[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 117.987973][ T8434] sshd (8434) used greatest stack depth: 3816 bytes left Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts. 2020/07/20 01:28:17 fuzzer started 2020/07/20 01:28:18 dialing manager at 10.128.0.26:33695 2020/07/20 01:28:18 syscalls: 3087 2020/07/20 01:28:18 code coverage: enabled 2020/07/20 01:28:18 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/20 01:28:18 extra coverage: enabled 2020/07/20 01:28:18 setuid sandbox: enabled 2020/07/20 01:28:18 namespace sandbox: enabled 2020/07/20 01:28:18 Android sandbox: enabled 2020/07/20 01:28:18 fault injection: enabled 2020/07/20 01:28:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/20 01:28:18 net packet injection: enabled 2020/07/20 01:28:18 net device setup: enabled 2020/07/20 01:28:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/20 01:28:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/20 01:28:18 USB emulation: /dev/raw-gadget does not exist 01:30:58 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r1, 0x1ad}, 0x14}}, 0x0) [ 290.533678][ T33] audit: type=1400 audit(1595208658.642:8): avc: denied { execmem } for pid=8477 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 290.874486][ T8478] IPVS: ftp: loaded support on port[0] = 21 [ 291.115087][ T8478] chnl_net:caif_netlink_parms(): no params data found [ 291.358608][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.366453][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.375855][ T8478] device bridge_slave_0 entered promiscuous mode [ 291.387629][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.395296][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.405693][ T8478] device bridge_slave_1 entered promiscuous mode [ 291.458184][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 291.475310][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.530003][ T8478] team0: Port device team_slave_0 added [ 291.541039][ T8478] team0: Port device team_slave_1 added [ 291.588467][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 291.596014][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.623489][ T8478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 291.638790][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 291.646909][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.673202][ T8478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 291.890983][ T8478] device hsr_slave_0 entered promiscuous mode [ 291.964653][ T8478] device hsr_slave_1 entered promiscuous mode [ 292.427022][ T8478] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 292.479740][ T8478] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 292.530443][ T8478] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 292.789705][ T8478] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 293.157512][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.208365][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 293.217787][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 293.255642][ T8478] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.270513][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 293.281010][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 293.290486][ T3086] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.297789][ T3086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.367249][ T8478] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 293.379403][ T8478] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 293.395237][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 293.404734][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 293.414583][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 293.424084][ T3086] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.431298][ T3086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.440357][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 293.451010][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 293.461829][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 293.474379][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 293.484920][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 293.495173][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 293.505618][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 293.515388][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 293.526139][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 293.535915][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 293.555629][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 293.565969][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 293.620504][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 293.628680][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 293.659814][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.739000][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 293.749922][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 293.803153][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 293.812890][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 293.830662][ T8478] device veth0_vlan entered promiscuous mode [ 293.842103][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 293.851499][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 293.875367][ T8478] device veth1_vlan entered promiscuous mode [ 293.924748][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 293.934067][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 293.943563][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 293.953447][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 293.970971][ T8478] device veth0_macvtap entered promiscuous mode [ 293.987677][ T8478] device veth1_macvtap entered promiscuous mode [ 294.023801][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.036163][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 294.045555][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 294.055711][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 294.065618][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 294.084348][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.115584][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 294.125792][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 01:31:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x1b2, 0x4) connect(r0, &(0x7f00000001c0)=@in={0x2, 0x4e24, @remote}, 0x80) sendmmsg(r0, &(0x7f00000002c0), 0x4000000000000d7, 0x0) pipe2(0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setresuid(0x0, 0x0, 0x0) [ 294.820855][ C0] hrtimer: interrupt took 59828 ns 01:31:04 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x1b2, 0x4) connect(r0, &(0x7f00000001c0)=@in={0x2, 0x4e24, @remote}, 0x80) sendmmsg(r0, &(0x7f00000002c0), 0x4000000000000d7, 0x0) pipe2(0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setresuid(0x0, 0x0, 0x0) 01:31:05 executing program 0: r0 = socket(0x10, 0x8000000000000003, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r2, @ANYBLOB="0001000000000000240012000c0001006272696467650000140002000800050001000000080001"], 0x44}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x400000000000281, 0x0) [ 297.232638][ T8717] device bridge1 entered promiscuous mode [ 297.266670][ T8722] device bridge2 entered promiscuous mode 01:31:05 executing program 0: getsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00@'], 0x0) r0 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f00000002c0)="84", 0x1, r1) keyctl$dh_compute(0x17, &(0x7f0000000400)={r2, r0, r0}, 0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={'sha512-generic\x00'}}) 01:31:05 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) 01:31:05 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) 01:31:05 executing program 1: r0 = socket$inet6(0xa, 0x802, 0x88) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000580), 0x4) sendmmsg(r0, &(0x7f0000008000)=[{{0x0, 0x0, &(0x7f00000027c0)}}], 0x400000000000158, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x2, 0x4e23, @multicast1}, 0x80) 01:31:06 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) 01:31:06 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) [ 298.292773][ T8742] IPVS: ftp: loaded support on port[0] = 21 01:31:06 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) 01:31:06 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) socket$inet_icmp_raw(0x2, 0x3, 0x1) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) [ 298.741891][ T8742] chnl_net:caif_netlink_parms(): no params data found 01:31:06 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) [ 298.954418][ T8742] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.961829][ T8742] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.971643][ T8742] device bridge_slave_0 entered promiscuous mode [ 299.023547][ T8742] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.031002][ T8742] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.041592][ T8742] device bridge_slave_1 entered promiscuous mode 01:31:07 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) [ 299.149863][ T8742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.177890][ T8742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.258691][ T8742] team0: Port device team_slave_0 added [ 299.284035][ T8742] team0: Port device team_slave_1 added 01:31:07 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) [ 299.328468][ T8742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.336733][ T8742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.363686][ T8742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.413440][ T8742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.420593][ T8742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.446874][ T8742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.580796][ T8742] device hsr_slave_0 entered promiscuous mode [ 299.613835][ T8742] device hsr_slave_1 entered promiscuous mode [ 299.653071][ T8742] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 299.660701][ T8742] Cannot create hsr debugfs directory 01:31:07 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) [ 299.988362][ T8742] netdevsim netdevsim1 netdevsim0: renamed from eth0 01:31:08 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) [ 300.041158][ T8742] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 300.090390][ T8742] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 300.131124][ T8742] netdevsim netdevsim1 netdevsim3: renamed from eth3 01:31:08 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) 01:31:08 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) [ 300.470101][ T8742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.528542][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 300.538038][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 300.554453][ T8742] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.593552][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 300.604236][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 300.614079][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.621636][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.721240][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 300.730838][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 300.740986][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 300.750679][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.758066][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.767109][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 300.777830][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 300.788558][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 300.798898][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 300.809166][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 300.819346][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 300.829676][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 300.839201][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 300.848841][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 300.858437][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 300.871303][ T8742] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 300.880848][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 301.008744][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 301.017593][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 301.042802][ T8742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 301.089032][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 301.099563][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 301.148746][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 301.158367][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 301.179370][ T8742] device veth0_vlan entered promiscuous mode [ 301.198245][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 301.207556][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 301.231171][ T8742] device veth1_vlan entered promiscuous mode [ 301.287480][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 301.298822][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 301.308356][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 301.318520][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 301.339015][ T8742] device veth0_macvtap entered promiscuous mode [ 301.355267][ T2309] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 301.369264][ T8742] device veth1_macvtap entered promiscuous mode [ 301.415476][ T8742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 301.426210][ T8742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.441437][ T8742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 301.453761][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 301.463880][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 301.514755][ T8742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 301.526908][ T8742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.540267][ T8742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 301.552401][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 301.562339][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 01:31:10 executing program 1: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) r1 = socket(0x18, 0x0, 0x1) dup2(r1, r0) io_setup(0x9, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f0000000180)={0x0, 0x0, 0x80000000000000, 0xc, 0x0, r0, 0x0}]) 01:31:10 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) 01:31:10 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) 01:31:10 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x100, @empty, 0x1}, 0x70) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') r3 = creat(&(0x7f0000000300)='./bus\x00', 0x0) dup3(r3, r1, 0x0) sendfile(r1, r2, &(0x7f0000000040)=0x100060, 0xa808) ioctl$TCFLSH(r2, 0x540b, 0x2) r4 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x404c0c0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) sendto$inet(r4, &(0x7f0000000080), 0xe380, 0x100000000000000, &(0x7f00000001c0), 0x10) r5 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) sendto$inet(r5, 0x0, 0x0, 0x404c0c0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) sendto$inet(r5, &(0x7f0000000080), 0xe380, 0x100000000000000, &(0x7f00000001c0), 0x10) sendmmsg(r5, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="d30c43ee04451405a2b53860867bc7dfe94d176624f4f01775289b334765bee2df4252ec26d62c5ff0f191e2c49d44f280ad7b5c53a85a20fcd28ca99e555e8e38ff041aac4b555f8c33c54758a33e8c9c2e5671550db03a18a67d9083b1aec8c8ac153ea2fb1caa5a58d9373322a307999644acc7aa8a22c93a28e832d770849c21e88c7c99bf7066f32dc2a19526f086bb10e424290786551990b7c2fbea", 0x9f}, {&(0x7f0000000200)="352b586759642d7ebdc855ac01c721c52894ce62bf54cb1932305781c69206a9d11ae03e730b540d90b901a8ac7f40e9104830d8fbe29aea70dd1f08cda5959133d1f1e92e0eef250726faaedf7e469c09b94dbc691245e5a4d3e5c5a074c0717ba4e164b6457573007d5c45ff1c166efa21cc157681135517c0dded2dd05fbc52c3843a", 0x84}, {&(0x7f0000000340)="97bcb598696b2f94e16b5a059b6dbe68ca6cb39565246cc4e65a1023f97ebc9f459c60da67f268d8d657dafa82443453c3bda369bbc36dc54dd0548aba37de44de6c7dac019ea64f561afed171524c281b6243ef567be2122a03bb955ccf42c170dd68702aa5236d45a87b4884c882a56cf0e65f7161dc2bae98d4b62348e3cbcddcca0ba04101fcb87ba9e96025ead394cda3a602df27c9c1561e84313d73eef6c3458db92aa512426cf0850ad66fc06ac9e1d6d1e2261f730c95179396f73ff0f1c382", 0xc4}, {&(0x7f0000000480)="70204904e2054ded4465e0045ed71733f116fe60ea26b5d469fdf510405bcc44c48cad1d4e520951df2bbae54ae7d0bae0ed71a198ad3ea85b927dcb68b2d2882945341c75604e39b87811373d61091404964f3a4960f573eb82d37ff32fd57b10f07229a09d6309c766fd51c5ae06c6751cc45b200e88e7ea8b24441f319aacbbddb4f5487ad2ac07df11b4e36ae47de8a243", 0x93}, {&(0x7f0000000540)="d1433ebafd26e03449fc8f8d875664f07ccb154d197bbecfb9dd23726055c79ee454b66ab448899dfefd0a8220ede2665e608a485d607bb9690aae12f61ea5050a7f42adcc01c5490a79bd0d6e1dc90f5307ae16dff61cfd3ec6c7facee88a457a3d63ee2c6a76fcc168e1305831be1e1aeb10d0a7b3be6dbfe217a64ca26b3b697b6c012e36b1609e38f919abccc3aa7b81ed9b2e4d9107eed2ed96a68e5bc15e5e5e6fe4bb8ef66710a3f136a17a9390d892cb709cd3355768195d162605a36f3e5ec09e0be51ce050b00e509df6b2733b598f56b84493a495ed8c95538d56e2d97cc7e35997c4ca1c346f3d90709790423d024b02314c01fa680da038", 0xfe}], 0x5, &(0x7f0000001400)=ANY=[@ANYBLOB="6c0000000b0100000800000053fc49dd42bc390daa6e928c04a10ee2ea9eaa50e2ac1c11b1aef4e3b13791b47a4d5ad80cd23718730d1d034c0bc34adbd6aaa81945a23ff7c60a62195fb961c910c88ff852339ba4f0bc58412c1ca3c1c8047a985115788b7f5020c220ab00600000000801000000000000d48bdcd7d9ed177a040e540602e5b9ed9ab254ff6fbc9a934f350290263d103aa4d439918768f94f3830fe011e6978b1e1bb07bbac001459862c9932311fc82851bb8d701c8684b0874d34108bd0c9848ef3e1004c0000008800000004000000c4fde3fd50d167ae6e3bc4ac86dc394e9f961411d769219ba9e3a697a7c20537ad2d41677faa0aa510d53eaf40ecd5bbcdb3b404d52b3f9d2916997e0a6a0f00b80000001001000001040000d3b6a8bce02a61c26180b2fe54133e48b4ec74820f0273a2e978adad78d56e6960f3bdc33cb72d4e9ef9c7a1fed11f257ac64c8251aba9744697485ba40be5c7613b90ed98cbd1f0a13dbbaa2b182cf4f664676391073d1fd9a0431e6cc63db452a77e895d9b5d29dad5e46f3767e675b2678c2d164e166cbd091dcf91b1f43b0d0f68ebdd3b6a1e430a4575686d013f5108cc7f58a7fdb8458274fbe34211721370940df593c7b84e000000ac00000088000000ffffffff70374c60a1f6e06ed406cc3495cefeb4d375765d823549ea127b32e53f2e7478679c319e03e3c5ffc72905a404f50631e9f33b23a877229c40478a69cf87d3b74557a0e90c6cef8856c42fba08bd682aae61e1efeb7812ad5f4c84f81d0e0f3712996ff566f66d3e93a8a1942a8e693b666899376c06ac1ceb094605faa330bf0f3ee979509862d4423701f0d7110a0f18fbcaf80fbff69c58ede828849a483b1c0000000a01000000040000a11376181186eaef576a54be6bc79e004800000014010000020000009e20c068e2101098dfaa00ba55a784f320a4c84ab5ce4f1a1c41ed8d40ab0ddc9993ac4a60ae063d6ce89a91678058ffa8c7bfd9f08ee472fa000000d400000019010000ff070000ef78bbea364c6f34b5893b238b4ccf5d9074be0a085d5bd3df3859a7af08e4ea2f992342793304a8a6255922a3ec4a03f81e86f4c338d520be2f83243b58c972df98b645e76cd6b44908ad1dafb336485a44469438f133a0c8820fb5e336d2a565874a342360ac4251bb40eb7c8d50f42528cf09c33987ae20215c54b7b18a8ffbee0f29a705246c470712416b9f3d8a4dd436b7c24820e05243e25c948478d4f15e78f8f944c1e5abae0f60722b1c1943472d62bcaef49bc7e6aa8dc5b871f0defaeec5ac000000"], 0x3b4}}, {{0x0, 0x0, &(0x7f0000000fc0)=[{&(0x7f0000000980)="d3238e7c9bf49f5157463839b4b2d4f552e94ff0824bbb62a8efab44de3fbcdfc11c9a10307ffa475ed7a9ad80cccf1808e7764e393cec93a1e994aa00b71710522dc148f546e778eb8cc2f3ed4f7bd800fe58d080fa4121600beb06f25aaecea52a9e97bbde2c562965bdeeb85643ae75b9871d1dfb1595851b8428d4670418cc93da31ff3d454dfba8c4ca3da4fc401f9165088ac706d7f82f9d95f7c714d20ff2c521a2281e2e44d8ae8935ea060bda1e6a61defff8ca125f3dc8a15f1d0efaabafaf020cb8bd77833faa4a7576ab27e0a25fe9b4fb61ccd7518f4956ed2c2226b345166dc3bfbc74c4c5f2132a5f97072482cb3bd128ffcc57db", 0xfc}, {&(0x7f0000000a80)="ffdc619766d7a86a31b3c24a5ccf843fe5d8b569fbcb979040c18e9399daaa9343ca58b68486514970351e6608c61388a7f23d4e804f5ef372affa0947b06391cfe032ec1b532f431e7d9424b85278dab3519ab82b177d199ebe432dacff5a3e042fc42d12d93e626ccfc1ecdaf16a6d5b2ef2ae96b4caee6469c3d4b255afc381411d5b1c48ab6550fceeb5bc95da142004d5dadf2ca26e045c3a923e1bd606d182569355df9cd216eff3fa95a4b6beb02afddaeea53d71598a6f30841be5", 0xbf}, {&(0x7f0000000b40)="af877902f17511dc98492c1f0cb3db7ac249f9378ccbaa55f322eadfe99536f10af0a31a3e5b7f55ed88815bc0c1d50c7c67a0d35718d19c5607701053c1309d04efbe1333bc2927a89417b5d9fda371d611fca0", 0x54}, {&(0x7f0000000bc0)="133432eaee0a74b7a0c3ebb56aff4d197be51adf69383b0701d46113df593182c9dccd6eedb14222ca35b78184f80518ccd29df592b45cb055d4f625f077ed72a12115d0f88175add7e016531fb7ce70e5f7", 0x52}, {&(0x7f0000000c40)="d44f91ee7fb5af5e95a00b5b7b05cb19ae4a2f78c802de15ae124c3b1270547f25c8cc69b86c9459353f063a9098b674aceb664dc51ecf25131a5a901f2d7f8e96af07cfda27134f21bd3222dafaecf0538564dac99596cdd2949abf485e", 0x5e}, {&(0x7f0000000cc0)="938065dbcda5751787fb2c61c11d932325806f54f349367cdac75219bd608edc29b4c857127b6a201554aff2827f487092d1c7d29e0ac8f2865caa4adf3d5a165e9b4f0766cebd0bfecf8865703577d3e8f84f2185140858c839d553df7c", 0x5e}, {&(0x7f0000000d40)="9c974223d46a666119f0cc75633556645d2eb51a7880a319eef68da2c0811711da29efb783bd562004e524ae866451b43812ec3acdcd5ba8a134ec7ee45537674d6240dbe1ebb0f790ff7890578cf21719e9a4033b01a805d529c184ccdea2553c6cc649523d0921c146445a21b811f4a8ff56d3c0c39c54bc9b5e48eb2f4e603c0105f0354c3fb2d99ebdcb2cdacc9bdeccfded0151b28d8df30eb5ec575dafb356895f4961bb36fd5d94fab3999ee0d59ec0f81651", 0xb6}, {&(0x7f0000000e00)="e9e11e56f8a844295649341feba5803602e458d83695adab0a5bacf1173c370548a98827360720bdcfa2c04348394c10ccdacefb2264c2b34bd78168c0331cda68d29190422bae62ba991abca0d3021d2cf73dbf66f49ba8a688e63d13c6e6b606794dd123f72b71da9655eecf9875b544fefdb2134348aedf18aecab67a7f48ad7a3b63", 0x84}, {&(0x7f0000000ec0)="250f24e8dbd88fadbcd666d76defc9ef08104ef645e038ca73761958f98fc7fa19ee4bb8e395322aceb2f630727d21c420712448cd4b4221ee93e43aecd615c1497df57bc437b00ef5deb02f416da4fb381d175910ed1baf97d01b9f2a01295d895e81ad4b96f1bde809f9dacf9aa18d277c596875f873077210cee97ad8616a498d0a54514b90e1a21482979202e30e92ee74195a3206ff10562f64e66fe69c7c86326ffb13d56f59df4296787abc6bfb8664398d15dcd40b592ac3a859b5e5278f197cf780472e493c29f025b367ab1eb7ade251387a9b5537ea57cb9b8fa964ffb803505e281a95a989f89641b5c8f34378a01d", 0xf5}], 0x9}}], 0x2, 0x90) 01:31:10 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0x120) 01:31:11 executing program 0: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x24, &(0x7f0000000040)=0x7, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, &(0x7f0000000000)=0x7, 0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000440)=ANY=[], 0x120) [ 302.911968][ T9006] ===================================================== [ 302.919319][ T9006] BUG: KMSAN: uninit-value in kmsan_handle_dma+0x9f/0xb0 [ 302.926771][ T9006] CPU: 1 PID: 9006 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 302.936041][ T9006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.946258][ T9006] Call Trace: [ 302.950948][ T9006] dump_stack+0x1df/0x240 [ 302.955732][ T9006] kmsan_report+0xf7/0x1e0 [ 302.960699][ T9006] kmsan_internal_check_memory+0x358/0x3d0 [ 302.966994][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 302.972903][ T9006] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 302.978962][ T9006] kmsan_handle_dma+0x9f/0xb0 [ 302.983915][ T9006] virtqueue_add+0x46db/0x70f0 [ 302.988687][ T9006] ? mempool_alloc_slab+0x66/0xc0 [ 302.993702][ T9006] ? mempool_free+0x430/0x430 [ 302.998830][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.004021][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.009833][ T9006] virtqueue_add_sgs+0x319/0x330 [ 303.014804][ T9006] virtscsi_add_cmd+0x888/0xb20 [ 303.019829][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.025030][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.031019][ T9006] virtscsi_queuecommand+0xe72/0x1080 [ 303.036566][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.042468][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.047668][ T9006] ? virtscsi_init+0x1220/0x1220 [ 303.052612][ T9006] scsi_queue_rq+0x3eb7/0x4b00 [ 303.057378][ T9006] ? scsi_vpd_tpg_id+0x3e0/0x3e0 [ 303.062413][ T9006] blk_mq_dispatch_rq_list+0x931/0x3430 [ 303.067958][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.073758][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.079602][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.085532][ T9006] ? __msan_metadata_ptr_for_load_4+0x20/0x20 [ 303.092151][ T9006] blk_mq_do_dispatch_sched+0x609/0x880 [ 303.097698][ T9006] __blk_mq_sched_dispatch_requests+0x60e/0x8f0 [ 303.103927][ T9006] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 303.110081][ T9006] ? rb_insert_color+0xbbe/0x1180 [ 303.115189][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.120391][ T9006] blk_mq_sched_dispatch_requests+0x15d/0x2d0 [ 303.126796][ T9006] __blk_mq_run_hw_queue+0x171/0x3a0 [ 303.132172][ T9006] __blk_mq_delay_run_hw_queue+0x15d/0x6a0 [ 303.138276][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.143485][ T9006] blk_mq_run_hw_queue+0x4ac/0x670 [ 303.148965][ T9006] blk_mq_sched_insert_requests+0x496/0x640 [ 303.154867][ T9006] blk_mq_flush_plug_list+0xb21/0xca0 [ 303.160497][ T9006] blk_flush_plug_list+0x72f/0x7b0 [ 303.165626][ T9006] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 303.171700][ T9006] blk_finish_plug+0xa0/0xd0 [ 303.176293][ T9006] ext4_writepages+0x59d0/0x64c0 [ 303.181276][ T9006] ? ext4_readpage+0x3e0/0x3e0 [ 303.186036][ T9006] do_writepages+0x143/0x400 [ 303.190620][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.195822][ T9006] __filemap_fdatawrite_range+0x53b/0x5b0 [ 303.201536][ T9006] filemap_flush+0x66/0x70 [ 303.206390][ T9006] ext4_alloc_da_blocks+0x22d/0x290 [ 303.211577][ T9006] ext4_release_file+0xa0/0x3e0 [ 303.216420][ T9006] ? ext4_file_open+0xb50/0xb50 [ 303.221255][ T9006] __fput+0x4ae/0xb80 [ 303.225229][ T9006] ____fput+0x37/0x40 [ 303.229196][ T9006] ? fput_many+0x2a0/0x2a0 [ 303.233622][ T9006] task_work_run+0x1ee/0x2d0 [ 303.238301][ T9006] __prepare_exit_to_usermode+0x422/0x4d0 [ 303.244013][ T9006] __syscall_return_slowpath+0x89/0x5b0 [ 303.249547][ T9006] ? kmsan_get_metadata+0x4f/0x180 [ 303.254648][ T9006] __do_fast_syscall_32+0x303/0x400 [ 303.259839][ T9006] do_fast_syscall_32+0x6b/0xd0 [ 303.265375][ T9006] do_SYSENTER_32+0x73/0x90 [ 303.269867][ T9006] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 303.276176][ T9006] RIP: 0023:0xf7faf549 [ 303.280222][ T9006] Code: Bad RIP value. [ 303.284266][ T9006] RSP: 002b:00000000ff8ca1dc EFLAGS: 00000296 ORIG_RAX: 0000000000000006 [ 303.292659][ T9006] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000000000 [ 303.300614][ T9006] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000 [ 303.308578][ T9006] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 303.316536][ T9006] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 303.324505][ T9006] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 303.332468][ T9006] [ 303.334797][ T9006] Uninit was stored to memory at: [ 303.339807][ T9006] kmsan_internal_chain_origin+0xad/0x130 [ 303.345529][ T9006] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 303.351575][ T9006] kmsan_memcpy_metadata+0xb/0x10 [ 303.356605][ T9006] __msan_memcpy+0x43/0x50 [ 303.361009][ T9006] iov_iter_copy_from_user_atomic+0x11b1/0x1780 [ 303.367233][ T9006] generic_perform_write+0x499/0x9a0 [ 303.372766][ T9006] ext4_buffered_write_iter+0x795/0xac0 [ 303.378293][ T9006] ext4_file_write_iter+0x1034/0x2dd0 [ 303.383666][ T9006] do_iter_readv_writev+0x94a/0xb10 [ 303.388848][ T9006] do_iter_write+0x303/0xdc0 [ 303.394119][ T9006] vfs_iter_write+0x118/0x180 [ 303.398803][ T9006] iter_file_splice_write+0xb5f/0x1800 [ 303.404270][ T9006] direct_splice_actor+0x1fd/0x580 [ 303.409370][ T9006] splice_direct_to_actor+0x6b2/0xf50 [ 303.414735][ T9006] do_splice_direct+0x342/0x580 [ 303.419569][ T9006] do_sendfile+0x101b/0x1d40 [ 303.424145][ T9006] __se_compat_sys_sendfile+0x1cb/0x3c0 [ 303.429860][ T9006] __ia32_compat_sys_sendfile+0x56/0x70 [ 303.435390][ T9006] __do_fast_syscall_32+0x2aa/0x400 [ 303.440750][ T9006] do_fast_syscall_32+0x6b/0xd0 [ 303.447170][ T9006] do_SYSENTER_32+0x73/0x90 [ 303.452535][ T9006] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 303.458855][ T9006] [ 303.461163][ T9006] Uninit was created at: [ 303.465392][ T9006] kmsan_save_stack_with_flags+0x3c/0x90 [ 303.471021][ T9006] kmsan_alloc_page+0xb9/0x180 [ 303.475769][ T9006] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 303.481298][ T9006] alloc_pages_current+0x672/0x990 [ 303.486412][ T9006] push_pipe+0x605/0xb70 [ 303.490644][ T9006] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 303.496440][ T9006] do_splice_to+0x4fc/0x14f0 [ 303.501147][ T9006] splice_direct_to_actor+0x45c/0xf50 [ 303.506600][ T9006] do_splice_direct+0x342/0x580 [ 303.511458][ T9006] do_sendfile+0x101b/0x1d40 [ 303.516033][ T9006] __se_compat_sys_sendfile+0x1cb/0x3c0 [ 303.521561][ T9006] __ia32_compat_sys_sendfile+0x56/0x70 [ 303.527179][ T9006] __do_fast_syscall_32+0x2aa/0x400 [ 303.532449][ T9006] do_fast_syscall_32+0x6b/0xd0 [ 303.537283][ T9006] do_SYSENTER_32+0x73/0x90 [ 303.541774][ T9006] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 303.548175][ T9006] [ 303.550705][ T9006] Bytes 0-4095 of 4096 are uninitialized [ 303.556417][ T9006] Memory access of size 4096 starts at ffffa34058834000 [ 303.563330][ T9006] ===================================================== [ 303.570242][ T9006] Disabling lock debugging due to kernel taint [ 303.576462][ T9006] Kernel panic - not syncing: panic_on_warn set ... [ 303.583048][ T9006] CPU: 1 PID: 9006 Comm: syz-executor.1 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 303.593003][ T9006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.603659][ T9006] Call Trace: [ 303.606979][ T9006] dump_stack+0x1df/0x240 [ 303.611312][ T9006] panic+0x3d5/0xc3e [ 303.615216][ T9006] kmsan_report+0x1df/0x1e0 [ 303.619739][ T9006] kmsan_internal_check_memory+0x358/0x3d0 [ 303.625555][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.631344][ T9006] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 303.637404][ T9006] kmsan_handle_dma+0x9f/0xb0 [ 303.642070][ T9006] virtqueue_add+0x46db/0x70f0 [ 303.646823][ T9006] ? mempool_alloc_slab+0x66/0xc0 [ 303.651838][ T9006] ? mempool_free+0x430/0x430 [ 303.656516][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.661847][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.667743][ T9006] virtqueue_add_sgs+0x319/0x330 [ 303.673036][ T9006] virtscsi_add_cmd+0x888/0xb20 [ 303.678072][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.683260][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.689315][ T9006] virtscsi_queuecommand+0xe72/0x1080 [ 303.694707][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.700510][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.705764][ T9006] ? virtscsi_init+0x1220/0x1220 [ 303.710959][ T9006] scsi_queue_rq+0x3eb7/0x4b00 [ 303.715731][ T9006] ? scsi_vpd_tpg_id+0x3e0/0x3e0 [ 303.721102][ T9006] blk_mq_dispatch_rq_list+0x931/0x3430 [ 303.726725][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.732955][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.738753][ T9006] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 303.745019][ T9006] ? __msan_metadata_ptr_for_load_4+0x20/0x20 [ 303.751087][ T9006] blk_mq_do_dispatch_sched+0x609/0x880 [ 303.756651][ T9006] __blk_mq_sched_dispatch_requests+0x60e/0x8f0 [ 303.762881][ T9006] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 303.769031][ T9006] ? rb_insert_color+0xbbe/0x1180 [ 303.774477][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.779760][ T9006] blk_mq_sched_dispatch_requests+0x15d/0x2d0 [ 303.785818][ T9006] __blk_mq_run_hw_queue+0x171/0x3a0 [ 303.791181][ T9006] __blk_mq_delay_run_hw_queue+0x15d/0x6a0 [ 303.797094][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.802299][ T9006] blk_mq_run_hw_queue+0x4ac/0x670 [ 303.807411][ T9006] blk_mq_sched_insert_requests+0x496/0x640 [ 303.814109][ T9006] blk_mq_flush_plug_list+0xb21/0xca0 [ 303.819768][ T9006] blk_flush_plug_list+0x72f/0x7b0 [ 303.825427][ T9006] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 303.831846][ T9006] blk_finish_plug+0xa0/0xd0 [ 303.836436][ T9006] ext4_writepages+0x59d0/0x64c0 [ 303.841507][ T9006] ? ext4_readpage+0x3e0/0x3e0 [ 303.846278][ T9006] do_writepages+0x143/0x400 [ 303.850858][ T9006] ? kmsan_get_metadata+0x11d/0x180 [ 303.856135][ T9006] __filemap_fdatawrite_range+0x53b/0x5b0 [ 303.862547][ T9006] filemap_flush+0x66/0x70 [ 303.866953][ T9006] ext4_alloc_da_blocks+0x22d/0x290 [ 303.872403][ T9006] ext4_release_file+0xa0/0x3e0 [ 303.877430][ T9006] ? ext4_file_open+0xb50/0xb50 [ 303.882540][ T9006] __fput+0x4ae/0xb80 [ 303.886516][ T9006] ____fput+0x37/0x40 [ 303.890483][ T9006] ? fput_many+0x2a0/0x2a0 [ 303.894888][ T9006] task_work_run+0x1ee/0x2d0 [ 303.899473][ T9006] __prepare_exit_to_usermode+0x422/0x4d0 [ 303.905189][ T9006] __syscall_return_slowpath+0x89/0x5b0 [ 303.910722][ T9006] ? kmsan_get_metadata+0x4f/0x180 [ 303.915824][ T9006] __do_fast_syscall_32+0x303/0x400 [ 303.921037][ T9006] do_fast_syscall_32+0x6b/0xd0 [ 303.925913][ T9006] do_SYSENTER_32+0x73/0x90 [ 303.930413][ T9006] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 303.936724][ T9006] RIP: 0023:0xf7faf549 [ 303.940782][ T9006] Code: Bad RIP value. [ 303.944919][ T9006] RSP: 002b:00000000ff8ca1dc EFLAGS: 00000296 ORIG_RAX: 0000000000000006 [ 303.953515][ T9006] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000000000 [ 303.961488][ T9006] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000 [ 303.969588][ T9006] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 303.977904][ T9006] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 303.985876][ T9006] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 303.995533][ T9006] Kernel Offset: 0x20200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 304.009745][ T9006] Rebooting in 86400 seconds..