Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts. 2020/07/19 22:08:01 parsed 1 programs 2020/07/19 22:08:05 executed programs: 0 syzkaller login: [ 239.201449][ T32] audit: type=1400 audit(1595196485.566:8): avc: denied { execmem } for pid=8475 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 239.247586][ T8476] IPVS: ftp: loaded support on port[0] = 21 [ 239.424856][ T8476] chnl_net:caif_netlink_parms(): no params data found [ 239.606235][ T8476] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.613391][ T8476] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.622817][ T8476] device bridge_slave_0 entered promiscuous mode [ 239.633900][ T8476] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.641316][ T8476] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.650861][ T8476] device bridge_slave_1 entered promiscuous mode [ 239.683200][ T8476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.696074][ T8476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.729856][ T8476] team0: Port device team_slave_0 added [ 239.738305][ T8476] team0: Port device team_slave_1 added [ 239.770584][ T8476] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.777797][ T8476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.804004][ T8476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.817332][ T8476] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.824374][ T8476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.850870][ T8476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.930725][ T8476] device hsr_slave_0 entered promiscuous mode [ 239.985694][ T8476] device hsr_slave_1 entered promiscuous mode [ 240.186529][ T8476] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 240.239804][ T8476] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 240.299985][ T8476] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 240.359660][ T8476] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 240.511789][ T8476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.530205][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.539153][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.552078][ T8476] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.568496][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.579136][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.588923][ T3083] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.596252][ T3083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.606859][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.621738][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 240.631249][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.641225][ T3083] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.648456][ T3083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.669390][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 240.696654][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.725729][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.735308][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.748058][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 240.758724][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.768819][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 240.778403][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 240.787980][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 240.797301][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 240.808696][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 240.831780][ T8476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 240.862400][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 240.870381][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 240.892502][ T8476] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.921399][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 240.931000][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 240.970568][ T8476] device veth0_vlan entered promiscuous mode [ 240.977756][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 240.988574][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 241.002454][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 241.013360][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 241.032313][ T8476] device veth1_vlan entered promiscuous mode [ 241.066811][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 241.076697][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 241.086004][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 241.095652][ T2317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 241.111813][ T8476] device veth0_macvtap entered promiscuous mode [ 241.130180][ T8476] device veth1_macvtap entered promiscuous mode [ 241.160414][ T8476] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 241.169670][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 241.179083][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 241.188507][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 241.198496][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 241.214345][ T8476] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 241.238352][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 241.247739][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 241.515613][ T8698] ===================================================== [ 241.522620][ T8698] BUG: KMSAN: uninit-value in ucma_connect+0x2aa/0xab0 [ 241.529476][ T8698] CPU: 1 PID: 8698 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 241.538053][ T8698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 241.548121][ T8698] Call Trace: [ 241.551403][ T8698] dump_stack+0x1df/0x240 [ 241.555742][ T8698] kmsan_report+0xf7/0x1e0 [ 241.560151][ T8698] __msan_warning+0x58/0xa0 [ 241.564644][ T8698] ucma_connect+0x2aa/0xab0 [ 241.569155][ T8698] ? kmsan_set_origin_checked+0x95/0xf0 [ 241.574692][ T8698] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 241.580757][ T8698] ? _copy_from_user+0x15b/0x260 [ 241.585689][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 241.590795][ T8698] ? ucma_query_route+0x13c0/0x13c0 [ 241.595983][ T8698] ucma_write+0x5c5/0x630 [ 241.600307][ T8698] ? ucma_get_global_nl_info+0xe0/0xe0 [ 241.605768][ T8698] vfs_write+0x561/0x1480 [ 241.610097][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 241.615207][ T8698] ? __msan_poison_alloca+0xf0/0x120 [ 241.620488][ T8698] ? kmsan_get_metadata+0x11d/0x180 [ 241.625680][ T8698] ksys_write+0x267/0x450 [ 241.629997][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 241.635094][ T8698] __se_sys_write+0x92/0xb0 [ 241.639586][ T8698] ? __se_sys_write+0xb0/0xb0 [ 241.644251][ T8698] __ia32_sys_write+0x4a/0x70 [ 241.648915][ T8698] __do_fast_syscall_32+0x2aa/0x400 [ 241.654104][ T8698] do_fast_syscall_32+0x6b/0xd0 [ 241.658962][ T8698] do_SYSENTER_32+0x73/0x90 [ 241.663453][ T8698] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 241.669764][ T8698] RIP: 0023:0xf7f81549 [ 241.673808][ T8698] Code: Bad RIP value. [ 241.677856][ T8698] RSP: 002b:00000000f7f7c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 241.686250][ T8698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 241.694206][ T8698] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000000 [ 241.702163][ T8698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 241.710126][ T8698] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 241.718082][ T8698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 241.726047][ T8698] [ 241.728358][ T8698] Local variable ----cmd@ucma_connect created at: [ 241.734758][ T8698] ucma_connect+0xe1/0xab0 [ 241.739163][ T8698] ucma_connect+0xe1/0xab0 [ 241.743555][ T8698] ===================================================== [ 241.750467][ T8698] Disabling lock debugging due to kernel taint [ 241.756608][ T8698] Kernel panic - not syncing: panic_on_warn set ... [ 241.763190][ T8698] CPU: 1 PID: 8698 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 241.773152][ T8698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 241.783195][ T8698] Call Trace: [ 241.786482][ T8698] dump_stack+0x1df/0x240 [ 241.790806][ T8698] panic+0x3d5/0xc3e [ 241.794713][ T8698] kmsan_report+0x1df/0x1e0 [ 241.799205][ T8698] __msan_warning+0x58/0xa0 [ 241.803696][ T8698] ucma_connect+0x2aa/0xab0 [ 241.808195][ T8698] ? kmsan_set_origin_checked+0x95/0xf0 [ 241.813730][ T8698] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 241.819787][ T8698] ? _copy_from_user+0x15b/0x260 [ 241.824711][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 241.829814][ T8698] ? ucma_query_route+0x13c0/0x13c0 [ 241.834998][ T8698] ucma_write+0x5c5/0x630 [ 241.839323][ T8698] ? ucma_get_global_nl_info+0xe0/0xe0 [ 241.844776][ T8698] vfs_write+0x561/0x1480 [ 241.849100][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 241.854199][ T8698] ? __msan_poison_alloca+0xf0/0x120 [ 241.859472][ T8698] ? kmsan_get_metadata+0x11d/0x180 [ 241.864662][ T8698] ksys_write+0x267/0x450 [ 241.868981][ T8698] ? kmsan_get_metadata+0x4f/0x180 [ 241.874079][ T8698] __se_sys_write+0x92/0xb0 [ 241.878572][ T8698] ? __se_sys_write+0xb0/0xb0 [ 241.883237][ T8698] __ia32_sys_write+0x4a/0x70 [ 241.887917][ T8698] __do_fast_syscall_32+0x2aa/0x400 [ 241.893114][ T8698] do_fast_syscall_32+0x6b/0xd0 [ 241.897962][ T8698] do_SYSENTER_32+0x73/0x90 [ 241.902460][ T8698] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 241.908777][ T8698] RIP: 0023:0xf7f81549 [ 241.912825][ T8698] Code: Bad RIP value. [ 241.916874][ T8698] RSP: 002b:00000000f7f7c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 241.925271][ T8698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 241.933226][ T8698] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000000 [ 241.941180][ T8698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 241.949135][ T8698] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 241.957089][ T8698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 241.966361][ T8698] Kernel Offset: 0xc000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 241.977884][ T8698] Rebooting in 86400 seconds..