[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 81.856742][ T31] audit: type=1800 audit(1567707771.929:25): pid=12085 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 81.893646][ T31] audit: type=1800 audit(1567707771.949:26): pid=12085 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 81.913886][ T31] audit: type=1800 audit(1567707771.959:27): pid=12085 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. 2019/09/05 18:23:05 fuzzer started 2019/09/05 18:23:09 dialing manager at 10.128.0.26:34833 2019/09/05 18:23:10 syscalls: 2376 2019/09/05 18:23:10 code coverage: enabled 2019/09/05 18:23:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/09/05 18:23:10 extra coverage: enabled 2019/09/05 18:23:10 setuid sandbox: enabled 2019/09/05 18:23:10 namespace sandbox: enabled 2019/09/05 18:23:10 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/05 18:23:10 fault injection: enabled 2019/09/05 18:23:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/05 18:23:10 net packet injection: enabled 2019/09/05 18:23:10 net device setup: enabled 18:25:40 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001340)={{0x12, 0x1, 0x0, 0xed, 0x11, 0x5d, 0x40, 0x2001, 0x1a02, 0xf89b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x0, 0x0, 0x2e, 0x5d, 0x8b}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000002c00)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002f80)={0xcc, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000580)={0xb4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000380)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001780)={0xcc, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syzkaller login: [ 250.671897][T12251] IPVS: ftp: loaded support on port[0] = 21 [ 250.820137][T12251] chnl_net:caif_netlink_parms(): no params data found [ 250.880645][T12251] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.887952][T12251] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.896733][T12251] device bridge_slave_0 entered promiscuous mode [ 250.906842][T12251] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.914332][T12251] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.923018][T12251] device bridge_slave_1 entered promiscuous mode [ 250.955199][T12251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.968214][T12251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.002556][T12251] team0: Port device team_slave_0 added [ 251.011891][T12251] team0: Port device team_slave_1 added [ 251.188550][T12251] device hsr_slave_0 entered promiscuous mode [ 251.404581][T12251] device hsr_slave_1 entered promiscuous mode [ 251.684192][T12251] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.691514][T12251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.699321][T12251] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.706559][T12251] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.786677][T12251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.808894][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 251.820641][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.831976][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.848335][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 251.869530][T12251] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.882925][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 251.892683][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.902052][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.909282][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.955243][T12251] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 251.965766][T12251] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 251.982340][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.991873][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 252.000944][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.008156][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.017179][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 252.027118][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 252.037093][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 252.046900][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 252.056467][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 252.066307][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 252.076421][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 252.085562][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 252.095232][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 252.104468][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 252.119328][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 252.128106][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 252.159733][T12251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 252.593609][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 252.956329][ T12] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 252.965174][ T12] usb 1-1: config 0 has no interface number 0 [ 252.971344][ T12] usb 1-1: New USB device found, idVendor=2001, idProduct=1a02, bcdDevice=f8.9b [ 252.980574][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.991650][ T12] usb 1-1: config 0 descriptor?? [ 253.253803][ T12] asix 1-1:0.105 (unnamed net_device) (uninitialized): invalid hw address, using random 18:25:43 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x22}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x34, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="002267030000001160f0000094ec0ab2dd00009d1583bcbfe56574"]}, &(0x7f0000000200)={0xcc, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 254.028182][T12260] IPVS: ftp: loaded support on port[0] = 21 [ 254.108241][T12257] ================================================================== [ 254.116485][T12257] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 254.123692][T12257] CPU: 0 PID: 12257 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0 [ 254.131586][T12257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.141651][T12257] Call Trace: [ 254.145083][T12257] dump_stack+0x191/0x1f0 [ 254.149519][T12257] kmsan_report+0x162/0x2d0 [ 254.154040][T12257] kmsan_internal_check_memory+0x455/0x8d0 [ 254.159871][T12257] kmsan_copy_to_user+0xa9/0xb0 [ 254.164821][T12257] _copy_to_user+0x16b/0x1f0 [ 254.169501][T12257] fuzzer_ioctl+0x25a9/0x5860 [ 254.175063][T12257] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 254.181171][T12257] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 254.187163][T12257] ? next_event+0x6a0/0x6a0 [ 254.191771][T12257] full_proxy_unlocked_ioctl+0x1ca/0x380 [ 254.197431][T12257] ? full_proxy_poll+0x320/0x320 [ 254.202465][T12257] do_vfs_ioctl+0xea8/0x2c50 [ 254.207344][T12257] ? security_file_ioctl+0x1bd/0x200 [ 254.212652][T12257] __se_sys_ioctl+0x1da/0x270 [ 254.217350][T12257] __x64_sys_ioctl+0x4a/0x70 [ 254.222037][T12257] do_syscall_64+0xbc/0xf0 [ 254.226496][T12257] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.232397][T12257] RIP: 0033:0x4596e7 [ 254.236299][T12257] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.255932][T12257] RSP: 002b:00007f55c59b73e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.264351][T12257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004596e7 [ 254.272328][T12257] RDX: 00007f55c59b7830 RSI: 0000000080085502 RDI: 0000000000000003 [ 254.281000][T12257] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 254.289075][T12257] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55c59b86d4 [ 254.297063][T12257] R13: 00000000004beee6 R14: 00000000004dffa0 R15: 00000000ffffffff [ 254.305052][T12257] [ 254.307375][T12257] Uninit was stored to memory at: [ 254.312405][T12257] kmsan_internal_chain_origin+0xcc/0x150 [ 254.318223][T12257] kmsan_memcpy_memmove_metadata+0x819/0xa80 [ 254.324208][T12257] kmsan_memcpy_metadata+0xb/0x10 [ 254.329260][T12257] __msan_memcpy+0x56/0x70 [ 254.333681][T12257] gadget_setup+0x498/0xb60 [ 254.338273][T12257] dummy_timer+0x1fba/0x6770 [ 254.342942][T12257] call_timer_fn+0x232/0x530 [ 254.347537][T12257] __run_timers+0xcdc/0x11a0 [ 254.352130][T12257] run_timer_softirq+0x2d/0x50 [ 254.356980][T12257] __do_softirq+0x4a1/0x83a [ 254.361529][T12257] irq_exit+0x230/0x280 [ 254.365696][T12257] exiting_irq+0xe/0x10 [ 254.369853][T12257] smp_apic_timer_interrupt+0x48/0x70 [ 254.375222][T12257] apic_timer_interrupt+0x2e/0x40 [ 254.380315][T12257] rmqueue_pcplist+0x624c/0x6450 [ 254.385258][T12257] rmqueue+0xa1/0x13a0 [ 254.389328][T12257] get_page_from_freelist+0xf61/0x19c0 [ 254.394792][T12257] __alloc_pages_nodemask+0x9b5/0x5fa0 [ 254.400253][T12257] alloc_pages_current+0x68d/0x9a0 [ 254.405369][T12257] __vmalloc_node_range+0x82c/0x14b0 [ 254.410666][T12257] vmalloc_user+0xd7/0xf0 [ 254.415060][T12257] kcov_mmap+0x2a/0x120 [ 254.420009][T12257] mmap_region+0x3041/0x3950 [ 254.424603][T12257] do_mmap+0x1826/0x1e60 [ 254.428906][T12257] vm_mmap_pgoff+0x31a/0x440 [ 254.433496][T12257] ksys_mmap_pgoff+0xa5b/0xb00 [ 254.438372][T12257] __se_sys_mmap+0x172/0x1a0 [ 254.442962][T12257] __x64_sys_mmap+0x69/0x90 [ 254.447489][T12257] do_syscall_64+0xbc/0xf0 [ 254.451917][T12257] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.457846][T12257] [ 254.460172][T12257] Uninit was stored to memory at: [ 254.465222][T12257] kmsan_internal_chain_origin+0xcc/0x150 [ 254.470956][T12257] __msan_chain_origin+0x6b/0xe0 [ 254.475899][T12257] dummy_timer+0x2d76/0x6770 [ 254.480493][T12257] call_timer_fn+0x232/0x530 [ 254.485086][T12257] __run_timers+0xcdc/0x11a0 [ 254.489683][T12257] run_timer_softirq+0x2d/0x50 [ 254.494468][T12257] __do_softirq+0x4a1/0x83a [ 254.499001][T12257] irq_exit+0x230/0x280 [ 254.503161][T12257] exiting_irq+0xe/0x10 [ 254.507319][T12257] smp_apic_timer_interrupt+0x48/0x70 [ 254.512700][T12257] apic_timer_interrupt+0x2e/0x40 [ 254.517744][T12257] rmqueue_pcplist+0x624c/0x6450 [ 254.522683][T12257] rmqueue+0xa1/0x13a0 [ 254.526754][T12257] get_page_from_freelist+0xf61/0x19c0 [ 254.532217][T12257] __alloc_pages_nodemask+0x9b5/0x5fa0 [ 254.537700][T12257] alloc_pages_current+0x68d/0x9a0 [ 254.542833][T12257] __vmalloc_node_range+0x82c/0x14b0 [ 254.547877][T12260] chnl_net:caif_netlink_parms(): no params data found [ 254.548148][T12257] vmalloc_user+0xd7/0xf0 [ 254.559353][T12257] kcov_mmap+0x2a/0x120 [ 254.563515][T12257] mmap_region+0x3041/0x3950 [ 254.568231][T12257] do_mmap+0x1826/0x1e60 [ 254.572485][T12257] vm_mmap_pgoff+0x31a/0x440 [ 254.577091][T12257] ksys_mmap_pgoff+0xa5b/0xb00 [ 254.581867][T12257] __se_sys_mmap+0x172/0x1a0 [ 254.586492][T12257] __x64_sys_mmap+0x69/0x90 [ 254.591006][T12257] do_syscall_64+0xbc/0xf0 [ 254.595433][T12257] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.601329][T12257] [ 254.603656][T12257] Uninit was stored to memory at: [ 254.608702][T12257] kmsan_internal_chain_origin+0xcc/0x150 [ 254.614438][T12257] __msan_chain_origin+0x6b/0xe0 [ 254.619615][T12257] usb_control_msg+0x61b/0x7f0 [ 254.624468][T12257] usbnet_write_cmd+0x386/0x430 [ 254.629379][T12257] asix_write_cmd+0x155/0x270 [ 254.633627][T12260] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.634067][T12257] ax88772_hw_reset+0x191/0xb40 [ 254.634081][T12257] ax88772_bind+0x6ad/0x11f0 [ 254.634093][T12257] usbnet_probe+0x10ae/0x3960 [ 254.634133][T12257] usb_probe_interface+0xd19/0x1310 [ 254.641342][T12260] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.646096][T12257] really_probe+0x1373/0x1dc0 [ 254.646134][T12257] driver_probe_device+0x1ba/0x510 [ 254.652229][T12260] device bridge_slave_0 entered promiscuous mode [ 254.655390][T12257] __device_attach_driver+0x5b8/0x790 [ 254.655404][T12257] bus_for_each_drv+0x28e/0x3b0 [ 254.655415][T12257] __device_attach+0x489/0x750 [ 254.655428][T12257] device_initial_probe+0x4a/0x60 [ 254.655439][T12257] bus_probe_device+0x131/0x390 [ 254.655450][T12257] device_add+0x25b5/0x2df0 [ 254.655465][T12257] usb_set_configuration+0x309f/0x3710 [ 254.655497][T12257] generic_probe+0xe7/0x280 [ 254.697329][T12260] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.699192][T12257] usb_probe_device+0x146/0x200 [ 254.699209][T12257] really_probe+0x1373/0x1dc0 [ 254.699222][T12257] driver_probe_device+0x1ba/0x510 [ 254.699255][T12257] __device_attach_driver+0x5b8/0x790 [ 254.704459][T12260] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.709133][T12257] bus_for_each_drv+0x28e/0x3b0 [ 254.715230][T12260] device bridge_slave_1 entered promiscuous mode [ 254.719109][T12257] __device_attach+0x489/0x750 [ 254.773631][T12257] device_initial_probe+0x4a/0x60 [ 254.778673][T12257] bus_probe_device+0x131/0x390 [ 254.783535][T12257] device_add+0x25b5/0x2df0 [ 254.788058][T12257] usb_new_device+0x23e5/0x2fb0 [ 254.792921][T12257] hub_event+0x581d/0x72f0 [ 254.797424][T12257] process_one_work+0x1572/0x1ef0 [ 254.802593][T12257] worker_thread+0x111b/0x2460 [ 254.807442][T12257] kthread+0x4b5/0x4f0 [ 254.807829][T12260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 254.811544][T12257] ret_from_fork+0x35/0x40 [ 254.824998][T12257] [ 254.827326][T12257] Uninit was stored to memory at: [ 254.832361][T12257] kmsan_internal_chain_origin+0xcc/0x150 [ 254.838090][T12257] __msan_chain_origin+0x6b/0xe0 [ 254.843034][T12257] ax88772_bind+0xa12/0x11f0 [ 254.847467][T12260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 254.847651][T12257] usbnet_probe+0x10ae/0x3960 [ 254.861619][T12257] usb_probe_interface+0xd19/0x1310 [ 254.866921][T12257] really_probe+0x1373/0x1dc0 [ 254.871605][T12257] driver_probe_device+0x1ba/0x510 [ 254.876809][T12257] __device_attach_driver+0x5b8/0x790 [ 254.882181][T12257] bus_for_each_drv+0x28e/0x3b0 [ 254.887042][T12257] __device_attach+0x489/0x750 [ 254.891830][T12257] device_initial_probe+0x4a/0x60 [ 254.896866][T12257] bus_probe_device+0x131/0x390 [ 254.901706][T12257] device_add+0x25b5/0x2df0 [ 254.906208][T12257] usb_set_configuration+0x309f/0x3710 [ 254.911672][T12257] generic_probe+0xe7/0x280 [ 254.916205][T12257] usb_probe_device+0x146/0x200 [ 254.921048][T12257] really_probe+0x1373/0x1dc0 [ 254.925714][T12257] driver_probe_device+0x1ba/0x510 [ 254.930814][T12257] __device_attach_driver+0x5b8/0x790 [ 254.936175][T12257] bus_for_each_drv+0x28e/0x3b0 [ 254.941042][T12257] __device_attach+0x489/0x750 [ 254.945795][T12257] device_initial_probe+0x4a/0x60 [ 254.950894][T12257] bus_probe_device+0x131/0x390 [ 254.955867][T12257] device_add+0x25b5/0x2df0 [ 254.960360][T12257] usb_new_device+0x23e5/0x2fb0 [ 254.965201][T12257] hub_event+0x581d/0x72f0 [ 254.969612][T12257] process_one_work+0x1572/0x1ef0 [ 254.974627][T12257] worker_thread+0x111b/0x2460 [ 254.979381][T12257] kthread+0x4b5/0x4f0 [ 254.983444][T12257] ret_from_fork+0x35/0x40 [ 254.987845][T12257] [ 254.990159][T12257] Local variable description: ----buf.i@asix_get_phy_addr [ 254.997245][T12257] Variable was created at: [ 255.001658][T12257] asix_get_phy_addr+0x4d/0x280 [ 255.006494][T12257] ax88772_bind+0x472/0x11f0 [ 255.011064][T12257] [ 255.013381][T12257] Byte 10 of 16 is uninitialized [ 255.018304][T12257] Memory access of size 16 starts at ffff88805d5a7700 [ 255.025049][T12257] Data copied to user address 00007f55c59b7830 [ 255.031193][T12257] ================================================================== [ 255.039237][T12257] Disabling lock debugging due to kernel taint [ 255.045403][T12257] Kernel panic - not syncing: panic_on_warn set ... [ 255.052004][T12257] CPU: 0 PID: 12257 Comm: syz-executor.0 Tainted: G B 5.3.0-rc7+ #0 [ 255.061271][T12257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.071317][T12257] Call Trace: [ 255.074610][T12257] dump_stack+0x191/0x1f0 [ 255.079189][T12257] panic+0x3c9/0xc1e [ 255.083115][T12257] kmsan_report+0x2ca/0x2d0 [ 255.087629][T12257] kmsan_internal_check_memory+0x455/0x8d0 [ 255.093450][T12257] kmsan_copy_to_user+0xa9/0xb0 [ 255.098297][T12257] _copy_to_user+0x16b/0x1f0 [ 255.102909][T12257] fuzzer_ioctl+0x25a9/0x5860 [ 255.107592][T12257] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 255.113681][T12257] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 255.119659][T12257] ? next_event+0x6a0/0x6a0 [ 255.124182][T12257] full_proxy_unlocked_ioctl+0x1ca/0x380 [ 255.129832][T12257] ? full_proxy_poll+0x320/0x320 [ 255.134773][T12257] do_vfs_ioctl+0xea8/0x2c50 [ 255.139371][T12257] ? security_file_ioctl+0x1bd/0x200 [ 255.144658][T12257] __se_sys_ioctl+0x1da/0x270 [ 255.149336][T12257] __x64_sys_ioctl+0x4a/0x70 [ 255.153936][T12257] do_syscall_64+0xbc/0xf0 [ 255.158348][T12257] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 255.164249][T12257] RIP: 0033:0x4596e7 [ 255.168150][T12257] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 255.187746][T12257] RSP: 002b:00007f55c59b73e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 255.196153][T12257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004596e7 [ 255.204114][T12257] RDX: 00007f55c59b7830 RSI: 0000000080085502 RDI: 0000000000000003 [ 255.212084][T12257] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 255.220060][T12257] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55c59b86d4 [ 255.228892][T12257] R13: 00000000004beee6 R14: 00000000004dffa0 R15: 00000000ffffffff [ 255.238621][T12257] Kernel Offset: disabled [ 255.243152][T12257] Rebooting in 86400 seconds..