[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started System Logging Service.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts.
2020/08/31 13:36:40 fuzzer started
2020/08/31 13:36:41 dialing manager at 10.128.0.26:33875
2020/08/31 13:36:41 syscalls: 3166
2020/08/31 13:36:41 code coverage: enabled
2020/08/31 13:36:41 comparison tracing: enabled
2020/08/31 13:36:41 extra coverage: enabled
2020/08/31 13:36:41 setuid sandbox: enabled
2020/08/31 13:36:41 namespace sandbox: enabled
2020/08/31 13:36:41 Android sandbox: /sys/fs/selinux/policy does not exist
2020/08/31 13:36:41 fault injection: enabled
2020/08/31 13:36:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/08/31 13:36:41 net packet injection: enabled
2020/08/31 13:36:41 net device setup: enabled
2020/08/31 13:36:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/08/31 13:36:41 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/08/31 13:36:41 USB emulation: enabled
2020/08/31 13:36:41 hci packet injection: enabled
13:41:28 executing program 0:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000300)={0x8, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}}}}, 0x48)

syzkaller login: [  434.246491][ T8497] IPVS: ftp: loaded support on port[0] = 21
[  434.656795][ T8497] chnl_net:caif_netlink_parms(): no params data found
[  434.781162][ T8497] bridge0: port 1(bridge_slave_0) entered blocking state
[  434.788981][ T8497] bridge0: port 1(bridge_slave_0) entered disabled state
[  434.798834][ T8497] device bridge_slave_0 entered promiscuous mode
[  434.812524][ T8497] bridge0: port 2(bridge_slave_1) entered blocking state
[  434.820272][ T8497] bridge0: port 2(bridge_slave_1) entered disabled state
[  434.830218][ T8497] device bridge_slave_1 entered promiscuous mode
[  434.875992][ T8497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  434.893065][ T8497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  434.939387][ T8497] team0: Port device team_slave_0 added
[  434.952388][ T8497] team0: Port device team_slave_1 added
[  434.991918][ T8497] batman_adv: batadv0: Adding interface: batadv_slave_0
[  434.999260][ T8497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  435.026084][ T8497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  435.043199][ T8497] batman_adv: batadv0: Adding interface: batadv_slave_1
[  435.051644][ T8497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  435.077816][ T8497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  435.140431][ T8497] device hsr_slave_0 entered promiscuous mode
[  435.150249][ T8497] device hsr_slave_1 entered promiscuous mode
[  435.412319][ T8497] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  435.449207][ T8497] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  435.485059][ T8497] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  435.525840][ T8497] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  435.840845][ T8497] 8021q: adding VLAN 0 to HW filter on device bond0
[  435.874450][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  435.884183][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  435.906184][ T8497] 8021q: adding VLAN 0 to HW filter on device team0
[  435.928657][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  435.938732][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  435.949810][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[  435.958242][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[  436.006321][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  436.015770][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  436.025990][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  436.037326][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.044668][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  436.053809][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  436.065050][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  436.125241][ T8497] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  436.135796][ T8497] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  436.150684][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  436.156503][ T4603] Bluetooth: hci0: command 0x0409 tx timeout
[  436.162318][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  436.175660][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  436.186295][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  436.196846][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  436.206683][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  436.217034][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  436.226803][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  436.298962][ T8497] 8021q: adding VLAN 0 to HW filter on device batadv0
[  436.327537][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  436.337515][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  436.346594][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  436.354346][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  436.406460][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  436.417185][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  436.457065][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  436.466801][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  436.488967][ T8497] device veth0_vlan entered promiscuous mode
[  436.498108][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  436.507424][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  436.548967][ T8497] device veth1_vlan entered promiscuous mode
[  436.596638][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  436.606188][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  436.661376][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  436.672316][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  436.693251][ T8497] device veth0_macvtap entered promiscuous mode
[  436.718398][ T8497] device veth1_macvtap entered promiscuous mode
[  436.773343][ T8497] batman_adv: batadv0: Interface activated: batadv_slave_0
[  436.781257][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  436.791844][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  436.801423][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  436.811586][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  436.837781][ T8497] batman_adv: batadv0: Interface activated: batadv_slave_1
[  436.868571][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  436.878971][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  437.309842][ T8714] =====================================================
[  437.316922][ T8714] BUG: KMSAN: uninit-value in xa_load+0xa59/0xa90
[  437.323359][ T8714] CPU: 1 PID: 8714 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0
[  437.331945][ T8714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  437.342380][ T8714] Call Trace:
[  437.345774][ T8714]  dump_stack+0x21c/0x280
[  437.350195][ T8714]  kmsan_report+0xf7/0x1e0
[  437.354718][ T8714]  __msan_warning+0x58/0xa0
[  437.359667][ T8714]  xa_load+0xa59/0xa90
[  437.363802][ T8714]  ucma_get_ctx+0x82/0x3b0
[  437.368381][ T8714]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.374214][ T8714]  ucma_accept+0x29a/0xe40
[  437.378671][ T8714]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  437.384824][ T8714]  ? _copy_from_user+0x201/0x310
[  437.389784][ T8714]  ? kmsan_get_metadata+0x116/0x180
[  437.394998][ T8714]  ucma_write+0x64d/0x6e0
[  437.399347][ T8714]  ? ucma_get_global_nl_info+0xe0/0xe0
[  437.404911][ T8714]  vfs_write+0x6a3/0x17c0
[  437.409263][ T8714]  ? __msan_poison_alloca+0xf0/0x120
[  437.414554][ T8714]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.420687][ T8714]  ? kmsan_get_metadata+0x116/0x180
[  437.425896][ T8714]  ksys_write+0x275/0x500
[  437.430268][ T8714]  ? __prepare_exit_to_usermode+0x16c/0x560
[  437.436304][ T8714]  __se_sys_write+0x92/0xb0
[  437.440848][ T8714]  __x64_sys_write+0x4a/0x70
[  437.445518][ T8714]  do_syscall_64+0xad/0x160
[  437.450113][ T8714]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  437.456009][ T8714] RIP: 0033:0x45d5b9
[  437.459993][ T8714] Code: Bad RIP value.
[  437.464067][ T8714] RSP: 002b:00007f333c34ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  437.472484][ T8714] RAX: ffffffffffffffda RBX: 0000000000038640 RCX: 000000000045d5b9
[  437.480461][ T8714] RDX: 0000000000000048 RSI: 0000000020000300 RDI: 0000000000000003
[  437.488447][ T8714] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000
[  437.496518][ T8714] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
[  437.504511][ T8714] R13: 000000000169fb6f R14: 00007f333c34b9c0 R15: 000000000118cf4c
[  437.512494][ T8714] 
[  437.518396][ T8714] Local variable ----cmd@ucma_accept created at:
[  437.524730][ T8714]  ucma_accept+0x91/0xe40
[  437.529061][ T8714]  ucma_accept+0x91/0xe40
[  437.533384][ T8714] =====================================================
[  437.540311][ T8714] Disabling lock debugging due to kernel taint
[  437.546468][ T8714] Kernel panic - not syncing: panic_on_warn set ...
[  437.553069][ T8714] CPU: 1 PID: 8714 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  437.563040][ T8714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  437.573120][ T8714] Call Trace:
[  437.576431][ T8714]  dump_stack+0x21c/0x280
[  437.580850][ T8714]  panic+0x4d7/0xef7
[  437.584772][ T8714]  ? add_taint+0x17c/0x210
[  437.589204][ T8714]  kmsan_report+0x1df/0x1e0
[  437.593720][ T8714]  __msan_warning+0x58/0xa0
[  437.598237][ T8714]  xa_load+0xa59/0xa90
[  437.602466][ T8714]  ucma_get_ctx+0x82/0x3b0
[  437.606980][ T8714]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.612879][ T8714]  ucma_accept+0x29a/0xe40
[  437.617323][ T8714]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  437.623416][ T8714]  ? _copy_from_user+0x201/0x310
[  437.628365][ T8714]  ? kmsan_get_metadata+0x116/0x180
[  437.633570][ T8714]  ucma_write+0x64d/0x6e0
[  437.637914][ T8714]  ? ucma_get_global_nl_info+0xe0/0xe0
[  437.643378][ T8714]  vfs_write+0x6a3/0x17c0
[  437.647730][ T8714]  ? __msan_poison_alloca+0xf0/0x120
[  437.653024][ T8714]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  437.658839][ T8714]  ? kmsan_get_metadata+0x116/0x180
[  437.664218][ T8714]  ksys_write+0x275/0x500
[  437.668564][ T8714]  ? __prepare_exit_to_usermode+0x16c/0x560
[  437.674462][ T8714]  __se_sys_write+0x92/0xb0
[  437.678981][ T8714]  __x64_sys_write+0x4a/0x70
[  437.683581][ T8714]  do_syscall_64+0xad/0x160
[  437.688189][ T8714]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  437.694083][ T8714] RIP: 0033:0x45d5b9
[  437.697970][ T8714] Code: Bad RIP value.
[  437.702033][ T8714] RSP: 002b:00007f333c34ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  437.710458][ T8714] RAX: ffffffffffffffda RBX: 0000000000038640 RCX: 000000000045d5b9
[  437.718436][ T8714] RDX: 0000000000000048 RSI: 0000000020000300 RDI: 0000000000000003
[  437.726411][ T8714] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000
[  437.734384][ T8714] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
[  437.742383][ T8714] R13: 000000000169fb6f R14: 00007f333c34b9c0 R15: 000000000118cf4c
[  437.751838][ T8714] Kernel Offset: disabled
[  437.756305][ T8714] Rebooting in 86400 seconds..