INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. 2018/04/12 01:57:53 fuzzer started 2018/04/12 01:57:53 dialing manager at 10.128.0.26:41677 2018/04/12 01:58:00 kcov=true, comps=false 2018/04/12 01:58:03 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='vcan0\x00', 0x10) readv(r0, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/72, 0x48}], 0x1) sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[], 0x0, &(0x7f0000000400)=[{&(0x7f0000002940)='u', 0x1}], 0x1, &(0x7f0000000500)}, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg(r0, &(0x7f00000010c0)={&(0x7f0000000980)=@can={0x1d}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000cc0)="b5", 0x1}], 0x1, &(0x7f0000000d80)}, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) sendmsg(r0, &(0x7f0000002900)={&(0x7f0000000080)=@in={0x2, 0x0, @broadcast=0xffffffff}, 0x80, &(0x7f0000000180)=[{&(0x7f0000001740)="8c74c16b436602cfad06275e7bd6539acd46a97728be21dbcd7728665def1503107099701763029aa6c04a762f15a46a81a61da5b97683ffae2f5bf49a0eb2ef847af79ed1bad2979a", 0x49}], 0x1}, 0x0) 2018/04/12 01:58:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xd43f58e118afee75}, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendto$inet(r2, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6050a09c00080000fe8000000000000000000000000000bbfe80000015bfa72f00000000000000aa0000000000089078eb34b4102c245c606fd5d2cd5c0aaaab29e34348877b68648b07ced7ace47c3bcd05bd993ce477d212240fbe6cb0a6738a718c34ee75e8fa430f1adcca4143dc0f04abf347857d0bdf51c9c4261333f32a2a276cfbba25ce792e01bc582d55b340a613d6d8a6c4bba6b8df5f43a42bc36b4bef3f7852061a64f90c055ff27f000000038a9ebb6930f99672799e05305c84"], &(0x7f0000000140)) 2018/04/12 01:58:03 executing program 7: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f00000001c0)={'tunl0\x00', @ifru_data=&(0x7f0000000180)="d61a072afa6a2e6e9105a65cf0b08be4d57565e1a85eff283ee23d954743a2e3"}) 2018/04/12 01:58:03 executing program 3: r0 = getpgid(0x0) sched_setattr(r0, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r2, &(0x7f0000001180)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1) connect$unix(r1, &(0x7f0000003d00)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x492, 0x0) recvmmsg(r1, &(0x7f0000003b80)=[{{&(0x7f0000002a40)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000002b40), 0x0, &(0x7f0000002b80)=""/4096, 0x1000}}], 0x1, 0x0, &(0x7f0000003cc0)) 2018/04/12 01:58:03 executing program 1: r0 = syz_open_dev$tun(&(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"d202b999cf85000000000088f301e710", 0x102}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000001cc0)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000000010000108000000000000000000000000", @ANYBLOB="000000000000000008000d000020000008001b0000000000c585396df54662d46b0d55ae335f731bef660d84079701f8f9cb4d8df0c74e9dee0e45a485d0559158ded7fd8b57fab7a93f92b1ce489b331e86fe6a3a1d5e0e77604f9b"], 0x2}, 0x1}, 0x0) 2018/04/12 01:58:03 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write$binfmt_elf32(r1, &(0x7f0000000180)=ANY=[@ANYBLOB='~'], 0x1) fallocate(r1, 0x11, 0x0, 0x8001) 2018/04/12 01:58:03 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="020a"], 0x2}, 0x1}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00004c6f8b)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a477660ae763891738ac656bb3e891941f02f1265047502f6c2dd9f655ef7131eabf3110d638f0d2e6a49a2bc4a08d63e2da7af47e6c37972352875f125bcf3ea7f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a45ea22b1f4fb05") mount(&(0x7f0000000040)='.', &(0x7f0000852000)='.', &(0x7f0000a60000)='ramfs\x00', 0x0, &(0x7f0000000100)) preadv(r0, &(0x7f00000023c0)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1, 0x0) 2018/04/12 01:58:03 executing program 6: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000e00), 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000740)={@in={{0x2, 0x0, @loopback=0x7f000001}}, 0x0, 0x7, 0x0, "9dbd57bc54f010542d4c927b592c5908f1b4d6654d85d9274cbef4bafdb3e202f8a5c379d7e75c94d9bb8d1f7ab1657258c4809c397cf2c75d7c62601186eef6f86ef2929055e424d70dc3956f251af7"}, 0xd8) sendto$inet(r0, &(0x7f0000000140)="19a12a142ab275558bf068234a9b8dad35116020f7ba01bf52fe0a173519e25500347068bc75da1088772d7a155ab734ad352bac034f2beed17dbe676b4541b61487cb0f9078028814dbdca221ce860f678cf2f9658456dfc93e9381f915b14c0c9402a2668ef8310629ee52bcd8ec8a55c692d7d8d9ff8a359eed4beedaf8f480a504b98e4c411ee3a8d77787ec5e226eac3b6d39bb60797a0b09271e40c15602d771e2deccff84ea2d203f03b2caebf8a2e0b55b", 0xb5, 0x0, &(0x7f0000000080)={0x2, 0x0, @broadcast=0xffffffff}, 0x10) sendto$inet(r0, &(0x7f0000000e40)="84", 0x1, 0x1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14}}, 0x10) syzkaller login: [ 44.766372] ip (3760) used greatest stack depth: 54816 bytes left [ 44.889158] ip (3775) used greatest stack depth: 54408 bytes left [ 45.270892] ip (3809) used greatest stack depth: 54312 bytes left [ 46.046223] ip (3891) used greatest stack depth: 53656 bytes left [ 47.868086] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.022895] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.055131] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.131016] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.140421] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.150368] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.348673] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.383490] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.791858] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.045173] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.063761] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.087314] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.096158] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.114612] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.165831] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.381901] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.493894] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.500143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.513679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.760288] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.766542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.775437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.801534] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.809083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.834844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.858226] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.867383] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.875222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.908806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.930345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.952582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.968733] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.978256] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.997777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.017793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.054134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.082585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.247856] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.254183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.270569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/12 01:58:20 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/sctp\x00') mmap(&(0x7f0000000000/0xd25000)=nil, 0xd25000, 0x0, 0x32, 0xffffffffffffffff, 0x0) getdents(r0, &(0x7f00000000c0)=""/60, 0x3c) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4) 2018/04/12 01:58:20 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000140)="6e65742f6465765f6d6361737400c087ea55011e14c9e347dd1f55a6026a1cb7e067f3c577981c0994a1e80d90d49d68bdbc91fab9c1c7f063e676e83c740e2d647534a1045850a23665d81ca07270193f5d003c10e34239844c5b6e8d1721c0b53a91c2f6ec1e5484645db3df") r1 = syz_open_procfs(0x0, &(0x7f0000000200)="6370271aa9ffd790c182d0af6baa6d5fa36c6d41725f7265667300") sendfile(r1, r0, &(0x7f0000000000)=0xf, 0xd) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@mcast2, @in=@multicast2}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f00000001c0)=0xe8) 2018/04/12 01:58:20 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00007a0000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000616ff8)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000bba000)={&(0x7f00003a2000)=@abs, 0x6e, &(0x7f00006c6ff0), 0x0, &(0x7f00009dffb8)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="00000100"], 0x18}, 0x0) close(r0) 2018/04/12 01:58:20 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000b74fbc)='net/icmp6\x00') writev(r0, &(0x7f0000b97000)=[{&(0x7f0000c7e000)='-4', 0x2}], 0x1) r1 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000080)="d37b5222de9efc68af535977e6524d1d7784eca0395d2b724f0ea1b61079537660fdf918b78341df91a37bfd36c10588dbdeca926725570c1df7289a7b360b113ecbbe7dd0295156394568553a71f0d54333db2b1bc3ad6b66f25e80f39286a2368781bbce3593d23b74feb481be70760f1a9e1cf18d5c9ec3fc621e3ceb89d91f976ff8a2ce74c1032e621fed2e", 0x8e, 0xfffffffffffffffb) mknod(&(0x7f0000000200)='./file0\x00', 0xc000, 0x80) keyctl$read(0xb, r1, &(0x7f0000000140)=""/143, 0xffffffffffffff7b) 2018/04/12 01:58:20 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f000000b740)=[{{&(0x7f0000007700)=@can, 0x10, &(0x7f0000009980)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1, &(0x7f00000099c0)=""/255, 0xff}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001040)=""/185, 0xb9}], 0x1, &(0x7f000000a080)=""/4096, 0x1000}}], 0x2, 0x3, 0x0) bind$inet6(r0, &(0x7f0000dbdfe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000000)=@get={0x1, &(0x7f0000001100)=""/183, 0xb7d}) sendto$inet6(r0, &(0x7f0000419000)="50797b62c5347eba4bb84b15a98340c1d80cdb8b3fbcb4ceb69386741113fc0d5a037ca6c6ff1763fff3721488d3351ffdc8c90e02928e733e46348b2e04a29d6b5d13dfbbc6f9ae6f4c1aad4f22de8ac94cb8f521f5bacd8a13b5df748561441b3167061d301a32a93cb9364c113a58b7a50bfb568c904f2e35854c4dadc9f5a50cf3f5a600df1f939df84dccf27331f4052d4b6444244d1a4bedb91542624307497d27161e0665ce409a107985dfbeb82c8a9f6ae4e9ad54ee34434683d7a799cf1c36074d2b7f0dd720f3eaf9371e0b3a15a6f1a3f07eea1dd18ce6640b41387b74a27ad9e3a11a5a1fd9792d54af584ec050a39aca91926c54e45351e163d11e999ff390c4704a5087aae603f6f017ad6f9c3a43fd7a17bb3e8bb207e1a23b485749c8d860bd489a0e5d0b05973b784162a3e9aa2f43707fb8363956aaf9577d8f782d7786313abe0e9ab1477d93fa30c5081bca3a2be4ad71fe7ba71c594116f702f96515f826b1e2bf1e92bd2300effa05bb0d2a44abf16274406843b5d164ebd5", 0x184, 0x0, &(0x7f00000011c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/04/12 01:58:20 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000e2d000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000e4e000)=0x300000000) write$vnet(r0, &(0x7f0000b28000)={0x1, {&(0x7f00005bc000)=""/207, 0x2, &(0x7f000072bfce)=""/50, 0x0, 0x2}}, 0x68) write$vnet(r0, &(0x7f0000a8d000)={0x1, {&(0x7f0000c91000)=""/24, 0x1e9, &(0x7f0000b4cf9b)=""/101, 0x0, 0x2}}, 0x68) write$vnet(r0, &(0x7f000046df98)={0x1, {&(0x7f0000c7f000)=""/28, 0x1c, &(0x7f0000e9afb7)=""/73, 0x0, 0x2}}, 0xd3) 2018/04/12 01:58:21 executing program 5: r0 = syz_open_dev$tun(&(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'bcsh0\x00', 0x2}) ioctl$TUNSETTXFILTER(r0, 0x8924, &(0x7f0000000040)=ANY=[@ANYRES16=r0]) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) prlimit64(r1, 0xf, 0x0, &(0x7f00000000c0)) 2018/04/12 01:58:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xd43f58e118afee75}, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendto$inet(r2, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) syz_emit_ethernet(0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6050a09c00080000fe8000000000000000000000000000bbfe80000015bfa72f00000000000000aa0000000000089078eb34b4102c245c606fd5d2cd5c0aaaab29e34348877b68648b07ced7ace47c3bcd05bd993ce477d212240fbe6cb0a6738a718c34ee75e8fa430f1adcca4143dc0f04abf347857d0bdf51c9c4261333f32a2a276cfbba25ce792e01bc582d55b340a613d6d8a6c4bba6b8df5f43a42bc36b4bef3f7852061a64f90c055ff27f000000038a9ebb6930f99672799e05305c84"], &(0x7f0000000140)) [ 60.079221] ================================================================== [ 60.086641] BUG: KMSAN: uninit-value in tcp_parse_options+0xd74/0x1a30 [ 60.093307] CPU: 0 PID: 5116 Comm: syz-executor6 Not tainted 4.16.0+ #83 [ 60.100138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.109485] Call Trace: [ 60.112078] dump_stack+0x185/0x1d0 [ 60.115711] ? tcp_parse_options+0xd74/0x1a30 [ 60.120206] kmsan_report+0x142/0x240 [ 60.124010] __msan_warning_32+0x6c/0xb0 [ 60.128081] tcp_parse_options+0xd74/0x1a30 [ 60.132419] tcp_validate_incoming+0x4f1/0x2790 [ 60.137130] tcp_rcv_established+0xf60/0x2bb0 [ 60.141648] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.147015] tcp_v4_do_rcv+0x6cd/0xd90 [ 60.150912] ? inet_sk_rx_dst_set+0x2c0/0x2c0 [ 60.155409] __release_sock+0x2d6/0x680 [ 60.159401] release_sock+0x97/0x2a0 [ 60.163129] tcp_sendmsg+0xd6/0x100 [ 60.166761] ? tcp_sendmsg_locked+0x6d20/0x6d20 [ 60.171439] inet_sendmsg+0x48d/0x740 [ 60.175239] ? security_socket_sendmsg+0x9e/0x210 [ 60.180084] ? inet_getname+0x500/0x500 [ 60.184053] SYSC_sendto+0x6c3/0x7e0 [ 60.187764] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 60.193211] ? prepare_exit_to_usermode+0x149/0x3a0 [ 60.198233] SyS_sendto+0x8a/0xb0 [ 60.201683] do_syscall_64+0x309/0x430 [ 60.205575] ? SYSC_getpeername+0x560/0x560 [ 60.209906] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.215093] RIP: 0033:0x455279 [ 60.218279] RSP: 002b:00007fe36074ac68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 60.225988] RAX: ffffffffffffffda RBX: 00007fe36074b6d4 RCX: 0000000000455279 [ 60.233252] RDX: 0000000000000001 RSI: 0000000020000e40 RDI: 0000000000000013 [ 60.240517] RBP: 000000000072bea0 R08: 0000000020000000 R09: 0000000000000010 [ 60.247784] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 60.255045] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 60.262308] [ 60.263926] Uninit was created at: [ 60.267473] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 60.272569] kmsan_kmalloc+0x94/0x100 [ 60.276350] kmsan_slab_alloc+0x11/0x20 [ 60.280304] __kmalloc_node_track_caller+0xaed/0x11c0 [ 60.285481] __alloc_skb+0x2cf/0x9f0 [ 60.289188] tcp_send_ack+0x18c/0x910 [ 60.292976] tcp_rcv_established+0x2103/0x2bb0 [ 60.297535] tcp_v4_do_rcv+0x6cd/0xd90 [ 60.301399] __release_sock+0x2d6/0x680 [ 60.305358] release_sock+0x97/0x2a0 [ 60.309059] tcp_sendmsg+0xd6/0x100 [ 60.312670] inet_sendmsg+0x48d/0x740 [ 60.316465] SYSC_sendto+0x6c3/0x7e0 [ 60.320164] SyS_sendto+0x8a/0xb0 [ 60.323594] do_syscall_64+0x309/0x430 [ 60.327459] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.332631] ================================================================== [ 60.339971] Disabling lock debugging due to kernel taint [ 60.345396] Kernel panic - not syncing: panic_on_warn set ... [ 60.345396] [ 60.352747] CPU: 0 PID: 5116 Comm: syz-executor6 Tainted: G B 4.16.0+ #83 [ 60.360867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.370197] Call Trace: [ 60.372775] dump_stack+0x185/0x1d0 [ 60.376387] panic+0x39d/0x940 [ 60.379569] ? tcp_parse_options+0xd74/0x1a30 [ 60.384046] kmsan_report+0x238/0x240 [ 60.387830] __msan_warning_32+0x6c/0xb0 [ 60.391872] tcp_parse_options+0xd74/0x1a30 [ 60.396180] tcp_validate_incoming+0x4f1/0x2790 [ 60.400847] tcp_rcv_established+0xf60/0x2bb0 [ 60.405327] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 60.410669] tcp_v4_do_rcv+0x6cd/0xd90 [ 60.414546] ? inet_sk_rx_dst_set+0x2c0/0x2c0 [ 60.419036] __release_sock+0x2d6/0x680 [ 60.423000] release_sock+0x97/0x2a0 [ 60.426701] tcp_sendmsg+0xd6/0x100 [ 60.430317] ? tcp_sendmsg_locked+0x6d20/0x6d20 [ 60.434975] inet_sendmsg+0x48d/0x740 [ 60.438758] ? security_socket_sendmsg+0x9e/0x210 [ 60.443583] ? inet_getname+0x500/0x500 [ 60.447537] SYSC_sendto+0x6c3/0x7e0 [ 60.451235] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 60.456661] ? prepare_exit_to_usermode+0x149/0x3a0 [ 60.461661] SyS_sendto+0x8a/0xb0 [ 60.465094] do_syscall_64+0x309/0x430 [ 60.468965] ? SYSC_getpeername+0x560/0x560 [ 60.473268] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 60.478435] RIP: 0033:0x455279 [ 60.481603] RSP: 002b:00007fe36074ac68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 60.489290] RAX: ffffffffffffffda RBX: 00007fe36074b6d4 RCX: 0000000000455279 [ 60.496535] RDX: 0000000000000001 RSI: 0000000020000e40 RDI: 0000000000000013 [ 60.503782] RBP: 000000000072bea0 R08: 0000000020000000 R09: 0000000000000010 [ 60.511039] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 60.518286] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 60.525980] Dumping ftrace buffer: [ 60.529498] (ftrace buffer empty) [ 60.533188] Kernel Offset: disabled [ 60.536796] Rebooting in 86400 seconds..