[ 61.787232] audit: type=1800 audit(1543434840.837:25): pid=6545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 61.806329] audit: type=1800 audit(1543434840.837:26): pid=6545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 61.825744] audit: type=1800 audit(1543434840.857:27): pid=6545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 63.209097] sshd (6612) used greatest stack depth: 54128 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts. syzkaller login: [ 72.898047] IPVS: ftp: loaded support on port[0] = 21 [ 73.239229] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.245801] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.253842] device bridge_slave_0 entered promiscuous mode [ 73.290213] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.296729] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.304674] device bridge_slave_1 entered promiscuous mode [ 73.339853] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.376948] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 73.486070] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 73.525178] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 73.597562] ip (6735) used greatest stack depth: 54032 bytes left [ 73.700189] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 73.707932] team0: Port device team_slave_0 added [ 73.743830] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 73.751370] team0: Port device team_slave_1 added [ 73.788474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.826748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.865148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.905920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported [ 74.266849] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.273319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.280051] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.286621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.294764] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 75.132770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready RTNETLINK answers: Invalid argument [ 75.620172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.746167] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 75.872358] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 75.878582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.886823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.012296] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 76.732500] netlink: 3 bytes leftover after parsing attributes in process `syz-executor310'. [ 76.741832] ================================================================== [ 76.749214] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x4c0/0x2700 [ 76.755787] CPU: 0 PID: 6697 Comm: syz-executor310 Not tainted 4.20.0-rc3+ #95 [ 76.763134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.772477] Call Trace: [ 76.775061] dump_stack+0x32d/0x480 [ 76.778681] ? _copy_to_iter+0x4c0/0x2700 [ 76.782833] kmsan_report+0x12c/0x290 [ 76.786647] kmsan_internal_check_memory+0x32a/0xa50 [ 76.791761] kmsan_copy_to_user+0x78/0xd0 [ 76.795910] _copy_to_iter+0x4c0/0x2700 [ 76.799955] skb_copy_datagram_iter+0x4e2/0x1070 [ 76.804756] netlink_recvmsg+0x6f9/0x19d0 [ 76.808931] sock_recvmsg+0x1d1/0x230 [ 76.812771] ? netlink_sendmsg+0x1440/0x1440 [ 76.817175] ___sys_recvmsg+0x444/0xae0 [ 76.821157] ? __msan_poison_alloca+0x1e0/0x270 [ 76.825839] ? __se_sys_recvmsg+0xca/0x450 [ 76.830090] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 76.835449] ? __fdget+0x23c/0x440 [ 76.838993] __se_sys_recvmsg+0x2fa/0x450 [ 76.843152] __x64_sys_recvmsg+0x4a/0x70 [ 76.847207] do_syscall_64+0xcf/0x110 [ 76.851005] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 76.856188] RIP: 0033:0x441119 [ 76.859375] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.878269] RSP: 002b:00007fffc7f008a8 EFLAGS: 00000207 ORIG_RAX: 000000000000002f [ 76.885972] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441119 [ 76.893234] RDX: 0000000000000040 RSI: 00000000200005c0 RDI: 0000000000000003 [ 76.900491] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100 [ 76.907751] R10: 0000000000000100 R11: 0000000000000207 R12: 0000000000402080 [ 76.915010] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000 [ 76.922282] [ 76.924083] Uninit was stored to memory at: [ 76.928400] kmsan_internal_chain_origin+0x13d/0x240 [ 76.933499] kmsan_memcpy_memmove_metadata+0x1a9/0xf70 [ 76.938768] kmsan_memcpy_metadata+0xb/0x10 [ 76.943084] __msan_memcpy+0x61/0x70 [ 76.946817] nla_put+0x20a/0x2d0 [ 76.950171] nlmsg_populate_fdb_fill+0x444/0x810 [ 76.954956] ndo_dflt_fdb_dump+0x73a/0x960 [ 76.959182] rtnl_fdb_dump+0x1318/0x1cb0 [ 76.963236] netlink_dump+0xc79/0x1c90 [ 76.967130] __netlink_dump_start+0x10c4/0x11d0 [ 76.971801] rtnetlink_rcv_msg+0x141b/0x1540 [ 76.976218] netlink_rcv_skb+0x394/0x640 [ 76.980271] rtnetlink_rcv+0x50/0x60 [ 76.983978] netlink_unicast+0x1699/0x1740 [ 76.988202] netlink_sendmsg+0x13c7/0x1440 [ 76.992469] ___sys_sendmsg+0xe3b/0x1240 [ 76.996526] __se_sys_sendmsg+0x305/0x460 [ 77.000679] __x64_sys_sendmsg+0x4a/0x70 [ 77.004732] do_syscall_64+0xcf/0x110 [ 77.008561] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 77.013733] [ 77.015344] Uninit was created at: [ 77.018880] kmsan_internal_poison_shadow+0x6d/0x130 [ 77.023984] kmsan_kmalloc+0xa1/0x100 [ 77.027774] __kmalloc+0x14c/0x4d0 [ 77.031303] __dev_mc_add+0x357/0x8a0 [ 77.035093] dev_mc_add+0x6d/0x80 [ 77.038540] igmp_group_added+0x4d4/0xb80 [ 77.042680] __ip_mc_inc_group+0xea9/0xf70 [ 77.046940] ip_mc_up+0x1c3/0x400 [ 77.050383] inetdev_event+0x1d03/0x1d80 [ 77.054434] raw_notifier_call_chain+0x13d/0x240 [ 77.059180] __dev_notify_flags+0x3da/0x860 [ 77.063490] dev_change_flags+0x1ac/0x230 [ 77.067644] do_setlink+0x165f/0x5ea0 [ 77.071454] rtnl_newlink+0x2ad7/0x35a0 [ 77.075439] rtnetlink_rcv_msg+0x1148/0x1540 [ 77.079837] netlink_rcv_skb+0x394/0x640 [ 77.083890] rtnetlink_rcv+0x50/0x60 [ 77.087605] netlink_unicast+0x1699/0x1740 [ 77.091828] netlink_sendmsg+0x13c7/0x1440 [ 77.096086] ___sys_sendmsg+0xe3b/0x1240 [ 77.100136] __se_sys_sendmsg+0x305/0x460 [ 77.104275] __x64_sys_sendmsg+0x4a/0x70 [ 77.108326] do_syscall_64+0xcf/0x110 [ 77.112119] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 77.117292] [ 77.118940] Bytes 36-37 of 105 are uninitialized [ 77.123685] Memory access of size 105 starts at ffff88819686c000 [ 77.129828] Data copied to user address 0000000020000380 [ 77.135259] ================================================================== [ 77.142606] Disabling lock debugging due to kernel taint [ 77.148045] Kernel panic - not syncing: panic_on_warn set ... [ 77.153943] CPU: 0 PID: 6697 Comm: syz-executor310 Tainted: G B 4.20.0-rc3+ #95 [ 77.162681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.172025] Call Trace: [ 77.174606] dump_stack+0x32d/0x480 [ 77.178240] panic+0x624/0xc08 [ 77.181457] kmsan_report+0x28a/0x290 [ 77.185278] kmsan_internal_check_memory+0x32a/0xa50 [ 77.190405] kmsan_copy_to_user+0x78/0xd0 [ 77.194552] _copy_to_iter+0x4c0/0x2700 [ 77.198550] skb_copy_datagram_iter+0x4e2/0x1070 [ 77.203323] netlink_recvmsg+0x6f9/0x19d0 [ 77.207484] sock_recvmsg+0x1d1/0x230 [ 77.211284] ? netlink_sendmsg+0x1440/0x1440 [ 77.215696] ___sys_recvmsg+0x444/0xae0 [ 77.219682] ? __msan_poison_alloca+0x1e0/0x270 [ 77.224353] ? __se_sys_recvmsg+0xca/0x450 [ 77.228584] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 77.233942] ? __fdget+0x23c/0x440 [ 77.237480] __se_sys_recvmsg+0x2fa/0x450 [ 77.241663] __x64_sys_recvmsg+0x4a/0x70 [ 77.245769] do_syscall_64+0xcf/0x110 [ 77.249583] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 77.254780] RIP: 0033:0x441119 [ 77.257964] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.276880] RSP: 002b:00007fffc7f008a8 EFLAGS: 00000207 ORIG_RAX: 000000000000002f [ 77.284587] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441119 [ 77.291846] RDX: 0000000000000040 RSI: 00000000200005c0 RDI: 0000000000000003 [ 77.299120] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100 [ 77.306396] R10: 0000000000000100 R11: 0000000000000207 R12: 0000000000402080 [ 77.313674] R13: 0000000000402110 R14: 0000000000000000 R15: 0000000000000000 [ 77.321899] Kernel Offset: disabled [ 77.325552] Rebooting in 86400 seconds..