INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. 2018/04/07 06:05:29 fuzzer started 2018/04/07 06:05:29 dialing manager at 10.128.0.26:38639 2018/04/07 06:05:35 kcov=true, comps=false 2018/04/07 06:05:38 executing program 0: r0 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={"6c6f0000c84402facd00dfffffff00", &(0x7f00000000c0)=@ethtool_wolinfo={0x5, 0x0, 0x0, "2cda00b3b806"}}) 2018/04/07 06:05:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x19, 0x3ff, 0x0, 0x0, {0xa}}, 0x14}, 0x1}, 0x0) 2018/04/07 06:05:38 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f0000000100)=ANY=[], 0x1023c) truncate(&(0x7f0000000040)='./file0\x00', 0x0) write(r1, &(0x7f0000000180)="15", 0x1) ioctl$fiemap(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x20000100}) 2018/04/07 06:05:38 executing program 2: clone(0x0, &(0x7f0000000080), &(0x7f0000000140), &(0x7f0000001040), &(0x7f0000001080)) seccomp(0x1, 0x0, &(0x7f0000158000)={0x1, &(0x7f0000000000)=[{0x6}]}) 2018/04/07 06:05:38 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000000c0)=0x51) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) poll(&(0x7f0000000180)=[{r0}], 0x1, 0x7021) ioctl$TCXONC(r1, 0x540a, 0x0) 2018/04/07 06:05:38 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f0000000100)=ANY=[], 0x1023c) truncate(&(0x7f0000000040)='./file0\x00', 0xef8) write(r1, &(0x7f0000000180)="15", 0x1) ioctl$fiemap(r1, 0xc020660b, &(0x7f0000000300)={0x0, 0x20000100}) 2018/04/07 06:05:38 executing program 5: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x4012}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x30a) sendmsg$netrom(r0, &(0x7f0000000c40)={&(0x7f0000000200)=@ax25={0x3, {"2474f9c524d00a"}}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000280)}, {&(0x7f00000003c0)}, {&(0x7f0000000540)="5774ca7b75f5b9458d9ecbbb45a0ffb41bedae2cd0edcb1903bf0518f0423da50301f4e2e42bfa6f8e83b0ee631b6701aa96312b3a454f6e8792ffaa936422af83698e2c9980a3162b130312a454c9cd7b669e018ebdea5040a29bd02b58ead88266ed6d35c1cd3363df5c61fa0728936982516e0ca4f4bf0a4c7bc83d9b5e68166f25b69744ba4c344e1a8b98a2d03bc9d62ada6f1996c80dffe8254c037bd45c96510efced59b368d9db6457f6d58d428bbaf56dab23e0adb8faf2d4d962a50aaddfda16153d86a29b4c7b1bb526e285f4b2ec2f6d68b62d94c51c464e1b419bf3efc649768075669707094123404853e968d8fc", 0xf5}], 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="9800000000000000290000003f0000006e01718519a1a6fdcccd73dc8ae49fa6f096fa6911877d2b4390fbaae837921b677546d1b8a63c2a9b9673d96c147559b547cb441ae608f8bb7fa20a19bf7771a3b104707b06c6ce7db99e0636f1655e580a35dbd2da1844bc1304a6537c4b10962ab1c5fed5e63f76bc4067a102fa8db7937f0a01e16b560fb87257d5e0caa528a6ead458653700a000000000000000ff010000000000008b215a32ffc8d7d944d6a66ce3c78670669206f42a1a0b98217e93d5ee11ee4640f9ae967e7d8ee4df2d2cc499d14734ac7973f8bd70ef8509e73905c31839d7c04f864f92a1fee144a93d860c8259942f399472bc4d342e5b7be29804218ddf51d51eb94c8ea316310cd36e0a51a004720edc87cab0ab9d4b55009e293e3c3a5c437b1517629680db00000000000000b0000000000000009d01000001000000446484c39ce9123c03895d739ba9d6bf7620926707493218ecd5f2fac11f0df80545a6653b9227c99389652df3f53ce56fcc9bfb0eacac744bd1cfc2a161bb3d896a3e5a868c34d77305af67ade2224f67d0acd1bd6d1c6a6decc4132b9dbf2c8b3c22fe32fb15de2f503e561b511412c3f60b243917b03ee1bab03030cfe4907a546ce5b8835cf7349a626e69e222ce192c01a2ee1868c7c425c0fc00000000c800000000000000290000000080000017b4e2f07f2865a096c5d7a1567f837a31b6ac052161830d6926cf6fc14ac76779e8f6b83f37b40ec6eb02d3cd4f8c86a0cc5461ad0f4cd9aadcd29862418106bb958c4bd14aaa6024a690c3adc44f0a8598edc01d1931c2b805a4ed3727a26cbb34b67d3e5e167be31763e422c195e3880b87390a1b358ee2a3072ac3d6fb81201bd5fbe380b77e75f640baaceca993994fad2b0b2bc0c3afc1fab03aa2fe43a7de5d594dede4f2b6e871a2d076ed027aa92cabeb914879e00000000000000001000000b2ee11200be71c6136a4fc9a70d6ad194faa570425980ab319f9e871829221e619b495c874ede2e937cdd1b7f64fae0dbd336f48aedf9e6335ba2efc30a5abe8d2c5072c52819a1b1d6c52434e3e64a3ec0c4728c6cd118efdb98b78e8b7cda3bb42cd5f53604be5426ba516fff78feeea4e89bf3461cf1a5e0c8066a23e9e74e70d4e10448eca688ebb00c427db524df04206bec9071a4fa9b078fcb38767435c583c466cacd3c199494d2abd3424c54f64f012b01b64af1173dfc7bbc6b670675c5d57c468c432f9d413fd31e04d22250000005800000000000000ff010000001000002359309d6dbb264c6aaefddfc0efc70681361a6c353eba89290503069f46956807efb5bb3bec6b5d8ba0bda28294ec18e022a6dc0a372d97a041a3b4d74afa617e7a00000000000068000000000000001d01000007000000752857442a2621126c9a1d2bd02f0633e28cec694d1019d596d932c912ae25573f6b853f631c93f42a63637adbdfd58508ddc58f98f5ae5e6b72fe2e37f0c639af505d9a8a25c4894cbdf2a25730e84660ae6f0000000000"], 0x450}, 0x40000) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'ifb0\x00', 0xa201}) dup3(r0, r1, 0x0) 2018/04/07 06:05:38 executing program 6: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00008b7ff0)={&(0x7f0000bfdfdc)={0x14, 0x3, 0x1, 0x800000001}, 0x14}, 0x1}, 0x0) syzkaller login: [ 43.099283] ip (3766) used greatest stack depth: 54672 bytes left [ 44.032137] ip (3856) used greatest stack depth: 54544 bytes left [ 44.554249] ip (3908) used greatest stack depth: 53960 bytes left [ 46.535635] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.563765] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.656935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.673332] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.683848] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.726989] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.876805] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.890666] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.252764] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.455472] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.487844] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.507247] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.641626] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.717298] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.775612] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.800428] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.980910] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.987158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.998617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.239420] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.245647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.256260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.302676] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.313341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.327796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.359214] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.370634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.398196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.430496] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.437936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.476871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.543387] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.549675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.557149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.578322] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.590590] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.634148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.645128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.664922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.690821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.454754] audit: type=1326 audit(1523081155.453:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5025 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0x0 [ 57.694732] ================================================================== [ 57.702135] BUG: KMSAN: uninit-value in memcmp+0x119/0x180 [ 57.707759] CPU: 1 PID: 3853 Comm: kworker/1:2 Not tainted 4.16.0+ #81 [ 57.714410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.723763] Workqueue: ipv6_addrconf addrconf_dad_work [ 57.729028] Call Trace: [ 57.731616] dump_stack+0x185/0x1d0 [ 57.735241] ? memcmp+0x119/0x180 [ 57.738694] kmsan_report+0x142/0x240 [ 57.742493] __msan_warning_32+0x6c/0xb0 [ 57.746553] memcmp+0x119/0x180 [ 57.749832] __dev_mc_add+0x1c2/0x8e0 [ 57.753635] ? ndisc_mc_map+0x59f/0x8c0 [ 57.757608] dev_mc_add+0x6d/0x80 [ 57.761059] igmp6_group_added+0x2db/0xa00 [ 57.765296] ipv6_dev_mc_inc+0xe9e/0x1130 [ 57.769448] addrconf_dad_work+0x427/0x2150 [ 57.773767] ? ipv6_get_saddr_eval+0x1130/0x1130 [ 57.778513] ? ipv6_get_saddr_eval+0x1130/0x1130 [ 57.783306] process_one_work+0x12c6/0x1f60 [ 57.787648] worker_thread+0x113c/0x24f0 [ 57.791720] ? process_one_work+0x1f60/0x1f60 [ 57.796210] kthread+0x539/0x720 [ 57.799574] ? process_one_work+0x1f60/0x1f60 [ 57.804071] ? kthread_blkcg+0xf0/0xf0 [ 57.807950] ret_from_fork+0x35/0x40 [ 57.811651] [ 57.813269] Local variable description: ----buf@igmp6_group_added [ 57.819480] Variable was created at: [ 57.823193] igmp6_group_added+0x4a/0xa00 [ 57.827334] ipv6_dev_mc_inc+0xe9e/0x1130 [ 57.831466] ================================================================== [ 57.838809] Disabling lock debugging due to kernel taint [ 57.844245] Kernel panic - not syncing: panic_on_warn set ... [ 57.844245] [ 57.851607] CPU: 1 PID: 3853 Comm: kworker/1:2 Tainted: G B 4.16.0+ #81 [ 57.859558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.868913] Workqueue: ipv6_addrconf addrconf_dad_work [ 57.874181] Call Trace: [ 57.876765] dump_stack+0x185/0x1d0 [ 57.880390] panic+0x39d/0x940 [ 57.883601] ? memcmp+0x119/0x180 [ 57.887050] kmsan_report+0x238/0x240 [ 57.890852] __msan_warning_32+0x6c/0xb0 [ 57.894909] memcmp+0x119/0x180 [ 57.898187] __dev_mc_add+0x1c2/0x8e0 [ 57.902031] ? ndisc_mc_map+0x59f/0x8c0 [ 57.906038] dev_mc_add+0x6d/0x80 [ 57.909492] igmp6_group_added+0x2db/0xa00 [ 57.913729] ipv6_dev_mc_inc+0xe9e/0x1130 [ 57.917878] addrconf_dad_work+0x427/0x2150 [ 57.922198] ? ipv6_get_saddr_eval+0x1130/0x1130 [ 57.926942] ? ipv6_get_saddr_eval+0x1130/0x1130 [ 57.931693] process_one_work+0x12c6/0x1f60 [ 57.936015] worker_thread+0x113c/0x24f0 [ 57.940082] ? process_one_work+0x1f60/0x1f60 [ 57.944579] kthread+0x539/0x720 [ 57.947957] ? process_one_work+0x1f60/0x1f60 [ 57.952451] ? kthread_blkcg+0xf0/0xf0 [ 57.956337] ret_from_fork+0x35/0x40 [ 57.960489] Dumping ftrace buffer: [ 57.964011] (ftrace buffer empty) [ 57.967692] Kernel Offset: disabled [ 57.971290] Rebooting in 86400 seconds..