[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 95.932197] audit: type=1800 audit(1551679695.986:25): pid=10310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 95.951345] audit: type=1800 audit(1551679695.996:26): pid=10310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 95.970818] audit: type=1800 audit(1551679696.006:27): pid=10310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.149' (ECDSA) to the list of known hosts. 2019/03/04 06:08:31 fuzzer started 2019/03/04 06:08:38 dialing manager at 10.128.0.26:33709 2019/03/04 06:08:38 syscalls: 1 2019/03/04 06:08:38 code coverage: enabled 2019/03/04 06:08:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/04 06:08:38 extra coverage: extra coverage is not supported by the kernel 2019/03/04 06:08:38 setuid sandbox: enabled 2019/03/04 06:08:38 namespace sandbox: enabled 2019/03/04 06:08:38 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/04 06:08:38 fault injection: enabled 2019/03/04 06:08:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/04 06:08:38 net packet injection: enabled 2019/03/04 06:08:38 net device setup: enabled 06:12:00 executing program 0: ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f00000006c0)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], {0x77359400}}) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) syzkaller login: [ 321.692438] IPVS: ftp: loaded support on port[0] = 21 [ 321.867663] chnl_net:caif_netlink_parms(): no params data found [ 321.953629] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.960334] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.969703] device bridge_slave_0 entered promiscuous mode [ 321.979548] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.986546] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.995391] device bridge_slave_1 entered promiscuous mode [ 322.037142] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 322.049004] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 322.082136] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 322.091063] team0: Port device team_slave_0 added [ 322.097836] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 322.107264] team0: Port device team_slave_1 added [ 322.113654] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 322.122512] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 322.218000] device hsr_slave_0 entered promiscuous mode [ 322.302601] device hsr_slave_1 entered promiscuous mode [ 322.433983] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 322.441876] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 322.476064] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.482753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.490137] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.496889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.598088] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 322.604975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.618753] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 322.633370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 322.645503] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.656255] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.669644] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 322.688821] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 322.695113] 8021q: adding VLAN 0 to HW filter on device team0 [ 322.713934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 322.722877] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.729383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.768073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 322.776886] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.783504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.831352] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 322.841399] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 322.853834] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 322.868013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 322.877939] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 322.887069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 322.896363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 322.908361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 322.917129] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 322.943263] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 322.970820] 8021q: adding VLAN 0 to HW filter on device batadv0 06:12:03 executing program 0: pipe(&(0x7f0000000240)) socket$kcm(0x11, 0x3, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200)='/dev/uinput\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200), 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) 06:12:03 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000001140)='/dev/ion\x00', 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x10000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'teql0\x00', 0x0}) sendmsg$xdp(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x2c, 0x2, r2, 0x2b}, 0x10, &(0x7f0000000140)=[{&(0x7f00000001c0)="8d441f9c9bcf158a00a22f30e13b599ef4be7c9f2fa933f609e9ffc11ed642c47e97f5eae6f9d1628fac18f243214b275f8db849224e1a36f86e1ff5267514234abefdd165bb7a0a995d62f571ae925c6e42d9f7d88f0589f3c8ef1e9d85172e9df3fa98ced6601e695c37ac0d", 0x6d}], 0x1, 0x0, 0x0, 0x8001}, 0x800) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000100)={0x80033d, 0x20000000209, 0x0, 0xffffffffffffffff}) r4 = dup2(r0, r3) ioctl$ION_IOC_ALLOC(r4, 0xc0184900, &(0x7f0000000000)={0x9cf0000008, 0x9}) ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f00000002c0)={0x401, 0x0, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "53f14990"}, 0x0, 0x0, @offset, 0x4}) write$P9_RREAD(0xffffffffffffffff, 0x0, 0x0) 06:12:03 executing program 0: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)="c109000000002c01a0001fe4ac141417e0", 0x11}], 0x1}, 0x0) [ 323.796868] ================================================================== [ 323.804410] BUG: KMSAN: uninit-value in _raw_spin_lock_bh+0xea/0x130 [ 323.810961] CPU: 0 PID: 10495 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 323.818162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.827537] Call Trace: [ 323.830222] dump_stack+0x173/0x1d0 [ 323.833908] kmsan_report+0x12e/0x2a0 [ 323.837766] __msan_warning+0x82/0xf0 [ 323.841605] _raw_spin_lock_bh+0xea/0x130 [ 323.845817] inet_frag_find+0x1223/0x24a0 [ 323.850032] ? ip4_obj_hashfn+0x430/0x430 [ 323.854231] ? ip_expire+0xbd0/0xbd0 [ 323.857962] ? ip4_key_hashfn+0x420/0x420 [ 323.862123] ? ip_expire+0xbd0/0xbd0 [ 323.866032] ? ip4_key_hashfn+0x420/0x420 [ 323.870203] ? ip_expire+0xbd0/0xbd0 [ 323.873935] ? ip4_key_hashfn+0x420/0x420 [ 323.878108] ? ip4_obj_hashfn+0x430/0x430 [ 323.882288] ip_defrag+0x47c/0x6310 [ 323.886033] ? __x64_sys_sendmsg+0x4a/0x70 [ 323.890297] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 323.895704] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 323.900935] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 323.906415] ipv4_conntrack_defrag+0x673/0x7d0 [ 323.911047] ? defrag4_net_exit+0xe0/0xe0 [ 323.915265] nf_hook_slow+0x176/0x3d0 [ 323.919113] __ip_local_out+0x6dc/0x800 [ 323.923127] ? __ip_local_out+0x800/0x800 [ 323.927301] ip_local_out+0xa4/0x1d0 [ 323.931056] iptunnel_xmit+0x8a7/0xde0 [ 323.935013] ip_tunnel_xmit+0x35b9/0x3980 [ 323.939253] ipgre_xmit+0x1098/0x11c0 [ 323.943093] ? ipgre_close+0x230/0x230 [ 323.947057] dev_hard_start_xmit+0x604/0xc40 [ 323.951531] __dev_queue_xmit+0x2e48/0x3b80 [ 323.957473] dev_queue_xmit+0x4b/0x60 [ 323.961303] ? __netdev_pick_tx+0x1260/0x1260 [ 323.965907] packet_sendmsg+0x79bb/0x9760 [ 323.970113] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 323.975612] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 323.980838] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 323.986316] ___sys_sendmsg+0xdb9/0x11b0 [ 323.990423] ? compat_packet_setsockopt+0x360/0x360 [ 323.995482] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 324.000701] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 324.006092] ? __fget_light+0x6e1/0x750 [ 324.010120] __se_sys_sendmsg+0x305/0x460 [ 324.014328] __x64_sys_sendmsg+0x4a/0x70 [ 324.018425] do_syscall_64+0xbc/0xf0 [ 324.022172] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 324.027378] RIP: 0033:0x457e29 [ 324.030587] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 324.049516] RSP: 002b:00007f2ec1a94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 324.057250] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 324.064545] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 324.071829] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 324.079114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2ec1a956d4 [ 324.086430] R13: 00000000004c5461 R14: 00000000004d9308 R15: 00000000ffffffff [ 324.093741] [ 324.095382] Uninit was created at: [ 324.098924] No stack [ 324.101250] ================================================================== [ 324.108625] Disabling lock debugging due to kernel taint [ 324.114098] Kernel panic - not syncing: panic_on_warn set ... [ 324.120184] CPU: 0 PID: 10495 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 324.128765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.138142] Call Trace: [ 324.140784] dump_stack+0x173/0x1d0 [ 324.144445] panic+0x3d1/0xb01 [ 324.147729] kmsan_report+0x293/0x2a0 [ 324.151560] __msan_warning+0x82/0xf0 [ 324.155390] _raw_spin_lock_bh+0xea/0x130 [ 324.159569] inet_frag_find+0x1223/0x24a0 [ 324.163756] ? ip4_obj_hashfn+0x430/0x430 [ 324.167967] ? ip_expire+0xbd0/0xbd0 [ 324.171700] ? ip4_key_hashfn+0x420/0x420 [ 324.175873] ? ip_expire+0xbd0/0xbd0 [ 324.179628] ? ip4_key_hashfn+0x420/0x420 [ 324.183813] ? ip_expire+0xbd0/0xbd0 [ 324.187545] ? ip4_key_hashfn+0x420/0x420 [ 324.191716] ? ip4_obj_hashfn+0x430/0x430 [ 324.195918] ip_defrag+0x47c/0x6310 [ 324.199567] ? __x64_sys_sendmsg+0x4a/0x70 [ 324.203834] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 324.209251] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 324.214469] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 324.219908] ipv4_conntrack_defrag+0x673/0x7d0 [ 324.224535] ? defrag4_net_exit+0xe0/0xe0 [ 324.228700] nf_hook_slow+0x176/0x3d0 [ 324.232562] __ip_local_out+0x6dc/0x800 [ 324.236580] ? __ip_local_out+0x800/0x800 [ 324.240758] ip_local_out+0xa4/0x1d0 [ 324.244513] iptunnel_xmit+0x8a7/0xde0 [ 324.248461] ip_tunnel_xmit+0x35b9/0x3980 [ 324.252695] ipgre_xmit+0x1098/0x11c0 [ 324.256539] ? ipgre_close+0x230/0x230 [ 324.260462] dev_hard_start_xmit+0x604/0xc40 [ 324.264934] __dev_queue_xmit+0x2e48/0x3b80 [ 324.269329] dev_queue_xmit+0x4b/0x60 [ 324.273149] ? __netdev_pick_tx+0x1260/0x1260 [ 324.277675] packet_sendmsg+0x79bb/0x9760 [ 324.281870] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 324.287355] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 324.292576] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 324.298032] ___sys_sendmsg+0xdb9/0x11b0 [ 324.302131] ? compat_packet_setsockopt+0x360/0x360 [ 324.307184] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 324.312397] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 324.317787] ? __fget_light+0x6e1/0x750 [ 324.321838] __se_sys_sendmsg+0x305/0x460 [ 324.326043] __x64_sys_sendmsg+0x4a/0x70 [ 324.330128] do_syscall_64+0xbc/0xf0 [ 324.333867] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 324.339074] RIP: 0033:0x457e29 [ 324.342279] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 324.361210] RSP: 002b:00007f2ec1a94c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 324.368944] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 324.376230] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 324.383514] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 324.390803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2ec1a956d4 [ 324.398086] R13: 00000000004c5461 R14: 00000000004d9308 R15: 00000000ffffffff [ 324.406493] Kernel Offset: disabled [ 324.410147] Rebooting in 86400 seconds..