[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.6' (ECDSA) to the list of known hosts. 2020/07/21 18:48:28 fuzzer started 2020/07/21 18:48:28 dialing manager at 10.128.0.26:36767 2020/07/21 18:48:28 syscalls: 3112 2020/07/21 18:48:28 code coverage: enabled 2020/07/21 18:48:28 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/21 18:48:28 extra coverage: enabled 2020/07/21 18:48:28 setuid sandbox: enabled 2020/07/21 18:48:28 namespace sandbox: enabled 2020/07/21 18:48:28 Android sandbox: enabled 2020/07/21 18:48:28 fault injection: enabled 2020/07/21 18:48:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/21 18:48:28 net packet injection: enabled 2020/07/21 18:48:28 net device setup: enabled 2020/07/21 18:48:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/21 18:48:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/21 18:48:28 USB emulation: /dev/raw-gadget does not exist 18:50:28 executing program 0: openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x28000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x3}, 0x1c) sendmmsg(r0, &(0x7f0000001980), 0x8c83086635fae290, 0x2000f760) syzkaller login: [ 217.956994][ T32] audit: type=1400 audit(1595357428.467:8): avc: denied { execmem } for pid=8437 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 218.290881][ T8438] IPVS: ftp: loaded support on port[0] = 21 [ 218.600363][ T8438] chnl_net:caif_netlink_parms(): no params data found [ 218.841139][ T8438] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.848378][ T8438] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.858521][ T8438] device bridge_slave_0 entered promiscuous mode [ 218.879019][ T8438] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.886882][ T8438] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.896731][ T8438] device bridge_slave_1 entered promiscuous mode [ 218.946159][ T8438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.963441][ T8438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.015560][ T8438] team0: Port device team_slave_0 added [ 219.027533][ T8438] team0: Port device team_slave_1 added [ 219.072391][ T8438] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.079455][ T8438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.106391][ T8438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.121478][ T8438] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.128526][ T8438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.155065][ T8438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.378283][ T8438] device hsr_slave_0 entered promiscuous mode [ 219.520863][ T8438] device hsr_slave_1 entered promiscuous mode [ 219.971143][ T8438] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 220.010893][ T8438] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 220.178843][ T8438] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 220.438578][ T8438] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 220.848887][ T8438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.878533][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.888387][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.914786][ T8438] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.929376][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.939499][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.948775][ T3760] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.956050][ T3760] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.021479][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.030601][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.040285][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.049471][ T3760] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.056766][ T3760] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.067177][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.078146][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.088952][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.099297][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.109694][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.120192][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.130992][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.140605][ T3760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.155579][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.165370][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.175092][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 221.191077][ T8438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.235282][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 221.243474][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 221.265582][ T8438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.306829][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 221.317524][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 221.364247][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 221.373875][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 221.389188][ T8438] device veth0_vlan entered promiscuous mode [ 221.410871][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 221.419847][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 221.431972][ T8438] device veth1_vlan entered promiscuous mode [ 221.487570][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 221.497357][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 221.506818][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 221.516833][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 221.534353][ T8438] device veth0_macvtap entered promiscuous mode [ 221.551016][ T8438] device veth1_macvtap entered promiscuous mode [ 221.585695][ T8438] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.597111][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 221.606584][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 221.616833][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 221.627102][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 221.647779][ T8438] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.678211][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 221.688304][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 222.159740][ C0] hrtimer: interrupt took 59593 ns 18:50:32 executing program 0: pipe(&(0x7f0000000440)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) pipe(&(0x7f0000000100)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 18:50:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002940)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000001c0)}, 0x2}, {{&(0x7f00000003c0)=@can, 0x80, &(0x7f0000000880)=[{&(0x7f0000001100)=""/4096, 0x1000}, {&(0x7f0000000540)=""/126, 0x7e}, {0x0}, {&(0x7f00000004c0)=""/90, 0x5a}, {&(0x7f0000000ac0)=""/227, 0xe3}, {&(0x7f0000000780)=""/230, 0xe6}, {&(0x7f00000002c0)=""/59, 0x3b}], 0x7, &(0x7f0000000640)=""/106, 0x6a}, 0xfffff64b}, {{&(0x7f0000000c40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, 0x0, 0x0, &(0x7f0000000440)=""/92, 0x5c}, 0x9}, {{&(0x7f0000000ec0)=@tipc=@id, 0x80, &(0x7f00000023c0)}, 0x2}, {{&(0x7f00000024c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000004780)=[{0x0}, {0x0}, {&(0x7f0000003780)=""/4096, 0x1000}, {&(0x7f0000002700)=""/3, 0x3}], 0x4, &(0x7f00000047c0)=""/26, 0x1a}, 0x10000}, {{&(0x7f0000004800)=@ipx, 0x80, &(0x7f0000004940)=[{&(0x7f0000004880)=""/159, 0x9f}], 0x1, &(0x7f0000004980)=""/75, 0x4b}, 0x7e}, {{&(0x7f0000000340)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000bc0)=[{&(0x7f00000001c0)=""/57, 0x39}, {0x0}, {&(0x7f0000000900)=""/145, 0x91}, {0x0}], 0x4, &(0x7f0000002200)=""/246, 0xf6}}, {{0x0, 0x0, &(0x7f0000002380)=[{0x0}, {&(0x7f0000002300)=""/100, 0x64}], 0x2}}, {{&(0x7f00000006c0)=@rc={0x1f, @none}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000a40)=""/65, 0x41}], 0x1, &(0x7f0000000c00)=""/50, 0x32}}], 0x9, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x2) epoll_wait(r3, &(0x7f00000009c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x200) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1a7) socket$inet(0x2, 0x803, 0xa0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000002fc0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eececab4c0600e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002feb913d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d215c2de67708a460a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47080e84bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d1200e11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5cbdf9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b2416e6456c9560e298785fe0f9d862f8000000000000b7f90b24204ee5b0370bf6b862765e1c604f179187f6113b7bb899190ffd83d9f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000300dd5f4baa63f744982ebd621a0036e8231e1e5b2d63d4d30be7a1733342ce4eadeafa2a6ca643ed1be45c869a8b4b69bd2d0f3864276586b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b5acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85f04d5791a8a3c2ac7c6e02662b86b577ceef4dcd1e714c2d5e781774d1aa0ff4e0a6dac6b7b09003a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a99965f6cbfbb602e59143a21cf702d524dd1a0000000000000004009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be81e99973192f38f8edea73969ae9f84576582d576828023a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630040c603fb5ceeb29c10520dfb25f93fbe8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f746b293e99015fe0860f83198cc668489f3c7374bf71f755d9a5f51b430516bda0d0c639314a32f81c0835db1f9a59694f4a3f57ff0f0000000000003faa3356c26fb689d9f4c3a0c1e8edc34073ffea7897e7456a1dfa315144d0bd89c27e2c912f82bc18361464a40802348f920f76a94cf3f102cf07d022ab6bbbb040ff7b2c7aaeb343bf9a401deab24827a5dba43d8f8f86c67542445cafe559021d78fdffebe8957caa6b122becf002068289cf96f5aa8c9dfd1e3687b5afa39e2f576f79c2c073341fb587d458b62b8f6e818b38df932f34bd26d2c66e9510eac33a706be80367a91f71cafa3d645a4003c3dec409207e979842d59dbb8086651f57c2e8d44906889226f31b2ba7ac196a78c48f7ded2ddb8791cdc9ae0bfa3027bdf6a217667774b7d50e0b4d51eabd0b9c27b5bb6639aeab43efb25177d0a35501643072d046b3b33cb23b8cc44685e9e0de65f5862da6666aea0199a9d6fe2e980ac54f87b0e88b5b01767dac4202f9b6468154eba92b411a5ab0703369f75d5e6a6c757ea3532a31ea46abc169f7055497c79cedacde5e382a60284fc995823fff29e2bea15e0cda32f4bca87e923483d30436969f3eb3847f04c1dace848c454e86a6f500846fef570014b9da7ccd22b451ce9de5a7d2e021667a7963b9be9085ea6d67e310aa56b3863b79a390c1893659dac30f382b7b424e58ee47b2f4100a3bb8fec74163f00d470e7cece2b38636ef6f607ddd2f47f0b237013b04a6af556bb92424359a7964dd3d6ffc355848d7596fe02e5d4175cf93e712f434956c6e7ad637fcf00f202089f1a5224c17e4f3b2321d3bea1adefb1b8bfd7d674092320f77d44e590d6a8db290a62cf41bcc3c2e8a836b0da267290246aef3e9f3bf25db7ffc85d2f3c43ea03d0e2663a25db39a28540726f40866ade825e354b0afb470aa3d93cdef"], 0x18}}], 0x1b1, 0x0) socket$inet(0x2, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x34, 0x0, 0x8f44ca68b90c1f7d, 0x70bd26, 0x25dfdbfc, {{}, {}, {0x18, 0x18, {0x401, @bearer=@l2={'ib', 0x3a, 'team_slave_0\x00'}}}}, [""]}, 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x80) 18:50:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0x10, 0x2, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}, @dev}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "c55ea1e6627d686afb158acc6e7e4dda44b2b83a06c187f3d6e75295135291dd", "a95e1d3aa65ecb598ec23d1a3fd30ea7", {"d3a59a96b733fa74ab00", "561b69323e7ee7f1f84c2d6f5c7853cd"}}}}}}}}, 0x8a) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r3, 0x0, r5, 0x0, 0x18102, 0x0) 18:50:33 executing program 0: mknod(&(0x7f0000000200)='./bus\x00', 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x42202, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00') splice(r1, 0x0, r0, 0x0, 0xffffffe1, 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) [ 223.065611][ T8691] ===================================================== [ 223.072878][ T8691] BUG: KMSAN: uninit-value in kmsan_check_memory+0xd/0x10 [ 223.080002][ T8691] CPU: 1 PID: 8691 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 223.088849][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.098984][ T8691] Call Trace: [ 223.102274][ T8691] dump_stack+0x1df/0x240 [ 223.106588][ T8691] kmsan_report+0xf7/0x1e0 [ 223.111050][ T8691] kmsan_internal_check_memory+0x358/0x3d0 [ 223.116834][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.121970][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.127064][ T8691] kmsan_check_memory+0xd/0x10 [ 223.131961][ T8691] copy_page_to_iter+0x7b4/0x1bb0 [ 223.137102][ T8691] pipe_read+0x6a6/0x1a00 [ 223.141432][ T8691] ? kmsan_get_metadata+0x11d/0x180 [ 223.146619][ T8691] ? __ia32_sys_pipe+0x50/0x50 [ 223.151462][ T8691] vfs_read+0xc67/0x1230 [ 223.155699][ T8691] ksys_read+0x267/0x450 [ 223.159942][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.165047][ T8691] __se_sys_read+0x92/0xb0 [ 223.169460][ T8691] ? __se_sys_read+0xb0/0xb0 [ 223.174030][ T8691] __ia32_sys_read+0x4a/0x70 [ 223.178600][ T8691] __do_fast_syscall_32+0x2aa/0x400 [ 223.183917][ T8691] do_fast_syscall_32+0x6b/0xd0 [ 223.188756][ T8691] do_SYSENTER_32+0x73/0x90 [ 223.193247][ T8691] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 223.199557][ T8691] RIP: 0023:0xf7fa1549 [ 223.203597][ T8691] Code: Bad RIP value. [ 223.207869][ T8691] RSP: 002b:00000000f5d9c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 223.216523][ T8691] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 [ 223.224563][ T8691] RDX: 00000000fffffe47 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.232957][ T8691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.241119][ T8691] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 223.249075][ T8691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.257061][ T8691] [ 223.259494][ T8691] Uninit was created at: [ 223.264253][ T8691] kmsan_save_stack_with_flags+0x3c/0x90 [ 223.269880][ T8691] kmsan_alloc_page+0xb9/0x180 [ 223.274648][ T8691] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 223.280261][ T8691] alloc_pages_current+0x672/0x990 [ 223.285421][ T8691] push_pipe+0x605/0xb70 [ 223.289641][ T8691] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 223.295345][ T8691] do_splice_to+0x4fc/0x14f0 [ 223.299925][ T8691] do_splice+0x2ccd/0x30a0 [ 223.304337][ T8691] __se_sys_splice+0x271/0x420 [ 223.309087][ T8691] __ia32_sys_splice+0x6e/0x90 [ 223.313834][ T8691] __do_fast_syscall_32+0x2aa/0x400 [ 223.319008][ T8691] do_fast_syscall_32+0x6b/0xd0 [ 223.323844][ T8691] do_SYSENTER_32+0x73/0x90 [ 223.328443][ T8691] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 223.334842][ T8691] [ 223.337152][ T8691] Bytes 0-32 of 33 are uninitialized [ 223.342560][ T8691] Memory access of size 33 starts at ffff9d57f957e000 [ 223.349307][ T8691] ===================================================== [ 223.356210][ T8691] Disabling lock debugging due to kernel taint [ 223.362349][ T8691] Kernel panic - not syncing: panic_on_warn set ... [ 223.368934][ T8691] CPU: 1 PID: 8691 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 223.378970][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.389004][ T8691] Call Trace: [ 223.392284][ T8691] dump_stack+0x1df/0x240 [ 223.396696][ T8691] panic+0x3d5/0xc3e [ 223.400694][ T8691] kmsan_report+0x1df/0x1e0 [ 223.405714][ T8691] kmsan_internal_check_memory+0x358/0x3d0 [ 223.411692][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.417769][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.423058][ T8691] kmsan_check_memory+0xd/0x10 [ 223.428173][ T8691] copy_page_to_iter+0x7b4/0x1bb0 [ 223.433204][ T8691] pipe_read+0x6a6/0x1a00 [ 223.437978][ T8691] ? kmsan_get_metadata+0x11d/0x180 [ 223.443155][ T8691] ? __ia32_sys_pipe+0x50/0x50 [ 223.448159][ T8691] vfs_read+0xc67/0x1230 [ 223.452391][ T8691] ksys_read+0x267/0x450 [ 223.457407][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.463583][ T8691] __se_sys_read+0x92/0xb0 [ 223.468089][ T8691] ? __se_sys_read+0xb0/0xb0 [ 223.473711][ T8691] __ia32_sys_read+0x4a/0x70 [ 223.478563][ T8691] __do_fast_syscall_32+0x2aa/0x400 [ 223.484121][ T8691] do_fast_syscall_32+0x6b/0xd0 [ 223.489115][ T8691] do_SYSENTER_32+0x73/0x90 [ 223.493630][ T8691] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 223.500083][ T8691] RIP: 0023:0xf7fa1549 [ 223.504136][ T8691] Code: Bad RIP value. [ 223.508349][ T8691] RSP: 002b:00000000f5d9c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 223.516739][ T8691] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 [ 223.525268][ T8691] RDX: 00000000fffffe47 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.533316][ T8691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.541453][ T8691] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 223.549548][ T8691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.559048][ T8691] ------------[ cut here ]------------ [ 223.564498][ T8691] kernel BUG at mm/kmsan/kmsan.h:87! [ 223.569765][ T8691] invalid opcode: 0000 [#1] SMP [ 223.574609][ T8691] CPU: 1 PID: 8691 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 223.584568][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.594625][ T8691] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 223.601195][ T8691] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 ea 03 ca bc 31 c0 e8 81 fc 44 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 32 3d 8c 0c 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 223.620943][ T8691] RSP: 0018:ffffa70d01593508 EFLAGS: 00010046 [ 223.627331][ T8691] RAX: 0000000000000002 RBX: 0000000006260003 RCX: 0000000006260003 [ 223.635278][ T8691] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa70d015935e4 [ 223.643244][ T8691] RBP: ffffa70d015935b0 R08: 0000000000000000 R09: ffff9d586fd28210 [ 223.651302][ T8691] R10: 0000000000000000 R11: ffffffffb3a02930 R12: 0000000000000000 [ 223.659249][ T8691] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001 [ 223.667198][ T8691] FS: 0000000000000000(0000) GS:ffff9d586fd00000(0063) knlGS:00000000f5d9cb40 [ 223.676292][ T8691] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 223.682868][ T8691] CR2: 00000000f5d9bffc CR3: 00000000573b6000 CR4: 00000000001406e0 [ 223.692121][ T8691] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 223.700242][ T8691] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 223.708187][ T8691] Call Trace: [ 223.711464][ T8691] kmsan_check_memory+0xd/0x10 [ 223.716438][ T8691] iowrite8+0x99/0x2e0 [ 223.720493][ T8691] pvpanic_panic_notify+0x99/0xc0 [ 223.725530][ T8691] ? pvpanic_mmio_remove+0x60/0x60 [ 223.730630][ T8691] atomic_notifier_call_chain+0x130/0x250 [ 223.736384][ T8691] panic+0x468/0xc3e [ 223.740273][ T8691] kmsan_report+0x1df/0x1e0 [ 223.744755][ T8691] kmsan_internal_check_memory+0x358/0x3d0 [ 223.750626][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.755714][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.760806][ T8691] kmsan_check_memory+0xd/0x10 [ 223.765564][ T8691] copy_page_to_iter+0x7b4/0x1bb0 [ 223.770574][ T8691] pipe_read+0x6a6/0x1a00 [ 223.775132][ T8691] ? kmsan_get_metadata+0x11d/0x180 [ 223.780344][ T8691] ? __ia32_sys_pipe+0x50/0x50 [ 223.785102][ T8691] vfs_read+0xc67/0x1230 [ 223.789357][ T8691] ksys_read+0x267/0x450 [ 223.793580][ T8691] ? kmsan_get_metadata+0x4f/0x180 [ 223.798669][ T8691] __se_sys_read+0x92/0xb0 [ 223.803061][ T8691] ? __se_sys_read+0xb0/0xb0 [ 223.807645][ T8691] __ia32_sys_read+0x4a/0x70 [ 223.812215][ T8691] __do_fast_syscall_32+0x2aa/0x400 [ 223.817393][ T8691] do_fast_syscall_32+0x6b/0xd0 [ 223.822222][ T8691] do_SYSENTER_32+0x73/0x90 [ 223.826791][ T8691] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 223.833092][ T8691] RIP: 0023:0xf7fa1549 [ 223.837133][ T8691] Code: Bad RIP value. [ 223.841173][ T8691] RSP: 002b:00000000f5d9c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 223.849575][ T8691] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 [ 223.857534][ T8691] RDX: 00000000fffffe47 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.865489][ T8691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.873531][ T8691] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 223.881483][ T8691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 223.889440][ T8691] Modules linked in: [ 223.893403][ T8691] ---[ end trace 40d8225ad7f2b706 ]--- [ 223.899885][ T8691] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 223.906715][ T8691] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 ea 03 ca bc 31 c0 e8 81 fc 44 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 32 3d 8c 0c 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 223.926335][ T8691] RSP: 0018:ffffa70d01593508 EFLAGS: 00010046 [ 223.932398][ T8691] RAX: 0000000000000002 RBX: 0000000006260003 RCX: 0000000006260003 [ 223.940431][ T8691] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa70d015935e4 [ 223.948482][ T8691] RBP: ffffa70d015935b0 R08: 0000000000000000 R09: ffff9d586fd28210 [ 223.956619][ T8691] R10: 0000000000000000 R11: ffffffffb3a02930 R12: 0000000000000000 [ 223.964581][ T8691] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001 [ 223.972609][ T8691] FS: 0000000000000000(0000) GS:ffff9d586fd00000(0063) knlGS:00000000f5d9cb40 [ 223.981528][ T8691] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 223.988400][ T8691] CR2: 00000000f5d9bffc CR3: 00000000573b6000 CR4: 00000000001406e0 [ 223.997921][ T8691] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 224.007727][ T8691] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 224.015961][ T8691] Kernel panic - not syncing: Fatal exception [ 224.023555][ T8691] Kernel Offset: 0x2d600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 224.035172][ T8691] Rebooting in 86400 seconds..