INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.233152] ================================================================== [ 43.240546] BUG: KMSAN: uninit-value in is_valid_bugaddr+0x17f/0x1a0 [ 43.247028] CPU: 0 PID: 4513 Comm: syz-executor630 Not tainted 4.16.0+ #87 [ 43.254027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.263365] Call Trace: [ 43.265932] dump_stack+0x185/0x1d0 [ 43.269537] ? is_valid_bugaddr+0x17f/0x1a0 [ 43.273839] kmsan_report+0x142/0x240 [ 43.277618] __msan_warning_32+0x6c/0xb0 [ 43.281656] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.286128] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.290609] is_valid_bugaddr+0x17f/0x1a0 [ 43.294731] ? report_bug+0x4b/0x880 [ 43.298422] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.302893] report_bug+0x6f/0x880 [ 43.306409] ? __msan_poison_alloca+0x15c/0x1d0 [ 43.311061] ? do_invalid_op+0x46/0x50 [ 43.314923] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.319394] ? do_error_trap+0xac/0x600 [ 43.323347] ? do_invalid_op+0x46/0x50 [ 43.327211] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.331683] do_error_trap+0x1aa/0x600 [ 43.335550] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 43.340892] ? rb_next+0x214/0x2d0 [ 43.344411] do_invalid_op+0x46/0x50 [ 43.348105] invalid_op+0x1b/0x40 [ 43.351537] RIP: 0010:tcp_mark_head_lost+0xeec/0xf70 [ 43.356612] RSP: 0018:ffff8801ca55f130 EFLAGS: 00010293 [ 43.361951] RAX: ffffffff88529a6c RBX: 0000000000000000 RCX: ffff8801985d1d80 [ 43.369196] RDX: 0000000000000000 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000 [ 43.376450] RBP: ffff8801ca55f208 R08: 0000000000000000 R09: 0000000000000002 [ 43.383696] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007 [ 43.390940] R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000000008 [ 43.398196] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.402672] tcp_fastretrans_alert+0x4324/0x6f20 [ 43.407407] ? tcp_rack_update_reo_wnd+0x3b9/0x4a0 [ 43.412317] tcp_ack+0x6235/0x8800 [ 43.415843] ? tcp_ack+0x40c1/0x8800 [ 43.419533] tcp_rcv_established+0xfc1/0x2bb0 [ 43.424013] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 43.429365] tcp_v4_do_rcv+0x6cd/0xd90 [ 43.433235] ? inet_sk_rx_dst_set+0x2c0/0x2c0 [ 43.437707] __release_sock+0x2d6/0x680 [ 43.441664] release_sock+0x97/0x2a0 [ 43.445355] tcp_sendmsg+0xd6/0x100 [ 43.448961] ? tcp_sendmsg_locked+0x6cf0/0x6cf0 [ 43.453607] inet_sendmsg+0x48d/0x740 [ 43.457388] ? security_socket_sendmsg+0x9e/0x210 [ 43.462209] ? inet_getname+0x500/0x500 [ 43.466159] sock_write_iter+0x3b9/0x470 [ 43.470199] ? sock_read_iter+0x480/0x480 [ 43.474331] do_iter_readv_writev+0x84d/0xa00 [ 43.478807] ? sock_read_iter+0x480/0x480 [ 43.482935] do_iter_write+0x30d/0xd40 [ 43.486802] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 43.492230] do_writev+0x3c9/0x830 [ 43.495759] ? syscall_return_slowpath+0xe9/0x700 [ 43.500580] ? sock_common_recvmsg+0x270/0x270 [ 43.505137] ? SYSC_setsockopt+0x533/0x570 [ 43.509349] SYSC_writev+0x9b/0xb0 [ 43.512875] SyS_writev+0x56/0x80 [ 43.516313] do_syscall_64+0x309/0x430 [ 43.520181] ? SYSC_readv+0xb0/0xb0 [ 43.523785] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 43.528950] RIP: 0033:0x440219 [ 43.532113] RSP: 002b:00007ffca57c0f88 EFLAGS: 00000217 ORIG_RAX: 0000000000000014 [ 43.539796] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 43.547056] RDX: 0000000000000001 RSI: 00000000200006c0 RDI: 0000000000000003 [ 43.554312] RBP: 00000000006cb018 R08: 0000000000000010 R09: 0000000000000010 [ 43.561565] R10: 0000000000000008 R11: 0000000000000217 R12: 0000000000401b40 [ 43.568821] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 43.576074] [ 43.577676] Local variable description: ----flags.i.i.i@rcu_all_qs [ 43.583967] Variable was created at: [ 43.587660] rcu_all_qs+0x32/0x1f0 [ 43.591178] _cond_resched+0x3c/0xd0 [ 43.594860] ================================================================== [ 43.602190] Disabling lock debugging due to kernel taint [ 43.607619] Kernel panic - not syncing: panic_on_warn set ... [ 43.607619] [ 43.614974] CPU: 0 PID: 4513 Comm: syz-executor630 Tainted: G B 4.16.0+ #87 [ 43.623261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.632589] Call Trace: [ 43.635157] dump_stack+0x185/0x1d0 [ 43.638763] panic+0x39d/0x940 [ 43.641946] ? is_valid_bugaddr+0x17f/0x1a0 [ 43.646258] kmsan_report+0x238/0x240 [ 43.650049] __msan_warning_32+0x6c/0xb0 [ 43.654106] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.658583] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.663074] is_valid_bugaddr+0x17f/0x1a0 [ 43.667210] ? report_bug+0x4b/0x880 [ 43.670898] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.675368] report_bug+0x6f/0x880 [ 43.678884] ? __msan_poison_alloca+0x15c/0x1d0 [ 43.683527] ? do_invalid_op+0x46/0x50 [ 43.687388] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.691859] ? do_error_trap+0xac/0x600 [ 43.695808] ? do_invalid_op+0x46/0x50 [ 43.699672] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.704143] do_error_trap+0x1aa/0x600 [ 43.708015] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 43.713364] ? rb_next+0x214/0x2d0 [ 43.716883] do_invalid_op+0x46/0x50 [ 43.720575] invalid_op+0x1b/0x40 [ 43.724010] RIP: 0010:tcp_mark_head_lost+0xeec/0xf70 [ 43.729093] RSP: 0018:ffff8801ca55f130 EFLAGS: 00010293 [ 43.734432] RAX: ffffffff88529a6c RBX: 0000000000000000 RCX: ffff8801985d1d80 [ 43.741676] RDX: 0000000000000000 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000 [ 43.748924] RBP: ffff8801ca55f208 R08: 0000000000000000 R09: 0000000000000002 [ 43.756174] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007 [ 43.763425] R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000000008 [ 43.770683] ? tcp_mark_head_lost+0xeec/0xf70 [ 43.775164] tcp_fastretrans_alert+0x4324/0x6f20 [ 43.779900] ? tcp_rack_update_reo_wnd+0x3b9/0x4a0 [ 43.784808] tcp_ack+0x6235/0x8800 [ 43.788333] ? tcp_ack+0x40c1/0x8800 [ 43.792034] tcp_rcv_established+0xfc1/0x2bb0 [ 43.796519] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 43.801870] tcp_v4_do_rcv+0x6cd/0xd90 [ 43.805741] ? inet_sk_rx_dst_set+0x2c0/0x2c0 [ 43.810214] __release_sock+0x2d6/0x680 [ 43.814166] release_sock+0x97/0x2a0 [ 43.817859] tcp_sendmsg+0xd6/0x100 [ 43.821462] ? tcp_sendmsg_locked+0x6cf0/0x6cf0 [ 43.826112] inet_sendmsg+0x48d/0x740 [ 43.829891] ? security_socket_sendmsg+0x9e/0x210 [ 43.834709] ? inet_getname+0x500/0x500 [ 43.838666] sock_write_iter+0x3b9/0x470 [ 43.842713] ? sock_read_iter+0x480/0x480 [ 43.846839] do_iter_readv_writev+0x84d/0xa00 [ 43.851323] ? sock_read_iter+0x480/0x480 [ 43.855454] do_iter_write+0x30d/0xd40 [ 43.859321] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 43.864750] do_writev+0x3c9/0x830 [ 43.868269] ? syscall_return_slowpath+0xe9/0x700 [ 43.873087] ? sock_common_recvmsg+0x270/0x270 [ 43.877645] ? SYSC_setsockopt+0x533/0x570 [ 43.881860] SYSC_writev+0x9b/0xb0 [ 43.885379] SyS_writev+0x56/0x80 [ 43.888808] do_syscall_64+0x309/0x430 [ 43.892676] ? SYSC_readv+0xb0/0xb0 [ 43.896281] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 43.901446] RIP: 0033:0x440219 [ 43.904612] RSP: 002b:00007ffca57c0f88 EFLAGS: 00000217 ORIG_RAX: 0000000000000014 [ 43.912295] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 43.919548] RDX: 0000000000000001 RSI: 00000000200006c0 RDI: 0000000000000003 [ 43.926792] RBP: 00000000006cb018 R08: 0000000000000010 R09: 0000000000000010 [ 43.934043] R10: 0000000000000008 R11: 0000000000000217 R12: 0000000000401b40 [ 43.941306] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000 [ 43.949045] Dumping ftrace buffer: [ 43.952564] (ftrace buffer empty) [ 43.956248] Kernel Offset: disabled [ 43.959849] Rebooting in 86400 seconds..