[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 86.840029] audit: type=1800 audit(1546828057.885:25): pid=10672 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 86.859212] audit: type=1800 audit(1546828057.895:26): pid=10672 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 86.878624] audit: type=1800 audit(1546828057.905:27): pid=10672 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. 2019/01/07 02:27:49 fuzzer started 2019/01/07 02:27:53 dialing manager at 10.128.0.26:35045 2019/01/07 02:27:53 syscalls: 1 2019/01/07 02:27:53 code coverage: enabled 2019/01/07 02:27:53 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/07 02:27:53 setuid sandbox: enabled 2019/01/07 02:27:53 namespace sandbox: enabled 2019/01/07 02:27:53 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/07 02:27:53 fault injection: enabled 2019/01/07 02:27:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/07 02:27:53 net packet injection: enabled 2019/01/07 02:27:53 net device setup: enabled 02:30:56 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_GET_PROFILE(r0, 0xc0044306, &(0x7f0000000040)) syzkaller login: [ 285.701219] IPVS: ftp: loaded support on port[0] = 21 [ 285.838898] chnl_net:caif_netlink_parms(): no params data found [ 285.904262] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.910754] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.919286] device bridge_slave_0 entered promiscuous mode [ 285.928425] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.935021] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.943421] device bridge_slave_1 entered promiscuous mode [ 285.973688] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 285.984775] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 286.013941] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 286.022244] team0: Port device team_slave_0 added [ 286.028642] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 286.037021] team0: Port device team_slave_1 added [ 286.043992] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 286.052354] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 286.215730] device hsr_slave_0 entered promiscuous mode [ 286.352110] device hsr_slave_1 entered promiscuous mode [ 286.432656] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 286.440121] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 286.468868] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.475434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.482773] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.489279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.566667] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 286.572844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.585263] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 286.598392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.608367] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.617550] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.627928] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 286.644684] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 286.650791] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.667183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.675696] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.682389] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.727625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.736143] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.742723] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.752471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 286.761454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 286.774560] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 286.782753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 286.803573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 286.817391] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 286.827805] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 286.854328] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 286.875196] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.161065] ================================================================== [ 287.168511] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 287.175043] CPU: 1 PID: 10842 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #2 [ 287.182225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.191576] Call Trace: [ 287.194278] dump_stack+0x173/0x1d0 [ 287.197981] kmsan_report+0x12e/0x2a0 [ 287.201828] kmsan_internal_check_memory+0x9d4/0xb00 [ 287.206982] kmsan_copy_to_user+0xab/0xc0 [ 287.211144] _copy_to_user+0x16b/0x1f0 [ 287.215055] capi_unlocked_ioctl+0x1a0b/0x1bf0 [ 287.219663] ? do_vfs_ioctl+0x187/0x2bf0 [ 287.223763] ? capi_poll+0x2d0/0x2d0 [ 287.227486] do_vfs_ioctl+0xebd/0x2bf0 [ 287.231404] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 287.236824] ? security_file_ioctl+0x92/0x200 [ 287.241367] __se_sys_ioctl+0x1da/0x270 [ 287.245398] __x64_sys_ioctl+0x4a/0x70 [ 287.249295] do_syscall_64+0xbc/0xf0 [ 287.253024] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 287.258230] RIP: 0033:0x457ec9 [ 287.261440] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 287.280344] RSP: 002b:00007fbdaa638c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.288051] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9 [ 287.295323] RDX: 0000000020000040 RSI: 00000000c0044306 RDI: 0000000000000003 [ 287.302595] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 287.309891] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdaa6396d4 [ 287.317165] R13: 00000000004bf44d R14: 00000000004d0af0 R15: 00000000ffffffff [ 287.324486] [ 287.326120] Local variable description: ----data.i@capi_unlocked_ioctl [ 287.332779] Variable was created at: [ 287.336523] capi_unlocked_ioctl+0x82/0x1bf0 [ 287.340935] do_vfs_ioctl+0xebd/0x2bf0 [ 287.344836] [ 287.346480] Bytes 12-63 of 64 are uninitialized [ 287.351148] Memory access of size 64 starts at ffff88806934fce8 [ 287.357205] Data copied to user address 0000000020000040 [ 287.362670] ================================================================== [ 287.370025] Disabling lock debugging due to kernel taint [ 287.375473] Kernel panic - not syncing: panic_on_warn set ... [ 287.381397] CPU: 1 PID: 10842 Comm: syz-executor0 Tainted: G B 4.20.0-rc7+ #2 [ 287.389997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.399353] Call Trace: [ 287.401956] dump_stack+0x173/0x1d0 [ 287.405638] panic+0x3ce/0x961 [ 287.408937] kmsan_report+0x293/0x2a0 [ 287.412776] kmsan_internal_check_memory+0x9d4/0xb00 [ 287.417922] kmsan_copy_to_user+0xab/0xc0 [ 287.422090] _copy_to_user+0x16b/0x1f0 [ 287.426014] capi_unlocked_ioctl+0x1a0b/0x1bf0 [ 287.430621] ? do_vfs_ioctl+0x187/0x2bf0 [ 287.434708] ? capi_poll+0x2d0/0x2d0 [ 287.438435] do_vfs_ioctl+0xebd/0x2bf0 [ 287.442339] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 287.447727] ? security_file_ioctl+0x92/0x200 [ 287.452241] __se_sys_ioctl+0x1da/0x270 [ 287.456254] __x64_sys_ioctl+0x4a/0x70 [ 287.460166] do_syscall_64+0xbc/0xf0 [ 287.463914] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 287.469127] RIP: 0033:0x457ec9 [ 287.472363] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 287.491288] RSP: 002b:00007fbdaa638c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.499000] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9 [ 287.506271] RDX: 0000000020000040 RSI: 00000000c0044306 RDI: 0000000000000003 [ 287.513542] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 287.520837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdaa6396d4 [ 287.528136] R13: 00000000004bf44d R14: 00000000004d0af0 R15: 00000000ffffffff [ 287.536360] Kernel Offset: disabled [ 287.539992] Rebooting in 86400 seconds..