INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2018/04/17 04:54:06 fuzzer started 2018/04/17 04:54:06 dialing manager at 10.128.0.26:43021 2018/04/17 04:54:13 kcov=true, comps=false 2018/04/17 04:54:15 executing program 0: 2018/04/17 04:54:15 executing program 2: 2018/04/17 04:54:15 executing program 7: 2018/04/17 04:54:15 executing program 1: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000f8000)={@random="cd390b081bf2", @dev={[0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "08de06", 0x38, 0x3a, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0xffffff84, 0x0, @loopback={0x0, 0x1}, @loopback={0x0, 0x1}, [], "fca967e17f791010"}}}}}}}, 0x0) 2018/04/17 04:54:15 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x8000000000403ff, 0x0) syz_mount_image$vfat(&(0x7f0000000600)='vfat\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x0, &(0x7f0000000640), 0x1800, &(0x7f0000000400)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[]]) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0) syz_mount_image$bfs(&(0x7f0000000040)='bfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000840)=[{&(0x7f0000000180), 0x0, 0x70a0e59d}], 0x0, 0x0) fallocate(r0, 0x11, 0x0, 0x100000001) 2018/04/17 04:54:15 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000012f80)={0x2, 0x4000000000000f, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1=0xe0000001}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}}]}, 0x80}, 0x1}, 0x0) 2018/04/17 04:54:15 executing program 5: clock_settime(0xe859a301d6390cd0, &(0x7f0000000040)={0x77359400}) 2018/04/17 04:54:15 executing program 6: syz_emit_ethernet(0x66, &(0x7f0000000000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x3a, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0xffffff80, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @loopback={0x0, 0x1}, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}}}}}}}}, 0x0) syzkaller login: [ 43.178513] ip (3746) used greatest stack depth: 54688 bytes left [ 43.440226] ip (3770) used greatest stack depth: 54672 bytes left [ 43.816225] ip (3805) used greatest stack depth: 54072 bytes left [ 45.104137] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.110685] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.147118] device bridge_slave_0 entered promiscuous mode [ 45.183456] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.189911] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.217367] device bridge_slave_0 entered promiscuous mode [ 45.233991] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.240458] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.258408] device bridge_slave_0 entered promiscuous mode [ 45.276980] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.283473] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.301353] device bridge_slave_0 entered promiscuous mode [ 45.310416] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.316878] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.337273] device bridge_slave_0 entered promiscuous mode [ 45.356409] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.362874] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.385914] device bridge_slave_0 entered promiscuous mode [ 45.398124] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.404563] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.416622] device bridge_slave_1 entered promiscuous mode [ 45.424140] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.430577] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.452838] device bridge_slave_0 entered promiscuous mode [ 45.477502] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.483925] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.510893] device bridge_slave_1 entered promiscuous mode [ 45.522023] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.528493] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.542147] device bridge_slave_1 entered promiscuous mode [ 45.548711] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.555169] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.571959] device bridge_slave_0 entered promiscuous mode [ 45.582273] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.588711] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.598273] device bridge_slave_1 entered promiscuous mode [ 45.611720] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.618185] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.646524] device bridge_slave_1 entered promiscuous mode [ 45.654603] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.661120] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.686107] device bridge_slave_1 entered promiscuous mode [ 45.695105] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.706981] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.713468] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.739307] device bridge_slave_1 entered promiscuous mode [ 45.750747] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.761254] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.773509] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.787071] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.793514] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.839794] device bridge_slave_1 entered promiscuous mode [ 45.846574] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.857365] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.898294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.912256] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.933687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.949902] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.962620] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.015146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.082825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.120807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.129566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.294099] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.414257] ip (4012) used greatest stack depth: 53960 bytes left [ 46.854347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.905981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.987496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.017856] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.026208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.034863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.098086] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.126098] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.161020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.233893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.241372] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.263381] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.303342] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.341140] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.424857] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.529955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.971612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.084652] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.166259] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.182338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.219678] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.251296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.274126] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.363158] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.383292] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.410373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.417520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.437714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.468146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.479879] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.487957] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.508532] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.516526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.528002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.585019] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.593155] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.634325] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.641869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.653656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.689716] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.697506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.720647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.747109] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.755203] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.766948] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.788656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.806944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.839589] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.846902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.861435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.883706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.892939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.912258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.925123] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.936408] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.944445] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.962436] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.972362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.994903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.024691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.053801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.093621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.104206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.112453] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.120514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.132880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.139971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.150276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.169289] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.179956] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.187289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.209705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.237626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.272844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.308884] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.317463] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.325121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.345864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.375078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.402204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.169140] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.175695] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.182598] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.189106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.232142] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.238982] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.268118] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.274603] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.281440] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.287888] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.335397] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.352164] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.358644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.365515] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.371961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.412463] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.431086] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.437560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.444390] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.450824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.509010] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.548370] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.554876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.561778] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.568256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.634000] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.682461] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.688955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.695829] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.702300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.771534] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.779202] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.785667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.792522] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.799018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.841002] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.850770] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.857248] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.864123] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.870559] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.879477] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.255263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.266563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.291090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.306084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.313476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.321553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.329303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.774662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.854864] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.964452] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.997796] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.021948] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.146132] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.232602] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.395202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.581275] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.587591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.597978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.691473] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.697799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.708934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.760015] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.766370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.779809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.845791] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.852148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.866667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.909191] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.915435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.929509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.961621] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.967937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.981618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.110486] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.116791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.131845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.434285] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.440582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.456693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/17 04:54:42 executing program 2: munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(&(0x7f0000000040), &(0x7f0000000080), 0xcf, &(0x7f0000ffe000/0x2000)=nil, 0x2) 2018/04/17 04:54:42 executing program 6: r0 = socket$inet6(0xa, 0x3, 0x8000000000002c) connect$inet6(r0, &(0x7f0000002fe4)={0xa}, 0x1c) sendmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)='2', 0x1}], 0x1, &(0x7f0000000100)}, 0x2000c080) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00\a', 0x8}], 0x1) 2018/04/17 04:54:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f000000aff5)='/dev/loop#\x00', 0x0, 0x0) ioctl(r0, 0x5393, &(0x7f0000000000)) 2018/04/17 04:54:42 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) connect$unix(r1, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e) 2018/04/17 04:54:42 executing program 7: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00009f5000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00004ca000)={&(0x7f0000000080)={0x14}, 0x14}, 0x1}, 0x0) close(r0) [ 67.794256] ================================================================== [ 67.801686] BUG: KMSAN: uninit-value in ipv6_frag_rcv+0xfa5/0x6970 [ 67.808012] CPU: 0 PID: 5741 Comm: syz-executor6 Not tainted 4.16.0+ #84 [ 67.814844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.824192] Call Trace: [ 67.826769] [ 67.828928] dump_stack+0x185/0x1d0 [ 67.832562] ? ipv6_frag_rcv+0xfa5/0x6970 [ 67.836712] kmsan_report+0x142/0x240 [ 67.840514] __msan_warning_32+0x6c/0xb0 [ 67.844578] ipv6_frag_rcv+0xfa5/0x6970 [ 67.848559] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 67.853930] ? ipv6_frag_exit+0x90/0x90 [ 67.857926] ip6_input_finish+0xa62/0x2110 [ 67.862184] ? ip6table_filter_hook+0xb5/0xe0 [ 67.866675] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 67.872045] ip6_input+0x294/0x320 [ 67.875586] ? ip6_input+0x320/0x320 [ 67.879295] ? ipv6_rcv+0x26d0/0x26d0 [ 67.883093] ipv6_rcv+0x20ec/0x26d0 [ 67.886719] ? local_bh_enable+0x40/0x40 [ 67.890788] __netif_receive_skb_core+0x47cf/0x4a80 [ 67.895808] ? kmsan_internal_memset_shadow_inline+0xc0/0xd0 [ 67.901607] ? ip6_rcv_finish+0x4d0/0x4d0 [ 67.905755] process_backlog+0x62d/0xe20 [ 67.909820] ? rps_trigger_softirq+0x2f0/0x2f0 [ 67.914402] net_rx_action+0x7c1/0x1a70 [ 67.918377] ? net_tx_action+0xab0/0xab0 [ 67.922443] __do_softirq+0x56d/0x93d [ 67.926248] do_softirq_own_stack+0x2a/0x40 [ 67.930559] [ 67.932798] __local_bh_enable_ip+0x114/0x140 [ 67.937297] local_bh_enable+0x36/0x40 [ 67.941183] ip6_finish_output2+0x1b6c/0x1f20 [ 67.945690] ip6_finish_output+0xb3f/0xc00 [ 67.949933] ip6_output+0x597/0x6c0 [ 67.953559] ? ip6_output+0x6c0/0x6c0 [ 67.957361] ? ac6_seq_show+0x200/0x200 [ 67.961337] ip6_local_out+0x573/0x640 [ 67.965226] ? __ip6_local_out+0x4f0/0x4f0 [ 67.969468] ip6_push_pending_frames+0x218/0x4d0 [ 67.974225] rawv6_sendmsg+0x4500/0x4cc0 [ 67.978299] ? kmsan_set_origin_inline+0x6b/0x120 [ 67.983171] ? futex_wait_queue_me+0x4ba/0x710 [ 67.987761] ? futex_wait_queue_me+0x4ee/0x710 [ 67.992349] ? compat_rawv6_ioctl+0x30/0x30 [ 67.996674] inet_sendmsg+0x48d/0x740 [ 68.000474] ? security_socket_sendmsg+0x9e/0x210 [ 68.005320] ? inet_getname+0x500/0x500 [ 68.009298] sock_write_iter+0x3b9/0x470 [ 68.013369] ? sock_read_iter+0x480/0x480 [ 68.017516] do_iter_readv_writev+0x7bb/0x970 [ 68.022020] ? sock_read_iter+0x480/0x480 [ 68.026172] do_iter_write+0x30d/0xd40 [ 68.030063] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 68.035512] do_writev+0x3c9/0x830 [ 68.039054] ? syscall_return_slowpath+0xe9/0x700 [ 68.043901] SYSC_writev+0x9b/0xb0 [ 68.047442] SyS_writev+0x56/0x80 [ 68.050894] do_syscall_64+0x309/0x430 [ 68.054775] ? SYSC_readv+0xb0/0xb0 [ 68.058399] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 68.063578] RIP: 0033:0x455329 [ 68.066759] RSP: 002b:00007f44cb58bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 68.074459] RAX: ffffffffffffffda RBX: 00007f44cb58c6d4 RCX: 0000000000455329 [ 68.081724] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000013 [ 68.088993] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 68.096260] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 68.103526] R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000 [ 68.110795] [ 68.112412] Uninit was stored to memory at: [ 68.116734] kmsan_internal_chain_origin+0x12b/0x210 [ 68.121831] kmsan_memcpy_origins+0x11d/0x170 [ 68.126324] __msan_memcpy+0x19f/0x1f0 [ 68.130213] skb_copy_bits+0x63a/0xdb0 [ 68.134103] __pskb_pull_tail+0x483/0x22e0 [ 68.138345] ipv6_frag_rcv+0x1894/0x6970 [ 68.142408] ip6_input_finish+0xa62/0x2110 [ 68.146641] ip6_input+0x294/0x320 [ 68.150177] ipv6_rcv+0x20ec/0x26d0 [ 68.153799] __netif_receive_skb_core+0x47cf/0x4a80 [ 68.158806] process_backlog+0x62d/0xe20 [ 68.162860] net_rx_action+0x7c1/0x1a70 [ 68.166831] __do_softirq+0x56d/0x93d [ 68.170616] Uninit was created at: [ 68.174153] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 68.179161] kmsan_alloc_page+0x82/0xe0 [ 68.183132] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 68.187880] alloc_pages_current+0x6b5/0x970 [ 68.192289] skb_page_frag_refill+0x3ba/0x5e0 [ 68.196781] sk_page_frag_refill+0xa4/0x340 [ 68.201102] __ip6_append_data+0x1a20/0x4bb0 [ 68.205506] ip6_append_data+0x40e/0x6b0 [ 68.209561] rawv6_sendmsg+0x2787/0x4cc0 [ 68.213621] inet_sendmsg+0x48d/0x740 [ 68.217423] sock_write_iter+0x3b9/0x470 [ 68.221478] do_iter_readv_writev+0x7bb/0x970 [ 68.225967] do_iter_write+0x30d/0xd40 [ 68.229849] do_writev+0x3c9/0x830 [ 68.233391] SYSC_writev+0x9b/0xb0 [ 68.236935] SyS_writev+0x56/0x80 [ 68.240389] do_syscall_64+0x309/0x430 2018/04/17 04:54:43 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f00000000c0)=@fragment, 0x8) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x4e20}, 0x1c) recvmsg(r0, &(0x7f0000000080)={&(0x7f00000001c0)=@vsock={0x0, 0x0, 0x0, @my}, 0x80, &(0x7f00000003c0)}, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x3, 0x4) sendmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000040)}, 0x0) 2018/04/17 04:54:43 executing program 7: mq_unlink(&(0x7f0000000140)='.\x00') 2018/04/17 04:54:43 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0}, &(0x7f0000000000)=0x10) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080)={r1}, 0x10) [ 68.244276] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 68.249457] ================================================================== [ 68.256806] Disabling lock debugging due to kernel taint [ 68.262249] Kernel panic - not syncing: panic_on_warn set ... [ 68.262249] [ 68.269616] CPU: 0 PID: 5741 Comm: syz-executor6 Tainted: G B 4.16.0+ #84 [ 68.277751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.287094] Call Trace: [ 68.289657] [ 68.291804] dump_stack+0x185/0x1d0 [ 68.295430] panic+0x39d/0x940 [ 68.298639] ? ipv6_frag_rcv+0xfa5/0x6970 [ 68.302785] kmsan_report+0x238/0x240 [ 68.306576] __msan_warning_32+0x6c/0xb0 [ 68.310629] ipv6_frag_rcv+0xfa5/0x6970 [ 68.314591] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 68.319956] ? ipv6_frag_exit+0x90/0x90 [ 68.323922] ip6_input_finish+0xa62/0x2110 [ 68.328142] ? ip6table_filter_hook+0xb5/0xe0 [ 68.332620] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 68.337982] ip6_input+0x294/0x320 [ 68.341520] ? ip6_input+0x320/0x320 [ 68.345219] ? ipv6_rcv+0x26d0/0x26d0 [ 68.348998] ipv6_rcv+0x20ec/0x26d0 [ 68.352621] ? local_bh_enable+0x40/0x40 [ 68.356681] __netif_receive_skb_core+0x47cf/0x4a80 [ 68.361690] ? kmsan_internal_memset_shadow_inline+0xc0/0xd0 [ 68.367488] ? ip6_rcv_finish+0x4d0/0x4d0 [ 68.371625] process_backlog+0x62d/0xe20 [ 68.375667] ? rps_trigger_softirq+0x2f0/0x2f0 [ 68.380228] net_rx_action+0x7c1/0x1a70 [ 68.384200] ? net_tx_action+0xab0/0xab0 [ 68.388255] __do_softirq+0x56d/0x93d [ 68.392059] do_softirq_own_stack+0x2a/0x40 [ 68.396365] [ 68.398603] __local_bh_enable_ip+0x114/0x140 [ 68.403096] local_bh_enable+0x36/0x40 [ 68.406963] ip6_finish_output2+0x1b6c/0x1f20 [ 68.411455] ip6_finish_output+0xb3f/0xc00 [ 68.415685] ip6_output+0x597/0x6c0 [ 68.419310] ? ip6_output+0x6c0/0x6c0 [ 68.423109] ? ac6_seq_show+0x200/0x200 [ 68.427080] ip6_local_out+0x573/0x640 [ 68.430965] ? __ip6_local_out+0x4f0/0x4f0 [ 68.435201] ip6_push_pending_frames+0x218/0x4d0 [ 68.439949] rawv6_sendmsg+0x4500/0x4cc0 [ 68.444006] ? kmsan_set_origin_inline+0x6b/0x120 [ 68.448842] ? futex_wait_queue_me+0x4ba/0x710 [ 68.453404] ? futex_wait_queue_me+0x4ee/0x710 [ 68.457969] ? compat_rawv6_ioctl+0x30/0x30 [ 68.462279] inet_sendmsg+0x48d/0x740 [ 68.466078] ? security_socket_sendmsg+0x9e/0x210 [ 68.470920] ? inet_getname+0x500/0x500 [ 68.474882] sock_write_iter+0x3b9/0x470 [ 68.478937] ? sock_read_iter+0x480/0x480 [ 68.483065] do_iter_readv_writev+0x7bb/0x970 [ 68.487545] ? sock_read_iter+0x480/0x480 [ 68.491681] do_iter_write+0x30d/0xd40 [ 68.495559] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 68.500991] do_writev+0x3c9/0x830 [ 68.504518] ? syscall_return_slowpath+0xe9/0x700 [ 68.509356] SYSC_writev+0x9b/0xb0 [ 68.512889] SyS_writev+0x56/0x80 [ 68.516323] do_syscall_64+0x309/0x430 [ 68.520192] ? SYSC_readv+0xb0/0xb0 [ 68.523812] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 68.528989] RIP: 0033:0x455329 [ 68.532167] RSP: 002b:00007f44cb58bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 68.539870] RAX: ffffffffffffffda RBX: 00007f44cb58c6d4 RCX: 0000000000455329 [ 68.547132] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000013 [ 68.554381] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 68.561629] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 68.568891] R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000 [ 68.576599] Dumping ftrace buffer: [ 68.580129] (ftrace buffer empty) [ 68.583814] Kernel Offset: disabled [ 68.587417] Rebooting in 86400 seconds..