[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.215' (ECDSA) to the list of known hosts. 2021/10/21 13:38:16 fuzzer started 2021/10/21 13:38:16 connecting to host at 10.128.0.169:43927 2021/10/21 13:38:16 checking machine... 2021/10/21 13:38:16 checking revisions... 2021/10/21 13:38:16 testing simple program... syzkaller login: [ 141.422028][ T6384] cgroup: Unknown subsys name 'net' [ 141.452104][ T6384] cgroup: Unknown subsys name 'rlimit' executing program executing program [ 148.117680][ T6396] chnl_net:caif_netlink_parms(): no params data found [ 148.305579][ T6396] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.312885][ T6396] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.321039][ T6396] device bridge_slave_0 entered promiscuous mode [ 148.332826][ T6396] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.340059][ T6396] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.349539][ T6396] device bridge_slave_1 entered promiscuous mode [ 148.399000][ T6396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.412531][ T6396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.462572][ T6396] team0: Port device team_slave_0 added [ 148.472284][ T6396] team0: Port device team_slave_1 added [ 148.517375][ T6396] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.524538][ T6396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.550878][ T6396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.565074][ T6396] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.572074][ T6396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.598437][ T6396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.655367][ T6396] device hsr_slave_0 entered promiscuous mode [ 148.663353][ T6396] device hsr_slave_1 entered promiscuous mode [ 148.856293][ T6396] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 148.867829][ T6396] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 148.883634][ T6396] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 148.900008][ T6396] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 148.956320][ T6396] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.963579][ T6396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.971068][ T6396] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.978469][ T6396] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.062141][ T6396] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.069929][ T2842] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.081642][ T2842] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.094806][ T2842] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 149.123644][ T6396] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.130924][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 149.139945][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 149.154642][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.164612][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.174254][ T1092] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.181478][ T1092] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.203798][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.213635][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.222490][ T1092] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.229868][ T1092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.238358][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 149.257507][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 149.274665][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 149.284322][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.295290][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 149.311958][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 149.322528][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.344500][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 149.354012][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 149.363572][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 149.372494][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.387958][ T6396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 149.417141][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 149.425091][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 149.446291][ T6396] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.481079][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 149.490676][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 149.525937][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 149.535314][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 149.546196][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 149.555586][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 149.569721][ T6396] device veth0_vlan entered promiscuous mode [ 149.589815][ T6396] device veth1_vlan entered promiscuous mode [ 149.630352][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 149.639752][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 149.649174][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 149.659132][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 149.676826][ T6396] device veth0_macvtap entered promiscuous mode [ 149.691329][ T6396] device veth1_macvtap entered promiscuous mode [ 149.712779][ T217] Bluetooth: hci0: command 0x0409 tx timeout [ 149.727890][ T6396] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.735974][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 149.745408][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 149.754698][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 149.764731][ T217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 149.781097][ T6396] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.789500][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 149.799631][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 149.817127][ T6396] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 149.826323][ T6396] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.835868][ T6396] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.844924][ T6396] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.984674][ T1034] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.992850][ T1034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.021685][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 150.051390][ T142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.059525][ T142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.069755][ T1092] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 150.099226][ T6396] ===================================================== [ 150.106252][ T6396] BUG: KMSAN: uninit-value in number+0xd27/0x24c0 [ 150.112670][ T6396] number+0xd27/0x24c0 [ 150.116756][ T6396] vsnprintf+0x1f3a/0x36a0 [ 150.121195][ T6396] snprintf+0x244/0x290 [ 150.125344][ T6396] tomoyo_init_log+0xd39/0x3b50 [ 150.130190][ T6396] tomoyo_supervisor+0x8bd/0x2820 [ 150.135294][ T6396] tomoyo_mount_permission+0xc15/0x1700 [ 150.140829][ T6396] tomoyo_sb_mount+0xe9/0x100 [ 150.145501][ T6396] security_sb_mount+0x174/0x270 [ 150.150423][ T6396] path_mount+0x278/0x2960 [ 150.154828][ T6396] __se_sys_mount+0x8eb/0xa10 [ 150.159499][ T6396] __x64_sys_mount+0x15d/0x1b0 [ 150.164376][ T6396] do_syscall_64+0x54/0xd0 [ 150.168777][ T6396] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 150.174656][ T6396] [ 150.176960][ T6396] Local variable ----e4b@ext4_mb_regular_allocator created at: [ 150.184656][ T6396] ext4_mb_regular_allocator+0x7f/0x6c10 [ 150.190309][ T6396] ext4_mb_new_blocks+0x1073/0x33f0 [ 150.195514][ T6396] ===================================================== [ 150.202426][ T6396] Disabling lock debugging due to kernel taint [ 150.209222][ T6396] Kernel panic - not syncing: panic_on_kmsan set ... [ 150.215901][ T6396] CPU: 0 PID: 6396 Comm: syz-executor.0 Tainted: G B 5.15.0-rc2-syzkaller #0 [ 150.226158][ T6396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 150.236320][ T6396] Call Trace: [ 150.239587][ T6396] dump_stack_lvl+0x1ff/0x28e [ 150.244341][ T6396] dump_stack+0x25/0x28 [ 150.248484][ T6396] panic+0x44f/0xdeb [ 150.252381][ T6396] ? add_taint+0x187/0x210 [ 150.256793][ T6396] ? add_taint+0x187/0x210 [ 150.261222][ T6396] kmsan_report+0x2ee/0x300 [ 150.265730][ T6396] ? __msan_warning+0xa9/0xf0 [ 150.270452][ T6396] ? number+0xd27/0x24c0 [ 150.274805][ T6396] ? vsnprintf+0x1f3a/0x36a0 [ 150.279397][ T6396] ? snprintf+0x244/0x290 [ 150.283714][ T6396] ? tomoyo_init_log+0xd39/0x3b50 [ 150.288750][ T6396] ? tomoyo_supervisor+0x8bd/0x2820 [ 150.293938][ T6396] ? tomoyo_mount_permission+0xc15/0x1700 [ 150.299652][ T6396] ? tomoyo_sb_mount+0xe9/0x100 [ 150.304489][ T6396] ? security_sb_mount+0x174/0x270 [ 150.309585][ T6396] ? path_mount+0x278/0x2960 [ 150.314161][ T6396] ? __se_sys_mount+0x8eb/0xa10 [ 150.319001][ T6396] ? __x64_sys_mount+0x15d/0x1b0 [ 150.323949][ T6396] ? do_syscall_64+0x54/0xd0 [ 150.328545][ T6396] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 150.334608][ T6396] ? kmsan_internal_set_shadow_origin+0x52/0xc0 [ 150.340843][ T6396] ? __msan_poison_alloca+0x131/0x170 [ 150.346205][ T6396] __msan_warning+0xa9/0xf0 [ 150.350702][ T6396] number+0xd27/0x24c0 [ 150.354759][ T6396] ? kmsan_internal_set_shadow_origin+0x52/0xc0 [ 150.360990][ T6396] vsnprintf+0x1f3a/0x36a0 [ 150.365397][ T6396] snprintf+0x244/0x290 [ 150.369542][ T6396] tomoyo_init_log+0xd39/0x3b50 [ 150.374562][ T6396] tomoyo_supervisor+0x8bd/0x2820 [ 150.379579][ T6396] ? kmsan_get_shadow_origin_ptr+0x90/0xc0 [ 150.385369][ T6396] ? tomoyo_check_acl+0x591/0x630 [ 150.390381][ T6396] ? tomoyo_mount_permission+0x1700/0x1700 [ 150.396177][ T6396] ? kmsan_get_shadow_origin_ptr+0x90/0xc0 [ 150.401967][ T6396] tomoyo_mount_permission+0xc15/0x1700 [ 150.407506][ T6396] ? terminate_walk+0x611/0x6e0 [ 150.412362][ T6396] tomoyo_sb_mount+0xe9/0x100 [ 150.417032][ T6396] ? tomoyo_path_chroot+0x60/0x60 [ 150.422047][ T6396] security_sb_mount+0x174/0x270 [ 150.426981][ T6396] path_mount+0x278/0x2960 [ 150.431393][ T6396] __se_sys_mount+0x8eb/0xa10 [ 150.436059][ T6396] ? kmsan_internal_set_shadow_origin+0x52/0xc0 [ 150.442312][ T6396] ? kmsan_get_metadata+0x11b/0x180 [ 150.447496][ T6396] __x64_sys_mount+0x15d/0x1b0 [ 150.452252][ T6396] do_syscall_64+0x54/0xd0 [ 150.457098][ T6396] ? irqentry_exit+0x12/0x30 [ 150.461678][ T6396] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 150.467563][ T6396] RIP: 0033:0x7f70309b9f6a [ 150.472063][ T6396] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 150.491782][ T6396] RSP: 002b:00007f7030feffa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 150.500196][ T6396] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f70309b9f6a [ 150.508166][ T6396] RDX: 00007f7030a20b37 RSI: 00007f7030a13045 RDI: 00007f7030a3ae5a [ 150.516138][ T6396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 150.524108][ T6396] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7030abcbf0 [ 150.532103][ T6396] R13: 00007ffd452f4b20 R14: 0000000000000000 R15: 00000000000000f8 [ 150.540907][ T6396] Kernel Offset: disabled [ 150.545250][ T6396] Rebooting in 86400 seconds..