Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts.
2018/12/30 08:05:27 fuzzer started
2018/12/30 08:05:32 dialing manager at 10.128.0.26:41469
2018/12/30 08:05:32 syscalls: 1
2018/12/30 08:05:32 code coverage: enabled
2018/12/30 08:05:32 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 08:05:32 setuid sandbox: enabled
2018/12/30 08:05:32 namespace sandbox: enabled
2018/12/30 08:05:32 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 08:05:32 fault injection: enabled
2018/12/30 08:05:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 08:05:32 net packet injection: enabled
2018/12/30 08:05:32 net device setup: enabled
08:05:35 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x40501, 0x0)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="0bf5430f000319196e", 0x9}], 0x1)

syzkaller login: [  114.229556] IPVS: ftp: loaded support on port[0] = 21
[  114.384660] chnl_net:caif_netlink_parms(): no params data found
[  114.458779] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.465383] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.474314] device bridge_slave_0 entered promiscuous mode
[  114.483376] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.489879] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.498389] device bridge_slave_1 entered promiscuous mode
[  114.533310] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  114.544831] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  114.575687] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  114.584371] team0: Port device team_slave_0 added
[  114.590857] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  114.599489] team0: Port device team_slave_1 added
[  114.606152] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  114.614629] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  114.737812] device hsr_slave_0 entered promiscuous mode
[  114.872450] device hsr_slave_1 entered promiscuous mode
[  114.993559] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  115.001119] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  115.030885] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.037482] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.044694] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.051247] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.143077] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  115.149238] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.163388] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  115.177264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.187131] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.197427] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.208043] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  115.227542] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  115.233761] 8021q: adding VLAN 0 to HW filter on device team0
[  115.247975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  115.256782] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.263359] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.295776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  115.304332] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.310847] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.357944] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  115.367390] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  115.376338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.393438] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  115.403095] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  115.415428] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  115.421486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  115.430003] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  115.438284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  115.446712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.472963] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  115.497954] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.532769] ==================================================================
[  115.540195] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[  115.547751] CPU: 1 PID: 11033 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #16
[  115.555048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  115.564409] Call Trace:
[  115.567001]  <IRQ>
[  115.569186]  dump_stack+0x173/0x1d0
[  115.572860]  kmsan_report+0x12e/0x2a0
[  115.576693]  __msan_warning+0x82/0xf0
[  115.580581]  send_hsr_supervision_frame+0x1056/0x1510
[  115.585837]  hsr_announce+0x14c/0x3a0
[  115.589689]  call_timer_fn+0x285/0x600
[  115.593606]  ? hsr_dev_finalize+0xb90/0xb90
[  115.597976]  __run_timers+0xdb4/0x11d0
[  115.601923]  ? hsr_dev_finalize+0xb90/0xb90
[  115.606290]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  115.611757]  ? irqtime_account_irq+0xcf/0x2e0
[  115.616282]  ? timers_dead_cpu+0xa50/0xa50
[  115.620560]  run_timer_softirq+0x2e/0x50
[  115.624649]  __do_softirq+0x53f/0x93a
[  115.628492]  irq_exit+0x214/0x250
[  115.631981]  exiting_irq+0xe/0x10
[  115.635499]  smp_apic_timer_interrupt+0x48/0x70
[  115.640207]  apic_timer_interrupt+0x2e/0x40
[  115.644534]  </IRQ>
[  115.646795] RIP: 0010:kmsan_kmalloc+0xd9/0x130
[  115.651389] Code: 01 00 00 00 e8 a8 be ff ff 65 ff 0c 25 c4 8f 03 00 65 8b 04 25 c4 8f 03 00 85 c0 75 32 e8 8f c1 41 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 0f 48 83 c4 18 5b 41 5c
[  115.670333] RSP: 0018:ffff88805cdafa88 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  115.678083] RAX: 0000000000000000 RBX: ffff888094294d80 RCX: 0000000000000031
[  115.685367] RDX: 0000000000000030 RSI: 00000000874000b2 RDI: ffff888094294d80
[  115.692650] RBP: ffff88805cdafac8 R08: ffff888094294e40 R09: 0000000000000000
[  115.699945] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88821f844300
[  115.707238] R13: 0000000000000246 R14: 00000000000000c0 R15: 00000000006000c0
[  115.714578]  kmem_cache_alloc+0x572/0xb90
[  115.718762]  ? __d_alloc+0x98/0xbf0
[  115.722439]  __d_alloc+0x98/0xbf0
[  115.725948]  d_alloc+0x97/0x4f0
[  115.729253]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  115.734631]  ? d_lookup+0x1da/0x200
[  115.738344]  __lookup_hash+0x1ab/0x510
[  115.742274]  filename_create+0x2f3/0xab0
[  115.746400]  do_mkdirat+0x11c/0x680
[  115.750072]  __se_sys_mkdir+0x76/0x90
[  115.753899]  __x64_sys_mkdir+0x3e/0x60
[  115.757810]  do_syscall_64+0xbc/0xf0
[  115.761559]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  115.766791] RIP: 0033:0x4572e7
[  115.769998] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  115.788922] RSP: 002b:0000000000a4ff78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  115.796648] RAX: ffffffffffffffda RBX: 00007f55d560a000 RCX: 00000000004572e7
[  115.803927] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00000000004bd8e2
[  115.811207] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000005
[  115.818487] R10: 0000000000045000 R11: 0000000000000246 R12: 0000000000000010
[  115.825770] R13: 0000000000413b20 R14: 0000000000000000 R15: 0000000000000000
[  115.833082] 
[  115.834726] Uninit was created at:
[  115.838297]  kmsan_save_stack_with_flags+0x7a/0x130
[  115.843326]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[  115.849135]  kmsan_alloc_page+0x7e/0x100
[  115.853216]  __alloc_pages_nodemask+0x1587/0x5f20
[  115.858072]  page_frag_alloc+0x3c1/0x980
[  115.862171]  __netdev_alloc_skb+0x1f1/0xa50
[  115.866507]  send_hsr_supervision_frame+0x168/0x1510
[  115.871627]  hsr_announce+0x14c/0x3a0
[  115.875465]  call_timer_fn+0x285/0x600
[  115.879407]  __run_timers+0xdb4/0x11d0
[  115.883308]  run_timer_softirq+0x2e/0x50
[  115.887385]  __do_softirq+0x53f/0x93a
[  115.891194] ==================================================================
[  115.898558] Disabling lock debugging due to kernel taint
[  115.904035] Kernel panic - not syncing: panic_on_warn set ...
[  115.909963] CPU: 1 PID: 11033 Comm: syz-executor0 Tainted: G    B             4.20.0-rc7+ #16
[  115.918685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  115.928079] Call Trace:
[  115.930680]  <IRQ>
[  115.932855]  dump_stack+0x173/0x1d0
[  115.936513]  panic+0x3ce/0x961
[  115.939808]  kmsan_report+0x293/0x2a0
[  115.943660]  __msan_warning+0x82/0xf0
[  115.947489]  send_hsr_supervision_frame+0x1056/0x1510
[  115.952736]  hsr_announce+0x14c/0x3a0
[  115.956649]  call_timer_fn+0x285/0x600
[  115.960590]  ? hsr_dev_finalize+0xb90/0xb90
[  115.964944]  __run_timers+0xdb4/0x11d0
[  115.968924]  ? hsr_dev_finalize+0xb90/0xb90
[  115.973291]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  115.978775]  ? irqtime_account_irq+0xcf/0x2e0
[  115.983331]  ? timers_dead_cpu+0xa50/0xa50
[  115.987598]  run_timer_softirq+0x2e/0x50
[  115.991677]  __do_softirq+0x53f/0x93a
[  115.995531]  irq_exit+0x214/0x250
[  115.999031]  exiting_irq+0xe/0x10
[  116.002504]  smp_apic_timer_interrupt+0x48/0x70
[  116.007197]  apic_timer_interrupt+0x2e/0x40
[  116.011599]  </IRQ>
[  116.013850] RIP: 0010:kmsan_kmalloc+0xd9/0x130
[  116.018445] Code: 01 00 00 00 e8 a8 be ff ff 65 ff 0c 25 c4 8f 03 00 65 8b 04 25 c4 8f 03 00 85 c0 75 32 e8 8f c1 41 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 0f 48 83 c4 18 5b 41 5c
[  116.037356] RSP: 0018:ffff88805cdafa88 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  116.045133] RAX: 0000000000000000 RBX: ffff888094294d80 RCX: 0000000000000031
[  116.052412] RDX: 0000000000000030 RSI: 00000000874000b2 RDI: ffff888094294d80
[  116.059705] RBP: ffff88805cdafac8 R08: ffff888094294e40 R09: 0000000000000000
[  116.066993] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88821f844300
[  116.074284] R13: 0000000000000246 R14: 00000000000000c0 R15: 00000000006000c0
[  116.081616]  kmem_cache_alloc+0x572/0xb90
[  116.085801]  ? __d_alloc+0x98/0xbf0
[  116.089472]  __d_alloc+0x98/0xbf0
[  116.092968]  d_alloc+0x97/0x4f0
[  116.096271]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  116.101689]  ? d_lookup+0x1da/0x200
[  116.105366]  __lookup_hash+0x1ab/0x510
[  116.109294]  filename_create+0x2f3/0xab0
[  116.113407]  do_mkdirat+0x11c/0x680
[  116.117335]  __se_sys_mkdir+0x76/0x90
[  116.121167]  __x64_sys_mkdir+0x3e/0x60
[  116.125106]  do_syscall_64+0xbc/0xf0
[  116.128844]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  116.134059] RIP: 0033:0x4572e7
[  116.137266] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  116.156182] RSP: 002b:0000000000a4ff78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  116.163901] RAX: ffffffffffffffda RBX: 00007f55d560a000 RCX: 00000000004572e7
[  116.171185] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00000000004bd8e2
[  116.178463] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000005
[  116.185755] R10: 0000000000045000 R11: 0000000000000246 R12: 0000000000000010
[  116.193041] R13: 0000000000413b20 R14: 0000000000000000 R15: 0000000000000000
[  116.201274] Kernel Offset: disabled
[  116.204906] Rebooting in 86400 seconds..