Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. 2020/07/21 15:42:20 fuzzer started 2020/07/21 15:42:21 dialing manager at 10.128.0.26:46529 2020/07/21 15:42:21 syscalls: 2970 2020/07/21 15:42:21 code coverage: enabled 2020/07/21 15:42:21 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/21 15:42:21 extra coverage: enabled 2020/07/21 15:42:21 setuid sandbox: enabled 2020/07/21 15:42:21 namespace sandbox: enabled 2020/07/21 15:42:21 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/21 15:42:21 fault injection: enabled 2020/07/21 15:42:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/21 15:42:21 net packet injection: enabled 2020/07/21 15:42:21 net device setup: enabled 2020/07/21 15:42:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/21 15:42:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/21 15:42:21 USB emulation: /dev/raw-gadget does not exist 15:45:37 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="402406e90bd3fa3f6f334be380bbebf961af26d159cd5e2cadae9d875e76641e23153d4bd6e01e7e92a8830f26ab27abb198ad68dcccdec4752af5eb627796832b147afcc43862a0bba92016fe5f9309c44b9682d8435957d217"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='cgroup2\x00', 0x0, 0x0) [ 284.296782][ T8493] IPVS: ftp: loaded support on port[0] = 21 [ 284.510426][ T8493] chnl_net:caif_netlink_parms(): no params data found [ 284.719034][ T8493] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.726393][ T8493] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.736080][ T8493] device bridge_slave_0 entered promiscuous mode [ 284.747867][ T8493] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.756113][ T8493] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.765399][ T8493] device bridge_slave_1 entered promiscuous mode [ 284.809829][ T8493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.824924][ T8493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.867711][ T8493] team0: Port device team_slave_0 added [ 284.879403][ T8493] team0: Port device team_slave_1 added [ 284.919533][ T8493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 284.927386][ T8493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.954264][ T8493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 284.968029][ T8493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 284.975827][ T8493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.002049][ T8493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.089960][ T8493] device hsr_slave_0 entered promiscuous mode [ 285.245092][ T8493] device hsr_slave_1 entered promiscuous mode [ 285.761346][ T8493] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 285.811566][ T8493] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 286.031495][ T8493] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 286.280737][ T8493] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 286.673804][ T8493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.705954][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 286.715461][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.736114][ T8493] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.760189][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 286.770297][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.779548][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.786853][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.806820][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 286.816339][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 286.826233][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.835958][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.843351][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.862751][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 286.873384][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 286.894033][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 286.904037][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 286.943424][ T8493] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 286.954005][ T8493] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 286.968124][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 286.977749][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 286.988280][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 286.999052][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 287.008704][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.018295][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 287.027875][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.049050][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 287.080849][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 287.089851][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 287.110417][ T8493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.149908][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 287.160305][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 287.203764][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 287.213860][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 287.225067][ T8493] device veth0_vlan entered promiscuous mode [ 287.244011][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 287.253256][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 287.265441][ T8493] device veth1_vlan entered promiscuous mode [ 287.318749][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 287.328209][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 287.337995][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 287.348068][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 287.365184][ T8493] device veth0_macvtap entered promiscuous mode [ 287.379561][ T8493] device veth1_macvtap entered promiscuous mode [ 287.414509][ T8493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.422247][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 287.432463][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 287.442038][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 287.452160][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 287.473776][ T8493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.518792][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 287.529682][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 15:45:41 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_matches\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/dev_mcast\x00') r2 = socket$nl_netfilter(0x10, 0x3, 0xc) dup3(r2, r0, 0x0) read$char_usb(0xffffffffffffffff, 0x0, 0x0) sendfile(r0, r1, 0x0, 0xfd3) [ 287.711843][ T8702] ===================================================== [ 287.718836][ T8702] BUG: KMSAN: uninit-value in nfnetlink_rcv+0x2f5/0x3ad0 [ 287.725852][ T8702] CPU: 1 PID: 8702 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 287.734419][ T8702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.744460][ T8702] Call Trace: [ 287.747741][ T8702] dump_stack+0x1df/0x240 [ 287.752076][ T8702] kmsan_report+0xf7/0x1e0 [ 287.756484][ T8702] __msan_warning+0x58/0xa0 [ 287.760980][ T8702] nfnetlink_rcv+0x2f5/0x3ad0 [ 287.765647][ T8702] ? kmsan_get_metadata+0x11d/0x180 [ 287.770838][ T8702] ? local_bh_enable+0x36/0x40 [ 287.775593][ T8702] ? __dev_queue_xmit+0x338e/0x3b20 [ 287.780801][ T8702] ? kmsan_get_metadata+0x11d/0x180 [ 287.785989][ T8702] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 287.791804][ T8702] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 287.797862][ T8702] ? netlink_deliver_tap+0xdab/0xe90 [ 287.803144][ T8702] ? kmsan_get_metadata+0x11d/0x180 [ 287.808335][ T8702] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 287.814131][ T8702] netlink_unicast+0xf9e/0x1100 [ 287.818975][ T8702] ? nfnetlink_net_exit_batch+0x280/0x280 [ 287.824693][ T8702] netlink_sendmsg+0x1246/0x14d0 [ 287.829807][ T8702] ? netlink_getsockopt+0x1440/0x1440 [ 287.835170][ T8702] kernel_sendmsg+0x433/0x440 [ 287.839846][ T8702] sock_no_sendpage+0x235/0x300 [ 287.844695][ T8702] ? sock_no_mmap+0x30/0x30 [ 287.849189][ T8702] sock_sendpage+0x1e1/0x2c0 [ 287.853777][ T8702] pipe_to_sendpage+0x38c/0x4c0 [ 287.858615][ T8702] ? sock_fasync+0x250/0x250 [ 287.863204][ T8702] __splice_from_pipe+0x565/0xf00 [ 287.868217][ T8702] ? generic_splice_sendpage+0x2d0/0x2d0 [ 287.873850][ T8702] generic_splice_sendpage+0x1d5/0x2d0 [ 287.879304][ T8702] ? iter_file_splice_write+0x1800/0x1800 [ 287.885012][ T8702] direct_splice_actor+0x1fd/0x580 [ 287.890123][ T8702] ? kmsan_get_metadata+0x4f/0x180 [ 287.895235][ T8702] splice_direct_to_actor+0x6b2/0xf50 [ 287.900608][ T8702] ? do_splice_direct+0x580/0x580 [ 287.905640][ T8702] do_splice_direct+0x342/0x580 [ 287.910493][ T8702] do_sendfile+0x101b/0x1d40 [ 287.915090][ T8702] __se_sys_sendfile64+0x2bb/0x360 [ 287.920192][ T8702] ? kmsan_get_metadata+0x4f/0x180 [ 287.925321][ T8702] __x64_sys_sendfile64+0x56/0x70 [ 287.930335][ T8702] do_syscall_64+0xb0/0x150 [ 287.934829][ T8702] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 287.940711][ T8702] RIP: 0033:0x45c1d9 [ 287.944585][ T8702] Code: Bad RIP value. [ 287.948635][ T8702] RSP: 002b:00007f5740830c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 287.957033][ T8702] RAX: ffffffffffffffda RBX: 00000000000260c0 RCX: 000000000045c1d9 [ 287.965000][ T8702] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 287.972961][ T8702] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 287.980920][ T8702] R10: 0000000000000fd3 R11: 0000000000000246 R12: 000000000078bf0c [ 287.988877][ T8702] R13: 0000000000c9fb6f R14: 00007f57408319c0 R15: 000000000078bf0c [ 287.996855][ T8702] [ 287.999175][ T8702] Uninit was stored to memory at: [ 288.004194][ T8702] kmsan_internal_chain_origin+0xad/0x130 [ 288.009898][ T8702] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 288.015862][ T8702] kmsan_memcpy_metadata+0xb/0x10 [ 288.020870][ T8702] __msan_memcpy+0x43/0x50 [ 288.025288][ T8702] _copy_from_iter_full+0xbfe/0x13b0 [ 288.030571][ T8702] netlink_sendmsg+0xfaa/0x14d0 [ 288.035419][ T8702] kernel_sendmsg+0x433/0x440 [ 288.040111][ T8702] sock_no_sendpage+0x235/0x300 [ 288.044969][ T8702] sock_sendpage+0x1e1/0x2c0 [ 288.049556][ T8702] pipe_to_sendpage+0x38c/0x4c0 [ 288.054399][ T8702] __splice_from_pipe+0x565/0xf00 [ 288.059410][ T8702] generic_splice_sendpage+0x1d5/0x2d0 [ 288.064855][ T8702] direct_splice_actor+0x1fd/0x580 [ 288.069953][ T8702] splice_direct_to_actor+0x6b2/0xf50 [ 288.075317][ T8702] do_splice_direct+0x342/0x580 [ 288.080156][ T8702] do_sendfile+0x101b/0x1d40 [ 288.084734][ T8702] __se_sys_sendfile64+0x2bb/0x360 [ 288.089828][ T8702] __x64_sys_sendfile64+0x56/0x70 [ 288.094838][ T8702] do_syscall_64+0xb0/0x150 [ 288.099326][ T8702] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 288.105194][ T8702] [ 288.107507][ T8702] Uninit was created at: [ 288.111736][ T8702] kmsan_save_stack_with_flags+0x3c/0x90 [ 288.117356][ T8702] kmsan_alloc_page+0xb9/0x180 [ 288.122103][ T8702] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 288.127632][ T8702] alloc_pages_current+0x672/0x990 [ 288.132731][ T8702] push_pipe+0x605/0xb70 [ 288.137043][ T8702] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 288.142752][ T8702] do_splice_to+0x4fc/0x14f0 [ 288.148371][ T8702] splice_direct_to_actor+0x45c/0xf50 [ 288.153731][ T8702] do_splice_direct+0x342/0x580 [ 288.158565][ T8702] do_sendfile+0x101b/0x1d40 [ 288.163138][ T8702] __se_sys_sendfile64+0x2bb/0x360 [ 288.168233][ T8702] __x64_sys_sendfile64+0x56/0x70 [ 288.173244][ T8702] do_syscall_64+0xb0/0x150 [ 288.177733][ T8702] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 288.183603][ T8702] ===================================================== [ 288.190513][ T8702] Disabling lock debugging due to kernel taint [ 288.196796][ T8702] Kernel panic - not syncing: panic_on_warn set ... [ 288.203395][ T8702] CPU: 1 PID: 8702 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 288.213443][ T8702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.223492][ T8702] Call Trace: [ 288.226777][ T8702] dump_stack+0x1df/0x240 [ 288.231104][ T8702] panic+0x3d5/0xc3e [ 288.235005][ T8702] kmsan_report+0x1df/0x1e0 [ 288.239516][ T8702] __msan_warning+0x58/0xa0 [ 288.244021][ T8702] nfnetlink_rcv+0x2f5/0x3ad0 [ 288.248686][ T8702] ? kmsan_get_metadata+0x11d/0x180 [ 288.253892][ T8702] ? local_bh_enable+0x36/0x40 [ 288.258642][ T8702] ? __dev_queue_xmit+0x338e/0x3b20 [ 288.263843][ T8702] ? kmsan_get_metadata+0x11d/0x180 [ 288.269032][ T8702] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 288.274826][ T8702] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 288.280880][ T8702] ? netlink_deliver_tap+0xdab/0xe90 [ 288.286161][ T8702] ? kmsan_get_metadata+0x11d/0x180 [ 288.291433][ T8702] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 288.297229][ T8702] netlink_unicast+0xf9e/0x1100 [ 288.302071][ T8702] ? nfnetlink_net_exit_batch+0x280/0x280 [ 288.307783][ T8702] netlink_sendmsg+0x1246/0x14d0 [ 288.312720][ T8702] ? netlink_getsockopt+0x1440/0x1440 [ 288.318075][ T8702] kernel_sendmsg+0x433/0x440 [ 288.322746][ T8702] sock_no_sendpage+0x235/0x300 [ 288.327593][ T8702] ? sock_no_mmap+0x30/0x30 [ 288.332118][ T8702] sock_sendpage+0x1e1/0x2c0 [ 288.336703][ T8702] pipe_to_sendpage+0x38c/0x4c0 [ 288.341540][ T8702] ? sock_fasync+0x250/0x250 [ 288.346128][ T8702] __splice_from_pipe+0x565/0xf00 [ 288.351403][ T8702] ? generic_splice_sendpage+0x2d0/0x2d0 [ 288.357035][ T8702] generic_splice_sendpage+0x1d5/0x2d0 [ 288.362488][ T8702] ? iter_file_splice_write+0x1800/0x1800 [ 288.368194][ T8702] direct_splice_actor+0x1fd/0x580 [ 288.373300][ T8702] ? kmsan_get_metadata+0x4f/0x180 [ 288.378408][ T8702] splice_direct_to_actor+0x6b2/0xf50 [ 288.383767][ T8702] ? do_splice_direct+0x580/0x580 [ 288.388809][ T8702] do_splice_direct+0x342/0x580 [ 288.393745][ T8702] do_sendfile+0x101b/0x1d40 [ 288.398359][ T8702] __se_sys_sendfile64+0x2bb/0x360 [ 288.403461][ T8702] ? kmsan_get_metadata+0x4f/0x180 [ 288.408565][ T8702] __x64_sys_sendfile64+0x56/0x70 [ 288.413578][ T8702] do_syscall_64+0xb0/0x150 [ 288.418076][ T8702] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 288.423953][ T8702] RIP: 0033:0x45c1d9 [ 288.427838][ T8702] Code: Bad RIP value. [ 288.431887][ T8702] RSP: 002b:00007f5740830c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 288.440301][ T8702] RAX: ffffffffffffffda RBX: 00000000000260c0 RCX: 000000000045c1d9 [ 288.448257][ T8702] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 288.456214][ T8702] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 288.464171][ T8702] R10: 0000000000000fd3 R11: 0000000000000246 R12: 000000000078bf0c [ 288.472127][ T8702] R13: 0000000000c9fb6f R14: 00007f57408319c0 R15: 000000000078bf0c [ 288.481442][ T8702] Kernel Offset: 0xde00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 288.492981][ T8702] Rebooting in 86400 seconds..