[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 93.021096] audit: type=1800 audit(1551441923.062:25): pid=10081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 93.040257] audit: type=1800 audit(1551441923.082:26): pid=10081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 93.059739] audit: type=1800 audit(1551441923.092:27): pid=10081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.221' (ECDSA) to the list of known hosts. 2019/03/01 12:05:36 fuzzer started 2019/03/01 12:05:41 dialing manager at 10.128.0.26:40269 2019/03/01 12:05:41 syscalls: 1 2019/03/01 12:05:41 code coverage: enabled 2019/03/01 12:05:41 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/01 12:05:41 extra coverage: extra coverage is not supported by the kernel 2019/03/01 12:05:41 setuid sandbox: enabled 2019/03/01 12:05:41 namespace sandbox: enabled 2019/03/01 12:05:41 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/01 12:05:41 fault injection: enabled 2019/03/01 12:05:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/01 12:05:41 net packet injection: enabled 2019/03/01 12:05:41 net device setup: enabled 12:08:38 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000000180), 0x40000000000003b, 0x0, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) syzkaller login: [ 289.504164] IPVS: ftp: loaded support on port[0] = 21 [ 289.675258] chnl_net:caif_netlink_parms(): no params data found [ 289.769113] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.775822] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.784415] device bridge_slave_0 entered promiscuous mode [ 289.794826] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.801340] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.809836] device bridge_slave_1 entered promiscuous mode [ 289.846433] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 289.858962] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 289.892455] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 289.901262] team0: Port device team_slave_0 added [ 289.908563] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 289.917471] team0: Port device team_slave_1 added [ 289.924572] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 289.933768] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 290.046907] device hsr_slave_0 entered promiscuous mode [ 290.122338] device hsr_slave_1 entered promiscuous mode [ 290.383239] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 290.390869] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 290.423869] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.430448] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.437734] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.444334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.546176] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 290.552969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.568204] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 290.582000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 290.594096] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.603807] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.617203] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 290.634377] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 290.640476] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.656792] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 290.664560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 290.675142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 290.683633] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.690132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.707665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 290.721283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 290.730881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 290.739654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 290.747978] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.754532] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.763527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 290.779069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 290.786308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 290.808340] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 290.816679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 290.827631] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 290.845530] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 290.855147] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 290.863455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 290.872568] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 290.891024] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 290.904871] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 290.913142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 290.921969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 290.930601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 290.939218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 290.952791] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 290.958862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 290.987233] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 291.007643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.231168] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 291.242585] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 291.253086] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 291.978479] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 291.989676] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 292.002929] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 12:08:42 executing program 0: r0 = socket(0x18, 0x0, 0x3) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000000)=0x2) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x20000031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)) r1 = perf_event_open$cgroup(&(0x7f0000000240)={0x4, 0x70, 0x0, 0x101, 0x0, 0x844, 0x0, 0x100, 0x0, 0x8, 0x3, 0x1, 0x6, 0x3f, 0x0, 0x7, 0x80, 0x0, 0x8, 0x36, 0x0, 0xe4d1, 0xbcac, 0x0, 0x101, 0x3, 0x5, 0x8d06, 0x0, 0x2, 0x6, 0x9, 0x91a, 0x2, 0xb6, 0x8, 0x10001, 0x0, 0x0, 0x2, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x3, 0xd0, 0x5, 0x5, 0x0, 0x60}, 0xffffffffffffff9c, 0xd, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x4001f9) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340)='/dev/hwrng\x00', 0x101000, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000380)={[{0x2, 0x7fff, 0x100000001, 0x3, 0x7, 0x1, 0x3, 0x0, 0x0, 0x1, 0xec86, 0x3, 0x8}, {0x2, 0x9, 0x8000, 0x5, 0x4, 0x7, 0x2, 0x362, 0x1, 0x20, 0x7, 0x80000001, 0x1}, {0x0, 0x3, 0x7fff, 0x9, 0x200, 0x92ac, 0x0, 0x0, 0x3, 0x5, 0x6, 0x9, 0xb95e}], 0x9}) gettid() r3 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r3, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="3400000000002500000000000500"], 0xe) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000001000), 0xffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x3, &(0x7f0000000400)) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, &(0x7f0000000140)={0x76, 0x0, 0x1, 0x1}, 0x10) lsetxattr$trusted_overlay_redirect(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0\x00', 0x8, 0x2) stat(0x0, &(0x7f0000000180)) [ 292.220578] ================================================================== [ 292.228108] BUG: KMSAN: uninit-value in bpf_convert_filter+0x2a33/0x5c50 [ 292.235018] CPU: 1 PID: 10259 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 292.242225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.251586] Call Trace: [ 292.254253] dump_stack+0x173/0x1d0 [ 292.257933] kmsan_report+0x12e/0x2a0 [ 292.261770] __msan_warning+0x82/0xf0 [ 292.265604] bpf_convert_filter+0x2a33/0x5c50 [ 292.270262] bpf_prepare_filter+0x15e4/0x1c90 [ 292.274819] __get_filter+0x4f8/0x730 [ 292.278662] sk_attach_filter+0x72/0x2e0 [ 292.282816] sock_setsockopt+0x396f/0x4bb0 [ 292.287123] __sys_setsockopt+0x336/0x540 [ 292.291315] __se_sys_setsockopt+0xdd/0x100 [ 292.295688] __x64_sys_setsockopt+0x62/0x80 [ 292.300035] do_syscall_64+0xbc/0xf0 [ 292.303813] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 292.309026] RIP: 0033:0x457e29 [ 292.312235] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 292.331151] RSP: 002b:00007fdadd415c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 292.338872] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 292.346478] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000008 [ 292.353755] RBP: 000000000073bfa0 R08: 0000000000000010 R09: 0000000000000000 [ 292.361034] R10: 000000002002eff0 R11: 0000000000000246 R12: 00007fdadd4166d4 [ 292.368330] R13: 00000000004c584f R14: 00000000004d9a88 R15: 00000000ffffffff [ 292.375630] [ 292.377258] Uninit was created at: [ 292.380794] No stack [ 292.383124] ================================================================== [ 292.390511] Disabling lock debugging due to kernel taint [ 292.395964] Kernel panic - not syncing: panic_on_warn set ... [ 292.401897] CPU: 1 PID: 10259 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 292.410489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.419849] Call Trace: [ 292.422467] dump_stack+0x173/0x1d0 [ 292.426125] panic+0x3d1/0xb01 [ 292.429401] kmsan_report+0x293/0x2a0 [ 292.433237] __msan_warning+0x82/0xf0 [ 292.437066] bpf_convert_filter+0x2a33/0x5c50 [ 292.441714] bpf_prepare_filter+0x15e4/0x1c90 [ 292.446268] __get_filter+0x4f8/0x730 [ 292.450108] sk_attach_filter+0x72/0x2e0 [ 292.454204] sock_setsockopt+0x396f/0x4bb0 [ 292.458496] __sys_setsockopt+0x336/0x540 [ 292.462697] __se_sys_setsockopt+0xdd/0x100 [ 292.467059] __x64_sys_setsockopt+0x62/0x80 [ 292.471409] do_syscall_64+0xbc/0xf0 [ 292.475155] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 292.480893] RIP: 0033:0x457e29 [ 292.484117] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 292.503031] RSP: 002b:00007fdadd415c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 292.510780] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 292.518072] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000008 [ 292.525363] RBP: 000000000073bfa0 R08: 0000000000000010 R09: 0000000000000000 [ 292.532660] R10: 000000002002eff0 R11: 0000000000000246 R12: 00007fdadd4166d4 [ 292.539954] R13: 00000000004c584f R14: 00000000004d9a88 R15: 00000000ffffffff [ 292.548255] Kernel Offset: disabled [ 292.551888] Rebooting in 86400 seconds..