[ 73.580950] audit: type=1800 audit(1551952596.629:25): pid=9707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 73.600114] audit: type=1800 audit(1551952596.639:26): pid=9707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 73.619604] audit: type=1800 audit(1551952596.649:27): pid=9707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 74.743429] sshd (9771) used greatest stack depth: 54160 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. 2019/03/07 09:56:49 fuzzer started 2019/03/07 09:56:54 dialing manager at 10.128.0.26:34047 2019/03/07 09:56:54 syscalls: 1 2019/03/07 09:56:54 code coverage: enabled 2019/03/07 09:56:54 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/07 09:56:54 extra coverage: extra coverage is not supported by the kernel 2019/03/07 09:56:54 setuid sandbox: enabled 2019/03/07 09:56:54 namespace sandbox: enabled 2019/03/07 09:56:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/07 09:56:54 fault injection: enabled 2019/03/07 09:56:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/07 09:56:54 net packet injection: enabled 2019/03/07 09:56:54 net device setup: enabled 09:59:13 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000100)=""/8, &(0x7f0000000140)=0x8) syzkaller login: [ 230.862380] IPVS: ftp: loaded support on port[0] = 21 [ 230.998206] chnl_net:caif_netlink_parms(): no params data found [ 231.062670] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.069250] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.077455] device bridge_slave_0 entered promiscuous mode [ 231.086131] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.092607] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.100860] device bridge_slave_1 entered promiscuous mode [ 231.131582] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.142547] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.173211] team0: Port device team_slave_0 added [ 231.181196] team0: Port device team_slave_1 added [ 231.247646] device hsr_slave_0 entered promiscuous mode [ 231.413390] device hsr_slave_1 entered promiscuous mode [ 231.672887] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.679413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.686738] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.693267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.770115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.789697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 231.800653] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.810576] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.821452] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 231.840726] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.856561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.865066] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.871528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.923801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.932152] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.938711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.948539] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.957422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.966219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 231.974562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 231.986702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 231.994874] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 232.048295] 8021q: adding VLAN 0 to HW filter on device batadv0 09:59:15 executing program 0: r0 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0) ftruncate(r0, 0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x802, 0x0) sendfile(r1, r0, 0x0, 0x40801001) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r1, &(0x7f0000000280)=[{&(0x7f0000000040)}, {&(0x7f0000000140)=""/212, 0xd4}, {0x0}], 0x3) 09:59:15 executing program 0: r0 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0) ftruncate(r0, 0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x802, 0x0) sendfile(r1, r0, 0x0, 0x40801001) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r1, &(0x7f0000000280)=[{&(0x7f0000000040)}, {&(0x7f0000000140)=""/212, 0xd4}, {0x0}], 0x3) 09:59:16 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x108012, r0, 0x0) 09:59:16 executing program 0: seccomp(0x0, 0x0, 0x0) inotify_init1(0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/current\x00', 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = memfd_create(&(0x7f0000000340)='\f\xcd\x80\xbf\xcd\xbd\xfb\x8bwa\xc1WvU\xff\xc6\xb5%\xbd\n\x90\x9e\xa8\x94\xefC\x9f\xb1\xf4\x8arA\xa1\x88\xef\"/\xcd@\x19(\xb58\x88\xca\x8de*\xed\x89\x99\xa9*\xc3W&\xa4y]\xb5\x85P\xa7M\xf84\xcc\x91\xe7@\xdf\x8a\xc2*\x18\xd2:}\xae\xf6a\x02\x91\xf2\xc1\xc9\xcb\x90X0\xad\x02\xe9\x9b\xdd\x01\x8f\xfa\x9f\x16\x12pT1A\xcf.\x88\xf8b\x83e\x93K\x8ai\xb0|\xa6\xec\n\xf5\xe1|\xc6\x935\x92q\xaa\xfbv\x11\x02w/\xdb\xbe\xca\x94\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) ftruncate(r0, 0x8000) write(r0, &(0x7f0000000140)="0600", 0x2) sendfile(r0, r0, &(0x7f0000000100), 0x400000fffe) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000003, 0x11, r0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x444, &(0x7f0000000000)=[{}]}, 0x10) [ 233.154188] kauditd_printk_skb: 3 callbacks suppressed [ 233.154221] audit: type=1326 audit(1551952756.209:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9888 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ad8a code=0x0 [ 233.260749] ================================================================== [ 233.268179] BUG: KMSAN: uninit-value in bpf_convert_filter+0x2a33/0x5c50 [ 233.275035] CPU: 0 PID: 9891 Comm: syz-executor.0 Not tainted 5.0.0+ #11 [ 233.281881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.291261] Call Trace: [ 233.293882] dump_stack+0x173/0x1d0 [ 233.297533] kmsan_report+0x12e/0x2a0 [ 233.301350] __msan_warning+0x82/0xf0 [ 233.305222] bpf_convert_filter+0x2a33/0x5c50 [ 233.309848] bpf_prepare_filter+0x15e4/0x1c90 [ 233.314374] __get_filter+0x4f8/0x730 [ 233.318208] sk_attach_filter+0x72/0x2e0 [ 233.322312] sock_setsockopt+0x396f/0x4bb0 [ 233.326593] __sys_setsockopt+0x336/0x540 [ 233.330771] __se_sys_setsockopt+0xdd/0x100 [ 233.335115] __x64_sys_setsockopt+0x62/0x80 [ 233.339452] do_syscall_64+0xbc/0xf0 [ 233.343195] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.348395] RIP: 0033:0x457f29 [ 233.351596] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.370510] RSP: 002b:00007ff1468f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 233.378235] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457f29 [ 233.385602] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000008 [ 233.392878] RBP: 000000000073c040 R08: 0000000000000010 R09: 0000000000000000 [ 233.400162] R10: 000000002002eff0 R11: 0000000000000246 R12: 00007ff1468f36d4 [ 233.407452] R13: 00000000004c594f R14: 00000000004d9b88 R15: 00000000ffffffff [ 233.414754] [ 233.416388] Uninit was created at: [ 233.419926] No stack [ 233.422248] ================================================================== [ 233.429612] Disabling lock debugging due to kernel taint [ 233.435067] Kernel panic - not syncing: panic_on_warn set ... [ 233.440966] CPU: 0 PID: 9891 Comm: syz-executor.0 Tainted: G B 5.0.0+ #11 [ 233.449195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.458554] Call Trace: [ 233.461161] dump_stack+0x173/0x1d0 [ 233.464806] panic+0x3d1/0xb01 [ 233.468036] kmsan_report+0x293/0x2a0 [ 233.471855] __msan_warning+0x82/0xf0 [ 233.475674] bpf_convert_filter+0x2a33/0x5c50 [ 233.480265] bpf_prepare_filter+0x15e4/0x1c90 [ 233.484792] __get_filter+0x4f8/0x730 [ 233.488618] sk_attach_filter+0x72/0x2e0 [ 233.492697] sock_setsockopt+0x396f/0x4bb0 [ 233.496974] __sys_setsockopt+0x336/0x540 [ 233.501149] __se_sys_setsockopt+0xdd/0x100 [ 233.505499] __x64_sys_setsockopt+0x62/0x80 [ 233.509833] do_syscall_64+0xbc/0xf0 [ 233.513565] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.518777] RIP: 0033:0x457f29 [ 233.521981] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.540897] RSP: 002b:00007ff1468f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 233.548713] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457f29 [ 233.555999] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000008 [ 233.563309] RBP: 000000000073c040 R08: 0000000000000010 R09: 0000000000000000 [ 233.570590] R10: 000000002002eff0 R11: 0000000000000246 R12: 00007ff1468f36d4 [ 233.577876] R13: 00000000004c594f R14: 00000000004d9b88 R15: 00000000ffffffff [ 233.586025] Kernel Offset: disabled [ 233.589668] Rebooting in 86400 seconds..