Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts. executing program [ 135.397040][ T32] audit: type=1400 audit(1582445452.455:42): avc: denied { map } for pid=11476 comm="syz-executor814" path="/root/syz-executor814726865" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 135.425013][T11476] ===================================================== [ 135.431968][T11476] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 [ 135.439407][T11476] CPU: 1 PID: 11476 Comm: syz-executor814 Not tainted 5.6.0-rc2-syzkaller #0 [ 135.448179][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.458217][T11476] Call Trace: [ 135.461490][T11476] dump_stack+0x1c9/0x220 [ 135.465811][T11476] kmsan_report+0xf7/0x1e0 [ 135.470210][T11476] kmsan_internal_check_memory+0x238/0x3d0 [ 135.476028][T11476] kmsan_copy_to_user+0x81/0x90 [ 135.480861][T11476] _copy_to_user+0x15a/0x1f0 [ 135.485460][T11476] tty_compat_ioctl+0x1482/0x1850 [ 135.490540][T11476] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 135.496415][T11476] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 135.502221][T11476] ? tty_poll+0x4b0/0x4b0 [ 135.506604][T11476] __se_compat_sys_ioctl+0x57c/0xed0 [ 135.512000][T11476] ? kmsan_get_metadata+0x4f/0x180 [ 135.517107][T11476] __ia32_compat_sys_ioctl+0xd9/0x110 [ 135.523435][T11476] ? compat_ptr_ioctl+0x150/0x150 [ 135.528442][T11476] do_fast_syscall_32+0x3c7/0x6e0 [ 135.533528][T11476] entry_SYSENTER_compat+0x68/0x77 [ 135.538656][T11476] RIP: 0023:0xf7ff7d99 [ 135.542709][T11476] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 135.562310][T11476] RSP: 002b:00000000ff97b20c EFLAGS: 00000213 ORIG_RAX: 0000000000000036 [ 135.570884][T11476] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541e [ 135.578834][T11476] RDX: 0000000020000300 RSI: 00000000080ea078 RDI: 00000000ff97b260 [ 135.586784][T11476] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 135.595126][T11476] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 135.603091][T11476] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 135.611071][T11476] [ 135.613384][T11476] Local variable ----v32.i105@tty_compat_ioctl created at: [ 135.620647][T11476] tty_compat_ioctl+0xf12/0x1850 [ 135.625654][T11476] tty_compat_ioctl+0xf12/0x1850 [ 135.630563][T11476] [ 135.632866][T11476] Bytes 50-51 of 60 are uninitialized [ 135.638207][T11476] Memory access of size 60 starts at ffffb50b0158fce0 [ 135.644961][T11476] Data copied to user address 0000000020000300 [ 135.651087][T11476] ===================================================== [ 135.658002][T11476] Disabling lock debugging due to kernel taint [ 135.664130][T11476] Kernel panic - not syncing: panic_on_warn set ... [ 135.670719][T11476] CPU: 1 PID: 11476 Comm: syz-executor814 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 135.680847][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.690892][T11476] Call Trace: [ 135.694168][T11476] dump_stack+0x1c9/0x220 [ 135.698481][T11476] panic+0x3d5/0xc3e [ 135.702400][T11476] kmsan_report+0x1df/0x1e0 [ 135.706898][T11476] kmsan_internal_check_memory+0x238/0x3d0 [ 135.713568][T11476] kmsan_copy_to_user+0x81/0x90 [ 135.718415][T11476] _copy_to_user+0x15a/0x1f0 [ 135.723000][T11476] tty_compat_ioctl+0x1482/0x1850 [ 135.728048][T11476] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 135.733852][T11476] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 135.739689][T11476] ? tty_poll+0x4b0/0x4b0 [ 135.744795][T11476] __se_compat_sys_ioctl+0x57c/0xed0 [ 135.750183][T11476] ? kmsan_get_metadata+0x4f/0x180 [ 135.755402][T11476] __ia32_compat_sys_ioctl+0xd9/0x110 [ 135.760766][T11476] ? compat_ptr_ioctl+0x150/0x150 [ 135.765797][T11476] do_fast_syscall_32+0x3c7/0x6e0 [ 135.770814][T11476] entry_SYSENTER_compat+0x68/0x77 [ 135.776693][T11476] RIP: 0023:0xf7ff7d99 [ 135.780749][T11476] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 135.800333][T11476] RSP: 002b:00000000ff97b20c EFLAGS: 00000213 ORIG_RAX: 0000000000000036 [ 135.808725][T11476] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541e [ 135.816685][T11476] RDX: 0000000020000300 RSI: 00000000080ea078 RDI: 00000000ff97b260 [ 135.824650][T11476] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 135.832626][T11476] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 135.840582][T11476] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 135.849215][T11476] ------------[ cut here ]------------ [ 135.854666][T11476] kernel BUG at mm/kmsan/kmsan.h:87! [ 135.859936][T11476] invalid opcode: 0000 [#1] SMP [ 135.864768][T11476] CPU: 1 PID: 11476 Comm: syz-executor814 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 135.875843][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.885902][T11476] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 135.892591][T11476] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 06 4c 28 98 31 c0 e8 e1 70 48 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 02 8f 48 ff 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 135.912281][T11476] RSP: 0018:ffffb50b0158f748 EFLAGS: 00010046 [ 135.918338][T11476] RAX: 0000000000000002 RBX: 00000000058e00b2 RCX: 00000000058e00b2 [ 135.926303][T11476] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffb50b0158f824 [ 135.934282][T11476] RBP: ffffb50b0158f7f0 R08: 0000000000000000 R09: ffff9c1dafd28ed0 [ 135.942248][T11476] R10: 0000000000000000 R11: ffffffff8f016f70 R12: 0000000000000000 [ 135.950210][T11476] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001 [ 135.958178][T11476] FS: 0000000000000000(0000) GS:ffff9c1dafd00000(0063) knlGS:0000000009ec1840 [ 135.967125][T11476] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 135.974242][T11476] CR2: 0000000020000080 CR3: 000000010525a000 CR4: 00000000001406e0 [ 135.982216][T11476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 135.990183][T11476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 135.998231][T11476] Call Trace: [ 136.001522][T11476] kmsan_check_memory+0xd/0x10 [ 136.006280][T11476] iowrite8+0x99/0x2e0 [ 136.010351][T11476] pvpanic_panic_notify+0x99/0xc0 [ 136.015398][T11476] ? pvpanic_mmio_remove+0x60/0x60 [ 136.020552][T11476] atomic_notifier_call_chain+0x12a/0x240 [ 136.026406][T11476] panic+0x468/0xc3e [ 136.030388][T11476] kmsan_report+0x1df/0x1e0 [ 136.034881][T11476] kmsan_internal_check_memory+0x238/0x3d0 [ 136.041590][T11476] kmsan_copy_to_user+0x81/0x90 [ 136.046442][T11476] _copy_to_user+0x15a/0x1f0 [ 136.051039][T11476] tty_compat_ioctl+0x1482/0x1850 [ 136.056070][T11476] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 136.061893][T11476] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 136.067693][T11476] ? tty_poll+0x4b0/0x4b0 [ 136.072021][T11476] __se_compat_sys_ioctl+0x57c/0xed0 [ 136.077309][T11476] ? kmsan_get_metadata+0x4f/0x180 [ 136.082411][T11476] __ia32_compat_sys_ioctl+0xd9/0x110 [ 136.087785][T11476] ? compat_ptr_ioctl+0x150/0x150 [ 136.092802][T11476] do_fast_syscall_32+0x3c7/0x6e0 [ 136.097819][T11476] entry_SYSENTER_compat+0x68/0x77 [ 136.103124][T11476] RIP: 0023:0xf7ff7d99 [ 136.107177][T11476] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 136.126860][T11476] RSP: 002b:00000000ff97b20c EFLAGS: 00000213 ORIG_RAX: 0000000000000036 [ 136.135270][T11476] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541e [ 136.143236][T11476] RDX: 0000000020000300 RSI: 00000000080ea078 RDI: 00000000ff97b260 [ 136.151194][T11476] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 136.159155][T11476] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 136.168000][T11476] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 136.175985][T11476] Modules linked in: [ 136.179871][T11476] ---[ end trace 5c961afa7f3925c1 ]--- [ 136.185328][T11476] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 136.191908][T11476] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 06 4c 28 98 31 c0 e8 e1 70 48 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 02 8f 48 ff 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 136.211518][T11476] RSP: 0018:ffffb50b0158f748 EFLAGS: 00010046 [ 136.217586][T11476] RAX: 0000000000000002 RBX: 00000000058e00b2 RCX: 00000000058e00b2 [ 136.225548][T11476] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffb50b0158f824 [ 136.233621][T11476] RBP: ffffb50b0158f7f0 R08: 0000000000000000 R09: ffff9c1dafd28ed0 [ 136.241649][T11476] R10: 0000000000000000 R11: ffffffff8f016f70 R12: 0000000000000000 [ 136.249613][T11476] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001 [ 136.257684][T11476] FS: 0000000000000000(0000) GS:ffff9c1dafd00000(0063) knlGS:0000000009ec1840 [ 136.266598][T11476] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 136.273167][T11476] CR2: 0000000020000080 CR3: 000000010525a000 CR4: 00000000001406e0 [ 136.282108][T11476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 136.290070][T11476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 136.298020][T11476] Kernel panic - not syncing: Fatal exception [ 136.304130][T11476] ------------[ cut here ]------------ [ 136.309568][T11476] kernel BUG at mm/kmsan/kmsan.h:87! [ 136.314894][T11476] invalid opcode: 0000 [#2] SMP [ 136.320425][T11476] CPU: 1 PID: 11476 Comm: syz-executor814 Tainted: G B D 5.6.0-rc2-syzkaller #0 [ 136.330566][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 136.340617][T11476] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 136.347191][T11476] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 06 4c 28 98 31 c0 e8 e1 70 48 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 02 8f 48 ff 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 136.366814][T11476] RSP: 0018:ffffb50b0158f138 EFLAGS: 00010002 [ 136.372880][T11476] RAX: 0000000000000003 RBX: 0000000006cf00b9 RCX: 0000000006cf00b9 [ 136.380949][T11476] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffb50b0158f214 [ 136.388937][T11476] RBP: ffffb50b0158f1e0 R08: 0000000000000000 R09: ffff9c1dafd28ed0 [ 136.396905][T11476] R10: 0000000000000000 R11: ffffffff8f016f70 R12: 0000000000000000 [ 136.405037][T11476] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 136.412994][T11476] FS: 0000000000000000(0000) GS:ffff9c1dafd00000(0063) knlGS:0000000009ec1840 [ 136.421900][T11476] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 136.428459][T11476] CR2: 0000000020000080 CR3: 000000010525a000 CR4: 00000000001406e0 [ 136.436424][T11476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 136.444433][T11476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 136.452400][T11476] Call Trace: [ 136.455683][T11476] ? vprintk_func+0x636/0x820 [ 136.460359][T11476] kmsan_check_memory+0xd/0x10 [ 136.465140][T11476] iowrite8+0x99/0x2e0 [ 136.469206][T11476] pvpanic_panic_notify+0x99/0xc0 [ 136.474218][T11476] ? pvpanic_mmio_remove+0x60/0x60 [ 136.479326][T11476] atomic_notifier_call_chain+0x12a/0x240 [ 136.485082][T11476] panic+0x468/0xc3e [ 136.489112][T11476] oops_end+0x2c6/0x2d0 [ 136.493262][T11476] die+0x317/0x370 [ 136.496983][T11476] do_trap+0x3c0/0x760 [ 136.501058][T11476] do_invalid_op+0x2d4/0x370 [ 136.505628][T11476] ? kmsan_internal_check_memory+0x3c0/0x3d0 [ 136.511604][T11476] ? kmsan_internal_check_memory+0x3c0/0x3d0 [ 136.517706][T11476] invalid_op+0x3d/0x50 [ 136.521846][T11476] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 136.528423][T11476] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 06 4c 28 98 31 c0 e8 e1 70 48 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 02 8f 48 ff 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 136.548496][T11476] RSP: 0018:ffffb50b0158f748 EFLAGS: 00010046 [ 136.554558][T11476] RAX: 0000000000000002 RBX: 00000000058e00b2 RCX: 00000000058e00b2 [ 136.562522][T11476] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffb50b0158f824 [ 136.570489][T11476] RBP: ffffb50b0158f7f0 R08: 0000000000000000 R09: ffff9c1dafd28ed0 [ 136.578457][T11476] R10: 0000000000000000 R11: ffffffff8f016f70 R12: 0000000000000000 [ 136.586514][T11476] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001 [ 136.594493][T11476] ? pvpanic_mmio_remove+0x60/0x60 [ 136.599611][T11476] ? kmsan_internal_check_memory+0x324/0x3d0 [ 136.605705][T11476] kmsan_check_memory+0xd/0x10 [ 136.610458][T11476] iowrite8+0x99/0x2e0 [ 136.614528][T11476] pvpanic_panic_notify+0x99/0xc0 [ 136.619601][T11476] ? pvpanic_mmio_remove+0x60/0x60 [ 136.624746][T11476] atomic_notifier_call_chain+0x12a/0x240 [ 136.630477][T11476] panic+0x468/0xc3e [ 136.634383][T11476] kmsan_report+0x1df/0x1e0 [ 136.638888][T11476] kmsan_internal_check_memory+0x238/0x3d0 [ 136.644810][T11476] kmsan_copy_to_user+0x81/0x90 [ 136.649698][T11476] _copy_to_user+0x15a/0x1f0 [ 136.654326][T11476] tty_compat_ioctl+0x1482/0x1850 [ 136.659339][T11476] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 136.665157][T11476] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 136.670956][T11476] ? tty_poll+0x4b0/0x4b0 [ 136.675332][T11476] __se_compat_sys_ioctl+0x57c/0xed0 [ 136.680625][T11476] ? kmsan_get_metadata+0x4f/0x180 [ 136.685740][T11476] __ia32_compat_sys_ioctl+0xd9/0x110 [ 136.691108][T11476] ? compat_ptr_ioctl+0x150/0x150 [ 136.696245][T11476] do_fast_syscall_32+0x3c7/0x6e0 [ 136.701270][T11476] entry_SYSENTER_compat+0x68/0x77 [ 136.706373][T11476] RIP: 0023:0xf7ff7d99 [ 136.710624][T11476] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 136.730251][T11476] RSP: 002b:00000000ff97b20c EFLAGS: 00000213 ORIG_RAX: 0000000000000036 [ 136.738653][T11476] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541e [ 136.746627][T11476] RDX: 0000000020000300 RSI: 00000000080ea078 RDI: 00000000ff97b260 [ 136.754585][T11476] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 136.762674][T11476] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 136.770726][T11476] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 136.779038][T11476] Modules linked in: [ 136.782915][T11476] ---[ end trace 5c961afa7f3925c2 ]--- [ 136.788375][T11476] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 136.794961][T11476] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 06 4c 28 98 31 c0 e8 e1 70 48 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 02 8f 48 ff 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 136.814690][T11476] RSP: 0018:ffffb50b0158f748 EFLAGS: 00010046 [ 136.820742][T11476] RAX: 0000000000000002 RBX: 00000000058e00b2 RCX: 00000000058e00b2 [ 136.828708][T11476] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffb50b0158f824 [ 136.836661][T11476] RBP: ffffb50b0158f7f0 R08: 0000000000000000 R09: ffff9c1dafd28ed0 [ 136.844615][T11476] R10: 0000000000000000 R11: ffffffff8f016f70 R12: 0000000000000000 [ 136.852572][T11476] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000001 [ 136.860586][T11476] FS: 0000000000000000(0000) GS:ffff9c1dafd00000(0063) knlGS:0000000009ec1840 [ 136.869509][T11476] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 136.876082][T11476] CR2: 0000000020000080 CR3: 000000010525a000 CR4: 00000000001406e0 [ 136.884047][T11476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 136.892035][T11476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 136.899999][T11476] Kernel panic - not syncing: Fatal exception [ 136.906770][T11476] Kernel Offset: 0x8e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 136.918314][T11476] Rebooting in 86400 seconds..