[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 109.561897][ T31] audit: type=1800 audit(1563769079.613:25): pid=13106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 109.593523][ T31] audit: type=1800 audit(1563769079.643:26): pid=13106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 109.613849][ T31] audit: type=1800 audit(1563769079.653:27): pid=13106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.113' (ECDSA) to the list of known hosts. 2019/07/22 04:18:16 fuzzer started 2019/07/22 04:18:21 dialing manager at 10.128.0.26:38869 2019/07/22 04:18:22 syscalls: 2350 2019/07/22 04:18:22 code coverage: enabled 2019/07/22 04:18:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/07/22 04:18:22 extra coverage: enabled 2019/07/22 04:18:22 setuid sandbox: enabled 2019/07/22 04:18:22 namespace sandbox: enabled 2019/07/22 04:18:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/22 04:18:22 fault injection: enabled 2019/07/22 04:18:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/22 04:18:22 net packet injection: enabled 2019/07/22 04:18:22 net device setup: enabled 04:21:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x18, 0x2f, 0x305, 0x0, 0x0, {0x5, 0x1000000}, [@nested={0x4, 0x3}]}, 0x18}, 0x1, 0xffffff7f0e000000}, 0x0) syzkaller login: [ 329.186204][T13272] IPVS: ftp: loaded support on port[0] = 21 [ 329.363866][T13272] chnl_net:caif_netlink_parms(): no params data found [ 329.442247][T13272] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.449527][T13272] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.458669][T13272] device bridge_slave_0 entered promiscuous mode [ 329.471291][T13272] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.478688][T13272] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.487812][T13272] device bridge_slave_1 entered promiscuous mode [ 329.525916][T13272] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 329.538824][T13272] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 329.578061][T13272] team0: Port device team_slave_0 added [ 329.588817][T13272] team0: Port device team_slave_1 added [ 329.668428][T13272] device hsr_slave_0 entered promiscuous mode [ 329.703470][T13272] device hsr_slave_1 entered promiscuous mode [ 329.991021][T13272] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.998687][T13272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.006780][T13272] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.014102][T13272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.123483][T13272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 330.149710][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 330.163533][ T3358] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.176253][ T3358] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.190675][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 330.213182][T13272] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.236958][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 330.246779][ T3358] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.254094][ T3358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.323784][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 330.333361][ T3358] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.340589][ T3358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.352628][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 330.363747][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 330.373894][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 330.383459][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 330.395064][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 330.468614][T13272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.599280][T13281] ================================================================== [ 330.607588][T13281] BUG: KMSAN: uninit-value in batadv_netlink_dump_hardif+0x70d/0x880 [ 330.615682][T13281] CPU: 0 PID: 13281 Comm: syz-executor.0 Not tainted 5.2.0+ #15 [ 330.623326][T13281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.633487][T13281] Call Trace: [ 330.636902][T13281] dump_stack+0x191/0x1f0 [ 330.641284][T13281] kmsan_report+0x162/0x2d0 [ 330.645817][T13281] __msan_warning+0x75/0xe0 [ 330.650348][T13281] batadv_netlink_dump_hardif+0x70d/0x880 [ 330.656475][T13281] ? batadv_netlink_get_hardif+0x3a0/0x3a0 [ 330.662395][T13281] genl_lock_dumpit+0xc6/0x130 [ 330.667193][T13281] ? genl_lock_start+0x180/0x180 [ 330.672259][T13281] netlink_dump+0xa84/0x1ab0 [ 330.676887][T13281] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 330.683026][T13281] __netlink_dump_start+0xa3a/0xb30 [ 330.688317][T13281] genl_rcv_msg+0x1d9e/0x1f20 [ 330.693675][T13281] ? genl_rcv_msg+0x1f20/0x1f20 [ 330.698548][T13281] ? genl_lock_start+0x180/0x180 [ 330.703608][T13281] ? genl_lock_dumpit+0x130/0x130 [ 330.708672][T13281] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 330.714613][T13281] netlink_rcv_skb+0x431/0x620 [ 330.719402][T13281] ? genl_unbind+0x390/0x390 [ 330.724044][T13281] genl_rcv+0x63/0x80 [ 330.728068][T13281] netlink_unicast+0xf3e/0x1020 [ 330.732982][T13281] netlink_sendmsg+0x127e/0x12f0 [ 330.738006][T13281] ? netlink_getsockopt+0x1430/0x1430 [ 330.743591][T13281] ___sys_sendmsg+0x12ff/0x13c0 [ 330.748529][T13281] ? __fget_light+0x6b1/0x710 [ 330.753302][T13281] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 330.759345][T13281] __se_sys_sendmsg+0x305/0x460 [ 330.764293][T13281] __x64_sys_sendmsg+0x4a/0x70 [ 330.769088][T13281] do_syscall_64+0xbc/0xf0 [ 330.773692][T13281] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 330.779607][T13281] RIP: 0033:0x459819 [ 330.783524][T13281] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 330.803252][T13281] RSP: 002b:00007ff57f72fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 330.811715][T13281] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 330.819726][T13281] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 330.827725][T13281] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 330.835727][T13281] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff57f7306d4 [ 330.843717][T13281] R13: 00000000004c75ab R14: 00000000004dcb38 R15: 00000000ffffffff [ 330.851731][T13281] [ 330.854072][T13281] Uninit was created at: [ 330.858340][T13281] kmsan_internal_poison_shadow+0x53/0xa0 [ 330.864094][T13281] kmsan_slab_alloc+0xaa/0x120 [ 330.868888][T13281] __kmalloc_node_track_caller+0xc8f/0xf10 [ 330.874789][T13281] __alloc_skb+0x306/0xa10 [ 330.879320][T13281] netlink_sendmsg+0xb81/0x12f0 [ 330.884197][T13281] ___sys_sendmsg+0x12ff/0x13c0 [ 330.889098][T13281] __se_sys_sendmsg+0x305/0x460 [ 330.893989][T13281] __x64_sys_sendmsg+0x4a/0x70 [ 330.898873][T13281] do_syscall_64+0xbc/0xf0 [ 330.903316][T13281] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 330.909218][T13281] ================================================================== [ 330.917293][T13281] Disabling lock debugging due to kernel taint [ 330.923463][T13281] Kernel panic - not syncing: panic_on_warn set ... [ 330.930088][T13281] CPU: 0 PID: 13281 Comm: syz-executor.0 Tainted: G B 5.2.0+ #15 [ 330.939153][T13281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.949321][T13281] Call Trace: [ 330.952673][T13281] dump_stack+0x191/0x1f0 [ 330.957062][T13281] panic+0x3c9/0xc1e [ 330.961052][T13281] kmsan_report+0x2ca/0x2d0 [ 330.965599][T13281] __msan_warning+0x75/0xe0 [ 330.970165][T13281] batadv_netlink_dump_hardif+0x70d/0x880 [ 330.975956][T13281] ? batadv_netlink_get_hardif+0x3a0/0x3a0 [ 330.981893][T13281] genl_lock_dumpit+0xc6/0x130 [ 330.986714][T13281] ? genl_lock_start+0x180/0x180 [ 330.991687][T13281] netlink_dump+0xa84/0x1ab0 [ 330.996321][T13281] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 331.002455][T13281] __netlink_dump_start+0xa3a/0xb30 [ 331.007847][T13281] genl_rcv_msg+0x1d9e/0x1f20 [ 331.012594][T13281] ? genl_rcv_msg+0x1f20/0x1f20 [ 331.017475][T13281] ? genl_lock_start+0x180/0x180 [ 331.022441][T13281] ? genl_lock_dumpit+0x130/0x130 [ 331.027501][T13281] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.033444][T13281] netlink_rcv_skb+0x431/0x620 [ 331.038240][T13281] ? genl_unbind+0x390/0x390 [ 331.042903][T13281] genl_rcv+0x63/0x80 [ 331.046932][T13281] netlink_unicast+0xf3e/0x1020 [ 331.051848][T13281] netlink_sendmsg+0x127e/0x12f0 [ 331.057030][T13281] ? netlink_getsockopt+0x1430/0x1430 [ 331.062451][T13281] ___sys_sendmsg+0x12ff/0x13c0 [ 331.067387][T13281] ? __fget_light+0x6b1/0x710 [ 331.072107][T13281] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.078048][T13281] __se_sys_sendmsg+0x305/0x460 [ 331.082955][T13281] __x64_sys_sendmsg+0x4a/0x70 [ 331.087753][T13281] do_syscall_64+0xbc/0xf0 [ 331.092200][T13281] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 331.098112][T13281] RIP: 0033:0x459819 [ 331.102047][T13281] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 331.121673][T13281] RSP: 002b:00007ff57f72fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 331.130292][T13281] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459819 [ 331.138464][T13281] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 331.146557][T13281] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 331.154664][T13281] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff57f7306d4 [ 331.162761][T13281] R13: 00000000004c75ab R14: 00000000004dcb38 R15: 00000000ffffffff [ 331.172107][T13281] Kernel Offset: disabled [ 331.176475][T13281] Rebooting in 86400 seconds..