[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts. 2020/07/21 20:05:35 fuzzer started 2020/07/21 20:05:36 dialing manager at 10.128.0.26:36767 2020/07/21 20:05:36 syscalls: 3112 2020/07/21 20:05:36 code coverage: enabled 2020/07/21 20:05:36 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/21 20:05:36 extra coverage: enabled 2020/07/21 20:05:36 setuid sandbox: enabled 2020/07/21 20:05:36 namespace sandbox: enabled 2020/07/21 20:05:36 Android sandbox: enabled 2020/07/21 20:05:36 fault injection: enabled 2020/07/21 20:05:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/21 20:05:36 net packet injection: enabled 2020/07/21 20:05:36 net device setup: enabled 2020/07/21 20:05:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/21 20:05:36 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/21 20:05:36 USB emulation: /dev/raw-gadget does not exist 20:07:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000003c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) syzkaller login: [ 216.898186][ T32] audit: type=1400 audit(1595362056.297:8): avc: denied { execmem } for pid=8474 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 217.215856][ T8475] IPVS: ftp: loaded support on port[0] = 21 [ 217.453069][ T8475] chnl_net:caif_netlink_parms(): no params data found [ 217.710499][ T8475] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.718288][ T8475] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.727912][ T8475] device bridge_slave_0 entered promiscuous mode [ 217.740105][ T8475] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.747839][ T8475] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.757210][ T8475] device bridge_slave_1 entered promiscuous mode [ 217.803674][ T8475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.818796][ T8475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.866170][ T8475] team0: Port device team_slave_0 added [ 217.876935][ T8475] team0: Port device team_slave_1 added [ 217.917894][ T8475] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.924947][ T8475] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.951605][ T8475] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.965253][ T8475] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 217.973452][ T8475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.999830][ T8475] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.115026][ T8475] device hsr_slave_0 entered promiscuous mode [ 218.162283][ T8475] device hsr_slave_1 entered promiscuous mode [ 218.454450][ T8475] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 218.524093][ T8475] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 218.649415][ T8475] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 218.813624][ T8475] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 219.138718][ T8475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.167703][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.177606][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.200072][ T8475] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.214864][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.224870][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.234222][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.241474][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.297087][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.306567][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.316378][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.325802][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.332978][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.341941][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.352658][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.363432][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.373762][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.384093][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.394424][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.411494][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 219.421020][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 219.430597][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 219.446736][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 219.456259][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 219.471860][ T8475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 219.509764][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 219.518642][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 219.548082][ T8475] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.592546][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 219.602946][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 219.651179][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 219.661156][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.682224][ T8475] device veth0_vlan entered promiscuous mode [ 219.699158][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.708575][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.731029][ T8475] device veth1_vlan entered promiscuous mode [ 219.787101][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 219.796481][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 219.805933][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 219.815831][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 219.841453][ T8475] device veth0_macvtap entered promiscuous mode [ 219.859804][ T8475] device veth1_macvtap entered promiscuous mode [ 219.902853][ T8475] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.912320][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 219.921787][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 219.931042][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 219.940935][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 219.958227][ T8475] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.966268][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 219.977262][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 220.457604][ T8698] ===================================================== [ 220.464597][ T8698] BUG: KMSAN: uninit-value in sha512_generic_block_fn+0x222a/0x2ac0 [ 220.472591][ T8698] CPU: 1 PID: 8698 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 220.481181][ T8698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.491234][ T8698] Call Trace: [ 220.494525][ T8698] dump_stack+0x1df/0x240 [ 220.498852][ T8698] kmsan_report+0xf7/0x1e0 [ 220.503317][ T8698] __msan_warning+0x58/0xa0 [ 220.507856][ T8698] sha512_generic_block_fn+0x222a/0x2ac0 [ 220.513475][ T8698] ? kmsan_task_context_state+0x47/0x90 [ 220.519023][ T8698] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 220.525095][ T8698] ? unwind_get_return_address+0x8c/0x130 [ 220.530912][ T8698] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 220.537407][ T8698] ? arch_stack_walk+0x2a2/0x3e0 [ 220.542324][ T8698] ? stack_trace_save+0x1a0/0x1a0 [ 220.547332][ T8698] ? kmsan_get_metadata+0x11d/0x180 [ 220.552526][ T8698] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 220.558338][ T8698] crypto_sha512_update+0x4cc/0x570 [ 220.563542][ T8698] ? crypto_sha224_init+0x210/0x210 [ 220.568734][ T8698] crypto_shash_update+0x4e9/0x550 [ 220.573915][ T8698] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 220.580071][ T8698] ? hash_walk_new_entry+0x6c7/0x770 [ 220.585362][ T8698] ? crypto_hash_walk_first+0x1fd/0x360 [ 220.590913][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 220.596011][ T8698] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 220.601804][ T8698] shash_async_update+0x113/0x1d0 [ 220.606814][ T8698] ? shash_async_init+0x1e0/0x1e0 [ 220.611819][ T8698] hash_sendpage+0x8ef/0xdf0 [ 220.616397][ T8698] ? hash_recvmsg+0xd30/0xd30 [ 220.621061][ T8698] sock_sendpage+0x1e1/0x2c0 [ 220.625655][ T8698] pipe_to_sendpage+0x38c/0x4c0 [ 220.630509][ T8698] ? sock_fasync+0x250/0x250 [ 220.635101][ T8698] __splice_from_pipe+0x565/0xf00 [ 220.640109][ T8698] ? generic_splice_sendpage+0x2d0/0x2d0 [ 220.646099][ T8698] generic_splice_sendpage+0x1d5/0x2d0 [ 220.651555][ T8698] ? iter_file_splice_write+0x1800/0x1800 [ 220.657257][ T8698] direct_splice_actor+0x1fd/0x580 [ 220.662382][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 220.667514][ T8698] splice_direct_to_actor+0x6b2/0xf50 [ 220.672868][ T8698] ? do_splice_direct+0x580/0x580 [ 220.677886][ T8698] do_splice_direct+0x342/0x580 [ 220.682725][ T8698] do_sendfile+0x101b/0x1d40 [ 220.687312][ T8698] __se_compat_sys_sendfile+0x301/0x3c0 [ 220.692846][ T8698] ? kmsan_get_metadata+0x11d/0x180 [ 220.698049][ T8698] ? __ia32_sys_sendfile64+0x70/0x70 [ 220.703401][ T8698] __ia32_compat_sys_sendfile+0x56/0x70 [ 220.708932][ T8698] __do_fast_syscall_32+0x2aa/0x400 [ 220.714119][ T8698] do_fast_syscall_32+0x6b/0xd0 [ 220.718954][ T8698] do_SYSENTER_32+0x73/0x90 [ 220.723436][ T8698] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 220.729768][ T8698] RIP: 0023:0xf7f64549 [ 220.733810][ T8698] Code: Bad RIP value. [ 220.737852][ T8698] RSP: 002b:00000000f5d5f0cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 220.746239][ T8698] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000005 [ 220.754190][ T8698] RDX: 0000000000000000 RSI: 0000000020000002 RDI: 0000000000000000 [ 220.762318][ T8698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 220.770274][ T8698] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 220.778223][ T8698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 220.786212][ T8698] [ 220.788535][ T8698] Uninit was created at: [ 220.792770][ T8698] kmsan_save_stack_with_flags+0x3c/0x90 [ 220.798379][ T8698] kmsan_alloc_page+0xb9/0x180 [ 220.803119][ T8698] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 220.808643][ T8698] alloc_pages_current+0x672/0x990 [ 220.813730][ T8698] push_pipe+0x605/0xb70 [ 220.818062][ T8698] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 220.823780][ T8698] do_splice_to+0x4fc/0x14f0 [ 220.828356][ T8698] splice_direct_to_actor+0x45c/0xf50 [ 220.833807][ T8698] do_splice_direct+0x342/0x580 [ 220.838726][ T8698] do_sendfile+0x101b/0x1d40 [ 220.843295][ T8698] __se_compat_sys_sendfile+0x301/0x3c0 [ 220.848954][ T8698] __ia32_compat_sys_sendfile+0x56/0x70 [ 220.854477][ T8698] __do_fast_syscall_32+0x2aa/0x400 [ 220.859656][ T8698] do_fast_syscall_32+0x6b/0xd0 [ 220.864485][ T8698] do_SYSENTER_32+0x73/0x90 [ 220.868971][ T8698] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 220.875272][ T8698] ===================================================== [ 220.882298][ T8698] Disabling lock debugging due to kernel taint [ 220.888437][ T8698] Kernel panic - not syncing: panic_on_warn set ... [ 220.895016][ T8698] CPU: 1 PID: 8698 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 220.904965][ T8698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.915009][ T8698] Call Trace: [ 220.918291][ T8698] dump_stack+0x1df/0x240 [ 220.922606][ T8698] panic+0x3d5/0xc3e [ 220.926616][ T8698] kmsan_report+0x1df/0x1e0 [ 220.931132][ T8698] __msan_warning+0x58/0xa0 [ 220.935644][ T8698] sha512_generic_block_fn+0x222a/0x2ac0 [ 220.941276][ T8698] ? kmsan_task_context_state+0x47/0x90 [ 220.946809][ T8698] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 220.953012][ T8698] ? unwind_get_return_address+0x8c/0x130 [ 220.958728][ T8698] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 220.965219][ T8698] ? arch_stack_walk+0x2a2/0x3e0 [ 220.970150][ T8698] ? stack_trace_save+0x1a0/0x1a0 [ 220.975158][ T8698] ? kmsan_get_metadata+0x11d/0x180 [ 220.980471][ T8698] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 220.986278][ T8698] crypto_sha512_update+0x4cc/0x570 [ 220.991466][ T8698] ? crypto_sha224_init+0x210/0x210 [ 220.996657][ T8698] crypto_shash_update+0x4e9/0x550 [ 221.001762][ T8698] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 221.007897][ T8698] ? hash_walk_new_entry+0x6c7/0x770 [ 221.013187][ T8698] ? crypto_hash_walk_first+0x1fd/0x360 [ 221.018715][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 221.023804][ T8698] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 221.029593][ T8698] shash_async_update+0x113/0x1d0 [ 221.034615][ T8698] ? shash_async_init+0x1e0/0x1e0 [ 221.039629][ T8698] hash_sendpage+0x8ef/0xdf0 [ 221.044202][ T8698] ? hash_recvmsg+0xd30/0xd30 [ 221.048880][ T8698] sock_sendpage+0x1e1/0x2c0 [ 221.053470][ T8698] pipe_to_sendpage+0x38c/0x4c0 [ 221.058302][ T8698] ? sock_fasync+0x250/0x250 [ 221.062877][ T8698] __splice_from_pipe+0x565/0xf00 [ 221.067882][ T8698] ? generic_splice_sendpage+0x2d0/0x2d0 [ 221.073503][ T8698] generic_splice_sendpage+0x1d5/0x2d0 [ 221.078964][ T8698] ? iter_file_splice_write+0x1800/0x1800 [ 221.085819][ T8698] direct_splice_actor+0x1fd/0x580 [ 221.090924][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 221.096021][ T8698] splice_direct_to_actor+0x6b2/0xf50 [ 221.101372][ T8698] ? do_splice_direct+0x580/0x580 [ 221.106401][ T8698] do_splice_direct+0x342/0x580 [ 221.111265][ T8698] do_sendfile+0x101b/0x1d40 [ 221.115859][ T8698] __se_compat_sys_sendfile+0x301/0x3c0 [ 221.121385][ T8698] ? kmsan_get_metadata+0x11d/0x180 [ 221.126568][ T8698] ? __ia32_sys_sendfile64+0x70/0x70 [ 221.131846][ T8698] __ia32_compat_sys_sendfile+0x56/0x70 [ 221.137383][ T8698] __do_fast_syscall_32+0x2aa/0x400 [ 221.142566][ T8698] do_fast_syscall_32+0x6b/0xd0 [ 221.147411][ T8698] do_SYSENTER_32+0x73/0x90 [ 221.151908][ T8698] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 221.158224][ T8698] RIP: 0023:0xf7f64549 [ 221.162262][ T8698] Code: Bad RIP value. [ 221.166304][ T8698] RSP: 002b:00000000f5d5f0cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 221.174692][ T8698] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000005 [ 221.182655][ T8698] RDX: 0000000000000000 RSI: 0000000020000002 RDI: 0000000000000000 [ 221.190640][ T8698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 221.198592][ T8698] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 221.206550][ T8698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 221.215949][ T8698] Kernel Offset: 0x13000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 221.227556][ T8698] Rebooting in 86400 seconds..