[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts.
2020/09/08 20:47:05 fuzzer started
2020/09/08 20:47:05 dialing manager at 10.128.0.26:46153
2020/09/08 20:47:06 syscalls: 3166
2020/09/08 20:47:06 code coverage: enabled
2020/09/08 20:47:06 comparison tracing: enabled
2020/09/08 20:47:06 extra coverage: enabled
2020/09/08 20:47:06 setuid sandbox: enabled
2020/09/08 20:47:06 namespace sandbox: enabled
2020/09/08 20:47:06 Android sandbox: /sys/fs/selinux/policy does not exist
2020/09/08 20:47:06 fault injection: enabled
2020/09/08 20:47:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/09/08 20:47:06 net packet injection: enabled
2020/09/08 20:47:06 net device setup: enabled
2020/09/08 20:47:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/09/08 20:47:06 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/09/08 20:47:06 USB emulation: enabled
2020/09/08 20:47:06 hci packet injection: enabled
20:51:39 executing program 0:
r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)='Z', 0x1, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce003d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0x2b2, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r0, r1, r1}, &(0x7f0000000240)=""/183, 0xb7, &(0x7f0000001580)={&(0x7f0000001500)={'poly1305-simd\x00'}})

syzkaller login: [  421.410160][ T8494] IPVS: ftp: loaded support on port[0] = 21
[  421.794275][ T8494] chnl_net:caif_netlink_parms(): no params data found
[  421.933302][ T8494] bridge0: port 1(bridge_slave_0) entered blocking state
[  421.941503][ T8494] bridge0: port 1(bridge_slave_0) entered disabled state
[  421.951085][ T8494] device bridge_slave_0 entered promiscuous mode
[  421.964069][ T8494] bridge0: port 2(bridge_slave_1) entered blocking state
[  421.971479][ T8494] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.981049][ T8494] device bridge_slave_1 entered promiscuous mode
[  422.027690][ T8494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  422.044124][ T8494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  422.091885][ T8494] team0: Port device team_slave_0 added
[  422.105001][ T8494] team0: Port device team_slave_1 added
[  422.146520][ T8494] batman_adv: batadv0: Adding interface: batadv_slave_0
[  422.154169][ T8494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  422.180682][ T8494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  422.196795][ T8494] batman_adv: batadv0: Adding interface: batadv_slave_1
[  422.204124][ T8494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  422.230676][ T8494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  422.291352][ T8494] device hsr_slave_0 entered promiscuous mode
[  422.304678][ T8494] device hsr_slave_1 entered promiscuous mode
[  422.567455][ T8494] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  422.593352][ T8494] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  422.631348][ T8494] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  422.668405][ T8494] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  422.993246][ T8494] 8021q: adding VLAN 0 to HW filter on device bond0
[  423.028224][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  423.038136][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  423.063388][ T8494] 8021q: adding VLAN 0 to HW filter on device team0
[  423.089076][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  423.101278][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  423.110824][ T3219] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.118051][ T3219] bridge0: port 1(bridge_slave_0) entered forwarding state
[  423.182250][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  423.191770][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  423.201749][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  423.211252][ T3219] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.218476][ T3219] bridge0: port 2(bridge_slave_1) entered forwarding state
[  423.227547][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  423.238436][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  423.249317][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  423.259971][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  423.276278][ T3219] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  423.285823][ T3219] Bluetooth: hci0: command 0x0409 tx timeout
[  423.298831][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  423.310027][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  423.355308][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  423.365215][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  423.375354][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  423.384937][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  423.408810][ T8494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  423.462057][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  423.470244][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  423.510590][ T8494] 8021q: adding VLAN 0 to HW filter on device batadv0
[  423.573502][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  423.583982][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  423.644149][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  423.654163][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  423.672503][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  423.681814][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  423.712613][ T8494] device veth0_vlan entered promiscuous mode
[  423.748815][ T8494] device veth1_vlan entered promiscuous mode
[  423.831040][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  423.841276][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  423.867706][ T8494] device veth0_macvtap entered promiscuous mode
[  423.893211][ T8494] device veth1_macvtap entered promiscuous mode
[  423.948901][ T8494] batman_adv: batadv0: Interface activated: batadv_slave_0
[  423.956823][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  423.966904][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  423.976475][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  423.986665][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  424.023114][ T8494] batman_adv: batadv0: Interface activated: batadv_slave_1
[  424.042750][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  424.053697][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  424.502015][ T8711] =====================================================
[  424.509148][ T8711] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90
[  424.516626][ T8711] CPU: 0 PID: 8711 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0
[  424.525304][ T8711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  424.535377][ T8711] Call Trace:
[  424.538771][ T8711]  dump_stack+0x21c/0x280
[  424.543149][ T8711]  kmsan_report+0xf7/0x1e0
[  424.547618][ T8711]  kmsan_internal_check_memory+0x358/0x3d0
[  424.553530][ T8711]  ? crypto_shash_final+0x3cd/0x480
[  424.558747][ T8711]  kmsan_copy_to_user+0x81/0x90
[  424.563656][ T8711]  _copy_to_user+0x18e/0x260
[  424.568307][ T8711]  __keyctl_dh_compute+0x24ea/0x2fa0
[  424.573642][ T8711]  keyctl_dh_compute+0x234/0x280
[  424.578609][ T8711]  __se_sys_keyctl+0x1181/0x1fe0
[  424.583572][ T8711]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  424.589386][ T8711]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  424.595590][ T8711]  ? __prepare_exit_to_usermode+0x16c/0x560
[  424.601493][ T8711]  ? kmsan_get_metadata+0x116/0x180
[  424.606698][ T8711]  ? kmsan_get_metadata+0x116/0x180
[  424.611904][ T8711]  ? kmsan_set_origin_checked+0x95/0xf0
[  424.617471][ T8711]  __x64_sys_keyctl+0x62/0x80
[  424.622314][ T8711]  do_syscall_64+0xad/0x160
[  424.626907][ T8711]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  424.632816][ T8711] RIP: 0033:0x45d5b9
[  424.636709][ T8711] Code: Bad RIP value.
[  424.640776][ T8711] RSP: 002b:00007fb456564c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  424.649257][ T8711] RAX: ffffffffffffffda RBX: 000000000001fdc0 RCX: 000000000045d5b9
[  424.657234][ T8711] RDX: 0000000020000240 RSI: 0000000020000000 RDI: 0000000000000017
[  424.665219][ T8711] RBP: 000000000118cf90 R08: 0000000020001580 R09: 0000000000000000
[  424.673205][ T8711] R10: 00000000000000b7 R11: 0000000000000246 R12: 000000000118cf4c
[  424.681195][ T8711] R13: 000000000169fb6f R14: 00007fb4565659c0 R15: 000000000118cf4c
[  424.689186][ T8711] 
[  424.691512][ T8711] Uninit was created at:
[  424.695766][ T8711]  kmsan_internal_poison_shadow+0x66/0xd0
[  424.701496][ T8711]  kmsan_slab_alloc+0x8a/0xe0
[  424.706250][ T8711]  __kmalloc+0x312/0x410
[  424.710501][ T8711]  __keyctl_dh_compute+0x1f82/0x2fa0
[  424.715789][ T8711]  keyctl_dh_compute+0x234/0x280
[  424.720733][ T8711]  __se_sys_keyctl+0x1181/0x1fe0
[  424.725671][ T8711]  __x64_sys_keyctl+0x62/0x80
[  424.730354][ T8711]  do_syscall_64+0xad/0x160
[  424.734864][ T8711]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  424.740745][ T8711] 
[  424.743078][ T8711] Bytes 0-182 of 183 are uninitialized
[  424.748531][ T8711] Memory access of size 183 starts at ffff88803abc10c0
[  424.755481][ T8711] Data copied to user address 0000000020000240
[  424.761645][ T8711] =====================================================
[  424.768570][ T8711] Disabling lock debugging due to kernel taint
[  424.774727][ T8711] Kernel panic - not syncing: panic_on_warn set ...
[  424.781340][ T8711] CPU: 0 PID: 8711 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  424.791317][ T8711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  424.801384][ T8711] Call Trace:
[  424.804697][ T8711]  dump_stack+0x21c/0x280
[  424.809120][ T8711]  panic+0x4d7/0xef7
[  424.813044][ T8711]  ? add_taint+0x17c/0x210
[  424.817474][ T8711]  kmsan_report+0x1df/0x1e0
[  424.821990][ T8711]  kmsan_internal_check_memory+0x358/0x3d0
[  424.827892][ T8711]  ? crypto_shash_final+0x3cd/0x480
[  424.833106][ T8711]  kmsan_copy_to_user+0x81/0x90
[  424.837966][ T8711]  _copy_to_user+0x18e/0x260
[  424.842573][ T8711]  __keyctl_dh_compute+0x24ea/0x2fa0
[  424.847912][ T8711]  keyctl_dh_compute+0x234/0x280
[  424.852870][ T8711]  __se_sys_keyctl+0x1181/0x1fe0
[  424.857826][ T8711]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  424.863638][ T8711]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  424.869796][ T8711]  ? __prepare_exit_to_usermode+0x16c/0x560
[  424.875695][ T8711]  ? kmsan_get_metadata+0x116/0x180
[  424.880905][ T8711]  ? kmsan_get_metadata+0x116/0x180
[  424.886110][ T8711]  ? kmsan_set_origin_checked+0x95/0xf0
[  424.891669][ T8711]  __x64_sys_keyctl+0x62/0x80
[  424.896355][ T8711]  do_syscall_64+0xad/0x160
[  424.900871][ T8711]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  424.906768][ T8711] RIP: 0033:0x45d5b9
[  424.910666][ T8711] Code: Bad RIP value.
[  424.914729][ T8711] RSP: 002b:00007fb456564c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  424.923147][ T8711] RAX: ffffffffffffffda RBX: 000000000001fdc0 RCX: 000000000045d5b9
[  424.931124][ T8711] RDX: 0000000020000240 RSI: 0000000020000000 RDI: 0000000000000017
[  424.939096][ T8711] RBP: 000000000118cf90 R08: 0000000020001580 R09: 0000000000000000
[  424.947065][ T8711] R10: 00000000000000b7 R11: 0000000000000246 R12: 000000000118cf4c
[  424.955040][ T8711] R13: 000000000169fb6f R14: 00007fb4565659c0 R15: 000000000118cf4c
[  424.964489][ T8711] Kernel Offset: disabled
[  424.968812][ T8711] Rebooting in 86400 seconds..