Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
2018/12/30 11:06:11 fuzzer started
2018/12/30 11:06:16 dialing manager at 10.128.0.26:41469
2018/12/30 11:06:16 syscalls: 1
2018/12/30 11:06:16 code coverage: enabled
2018/12/30 11:06:16 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 11:06:16 setuid sandbox: enabled
2018/12/30 11:06:16 namespace sandbox: enabled
2018/12/30 11:06:16 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 11:06:16 fault injection: enabled
2018/12/30 11:06:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 11:06:16 net packet injection: enabled
2018/12/30 11:06:16 net device setup: enabled
11:06:19 executing program 0:
r0 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x4, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x0, 0x3})

syzkaller login: [  115.688665] IPVS: ftp: loaded support on port[0] = 21
[  115.840499] chnl_net:caif_netlink_parms(): no params data found
[  115.916296] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.922947] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.931462] device bridge_slave_0 entered promiscuous mode
[  115.940999] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.947611] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.955890] device bridge_slave_1 entered promiscuous mode
[  115.988828] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  116.000245] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  116.031475] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  116.040181] team0: Port device team_slave_0 added
[  116.046604] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  116.055228] team0: Port device team_slave_1 added
[  116.061331] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  116.069747] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  116.196746] device hsr_slave_0 entered promiscuous mode
[  116.363229] device hsr_slave_1 entered promiscuous mode
[  116.513140] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  116.520677] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  116.551397] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.557994] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.565193] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.571798] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.663155] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  116.669268] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.684650] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  116.699687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  116.709856] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.720570] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.730830] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  116.749311] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  116.755565] 8021q: adding VLAN 0 to HW filter on device team0
[  116.773190] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  116.781463] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.788034] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.837868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  116.846338] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.852981] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.862803] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  116.871996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  116.884834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  116.895735] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  116.902854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  116.911160] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  116.926711] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  116.933843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  116.942332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  116.959183] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  116.965375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  116.992843] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  117.012525] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.082055] ==================================================================
[  117.089484] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[  117.097014] CPU: 1 PID: 10981 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #16
[  117.104043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  117.113400] Call Trace:
[  117.115972]  <IRQ>
[  117.118118]  dump_stack+0x173/0x1d0
[  117.121746]  kmsan_report+0x12e/0x2a0
[  117.125561]  __msan_warning+0x82/0xf0
[  117.129368]  send_hsr_supervision_frame+0x1056/0x1510
[  117.134596]  hsr_announce+0x14c/0x3a0
[  117.138405]  call_timer_fn+0x285/0x600
[  117.142324]  ? hsr_dev_finalize+0xb90/0xb90
[  117.146648]  __run_timers+0xdb4/0x11d0
[  117.150531]  ? hsr_dev_finalize+0xb90/0xb90
[  117.154860]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  117.160334]  ? irqtime_account_irq+0xcf/0x2e0
[  117.164829]  ? timers_dead_cpu+0xa50/0xa50
[  117.169068]  run_timer_softirq+0x2e/0x50
[  117.173120]  __do_softirq+0x53f/0x93a
[  117.176945]  irq_exit+0x214/0x250
[  117.180396]  exiting_irq+0xe/0x10
[  117.183842]  smp_apic_timer_interrupt+0x48/0x70
[  117.188506]  apic_timer_interrupt+0x2e/0x40
[  117.192835]  </IRQ>
[  117.202141] RIP: 0010:kmsan_get_shadow_origin_ptr+0x185/0x3e0
[  117.208015] Code: e9 0f 83 e1 7f 48 c1 e1 05 48 01 ca 0f 84 8c 00 00 00 48 85 c0 0f 84 83 00 00 00 48 8b 0a 83 e1 02 48 85 c9 74 78 48 8b 48 40 <48> 85 c9 0f 84 dd 01 00 00 48 8b 40 48 48 89 da 48 85 c0 0f 84 d0
[  117.226910] RSP: 0018:ffff8880820cecf0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
[  117.234628] RAX: ffffea00028a40b0 RBX: ffffffff8c614000 RCX: ffffea000275e6b0
[  117.241892] RDX: 0000000000000000 RSI: ffff8881020cf3dc RDI: ffff8880820cf3dc
[  117.249168] RBP: ffff8880820ced20 R08: 00000000e9b8ca70 R09: 0000000000000000
[  117.256428] R10: 0000000000000000 R11: 00000000e16d95da R12: ffff8880820cf3dc
[  117.263803] R13: 0000000000000200 R14: ffff8880820cf3dc R15: ffff8881020cf3dc
[  117.271110]  __msan_metadata_ptr_for_store_4+0x13/0x20
[  117.276398]  sha256_generic_block_fn+0xa674/0xab60
[  117.281575]  crypto_sha256_update+0x35f/0x3b0
[  117.286088]  ? sha1_base_init+0x180/0x180
[  117.290227]  crypto_shash_update+0x484/0x4f0
[  117.294644]  ? integrity_kernel_read+0x221/0x280
[  117.299446]  ima_calc_file_hash+0x25ca/0x2ca0
[  117.303943]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[  117.308710]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  117.314077]  ? ext4_xattr_get+0xcd0/0xff0
[  117.318242]  ? __msan_poison_alloca+0x1f0/0x2a0
[  117.322921]  ima_collect_measurement+0x48d/0x980
[  117.327700]  process_measurement+0x1b37/0x2740
[  117.332319]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  117.337672]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[  117.343121]  ? apparmor_task_getsecid+0x172/0x190
[  117.347954]  ? apparmor_task_alloc+0x300/0x300
[  117.352532]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  117.357894]  ? security_task_getsecid+0x17f/0x190
[  117.362736]  ima_file_check+0x131/0x170
[  117.366713]  path_openat+0x4af5/0x6b90
[  117.370626]  ? expand_files+0x5d/0xcf0
[  117.374545]  ? do_sys_open+0x640/0x960
[  117.378431]  do_filp_open+0x2b8/0x710
[  117.382256]  do_sys_open+0x640/0x960
[  117.385998]  __se_sys_openat+0xcb/0xe0
[  117.389905]  __x64_sys_openat+0x56/0x70
[  117.393881]  do_syscall_64+0xbc/0xf0
[  117.397609]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  117.402787] RIP: 0033:0x47fcba
[  117.405969] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[  117.424858] RSP: 002b:000000c42017f7e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[  117.432561] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[  117.439818] RDX: 0000000000080002 RSI: 000000c4200125e0 RDI: ffffffffffffff9c
[  117.447082] RBP: 000000c42017f868 R08: 0000000000000000 R09: 0000000000000000
[  117.454338] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[  117.461601] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000001
[  117.468875] 
[  117.470486] Uninit was created at:
[  117.474019]  kmsan_save_stack_with_flags+0x7a/0x130
[  117.479023]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[  117.484809]  kmsan_alloc_page+0x7e/0x100
[  117.488897]  __alloc_pages_nodemask+0x1587/0x5f20
[  117.493723]  page_frag_alloc+0x3c1/0x980
[  117.497772]  __netdev_alloc_skb+0x1f1/0xa50
[  117.502082]  send_hsr_supervision_frame+0x168/0x1510
[  117.507185]  hsr_announce+0x14c/0x3a0
[  117.510978]  call_timer_fn+0x285/0x600
[  117.514856]  __run_timers+0xdb4/0x11d0
[  117.518733]  run_timer_softirq+0x2e/0x50
[  117.522778]  __do_softirq+0x53f/0x93a
[  117.526573] ==================================================================
[  117.533912] Disabling lock debugging due to kernel taint
[  117.539344] Kernel panic - not syncing: panic_on_warn set ...
[  117.545243] CPU: 1 PID: 10981 Comm: syz-fuzzer Tainted: G    B             4.20.0-rc7+ #16
[  117.553628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  117.562968] Call Trace:
[  117.565569]  <IRQ>
[  117.567717]  dump_stack+0x173/0x1d0
[  117.571348]  panic+0x3ce/0x961
[  117.574605]  kmsan_report+0x293/0x2a0
[  117.578408]  __msan_warning+0x82/0xf0
[  117.582218]  send_hsr_supervision_frame+0x1056/0x1510
[  117.587426]  hsr_announce+0x14c/0x3a0
[  117.591228]  call_timer_fn+0x285/0x600
[  117.595120]  ? hsr_dev_finalize+0xb90/0xb90
[  117.599451]  __run_timers+0xdb4/0x11d0
[  117.603340]  ? hsr_dev_finalize+0xb90/0xb90
[  117.607702]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  117.613142]  ? irqtime_account_irq+0xcf/0x2e0
[  117.617647]  ? timers_dead_cpu+0xa50/0xa50
[  117.621897]  run_timer_softirq+0x2e/0x50
[  117.625950]  __do_softirq+0x53f/0x93a
[  117.629756]  irq_exit+0x214/0x250
[  117.633203]  exiting_irq+0xe/0x10
[  117.636656]  smp_apic_timer_interrupt+0x48/0x70
[  117.641315]  apic_timer_interrupt+0x2e/0x40
[  117.645621]  </IRQ>
[  117.647852] RIP: 0010:kmsan_get_shadow_origin_ptr+0x185/0x3e0
[  117.653733] Code: e9 0f 83 e1 7f 48 c1 e1 05 48 01 ca 0f 84 8c 00 00 00 48 85 c0 0f 84 83 00 00 00 48 8b 0a 83 e1 02 48 85 c9 74 78 48 8b 48 40 <48> 85 c9 0f 84 dd 01 00 00 48 8b 40 48 48 89 da 48 85 c0 0f 84 d0
[  117.672627] RSP: 0018:ffff8880820cecf0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
[  117.680322] RAX: ffffea00028a40b0 RBX: ffffffff8c614000 RCX: ffffea000275e6b0
[  117.687582] RDX: 0000000000000000 RSI: ffff8881020cf3dc RDI: ffff8880820cf3dc
[  117.694842] RBP: ffff8880820ced20 R08: 00000000e9b8ca70 R09: 0000000000000000
[  117.702102] R10: 0000000000000000 R11: 00000000e16d95da R12: ffff8880820cf3dc
[  117.709370] R13: 0000000000000200 R14: ffff8880820cf3dc R15: ffff8881020cf3dc
[  117.716673]  __msan_metadata_ptr_for_store_4+0x13/0x20
[  117.721946]  sha256_generic_block_fn+0xa674/0xab60
[  117.726957]  crypto_sha256_update+0x35f/0x3b0
[  117.731459]  ? sha1_base_init+0x180/0x180
[  117.735599]  crypto_shash_update+0x484/0x4f0
[  117.740018]  ? integrity_kernel_read+0x221/0x280
[  117.744780]  ima_calc_file_hash+0x25ca/0x2ca0
[  117.749275]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[  117.754042]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  117.759412]  ? ext4_xattr_get+0xcd0/0xff0
[  117.763596]  ? __msan_poison_alloca+0x1f0/0x2a0
[  117.768272]  ima_collect_measurement+0x48d/0x980
[  117.773051]  process_measurement+0x1b37/0x2740
[  117.777668]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  117.783023]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[  117.788474]  ? apparmor_task_getsecid+0x172/0x190
[  117.793309]  ? apparmor_task_alloc+0x300/0x300
[  117.797890]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  117.803247]  ? security_task_getsecid+0x17f/0x190
[  117.808097]  ima_file_check+0x131/0x170
[  117.812073]  path_openat+0x4af5/0x6b90
[  117.815999]  ? expand_files+0x5d/0xcf0
[  117.819896]  ? do_sys_open+0x640/0x960
[  117.823781]  do_filp_open+0x2b8/0x710
[  117.827604]  do_sys_open+0x640/0x960
[  117.831325]  __se_sys_openat+0xcb/0xe0
[  117.835214]  __x64_sys_openat+0x56/0x70
[  117.839209]  do_syscall_64+0xbc/0xf0
[  117.842926]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  117.848117] RIP: 0033:0x47fcba
[  117.851297] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[  117.870187] RSP: 002b:000000c42017f7e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[  117.877887] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[  117.885167] RDX: 0000000000080002 RSI: 000000c4200125e0 RDI: ffffffffffffff9c
[  117.892424] RBP: 000000c42017f868 R08: 0000000000000000 R09: 0000000000000000
[  117.899680] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[  117.906977] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000001
[  117.915235] Kernel Offset: disabled
[  117.918866] Rebooting in 86400 seconds..