Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts.
2020/07/20 05:59:10 fuzzer started
2020/07/20 05:59:10 dialing manager at 10.128.0.26:33695
2020/07/20 05:59:11 syscalls: 3087
2020/07/20 05:59:11 code coverage: enabled
2020/07/20 05:59:11 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2020/07/20 05:59:11 extra coverage: enabled
2020/07/20 05:59:11 setuid sandbox: enabled
2020/07/20 05:59:11 namespace sandbox: enabled
2020/07/20 05:59:11 Android sandbox: enabled
2020/07/20 05:59:11 fault injection: enabled
2020/07/20 05:59:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/07/20 05:59:11 net packet injection: enabled
2020/07/20 05:59:11 net device setup: enabled
2020/07/20 05:59:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/07/20 05:59:11 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/07/20 05:59:11 USB emulation: /dev/raw-gadget does not exist
06:01:52 executing program 0:

syzkaller login: [  287.061650][   T33] audit: type=1400 audit(1595224912.148:8): avc:  denied  { execmem } for  pid=8465 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  287.404262][ T8466] IPVS: ftp: loaded support on port[0] = 21
[  287.686135][ T8466] chnl_net:caif_netlink_parms(): no params data found
[  288.009643][ T8466] bridge0: port 1(bridge_slave_0) entered blocking state
[  288.016948][ T8466] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.026171][ T8466] device bridge_slave_0 entered promiscuous mode
[  288.061569][ T8466] bridge0: port 2(bridge_slave_1) entered blocking state
[  288.069292][ T8466] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.078738][ T8466] device bridge_slave_1 entered promiscuous mode
[  288.131993][ T8466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  288.147473][ T8466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  288.199945][ T8466] team0: Port device team_slave_0 added
[  288.210642][ T8466] team0: Port device team_slave_1 added
[  288.258810][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_0
[  288.265865][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  288.292054][ T8466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  288.306681][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_1
[  288.313944][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  288.340097][ T8466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  288.444784][ T8466] device hsr_slave_0 entered promiscuous mode
[  288.598592][ T8466] device hsr_slave_1 entered promiscuous mode
[  289.036336][ T8466] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  289.081513][ T8466] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  289.172218][ T8466] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  289.244666][ T8466] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  289.484861][ T8466] 8021q: adding VLAN 0 to HW filter on device bond0
[  289.510829][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  289.520626][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  289.536480][ T8466] 8021q: adding VLAN 0 to HW filter on device team0
[  289.557373][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  289.568297][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  289.577814][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.585117][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  289.638631][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  289.648108][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  289.657899][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  289.667419][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.674668][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  289.683723][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  289.694763][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  289.705696][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  289.716031][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  289.726362][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  289.736685][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  289.746853][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  289.756385][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  289.771032][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  289.780844][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  289.790393][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  289.812642][ T8466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  289.863548][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  289.871996][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  289.894326][ T8466] 8021q: adding VLAN 0 to HW filter on device batadv0
[  289.941215][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  289.951219][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  289.995573][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  290.005492][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  290.023900][ T8466] device veth0_vlan entered promiscuous mode
[  290.043467][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  290.052524][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  290.068527][ T8466] device veth1_vlan entered promiscuous mode
[  290.122982][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  290.132383][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  290.141737][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  290.151657][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  290.172149][ T8466] device veth0_macvtap entered promiscuous mode
[  290.200468][ T8466] device veth1_macvtap entered promiscuous mode
[  290.244732][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_0
[  290.253285][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  290.262784][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  290.272869][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  290.282724][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  290.308648][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_1
[  290.335433][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  290.345620][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
06:01:56 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x35, 0x0, 0x1, 0xfffffffe}, {}, {0x6, 0x0, 0x0, 0x7ffffff7}]})
socket$inet6_tcp(0xa, 0x1, 0x0)

[  291.076629][ T8691] =====================================================
[  291.083622][ T8691] BUG: KMSAN: uninit-value in ___bpf_prog_run+0x9340/0x97a0
[  291.090911][ T8691] CPU: 0 PID: 8691 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0
[  291.099487][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.109537][ T8691] Call Trace:
[  291.112836][ T8691]  dump_stack+0x1df/0x240
[  291.117175][ T8691]  kmsan_report+0xf7/0x1e0
[  291.121596][ T8691]  __msan_warning+0x58/0xa0
[  291.126106][ T8691]  ___bpf_prog_run+0x9340/0x97a0
[  291.131044][ T8691]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  291.137110][ T8691]  ? kmsan_internal_set_origin+0x75/0xb0
[  291.142758][ T8691]  __bpf_prog_run32+0x101/0x170
[  291.147619][ T8691]  ? kmsan_get_metadata+0x4f/0x180
[  291.152732][ T8691]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  291.158564][ T8691]  ? ___bpf_prog_run+0x97a0/0x97a0
[  291.163675][ T8691]  __seccomp_filter+0x59e/0x2720
[  291.168626][ T8691]  ? kmsan_get_metadata+0x4f/0x180
[  291.173743][ T8691]  ? kmsan_get_metadata+0x11d/0x180
[  291.178945][ T8691]  ? kmsan_get_metadata+0x4f/0x180
[  291.184060][ T8691]  ? kmsan_get_metadata+0x4f/0x180
[  291.189194][ T8691]  __secure_computing+0x1fa/0x380
[  291.194225][ T8691]  syscall_trace_enter+0x63b/0xe10
[  291.199353][ T8691]  __do_fast_syscall_32+0x209/0x400
[  291.204558][ T8691]  do_fast_syscall_32+0x6b/0xd0
[  291.209413][ T8691]  do_SYSENTER_32+0x73/0x90
[  291.213922][ T8691]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  291.220242][ T8691] RIP: 0023:0xf7f9d549
[  291.224300][ T8691] Code: Bad RIP value.
[  291.228358][ T8691] RSP: 002b:00000000f5d980c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000109
[  291.236766][ T8691] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f5d980f4
[  291.244738][ T8691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  291.252726][ T8691] RBP: 000000000000000e R08: 0000000000000000 R09: 0000000000000000
[  291.260704][ T8691] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  291.268690][ T8691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  291.276678][ T8691] 
[  291.279008][ T8691] Uninit was stored to memory at:
[  291.284043][ T8691]  kmsan_internal_chain_origin+0xad/0x130
[  291.289764][ T8691]  __msan_chain_origin+0x50/0x90
[  291.294702][ T8691]  ___bpf_prog_run+0x6c64/0x97a0
[  291.299646][ T8691]  __bpf_prog_run32+0x101/0x170
[  291.304515][ T8691]  __seccomp_filter+0x59e/0x2720
[  291.309467][ T8691]  __secure_computing+0x1fa/0x380
[  291.314498][ T8691]  syscall_trace_enter+0x63b/0xe10
[  291.319615][ T8691]  __do_fast_syscall_32+0x209/0x400
[  291.324817][ T8691]  do_fast_syscall_32+0x6b/0xd0
[  291.329668][ T8691]  do_SYSENTER_32+0x73/0x90
[  291.334177][ T8691]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  291.340489][ T8691] 
[  291.342813][ T8691] Local variable ----regs@__bpf_prog_run32 created at:
[  291.349669][ T8691]  __bpf_prog_run32+0x87/0x170
[  291.354432][ T8691]  __bpf_prog_run32+0x87/0x170
[  291.359185][ T8691] =====================================================
[  291.366107][ T8691] Disabling lock debugging due to kernel taint
[  291.372253][ T8691] Kernel panic - not syncing: panic_on_warn set ...
[  291.378841][ T8691] CPU: 0 PID: 8691 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  291.388807][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.398856][ T8691] Call Trace:
[  291.402150][ T8691]  dump_stack+0x1df/0x240
[  291.406488][ T8691]  panic+0x3d5/0xc3e
[  291.410405][ T8691]  kmsan_report+0x1df/0x1e0
[  291.414911][ T8691]  __msan_warning+0x58/0xa0
[  291.419424][ T8691]  ___bpf_prog_run+0x9340/0x97a0
[  291.424361][ T8691]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  291.430428][ T8691]  ? kmsan_internal_set_origin+0x75/0xb0
[  291.436073][ T8691]  __bpf_prog_run32+0x101/0x170
[  291.440933][ T8691]  ? kmsan_get_metadata+0x4f/0x180
[  291.446043][ T8691]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  291.451847][ T8691]  ? ___bpf_prog_run+0x97a0/0x97a0
[  291.456957][ T8691]  __seccomp_filter+0x59e/0x2720
[  291.463037][ T8691]  ? kmsan_get_metadata+0x4f/0x180
[  291.468280][ T8691]  ? kmsan_get_metadata+0x11d/0x180
[  291.473490][ T8691]  ? kmsan_get_metadata+0x4f/0x180
[  291.478609][ T8691]  ? kmsan_get_metadata+0x4f/0x180
[  291.483731][ T8691]  __secure_computing+0x1fa/0x380
[  291.488769][ T8691]  syscall_trace_enter+0x63b/0xe10
[  291.493908][ T8691]  __do_fast_syscall_32+0x209/0x400
[  291.499118][ T8691]  do_fast_syscall_32+0x6b/0xd0
[  291.503972][ T8691]  do_SYSENTER_32+0x73/0x90
[  291.508478][ T8691]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  291.514800][ T8691] RIP: 0023:0xf7f9d549
[  291.518862][ T8691] Code: Bad RIP value.
[  291.522920][ T8691] RSP: 002b:00000000f5d980c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000109
[  291.531327][ T8691] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f5d980f4
[  291.539293][ T8691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  291.547269][ T8691] RBP: 000000000000000e R08: 0000000000000000 R09: 0000000000000000
[  291.555238][ T8691] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  291.563219][ T8691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  291.572447][ T8691] Kernel Offset: 0xca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  291.583973][ T8691] Rebooting in 86400 seconds..