[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 32.890530] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.740633] random: sshd: uninitialized urandom read (32 bytes read) [ 37.003891] random: sshd: uninitialized urandom read (32 bytes read) [ 38.615106] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts. [ 44.151457] random: sshd: uninitialized urandom read (32 bytes read) 2018/07/10 02:59:58 fuzzer started [ 45.497606] random: cc1: uninitialized urandom read (8 bytes read) 2018/07/10 03:00:00 dialing manager at 10.128.0.26:42717 2018/07/10 03:00:02 syscalls: 1589 2018/07/10 03:00:02 code coverage: enabled 2018/07/10 03:00:02 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: errno 524 2018/07/10 03:00:02 setuid sandbox: enabled 2018/07/10 03:00:02 namespace sandbox: enabled 2018/07/10 03:00:02 fault injection: enabled 2018/07/10 03:00:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/07/10 03:00:02 net packed injection: enabled [ 51.929157] random: crng init done 03:01:25 executing program 7: syz_fuseblk_mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 03:01:25 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) syncfs(r1) 03:01:25 executing program 1: syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [{[], {0x8100}}], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x0, 0x0, @dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x2c00, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 03:01:25 executing program 2: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, &(0x7f0000000200)=ANY=[]) mkdir(&(0x7f0000000200)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='bpf\x00', 0x100000, &(0x7f0000000340)) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000001900)=ANY=[]) mount$bpf(0x0, &(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000400)='bpf\x00', 0x80000, &(0x7f0000000440)) mount$bpf(0x20000000, &(0x7f00000001c0)='./file0\x00', &(0x7f0000001a00)='bpf\x00', 0x2001001, &(0x7f0000000580)=ANY=[]) mount$bpf(0x0, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)='bpf\x00', 0x0, &(0x7f00000000c0)) 03:01:25 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000001800010100000000000000000200000000000001006fe3f1ef6222497000000008000500ac1414007640aea47119f38b18cf00c9796e8c5cdbaee82de76d4e7492c7be5a82e8182b08324033231ce6c3f6065693f5e82d36fa942e178ccf05a8f20f01f37f3be6ab82a372eb33d50984342641dfccd2"], 0x1}, 0x1}, 0x0) 03:01:25 executing program 4: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, &(0x7f0000000200)=ANY=[]) mkdir(&(0x7f0000000200)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='bpf\x00', 0x100000, &(0x7f0000000340)) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000001900)=ANY=[]) mount$bpf(0x0, &(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000400)='bpf\x00', 0x80000, &(0x7f0000000440)) mount$bpf(0x20000000, &(0x7f00000001c0)='./file0\x00', &(0x7f0000001a00)='bpf\x00', 0x2001001, &(0x7f0000000580)=ANY=[]) 03:01:25 executing program 5: fstatfs(0xffffffffffffffff, &(0x7f00000000c0)=""/111) r0 = epoll_create1(0x0) fstatfs(r0, &(0x7f0000000040)=""/53) 03:01:25 executing program 6: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x2}, 0x1c) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="2c0000000000000000000004000000002c00000600c374063a2c"], 0x1a) [ 132.920774] IPVS: ftp: loaded support on port[0] = 21 [ 132.921739] IPVS: ftp: loaded support on port[0] = 21 [ 132.990404] IPVS: ftp: loaded support on port[0] = 21 [ 133.013680] IPVS: ftp: loaded support on port[0] = 21 [ 133.064960] IPVS: ftp: loaded support on port[0] = 21 [ 133.077070] IPVS: ftp: loaded support on port[0] = 21 [ 133.077896] IPVS: ftp: loaded support on port[0] = 21 [ 133.113795] IPVS: ftp: loaded support on port[0] = 21 [ 137.087154] ip (4862) used greatest stack depth: 53504 bytes left [ 137.348098] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.354845] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.384669] device bridge_slave_0 entered promiscuous mode [ 137.445607] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.452115] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.485319] device bridge_slave_0 entered promiscuous mode [ 137.546853] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.553364] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.583674] device bridge_slave_0 entered promiscuous mode [ 137.625417] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.631908] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.672436] device bridge_slave_0 entered promiscuous mode [ 137.686430] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.692899] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.729885] device bridge_slave_1 entered promiscuous mode [ 137.757637] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.764212] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.790346] device bridge_slave_0 entered promiscuous mode [ 137.799425] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.805876] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.834370] device bridge_slave_1 entered promiscuous mode [ 137.851260] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.857759] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.886786] device bridge_slave_0 entered promiscuous mode [ 137.901233] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.907746] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.916619] device bridge_slave_0 entered promiscuous mode [ 137.932157] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.938645] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.951192] device bridge_slave_0 entered promiscuous mode [ 137.967640] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.974205] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.001782] device bridge_slave_1 entered promiscuous mode [ 138.017474] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.023957] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.058741] device bridge_slave_1 entered promiscuous mode [ 138.076593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.084705] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.091140] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.099860] device bridge_slave_1 entered promiscuous mode [ 138.127464] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.135544] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.142092] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.187677] device bridge_slave_1 entered promiscuous mode [ 138.206509] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.213093] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.250939] device bridge_slave_1 entered promiscuous mode [ 138.272338] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.278841] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.291313] device bridge_slave_1 entered promiscuous mode [ 138.327541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.335451] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.344709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.352782] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.361154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.473949] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.528905] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.586176] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.640344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.648181] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.655755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.741194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.831782] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.891996] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 139.057601] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.218215] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.379893] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.414579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.465985] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.524400] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.557447] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.624985] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.672313] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.683695] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.710357] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 139.717409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 139.740152] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.761124] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 139.768831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 139.786848] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.831351] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.926317] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.979528] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 139.989830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.025501] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 140.036570] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.045629] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 140.054224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.089863] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.097889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.123483] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.136304] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.145847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.193240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.229384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.236785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.308839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.315870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.359704] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.366793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.380963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.393617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.440160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.447694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.507392] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.514643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.534891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.565136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.609778] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.617409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.702387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.709439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.841953] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 140.871269] team0: Port device team_slave_0 added [ 141.074221] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.113882] team0: Port device team_slave_0 added [ 141.204964] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.227275] team0: Port device team_slave_1 added [ 141.256970] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.281114] team0: Port device team_slave_0 added [ 141.299911] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.316995] team0: Port device team_slave_0 added [ 141.349354] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.373115] team0: Port device team_slave_0 added [ 141.396413] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.414193] team0: Port device team_slave_1 added [ 141.446503] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.485343] team0: Port device team_slave_0 added [ 141.527624] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.539308] team0: Port device team_slave_0 added [ 141.577199] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.600617] team0: Port device team_slave_1 added [ 141.623090] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 141.630242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.644724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.665060] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.698671] team0: Port device team_slave_1 added [ 141.711312] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.720406] team0: Port device team_slave_1 added [ 141.748015] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.769536] team0: Port device team_slave_0 added [ 141.780892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.801855] team0: Port device team_slave_1 added [ 141.810163] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.825380] team0: Port device team_slave_1 added [ 141.833722] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 141.847152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.866517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.907711] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 141.917970] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 141.926469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 141.959818] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 141.997714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.023405] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.063235] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 142.074425] team0: Port device team_slave_1 added [ 142.081848] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.089645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.103702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.125289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.147100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.165249] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.187449] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.196425] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.207148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.234330] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.255422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.271350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.296632] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.317841] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 142.330232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.342598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.358905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.374801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.392714] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.400386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.407347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.417226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.450467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.468841] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.486114] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.493567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.526308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.541916] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.560662] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 142.568529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.589445] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.610918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.628101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 142.650390] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 142.658942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.681406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.695957] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.703487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.715776] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.748012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.764346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 142.777143] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 142.785306] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.795792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.832694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.861656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.890394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.927964] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.954323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 142.970240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.978650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.987176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 142.994846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.003842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.033112] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 143.040533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.054210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.075795] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 143.087386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.115064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.142140] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.150212] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 143.158358] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 143.165913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.204374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.232759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.268246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.292987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.311372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.351805] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.363948] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.372352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.379742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.436854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.455690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.487134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.501899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.510866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.566351] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.580362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.599348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.628885] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.636893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.669720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 145.922241] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.928734] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.935651] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.942121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.001215] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 146.008203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 146.058515] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.065086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.071930] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.078479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.181568] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 146.287914] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.294438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.301317] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.307764] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.385990] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 146.421248] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.427745] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.434562] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.441010] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.480209] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 146.489329] ip (5358) used greatest stack depth: 53216 bytes left [ 146.490778] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.502152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.509055] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.515511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.524522] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 146.554680] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.561171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.568078] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.574522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.648871] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 146.779678] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.786506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.793366] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.799819] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.871542] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 146.889650] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.896174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.903061] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.909520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.932541] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 147.039655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 147.055985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 147.096715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 147.130978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 147.149455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 147.161920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 147.170934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.293365] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.759176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.943110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.981256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.026971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.056224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.137269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.202779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.333158] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 158.951597] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 158.977236] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 159.041955] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 159.063548] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 159.084707] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 159.175186] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 159.256317] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 159.327271] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 159.335119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.348751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.032809] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 160.039394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.054472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.086554] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 160.095730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.111836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.133264] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 160.149406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.174102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.200576] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 160.210090] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 160.219529] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 160.227213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.276373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.312342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.342218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.362299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.381602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.431689] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 160.438169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.447898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.665683] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.141709] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.202245] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.278395] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.309400] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.335245] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.354807] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.523533] 8021q: adding VLAN 0 to HW filter on device team0 03:02:01 executing program 2: 03:02:01 executing program 2: 03:02:01 executing program 4: r0 = socket$inet6(0xa, 0x80000, 0x640) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket(0xa, 0x1, 0x0) ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0xfffffffffffffffe, 0x0, 0x0, 0x8, 0x4924924924926de}) ioctl(r1, 0x8916, &(0x7f0000000000)) 03:02:01 executing program 1: syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [{[], {0x8100}}], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x0, 0x0, @dev={0xfe, 0x80}, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x2c00, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 03:02:01 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') read(r0, &(0x7f0000000280)=""/230, 0xfffffffffffffcfc) [ 168.092542] ================================================================== [ 168.099991] BUG: KMSAN: uninit-value in ipv6_skip_exthdr+0x156/0x910 [ 168.106541] CPU: 1 PID: 6684 Comm: syz-executor6 Not tainted 4.18.0-rc4+ #23 [ 168.113738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.123105] Call Trace: [ 168.125713] dump_stack+0x185/0x1e0 [ 168.129360] kmsan_report+0x195/0x2c0 [ 168.133181] __msan_warning_32+0x7d/0xe0 [ 168.137271] ipv6_skip_exthdr+0x156/0x910 03:02:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='team_slave_0\x00', 0x10) close(r0) [ 168.141445] ipv6_get_l4proto+0x1be/0x2f0 [ 168.145625] nf_conntrack_in+0x54a/0x2070 [ 168.149817] ? ipv6_invert_tuple+0xf0/0xf0 [ 168.154088] ipv6_conntrack_local+0xc3/0xf0 [ 168.158431] ? ipv6_conntrack_in+0xf0/0xf0 [ 168.162680] nf_hook_slow+0x15d/0x3e0 [ 168.166509] __ip6_local_out+0x64c/0x770 [ 168.170601] ? __ip6_local_out+0x770/0x770 [ 168.174851] ip6_local_out+0xa4/0x1d0 [ 168.178669] ip6_push_pending_frames+0x218/0x4d0 [ 168.183443] rawv6_sendmsg+0x45f0/0x5410 [ 168.187552] ? do_futex+0x3b8/0x6c80 03:02:02 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_procfs(0x0, &(0x7f0000000080)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f02acc7edbcd7a071fb35331ce39c5a") ioctl$fiemap(r1, 0xc020660b, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000000000001cfaffffffffffff010000007d000000000080"]) [ 168.191284] ? __se_sys_futex+0x626/0x800 [ 168.195460] ? compat_rawv6_ioctl+0x100/0x100 [ 168.199967] inet_sendmsg+0x3fc/0x760 [ 168.203783] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 168.209166] ? inet_getname+0x4a0/0x4a0 [ 168.213157] sock_write_iter+0x408/0x4d0 [ 168.217254] ? sock_read_iter+0x4f0/0x4f0 [ 168.221416] __vfs_write+0x87e/0xb90 [ 168.225165] vfs_write+0x467/0x8c0 [ 168.228737] __x64_sys_write+0x1cf/0x400 [ 168.232823] ? ksys_write+0x380/0x380 [ 168.236634] do_syscall_64+0x15b/0x230 [ 168.240547] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 168.245752] RIP: 0033:0x455e29 [ 168.248941] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.268291] RSP: 002b:00007fa1b32b9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.276021] RAX: ffffffffffffffda RBX: 00007fa1b32ba6d4 RCX: 0000000000455e29 [ 168.283313] RDX: 000000000000001a RSI: 0000000020000140 RDI: 0000000000000013 03:02:02 executing program 1: rt_sigprocmask(0x2, &(0x7f0000000040), 0x0, 0x8) [ 168.290600] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 168.297881] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 168.305159] R13: 00000000004c2e19 R14: 00000000004d4be8 R15: 0000000000000000 [ 168.312444] [ 168.314068] Uninit was stored to memory at: [ 168.318408] kmsan_internal_chain_origin+0x13c/0x240 [ 168.323519] kmsan_memcpy_origins+0x11d/0x170 [ 168.328023] __msan_memcpy+0xe7/0x150 [ 168.331840] skb_copy_bits+0x1f9/0xd80 [ 168.335740] ipv6_get_l4proto+0x105/0x2f0 [ 168.339903] nf_conntrack_in+0x54a/0x2070 [ 168.344072] ipv6_conntrack_local+0xc3/0xf0 [ 168.348410] nf_hook_slow+0x15d/0x3e0 [ 168.352228] __ip6_local_out+0x64c/0x770 [ 168.356311] ip6_local_out+0xa4/0x1d0 [ 168.360124] ip6_push_pending_frames+0x218/0x4d0 [ 168.364891] rawv6_sendmsg+0x45f0/0x5410 [ 168.368967] inet_sendmsg+0x3fc/0x760 [ 168.372786] sock_write_iter+0x408/0x4d0 [ 168.376863] __vfs_write+0x87e/0xb90 [ 168.380586] vfs_write+0x467/0x8c0 [ 168.384146] __x64_sys_write+0x1cf/0x400 [ 168.388223] do_syscall_64+0x15b/0x230 [ 168.392124] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 168.397303] [ 168.398922] Uninit was stored to memory at: [ 168.403248] kmsan_internal_chain_origin+0x13c/0x240 [ 168.408355] kmsan_memcpy_origins+0x11d/0x170 [ 168.412850] kmsan_memmove_origins+0x9/0x10 [ 168.417172] __msan_memmove+0xe7/0x150 [ 168.421072] nf_ct_frag6_gather+0x436a/0x5870 [ 168.425576] ipv6_defrag+0x501/0x5c0 [ 168.429300] nf_hook_slow+0x15d/0x3e0 [ 168.433118] __ip6_local_out+0x64c/0x770 [ 168.437193] ip6_local_out+0xa4/0x1d0 [ 168.441007] ip6_push_pending_frames+0x218/0x4d0 [ 168.445783] rawv6_sendmsg+0x45f0/0x5410 [ 168.449858] inet_sendmsg+0x3fc/0x760 [ 168.453675] sock_write_iter+0x408/0x4d0 [ 168.457753] __vfs_write+0x87e/0xb90 [ 168.461480] vfs_write+0x467/0x8c0 [ 168.465035] __x64_sys_write+0x1cf/0x400 [ 168.469106] do_syscall_64+0x15b/0x230 [ 168.473002] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 168.478185] [ 168.479811] Uninit was created at: [ 168.483364] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 168.488479] kmsan_kmalloc+0xa1/0x120 03:02:02 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x7) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)="06000000000000005c77b42c68f26030ef940c06f2a8e8c9137398b3120e88de8341153be6681e559093eb244d6325759d5d184dd372063c39c2afebf7a5258a06e71b39ccb07854f55946104855264d8e916141333a93d84e99858904db5b22b89608183bcd92202dd051c42aac65170c551cec041809e6937b3cea45293ac31cb4e409ccbcfd4f6206b959f54944719f43fa89425ffebd9b096bfc3dae0d1c7d", 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) sendfile(r2, r2, &(0x7f0000000180)=0x1, 0x9) [ 168.492286] kmsan_slab_alloc+0x10/0x20 [ 168.496279] __kmalloc_node_track_caller+0xb48/0x11d0 [ 168.501519] __alloc_skb+0x2cb/0x9e0 [ 168.505244] __ip6_append_data+0x3c45/0x5320 [ 168.509668] ip6_append_data+0x40e/0x6b0 [ 168.513738] rawv6_sendmsg+0x2909/0x5410 [ 168.517809] inet_sendmsg+0x3fc/0x760 [ 168.521624] sock_write_iter+0x408/0x4d0 [ 168.525699] __vfs_write+0x87e/0xb90 [ 168.529430] vfs_write+0x467/0x8c0 [ 168.532981] __x64_sys_write+0x1cf/0x400 [ 168.537056] do_syscall_64+0x15b/0x230 [ 168.540953] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 168.546131] ================================================================== [ 168.553497] Disabling lock debugging due to kernel taint [ 168.558950] Kernel panic - not syncing: panic_on_warn set ... [ 168.558950] [ 168.566335] CPU: 1 PID: 6684 Comm: syz-executor6 Tainted: G B 4.18.0-rc4+ #23 [ 168.574917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.584284] Call Trace: [ 168.586912] dump_stack+0x185/0x1e0 [ 168.590566] panic+0x3d0/0x9b0 [ 168.593807] kmsan_report+0x2bf/0x2c0 [ 168.597635] __msan_warning_32+0x7d/0xe0 [ 168.601719] ipv6_skip_exthdr+0x156/0x910 [ 168.605899] ipv6_get_l4proto+0x1be/0x2f0 [ 168.610072] nf_conntrack_in+0x54a/0x2070 [ 168.614252] ? ipv6_invert_tuple+0xf0/0xf0 [ 168.618509] ipv6_conntrack_local+0xc3/0xf0 [ 168.622852] ? ipv6_conntrack_in+0xf0/0xf0 [ 168.627103] nf_hook_slow+0x15d/0x3e0 [ 168.630927] __ip6_local_out+0x64c/0x770 [ 168.635033] ? __ip6_local_out+0x770/0x770 [ 168.639296] ip6_local_out+0xa4/0x1d0 [ 168.643120] ip6_push_pending_frames+0x218/0x4d0 [ 168.647897] rawv6_sendmsg+0x45f0/0x5410 [ 168.652001] ? do_futex+0x3b8/0x6c80 [ 168.655730] ? __se_sys_futex+0x626/0x800 [ 168.659910] ? compat_rawv6_ioctl+0x100/0x100 [ 168.664425] inet_sendmsg+0x3fc/0x760 [ 168.668267] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 168.673659] ? inet_getname+0x4a0/0x4a0 [ 168.677647] sock_write_iter+0x408/0x4d0 [ 168.681736] ? sock_read_iter+0x4f0/0x4f0 [ 168.685899] __vfs_write+0x87e/0xb90 [ 168.689650] vfs_write+0x467/0x8c0 [ 168.693218] __x64_sys_write+0x1cf/0x400 [ 168.697298] ? ksys_write+0x380/0x380 [ 168.701107] do_syscall_64+0x15b/0x230 [ 168.705011] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 168.710215] RIP: 0033:0x455e29 [ 168.713397] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.732734] RSP: 002b:00007fa1b32b9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.740464] RAX: ffffffffffffffda RBX: 00007fa1b32ba6d4 RCX: 0000000000455e29 [ 168.747748] RDX: 000000000000001a RSI: 0000000020000140 RDI: 0000000000000013 [ 168.755030] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 168.762316] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 168.769590] R13: 00000000004c2e19 R14: 00000000004d4be8 R15: 0000000000000000 [ 168.777334] Dumping ftrace buffer: [ 168.780867] (ftrace buffer empty) [ 168.784561] Kernel Offset: disabled [ 168.788181] Rebooting in 86400 seconds..