Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. 2020/03/11 21:49:35 fuzzer started syzkaller login: [ 130.211929][ T32] audit: type=1400 audit(1583963375.256:42): avc: denied { map } for pid=11257 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=2339 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/03/11 21:49:40 dialing manager at 10.128.0.26:39595 2020/03/11 21:49:40 syscalls: 2967 2020/03/11 21:49:40 code coverage: enabled 2020/03/11 21:49:40 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/03/11 21:49:40 extra coverage: enabled 2020/03/11 21:49:40 setuid sandbox: enabled 2020/03/11 21:49:40 namespace sandbox: enabled 2020/03/11 21:49:40 Android sandbox: /sys/fs/selinux/policy does not exist 2020/03/11 21:49:40 fault injection: enabled 2020/03/11 21:49:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/03/11 21:49:40 net packet injection: enabled 2020/03/11 21:49:40 net device setup: enabled 2020/03/11 21:49:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/03/11 21:49:40 devlink PCI setup: PCI device 0000:00:10.0 is not available [ 135.806549][ T32] audit: type=1400 audit(1583963380.856:43): avc: denied { integrity } for pid=11272 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 21:52:31 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) recvmmsg(r0, &(0x7f0000003480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) write(r1, &(0x7f0000000040)="1f0000001000ff00fd4354c007110000f305030205000100130423dcffdf00", 0x3f2) dup2(r1, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) tkill(r2, 0x1000000000013) [ 306.675623][ T32] audit: type=1400 audit(1583963551.726:44): avc: denied { map } for pid=11275 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=72 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 307.120978][T11276] IPVS: ftp: loaded support on port[0] = 21 [ 307.329870][T11276] chnl_net:caif_netlink_parms(): no params data found [ 307.476442][T11276] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.483752][T11276] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.493142][T11276] device bridge_slave_0 entered promiscuous mode [ 307.508097][T11276] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.515376][T11276] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.524956][T11276] device bridge_slave_1 entered promiscuous mode [ 307.574334][T11276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 307.593783][T11276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.641681][T11276] team0: Port device team_slave_0 added [ 307.657487][T11276] team0: Port device team_slave_1 added [ 307.700368][T11276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.707553][T11276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.733804][T11276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.751605][T11276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.758783][T11276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.785051][T11276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.989883][T11276] device hsr_slave_0 entered promiscuous mode [ 308.112829][T11276] device hsr_slave_1 entered promiscuous mode [ 308.624467][ T32] audit: type=1400 audit(1583963553.676:45): avc: denied { create } for pid=11276 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 308.657620][T11276] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 308.665479][ T32] audit: type=1400 audit(1583963553.696:46): avc: denied { write } for pid=11276 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 308.690638][ T32] audit: type=1400 audit(1583963553.706:47): avc: denied { read } for pid=11276 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 308.752405][T11276] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 309.032506][T11276] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 309.163040][T11276] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 309.641220][T11276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 309.678724][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 309.687659][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 309.709074][T11276] 8021q: adding VLAN 0 to HW filter on device team0 [ 309.737976][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 309.747650][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 309.756917][ T3703] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.764154][ T3703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 309.776274][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 309.789954][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 309.799111][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 309.808271][ T3396] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.815582][ T3396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.863032][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 309.873209][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 309.903673][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 309.915432][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 309.924657][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 309.934803][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 309.980859][T11276] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 309.991792][T11276] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 310.006237][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 310.015128][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 310.024203][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 310.033896][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 310.042961][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 310.102528][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 310.110797][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 310.118591][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 310.146904][T11276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.213230][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 310.223281][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 310.296372][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 310.305794][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 310.328399][T11276] device veth0_vlan entered promiscuous mode [ 310.338010][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 310.347314][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 310.381489][T11276] device veth1_vlan entered promiscuous mode [ 310.458949][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 310.468619][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 310.477852][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 310.487469][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 310.511654][T11276] device veth0_macvtap entered promiscuous mode [ 310.533766][T11276] device veth1_macvtap entered promiscuous mode [ 310.597036][T11276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.604771][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 310.613963][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 310.623640][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 310.647727][T11276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.659571][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 310.669663][ T3703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 311.104656][ T32] audit: type=1400 audit(1583963556.136:48): avc: denied { associate } for pid=11276 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 311.405832][ T32] audit: type=1400 audit(1583963556.456:49): avc: denied { create } for pid=11301 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 311.433622][T11303] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 311.450552][ T32] audit: type=1400 audit(1583963556.486:50): avc: denied { write } for pid=11301 comm="syz-executor.0" path="socket:[29534]" dev="sockfs" ino=29534 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 21:52:36 executing program 1: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffffe}, 0x4) r5 = socket$packet(0x11, 0x3, 0x300) r6 = ioctl$TIOCGPTPEER(r3, 0x5441, 0x4) ioctl$KDFONTOP_GET(r6, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x0, 0x0, 0x110, 0x0}) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffffe}, 0x4) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x100000, 0x0) [ 311.978272][ T32] audit: type=1400 audit(1583963557.026:51): avc: denied { read } for pid=11301 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 312.011358][T11303] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 21:52:37 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000540)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) gettid() preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000600)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) write$FUSE_INIT(r3, &(0x7f0000000140)={0x50, 0x0, 0x1, {0x7, 0x1f, 0x0, 0x880804}}, 0x50) [ 312.300820][T11308] IPVS: ftp: loaded support on port[0] = 21 [ 312.530820][T11308] chnl_net:caif_netlink_parms(): no params data found [ 312.698609][T11308] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.706075][T11308] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.715397][T11308] device bridge_slave_0 entered promiscuous mode [ 312.730815][T11308] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.738674][T11308] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.747989][T11308] device bridge_slave_1 entered promiscuous mode [ 312.797979][T11308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 312.815879][T11308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 312.863674][T11308] team0: Port device team_slave_0 added [ 312.879370][T11308] team0: Port device team_slave_1 added [ 312.923357][T11308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 312.930393][T11308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.956437][T11308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 312.976377][T11308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 312.983627][T11308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.009798][T11308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 313.170125][T11308] device hsr_slave_0 entered promiscuous mode [ 313.414306][T11308] device hsr_slave_1 entered promiscuous mode [ 313.553639][T11308] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 313.561339][T11308] Cannot create hsr debugfs directory 21:52:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = open(&(0x7f00000006c0)='./file0\x00', 0x0, 0x0) fchdir(r2) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x0) [ 313.947062][T11319] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006500) [ 313.955120][T11319] FAT-fs (loop0): Filesystem has been set read-only [ 313.961750][T11319] ===================================================== [ 313.968696][T11319] BUG: KMSAN: uninit-value in fat_evict_inode+0x2f4/0x920 [ 313.975810][T11319] CPU: 1 PID: 11319 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0 [ 313.984481][T11319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.994531][T11319] Call Trace: [ 313.997826][T11319] dump_stack+0x1c9/0x220 [ 314.002187][T11319] kmsan_report+0xf7/0x1e0 [ 314.006608][T11319] __msan_warning+0x58/0xa0 [ 314.011115][T11319] fat_evict_inode+0x2f4/0x920 [ 314.015897][T11319] ? fat_write_inode+0x250/0x250 [ 314.020835][T11319] evict+0x4ab/0xe10 [ 314.024833][T11319] iput+0xa70/0xe10 [ 314.028667][T11319] fat_build_inode+0x6a3/0x840 [ 314.033454][T11319] vfat_mkdir+0x547/0x7d0 [ 314.037805][T11319] ? vfat_unlink+0x660/0x660 [ 314.042392][T11319] vfs_mkdir+0x691/0x920 [ 314.046654][T11319] do_mkdirat+0x39f/0x680 [ 314.049947][T11308] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 314.051012][T11319] __ia32_sys_mkdir+0x9f/0xd0 [ 314.062349][T11319] ? __se_sys_mkdir+0x90/0x90 [ 314.067037][T11319] do_fast_syscall_32+0x3c7/0x6e0 [ 314.072096][T11319] entry_SYSENTER_compat+0x68/0x77 [ 314.077201][T11319] RIP: 0023:0xf7f6fd99 [ 314.081269][T11319] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 314.100870][T11319] RSP: 002b:00000000f5d6a0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000027 [ 314.109279][T11319] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000000000 [ 314.117250][T11319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 314.125225][T11319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 314.133191][T11319] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 314.141158][T11319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 314.149140][T11319] [ 314.151458][T11319] Uninit was created at: [ 314.155700][T11319] kmsan_save_stack_with_flags+0x3c/0x90 [ 314.161334][T11319] kmsan_alloc_page+0x12a/0x310 [ 314.166180][T11319] __alloc_pages_nodemask+0x5712/0x5e80 [ 314.171735][T11319] alloc_pages_current+0x67d/0x990 [ 314.176851][T11319] alloc_slab_page+0x111/0x12f0 [ 314.181698][T11319] new_slab+0x2bc/0x1130 [ 314.185939][T11319] ___slab_alloc+0x1533/0x1f30 [ 314.190694][T11319] kmem_cache_alloc+0xb23/0xd70 [ 314.195559][T11319] fat_alloc_inode+0x58/0x120 [ 314.200230][T11319] new_inode_pseudo+0xb1/0x590 [ 314.204988][T11319] new_inode+0x5a/0x3d0 [ 314.209145][T11319] fat_build_inode+0x537/0x840 [ 314.213902][T11319] vfat_mkdir+0x547/0x7d0 [ 314.218229][T11319] vfs_mkdir+0x691/0x920 [ 314.222469][T11319] do_mkdirat+0x39f/0x680 [ 314.226789][T11319] __ia32_sys_mkdir+0x9f/0xd0 [ 314.231472][T11319] do_fast_syscall_32+0x3c7/0x6e0 [ 314.236492][T11319] entry_SYSENTER_compat+0x68/0x77 [ 314.241597][T11319] ===================================================== [ 314.248525][T11319] Disabling lock debugging due to kernel taint [ 314.254771][T11319] Kernel panic - not syncing: panic_on_warn set ... [ 314.261366][T11319] CPU: 1 PID: 11319 Comm: syz-executor.0 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 314.271421][T11319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.281482][T11319] Call Trace: [ 314.284787][T11319] dump_stack+0x1c9/0x220 [ 314.289126][T11319] panic+0x3d5/0xc3e [ 314.293064][T11319] kmsan_report+0x1df/0x1e0 [ 314.297590][T11319] __msan_warning+0x58/0xa0 [ 314.302104][T11319] fat_evict_inode+0x2f4/0x920 [ 314.306882][T11319] ? fat_write_inode+0x250/0x250 [ 314.311819][T11319] evict+0x4ab/0xe10 [ 314.315742][T11319] iput+0xa70/0xe10 [ 314.319580][T11319] fat_build_inode+0x6a3/0x840 [ 314.324363][T11319] vfat_mkdir+0x547/0x7d0 [ 314.328712][T11319] ? vfat_unlink+0x660/0x660 [ 314.333304][T11319] vfs_mkdir+0x691/0x920 [ 314.337564][T11319] do_mkdirat+0x39f/0x680 [ 314.341918][T11319] __ia32_sys_mkdir+0x9f/0xd0 [ 314.346604][T11319] ? __se_sys_mkdir+0x90/0x90 [ 314.351285][T11319] do_fast_syscall_32+0x3c7/0x6e0 [ 314.356329][T11319] entry_SYSENTER_compat+0x68/0x77 [ 314.361435][T11319] RIP: 0023:0xf7f6fd99 [ 314.365501][T11319] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 314.385101][T11319] RSP: 002b:00000000f5d6a0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000027 [ 314.393513][T11319] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000000000 [ 314.401476][T11319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 314.409448][T11319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 314.417418][T11319] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 314.425392][T11319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 314.434700][T11319] Kernel Offset: 0x2a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 314.446226][T11319] Rebooting in 86400 seconds..