Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. 2019/02/14 07:03:37 fuzzer started 2019/02/14 07:03:43 dialing manager at 10.128.0.26:36809 2019/02/14 07:03:43 syscalls: 1 2019/02/14 07:03:43 code coverage: enabled 2019/02/14 07:03:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/02/14 07:03:43 extra coverage: extra coverage is not supported by the kernel 2019/02/14 07:03:43 setuid sandbox: enabled 2019/02/14 07:03:43 namespace sandbox: enabled 2019/02/14 07:03:43 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/14 07:03:43 fault injection: enabled 2019/02/14 07:03:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/14 07:03:43 net packet injection: enabled 2019/02/14 07:03:43 net device setup: enabled 07:06:37 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000003c0)=""/246) r1 = memfd_create(&(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x06\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86\xbbV,v8y\x9b\x93\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd5\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00]p\x9cFf\xadv\xf8\x8a\xb4jT)\xc8\xb7\xa73?\x1c\x93w\xc67j=\xb1\xc0\xe8\x19\xcc\x84\x87\xf3\xb4\x14\x96\xec!\x17h\n\xf9\xb2\x12T+\xdc\xa6\xe9\"v*\x9e\xb8\x8c\x90}\x9c\xc9\xda\xe5\x18W5\r\xc2\xdb5P1\xc7\x1e|\xc1\xbb\xf4\x1a\xbe1\xca!+1`|h\xa8\xd8\'\xc6\xac\x16\xc4\xc6JuM\x98T\x8d+;\x16\xc5\xe9v\xae\'\x92\xbf\x1f\x17\xb8\x9ax\x8b\xbb\xf1\xc8)\xc5$\xf1M\x98\xb0\x1aP\x043\xc3\xe6\x9e\x87\x89\xebp,\x1di\x12\xf2\fj\xaf\xa6g\x00\xcfY\xf6S\xa3\xf8\x9b\x1d\xba\x1au\xa6\x1c\xae\r\xa9\xe1i)\xd2\xb0\x8f\x1b?wCX\x0f\x99S\xfaA\x13\xbd\xcb\xed\"\xba\xda\xa2\xd1\xefc#\xfd5\xfc\xf3k\xaa\x83+\x83\xc5\x1b\xa7\x82\xe3\xdb\xf2\xfb4B\x19\xf2', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x0) sendfile(r0, r1, 0x0, 0x20000102000007) syzkaller login: [ 289.738223] IPVS: ftp: loaded support on port[0] = 21 [ 289.903418] chnl_net:caif_netlink_parms(): no params data found [ 289.979267] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.985969] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.994626] device bridge_slave_0 entered promiscuous mode [ 290.003930] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.010434] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.019065] device bridge_slave_1 entered promiscuous mode [ 290.055031] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 290.066500] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 290.099341] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 290.108669] team0: Port device team_slave_0 added [ 290.115618] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 290.124460] team0: Port device team_slave_1 added [ 290.130669] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 290.139675] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 290.327055] device hsr_slave_0 entered promiscuous mode [ 290.492833] device hsr_slave_1 entered promiscuous mode [ 290.753600] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 290.761264] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 290.792794] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.799341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.806580] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.813162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.899166] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.908654] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.942208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.957228] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 290.970137] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 290.978538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 290.986439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 291.003586] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 291.009684] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.025454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 291.032704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 291.041780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 291.050336] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.056890] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.073910] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 291.086842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 291.099415] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 291.107876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 291.116672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 291.125238] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.131782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.140795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 291.150406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 291.178257] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 291.185422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 291.197240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 291.216530] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 291.225224] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 291.233575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 291.242717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 291.260393] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 291.274667] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 291.285300] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 291.295192] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 291.307116] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 291.315534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 291.324164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 291.333285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 291.342056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 291.370999] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 291.378714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 291.406801] 8021q: adding VLAN 0 to HW filter on device batadv0 07:06:39 executing program 0: seccomp(0x1, 0x0, &(0x7f0000007ff0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) syz_execute_func(&(0x7f0000000180)="fe0f93cc022c022c05090065670f688b0c00004b0f642be20092f2582f899eea899e5c5acd00c4c299020e660fe2df8c31c4e17a161e0f9c71e60000e39d0f69c6b85d5d00f9c4c475acc4c1f970d226a6c4c161d9f8c4c2692990f0ffff1fc3dad266") 07:06:39 executing program 0: seccomp(0x1, 0x0, &(0x7f0000007ff0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) syz_execute_func(&(0x7f0000000180)="fe0f93cc022c022c05090065670f688b0c00004b0f642be20092f2582f899eea899e5c5acd00c4c299020e660fe2df8c31c4e17a161e0f9c71e60000e39d0f69c6b85d5d00f9c4c475acc4c1f970d226a6c4c161d9f8c4c2692990f0ffff1fc3dad266") 07:06:40 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000140)='abmxnet00xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) connect$inet(r1, &(0x7f0000000180), 0x10) sendto$inet(r1, &(0x7f0000000240)="05b43ebe797d715732980d6f7a71c92360b971bcb1abdc16963fc2141125d9f4761f3216fc9d9439de67ede4b640af31e09d87cab2440000af4cca83a062e28ea1a0246cd6d390997fd2a0f78c54e3e6545c71dd3ea7145c02279df517a69676ce5570f273ce75", 0x67, 0x4, 0x0, 0x0) 07:06:40 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000180)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000004e80)=[{&(0x7f0000000400)="c10100000000000001e5f700ac141428eb", 0x11}], 0x1}, 0x0) [ 292.711843] ================================================================== [ 292.719327] BUG: KMSAN: uninit-value in nf_nat_setup_info+0x700/0x3b00 [ 292.726045] CPU: 1 PID: 10589 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 292.733242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.742620] Call Trace: [ 292.745285] dump_stack+0x173/0x1d0 [ 292.748955] kmsan_report+0x12e/0x2a0 [ 292.752795] __msan_warning+0x82/0xf0 [ 292.756639] nf_nat_setup_info+0x700/0x3b00 [ 292.761043] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.766260] nf_nat_inet_fn+0x106c/0x11f0 [ 292.770467] ? cpu_partial_store+0x60/0x270 [ 292.774849] nf_nat_ipv4_local_fn+0x2bf/0x870 [ 292.779384] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.784598] ? nf_nat_ipv4_out+0x790/0x790 [ 292.788883] nf_hook_slow+0x176/0x3d0 [ 292.792754] __ip_local_out+0x6dc/0x800 [ 292.796779] ? __ip_local_out+0x800/0x800 [ 292.800954] ip_local_out+0xa4/0x1d0 [ 292.804711] iptunnel_xmit+0x8a7/0xde0 [ 292.808673] ip_tunnel_xmit+0x35b9/0x3980 [ 292.813372] ipgre_xmit+0x1098/0x11c0 [ 292.817212] ? ipgre_close+0x230/0x230 [ 292.821151] dev_hard_start_xmit+0x604/0xc40 [ 292.825624] __dev_queue_xmit+0x2e48/0x3b80 [ 292.830018] dev_queue_xmit+0x4b/0x60 [ 292.833842] ? __netdev_pick_tx+0x1260/0x1260 [ 292.838441] packet_sendmsg+0x79bb/0x9760 [ 292.842629] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 292.848111] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.853328] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 292.858833] ___sys_sendmsg+0xdb9/0x11b0 [ 292.862933] ? compat_packet_setsockopt+0x360/0x360 [ 292.867987] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.873205] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 292.878584] ? __fget_light+0x6e1/0x750 [ 292.882605] __se_sys_sendmsg+0x305/0x460 [ 292.886813] __x64_sys_sendmsg+0x4a/0x70 [ 292.890890] do_syscall_64+0xbc/0xf0 [ 292.894678] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 292.899880] RIP: 0033:0x457e29 [ 292.903090] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 292.922000] RSP: 002b:00007fb5177dac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 292.929724] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 292.937010] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 292.944292] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 292.951567] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb5177db6d4 [ 292.958849] R13: 00000000004c53f7 R14: 00000000004d9208 R15: 00000000ffffffff [ 292.966156] [ 292.967787] Uninit was created at: [ 292.971322] No stack [ 292.973647] ================================================================== [ 292.981008] Disabling lock debugging due to kernel taint [ 292.986464] Kernel panic - not syncing: panic_on_warn set ... [ 292.992368] CPU: 1 PID: 10589 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 293.000950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.010309] Call Trace: [ 293.012949] dump_stack+0x173/0x1d0 [ 293.016606] panic+0x3d1/0xb01 [ 293.019863] kmsan_report+0x293/0x2a0 [ 293.023697] __msan_warning+0x82/0xf0 [ 293.027535] nf_nat_setup_info+0x700/0x3b00 [ 293.031930] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 293.037145] nf_nat_inet_fn+0x106c/0x11f0 [ 293.041343] ? cpu_partial_store+0x60/0x270 [ 293.045693] nf_nat_ipv4_local_fn+0x2bf/0x870 [ 293.050227] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 293.055443] ? nf_nat_ipv4_out+0x790/0x790 [ 293.059694] nf_hook_slow+0x176/0x3d0 [ 293.063540] __ip_local_out+0x6dc/0x800 [ 293.067553] ? __ip_local_out+0x800/0x800 [ 293.071719] ip_local_out+0xa4/0x1d0 [ 293.075477] iptunnel_xmit+0x8a7/0xde0 [ 293.079423] ip_tunnel_xmit+0x35b9/0x3980 [ 293.083644] ipgre_xmit+0x1098/0x11c0 [ 293.087480] ? ipgre_close+0x230/0x230 [ 293.091386] dev_hard_start_xmit+0x604/0xc40 [ 293.095852] __dev_queue_xmit+0x2e48/0x3b80 [ 293.100233] dev_queue_xmit+0x4b/0x60 [ 293.104048] ? __netdev_pick_tx+0x1260/0x1260 [ 293.108568] packet_sendmsg+0x79bb/0x9760 [ 293.112763] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 293.118247] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 293.123469] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 293.128923] ___sys_sendmsg+0xdb9/0x11b0 [ 293.133015] ? compat_packet_setsockopt+0x360/0x360 [ 293.138065] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 293.143282] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 293.148669] ? __fget_light+0x6e1/0x750 [ 293.152696] __se_sys_sendmsg+0x305/0x460 [ 293.156905] __x64_sys_sendmsg+0x4a/0x70 [ 293.160986] do_syscall_64+0xbc/0xf0 [ 293.164725] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 293.169932] RIP: 0033:0x457e29 [ 293.173154] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 293.192079] RSP: 002b:00007fb5177dac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 293.199817] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 293.207089] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 293.214372] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 293.221652] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb5177db6d4 [ 293.228931] R13: 00000000004c53f7 R14: 00000000004d9208 R15: 00000000ffffffff [ 293.237153] Kernel Offset: disabled [ 293.240782] Rebooting in 86400 seconds..