[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. 2020/07/21 12:10:32 fuzzer started 2020/07/21 12:10:32 dialing manager at 10.128.0.26:46529 2020/07/21 12:10:32 syscalls: 2970 2020/07/21 12:10:32 code coverage: enabled 2020/07/21 12:10:32 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/21 12:10:32 extra coverage: enabled 2020/07/21 12:10:32 setuid sandbox: enabled 2020/07/21 12:10:32 namespace sandbox: enabled 2020/07/21 12:10:32 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/21 12:10:32 fault injection: enabled 2020/07/21 12:10:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/21 12:10:32 net packet injection: enabled 2020/07/21 12:10:32 net device setup: enabled 2020/07/21 12:10:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/21 12:10:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/21 12:10:32 USB emulation: /dev/raw-gadget does not exist 12:13:49 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x10, 0x2, 0x0) sendmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000040)="24000000220007031dfffd946f61050002000000054300000000391e421ba3a20400ff7e280000001100ffd613d3475bb65f6400004efb0000000000007e23f7efbf54000000005cc37fcfa3", 0x4c}], 0x1}, 0x0) pipe(0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000780), 0xc, 0x0}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) syzkaller login: [ 283.655196][ T8455] IPVS: ftp: loaded support on port[0] = 21 [ 283.897605][ T8455] chnl_net:caif_netlink_parms(): no params data found [ 284.140435][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.147761][ T8455] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.157092][ T8455] device bridge_slave_0 entered promiscuous mode [ 284.170057][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.177287][ T8455] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.188974][ T8455] device bridge_slave_1 entered promiscuous mode [ 284.233382][ T8455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.248204][ T8455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.290660][ T8455] team0: Port device team_slave_0 added [ 284.300965][ T8455] team0: Port device team_slave_1 added [ 284.338010][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 284.346032][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.372230][ T8455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 284.385487][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 284.392777][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.418979][ T8455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 284.616424][ T8455] device hsr_slave_0 entered promiscuous mode [ 284.780806][ T8455] device hsr_slave_1 entered promiscuous mode [ 285.201595][ T8455] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 285.227981][ T8455] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 285.396604][ T8455] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 285.476405][ T8455] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 285.779385][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.811729][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 285.821021][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 285.853767][ T8455] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.870980][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 285.881021][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 285.891020][ T8612] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.898215][ T8612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.908497][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 285.924074][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 285.933522][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 285.943289][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.950677][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.990626][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 286.001750][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 286.012538][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 286.022824][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 286.033198][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 286.043580][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 286.054377][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 286.063984][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 286.073657][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 286.083282][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 286.097473][ T8455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 286.106922][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 286.146754][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 286.157910][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 286.180573][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 286.221150][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 286.231198][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 286.275355][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 286.285284][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 286.303923][ T8455] device veth0_vlan entered promiscuous mode [ 286.321418][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 286.330392][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 286.346302][ T8455] device veth1_vlan entered promiscuous mode [ 286.393146][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 286.402585][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 286.412004][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 286.422014][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 286.438684][ T8455] device veth0_macvtap entered promiscuous mode [ 286.464871][ T8455] device veth1_macvtap entered promiscuous mode [ 286.503162][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 286.511265][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 286.520790][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 286.530226][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 286.540222][ T2307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 286.564506][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 286.572449][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 286.582379][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 286.703876][ T8660] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 286.734789][ T8661] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 12:13:53 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) setsockopt$inet_int(0xffffffffffffffff, 0x1f00000000000000, 0x0, 0x0, 0x0) tkill(0x0, 0x0) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) recvfrom$inet6(r1, &(0x7f0000000000)=""/35, 0x23, 0x0, 0x0, 0x0) shutdown(r1, 0x1) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto$inet6(r2, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) [ 286.837018][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 287.636778][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 12:13:54 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) setsockopt$inet_int(0xffffffffffffffff, 0x1f00000000000000, 0x0, 0x0, 0x0) tkill(0x0, 0x0) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace(0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) recvfrom$inet6(r1, &(0x7f0000000000)=""/35, 0x23, 0x0, 0x0, 0x0) shutdown(r1, 0x1) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendto$inet6(r2, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) [ 287.833589][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 12:13:55 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x10d082) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3fbcbab16c80fab, 0x11, r0, 0x0) write(r0, &(0x7f0000000000), 0x52698b21) 12:13:55 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000000706f1640300000000000000da5da2260c00010006"], 0x1}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x207fff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socket(0x0, 0x0, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) [ 288.804494][ T8678] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 288.813332][ T8678] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 288.822910][ T8678] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 289.117496][ T8681] IPVS: ftp: loaded support on port[0] = 21 [ 289.325776][ T8681] chnl_net:caif_netlink_parms(): no params data found [ 289.468217][ T8681] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.476465][ T8681] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.485737][ T8681] device bridge_slave_0 entered promiscuous mode [ 289.503212][ T8681] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.510651][ T8681] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.521021][ T8681] device bridge_slave_1 entered promiscuous mode 12:13:56 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000040)=[{0x15}, {0x16}]}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r1, r2, 0x0, 0xa808) [ 289.644549][ T8681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 289.678245][ T8681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 289.721209][ T8814] ===================================================== [ 289.728192][ T8814] BUG: KMSAN: uninit-value in nf_conntrack_udp_packet+0x49c/0x1130 [ 289.736096][ T8814] CPU: 1 PID: 8814 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 289.744750][ T8814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.754789][ T8814] Call Trace: [ 289.758075][ T8814] dump_stack+0x1df/0x240 [ 289.762398][ T8814] kmsan_report+0xf7/0x1e0 [ 289.766806][ T8814] __msan_warning+0x58/0xa0 [ 289.771303][ T8814] nf_conntrack_udp_packet+0x49c/0x1130 [ 289.776844][ T8814] nf_conntrack_in+0xc65/0x26b1 [ 289.781702][ T8814] ipv6_conntrack_local+0x68/0x80 [ 289.786726][ T8814] ? ipv6_conntrack_in+0x80/0x80 [ 289.791649][ T8814] nf_hook_slow+0x16e/0x400 [ 289.796153][ T8814] __ip6_local_out+0x56d/0x750 [ 289.800911][ T8814] ? __ip6_local_out+0x750/0x750 [ 289.805834][ T8814] ip6_local_out+0xa4/0x1d0 [ 289.810329][ T8814] ip6_send_skb+0xfa/0x390 [ 289.814742][ T8814] udp_v6_send_skb+0x1834/0x1e80 [ 289.819681][ T8814] udpv6_sendmsg+0x4570/0x4940 [ 289.824431][ T8814] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 289.830484][ T8814] ? aa_label_sk_perm+0x767/0x930 [ 289.835503][ T8814] ? ip_do_fragment+0x3570/0x3570 [ 289.840533][ T8814] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 289.846586][ T8814] ? aa_sk_perm+0x83c/0xcd0 [ 289.851095][ T8814] ? udpv6_rcv+0x70/0x70 [ 289.855323][ T8814] ? udpv6_rcv+0x70/0x70 [ 289.859552][ T8814] inet6_sendmsg+0x276/0x2e0 [ 289.864136][ T8814] kernel_sendmsg+0x24a/0x440 [ 289.868808][ T8814] sock_no_sendpage+0x235/0x300 [ 289.873655][ T8814] ? sock_no_mmap+0x30/0x30 [ 289.878144][ T8814] sock_sendpage+0x1e1/0x2c0 [ 289.882731][ T8814] pipe_to_sendpage+0x38c/0x4c0 [ 289.887569][ T8814] ? sock_fasync+0x250/0x250 [ 289.892154][ T8814] __splice_from_pipe+0x565/0xf00 [ 289.897168][ T8814] ? generic_splice_sendpage+0x2d0/0x2d0 [ 289.902801][ T8814] generic_splice_sendpage+0x1d5/0x2d0 [ 289.908257][ T8814] ? iter_file_splice_write+0x1800/0x1800 [ 289.913971][ T8814] direct_splice_actor+0x1fd/0x580 [ 289.919079][ T8814] ? kmsan_get_metadata+0x4f/0x180 [ 289.924180][ T8814] splice_direct_to_actor+0x6b2/0xf50 [ 289.929537][ T8814] ? do_splice_direct+0x580/0x580 [ 289.934563][ T8814] do_splice_direct+0x342/0x580 [ 289.939426][ T8814] do_sendfile+0x101b/0x1d40 [ 289.944026][ T8814] __se_sys_sendfile64+0x2bb/0x360 [ 289.949122][ T8814] ? kmsan_get_metadata+0x4f/0x180 [ 289.954224][ T8814] __x64_sys_sendfile64+0x56/0x70 [ 289.959326][ T8814] do_syscall_64+0xb0/0x150 [ 289.963817][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 289.970124][ T8814] RIP: 0033:0x45c1d9 [ 289.973996][ T8814] Code: Bad RIP value. [ 289.978042][ T8814] RSP: 002b:00007f77faad5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 289.986439][ T8814] RAX: ffffffffffffffda RBX: 00000000000260c0 RCX: 000000000045c1d9 [ 289.994396][ T8814] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 290.002363][ T8814] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 290.010320][ T8814] R10: 000000000000a808 R11: 0000000000000246 R12: 000000000078bf0c [ 290.018308][ T8814] R13: 0000000000c9fb6f R14: 00007f77faad69c0 R15: 000000000078bf0c [ 290.026272][ T8814] [ 290.028583][ T8814] Uninit was stored to memory at: [ 290.033602][ T8814] kmsan_internal_chain_origin+0xad/0x130 [ 290.039305][ T8814] __msan_chain_origin+0x50/0x90 [ 290.044321][ T8814] udp_v6_send_skb+0x19f5/0x1e80 [ 290.049241][ T8814] udpv6_sendmsg+0x4570/0x4940 [ 290.053999][ T8814] inet6_sendmsg+0x276/0x2e0 [ 290.058599][ T8814] kernel_sendmsg+0x24a/0x440 [ 290.063266][ T8814] sock_no_sendpage+0x235/0x300 [ 290.068099][ T8814] sock_sendpage+0x1e1/0x2c0 [ 290.072676][ T8814] pipe_to_sendpage+0x38c/0x4c0 [ 290.077509][ T8814] __splice_from_pipe+0x565/0xf00 [ 290.082515][ T8814] generic_splice_sendpage+0x1d5/0x2d0 [ 290.087971][ T8814] direct_splice_actor+0x1fd/0x580 [ 290.093072][ T8814] splice_direct_to_actor+0x6b2/0xf50 [ 290.098427][ T8814] do_splice_direct+0x342/0x580 [ 290.103260][ T8814] do_sendfile+0x101b/0x1d40 [ 290.107830][ T8814] __se_sys_sendfile64+0x2bb/0x360 [ 290.112923][ T8814] __x64_sys_sendfile64+0x56/0x70 [ 290.117940][ T8814] do_syscall_64+0xb0/0x150 [ 290.122430][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 290.128305][ T8814] [ 290.130649][ T8814] Uninit was stored to memory at: [ 290.135658][ T8814] kmsan_internal_chain_origin+0xad/0x130 [ 290.141371][ T8814] __msan_chain_origin+0x50/0x90 [ 290.146290][ T8814] ip_generic_getfrag+0x3b3/0x3c0 [ 290.151301][ T8814] __ip6_append_data+0x507b/0x6320 [ 290.156488][ T8814] ip6_make_skb+0x6ce/0xcf0 [ 290.160975][ T8814] udpv6_sendmsg+0x42f4/0x4940 [ 290.165718][ T8814] inet6_sendmsg+0x276/0x2e0 [ 290.170294][ T8814] kernel_sendmsg+0x24a/0x440 [ 290.174953][ T8814] sock_no_sendpage+0x235/0x300 [ 290.179789][ T8814] sock_sendpage+0x1e1/0x2c0 [ 290.184380][ T8814] pipe_to_sendpage+0x38c/0x4c0 [ 290.189215][ T8814] __splice_from_pipe+0x565/0xf00 [ 290.194238][ T8814] generic_splice_sendpage+0x1d5/0x2d0 [ 290.199679][ T8814] direct_splice_actor+0x1fd/0x580 [ 290.204776][ T8814] splice_direct_to_actor+0x6b2/0xf50 [ 290.210143][ T8814] do_splice_direct+0x342/0x580 [ 290.214985][ T8814] do_sendfile+0x101b/0x1d40 [ 290.219734][ T8814] __se_sys_sendfile64+0x2bb/0x360 [ 290.224829][ T8814] __x64_sys_sendfile64+0x56/0x70 [ 290.229835][ T8814] do_syscall_64+0xb0/0x150 [ 290.234326][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 290.240192][ T8814] [ 290.242497][ T8814] Uninit was stored to memory at: [ 290.247503][ T8814] kmsan_internal_chain_origin+0xad/0x130 [ 290.253204][ T8814] __msan_chain_origin+0x50/0x90 [ 290.258125][ T8814] csum_and_copy_from_iter_full+0x1730/0x1800 [ 290.264175][ T8814] ip_generic_getfrag+0x1fb/0x3c0 [ 290.269185][ T8814] __ip6_append_data+0x507b/0x6320 [ 290.274278][ T8814] ip6_make_skb+0x6ce/0xcf0 [ 290.278778][ T8814] udpv6_sendmsg+0x42f4/0x4940 [ 290.283527][ T8814] inet6_sendmsg+0x276/0x2e0 [ 290.288105][ T8814] kernel_sendmsg+0x24a/0x440 [ 290.292772][ T8814] sock_no_sendpage+0x235/0x300 [ 290.297604][ T8814] sock_sendpage+0x1e1/0x2c0 [ 290.302191][ T8814] pipe_to_sendpage+0x38c/0x4c0 [ 290.307023][ T8814] __splice_from_pipe+0x565/0xf00 [ 290.312030][ T8814] generic_splice_sendpage+0x1d5/0x2d0 [ 290.317488][ T8814] direct_splice_actor+0x1fd/0x580 [ 290.322583][ T8814] splice_direct_to_actor+0x6b2/0xf50 [ 290.327955][ T8814] do_splice_direct+0x342/0x580 [ 290.332892][ T8814] do_sendfile+0x101b/0x1d40 [ 290.337487][ T8814] __se_sys_sendfile64+0x2bb/0x360 [ 290.342595][ T8814] __x64_sys_sendfile64+0x56/0x70 [ 290.347640][ T8814] do_syscall_64+0xb0/0x150 [ 290.352137][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 290.360266][ T8814] [ 290.362578][ T8814] Uninit was stored to memory at: [ 290.367596][ T8814] kmsan_internal_chain_origin+0xad/0x130 [ 290.373299][ T8814] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 290.379262][ T8814] kmsan_memcpy_metadata+0xb/0x10 [ 290.384266][ T8814] __msan_memcpy+0x43/0x50 [ 290.388667][ T8814] csum_partial_copy+0xae/0x100 [ 290.393498][ T8814] csum_and_copy_from_iter_full+0xdca/0x1800 [ 290.399465][ T8814] ip_generic_getfrag+0x1fb/0x3c0 [ 290.404481][ T8814] __ip6_append_data+0x507b/0x6320 [ 290.409591][ T8814] ip6_make_skb+0x6ce/0xcf0 [ 290.414081][ T8814] udpv6_sendmsg+0x42f4/0x4940 [ 290.418829][ T8814] inet6_sendmsg+0x276/0x2e0 [ 290.423402][ T8814] kernel_sendmsg+0x24a/0x440 [ 290.428066][ T8814] sock_no_sendpage+0x235/0x300 [ 290.432903][ T8814] sock_sendpage+0x1e1/0x2c0 [ 290.437479][ T8814] pipe_to_sendpage+0x38c/0x4c0 [ 290.442318][ T8814] __splice_from_pipe+0x565/0xf00 [ 290.447341][ T8814] generic_splice_sendpage+0x1d5/0x2d0 [ 290.453050][ T8814] direct_splice_actor+0x1fd/0x580 [ 290.458232][ T8814] splice_direct_to_actor+0x6b2/0xf50 [ 290.463591][ T8814] do_splice_direct+0x342/0x580 [ 290.468426][ T8814] do_sendfile+0x101b/0x1d40 [ 290.473000][ T8814] __se_sys_sendfile64+0x2bb/0x360 [ 290.478092][ T8814] __x64_sys_sendfile64+0x56/0x70 [ 290.483101][ T8814] do_syscall_64+0xb0/0x150 [ 290.487589][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 290.493457][ T8814] [ 290.495766][ T8814] Uninit was created at: [ 290.500230][ T8814] kmsan_save_stack_with_flags+0x3c/0x90 [ 290.505852][ T8814] kmsan_alloc_page+0xb9/0x180 [ 290.510720][ T8814] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 290.516255][ T8814] alloc_pages_current+0x672/0x990 [ 290.521355][ T8814] push_pipe+0x605/0xb70 [ 290.525587][ T8814] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 290.531311][ T8814] do_splice_to+0x4fc/0x14f0 [ 290.535887][ T8814] splice_direct_to_actor+0x45c/0xf50 [ 290.541272][ T8814] do_splice_direct+0x342/0x580 [ 290.546126][ T8814] do_sendfile+0x101b/0x1d40 [ 290.550700][ T8814] __se_sys_sendfile64+0x2bb/0x360 [ 290.555794][ T8814] __x64_sys_sendfile64+0x56/0x70 [ 290.560802][ T8814] do_syscall_64+0xb0/0x150 [ 290.565292][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 290.571160][ T8814] ===================================================== [ 290.578074][ T8814] Disabling lock debugging due to kernel taint [ 290.584215][ T8814] Kernel panic - not syncing: panic_on_warn set ... [ 290.591005][ T8814] CPU: 1 PID: 8814 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 290.600959][ T8814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 290.610998][ T8814] Call Trace: [ 290.614280][ T8814] dump_stack+0x1df/0x240 [ 290.618619][ T8814] panic+0x3d5/0xc3e [ 290.622536][ T8814] kmsan_report+0x1df/0x1e0 [ 290.627033][ T8814] __msan_warning+0x58/0xa0 [ 290.631526][ T8814] nf_conntrack_udp_packet+0x49c/0x1130 [ 290.637069][ T8814] nf_conntrack_in+0xc65/0x26b1 [ 290.641926][ T8814] ipv6_conntrack_local+0x68/0x80 [ 290.646938][ T8814] ? ipv6_conntrack_in+0x80/0x80 [ 290.651864][ T8814] nf_hook_slow+0x16e/0x400 [ 290.656360][ T8814] __ip6_local_out+0x56d/0x750 [ 290.661209][ T8814] ? __ip6_local_out+0x750/0x750 [ 290.666131][ T8814] ip6_local_out+0xa4/0x1d0 [ 290.670626][ T8814] ip6_send_skb+0xfa/0x390 [ 290.675040][ T8814] udp_v6_send_skb+0x1834/0x1e80 [ 290.679978][ T8814] udpv6_sendmsg+0x4570/0x4940 [ 290.684746][ T8814] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 290.690901][ T8814] ? aa_label_sk_perm+0x767/0x930 [ 290.696183][ T8814] ? ip_do_fragment+0x3570/0x3570 [ 290.701218][ T8814] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 290.707271][ T8814] ? aa_sk_perm+0x83c/0xcd0 [ 290.711781][ T8814] ? udpv6_rcv+0x70/0x70 [ 290.716007][ T8814] ? udpv6_rcv+0x70/0x70 [ 290.720236][ T8814] inet6_sendmsg+0x276/0x2e0 [ 290.724906][ T8814] kernel_sendmsg+0x24a/0x440 [ 290.729575][ T8814] sock_no_sendpage+0x235/0x300 [ 290.734419][ T8814] ? sock_no_mmap+0x30/0x30 [ 290.738909][ T8814] sock_sendpage+0x1e1/0x2c0 [ 290.743493][ T8814] pipe_to_sendpage+0x38c/0x4c0 [ 290.748332][ T8814] ? sock_fasync+0x250/0x250 [ 290.752917][ T8814] __splice_from_pipe+0x565/0xf00 [ 290.757939][ T8814] ? generic_splice_sendpage+0x2d0/0x2d0 [ 290.763573][ T8814] generic_splice_sendpage+0x1d5/0x2d0 [ 290.769033][ T8814] ? iter_file_splice_write+0x1800/0x1800 [ 290.774740][ T8814] direct_splice_actor+0x1fd/0x580 [ 290.779854][ T8814] ? kmsan_get_metadata+0x4f/0x180 [ 290.784954][ T8814] splice_direct_to_actor+0x6b2/0xf50 [ 290.790311][ T8814] ? do_splice_direct+0x580/0x580 [ 290.795343][ T8814] do_splice_direct+0x342/0x580 [ 290.800192][ T8814] do_sendfile+0x101b/0x1d40 [ 290.804784][ T8814] __se_sys_sendfile64+0x2bb/0x360 [ 290.809880][ T8814] ? kmsan_get_metadata+0x4f/0x180 [ 290.814980][ T8814] __x64_sys_sendfile64+0x56/0x70 [ 290.819992][ T8814] do_syscall_64+0xb0/0x150 [ 290.824490][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 290.830366][ T8814] RIP: 0033:0x45c1d9 [ 290.834238][ T8814] Code: Bad RIP value. [ 290.838388][ T8814] RSP: 002b:00007f77faad5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 290.846783][ T8814] RAX: ffffffffffffffda RBX: 00000000000260c0 RCX: 000000000045c1d9 [ 290.854825][ T8814] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 290.862783][ T8814] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 290.870740][ T8814] R10: 000000000000a808 R11: 0000000000000246 R12: 000000000078bf0c [ 290.878697][ T8814] R13: 0000000000c9fb6f R14: 00007f77faad69c0 R15: 000000000078bf0c [ 290.888226][ T8814] Kernel Offset: 0xb800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 290.899774][ T8814] Rebooting in 86400 seconds..