INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. 2018/04/15 00:58:58 fuzzer started 2018/04/15 00:58:58 dialing manager at 10.128.0.26:36243 2018/04/15 00:59:05 kcov=true, comps=false 2018/04/15 00:59:09 executing program 0: r0 = memfd_create(&(0x7f0000000240)='.:\x00', 0x0) pwrite64(r0, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) lseek(r0, 0x0, 0x2) sendfile(r0, r0, &(0x7f0000000000), 0x2) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000004000)='./file0\x00') mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000180)='hugetlbfs\x00', 0x1000, &(0x7f00000001c0)) 2018/04/15 00:59:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000000)='dev ', 0x0) ftruncate(r2, 0x40001) sendfile(r1, r2, &(0x7f0000000080), 0xf5) sendfile(r1, r2, &(0x7f0000001000), 0x400000000fee) recvmmsg(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)=@nfc, 0x0, &(0x7f0000000940)=[{&(0x7f0000000880)=""/123}], 0x0, &(0x7f0000000680)=""/108}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000700)=""/164}], 0x3c3}, 0x3}], 0x1b1, 0x0, 0x0) 2018/04/15 00:59:09 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)) setpgid(0x0, 0x0) 2018/04/15 00:59:09 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000a40)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000800)={&(0x7f0000000940)=@updpolicy={0xe4, 0x19, 0x544ca130021a2065, 0x0, 0x0, {{@in=@multicast2=0xe0000002, @in=@dev={0xac, 0x14, 0x14}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3}, [@etimer_thresh={0x8, 0xc, 0x9}, @proto={0x8, 0x19, 0xff}, @offload={0xc, 0x1c, {0x0, 0x2}}, @etimer_thresh={0x8, 0xc, 0x3}, @output_mark={0x8, 0x1d}]}, 0xe4}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 2018/04/15 00:59:09 executing program 4: syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0xe803, 0x0, 0x0, 0x0, @rand_addr=0xfffffffffffffffc, @remote={0xac, 0x14, 0x14, 0xbb}}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd}, {0x8, 0x88be, 0x0, {{0x0, 0x1}, 0x1}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2}, 0x2}}, {0x8, 0x6558}}}}}}, &(0x7f0000001400)) 2018/04/15 00:59:09 executing program 5: r0 = socket$inet(0x2, 0x3, 0x4) sendmmsg(r0, &(0x7f0000001e80)=[{{&(0x7f0000000000)=@in={0x2}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000340)}}, {{&(0x7f00000002c0)=@in={0x2, 0x0, @broadcast=0xffffffff}, 0x80, &(0x7f0000000600), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1000a65c0696000000000000026c25fe"], 0x10}}], 0x2, 0x0) 2018/04/15 00:59:09 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000ee9ff0)={0x2, 0x4e20}, 0x10) unshare(0x0) 2018/04/15 00:59:09 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() capset(&(0x7f0000000280)={0x20071026, r0}, &(0x7f00000002c0)) syzkaller login: [ 45.608918] ip (3824) used greatest stack depth: 54408 bytes left [ 46.409661] ip (3896) used greatest stack depth: 54200 bytes left [ 46.892680] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.899277] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.931530] device bridge_slave_0 entered promiscuous mode [ 46.981828] ip (3930) used greatest stack depth: 53656 bytes left [ 46.998707] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.005283] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.061260] device bridge_slave_0 entered promiscuous mode [ 47.113339] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.119883] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.155240] device bridge_slave_1 entered promiscuous mode [ 47.165019] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.171590] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.193163] device bridge_slave_0 entered promiscuous mode [ 47.206948] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.213479] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.223752] device bridge_slave_0 entered promiscuous mode [ 47.232161] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.238727] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.250079] device bridge_slave_0 entered promiscuous mode [ 47.267900] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.274432] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.296470] device bridge_slave_1 entered promiscuous mode [ 47.307215] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.315723] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.322255] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.357384] device bridge_slave_0 entered promiscuous mode [ 47.382790] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.389342] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.407170] device bridge_slave_0 entered promiscuous mode [ 47.425839] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.432383] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.457129] device bridge_slave_0 entered promiscuous mode [ 47.480619] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.487150] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.503013] device bridge_slave_1 entered promiscuous mode [ 47.529650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.539514] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.546099] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.555394] device bridge_slave_1 entered promiscuous mode [ 47.566205] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.572710] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.596252] device bridge_slave_1 entered promiscuous mode [ 47.603909] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.610416] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.624544] device bridge_slave_1 entered promiscuous mode [ 47.641352] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.647904] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.680199] device bridge_slave_1 entered promiscuous mode [ 47.696725] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.703248] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.714230] device bridge_slave_1 entered promiscuous mode [ 47.738976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.748394] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.756292] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.766820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.774921] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.812863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.898321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.920538] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.954912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.979087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.988267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.049349] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.132101] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.157092] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.848519] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.872622] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.961263] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.999185] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.045649] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.090764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.098340] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.117986] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.197669] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.205791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.231262] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.257245] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.269947] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.341979] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.409648] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.489147] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.173207] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.192882] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.266371] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.303994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.313985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.396407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.410450] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.424102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.437358] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.471339] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.520724] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.531753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.540439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.635231] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.642455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.655827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.687009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.696880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.706161] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.713392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.723321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.758421] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.765892] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.785851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.807429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.830596] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.840292] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.849668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.871829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.907163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.936779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.961226] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.968432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.976903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.994109] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.002439] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.011347] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.021112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.037197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.061675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.074452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.090271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.098765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.107415] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.119978] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.133483] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.142615] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.151407] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.163532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.205757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.240159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.266815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.292591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.300830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.309091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.317221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.325172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.333364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.356114] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.390500] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.400426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.439679] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.453528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.484134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.487492] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.494115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.501105] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.507650] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.533814] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.545584] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.552207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.559191] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.565697] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.602179] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.610177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.619377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.633424] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.639939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.646791] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.653272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.663200] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.673291] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.679808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.686736] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.693262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.717835] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.727583] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.734121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.741080] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.747555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.756444] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.768856] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.775367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.782346] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.788839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.852949] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.897163] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.903689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.910566] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.917140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.981323] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.170683] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.177212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.184150] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.190625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.223674] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.624586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.640383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.662113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.673592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.687637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.694844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.364448] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.492114] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.639939] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.675932] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.689459] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.754260] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.884348] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.011697] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.166299] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.172615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.182948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.237804] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.244430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.255324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.414395] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.420707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.429493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.518939] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.525659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.539647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.582196] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.588509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.601733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.630479] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.637564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.659779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.696885] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.705971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.750191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.882948] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.889430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.897535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/15 00:59:37 executing program 5: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x3a1}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0xfffffefffffffffe, &(0x7f0000f62fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/15 00:59:37 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000000580)="97", 0x1, 0x0, &(0x7f0000aaa000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/15 00:59:37 executing program 4: request_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a}, &(0x7f0000000280)='id_legacy\x00', 0xffffffffffffffff) 2018/04/15 00:59:37 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00005f5ffd)='io\x00') bind$alg(r0, &(0x7f0000466000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000807000), 0x3f) 2018/04/15 00:59:37 executing program 2: perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x2, 0x22002) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw6\x00') sendfile(r0, r1, &(0x7f00000000c0), 0x7) [ 70.794552] capability: warning: `syz-executor6' uses deprecated v2 capabilities in a way that may be insecure 2018/04/15 00:59:37 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='configfs\x00', 0x0, &(0x7f0000000180)) r0 = open(&(0x7f0000f04ff8)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f00000001c0)='./file0\x00', r0, &(0x7f0000000200)='./file1\x00') [ 70.865367] ================================================================== [ 70.872802] BUG: KMSAN: uninit-value in _copy_to_iter+0x1bb3/0x28f0 [ 70.879213] CPU: 0 PID: 5776 Comm: syz-executor1 Not tainted 4.16.0+ #83 [ 70.886049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.895413] Call Trace: [ 70.898018] dump_stack+0x185/0x1d0 [ 70.901664] ? kmsan_internal_check_memory+0x145/0x1d0 [ 70.906951] kmsan_report+0x142/0x240 2018/04/15 00:59:37 executing program 5: unshare(0x60000000) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000002b80)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000001000010000000000000000e100000000", @ANYBLOB="0000000000000000140003006970365f767469300000000000000000"], 0x2}, 0x1}, 0x0) [ 70.910773] kmsan_internal_check_memory+0x164/0x1d0 [ 70.915979] kmsan_copy_to_user+0x69/0x160 [ 70.920240] ? skb_copy_datagram_iter+0x443/0xf70 [ 70.925095] _copy_to_iter+0x1bb3/0x28f0 [ 70.929168] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 70.934635] ? __skb_try_recv_from_queue+0xc74/0xe80 [ 70.939762] skb_copy_datagram_iter+0x443/0xf70 [ 70.944440] unix_dgram_recvmsg+0xc3f/0x1940 [ 70.948864] unix_seqpacket_recvmsg+0x11a/0x180 [ 70.953549] sock_recvmsg_nosec+0x109/0x140 [ 70.957890] ? unix_seqpacket_sendmsg+0x2d0/0x2d0 [ 70.962758] ___sys_recvmsg+0x3fb/0x810 [ 70.966756] ? __msan_poison_alloca+0x15c/0x1d0 [ 70.971449] ? _cond_resched+0x3c/0xd0 [ 70.975360] ? rcu_all_qs+0x32/0x1f0 [ 70.979093] ? _cond_resched+0x3c/0xd0 [ 70.982997] ? __sys_recvmmsg+0x908/0xdb0 [ 70.987150] ? rcu_all_qs+0x32/0x1f0 [ 70.990868] __sys_recvmmsg+0x54e/0xdb0 [ 70.994864] ? __msan_poison_alloca+0x15c/0x1d0 [ 70.999566] SYSC_recvmmsg+0x212/0x3e0 [ 71.003481] ? SYSC_ioctl+0x233/0x260 [ 71.007335] SyS_recvmmsg+0x76/0xa0 [ 71.010985] do_syscall_64+0x309/0x430 [ 71.014897] ? __sys_recvmmsg+0xdb0/0xdb0 [ 71.019070] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 71.024265] RIP: 0033:0x455319 [ 71.027465] RSP: 002b:00007efe39737c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 71.035186] RAX: ffffffffffffffda RBX: 00007efe397386d4 RCX: 0000000000455319 [ 71.042457] RDX: 00000000000001b1 RSI: 0000000020000800 RDI: 0000000000000013 [ 71.049733] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 71.057018] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 2018/04/15 00:59:38 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f000037c000)="170000001a001bed0000132100f404fffffffffffffff7", 0x17) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000006cc0)=@pppol2tpv3in6, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000006e00)=""/215, 0xd7}}], 0x800000000000135, 0x0, &(0x7f0000000000)={0x0, r1+10000000}) [ 71.064306] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000001 [ 71.071582] [ 71.073206] Uninit was stored to memory at: [ 71.077554] kmsan_internal_chain_origin+0x12b/0x210 [ 71.082668] kmsan_memcpy_origins+0x11d/0x170 [ 71.087183] __msan_memcpy+0x19f/0x1f0 [ 71.091077] _copy_from_iter+0xefb/0x1d40 [ 71.095225] skb_copy_datagram_from_iter+0x1ff/0xcc0 [ 71.100330] unix_dgram_sendmsg+0xdce/0x3610 [ 71.104746] unix_seqpacket_sendmsg+0x262/0x2d0 [ 71.109431] kernel_sendmsg+0x228/0x2d0 [ 71.113419] sock_no_sendpage+0x1c8/0x250 [ 71.117581] sock_sendpage+0x1de/0x2c0 [ 71.121486] pipe_to_sendpage+0x31b/0x430 [ 71.125741] __splice_from_pipe+0x49a/0xf30 [ 71.130099] generic_splice_sendpage+0x1c6/0x2a0 [ 71.134888] direct_splice_actor+0x19b/0x200 [ 71.139304] splice_direct_to_actor+0x764/0x1040 [ 71.144064] do_splice_direct+0x335/0x540 [ 71.148221] do_sendfile+0x1067/0x1e40 [ 71.152106] SYSC_sendfile64+0x1b3/0x300 [ 71.156159] SyS_sendfile64+0x64/0x90 [ 71.159966] do_syscall_64+0x309/0x430 [ 71.163860] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 71.169036] Uninit was created at: [ 71.172573] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 71.177589] kmsan_alloc_page+0x82/0xe0 [ 71.181569] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 71.186334] alloc_pages_vma+0xcc8/0x1800 [ 71.190493] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 71.195507] shmem_getpage_gfp+0x35db/0x5770 [ 71.199909] shmem_file_read_iter+0x508/0x1180 [ 71.204501] generic_file_splice_read+0x4e8/0x830 [ 71.209344] splice_direct_to_actor+0x4c6/0x1040 [ 71.214099] do_splice_direct+0x335/0x540 [ 71.218253] do_sendfile+0x1067/0x1e40 [ 71.222153] SYSC_sendfile64+0x1b3/0x300 [ 71.226227] SyS_sendfile64+0x64/0x90 [ 71.230032] do_syscall_64+0x309/0x430 [ 71.233935] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 71.239124] [ 71.240755] Bytes 0-962 of 963 are uninitialized [ 71.245510] ================================================================== [ 71.252872] Disabling lock debugging due to kernel taint [ 71.258333] Kernel panic - not syncing: panic_on_warn set ... [ 71.258333] [ 71.265722] CPU: 0 PID: 5776 Comm: syz-executor1 Tainted: G B 4.16.0+ #83 [ 71.273874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.283241] Call Trace: [ 71.285855] dump_stack+0x185/0x1d0 [ 71.289505] panic+0x39d/0x940 [ 71.292743] ? kmsan_internal_check_memory+0x145/0x1d0 [ 71.298039] kmsan_report+0x238/0x240 [ 71.301859] kmsan_internal_check_memory+0x164/0x1d0 [ 71.306977] kmsan_copy_to_user+0x69/0x160 [ 71.311225] ? skb_copy_datagram_iter+0x443/0xf70 [ 71.316078] _copy_to_iter+0x1bb3/0x28f0 [ 71.320158] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 71.325632] ? __skb_try_recv_from_queue+0xc74/0xe80 [ 71.330770] skb_copy_datagram_iter+0x443/0xf70 [ 71.335468] unix_dgram_recvmsg+0xc3f/0x1940 [ 71.339903] unix_seqpacket_recvmsg+0x11a/0x180 [ 71.344590] sock_recvmsg_nosec+0x109/0x140 [ 71.348929] ? unix_seqpacket_sendmsg+0x2d0/0x2d0 [ 71.353793] ___sys_recvmsg+0x3fb/0x810 [ 71.357794] ? __msan_poison_alloca+0x15c/0x1d0 [ 71.362486] ? _cond_resched+0x3c/0xd0 [ 71.366396] ? rcu_all_qs+0x32/0x1f0 [ 71.370130] ? _cond_resched+0x3c/0xd0 [ 71.374042] ? __sys_recvmmsg+0x908/0xdb0 [ 71.378214] ? rcu_all_qs+0x32/0x1f0 [ 71.381952] __sys_recvmmsg+0x54e/0xdb0 [ 71.385954] ? __msan_poison_alloca+0x15c/0x1d0 [ 71.390653] SYSC_recvmmsg+0x212/0x3e0 [ 71.394566] ? SYSC_ioctl+0x233/0x260 [ 71.398403] SyS_recvmmsg+0x76/0xa0 [ 71.402055] do_syscall_64+0x309/0x430 [ 71.405970] ? __sys_recvmmsg+0xdb0/0xdb0 [ 71.410141] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 71.415394] RIP: 0033:0x455319 [ 71.415402] RSP: 002b:00007efe39737c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 71.415434] RAX: ffffffffffffffda RBX: 00007efe397386d4 RCX: 0000000000455319 [ 71.433613] RDX: 00000000000001b1 RSI: 0000000020000800 RDI: 0000000000000013 [ 71.433621] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 71.433627] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 71.433634] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000001 [ 71.441492] Dumping ftrace buffer: [ 71.441497] (ftrace buffer empty) [ 71.441501] Kernel Offset: disabled [ 71.474055] Rebooting in 86400 seconds..