Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts. 2020/07/18 10:37:05 fuzzer started 2020/07/18 10:37:06 dialing manager at 10.128.0.26:41463 2020/07/18 10:37:06 syscalls: 2944 2020/07/18 10:37:06 code coverage: enabled 2020/07/18 10:37:06 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/18 10:37:06 extra coverage: enabled 2020/07/18 10:37:06 setuid sandbox: enabled 2020/07/18 10:37:06 namespace sandbox: enabled 2020/07/18 10:37:06 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/18 10:37:06 fault injection: enabled 2020/07/18 10:37:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/18 10:37:06 net packet injection: enabled 2020/07/18 10:37:06 net device setup: enabled 2020/07/18 10:37:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/18 10:37:06 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/18 10:37:06 USB emulation: /dev/raw-gadget does not exist 10:41:01 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r2, 0x8000000000000, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x2, 0x3, 0x240, 0xd8, 0x0, 0xd8, 0x0, 0xd8, 0x1a8, 0x1a8, 0x1a8, 0x1a8, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'ip6gretap0\x00'}, 0x0, 0xb8, 0xd8, 0x0, {}, [@common=@inet=@ecn={{0x28, 'ecn\x00'}, {0x0, 0x2}}, @common=@socket0={{0x20, 'socket\x00'}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) [ 382.081332][ T8448] IPVS: ftp: loaded support on port[0] = 21 [ 382.349411][ T8448] chnl_net:caif_netlink_parms(): no params data found [ 382.575453][ T8448] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.582720][ T8448] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.592831][ T8448] device bridge_slave_0 entered promiscuous mode [ 382.646069][ T8448] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.653215][ T8448] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.663015][ T8448] device bridge_slave_1 entered promiscuous mode [ 382.729573][ T8448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 382.744898][ T8448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 382.793826][ T8448] team0: Port device team_slave_0 added [ 382.805962][ T8448] team0: Port device team_slave_1 added [ 382.851231][ T8448] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 382.858381][ T8448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.884665][ T8448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 382.899270][ T8448] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 382.907728][ T8448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.933771][ T8448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 383.072869][ T8448] device hsr_slave_0 entered promiscuous mode [ 383.137630][ T8448] device hsr_slave_1 entered promiscuous mode [ 383.637990][ T8448] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 383.691049][ T8448] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 383.793750][ T8448] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 383.922783][ T8448] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 384.293033][ T8448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 384.340771][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 384.350094][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 384.382742][ T8448] 8021q: adding VLAN 0 to HW filter on device team0 [ 384.402627][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 384.412714][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 384.423649][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.430913][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 384.510118][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 384.519523][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 384.529538][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 384.540352][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.547683][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 384.556852][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 384.568072][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 384.579243][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 384.590220][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 384.600607][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 384.611423][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 384.622199][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 384.632369][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 384.642276][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 384.652092][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 384.674244][ T8448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 384.741917][ T8448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 384.877108][ T8448] device veth0_vlan entered promiscuous mode [ 384.906271][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 384.916265][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 384.923939][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 384.931927][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 384.943382][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 384.953794][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 384.963581][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 384.983195][ T8448] device veth1_vlan entered promiscuous mode [ 385.046460][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 385.056073][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 385.065902][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 385.076635][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 385.126895][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 385.136958][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 385.161716][ T8448] device veth0_macvtap entered promiscuous mode [ 385.193161][ T8448] device veth1_macvtap entered promiscuous mode [ 385.255492][ T8448] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 385.263326][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 385.273135][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 385.283550][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 385.293761][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 385.313299][ T8448] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 385.357920][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 385.368037][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 10:41:05 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, 0x0, 0x5) [ 385.706036][ T8661] ===================================================== [ 385.713048][ T8661] BUG: KMSAN: uninit-value in crc32_le_base+0xb93/0xd10 [ 385.720014][ T8661] CPU: 1 PID: 8661 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 385.728604][ T8661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.738676][ T8661] Call Trace: [ 385.741988][ T8661] dump_stack+0x1df/0x240 [ 385.746355][ T8661] kmsan_report+0xf7/0x1e0 [ 385.750835][ T8661] __msan_warning+0x58/0xa0 [ 385.755363][ T8661] crc32_le_base+0xb93/0xd10 [ 385.760018][ T8661] ? sock_kmalloc+0x157/0x2d0 [ 385.764706][ T8661] ? hash_sendpage+0x48c/0xdf0 [ 385.769485][ T8661] ? sock_sendpage+0x1e1/0x2c0 [ 385.774263][ T8661] ? pipe_to_sendpage+0x38c/0x4c0 [ 385.779298][ T8661] ? __splice_from_pipe+0x565/0xf00 [ 385.784558][ T8661] ? generic_splice_sendpage+0x1d5/0x2d0 [ 385.790227][ T8661] ? direct_splice_actor+0x1fd/0x580 [ 385.795541][ T8661] ? splice_direct_to_actor+0x6b2/0xf50 [ 385.801108][ T8661] ? do_splice_direct+0x342/0x580 [ 385.806165][ T8661] ? do_sendfile+0x101b/0x1d40 [ 385.810981][ T8661] ? __se_sys_sendfile64+0x2bb/0x360 [ 385.816334][ T8661] ? __x64_sys_sendfile64+0x56/0x70 [ 385.821564][ T8661] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.827696][ T8661] crc32_digest+0xdc/0x140 [ 385.832174][ T8661] ? crc32_finup+0x120/0x120 [ 385.836820][ T8661] shash_ahash_digest+0x788/0x8a0 [ 385.841910][ T8661] shash_async_digest+0xbb/0x110 [ 385.846896][ T8661] crypto_ahash_op+0x1c6/0x6c0 [ 385.851685][ T8661] ? __kmalloc+0x115/0x460 [ 385.856124][ T8661] ? kmsan_get_metadata+0x11d/0x180 [ 385.861336][ T8661] ? kmsan_get_metadata+0x11d/0x180 [ 385.866545][ T8661] ? shash_async_finup+0x110/0x110 [ 385.871665][ T8661] ? shash_async_finup+0x110/0x110 [ 385.876827][ T8661] crypto_ahash_digest+0xdc/0x150 [ 385.881874][ T8661] hash_sendpage+0x9cc/0xdf0 [ 385.886540][ T8661] ? hash_recvmsg+0xd30/0xd30 [ 385.891240][ T8661] sock_sendpage+0x1e1/0x2c0 [ 385.895859][ T8661] pipe_to_sendpage+0x38c/0x4c0 [ 385.900721][ T8661] ? sock_fasync+0x250/0x250 [ 385.905365][ T8661] __splice_from_pipe+0x565/0xf00 [ 385.910415][ T8661] ? generic_splice_sendpage+0x2d0/0x2d0 [ 385.916089][ T8661] generic_splice_sendpage+0x1d5/0x2d0 [ 385.921578][ T8661] ? iter_file_splice_write+0x1800/0x1800 [ 385.927315][ T8661] direct_splice_actor+0x1fd/0x580 [ 385.932448][ T8661] ? kmsan_get_metadata+0x4f/0x180 [ 385.937597][ T8661] splice_direct_to_actor+0x6b2/0xf50 [ 385.942991][ T8661] ? do_splice_direct+0x580/0x580 [ 385.948182][ T8661] do_splice_direct+0x342/0x580 [ 385.953064][ T8661] do_sendfile+0x101b/0x1d40 [ 385.957715][ T8661] __se_sys_sendfile64+0x2bb/0x360 [ 385.962829][ T8661] ? kmsan_get_metadata+0x4f/0x180 [ 385.967957][ T8661] __x64_sys_sendfile64+0x56/0x70 [ 385.972993][ T8661] do_syscall_64+0xb0/0x150 [ 385.977504][ T8661] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 385.983397][ T8661] RIP: 0033:0x45c1d9 [ 385.987282][ T8661] Code: Bad RIP value. [ 385.991342][ T8661] RSP: 002b:00007f32b2baac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 385.999748][ T8661] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 386.007711][ T8661] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 386.015698][ T8661] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 386.023665][ T8661] R10: 0000000000000005 R11: 0000000000000246 R12: 000000000078bf0c [ 386.031700][ T8661] R13: 0000000000c9fb6f R14: 00007f32b2bab9c0 R15: 000000000078bf0c [ 386.039683][ T8661] [ 386.042006][ T8661] Uninit was created at: [ 386.046265][ T8661] kmsan_save_stack_with_flags+0x3c/0x90 [ 386.051893][ T8661] kmsan_alloc_page+0xb9/0x180 [ 386.056658][ T8661] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 386.062231][ T8661] alloc_pages_current+0x672/0x990 [ 386.067336][ T8661] push_pipe+0x605/0xb70 [ 386.071572][ T8661] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 386.077312][ T8661] do_splice_to+0x4fc/0x14f0 [ 386.081918][ T8661] splice_direct_to_actor+0x45c/0xf50 [ 386.087288][ T8661] do_splice_direct+0x342/0x580 [ 386.092134][ T8661] do_sendfile+0x101b/0x1d40 [ 386.096735][ T8661] __se_sys_sendfile64+0x2bb/0x360 [ 386.101856][ T8661] __x64_sys_sendfile64+0x56/0x70 [ 386.106909][ T8661] do_syscall_64+0xb0/0x150 [ 386.111425][ T8661] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.117306][ T8661] ===================================================== [ 386.124227][ T8661] Disabling lock debugging due to kernel taint [ 386.130366][ T8661] Kernel panic - not syncing: panic_on_warn set ... [ 386.136956][ T8661] CPU: 1 PID: 8661 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 386.146913][ T8661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.156959][ T8661] Call Trace: [ 386.160256][ T8661] dump_stack+0x1df/0x240 [ 386.164595][ T8661] panic+0x3d5/0xc3e [ 386.168529][ T8661] kmsan_report+0x1df/0x1e0 [ 386.173042][ T8661] __msan_warning+0x58/0xa0 [ 386.177551][ T8661] crc32_le_base+0xb93/0xd10 [ 386.182149][ T8661] ? sock_kmalloc+0x157/0x2d0 [ 386.186825][ T8661] ? hash_sendpage+0x48c/0xdf0 [ 386.191591][ T8661] ? sock_sendpage+0x1e1/0x2c0 [ 386.196359][ T8661] ? pipe_to_sendpage+0x38c/0x4c0 [ 386.201385][ T8661] ? __splice_from_pipe+0x565/0xf00 [ 386.206596][ T8661] ? generic_splice_sendpage+0x1d5/0x2d0 [ 386.212239][ T8661] ? direct_splice_actor+0x1fd/0x580 [ 386.217539][ T8661] ? splice_direct_to_actor+0x6b2/0xf50 [ 386.223084][ T8661] ? do_splice_direct+0x342/0x580 [ 386.228107][ T8661] ? do_sendfile+0x101b/0x1d40 [ 386.232869][ T8661] ? __se_sys_sendfile64+0x2bb/0x360 [ 386.238150][ T8661] ? __x64_sys_sendfile64+0x56/0x70 [ 386.243354][ T8661] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.249436][ T8661] crc32_digest+0xdc/0x140 [ 386.253855][ T8661] ? crc32_finup+0x120/0x120 [ 386.258442][ T8661] shash_ahash_digest+0x788/0x8a0 [ 386.263483][ T8661] shash_async_digest+0xbb/0x110 [ 386.268433][ T8661] crypto_ahash_op+0x1c6/0x6c0 [ 386.273198][ T8661] ? __kmalloc+0x115/0x460 [ 386.277616][ T8661] ? kmsan_get_metadata+0x11d/0x180 [ 386.282814][ T8661] ? kmsan_get_metadata+0x11d/0x180 [ 386.288010][ T8661] ? shash_async_finup+0x110/0x110 [ 386.293115][ T8661] ? shash_async_finup+0x110/0x110 [ 386.298228][ T8661] crypto_ahash_digest+0xdc/0x150 [ 386.303260][ T8661] hash_sendpage+0x9cc/0xdf0 [ 386.307871][ T8661] ? hash_recvmsg+0xd30/0xd30 [ 386.312555][ T8661] sock_sendpage+0x1e1/0x2c0 [ 386.317179][ T8661] pipe_to_sendpage+0x38c/0x4c0 [ 386.322030][ T8661] ? sock_fasync+0x250/0x250 [ 386.326684][ T8661] __splice_from_pipe+0x565/0xf00 [ 386.331733][ T8661] ? generic_splice_sendpage+0x2d0/0x2d0 [ 386.337414][ T8661] generic_splice_sendpage+0x1d5/0x2d0 [ 386.342907][ T8661] ? iter_file_splice_write+0x1800/0x1800 [ 386.348657][ T8661] direct_splice_actor+0x1fd/0x580 [ 386.353781][ T8661] ? kmsan_get_metadata+0x4f/0x180 [ 386.358992][ T8661] splice_direct_to_actor+0x6b2/0xf50 [ 386.364366][ T8661] ? do_splice_direct+0x580/0x580 [ 386.369434][ T8661] do_splice_direct+0x342/0x580 [ 386.374311][ T8661] do_sendfile+0x101b/0x1d40 [ 386.378937][ T8661] __se_sys_sendfile64+0x2bb/0x360 [ 386.384066][ T8661] ? kmsan_get_metadata+0x4f/0x180 [ 386.389212][ T8661] __x64_sys_sendfile64+0x56/0x70 [ 386.394251][ T8661] do_syscall_64+0xb0/0x150 [ 386.398764][ T8661] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 386.404666][ T8661] RIP: 0033:0x45c1d9 [ 386.408553][ T8661] Code: Bad RIP value. [ 386.412668][ T8661] RSP: 002b:00007f32b2baac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 386.421083][ T8661] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 386.429050][ T8661] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 386.437017][ T8661] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 386.444981][ T8661] R10: 0000000000000005 R11: 0000000000000246 R12: 000000000078bf0c [ 386.452980][ T8661] R13: 0000000000c9fb6f R14: 00007f32b2bab9c0 R15: 000000000078bf0c [ 386.461958][ T8661] Kernel Offset: 0x2b000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 386.473583][ T8661] Rebooting in 86400 seconds..