[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.50' (ECDSA) to the list of known hosts. 2020/07/18 05:05:28 fuzzer started 2020/07/18 05:05:28 dialing manager at 10.128.0.26:41463 2020/07/18 05:05:28 syscalls: 2944 2020/07/18 05:05:28 code coverage: enabled 2020/07/18 05:05:28 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/18 05:05:28 extra coverage: enabled 2020/07/18 05:05:28 setuid sandbox: enabled 2020/07/18 05:05:28 namespace sandbox: enabled 2020/07/18 05:05:28 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/18 05:05:28 fault injection: enabled 2020/07/18 05:05:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/18 05:05:28 net packet injection: enabled 2020/07/18 05:05:28 net device setup: enabled 2020/07/18 05:05:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/18 05:05:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/18 05:05:28 USB emulation: /dev/raw-gadget does not exist 05:08:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/12, 0xc}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x16e, &(0x7f0000000400)="0100000087e7326bc88b0c7f8fd8baf6332ab60a00008024c30e4e89734490ac004c45bec9c683f53b506b8c5893d35500c52c65ec345a8b75c1c317c3da822e15355c2ae26ba533fad72a1d53a9ff5b4ac51e08dcaeeb01eecedd9b56de54fcea571b152f4037491e04451c47d280ce8f3e884f9fb89a03d904403938fa6bbf315b94e725cbeb577a6c389d700a86f72fef2d3e158243210c0f1683bef79bf691e77dcc77507a460cda091ab030cbd53f8ee4144a073ea31f45c642d29d3151acd69b7af3fbaa3e4f7266286aecf3575caec65c782a0e575223483cbc5dd73f8dd8b1855a78f3ab67ebf8db16b75c498d6e4c350400000000000000b236cce2df01eb0d307b28997d589dd21680e71e3b0fe7342a467aa12a7ccee980095ce930999dc9ae04d33d29844a2a18a618132760d8ee994fc779fdda861dee6a0937834ef8f421279cc90a5e517b2d78a3b680218497ec343c2ede907a50e76e635c5873cad70142e5a88c5b17a46f57"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) syzkaller login: [ 309.093573][ T8483] IPVS: ftp: loaded support on port[0] = 21 [ 309.296358][ T8483] chnl_net:caif_netlink_parms(): no params data found [ 309.520819][ T8483] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.528024][ T8483] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.537737][ T8483] device bridge_slave_0 entered promiscuous mode [ 309.552471][ T8483] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.559818][ T8483] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.568951][ T8483] device bridge_slave_1 entered promiscuous mode [ 309.614351][ T8483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.630786][ T8483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.675961][ T8483] team0: Port device team_slave_0 added [ 309.686348][ T8483] team0: Port device team_slave_1 added [ 309.731061][ T8483] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 309.738084][ T8483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.764188][ T8483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 309.777688][ T8483] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 309.785088][ T8483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.812238][ T8483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.036073][ T8483] device hsr_slave_0 entered promiscuous mode [ 310.220534][ T8483] device hsr_slave_1 entered promiscuous mode [ 310.703657][ T8483] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 310.745557][ T8483] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 310.785246][ T8483] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 310.845362][ T8483] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 311.126225][ T8483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.164331][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 311.173296][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 311.201498][ T8483] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.227595][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 311.237375][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 311.246707][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.253984][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.292010][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 311.301236][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 311.310970][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 311.320209][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.327442][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 311.336381][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 311.360282][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 311.371170][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 311.381327][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 311.397112][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 311.414017][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 311.424236][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 311.468919][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 311.478262][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 311.487687][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 311.497274][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 311.510360][ T8483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 311.555008][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 311.563428][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 311.596700][ T8483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 311.637944][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 311.648521][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 311.687830][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 311.697680][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 311.715282][ T8483] device veth0_vlan entered promiscuous mode [ 311.731281][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 311.741040][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 311.757003][ T8483] device veth1_vlan entered promiscuous mode [ 311.804145][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 311.815413][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 311.824789][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 311.834573][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 311.852157][ T8483] device veth0_macvtap entered promiscuous mode [ 311.883901][ T8483] device veth1_macvtap entered promiscuous mode [ 311.923226][ T8483] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 311.931110][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 311.940407][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 311.949734][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 311.959544][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 311.980730][ T8483] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 312.020462][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 312.030797][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 05:08:43 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000940)=@raw={'raw\x00', 0x2, 0x3, 0x1d8, 0x0, 0x98, 0x98, 0x98, 0x98, 0x140, 0x140, 0x140, 0x140, 0x140, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x49}}}, {{@ip={@loopback, @loopback, 0x0, 0x0, 'syz_tun\x00', 'team0\x00'}, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffff, 0x8}, {0xffff}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x238) [ 314.338422][ T8694] IPVS: ftp: loaded support on port[0] = 21 [ 314.612769][ T8694] chnl_net:caif_netlink_parms(): no params data found [ 314.750060][ T8694] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.757287][ T8694] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.767056][ T8694] device bridge_slave_0 entered promiscuous mode [ 314.779174][ T8694] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.786388][ T8694] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.796006][ T8694] device bridge_slave_1 entered promiscuous mode [ 314.841723][ T8694] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 314.857164][ T8694] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 314.904481][ T8694] team0: Port device team_slave_0 added [ 314.917110][ T8694] team0: Port device team_slave_1 added [ 314.956604][ T8694] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.964054][ T8694] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.990690][ T8694] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 315.005051][ T8694] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 315.013221][ T8694] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.039478][ T8694] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 05:08:45 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000580)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_MODE_GETGAMMA(0xffffffffffffffff, 0xc02064a4, &(0x7f0000000140)={0x81, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x0}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x10000, 0x0) [ 315.155948][ T8694] device hsr_slave_0 entered promiscuous mode [ 315.210260][ T8694] device hsr_slave_1 entered promiscuous mode [ 315.259654][ T8694] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 315.267283][ T8694] Cannot create hsr debugfs directory [ 315.329518][ T8858] ===================================================== [ 315.336508][ T8858] BUG: KMSAN: uninit-value in bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 315.344324][ T8858] CPU: 0 PID: 8858 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 315.352908][ T8858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.362960][ T8858] Call Trace: [ 315.366244][ T8858] dump_stack+0x1df/0x240 [ 315.370569][ T8858] kmsan_report+0xf7/0x1e0 [ 315.374976][ T8858] __msan_warning+0x58/0xa0 [ 315.379470][ T8858] bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 315.384935][ T8858] ___bpf_prog_run+0x214d/0x97a0 [ 315.389858][ T8858] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 315.396176][ T8858] ? bpf_skb_get_nlattr+0x290/0x290 [ 315.401370][ T8858] __bpf_prog_run32+0x101/0x170 [ 315.406214][ T8858] ? kmsan_get_metadata+0x4f/0x180 [ 315.411311][ T8858] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 315.417104][ T8858] ? ___bpf_prog_run+0x97a0/0x97a0 [ 315.422200][ T8858] sk_filter_trim_cap+0x42a/0xcc0 [ 315.427223][ T8858] ? kmsan_get_metadata+0x11d/0x180 [ 315.432409][ T8858] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 315.438207][ T8858] unix_dgram_sendmsg+0x1987/0x3c30 [ 315.443400][ T8858] ? aa_sock_msg_perm+0x16d/0x320 [ 315.448428][ T8858] ? unix_dgram_poll+0xa80/0xa80 [ 315.453354][ T8858] kernel_sendmsg+0x433/0x440 [ 315.458025][ T8858] sock_no_sendpage+0x235/0x300 [ 315.462988][ T8858] ? sock_no_mmap+0x30/0x30 [ 315.467483][ T8858] sock_sendpage+0x1e1/0x2c0 [ 315.472157][ T8858] pipe_to_sendpage+0x38c/0x4c0 [ 315.476997][ T8858] ? sock_fasync+0x250/0x250 [ 315.481583][ T8858] __splice_from_pipe+0x565/0xf00 [ 315.486596][ T8858] ? generic_splice_sendpage+0x2d0/0x2d0 [ 315.492231][ T8858] generic_splice_sendpage+0x1d5/0x2d0 [ 315.497683][ T8858] ? iter_file_splice_write+0x1800/0x1800 [ 315.503392][ T8858] do_splice+0x2249/0x30a0 [ 315.507799][ T8858] ? __msan_poison_alloca+0xf0/0x120 [ 315.513074][ T8858] ? kmsan_get_metadata+0x4f/0x180 [ 315.518174][ T8858] ? kmsan_internal_set_origin+0x75/0xb0 [ 315.523793][ T8858] ? kmsan_get_metadata+0x4f/0x180 [ 315.528892][ T8858] ? kmsan_get_metadata+0x11d/0x180 [ 315.534268][ T8858] ? kmsan_set_origin_checked+0x95/0xf0 [ 315.539819][ T8858] __se_sys_splice+0x271/0x420 [ 315.544582][ T8858] __x64_sys_splice+0x6e/0x90 [ 315.549249][ T8858] do_syscall_64+0xb0/0x150 [ 315.553743][ T8858] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 315.559831][ T8858] RIP: 0033:0x45c1d9 [ 315.563703][ T8858] Code: Bad RIP value. [ 315.567752][ T8858] RSP: 002b:00007f7cf90f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 315.576148][ T8858] RAX: ffffffffffffffda RBX: 0000000000031a00 RCX: 000000000045c1d9 [ 315.584105][ T8858] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 315.592061][ T8858] RBP: 000000000078bff8 R08: 0000000000010000 R09: 0000000000000000 [ 315.600015][ T8858] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 315.607969][ T8858] R13: 0000000000c9fb6f R14: 00007f7cf90f39c0 R15: 000000000078bfac [ 315.615934][ T8858] [ 315.618242][ T8858] Uninit was stored to memory at: [ 315.623256][ T8858] kmsan_internal_chain_origin+0xad/0x130 [ 315.628958][ T8858] __msan_chain_origin+0x50/0x90 [ 315.633879][ T8858] ___bpf_prog_run+0x6cbe/0x97a0 [ 315.638797][ T8858] __bpf_prog_run32+0x101/0x170 [ 315.643629][ T8858] sk_filter_trim_cap+0x42a/0xcc0 [ 315.648635][ T8858] unix_dgram_sendmsg+0x1987/0x3c30 [ 315.653817][ T8858] kernel_sendmsg+0x433/0x440 [ 315.658477][ T8858] sock_no_sendpage+0x235/0x300 [ 315.663312][ T8858] sock_sendpage+0x1e1/0x2c0 [ 315.667887][ T8858] pipe_to_sendpage+0x38c/0x4c0 [ 315.672719][ T8858] __splice_from_pipe+0x565/0xf00 [ 315.677727][ T8858] generic_splice_sendpage+0x1d5/0x2d0 [ 315.683279][ T8858] do_splice+0x2249/0x30a0 [ 315.687767][ T8858] __se_sys_splice+0x271/0x420 [ 315.692514][ T8858] __x64_sys_splice+0x6e/0x90 [ 315.697175][ T8858] do_syscall_64+0xb0/0x150 [ 315.701665][ T8858] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 315.707533][ T8858] [ 315.709843][ T8858] Uninit was stored to memory at: [ 315.714853][ T8858] kmsan_internal_chain_origin+0xad/0x130 [ 315.720554][ T8858] __msan_chain_origin+0x50/0x90 [ 315.725492][ T8858] ___bpf_prog_run+0x6c64/0x97a0 [ 315.730413][ T8858] __bpf_prog_run32+0x101/0x170 [ 315.735245][ T8858] sk_filter_trim_cap+0x42a/0xcc0 [ 315.740248][ T8858] unix_dgram_sendmsg+0x1987/0x3c30 [ 315.745427][ T8858] kernel_sendmsg+0x433/0x440 [ 315.750086][ T8858] sock_no_sendpage+0x235/0x300 [ 315.754923][ T8858] sock_sendpage+0x1e1/0x2c0 [ 315.759496][ T8858] pipe_to_sendpage+0x38c/0x4c0 [ 315.764329][ T8858] __splice_from_pipe+0x565/0xf00 [ 315.769336][ T8858] generic_splice_sendpage+0x1d5/0x2d0 [ 315.774776][ T8858] do_splice+0x2249/0x30a0 [ 315.779177][ T8858] __se_sys_splice+0x271/0x420 [ 315.783932][ T8858] __x64_sys_splice+0x6e/0x90 [ 315.788592][ T8858] do_syscall_64+0xb0/0x150 [ 315.793081][ T8858] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 315.798963][ T8858] [ 315.801275][ T8858] Local variable ----regs@__bpf_prog_run32 created at: [ 315.808107][ T8858] __bpf_prog_run32+0x87/0x170 [ 315.812854][ T8858] __bpf_prog_run32+0x87/0x170 [ 315.817593][ T8858] ===================================================== [ 315.824501][ T8858] Disabling lock debugging due to kernel taint [ 315.830629][ T8858] Kernel panic - not syncing: panic_on_warn set ... [ 315.837201][ T8858] CPU: 0 PID: 8858 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 315.847152][ T8858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.857205][ T8858] Call Trace: [ 315.860486][ T8858] dump_stack+0x1df/0x240 [ 315.864805][ T8858] panic+0x3d5/0xc3e [ 315.868706][ T8858] kmsan_report+0x1df/0x1e0 [ 315.873196][ T8858] __msan_warning+0x58/0xa0 [ 315.877687][ T8858] bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 315.883135][ T8858] ___bpf_prog_run+0x214d/0x97a0 [ 315.888056][ T8858] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 315.894195][ T8858] ? bpf_skb_get_nlattr+0x290/0x290 [ 315.899388][ T8858] __bpf_prog_run32+0x101/0x170 [ 315.904231][ T8858] ? kmsan_get_metadata+0x4f/0x180 [ 315.909329][ T8858] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 315.915117][ T8858] ? ___bpf_prog_run+0x97a0/0x97a0 [ 315.920356][ T8858] sk_filter_trim_cap+0x42a/0xcc0 [ 315.925374][ T8858] ? kmsan_get_metadata+0x11d/0x180 [ 315.930561][ T8858] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 315.936356][ T8858] unix_dgram_sendmsg+0x1987/0x3c30 [ 315.941551][ T8858] ? aa_sock_msg_perm+0x16d/0x320 [ 315.946573][ T8858] ? unix_dgram_poll+0xa80/0xa80 [ 315.951498][ T8858] kernel_sendmsg+0x433/0x440 [ 315.956166][ T8858] sock_no_sendpage+0x235/0x300 [ 315.961076][ T8858] ? sock_no_mmap+0x30/0x30 [ 315.965575][ T8858] sock_sendpage+0x1e1/0x2c0 [ 315.970165][ T8858] pipe_to_sendpage+0x38c/0x4c0 [ 315.975004][ T8858] ? sock_fasync+0x250/0x250 [ 315.979604][ T8858] __splice_from_pipe+0x565/0xf00 [ 315.984732][ T8858] ? generic_splice_sendpage+0x2d0/0x2d0 [ 315.990367][ T8858] generic_splice_sendpage+0x1d5/0x2d0 [ 315.995912][ T8858] ? iter_file_splice_write+0x1800/0x1800 [ 316.001621][ T8858] do_splice+0x2249/0x30a0 [ 316.006026][ T8858] ? __msan_poison_alloca+0xf0/0x120 [ 316.011302][ T8858] ? kmsan_get_metadata+0x4f/0x180 [ 316.016403][ T8858] ? kmsan_internal_set_origin+0x75/0xb0 [ 316.022027][ T8858] ? kmsan_get_metadata+0x4f/0x180 [ 316.027129][ T8858] ? kmsan_get_metadata+0x11d/0x180 [ 316.032317][ T8858] ? kmsan_set_origin_checked+0x95/0xf0 [ 316.037966][ T8858] __se_sys_splice+0x271/0x420 [ 316.042728][ T8858] __x64_sys_splice+0x6e/0x90 [ 316.047396][ T8858] do_syscall_64+0xb0/0x150 [ 316.051900][ T8858] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 316.057773][ T8858] RIP: 0033:0x45c1d9 [ 316.061643][ T8858] Code: Bad RIP value. [ 316.065691][ T8858] RSP: 002b:00007f7cf90f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 316.074087][ T8858] RAX: ffffffffffffffda RBX: 0000000000031a00 RCX: 000000000045c1d9 [ 316.082042][ T8858] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 316.089998][ T8858] RBP: 000000000078bff8 R08: 0000000000010000 R09: 0000000000000000 [ 316.097952][ T8858] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 316.105909][ T8858] R13: 0000000000c9fb6f R14: 00007f7cf90f39c0 R15: 000000000078bfac [ 316.115185][ T8858] Kernel Offset: 0x1b600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 316.126797][ T8858] Rebooting in 86400 seconds..