Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. 2018/12/30 09:03:39 fuzzer started 2018/12/30 09:03:44 dialing manager at 10.128.0.26:41469 2018/12/30 09:03:44 syscalls: 1 2018/12/30 09:03:44 code coverage: enabled 2018/12/30 09:03:44 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 09:03:44 setuid sandbox: enabled 2018/12/30 09:03:44 namespace sandbox: enabled 2018/12/30 09:03:44 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 09:03:44 fault injection: enabled 2018/12/30 09:03:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 09:03:44 net packet injection: enabled 2018/12/30 09:03:44 net device setup: enabled 09:03:46 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x73) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000001280)={&(0x7f0000000000)=@un=@abs, 0x1b, 0x0}, 0x0) syzkaller login: [ 78.144530] IPVS: ftp: loaded support on port[0] = 21 [ 78.258327] chnl_net:caif_netlink_parms(): no params data found [ 78.311447] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.317987] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.325962] device bridge_slave_0 entered promiscuous mode [ 78.334445] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.340897] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.348709] device bridge_slave_1 entered promiscuous mode [ 78.374544] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 78.384821] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 78.409687] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 78.417879] team0: Port device team_slave_0 added [ 78.424364] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 78.432399] team0: Port device team_slave_1 added [ 78.438650] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 78.446701] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 78.736005] device hsr_slave_0 entered promiscuous mode [ 78.892424] device hsr_slave_1 entered promiscuous mode [ 79.123034] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 79.130408] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 79.153801] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.160271] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.167280] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.173777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.239962] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 79.246158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.258284] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.270172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.281411] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.289895] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.301299] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.316912] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 79.323083] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.334130] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 79.341645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.349843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.357782] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.364248] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.376530] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 79.389647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 79.399861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 79.407757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.416095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.424055] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.430467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.438496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 79.447096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.460192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 79.470314] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 79.480968] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 79.491293] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 79.498856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 79.507372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.515688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 79.524337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.532681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.540764] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.548831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.557031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.566852] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.583541] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 79.589626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.609499] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 79.624365] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.702010] ================================================================== [ 79.709411] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 79.716950] CPU: 1 PID: 9113 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #16 [ 79.724132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.733483] Call Trace: [ 79.736061] [ 79.738220] dump_stack+0x173/0x1d0 [ 79.741893] kmsan_report+0x12e/0x2a0 [ 79.745698] __msan_warning+0x82/0xf0 [ 79.749501] send_hsr_supervision_frame+0x1056/0x1510 [ 79.754709] hsr_announce+0x14c/0x3a0 [ 79.758799] call_timer_fn+0x285/0x600 [ 79.762695] ? hsr_dev_finalize+0xb90/0xb90 [ 79.767040] __run_timers+0xdb4/0x11d0 [ 79.770928] ? hsr_dev_finalize+0xb90/0xb90 [ 79.775263] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 79.780714] ? irqtime_account_irq+0xcf/0x2e0 [ 79.785215] ? timers_dead_cpu+0xa50/0xa50 [ 79.789452] run_timer_softirq+0x2e/0x50 [ 79.793531] __do_softirq+0x53f/0x93a [ 79.797344] irq_exit+0x214/0x250 [ 79.800794] exiting_irq+0xe/0x10 [ 79.804243] smp_apic_timer_interrupt+0x48/0x70 [ 79.808909] apic_timer_interrupt+0x2e/0x40 [ 79.813221] [ 79.815455] RIP: 0010:kmsan_kmalloc+0xd9/0x130 [ 79.820039] Code: 01 00 00 00 e8 a8 be ff ff 65 ff 0c 25 c4 8f 03 00 65 8b 04 25 c4 8f 03 00 85 c0 75 32 e8 8f c1 41 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 0f 48 83 c4 18 5b 41 5c [ 79.838939] RSP: 0018:ffff888062e6f698 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 79.846647] RAX: 0000000000000000 RBX: ffff8880627c90c0 RCX: 0000000000000009 [ 79.853910] RDX: 0000000000000008 RSI: 00000000be0000f5 RDI: ffff8880627c90c0 [ 79.861185] RBP: ffff888062e6f6d8 R08: ffff8880627c90e0 R09: 0000000000000000 [ 79.868451] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88812f807980 [ 79.875719] R13: 0000000000000246 R14: 0000000000000020 R15: 00000000006000c0 [ 79.883013] kmsan_slab_alloc+0xe/0x10 [ 79.886901] kmem_cache_alloc_trace+0x9cb/0xb90 [ 79.891590] ? memcg_update_all_list_lrus+0x41c/0x1110 [ 79.896885] memcg_update_all_list_lrus+0x41c/0x1110 [ 79.902014] mem_cgroup_css_alloc+0x1c3b/0x22a0 [ 79.906693] ? __earlyonly_bootmem_alloc+0xd0/0xd0 [ 79.911627] cgroup_apply_control_enable+0x5c8/0x2660 [ 79.916888] cgroup_mkdir+0x218d/0x3690 [ 79.920979] kernfs_iop_mkdir+0x40e/0x5d0 [ 79.925620] ? css_task_iter_end+0x530/0x530 [ 79.930040] ? kernfs_iop_lookup+0x3f0/0x3f0 [ 79.934454] vfs_mkdir+0x6a4/0x950 [ 79.938014] do_mkdirat+0x39f/0x680 [ 79.941654] __se_sys_mkdir+0x76/0x90 [ 79.945464] __x64_sys_mkdir+0x3e/0x60 [ 79.949350] do_syscall_64+0xbc/0xf0 [ 79.953166] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 79.958371] RIP: 0033:0x4572e7 [ 79.961568] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.980469] RSP: 002b:0000000000a4f658 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 79.988190] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004572e7 [ 79.995455] RDX: 0000000000a4fcb7 RSI: 00000000000001ff RDI: 0000000000a4fca0 [ 80.002725] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017 [ 80.010003] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000010 [ 80.017272] R13: 0000000000413b20 R14: 0000000000000000 R15: 0000000000000000 [ 80.024547] [ 80.026167] Uninit was created at: [ 80.029712] kmsan_save_stack_with_flags+0x7a/0x130 [ 80.034722] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 80.040513] kmsan_alloc_page+0x7e/0x100 [ 80.044574] __alloc_pages_nodemask+0x1587/0x5f20 [ 80.049417] page_frag_alloc+0x3c1/0x980 [ 80.053481] __netdev_alloc_skb+0x1f1/0xa50 [ 80.057798] send_hsr_supervision_frame+0x168/0x1510 [ 80.062900] hsr_announce+0x14c/0x3a0 [ 80.066700] call_timer_fn+0x285/0x600 [ 80.070593] __run_timers+0xdb4/0x11d0 [ 80.074474] run_timer_softirq+0x2e/0x50 [ 80.078530] __do_softirq+0x53f/0x93a [ 80.082325] ================================================================== [ 80.089674] Disabling lock debugging due to kernel taint [ 80.095119] Kernel panic - not syncing: panic_on_warn set ... [ 80.101004] CPU: 1 PID: 9113 Comm: syz-executor0 Tainted: G B 4.20.0-rc7+ #16 [ 80.109573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.118925] Call Trace: [ 80.121505] [ 80.123666] dump_stack+0x173/0x1d0 [ 80.127311] panic+0x3ce/0x961 [ 80.130535] kmsan_report+0x293/0x2a0 [ 80.134343] __msan_warning+0x82/0xf0 [ 80.138157] send_hsr_supervision_frame+0x1056/0x1510 [ 80.143372] hsr_announce+0x14c/0x3a0 [ 80.147187] call_timer_fn+0x285/0x600 [ 80.151076] ? hsr_dev_finalize+0xb90/0xb90 [ 80.155412] __run_timers+0xdb4/0x11d0 [ 80.159303] ? hsr_dev_finalize+0xb90/0xb90 [ 80.163642] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 80.169098] ? irqtime_account_irq+0xcf/0x2e0 [ 80.173600] ? timers_dead_cpu+0xa50/0xa50 [ 80.177844] run_timer_softirq+0x2e/0x50 [ 80.181920] __do_softirq+0x53f/0x93a [ 80.185736] irq_exit+0x214/0x250 [ 80.189197] exiting_irq+0xe/0x10 [ 80.192656] smp_apic_timer_interrupt+0x48/0x70 [ 80.197333] apic_timer_interrupt+0x2e/0x40 [ 80.201652] [ 80.203894] RIP: 0010:kmsan_kmalloc+0xd9/0x130 [ 80.208478] Code: 01 00 00 00 e8 a8 be ff ff 65 ff 0c 25 c4 8f 03 00 65 8b 04 25 c4 8f 03 00 85 c0 75 32 e8 8f c1 41 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 0f 48 83 c4 18 5b 41 5c [ 80.227380] RSP: 0018:ffff888062e6f698 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 80.235088] RAX: 0000000000000000 RBX: ffff8880627c90c0 RCX: 0000000000000009 [ 80.242356] RDX: 0000000000000008 RSI: 00000000be0000f5 RDI: ffff8880627c90c0 [ 80.249622] RBP: ffff888062e6f6d8 R08: ffff8880627c90e0 R09: 0000000000000000 [ 80.256894] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88812f807980 [ 80.264166] R13: 0000000000000246 R14: 0000000000000020 R15: 00000000006000c0 [ 80.271467] kmsan_slab_alloc+0xe/0x10 [ 80.275356] kmem_cache_alloc_trace+0x9cb/0xb90 [ 80.280037] ? memcg_update_all_list_lrus+0x41c/0x1110 [ 80.285336] memcg_update_all_list_lrus+0x41c/0x1110 [ 80.290472] mem_cgroup_css_alloc+0x1c3b/0x22a0 [ 80.295158] ? __earlyonly_bootmem_alloc+0xd0/0xd0 09:03:49 executing program 1: unshare(0x400) r0 = creat(&(0x7f0000000480)='./file0\x00', 0x0) fstatfs(r0, &(0x7f0000000400)=""/122) [ 80.300090] cgroup_apply_control_enable+0x5c8/0x2660 [ 80.305310] cgroup_mkdir+0x218d/0x3690 [ 80.309325] kernfs_iop_mkdir+0x40e/0x5d0 [ 80.313477] ? css_task_iter_end+0x530/0x530 [ 80.317900] ? kernfs_iop_lookup+0x3f0/0x3f0 [ 80.322310] vfs_mkdir+0x6a4/0x950 [ 80.325879] do_mkdirat+0x39f/0x680 [ 80.329522] __se_sys_mkdir+0x76/0x90 [ 80.333340] __x64_sys_mkdir+0x3e/0x60 [ 80.337239] do_syscall_64+0xbc/0xf0 [ 80.340964] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 80.346179] RIP: 0033:0x4572e7 [ 80.349375] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.368281] RSP: 002b:0000000000a4f658 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 80.375992] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004572e7 [ 80.383256] RDX: 0000000000a4fcb7 RSI: 00000000000001ff RDI: 0000000000a4fca0 [ 80.390639] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017 [ 80.397906] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000010 [ 80.405193] R13: 0000000000413b20 R14: 0000000000000000 R15: 0000000000000000 [ 80.413601] Kernel Offset: disabled [ 80.417238] Rebooting in 86400 seconds..