[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts. 2020/08/31 13:36:40 fuzzer started 2020/08/31 13:36:41 dialing manager at 10.128.0.26:33875 2020/08/31 13:36:41 syscalls: 3166 2020/08/31 13:36:41 code coverage: enabled 2020/08/31 13:36:41 comparison tracing: enabled 2020/08/31 13:36:41 extra coverage: enabled 2020/08/31 13:36:41 setuid sandbox: enabled 2020/08/31 13:36:41 namespace sandbox: enabled 2020/08/31 13:36:41 Android sandbox: /sys/fs/selinux/policy does not exist 2020/08/31 13:36:41 fault injection: enabled 2020/08/31 13:36:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/08/31 13:36:41 net packet injection: enabled 2020/08/31 13:36:41 net device setup: enabled 2020/08/31 13:36:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/08/31 13:36:41 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/08/31 13:36:41 USB emulation: enabled 2020/08/31 13:36:41 hci packet injection: enabled 13:41:28 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000300)={0x8, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}}}}, 0x48) syzkaller login: [ 434.246491][ T8497] IPVS: ftp: loaded support on port[0] = 21 [ 434.656795][ T8497] chnl_net:caif_netlink_parms(): no params data found [ 434.781162][ T8497] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.788981][ T8497] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.798834][ T8497] device bridge_slave_0 entered promiscuous mode [ 434.812524][ T8497] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.820272][ T8497] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.830218][ T8497] device bridge_slave_1 entered promiscuous mode [ 434.875992][ T8497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 434.893065][ T8497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 434.939387][ T8497] team0: Port device team_slave_0 added [ 434.952388][ T8497] team0: Port device team_slave_1 added [ 434.991918][ T8497] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 434.999260][ T8497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 435.026084][ T8497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 435.043199][ T8497] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 435.051644][ T8497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 435.077816][ T8497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 435.140431][ T8497] device hsr_slave_0 entered promiscuous mode [ 435.150249][ T8497] device hsr_slave_1 entered promiscuous mode [ 435.412319][ T8497] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 435.449207][ T8497] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 435.485059][ T8497] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 435.525840][ T8497] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 435.840845][ T8497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 435.874450][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 435.884183][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 435.906184][ T8497] 8021q: adding VLAN 0 to HW filter on device team0 [ 435.928657][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 435.938732][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 435.949810][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 435.958242][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 436.006321][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 436.015770][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 436.025990][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 436.037326][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 436.044668][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 436.053809][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 436.065050][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 436.125241][ T8497] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 436.135796][ T8497] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 436.150684][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 436.156503][ T4603] Bluetooth: hci0: command 0x0409 tx timeout [ 436.162318][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 436.175660][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 436.186295][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 436.196846][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 436.206683][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 436.217034][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 436.226803][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 436.298962][ T8497] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 436.327537][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 436.337515][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 436.346594][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 436.354346][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 436.406460][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 436.417185][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 436.457065][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 436.466801][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 436.488967][ T8497] device veth0_vlan entered promiscuous mode [ 436.498108][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 436.507424][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 436.548967][ T8497] device veth1_vlan entered promiscuous mode [ 436.596638][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 436.606188][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 436.661376][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 436.672316][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 436.693251][ T8497] device veth0_macvtap entered promiscuous mode [ 436.718398][ T8497] device veth1_macvtap entered promiscuous mode [ 436.773343][ T8497] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 436.781257][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 436.791844][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 436.801423][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 436.811586][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 436.837781][ T8497] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 436.868571][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 436.878971][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 437.309842][ T8714] ===================================================== [ 437.316922][ T8714] BUG: KMSAN: uninit-value in xa_load+0xa59/0xa90 [ 437.323359][ T8714] CPU: 1 PID: 8714 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 437.331945][ T8714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.342380][ T8714] Call Trace: [ 437.345774][ T8714] dump_stack+0x21c/0x280 [ 437.350195][ T8714] kmsan_report+0xf7/0x1e0 [ 437.354718][ T8714] __msan_warning+0x58/0xa0 [ 437.359667][ T8714] xa_load+0xa59/0xa90 [ 437.363802][ T8714] ucma_get_ctx+0x82/0x3b0 [ 437.368381][ T8714] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 437.374214][ T8714] ucma_accept+0x29a/0xe40 [ 437.378671][ T8714] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 437.384824][ T8714] ? _copy_from_user+0x201/0x310 [ 437.389784][ T8714] ? kmsan_get_metadata+0x116/0x180 [ 437.394998][ T8714] ucma_write+0x64d/0x6e0 [ 437.399347][ T8714] ? ucma_get_global_nl_info+0xe0/0xe0 [ 437.404911][ T8714] vfs_write+0x6a3/0x17c0 [ 437.409263][ T8714] ? __msan_poison_alloca+0xf0/0x120 [ 437.414554][ T8714] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 437.420687][ T8714] ? kmsan_get_metadata+0x116/0x180 [ 437.425896][ T8714] ksys_write+0x275/0x500 [ 437.430268][ T8714] ? __prepare_exit_to_usermode+0x16c/0x560 [ 437.436304][ T8714] __se_sys_write+0x92/0xb0 [ 437.440848][ T8714] __x64_sys_write+0x4a/0x70 [ 437.445518][ T8714] do_syscall_64+0xad/0x160 [ 437.450113][ T8714] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 437.456009][ T8714] RIP: 0033:0x45d5b9 [ 437.459993][ T8714] Code: Bad RIP value. [ 437.464067][ T8714] RSP: 002b:00007f333c34ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 437.472484][ T8714] RAX: ffffffffffffffda RBX: 0000000000038640 RCX: 000000000045d5b9 [ 437.480461][ T8714] RDX: 0000000000000048 RSI: 0000000020000300 RDI: 0000000000000003 [ 437.488447][ T8714] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 437.496518][ T8714] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 437.504511][ T8714] R13: 000000000169fb6f R14: 00007f333c34b9c0 R15: 000000000118cf4c [ 437.512494][ T8714] [ 437.518396][ T8714] Local variable ----cmd@ucma_accept created at: [ 437.524730][ T8714] ucma_accept+0x91/0xe40 [ 437.529061][ T8714] ucma_accept+0x91/0xe40 [ 437.533384][ T8714] ===================================================== [ 437.540311][ T8714] Disabling lock debugging due to kernel taint [ 437.546468][ T8714] Kernel panic - not syncing: panic_on_warn set ... [ 437.553069][ T8714] CPU: 1 PID: 8714 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 437.563040][ T8714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.573120][ T8714] Call Trace: [ 437.576431][ T8714] dump_stack+0x21c/0x280 [ 437.580850][ T8714] panic+0x4d7/0xef7 [ 437.584772][ T8714] ? add_taint+0x17c/0x210 [ 437.589204][ T8714] kmsan_report+0x1df/0x1e0 [ 437.593720][ T8714] __msan_warning+0x58/0xa0 [ 437.598237][ T8714] xa_load+0xa59/0xa90 [ 437.602466][ T8714] ucma_get_ctx+0x82/0x3b0 [ 437.606980][ T8714] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 437.612879][ T8714] ucma_accept+0x29a/0xe40 [ 437.617323][ T8714] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 437.623416][ T8714] ? _copy_from_user+0x201/0x310 [ 437.628365][ T8714] ? kmsan_get_metadata+0x116/0x180 [ 437.633570][ T8714] ucma_write+0x64d/0x6e0 [ 437.637914][ T8714] ? ucma_get_global_nl_info+0xe0/0xe0 [ 437.643378][ T8714] vfs_write+0x6a3/0x17c0 [ 437.647730][ T8714] ? __msan_poison_alloca+0xf0/0x120 [ 437.653024][ T8714] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 437.658839][ T8714] ? kmsan_get_metadata+0x116/0x180 [ 437.664218][ T8714] ksys_write+0x275/0x500 [ 437.668564][ T8714] ? __prepare_exit_to_usermode+0x16c/0x560 [ 437.674462][ T8714] __se_sys_write+0x92/0xb0 [ 437.678981][ T8714] __x64_sys_write+0x4a/0x70 [ 437.683581][ T8714] do_syscall_64+0xad/0x160 [ 437.688189][ T8714] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 437.694083][ T8714] RIP: 0033:0x45d5b9 [ 437.697970][ T8714] Code: Bad RIP value. [ 437.702033][ T8714] RSP: 002b:00007f333c34ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 437.710458][ T8714] RAX: ffffffffffffffda RBX: 0000000000038640 RCX: 000000000045d5b9 [ 437.718436][ T8714] RDX: 0000000000000048 RSI: 0000000020000300 RDI: 0000000000000003 [ 437.726411][ T8714] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 437.734384][ T8714] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 437.742383][ T8714] R13: 000000000169fb6f R14: 00007f333c34b9c0 R15: 000000000118cf4c [ 437.751838][ T8714] Kernel Offset: disabled [ 437.756305][ T8714] Rebooting in 86400 seconds..