Starting Permit User Sessions... Starting getty on tty2-tty6 if dbus and logind are not available... Starting System Logging Service... [ OK ] Started Regular background program processing daemon. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started System Logging Service. [ **] (1 of 2) A start job is running for…ot available (1min 27s / no limit) [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 2020/09/22 13:03:19 fuzzer started 2020/09/22 13:03:21 dialing manager at 10.128.0.26:43153 2020/09/22 13:03:21 syscalls: 3319 2020/09/22 13:03:21 code coverage: enabled 2020/09/22 13:03:21 comparison tracing: enabled 2020/09/22 13:03:21 extra coverage: enabled 2020/09/22 13:03:21 setuid sandbox: enabled 2020/09/22 13:03:21 namespace sandbox: enabled 2020/09/22 13:03:21 Android sandbox: enabled 2020/09/22 13:03:21 fault injection: enabled 2020/09/22 13:03:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/22 13:03:21 net packet injection: enabled 2020/09/22 13:03:21 net device setup: enabled 2020/09/22 13:03:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/22 13:03:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/22 13:03:21 USB emulation: enabled 2020/09/22 13:03:21 hci packet injection: enabled 13:06:31 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x410202, 0x0) r1 = getuid() r2 = syz_mount_image$tmpfs(&(0x7f00000001c0)='tmpfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='mode=00000000000000000000204,uid=', @ANYRESHEX=r1]) copy_file_range(r0, 0x0, r2, 0x0, 0x0, 0x0) syzkaller login: [ 355.375999][ T28] audit: type=1400 audit(1600779991.316:8): avc: denied { execmem } for pid=8507 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 356.950897][ T8508] IPVS: ftp: loaded support on port[0] = 21 [ 357.454926][ T8508] chnl_net:caif_netlink_parms(): no params data found [ 357.699393][ T8508] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.706890][ T8508] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.716308][ T8508] device bridge_slave_0 entered promiscuous mode [ 357.737757][ T8508] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.745080][ T8508] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.754667][ T8508] device bridge_slave_1 entered promiscuous mode [ 357.819637][ T8508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 357.838843][ T8508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 357.899380][ T8508] team0: Port device team_slave_0 added [ 357.914211][ T8508] team0: Port device team_slave_1 added [ 357.964913][ T8508] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 357.972150][ T8508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 357.998358][ T8508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 358.014900][ T8508] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 358.022703][ T8508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.048952][ T8508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 358.118838][ T8508] device hsr_slave_0 entered promiscuous mode [ 358.129380][ T8508] device hsr_slave_1 entered promiscuous mode [ 358.432571][ T8508] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 358.492407][ T8508] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 358.520249][ T8508] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 358.556774][ T8508] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 358.837323][ T27] Bluetooth: hci0: command 0x0409 tx timeout [ 358.873817][ T8508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 358.908936][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 358.918240][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 358.945291][ T8508] 8021q: adding VLAN 0 to HW filter on device team0 [ 358.969239][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 358.980111][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 358.989434][ T27] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.996821][ T27] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.018090][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 359.027715][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 359.037454][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 359.046782][ T27] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.053992][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state [ 359.072534][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 359.097125][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 359.118431][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 359.129200][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 359.167238][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 359.177032][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 359.187879][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 359.227535][ T8508] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 359.238530][ T8508] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 359.258873][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 359.268777][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 359.278968][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 359.288500][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 359.311530][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 359.360060][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 359.367797][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 359.399228][ T8508] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 359.458089][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 359.469945][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 359.524557][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 359.534910][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 359.558656][ T8508] device veth0_vlan entered promiscuous mode [ 359.569297][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 359.578090][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 359.611517][ T8508] device veth1_vlan entered promiscuous mode [ 359.687266][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 359.696777][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 359.706129][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 359.715983][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 359.739601][ T8508] device veth0_macvtap entered promiscuous mode [ 359.760981][ T8508] device veth1_macvtap entered promiscuous mode [ 359.825255][ T8508] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 359.833499][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 359.843544][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 359.852804][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 359.862761][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 359.891558][ T8508] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 359.900418][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 359.910701][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 359.928295][ T8508] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.937103][ T8508] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.945920][ T8508] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.955012][ T8508] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 13:06:36 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f0000000440)={[{@resize_size={'resize', 0x3d, 0xfffffffffffffffd}}]}) 13:06:36 executing program 0: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) renameat(0xffffffffffffff9c, &(0x7f00000022c0)='./file0/../file0\x00', 0xffffffffffffffff, 0x0) [ 360.920039][ T27] Bluetooth: hci0: command 0x041b tx timeout 13:06:37 executing program 0: syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x400}, {&(0x7f0000010a00)="4379d52700000000001000000000000002000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff01000000000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff010000000000000000000000000000008501000006000000010000000100000001000000040000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010b00)="000000000000000000000000000000000000000000000000000000002964039d0100030000000003000000003e", 0x2d, 0x200fe0}, {&(0x7f0000010c00)="000000000000000000000000000000000000000000000000000000060017000000010c80", 0x24, 0x2011e0}, {&(0x7f0000011600)="00000000000000000000000000000000000000000000000000000001000000004379d52700000000001000000000000002000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff01000000000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff010000000000000000000000000000008501000006000000010000000100000001000000040000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011700)="000000000000000000000000000000000000000000000000000000002964039d", 0x20, 0x205fe0}, {&(0x7f0000012100)="ed4100005cf90100535f010002000000001000000000000002", 0x19, 0x3e00000}, {&(0x7f0000012300)="00000000000000000300000003", 0xd, 0x3e00fe0}], 0x0, &(0x7f00000015c0)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0/file0\x00', 0x1415c2, 0x0) pwritev(r0, &(0x7f0000000480)=[{&(0x7f00000000c0)='6', 0x1}, {&(0x7f0000000140), 0x10000000}, {0x0}], 0x3, 0x0, 0x0) [ 361.384024][ T8748] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 361.392180][ T8748] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 361.414342][ T8748] F2FS-fs (loop0): invalid crc_offset: 0 [ 361.761319][ T8748] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 361.768716][ T8748] F2FS-fs (loop0): Mounted with checkpoint version = 27d57943 [ 362.169804][ T8748] ===================================================== [ 362.176892][ T8748] BUG: KMSAN: uninit-value in f2fs_lookup+0xe05/0x1a80 [ 362.183751][ T8748] CPU: 0 PID: 8748 Comm: syz-executor.0 Not tainted 5.9.0-rc4-syzkaller #0 [ 362.192331][ T8748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.202382][ T8748] Call Trace: [ 362.205749][ T8748] dump_stack+0x21c/0x280 [ 362.210166][ T8748] kmsan_report+0xf7/0x1e0 [ 362.214591][ T8748] __msan_warning+0x58/0xa0 [ 362.219104][ T8748] f2fs_lookup+0xe05/0x1a80 [ 362.223624][ T8748] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 362.229450][ T8748] ? f2fs_encrypted_get_link+0x570/0x570 [ 362.235152][ T8748] path_openat+0x2729/0x6a90 [ 362.239780][ T8748] ? kmsan_get_metadata+0x116/0x180 [ 362.244992][ T8748] do_filp_open+0x2b8/0x710 [ 362.249540][ T8748] do_sys_openat2+0xa88/0x1140 [ 362.254322][ T8748] __se_compat_sys_openat+0x2a4/0x310 [ 362.259708][ T8748] __ia32_compat_sys_openat+0x56/0x70 [ 362.265153][ T8748] __do_fast_syscall_32+0x129/0x180 [ 362.270361][ T8748] do_fast_syscall_32+0x6a/0xc0 [ 362.275220][ T8748] do_SYSENTER_32+0x73/0x90 [ 362.279767][ T8748] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 362.286109][ T8748] RIP: 0023:0xf7f71549 [ 362.290179][ T8748] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 362.309784][ T8748] RSP: 002b:00000000f556b0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 362.318250][ T8748] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000440 [ 362.326220][ T8748] RDX: 00000000001415c2 RSI: 0000000000000000 RDI: 0000000000000000 [ 362.334189][ T8748] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 362.342159][ T8748] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 362.350130][ T8748] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 362.358121][ T8748] [ 362.360440][ T8748] Local variable ----page@f2fs_lookup created at: [ 362.366862][ T8748] f2fs_lookup+0x8f/0x1a80 [ 362.371278][ T8748] f2fs_lookup+0x8f/0x1a80 [ 362.375679][ T8748] ===================================================== [ 362.382599][ T8748] Disabling lock debugging due to kernel taint [ 362.388740][ T8748] Kernel panic - not syncing: panic_on_warn set ... [ 362.395329][ T8748] CPU: 0 PID: 8748 Comm: syz-executor.0 Tainted: G B 5.9.0-rc4-syzkaller #0 [ 362.407551][ T8748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.417600][ T8748] Call Trace: [ 362.420894][ T8748] dump_stack+0x21c/0x280 [ 362.425321][ T8748] panic+0x4d7/0xef7 [ 362.429236][ T8748] ? add_taint+0x17c/0x210 [ 362.433657][ T8748] kmsan_report+0x1df/0x1e0 [ 362.438164][ T8748] __msan_warning+0x58/0xa0 [ 362.442674][ T8748] f2fs_lookup+0xe05/0x1a80 [ 362.447191][ T8748] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 362.453007][ T8748] ? f2fs_encrypted_get_link+0x570/0x570 [ 362.458640][ T8748] path_openat+0x2729/0x6a90 [ 362.463266][ T8748] ? kmsan_get_metadata+0x116/0x180 [ 362.468472][ T8748] do_filp_open+0x2b8/0x710 [ 362.473001][ T8748] do_sys_openat2+0xa88/0x1140 [ 362.477786][ T8748] __se_compat_sys_openat+0x2a4/0x310 [ 362.483172][ T8748] __ia32_compat_sys_openat+0x56/0x70 [ 362.488560][ T8748] __do_fast_syscall_32+0x129/0x180 [ 362.493763][ T8748] do_fast_syscall_32+0x6a/0xc0 [ 362.498704][ T8748] do_SYSENTER_32+0x73/0x90 [ 362.503209][ T8748] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 362.509531][ T8748] RIP: 0023:0xf7f71549 [ 362.513610][ T8748] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 362.533239][ T8748] RSP: 002b:00000000f556b0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 362.541663][ T8748] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000440 [ 362.549643][ T8748] RDX: 00000000001415c2 RSI: 0000000000000000 RDI: 0000000000000000 [ 362.557610][ T8748] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 362.565665][ T8748] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 362.573638][ T8748] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 362.582858][ T8748] Kernel Offset: disabled [ 362.587173][ T8748] Rebooting in 86400 seconds..