[?25l[?1c7[ ok 8[?25h[?0c. [ 106.246658] audit: type=1800 audit(1551553303.326:25): pid=11630 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 106.265872] audit: type=1800 audit(1551553303.336:26): pid=11630 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 106.285370] audit: type=1800 audit(1551553303.346:27): pid=11630 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. 2019/03/02 19:01:57 fuzzer started 2019/03/02 19:02:03 dialing manager at 10.128.0.26:33709 2019/03/02 19:02:03 syscalls: 1 2019/03/02 19:02:03 code coverage: enabled 2019/03/02 19:02:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/02 19:02:03 extra coverage: extra coverage is not supported by the kernel 2019/03/02 19:02:03 setuid sandbox: enabled 2019/03/02 19:02:03 namespace sandbox: enabled 2019/03/02 19:02:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/02 19:02:03 fault injection: enabled 2019/03/02 19:02:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/02 19:02:03 net packet injection: enabled 2019/03/02 19:02:03 net device setup: enabled 19:05:12 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00') writev(r0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1) syzkaller login: [ 315.681679] IPVS: ftp: loaded support on port[0] = 21 [ 315.826034] chnl_net:caif_netlink_parms(): no params data found [ 315.895786] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.902401] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.910640] device bridge_slave_0 entered promiscuous mode [ 315.919442] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.926037] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.934166] device bridge_slave_1 entered promiscuous mode [ 315.967446] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 315.978558] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 316.009526] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 316.018178] team0: Port device team_slave_0 added [ 316.025177] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 316.034266] team0: Port device team_slave_1 added [ 316.040439] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 316.049190] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 316.226865] device hsr_slave_0 entered promiscuous mode [ 316.482879] device hsr_slave_1 entered promiscuous mode [ 316.722858] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 316.730314] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 316.760574] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.767233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 316.774473] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.781000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 316.869456] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.878338] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.902294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 316.916384] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 316.928494] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 316.935854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 316.943567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 316.960053] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 316.966333] 8021q: adding VLAN 0 to HW filter on device team0 [ 316.979724] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 316.987891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 316.996521] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 317.004848] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.011313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.026515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 317.039687] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 317.047902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 317.057103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 317.065577] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.072080] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.079716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 317.098809] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 317.111943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 317.125820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 317.134995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 317.144491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 317.153684] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 317.162428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 317.171738] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 317.187375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 317.200854] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 317.212830] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 317.222626] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 317.234649] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 317.242147] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 317.250563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 317.259244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 317.268309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 317.277973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 317.288976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 317.315373] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 317.344296] 8021q: adding VLAN 0 to HW filter on device batadv0 19:05:14 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8910, 0x0) sendto$unix(r0, &(0x7f0000000040), 0xcd, 0x20000020020050, 0x0, 0x23d) 19:05:14 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0xbf0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x5) 19:05:14 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000c86000), &(0x7f0000000040)=0x5f9) 19:05:15 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000100)='\x00', 0x1) 19:05:15 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) read(r0, &(0x7f0000000340)=""/106, 0x6a) ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000200)=0x800000000040000) socketpair$unix(0x1, 0x400000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 19:05:15 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x12202, 0x0) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x7) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xd) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000040)=0x1) mkdir(&(0x7f0000000080)='./file0\x00', 0x22) ioctl$VIDIOC_RESERVED(r0, 0x5601, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000000c0)={0x0, 0x2c, "f2d6fa27cc6bb9334234b7970acefaef3fccae0b5d0082f99194f4fa9254047f5c85b2d0b9dd8b6102f8a1e6"}, &(0x7f0000000100)=0x34) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000140)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000180)=0x1c) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000001c0)={r1, 0x10000, 0xfffffffffffeffff, 0x5, 0x9, 0x4, 0x4, 0x2, {r2, @in6={{0xa, 0x4e23, 0x5, @mcast1, 0x80000000}}, 0x5, 0x75, 0x7, 0x80000001, 0x6}}, &(0x7f0000000280)=0xb0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000002c0)={0x68d, 0x0, 'client1\x00', 0x3, "f96217943f9cad4d", "04726b063465004da2885303c2f1e4c437a2a07c2193c7545720db5976db3d50", 0x2ef}) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000380), &(0x7f00000003c0)=0x8) fcntl$addseals(r0, 0x409, 0x1) getsockopt$inet_dccp_int(r0, 0x21, 0x1b, &(0x7f0000000400), &(0x7f0000000440)=0x4) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000480)=0x5, 0x4) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f00000004c0)=0xb3) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000500)=0x0) fcntl$lock(r0, 0x24, &(0x7f0000000540)={0x1, 0x4, 0x1, 0x401, r3}) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000580)=""/104) r4 = socket$vsock_stream(0x28, 0x1, 0x0) bind$pptp(r0, &(0x7f0000000600)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000640)=""/144, &(0x7f0000000700)=0x90) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000740)={@hyper}) accept(r0, &(0x7f0000000780)=@un=@abs, &(0x7f0000000800)=0x80) fstatfs(r4, &(0x7f0000000840)=""/82) ioctl$KDSETLED(r0, 0x4b32, 0xfffffffffffff974) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000008c0)={0x0}) ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000900)={r5, 0x1}) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000940)='/dev/audio\x00', 0x40, 0x0) ioctl$IOC_PR_RELEASE(r6, 0x401070ca, &(0x7f0000000980)={0x2, 0x9}) rseq(&(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0, 0x2, 0x7, 0xf9ea, 0x1000}, 0x2}, 0x20, 0x0, 0x0) 19:05:15 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) read(r0, &(0x7f0000000340)=""/106, 0x6a) ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000200)=0x800000000040000) socketpair$unix(0x1, 0x400000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 319.015871] IPVS: ftp: loaded support on port[0] = 21 [ 319.168635] chnl_net:caif_netlink_parms(): no params data found [ 319.237306] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.243865] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.252276] device bridge_slave_0 entered promiscuous mode [ 319.263148] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.269623] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.277888] device bridge_slave_1 entered promiscuous mode [ 319.310473] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 319.322186] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 319.358447] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 319.366958] team0: Port device team_slave_0 added [ 319.374191] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 319.382701] team0: Port device team_slave_1 added [ 319.388777] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 319.398303] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 319.493715] ================================================================== [ 319.501094] BUG: KMSAN: uninit-value in linear_transfer+0xa1b/0xc50 [ 319.507504] CPU: 1 PID: 11831 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 319.514690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.524046] Call Trace: [ 319.526682] dump_stack+0x173/0x1d0 [ 319.530342] kmsan_report+0x12e/0x2a0 [ 319.534164] __msan_warning+0x82/0xf0 [ 319.537988] linear_transfer+0xa1b/0xc50 [ 319.542152] ? snd_pcm_plugin_build_linear+0xc00/0xc00 [ 319.548187] snd_pcm_plug_read_transfer+0x3bf/0x590 [ 319.553252] snd_pcm_oss_read+0xa4a/0x1960 [ 319.557544] ? snd_pcm_oss_unregister_minor+0x4b0/0x4b0 [ 319.562918] __vfs_read+0x1e5/0xbf0 [ 319.566567] ? security_file_permission+0x521/0x660 [ 319.571601] ? rw_verify_area+0x35e/0x580 [ 319.575774] vfs_read+0x359/0x6f0 [ 319.579262] __se_sys_read+0x17a/0x370 [ 319.583172] __x64_sys_read+0x4a/0x70 [ 319.586977] do_syscall_64+0xbc/0xf0 [ 319.590716] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 319.595902] RIP: 0033:0x457e29 [ 319.599098] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.618014] RSP: 002b:00007fd5c7c6bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 319.625732] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 319.633002] RDX: 000000000000006a RSI: 0000000020000340 RDI: 0000000000000003 [ 319.640275] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 319.647566] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5c7c6c6d4 [ 319.654833] R13: 00000000004c3963 R14: 00000000004d8450 R15: 00000000ffffffff [ 319.662119] [ 319.663749] Uninit was created at: [ 319.667281] No stack [ 319.669590] ================================================================== [ 319.676935] Disabling lock debugging due to kernel taint [ 319.682387] Kernel panic - not syncing: panic_on_warn set ... [ 319.688280] CPU: 1 PID: 11831 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 319.696870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.706212] Call Trace: [ 319.708804] dump_stack+0x173/0x1d0 [ 319.712440] panic+0x3d1/0xb01 [ 319.715726] kmsan_report+0x293/0x2a0 [ 319.719550] __msan_warning+0x82/0xf0 [ 319.723374] linear_transfer+0xa1b/0xc50 [ 319.727572] ? snd_pcm_plugin_build_linear+0xc00/0xc00 [ 319.732867] snd_pcm_plug_read_transfer+0x3bf/0x590 [ 319.737940] snd_pcm_oss_read+0xa4a/0x1960 [ 319.742243] ? snd_pcm_oss_unregister_minor+0x4b0/0x4b0 [ 319.747626] __vfs_read+0x1e5/0xbf0 [ 319.751265] ? security_file_permission+0x521/0x660 [ 319.756319] ? rw_verify_area+0x35e/0x580 [ 319.760508] vfs_read+0x359/0x6f0 [ 319.764017] __se_sys_read+0x17a/0x370 [ 319.767948] __x64_sys_read+0x4a/0x70 [ 319.771750] do_syscall_64+0xbc/0xf0 [ 319.775475] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 319.780669] RIP: 0033:0x457e29 [ 319.783864] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.802760] RSP: 002b:00007fd5c7c6bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 319.810466] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 319.817760] RDX: 000000000000006a RSI: 0000000020000340 RDI: 0000000000000003 [ 319.825039] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 319.832308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5c7c6c6d4 [ 319.839590] R13: 00000000004c3963 R14: 00000000004d8450 R15: 00000000ffffffff [ 319.849062] Kernel Offset: disabled [ 319.852714] Rebooting in 86400 seconds..