INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. 2018/04/07 06:37:06 fuzzer started 2018/04/07 06:37:07 dialing manager at 10.128.0.26:38639 syzkaller login: [ 33.248605] random: crng init done 2018/04/07 06:37:13 kcov=true, comps=false 2018/04/07 06:37:16 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000ff0ffc)=0x8000000000004, 0x9c) r1 = socket$packet(0x11, 0x3, 0x300) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) inotify_init1(0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000ff9ffc)={0x0, 0x8800000006}, 0x4) sendto$inet(r0, &(0x7f0000865000), 0xffe4, 0x0, &(0x7f0000fd9ff0)={0x2, 0x4e20, @rand_addr}, 0x10) 2018/04/07 06:37:16 executing program 1: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x301) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) 2018/04/07 06:37:16 executing program 4: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x7) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) 2018/04/07 06:37:16 executing program 7: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) 2018/04/07 06:37:16 executing program 5: r0 = memfd_create(&(0x7f0000003ffa)='wfgn0', 0x2) fcntl$addseals(r0, 0x409, 0xc) fallocate(r0, 0x3, 0x0, 0x2) 2018/04/07 06:37:16 executing program 6: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x30a) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'ifb0\x00', 0xa201}) 2018/04/07 06:37:16 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00') execveat(r0, &(0x7f0000018ff8)='./file0\x00', &(0x7f00004d9ff8)=[&(0x7f0000018fed)="77f8916e002f766e656d743130"], &(0x7f0000f2c000), 0x0) 2018/04/07 06:37:16 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/protocols\x00') sendfile(r0, r0, &(0x7f0000000040)=0x8000003, 0x400000fc) [ 42.968987] ip (3786) used greatest stack depth: 54440 bytes left [ 43.360265] ip (3821) used greatest stack depth: 54312 bytes left [ 44.459120] ip (3927) used greatest stack depth: 53960 bytes left [ 46.242145] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.289304] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.378200] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.401910] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.419283] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.707855] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.731533] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.742513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.235348] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.259647] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.311777] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.331668] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.509007] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.534017] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.669874] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.745077] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.003469] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.009772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.024398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.059333] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.065614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.075861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.096271] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.105139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.116112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.143649] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.161478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.199675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.327402] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.333732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.346488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.370922] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.386200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.419563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.472297] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.478849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.490545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.644951] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.651268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.662431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 06:37:33 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000004ffb)='task\x00') getdents64(r0, &(0x7f0000271fb8)=""/72, 0x48) exit(0x0) getdents64(r0, &(0x7f0000000040), 0x4dd7) [ 57.372626] IPv4: Oversized IP packet from 127.0.0.1 2018/04/07 06:37:33 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x87) getsockopt(r0, 0x3a, 0x0, &(0x7f0000002340)=""/4096, &(0x7f0000001000)=0x1000) 2018/04/07 06:37:33 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/softnet_stat\x00') perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000010fa0)=[{&(0x7f0000002000)=""/36, 0x24}], 0x1) [ 57.653181] ================================================================== [ 57.660604] BUG: KMSAN: uninit-value in memcmp+0x119/0x180 [ 57.666243] CPU: 0 PID: 1658 Comm: kworker/0:2 Not tainted 4.16.0+ #81 [ 57.672906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.682269] Workqueue: ipv6_addrconf addrconf_dad_work [ 57.687542] Call Trace: [ 57.690136] dump_stack+0x185/0x1d0 [ 57.693765] ? memcmp+0x119/0x180 [ 57.697221] kmsan_report+0x142/0x240 [ 57.701025] __msan_warning_32+0x6c/0xb0 [ 57.705100] memcmp+0x119/0x180 [ 57.708382] __dev_mc_add+0x1c2/0x8e0 [ 57.712187] ? ndisc_mc_map+0x59f/0x8c0 [ 57.716188] dev_mc_add+0x6d/0x80 [ 57.719642] igmp6_group_added+0x2db/0xa00 [ 57.723890] ipv6_dev_mc_inc+0xe9e/0x1130 [ 57.728043] addrconf_dad_work+0x427/0x2150 [ 57.732367] ? ipv6_get_saddr_eval+0x1130/0x1130 [ 57.737120] ? ipv6_get_saddr_eval+0x1130/0x1130 [ 57.741877] process_one_work+0x12c6/0x1f60 [ 57.746204] worker_thread+0x113c/0x24f0 [ 57.750269] ? process_one_work+0x1f60/0x1f60 [ 57.754763] kthread+0x539/0x720 [ 57.758127] ? process_one_work+0x1f60/0x1f60 [ 57.762614] ? kthread_blkcg+0xf0/0xf0 [ 57.766499] ret_from_fork+0x35/0x40 [ 57.770206] [ 57.771820] Local variable description: ----buf@igmp6_group_added [ 57.778036] Variable was created at: [ 57.781749] igmp6_group_added+0x4a/0xa00 [ 57.785891] ipv6_dev_mc_inc+0xe9e/0x1130 [ 57.790024] ================================================================== [ 57.797369] Disabling lock debugging due to kernel taint [ 57.802811] Kernel panic - not syncing: panic_on_warn set ... [ 57.802811] [ 57.810175] CPU: 0 PID: 1658 Comm: kworker/0:2 Tainted: G B 4.16.0+ #81 [ 57.818133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.827493] Workqueue: ipv6_addrconf addrconf_dad_work [ 57.832767] Call Trace: [ 57.835362] dump_stack+0x185/0x1d0 [ 57.839860] panic+0x39d/0x940 [ 57.843069] ? memcmp+0x119/0x180 [ 57.846519] kmsan_report+0x238/0x240 [ 57.850323] __msan_warning_32+0x6c/0xb0 [ 57.854381] memcmp+0x119/0x180 [ 57.857671] __dev_mc_add+0x1c2/0x8e0 [ 57.861475] ? ndisc_mc_map+0x59f/0x8c0 [ 57.865448] dev_mc_add+0x6d/0x80 [ 57.868900] igmp6_group_added+0x2db/0xa00 [ 57.873139] ipv6_dev_mc_inc+0xe9e/0x1130 [ 57.877287] addrconf_dad_work+0x427/0x2150 [ 57.881609] ? ipv6_get_saddr_eval+0x1130/0x1130 [ 57.886366] ? ipv6_get_saddr_eval+0x1130/0x1130 [ 57.891121] process_one_work+0x12c6/0x1f60 [ 57.895453] worker_thread+0x113c/0x24f0 [ 57.899520] ? process_one_work+0x1f60/0x1f60 [ 57.904013] kthread+0x539/0x720 [ 57.907372] ? process_one_work+0x1f60/0x1f60 [ 57.911847] ? kthread_blkcg+0xf0/0xf0 [ 57.915717] ret_from_fork+0x35/0x40 [ 57.919895] Dumping ftrace buffer: [ 57.923417] (ftrace buffer empty) [ 57.927100] Kernel Offset: disabled [ 57.930702] Rebooting in 86400 seconds..