Starting System Logging Service... Starting Permit User Sessions... [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Found device /dev/ttyS0. [ ***] (1 of 2) A start job is running for…Shell server (1min 28s / 2min 57s) [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 2020/09/04 09:51:36 fuzzer started 2020/09/04 09:51:36 dialing manager at 10.128.0.26:37991 2020/09/04 09:51:37 syscalls: 3315 2020/09/04 09:51:37 code coverage: enabled 2020/09/04 09:51:37 comparison tracing: enabled 2020/09/04 09:51:37 extra coverage: enabled 2020/09/04 09:51:37 setuid sandbox: enabled 2020/09/04 09:51:37 namespace sandbox: enabled 2020/09/04 09:51:37 Android sandbox: enabled 2020/09/04 09:51:37 fault injection: enabled 2020/09/04 09:51:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/04 09:51:37 net packet injection: enabled 2020/09/04 09:51:37 net device setup: enabled 2020/09/04 09:51:37 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/04 09:51:37 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/04 09:51:37 USB emulation: enabled 2020/09/04 09:51:37 hci packet injection: enabled 09:55:26 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x70, 0x0, 0x9, 0x301, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x865}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x70}}, 0x0) syzkaller login: [ 394.928561][ T29] audit: type=1400 audit(1599213327.014:8): avc: denied { execmem } for pid=8490 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 396.519686][ T8491] IPVS: ftp: loaded support on port[0] = 21 [ 397.107096][ T8491] chnl_net:caif_netlink_parms(): no params data found [ 397.295687][ T8491] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.303170][ T8491] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.312732][ T8491] device bridge_slave_0 entered promiscuous mode [ 397.326119][ T8491] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.333632][ T8491] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.343203][ T8491] device bridge_slave_1 entered promiscuous mode [ 397.398701][ T8491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 397.416808][ T8491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 397.470671][ T8491] team0: Port device team_slave_0 added [ 397.484698][ T8491] team0: Port device team_slave_1 added [ 397.529736][ T8491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 397.537328][ T8491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 397.563516][ T8491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 397.580429][ T8491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 397.588328][ T8491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 397.614441][ T8491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 397.678855][ T8491] device hsr_slave_0 entered promiscuous mode [ 397.688616][ T8491] device hsr_slave_1 entered promiscuous mode [ 397.976806][ T8491] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 398.045255][ T8491] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 398.073418][ T8491] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 398.112172][ T8491] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 398.411004][ T3653] Bluetooth: hci0: command 0x0409 tx timeout [ 398.429468][ T8491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.464150][ T8396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 398.473245][ T8396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 398.514816][ T8491] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.536943][ T8396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 398.547044][ T8396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 398.556498][ T8396] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.563914][ T8396] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.577580][ T8396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 398.595633][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 398.604950][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 398.614477][ T3653] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.621759][ T3653] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.682729][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 398.693838][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 398.704695][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 398.715090][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 398.770320][ T8491] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 398.780845][ T8491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 398.803495][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 398.813572][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 398.824048][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 398.834298][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 398.843760][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 398.853997][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 398.863556][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 398.889359][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 398.938817][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 398.946912][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 398.984945][ T8491] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.053156][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 399.063163][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 399.146986][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 399.156068][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 399.182779][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 399.192287][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 399.201762][ T8491] device veth0_vlan entered promiscuous mode [ 399.239640][ T8491] device veth1_vlan entered promiscuous mode [ 399.323516][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 399.332900][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 399.342368][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 399.352104][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 399.382529][ T8491] device veth0_macvtap entered promiscuous mode [ 399.412901][ T8491] device veth1_macvtap entered promiscuous mode [ 399.466840][ T8491] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.475180][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 399.484903][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 399.494314][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 399.504319][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 399.530624][ T8491] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.556635][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 399.566925][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 399.962283][ T8715] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 399.970452][ T8715] netlink: 'syz-executor.0': attribute type 2 has an invalid length. 09:55:32 executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000000)={'ip6_vti0\x00', @ifru_mtu=0x531101}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001001f"], 0x1c}}, 0x0) [ 400.304714][ T8719] ===================================================== [ 400.311920][ T8719] BUG: KMSAN: uninit-value in netlink_policy_dump_start+0x137d/0x1520 [ 400.320078][ T8719] CPU: 0 PID: 8719 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 400.328652][ T8719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.338704][ T8719] Call Trace: [ 400.342066][ T8719] dump_stack+0x21c/0x280 [ 400.346437][ T8719] kmsan_report+0xf7/0x1e0 [ 400.350867][ T8719] __msan_warning+0x58/0xa0 [ 400.355379][ T8719] netlink_policy_dump_start+0x137d/0x1520 [ 400.361207][ T8719] ctrl_dumppolicy+0x201/0x1610 [ 400.366077][ T8719] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 400.372150][ T8719] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 400.377959][ T8719] ? ctrl_dumpfamily+0x610/0x610 [ 400.383015][ T8719] genl_lock_dumpit+0xdb/0x150 [ 400.387791][ T8719] ? genl_start+0x970/0x970 [ 400.392300][ T8719] netlink_dump+0xb73/0x1cb0 [ 400.396898][ T8719] ? kmsan_get_metadata+0x116/0x180 [ 400.402117][ T8719] __netlink_dump_start+0xcf2/0xea0 [ 400.407337][ T8719] genl_rcv_msg+0x1245/0x18a0 [ 400.412052][ T8719] ? genl_rcv_msg+0x18a0/0x18a0 [ 400.416909][ T8719] ? genl_start+0x970/0x970 [ 400.421420][ T8719] ? genl_lock_dumpit+0x150/0x150 [ 400.426460][ T8719] netlink_rcv_skb+0x6d7/0x7e0 [ 400.431236][ T8719] ? genl_rcv+0x80/0x80 [ 400.435410][ T8719] genl_rcv+0x63/0x80 [ 400.439406][ T8719] netlink_unicast+0x11c8/0x1490 [ 400.444470][ T8719] ? genl_pernet_exit+0x90/0x90 [ 400.449340][ T8719] netlink_sendmsg+0x173a/0x1840 [ 400.454371][ T8719] ____sys_sendmsg+0xc82/0x1240 [ 400.459241][ T8719] ? netlink_getsockopt+0x17e0/0x17e0 [ 400.464627][ T8719] __sys_sendmsg+0x6d1/0x840 [ 400.469243][ T8719] ? kmsan_copy_to_user+0x81/0x90 [ 400.474340][ T8719] ? put_old_timespec32+0x231/0x2d0 [ 400.479565][ T8719] ? kmsan_get_metadata+0x116/0x180 [ 400.484772][ T8719] ? kmsan_get_metadata+0x116/0x180 [ 400.489987][ T8719] ? kmsan_get_metadata+0x116/0x180 [ 400.490792][ T17] Bluetooth: hci0: command 0x041b tx timeout [ 400.495357][ T8719] __se_compat_sys_sendmsg+0xa7/0xc0 [ 400.495406][ T8719] __ia32_compat_sys_sendmsg+0x4a/0x70 [ 400.512221][ T8719] __do_fast_syscall_32+0x2af/0x480 [ 400.517525][ T8719] do_fast_syscall_32+0x6b/0xd0 [ 400.522391][ T8719] do_SYSENTER_32+0x73/0x90 [ 400.526972][ T8719] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 400.533299][ T8719] RIP: 0023:0xf7fab549 [ 400.537358][ T8719] Code: Bad RIP value. [ 400.541448][ T8719] RSP: 002b:00000000f55a50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 400.549859][ T8719] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 400.557833][ T8719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 400.565818][ T8719] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 400.573801][ T8719] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 400.581783][ T8719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 400.589773][ T8719] [ 400.592103][ T8719] Uninit was created at: [ 400.596359][ T8719] kmsan_internal_poison_shadow+0x66/0xd0 [ 400.602086][ T8719] kmsan_slab_alloc+0x8a/0xe0 [ 400.606841][ T8719] __kmalloc_track_caller+0xbe8/0xe10 [ 400.612268][ T8719] krealloc+0x21d/0x410 [ 400.616434][ T8719] netlink_policy_dump_start+0x111c/0x1520 [ 400.622252][ T8719] ctrl_dumppolicy+0x201/0x1610 [ 400.627112][ T8719] genl_lock_dumpit+0xdb/0x150 [ 400.631883][ T8719] netlink_dump+0xb73/0x1cb0 [ 400.636476][ T8719] __netlink_dump_start+0xcf2/0xea0 [ 400.641679][ T8719] genl_rcv_msg+0x1245/0x18a0 [ 400.646370][ T8719] netlink_rcv_skb+0x6d7/0x7e0 [ 400.651137][ T8719] genl_rcv+0x63/0x80 [ 400.655136][ T8719] netlink_unicast+0x11c8/0x1490 [ 400.660082][ T8719] netlink_sendmsg+0x173a/0x1840 [ 400.665024][ T8719] ____sys_sendmsg+0xc82/0x1240 [ 400.669882][ T8719] __sys_sendmsg+0x6d1/0x840 [ 400.674477][ T8719] __se_compat_sys_sendmsg+0xa7/0xc0 [ 400.679772][ T8719] __ia32_compat_sys_sendmsg+0x4a/0x70 [ 400.685234][ T8719] __do_fast_syscall_32+0x2af/0x480 [ 400.690436][ T8719] do_fast_syscall_32+0x6b/0xd0 [ 400.695299][ T8719] do_SYSENTER_32+0x73/0x90 [ 400.699809][ T8719] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 400.706126][ T8719] ===================================================== [ 400.713051][ T8719] Disabling lock debugging due to kernel taint [ 400.719199][ T8719] Kernel panic - not syncing: panic_on_warn set ... [ 400.725792][ T8719] CPU: 0 PID: 8719 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 400.735850][ T8719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.745903][ T8719] Call Trace: [ 400.749210][ T8719] dump_stack+0x21c/0x280 [ 400.753618][ T8719] panic+0x4d7/0xef7 [ 400.757540][ T8719] ? add_taint+0x17c/0x210 [ 400.761968][ T8719] kmsan_report+0x1df/0x1e0 [ 400.766570][ T8719] __msan_warning+0x58/0xa0 [ 400.771094][ T8719] netlink_policy_dump_start+0x137d/0x1520 [ 400.776946][ T8719] ctrl_dumppolicy+0x201/0x1610 [ 400.781817][ T8719] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 400.787916][ T8719] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 400.793731][ T8719] ? ctrl_dumpfamily+0x610/0x610 [ 400.798680][ T8719] genl_lock_dumpit+0xdb/0x150 [ 400.803454][ T8719] ? genl_start+0x970/0x970 [ 400.808052][ T8719] netlink_dump+0xb73/0x1cb0 [ 400.812653][ T8719] ? kmsan_get_metadata+0x116/0x180 [ 400.817872][ T8719] __netlink_dump_start+0xcf2/0xea0 [ 400.823097][ T8719] genl_rcv_msg+0x1245/0x18a0 [ 400.827802][ T8719] ? genl_rcv_msg+0x18a0/0x18a0 [ 400.832661][ T8719] ? genl_start+0x970/0x970 [ 400.837172][ T8719] ? genl_lock_dumpit+0x150/0x150 [ 400.842223][ T8719] netlink_rcv_skb+0x6d7/0x7e0 [ 400.846993][ T8719] ? genl_rcv+0x80/0x80 [ 400.851170][ T8719] genl_rcv+0x63/0x80 [ 400.855162][ T8719] netlink_unicast+0x11c8/0x1490 [ 400.860113][ T8719] ? genl_pernet_exit+0x90/0x90 [ 400.865072][ T8719] netlink_sendmsg+0x173a/0x1840 [ 400.870037][ T8719] ____sys_sendmsg+0xc82/0x1240 [ 400.874993][ T8719] ? netlink_getsockopt+0x17e0/0x17e0 [ 400.880379][ T8719] __sys_sendmsg+0x6d1/0x840 [ 400.884999][ T8719] ? kmsan_copy_to_user+0x81/0x90 [ 400.890042][ T8719] ? put_old_timespec32+0x231/0x2d0 [ 400.895359][ T8719] ? kmsan_get_metadata+0x116/0x180 [ 400.900568][ T8719] ? kmsan_get_metadata+0x116/0x180 [ 400.905776][ T8719] ? kmsan_get_metadata+0x116/0x180 [ 400.910985][ T8719] __se_compat_sys_sendmsg+0xa7/0xc0 [ 400.916287][ T8719] __ia32_compat_sys_sendmsg+0x4a/0x70 [ 400.921751][ T8719] __do_fast_syscall_32+0x2af/0x480 [ 400.926959][ T8719] do_fast_syscall_32+0x6b/0xd0 [ 400.931815][ T8719] do_SYSENTER_32+0x73/0x90 [ 400.936330][ T8719] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 400.942650][ T8719] RIP: 0023:0xf7fab549 [ 400.946707][ T8719] Code: Bad RIP value. [ 400.950765][ T8719] RSP: 002b:00000000f55a50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 400.959174][ T8719] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 400.967148][ T8719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 400.975118][ T8719] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 400.983089][ T8719] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 400.991060][ T8719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 401.000316][ T8719] Kernel Offset: disabled [ 401.004636][ T8719] Rebooting in 86400 seconds..