[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 77.765020] audit: type=1800 audit(1553390679.824:25): pid=9936 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 77.784062] audit: type=1800 audit(1553390679.834:26): pid=9936 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 77.803412] audit: type=1800 audit(1553390679.844:27): pid=9936 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.211' (ECDSA) to the list of known hosts. 2019/03/24 01:24:52 parsed 1 programs 2019/03/24 01:25:10 executed programs: 0 syzkaller login: [ 108.951578] IPVS: ftp: loaded support on port[0] = 21 [ 108.952756] IPVS: ftp: loaded support on port[0] = 21 [ 108.997291] IPVS: ftp: loaded support on port[0] = 21 [ 109.023108] IPVS: ftp: loaded support on port[0] = 21 [ 109.039870] IPVS: ftp: loaded support on port[0] = 21 [ 109.068634] IPVS: ftp: loaded support on port[0] = 21 [ 109.263397] chnl_net:caif_netlink_parms(): no params data found [ 109.445254] chnl_net:caif_netlink_parms(): no params data found [ 109.454777] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.461230] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.469184] device bridge_slave_0 entered promiscuous mode [ 109.494418] chnl_net:caif_netlink_parms(): no params data found [ 109.507853] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.514453] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.522401] device bridge_slave_1 entered promiscuous mode [ 109.606003] chnl_net:caif_netlink_parms(): no params data found [ 109.618402] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 109.661848] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.668306] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.676278] device bridge_slave_0 entered promiscuous mode [ 109.685944] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 109.693814] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.700269] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.708764] device bridge_slave_1 entered promiscuous mode [ 109.783371] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.789856] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.797900] device bridge_slave_0 entered promiscuous mode [ 109.812984] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.819442] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.827631] device bridge_slave_1 entered promiscuous mode [ 109.888588] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 109.929140] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.936477] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.944467] device bridge_slave_0 entered promiscuous mode [ 109.953938] team0: Port device team_slave_0 added [ 109.967774] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.974305] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.982335] device bridge_slave_1 entered promiscuous mode [ 109.995190] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.009470] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.019977] team0: Port device team_slave_1 added [ 110.027675] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.041460] chnl_net:caif_netlink_parms(): no params data found [ 110.072002] team0: Port device team_slave_0 added [ 110.101579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.114707] chnl_net:caif_netlink_parms(): no params data found [ 110.126635] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.137748] team0: Port device team_slave_1 added [ 110.189038] team0: Port device team_slave_0 added [ 110.211299] team0: Port device team_slave_0 added [ 110.234060] team0: Port device team_slave_1 added [ 110.241126] team0: Port device team_slave_1 added [ 110.304413] device hsr_slave_0 entered promiscuous mode [ 110.342171] device hsr_slave_1 entered promiscuous mode [ 110.475509] device hsr_slave_0 entered promiscuous mode [ 110.542213] device hsr_slave_1 entered promiscuous mode [ 110.644673] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.651150] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.659113] device bridge_slave_0 entered promiscuous mode [ 110.673728] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.680274] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.688356] device bridge_slave_1 entered promiscuous mode [ 110.712599] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.719032] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.726775] device bridge_slave_0 entered promiscuous mode [ 110.749920] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.795548] device hsr_slave_0 entered promiscuous mode [ 110.832377] device hsr_slave_1 entered promiscuous mode [ 110.873849] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.880305] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.888139] device bridge_slave_1 entered promiscuous mode [ 110.925397] device hsr_slave_0 entered promiscuous mode [ 110.962162] device hsr_slave_1 entered promiscuous mode [ 111.004953] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 111.033460] team0: Port device team_slave_0 added [ 111.041123] team0: Port device team_slave_1 added [ 111.068557] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 111.079007] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 111.110490] team0: Port device team_slave_0 added [ 111.118047] team0: Port device team_slave_1 added [ 111.217132] device hsr_slave_0 entered promiscuous mode [ 111.264784] device hsr_slave_1 entered promiscuous mode [ 111.347844] device hsr_slave_0 entered promiscuous mode [ 111.402493] device hsr_slave_1 entered promiscuous mode [ 111.510501] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.517052] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.524144] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.530592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.646128] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.654947] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.682409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.706216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.714093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.726287] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.747044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.760329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.769810] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.777896] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.784364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.814384] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.833704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 111.841151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.849501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.857298] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.863827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.870989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.878448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.893278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.912871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.919291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.926923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.934499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 111.948287] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.961144] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.974653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.983996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.992435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.000377] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.006917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.017332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 112.043436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 112.050764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.058437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 112.067016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 112.075569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 112.083836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 112.092200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.100145] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.106600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.114196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 112.122655] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 112.131630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 112.139939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.147968] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.154435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.185125] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.193658] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.219118] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 112.226966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 112.234912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 112.242351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.249593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 112.257588] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 112.265488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 112.274131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 112.282668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 112.290931] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 112.299104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 112.306377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.313696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 112.321952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.329772] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.336225] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.343923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 112.352488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 112.360711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 112.369408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 112.377707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.385777] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.392230] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.399651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 112.407755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 112.429184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 112.457379] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.463783] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 112.472165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 112.480349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.488351] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.494848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.502485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 112.511099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 112.519823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 112.528267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 112.536603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 112.545197] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 112.553438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 112.562116] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 112.570088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 112.578096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 112.586171] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 112.600328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 112.608025] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 112.615912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 112.624141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 112.638282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 112.646571] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.654550] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.660972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.668545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 112.676938] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 112.690616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 112.698235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 112.706038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 112.714204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.722872] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.729292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.741488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 112.794363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 112.802603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 112.810525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 112.819172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 112.828134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 112.836013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 112.843894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 112.852074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.859876] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.866379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.873612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 112.881635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.889482] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.895969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.903201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 112.911421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 112.919861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 112.928102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 112.936319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 112.947530] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 112.966750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 112.982967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.996425] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 113.007566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 113.033073] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.039769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 113.048559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 113.056950] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 113.065365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 113.073507] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 113.081413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 113.090058] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 113.098034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 113.106074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 113.115880] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 113.158909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 113.167431] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 113.199830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.207215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 113.216270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 113.225365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 113.233579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 113.250851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 113.272370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.279244] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 113.290447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 113.298016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 113.306221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 113.404199] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.548025] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.585297] ================================================================== [ 113.592728] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 113.599236] CPU: 0 PID: 10131 Comm: syz-executor.4 Not tainted 5.0.0+ #16 [ 113.606162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.615522] Call Trace: [ 113.618125] dump_stack+0x173/0x1d0 [ 113.622205] kmsan_report+0x131/0x2a0 [ 113.626030] kmsan_internal_check_memory+0xaa1/0xbb0 [ 113.631159] kmsan_copy_to_user+0xab/0xc0 [ 113.635322] _copy_to_user+0x16b/0x1f0 [ 113.639251] sctp_getsockopt+0x1668e/0x17f70 [ 113.643700] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 113.649084] ? aa_sk_perm+0x605/0x950 [ 113.652913] ? sctp_setsockopt+0x13560/0x13560 [ 113.657507] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 113.662730] ? sctp_setsockopt+0x13560/0x13560 [ 113.667329] sock_common_getsockopt+0x13f/0x180 [ 113.672024] ? sock_recv_errqueue+0x8f0/0x8f0 [ 113.676531] __sys_getsockopt+0x489/0x550 [ 113.680705] __se_sys_getsockopt+0xe1/0x100 [ 113.685058] __x64_sys_getsockopt+0x62/0x80 [ 113.689391] do_syscall_64+0xbc/0xf0 [ 113.693133] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 113.698331] RIP: 0033:0x458209 [ 113.701534] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.720446] RSP: 002b:00007fdbef191c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 113.728161] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458209 [ 113.735439] RDX: 000000000000006c RSI: 0000000000000084 RDI: 0000000000000004 [ 113.742723] RBP: 000000000073bf00 R08: 0000000020000300 R09: 0000000000000000 [ 113.750001] R10: 0000000020000280 R11: 0000000000000246 R12: 00007fdbef1926d4 [ 113.757282] R13: 00000000004c96c8 R14: 00000000004d0310 R15: 00000000ffffffff [ 113.764567] [ 113.766197] Uninit was stored to memory at: [ 113.770535] kmsan_internal_chain_origin+0x134/0x230 [ 113.775655] kmsan_memcpy_memmove_metadata+0xb5b/0xfe0 [ 113.780945] kmsan_memcpy_metadata+0xb/0x10 [ 113.785273] __msan_memcpy+0x58/0x70 [ 113.788996] sctp_getsockopt+0x16556/0x17f70 [ 113.793411] sock_common_getsockopt+0x13f/0x180 2019/03/24 01:25:15 executed programs: 6 [ 113.798097] __sys_getsockopt+0x489/0x550 [ 113.802258] __se_sys_getsockopt+0xe1/0x100 [ 113.806591] __x64_sys_getsockopt+0x62/0x80 [ 113.810924] do_syscall_64+0xbc/0xf0 [ 113.814644] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 113.819843] [ 113.821466] Uninit was stored to memory at: [ 113.825798] kmsan_internal_chain_origin+0x134/0x230 [ 113.830911] kmsan_memcpy_memmove_metadata+0xb5b/0xfe0 [ 113.836200] kmsan_memcpy_metadata+0xb/0x10 [ 113.840532] __msan_memcpy+0x58/0x70 [ 113.844256] sctp_transport_new+0x16d/0x9a0 [ 113.848584] sctp_assoc_add_peer+0x532/0x1f70 [ 113.853088] sctp_process_init+0x1a1b/0x3ed0 [ 113.857603] sctp_do_sm+0x3cfc/0x9af0 [ 113.861411] sctp_assoc_bh_rcv+0x65a/0xd80 [ 113.865661] sctp_inq_push+0x300/0x420 [ 113.869553] sctp_backlog_rcv+0x20a/0xaf0 [ 113.873705] __release_sock+0x281/0x5f0 [ 113.877694] release_sock+0x99/0x2a0 [ 113.881421] sctp_wait_for_connect+0x3ee/0x860 [ 113.886007] sctp_sendmsg_to_asoc+0x2167/0x21a0 [ 113.890679] sctp_sendmsg+0x3fd7/0x6700 [ 113.894661] inet_sendmsg+0x54a/0x720 [ 113.898473] ___sys_sendmsg+0xdb9/0x11b0 [ 113.902543] __se_sys_sendmsg+0x305/0x460 [ 113.906696] __x64_sys_sendmsg+0x4a/0x70 [ 113.910769] do_syscall_64+0xbc/0xf0 [ 113.914488] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 113.919670] [ 113.921294] Local variable description: ----addr.i@sctp_process_init [ 113.927776] Variable was created at: [ 113.931502] sctp_process_init+0xb5/0x3ed0 [ 113.935749] sctp_do_sm+0x3cfc/0x9af0 [ 113.939546] [ 113.941174] Bytes 8-15 of 16 are uninitialized [ 113.945756] Memory access of size 16 starts at ffff88809511fc28 [ 113.951807] Data copied to user address 0000000020000298 [ 113.957310] ================================================================== [ 113.966255] Disabling lock debugging due to kernel taint [ 113.971703] Kernel panic - not syncing: panic_on_warn set ... [ 113.977608] CPU: 0 PID: 10131 Comm: syz-executor.4 Tainted: G B 5.0.0+ #16 [ 113.985923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.995285] Call Trace: [ 113.997895] dump_stack+0x173/0x1d0 [ 114.001537] panic+0x3d1/0xb01 [ 114.004775] kmsan_report+0x29a/0x2a0 [ 114.008594] kmsan_internal_check_memory+0xaa1/0xbb0 [ 114.013737] kmsan_copy_to_user+0xab/0xc0 [ 114.017906] _copy_to_user+0x16b/0x1f0 [ 114.021812] sctp_getsockopt+0x1668e/0x17f70 [ 114.026262] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 114.031631] ? aa_sk_perm+0x605/0x950 [ 114.035454] ? sctp_setsockopt+0x13560/0x13560 [ 114.040050] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 114.045254] ? sctp_setsockopt+0x13560/0x13560 [ 114.049858] sock_common_getsockopt+0x13f/0x180 [ 114.054542] ? sock_recv_errqueue+0x8f0/0x8f0 [ 114.059048] __sys_getsockopt+0x489/0x550 [ 114.063221] __se_sys_getsockopt+0xe1/0x100 [ 114.067669] __x64_sys_getsockopt+0x62/0x80 [ 114.072011] do_syscall_64+0xbc/0xf0 [ 114.075754] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 114.080942] RIP: 0033:0x458209 [ 114.084139] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 114.103136] RSP: 002b:00007fdbef191c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 114.110971] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458209 [ 114.118252] RDX: 000000000000006c RSI: 0000000000000084 RDI: 0000000000000004 [ 114.125527] RBP: 000000000073bf00 R08: 0000000020000300 R09: 0000000000000000 [ 114.133384] R10: 0000000020000280 R11: 0000000000000246 R12: 00007fdbef1926d4 [ 114.140659] R13: 00000000004c96c8 R14: 00000000004d0310 R15: 00000000ffffffff [ 114.148825] Kernel Offset: disabled [ 114.152454] Rebooting in 86400 seconds..