[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 104.243338][ T31] audit: type=1800 audit(1565877098.294:25): pid=11682 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 104.268080][ T31] audit: type=1800 audit(1565877098.314:26): pid=11682 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 104.298596][ T31] audit: type=1800 audit(1565877098.344:27): pid=11682 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.219' (ECDSA) to the list of known hosts. 2019/08/15 13:51:52 fuzzer started 2019/08/15 13:51:58 dialing manager at 10.128.0.26:36111 2019/08/15 13:51:59 syscalls: 2376 2019/08/15 13:51:59 code coverage: enabled 2019/08/15 13:51:59 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/15 13:51:59 extra coverage: enabled 2019/08/15 13:51:59 setuid sandbox: enabled 2019/08/15 13:51:59 namespace sandbox: enabled 2019/08/15 13:51:59 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/15 13:51:59 fault injection: enabled 2019/08/15 13:51:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/15 13:51:59 net packet injection: enabled 2019/08/15 13:51:59 net device setup: enabled 13:55:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0xffffffae) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="650f78f8b9070800000f320f78b30f0000000fd4534f440f20c03506000000440f22c0660f38824a043e660f38812a652118f30f5f4a0c66b88c000f00d0", 0x3e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x0, 0x102000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffff45) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syzkaller login: [ 324.185566][T11848] IPVS: ftp: loaded support on port[0] = 21 [ 324.393826][T11848] chnl_net:caif_netlink_parms(): no params data found [ 324.475582][T11848] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.483039][T11848] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.492405][T11848] device bridge_slave_0 entered promiscuous mode [ 324.503497][T11848] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.510756][T11848] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.520095][T11848] device bridge_slave_1 entered promiscuous mode [ 324.560132][T11848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.574912][T11848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.616064][T11848] team0: Port device team_slave_0 added [ 324.627120][T11848] team0: Port device team_slave_1 added [ 324.970429][T11848] device hsr_slave_0 entered promiscuous mode [ 325.083058][T11848] device hsr_slave_1 entered promiscuous mode [ 325.362705][T11848] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.370127][T11848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.378316][T11848] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.386422][T11848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 325.403215][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.415740][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.538051][T11848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 325.567827][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 325.577619][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 325.594785][T11848] 8021q: adding VLAN 0 to HW filter on device team0 [ 325.612654][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 325.622775][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 325.633389][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.640644][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 325.657221][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 325.667535][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 325.679137][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.686643][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.705431][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 325.728719][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 325.759854][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 325.772639][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 325.783907][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 325.794843][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 325.806958][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 325.819954][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 325.830580][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 325.857708][T11848] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 325.871349][T11848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 325.883588][T11851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 325.893863][T11851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 325.946809][T11848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 326.093175][T11857] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 326.154809][T11857] kvm: emulating exchange as write 13:55:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0xffffffae) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="650f78f8b9070800000f320f78b30f0000000fd4534f440f20c03506000000440f22c0660f38824a043e660f38812a652118f30f5f4a0c66b88c000f00d0", 0x3e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x0, 0x102000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffff45) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:55:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0xffffffae) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="650f78f8b9070800000f320f78b30f0000000fd4534f440f20c03506000000440f22c0660f38824a043e660f38812a652118f30f5f4a0c66b88c000f00d0", 0x3e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x0, 0x102000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffff45) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:55:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0xffffffae) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="650f78f8b9070800000f320f78b30f0000000fd4534f440f20c03506000000440f22c0660f38824a043e660f38812a652118f30f5f4a0c66b88c000f00d0", 0x3e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x0, 0x102000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffff45) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:55:23 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) socketpair$unix(0x1, 0x40000000003, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = memfd_create(&(0x7f0000000280)='^\x00', 0x0) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000003c0)=0x17642c4) pwritev(r2, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r0, r2, 0x0, 0x102002700) [ 329.537011][T11871] IPVS: ftp: loaded support on port[0] = 21 [ 329.743195][T11871] chnl_net:caif_netlink_parms(): no params data found [ 329.821194][T11871] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.828599][T11871] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.837698][T11871] device bridge_slave_0 entered promiscuous mode [ 329.858448][T11871] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.865842][T11871] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.874956][T11871] device bridge_slave_1 entered promiscuous mode [ 329.917655][T11871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 13:55:24 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000440)) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) pipe2(&(0x7f0000000300), 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f00000004c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x70}, {0x3, 0xffffffffd927d9bc, 0x0, 0x0, 0x0, 0xfffffffffffffe01, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0x0, 0x100000000}, {0x82, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=ANY=[@ANYBLOB], 0x1}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000580)={[0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 330.006707][T11871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 330.055081][T11871] team0: Port device team_slave_0 added [ 330.070365][T11871] team0: Port device team_slave_1 added [ 330.169409][T11871] device hsr_slave_0 entered promiscuous mode 13:55:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r1, 0x2db2dba1f53edc97}, 0x14}}, 0x0) [ 330.396137][T11871] device hsr_slave_1 entered promiscuous mode [ 330.452410][T11871] debugfs: Directory 'hsr0' with parent '/' already present! 13:55:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c00000006060d01ff0488fffdffff57ffccad0009000100070d0010091900010c0002000061000000000000"], 0x2c}}, 0x0) [ 330.517461][T11871] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.525216][T11871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.533381][T11871] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.541294][T11871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.641716][T11884] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 13:55:24 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='sysfs\x00', 0x0, 0x0) unshare(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00') mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x100000, 0x0) setns(r0, 0x0) clone(0x70024000, 0x0, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='.\x00'], 0x2) mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x7a04, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x2) [ 330.727220][T11871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 330.749984][T11851] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.784003][T11851] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.806415][T11851] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 330.875579][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 330.889581][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 330.907539][T11887] IPVS: ftp: loaded support on port[0] = 21 [ 330.908937][T11871] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.932615][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 330.943213][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 330.955272][ T3957] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.963041][ T3957] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.036531][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 331.047611][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 331.058719][ T3957] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.068934][ T3957] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.078349][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 331.092546][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 331.104271][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 331.123550][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 331.134623][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 331.153300][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 331.163782][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 331.173450][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 331.189651][ T3957] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 331.228829][ T3352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 331.238840][ T3352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 331.253682][T11871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 331.337853][T11871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.480725][T11892] ================================================================== [ 331.488910][T11892] BUG: KMSAN: uninit-value in kmem_cache_alloc_node+0x5d0/0xe70 [ 331.496610][T11892] CPU: 1 PID: 11892 Comm: syz-executor.1 Not tainted 5.3.0-rc3+ #17 [ 331.508127][T11892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.519523][T11892] Call Trace: [ 331.524449][T11892] dump_stack+0x191/0x1f0 [ 331.529191][T11892] kmsan_report+0x162/0x2d0 [ 331.533782][T11892] __msan_warning+0x75/0xe0 [ 331.538340][T11892] kmem_cache_alloc_node+0x5d0/0xe70 [ 331.543678][T11892] ? __alloc_skb+0x215/0xa10 [ 331.548439][T11892] __alloc_skb+0x215/0xa10 [ 331.552925][T11892] ppp_write+0x124/0x750 [ 331.557409][T11892] ? ppp_read+0xbf0/0xbf0 [ 331.561792][T11892] ? ppp_read+0xbf0/0xbf0 [ 331.566164][T11892] __vfs_write+0x1a9/0xcb0 [ 331.570648][T11892] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 331.576782][T11892] __kernel_write+0x208/0x5f0 [ 331.581529][T11892] write_pipe_buf+0x1c0/0x270 [ 331.586879][T11892] __splice_from_pipe+0x484/0xe80 [ 331.595013][T11892] ? default_file_splice_write+0x3c0/0x3c0 [ 331.602043][T11892] default_file_splice_write+0x1ee/0x3c0 [ 331.607851][T11892] direct_splice_actor+0x19e/0x200 [ 331.613034][T11892] splice_direct_to_actor+0x852/0x1130 [ 331.618659][T11892] ? do_splice_direct+0x580/0x580 [ 331.625785][T11892] do_splice_direct+0x342/0x580 [ 331.630731][T11892] do_sendfile+0x1010/0x1d20 [ 331.638744][T11892] __se_sys_sendfile64+0x2bb/0x360 [ 331.644355][T11892] ? syscall_return_slowpath+0x90/0x610 [ 331.649986][T11892] __x64_sys_sendfile64+0x56/0x70 [ 331.655364][T11892] do_syscall_64+0xbc/0xf0 [ 331.661667][T11892] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 331.667867][T11892] RIP: 0033:0x459829 [ 331.672248][T11892] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 331.692916][T11892] RSP: 002b:00007fb383a2cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 331.701366][T11892] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459829 [ 331.709369][T11892] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 331.717379][T11892] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 331.725427][T11892] R10: 0000000102002700 R11: 0000000000000246 R12: 00007fb383a2d6d4 [ 331.734071][T11892] R13: 00000000004c7005 R14: 00000000004dc630 R15: 00000000ffffffff [ 331.744429][T11892] [ 331.747137][T11892] Uninit was stored to memory at: [ 331.752203][T11892] kmsan_internal_chain_origin+0xcc/0x150 [ 331.757966][T11892] __msan_chain_origin+0x6b/0xe0 [ 331.763142][T11892] ___slab_alloc+0x1dbc/0x1fb0 [ 331.768473][T11892] kmem_cache_alloc_node+0x769/0xe70 [ 331.773807][T11892] __alloc_skb+0x215/0xa10 [ 331.778706][T11892] ppp_write+0x124/0x750 [ 331.783251][T11892] __vfs_write+0x1a9/0xcb0 [ 331.787706][T11892] __kernel_write+0x208/0x5f0 [ 331.792426][T11892] write_pipe_buf+0x1c0/0x270 [ 331.797226][T11892] __splice_from_pipe+0x484/0xe80 [ 331.802469][T11892] default_file_splice_write+0x1ee/0x3c0 [ 331.808164][T11892] direct_splice_actor+0x19e/0x200 [ 331.813840][T11892] splice_direct_to_actor+0x852/0x1130 [ 331.819448][T11892] do_splice_direct+0x342/0x580 [ 331.826097][T11892] do_sendfile+0x1010/0x1d20 [ 331.830729][T11892] __se_sys_sendfile64+0x2bb/0x360 [ 331.836068][T11892] __x64_sys_sendfile64+0x56/0x70 [ 331.841131][T11892] do_syscall_64+0xbc/0xf0 [ 331.846388][T11892] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 331.852297][T11892] [ 331.854821][T11892] Uninit was created at: [ 331.859649][T11892] kmsan_internal_poison_shadow+0x53/0xa0 [ 331.865404][T11892] kmsan_slab_free+0x8d/0x100 [ 331.870130][T11892] kmem_cache_free_bulk+0x3ad9/0x3f50 [ 331.877630][T11892] __kfree_skb_flush+0xb0/0x100 [ 331.882525][T11892] net_rx_action+0x1908/0x1950 [ 331.887507][T11892] __do_softirq+0x4a1/0x83a [ 331.892045][T11892] irq_exit+0x230/0x280 [ 331.896235][T11892] do_IRQ+0x20d/0x3a0 [ 331.900262][T11892] ret_from_intr+0x0/0x33 [ 331.904633][T11892] kmsan_slab_alloc+0xd5/0x120 [ 331.909457][T11892] __kmalloc_node_track_caller+0xb55/0x1320 [ 331.915393][T11892] __alloc_skb+0x306/0xa10 [ 331.919843][T11892] __tcp_send_ack+0xfb/0x840 [ 331.924470][T11892] tcp_send_ack+0x68/0x90 [ 331.928834][T11892] tcp_cleanup_rbuf+0x764/0x800 [ 331.933718][T11892] tcp_recvmsg+0x334d/0x4ff0 [ 331.938354][T11892] inet_recvmsg+0x237/0x7d0 [ 331.942917][T11892] sock_read_iter+0x5be/0x660 [ 331.947635][T11892] __vfs_read+0xa67/0xc90 [ 331.952097][T11892] vfs_read+0x359/0x6f0 [ 331.956555][T11892] ksys_read+0x265/0x430 [ 331.960970][T11892] __se_sys_read+0x92/0xb0 [ 331.965453][T11892] __x64_sys_read+0x4a/0x70 [ 331.969997][T11892] do_syscall_64+0xbc/0xf0 [ 331.974455][T11892] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 331.980564][T11892] ================================================================== [ 331.988652][T11892] Disabling lock debugging due to kernel taint [ 331.996570][T11892] Kernel panic - not syncing: panic_on_warn set ... [ 332.003894][T11892] CPU: 1 PID: 11892 Comm: syz-executor.1 Tainted: G B 5.3.0-rc3+ #17 [ 332.013373][T11892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.024320][T11892] Call Trace: [ 332.027664][T11892] dump_stack+0x191/0x1f0 [ 332.032055][T11892] panic+0x3c9/0xc1e [ 332.036040][T11892] kmsan_report+0x2ca/0x2d0 [ 332.040691][T11892] __msan_warning+0x75/0xe0 [ 332.045254][T11892] kmem_cache_alloc_node+0x5d0/0xe70 [ 332.050590][T11892] ? __alloc_skb+0x215/0xa10 [ 332.055257][T11892] __alloc_skb+0x215/0xa10 [ 332.059865][T11892] ppp_write+0x124/0x750 [ 332.064175][T11892] ? ppp_read+0xbf0/0xbf0 [ 332.069601][T11892] ? ppp_read+0xbf0/0xbf0 [ 332.073979][T11892] __vfs_write+0x1a9/0xcb0 [ 332.078475][T11892] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 332.086785][T11892] __kernel_write+0x208/0x5f0 [ 332.091538][T11892] write_pipe_buf+0x1c0/0x270 [ 332.096286][T11892] __splice_from_pipe+0x484/0xe80 [ 332.101369][T11892] ? default_file_splice_write+0x3c0/0x3c0 [ 332.107257][T11892] default_file_splice_write+0x1ee/0x3c0 [ 332.112975][T11892] direct_splice_actor+0x19e/0x200 [ 332.118159][T11892] splice_direct_to_actor+0x852/0x1130 [ 332.123661][T11892] ? do_splice_direct+0x580/0x580 [ 332.128783][T11892] do_splice_direct+0x342/0x580 [ 332.133721][T11892] do_sendfile+0x1010/0x1d20 [ 332.138423][T11892] __se_sys_sendfile64+0x2bb/0x360 [ 332.143590][T11892] ? syscall_return_slowpath+0x90/0x610 [ 332.149203][T11892] __x64_sys_sendfile64+0x56/0x70 [ 332.154275][T11892] do_syscall_64+0xbc/0xf0 [ 332.158744][T11892] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 332.164677][T11892] RIP: 0033:0x459829 [ 332.168601][T11892] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 332.188231][T11892] RSP: 002b:00007fb383a2cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 332.196678][T11892] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459829 [ 332.204682][T11892] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 332.212691][T11892] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 332.220693][T11892] R10: 0000000102002700 R11: 0000000000000246 R12: 00007fb383a2d6d4 [ 332.228696][T11892] R13: 00000000004c7005 R14: 00000000004dc630 R15: 00000000ffffffff [ 332.237799][T11892] Kernel Offset: disabled [ 332.242156][T11892] Rebooting in 86400 seconds..