[[0;32m  OK  [0m] Started System Logging Service.
[[0;32m  OK  [0m] Found device /dev/ttyS0.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.

Debian GNU/Linux 9 syzkaller ttyS0

syzkaller login: [   77.013812][ T8106] sshd (8106) used greatest stack depth: 3904 bytes left
Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts.
2020/07/21 14:27:18 fuzzer started
2020/07/21 14:27:18 dialing manager at 10.128.0.26:45469
2020/07/21 14:27:18 syscalls: 3113
2020/07/21 14:27:18 code coverage: enabled
2020/07/21 14:27:18 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2020/07/21 14:27:18 extra coverage: enabled
2020/07/21 14:27:18 setuid sandbox: enabled
2020/07/21 14:27:18 namespace sandbox: enabled
2020/07/21 14:27:18 Android sandbox: enabled
2020/07/21 14:27:18 fault injection: enabled
2020/07/21 14:27:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/07/21 14:27:18 net packet injection: enabled
2020/07/21 14:27:18 net device setup: enabled
2020/07/21 14:27:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/07/21 14:27:18 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/07/21 14:27:18 USB emulation: /dev/raw-gadget does not exist
14:29:40 executing program 0:
socket(0x40000000002, 0x3, 0x2)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @empty}, @address_request={0x11, 0x6}}}}}, 0x0)

[  242.633108][   T32] audit: type=1400 audit(1595341780.588:8): avc:  denied  { execmem } for  pid=8463 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  242.970853][ T8464] IPVS: ftp: loaded support on port[0] = 21
[  243.276415][ T8464] chnl_net:caif_netlink_parms(): no params data found
[  243.574357][ T8464] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.582538][ T8464] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.591990][ T8464] device bridge_slave_0 entered promiscuous mode
[  243.607018][ T8464] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.614589][ T8464] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.624008][ T8464] device bridge_slave_1 entered promiscuous mode
[  243.677706][ T8464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.693863][ T8464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  243.747857][ T8464] team0: Port device team_slave_0 added
[  243.759671][ T8464] team0: Port device team_slave_1 added
[  243.803848][ T8464] batman_adv: batadv0: Adding interface: batadv_slave_0
[  243.810883][ T8464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  243.838358][ T8464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  243.854552][ T8464] batman_adv: batadv0: Adding interface: batadv_slave_1
[  243.862263][ T8464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  243.888346][ T8464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  244.014748][ T8464] device hsr_slave_0 entered promiscuous mode
[  244.052639][ T8464] device hsr_slave_1 entered promiscuous mode
[  244.472296][ T8464] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  244.502646][ T8464] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  244.557704][ T8464] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  244.630256][ T8464] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  244.843842][ T8464] 8021q: adding VLAN 0 to HW filter on device bond0
[  244.877601][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  244.888117][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  244.908290][ T8464] 8021q: adding VLAN 0 to HW filter on device team0
[  244.939995][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  244.949963][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  244.959517][ T4616] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.966833][ T4616] bridge0: port 1(bridge_slave_0) entered forwarding state
[  245.049806][ T8464] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  245.060383][ T8464] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  245.076838][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  245.086251][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  245.096028][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  245.105899][ T4616] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.115252][ T4616] bridge0: port 2(bridge_slave_1) entered forwarding state
[  245.124186][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  245.135000][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  245.145698][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  245.156226][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  245.166374][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  245.176899][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  245.187018][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  245.196708][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  245.207021][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  245.216686][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  245.237170][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  245.246865][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  245.282196][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  245.289851][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  245.320104][ T8464] 8021q: adding VLAN 0 to HW filter on device batadv0
[  245.373185][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  245.383852][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  245.436033][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  245.446146][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  245.466927][ T8464] device veth0_vlan entered promiscuous mode
[  245.483169][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  245.492495][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  245.510207][ T8464] device veth1_vlan entered promiscuous mode
[  245.570997][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  245.581055][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  245.590473][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  245.600415][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  245.619182][ T8464] device veth0_macvtap entered promiscuous mode
[  245.637870][ T8464] device veth1_macvtap entered promiscuous mode
[  245.682386][ T8464] batman_adv: batadv0: Interface activated: batadv_slave_0
[  245.690175][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  245.702881][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  245.712383][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  245.722445][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  245.747101][ T8464] batman_adv: batadv0: Interface activated: batadv_slave_1
[  245.782523][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  245.792586][ T2316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
14:29:44 executing program 0:
r0 = socket(0x22, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000b80)={0x0, 0x0, 0x0}, 0x1)

14:29:44 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = fcntl$dupfd(r3, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = dup(r1)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000bc0)=ANY=[@ANYBLOB="6d616e676c65000000010000000079a3efc594a601d0000000000000000000001f0000000600000010040000e002000038020000800100003802000038020000780300007803000078030000780300007803000006000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000020000000000e70000000000000000000000000000000000c000e80000000000000000000000010000000000000000002800727066696c74657200000000000000000000000000000000000000000000000100d20000000028007365740000eeff91f5a95a0000000000000000b1bc0000000000000000010000000000000000280054544c00e4ffffff000000000000001700000000000000000000000000000000000000000000000000000000000000000000000000000000000080f2ffffffffffffff0000000000000000000000000000000000000000000004000000000400000000000000000000000000edb6c16f2553f82fffffff000000000000007000980000000000000000000000000000000000000000002800445343500000001100000000000000000000000000ae5147489b0800000000000000000000abe0000002ec1414aa01040000090000000000000000000000160000000000000065727305006e3000000000719bdf0202230e000000000000000000000033000000000000000400000000000000000000004e0000040000007000b80000000000000000000000000000200000000000004800544545000000000008000000000006f4bc8100000000d0001f0700000001ff0200000000000000000000000000416772023000000000000000000000000000000000006e0900000000000000000000000000000000000000000000000000000000001a000000000000000000000000005c00000000000000000000000000f8000000000000000000000000290000000000000000000000000004000000007000a8000080000d00000000000000000000000000000000380053455400000000000000000003000000000000000f00000000000000000300000400000000000000030000e7d368fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000f2ffffff000f00007474ffffff0000ff00008000000000000000000000000000000500000000000000070000f20000000000822170009800000000000000000000f3ff00ff07000000000000280054544c00000000c3587ab1f453b570000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000c00000000000000000000000000000000000000280000000004000700008000000000000000000000000000ffffffe400560000feffffff"], 0x1)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000040)=0x32, 0x4)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)

14:29:45 executing program 0:
r0 = socket(0x18, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0x18, 0x1}, 0xc)

14:29:45 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x5)
shutdown(r2, 0x0)

14:29:45 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000540)=ANY=[@ANYBLOB="66696c746572000000ffffffffee23000000eaffe5ffffffffff0000000000000e00000004000000800300000801000000000000d8010000d8010000d8e5ffffaf020000b0020000b0020000b0020000b002000004000000edfbffffffffffff00000000000000ecff0000ff1500001ab74a075eddb91b000000000000edffffffffffffff000400000000000000001000000000000000008000000000b29a4e87b093aed100000200000000000000000000000000000000000000ddffff194adafbb6000000000000000000000000000000001a140000000000080000000000000000000000000400000000a8000801000000ecfffff605d7e363d47faf000000000000000000006000484d41524b00000040000000000000000001000006000000000000000000ff0100000000faff83a10000000600e50000400000000004003f650000000000000000000000ed000001000000000000008e7ea9570000000000000000000000fe92ec64ab0303f146000000001b7f5c0b8800000001010000000000000000010000000000af00030000000000f6d86e277672af04f20000000000010000000005f93f0000000000000000000000000600657464657673696d300000000000000000000000231b000000000000000000000000000000000008d62744c200f9ffffff00000000000000000000a800d000000700002200000000000000000000088100000000000000280052454a4543540000dfb70000000000000000000004000000000000000000ef0000000000f0ff000000000000000000000000ff0773000000000000000100000000000000000000000000000000000000000200000000000000000d00000000000000000000000000000004000000000000000000ffff000000000000000000009a94000000000000000000001d000000000000000000000000000000000000000000000c0000000000000000000700044442a800d800000000010000000000000d00000000000000000000400000300053455400000000001b15020000000000000000b041d2c600001100000002000006000000060600000000910082000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010a800d00000c7070000000000000008008cd80000000000000000000128000000000000000000cd000000000000000000000000000000000000000000feffffff"], 0x1)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00')
sendfile(r1, r2, 0x0, 0xa808)

[  247.616027][ T8708] =====================================================
[  247.623020][ T8708] BUG: KMSAN: uninit-value in __nf_ct_try_assign_helper+0xfbc/0xfe0
[  247.631011][ T8708] CPU: 0 PID: 8708 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0
[  247.639597][ T8708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  247.649653][ T8708] Call Trace:
[  247.652958][ T8708]  dump_stack+0x1df/0x240
[  247.657309][ T8708]  kmsan_report+0xf7/0x1e0
[  247.661750][ T8708]  __msan_warning+0x58/0xa0
[  247.666276][ T8708]  __nf_ct_try_assign_helper+0xfbc/0xfe0
[  247.671947][ T8708]  init_conntrack+0x1482/0x1ff0
[  247.676852][ T8708]  nf_conntrack_in+0x1341/0x26b1
[  247.681855][ T8708]  ipv6_conntrack_local+0x68/0x80
[  247.686912][ T8708]  ? ipv6_conntrack_in+0x80/0x80
[  247.691871][ T8708]  nf_hook_slow+0x16e/0x400
[  247.696407][ T8708]  __ip6_local_out+0x56d/0x750
[  247.701197][ T8708]  ? __ip6_local_out+0x750/0x750
[  247.706147][ T8708]  ip6_local_out+0xa4/0x1d0
[  247.710678][ T8708]  ip6_push_pending_frames+0x213/0x4f0
[  247.716168][ T8708]  rawv6_sendmsg+0x4233/0x5c30
[  247.720969][ T8708]  ? kmsan_get_metadata+0x11d/0x180
[  247.726311][ T8708]  ? tomoyo_socket_sendmsg_permission+0x41c/0x4a0
[  247.732747][ T8708]  ? kmsan_get_metadata+0x11d/0x180
[  247.737960][ T8708]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  247.743792][ T8708]  ? udp_cmsg_send+0x5d0/0x5d0
[  247.748565][ T8708]  ? compat_rawv6_ioctl+0x100/0x100
[  247.753774][ T8708]  inet_sendmsg+0x2d8/0x2e0
[  247.758297][ T8708]  ? inet_send_prepare+0x600/0x600
[  247.763439][ T8708]  kernel_sendmsg+0x384/0x440
[  247.768146][ T8708]  sock_no_sendpage+0x235/0x300
[  247.773059][ T8708]  ? sock_no_mmap+0x30/0x30
[  247.777576][ T8708]  sock_sendpage+0x1e1/0x2c0
[  247.782194][ T8708]  pipe_to_sendpage+0x38c/0x4c0
[  247.787064][ T8708]  ? sock_fasync+0x250/0x250
[  247.791682][ T8708]  __splice_from_pipe+0x565/0xf00
[  247.796727][ T8708]  ? generic_splice_sendpage+0x2d0/0x2d0
[  247.802423][ T8708]  generic_splice_sendpage+0x1d5/0x2d0
[  247.807920][ T8708]  ? iter_file_splice_write+0x1800/0x1800
[  247.813651][ T8708]  direct_splice_actor+0x1fd/0x580
[  247.818811][ T8708]  ? kmsan_get_metadata+0x4f/0x180
[  247.823943][ T8708]  splice_direct_to_actor+0x6b2/0xf50
[  247.829329][ T8708]  ? do_splice_direct+0x580/0x580
[  247.834400][ T8708]  do_splice_direct+0x342/0x580
[  247.839342][ T8708]  do_sendfile+0x101b/0x1d40
[  247.843988][ T8708]  __se_compat_sys_sendfile+0x301/0x3c0
[  247.849554][ T8708]  ? kmsan_get_metadata+0x11d/0x180
[  247.854757][ T8708]  ? __ia32_sys_sendfile64+0x70/0x70
[  247.860050][ T8708]  __ia32_compat_sys_sendfile+0x56/0x70
[  247.865612][ T8708]  __do_fast_syscall_32+0x2aa/0x400
[  247.870833][ T8708]  do_fast_syscall_32+0x6b/0xd0
[  247.875702][ T8708]  do_SYSENTER_32+0x73/0x90
[  247.880220][ T8708]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  247.886549][ T8708] RIP: 0023:0xf7f5f549
[  247.890608][ T8708] Code: Bad RIP value.
[  247.894671][ T8708] RSP: 002b:00000000f5d5a0cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  247.903083][ T8708] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000005
[  247.911054][ T8708] RDX: 0000000000000000 RSI: 000000000000a808 RDI: 0000000000000000
[  247.919023][ T8708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  247.927014][ T8708] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  247.934988][ T8708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  247.942977][ T8708] 
[  247.945300][ T8708] Uninit was stored to memory at:
[  247.950332][ T8708]  kmsan_internal_chain_origin+0xad/0x130
[  247.956057][ T8708]  kmsan_memcpy_memmove_metadata+0x272/0x2e0
[  247.962036][ T8708]  kmsan_memcpy_metadata+0xb/0x10
[  247.967061][ T8708]  __msan_memcpy+0x43/0x50
[  247.971476][ T8708]  __nf_conntrack_alloc+0x237/0x6e0
[  247.976673][ T8708]  init_conntrack+0x3ac/0x1ff0
[  247.981438][ T8708]  nf_conntrack_in+0x1341/0x26b1
[  247.986376][ T8708]  ipv6_conntrack_local+0x68/0x80
[  247.991406][ T8708]  nf_hook_slow+0x16e/0x400
[  247.995926][ T8708]  __ip6_local_out+0x56d/0x750
[  248.000693][ T8708]  ip6_local_out+0xa4/0x1d0
[  248.005200][ T8708]  ip6_push_pending_frames+0x213/0x4f0
[  248.010661][ T8708]  rawv6_sendmsg+0x4233/0x5c30
[  248.015430][ T8708]  inet_sendmsg+0x2d8/0x2e0
[  248.019935][ T8708]  kernel_sendmsg+0x384/0x440
[  248.024610][ T8708]  sock_no_sendpage+0x235/0x300
[  248.029467][ T8708]  sock_sendpage+0x1e1/0x2c0
[  248.034066][ T8708]  pipe_to_sendpage+0x38c/0x4c0
[  248.038919][ T8708]  __splice_from_pipe+0x565/0xf00
[  248.043946][ T8708]  generic_splice_sendpage+0x1d5/0x2d0
[  248.049416][ T8708]  direct_splice_actor+0x1fd/0x580
[  248.054527][ T8708]  splice_direct_to_actor+0x6b2/0xf50
[  248.059902][ T8708]  do_splice_direct+0x342/0x580
[  248.064753][ T8708]  do_sendfile+0x101b/0x1d40
[  248.069339][ T8708]  __se_compat_sys_sendfile+0x301/0x3c0
[  248.074891][ T8708]  __ia32_compat_sys_sendfile+0x56/0x70
[  248.080438][ T8708]  __do_fast_syscall_32+0x2aa/0x400
[  248.085641][ T8708]  do_fast_syscall_32+0x6b/0xd0
[  248.090492][ T8708]  do_SYSENTER_32+0x73/0x90
[  248.094998][ T8708]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  248.101311][ T8708] 
[  248.103636][ T8708] Uninit was stored to memory at:
[  248.108659][ T8708]  kmsan_internal_chain_origin+0xad/0x130
[  248.114373][ T8708]  __msan_chain_origin+0x50/0x90
[  248.119313][ T8708]  nf_ct_invert_tuple+0x554/0x590
[  248.124341][ T8708]  init_conntrack+0x116/0x1ff0
[  248.129104][ T8708]  nf_conntrack_in+0x1341/0x26b1
[  248.134046][ T8708]  ipv6_conntrack_local+0x68/0x80
[  248.139188][ T8708]  nf_hook_slow+0x16e/0x400
[  248.143714][ T8708]  __ip6_local_out+0x56d/0x750
[  248.148479][ T8708]  ip6_local_out+0xa4/0x1d0
[  248.152984][ T8708]  ip6_push_pending_frames+0x213/0x4f0
[  248.158444][ T8708]  rawv6_sendmsg+0x4233/0x5c30
[  248.163214][ T8708]  inet_sendmsg+0x2d8/0x2e0
[  248.167720][ T8708]  kernel_sendmsg+0x384/0x440
[  248.172396][ T8708]  sock_no_sendpage+0x235/0x300
[  248.177248][ T8708]  sock_sendpage+0x1e1/0x2c0
[  248.181841][ T8708]  pipe_to_sendpage+0x38c/0x4c0
[  248.186697][ T8708]  __splice_from_pipe+0x565/0xf00
[  248.191721][ T8708]  generic_splice_sendpage+0x1d5/0x2d0
[  248.197181][ T8708]  direct_splice_actor+0x1fd/0x580
[  248.202295][ T8708]  splice_direct_to_actor+0x6b2/0xf50
[  248.207668][ T8708]  do_splice_direct+0x342/0x580
[  248.212521][ T8708]  do_sendfile+0x101b/0x1d40
[  248.217109][ T8708]  __se_compat_sys_sendfile+0x301/0x3c0
[  248.222656][ T8708]  __ia32_compat_sys_sendfile+0x56/0x70
[  248.228206][ T8708]  __do_fast_syscall_32+0x2aa/0x400
[  248.233412][ T8708]  do_fast_syscall_32+0x6b/0xd0
[  248.238264][ T8708]  do_SYSENTER_32+0x73/0x90
[  248.242770][ T8708]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  248.249082][ T8708] 
[  248.251406][ T8708] Uninit was stored to memory at:
[  248.256436][ T8708]  kmsan_internal_chain_origin+0xad/0x130
[  248.262174][ T8708]  __msan_chain_origin+0x50/0x90
[  248.267111][ T8708]  nf_ct_get_tuple+0x1280/0x1530
[  248.272050][ T8708]  nf_conntrack_in+0x6e0/0x26b1
[  248.276905][ T8708]  ipv6_conntrack_local+0x68/0x80
[  248.281930][ T8708]  nf_hook_slow+0x16e/0x400
[  248.286437][ T8708]  __ip6_local_out+0x56d/0x750
[  248.291215][ T8708]  ip6_local_out+0xa4/0x1d0
[  248.295720][ T8708]  ip6_push_pending_frames+0x213/0x4f0
[  248.301183][ T8708]  rawv6_sendmsg+0x4233/0x5c30
[  248.305948][ T8708]  inet_sendmsg+0x2d8/0x2e0
[  248.310451][ T8708]  kernel_sendmsg+0x384/0x440
[  248.315129][ T8708]  sock_no_sendpage+0x235/0x300
[  248.319983][ T8708]  sock_sendpage+0x1e1/0x2c0
[  248.324582][ T8708]  pipe_to_sendpage+0x38c/0x4c0
[  248.329431][ T8708]  __splice_from_pipe+0x565/0xf00
[  248.334456][ T8708]  generic_splice_sendpage+0x1d5/0x2d0
[  248.339912][ T8708]  direct_splice_actor+0x1fd/0x580
[  248.345023][ T8708]  splice_direct_to_actor+0x6b2/0xf50
[  248.350395][ T8708]  do_splice_direct+0x342/0x580
[  248.355248][ T8708]  do_sendfile+0x101b/0x1d40
[  248.359837][ T8708]  __se_compat_sys_sendfile+0x301/0x3c0
[  248.365388][ T8708]  __ia32_compat_sys_sendfile+0x56/0x70
[  248.370936][ T8708]  __do_fast_syscall_32+0x2aa/0x400
[  248.376135][ T8708]  do_fast_syscall_32+0x6b/0xd0
[  248.380988][ T8708]  do_SYSENTER_32+0x73/0x90
[  248.385491][ T8708]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  248.391802][ T8708] 
[  248.394124][ T8708] Uninit was stored to memory at:
[  248.399150][ T8708]  kmsan_internal_chain_origin+0xad/0x130
[  248.404875][ T8708]  kmsan_memcpy_memmove_metadata+0x272/0x2e0
[  248.410854][ T8708]  kmsan_memcpy_metadata+0xb/0x10
[  248.415889][ T8708]  __msan_memcpy+0x43/0x50
[  248.420308][ T8708]  csum_partial_copy+0xae/0x100
[  248.425158][ T8708]  csum_and_copy_from_iter_full+0xdca/0x1800
[  248.431138][ T8708]  ip_generic_getfrag+0x1fb/0x3c0
[  248.436164][ T8708]  raw6_getfrag+0x552/0x600
[  248.440670][ T8708]  __ip6_append_data+0x507b/0x6320
[  248.445782][ T8708]  ip6_append_data+0x3cb/0x660
[  248.450560][ T8708]  rawv6_sendmsg+0x32bb/0x5c30
[  248.455336][ T8708]  inet_sendmsg+0x2d8/0x2e0
[  248.459850][ T8708]  kernel_sendmsg+0x384/0x440
[  248.464539][ T8708]  sock_no_sendpage+0x235/0x300
[  248.469409][ T8708]  sock_sendpage+0x1e1/0x2c0
[  248.474033][ T8708]  pipe_to_sendpage+0x38c/0x4c0
[  248.478892][ T8708]  __splice_from_pipe+0x565/0xf00
[  248.483918][ T8708]  generic_splice_sendpage+0x1d5/0x2d0
[  248.489381][ T8708]  direct_splice_actor+0x1fd/0x580
[  248.494499][ T8708]  splice_direct_to_actor+0x6b2/0xf50
[  248.499879][ T8708]  do_splice_direct+0x342/0x580
[  248.504732][ T8708]  do_sendfile+0x101b/0x1d40
[  248.509323][ T8708]  __se_compat_sys_sendfile+0x301/0x3c0
[  248.514873][ T8708]  __ia32_compat_sys_sendfile+0x56/0x70
[  248.520424][ T8708]  __do_fast_syscall_32+0x2aa/0x400
[  248.525628][ T8708]  do_fast_syscall_32+0x6b/0xd0
[  248.530482][ T8708]  do_SYSENTER_32+0x73/0x90
[  248.534989][ T8708]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  248.541321][ T8708] 
[  248.543643][ T8708] Uninit was created at:
[  248.547893][ T8708]  kmsan_save_stack_with_flags+0x3c/0x90
[  248.553545][ T8708]  kmsan_alloc_page+0xb9/0x180
[  248.558324][ T8708]  __alloc_pages_nodemask+0x56a2/0x5dc0
[  248.563878][ T8708]  alloc_pages_current+0x672/0x990
[  248.568985][ T8708]  push_pipe+0x605/0xb70
[  248.573227][ T8708]  iov_iter_get_pages_alloc+0x18a9/0x21c0
[  248.578943][ T8708]  do_splice_to+0x4fc/0x14f0
[  248.583534][ T8708]  splice_direct_to_actor+0x45c/0xf50
[  248.588905][ T8708]  do_splice_direct+0x342/0x580
[  248.593760][ T8708]  do_sendfile+0x101b/0x1d40
[  248.598349][ T8708]  __se_compat_sys_sendfile+0x301/0x3c0
[  248.603897][ T8708]  __ia32_compat_sys_sendfile+0x56/0x70
[  248.609444][ T8708]  __do_fast_syscall_32+0x2aa/0x400
[  248.614647][ T8708]  do_fast_syscall_32+0x6b/0xd0
[  248.619516][ T8708]  do_SYSENTER_32+0x73/0x90
[  248.624024][ T8708]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  248.630342][ T8708] =====================================================
[  248.637265][ T8708] Disabling lock debugging due to kernel taint
[  248.643411][ T8708] Kernel panic - not syncing: panic_on_warn set ...
[  248.650011][ T8708] CPU: 0 PID: 8708 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  248.659977][ T8708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  248.670028][ T8708] Call Trace:
[  248.673327][ T8708]  dump_stack+0x1df/0x240
[  248.677675][ T8708]  panic+0x3d5/0xc3e
[  248.681625][ T8708]  kmsan_report+0x1df/0x1e0
[  248.686145][ T8708]  __msan_warning+0x58/0xa0
[  248.690666][ T8708]  __nf_ct_try_assign_helper+0xfbc/0xfe0
[  248.696332][ T8708]  init_conntrack+0x1482/0x1ff0
[  248.701242][ T8708]  nf_conntrack_in+0x1341/0x26b1
[  248.706234][ T8708]  ipv6_conntrack_local+0x68/0x80
[  248.711270][ T8708]  ? ipv6_conntrack_in+0x80/0x80
[  248.716219][ T8708]  nf_hook_slow+0x16e/0x400
[  248.720746][ T8708]  __ip6_local_out+0x56d/0x750
[  248.725533][ T8708]  ? __ip6_local_out+0x750/0x750
[  248.730492][ T8708]  ip6_local_out+0xa4/0x1d0
[  248.735014][ T8708]  ip6_push_pending_frames+0x213/0x4f0
[  248.740515][ T8708]  rawv6_sendmsg+0x4233/0x5c30
[  248.745299][ T8708]  ? kmsan_get_metadata+0x11d/0x180
[  248.750548][ T8708]  ? tomoyo_socket_sendmsg_permission+0x41c/0x4a0
[  248.756991][ T8708]  ? kmsan_get_metadata+0x11d/0x180
[  248.762197][ T8708]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  248.768028][ T8708]  ? udp_cmsg_send+0x5d0/0x5d0
[  248.772799][ T8708]  ? compat_rawv6_ioctl+0x100/0x100
[  248.778004][ T8708]  inet_sendmsg+0x2d8/0x2e0
[  248.782526][ T8708]  ? inet_send_prepare+0x600/0x600
[  248.787645][ T8708]  kernel_sendmsg+0x384/0x440
[  248.792364][ T8708]  sock_no_sendpage+0x235/0x300
[  248.797267][ T8708]  ? sock_no_mmap+0x30/0x30
[  248.801780][ T8708]  sock_sendpage+0x1e1/0x2c0
[  248.806397][ T8708]  pipe_to_sendpage+0x38c/0x4c0
[  248.811256][ T8708]  ? sock_fasync+0x250/0x250
[  248.815881][ T8708]  __splice_from_pipe+0x565/0xf00
[  248.820918][ T8708]  ? generic_splice_sendpage+0x2d0/0x2d0
[  248.826591][ T8708]  generic_splice_sendpage+0x1d5/0x2d0
[  248.832073][ T8708]  ? iter_file_splice_write+0x1800/0x1800
[  248.837802][ T8708]  direct_splice_actor+0x1fd/0x580
[  248.842932][ T8708]  ? kmsan_get_metadata+0x4f/0x180
[  248.848061][ T8708]  splice_direct_to_actor+0x6b2/0xf50
[  248.853441][ T8708]  ? do_splice_direct+0x580/0x580
[  248.858514][ T8708]  do_splice_direct+0x342/0x580
[  248.863399][ T8708]  do_sendfile+0x101b/0x1d40
[  248.868036][ T8708]  __se_compat_sys_sendfile+0x301/0x3c0
[  248.873603][ T8708]  ? kmsan_get_metadata+0x11d/0x180
[  248.878805][ T8708]  ? __ia32_sys_sendfile64+0x70/0x70
[  248.884101][ T8708]  __ia32_compat_sys_sendfile+0x56/0x70
[  248.889655][ T8708]  __do_fast_syscall_32+0x2aa/0x400
[  248.894882][ T8708]  do_fast_syscall_32+0x6b/0xd0
[  248.899747][ T8708]  do_SYSENTER_32+0x73/0x90
[  248.904259][ T8708]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  248.910583][ T8708] RIP: 0023:0xf7f5f549
[  248.914643][ T8708] Code: Bad RIP value.
[  248.918706][ T8708] RSP: 002b:00000000f5d5a0cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  248.927118][ T8708] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000005
[  248.935092][ T8708] RDX: 0000000000000000 RSI: 000000000000a808 RDI: 0000000000000000
[  248.943064][ T8708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  248.951037][ T8708] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  248.959011][ T8708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  248.968098][ T8708] Kernel Offset: 0xe800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  248.979657][ T8708] Rebooting in 86400 seconds..