[ 94.672136] audit: type=1800 audit(1551847251.735:25): pid=10581 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 94.691209] audit: type=1800 audit(1551847251.735:26): pid=10581 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 94.710647] audit: type=1800 audit(1551847251.755:27): pid=10581 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 95.970091] sshd (10647) used greatest stack depth: 54176 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.212' (ECDSA) to the list of known hosts. 2019/03/06 04:41:04 fuzzer started 2019/03/06 04:41:10 dialing manager at 10.128.0.26:38547 2019/03/06 04:41:10 syscalls: 1 2019/03/06 04:41:10 code coverage: enabled 2019/03/06 04:41:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/06 04:41:10 extra coverage: extra coverage is not supported by the kernel 2019/03/06 04:41:10 setuid sandbox: enabled 2019/03/06 04:41:10 namespace sandbox: enabled 2019/03/06 04:41:10 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/06 04:41:10 fault injection: enabled 2019/03/06 04:41:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/06 04:41:10 net packet injection: enabled 2019/03/06 04:41:10 net device setup: enabled 04:44:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc018aec0, &(0x7f0000000080)={0x0, 0x1000000, 0x0, 0x713000, &(0x7f0000000000/0x2000)=nil}) syzkaller login: [ 306.980206] IPVS: ftp: loaded support on port[0] = 21 [ 307.149727] chnl_net:caif_netlink_parms(): no params data found [ 307.240089] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.246745] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.255351] device bridge_slave_0 entered promiscuous mode [ 307.265729] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.272424] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.280941] device bridge_slave_1 entered promiscuous mode [ 307.317240] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 307.328944] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 307.363344] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 307.372186] team0: Port device team_slave_0 added [ 307.379621] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 307.388368] team0: Port device team_slave_1 added [ 307.395922] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 307.404619] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 307.587013] device hsr_slave_0 entered promiscuous mode [ 307.812817] device hsr_slave_1 entered promiscuous mode [ 308.023107] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 308.030935] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 308.063218] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.069798] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.077070] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.083664] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.167346] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.176179] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.209946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 308.222548] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 308.237511] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 308.246260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 308.254214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 308.271254] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 308.277648] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.293324] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 308.300519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 308.309361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 308.317911] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.324533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.341051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 308.354563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 308.368142] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 308.376545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.385472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 308.394012] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.400508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.408406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 308.418115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 308.433444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 308.440510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 308.449816] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 308.465783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 308.479562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 308.487106] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 308.495746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 308.505186] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 308.514721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 308.523392] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 308.538770] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 308.546425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 308.554921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 308.571382] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 308.578142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 308.608739] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 308.630440] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 308.814762] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 308.846932] ================================================================== [ 308.854378] BUG: KMSAN: uninit-value in kvm_clear_dirty_log_protect+0x78b/0xaa0 [ 308.861880] CPU: 1 PID: 10751 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #10 [ 308.869163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.878526] Call Trace: [ 308.881196] dump_stack+0x173/0x1d0 [ 308.884860] kmsan_report+0x12e/0x2a0 [ 308.889210] __msan_warning+0x82/0xf0 [ 308.893042] kvm_clear_dirty_log_protect+0x78b/0xaa0 [ 308.898322] kvm_vm_ioctl_clear_dirty_log+0x143/0x210 [ 308.903544] kvm_vm_ioctl+0xe48/0x2df0 [ 308.907475] ? __msan_poison_alloca+0x1f0/0x2a0 [ 308.912161] ? vcpu_stat_clear_per_vm+0x280/0x280 [ 308.917022] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 308.922231] ? vcpu_stat_clear_per_vm+0x280/0x280 [ 308.927103] do_vfs_ioctl+0xebd/0x2bf0 [ 308.931032] ? security_file_ioctl+0x92/0x200 [ 308.935566] __se_sys_ioctl+0x1da/0x270 [ 308.939579] __x64_sys_ioctl+0x4a/0x70 [ 308.943492] do_syscall_64+0xbc/0xf0 [ 308.947312] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 308.952516] RIP: 0033:0x457f29 [ 308.955730] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 308.974647] RSP: 002b:00007f309e2aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 308.982372] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 308.989652] RDX: 0000000020000080 RSI: 00000000c018aec0 RDI: 0000000000000004 [ 308.996931] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 309.004210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f309e2af6d4 [ 309.011491] R13: 00000000004ca398 R14: 00000000004d2f70 R15: 00000000ffffffff [ 309.018791] [ 309.020415] Uninit was created at: [ 309.023972] kmsan_save_stack_with_flags+0x7a/0x130 [ 309.029005] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 309.034817] kmsan_alloc_page+0x7e/0x100 [ 309.038893] __alloc_pages_nodemask+0x137b/0x5e30 [ 309.043748] alloc_pages_current+0x69d/0x9b0 [ 309.048166] new_slab+0x3c6/0x20b0 [ 309.051716] ___slab_alloc+0x1577/0x2060 [ 309.055789] kmem_cache_alloc_trace+0xac3/0xb40 [ 309.060475] apparmor_sk_alloc_security+0xe7/0x220 [ 309.065420] security_sk_alloc+0x125/0x1f0 [ 309.069740] sk_prot_alloc+0x269/0x500 [ 309.073646] sk_alloc+0xde/0xb90 [ 309.077084] inet6_create+0x72c/0x1600 [ 309.080982] __sock_create+0x65f/0xf30 [ 309.084884] sock_create_kern+0xf0/0x100 [ 309.088984] inet_ctl_sock_create+0xfd/0x2f0 [ 309.093436] igmp6_net_init+0x8a/0x6c0 [ 309.097370] ops_init+0x52c/0x6c0 [ 309.100843] setup_net+0x290/0xf80 [ 309.104395] copy_net_ns+0x597/0x890 [ 309.108123] create_new_namespaces+0x8d9/0xda0 [ 309.112717] unshare_nsproxy_namespaces+0x25e/0x340 [ 309.117740] ksys_unshare+0x8d3/0x1160 [ 309.121637] __se_sys_unshare+0x41/0x60 [ 309.125621] __x64_sys_unshare+0x32/0x50 [ 309.129696] do_syscall_64+0xbc/0xf0 [ 309.133428] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 309.138621] ================================================================== [ 309.145979] Disabling lock debugging due to kernel taint [ 309.151436] Kernel panic - not syncing: panic_on_warn set ... [ 309.157343] CPU: 1 PID: 10751 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #10 [ 309.166010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.175367] Call Trace: [ 309.177982] dump_stack+0x173/0x1d0 [ 309.181639] panic+0x3d1/0xb01 [ 309.184896] kmsan_report+0x293/0x2a0 [ 309.188729] __msan_warning+0x82/0xf0 [ 309.192566] kvm_clear_dirty_log_protect+0x78b/0xaa0 [ 309.197734] kvm_vm_ioctl_clear_dirty_log+0x143/0x210 [ 309.202950] kvm_vm_ioctl+0xe48/0x2df0 [ 309.206878] ? __msan_poison_alloca+0x1f0/0x2a0 [ 309.211565] ? vcpu_stat_clear_per_vm+0x280/0x280 [ 309.216423] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 309.221633] ? vcpu_stat_clear_per_vm+0x280/0x280 [ 309.226493] do_vfs_ioctl+0xebd/0x2bf0 [ 309.230422] ? security_file_ioctl+0x92/0x200 [ 309.234946] __se_sys_ioctl+0x1da/0x270 [ 309.238953] __x64_sys_ioctl+0x4a/0x70 [ 309.242859] do_syscall_64+0xbc/0xf0 [ 309.246597] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 309.251795] RIP: 0033:0x457f29 [ 309.254997] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 309.273909] RSP: 002b:00007f309e2aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.281653] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 309.288937] RDX: 0000000020000080 RSI: 00000000c018aec0 RDI: 0000000000000004 [ 309.296217] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 309.303492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f309e2af6d4 [ 309.310766] R13: 00000000004ca398 R14: 00000000004d2f70 R15: 00000000ffffffff [ 309.318800] Kernel Offset: disabled [ 309.322425] Rebooting in 86400 seconds..