[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 83.118218][ T30] audit: type=1800 audit(1565811130.170:25): pid=12431 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 83.141115][ T30] audit: type=1800 audit(1565811130.200:26): pid=12431 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 83.175814][ T30] audit: type=1800 audit(1565811130.220:27): pid=12431 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. 2019/08/14 19:32:24 fuzzer started 2019/08/14 19:32:29 dialing manager at 10.128.0.26:45075 2019/08/14 19:32:29 syscalls: 2374 2019/08/14 19:32:29 code coverage: enabled 2019/08/14 19:32:29 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/14 19:32:29 extra coverage: enabled 2019/08/14 19:32:29 setuid sandbox: enabled 2019/08/14 19:32:29 namespace sandbox: enabled 2019/08/14 19:32:29 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/14 19:32:29 fault injection: enabled 2019/08/14 19:32:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/14 19:32:29 net packet injection: enabled 2019/08/14 19:32:29 net device setup: enabled 19:34:56 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0)=0x0) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000240)=r2) sendmsg$alg(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}, {0x0}, {0x0}], 0x3, &(0x7f0000000700), 0x0, 0x4}, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000000100)=0x33) syzkaller login: [ 249.826725][T12597] IPVS: ftp: loaded support on port[0] = 21 [ 249.967177][T12597] chnl_net:caif_netlink_parms(): no params data found [ 250.022459][T12597] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.029660][T12597] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.038492][T12597] device bridge_slave_0 entered promiscuous mode [ 250.048271][T12597] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.055543][T12597] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.064490][T12597] device bridge_slave_1 entered promiscuous mode [ 250.097745][T12597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.116972][T12597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.150259][T12597] team0: Port device team_slave_0 added [ 250.159430][T12597] team0: Port device team_slave_1 added [ 250.446447][T12597] device hsr_slave_0 entered promiscuous mode [ 250.702572][T12597] device hsr_slave_1 entered promiscuous mode [ 251.059546][T12597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.081398][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.090321][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 251.109341][T12597] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.125056][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 251.134965][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.144946][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.152165][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.200799][T12597] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 251.211843][T12597] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 251.227706][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.236807][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.246236][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 251.255353][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.262712][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.271127][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 251.281110][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 251.291011][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 251.300996][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 251.310551][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 251.320700][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 251.330323][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 251.339620][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 251.349502][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 251.358701][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 251.374674][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 251.383885][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 251.411321][T12597] 8021q: adding VLAN 0 to HW filter on device batadv0 19:34:58 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x8001, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @mcast2, 0x6}, 0x1c) write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[], 0xffdc) [ 251.622543][T12606] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 19:34:58 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x40800000000031, 0xffffffffffffffff, 0x0) 19:34:58 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000240)}, 0x20) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000300)='gre0\x00') 19:34:58 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) 19:34:59 executing program 0: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x37, 0xfd, 0xdc, 0x8, 0x2040, 0x8264, 0xf15f, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x9d, 0x0, 0x1, 0x96, 0xf1, 0xc1, 0x0, [], [{{0x7, 0x5, 0x84}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000a80)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001040)={0xac, &(0x7f0000000ac0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000001380)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001980)={0xac, &(0x7f00000013c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)={0x40, 0x13, 0x6}, &(0x7f0000001800)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000001840)={0x40, 0x19, 0x2}, &(0x7f0000001880)={0x40, 0x1a, 0x2}, &(0x7f00000018c0)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000001900)={0x40, 0x1e, 0x1, 0x7f}, &(0x7f0000001940)={0x40, 0x21, 0x1, 0x8001}}) [ 252.432289][ T3369] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 252.692291][ T3369] usb 1-1: Using ep0 maxpacket: 8 [ 252.832317][ T3369] usb 1-1: config 0 has an invalid interface number: 157 but max is 0 [ 252.841389][ T3369] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.851703][ T3369] usb 1-1: config 0 has no interface number 0 [ 252.857985][ T3369] usb 1-1: New USB device found, idVendor=2040, idProduct=8264, bcdDevice=f1.5f [ 252.867410][ T3369] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.877689][ T3369] usb 1-1: config 0 descriptor?? [ 252.927096][ T3369] em28xx 1-1:0.157: New device @ 480 Mbps (2040:8264, interface 157, class 157) [ 252.936681][ T3369] em28xx 1-1:0.157: DVB interface 157 found: bulk 19:35:00 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000040)) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0xff, 0x0, 0x4, 0xff, 0xfff, 0x8, 0x7, 0x75, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000100)={r2, 0x20, 0x2, [0x101, 0x4]}, &(0x7f0000000140)=0xc) ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f00000001c0)={0x34, 0x0, &(0x7f0000000180)}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000200)={[{0x5a44, 0xbac, 0x6, 0x1, 0x1, 0xa0, 0x1, 0x81, 0x1, 0x8, 0x7fffffff, 0x20}, {0xea9e, 0xffffffffffffffff, 0x3, 0x5e52, 0x7, 0x0, 0x1, 0x14000000000, 0x4, 0x2, 0x4, 0x6, 0x1000}, {0x0, 0x9, 0x2, 0x20000000000, 0xc0, 0x1ff, 0x3, 0xfffffffffffff6c3, 0x7fffffff, 0xff, 0x22, 0x9, 0x8}], 0x10001}) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000280), &(0x7f00000002c0)=0x4) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000001300)={&(0x7f0000000300)=""/4096, 0x200000, 0x1000, 0x7fffffff}, 0x18) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000006cc0)={{{@in6=@mcast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@empty}}, &(0x7f0000006dc0)=0xe8) sendmsg$nl_route(r0, &(0x7f0000006e80)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000006e40)={&(0x7f0000006e00)=@ipv4_getnetconf={0x24, 0x52, 0x20, 0x70bd2a, 0x25dfdbff, {}, [@NETCONFA_IFINDEX={0x8, 0x1, r3}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x80) ioctl$int_in(r0, 0x5452, &(0x7f0000006ec0)=0x7) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r1, 0x800455d1, &(0x7f0000006f00)) setxattr$security_capability(&(0x7f0000006f40)='./file0\x00', &(0x7f0000006f80)='security.capability\x00', &(0x7f0000006fc0)=@v1={0x1000000, [{0x80000001, 0x3f}]}, 0xc, 0x2) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000007000)=0x7, 0x4) rt_sigaction(0x21, &(0x7f00000070c0)={&(0x7f0000007040)="c48279aa265dc443996e4c438da4473bd765450f71d50dc4c259963f0f428a00000000c401fd117c34fdc4a3d16fe600c461aa10f0", {0x3583}, 0x80000000, &(0x7f0000007080)="f047839be88e00006166430ffe650a0b34f7fa47de9d000000000f0fb193525cc5b4670fe09a06000000f3419f3ef6b255000000c4e1d815a3b233ce84"}, &(0x7f0000007200)={&(0x7f0000007100)="8f6978805309c4c189f618660fef90f7eb0d1dc4a16573f70b6664f33e0f18d467f30f1be2c4c3390f3700c481fd109c4458000000c4e1fd286c0082c481f85b1b", {}, 0x0, &(0x7f0000007180)="3e6566460f38dc2442401d06000000c441545d5a0666440f38349d0000002123848c09000000c44279baa0feeffffff247af420f1c820c000000c4e17b119a0c0000003e400f01843afeefffff"}, 0x8, &(0x7f0000007240)) statfs(&(0x7f0000007280)='./file0\x00', &(0x7f00000072c0)=""/154) ioctl$SG_GET_SCSI_ID(r1, 0x2276, &(0x7f0000007380)) r4 = accept$inet(r1, &(0x7f00000073c0)={0x2, 0x0, @empty}, &(0x7f0000007400)=0x10) ioctl$UI_DEV_DESTROY(r1, 0x5502) write$FUSE_POLL(r0, &(0x7f0000007440)={0x18, 0xfffffffffffffff5, 0x3, {0x401}}, 0x18) ioctl$IMCLEAR_L2(r1, 0x80044946, &(0x7f0000007480)=0x9) ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f00000074c0)=""/4096) getsockopt$inet_sctp_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000084c0)={r2, 0xffffffffffffff81, 0x0, 0x2, 0x0, 0x7}, &(0x7f0000008500)=0x14) ioctl$KVM_SET_XSAVE(r0, 0x5000aea5, &(0x7f0000008540)={"c641c32884cb6f078c6e7aa40e260477a35233c78a4add9e75c4b3a0d638141e34acdee69532f26a787552067cae36274686bf53d705f167c92e7cac6196ce5f28ee4cc40b5a418688c6b8394d7efa247be5aa25ba1ca7888d362c46869078306fec3bf1241b16b238a9d66fde1bfd643cb321dd84fbd0c96c23425ce127a3c933b896ebbbf6d86c43ef5c0e08bcb7bcb12183c32bd45ce98732e25d86099f94b02cf175df5b96fa04c9a6556c2954abc2e54a98b8758a7c92fa6926b8a7e422965448cc16ded47d0a0c9f0810dc392796f0a5749a9538a81bba5d333751d832dca8b37a311553a79badfda2311e3edaca4b5b4c2a40d53820fe21aa5835dabd0fd77addd4178a71700d9e6515bc542100b7e94e1820cde78c4d3ffad7287da06e3b93c290dac48c010848f719602a681ab5ec525ceea24e18dbf64717f2d7906c23f740fc2c873baacaaf3b3d922c5498c42147a6385ccbca9bf1b666da9248ccc5bf911d83fa9efb351f27c19aaafc56bad1162b62d8b8c2f51a3141abbf949f59aea5aedb33cf7184d6d4353e990d56503524332dfa64cda07e5bd6500c4d9999f864e2452e8df0d58239dc3d019911125f6dc034563a496c4c47fce91cc6c03e01be112f1f2125d357c5dfa0510bb3c26f30017bd36d2e763aaaf1207605e48f9d9c4eb8bbd10a0aeb0d3e6a04e37666aaea2ee8aeaa01a95bc69577b45cb91913a619841c89af4a61084e01dc25fdf8e6eab717beb2f1a49828f876e4b5ae1e1447ffc362b52fe60a569fb0164b0dd0012e96e1795fbec0295d7e0a8c133b7ae2eb555f66e884d44ef7d5adef735c29e5ae9ff659e5df2f1ec53c6265f2955beda5131540e83a453f00dc6b51369aff8c4adcfb217062afd5f65fd6b9dea935a067491ecc512d14fb97e078d3061a5fad86aaa042fdfded30376b039dc2fba314417f75b4822a85dacbd9d074873343bfb3818acdbcc31d1c09ca556e71854c038389d7e78ee320db2a63fa4e5979e11b85b9e1f88c45682f39ec826a84c34aae2b27d9e7165d8a844267a8dd27276852c871aba24203ec677216defeb40f67db8a46c5e3b274a8ffc8efea23764203b2cc1ca301af8418701ab03224727a45c5fdc98b94c9bf90ada804319d7aa55492afdd386b7e708d1a41a777e3f2f4c14a3244e989140cbb625a7bbde5575e97c70c2c2a9887e7a67ea62daf6afe4ad606bac62967caf27e943482908366aa7fa905c6e1fccc35793f17285a0bc0712ec21d24a0882279aba6ef57893ed3949688fc55ec6ce52d235b1389b8083f2912a0aab232dbedc7ad286dca985835871cebbb79db407f1d1b3c40a56b18414cf2d5dd367b28c9f1e344dda37552c42b57632fe66190a984fe521cd6228eeeb22886ca61edb069111b3d65778690c0d4f96ee158223eb4b6dbe55a9373f676"}) sysinfo(&(0x7f0000008940)=""/14) syz_open_dev$sg(&(0x7f0000008980)='/dev/sg#\x00', 0x8, 0x4000) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) write$rfkill(r0, &(0x7f00000089c0)={0xffffffffffffff46, 0x5, 0x3, 0x1, 0x1}, 0x8) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000008a00)={0x9, 0x0, 0x301f, 0x1, 0x5, 0x0, 0x10000, 0x1}) [ 253.172694][T12622] ================================================================== [ 253.180981][T12622] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 253.188190][T12622] CPU: 0 PID: 12622 Comm: syz-executor.0 Not tainted 5.3.0-rc3+ #17 [ 253.196166][T12622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.206643][T12622] Call Trace: [ 253.210111][T12622] dump_stack+0x191/0x1f0 [ 253.214467][T12622] kmsan_report+0x162/0x2d0 [ 253.219110][T12622] kmsan_internal_check_memory+0x7be/0x8d0 [ 253.224988][T12622] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 253.231030][T12622] ? wait_for_common+0x6f9/0x8d0 [ 253.236098][T12622] kmsan_copy_to_user+0xa9/0xb0 [ 253.241046][T12622] _copy_to_user+0x16b/0x1f0 [ 253.245756][T12622] fuzzer_ioctl+0x511f/0x5690 [ 253.250455][T12622] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 253.256532][T12622] ? next_event+0x6a0/0x6a0 [ 253.261182][T12622] full_proxy_unlocked_ioctl+0x1ca/0x380 [ 253.266837][T12622] ? full_proxy_poll+0x320/0x320 [ 253.271875][T12622] do_vfs_ioctl+0xea8/0x2c50 [ 253.276490][T12622] ? vidioc_try_fmt_vid_cap+0x5dc/0xae0 [ 253.282161][T12622] ? security_file_ioctl+0x1bd/0x200 [ 253.287460][T12622] __se_sys_ioctl+0x1da/0x270 [ 253.292244][T12622] __x64_sys_ioctl+0x4a/0x70 [ 253.296839][T12622] do_syscall_64+0xbc/0xf0 [ 253.301454][T12622] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 253.307434][T12622] RIP: 0033:0x459697 [ 253.311420][T12622] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 253.331470][T12622] RSP: 002b:00007f1f9bced3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 253.340298][T12622] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000459697 [ 253.348274][T12622] RDX: 00007f1f9bced420 RSI: 00000000c0085504 RDI: 0000000000000003 [ 253.356338][T12622] RBP: 0000000000000040 R08: 0000000000000000 R09: 000000000000000f [ 253.364465][T12622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f9bcee6d4 [ 253.372443][T12622] R13: 00000000004bee86 R14: 00000000004dfec8 R15: 00000000ffffffff [ 253.380436][T12622] [ 253.382880][T12622] Uninit was created at: [ 253.387136][T12622] kmsan_internal_poison_shadow+0x53/0xa0 [ 253.392864][T12622] kmsan_slab_alloc+0xaa/0x120 [ 253.397821][T12622] __kmalloc+0x28e/0x430 [ 253.402209][T12622] fuzzer_ioctl+0x2b09/0x5690 [ 253.406980][T12622] full_proxy_unlocked_ioctl+0x1ca/0x380 [ 253.412619][T12622] do_vfs_ioctl+0xea8/0x2c50 [ 253.417305][T12622] __se_sys_ioctl+0x1da/0x270 [ 253.422131][T12622] __x64_sys_ioctl+0x4a/0x70 [ 253.426897][T12622] do_syscall_64+0xbc/0xf0 [ 253.431320][T12622] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 253.437378][T12622] [ 253.439723][T12622] Byte 0 of 1 is uninitialized [ 253.444607][T12622] Memory access of size 1 starts at ffff88810239c9e8 [ 253.451278][T12622] Data copied to user address 00007f1f9bced428 [ 253.457425][T12622] ================================================================== [ 253.465484][T12622] Disabling lock debugging due to kernel taint [ 253.471653][T12622] Kernel panic - not syncing: panic_on_warn set ... [ 253.478334][T12622] CPU: 0 PID: 12622 Comm: syz-executor.0 Tainted: G B 5.3.0-rc3+ #17 [ 253.487832][T12622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.497888][T12622] Call Trace: [ 253.501371][T12622] dump_stack+0x191/0x1f0 [ 253.505809][T12622] panic+0x3c9/0xc1e [ 253.509913][T12622] kmsan_report+0x2ca/0x2d0 [ 253.514442][T12622] kmsan_internal_check_memory+0x7be/0x8d0 [ 253.520262][T12622] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 253.526505][T12622] ? wait_for_common+0x6f9/0x8d0 [ 253.531542][T12622] kmsan_copy_to_user+0xa9/0xb0 [ 253.536536][T12622] _copy_to_user+0x16b/0x1f0 [ 253.541315][T12622] fuzzer_ioctl+0x511f/0x5690 [ 253.546019][T12622] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 253.552010][T12622] ? next_event+0x6a0/0x6a0 [ 253.556523][T12622] full_proxy_unlocked_ioctl+0x1ca/0x380 [ 253.562350][T12622] ? full_proxy_poll+0x320/0x320 [ 253.567299][T12622] do_vfs_ioctl+0xea8/0x2c50 [ 253.571917][T12622] ? vidioc_try_fmt_vid_cap+0x5dc/0xae0 [ 253.577474][T12622] ? security_file_ioctl+0x1bd/0x200 [ 253.582914][T12622] __se_sys_ioctl+0x1da/0x270 [ 253.587629][T12622] __x64_sys_ioctl+0x4a/0x70 [ 253.592225][T12622] do_syscall_64+0xbc/0xf0 [ 253.596818][T12622] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 253.602809][T12622] RIP: 0033:0x459697 [ 253.606709][T12622] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 253.626553][T12622] RSP: 002b:00007f1f9bced3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 253.635006][T12622] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000459697 [ 253.642985][T12622] RDX: 00007f1f9bced420 RSI: 00000000c0085504 RDI: 0000000000000003 [ 253.650958][T12622] RBP: 0000000000000040 R08: 0000000000000000 R09: 000000000000000f [ 253.658936][T12622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f9bcee6d4 [ 253.667106][T12622] R13: 00000000004bee86 R14: 00000000004dfec8 R15: 00000000ffffffff [ 253.676735][T12622] Kernel Offset: disabled [ 253.681071][T12622] Rebooting in 86400 seconds..