[?25l[?1c7[ ok 8[?25h[?0c. [ 98.469844] audit: type=1800 audit(1552021225.511:25): pid=11076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 98.490103] audit: type=1800 audit(1552021225.521:26): pid=11076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 98.509611] audit: type=1800 audit(1552021225.541:27): pid=11076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. 2019/03/08 05:00:38 fuzzer started 2019/03/08 05:00:44 dialing manager at 10.128.0.26:43311 2019/03/08 05:00:44 syscalls: 1 2019/03/08 05:00:44 code coverage: enabled 2019/03/08 05:00:44 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/08 05:00:44 extra coverage: extra coverage is not supported by the kernel 2019/03/08 05:00:44 setuid sandbox: enabled 2019/03/08 05:00:44 namespace sandbox: enabled 2019/03/08 05:00:44 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/08 05:00:44 fault injection: enabled 2019/03/08 05:00:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/08 05:00:44 net packet injection: enabled 2019/03/08 05:00:44 net device setup: enabled 05:03:32 executing program 0: ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) r2 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x4000082) write$binfmt_elf64(r2, &(0x7f0000004000)=ANY=[@ANYRESHEX, @ANYRESOCT=0x0], 0x29) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f00000001c0), 0xa198) setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000000c0), 0x4) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000006cc0)='team\x00') getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000240)={{{@in=@multicast1, @in6=@remote}}, {{@in=@initdev}, 0x0, @in=@empty}}, &(0x7f0000000180)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, 0x0, &(0x7f0000000200)) accept4$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14, 0x0) getsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f0000006880)={@remote, @local}, &(0x7f00000068c0)=0xc) getpeername$packet(r2, &(0x7f0000008e00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000008e40)=0x14) syzkaller login: [ 286.221892] IPVS: ftp: loaded support on port[0] = 21 [ 286.378497] chnl_net:caif_netlink_parms(): no params data found [ 286.449268] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.456006] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.464446] device bridge_slave_0 entered promiscuous mode [ 286.473594] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.480107] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.488530] device bridge_slave_1 entered promiscuous mode [ 286.523630] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 286.535180] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 286.570159] team0: Port device team_slave_0 added [ 286.579884] team0: Port device team_slave_1 added [ 286.758602] device hsr_slave_0 entered promiscuous mode [ 286.923303] device hsr_slave_1 entered promiscuous mode [ 287.109946] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.116613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.123905] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.130445] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.233049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.256162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 287.267266] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.277129] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.288369] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 287.310025] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.328713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 287.337585] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.344209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.397381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 287.405913] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.412476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.422349] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 287.431669] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 287.458765] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 287.468682] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 287.502572] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 287.511169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 287.519927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.528842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 287.537426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.548675] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 287.572121] 8021q: adding VLAN 0 to HW filter on device batadv0 05:03:35 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000200)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x800000c0045006, &(0x7f0000000000)=0x80) read(r0, &(0x7f00000000c0)=""/241, 0xf1) 05:03:35 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000200)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x800000c0045006, &(0x7f0000000000)=0x80) read(r0, &(0x7f00000000c0)=""/241, 0xf1) [ 288.633108] ================================================================== [ 288.640618] BUG: KMSAN: uninit-value in linear_transfer+0xa1b/0xc50 [ 288.647080] CPU: 1 PID: 11255 Comm: syz-executor.0 Not tainted 5.0.0+ #11 [ 288.654034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.663411] Call Trace: [ 288.666129] dump_stack+0x173/0x1d0 [ 288.669838] kmsan_report+0x12e/0x2a0 [ 288.673675] __msan_warning+0x82/0xf0 [ 288.677507] linear_transfer+0xa1b/0xc50 [ 288.681629] ? snd_pcm_plugin_build_linear+0xc00/0xc00 [ 288.686925] snd_pcm_plug_read_transfer+0x3bf/0x590 [ 288.692021] snd_pcm_oss_read+0xa4a/0x1960 [ 288.696338] ? snd_pcm_oss_unregister_minor+0x4b0/0x4b0 [ 288.701723] __vfs_read+0x1e5/0xbf0 [ 288.705393] ? security_file_permission+0x521/0x660 [ 288.710457] ? rw_verify_area+0x35e/0x580 [ 288.714637] vfs_read+0x359/0x6f0 [ 288.718148] __se_sys_read+0x17a/0x370 [ 288.722092] __x64_sys_read+0x4a/0x70 [ 288.725916] do_syscall_64+0xbc/0xf0 [ 288.729709] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.734914] RIP: 0033:0x457f29 [ 288.738142] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 288.757056] RSP: 002b:00007ff8f1e64c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 288.764782] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 288.772063] RDX: 00000000000000f1 RSI: 00000000200000c0 RDI: 0000000000000003 [ 288.779341] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 288.786645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff8f1e656d4 [ 288.793925] R13: 00000000004c3a63 R14: 00000000004d8550 R15: 00000000ffffffff [ 288.801230] [ 288.802857] Uninit was created at: [ 288.806394] No stack [ 288.808740] ================================================================== [ 288.816110] Disabling lock debugging due to kernel taint [ 288.821575] Kernel panic - not syncing: panic_on_warn set ... [ 288.827472] CPU: 1 PID: 11255 Comm: syz-executor.0 Tainted: G B 5.0.0+ #11 [ 288.835813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.845175] Call Trace: [ 288.847819] dump_stack+0x173/0x1d0 [ 288.851475] panic+0x3d1/0xb01 [ 288.854783] kmsan_report+0x293/0x2a0 [ 288.858611] __msan_warning+0x82/0xf0 [ 288.862454] linear_transfer+0xa1b/0xc50 [ 288.866575] ? snd_pcm_plugin_build_linear+0xc00/0xc00 [ 288.871872] snd_pcm_plug_read_transfer+0x3bf/0x590 [ 288.876945] snd_pcm_oss_read+0xa4a/0x1960 [ 288.881239] ? snd_pcm_oss_unregister_minor+0x4b0/0x4b0 [ 288.886640] __vfs_read+0x1e5/0xbf0 [ 288.890289] ? security_file_permission+0x521/0x660 [ 288.895340] ? rw_verify_area+0x35e/0x580 [ 288.899522] vfs_read+0x359/0x6f0 [ 288.903033] __se_sys_read+0x17a/0x370 [ 288.906971] __x64_sys_read+0x4a/0x70 [ 288.910822] do_syscall_64+0xbc/0xf0 [ 288.914590] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.919823] RIP: 0033:0x457f29 [ 288.923035] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 288.941960] RSP: 002b:00007ff8f1e64c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 288.949697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 288.956976] RDX: 00000000000000f1 RSI: 00000000200000c0 RDI: 0000000000000003 [ 288.964278] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 288.971553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff8f1e656d4 [ 288.978836] R13: 00000000004c3a63 R14: 00000000004d8550 R15: 00000000ffffffff [ 288.986927] Kernel Offset: disabled [ 288.990557] Rebooting in 86400 seconds..