[ 78.607921] audit: type=1800 audit(1554571335.657:25): pid=9977 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 78.630860] audit: type=1800 audit(1554571335.677:26): pid=9977 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 78.666006] audit: type=1800 audit(1554571335.707:27): pid=9977 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 79.771114] sshd (10045) used greatest stack depth: 54128 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 82.188272] sshd (10113) used greatest stack depth: 53616 bytes left Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts. 2019/04/06 17:23:00 parsed 1 programs 2019/04/06 17:23:06 executed programs: 0 [ 129.864368] IPVS: ftp: loaded support on port[0] = 21 [ 129.938810] chnl_net:caif_netlink_parms(): no params data found [ 129.976473] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.983152] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.990484] device bridge_slave_0 entered promiscuous mode [ 129.998231] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.004827] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.012702] device bridge_slave_1 entered promiscuous mode [ 130.032391] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 130.042402] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.062617] team0: Port device team_slave_0 added [ 130.069349] team0: Port device team_slave_1 added [ 130.124597] device hsr_slave_0 entered promiscuous mode [ 130.162323] device hsr_slave_1 entered promiscuous mode [ 130.231564] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.238072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.245177] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.251654] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.290582] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.305588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.314702] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.323507] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.331403] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 130.344169] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.355087] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.363131] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.369547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.380784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 130.388890] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.395440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.424044] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.434309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 130.442802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 130.450898] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 130.462989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 130.473323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 130.494943] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/04/06 17:23:11 executed programs: 122 2019/04/06 17:23:16 executed programs: 272 [ 140.358781] ================================================================== [ 140.366212] BUG: KMSAN: uninit-value in __list_add_valid+0x292/0x430 [ 140.372717] CPU: 1 PID: 11916 Comm: syz-executor.0 Not tainted 5.1.0-rc2+ #24 [ 140.379976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.389316] Call Trace: [ 140.391898] dump_stack+0x173/0x1d0 [ 140.395517] kmsan_report+0x131/0x2a0 [ 140.399310] __msan_warning+0x7a/0xf0 [ 140.403124] __list_add_valid+0x292/0x430 [ 140.407280] rdma_listen+0x624/0x10b0 [ 140.411096] ucma_listen+0x4fa/0x630 [ 140.414809] ? ucma_connect+0xb10/0xb10 [ 140.418773] ucma_write+0x5c7/0x640 [ 140.422396] ? free_per_mm+0x50/0x50 [ 140.426128] __vfs_write+0x1ed/0xc30 [ 140.429846] ? rw_verify_area+0x35e/0x580 [ 140.433981] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 140.439168] vfs_write+0x481/0x920 [ 140.442792] __se_sys_write+0x17a/0x370 [ 140.446759] __x64_sys_write+0x4a/0x70 [ 140.450635] do_syscall_64+0xbc/0xf0 [ 140.454340] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 140.459515] RIP: 0033:0x4582b9 [ 140.462807] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 140.481697] RSP: 002b:00007fd5f7f3ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 140.489395] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 140.496651] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003 [ 140.503904] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 140.511158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5f7f3b6d4 [ 140.518412] R13: 00000000004c7862 R14: 00000000004dd820 R15: 00000000ffffffff [ 140.525674] [ 140.527285] Uninit was created at: [ 140.530818] kmsan_internal_poison_shadow+0x92/0x150 [ 140.535905] kmsan_kmalloc+0xa9/0x130 [ 140.539693] kmsan_slab_alloc+0xe/0x10 [ 140.543567] __kmalloc_node_track_caller+0xead/0x1000 [ 140.548739] __alloc_skb+0x309/0xa20 [ 140.552441] netlink_sendmsg+0xb82/0x1300 [ 140.556573] ___sys_sendmsg+0xdb3/0x1220 [ 140.560627] __se_sys_sendmsg+0x305/0x460 [ 140.564780] __x64_sys_sendmsg+0x4a/0x70 [ 140.568824] do_syscall_64+0xbc/0xf0 [ 140.572521] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 140.577702] ================================================================== [ 140.585047] Disabling lock debugging due to kernel taint [ 140.590478] Kernel panic - not syncing: panic_on_warn set ... [ 140.596351] CPU: 1 PID: 11916 Comm: syz-executor.0 Tainted: G B 5.1.0-rc2+ #24 [ 140.604992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.614329] Call Trace: [ 140.616910] dump_stack+0x173/0x1d0 [ 140.620525] panic+0x3d1/0xb01 [ 140.623726] kmsan_report+0x29a/0x2a0 [ 140.627528] __msan_warning+0x7a/0xf0 [ 140.631320] __list_add_valid+0x292/0x430 [ 140.635477] rdma_listen+0x624/0x10b0 [ 140.639281] ucma_listen+0x4fa/0x630 [ 140.642983] ? ucma_connect+0xb10/0xb10 [ 140.646940] ucma_write+0x5c7/0x640 [ 140.650559] ? free_per_mm+0x50/0x50 [ 140.654271] __vfs_write+0x1ed/0xc30 [ 140.658083] ? rw_verify_area+0x35e/0x580 [ 140.662229] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 140.667412] vfs_write+0x481/0x920 [ 140.670945] __se_sys_write+0x17a/0x370 [ 140.674912] __x64_sys_write+0x4a/0x70 [ 140.678790] do_syscall_64+0xbc/0xf0 [ 140.682492] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 140.687679] RIP: 0033:0x4582b9 [ 140.690870] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 140.709783] RSP: 002b:00007fd5f7f3ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 140.717475] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 140.724731] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003 [ 140.731986] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 140.739248] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5f7f3b6d4 [ 140.746518] R13: 00000000004c7862 R14: 00000000004dd820 R15: 00000000ffffffff [ 140.754681] Kernel Offset: disabled [ 140.758326] Rebooting in 86400 seconds..