Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. 2020/07/18 07:34:55 fuzzer started 2020/07/18 07:34:55 dialing manager at 10.128.0.26:41463 2020/07/18 07:34:56 syscalls: 2944 2020/07/18 07:34:56 code coverage: enabled 2020/07/18 07:34:56 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/18 07:34:56 extra coverage: enabled 2020/07/18 07:34:56 setuid sandbox: enabled 2020/07/18 07:34:56 namespace sandbox: enabled 2020/07/18 07:34:56 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/18 07:34:56 fault injection: enabled 2020/07/18 07:34:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/18 07:34:56 net packet injection: enabled 2020/07/18 07:34:56 net device setup: enabled 2020/07/18 07:34:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/18 07:34:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/18 07:34:56 USB emulation: /dev/raw-gadget does not exist 07:38:59 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x25, 0x1, 0x1}, {0x60}, {0x6, 0x0, 0x0, 0x7ffffffa}]}) syzkaller login: [ 388.576026][ T8441] IPVS: ftp: loaded support on port[0] = 21 [ 388.864110][ T8441] chnl_net:caif_netlink_parms(): no params data found [ 389.156517][ T8441] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.164809][ T8441] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.174275][ T8441] device bridge_slave_0 entered promiscuous mode [ 389.216679][ T8441] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.224186][ T8441] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.233774][ T8441] device bridge_slave_1 entered promiscuous mode [ 389.300334][ T8441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.317188][ T8441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.384388][ T8441] team0: Port device team_slave_0 added [ 389.396012][ T8441] team0: Port device team_slave_1 added [ 389.459546][ T8441] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 389.466850][ T8441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.492985][ T8441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 389.525477][ T8441] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.532534][ T8441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.560437][ T8441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 389.641458][ T8441] device hsr_slave_0 entered promiscuous mode [ 389.674186][ T8441] device hsr_slave_1 entered promiscuous mode [ 390.065279][ T8441] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 390.104116][ T8441] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 390.261550][ T8441] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 390.402123][ T8441] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 390.784618][ T8441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 390.824748][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 390.834270][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 390.870671][ T8441] 8021q: adding VLAN 0 to HW filter on device team0 [ 390.903818][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 390.914376][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 390.923915][ T3083] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.931141][ T3083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 390.982825][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 390.992799][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 391.002814][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 391.012924][ T3083] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.020284][ T3083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 391.029367][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 391.040444][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 391.091337][ T8441] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 391.103142][ T8441] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 391.165215][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 391.176394][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 391.186875][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 391.197763][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 391.209630][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 391.219542][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 391.230083][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 391.240036][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 391.249793][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 391.257563][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 391.268698][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 391.278916][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 391.299873][ T8441] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 391.368016][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 391.378678][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 391.428394][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 391.440808][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 391.456990][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 391.469771][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 391.498325][ T8441] device veth0_vlan entered promiscuous mode [ 391.528636][ T8441] device veth1_vlan entered promiscuous mode [ 391.588169][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 391.597814][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 391.607328][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 391.617363][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 391.639042][ T8441] device veth0_macvtap entered promiscuous mode [ 391.659337][ T8441] device veth1_macvtap entered promiscuous mode [ 391.708332][ T8441] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 391.717807][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 391.731262][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 391.740740][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 391.750724][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 391.778435][ T8441] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 391.814445][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 391.824506][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 392.038560][ T8649] ===================================================== [ 392.045578][ T8649] BUG: KMSAN: uninit-value in ___bpf_prog_run+0x89a6/0x97a0 [ 392.052885][ T8649] CPU: 1 PID: 8649 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 392.061472][ T8649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 392.071537][ T8649] Call Trace: [ 392.074858][ T8649] dump_stack+0x1df/0x240 [ 392.079234][ T8649] kmsan_report+0xf7/0x1e0 [ 392.083671][ T8649] __msan_warning+0x58/0xa0 [ 392.088198][ T8649] ___bpf_prog_run+0x89a6/0x97a0 [ 392.093147][ T8649] ? kfree+0xb8f/0x30f0 [ 392.097341][ T8649] ? kmsan_internal_set_origin+0x75/0xb0 [ 392.103113][ T8649] __bpf_prog_run32+0x101/0x170 [ 392.107993][ T8649] ? kmsan_get_metadata+0x4f/0x180 [ 392.113163][ T8649] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 392.118979][ T8649] ? ___bpf_prog_run+0x97a0/0x97a0 [ 392.124106][ T8649] __seccomp_filter+0x59e/0x2720 [ 392.129086][ T8649] ? kmsan_get_metadata+0x11d/0x180 [ 392.134297][ T8649] ? kmsan_get_metadata+0x4f/0x180 [ 392.139434][ T8649] ? kmsan_get_metadata+0x4f/0x180 [ 392.144590][ T8649] __secure_computing+0x1fa/0x380 [ 392.149648][ T8649] syscall_trace_enter+0x63b/0xe10 [ 392.154806][ T8649] do_syscall_64+0x54/0x150 [ 392.162119][ T8649] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 392.168024][ T8649] RIP: 0033:0x45f01a [ 392.171916][ T8649] Code: Bad RIP value. [ 392.175984][ T8649] RSP: 002b:00007f5a55ca1c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 392.184400][ T8649] RAX: ffffffffffffffda RBX: 00000000004d6388 RCX: 000000000045f01a [ 392.192405][ T8649] RDX: 0000000000004b98 RSI: 00007f5a55ca1c60 RDI: 0000000000000001 [ 392.200381][ T8649] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 392.208361][ T8649] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e [ 392.216340][ T8649] R13: 0000000000c9fb6f R14: 000000000078bf00 R15: 000000000078bf0c [ 392.224333][ T8649] [ 392.226659][ T8649] Uninit was stored to memory at: [ 392.231697][ T8649] kmsan_internal_chain_origin+0xad/0x130 [ 392.237422][ T8649] __msan_chain_origin+0x50/0x90 [ 392.242371][ T8649] ___bpf_prog_run+0x6c64/0x97a0 [ 392.247312][ T8649] __bpf_prog_run32+0x101/0x170 [ 392.252169][ T8649] __seccomp_filter+0x59e/0x2720 [ 392.257110][ T8649] __secure_computing+0x1fa/0x380 [ 392.262138][ T8649] syscall_trace_enter+0x63b/0xe10 [ 392.267259][ T8649] do_syscall_64+0x54/0x150 [ 392.271771][ T8649] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 392.277654][ T8649] [ 392.279987][ T8649] Local variable ----regs@__bpf_prog_run32 created at: [ 392.287032][ T8649] __bpf_prog_run32+0x87/0x170 [ 392.291809][ T8649] __bpf_prog_run32+0x87/0x170 [ 392.296577][ T8649] ===================================================== [ 392.303507][ T8649] Disabling lock debugging due to kernel taint [ 392.309657][ T8649] Kernel panic - not syncing: panic_on_warn set ... [ 392.316277][ T8649] CPU: 1 PID: 8649 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 392.326249][ T8649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 392.336307][ T8649] Call Trace: [ 392.339620][ T8649] dump_stack+0x1df/0x240 [ 392.343969][ T8649] panic+0x3d5/0xc3e [ 392.348197][ T8649] kmsan_report+0x1df/0x1e0 [ 392.352732][ T8649] __msan_warning+0x58/0xa0 [ 392.357271][ T8649] ___bpf_prog_run+0x89a6/0x97a0 [ 392.362253][ T8649] ? kfree+0xb8f/0x30f0 [ 392.366421][ T8649] ? kmsan_internal_set_origin+0x75/0xb0 [ 392.372084][ T8649] __bpf_prog_run32+0x101/0x170 [ 392.376970][ T8649] ? kmsan_get_metadata+0x4f/0x180 [ 392.382099][ T8649] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 392.388089][ T8649] ? ___bpf_prog_run+0x97a0/0x97a0 [ 392.393643][ T8649] __seccomp_filter+0x59e/0x2720 [ 392.398620][ T8649] ? kmsan_get_metadata+0x11d/0x180 [ 392.403845][ T8649] ? kmsan_get_metadata+0x4f/0x180 [ 392.408982][ T8649] ? kmsan_get_metadata+0x4f/0x180 [ 392.414131][ T8649] __secure_computing+0x1fa/0x380 [ 392.419186][ T8649] syscall_trace_enter+0x63b/0xe10 [ 392.424338][ T8649] do_syscall_64+0x54/0x150 [ 392.428856][ T8649] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 392.434777][ T8649] RIP: 0033:0x45f01a [ 392.438672][ T8649] Code: Bad RIP value. [ 392.443698][ T8649] RSP: 002b:00007f5a55ca1c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 392.452122][ T8649] RAX: ffffffffffffffda RBX: 00000000004d6388 RCX: 000000000045f01a [ 392.460113][ T8649] RDX: 0000000000004b98 RSI: 00007f5a55ca1c60 RDI: 0000000000000001 [ 392.468090][ T8649] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 392.476079][ T8649] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e [ 392.484119][ T8649] R13: 0000000000c9fb6f R14: 000000000078bf00 R15: 000000000078bf0c [ 392.493237][ T8649] Kernel Offset: 0x2de00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 392.504859][ T8649] Rebooting in 86400 seconds..