INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2018/04/07 02:26:15 fuzzer started 2018/04/07 02:26:15 dialing manager at 10.128.0.26:38639 2018/04/07 02:26:21 kcov=true, comps=false 2018/04/07 02:26:24 executing program 0: 2018/04/07 02:26:24 executing program 2: 2018/04/07 02:26:24 executing program 7: 2018/04/07 02:26:24 executing program 1: 2018/04/07 02:26:24 executing program 4: 2018/04/07 02:26:24 executing program 3: 2018/04/07 02:26:24 executing program 5: 2018/04/07 02:26:24 executing program 6: syzkaller login: [ 42.467684] ip (3763) used greatest stack depth: 54888 bytes left [ 42.580551] ip (3774) used greatest stack depth: 54672 bytes left [ 42.992004] ip (3814) used greatest stack depth: 54312 bytes left [ 43.971766] ip (3909) used greatest stack depth: 54200 bytes left [ 45.870992] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.904764] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.107808] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.133898] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.176138] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.246935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.280156] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.417695] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.671715] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.701386] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.911837] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.927671] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.012760] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.023257] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.163779] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.218141] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.406903] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.413155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.424754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.510314] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.516673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.527856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.634305] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.640578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.653309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.700229] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.706439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.718576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.784114] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.790360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.806636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.834843] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.841383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.855739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.899230] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.916443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.952618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.073264] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.079520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.091598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 02:26:40 executing program 7: 2018/04/07 02:26:41 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x380, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff88, 0x0, 0x0, 0x0, [0x14], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3], 0x1}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, 0x0) 2018/04/07 02:26:41 executing program 6: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000)) mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000000000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000040)) mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1000, 0x0) mount(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f00000003c0)='hfs\x00', 0x80000, &(0x7f0000000200)) mount(&(0x7f0000000000)='.', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='mqueue\x00', 0x0, &(0x7f00000000c0)) mount(&(0x7f0000377ff8)='.', &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='pstore\x00', 0x500e, &(0x7f00000e7000)) mount(&(0x7f0000adcff8)='./file0\x00', &(0x7f0000e08fff)='.', &(0x7f00005e9000)='cifs\x00', 0x2000, &(0x7f00000000c0)) umount2(&(0x7f000075e000)='.', 0x0) 2018/04/07 02:26:41 executing program 5: syz_emit_ethernet(0x66, &(0x7f0000015e15)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff89, 0x0, 0x0, 0x0, [0x14], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3], 0x1}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, 0x0) 2018/04/07 02:26:41 executing program 7: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000000), 0x8}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 2018/04/07 02:26:41 executing program 2: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ifb0\x00', 0x1002}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x308) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'ifb0\x00', 0xa201}) 2018/04/07 02:26:41 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/udplite\x00') lseek(r0, 0x0, 0x1) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6df1733d7a8a242fd899e0633f5fcea8fb5a550ed80ebba4d909c7a124d8ac39add13dc93a80f22ff9fd35a844f3e8b5ade4e5935137af6fe251190634435dca", "6aaba7a936009867bd21673a08478220febadc5ca0c0caf1f4833b9ff18a89a285f049691fdaee090426b5018b54096bdaacf1e7a2fb27febc2e8d7b46599493", "ecd2881042e088581e6e599a5591e6c882e32e7ea6697b93d32112b2bc83d72a"}) 2018/04/07 02:26:41 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000fa8fe4)={0xa, 0x4e23}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x20) connect$inet6(r0, &(0x7f000098cfe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) r1 = dup(r0) write$eventfd(r1, &(0x7f0000605ff8), 0xffbe) 2018/04/07 02:26:41 executing program 3: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000180), 0x8) 2018/04/07 02:26:41 executing program 5: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='loginuid\x00') writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)='+0', 0x2}], 0x1) 2018/04/07 02:26:41 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x380, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff88, 0x0, 0x0, 0x0, [0x14], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3], 0x1}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, 0x0) 2018/04/07 02:26:41 executing program 4: r0 = socket(0x11, 0x100000802, 0x0) r1 = syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x2) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"6966623000faffffffffffffff00", 0x1000000000004002}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={"69666230000091785a1e7a275fa500", 0x1301}) r2 = memfd_create(&(0x7f0000f0c000)='$\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x10001) sendfile(r1, r2, &(0x7f0000000080), 0x1000fed) 2018/04/07 02:26:41 executing program 7: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f0000033ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) shutdown(r0, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00008ed000)={0x0, 0x2000000002}, 0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000002f40), &(0x7f0000002f80)=0x8) 2018/04/07 02:26:41 executing program 2: r0 = gettid() perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigqueueinfo(r0, 0x0, &(0x7f0000000040)) 2018/04/07 02:26:41 executing program 6: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) r2 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xd, 0x20011, r2, 0x0) ptrace$getregset(0x4204, r1, 0x1, &(0x7f0000000080)={&(0x7f00000013c0)=""/4096, 0xe8}) [ 57.467596] device ifb0 entered promiscuous mode 2018/04/07 02:26:41 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000fa8fe4)={0xa, 0x4e23}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x20) connect$inet6(r0, &(0x7f000098cfe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) r1 = dup(r0) write$eventfd(r1, &(0x7f0000605ff8), 0xffbe) 2018/04/07 02:26:41 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x380, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000], 0x1}, {[], @icmpv6=@dest_unreach={0xffffff88, 0x0, 0x0, 0x0, [0x14], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3], 0x1}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, 0x0) [ 57.558466] ================================================================== [ 57.565875] BUG: KMSAN: uninit-value in tun_get_user+0x2b93/0x7580 [ 57.572196] CPU: 0 PID: 5098 Comm: syz-executor4 Not tainted 4.16.0+ #81 [ 57.579028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.588376] Call Trace: [ 57.590962] dump_stack+0x185/0x1d0 [ 57.594591] ? tun_get_user+0x2b93/0x7580 [ 57.598738] kmsan_report+0x142/0x240 [ 57.602549] __msan_warning_32+0x6c/0xb0 [ 57.606616] tun_get_user+0x2b93/0x7580 [ 57.610591] ? _cond_resched+0x3c/0xd0 [ 57.614475] ? find_lock_entry+0x157/0x720 [ 57.618711] ? page_mapping+0x300/0x480 [ 57.622701] tun_chr_write_iter+0x1d4/0x330 [ 57.627028] ? tun_chr_read_iter+0x460/0x460 [ 57.631436] __vfs_write+0x719/0x910 [ 57.635157] __kernel_write+0x201/0x5c0 [ 57.639139] write_pipe_buf+0x1d5/0x270 [ 57.643120] ? propagate_umount+0x3a30/0x3a30 [ 57.647620] __splice_from_pipe+0x49a/0xf30 [ 57.651946] ? default_file_splice_write+0x380/0x380 [ 57.657053] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.662420] default_file_splice_write+0x1d9/0x380 [ 57.667360] ? default_file_splice_read+0x1120/0x1120 [ 57.672554] direct_splice_actor+0x19b/0x200 [ 57.676975] splice_direct_to_actor+0x764/0x1040 [ 57.681731] ? do_splice_direct+0x540/0x540 [ 57.686058] ? security_file_permission+0x28f/0x4b0 [ 57.691080] ? rw_verify_area+0x35e/0x580 [ 57.695234] do_splice_direct+0x335/0x540 [ 57.699384] do_sendfile+0x1067/0x1e40 [ 57.703287] SYSC_sendfile64+0x1b3/0x300 [ 57.707354] SyS_sendfile64+0x64/0x90 [ 57.711150] do_syscall_64+0x309/0x430 [ 57.715044] ? SYSC_sendfile+0x320/0x320 [ 57.719111] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.724301] RIP: 0033:0x455259 [ 57.727486] RSP: 002b:00007f27c4fbcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 57.735191] RAX: ffffffffffffffda RBX: 00007f27c4fbd6d4 RCX: 0000000000455259 [ 57.742471] RDX: 0000000020000080 RSI: 0000000000000015 RDI: 0000000000000014 [ 57.749734] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 57.757006] R10: 0000000001000fed R11: 0000000000000246 R12: 00000000ffffffff [ 57.764273] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 57.771547] [ 57.773160] Uninit was stored to memory at: [ 57.777483] kmsan_internal_chain_origin+0x12b/0x210 [ 57.782584] kmsan_memcpy_origins+0x11d/0x170 [ 57.787074] __msan_memcpy+0x19f/0x1f0 [ 57.790958] _copy_from_iter_full+0xdfc/0x1450 [ 57.795540] tun_get_user+0x600/0x7580 [ 57.799431] tun_chr_write_iter+0x1d4/0x330 [ 57.803754] __vfs_write+0x719/0x910 [ 57.807472] __kernel_write+0x201/0x5c0 [ 57.811445] write_pipe_buf+0x1d5/0x270 [ 57.815419] __splice_from_pipe+0x49a/0xf30 [ 57.819741] default_file_splice_write+0x1d9/0x380 [ 57.824671] direct_splice_actor+0x19b/0x200 [ 57.829078] splice_direct_to_actor+0x764/0x1040 [ 57.833830] do_splice_direct+0x335/0x540 [ 57.837971] do_sendfile+0x1067/0x1e40 [ 57.841859] SYSC_sendfile64+0x1b3/0x300 [ 57.845923] SyS_sendfile64+0x64/0x90 [ 57.849720] do_syscall_64+0x309/0x430 [ 57.853607] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.858784] Uninit was created at: [ 57.862322] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.867329] kmsan_alloc_page+0x82/0xe0 [ 57.871283] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.876023] alloc_pages_vma+0xcc8/0x1800 [ 57.880156] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 57.885148] shmem_getpage_gfp+0x35db/0x5770 [ 57.889620] shmem_fallocate+0xde2/0x1610 [ 57.893753] vfs_fallocate+0x9dc/0xde0 [ 57.897628] SYSC_fallocate+0x119/0x1d0 [ 57.901577] SyS_fallocate+0x64/0x90 [ 57.905266] do_syscall_64+0x309/0x430 [ 57.909133] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.914300] ================================================================== [ 57.921641] Disabling lock debugging due to kernel taint [ 57.927066] Kernel panic - not syncing: panic_on_warn set ... [ 57.927066] [ 57.934416] CPU: 0 PID: 5098 Comm: syz-executor4 Tainted: G B 4.16.0+ #81 [ 57.942543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.951873] Call Trace: [ 57.954445] dump_stack+0x185/0x1d0 [ 57.958057] panic+0x39d/0x940 [ 57.961246] ? tun_get_user+0x2b93/0x7580 [ 57.965376] kmsan_report+0x238/0x240 [ 57.969166] __msan_warning_32+0x6c/0xb0 [ 57.973216] tun_get_user+0x2b93/0x7580 [ 57.977165] ? _cond_resched+0x3c/0xd0 [ 57.981037] ? find_lock_entry+0x157/0x720 [ 57.985345] ? page_mapping+0x300/0x480 [ 57.989322] tun_chr_write_iter+0x1d4/0x330 [ 57.993629] ? tun_chr_read_iter+0x460/0x460 [ 57.998023] __vfs_write+0x719/0x910 [ 58.001742] __kernel_write+0x201/0x5c0 [ 58.005700] write_pipe_buf+0x1d5/0x270 [ 58.009657] ? propagate_umount+0x3a30/0x3a30 [ 58.014143] __splice_from_pipe+0x49a/0xf30 [ 58.018452] ? default_file_splice_write+0x380/0x380 [ 58.023595] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.028948] default_file_splice_write+0x1d9/0x380 [ 58.033869] ? default_file_splice_read+0x1120/0x1120 [ 58.039049] direct_splice_actor+0x19b/0x200 [ 58.043449] splice_direct_to_actor+0x764/0x1040 [ 58.048185] ? do_splice_direct+0x540/0x540 [ 58.052485] ? security_file_permission+0x28f/0x4b0 [ 58.057481] ? rw_verify_area+0x35e/0x580 [ 58.061609] do_splice_direct+0x335/0x540 [ 58.065750] do_sendfile+0x1067/0x1e40 [ 58.069634] SYSC_sendfile64+0x1b3/0x300 [ 58.073677] SyS_sendfile64+0x64/0x90 [ 58.077458] do_syscall_64+0x309/0x430 [ 58.081329] ? SYSC_sendfile+0x320/0x320 [ 58.085370] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.090547] RIP: 0033:0x455259 [ 58.093713] RSP: 002b:00007f27c4fbcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 58.101396] RAX: ffffffffffffffda RBX: 00007f27c4fbd6d4 RCX: 0000000000455259 [ 58.108651] RDX: 0000000020000080 RSI: 0000000000000015 RDI: 0000000000000014 [ 58.115905] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.123152] R10: 0000000001000fed R11: 0000000000000246 R12: 00000000ffffffff [ 58.130400] R13: 00000000000004c6 R14: 00000000006fa330 R15: 0000000000000000 [ 58.138031] Dumping ftrace buffer: [ 58.141548] (ftrace buffer empty) [ 58.145227] Kernel Offset: disabled [ 58.148829] Rebooting in 86400 seconds..