INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. 2018/04/07 07:38:37 fuzzer started 2018/04/07 07:38:37 dialing manager at 10.128.0.26:38639 2018/04/07 07:38:43 kcov=true, comps=false 2018/04/07 07:38:46 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x66, &(0x7f0000101000)={@random="cd390b081bf2", @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x2c, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @loopback={0x0, 0x1}, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}}}}}}}}, 0x0) 2018/04/07 07:38:46 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000800)=@broute={'broute\x00', 0x20, 0x4, 0x7a0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000040], 0x0, &(0x7f0000000000), &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x5, 0x0, 0x0, 'dummy0\x00', 'vlan0\x00', 'bcsf0\x00', 'ip6gre0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], @link_local={0x1, 0x80, 0xc2}, [], 0xe0, 0x130, 0x160, [@quota={'quota\x00', 0x18, {{0x1f}}}, @cpu={'cpu\x00', 0x8}]}, [@common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x0, 'syz1\x00'}}}]}, @common=@STANDARD={'\x00', 0x8}}, {{{0x11, 0x0, 0x0, 'eql\x00', 'sit0\x00', 'vlan0\x00', 'yam0\x00', @empty, [], @link_local={0x1, 0x80, 0xc2}, [], 0x118, 0x280, 0x2b0, [@pkttype={'pkttype\x00', 0x8}, @ip6={'ip6\x00', 0x50, {{@empty, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}}}]}, [@common=@mark={'mark\x00', 0x10}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x0, 0x0, 'system_u:object_r:systemd_notify_exec_t:s0\x00'}}}]}, @common=@redirect={'redirect\x00', 0x8}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'ifb0\x00', 'irlan0\x00', 'bond0\x00', 'ip6gre0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], 0xb0, 0xb0, 0xe0, [@devgroup={'devgroup\x00', 0x18}]}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8}}]}, {0x0, '\x00', 0x3, 0xfffffffffffffffe, 0x1, [{{{0x7, 0x0, 0x0, 'tunl0\x00', 'ip6_vti0\x00', 'syz_tun\x00', 'syzkaller1\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], 0x70, 0xf0, 0x220}, [@common=@AUDIT={'AUDIT\x00', 0x8}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}]}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x0, 0x0, 'system_u:object_r:systemd_tmpfiles_exec_t:s0\x00'}}}}]}]}, 0x818) 2018/04/07 07:38:46 executing program 7: syz_emit_ethernet(0x2e, &(0x7f000025a000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @multicast1=0xe0000001, {[@rr={0x7, 0x3, 0x7}]}}, @udp={0x4e20, 0x4e20, 0x8}}}}}, 0x0) 2018/04/07 07:38:46 executing program 1: r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f000089b000)=0xffffffffffffffff, 0x4) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x4e20}, 0x1c) getpeername$inet6(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c) 2018/04/07 07:38:46 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000396000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000d6afa0)=[{{&(0x7f00000bb000)=@ipx, 0x10, &(0x7f0000637fe8), 0x0, &(0x7f0000b1c000)=""/248, 0xf8}}], 0x1, 0x0, &(0x7f0000c08ff8)) clone(0x0, &(0x7f0000487000), &(0x7f0000472000), &(0x7f0000e1dffc), &(0x7f0000506000)) shutdown(r0, 0x0) 2018/04/07 07:38:46 executing program 4: syz_open_dev$loop(&(0x7f0000009000)='/dev/loop#\x00', 0x0, 0x80082) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp(0x0, 0x0, &(0x7f0000044ff0)) syz_open_procfs(0x0, &(0x7f000000b000)='ns\x00') syz_open_dev$loop(&(0x7f0000020000)='/dev/loop#\x00', 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0xff54) 2018/04/07 07:38:46 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00006ffff8)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000bc000)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0xc0) recvfrom$unix(r1, &(0x7f0000e0f000), 0x0, 0x0, &(0x7f0000501ff8)=@abs, 0x8) read(r0, &(0x7f0000afdfff)=""/1, 0x1) 2018/04/07 07:38:46 executing program 6: io_setup(0x8, &(0x7f00004eb000)=0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) io_getevents(r0, 0x0, 0x0, &(0x7f000011d000), &(0x7f00009ca000)={0x0, 0x1c9c380}) syzkaller login: [ 41.558515] ip (3742) used greatest stack depth: 54688 bytes left [ 41.770320] ip (3761) used greatest stack depth: 54672 bytes left [ 41.969792] ip (3777) used greatest stack depth: 54312 bytes left [ 43.021164] ip (3883) used greatest stack depth: 54200 bytes left [ 45.206210] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.219633] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.320276] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.354444] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.366188] ip (4088) used greatest stack depth: 53976 bytes left [ 45.492169] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.508567] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.616175] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.651877] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.731696] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.755659] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.990636] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.023999] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.123471] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.143832] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.306913] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.435711] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.441993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.453643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.490582] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.496854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.519185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.583397] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.727412] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.733630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.741887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.767304] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.780452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.811132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.940949] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.949062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.965253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.989137] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.012992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.044646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.123150] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.129333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.138592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.421920] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.428265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.442570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 07:39:02 executing program 7: socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001aff8)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000016ffc)=0x406, 0x4) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) writev(r1, &(0x7f00004ca000)=[{&(0x7f000049cfe1)="d6", 0x1}], 0x1) recvmsg(r0, &(0x7f0000019fc8)={0x0, 0x0, &(0x7f000001e000), 0x0, &(0x7f0000019000)}, 0x2) sendfile(r1, r2, &(0x7f0000000080), 0x80000001) [ 55.834578] device bridge0 entered promiscuous mode [ 55.879914] device bridge0 left promiscuous mode [ 55.919904] device bridge0 entered promiscuous mode [ 56.043362] device bridge0 left promiscuous mode 2018/04/07 07:39:04 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f00002ca000), 0x0, 0x0, &(0x7f0000303000)={0x2, 0x4e20}, 0x186) 2018/04/07 07:39:04 executing program 4: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0xc, &(0x7f0000015000)='"', 0x1) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000e03ff4)={@remote, @rand_addr, 0x0}, &(0x7f000099e000)=0xc) setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000cfffd)={r1, @loopback=0x7f000001}, 0xc) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000019fed), &(0x7f0000016ffc)) 2018/04/07 07:39:04 executing program 1: r0 = socket$inet(0x2, 0x3, 0x3e) recvmmsg(0xffffffffffffffff, &(0x7f0000002fc0)=[{{&(0x7f0000000000)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000080)=""/201, 0xc9}, {&(0x7f0000000180)=""/49, 0x31}], 0x2, &(0x7f0000000480)=""/180, 0xb4}}], 0x1, 0x0, &(0x7f0000003140)) sendto$inet(r0, &(0x7f0000ef4000), 0x0, 0x0, &(0x7f0000ee9ff0)={0x2, 0x4e20}, 0x10) recvmmsg(r0, &(0x7f0000000140), 0x50, 0x2, &(0x7f00000001c0)={0x0, 0x989680}) 2018/04/07 07:39:04 executing program 6: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) sendto$inet(r0, &(0x7f000061af66), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendmmsg(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000000080)}}, {{&(0x7f0000002400)=@un=@file={0x0, './file0\x00'}, 0xa, &(0x7f00000036c0), 0x31f, &(0x7f0000000040), 0x30}, 0x1}], 0x2, 0x0) 2018/04/07 07:39:04 executing program 2: r0 = socket$inet(0x2, 0x3, 0x6) sendto$inet(r0, &(0x7f000014cf2c), 0x0, 0x8000, &(0x7f00005b5ff0)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000100)="000000a676f9c02c553682eaad62ef047ba6cef83351f0270fb91850c69fc12ea2daa6d262b912b9", 0x28, 0x0, &(0x7f00000001c0)={0x2, 0x4e20}, 0x10) 2018/04/07 07:39:04 executing program 7: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$int_in(r1, 0x5421, &(0x7f0000000240)=0x8) bind$inet(r0, &(0x7f000012e000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) connect$inet(r0, &(0x7f0000987000)={0x2, 0x4e23}, 0x10) sendto$inet(r0, &(0x7f00002e8f1e)="96", 0x1, 0x0, &(0x7f0000848ff0)={0x2, 0x4e20, @dev={0xac, 0x14}}, 0x10) recvmmsg(r1, &(0x7f0000000480)=[{{&(0x7f0000000040)=@pppol2tpin6, 0x32, &(0x7f0000000880)=[{&(0x7f0000000800)=""/114, 0x72}], 0x1, &(0x7f0000000900)=""/190, 0xbe}}], 0x1, 0x120, &(0x7f0000000680)) 2018/04/07 07:39:04 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00006ffff8)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000bc000)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0xc0) recvfrom$unix(r1, &(0x7f0000e0f000), 0x0, 0x0, &(0x7f0000501ff8)=@abs, 0x8) read(r0, &(0x7f0000afdfff)=""/1, 0x1) 2018/04/07 07:39:04 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000060c0)={&(0x7f0000005d40)={0x10}, 0xc, &(0x7f0000005d80)={&(0x7f0000006100)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, 0x4e20, 0x0, 0x4e20, 0x0, 0x2, 0xa0}}}, 0xb8}, 0x1}, 0x0) [ 57.389265] ================================================================== [ 57.396678] BUG: KMSAN: uninit-value in tcp_v4_rcv+0xc5f/0x6750 [ 57.402734] CPU: 1 PID: 5084 Comm: syz-executor2 Not tainted 4.16.0+ #81 [ 57.409560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.418900] Call Trace: [ 57.421473] [ 57.423626] dump_stack+0x185/0x1d0 [ 57.427253] ? tcp_v4_rcv+0xc5f/0x6750 [ 57.431135] kmsan_report+0x142/0x240 [ 57.434932] __msan_warning_32+0x6c/0xb0 [ 57.438984] tcp_v4_rcv+0xc5f/0x6750 [ 57.442693] ? sock_queue_rcv_skb+0xf9/0x130 [ 57.447099] ? raw_rcv+0x680/0x730 [ 57.450635] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.455995] ? raw_local_deliver+0x1462/0x1470 [ 57.460581] ? ip_local_deliver_finish+0x4a5/0xd40 [ 57.465509] ? tcp_filter+0x270/0x270 [ 57.469302] ip_local_deliver_finish+0x6ed/0xd40 [ 57.474055] ip_local_deliver+0x43c/0x4e0 [ 57.478198] ? ip_local_deliver+0x4e0/0x4e0 [ 57.482515] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.486828] ip_rcv_finish+0x1253/0x16d0 [ 57.490885] ip_rcv+0x119d/0x16f0 [ 57.494326] ? ip_rcv+0x16f0/0x16f0 [ 57.497956] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.502965] ? rb_insert_color+0xa4/0x1300 [ 57.507199] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.512993] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.517924] process_backlog+0x62d/0xe20 [ 57.521986] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.526558] net_rx_action+0x7c1/0x1a70 [ 57.530530] ? net_tx_action+0xab0/0xab0 [ 57.534593] __do_softirq+0x56d/0x93d [ 57.538392] do_softirq_own_stack+0x2a/0x40 [ 57.542696] [ 57.544926] __local_bh_enable_ip+0x114/0x140 [ 57.549414] local_bh_enable+0x36/0x40 [ 57.553290] ip_finish_output2+0x124e/0x1380 [ 57.557697] ip_finish_output+0xcb0/0xff0 [ 57.561840] ip_output+0x502/0x5c0 [ 57.565376] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.569954] ? ip_finish_output+0xff0/0xff0 [ 57.574268] ip_send_skb+0x5f3/0x820 [ 57.577975] ? __ip_local_out+0x5b0/0x5b0 [ 57.582123] ip_push_pending_frames+0x105/0x170 [ 57.586792] raw_sendmsg+0x2960/0x3ed0 [ 57.590697] ? compat_raw_ioctl+0x100/0x100 [ 57.595016] inet_sendmsg+0x48d/0x740 [ 57.598818] ? security_socket_sendmsg+0x9e/0x210 [ 57.603661] ? inet_getname+0x500/0x500 [ 57.607634] SYSC_sendto+0x6c3/0x7e0 [ 57.611349] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.616798] ? prepare_exit_to_usermode+0x149/0x3a0 [ 57.621822] SyS_sendto+0x8a/0xb0 [ 57.625274] do_syscall_64+0x309/0x430 [ 57.629161] ? SYSC_getpeername+0x560/0x560 [ 57.633485] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.638666] RIP: 0033:0x455259 [ 57.641847] RSP: 002b:00007fe8b3d6dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.649550] RAX: ffffffffffffffda RBX: 00007fe8b3d6e6d4 RCX: 0000000000455259 [ 57.656814] RDX: 0000000000000028 RSI: 0000000020000100 RDI: 0000000000000013 [ 57.664077] RBP: 000000000072bea0 R08: 00000000200001c0 R09: 0000000000000010 [ 57.671342] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.678603] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 57.685861] [ 57.687475] Uninit was stored to memory at: [ 57.691791] kmsan_internal_chain_origin+0x12b/0x210 [ 57.696889] kmsan_memcpy_origins+0x11d/0x170 [ 57.701377] __msan_memcpy+0x19f/0x1f0 [ 57.705257] skb_copy_bits+0x63a/0xdb0 [ 57.709144] __pskb_pull_tail+0x483/0x22e0 [ 57.713378] tcp_v4_rcv+0xc09/0x6750 [ 57.717089] ip_local_deliver_finish+0x6ed/0xd40 [ 57.721841] ip_local_deliver+0x43c/0x4e0 [ 57.725984] ip_rcv_finish+0x1253/0x16d0 [ 57.730037] ip_rcv+0x119d/0x16f0 [ 57.733508] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.738522] process_backlog+0x62d/0xe20 [ 57.742575] net_rx_action+0x7c1/0x1a70 [ 57.746545] __do_softirq+0x56d/0x93d [ 57.750328] Uninit was created at: [ 57.753864] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.758871] kmsan_alloc_page+0x82/0xe0 [ 57.762846] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.767596] alloc_pages_current+0x6b5/0x970 [ 57.771993] skb_page_frag_refill+0x3ba/0x5e0 [ 57.776483] sk_page_frag_refill+0xa4/0x340 [ 57.780795] __ip_append_data+0x107e/0x3d10 [ 57.785103] ip_append_data+0x2fb/0x440 [ 57.789071] raw_sendmsg+0x287b/0x3ed0 [ 57.792950] inet_sendmsg+0x48d/0x740 [ 57.796746] SYSC_sendto+0x6c3/0x7e0 [ 57.800451] SyS_sendto+0x8a/0xb0 [ 57.803900] do_syscall_64+0x309/0x430 [ 57.807782] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.812955] ================================================================== [ 57.820297] Disabling lock debugging due to kernel taint [ 57.825732] Kernel panic - not syncing: panic_on_warn set ... [ 57.825732] [ 57.833091] CPU: 1 PID: 5084 Comm: syz-executor2 Tainted: G B 4.16.0+ #81 2018/04/07 07:39:04 executing program 7: clone(0x200, &(0x7f0000b6b000), &(0x7f0000744000), &(0x7f0000fef000), &(0x7f0000000000)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f0000578fe8), &(0x7f0000775000)) r0 = syz_open_procfs(0x0, &(0x7f000042cff4)='io\x00') pread64(r0, &(0x7f00009f3000), 0x352, 0x0) add_key$keyring(&(0x7f0000001080)='keyring\x00', &(0x7f00000010c0)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffd) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000001100), 0x4) lseek(r0, 0x0, 0x2) open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0) 2018/04/07 07:39:04 executing program 6: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00007a0000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000616ff8)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000bba000)={&(0x7f00003a2000)=@abs, 0x8, &(0x7f00006c6ff0), 0x0, &(0x7f00009dffb8)=[@rights={0x18, 0x1, 0x1, [r1]}], 0x18}, 0x0) sendmsg$unix(r2, &(0x7f0000e4ffc8)={&(0x7f0000beb000)=@abs, 0x8, &(0x7f000000d000), 0x0, &(0x7f000053c000)=[@rights={0x18, 0x1, 0x1, [r2]}], 0x18}, 0x0) close(r2) close(r0) 2018/04/07 07:39:04 executing program 1: r0 = socket$inet6(0xa, 0x100000800000003, 0x200000000004) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendmmsg(r0, &(0x7f000000c280)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)}], 0x1, &(0x7f0000000240)}}, {{&(0x7f0000000280)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58, &(0x7f0000000840), 0x0, &(0x7f00000008c0)}}], 0x2, 0x0) 2018/04/07 07:39:04 executing program 0: syz_emit_ethernet(0x2b, &(0x7f0000ae8f92)={@random="b100485caa2a", @dev={[0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, @rand_addr, @broadcast=0xffffffff}, @igmp={0x11, 0x0, 0x0, @multicast1=0xe0000001, '\b'}}}}}, &(0x7f00003b5000)) [ 57.841215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.850559] Call Trace: [ 57.853129] [ 57.855277] dump_stack+0x185/0x1d0 [ 57.858906] panic+0x39d/0x940 [ 57.862118] ? tcp_v4_rcv+0xc5f/0x6750 [ 57.866001] kmsan_report+0x238/0x240 [ 57.869801] __msan_warning_32+0x6c/0xb0 [ 57.873862] tcp_v4_rcv+0xc5f/0x6750 [ 57.877569] ? sock_queue_rcv_skb+0xf9/0x130 [ 57.881975] ? raw_rcv+0x680/0x730 [ 57.885519] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.890879] ? raw_local_deliver+0x1462/0x1470 [ 57.895471] ? ip_local_deliver_finish+0x4a5/0xd40 [ 57.900395] ? tcp_filter+0x270/0x270 [ 57.904195] ip_local_deliver_finish+0x6ed/0xd40 [ 57.908949] ip_local_deliver+0x43c/0x4e0 [ 57.913092] ? ip_local_deliver+0x4e0/0x4e0 [ 57.917409] ? ip_call_ra_chain+0x7b0/0x7b0 [ 57.921721] ip_rcv_finish+0x1253/0x16d0 [ 57.925782] ip_rcv+0x119d/0x16f0 [ 57.929230] ? ip_rcv+0x16f0/0x16f0 [ 57.932862] __netif_receive_skb_core+0x47cf/0x4a80 [ 57.937870] ? rb_insert_color+0xa4/0x1300 [ 57.942106] ? kmsan_internal_memset_shadow_inline+0xd0/0xd0 [ 57.947901] ? ip_local_deliver_finish+0xd40/0xd40 [ 57.952827] process_backlog+0x62d/0xe20 [ 57.956887] ? rps_trigger_softirq+0x2f0/0x2f0 [ 57.961461] net_rx_action+0x7c1/0x1a70 [ 57.965435] ? net_tx_action+0xab0/0xab0 [ 57.969493] __do_softirq+0x56d/0x93d [ 57.973290] do_softirq_own_stack+0x2a/0x40 [ 57.977598] [ 57.979838] __local_bh_enable_ip+0x114/0x140 [ 57.984330] local_bh_enable+0x36/0x40 [ 57.988211] ip_finish_output2+0x124e/0x1380 [ 57.992619] ip_finish_output+0xcb0/0xff0 [ 57.996766] ip_output+0x502/0x5c0 [ 58.000303] ? ip_mc_finish_output+0x3b0/0x3b0 [ 58.004883] ? ip_finish_output+0xff0/0xff0 [ 58.009196] ip_send_skb+0x5f3/0x820 [ 58.012901] ? __ip_local_out+0x5b0/0x5b0 [ 58.017043] ip_push_pending_frames+0x105/0x170 [ 58.021714] raw_sendmsg+0x2960/0x3ed0 [ 58.025618] ? compat_raw_ioctl+0x100/0x100 [ 58.029932] inet_sendmsg+0x48d/0x740 [ 58.033730] ? security_socket_sendmsg+0x9e/0x210 [ 58.038571] ? inet_getname+0x500/0x500 [ 58.042544] SYSC_sendto+0x6c3/0x7e0 [ 58.046256] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 58.051705] ? prepare_exit_to_usermode+0x149/0x3a0 [ 58.056730] SyS_sendto+0x8a/0xb0 [ 58.060182] do_syscall_64+0x309/0x430 [ 58.064061] ? SYSC_getpeername+0x560/0x560 [ 58.068363] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.073533] RIP: 0033:0x455259 [ 58.076701] RSP: 002b:00007fe8b3d6dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 58.084382] RAX: ffffffffffffffda RBX: 00007fe8b3d6e6d4 RCX: 0000000000455259 [ 58.091632] RDX: 0000000000000028 RSI: 0000000020000100 RDI: 0000000000000013 [ 58.098884] RBP: 000000000072bea0 R08: 00000000200001c0 R09: 0000000000000010 [ 58.106134] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.113384] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 58.121046] Dumping ftrace buffer: [ 58.124563] (ftrace buffer empty) [ 58.128245] Kernel Offset: disabled [ 58.131842] Rebooting in 86400 seconds..