INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. 2018/04/06 23:43:47 fuzzer started 2018/04/06 23:43:47 dialing manager at 10.128.0.26:38639 2018/04/06 23:43:55 kcov=true, comps=false 2018/04/06 23:43:57 executing program 0: 2018/04/06 23:43:57 executing program 2: 2018/04/06 23:43:57 executing program 1: 2018/04/06 23:43:57 executing program 7: 2018/04/06 23:43:57 executing program 3: 2018/04/06 23:43:57 executing program 4: 2018/04/06 23:43:57 executing program 5: 2018/04/06 23:43:57 executing program 6: syzkaller login: [ 44.464267] ip (3803) used greatest stack depth: 54672 bytes left [ 44.658196] ip (3819) used greatest stack depth: 54408 bytes left [ 45.599970] ip (3912) used greatest stack depth: 53960 bytes left [ 47.508593] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.522160] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.536176] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.617092] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.625528] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.745624] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.819746] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.962690] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.209743] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.239604] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.261116] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.300530] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.355647] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.439481] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.496903] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.829630] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.945900] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.952139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.963610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.999935] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.006164] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.020127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.059837] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.066931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.083890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.113868] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.121728] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.128100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.140331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.190636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.225513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.260426] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.267961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.277976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.348329] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.354560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.367901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.714855] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.721153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.730839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/06 23:44:14 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) r1 = dup2(r0, r0) getsockopt$inet6_int(r1, 0x29, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4) 2018/04/06 23:44:14 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x129}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x7ffffffff000, 0x930000, 0x705000, &(0x7f00000002c0)) 2018/04/06 23:44:14 executing program 5: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@remote={0xfe, 0x80, [], 0xbb}, @in=@multicast2=0xe0000002, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback={0x0, 0x1}, 0x0, 0x2b}, 0x0, @in6=@local={0xfe, 0x80, [], 0xaa}, 0x0, 0x0, 0x0, 0x8}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x2}, 0x1c) 2018/04/06 23:44:14 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = getgid() stat(&(0x7f0000001240)='./file1\x00', &(0x7f0000002a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r2, r3) sendto$inet6(r0, &(0x7f0000f98000), 0x0, 0x2000000c, &(0x7f00004a5fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$TIOCGSID(r1, 0x5429, &(0x7f00000025c0)=0x0) get_thread_area(&(0x7f00000000c0)={0x100000001, 0x0, 0x0, 0xea81, 0x593, 0x0, 0x1, 0x3, 0x7b1, 0x7fff}) syz_open_procfs(r4, &(0x7f0000002f80)='map_files\x00') setgid(r2) r5 = open(&(0x7f0000ea9ff8)='./file0\x00', 0x141042, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000001440)=0x3, 0x1a) ftruncate(r5, 0x27ffe) recvmmsg(r0, &(0x7f0000000000)=[{{&(0x7f0000000140)=@ipx, 0x80, &(0x7f0000002580)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/125, 0x7d}, {&(0x7f0000001240)}, {&(0x7f0000001280)=""/222, 0xde}, {&(0x7f0000001380)=""/127, 0x7f}, {&(0x7f0000006880)=""/66, 0x42}, {&(0x7f0000001480)=""/240, 0xf0}, {&(0x7f0000001580)=""/4096, 0x1000}], 0x8, &(0x7f0000002600)=""/31, 0x1f}}, {{&(0x7f0000002640)=@can, 0x80, &(0x7f00000029c0)=[{&(0x7f00000026c0)=""/224, 0xe0}, {&(0x7f00000027c0)=""/216, 0xd8}, {&(0x7f00000028c0)=""/195, 0xc3}], 0x3, &(0x7f0000002a00)=""/67, 0x43}}, {{&(0x7f0000006800)=@pptp={0x0, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000002b00)=""/93, 0xfffffef1}, {&(0x7f0000002b80)=""/45, 0x2d}, {&(0x7f0000002bc0)=""/32, 0xffffffffffffffbf}, {&(0x7f0000002c00)=""/208, 0xd0}, {&(0x7f0000002d00)=""/241, 0xf1}, {&(0x7f0000002e00)=""/31, 0x1f}, {&(0x7f0000002e40)=""/220, 0xdc}], 0x7, &(0x7f0000002fc0)=""/173, 0xad}}, {{0x0, 0x33d, &(0x7f0000004180)=[{&(0x7f0000003080)=""/164, 0xa4}, {&(0x7f0000003140)=""/12, 0xc}, {&(0x7f0000003180)=""/4096, 0x1000}], 0x2c4}}, {{&(0x7f00000041c0)=@rc, 0x80, &(0x7f0000006480)=[{&(0x7f0000004240)=""/3, 0x3}, {&(0x7f0000006740)=""/176, 0xb0}, {&(0x7f0000004340)=""/205, 0xcd}, {&(0x7f0000004440)=""/52, 0x34}, {&(0x7f0000004480)=""/4096, 0x1000}, {&(0x7f0000005480)=""/4096, 0x1000}], 0x6, &(0x7f0000006500)=""/9, 0x9}}], 0x5, 0x0, &(0x7f0000006680)={0x77359400}) sendfile(r1, r5, &(0x7f000053cffc), 0x8080000001) 2018/04/06 23:44:14 executing program 2: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x29}, 0x2c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r1, 0x50, &(0x7f00000000c0)}, 0x10) close(r0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000240)) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x8914, &(0x7f0000000180)=0xffffffffffffffff) 2018/04/06 23:44:14 executing program 6: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1040000000000004, 0x400000a7}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x7ffffffff000, 0x3, 0x1, &(0x7f0000000380)) 2018/04/06 23:44:14 executing program 4: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x1040000000000004, 0x400000a7}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x400000, 0x3, 0x1, &(0x7f0000000380)) 2018/04/06 23:44:14 executing program 7: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0xd1}, 0x12) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x705000, 0x730000, 0x730008, &(0x7f00000001c0)) 2018/04/06 23:44:14 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x29}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x2, 0xa, 0x300, &(0x7f0000000240)) 2018/04/06 23:44:14 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000da0ff0)={0x2, 0x4e20, @multicast2=0xe0000002}, 0x10) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000400)=0xfffff7fffffffffd, 0x4) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000015000)=0x4, 0x4) listen(r2, 0x0) bind$inet(r1, &(0x7f0000011ff0)={0x2, 0x4e20, @rand_addr}, 0x10) [ 58.726265] syz-executor1 uses obsolete (PF_INET,SOCK_PACKET) 2018/04/06 23:44:14 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000080)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) pkey_alloc(0x0, 0x0) 2018/04/06 23:44:14 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x4) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000ffc000)=0x3, 0xfff7) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000000)=""/21, &(0x7f0000000040)=0x15) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x200000, 0x0) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f00000000c0)) 2018/04/06 23:44:14 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4, 0x129}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a5849d2f5916ae2fdc24e95e12aa8daccf7393e72be9cc66f"}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) socketpair$inet_icmp_raw(0x7ffffffff000, 0x930000, 0x705000, &(0x7f00000002c0)) 2018/04/06 23:44:14 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000f85000)={0x2, 0x1, 0x0, 0x3, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}}}]}, 0x60}, 0x1}, 0x0) [ 59.414580] ================================================================== [ 59.421989] BUG: KMSAN: uninit-value in copy_page_to_iter+0x754/0x1b70 [ 59.428635] CPU: 0 PID: 5073 Comm: syz-executor3 Not tainted 4.16.0+ #81 [ 59.435449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.444777] Call Trace: [ 59.447354] dump_stack+0x185/0x1d0 [ 59.450958] ? kmsan_internal_check_memory+0x145/0x1d0 [ 59.456212] kmsan_report+0x142/0x240 [ 59.459997] kmsan_internal_check_memory+0x164/0x1d0 [ 59.465077] ? copy_page_to_iter+0x5f6/0x1b70 [ 59.469549] kmsan_copy_to_user+0x69/0x160 [ 59.473762] copy_page_to_iter+0x754/0x1b70 [ 59.478078] skb_copy_datagram_iter+0x7fd/0xf70 [ 59.482732] tcp_recvmsg+0x1d6a/0x40b0 [ 59.486606] ? tcp_peek_len+0x400/0x400 [ 59.490560] inet_recvmsg+0x4c2/0x5f0 [ 59.494339] sock_recvmsg+0x1d0/0x230 [ 59.498115] ? inet_sendpage+0x8c0/0x8c0 [ 59.502160] ___sys_recvmsg+0x3fb/0x810 [ 59.506115] ? __fget_light+0x56/0x710 [ 59.509987] ? __fdget+0x4e/0x60 [ 59.513349] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.518697] ? __fget_light+0x6b9/0x710 [ 59.522651] __sys_recvmmsg+0x54e/0xdb0 [ 59.526619] ? kmsan_set_origin+0x9e/0x160 [ 59.530846] SYSC_recvmmsg+0x29b/0x3e0 [ 59.534714] SyS_recvmmsg+0x76/0xa0 [ 59.538327] do_syscall_64+0x309/0x430 [ 59.542206] ? __sys_recvmmsg+0xdb0/0xdb0 [ 59.546345] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.551520] RIP: 0033:0x455259 [ 59.554684] RSP: 002b:00007f85f5795c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 59.562370] RAX: ffffffffffffffda RBX: 00007f85f57966d4 RCX: 0000000000455259 [ 59.569618] RDX: 0000000000000005 RSI: 0000000020000000 RDI: 0000000000000015 [ 59.576866] RBP: 000000000072bea0 R08: 0000000020006680 R09: 0000000000000000 [ 59.584114] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.591368] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000000 [ 59.598619] [ 59.600221] Uninit was created at: [ 59.603739] kmsan_alloc_meta_for_pages+0x161/0x3a0 [ 59.608730] kmsan_alloc_page+0x82/0xe0 [ 59.612684] __alloc_pages_nodemask+0xf5b/0x5dc0 [ 59.617420] alloc_pages_vma+0xcc8/0x1800 [ 59.621553] shmem_alloc_and_acct_page+0x6d5/0x1000 [ 59.626545] shmem_getpage_gfp+0x35db/0x5770 [ 59.630930] shmem_file_read_iter+0x508/0x1180 [ 59.635488] generic_file_splice_read+0x4e8/0x830 [ 59.640307] splice_direct_to_actor+0x4c6/0x1040 [ 59.645045] do_splice_direct+0x335/0x540 [ 59.649167] do_sendfile+0x1067/0x1e40 [ 59.653038] SYSC_sendfile64+0x1b3/0x300 [ 59.657088] SyS_sendfile64+0x64/0x90 [ 59.660865] do_syscall_64+0x309/0x430 [ 59.664731] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.669891] [ 59.671494] Bytes 0-4095 of 4096 are uninitialized [ 59.676395] ================================================================== [ 59.683726] Disabling lock debugging due to kernel taint [ 59.689148] Kernel panic - not syncing: panic_on_warn set ... [ 59.689148] [ 59.696494] CPU: 0 PID: 5073 Comm: syz-executor3 Tainted: G B 4.16.0+ #81 [ 59.704625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.713971] Call Trace: [ 59.716557] dump_stack+0x185/0x1d0 [ 59.720184] panic+0x39d/0x940 [ 59.723392] ? kmsan_internal_check_memory+0x145/0x1d0 [ 59.728664] kmsan_report+0x238/0x240 [ 59.732465] kmsan_internal_check_memory+0x164/0x1d0 [ 59.737565] ? copy_page_to_iter+0x5f6/0x1b70 [ 59.742062] kmsan_copy_to_user+0x69/0x160 [ 59.746296] copy_page_to_iter+0x754/0x1b70 [ 59.750626] skb_copy_datagram_iter+0x7fd/0xf70 [ 59.755304] tcp_recvmsg+0x1d6a/0x40b0 [ 59.759209] ? tcp_peek_len+0x400/0x400 [ 59.763178] inet_recvmsg+0x4c2/0x5f0 [ 59.766983] sock_recvmsg+0x1d0/0x230 [ 59.770790] ? inet_sendpage+0x8c0/0x8c0 [ 59.774856] ___sys_recvmsg+0x3fb/0x810 [ 59.778833] ? __fget_light+0x56/0x710 [ 59.782714] ? __fdget+0x4e/0x60 [ 59.786079] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 59.791441] ? __fget_light+0x6b9/0x710 [ 59.795422] __sys_recvmmsg+0x54e/0xdb0 [ 59.799402] ? kmsan_set_origin+0x9e/0x160 [ 59.803637] SYSC_recvmmsg+0x29b/0x3e0 [ 59.807525] SyS_recvmmsg+0x76/0xa0 [ 59.811154] do_syscall_64+0x309/0x430 [ 59.815043] ? __sys_recvmmsg+0xdb0/0xdb0 [ 59.819193] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.824372] RIP: 0033:0x455259 [ 59.827554] RSP: 002b:00007f85f5795c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 59.835259] RAX: ffffffffffffffda RBX: 00007f85f57966d4 RCX: 0000000000455259 [ 59.842524] RDX: 0000000000000005 RSI: 0000000020000000 RDI: 0000000000000015 [ 59.849791] RBP: 000000000072bea0 R08: 0000000020006680 R09: 0000000000000000 [ 59.857056] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.864318] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000000 [ 59.872007] Dumping ftrace buffer: [ 59.875528] (ftrace buffer empty) [ 59.879208] Kernel Offset: disabled [ 59.882808] Rebooting in 86400 seconds..