[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts. 2020/07/17 21:53:43 fuzzer started 2020/07/17 21:53:43 dialing manager at 10.128.0.26:41463 2020/07/17 21:53:43 syscalls: 2944 2020/07/17 21:53:43 code coverage: enabled 2020/07/17 21:53:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/17 21:53:43 extra coverage: enabled 2020/07/17 21:53:43 setuid sandbox: enabled 2020/07/17 21:53:43 namespace sandbox: enabled 2020/07/17 21:53:43 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/17 21:53:43 fault injection: enabled 2020/07/17 21:53:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/17 21:53:43 net packet injection: enabled 2020/07/17 21:53:43 net device setup: enabled 2020/07/17 21:53:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/17 21:53:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/17 21:53:43 USB emulation: /dev/raw-gadget does not exist 21:55:34 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000b000)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800210400000000000000001c140000fe00000100000000088001"], 0x1}}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="c9ae", 0x2, 0x0, 0x0, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) syzkaller login: [ 227.135013][ T8462] IPVS: ftp: loaded support on port[0] = 21 [ 227.371975][ T8462] chnl_net:caif_netlink_parms(): no params data found [ 227.612564][ T8462] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.620900][ T8462] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.630206][ T8462] device bridge_slave_0 entered promiscuous mode [ 227.664682][ T8462] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.672150][ T8462] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.682029][ T8462] device bridge_slave_1 entered promiscuous mode [ 227.743560][ T8462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.758575][ T8462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.813415][ T8462] team0: Port device team_slave_0 added [ 227.824041][ T8462] team0: Port device team_slave_1 added [ 227.874865][ T8462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.882136][ T8462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.908678][ T8462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.945405][ T8462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 227.952805][ T8462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.979386][ T8462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.093813][ T8462] device hsr_slave_0 entered promiscuous mode [ 228.188134][ T8462] device hsr_slave_1 entered promiscuous mode [ 228.653979][ T8462] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 228.706316][ T8462] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 228.753976][ T8462] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 228.923162][ T8462] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 229.260117][ T8462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.296061][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.306313][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.334043][ T8462] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.361109][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.371752][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.382829][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.390672][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.447551][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.457251][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.467592][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.480047][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.487511][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.496974][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.508716][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.523231][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.534664][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.545360][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.556213][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.589120][ T8462] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 229.604073][ T8462] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.618575][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.629592][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 229.639715][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.650258][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 229.660653][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.674120][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.725773][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 229.734539][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 229.768709][ T8462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.818792][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 229.830448][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 229.886918][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 229.897745][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 229.918232][ T8462] device veth0_vlan entered promiscuous mode [ 229.939192][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 229.948857][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 229.981075][ T8462] device veth1_vlan entered promiscuous mode [ 230.036251][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 230.046868][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 230.056990][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 230.067022][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 230.092857][ T8462] device veth0_macvtap entered promiscuous mode [ 230.131585][ T8462] device veth1_macvtap entered promiscuous mode [ 230.173511][ T8462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 230.182710][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 230.192741][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 230.204232][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 230.214321][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 230.234255][ T8462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 230.257282][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 230.268746][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 230.422758][ T8666] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 230.432830][ T8666] netlink: 11855 bytes leftover after parsing attributes in process `syz-executor.0'. 21:55:38 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000b000)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800210400000000000000001c140000fe00000100000000088001"], 0x1}}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="c9ae", 0x2, 0x0, 0x0, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) [ 230.589959][ T8671] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 230.599073][ T8671] netlink: 11855 bytes leftover after parsing attributes in process `syz-executor.0'. 21:55:38 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000b000)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800210400000000000000001c140000fe00000100000000088001"], 0x1}}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="c9ae", 0x2, 0x0, 0x0, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) [ 230.750508][ T8673] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 230.762670][ T8673] netlink: 11855 bytes leftover after parsing attributes in process `syz-executor.0'. 21:55:38 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000b000)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800210400000000000000001c140000fe00000100000000088001"], 0x1}}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="c9ae", 0x2, 0x0, 0x0, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) [ 230.951163][ T8677] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 230.962080][ T8677] netlink: 11855 bytes leftover after parsing attributes in process `syz-executor.0'. 21:55:38 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, 0x7, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x7}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}}, 0x0) 21:55:38 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(&(0x7f00000003c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000280)='./file0\x00', 0x0, 0x1004, 0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 21:55:38 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(&(0x7f00000003c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000280)='./file0\x00', 0x0, 0x1004, 0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 21:55:39 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(&(0x7f00000003c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000280)='./file0\x00', 0x0, 0x1004, 0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 21:55:39 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(&(0x7f00000003c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000280)='./file0\x00', 0x0, 0x1004, 0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 21:55:39 executing program 0: r0 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x0) keyctl$revoke(0x11, r0) 21:55:39 executing program 0: r0 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x0) keyctl$revoke(0x11, r0) 21:55:39 executing program 0: r0 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x0) keyctl$revoke(0x11, r0) 21:55:39 executing program 0: r0 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x0) keyctl$revoke(0x11, r0) 21:55:40 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00') sendfile(r1, r2, 0x0, 0x400) [ 232.491678][ T8708] ===================================================== [ 232.499374][ T8708] BUG: KMSAN: uninit-value in sha256_update+0x8bf0/0x9090 [ 232.506626][ T8708] CPU: 1 PID: 8708 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 232.516047][ T8708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.527056][ T8708] Call Trace: [ 232.531560][ T8708] dump_stack+0x1df/0x240 [ 232.536188][ T8708] kmsan_report+0xf7/0x1e0 [ 232.540979][ T8708] __msan_warning+0x58/0xa0 [ 232.545767][ T8708] sha256_update+0x8bf0/0x9090 [ 232.550807][ T8708] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 232.557246][ T8708] ? update_stack_state+0xa18/0xb40 [ 232.562540][ T8708] ? kmsan_get_metadata+0x11d/0x180 [ 232.567978][ T8708] ? kmsan_task_context_state+0x47/0x90 [ 232.573995][ T8708] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 232.580271][ T8708] ? update_stack_state+0xa18/0xb40 [ 232.585853][ T8708] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 232.593128][ T8708] ? __module_address+0x68/0x600 [ 232.598386][ T8708] ? __kernel_text_address+0x171/0x2d0 [ 232.604847][ T8708] ? unwind_get_return_address+0x8c/0x130 [ 232.611219][ T8708] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 232.618276][ T8708] ? arch_stack_walk+0x2a2/0x3e0 [ 232.623543][ T8708] ? stack_trace_save+0x1a0/0x1a0 [ 232.628663][ T8708] crypto_sha256_finup+0xa3/0x1b0 [ 232.634109][ T8708] ? crypto_sha256_update+0xb0/0xb0 [ 232.639429][ T8708] crypto_shash_finup+0x2b4/0x6b0 [ 232.647363][ T8708] ? hash_sendpage+0x48c/0xdf0 [ 232.652384][ T8708] ? sock_sendpage+0x1e1/0x2c0 [ 232.657331][ T8708] ? kmsan_get_metadata+0x11d/0x180 [ 232.663189][ T8708] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 232.669464][ T8708] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 232.676879][ T8708] ? crypto_sha224_init+0x158/0x210 [ 232.682411][ T8708] shash_digest_unaligned+0x22b/0x260 [ 232.687997][ T8708] ? crypto_shash_digest+0x3d0/0x3d0 [ 232.693841][ T8708] shash_ahash_digest+0x788/0x8a0 [ 232.699261][ T8708] shash_async_digest+0xbb/0x110 [ 232.704758][ T8708] crypto_ahash_op+0x1c6/0x6c0 [ 232.709899][ T8708] ? __kmalloc+0x115/0x460 [ 232.714842][ T8708] ? kmsan_get_metadata+0x11d/0x180 [ 232.720941][ T8708] ? kmsan_get_metadata+0x11d/0x180 [ 232.727077][ T8708] ? shash_async_finup+0x110/0x110 [ 232.733005][ T8708] ? shash_async_finup+0x110/0x110 [ 232.738735][ T8708] crypto_ahash_digest+0xdc/0x150 [ 232.744715][ T8708] hash_sendpage+0x9cc/0xdf0 [ 232.750324][ T8708] ? hash_recvmsg+0xd30/0xd30 [ 232.756429][ T8708] sock_sendpage+0x1e1/0x2c0 [ 232.762208][ T8708] pipe_to_sendpage+0x38c/0x4c0 [ 232.767617][ T8708] ? sock_fasync+0x250/0x250 [ 232.772916][ T8708] __splice_from_pipe+0x565/0xf00 [ 232.778583][ T8708] ? generic_splice_sendpage+0x2d0/0x2d0 [ 232.785082][ T8708] generic_splice_sendpage+0x1d5/0x2d0 [ 232.790852][ T8708] ? iter_file_splice_write+0x1800/0x1800 [ 232.796912][ T8708] direct_splice_actor+0x1fd/0x580 [ 232.802248][ T8708] ? kmsan_get_metadata+0x4f/0x180 [ 232.807831][ T8708] splice_direct_to_actor+0x6b2/0xf50 [ 232.813803][ T8708] ? do_splice_direct+0x580/0x580 [ 232.819478][ T8708] do_splice_direct+0x342/0x580 [ 232.824914][ T8708] do_sendfile+0x101b/0x1d40 [ 232.830084][ T8708] __se_sys_sendfile64+0x2bb/0x360 [ 232.835653][ T8708] ? kmsan_get_metadata+0x4f/0x180 [ 232.840976][ T8708] __x64_sys_sendfile64+0x56/0x70 [ 232.846467][ T8708] do_syscall_64+0xb0/0x150 [ 232.851600][ T8708] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 232.857845][ T8708] RIP: 0033:0x45c1d9 [ 232.861904][ T8708] Code: Bad RIP value. [ 232.866070][ T8708] RSP: 002b:00007f691c47bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 232.875855][ T8708] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 232.884279][ T8708] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 232.892443][ T8708] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 232.901674][ T8708] R10: 0000000000000400 R11: 0000000000000246 R12: 000000000078bf0c [ 232.909988][ T8708] R13: 0000000000c9fb6f R14: 00007f691c47c9c0 R15: 000000000078bf0c [ 232.917980][ T8708] [ 232.920581][ T8708] Uninit was created at: [ 232.924937][ T8708] kmsan_save_stack_with_flags+0x3c/0x90 [ 232.931041][ T8708] kmsan_alloc_page+0xb9/0x180 [ 232.936086][ T8708] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 232.942371][ T8708] alloc_pages_current+0x672/0x990 [ 232.947593][ T8708] push_pipe+0x605/0xb70 [ 232.952637][ T8708] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 232.959170][ T8708] do_splice_to+0x4fc/0x14f0 [ 232.965143][ T8708] splice_direct_to_actor+0x45c/0xf50 [ 232.971838][ T8708] do_splice_direct+0x342/0x580 [ 232.976800][ T8708] do_sendfile+0x101b/0x1d40 [ 232.981488][ T8708] __se_sys_sendfile64+0x2bb/0x360 [ 232.987129][ T8708] __x64_sys_sendfile64+0x56/0x70 [ 232.992706][ T8708] do_syscall_64+0xb0/0x150 [ 232.998182][ T8708] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 233.005705][ T8708] ===================================================== [ 233.013763][ T8708] Disabling lock debugging due to kernel taint [ 233.021024][ T8708] Kernel panic - not syncing: panic_on_warn set ... [ 233.027982][ T8708] CPU: 1 PID: 8708 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 233.039716][ T8708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.049803][ T8708] Call Trace: [ 233.053124][ T8708] dump_stack+0x1df/0x240 [ 233.057485][ T8708] panic+0x3d5/0xc3e [ 233.061424][ T8708] kmsan_report+0x1df/0x1e0 [ 233.065957][ T8708] __msan_warning+0x58/0xa0 [ 233.070492][ T8708] sha256_update+0x8bf0/0x9090 [ 233.075756][ T8708] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 233.082225][ T8708] ? update_stack_state+0xa18/0xb40 [ 233.087795][ T8708] ? kmsan_get_metadata+0x11d/0x180 [ 233.093013][ T8708] ? kmsan_task_context_state+0x47/0x90 [ 233.098729][ T8708] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 233.104824][ T8708] ? update_stack_state+0xa18/0xb40 [ 233.110051][ T8708] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 233.116234][ T8708] ? __module_address+0x68/0x600 [ 233.121213][ T8708] ? __kernel_text_address+0x171/0x2d0 [ 233.126702][ T8708] ? unwind_get_return_address+0x8c/0x130 [ 233.132458][ T8708] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 233.138545][ T8708] ? arch_stack_walk+0x2a2/0x3e0 [ 233.143505][ T8708] ? stack_trace_save+0x1a0/0x1a0 [ 233.148563][ T8708] crypto_sha256_finup+0xa3/0x1b0 [ 233.153613][ T8708] ? crypto_sha256_update+0xb0/0xb0 [ 233.158830][ T8708] crypto_shash_finup+0x2b4/0x6b0 [ 233.163882][ T8708] ? hash_sendpage+0x48c/0xdf0 [ 233.168786][ T8708] ? sock_sendpage+0x1e1/0x2c0 [ 233.173568][ T8708] ? kmsan_get_metadata+0x11d/0x180 [ 233.178874][ T8708] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 233.184703][ T8708] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 233.190973][ T8708] ? crypto_sha224_init+0x158/0x210 [ 233.196196][ T8708] shash_digest_unaligned+0x22b/0x260 [ 233.201593][ T8708] ? crypto_shash_digest+0x3d0/0x3d0 [ 233.207176][ T8708] shash_ahash_digest+0x788/0x8a0 [ 233.212670][ T8708] shash_async_digest+0xbb/0x110 [ 233.218188][ T8708] crypto_ahash_op+0x1c6/0x6c0 [ 233.223515][ T8708] ? __kmalloc+0x115/0x460 [ 233.228133][ T8708] ? kmsan_get_metadata+0x11d/0x180 [ 233.234581][ T8708] ? kmsan_get_metadata+0x11d/0x180 [ 233.239814][ T8708] ? shash_async_finup+0x110/0x110 [ 233.246940][ T8708] ? shash_async_finup+0x110/0x110 [ 233.252614][ T8708] crypto_ahash_digest+0xdc/0x150 [ 233.258538][ T8708] hash_sendpage+0x9cc/0xdf0 [ 233.263754][ T8708] ? hash_recvmsg+0xd30/0xd30 [ 233.268439][ T8708] sock_sendpage+0x1e1/0x2c0 [ 233.273854][ T8708] pipe_to_sendpage+0x38c/0x4c0 [ 233.278950][ T8708] ? sock_fasync+0x250/0x250 [ 233.283889][ T8708] __splice_from_pipe+0x565/0xf00 [ 233.289786][ T8708] ? generic_splice_sendpage+0x2d0/0x2d0 [ 233.295804][ T8708] generic_splice_sendpage+0x1d5/0x2d0 [ 233.301597][ T8708] ? iter_file_splice_write+0x1800/0x1800 [ 233.307852][ T8708] direct_splice_actor+0x1fd/0x580 [ 233.315115][ T8708] ? kmsan_get_metadata+0x4f/0x180 [ 233.321553][ T8708] splice_direct_to_actor+0x6b2/0xf50 [ 233.328661][ T8708] ? do_splice_direct+0x580/0x580 [ 233.333994][ T8708] do_splice_direct+0x342/0x580 [ 233.339218][ T8708] do_sendfile+0x101b/0x1d40 [ 233.344100][ T8708] __se_sys_sendfile64+0x2bb/0x360 [ 233.349505][ T8708] ? kmsan_get_metadata+0x4f/0x180 [ 233.354991][ T8708] __x64_sys_sendfile64+0x56/0x70 [ 233.364781][ T8708] do_syscall_64+0xb0/0x150 [ 233.370120][ T8708] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 233.376487][ T8708] RIP: 0033:0x45c1d9 [ 233.380639][ T8708] Code: Bad RIP value. [ 233.385630][ T8708] RSP: 002b:00007f691c47bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 233.395795][ T8708] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 233.404800][ T8708] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 233.412828][ T8708] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 233.421022][ T8708] R10: 0000000000000400 R11: 0000000000000246 R12: 000000000078bf0c [ 233.431124][ T8708] R13: 0000000000c9fb6f R14: 00007f691c47c9c0 R15: 000000000078bf0c [ 233.442316][ T8708] Kernel Offset: 0x8800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 233.455691][ T8708] Rebooting in 86400 seconds..