[ 72.075518] audit: type=1800 audit(1547337680.120:25): pid=9605 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 72.094694] audit: type=1800 audit(1547337680.130:26): pid=9605 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 72.114404] audit: type=1800 audit(1547337680.140:27): pid=9605 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 73.289985] sshd (9669) used greatest stack depth: 54192 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 75.566087] sshd (9742) used greatest stack depth: 54176 bytes left Warning: Permanently added '10.128.0.170' (ECDSA) to the list of known hosts. 2019/01/13 00:01:32 fuzzer started 2019/01/13 00:01:37 dialing manager at 10.128.0.26:40403 [ 89.470273] ld (9763) used greatest stack depth: 53632 bytes left 2019/01/13 00:01:37 syscalls: 1 2019/01/13 00:01:37 code coverage: enabled 2019/01/13 00:01:37 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/13 00:01:37 setuid sandbox: enabled 2019/01/13 00:01:37 namespace sandbox: enabled 2019/01/13 00:01:37 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/13 00:01:37 fault injection: enabled 2019/01/13 00:01:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/13 00:01:37 net packet injection: enabled 2019/01/13 00:01:37 net device setup: enabled 00:03:58 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) [ 230.887553] IPVS: ftp: loaded support on port[0] = 21 [ 231.019395] chnl_net:caif_netlink_parms(): no params data found [ 231.089863] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.096899] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.105026] device bridge_slave_0 entered promiscuous mode [ 231.114829] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.121279] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.129400] device bridge_slave_1 entered promiscuous mode [ 231.159253] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.169929] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.197434] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.205788] team0: Port device team_slave_0 added [ 231.212934] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.221124] team0: Port device team_slave_1 added [ 231.228205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.236640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 231.416536] device hsr_slave_0 entered promiscuous mode [ 231.452160] device hsr_slave_1 entered promiscuous mode [ 231.493218] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 231.500679] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 231.526619] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.533151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.540172] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.546735] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.623394] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 231.629524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.642630] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 231.655346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 231.666192] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.675150] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.685715] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 231.702030] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 231.708125] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.722731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.731129] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.737653] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.774895] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.783179] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.789620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.799027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.828010] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 231.837744] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 231.849499] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 231.858939] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 231.867654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.876287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 231.885239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 231.907130] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 231.922584] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.943715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 00:04:00 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 00:04:00 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 00:04:00 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 00:04:00 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) 00:04:01 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) 00:04:01 executing program 1: r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0xfffffffffffffe5b) r1 = gettid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) geteuid() getuid() inotify_init() setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x3b1) lstat(0x0, 0x0) sendmsg$netlink(r0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) ptrace$peekuser(0x3, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0xffffffffffffff41) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) write$P9_RLERROR(0xffffffffffffffff, 0x0, 0x223f79008e4ba65c) ioctl$TIOCPKT(r0, 0x5420, 0x0) prctl$PR_MCE_KILL_GET(0x22) tkill(r1, 0x1000000000016) [ 233.997594] IPVS: ftp: loaded support on port[0] = 21 [ 234.131948] chnl_net:caif_netlink_parms(): no params data found [ 234.191878] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.198469] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.206546] device bridge_slave_0 entered promiscuous mode [ 234.215511] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.222012] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.230016] device bridge_slave_1 entered promiscuous mode [ 234.260354] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.271198] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 234.299278] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 234.307595] team0: Port device team_slave_0 added [ 234.314447] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 234.322744] team0: Port device team_slave_1 added [ 234.328922] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 234.338623] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 00:04:02 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) [ 234.516143] device hsr_slave_0 entered promiscuous mode [ 234.552575] device hsr_slave_1 entered promiscuous mode [ 234.592869] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 234.600291] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 234.625601] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.632151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.639163] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.645723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.721339] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 234.727690] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.740953] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 234.754182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.763767] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.773701] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.784696] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 234.803155] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 234.809309] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.826709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.834959] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.841405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.896697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.904994] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.911452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.920850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.929821] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.938394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 234.946622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 234.962359] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 234.968456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 234.988580] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 235.003644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.036565] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 00:04:03 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000008c0)=ANY=[@ANYBLOB='ubi2'], 0x0, &(0x7f00000000c0)='ubifs\x00', 0x0, &(0x7f0000000140)='adfs\x00') 00:04:03 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000040)={0x5, 0x9, 0x4}, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r1) close(r0) 00:04:03 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) 00:04:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4101}}, 0x1c}}, 0x0) 00:04:03 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x24, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) [ 235.705190] ================================================================== [ 235.712601] BUG: KMSAN: uninit-value in tipc_nl_compat_doit+0x5b3/0xaf0 [ 235.719360] CPU: 1 PID: 9832 Comm: syz-executor1 Not tainted 5.0.0-rc1+ #7 [ 235.726371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.735727] Call Trace: [ 235.738323] dump_stack+0x173/0x1d0 [ 235.741966] kmsan_report+0x12e/0x2a0 [ 235.745786] __msan_warning+0x82/0xf0 [ 235.749607] tipc_nl_compat_doit+0x5b3/0xaf0 [ 235.754017] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 235.759224] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 235.764443] tipc_nl_compat_recv+0x14d1/0x2750 [ 235.769045] ? tipc_nl_bearer_disable+0xb0/0xb0 [ 235.773715] ? tipc_nl_compat_dumpit+0x820/0x820 [ 235.778482] ? tipc_netlink_compat_stop+0x40/0x40 [ 235.783325] genl_rcv_msg+0x185f/0x1a60 [ 235.787344] netlink_rcv_skb+0x431/0x620 [ 235.791421] ? genl_unbind+0x390/0x390 [ 235.795325] genl_rcv+0x63/0x80 [ 235.798617] netlink_unicast+0xf3e/0x1020 [ 235.803061] netlink_sendmsg+0x127f/0x1300 [ 235.807329] ___sys_sendmsg+0xdb9/0x11b0 [ 235.811415] ? netlink_getsockopt+0x1460/0x1460 [ 235.816098] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 235.821294] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 235.826662] ? __fget_light+0x6e1/0x750 [ 235.830653] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 235.835852] __se_sys_sendmsg+0x305/0x460 [ 235.840031] __x64_sys_sendmsg+0x4a/0x70 [ 235.844097] do_syscall_64+0xbc/0xf0 [ 235.847819] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 235.853011] RIP: 0033:0x457ec9 [ 235.856205] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 235.875110] RSP: 002b:00007fb1b40ccc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 235.882820] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9 [ 235.890091] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 235.897366] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 235.904646] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb1b40cd6d4 [ 235.911924] R13: 00000000004c5058 R14: 00000000004d89e0 R15: 00000000ffffffff [ 235.919202] [ 235.920822] Uninit was created at: [ 235.924371] kmsan_internal_poison_shadow+0x92/0x150 [ 235.929486] kmsan_kmalloc+0xa6/0x130 [ 235.933286] kmsan_slab_alloc+0xe/0x10 [ 235.937180] __kmalloc_node_track_caller+0xe9e/0xff0 [ 235.942282] __alloc_skb+0x309/0xa20 [ 235.945999] netlink_sendmsg+0xb82/0x1300 [ 235.950145] ___sys_sendmsg+0xdb9/0x11b0 [ 235.954205] __se_sys_sendmsg+0x305/0x460 [ 235.958356] __x64_sys_sendmsg+0x4a/0x70 [ 235.962424] do_syscall_64+0xbc/0xf0 [ 235.966141] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 235.971320] ================================================================== [ 235.978679] Disabling lock debugging due to kernel taint [ 235.984127] Kernel panic - not syncing: panic_on_warn set ... [ 235.990016] CPU: 1 PID: 9832 Comm: syz-executor1 Tainted: G B 5.0.0-rc1+ #7 [ 235.998410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 236.007758] Call Trace: [ 236.010354] dump_stack+0x173/0x1d0 [ 236.014015] panic+0x3d1/0xb01 [ 236.017238] kmsan_report+0x293/0x2a0 [ 236.021053] __msan_warning+0x82/0xf0 [ 236.024866] tipc_nl_compat_doit+0x5b3/0xaf0 [ 236.029280] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 236.034487] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 236.039689] tipc_nl_compat_recv+0x14d1/0x2750 [ 236.044294] ? tipc_nl_bearer_disable+0xb0/0xb0 [ 236.048969] ? tipc_nl_compat_dumpit+0x820/0x820 [ 236.053735] ? tipc_netlink_compat_stop+0x40/0x40 [ 236.058581] genl_rcv_msg+0x185f/0x1a60 [ 236.062609] netlink_rcv_skb+0x431/0x620 [ 236.066677] ? genl_unbind+0x390/0x390 [ 236.070579] genl_rcv+0x63/0x80 [ 236.073872] netlink_unicast+0xf3e/0x1020 [ 236.078047] netlink_sendmsg+0x127f/0x1300 [ 236.082311] ___sys_sendmsg+0xdb9/0x11b0 [ 236.086392] ? netlink_getsockopt+0x1460/0x1460 [ 236.091078] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 236.096606] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 236.101974] ? __fget_light+0x6e1/0x750 [ 236.105967] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 236.111169] __se_sys_sendmsg+0x305/0x460 [ 236.115344] __x64_sys_sendmsg+0x4a/0x70 [ 236.119418] do_syscall_64+0xbc/0xf0 [ 236.123145] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 236.128332] RIP: 0033:0x457ec9 [ 236.131528] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 236.150430] RSP: 002b:00007fb1b40ccc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 236.158138] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9 [ 236.165501] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 236.172773] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 236.180040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb1b40cd6d4 [ 236.187309] R13: 00000000004c5058 R14: 00000000004d89e0 R15: 00000000ffffffff [ 236.195792] Kernel Offset: disabled [ 236.199415] Rebooting in 86400 seconds..