[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 134.533168][ T8461] bash (8461) used greatest stack depth: 3728 bytes left Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts. 2020/07/18 06:22:07 fuzzer started 2020/07/18 06:22:08 dialing manager at 10.128.0.26:41463 2020/07/18 06:22:08 syscalls: 2944 2020/07/18 06:22:08 code coverage: enabled 2020/07/18 06:22:08 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/18 06:22:08 extra coverage: enabled 2020/07/18 06:22:08 setuid sandbox: enabled 2020/07/18 06:22:08 namespace sandbox: enabled 2020/07/18 06:22:08 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/18 06:22:08 fault injection: enabled 2020/07/18 06:22:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/18 06:22:08 net packet injection: enabled 2020/07/18 06:22:08 net device setup: enabled 2020/07/18 06:22:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/18 06:22:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/18 06:22:08 USB emulation: /dev/raw-gadget does not exist 06:26:03 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002f00)=[{{0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000480)='\'~', 0x2}], 0x1}}], 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x48}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000001e00), 0x3fffffffffffe36, 0x0) [ 381.845681][ T8562] IPVS: ftp: loaded support on port[0] = 21 [ 382.158360][ T8562] chnl_net:caif_netlink_parms(): no params data found [ 382.415802][ T8562] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.423987][ T8562] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.433392][ T8562] device bridge_slave_0 entered promiscuous mode [ 382.447323][ T8562] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.456397][ T8562] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.465903][ T8562] device bridge_slave_1 entered promiscuous mode [ 382.520599][ T8562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 382.544681][ T8562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 382.602725][ T8562] team0: Port device team_slave_0 added [ 382.614718][ T8562] team0: Port device team_slave_1 added [ 382.657006][ T8562] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 382.664473][ T8562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.690717][ T8562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 382.704694][ T8562] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 382.713160][ T8562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.739214][ T8562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.888957][ T8562] device hsr_slave_0 entered promiscuous mode [ 382.962446][ T8562] device hsr_slave_1 entered promiscuous mode [ 383.424916][ T8562] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 383.489150][ T8562] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 383.568957][ T8562] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 383.628455][ T8562] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 384.048287][ T8562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 384.089181][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 384.098543][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 384.116292][ T8562] 8021q: adding VLAN 0 to HW filter on device team0 [ 384.144932][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 384.156663][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 384.166206][ T3689] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.173526][ T3689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 384.182483][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 384.192491][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 384.201952][ T3689] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.209174][ T3689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 384.269274][ T8562] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 384.280429][ T8562] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 384.297664][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 384.307618][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 384.318364][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 384.329169][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 384.339723][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 384.350060][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 384.360624][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 384.370894][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 384.380579][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 384.390928][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 384.400552][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 384.419061][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 384.428687][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 384.484506][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 384.492379][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 384.517231][ T8562] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 384.598249][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 384.608645][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 384.672096][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 384.682088][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 384.699094][ T8562] device veth0_vlan entered promiscuous mode [ 384.724430][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 384.734338][ T3689] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 384.762841][ T8562] device veth1_vlan entered promiscuous mode [ 384.825550][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 384.835473][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 384.844960][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 384.855146][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 384.877754][ T8562] device veth0_macvtap entered promiscuous mode [ 384.916598][ T8562] device veth1_macvtap entered promiscuous mode [ 384.956272][ T8562] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 384.967448][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 384.977913][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 384.987198][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 384.997517][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 385.024053][ T8562] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 385.047549][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 385.057367][ T8720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 385.204849][ T8769] ===================================================== [ 385.211871][ T8769] BUG: KMSAN: uninit-value in bpf_skb_load_helper_16+0xd9/0x2b0 [ 385.219516][ T8769] CPU: 1 PID: 8769 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 385.228101][ T8769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.238162][ T8769] Call Trace: [ 385.241472][ T8769] dump_stack+0x1df/0x240 [ 385.245839][ T8769] kmsan_report+0xf7/0x1e0 [ 385.250307][ T8769] __msan_warning+0x58/0xa0 [ 385.254833][ T8769] bpf_skb_load_helper_16+0xd9/0x2b0 [ 385.260149][ T8769] ___bpf_prog_run+0x214d/0x97a0 [ 385.265105][ T8769] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 385.271283][ T8769] ? bpf_skb_load_helper_8_no_cache+0x340/0x340 [ 385.277567][ T8769] __bpf_prog_run32+0x101/0x170 [ 385.282455][ T8769] ? kmsan_get_metadata+0x4f/0x180 [ 385.287590][ T8769] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 385.293410][ T8769] ? ___bpf_prog_run+0x97a0/0x97a0 [ 385.298537][ T8769] sk_filter_trim_cap+0x42a/0xcc0 [ 385.303597][ T8769] ? kmsan_get_metadata+0x11d/0x180 [ 385.308815][ T8769] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 385.314640][ T8769] unix_dgram_sendmsg+0x1987/0x3c30 [ 385.319862][ T8769] ? kmsan_get_metadata+0x11d/0x180 [ 385.325092][ T8769] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 385.331229][ T8769] unix_seqpacket_sendmsg+0x26c/0x2e0 [ 385.336627][ T8769] ? unix_dgram_peer_wake_me+0x7e0/0x7e0 [ 385.342277][ T8769] ____sys_sendmsg+0x1370/0x1400 [ 385.347265][ T8769] __sys_sendmmsg+0x60e/0xd80 [ 385.351994][ T8769] ? kmsan_get_metadata+0x4f/0x180 [ 385.357137][ T8769] ? kmsan_get_metadata+0x4f/0x180 [ 385.362272][ T8769] ? kmsan_internal_set_origin+0x75/0xb0 [ 385.367932][ T8769] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 385.373865][ T8769] ? kmsan_check_memory+0xd/0x10 [ 385.378815][ T8769] ? _copy_to_user+0x12e/0x1d0 [ 385.383601][ T8769] ? kmsan_get_metadata+0x11d/0x180 [ 385.388818][ T8769] ? kmsan_get_metadata+0x11d/0x180 [ 385.394029][ T8769] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 385.399851][ T8769] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 385.406022][ T8769] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 385.411936][ T8769] __se_sys_sendmmsg+0xbd/0xe0 [ 385.416723][ T8769] __x64_sys_sendmmsg+0x56/0x70 [ 385.421592][ T8769] do_syscall_64+0xb0/0x150 [ 385.426131][ T8769] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.432027][ T8769] RIP: 0033:0x45c1d9 [ 385.435918][ T8769] Code: Bad RIP value. [ 385.440001][ T8769] RSP: 002b:00007fcc6221dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 385.448420][ T8769] RAX: ffffffffffffffda RBX: 0000000000025a40 RCX: 000000000045c1d9 [ 385.456396][ T8769] RDX: 03fffffffffffe36 RSI: 0000000020001e00 RDI: 0000000000000003 [ 385.464388][ T8769] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 385.472359][ T8769] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 385.480331][ T8769] R13: 0000000000c9fb6f R14: 00007fcc6221e9c0 R15: 000000000078bf0c [ 385.488335][ T8769] [ 385.490655][ T8769] Uninit was stored to memory at: [ 385.495686][ T8769] kmsan_internal_chain_origin+0xad/0x130 [ 385.501405][ T8769] __msan_chain_origin+0x50/0x90 [ 385.506342][ T8769] ___bpf_prog_run+0x6cbe/0x97a0 [ 385.511298][ T8769] __bpf_prog_run32+0x101/0x170 [ 385.516160][ T8769] sk_filter_trim_cap+0x42a/0xcc0 [ 385.521194][ T8769] unix_dgram_sendmsg+0x1987/0x3c30 [ 385.526396][ T8769] unix_seqpacket_sendmsg+0x26c/0x2e0 [ 385.531771][ T8769] ____sys_sendmsg+0x1370/0x1400 [ 385.536709][ T8769] __sys_sendmmsg+0x60e/0xd80 [ 385.541387][ T8769] __se_sys_sendmmsg+0xbd/0xe0 [ 385.546153][ T8769] __x64_sys_sendmmsg+0x56/0x70 [ 385.551024][ T8769] do_syscall_64+0xb0/0x150 [ 385.555541][ T8769] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.561434][ T8769] [ 385.563755][ T8769] Uninit was stored to memory at: [ 385.568800][ T8769] kmsan_internal_chain_origin+0xad/0x130 [ 385.574535][ T8769] __msan_chain_origin+0x50/0x90 [ 385.579472][ T8769] ___bpf_prog_run+0x6c64/0x97a0 [ 385.584410][ T8769] __bpf_prog_run32+0x101/0x170 [ 385.589260][ T8769] sk_filter_trim_cap+0x42a/0xcc0 [ 385.594285][ T8769] unix_dgram_sendmsg+0x1987/0x3c30 [ 385.599565][ T8769] unix_seqpacket_sendmsg+0x26c/0x2e0 [ 385.604943][ T8769] ____sys_sendmsg+0x1370/0x1400 [ 385.609884][ T8769] __sys_sendmmsg+0x60e/0xd80 [ 385.614563][ T8769] __se_sys_sendmmsg+0xbd/0xe0 [ 385.619327][ T8769] __x64_sys_sendmmsg+0x56/0x70 [ 385.624181][ T8769] do_syscall_64+0xb0/0x150 [ 385.628687][ T8769] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.634573][ T8769] [ 385.636897][ T8769] Local variable ----regs@__bpf_prog_run32 created at: [ 385.643753][ T8769] __bpf_prog_run32+0x87/0x170 [ 385.648523][ T8769] __bpf_prog_run32+0x87/0x170 [ 385.653281][ T8769] ===================================================== [ 385.660211][ T8769] Disabling lock debugging due to kernel taint [ 385.666356][ T8769] Kernel panic - not syncing: panic_on_warn set ... [ 385.672963][ T8769] CPU: 1 PID: 8769 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 385.683713][ T8769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.694729][ T8769] Call Trace: [ 385.698045][ T8769] dump_stack+0x1df/0x240 [ 385.702392][ T8769] panic+0x3d5/0xc3e [ 385.707286][ T8769] kmsan_report+0x1df/0x1e0 [ 385.711824][ T8769] __msan_warning+0x58/0xa0 [ 385.716341][ T8769] bpf_skb_load_helper_16+0xd9/0x2b0 [ 385.721654][ T8769] ___bpf_prog_run+0x214d/0x97a0 [ 385.726599][ T8769] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 385.732767][ T8769] ? bpf_skb_load_helper_8_no_cache+0x340/0x340 [ 385.739040][ T8769] __bpf_prog_run32+0x101/0x170 [ 385.743917][ T8769] ? kmsan_get_metadata+0x4f/0x180 [ 385.749060][ T8769] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 385.754882][ T8769] ? ___bpf_prog_run+0x97a0/0x97a0 [ 385.760003][ T8769] sk_filter_trim_cap+0x42a/0xcc0 [ 385.765055][ T8769] ? kmsan_get_metadata+0x11d/0x180 [ 385.770262][ T8769] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 385.776080][ T8769] unix_dgram_sendmsg+0x1987/0x3c30 [ 385.781305][ T8769] ? kmsan_get_metadata+0x11d/0x180 [ 385.786526][ T8769] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 385.792639][ T8769] unix_seqpacket_sendmsg+0x26c/0x2e0 [ 385.798029][ T8769] ? unix_dgram_peer_wake_me+0x7e0/0x7e0 [ 385.804191][ T8769] ____sys_sendmsg+0x1370/0x1400 [ 385.809774][ T8769] __sys_sendmmsg+0x60e/0xd80 [ 385.814467][ T8769] ? kmsan_get_metadata+0x4f/0x180 [ 385.819598][ T8769] ? kmsan_get_metadata+0x4f/0x180 [ 385.824715][ T8769] ? kmsan_internal_set_origin+0x75/0xb0 [ 385.830366][ T8769] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 385.836285][ T8769] ? kmsan_check_memory+0xd/0x10 [ 385.841238][ T8769] ? _copy_to_user+0x12e/0x1d0 [ 385.846008][ T8769] ? kmsan_get_metadata+0x11d/0x180 [ 385.851216][ T8769] ? kmsan_get_metadata+0x11d/0x180 [ 385.857137][ T8769] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 385.862952][ T8769] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 385.869113][ T8769] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 385.875030][ T8769] __se_sys_sendmmsg+0xbd/0xe0 [ 385.879902][ T8769] __x64_sys_sendmmsg+0x56/0x70 [ 385.884764][ T8769] do_syscall_64+0xb0/0x150 [ 385.889281][ T8769] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.895230][ T8769] RIP: 0033:0x45c1d9 [ 385.899117][ T8769] Code: Bad RIP value. [ 385.903183][ T8769] RSP: 002b:00007fcc6221dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 385.911614][ T8769] RAX: ffffffffffffffda RBX: 0000000000025a40 RCX: 000000000045c1d9 [ 385.919586][ T8769] RDX: 03fffffffffffe36 RSI: 0000000020001e00 RDI: 0000000000000003 [ 385.927557][ T8769] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 385.935534][ T8769] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 385.943511][ T8769] R13: 0000000000c9fb6f R14: 00007fcc6221e9c0 R15: 000000000078bf0c [ 385.952544][ T8769] Kernel Offset: 0x18c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 385.964183][ T8769] Rebooting in 86400 seconds..