[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts.
2020/07/18 07:15:18 fuzzer started
2020/07/18 07:15:19 dialing manager at 10.128.0.26:41463
2020/07/18 07:15:19 syscalls: 2944
2020/07/18 07:15:19 code coverage: enabled
2020/07/18 07:15:19 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2020/07/18 07:15:19 extra coverage: enabled
2020/07/18 07:15:19 setuid sandbox: enabled
2020/07/18 07:15:19 namespace sandbox: enabled
2020/07/18 07:15:19 Android sandbox: /sys/fs/selinux/policy does not exist
2020/07/18 07:15:19 fault injection: enabled
2020/07/18 07:15:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/07/18 07:15:19 net packet injection: enabled
2020/07/18 07:15:19 net device setup: enabled
2020/07/18 07:15:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/07/18 07:15:19 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/07/18 07:15:19 USB emulation: /dev/raw-gadget does not exist
07:18:38 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000200)="26000000130047f10701c1b00ef90000078f7ed79f0b5ef239077f57a088b4d11ca21a16ea26", 0x26)
unshare(0x20600)
mmap(&(0x7f0000f91000/0xa000)=nil, 0xa000, 0x1, 0x31, 0xffffffffffffffff, 0x0)
recvmsg(r0, &(0x7f0000f95fd7)={0x0, 0x0, 0x0}, 0x0)

syzkaller login: [  317.261034][ T8484] IPVS: ftp: loaded support on port[0] = 21
[  317.501705][ T8484] chnl_net:caif_netlink_parms(): no params data found
[  317.692802][ T8484] bridge0: port 1(bridge_slave_0) entered blocking state
[  317.700133][ T8484] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.709813][ T8484] device bridge_slave_0 entered promiscuous mode
[  317.722264][ T8484] bridge0: port 2(bridge_slave_1) entered blocking state
[  317.729935][ T8484] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.739110][ T8484] device bridge_slave_1 entered promiscuous mode
[  317.782878][ T8484] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  317.799113][ T8484] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  317.842855][ T8484] team0: Port device team_slave_0 added
[  317.853433][ T8484] team0: Port device team_slave_1 added
[  317.892105][ T8484] batman_adv: batadv0: Adding interface: batadv_slave_0
[  317.899265][ T8484] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  317.926047][ T8484] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  317.940482][ T8484] batman_adv: batadv0: Adding interface: batadv_slave_1
[  317.948445][ T8484] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  317.974531][ T8484] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  318.065059][ T8484] device hsr_slave_0 entered promiscuous mode
[  318.128630][ T8484] device hsr_slave_1 entered promiscuous mode
[  318.655159][ T8484] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  318.701406][ T8484] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  318.804666][ T8484] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  318.864698][ T8484] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  319.166368][ T8484] 8021q: adding VLAN 0 to HW filter on device bond0
[  319.212098][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  319.221071][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  319.250406][ T8484] 8021q: adding VLAN 0 to HW filter on device team0
[  319.266971][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  319.276849][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  319.286158][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.293532][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  319.353457][ T8484] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  319.364495][ T8484] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  319.380611][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  319.389601][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  319.399610][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  319.408999][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.416227][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  319.425134][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  319.435787][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  319.446541][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  319.456741][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  319.467017][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  319.477162][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  319.487453][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  319.496891][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  319.507072][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  319.516667][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  319.534705][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  319.544380][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  319.585713][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  319.593391][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  319.613815][ T8484] 8021q: adding VLAN 0 to HW filter on device batadv0
[  319.683505][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  319.693766][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  319.746129][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  319.756281][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  319.774214][ T8484] device veth0_vlan entered promiscuous mode
[  319.792144][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  319.800853][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  319.829836][ T8484] device veth1_vlan entered promiscuous mode
[  319.873382][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  319.882752][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  319.892019][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  319.901805][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  319.918054][ T8484] device veth0_macvtap entered promiscuous mode
[  319.933942][ T8484] device veth1_macvtap entered promiscuous mode
[  319.966564][ T8484] batman_adv: batadv0: Interface activated: batadv_slave_0
[  319.978926][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  319.988092][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  319.997059][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  320.007918][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  320.026283][ T8484] batman_adv: batadv0: Interface activated: batadv_slave_1
[  320.068666][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  320.078779][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
07:18:42 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x6b)
getsockopt$IP6T_SO_GET_INFO(r0, 0x3a, 0x40, 0x0, 0x0)

07:18:42 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x74}, {0x16}]})

[  320.494278][ T8698] =====================================================
[  320.501258][ T8698] BUG: KMSAN: uninit-value in __seccomp_filter+0x10bc/0x2720
[  320.508717][ T8698] CPU: 0 PID: 8698 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0
[  320.517312][ T8698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.527366][ T8698] Call Trace:
[  320.530765][ T8698]  dump_stack+0x1df/0x240
[  320.535101][ T8698]  kmsan_report+0xf7/0x1e0
[  320.539525][ T8698]  __msan_warning+0x58/0xa0
[  320.544035][ T8698]  __seccomp_filter+0x10bc/0x2720
[  320.549182][ T8698]  ? kmsan_get_metadata+0x11d/0x180
[  320.554398][ T8698]  ? kmsan_get_metadata+0x4f/0x180
[  320.559516][ T8698]  ? kmsan_get_metadata+0x4f/0x180
[  320.564633][ T8698]  __secure_computing+0x1fa/0x380
[  320.569668][ T8698]  syscall_trace_enter+0x63b/0xe10
[  320.574815][ T8698]  do_syscall_64+0x54/0x150
[  320.579321][ T8698]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  320.585203][ T8698] RIP: 0033:0x45f01a
[  320.589108][ T8698] Code: Bad RIP value.
[  320.593167][ T8698] RSP: 002b:00007f3c5ff90c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4
[  320.601577][ T8698] RAX: ffffffffffffffda RBX: 00000000004d6388 RCX: 000000000045f01a
[  320.609547][ T8698] RDX: 0000000000005ab5 RSI: 00007f3c5ff90c60 RDI: 0000000000000001
[  320.617513][ T8698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  320.625476][ T8698] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e
[  320.633447][ T8698] R13: 0000000000c9fb6f R14: 000000000078bf00 R15: 000000000078bf0c
[  320.641420][ T8698] 
[  320.643740][ T8698] Uninit was stored to memory at:
[  320.648767][ T8698]  kmsan_internal_chain_origin+0xad/0x130
[  320.654481][ T8698]  __msan_chain_origin+0x50/0x90
[  320.659416][ T8698]  ___bpf_prog_run+0x7636/0x97a0
[  320.664360][ T8698]  __bpf_prog_run32+0x101/0x170
[  320.669204][ T8698]  __seccomp_filter+0x59e/0x2720
[  320.674141][ T8698]  __secure_computing+0x1fa/0x380
[  320.679165][ T8698]  syscall_trace_enter+0x63b/0xe10
[  320.684273][ T8698]  do_syscall_64+0x54/0x150
[  320.688777][ T8698]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  320.694657][ T8698] 
[  320.696982][ T8698] Uninit was stored to memory at:
[  320.702001][ T8698]  kmsan_internal_chain_origin+0xad/0x130
[  320.707714][ T8698]  __msan_chain_origin+0x50/0x90
[  320.712650][ T8698]  ___bpf_prog_run+0x6c64/0x97a0
[  320.717592][ T8698]  __bpf_prog_run32+0x101/0x170
[  320.722436][ T8698]  __seccomp_filter+0x59e/0x2720
[  320.727370][ T8698]  __secure_computing+0x1fa/0x380
[  320.732392][ T8698]  syscall_trace_enter+0x63b/0xe10
[  320.737500][ T8698]  do_syscall_64+0x54/0x150
[  320.742008][ T8698]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  320.747886][ T8698] 
[  320.750211][ T8698] Local variable ----regs@__bpf_prog_run32 created at:
[  320.757058][ T8698]  __bpf_prog_run32+0x87/0x170
[  320.761826][ T8698]  __bpf_prog_run32+0x87/0x170
[  320.766573][ T8698] =====================================================
[  320.773491][ T8698] Disabling lock debugging due to kernel taint
[  320.779632][ T8698] Kernel panic - not syncing: panic_on_warn set ...
[  320.786303][ T8698] CPU: 0 PID: 8698 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  320.796263][ T8698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.806311][ T8698] Call Trace:
[  320.809616][ T8698]  dump_stack+0x1df/0x240
[  320.813948][ T8698]  panic+0x3d5/0xc3e
[  320.817911][ T8698]  kmsan_report+0x1df/0x1e0
[  320.822420][ T8698]  __msan_warning+0x58/0xa0
[  320.826924][ T8698]  __seccomp_filter+0x10bc/0x2720
[  320.831991][ T8698]  ? kmsan_get_metadata+0x11d/0x180
[  320.837186][ T8698]  ? kmsan_get_metadata+0x4f/0x180
[  320.842296][ T8698]  ? kmsan_get_metadata+0x4f/0x180
[  320.847409][ T8698]  __secure_computing+0x1fa/0x380
[  320.852440][ T8698]  syscall_trace_enter+0x63b/0xe10
[  320.857574][ T8698]  do_syscall_64+0x54/0x150
[  320.862077][ T8698]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  320.867968][ T8698] RIP: 0033:0x45f01a
[  320.871847][ T8698] Code: Bad RIP value.
[  320.875902][ T8698] RSP: 002b:00007f3c5ff90c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4
[  320.884306][ T8698] RAX: ffffffffffffffda RBX: 00000000004d6388 RCX: 000000000045f01a
[  320.892271][ T8698] RDX: 0000000000005ab5 RSI: 00007f3c5ff90c60 RDI: 0000000000000001
[  320.900239][ T8698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  320.908209][ T8698] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e
[  320.916176][ T8698] R13: 0000000000c9fb6f R14: 000000000078bf00 R15: 000000000078bf0c
[  320.925344][ T8698] Kernel Offset: 0x15400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  320.936951][ T8698] Rebooting in 86400 seconds..