INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. 2018/04/07 07:44:40 fuzzer started 2018/04/07 07:44:41 dialing manager at 10.128.0.26:38639 2018/04/07 07:44:46 kcov=true, comps=false 2018/04/07 07:44:49 executing program 0: clock_nanosleep(0x0, 0xfffffffffdffffff, &(0x7f0000051ff0)={0x2000000000003}, 0x0) r0 = gettid() socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000008ff8)=0x3f) fcntl$setsig(r1, 0xa, 0x12) fcntl$setownex(r1, 0xf, &(0x7f00000ff000)={0x0, r0}) recvmsg(r2, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0x0) dup2(r1, r2) r3 = gettid() mmap(&(0x7f0000000000/0x709000)=nil, 0x709000, 0x1, 0x32, 0xffffffffffffffff, 0x0) tkill(r3, 0x16) 2018/04/07 07:44:49 executing program 1: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) bind$packet(r0, &(0x7f0000000240)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x0, 0xfffffffffffffffd}, 0x4) syz_emit_ethernet(0x22, &(0x7f00000000c0)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], {@ipv4={0x800, {{0x5, 0x2, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback=0x7f000001, @remote={0xac, 0x14, 0x14, 0xbb}}, @udp={0x4e20, 0x4e20, 0x8}}}}}, &(0x7f0000000000)) 2018/04/07 07:44:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) sendmsg$alg(r1, &(0x7f0000166000)={0x0, 0x0, &(0x7f000019f000), 0x0, &(0x7f0000282fb8)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c", 0x20) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) 2018/04/07 07:44:49 executing program 7: r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000fc4ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) connect$inet(r0, &(0x7f0000adf000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendmsg$alg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f00000002c0)=[@iv={0x18, 0x117, 0x2}], 0x2ae}, 0x0) 2018/04/07 07:44:49 executing program 4: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc), 0x4) r1 = socket$inet(0x2, 0x3, 0x32) sendto$inet(r1, &(0x7f000014cf2c), 0x0, 0x8000, &(0x7f00005b5ff0)={0x2, 0x4e20}, 0x10) sendto$inet(r1, &(0x7f0000000000)="20100000", 0x4, 0x0, &(0x7f0000cf9000)={0x2, 0x4e20}, 0x10) 2018/04/07 07:44:49 executing program 3: r0 = socket(0x11, 0x803, 0x300) syz_emit_ethernet(0x3e, &(0x7f0000c29000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x6, "067b26", 0x8, 0x0, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @udp={0x4e20, 0x4e20, 0x8}}}}}}, &(0x7f0000b99000)) recvmmsg(r0, &(0x7f000094f000)=[{{&(0x7f0000e19000)=@nfc, 0x10, &(0x7f00006ca000), 0x0, &(0x7f0000560000)=""/129, 0x81}}], 0x1, 0x0, 0x0) ioctl$sock_netrom_SIOCGSTAMP(r0, 0x8906, &(0x7f00000000c0)) 2018/04/07 07:44:49 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000f84f90)={0x2, 0x18, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @multicast1=0xe0000001}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e20}}]}, 0x50}, 0x1}, 0x0) 2018/04/07 07:44:49 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x8010000400000084) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000748ff5)={0x0, 0x7}, 0xb) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [], 0x16}, 0x5}, 0x1c) recvmsg(r0, &(0x7f0000001300)={&(0x7f0000000000)=@alg, 0x58, &(0x7f0000001280), 0x0, &(0x7f0000000000)=""/8, 0x8}, 0x0) syzkaller login: [ 42.490868] ip (3806) used greatest stack depth: 54312 bytes left [ 43.607381] ip (3913) used greatest stack depth: 54200 bytes left [ 45.583702] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.611811] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.651790] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.739145] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.794252] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.811973] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.836488] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.993716] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.496566] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.523232] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.636419] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.696886] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.768450] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.815204] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.842873] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.882603] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.245717] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.251968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.262550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.283252] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.292772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.333730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.455292] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.461555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.472650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.490422] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.496743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.514747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.557935] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.568798] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.575222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.595285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.627383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.651611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.681717] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.699155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.711159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.738814] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.745185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.760800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 07:45:06 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) sendmsg$alg(r1, &(0x7f0000166000)={0x0, 0x0, &(0x7f000019f000), 0x0, &(0x7f0000282fb8)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c", 0x20) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) 2018/04/07 07:45:06 executing program 6: setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00008d8000)=ANY=[@ANYBLOB="687696efec548430e198770b091d00000000000000000a004e2000000000ff010000000000000000000000000001000000000000000000000000000000000c0040838200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x1) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00003cf000)={&(0x7f0000f4dff4)={0x10}, 0x37b, &(0x7f00005ad000)={&(0x7f00008d8000)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, @in6=@dev={0xfe, 0x80}}}, [@migrate={0x10c, 0x11}]}, 0x15c}, 0x1}, 0x0) 2018/04/07 07:45:06 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) sendmsg$alg(r1, &(0x7f0000166000)={0x0, 0x0, &(0x7f000019f000), 0x0, &(0x7f0000282fb8)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c", 0x20) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) 2018/04/07 07:45:06 executing program 3: r0 = socket(0x18, 0x0, 0x4) accept4$packet(r0, &(0x7f0000000180), &(0x7f00000001c0)=0x14, 0x0) 2018/04/07 07:45:06 executing program 6: execveat(0xffffffffffffffff, &(0x7f0000000000)='./control\x00', &(0x7f0000000280), &(0x7f0000000440), 0x100) [ 57.002147] ================================================================== [ 57.009582] BUG: KMSAN: uninit-value in __flow_hash_from_keys+0x10d8/0x1150 [ 57.016690] CPU: 1 PID: 5079 Comm: syz-executor4 Not tainted 4.16.0+ #81 [ 57.023524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.032875] Call Trace: [ 57.035473] dump_stack+0x185/0x1d0 [ 57.039105] ? __flow_hash_from_keys+0x10d8/0x1150 [ 57.044041] kmsan_report+0x142/0x240 [ 57.047853] __msan_warning_32+0x6c/0xb0 [ 57.052023] __flow_hash_from_keys+0x10d8/0x1150 [ 57.056790] __skb_get_hash_symmetric+0x14d/0x230 [ 57.061640] packet_rcv_fanout+0x38f/0x8d0 [ 57.065882] ? packet_direct_xmit+0xbf0/0xbf0 [ 57.070379] dev_queue_xmit_nit+0x8fb/0x11e0 [ 57.074802] dev_hard_start_xmit+0x27c/0xc70 [ 57.079219] __dev_queue_xmit+0x22d9/0x2b60 [ 57.083557] dev_queue_xmit+0x4b/0x60 [ 57.087353] neigh_resolve_output+0xac6/0xb60 [ 57.091855] ? neigh_event_ns+0x360/0x360 [ 57.096003] ip_finish_output2+0x1238/0x1380 2018/04/07 07:45:07 executing program 6: sendto$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000fe4)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) r0 = syz_open_dev$urandom(&(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x8042) recvmmsg(0xffffffffffffff9c, &(0x7f0000002200)=[{{&(0x7f0000000cc0)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10, &(0x7f0000000ec0)=[{&(0x7f0000000e80)=""/34, 0x22}], 0x1, 0x0, 0x0, 0x10000000000}}], 0x1, 0x0, &(0x7f00000022c0)={0x0, 0x1c9c380}) writev(r0, &(0x7f0000000500), 0x1f3) 2018/04/07 07:45:07 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00002e8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000)="a23364fd", 0x4) sendmsg$alg(r1, &(0x7f0000166000)={0x0, 0x0, &(0x7f000019f000), 0x0, &(0x7f0000282fb8)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write(r1, &(0x7f00001eaf7c)="d33e3ac1792bbce4d7f62d063a492bc83d59408649b981c2d0e252ec8e311c2c", 0x20) recvmsg(r1, &(0x7f0000014fc8)={0x0, 0x0, &(0x7f0000095000)=[{&(0x7f00002e8ff2)=""/14, 0xe}, {&(0x7f00000bf000)=""/212, 0xd4}], 0x2, &(0x7f00002e8000)=""/79, 0x4f}, 0x0) [ 57.100419] ip_finish_output+0xcb0/0xff0 [ 57.104569] ip_output+0x502/0x5c0 [ 57.108107] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.112693] ? ip_finish_output+0xff0/0xff0 [ 57.117013] ip_send_skb+0x5f3/0x820 [ 57.120730] ? __ip_local_out+0x5b0/0x5b0 [ 57.124886] ip_push_pending_frames+0x105/0x170 [ 57.129561] raw_sendmsg+0x2960/0x3ed0 [ 57.133478] ? compat_raw_ioctl+0x100/0x100 [ 57.137800] inet_sendmsg+0x48d/0x740 [ 57.141603] ? security_socket_sendmsg+0x9e/0x210 [ 57.146450] ? inet_getname+0x500/0x500 [ 57.150430] SYSC_sendto+0x6c3/0x7e0 [ 57.154147] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.159597] ? prepare_exit_to_usermode+0x149/0x3a0 [ 57.164622] SyS_sendto+0x8a/0xb0 [ 57.168076] do_syscall_64+0x309/0x430 [ 57.174144] ? SYSC_getpeername+0x560/0x560 [ 57.178476] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.183665] RIP: 0033:0x455259 [ 57.186847] RSP: 002b:00007fd7cf49cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.194559] RAX: ffffffffffffffda RBX: 00007fd7cf49d6d4 RCX: 0000000000455259 [ 57.201829] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000014 [ 57.209102] RBP: 000000000072bea0 R08: 0000000020cf9000 R09: 0000000000000010 [ 57.216375] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.223644] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 57.230915] [ 57.232527] Uninit was stored to memory at: [ 57.236849] kmsan_internal_chain_origin+0x12b/0x210 [ 57.241947] __msan_chain_origin+0x69/0xc0 [ 57.246179] __skb_flow_dissect+0x4cbd/0x6580 2018/04/07 07:45:07 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000265ff7)='/dev/sg#\x00', 0x0, 0x2) write$tun(r0, &(0x7f0000000000), 0x32) ioctl(r0, 0x227c, &(0x7f000097e000)) [ 57.250668] __skb_get_hash_symmetric+0x10b/0x230 [ 57.255509] packet_rcv_fanout+0x38f/0x8d0 [ 57.259741] dev_queue_xmit_nit+0x8fb/0x11e0 [ 57.264145] dev_hard_start_xmit+0x27c/0xc70 [ 57.268548] __dev_queue_xmit+0x22d9/0x2b60 [ 57.272868] dev_queue_xmit+0x4b/0x60 [ 57.276672] neigh_resolve_output+0xac6/0xb60 [ 57.281166] ip_finish_output2+0x1238/0x1380 [ 57.285572] ip_finish_output+0xcb0/0xff0 [ 57.289714] ip_output+0x502/0x5c0 [ 57.293251] ip_send_skb+0x5f3/0x820 [ 57.296964] ip_push_pending_frames+0x105/0x170 [ 57.301719] raw_sendmsg+0x2960/0x3ed0 [ 57.305604] inet_sendmsg+0x48d/0x740 [ 57.309414] SYSC_sendto+0x6c3/0x7e0 [ 57.313129] SyS_sendto+0x8a/0xb0 [ 57.317402] do_syscall_64+0x309/0x430 [ 57.321293] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.326474] Uninit was stored to memory at: [ 57.330798] kmsan_internal_chain_origin+0x12b/0x210 [ 57.335898] kmsan_memcpy_origins+0x11d/0x170 [ 57.340385] __msan_memcpy+0x19f/0x1f0 [ 57.344273] skb_copy_bits+0x63a/0xdb0 [ 57.348159] __skb_flow_dissect+0x48ea/0x6580 [ 57.352649] __skb_get_hash_symmetric+0x10b/0x230 [ 57.357487] packet_rcv_fanout+0x38f/0x8d0 [ 57.361720] dev_queue_xmit_nit+0x8fb/0x11e0 [ 57.366124] dev_hard_start_xmit+0x27c/0xc70 [ 57.370532] __dev_queue_xmit+0x22d9/0x2b60 [ 57.374854] dev_queue_xmit+0x4b/0x60 [ 57.378651] neigh_resolve_output+0xac6/0xb60 [ 57.383144] ip_finish_output2+0x1238/0x1380 [ 57.387547] ip_finish_output+0xcb0/0xff0 [ 57.391695] ip_output+0x502/0x5c0 [ 57.395230] ip_send_skb+0x5f3/0x820 [ 57.398946] ip_push_pending_frames+0x105/0x170 [ 57.403612] raw_sendmsg+0x2960/0x3ed0 [ 57.407495] inet_sendmsg+0x48d/0x740 [ 57.411293] SYSC_sendto+0x6c3/0x7e0 [ 57.415005] SyS_sendto+0x8a/0xb0 [ 57.418456] do_syscall_64+0x309/0x430 [ 57.422343] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.427521] Uninit was created at: [ 57.431057] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 57.436059] kmsan_alloc_page+0x82/0xe0 [ 57.440020] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 57.444760] alloc_pages_current+0x6b5/0x970 [ 57.449152] skb_page_frag_refill+0x3ba/0x5e0 [ 57.453622] sk_page_frag_refill+0xa4/0x340 [ 57.457929] __ip_append_data+0x107e/0x3d10 [ 57.462238] ip_append_data+0x2fb/0x440 [ 57.466195] raw_sendmsg+0x287b/0x3ed0 [ 57.470066] inet_sendmsg+0x48d/0x740 [ 57.473844] SYSC_sendto+0x6c3/0x7e0 [ 57.477540] SyS_sendto+0x8a/0xb0 [ 57.480969] do_syscall_64+0x309/0x430 [ 57.484841] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.490013] ================================================================== [ 57.497351] Disabling lock debugging due to kernel taint [ 57.502773] Kernel panic - not syncing: panic_on_warn set ... [ 57.502773] [ 57.510115] CPU: 1 PID: 5079 Comm: syz-executor4 Tainted: G B 4.16.0+ #81 [ 57.518237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.527564] Call Trace: [ 57.530132] dump_stack+0x185/0x1d0 [ 57.533736] panic+0x39d/0x940 [ 57.536931] ? __flow_hash_from_keys+0x10d8/0x1150 [ 57.541848] kmsan_report+0x238/0x240 [ 57.545638] __msan_warning_32+0x6c/0xb0 [ 57.549686] __flow_hash_from_keys+0x10d8/0x1150 [ 57.554423] __skb_get_hash_symmetric+0x14d/0x230 [ 57.559245] packet_rcv_fanout+0x38f/0x8d0 [ 57.563460] ? packet_direct_xmit+0xbf0/0xbf0 [ 57.567932] dev_queue_xmit_nit+0x8fb/0x11e0 [ 57.572333] dev_hard_start_xmit+0x27c/0xc70 [ 57.576739] __dev_queue_xmit+0x22d9/0x2b60 [ 57.581068] dev_queue_xmit+0x4b/0x60 [ 57.584858] neigh_resolve_output+0xac6/0xb60 [ 57.589336] ? neigh_event_ns+0x360/0x360 [ 57.593462] ip_finish_output2+0x1238/0x1380 [ 57.597862] ip_finish_output+0xcb0/0xff0 [ 57.601999] ip_output+0x502/0x5c0 [ 57.605523] ? ip_mc_finish_output+0x3b0/0x3b0 [ 57.610094] ? ip_finish_output+0xff0/0xff0 [ 57.614400] ip_send_skb+0x5f3/0x820 [ 57.618091] ? __ip_local_out+0x5b0/0x5b0 [ 57.622216] ip_push_pending_frames+0x105/0x170 [ 57.626883] raw_sendmsg+0x2960/0x3ed0 [ 57.630781] ? compat_raw_ioctl+0x100/0x100 [ 57.635088] inet_sendmsg+0x48d/0x740 [ 57.638866] ? security_socket_sendmsg+0x9e/0x210 [ 57.643687] ? inet_getname+0x500/0x500 [ 57.647651] SYSC_sendto+0x6c3/0x7e0 [ 57.651350] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 57.656783] ? prepare_exit_to_usermode+0x149/0x3a0 [ 57.661790] SyS_sendto+0x8a/0xb0 [ 57.665218] do_syscall_64+0x309/0x430 [ 57.669097] ? SYSC_getpeername+0x560/0x560 [ 57.673417] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.678589] RIP: 0033:0x455259 [ 57.681757] RSP: 002b:00007fd7cf49cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.689439] RAX: ffffffffffffffda RBX: 00007fd7cf49d6d4 RCX: 0000000000455259 [ 57.696690] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000014 [ 57.703945] RBP: 000000000072bea0 R08: 0000000020cf9000 R09: 0000000000000010 [ 57.711199] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.718457] R13: 00000000000004f7 R14: 00000000006fa7c8 R15: 0000000000000000 [ 57.726208] Dumping ftrace buffer: [ 57.729723] (ftrace buffer empty) [ 57.733414] Kernel Offset: disabled [ 57.737013] Rebooting in 86400 seconds..