[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 84.528056][ T31] audit: type=1800 audit(1568060703.571:25): pid=12539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 84.562256][ T31] audit: type=1800 audit(1568060703.591:26): pid=12539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 84.582419][ T31] audit: type=1800 audit(1568060703.601:27): pid=12539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts. 2019/09/09 20:25:19 fuzzer started 2019/09/09 20:25:23 dialing manager at 10.128.0.26:44675 2019/09/09 20:25:23 syscalls: 2376 2019/09/09 20:25:23 code coverage: enabled 2019/09/09 20:25:23 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/09/09 20:25:23 extra coverage: enabled 2019/09/09 20:25:23 setuid sandbox: enabled 2019/09/09 20:25:23 namespace sandbox: enabled 2019/09/09 20:25:23 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/09 20:25:23 fault injection: enabled 2019/09/09 20:25:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/09 20:25:23 net packet injection: enabled 2019/09/09 20:25:23 net device setup: enabled 20:28:03 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000400)="11dca50d5c0bcfe47bf070") unshare(0x0) syzkaller login: [ 264.547790][T12703] IPVS: ftp: loaded support on port[0] = 21 [ 264.687207][T12703] chnl_net:caif_netlink_parms(): no params data found [ 264.741814][T12703] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.749162][T12703] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.758249][T12703] device bridge_slave_0 entered promiscuous mode [ 264.767870][T12703] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.775139][T12703] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.783907][T12703] device bridge_slave_1 entered promiscuous mode [ 264.814838][T12703] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 264.827906][T12703] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 264.860453][T12703] team0: Port device team_slave_0 added [ 264.869686][T12703] team0: Port device team_slave_1 added [ 265.057026][T12703] device hsr_slave_0 entered promiscuous mode [ 265.202971][T12703] device hsr_slave_1 entered promiscuous mode [ 265.414267][T12703] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.421492][T12703] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.429272][T12703] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.436860][T12703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.513473][T12703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.533950][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 265.546442][ T30] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.555724][ T30] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.571147][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 265.592548][T12703] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.615479][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 265.624746][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.631911][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.640553][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 265.649549][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.656756][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.704286][T12703] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 265.715230][T12703] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 265.752751][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 265.762984][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 265.773089][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 265.782614][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 265.804165][T12703] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 265.820267][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 265.830758][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 20:28:05 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) open$dir(&(0x7f0000000000)='./file0/file1\x00', 0x265c0, 0x0) 20:28:05 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000000)={0x0, 0x0, 0x79c4}) write(r0, &(0x7f00000001c0)="fc", 0x1) [ 266.926862][T12717] ================================================================== [ 266.935132][T12717] BUG: KMSAN: uninit-value in capi_write+0x791/0xa90 [ 266.941812][T12717] CPU: 1 PID: 12717 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0 [ 266.949693][T12717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.959747][T12717] Call Trace: [ 266.963137][T12717] dump_stack+0x191/0x1f0 [ 266.967555][T12717] kmsan_report+0x162/0x2d0 [ 266.972067][T12717] __msan_warning+0x75/0xe0 [ 266.976579][T12717] capi_write+0x791/0xa90 [ 266.980939][T12717] ? capi_read+0x720/0x720 [ 266.985413][T12717] __vfs_write+0x1a9/0xcb0 [ 266.989844][T12717] ? rw_verify_area+0x3a5/0x5e0 [ 266.994699][T12717] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 267.000795][T12717] vfs_write+0x481/0x920 [ 267.005057][T12717] ksys_write+0x265/0x430 [ 267.009412][T12717] __se_sys_write+0x92/0xb0 [ 267.013922][T12717] __x64_sys_write+0x4a/0x70 [ 267.018612][T12717] do_syscall_64+0xbc/0xf0 [ 267.023059][T12717] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 267.028954][T12717] RIP: 0033:0x4598e9 [ 267.032850][T12717] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 267.052456][T12717] RSP: 002b:00007f113eb53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 267.060896][T12717] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 267.068873][T12717] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: 0000000000000003 [ 267.076844][T12717] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 267.084816][T12717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f113eb546d4 [ 267.092786][T12717] R13: 00000000004c5e50 R14: 00000000004e0380 R15: 00000000ffffffff [ 267.100771][T12717] [ 267.103091][T12717] Uninit was created at: [ 267.107342][T12717] kmsan_internal_poison_shadow+0x58/0xb0 [ 267.113061][T12717] kmsan_slab_alloc+0xaa/0x120 [ 267.117893][T12717] __kmalloc_node_track_caller+0xb55/0x1320 [ 267.123858][T12717] __alloc_skb+0x306/0xa10 [ 267.128273][T12717] capi_write+0x12f/0xa90 [ 267.132603][T12717] __vfs_write+0x1a9/0xcb0 [ 267.137015][T12717] vfs_write+0x481/0x920 [ 267.141259][T12717] ksys_write+0x265/0x430 [ 267.145584][T12717] __se_sys_write+0x92/0xb0 [ 267.150082][T12717] __x64_sys_write+0x4a/0x70 [ 267.154668][T12717] do_syscall_64+0xbc/0xf0 [ 267.159084][T12717] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 267.164962][T12717] ================================================================== [ 267.173015][T12717] Disabling lock debugging due to kernel taint [ 267.179160][T12717] Kernel panic - not syncing: panic_on_warn set ... [ 267.185768][T12717] CPU: 1 PID: 12717 Comm: syz-executor.0 Tainted: G B 5.3.0-rc7+ #0 [ 267.195039][T12717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 267.205088][T12717] Call Trace: [ 267.208390][T12717] dump_stack+0x191/0x1f0 [ 267.212827][T12717] panic+0x3c9/0xc1e [ 267.216768][T12717] kmsan_report+0x2ca/0x2d0 [ 267.221292][T12717] __msan_warning+0x75/0xe0 [ 267.225803][T12717] capi_write+0x791/0xa90 [ 267.230144][T12717] ? capi_read+0x720/0x720 [ 267.234565][T12717] __vfs_write+0x1a9/0xcb0 [ 267.238993][T12717] ? rw_verify_area+0x3a5/0x5e0 [ 267.243849][T12717] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 267.249833][T12717] vfs_write+0x481/0x920 [ 267.254093][T12717] ksys_write+0x265/0x430 [ 267.258546][T12717] __se_sys_write+0x92/0xb0 [ 267.263053][T12717] __x64_sys_write+0x4a/0x70 [ 267.267645][T12717] do_syscall_64+0xbc/0xf0 [ 267.272063][T12717] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 267.277953][T12717] RIP: 0033:0x4598e9 [ 267.281853][T12717] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 267.301464][T12717] RSP: 002b:00007f113eb53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 267.309882][T12717] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 267.317854][T12717] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: 0000000000000003 [ 267.325828][T12717] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 267.333815][T12717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f113eb546d4 [ 267.341792][T12717] R13: 00000000004c5e50 R14: 00000000004e0380 R15: 00000000ffffffff [ 267.350810][T12717] Kernel Offset: disabled [ 267.355139][T12717] Rebooting in 86400 seconds..