[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 140.236241][ T8435] sshd (8435) used greatest stack depth: 3816 bytes left Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. 2020/07/18 02:39:08 fuzzer started 2020/07/18 02:39:09 dialing manager at 10.128.0.26:41463 2020/07/18 02:39:09 syscalls: 2944 2020/07/18 02:39:09 code coverage: enabled 2020/07/18 02:39:09 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/18 02:39:09 extra coverage: enabled 2020/07/18 02:39:09 setuid sandbox: enabled 2020/07/18 02:39:09 namespace sandbox: enabled 2020/07/18 02:39:09 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/18 02:39:09 fault injection: enabled 2020/07/18 02:39:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/18 02:39:09 net packet injection: enabled 2020/07/18 02:39:09 net device setup: enabled 2020/07/18 02:39:09 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/18 02:39:09 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/18 02:39:09 USB emulation: /dev/raw-gadget does not exist 02:42:52 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) capset(&(0x7f00002d0ff8)={0x19980330}, &(0x7f0000000080)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd76, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%n'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r3) [ 375.576613][ T8478] IPVS: ftp: loaded support on port[0] = 21 [ 375.828371][ T8478] chnl_net:caif_netlink_parms(): no params data found [ 376.079564][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.088026][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.097498][ T8478] device bridge_slave_0 entered promiscuous mode [ 376.112196][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.120119][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.129416][ T8478] device bridge_slave_1 entered promiscuous mode [ 376.181481][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 376.198955][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 376.252672][ T8478] team0: Port device team_slave_0 added [ 376.265044][ T8478] team0: Port device team_slave_1 added [ 376.310288][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 376.318526][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.344707][ T8478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 376.359789][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 376.367056][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.394504][ T8478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 376.621775][ T8478] device hsr_slave_0 entered promiscuous mode [ 376.686306][ T8478] device hsr_slave_1 entered promiscuous mode [ 377.130729][ T8478] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 377.185020][ T8478] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 377.278672][ T8478] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 377.421984][ T8478] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 377.695284][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.730388][ T8636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 377.740313][ T8636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 377.772261][ T8478] 8021q: adding VLAN 0 to HW filter on device team0 [ 377.799642][ T3079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 377.809248][ T3079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 377.818792][ T3079] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.826098][ T3079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 377.878403][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 377.887686][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 377.897739][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 377.907279][ T8683] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.914566][ T8683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 377.925645][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 377.936553][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 377.965552][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 377.976731][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 377.987057][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 377.996782][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 378.053101][ T8478] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 378.063632][ T8478] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 378.079564][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 378.089763][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 378.099590][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 378.110033][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 378.120337][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 378.174726][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 378.189255][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 378.200182][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 378.208105][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 378.256663][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 378.272032][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 378.326478][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 378.336542][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 378.357261][ T8478] device veth0_vlan entered promiscuous mode [ 378.366257][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 378.375494][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 378.413950][ T8478] device veth1_vlan entered promiscuous mode [ 378.500930][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 378.511134][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 378.520827][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 378.530997][ T8683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 378.559052][ T8478] device veth0_macvtap entered promiscuous mode [ 378.589617][ T8478] device veth1_macvtap entered promiscuous mode [ 378.641192][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 378.649151][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 378.658927][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 378.669136][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 378.679390][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 378.702061][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 378.729468][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 378.739606][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 378.943985][ T8687] capability: warning: `syz-executor.0' uses 32-bit capabilities (legacy support in use) 02:42:56 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) capset(&(0x7f00002d0ff8)={0x19980330}, &(0x7f0000000080)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd76, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%n'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r3) 02:42:56 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) capset(&(0x7f00002d0ff8)={0x19980330}, &(0x7f0000000080)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd76, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%n'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r3) 02:42:57 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) capset(&(0x7f00002d0ff8)={0x19980330}, &(0x7f0000000080)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd76, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%n'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r3) 02:42:57 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r3 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x6) setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r3, r4, 0x0, 0x100000edc3) [ 379.618234][ C1] ===================================================== [ 379.625233][ C1] BUG: KMSAN: uninit-value in dccp_v4_rcv+0x411/0x2720 [ 379.632096][ C1] CPU: 1 PID: 8700 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 379.640686][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 379.650755][ C1] Call Trace: [ 379.654052][ C1] [ 379.656930][ C1] dump_stack+0x1df/0x240 [ 379.661289][ C1] kmsan_report+0xf7/0x1e0 [ 379.665736][ C1] __msan_warning+0x58/0xa0 [ 379.670257][ C1] dccp_v4_rcv+0x411/0x2720 [ 379.674797][ C1] ? ipv4_confirm+0x31f/0x3f0 [ 379.679487][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 379.684721][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 379.689946][ C1] ? local_bh_enable+0x40/0x40 [ 379.694723][ C1] ip_protocol_deliver_rcu+0x700/0xbc0 [ 379.700214][ C1] ip_local_deliver+0x62a/0x7c0 [ 379.705095][ C1] ? ip_local_deliver+0x7c0/0x7c0 [ 379.710127][ C1] ? ip_protocol_deliver_rcu+0xbc0/0xbc0 [ 379.715777][ C1] ip_rcv+0x6cf/0x750 [ 379.719815][ C1] ? ip_rcv_core+0x12c0/0x12c0 [ 379.724589][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 379.730234][ C1] process_backlog+0xfb5/0x14e0 [ 379.735108][ C1] ? lapic_next_event+0x6e/0xa0 [ 379.740000][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 379.745297][ C1] net_rx_action+0x746/0x1aa0 [ 379.750020][ C1] ? net_tx_action+0xc40/0xc40 [ 379.754808][ C1] __do_softirq+0x311/0x83d [ 379.759357][ C1] asm_call_on_stack+0x12/0x20 [ 379.764124][ C1] [ 379.767075][ C1] do_softirq_own_stack+0x7c/0xa0 [ 379.772111][ C1] __local_bh_enable_ip+0x184/0x1d0 [ 379.777336][ C1] local_bh_enable+0x36/0x40 [ 379.781939][ C1] ip_finish_output2+0x1fee/0x24a0 [ 379.787064][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 379.793147][ C1] ? nf_ct_deliver_cached_events+0x511/0x6c0 [ 379.799174][ C1] __ip_finish_output+0xaa7/0xd80 [ 379.804233][ C1] ip_finish_output+0x166/0x410 [ 379.809111][ C1] ip_output+0x593/0x680 [ 379.813387][ C1] ? ip_mc_finish_output+0x6c0/0x6c0 [ 379.818688][ C1] ? ip_finish_output+0x410/0x410 [ 379.823737][ C1] __ip_queue_xmit+0x1b5c/0x21a0 [ 379.828732][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 379.833952][ C1] ip_queue_xmit+0xcc/0xf0 [ 379.838383][ C1] ? dccp_v4_init_sock+0x150/0x150 [ 379.843507][ C1] dccp_transmit_skb+0x12ee/0x1600 [ 379.848656][ C1] dccp_xmit_packet+0x801/0x9b0 [ 379.853531][ C1] dccp_write_xmit+0x262/0x420 [ 379.858312][ C1] dccp_sendmsg+0x12d1/0x12e0 [ 379.863028][ C1] ? udp_cmsg_send+0x5d0/0x5d0 [ 379.867796][ C1] ? compat_dccp_getsockopt+0x190/0x190 [ 379.873351][ C1] inet_sendmsg+0x2d8/0x2e0 [ 379.877875][ C1] ? inet_send_prepare+0x600/0x600 [ 379.882993][ C1] kernel_sendmsg+0x384/0x440 [ 379.887692][ C1] sock_no_sendpage+0x235/0x300 [ 379.892576][ C1] ? sock_no_mmap+0x30/0x30 [ 379.897092][ C1] sock_sendpage+0x1e1/0x2c0 [ 379.901711][ C1] pipe_to_sendpage+0x38c/0x4c0 [ 379.906577][ C1] ? sock_fasync+0x250/0x250 [ 379.911196][ C1] __splice_from_pipe+0x565/0xf00 [ 379.916232][ C1] ? generic_splice_sendpage+0x2d0/0x2d0 [ 379.921918][ C1] generic_splice_sendpage+0x1d5/0x2d0 [ 379.927410][ C1] ? iter_file_splice_write+0x1800/0x1800 [ 379.933141][ C1] direct_splice_actor+0x1fd/0x580 [ 379.938275][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 379.943408][ C1] splice_direct_to_actor+0x6b2/0xf50 [ 379.948793][ C1] ? do_splice_direct+0x580/0x580 [ 379.953867][ C1] do_splice_direct+0x342/0x580 [ 379.958759][ C1] do_sendfile+0x101b/0x1d40 [ 379.963397][ C1] __se_sys_sendfile64+0x2bb/0x360 [ 379.968522][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 379.973654][ C1] __x64_sys_sendfile64+0x56/0x70 [ 379.978686][ C1] do_syscall_64+0xb0/0x150 [ 379.983208][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 379.989103][ C1] RIP: 0033:0x45c1d9 [ 379.992989][ C1] Code: Bad RIP value. [ 379.997051][ C1] RSP: 002b:00007fcdef296c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 380.005468][ C1] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 380.013445][ C1] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 380.021425][ C1] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 380.029405][ C1] R10: 000000100000edc3 R11: 0000000000000246 R12: 000000000078bf0c [ 380.037382][ C1] R13: 0000000000c9fb6f R14: 00007fcdef2979c0 R15: 000000000078bf0c [ 380.045370][ C1] [ 380.047712][ C1] Uninit was stored to memory at: [ 380.054660][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 380.060388][ C1] __msan_chain_origin+0x50/0x90 [ 380.065326][ C1] dccp_invalid_packet+0xc59/0xee0 [ 380.070433][ C1] dccp_v4_rcv+0x50/0x2720 [ 380.074852][ C1] ip_protocol_deliver_rcu+0x700/0xbc0 [ 380.080310][ C1] ip_local_deliver+0x62a/0x7c0 [ 380.085174][ C1] ip_rcv+0x6cf/0x750 [ 380.089162][ C1] process_backlog+0xfb5/0x14e0 [ 380.094017][ C1] net_rx_action+0x746/0x1aa0 [ 380.098696][ C1] __do_softirq+0x311/0x83d [ 380.103188][ C1] [ 380.105508][ C1] Uninit was stored to memory at: [ 380.110541][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 380.116271][ C1] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 380.122255][ C1] kmsan_memcpy_metadata+0xb/0x10 [ 380.127278][ C1] __msan_memcpy+0x43/0x50 [ 380.131701][ C1] _copy_from_iter_full+0xbfe/0x13b0 [ 380.136990][ C1] dccp_sendmsg+0x932/0x12e0 [ 380.141595][ C1] inet_sendmsg+0x2d8/0x2e0 [ 380.146099][ C1] kernel_sendmsg+0x384/0x440 [ 380.150779][ C1] sock_no_sendpage+0x235/0x300 [ 380.155639][ C1] sock_sendpage+0x1e1/0x2c0 [ 380.160231][ C1] pipe_to_sendpage+0x38c/0x4c0 [ 380.165092][ C1] __splice_from_pipe+0x565/0xf00 [ 380.170138][ C1] generic_splice_sendpage+0x1d5/0x2d0 [ 380.175682][ C1] direct_splice_actor+0x1fd/0x580 [ 380.180874][ C1] splice_direct_to_actor+0x6b2/0xf50 [ 380.186250][ C1] do_splice_direct+0x342/0x580 [ 380.191105][ C1] do_sendfile+0x101b/0x1d40 [ 380.195696][ C1] __se_sys_sendfile64+0x2bb/0x360 [ 380.200806][ C1] __x64_sys_sendfile64+0x56/0x70 [ 380.205838][ C1] do_syscall_64+0xb0/0x150 [ 380.210349][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.216238][ C1] [ 380.218559][ C1] Uninit was created at: [ 380.222813][ C1] kmsan_save_stack_with_flags+0x3c/0x90 [ 380.228444][ C1] kmsan_alloc_page+0xb9/0x180 [ 380.233302][ C1] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 380.238880][ C1] alloc_pages_current+0x672/0x990 [ 380.243993][ C1] push_pipe+0x605/0xb70 [ 380.248242][ C1] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 380.253971][ C1] do_splice_to+0x4fc/0x14f0 [ 380.258564][ C1] splice_direct_to_actor+0x45c/0xf50 [ 380.263938][ C1] do_splice_direct+0x342/0x580 [ 380.268793][ C1] do_sendfile+0x101b/0x1d40 [ 380.273389][ C1] __se_sys_sendfile64+0x2bb/0x360 [ 380.278503][ C1] __x64_sys_sendfile64+0x56/0x70 [ 380.283528][ C1] do_syscall_64+0xb0/0x150 [ 380.288031][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.293912][ C1] ===================================================== [ 380.300844][ C1] Disabling lock debugging due to kernel taint [ 380.306993][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 380.313597][ C1] CPU: 1 PID: 8700 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 380.323581][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.333635][ C1] Call Trace: [ 380.336928][ C1] [ 380.339793][ C1] dump_stack+0x1df/0x240 [ 380.344141][ C1] panic+0x3d5/0xc3e [ 380.348082][ C1] kmsan_report+0x1df/0x1e0 [ 380.352601][ C1] __msan_warning+0x58/0xa0 [ 380.357112][ C1] dccp_v4_rcv+0x411/0x2720 [ 380.361647][ C1] ? ipv4_confirm+0x31f/0x3f0 [ 380.366339][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 380.371572][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 380.376788][ C1] ? local_bh_enable+0x40/0x40 [ 380.381556][ C1] ip_protocol_deliver_rcu+0x700/0xbc0 [ 380.387043][ C1] ip_local_deliver+0x62a/0x7c0 [ 380.391930][ C1] ? ip_local_deliver+0x7c0/0x7c0 [ 380.396968][ C1] ? ip_protocol_deliver_rcu+0xbc0/0xbc0 [ 380.402610][ C1] ip_rcv+0x6cf/0x750 [ 380.406610][ C1] ? ip_rcv_core+0x12c0/0x12c0 [ 380.411379][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 380.417028][ C1] process_backlog+0xfb5/0x14e0 [ 380.421891][ C1] ? lapic_next_event+0x6e/0xa0 [ 380.426778][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 380.432068][ C1] net_rx_action+0x746/0x1aa0 [ 380.436774][ C1] ? net_tx_action+0xc40/0xc40 [ 380.441548][ C1] __do_softirq+0x311/0x83d [ 380.446086][ C1] asm_call_on_stack+0x12/0x20 [ 380.450854][ C1] [ 380.453797][ C1] do_softirq_own_stack+0x7c/0xa0 [ 380.458825][ C1] __local_bh_enable_ip+0x184/0x1d0 [ 380.464044][ C1] local_bh_enable+0x36/0x40 [ 380.468638][ C1] ip_finish_output2+0x1fee/0x24a0 [ 380.473762][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 380.479837][ C1] ? nf_ct_deliver_cached_events+0x511/0x6c0 [ 380.485873][ C1] __ip_finish_output+0xaa7/0xd80 [ 380.490959][ C1] ip_finish_output+0x166/0x410 [ 380.495867][ C1] ip_output+0x593/0x680 [ 380.500148][ C1] ? ip_mc_finish_output+0x6c0/0x6c0 [ 380.505450][ C1] ? ip_finish_output+0x410/0x410 [ 380.510482][ C1] __ip_queue_xmit+0x1b5c/0x21a0 [ 380.515485][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 380.520703][ C1] ip_queue_xmit+0xcc/0xf0 [ 380.525138][ C1] ? dccp_v4_init_sock+0x150/0x150 [ 380.530258][ C1] dccp_transmit_skb+0x12ee/0x1600 [ 380.535418][ C1] dccp_xmit_packet+0x801/0x9b0 [ 380.540289][ C1] dccp_write_xmit+0x262/0x420 [ 380.545074][ C1] dccp_sendmsg+0x12d1/0x12e0 [ 380.549797][ C1] ? udp_cmsg_send+0x5d0/0x5d0 [ 380.554565][ C1] ? compat_dccp_getsockopt+0x190/0x190 [ 380.560115][ C1] inet_sendmsg+0x2d8/0x2e0 [ 380.564635][ C1] ? inet_send_prepare+0x600/0x600 [ 380.569768][ C1] kernel_sendmsg+0x384/0x440 [ 380.574470][ C1] sock_no_sendpage+0x235/0x300 [ 380.579351][ C1] ? sock_no_mmap+0x30/0x30 [ 380.583867][ C1] sock_sendpage+0x1e1/0x2c0 [ 380.588480][ C1] pipe_to_sendpage+0x38c/0x4c0 [ 380.593335][ C1] ? sock_fasync+0x250/0x250 [ 380.597949][ C1] __splice_from_pipe+0x565/0xf00 [ 380.602989][ C1] ? generic_splice_sendpage+0x2d0/0x2d0 [ 380.608674][ C1] generic_splice_sendpage+0x1d5/0x2d0 [ 380.614159][ C1] ? iter_file_splice_write+0x1800/0x1800 [ 380.619884][ C1] direct_splice_actor+0x1fd/0x580 [ 380.625187][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 380.630311][ C1] splice_direct_to_actor+0x6b2/0xf50 [ 380.635694][ C1] ? do_splice_direct+0x580/0x580 [ 380.640761][ C1] do_splice_direct+0x342/0x580 [ 380.645747][ C1] do_sendfile+0x101b/0x1d40 [ 380.650383][ C1] __se_sys_sendfile64+0x2bb/0x360 [ 380.655511][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 380.660639][ C1] __x64_sys_sendfile64+0x56/0x70 [ 380.665677][ C1] do_syscall_64+0xb0/0x150 [ 380.670197][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 380.676089][ C1] RIP: 0033:0x45c1d9 [ 380.679975][ C1] Code: Bad RIP value. [ 380.684041][ C1] RSP: 002b:00007fcdef296c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 380.692457][ C1] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 380.700442][ C1] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 380.708418][ C1] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 380.716397][ C1] R10: 000000100000edc3 R11: 0000000000000246 R12: 000000000078bf0c [ 380.724384][ C1] R13: 0000000000c9fb6f R14: 00007fcdef2979c0 R15: 000000000078bf0c [ 380.733543][ C1] Kernel Offset: 0x24e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 380.745169][ C1] Rebooting in 86400 seconds..