 [ 58.272811] kmsan_report+0x142/0x240 [ 58.276614] __msan_warning_32+0x6c/0xb0 [ 58.280676] ipv6_frag_rcv+0xfa5/0x6970 [ 58.284653] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.290031] ? ipv6_frag_exit+0x90/0x90 [ 58.294011] ip6_input_finish+0xa62/0x2110 [ 58.298254] ? ip6table_filter_hook+0xb5/0xe0 [ 58.302750] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 58.308114] ip6_input+0x294/0x320 [ 58.311652] ? ip6_input+0x320/0x320 [ 58.315365] ? ipv6_rcv+0x26d0/0x26d0 [ 58.319164] ipv6_rcv+0x20ec/0x26d0 [ 58.322802] ? local_bh_enable+0x40/0x40 [ 58.326870] __netif_receive_skb_core+0x47cf/0x4a80 [ 58.331889] ? kmsan_set_origin_inline+0x6b/0x120 [ 58.336731] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 58.342534] ? radeon_atom_encoder_disable+0xb1a/0xb70 [ 58.347812] ? ip6_rcv_finish+0x4d0/0x4d0 [ 58.351956] process_backlog+0x62d/0xe20 [ 58.356023] ? rps_trigger_softirq+0x2f0/0x2f0 [ 58.360600] net_rx_action+0x7c1/0x1a70 [ 58.364577] ? net_tx_action+0xab0/0xab0 [ 58.368642] __do_softirq+0x56d/0x93d [ 58.372450] do_softirq_own_stack+0x2a/0x40 [ 58.376759] [ 58.379004] __local_bh_enable_ip+0x114/0x140 [ 58.383503] local_bh_enable+0x36/0x40 [ 58.387390] ip6_finish_output2+0x1b6c/0x1f20 [ 58.391901] ip6_finish_output+0xb3f/0xc00 [ 58.396141] ip6_output+0x597/0x6c0 [ 58.399765] ? ip6_output+0x6c0/0x6c0 [ 58.403569] ? ac6_seq_show+0x200/0x200 [ 58.407552] ip6_local_out+0x573/0x640 [ 58.411442] ? __ip6_local_out+0x4f0/0x4f0 [ 58.415684] ip6_push_pending_frames+0x218/0x4d0 [ 58.420434] rawv6_sendmsg+0x4500/0x4cc0 [ 58.424479] ? kmsan_set_origin_inline+0x6b/0x120 [ 58.429304] ? futex_wait_queue_me+0x4ba/0x710 [ 58.433865] ? futex_wait_queue_me+0x4ee/0x710 [ 58.438462] ? compat_rawv6_ioctl+0x30/0x30 [ 58.442765] inet_sendmsg+0x48d/0x740 [ 58.446547] ? security_socket_sendmsg+0x9e/0x210 [ 58.451382] ? inet_getname+0x500/0x500 [ 58.455341] sock_write_iter+0x3b9/0x470 [ 58.459386] ? sock_read_iter+0x480/0x480 [ 58.463512] do_iter_readv_writev+0x7bb/0x970 [ 58.467991] ? sock_read_iter+0x480/0x480 [ 58.472137] do_iter_write+0x30d/0xd40 [ 58.476067] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.481510] do_writev+0x3c9/0x830 [ 58.485050] ? syscall_return_slowpath+0xe9/0x700 [ 58.489881] SYSC_writev+0x9b/0xb0 [ 58.493409] SyS_writev+0x56/0x80 [ 58.496843] do_syscall_64+0x309/0x430 [ 58.500708] ? SYSC_readv+0xb0/0xb0 [ 58.504316] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.509482] RIP: 0033:0x455259 [ 58.512648] RSP: 002b:00007f886d9c1c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 58.520334] RAX: ffffffffffffffda RBX: 00007f886d9c26d4 RCX: 0000000000455259 [ 58.527582] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000013 [ 58.534830] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.542080] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.549344] R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000 [ 58.556596] [ 58.558199] Uninit was stored to memory at: [ 58.562510] kmsan_internal_chain_origin+0x12b/0x210 [ 58.567602] kmsan_memcpy_origins+0x11d/0x170 [ 58.572089] __msan_memcpy+0x19f/0x1f0 [ 58.575964] skb_copy_bits+0x63a/0xdb0 [ 58.579831] __pskb_pull_tail+0x483/0x22e0 [ 58.584054] ipv6_frag_rcv+0x1894/0x6970 [ 58.588107] ip6_input_finish+0xa62/0x2110 [ 58.592319] ip6_input+0x294/0x320 [ 58.595835] ipv6_rcv+0x20ec/0x26d0 [ 58.599441] __netif_receive_skb_core+0x47cf/0x4a80 [ 58.604434] process_backlog+0x62d/0xe20 [ 58.608472] net_rx_action+0x7c1/0x1a70 [ 58.612427] __do_softirq+0x56d/0x93d [ 58.616202] Uninit was created at: [ 58.619720] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 58.624713] kmsan_alloc_page+0x82/0xe0 [ 58.628665] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 58.633399] alloc_pages_current+0x6b5/0x970 [ 58.637796] skb_page_frag_refill+0x3ba/0x5e0 [ 58.642273] sk_page_frag_refill+0xa4/0x340 [ 58.646573] __ip6_append_data+0x1a20/0x4bb0 [ 58.650957] ip6_append_data+0x40e/0x6b0 [ 58.654992] rawv6_sendmsg+0x2787/0x4cc0 [ 58.659047] inet_sendmsg+0x48d/0x740 [ 58.662834] sock_write_iter+0x3b9/0x470 [ 58.666882] do_iter_readv_writev+0x7bb/0x970 [ 58.671354] do_iter_write+0x30d/0xd40 [ 58.675217] do_writev+0x3c9/0x830 [ 58.678735] SYSC_writev+0x9b/0xb0 [ 58.682253] SyS_writev+0x56/0x80 [ 58.685680] do_syscall_64+0x309/0x430 [ 58.689553] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.694719] ================================================================== [ 58.702052] Disabling lock debugging due to kernel taint [ 58.707484] Kernel panic - not syncing: panic_on_warn set ... [ 58.707484] [ 58.714826] CPU: 1 PID: 5173 Comm: syz-executor3 Tainted: G B 4.16.0+ #81 [ 58.722942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.732277] Call Trace: [ 58.734840] [ 58.736986] dump_stack+0x185/0x1d0 [ 58.740625] panic+0x39d/0x940 [ 58.743818] ? ipv6_frag_rcv+0xfa5/0x6970 [ 58.747948] kmsan_report+0x238/0x240 [ 58.751731] __msan_warning_32+0x6c/0xb0 [ 58.755778] ipv6_frag_rcv+0xfa5/0x6970 [ 58.759734] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.765091] ? ipv6_frag_exit+0x90/0x90 [ 58.769055] ip6_input_finish+0xa62/0x2110 [ 58.773295] ? ip6table_filter_hook+0xb5/0xe0 [ 58.777772] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 58.783131] ip6_input+0x294/0x320 [ 58.786654] ? ip6_input+0x320/0x320 [ 58.790347] ? ipv6_rcv+0x26d0/0x26d0 [ 58.794125] ipv6_rcv+0x20ec/0x26d0 [ 58.797729] ? local_bh_enable+0x40/0x40 [ 58.801773] __netif_receive_skb_core+0x47cf/0x4a80 [ 58.806771] ? kmsan_set_origin_inline+0x6b/0x120 [ 58.811607] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 58.817388] ? radeon_atom_encoder_disable+0xb1a/0xb70 [ 58.822644] ? ip6_rcv_finish+0x4d0/0x4d0 [ 58.826770] process_backlog+0x62d/0xe20 [ 58.830812] ? rps_trigger_softirq+0x2f0/0x2f0 [ 58.835373] net_rx_action+0x7c1/0x1a70 [ 58.839340] ? net_tx_action+0xab0/0xab0 [ 58.843392] __do_softirq+0x56d/0x93d [ 58.847183] do_softirq_own_stack+0x2a/0x40 [ 58.851476] [ 58.853703] __local_bh_enable_ip+0x114/0x140 [ 58.858176] local_bh_enable+0x36/0x40 [ 58.862055] ip6_finish_output2+0x1b6c/0x1f20 [ 58.866539] ip6_finish_output+0xb3f/0xc00 [ 58.870766] ip6_output+0x597/0x6c0 [ 58.874371] ? ip6_output+0x6c0/0x6c0 [ 58.878152] ? ac6_seq_show+0x200/0x200 [ 58.882104] ip6_local_out+0x573/0x640 [ 58.885968] ? __ip6_local_out+0x4f0/0x4f0 [ 58.890198] ip6_push_pending_frames+0x218/0x4d0 [ 58.894951] rawv6_sendmsg+0x4500/0x4cc0 [ 58.899015] ? kmsan_set_origin_inline+0x6b/0x120 [ 58.903849] ? futex_wait_queue_me+0x4ba/0x710 [ 58.908412] ? futex_wait_queue_me+0x4ee/0x710 [ 58.912977] ? compat_rawv6_ioctl+0x30/0x30 [ 58.917295] inet_sendmsg+0x48d/0x740 [ 58.921076] ? security_socket_sendmsg+0x9e/0x210 [ 58.925896] ? inet_getname+0x500/0x500 [ 58.929849] sock_write_iter+0x3b9/0x470 [ 58.933891] ? sock_read_iter+0x480/0x480 [ 58.938023] do_iter_readv_writev+0x7bb/0x970 [ 58.942508] ? sock_read_iter+0x480/0x480 [ 58.946634] do_iter_write+0x30d/0xd40 [ 58.950502] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 58.956031] do_writev+0x3c9/0x830 [ 58.959561] ? syscall_return_slowpath+0xe9/0x700 [ 58.964383] SYSC_writev+0x9b/0xb0 [ 58.967902] SyS_writev+0x56/0x80 [ 58.971336] do_syscall_64+0x309/0x430 [ 58.975201] ? SYSC_readv+0xb0/0xb0 [ 58.978805] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.983976] RIP: 0033:0x455259 [ 58.987144] RSP: 002b:00007f886d9c1c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 58.994828] RAX: ffffffffffffffda RBX: 00007f886d9c26d4 RCX: 0000000000455259 [ 59.002079] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000013 [ 59.009328] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 59.016574] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.023828] R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000 [ 59.031499] Dumping ftrace buffer: [ 59.035020] (ftrace buffer empty) [ 59.038703] Kernel Offset: disabled [ 59.042300] Rebooting in 86400 seconds..