[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 101.203826] audit: type=1800 audit(1551637591.252:25): pid=11086 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 101.222966] audit: type=1800 audit(1551637591.252:26): pid=11086 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 101.242425] audit: type=1800 audit(1551637591.272:27): pid=11086 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. 2019/03/03 18:26:47 fuzzer started 2019/03/03 18:26:53 dialing manager at 10.128.0.26:33709 2019/03/03 18:26:53 syscalls: 1 2019/03/03 18:26:53 code coverage: enabled 2019/03/03 18:26:53 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/03 18:26:53 extra coverage: extra coverage is not supported by the kernel 2019/03/03 18:26:53 setuid sandbox: enabled 2019/03/03 18:26:53 namespace sandbox: enabled 2019/03/03 18:26:53 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/03 18:26:53 fault injection: enabled 2019/03/03 18:26:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/03 18:26:53 net packet injection: enabled 2019/03/03 18:26:53 net device setup: enabled 18:30:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c000000350025080000000000000000020000001800000014000100ffffff9cb80000000000000f889fd5bf3dfb00ece30000000001c5467740fdc610aa1d38f3e83d29470e207e78fdf5d000a669f777f58b25e4321f7c0588dcef32cc547cac4b0f18835e00c7"], 0x1}}, 0x0) syzkaller login: [ 323.620579] IPVS: ftp: loaded support on port[0] = 21 [ 323.795168] chnl_net:caif_netlink_parms(): no params data found [ 323.884761] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.891317] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.900229] device bridge_slave_0 entered promiscuous mode [ 323.910407] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.917001] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.925633] device bridge_slave_1 entered promiscuous mode [ 323.962402] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 323.974128] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 324.010605] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 324.019556] team0: Port device team_slave_0 added [ 324.027136] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 324.036398] team0: Port device team_slave_1 added [ 324.043690] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 324.052487] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 324.237618] device hsr_slave_0 entered promiscuous mode [ 324.403026] device hsr_slave_1 entered promiscuous mode [ 324.663851] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 324.671841] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 324.704966] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.711556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 324.718873] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.725502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.815510] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.825128] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.856001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 324.870640] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 324.884166] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 324.891033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 324.900046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 324.916844] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 324.923836] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.939861] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 324.947728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 324.958267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 324.967028] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.973588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.998060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 325.005997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 325.016299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 325.024767] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.031271] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.047489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 325.060094] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 325.069176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 325.078796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 325.099036] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 325.107009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 325.116386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 325.126224] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 325.144239] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 325.153046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 325.164784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 325.184383] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 325.193599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 325.202347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 325.218536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 325.226345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 325.235217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 325.253191] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 325.259275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 325.293531] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 325.315777] 8021q: adding VLAN 0 to HW filter on device batadv0 18:30:15 executing program 0: r0 = socket$inet(0x2, 0x10000000803, 0x3) setsockopt$inet_mreqn(r0, 0x0, 0x80000000027, &(0x7f0000000040)={@multicast2, @local}, 0xc) 18:30:15 executing program 0: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) mbind(&(0x7f0000f06000/0x4000)=nil, 0x4000, 0x4001, &(0x7f0000000000)=0x3, 0x4, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00900, 0x1, 0x0, 0x0, 0x0) [ 325.673613] mmap: syz-executor.0 (11264) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 18:30:15 executing program 0: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000140)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="3400070002000100000000000000000000000000000025000000000000000000200000000000000000000000"], 0x2c) sendfile(r0, r0, &(0x7f0000000080), 0xffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x240, &(0x7f0000000000)=[{}]}, 0x10) [ 325.993504] ================================================================== [ 326.000949] BUG: KMSAN: uninit-value in bpf_convert_filter+0x2a33/0x5c50 [ 326.007815] CPU: 1 PID: 11269 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 326.015021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.024389] Call Trace: [ 326.027035] dump_stack+0x173/0x1d0 [ 326.030952] kmsan_report+0x12e/0x2a0 [ 326.034799] __msan_warning+0x82/0xf0 [ 326.038638] bpf_convert_filter+0x2a33/0x5c50 [ 326.043277] bpf_prepare_filter+0x15e4/0x1c90 [ 326.047833] __get_filter+0x4f8/0x730 [ 326.051678] sk_attach_filter+0x72/0x2e0 [ 326.055786] sock_setsockopt+0x396f/0x4bb0 [ 326.060096] __sys_setsockopt+0x336/0x540 [ 326.064315] __se_sys_setsockopt+0xdd/0x100 [ 326.069205] __x64_sys_setsockopt+0x62/0x80 [ 326.073558] do_syscall_64+0xbc/0xf0 [ 326.077309] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 326.082514] RIP: 0033:0x457e29 [ 326.085731] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 326.104670] RSP: 002b:00007f7185c2cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 326.112396] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 326.119687] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000005 [ 326.126968] RBP: 000000000073bfa0 R08: 0000000000000010 R09: 0000000000000000 [ 326.134251] R10: 000000002002eff0 R11: 0000000000000246 R12: 00007f7185c2d6d4 [ 326.141534] R13: 00000000004c584f R14: 00000000004d9a88 R15: 00000000ffffffff [ 326.148841] [ 326.150479] Uninit was created at: [ 326.154025] No stack [ 326.156354] ================================================================== [ 326.163717] Disabling lock debugging due to kernel taint [ 326.169176] Kernel panic - not syncing: panic_on_warn set ... [ 326.175080] CPU: 1 PID: 11269 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 326.183665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.193028] Call Trace: [ 326.195649] dump_stack+0x173/0x1d0 [ 326.199330] panic+0x3d1/0xb01 [ 326.202601] kmsan_report+0x293/0x2a0 [ 326.206445] __msan_warning+0x82/0xf0 [ 326.210288] bpf_convert_filter+0x2a33/0x5c50 [ 326.214954] bpf_prepare_filter+0x15e4/0x1c90 [ 326.219514] __get_filter+0x4f8/0x730 [ 326.223358] sk_attach_filter+0x72/0x2e0 [ 326.227464] sock_setsockopt+0x396f/0x4bb0 [ 326.231763] __sys_setsockopt+0x336/0x540 [ 326.235967] __se_sys_setsockopt+0xdd/0x100 [ 326.240332] __x64_sys_setsockopt+0x62/0x80 [ 326.244677] do_syscall_64+0xbc/0xf0 [ 326.248443] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 326.253649] RIP: 0033:0x457e29 [ 326.256861] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 326.275785] RSP: 002b:00007f7185c2cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 326.283513] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 326.290794] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000005 [ 326.298080] RBP: 000000000073bfa0 R08: 0000000000000010 R09: 0000000000000000 [ 326.305389] R10: 000000002002eff0 R11: 0000000000000246 R12: 00007f7185c2d6d4 [ 326.312690] R13: 00000000004c584f R14: 00000000004d9a88 R15: 00000000ffffffff [ 326.320899] Kernel Offset: disabled [ 326.324538] Rebooting in 86400 seconds..