INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. net.ipv6.conf.syz_tun.accept_dad = 0 syzkaller login: [ 60.532148] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 60.824087] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.830531] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.837941] device bridge_slave_0 entered promiscuous mode [ 60.859527] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.865968] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.873380] device bridge_slave_1 entered promiscuous mode [ 60.894496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.921203] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.979855] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 61.003633] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 61.098617] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 61.105886] team0: Port device team_slave_0 added [ 61.126865] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 61.134333] team0: Port device team_slave_1 added [ 61.155694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.183564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.211657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.236186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 61.427494] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.433944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.440723] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.447126] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 62.223206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.291647] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.358403] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.364640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.372271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.439423] 8021q: adding VLAN 0 to HW filter on device team0 executing program executing program [ 62.819304] ================================================================== [ 62.826779] BUG: KMSAN: uninit-value in _decode_session6+0x6d2/0x16e0 [ 62.833338] CPU: 0 PID: 4529 Comm: syz-executor165 Not tainted 4.16.0+ #87 [ 62.840348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.849680] Call Trace: [ 62.852273] dump_stack+0x185/0x1d0 [ 62.855884] ? _decode_session6+0x6d2/0x16e0 [ 62.860268] kmsan_report+0x142/0x240 [ 62.864051] __msan_warning_32+0x6c/0xb0 [ 62.868093] _decode_session6+0x6d2/0x16e0 [ 62.872310] __xfrm_decode_session+0x151/0x200 [ 62.876872] ? xfrm6_get_saddr+0x4b0/0x4b0 [ 62.881090] icmp6_send+0x2bf7/0x3730 [ 62.884879] ? ip6_tnl_xmit+0x13c0/0x3af0 [ 62.889822] ? icmpv6_param_prob+0xc0/0xc0 [ 62.894046] icmpv6_send+0xe0/0x110 [ 62.897654] ? ip6_tnl_xmit+0x1423/0x3af0 [ 62.901782] ip6_link_failure+0x8f/0x580 [ 62.905820] ? ip6_negative_advice+0x350/0x350 [ 62.910379] ? ip6_negative_advice+0x350/0x350 [ 62.914940] ip6_tnl_xmit+0x1423/0x3af0 [ 62.918893] ? __pskb_pull_tail+0x1806/0x2300 [ 62.923367] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 62.928726] ? __pskb_pull_tail+0x1b1b/0x2300 [ 62.933198] ? is_console_locked+0x14/0x50 [ 62.937412] ? __msan_poison_alloca+0x15c/0x1d0 [ 62.942072] ip6_tnl_start_xmit+0x1cc0/0x1ef0 [ 62.946552] ? ip6_tnl_dev_uninit+0x740/0x740 [ 62.951034] dev_hard_start_xmit+0x5f1/0xc70 [ 62.955430] __dev_queue_xmit+0x27ee/0x3520 [ 62.959737] dev_queue_xmit+0x4b/0x60 [ 62.963517] neigh_direct_output+0x42/0x50 [ 62.967739] ? neigh_connected_output+0x720/0x720 [ 62.972557] ip6_finish_output2+0x1d01/0x2130 [ 62.977051] ip6_finish_output+0xae9/0xba0 [ 62.981265] ip6_output+0x597/0x6c0 [ 62.984873] ? __ip6_local_out+0x730/0x730 [ 62.989087] ? ac6_seq_show+0x200/0x200 [ 62.993043] ip6_local_out+0x15e/0x1d0 [ 62.996913] ip6_push_pending_frames+0x218/0x4d0 [ 63.001652] rawv6_sendmsg+0x4235/0x4fb0 [ 63.005694] ? kmsan_set_origin_inline+0x6b/0x120 [ 63.010512] ? __msan_poison_alloca+0x15c/0x1d0 [ 63.015164] ? ___sys_sendmsg+0x11f2/0x1310 [ 63.019467] ? compat_rawv6_ioctl+0x100/0x100 [ 63.023939] inet_sendmsg+0x48d/0x740 [ 63.027719] ? security_socket_sendmsg+0x9e/0x210 [ 63.032541] ? inet_getname+0x500/0x500 [ 63.036493] sock_write_iter+0x3b9/0x470 [ 63.040537] ? sock_read_iter+0x480/0x480 [ 63.044661] __vfs_write+0x7fb/0x9f0 [ 63.048358] vfs_write+0x463/0x8d0 [ 63.051877] SYSC_write+0x172/0x360 [ 63.055482] SyS_write+0x55/0x80 [ 63.058827] do_syscall_64+0x309/0x430 [ 63.062691] ? SYSC_read+0x360/0x360 [ 63.066384] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.071556] RIP: 0033:0x4418b9 [ 63.074727] RSP: 002b:00007ffece331e68 EFLAGS: 00000217 ORIG_RAX: 0000000000000001 [ 63.082411] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004418b9 [ 63.089672] RDX: 000000000000036b RSI: 0000000020000240 RDI: 0000000000000004 [ 63.096918] RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000 [ 63.104173] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004025b0 [ 63.111422] R13: 0000000000402640 R14: 0000000000000000 R15: 0000000000000000 [ 63.118669] [ 63.120268] Uninit was created at: [ 63.123789] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 63.128867] kmsan_kmalloc+0x94/0x100 [ 63.132643] kmsan_slab_alloc+0x11/0x20 [ 63.136592] __kmalloc_node_track_caller+0xaed/0x11c0 [ 63.141758] pskb_expand_head+0x21d/0x1a70 [ 63.145967] __pskb_pull_tail+0x1d7/0x2300 [ 63.150178] ip6_tnl_parse_tlv_enc_lim+0x7f5/0xa90 [ 63.155083] ip6_tnl_start_xmit+0x911/0x1ef0 [ 63.159475] dev_hard_start_xmit+0x5f1/0xc70 [ 63.163858] __dev_queue_xmit+0x27ee/0x3520 [ 63.168155] dev_queue_xmit+0x4b/0x60 [ 63.171935] neigh_direct_output+0x42/0x50 [ 63.176147] ip6_finish_output2+0x1d01/0x2130 [ 63.180618] ip6_finish_output+0xae9/0xba0 [ 63.184829] ip6_output+0x597/0x6c0 [ 63.188431] ip6_local_out+0x15e/0x1d0 [ 63.192297] ip6_push_pending_frames+0x218/0x4d0 [ 63.197035] rawv6_sendmsg+0x4235/0x4fb0 [ 63.201080] inet_sendmsg+0x48d/0x740 [ 63.204869] sock_write_iter+0x3b9/0x470 [ 63.208906] __vfs_write+0x7fb/0x9f0 [ 63.212600] vfs_write+0x463/0x8d0 [ 63.216140] SYSC_write+0x172/0x360 [ 63.219742] SyS_write+0x55/0x80 [ 63.223084] do_syscall_64+0x309/0x430 [ 63.226949] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.232116] ================================================================== [ 63.239448] Disabling lock debugging due to kernel taint [ 63.244873] Kernel panic - not syncing: panic_on_warn set ... [ 63.244873] [ 63.252218] CPU: 0 PID: 4529 Comm: syz-executor165 Tainted: G B 4.16.0+ #87 [ 63.260509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.269841] Call Trace: [ 63.272411] dump_stack+0x185/0x1d0 [ 63.276025] panic+0x39d/0x940 [ 63.279217] ? _decode_session6+0x6d2/0x16e0 [ 63.283606] kmsan_report+0x238/0x240 [ 63.287385] __msan_warning_32+0x6c/0xb0 [ 63.291425] _decode_session6+0x6d2/0x16e0 [ 63.295650] __xfrm_decode_session+0x151/0x200 [ 63.300210] ? xfrm6_get_saddr+0x4b0/0x4b0 [ 63.304426] icmp6_send+0x2bf7/0x3730 [ 63.308213] ? ip6_tnl_xmit+0x13c0/0x3af0 [ 63.312343] ? icmpv6_param_prob+0xc0/0xc0 [ 63.316555] icmpv6_send+0xe0/0x110 [ 63.320159] ? ip6_tnl_xmit+0x1423/0x3af0 [ 63.324290] ip6_link_failure+0x8f/0x580 [ 63.328330] ? ip6_negative_advice+0x350/0x350 [ 63.332889] ? ip6_negative_advice+0x350/0x350 [ 63.337448] ip6_tnl_xmit+0x1423/0x3af0 [ 63.341401] ? __pskb_pull_tail+0x1806/0x2300 [ 63.345878] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 63.351226] ? __pskb_pull_tail+0x1b1b/0x2300 [ 63.355700] ? is_console_locked+0x14/0x50 [ 63.359918] ? __msan_poison_alloca+0x15c/0x1d0 [ 63.364572] ip6_tnl_start_xmit+0x1cc0/0x1ef0 [ 63.369058] ? ip6_tnl_dev_uninit+0x740/0x740 [ 63.373533] dev_hard_start_xmit+0x5f1/0xc70 [ 63.377921] __dev_queue_xmit+0x27ee/0x3520 [ 63.382224] dev_queue_xmit+0x4b/0x60 [ 63.386002] neigh_direct_output+0x42/0x50 [ 63.390223] ? neigh_connected_output+0x720/0x720 [ 63.395059] ip6_finish_output2+0x1d01/0x2130 [ 63.399534] ip6_finish_output+0xae9/0xba0 [ 63.403750] ip6_output+0x597/0x6c0 [ 63.407354] ? __ip6_local_out+0x730/0x730 [ 63.411566] ? ac6_seq_show+0x200/0x200 [ 63.415518] ip6_local_out+0x15e/0x1d0 [ 63.419386] ip6_push_pending_frames+0x218/0x4d0 [ 63.424120] rawv6_sendmsg+0x4235/0x4fb0 [ 63.428163] ? kmsan_set_origin_inline+0x6b/0x120 [ 63.432981] ? __msan_poison_alloca+0x15c/0x1d0 [ 63.437626] ? ___sys_sendmsg+0x11f2/0x1310 [ 63.441935] ? compat_rawv6_ioctl+0x100/0x100 [ 63.446407] inet_sendmsg+0x48d/0x740 [ 63.450186] ? security_socket_sendmsg+0x9e/0x210 [ 63.455012] ? inet_getname+0x500/0x500 [ 63.458987] sock_write_iter+0x3b9/0x470 [ 63.463051] ? sock_read_iter+0x480/0x480 [ 63.467182] __vfs_write+0x7fb/0x9f0 [ 63.470886] vfs_write+0x463/0x8d0 [ 63.474409] SYSC_write+0x172/0x360 [ 63.478019] SyS_write+0x55/0x80 [ 63.481369] do_syscall_64+0x309/0x430 [ 63.485234] ? SYSC_read+0x360/0x360 [ 63.488925] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 63.494091] RIP: 0033:0x4418b9 [ 63.497262] RSP: 002b:00007ffece331e68 EFLAGS: 00000217 ORIG_RAX: 0000000000000001 [ 63.504950] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004418b9 [ 63.512194] RDX: 000000000000036b RSI: 0000000020000240 RDI: 0000000000000004 [ 63.519442] RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000 [ 63.526687] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004025b0 [ 63.533944] R13: 0000000000402640 R14: 0000000000000000 R15: 0000000000000000 [ 63.541677] Dumping ftrace buffer: [ 63.545199] (ftrace buffer empty) [ 63.548884] Kernel Offset: disabled [ 63.552486] Rebooting in 86400 seconds..