[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts. 2020/05/27 09:28:27 parsed 1 programs 2020/05/27 09:28:30 executed programs: 0 syzkaller login: [ 118.425312][ T8841] IPVS: ftp: loaded support on port[0] = 21 [ 118.585597][ T8841] chnl_net:caif_netlink_parms(): no params data found [ 118.724707][ T8841] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.731965][ T8841] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.741229][ T8841] device bridge_slave_0 entered promiscuous mode [ 118.751601][ T8841] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.758980][ T8841] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.768714][ T8841] device bridge_slave_1 entered promiscuous mode [ 118.799733][ T8841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.811635][ T8841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 118.847265][ T8841] team0: Port device team_slave_0 added [ 118.857308][ T8841] team0: Port device team_slave_1 added [ 118.885547][ T8841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 118.892540][ T8841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 118.919033][ T8841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 118.932299][ T8841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 118.939692][ T8841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 118.965913][ T8841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 119.048692][ T8841] device hsr_slave_0 entered promiscuous mode [ 119.104220][ T8841] device hsr_slave_1 entered promiscuous mode [ 119.288341][ T8841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 119.321644][ T8841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 119.377554][ T8841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 119.437772][ T8841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 119.519022][ T8841] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.526403][ T8841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.534394][ T8841] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.542406][ T8841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.604968][ T8841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.614340][ T4034] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.625953][ T4034] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.637143][ T4034] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 119.663204][ T8841] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.670761][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.679727][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.704875][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.715102][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.724660][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.731875][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.740833][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.750575][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.760053][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.767331][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.775835][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.794605][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.812017][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.825706][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.847134][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.857185][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.866757][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.876405][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 119.885883][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.902254][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 119.911743][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.926494][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.971166][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 119.979608][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.002847][ T8841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.030144][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 120.040424][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.076754][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 120.086281][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.097838][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.108096][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.121391][ T8841] device veth0_vlan entered promiscuous mode [ 120.138031][ T8841] device veth1_vlan entered promiscuous mode [ 120.167837][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 120.176765][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 120.187088][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 120.196866][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 120.212188][ T8841] device veth0_macvtap entered promiscuous mode [ 120.228917][ T8841] device veth1_macvtap entered promiscuous mode [ 120.257745][ T8841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.266014][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 120.275411][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 120.284718][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 120.294610][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.315032][ T8841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.334259][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 120.346483][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/05/27 09:28:35 executed programs: 43 2020/05/27 09:28:40 executed programs: 111 2020/05/27 09:28:45 executed programs: 181 [ 134.564440][ T216] ===================================================== [ 134.571430][ T216] BUG: KMSAN: uninit-value in bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 134.579265][ T216] CPU: 0 PID: 216 Comm: kworker/u4:4 Not tainted 5.7.0-rc4-syzkaller #0 [ 134.587583][ T216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.597756][ T216] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 134.605553][ T216] Call Trace: [ 134.608851][ T216] dump_stack+0x1c9/0x220 [ 134.613188][ T216] kmsan_report+0xf7/0x1e0 [ 134.617616][ T216] __msan_warning+0x58/0xa0 [ 134.622122][ T216] bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 134.627593][ T216] ___bpf_prog_run+0x214d/0x97a0 [ 134.632556][ T216] ? bpf_skb_get_nlattr+0x290/0x290 [ 134.637771][ T216] __bpf_prog_run32+0x101/0x170 [ 134.642623][ T216] ? kmsan_get_metadata+0x11d/0x180 [ 134.647920][ T216] ? skb_push+0x15b/0x250 [ 134.652250][ T216] ? kmsan_get_metadata+0x4f/0x180 [ 134.657503][ T216] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 134.663307][ T216] ? ___bpf_prog_run+0x97a0/0x97a0 [ 134.668417][ T216] packet_rcv+0x70f/0x2160 [ 134.672832][ T216] ? packet_sock_destruct+0x1e0/0x1e0 [ 134.678237][ T216] dev_queue_xmit_nit+0x1199/0x1270 [ 134.683473][ T216] dev_hard_start_xmit+0x20f/0xab0 [ 134.688584][ T216] ? kmsan_get_metadata+0x11d/0x180 [ 134.693786][ T216] __dev_queue_xmit+0x2f8d/0x3b20 [ 134.698795][ T216] ? kmsan_get_metadata+0x11d/0x180 [ 134.704418][ T216] dev_queue_xmit+0x4b/0x60 [ 134.710470][ T216] batadv_send_skb_packet+0x59b/0x8c0 [ 134.715832][ T216] batadv_send_broadcast_skb+0x76/0x90 [ 134.721719][ T216] batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50 [ 134.728730][ T216] ? batadv_iv_ogm_queue_add+0x1900/0x1900 [ 134.735125][ T216] process_one_work+0x1555/0x1f40 [ 134.740137][ T216] worker_thread+0xef6/0x2450 [ 134.744822][ T216] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 134.750643][ T216] ? kmsan_get_metadata+0x11d/0x180 [ 134.756014][ T216] kthread+0x4b5/0x4f0 [ 134.760150][ T216] ? process_one_work+0x1f40/0x1f40 [ 134.765352][ T216] ? kthread_blkcg+0xf0/0xf0 [ 134.770008][ T216] ret_from_fork+0x35/0x40 [ 134.774404][ T216] [ 134.776707][ T216] Uninit was stored to memory at: [ 134.783029][ T216] kmsan_internal_chain_origin+0xad/0x130 [ 134.788728][ T216] __msan_chain_origin+0x50/0x90 [ 134.793643][ T216] ___bpf_prog_run+0x6cbe/0x97a0 [ 134.798557][ T216] __bpf_prog_run32+0x101/0x170 [ 134.803396][ T216] packet_rcv+0x70f/0x2160 [ 134.807822][ T216] dev_queue_xmit_nit+0x1199/0x1270 [ 134.813002][ T216] dev_hard_start_xmit+0x20f/0xab0 [ 134.818091][ T216] __dev_queue_xmit+0x2f8d/0x3b20 [ 134.823091][ T216] dev_queue_xmit+0x4b/0x60 [ 134.827572][ T216] batadv_send_skb_packet+0x59b/0x8c0 [ 134.832925][ T216] batadv_send_broadcast_skb+0x76/0x90 [ 134.838363][ T216] batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50 [ 134.845812][ T216] process_one_work+0x1555/0x1f40 [ 134.850813][ T216] worker_thread+0xef6/0x2450 [ 134.855486][ T216] kthread+0x4b5/0x4f0 [ 134.859553][ T216] ret_from_fork+0x35/0x40 [ 134.863980][ T216] [ 134.866294][ T216] Uninit was stored to memory at: [ 134.871315][ T216] kmsan_internal_chain_origin+0xad/0x130 [ 134.877016][ T216] __msan_chain_origin+0x50/0x90 [ 134.882040][ T216] ___bpf_prog_run+0x6c64/0x97a0 [ 134.887186][ T216] __bpf_prog_run32+0x101/0x170 [ 134.892046][ T216] packet_rcv+0x70f/0x2160 [ 134.897329][ T216] dev_queue_xmit_nit+0x1199/0x1270 [ 134.902529][ T216] dev_hard_start_xmit+0x20f/0xab0 [ 134.907686][ T216] __dev_queue_xmit+0x2f8d/0x3b20 [ 134.912700][ T216] dev_queue_xmit+0x4b/0x60 [ 134.917195][ T216] batadv_send_skb_packet+0x59b/0x8c0 [ 134.922548][ T216] batadv_send_broadcast_skb+0x76/0x90 [ 134.927991][ T216] batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50 [ 134.935018][ T216] process_one_work+0x1555/0x1f40 [ 134.940035][ T216] worker_thread+0xef6/0x2450 [ 134.944783][ T216] kthread+0x4b5/0x4f0 [ 134.948862][ T216] ret_from_fork+0x35/0x40 [ 134.953279][ T216] [ 134.955860][ T216] Local variable ----regs@__bpf_prog_run32 created at: [ 134.962788][ T216] __bpf_prog_run32+0x87/0x170 [ 134.967535][ T216] __bpf_prog_run32+0x87/0x170 [ 134.972286][ T216] ===================================================== [ 134.979193][ T216] Disabling lock debugging due to kernel taint [ 134.985320][ T216] Kernel panic - not syncing: panic_on_warn set ... [ 134.991906][ T216] CPU: 0 PID: 216 Comm: kworker/u4:4 Tainted: G B 5.7.0-rc4-syzkaller #0 [ 135.001653][ T216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.011764][ T216] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 135.019570][ T216] Call Trace: [ 135.022873][ T216] dump_stack+0x1c9/0x220 [ 135.027202][ T216] panic+0x3d5/0xc3e [ 135.031100][ T216] kmsan_report+0x1df/0x1e0 [ 135.035599][ T216] __msan_warning+0x58/0xa0 [ 135.040103][ T216] bpf_skb_get_nlattr_nest+0x14c/0x2f0 [ 135.045558][ T216] ___bpf_prog_run+0x214d/0x97a0 [ 135.050485][ T216] ? bpf_skb_get_nlattr+0x290/0x290 [ 135.055669][ T216] __bpf_prog_run32+0x101/0x170 [ 135.060498][ T216] ? kmsan_get_metadata+0x11d/0x180 [ 135.065678][ T216] ? skb_push+0x15b/0x250 [ 135.069987][ T216] ? kmsan_get_metadata+0x4f/0x180 [ 135.075095][ T216] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 135.080879][ T216] ? ___bpf_prog_run+0x97a0/0x97a0 [ 135.085972][ T216] packet_rcv+0x70f/0x2160 [ 135.090396][ T216] ? packet_sock_destruct+0x1e0/0x1e0 [ 135.095750][ T216] dev_queue_xmit_nit+0x1199/0x1270 [ 135.100937][ T216] dev_hard_start_xmit+0x20f/0xab0 [ 135.106032][ T216] ? kmsan_get_metadata+0x11d/0x180 [ 135.111313][ T216] __dev_queue_xmit+0x2f8d/0x3b20 [ 135.116516][ T216] ? kmsan_get_metadata+0x11d/0x180 [ 135.121722][ T216] dev_queue_xmit+0x4b/0x60 [ 135.126222][ T216] batadv_send_skb_packet+0x59b/0x8c0 [ 135.131583][ T216] batadv_send_broadcast_skb+0x76/0x90 [ 135.137044][ T216] batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50 [ 135.144234][ T216] ? batadv_iv_ogm_queue_add+0x1900/0x1900 [ 135.150041][ T216] process_one_work+0x1555/0x1f40 [ 135.155078][ T216] worker_thread+0xef6/0x2450 [ 135.159744][ T216] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 135.165541][ T216] ? kmsan_get_metadata+0x11d/0x180 [ 135.170726][ T216] kthread+0x4b5/0x4f0 [ 135.175466][ T216] ? process_one_work+0x1f40/0x1f40 [ 135.180659][ T216] ? kthread_blkcg+0xf0/0xf0 [ 135.185270][ T216] ret_from_fork+0x35/0x40 [ 135.191744][ T216] Kernel Offset: 0x27000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 135.203367][ T216] Rebooting in 86400 seconds..