[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts.
2020/05/23 08:49:32 parsed 1 programs
2020/05/23 08:49:36 executed programs: 0
syzkaller login: [ 1062.777331][   T32] audit: type=1400 audit(1590223776.405:8): avc:  denied  { execmem } for  pid=8811 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 1062.863804][ T8812] IPVS: ftp: loaded support on port[0] = 21
[ 1063.037005][ T8812] chnl_net:caif_netlink_parms(): no params data found
[ 1063.170929][ T8812] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1063.178545][ T8812] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1063.188256][ T8812] device bridge_slave_0 entered promiscuous mode
[ 1063.202579][ T8812] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1063.209809][ T8812] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1063.219408][ T8812] device bridge_slave_1 entered promiscuous mode
[ 1063.249735][ T8812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1063.262641][ T8812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1063.294048][ T8812] team0: Port device team_slave_0 added
[ 1063.303633][ T8812] team0: Port device team_slave_1 added
[ 1063.333621][ T8812] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1063.340630][ T8812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1063.366818][ T8812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1063.379380][ T8812] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1063.386568][ T8812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1063.412748][ T8812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1063.488026][ T8812] device hsr_slave_0 entered promiscuous mode
[ 1063.553230][ T8812] device hsr_slave_1 entered promiscuous mode
[ 1063.756643][ T8812] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1063.807031][ T8812] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1063.856774][ T8812] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1063.916854][ T8812] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1064.000248][ T8812] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1064.007589][ T8812] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1064.015657][ T8812] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1064.023094][ T8812] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1064.040695][ T8263] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1064.056001][ T8263] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1064.119555][ T8812] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1064.138308][ T8781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1064.147530][ T8781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1064.162841][ T8812] 8021q: adding VLAN 0 to HW filter on device team0
[ 1064.176004][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1064.185272][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1064.194888][ T8779] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1064.202252][ T8779] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1064.222746][ T8781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1064.232491][ T8781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1064.241537][ T8781] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1064.248961][ T8781] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1064.257745][ T8781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1064.276551][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1064.293939][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1064.304439][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1064.332936][ T8812] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1064.343649][ T8812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1064.358294][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1064.368281][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1064.379454][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1064.389581][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1064.399354][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1064.409073][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1064.418683][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1064.431455][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1064.457872][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1064.466152][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1064.485270][ T8812] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1064.512597][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1064.523887][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1064.556266][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1064.565502][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1064.577322][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1064.586360][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1064.596215][ T8812] device veth0_vlan entered promiscuous mode
[ 1064.614703][ T8812] device veth1_vlan entered promiscuous mode
[ 1064.648135][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1064.657111][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1064.666521][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1064.675979][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1064.691500][ T8812] device veth0_macvtap entered promiscuous mode
[ 1064.705340][ T8812] device veth1_macvtap entered promiscuous mode
[ 1064.731585][ T8812] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1064.739731][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1064.749215][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1064.758306][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1064.768246][ T3367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1064.787624][ T8812] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1064.796144][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1064.806279][ T8779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2020/05/23 08:49:41 executed programs: 53
2020/05/23 08:49:46 executed programs: 161
2020/05/23 08:49:51 executed programs: 269
2020/05/23 08:49:56 executed programs: 450
2020/05/23 08:50:01 executed programs: 638
2020/05/23 08:50:06 executed programs: 824
2020/05/23 08:50:11 executed programs: 1008
2020/05/23 08:50:16 executed programs: 1194
2020/05/23 08:50:21 executed programs: 1378
2020/05/23 08:50:26 executed programs: 1560
[ 1114.653262][    T0] NOHZ: local_softirq_pending 08
2020/05/23 08:50:31 executed programs: 1739
2020/05/23 08:50:36 executed programs: 1915
2020/05/23 08:50:41 executed programs: 2087
2020/05/23 08:50:46 executed programs: 2263
[ 1137.644317][T16644] =====================================================
[ 1137.651427][T16644] BUG: KMSAN: kernel-infoleak-after-free in kmsan_copy_to_user+0x81/0x90
[ 1137.659997][T16644] CPU: 0 PID: 16644 Comm: syz-executor.0 Not tainted 5.7.0-rc4-syzkaller #0
[ 1137.668650][T16644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1137.678742][T16644] Call Trace:
[ 1137.682057][T16644]  dump_stack+0x1c9/0x220
[ 1137.686375][T16644]  kmsan_report+0xf7/0x1e0
[ 1137.690778][T16644]  kmsan_internal_check_memory+0x358/0x3d0
[ 1137.696566][T16644]  ? drm_mode_create_dumb_ioctl+0x41d/0x450
[ 1137.702446][T16644]  kmsan_copy_to_user+0x81/0x90
[ 1137.707285][T16644]  _copy_to_user+0x15a/0x1f0
[ 1137.711872][T16644]  drm_ioctl+0xceb/0x1230
[ 1137.716196][T16644]  ? drm_mode_create_dumb+0x450/0x450
[ 1137.721554][T16644]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.726736][T16644]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[ 1137.732959][T16644]  ? do_vfs_ioctl+0x10f3/0x3370
[ 1137.737801][T16644]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.742994][T16644]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1137.748784][T16644]  drm_compat_ioctl+0x49a/0x530
[ 1137.753619][T16644]  ? security_file_ioctl+0x1a8/0x200
[ 1137.758888][T16644]  ? kcalloc+0xe0/0xe0
[ 1137.762939][T16644]  __se_compat_sys_ioctl+0x57c/0xed0
[ 1137.768209][T16644]  ? kmsan_get_metadata+0x4f/0x180
[ 1137.773321][T16644]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.778503][T16644]  __ia32_compat_sys_ioctl+0x4a/0x70
[ 1137.783886][T16644]  ? compat_ptr_ioctl+0x150/0x150
[ 1137.788893][T16644]  do_fast_syscall_32+0x3bf/0x6d0
[ 1137.793985][T16644]  entry_SYSENTER_compat+0x68/0x77
[ 1137.799121][T16644] RIP: 0023:0xf7fbedd9
[ 1137.803189][T16644] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 1137.822782][T16644] RSP: 002b:00000000f7fb90cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1137.831240][T16644] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c02064b2
[ 1137.839213][T16644] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1137.847166][T16644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1137.855130][T16644] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1137.863112][T16644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1137.871077][T16644] 
[ 1137.873384][T16644] Uninit was stored to memory at:
[ 1137.878462][T16644]  kmsan_internal_chain_origin+0xad/0x130
[ 1137.884161][T16644]  __msan_chain_origin+0x50/0x90
[ 1137.889077][T16644]  vkms_dumb_create+0x44f/0x490
[ 1137.893911][T16644]  drm_mode_create_dumb_ioctl+0x41d/0x450
[ 1137.899632][T16644]  drm_ioctl_kernel+0x597/0x700
[ 1137.906830][T16644]  drm_ioctl+0xc6f/0x1230
[ 1137.911160][T16644]  drm_compat_ioctl+0x49a/0x530
[ 1137.916009][T16644]  __se_compat_sys_ioctl+0x57c/0xed0
[ 1137.921284][T16644]  __ia32_compat_sys_ioctl+0x4a/0x70
[ 1137.926546][T16644]  do_fast_syscall_32+0x3bf/0x6d0
[ 1137.931551][T16644]  entry_SYSENTER_compat+0x68/0x77
[ 1137.936633][T16644] 
[ 1137.938939][T16644] Uninit was created at:
[ 1137.943159][T16644]  kmsan_internal_poison_shadow+0x66/0xd0
[ 1137.948855][T16644]  kmsan_slab_free+0x6e/0xb0
[ 1137.953421][T16644]  kfree+0x562/0x30c0
[ 1137.957398][T16644]  vkms_gem_free_object+0xcb/0x130
[ 1137.962496][T16644]  drm_gem_object_put_unlocked+0x484/0x7a0
[ 1137.968282][T16644]  vkms_gem_create+0x3f4/0x440
[ 1137.973026][T16644]  vkms_dumb_create+0x216/0x490
[ 1137.977854][T16644]  drm_mode_create_dumb_ioctl+0x41d/0x450
[ 1137.983550][T16644]  drm_ioctl_kernel+0x597/0x700
[ 1137.988385][T16644]  drm_ioctl+0xc6f/0x1230
[ 1137.992700][T16644]  drm_compat_ioctl+0x49a/0x530
[ 1137.997551][T16644]  __se_compat_sys_ioctl+0x57c/0xed0
[ 1138.002821][T16644]  __ia32_compat_sys_ioctl+0x4a/0x70
[ 1138.008095][T16644]  do_fast_syscall_32+0x3bf/0x6d0
[ 1138.013109][T16644]  entry_SYSENTER_compat+0x68/0x77
[ 1138.018194][T16644] 
[ 1138.020500][T16644] Bytes 24-31 of 32 are uninitialized
[ 1138.025862][T16644] Memory access of size 32 starts at ffffb09b812ebc40
[ 1138.032596][T16644] Data copied to user address 0000000020000080
[ 1138.038721][T16644] =====================================================
[ 1138.046419][T16644] Disabling lock debugging due to kernel taint
[ 1138.052547][T16644] Kernel panic - not syncing: panic_on_warn set ...
[ 1138.059115][T16644] CPU: 0 PID: 16644 Comm: syz-executor.0 Tainted: G    B             5.7.0-rc4-syzkaller #0
[ 1138.069277][T16644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1138.079325][T16644] Call Trace:
[ 1138.082613][T16644]  dump_stack+0x1c9/0x220
[ 1138.086938][T16644]  panic+0x3d5/0xc3e
[ 1138.090833][T16644]  kmsan_report+0x1df/0x1e0
[ 1138.095321][T16644]  kmsan_internal_check_memory+0x358/0x3d0
[ 1138.101112][T16644]  ? drm_mode_create_dumb_ioctl+0x41d/0x450
[ 1138.106994][T16644]  kmsan_copy_to_user+0x81/0x90
[ 1138.111841][T16644]  _copy_to_user+0x15a/0x1f0
[ 1138.116449][T16644]  drm_ioctl+0xceb/0x1230
[ 1138.120780][T16644]  ? drm_mode_create_dumb+0x450/0x450
[ 1138.126152][T16644]  ? kmsan_get_metadata+0x11d/0x180
[ 1138.131553][T16644]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[ 1138.137597][T16644]  ? do_vfs_ioctl+0x10f3/0x3370
[ 1138.142450][T16644]  ? kmsan_get_metadata+0x11d/0x180
[ 1138.147627][T16644]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1138.153416][T16644]  drm_compat_ioctl+0x49a/0x530
[ 1138.158254][T16644]  ? security_file_ioctl+0x1a8/0x200
[ 1138.163555][T16644]  ? kcalloc+0xe0/0xe0
[ 1138.167615][T16644]  __se_compat_sys_ioctl+0x57c/0xed0
[ 1138.172884][T16644]  ? kmsan_get_metadata+0x4f/0x180
[ 1138.177986][T16644]  ? kmsan_get_metadata+0x11d/0x180
[ 1138.183180][T16644]  __ia32_compat_sys_ioctl+0x4a/0x70
[ 1138.188470][T16644]  ? compat_ptr_ioctl+0x150/0x150
[ 1138.193489][T16644]  do_fast_syscall_32+0x3bf/0x6d0
[ 1138.198698][T16644]  entry_SYSENTER_compat+0x68/0x77
[ 1138.203812][T16644] RIP: 0023:0xf7fbedd9
[ 1138.208050][T16644] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 1138.227643][T16644] RSP: 002b:00000000f7fb90cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1138.236173][T16644] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c02064b2
[ 1138.244156][T16644] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1138.252127][T16644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1138.260117][T16644] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1138.268087][T16644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1138.277626][T16644] Kernel Offset: 0x1d800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1138.290094][T16644] Rebooting in 86400 seconds..