INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. 2018/04/06 22:24:58 fuzzer started 2018/04/06 22:24:58 dialing manager at 10.128.0.26:38639 2018/04/06 22:25:05 kcov=true, comps=false 2018/04/06 22:25:08 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0x71, &(0x7f0000000080)=""/4096, &(0x7f0000000040)=0x1276) 2018/04/06 22:25:08 executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000012e000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) connect$inet(r0, &(0x7f0000987000)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000266ffc)=0x5, 0x4) 2018/04/06 22:25:08 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) write(r1, &(0x7f0000000100)="d33e3ac1792b00000001000000002bc83d59408649b98165b67be86fd66d47c2d0e252ec7a311c2c5558503fe067940515e633f52465000012000000d4470937", 0x40) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x230, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f0000000140)=""/212, 0xd4}], 0x2, &(0x7f0000000000)=""/79, 0x4f}, 0x0) 2018/04/06 22:25:08 executing program 2: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)="2f70726f632f3f00000000000000f228d8247070795f74637000000000000000000000005788a270a3ee042584ecb76b3ca3cf62132813f8985862f71ee762421af74db4f74698e1e6e33fa9a31f57aceeb413b58cbf875c763fed5e9d8100000000000000507cdce4ed4887b0acf8784873aa1b263f74b9c90000", 0x2, 0x0) 2018/04/06 22:25:08 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000366000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r0, 0x0) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)) unshare(0x40600) pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f00007fbfc0), &(0x7f0000f22000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000553ff8), 0x8}) 2018/04/06 22:25:08 executing program 4: r0 = socket$inet(0x2, 0x3, 0x4) sendmmsg(r0, &(0x7f0000001e80)=[{{&(0x7f0000000000)=@in={0x2}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000340)}}, {{&(0x7f00000002c0)=@in={0x2, 0x0, @broadcast=0xffffffff}, 0x80, &(0x7f0000000600), 0x0, &(0x7f0000000300)=[{0x10, 0x0, 0x2}], 0x10}}], 0x2, 0x0) 2018/04/06 22:25:08 executing program 5: sched_setaffinity(0x0, 0x8, &(0x7f0000004000)) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00006ee000)='/dev/rfkill\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) readv(r0, &(0x7f00001f2ff0)=[{&(0x7f0000001fb2)=""/1, 0x1}], 0x1) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000011000)) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/04/06 22:25:08 executing program 6: r0 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000240), &(0x7f0000000280)=0x1c, 0x800) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f00000002c0)={0x0, 0x49, "af4503587057b5a0a1b0ba7ced2a6f8bf031bee7cc432309edd3386b3c497731799ebc160cf55b509fcfe5b305f8ed43deb744ab8ff104f97e2c8e29a11976f441793e5f475c071c69"}, &(0x7f0000000340)=0x51) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000380)={r2, 0x800}, 0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'bcsh0\x00', 0x3}) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8923, &(0x7f0000000180)={'bcsh0\x00', 0x1001}) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x581000, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000080), 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x9ff2, 0x30, 0xffffffffffff9cce, 0x1}, &(0x7f00000000c0)=0x18) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f00000001c0), &(0x7f0000000200)=0x8) syzkaller login: [ 44.839825] ip (3760) used greatest stack depth: 54672 bytes left [ 45.412365] ip (3809) used greatest stack depth: 54312 bytes left [ 45.602379] Not allocated shadow for addr ffff8801dcac8000 (page ffffea000b2c0b00) [ 45.610135] Attempted to access 486 bytes [ 45.614311] ------------[ cut here ]------------ [ 45.619060] kernel BUG at mm/kmsan/kmsan.c:1326! [ 45.623820] invalid opcode: 0000 [#1] SMP PTI [ 45.628307] Dumping ftrace buffer: [ 45.631833] (ftrace buffer empty) [ 45.635553] Modules linked in: [ 45.638743] CPU: 1 PID: 3584 Comm: syz-fuzzer Not tainted 4.16.0+ #81 [ 45.645306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.654676] RIP: 0010:kmsan_get_shadow_address+0x1ce/0x1f0 [ 45.660287] RSP: 0018:ffff8801a8d6e638 EFLAGS: 00010086 [ 45.665649] RAX: 000000000000001d RBX: 0000000000000760 RCX: 0000000000000000 [ 45.672913] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 45.680179] RBP: ffff8801a8d6e650 R08: 0000000000000000 R09: 0000000000000001 [ 45.687448] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801dcac8000 [ 45.695290] R13: 00000000000001e6 R14: 0000000000000001 R15: 00000000000001e6 [ 45.702560] FS: 000000c420088ae8(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 45.710786] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.716666] CR2: 00007fff7821be80 CR3: 00000001d56bc000 CR4: 00000000001406e0 [ 45.723945] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.731215] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.738485] Call Trace: [ 45.741091] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 45.746290] kmsan_unpoison_shadow+0x66/0xb0 [ 45.750703] virtqueue_get_buf_ctx+0x742/0xa20 [ 45.755290] virtqueue_get_buf+0x72/0x90 [ 45.759355] start_xmit+0x276/0x2840 [ 45.763077] ? virtnet_close+0x2c0/0x2c0 [ 45.767139] dev_hard_start_xmit+0x5f1/0xc70 [ 45.771562] sch_direct_xmit+0x540/0x8f0 [ 45.775632] __qdisc_run+0x1785/0x3730 [ 45.779528] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 45.784896] __dev_queue_xmit+0x174a/0x2b60 [ 45.789228] dev_queue_xmit+0x4b/0x60 [ 45.793031] ip_finish_output2+0x1198/0x1380 [ 45.797441] ip_finish_output+0xcb0/0xff0 [ 45.801590] ip_output+0x502/0x5c0 [ 45.805125] ? ip_mc_finish_output+0x3b0/0x3b0 [ 45.809705] ? ip_finish_output+0xff0/0xff0 [ 45.814024] ip_queue_xmit+0x1fae/0x21c0 [ 45.818079] ? __ip_local_out+0x5b0/0x5b0 [ 45.822227] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 45.827677] ? __skb_clone+0x6de/0x980 [ 45.831564] ? ip_output+0x5c0/0x5c0 [ 45.835277] tcp_transmit_skb+0x38be/0x51f0 [ 45.839603] tcp_write_xmit+0x4311/0xb920 [ 45.843773] __tcp_push_pending_frames+0x124/0x3f0 [ 45.848707] tcp_push+0x8b6/0x9c0 [ 45.852163] tcp_sendmsg_locked+0x5445/0x6d20 [ 45.856670] ? local_bh_enable+0x36/0x40 [ 45.860738] ? local_bh_enable+0x36/0x40 [ 45.864803] tcp_sendmsg+0xb2/0x100 [ 45.868434] ? tcp_sendmsg_locked+0x6d20/0x6d20 [ 45.873099] inet_sendmsg+0x48d/0x740 [ 45.876899] ? security_socket_sendmsg+0x9e/0x210 [ 45.881754] ? inet_getname+0x500/0x500 [ 45.885735] sock_write_iter+0x3b9/0x470 [ 45.889822] ? sock_read_iter+0x480/0x480 [ 45.893989] __vfs_write+0x719/0x910 [ 45.897725] vfs_write+0x463/0x8d0 [ 45.901272] SYSC_write+0x172/0x360 [ 45.904906] SyS_write+0x55/0x80 [ 45.908280] do_syscall_64+0x309/0x430 [ 45.912258] ? SYSC_read+0x360/0x360 [ 45.915978] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 45.921167] RIP: 0033:0x47fc44 [ 45.924346] RSP: 002b:000000c42b5db340 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 45.932047] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fc44 [ 45.939313] RDX: 00000000000000a7 RSI: 000000c4294db000 RDI: 0000000000000003 [ 45.946582] RBP: 000000c42b5db390 R08: 0000000000000000 R09: 0000000000000000 [ 45.953849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 45.961118] R13: 0000000000000040 R14: 0000000000000005 R15: 000000c4201ba4e0 [ 45.968819] Code: 75 29 48 c7 c7 71 2a a1 87 31 c0 e8 0d 11 86 ff 80 3c 25 a8 a4 2d 88 00 75 11 48 c7 c7 a1 2a a1 87 31 c0 4c 89 fe e8 f2 10 86 ff <0f> 0b eb fe 48 3d ff ff ff 1f 0f 87 a2 fe ff ff 48 8b 1c 25 10 [ 45.988056] RIP: kmsan_get_shadow_address+0x1ce/0x1f0 RSP: ffff8801a8d6e638 [ 45.995166] ---[ end trace e57424dd430a58ff ]--- [ 45.999912] Kernel panic - not syncing: Fatal exception in interrupt [ 46.006816] Dumping ftrace buffer: [ 46.010342] (ftrace buffer empty) [ 46.014027] Kernel Offset: disabled [ 46.017628] Rebooting in 86400 seconds..