[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 84.324137][ T31] audit: type=1800 audit(1568317455.393:25): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 84.348083][ T31] audit: type=1800 audit(1568317455.413:26): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 84.403114][ T31] audit: type=1800 audit(1568317455.443:27): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. 2019/09/12 19:44:28 fuzzer started 2019/09/12 19:44:32 dialing manager at 10.128.0.26:34915 2019/09/12 19:44:32 syscalls: 2376 2019/09/12 19:44:32 code coverage: enabled 2019/09/12 19:44:32 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/09/12 19:44:32 extra coverage: enabled 2019/09/12 19:44:32 setuid sandbox: enabled 2019/09/12 19:44:32 namespace sandbox: enabled 2019/09/12 19:44:32 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/12 19:44:32 fault injection: enabled 2019/09/12 19:44:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/12 19:44:32 net packet injection: enabled 2019/09/12 19:44:32 net device setup: enabled 19:47:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB="73797a30a99916007ef67a31a8bddf3b8a527c4ae452d5ea7461d017429d9ced80e034febfd165004b8ff158ee05f30a7e328c53f81e373ae72adeb533bf3d516c6b462481f8515e6bff9b123b175668d564bb7bd3e5fb3254e7de44194664ef6e7f9dd775d5a65b1ee873ec4a3e91a9a61c38f3470c5fdf61bce340ef5001de7a5f8f7004dd33e4e5df6fdb9ace582b2db9a73f3f30a631796fd2cfabb9b5226dd7492a1c44d71026077d82d01c8a72908236e71f86fc0fe64e697f9466eb6d7f32b60207291da14fe2ee788c05aee3cd750ebfa7274cf3e7d187b3fddf483fe7bfc4f7c5645cae1d10280e6760e237c5c4c58b6aab3e2c5c840e07870956cf4a699d0481e868fa32a75fde0676b88440704d2cd957130e2bfbd7d965b937d29c653805e5f876d7326e6aa0a24e457b25997d6c171eb929317d398ee2b81f406c76209775ac34fec115f031ec8a041a1dea8496d33c6d1f339a6788075ca96d0e89170c1e09cde578469909c320cbf62e86f785145b30cf97fb1a1b77e2c1d65c7e81324c9321272655dfb9495defdb7a4e654f2d3530b3796a6323e4ce5adcb0e208593f257f72c49dd1b777ea454f9c1f547db18aed7e1ad43bb63b0a431112e8dda69498a648042a86bb1a9ee3eb2e73e05b3e8d48c7aab0f06b875bad59799d0985b18459b8b8464420af3cdbb866ff3a0b6c6efe5e67613bcb2ba3baa46fbfdc4355f917055d9623483eb24b6f3fe644fabb84b7f891ea540b02dfc3126b1d820f9cf43a54a71d1efb6ba878bb0397db842c85cc9bdf283bdb4c5c4d591f5599509c1907008ebe8be2ca1c7fdc13330d78c7d4a7eddf653d57af5a044dfd108a2d2fea3ceb15adcc1046e69834c08ad4fc5ff3f34247495ddca75f0d4bd66384b6577a5b7c5f885408206bed4009e8d1795183ce0952050a127986af5c47c072e6477f939cb2147c9e3b3b3630416c5ddc3f3a58d359a2e2ebfddcdab3cf39f6ca5357e50b668ec186f4cdb4e92d4bdb25b2f3780704e76a750b1c7d5e4abde4e53972712ea6198c8b3adf87db132125c77fe1b5d2288a15f0da655f4890af295750437f2465e5e30ce7b6154a26a6a6fcca5209fe53c715b8ae2a1fcaa2f5e94c24d82607e37f63e011b0c2908779dc2a37e9e722252fd01cdab4e85f7ac78fa1e88833eaab0737a33c2e94121ee4e003fcdb4564849cc612eb20ebc946b0378f6130ceda953e4343cd68df45bd4a3d638542f968e7ed8632c97db9359af990baf4d6cb26b0b1ea002becdb32e554cf9cd410a38cf9981736c040ac59b72980472686828f1e4236f79d7da1cd46cb574622b49fc7371a9d83fae5a944ba59797be50d1fd01af3aca50bc9d2083ac6bf0b2583277c0781aa3969b6a41067af7e28b8d41b9f5de4a0b3d3fbf7f8acb00c111a6a25eb98093d715995bc38bd1b7a64edff53796ff9428dda1fb4fc67e42ddae13dc29af9a19c1e172ac72833034c3b95719b0d28da83305791154d3e835127d96da0d0b7d3ebea3cbe093c2d91fe8eaf90a19f696a4f7f59b56d4f5eb5d3fb10e7e79b4be7d36246f6d304d1fa2836fd13e0a3faa8e405c437902bb08aabf31418285fc5e94a4623907a4a62405ad957bf97a08506e8f2db4239bdcc757dbc40c071ab4fec8c365d7846fb887fa56cb5db11314b857ae1523f1cbf8cc4a2471ccd7361f55b99e652a2d59fddd1f986305fa0b574032be36a921969cf8e55d96fd94f671a78d053051915a96bbf7c1685800086055b89caa456f6adf83929d0ac87dd6da467f6193a82573fb91f965390ae06d8ff15a878ac90c5fea41af7ba9e46d3ad1c52e53f69b4d383365eaf8031c7482928bb2790ebcb13f5740e29ff2e0d78a0f4934f8f4cd4f0600a22688a994b9b46ea445f26cac4991d5e52597e6f6462ca2a7e5a2ae4b8fefdfe880c233f8f0b4c812ff4ba185c41f9aa78f6f3890612346b1060922fe402332199d6d0cc3a200bdf28ca5cf6e62102c33f6a91c23fe2bdcf5522c3a6c3a1b3845c17664574aa1db3868fc965f28b64e06882a147fb3f96ce129766023e096270c4540377eaa809a0399e674e31e788ea1b34dae1cf7ec929c887a2fb36f46124c8b363604949af3affff180479fb40e14cfbfe3b5b5127290dfa1f1c92490b51b0aed779804f562e16fbb0db5f9397dc4f9d0a1065b9072f753df29d99a25d55d57f571e95ddc7be17eda1c9f7f1273cbd0e49f569d404594450aad2f4904790db7ba5f236e1d34aacd6849446238a44cd9c10173483f4be36345028b5b8bc87fc5738d9b7477dc3ded2c36c0c344a99b466e22c62ee60012a05ee1d4d0be5e08474fdf6b38b6424133b0fee40b724453240b672c1b03d6c0bd8df"], 0x69c) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, &(0x7f0000000480)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, &(0x7f0000000000)=0x80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syzkaller login: [ 261.786718][T12205] IPVS: ftp: loaded support on port[0] = 21 [ 261.933039][T12205] chnl_net:caif_netlink_parms(): no params data found [ 261.994408][T12205] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.001668][T12205] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.010821][T12205] device bridge_slave_0 entered promiscuous mode [ 262.021355][T12205] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.028681][T12205] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.037481][T12205] device bridge_slave_1 entered promiscuous mode [ 262.072894][T12205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 262.086562][T12205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 262.121535][T12205] team0: Port device team_slave_0 added [ 262.131543][T12205] team0: Port device team_slave_1 added [ 262.240116][T12205] device hsr_slave_0 entered promiscuous mode [ 262.483229][T12205] device hsr_slave_1 entered promiscuous mode [ 262.734193][T12205] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.741490][T12205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.749450][T12205] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.757364][T12205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.838966][T12205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 262.859685][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 262.872877][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.884074][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.898863][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 262.921972][T12205] 8021q: adding VLAN 0 to HW filter on device team0 [ 262.941232][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 262.951477][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 262.960675][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.967945][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.017603][T12205] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 263.028137][T12205] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 263.044114][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 263.054358][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 263.063536][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.070826][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 263.079694][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 263.090020][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 263.100054][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 263.110313][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 263.120169][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 263.130200][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.140331][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 263.149715][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 263.159570][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 263.169048][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 263.184777][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 263.193888][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 263.245475][T12205] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 263.375359][T12212] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 263.429146][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x40000028 data 0x4d00000000f [ 263.441178][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x40000028 data 0x4d00000010f [ 263.452864][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x40000026 data 0x4d00000010f [ 263.465243][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x4000002c data 0x4d00000010f [ 263.476810][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x40000051 data 0x4d00000020f [ 263.489612][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x4000001b data 0x4d00000000f [ 263.500781][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x4000003e data 0x4d00000000f [ 263.511977][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x40000062 data 0x4d00000020f [ 263.524465][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x40000063 data 0x4d00000020f [ 263.535838][T12212] kvm [12211]: vcpu0, guest rIP: 0x8a Hyper-V uhandled wrmsr: 0x4000002c data 0x4d00000000f 19:47:14 executing program 0: mknod(&(0x7f0000000140)='./bus\x00', 0xa88, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) lsetxattr$security_selinux(&(0x7f0000000180)='./bus\x00', &(0x7f0000000240)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:mount_exec_t:s0\x00', 0x22, 0x0) setxattr$security_smack_transmute(0x0, &(0x7f00000001c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000200)='TRUE', 0x4, 0x0) clone(0x7fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000280)='./bus\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) 19:47:14 executing program 0: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xffffffffffffff71) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x8905, &(0x7f00000000c0)) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$int_in(r3, 0x5452, &(0x7f0000000300)=0x3) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendto$inet(r3, 0x0, 0xfff8, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019ff8)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r4, 0x25, &(0x7f000001d000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019ff8)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r5, 0x25, &(0x7f000001d000)) r6 = dup2(r4, r5) mknodat(r6, &(0x7f0000000080)='./file0\x00', 0x80, 0x6) write$binfmt_elf64(r3, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0xffffff84) recvmsg(r3, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) 19:47:15 executing program 0: openat$usbmon(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) r1 = open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000007c0)={0x0, 0xffffffff}) 19:47:15 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) fchmod(0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000001c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffffe}, 0x4) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x32, 0x4) connect$inet(r1, &(0x7f0000000340)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) creat(0x0, 0x0) [ 265.093864][ C1] ================================================================== [ 265.102219][ C1] BUG: KMSAN: uninit-value in kmem_cache_free+0x3df/0x2b70 [ 265.109562][ C1] CPU: 1 PID: 12239 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0 [ 265.117457][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.127519][ C1] Call Trace: [ 265.130815][ C1] [ 265.133842][ C1] dump_stack+0x191/0x1f0 [ 265.138214][ C1] kmsan_report+0x162/0x2d0 [ 265.142757][ C1] __msan_warning+0x75/0xe0 [ 265.147288][ C1] kmem_cache_free+0x3df/0x2b70 [ 265.152152][ C1] ? kmsan_set_origin+0x6a/0xf0 [ 265.157254][ C1] ? kfree_skb+0x473/0x4c0 [ 265.161703][ C1] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 265.167823][ C1] kfree_skb+0x473/0x4c0 [ 265.172295][ C1] ? __udp4_lib_rcv+0x490d/0x4a70 [ 265.177564][ C1] __udp4_lib_rcv+0x490d/0x4a70 [ 265.182554][ C1] udp_rcv+0x5c/0x70 [ 265.186904][ C1] ? udp_v4_early_demux+0x1e30/0x1e30 [ 265.192350][ C1] ip_protocol_deliver_rcu+0x694/0xbc0 [ 265.198358][ C1] ip_local_deliver+0x62a/0x7c0 [ 265.203395][ C1] ? ip_local_deliver+0x7c0/0x7c0 [ 265.208447][ C1] ? ip_protocol_deliver_rcu+0xbc0/0xbc0 [ 265.214122][ C1] ip_rcv+0x6c5/0x740 [ 265.218140][ C1] ? ip_rcv_core+0x11d0/0x11d0 [ 265.223037][ C1] process_backlog+0xef5/0x1410 [ 265.227925][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 265.233683][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 265.238977][ C1] net_rx_action+0x74b/0x1950 [ 265.243684][ C1] ? net_tx_action+0xba0/0xba0 [ 265.248526][ C1] __do_softirq+0x4a1/0x83a [ 265.253088][ C1] do_softirq_own_stack+0x49/0x80 [ 265.258940][ C1] [ 265.261976][ C1] do_softirq+0xed/0x150 [ 265.266239][ C1] netif_rx_ni+0x208/0x3c0 [ 265.270676][ C1] dev_loopback_xmit+0x607/0x670 [ 265.275656][ C1] ip_mc_finish_output+0x484/0x6d0 [ 265.280799][ C1] ip_mc_output+0xc6d/0x1090 [ 265.285411][ C1] ? ip_mc_output+0x1090/0x1090 [ 265.290291][ C1] ? ip_build_and_send_pkt+0xe80/0xe80 [ 265.295754][ C1] ip_send_skb+0x179/0x360 [ 265.300624][ C1] udp_send_skb+0xeda/0x1870 [ 265.305243][ C1] udp_sendmsg+0x397c/0x4170 [ 265.309902][ C1] ? __update_load_avg_se+0x738/0x1220 [ 265.315385][ C1] ? ip_do_fragment+0x35f0/0x35f0 [ 265.320708][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 265.326839][ C1] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 265.332930][ C1] ? udp_cmsg_send+0x5d0/0x5d0 [ 265.337811][ C1] ? udp_cmsg_send+0x5d0/0x5d0 [ 265.342719][ C1] inet_sendmsg+0x276/0x2e0 [ 265.347942][ C1] ? inet_send_prepare+0x600/0x600 [ 265.353169][ C1] ___sys_sendmsg+0x12c4/0x1590 [ 265.358073][ C1] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 265.364081][ C1] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 265.370216][ C1] ? balance_callback+0x48/0x260 [ 265.375166][ C1] ? kmsan_get_metadata_or_null+0x208/0x290 [ 265.381071][ C1] ? kmsan_internal_check_memory+0x99/0x4e0 [ 265.386978][ C1] ? kmsan_get_metadata_or_null+0x208/0x290 [ 265.392977][ C1] ? __msan_get_context_state+0x9/0x20 [ 265.398538][ C1] ? rcu_all_qs+0x23/0x240 [ 265.403860][ C1] __sys_sendmmsg+0x53a/0xae0 [ 265.408587][ C1] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 265.414692][ C1] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 265.420889][ C1] ? prepare_exit_to_usermode+0x19a/0x4d0 [ 265.426905][ C1] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 265.432915][ C1] __se_sys_sendmmsg+0xbd/0xe0 [ 265.438155][ C1] __x64_sys_sendmmsg+0x56/0x70 [ 265.443195][ C1] do_syscall_64+0xbc/0xf0 [ 265.447734][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 265.453786][ C1] RIP: 0033:0x4598e9 [ 265.457689][ C1] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 265.477303][ C1] RSP: 002b:00007fd3f0d2dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 265.485809][ C1] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 265.493800][ C1] RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 265.501784][ C1] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 265.509769][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3f0d2e6d4 [ 265.517754][ C1] R13: 00000000004c70a7 R14: 00000000004dc768 R15: 00000000ffffffff [ 265.525745][ C1] [ 265.528083][ C1] Uninit was stored to memory at: [ 265.533120][ C1] kmsan_internal_chain_origin+0xcc/0x150 [ 265.538850][ C1] __msan_chain_origin+0x6b/0xe0 [ 265.543831][ C1] ___slab_alloc+0x1dbc/0x1fb0 [ 265.548611][ C1] kmem_cache_alloc+0xade/0xd10 [ 265.553553][ C1] skb_clone+0x326/0x5d0 [ 265.557806][ C1] ip_mc_output+0x934/0x1090 [ 265.562395][ C1] ip_send_skb+0x179/0x360 [ 265.566822][ C1] udp_send_skb+0xeda/0x1870 [ 265.571421][ C1] udp_sendmsg+0x397c/0x4170 [ 265.576115][ C1] inet_sendmsg+0x276/0x2e0 [ 265.580639][ C1] ___sys_sendmsg+0x12c4/0x1590 [ 265.585540][ C1] __sys_sendmmsg+0x53a/0xae0 [ 265.590253][ C1] __se_sys_sendmmsg+0xbd/0xe0 [ 265.595038][ C1] __x64_sys_sendmmsg+0x56/0x70 [ 265.600021][ C1] do_syscall_64+0xbc/0xf0 [ 265.605684][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 265.611615][ C1] [ 265.613948][ C1] Uninit was created at: [ 265.618215][ C1] kmsan_internal_poison_shadow+0x58/0xb0 [ 265.623951][ C1] kmsan_slab_free+0x8d/0x100 [ 265.628636][ C1] kmem_cache_free_bulk+0x3ad9/0x3f50 [ 265.634088][ C1] __kfree_skb_flush+0xb0/0x100 [ 265.638976][ C1] net_rx_action+0x1908/0x1950 [ 265.643758][ C1] __do_softirq+0x4a1/0x83a [ 265.648284][ C1] irq_exit+0x230/0x280 [ 265.652555][ C1] do_IRQ+0x20d/0x3a0 [ 265.656549][ C1] ret_from_intr+0x0/0x33 [ 265.660911][ C1] default_idle+0x53/0x90 [ 265.665313][ C1] arch_cpu_idle+0x25/0x30 [ 265.669802][ C1] do_idle+0x1d7/0x790 [ 265.673884][ C1] cpu_startup_entry+0x45/0x50 [ 265.678768][ C1] start_secondary+0x370/0x470 [ 265.683555][ C1] secondary_startup_64+0xa4/0xb0 [ 265.688669][ C1] ================================================================== [ 265.696761][ C1] Disabling lock debugging due to kernel taint [ 265.702925][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 265.709526][ C1] CPU: 1 PID: 12239 Comm: syz-executor.0 Tainted: G B 5.3.0-rc7+ #0 [ 265.718894][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.728977][ C1] Call Trace: [ 265.732271][ C1] [ 265.735248][ C1] dump_stack+0x191/0x1f0 [ 265.739693][ C1] panic+0x3c9/0xc1e [ 265.743640][ C1] kmsan_report+0x2ca/0x2d0 [ 265.748173][ C1] __msan_warning+0x75/0xe0 [ 265.752691][ C1] kmem_cache_free+0x3df/0x2b70 [ 265.757546][ C1] ? kmsan_set_origin+0x6a/0xf0 [ 265.762472][ C1] ? kfree_skb+0x473/0x4c0 [ 265.766918][ C1] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 265.773898][ C1] kfree_skb+0x473/0x4c0 [ 265.778159][ C1] ? __udp4_lib_rcv+0x490d/0x4a70 [ 265.783199][ C1] __udp4_lib_rcv+0x490d/0x4a70 [ 265.788185][ C1] udp_rcv+0x5c/0x70 [ 265.792113][ C1] ? udp_v4_early_demux+0x1e30/0x1e30 [ 265.797689][ C1] ip_protocol_deliver_rcu+0x694/0xbc0 [ 265.803198][ C1] ip_local_deliver+0x62a/0x7c0 [ 265.808094][ C1] ? ip_local_deliver+0x7c0/0x7c0 [ 265.813156][ C1] ? ip_protocol_deliver_rcu+0xbc0/0xbc0 [ 265.818811][ C1] ip_rcv+0x6c5/0x740 [ 265.822953][ C1] ? ip_rcv_core+0x11d0/0x11d0 [ 265.827742][ C1] process_backlog+0xef5/0x1410 [ 265.832627][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 265.838287][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 19:47:16 executing program 1: creat(0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffed, 0x0, 0x0, 0xfffffde1) setuid(0x0) [ 265.843604][ C1] net_rx_action+0x74b/0x1950 [ 265.848417][ C1] ? net_tx_action+0xba0/0xba0 [ 265.853371][ C1] __do_softirq+0x4a1/0x83a [ 265.858032][ C1] do_softirq_own_stack+0x49/0x80 [ 265.863065][ C1] [ 265.866028][ C1] do_softirq+0xed/0x150 [ 265.870303][ C1] netif_rx_ni+0x208/0x3c0 [ 265.874750][ C1] dev_loopback_xmit+0x607/0x670 [ 265.879723][ C1] ip_mc_finish_output+0x484/0x6d0 [ 265.884871][ C1] ip_mc_output+0xc6d/0x1090 [ 265.889497][ C1] ? ip_mc_output+0x1090/0x1090 [ 265.894468][ C1] ? ip_build_and_send_pkt+0xe80/0xe80 [ 265.899960][ C1] ip_send_skb+0x179/0x360 [ 265.904420][ C1] udp_send_skb+0xeda/0x1870 [ 265.909083][ C1] udp_sendmsg+0x397c/0x4170 [ 265.913712][ C1] ? __update_load_avg_se+0x738/0x1220 [ 265.919375][ C1] ? ip_do_fragment+0x35f0/0x35f0 [ 265.924579][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 265.930677][ C1] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 265.936693][ C1] ? udp_cmsg_send+0x5d0/0x5d0 [ 265.941476][ C1] ? udp_cmsg_send+0x5d0/0x5d0 [ 265.946280][ C1] inet_sendmsg+0x276/0x2e0 [ 265.950808][ C1] ? inet_send_prepare+0x600/0x600 [ 265.955939][ C1] ___sys_sendmsg+0x12c4/0x1590 [ 265.960828][ C1] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 265.966928][ C1] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 265.973027][ C1] ? balance_callback+0x48/0x260 [ 265.977998][ C1] ? kmsan_get_metadata_or_null+0x208/0x290 [ 265.983908][ C1] ? kmsan_internal_check_memory+0x99/0x4e0 [ 265.989818][ C1] ? kmsan_get_metadata_or_null+0x208/0x290 [ 265.995726][ C1] ? __msan_get_context_state+0x9/0x20 [ 266.001190][ C1] ? rcu_all_qs+0x23/0x240 [ 266.005625][ C1] __sys_sendmmsg+0x53a/0xae0 [ 266.010535][ C1] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 266.016672][ C1] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 266.022767][ C1] ? prepare_exit_to_usermode+0x19a/0x4d0 [ 266.028514][ C1] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 266.034523][ C1] __se_sys_sendmmsg+0xbd/0xe0 [ 266.039312][ C1] __x64_sys_sendmmsg+0x56/0x70 [ 266.044176][ C1] do_syscall_64+0xbc/0xf0 [ 266.048597][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 266.054500][ C1] RIP: 0033:0x4598e9 [ 266.058399][ C1] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 266.078008][ C1] RSP: 002b:00007fd3f0d2dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 266.086525][ C1] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 266.094499][ C1] RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 266.102480][ C1] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 266.110443][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3f0d2e6d4 [ 266.118434][ C1] R13: 00000000004c70a7 R14: 00000000004dc768 R15: 00000000ffffffff [ 266.128168][ C1] Kernel Offset: disabled [ 266.132747][ C1] Rebooting in 86400 seconds..