[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 118.417760][ T8466] ===================================================== [ 118.424726][ T8466] BUG: KMSAN: uninit-value in __skb_checksum_complete+0x37f/0x540 [ 118.432535][ T8466] CPU: 1 PID: 8466 Comm: syz-executor094 Not tainted 5.8.0-rc5-syzkaller #0 [ 118.441264][ T8466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.451293][ T8466] Call Trace: [ 118.454563][ T8466] dump_stack+0x1df/0x240 [ 118.458873][ T8466] kmsan_report+0xf7/0x1e0 [ 118.463268][ T8466] __msan_warning+0x58/0xa0 [ 118.467748][ T8466] __skb_checksum_complete+0x37f/0x540 [ 118.473192][ T8466] ? __skb_checksum+0x12a0/0x12a0 [ 118.478209][ T8466] ? csum_partial_ext+0xa0/0xa0 [ 118.483039][ T8466] nf_ip_checksum+0x53b/0x740 [ 118.487696][ T8466] nf_nat_icmp_reply_translation+0x2ba/0x980 [ 118.493654][ T8466] ? kmsan_get_metadata+0x4f/0x180 [ 118.498761][ T8466] nf_nat_ipv4_local_fn+0x215/0x830 [ 118.503958][ T8466] ? nf_nat_ipv4_out+0x780/0x780 [ 118.508884][ T8466] nf_hook_slow+0x16e/0x400 [ 118.513385][ T8466] __ip_local_out+0x69b/0x800 [ 118.518126][ T8466] ? __ip_local_out+0x800/0x800 [ 118.522954][ T8466] ip_push_pending_frames+0x16f/0x460 [ 118.528304][ T8466] icmp_push_reply+0x660/0x710 [ 118.533049][ T8466] __icmp_send+0x23ca/0x3150 [ 118.537634][ T8466] ? nf_ct_deliver_cached_events+0x403/0x6c0 [ 118.543589][ T8466] ? kmsan_get_metadata+0x11d/0x180 [ 118.548764][ T8466] ip_fragment+0x39f/0x400 [ 118.553160][ T8466] __ip_finish_output+0xd34/0xd80 [ 118.558165][ T8466] ip_finish_output+0x166/0x410 [ 118.562995][ T8466] ip_output+0x593/0x680 [ 118.567242][ T8466] ? ip_mc_finish_output+0x6c0/0x6c0 [ 118.572519][ T8466] ? ip_finish_output+0x410/0x410 [ 118.577517][ T8466] __ip_queue_xmit+0x1b5c/0x21a0 [ 118.582431][ T8466] ? kmsan_get_metadata+0x11d/0x180 [ 118.587635][ T8466] ? local_bh_enable+0x40/0x40 [ 118.592389][ T8466] ? kmsan_get_metadata+0x11d/0x180 [ 118.597563][ T8466] l2tp_ip_sendmsg+0x1477/0x1870 [ 118.602482][ T8466] ? kmsan_get_metadata+0x11d/0x180 [ 118.607661][ T8466] ? udp_cmsg_send+0x5d0/0x5d0 [ 118.612401][ T8466] ? l2tp_ip_destroy_sock+0x410/0x410 [ 118.617748][ T8466] inet_sendmsg+0x2d8/0x2e0 [ 118.622230][ T8466] ? inet_send_prepare+0x600/0x600 [ 118.627316][ T8466] kernel_sendmsg+0x384/0x440 [ 118.631989][ T8466] sock_no_sendpage+0x235/0x300 [ 118.636820][ T8466] ? sock_no_mmap+0x30/0x30 [ 118.641303][ T8466] sock_sendpage+0x1e1/0x2c0 [ 118.645875][ T8466] pipe_to_sendpage+0x38c/0x4c0 [ 118.650707][ T8466] ? sock_fasync+0x250/0x250 [ 118.655281][ T8466] __splice_from_pipe+0x565/0xf00 [ 118.660281][ T8466] ? generic_splice_sendpage+0x2d0/0x2d0 [ 118.665914][ T8466] generic_splice_sendpage+0x1d5/0x2d0 [ 118.671351][ T8466] ? iter_file_splice_write+0x1800/0x1800 [ 118.677046][ T8466] direct_splice_actor+0x1fd/0x580 [ 118.682138][ T8466] ? kmsan_get_metadata+0x4f/0x180 [ 118.687226][ T8466] splice_direct_to_actor+0x6b2/0xf50 [ 118.692572][ T8466] ? do_splice_direct+0x580/0x580 [ 118.697581][ T8466] do_splice_direct+0x342/0x580 [ 118.702938][ T8466] do_sendfile+0x101b/0x1d40 [ 118.707589][ T8466] __se_sys_sendfile64+0x2bb/0x360 [ 118.712719][ T8466] ? kmsan_get_metadata+0x4f/0x180 [ 118.717843][ T8466] __x64_sys_sendfile64+0x56/0x70 [ 118.722850][ T8466] do_syscall_64+0xb0/0x150 [ 118.727333][ T8466] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 118.733199][ T8466] RIP: 0033:0x440409 [ 118.737065][ T8466] Code: Bad RIP value. [ 118.741104][ T8466] RSP: 002b:00007ffd8b7e7ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 118.749489][ T8466] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440409 [ 118.757435][ T8466] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003 [ 118.765382][ T8466] RBP: 00000000006cb018 R08: 0000000000000014 R09: 65732f636f72702f [ 118.773331][ T8466] R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000401c70 [ 118.781295][ T8466] R13: 0000000000401d00 R14: 0000000000000000 R15: 0000000000000000 [ 118.789247][ T8466] [ 118.791551][ T8466] Uninit was stored to memory at: [ 118.796553][ T8466] kmsan_internal_chain_origin+0xad/0x130 [ 118.802244][ T8466] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 118.808195][ T8466] kmsan_memcpy_metadata+0xb/0x10 [ 118.813204][ T8466] __msan_memcpy+0x43/0x50 [ 118.817602][ T8466] csum_partial_copy+0xae/0x100 [ 118.822436][ T8466] skb_copy_and_csum_bits+0x227/0x1130 [ 118.827874][ T8466] icmp_glue_bits+0x166/0x380 [ 118.832533][ T8466] __ip_append_data+0x47c4/0x5630 [ 118.837534][ T8466] ip_append_data+0x328/0x480 [ 118.842247][ T8466] icmp_push_reply+0x206/0x710 [ 118.846985][ T8466] __icmp_send+0x23ca/0x3150 [ 118.851549][ T8466] ip_fragment+0x39f/0x400 [ 118.855941][ T8466] __ip_finish_output+0xd34/0xd80 [ 118.860937][ T8466] ip_finish_output+0x166/0x410 [ 118.865762][ T8466] ip_output+0x593/0x680 [ 118.869975][ T8466] __ip_queue_xmit+0x1b5c/0x21a0 [ 118.874888][ T8466] l2tp_ip_sendmsg+0x1477/0x1870 [ 118.879798][ T8466] inet_sendmsg+0x2d8/0x2e0 [ 118.884274][ T8466] kernel_sendmsg+0x384/0x440 [ 118.888926][ T8466] sock_no_sendpage+0x235/0x300 [ 118.893769][ T8466] sock_sendpage+0x1e1/0x2c0 [ 118.898366][ T8466] pipe_to_sendpage+0x38c/0x4c0 [ 118.904153][ T8466] __splice_from_pipe+0x565/0xf00 [ 118.909150][ T8466] generic_splice_sendpage+0x1d5/0x2d0 [ 118.914580][ T8466] direct_splice_actor+0x1fd/0x580 [ 118.919666][ T8466] splice_direct_to_actor+0x6b2/0xf50 [ 118.925012][ T8466] do_splice_direct+0x342/0x580 [ 118.929836][ T8466] do_sendfile+0x101b/0x1d40 [ 118.934422][ T8466] __se_sys_sendfile64+0x2bb/0x360 [ 118.939511][ T8466] __x64_sys_sendfile64+0x56/0x70 [ 118.944509][ T8466] do_syscall_64+0xb0/0x150 [ 118.949010][ T8466] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 118.954869][ T8466] [ 118.957173][ T8466] Uninit was stored to memory at: [ 118.962174][ T8466] kmsan_internal_chain_origin+0xad/0x130 [ 118.967884][ T8466] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 118.973836][ T8466] kmsan_memcpy_metadata+0xb/0x10 [ 118.978834][ T8466] __msan_memcpy+0x43/0x50 [ 118.983229][ T8466] _copy_from_iter_full+0xbfe/0x13b0 [ 118.988494][ T8466] l2tp_ip_sendmsg+0x6a5/0x1870 [ 118.993328][ T8466] inet_sendmsg+0x2d8/0x2e0 [ 118.997806][ T8466] kernel_sendmsg+0x384/0x440 [ 119.002456][ T8466] sock_no_sendpage+0x235/0x300 [ 119.007307][ T8466] sock_sendpage+0x1e1/0x2c0 [ 119.011873][ T8466] pipe_to_sendpage+0x38c/0x4c0 [ 119.016709][ T8466] __splice_from_pipe+0x565/0xf00 [ 119.021707][ T8466] generic_splice_sendpage+0x1d5/0x2d0 [ 119.027140][ T8466] direct_splice_actor+0x1fd/0x580 [ 119.032246][ T8466] splice_direct_to_actor+0x6b2/0xf50 [ 119.037592][ T8466] do_splice_direct+0x342/0x580 [ 119.042439][ T8466] do_sendfile+0x101b/0x1d40 [ 119.047114][ T8466] __se_sys_sendfile64+0x2bb/0x360 [ 119.052195][ T8466] __x64_sys_sendfile64+0x56/0x70 [ 119.057195][ T8466] do_syscall_64+0xb0/0x150 [ 119.061672][ T8466] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 119.067550][ T8466] [ 119.069868][ T8466] Uninit was created at: [ 119.074087][ T8466] kmsan_save_stack_with_flags+0x3c/0x90 [ 119.079692][ T8466] kmsan_alloc_page+0xb9/0x180 [ 119.084432][ T8466] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 119.089951][ T8466] alloc_pages_current+0x672/0x990 [ 119.095035][ T8466] push_pipe+0x605/0xb70 [ 119.099249][ T8466] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 119.104955][ T8466] do_splice_to+0x4fc/0x14f0 [ 119.109523][ T8466] splice_direct_to_actor+0x45c/0xf50 [ 119.114874][ T8466] do_splice_direct+0x342/0x580 [ 119.119813][ T8466] do_sendfile+0x101b/0x1d40 [ 119.124387][ T8466] __se_sys_sendfile64+0x2bb/0x360 [ 119.129477][ T8466] __x64_sys_sendfile64+0x56/0x70 [ 119.134481][ T8466] do_syscall_64+0xb0/0x150 [ 119.138987][ T8466] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 119.144848][ T8466] ===================================================== [ 119.151752][ T8466] Disabling lock debugging due to kernel taint [ 119.157876][ T8466] Kernel panic - not syncing: panic_on_warn set ... [ 119.164439][ T8466] CPU: 1 PID: 8466 Comm: syz-executor094 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 119.174469][ T8466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.184498][ T8466] Call Trace: [ 119.187767][ T8466] dump_stack+0x1df/0x240 [ 119.192074][ T8466] panic+0x3d5/0xc3e [ 119.195963][ T8466] kmsan_report+0x1df/0x1e0 [ 119.200445][ T8466] __msan_warning+0x58/0xa0 [ 119.204929][ T8466] __skb_checksum_complete+0x37f/0x540 [ 119.210558][ T8466] ? __skb_checksum+0x12a0/0x12a0 [ 119.215558][ T8466] ? csum_partial_ext+0xa0/0xa0 [ 119.220387][ T8466] nf_ip_checksum+0x53b/0x740 [ 119.225044][ T8466] nf_nat_icmp_reply_translation+0x2ba/0x980 [ 119.231004][ T8466] ? kmsan_get_metadata+0x4f/0x180 [ 119.236095][ T8466] nf_nat_ipv4_local_fn+0x215/0x830 [ 119.241274][ T8466] ? nf_nat_ipv4_out+0x780/0x780 [ 119.246190][ T8466] nf_hook_slow+0x16e/0x400 [ 119.250673][ T8466] __ip_local_out+0x69b/0x800 [ 119.255329][ T8466] ? __ip_local_out+0x800/0x800 [ 119.260174][ T8466] ip_push_pending_frames+0x16f/0x460 [ 119.265527][ T8466] icmp_push_reply+0x660/0x710 [ 119.270272][ T8466] __icmp_send+0x23ca/0x3150 [ 119.274858][ T8466] ? nf_ct_deliver_cached_events+0x403/0x6c0 [ 119.280811][ T8466] ? kmsan_get_metadata+0x11d/0x180 [ 119.286005][ T8466] ip_fragment+0x39f/0x400 [ 119.290399][ T8466] __ip_finish_output+0xd34/0xd80 [ 119.295415][ T8466] ip_finish_output+0x166/0x410 [ 119.300263][ T8466] ip_output+0x593/0x680 [ 119.304486][ T8466] ? ip_mc_finish_output+0x6c0/0x6c0 [ 119.309747][ T8466] ? ip_finish_output+0x410/0x410 [ 119.314748][ T8466] __ip_queue_xmit+0x1b5c/0x21a0 [ 119.319663][ T8466] ? kmsan_get_metadata+0x11d/0x180 [ 119.324856][ T8466] ? local_bh_enable+0x40/0x40 [ 119.329595][ T8466] ? kmsan_get_metadata+0x11d/0x180 [ 119.334822][ T8466] l2tp_ip_sendmsg+0x1477/0x1870 [ 119.339758][ T8466] ? kmsan_get_metadata+0x11d/0x180 [ 119.344948][ T8466] ? udp_cmsg_send+0x5d0/0x5d0 [ 119.349704][ T8466] ? l2tp_ip_destroy_sock+0x410/0x410 [ 119.355061][ T8466] inet_sendmsg+0x2d8/0x2e0 [ 119.359548][ T8466] ? inet_send_prepare+0x600/0x600 [ 119.364684][ T8466] kernel_sendmsg+0x384/0x440 [ 119.369346][ T8466] sock_no_sendpage+0x235/0x300 [ 119.374182][ T8466] ? sock_no_mmap+0x30/0x30 [ 119.379273][ T8466] sock_sendpage+0x1e1/0x2c0 [ 119.383848][ T8466] pipe_to_sendpage+0x38c/0x4c0 [ 119.388695][ T8466] ? sock_fasync+0x250/0x250 [ 119.393283][ T8466] __splice_from_pipe+0x565/0xf00 [ 119.398293][ T8466] ? generic_splice_sendpage+0x2d0/0x2d0 [ 119.403971][ T8466] generic_splice_sendpage+0x1d5/0x2d0 [ 119.409418][ T8466] ? iter_file_splice_write+0x1800/0x1800 [ 119.415119][ T8466] direct_splice_actor+0x1fd/0x580 [ 119.420212][ T8466] ? kmsan_get_metadata+0x4f/0x180 [ 119.425301][ T8466] splice_direct_to_actor+0x6b2/0xf50 [ 119.430650][ T8466] ? do_splice_direct+0x580/0x580 [ 119.435660][ T8466] do_splice_direct+0x342/0x580 [ 119.440494][ T8466] do_sendfile+0x101b/0x1d40 [ 119.445073][ T8466] __se_sys_sendfile64+0x2bb/0x360 [ 119.450159][ T8466] ? kmsan_get_metadata+0x4f/0x180 [ 119.455249][ T8466] __x64_sys_sendfile64+0x56/0x70 [ 119.460267][ T8466] do_syscall_64+0xb0/0x150 [ 119.464836][ T8466] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 119.470703][ T8466] RIP: 0033:0x440409 [ 119.474567][ T8466] Code: Bad RIP value. [ 119.478613][ T8466] RSP: 002b:00007ffd8b7e7ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 119.487002][ T8466] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440409 [ 119.495003][ T8466] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003 [ 119.502956][ T8466] RBP: 00000000006cb018 R08: 0000000000000014 R09: 65732f636f72702f [ 119.510908][ T8466] R10: 0800000080004103 R11: 0000000000000246 R12: 0000000000401c70 [ 119.518864][ T8466] R13: 0000000000401d00 R14: 0000000000000000 R15: 0000000000000000 [ 119.528014][ T8466] Kernel Offset: 0x2da00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 119.539619][ T8466] Rebooting in 86400 seconds..