[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 71.854777] audit: type=1800 audit(1548967598.902:25): pid=9516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 71.873922] audit: type=1800 audit(1548967598.902:26): pid=9516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 71.893331] audit: type=1800 audit(1548967598.902:27): pid=9516 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts. 2019/01/31 20:46:53 fuzzer started 2019/01/31 20:46:58 dialing manager at 10.128.0.26:40849 2019/01/31 20:46:58 syscalls: 1 2019/01/31 20:46:58 code coverage: enabled 2019/01/31 20:46:58 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/31 20:46:58 extra coverage: extra coverage is not supported by the kernel 2019/01/31 20:46:58 setuid sandbox: enabled 2019/01/31 20:46:58 namespace sandbox: enabled 2019/01/31 20:46:58 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/31 20:46:58 fault injection: enabled 2019/01/31 20:46:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/31 20:46:58 net packet injection: enabled 2019/01/31 20:46:58 net device setup: enabled 20:49:11 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb, 0x7e, 0x6, 0x1, 0x1}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x29) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, &(0x7f0000000100), 0x0}, 0x18) syzkaller login: [ 225.471208] IPVS: ftp: loaded support on port[0] = 21 [ 225.605466] chnl_net:caif_netlink_parms(): no params data found [ 225.677800] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.684384] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.692547] device bridge_slave_0 entered promiscuous mode [ 225.701499] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.708075] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.716182] device bridge_slave_1 entered promiscuous mode [ 225.747013] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 225.757798] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.785553] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.793885] team0: Port device team_slave_0 added [ 225.800399] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.808717] team0: Port device team_slave_1 added [ 225.815883] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.824133] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.996651] device hsr_slave_0 entered promiscuous mode [ 226.162319] device hsr_slave_1 entered promiscuous mode [ 226.422951] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 226.430464] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 226.457133] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.463664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.470702] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.477239] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.555798] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 226.562379] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.576030] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 226.589358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.599621] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.608721] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.619401] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 226.637128] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 226.643331] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.657097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 226.665098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.673555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.681648] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.688085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.702454] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 226.715109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 226.724674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.733250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.741290] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.747776] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.755368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 226.774388] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 226.781381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 226.798050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 226.805685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 226.814509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.828515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 226.840951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 226.848695] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 226.856686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 226.865493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.874339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 226.882660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 226.896714] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 226.905954] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 226.917642] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 226.923765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 226.932600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 226.941014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 226.966769] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 226.988073] 8021q: adding VLAN 0 to HW filter on device batadv0 20:49:14 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x0, 0x401) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$usbmon(&(0x7f0000000480)='/dev/usbmon#\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440), 0x4) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, &(0x7f0000000180)="9bea77e53e5f") getresuid(0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x13f, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1000001, 0x13, r4, 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) [ 227.197259] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 227.382074] hrtimer: interrupt took 32921 ns 20:49:14 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f023c123f3188a070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000001900)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001940)={0x38, r2, 0x21, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x1c, 0x17, {0x0, 0x0, @l2={'ib', 0x3a, 'team_slave_0\x02'}}}}}, 0x38}}, 0x0) [ 227.625341] ================================================================== [ 227.632754] BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 [ 227.638206] CPU: 0 PID: 9698 Comm: syz-executor0 Not tainted 5.0.0-rc1+ #9 [ 227.645216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.654576] Call Trace: [ 227.657169] dump_stack+0x173/0x1d0 [ 227.660808] kmsan_report+0x12e/0x2a0 [ 227.664631] __msan_warning+0x82/0xf0 [ 227.668439] strlen+0x3b/0xa0 [ 227.671554] tipc_nl_compat_bearer_enable+0x22a/0x830 [ 227.676774] ? tipc_nl_compat_dumpit+0x820/0x820 [ 227.681531] tipc_nl_compat_doit+0x3aa/0xaf0 [ 227.685939] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 227.691152] tipc_nl_compat_recv+0x14d1/0x2750 [ 227.695759] ? tipc_nl_bearer_disable+0xb0/0xb0 [ 227.700431] ? tipc_nl_compat_dumpit+0x820/0x820 [ 227.705196] ? tipc_netlink_compat_stop+0x40/0x40 [ 227.710036] genl_rcv_msg+0x185f/0x1a60 [ 227.714052] netlink_rcv_skb+0x431/0x620 [ 227.718113] ? genl_unbind+0x390/0x390 [ 227.722012] genl_rcv+0x63/0x80 [ 227.725296] netlink_unicast+0xf3e/0x1020 [ 227.729463] netlink_sendmsg+0x127f/0x1300 [ 227.733727] ___sys_sendmsg+0xdb9/0x11b0 [ 227.737798] ? netlink_getsockopt+0x1460/0x1460 [ 227.742482] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 227.747678] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 227.753045] ? __fget_light+0x6e1/0x750 [ 227.757031] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 227.762231] __se_sys_sendmsg+0x305/0x460 [ 227.766405] __x64_sys_sendmsg+0x4a/0x70 [ 227.770466] do_syscall_64+0xbc/0xf0 [ 227.774193] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 227.779377] RIP: 0033:0x457e39 [ 227.782585] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.801483] RSP: 002b:00007f54c8fa7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 227.809188] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e39 [ 227.816457] RDX: 0000000000000000 RSI: 00000000200019c0 RDI: 0000000000000004 [ 227.823723] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 227.830987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54c8fa86d4 [ 227.838254] R13: 00000000004cb700 R14: 00000000004d8cc0 R15: 00000000ffffffff [ 227.845535] [ 227.847163] Uninit was created at: [ 227.850704] kmsan_internal_poison_shadow+0x92/0x150 [ 227.855806] kmsan_kmalloc+0xa6/0x130 [ 227.859612] kmsan_slab_alloc+0xe/0x10 [ 227.863503] __kmalloc_node_track_caller+0xe9e/0xff0 [ 227.868605] __alloc_skb+0x309/0xa20 [ 227.872315] netlink_sendmsg+0xb82/0x1300 [ 227.876461] ___sys_sendmsg+0xdb9/0x11b0 [ 227.880520] __se_sys_sendmsg+0x305/0x460 [ 227.884665] __x64_sys_sendmsg+0x4a/0x70 [ 227.888724] do_syscall_64+0xbc/0xf0 [ 227.892442] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 227.897625] ================================================================== [ 227.904971] Disabling lock debugging due to kernel taint [ 227.910414] Kernel panic - not syncing: panic_on_warn set ... [ 227.916300] CPU: 0 PID: 9698 Comm: syz-executor0 Tainted: G B 5.0.0-rc1+ #9 [ 227.924692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.934041] Call Trace: [ 227.936639] dump_stack+0x173/0x1d0 [ 227.940271] panic+0x3d1/0xb01 [ 227.943491] kmsan_report+0x293/0x2a0 [ 227.947307] __msan_warning+0x82/0xf0 [ 227.951112] strlen+0x3b/0xa0 [ 227.954226] tipc_nl_compat_bearer_enable+0x22a/0x830 [ 227.959438] ? tipc_nl_compat_dumpit+0x820/0x820 [ 227.964282] tipc_nl_compat_doit+0x3aa/0xaf0 [ 227.968693] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 227.973911] tipc_nl_compat_recv+0x14d1/0x2750 [ 227.978513] ? tipc_nl_bearer_disable+0xb0/0xb0 [ 227.983183] ? tipc_nl_compat_dumpit+0x820/0x820 [ 227.987948] ? tipc_netlink_compat_stop+0x40/0x40 [ 227.992794] genl_rcv_msg+0x185f/0x1a60 [ 227.996813] netlink_rcv_skb+0x431/0x620 [ 228.000878] ? genl_unbind+0x390/0x390 [ 228.004784] genl_rcv+0x63/0x80 [ 228.008067] netlink_unicast+0xf3e/0x1020 [ 228.012233] netlink_sendmsg+0x127f/0x1300 [ 228.016492] ___sys_sendmsg+0xdb9/0x11b0 [ 228.020559] ? netlink_getsockopt+0x1460/0x1460 [ 228.025253] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 228.030447] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 228.035816] ? __fget_light+0x6e1/0x750 [ 228.039811] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 228.045015] __se_sys_sendmsg+0x305/0x460 [ 228.049183] __x64_sys_sendmsg+0x4a/0x70 [ 228.053503] do_syscall_64+0xbc/0xf0 [ 228.057224] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 228.062410] RIP: 0033:0x457e39 [ 228.065613] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 228.084512] RSP: 002b:00007f54c8fa7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 228.092217] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e39 [ 228.099485] RDX: 0000000000000000 RSI: 00000000200019c0 RDI: 0000000000000004 [ 228.106754] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 228.114027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54c8fa86d4 [ 228.121295] R13: 00000000004cb700 R14: 00000000004d8cc0 R15: 00000000ffffffff [ 228.129602] Kernel Offset: disabled [ 228.133224] Rebooting in 86400 seconds..