INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. 2018/04/07 07:14:57 fuzzer started 2018/04/07 07:14:58 dialing manager at 10.128.0.26:38639 2018/04/07 07:15:04 kcov=true, comps=false 2018/04/07 07:15:06 executing program 0: perf_event_open(&(0x7f00002b5f88)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x21) setrlimit(0x7, &(0x7f0000a9cff8)) memfd_create(&(0x7f0000000100)='\x00', 0x0) 2018/04/07 07:15:06 executing program 2: mkdir(&(0x7f000002b000)='./file0\x00', 0x0) r0 = creat(&(0x7f00000000c0)='./file0/bus\x00', 0xfffffffffffffffc) writev(r0, &(0x7f0000030000)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1) 2018/04/07 07:15:06 executing program 7: sendmsg(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000000140)=@l2={0x1f}, 0x80, &(0x7f0000001240), 0x0, &(0x7f0000001280)=[{0x30, 0x0, 0x0, "1ca41a9b5ea151da3dbdabb475a606e56cab80fab11299a8ab198a"}], 0x30}, 0x0) move_pages(0x0, 0x395, &(0x7f0000000080), 0x0, &(0x7f0000000080), 0x0) 2018/04/07 07:15:06 executing program 3: clock_getres(0xffffffffffffffff, &(0x7f0000000040)) 2018/04/07 07:15:07 executing program 5: mkdir(&(0x7f0000c4e000)='./file0\x00', 0x0) r0 = open(&(0x7f0000032ff8)='./file0\x00', 0x0, 0x0) lseek(r0, 0x0, 0x1) 2018/04/07 07:15:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000008000)={0x0, {{0x2, 0x0, @multicast1=0xe0000001}}}, 0x111) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000008000)=""/144, &(0x7f0000012ffc)=0x90) 2018/04/07 07:15:07 executing program 6: gettid() r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_targets\x00') close(r0) 2018/04/07 07:15:07 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x102) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) write$evdev(r0, &(0x7f0000000080), 0xfffffffffffffe2d) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f00000000c0)=""/159) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) syzkaller login: [ 44.186616] ip (3737) used greatest stack depth: 54672 bytes left [ 45.263665] ip (3840) used greatest stack depth: 54200 bytes left [ 47.789763] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.876951] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.937167] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.115908] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.179926] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.211893] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.245920] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.254321] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.656135] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.715261] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.909940] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.034150] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.128441] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.152796] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.203339] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.314540] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.398165] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.404445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.415782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.472841] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.479907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.496009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.662499] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.668735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.677420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.827607] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.833873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.842270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.886505] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.892845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.908660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.929630] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.938392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.951208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.129643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.135910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.146813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.187285] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.193558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.204420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/07 07:15:23 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000000000), 0x4) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)) 2018/04/07 07:15:24 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setresgid(0x0, 0x0, 0x0) 2018/04/07 07:15:24 executing program 7: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstatfs(0xffffffffffffffff, &(0x7f0000000180)=""/211) clock_nanosleep(0x0, 0x0, &(0x7f0000051ff0)={0x0, 0x989680}, 0x0) clock_nanosleep(0x6, 0x0, &(0x7f0000000080)={0x77359400}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x8002, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}}]}, 0x60}, 0x1}, 0x0) 2018/04/07 07:15:24 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000018000)=0x3f, 0x4) listen(r1, 0x0) 2018/04/07 07:15:24 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt_cache\x00') close(r0) 2018/04/07 07:15:24 executing program 1: seccomp(0x1, 0x0, &(0x7f00004c6000)={0x1, &(0x7f0000a7c000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty, [], {@mpls_mc={0x8848, {[], @ipv4={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2=0xe0000002, @dev={0xac, 0x14, 0x14}}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd}, {0x8, 0x88be, 0x0, {{0x0, 0x1}, 0x1}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2}, 0x2}}, {0x8, 0x6558}}}}}}}, &(0x7f00000003c0)) 2018/04/07 07:15:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 2018/04/07 07:15:24 executing program 2: unshare(0x8000400) r0 = mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x1, 0x2}) fchown(r0, 0x0, 0x0) 2018/04/07 07:15:24 executing program 3: r0 = socket$packet(0x11, 0x800000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0xfffffd5d) 2018/04/07 07:15:25 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000001240)) r1 = syz_open_procfs(0x0, &(0x7f00000dcfe9)='net/ip6_tables_targets\x00') sendfile(r0, r1, &(0x7f00006dbff8), 0x401) [ 60.051653] audit: type=1326 audit(1523085325.050:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5082 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 2018/04/07 07:15:25 executing program 0: capset(&(0x7f0000594ff8)={0x19980330}, &(0x7f0000244000)) capset(&(0x7f00000001c0)={0x20080522}, &(0x7f0000000200)={0x0, 0x0, 0x1}) 2018/04/07 07:15:25 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000040)={'lo\x00', {0x2, 0x0, @rand_addr}}) 2018/04/07 07:15:25 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000d6d000)={0x0, 0x2000000000069}, 0xb) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000)=0x2b, 0x4) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) recvfrom(r0, &(0x7f00000c9000)=""/88, 0xffffffffffffff57, 0x40010002, 0x0, 0x0) 2018/04/07 07:15:25 executing program 6: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000000)='dev ', 0x0) ftruncate(r2, 0x40001) sendfile(r1, r2, &(0x7f0000001000), 0x400000000fee) recvmmsg(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)=@nfc, 0x0, &(0x7f0000000940)=[{&(0x7f0000000880)=""/123}], 0x0, &(0x7f0000000680)=""/108}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000700)=""/164}], 0x3c3}, 0x3}], 0x1b1, 0x0, 0x0) 2018/04/07 07:15:25 executing program 2: r0 = getpid() r1 = syz_open_procfs(r0, &(0x7f000072d000)='maps\x00') readv(r1, &(0x7f00009a5f80)=[{&(0x7f0000214000)=""/4096, 0x1000}], 0x1) 2018/04/07 07:15:25 executing program 7: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) sendto$inet(r0, &(0x7f0000e9bf14), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23}, 0x10) sendto$inet(r0, &(0x7f00006fd000)="c3", 0x1, 0x0, &(0x7f0000e66000)={0x2, 0x0, @rand_addr}, 0x10) clock_gettime(0x0, &(0x7f0000002640)={0x0, 0x0}) recvmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000a40)=@pptp={0x0, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000000ac0)=""/25, 0x19}], 0x1, &(0x7f0000001f80)=""/118, 0x76}}, {{&(0x7f0000002000)=@nl=@proc, 0x80, &(0x7f0000002540), 0x0, &(0x7f0000002580)=""/57, 0x39}, 0xf8b4}], 0x2, 0x10000, &(0x7f0000002680)={0x0, r1+30000000}) 2018/04/07 07:15:25 executing program 4: timer_create(0x400000000000003, &(0x7f0000cd0000)={0x0, 0x12}, &(0x7f00009e4000)) timer_settime(0x0, 0x0, &(0x7f0000d89fe0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) timer_gettime(0x0, &(0x7f0000000000)) [ 60.262216] capability: warning: `syz-executor0' uses 32-bit capabilities (legacy support in use) 2018/04/07 07:15:25 executing program 5: r0 = socket(0x1, 0x5, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00003f291d)='net/ip_mr_cache\x00') sendfile(r0, r1, &(0x7f00002bcff8)=0x4b, 0x67) 2018/04/07 07:15:25 executing program 3: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0xd1, &(0x7f000038f000), 0x2c) 2018/04/07 07:15:25 executing program 0: syz_emit_ethernet(0x6e, &(0x7f0000002000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x38, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0x2, 0x0, 0x0, 0x0, [], {0x0, 0x6, 'p+l', 0x0, 0x6, 0x0, @mcast1={0xff, 0x1, [], 0x1}, @dev={0xfe, 0x80}, [], "33cc6533eb08a2e9"}}}}}}}, 0x0) 2018/04/07 07:15:25 executing program 4: perf_event_open(&(0x7f000054df88)={0x2, 0x70, 0x0, 0x303, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgid(0x0) sched_getattr(r0, &(0x7f0000000040), 0x30, 0x0) 2018/04/07 07:15:25 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x0, 0x20000004, &(0x7f0000cc7fe4)={0xa, 0x4e22}, 0x1c) close(r0) r2 = accept4(r1, &(0x7f0000c71000)=@alg, &(0x7f0000715ffc)=0x58, 0x0) sendmmsg(r2, &(0x7f0000007340)=[{{&(0x7f0000002880)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback=0x7f000001}}}, 0x80, &(0x7f0000002980)=[{&(0x7f0000002900)="04", 0x1}], 0x1}}], 0x1, 0x0) getpeername(r0, &(0x7f0000000080)=@pppol2tpv3in6, &(0x7f0000000100)=0x80) 2018/04/07 07:15:25 executing program 2: r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000629000)={0xfffffffffffffffa}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x20, &(0x7f0000000040)={0x0, 0x0, 0x40000}) rt_sigtimedwait(&(0x7f000031bff8)={0x80000001}, &(0x7f0000000000), &(0x7f000005b000)={0x0, 0x989680}, 0x8) [ 60.597528] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 2018/04/07 07:15:25 executing program 3: mkdir(&(0x7f00007b4ff8)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x40000, 0x0) getdents(r0, &(0x7f0000000040)=""/49, 0x31) [ 60.834816] audit: type=1326 audit(1523085325.829:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=5082 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x455259 code=0xffff0000 [ 61.085625] ================================================================== [ 61.093016] BUG: KMSAN: uninit-value in _copy_to_iter+0x1bb3/0x28f0 [ 61.099396] CPU: 1 PID: 5150 Comm: syz-executor6 Not tainted 4.16.0+ #81 [ 61.106201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.115619] Call Trace: [ 61.118194] dump_stack+0x185/0x1d0 [ 61.121801] ? kmsan_internal_check_memory+0x145/0x1d0 [ 61.127059] kmsan_report+0x142/0x240 [ 61.130845] kmsan_internal_check_memory+0x164/0x1d0 [ 61.135930] kmsan_copy_to_user+0x69/0x160 [ 61.140149] ? skb_copy_datagram_iter+0x443/0xf70 [ 61.144970] _copy_to_iter+0x1bb3/0x28f0 [ 61.149009] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 61.154439] ? __skb_try_recv_from_queue+0xc74/0xe80 [ 61.159527] ? drm_prime_pages_to_sg+0xff/0x1b0 [ 61.164174] skb_copy_datagram_iter+0x443/0xf70 [ 61.168826] unix_dgram_recvmsg+0xc3f/0x1940 [ 61.173219] unix_seqpacket_recvmsg+0x11a/0x180 [ 61.177866] sock_recvmsg_nosec+0x109/0x140 [ 61.182165] ? unix_seqpacket_sendmsg+0x2d0/0x2d0 [ 61.186983] ___sys_recvmsg+0x3fb/0x810 [ 61.190941] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.195583] ? _cond_resched+0x3c/0xd0 [ 61.199446] ? rcu_all_qs+0x32/0x1f0 [ 61.203137] ? _cond_resched+0x3c/0xd0 [ 61.207008] ? __sys_recvmmsg+0x908/0xdb0 [ 61.211132] ? rcu_all_qs+0x32/0x1f0 [ 61.214830] __sys_recvmmsg+0x54e/0xdb0 [ 61.218792] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.223447] SYSC_recvmmsg+0x212/0x3e0 [ 61.227318] ? SYSC_ioctl+0x233/0x260 [ 61.231104] SyS_recvmmsg+0x76/0xa0 [ 61.234713] do_syscall_64+0x309/0x430 [ 61.238585] ? __sys_recvmmsg+0xdb0/0xdb0 [ 61.242717] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.247885] RIP: 0033:0x455259 [ 61.251058] RSP: 002b:00007f23f8b9ac68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 61.260136] RAX: ffffffffffffffda RBX: 00007f23f8b9b6d4 RCX: 0000000000455259 [ 61.267393] RDX: 00000000000001b1 RSI: 0000000020000800 RDI: 0000000000000013 [ 61.274644] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 61.281895] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.289156] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000001 [ 61.296407] [ 61.298011] Uninit was stored to memory at: [ 61.302324] kmsan_internal_chain_origin+0x12b/0x210 [ 61.307408] kmsan_memcpy_origins+0x11d/0x170 [ 61.311887] __msan_memcpy+0x19f/0x1f0 [ 61.315755] _copy_from_iter+0xefb/0x1d40 [ 61.319886] skb_copy_datagram_from_iter+0x1ff/0xcc0 [ 61.324975] unix_dgram_sendmsg+0xdce/0x3610 [ 61.329361] unix_seqpacket_sendmsg+0x262/0x2d0 [ 61.334014] kernel_sendmsg+0x228/0x2d0 [ 61.337971] sock_no_sendpage+0x1c8/0x250 [ 61.342099] sock_sendpage+0x1de/0x2c0 [ 61.345966] pipe_to_sendpage+0x31b/0x430 [ 61.350093] __splice_from_pipe+0x49a/0xf30 [ 61.354396] generic_splice_sendpage+0x1c6/0x2a0 [ 61.359133] direct_splice_actor+0x19b/0x200 [ 61.363523] splice_direct_to_actor+0x764/0x1040 [ 61.368262] do_splice_direct+0x335/0x540 [ 61.372390] do_sendfile+0x1067/0x1e40 [ 61.376261] SYSC_sendfile64+0x1b3/0x300 [ 61.380302] SyS_sendfile64+0x64/0x90 [ 61.384081] do_syscall_64+0x309/0x430 [ 61.387950] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.393115] Uninit was created at: [ 61.396635] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 61.401629] kmsan_alloc_page+0x82/0xe0 [ 61.405584] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 61.410317] alloc_pages_vma+0xcc8/0x1800 [ 61.414452] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 61.419448] shmem_getpage_gfp+0x35db/0x5770 [ 61.423836] shmem_file_read_iter+0x508/0x1180 [ 61.428399] generic_file_splice_read+0x4e8/0x830 [ 61.433222] splice_direct_to_actor+0x4c6/0x1040 [ 61.437966] do_splice_direct+0x335/0x540 [ 61.442093] do_sendfile+0x1067/0x1e40 [ 61.445965] SYSC_sendfile64+0x1b3/0x300 [ 61.450010] SyS_sendfile64+0x64/0x90 [ 61.453796] do_syscall_64+0x309/0x430 [ 61.457663] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.462825] [ 61.464430] Bytes 0-962 of 963 are uninitialized [ 61.469162] ================================================================== [ 61.476492] Disabling lock debugging due to kernel taint [ 61.481920] Kernel panic - not syncing: panic_on_warn set ... [ 61.481920] [ 61.489267] CPU: 1 PID: 5150 Comm: syz-executor6 Tainted: G B 4.16.0+ #81 [ 61.497382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.506714] Call Trace: [ 61.509290] dump_stack+0x185/0x1d0 [ 61.512904] panic+0x39d/0x940 [ 61.516095] ? kmsan_internal_check_memory+0x145/0x1d0 [ 61.521349] kmsan_report+0x238/0x240 [ 61.525133] kmsan_internal_check_memory+0x164/0x1d0 [ 61.530218] kmsan_copy_to_user+0x69/0x160 [ 61.534436] ? skb_copy_datagram_iter+0x443/0xf70 [ 61.539259] _copy_to_iter+0x1bb3/0x28f0 [ 61.543305] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 61.548739] ? __skb_try_recv_from_queue+0xc74/0xe80 [ 61.553831] ? drm_prime_pages_to_sg+0xff/0x1b0 [ 61.558486] skb_copy_datagram_iter+0x443/0xf70 [ 61.563146] unix_dgram_recvmsg+0xc3f/0x1940 [ 61.567545] unix_seqpacket_recvmsg+0x11a/0x180 [ 61.572200] sock_recvmsg_nosec+0x109/0x140 [ 61.576504] ? unix_seqpacket_sendmsg+0x2d0/0x2d0 [ 61.581332] ___sys_recvmsg+0x3fb/0x810 [ 61.585294] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.589944] ? _cond_resched+0x3c/0xd0 [ 61.593814] ? rcu_all_qs+0x32/0x1f0 [ 61.597506] ? _cond_resched+0x3c/0xd0 [ 61.601376] ? __sys_recvmmsg+0x908/0xdb0 [ 61.605503] ? rcu_all_qs+0x32/0x1f0 [ 61.609199] __sys_recvmmsg+0x54e/0xdb0 [ 61.613168] ? __msan_poison_alloca+0x15c/0x1d0 [ 61.617822] SYSC_recvmmsg+0x212/0x3e0 [ 61.621690] ? SYSC_ioctl+0x233/0x260 [ 61.625475] SyS_recvmmsg+0x76/0xa0 [ 61.629082] do_syscall_64+0x309/0x430 [ 61.632951] ? __sys_recvmmsg+0xdb0/0xdb0 [ 61.637086] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 61.642254] RIP: 0033:0x455259 [ 61.645425] RSP: 002b:00007f23f8b9ac68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 61.653111] RAX: ffffffffffffffda RBX: 00007f23f8b9b6d4 RCX: 0000000000455259 [ 61.660362] RDX: 00000000000001b1 RSI: 0000000020000800 RDI: 0000000000000013 [ 61.667610] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 61.674857] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 61.682106] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000001 [ 61.689787] Dumping ftrace buffer: [ 61.693313] (ftrace buffer empty) [ 61.697002] Kernel Offset: disabled [ 61.700607] Rebooting in 86400 seconds..