Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts.
2020/06/06 13:32:40 fuzzer started
2020/06/06 13:32:41 dialing manager at 10.128.0.26:42333
2020/06/06 13:32:41 syscalls: 2953
2020/06/06 13:32:41 code coverage: enabled
2020/06/06 13:32:41 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2020/06/06 13:32:41 extra coverage: enabled
2020/06/06 13:32:41 setuid sandbox: enabled
2020/06/06 13:32:41 namespace sandbox: enabled
2020/06/06 13:32:41 Android sandbox: enabled
2020/06/06 13:32:41 fault injection: enabled
2020/06/06 13:32:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/06/06 13:32:41 net packet injection: enabled
2020/06/06 13:32:41 net device setup: enabled
2020/06/06 13:32:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/06/06 13:32:41 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/06/06 13:32:41 USB emulation: /dev/raw-gadget does not exist
13:34:54 executing program 0:
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7ffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882)
pipe(0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x9f, 0x0, @buffer={0x0, 0xc, 0x0}, &(0x7f0000000340)="054a3bb5e3382ba0f4bd92cebb4cd68334656099dff380034dfdb2341d1d38319c093ff0091fd3d94764d393348fa8679765b6a73f64385250c1e43bb0086cf005f6bc23771907137d497d5c33d716df004213825d4c6e3ab919f17bf0d56a10384d1b922941308af9429e22697bd623be18a9f1f336212160596785b45e5bdfc7e38cbef0d628fbbe99175efeb41950b1b0ec96dec6a681cf196ff943b1b8", &(0x7f0000000500)=""/109, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)})
dup(0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x400c8c0)

syzkaller login: [  232.040531][   T32] audit: type=1400 audit(1591450494.436:8): avc:  denied  { execmem } for  pid=8843 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  232.365214][ T8844] IPVS: ftp: loaded support on port[0] = 21
[  232.624994][ T8844] chnl_net:caif_netlink_parms(): no params data found
[  232.842353][ T8844] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.849896][ T8844] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.860139][ T8844] device bridge_slave_0 entered promiscuous mode
[  232.873143][ T8844] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.881303][ T8844] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.890645][ T8844] device bridge_slave_1 entered promiscuous mode
[  232.941542][ T8844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  232.956986][ T8844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  233.006851][ T8844] team0: Port device team_slave_0 added
[  233.018136][ T8844] team0: Port device team_slave_1 added
[  233.059474][ T8844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.067021][ T8844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.093186][ T8844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  233.108406][ T8844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  233.116406][ T8844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.142658][ T8844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  233.353379][ T8844] device hsr_slave_0 entered promiscuous mode
[  233.597745][ T8844] device hsr_slave_1 entered promiscuous mode
[  233.992862][ T8844] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  234.174322][ T8844] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  234.434641][ T8844] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  234.663824][ T8844] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  234.976804][ T8844] 8021q: adding VLAN 0 to HW filter on device bond0
[  235.009586][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  235.018837][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  235.040549][ T8844] 8021q: adding VLAN 0 to HW filter on device team0
[  235.059114][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  235.069047][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  235.079472][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.086856][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.136685][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  235.146290][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  235.156219][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  235.165816][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.173068][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.182248][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  235.193248][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  235.204096][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  235.214542][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  235.225069][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  235.235397][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  235.254211][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  235.264402][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  235.274134][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  235.294943][ T8844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  235.308026][ T8844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  235.317457][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  235.327281][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  235.375922][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  235.383630][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  235.410826][ T8844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  235.455919][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  235.466082][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  235.503087][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  235.513634][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  235.538716][ T8844] device veth0_vlan entered promiscuous mode
[  235.551045][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  235.566632][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  235.595363][ T8844] device veth1_vlan entered promiscuous mode
[  235.657834][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  235.667866][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  235.677199][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  235.687442][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  235.718881][ T8844] device veth0_macvtap entered promiscuous mode
[  235.741356][ T8844] device veth1_macvtap entered promiscuous mode
[  235.788361][ T8844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.797408][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  235.806950][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  235.816226][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  235.826218][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  235.874309][ T8844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.889756][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  235.899805][ T3360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
13:34:58 executing program 0:
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mount$9p_unix(&(0x7f00000000c0)='\x00', &(0x7f0000000140)='.\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000080)={'trans=unix,', {[{@version_9p2000='version=9p2000'}]}})

[  236.586506][ T9072] =====================================================
[  236.593539][ T9072] BUG: KMSAN: uninit-value in unix_find_other+0x30f/0xda0
[  236.600665][ T9072] CPU: 1 PID: 9072 Comm: syz-executor.0 Not tainted 5.7.0-rc4-syzkaller #0
[  236.609251][ T9072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  236.619314][ T9072] Call Trace:
[  236.622619][ T9072]  dump_stack+0x1c9/0x220
[  236.626958][ T9072]  kmsan_report+0xf7/0x1e0
[  236.631400][ T9072]  __msan_warning+0x58/0xa0
[  236.635933][ T9072]  unix_find_other+0x30f/0xda0
[  236.640722][ T9072]  unix_stream_connect+0x7c5/0x2450
[  236.646021][ T9072]  ? security_socket_post_create+0x1ea/0x240
[  236.652012][ T9072]  ? kmsan_get_metadata+0x4f/0x180
[  236.657146][ T9072]  ? unix_bind+0x1bd0/0x1bd0
[  236.661737][ T9072]  p9_fd_create_unix+0x2cf/0x690
[  236.666686][ T9072]  ? kmsan_get_metadata+0x11d/0x180
[  236.672061][ T9072]  ? p9_pollwake+0x350/0x350
[  236.676671][ T9072]  p9_client_create+0xfdc/0x1dc0
[  236.681654][ T9072]  ? kmsan_get_metadata+0x11d/0x180
[  236.687117][ T9072]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  236.692926][ T9072]  v9fs_session_init+0x2ab/0x2a10
[  236.697966][ T9072]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  236.704058][ T9072]  ? v9fs_mount+0xbf/0x1170
[  236.708596][ T9072]  v9fs_mount+0x150/0x1170
[  236.713037][ T9072]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  236.719124][ T9072]  legacy_get_tree+0x169/0x2e0
[  236.723924][ T9072]  ? xfs_fs_commit_blocks+0xda0/0xda0
[  236.729312][ T9072]  ? legacy_parse_monolithic+0x2c0/0x2c0
[  236.734978][ T9072]  vfs_get_tree+0xdd/0x580
[  236.739846][ T9072]  do_mount+0x3624/0x53a0
[  236.744238][ T9072]  __se_compat_sys_mount+0x3a8/0xa10
[  236.749573][ T9072]  __ia32_compat_sys_mount+0x62/0x80
[  236.754869][ T9072]  ? locks_show+0x580/0x580
[  236.759510][ T9072]  do_fast_syscall_32+0x3bf/0x6d0
[  236.764595][ T9072]  entry_SYSENTER_compat+0x68/0x77
[  236.769730][ T9072] RIP: 0023:0xf7f54dd9
[  236.773805][ T9072] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  236.794477][ T9072] RSP: 002b:00000000f5d4f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  236.802892][ T9072] RAX: ffffffffffffffda RBX: 00000000200000c0 RCX: 0000000020000140
[  236.810868][ T9072] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000020000080
[  236.818842][ T9072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.826811][ T9072] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  236.834783][ T9072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.842782][ T9072] 
[  236.845106][ T9072] Local variable ----sun_server@p9_fd_create_unix created at:
[  236.854830][ T9072]  p9_fd_create_unix+0x8d/0x690
[  236.859685][ T9072]  p9_fd_create_unix+0x8d/0x690
[  236.864528][ T9072] =====================================================
[  236.871471][ T9072] Disabling lock debugging due to kernel taint
[  236.877617][ T9072] Kernel panic - not syncing: panic_on_warn set ...
[  236.884203][ T9072] CPU: 1 PID: 9072 Comm: syz-executor.0 Tainted: G    B             5.7.0-rc4-syzkaller #0
[  236.894168][ T9072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  236.904240][ T9072] Call Trace:
[  236.907541][ T9072]  dump_stack+0x1c9/0x220
[  236.911882][ T9072]  panic+0x3d5/0xc3e
[  236.915796][ T9072]  kmsan_report+0x1df/0x1e0
[  236.920300][ T9072]  __msan_warning+0x58/0xa0
[  236.925664][ T9072]  unix_find_other+0x30f/0xda0
[  236.930529][ T9072]  unix_stream_connect+0x7c5/0x2450
[  236.935726][ T9072]  ? security_socket_post_create+0x1ea/0x240
[  236.941705][ T9072]  ? kmsan_get_metadata+0x4f/0x180
[  236.946835][ T9072]  ? unix_bind+0x1bd0/0x1bd0
[  236.951426][ T9072]  p9_fd_create_unix+0x2cf/0x690
[  236.956395][ T9072]  ? kmsan_get_metadata+0x11d/0x180
[  236.961596][ T9072]  ? p9_pollwake+0x350/0x350
[  236.966194][ T9072]  p9_client_create+0xfdc/0x1dc0
[  236.971171][ T9072]  ? kmsan_get_metadata+0x11d/0x180
[  236.976373][ T9072]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  236.982183][ T9072]  v9fs_session_init+0x2ab/0x2a10
[  236.987220][ T9072]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  236.993292][ T9072]  ? v9fs_mount+0xbf/0x1170
[  236.997812][ T9072]  v9fs_mount+0x150/0x1170
[  237.002236][ T9072]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  237.008319][ T9072]  legacy_get_tree+0x169/0x2e0
[  237.013086][ T9072]  ? xfs_fs_commit_blocks+0xda0/0xda0
[  237.018465][ T9072]  ? legacy_parse_monolithic+0x2c0/0x2c0
[  237.024094][ T9072]  vfs_get_tree+0xdd/0x580
[  237.028519][ T9072]  do_mount+0x3624/0x53a0
[  237.032864][ T9072]  __se_compat_sys_mount+0x3a8/0xa10
[  237.038165][ T9072]  __ia32_compat_sys_mount+0x62/0x80
[  237.043451][ T9072]  ? locks_show+0x580/0x580
[  237.047955][ T9072]  do_fast_syscall_32+0x3bf/0x6d0
[  237.052999][ T9072]  entry_SYSENTER_compat+0x68/0x77
[  237.058121][ T9072] RIP: 0023:0xf7f54dd9
[  237.062189][ T9072] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  237.081793][ T9072] RSP: 002b:00000000f5d4f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  237.090211][ T9072] RAX: ffffffffffffffda RBX: 00000000200000c0 RCX: 0000000020000140
[  237.098177][ T9072] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000020000080
[  237.106157][ T9072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  237.114153][ T9072] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  237.122119][ T9072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  237.131640][ T9072] Kernel Offset: 0x10000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  237.143432][ T9072] Rebooting in 86400 seconds..