[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 85.008049][ T31] audit: type=1800 audit(1566588456.055:25): pid=12239 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 85.033079][ T31] audit: type=1800 audit(1566588456.085:26): pid=12239 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 85.082239][ T31] audit: type=1800 audit(1566588456.105:27): pid=12239 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. 2019/08/23 19:27:51 fuzzer started 2019/08/23 19:27:57 dialing manager at 10.128.0.26:39323 2019/08/23 19:27:57 syscalls: 2376 2019/08/23 19:27:57 code coverage: enabled 2019/08/23 19:27:57 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/23 19:27:57 extra coverage: enabled 2019/08/23 19:27:57 setuid sandbox: enabled 2019/08/23 19:27:57 namespace sandbox: enabled 2019/08/23 19:27:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/23 19:27:57 fault injection: enabled 2019/08/23 19:27:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/23 19:27:57 net packet injection: enabled 2019/08/23 19:27:57 net device setup: enabled 19:30:19 executing program 0: r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_G_INPUT(r0, 0x80045626, &(0x7f0000000140)) syzkaller login: [ 249.152534][T12405] IPVS: ftp: loaded support on port[0] = 21 [ 249.305477][T12405] chnl_net:caif_netlink_parms(): no params data found [ 249.363254][T12405] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.370496][T12405] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.379782][T12405] device bridge_slave_0 entered promiscuous mode [ 249.390358][T12405] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.398130][T12405] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.406925][T12405] device bridge_slave_1 entered promiscuous mode [ 249.439861][T12405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.452882][T12405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.486700][T12405] team0: Port device team_slave_0 added [ 249.495931][T12405] team0: Port device team_slave_1 added [ 249.676834][T12405] device hsr_slave_0 entered promiscuous mode [ 249.932948][T12405] device hsr_slave_1 entered promiscuous mode [ 250.084029][T12405] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.091655][T12405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.099664][T12405] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.107504][T12405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.189416][T12405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.210292][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 250.226849][ T2881] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.236734][ T2881] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.250447][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 250.271173][T12405] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.290561][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.300810][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.310187][ T2881] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.317500][ T2881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.368080][T12405] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 250.378751][T12405] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 250.393810][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.404198][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.413272][ T2881] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.420734][ T2881] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.429504][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 250.440136][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 250.450730][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 250.460637][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 250.471147][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 250.481137][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 250.490861][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 250.500576][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 250.510480][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 250.520050][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 250.535017][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 250.544153][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 250.588213][T12405] 8021q: adding VLAN 0 to HW filter on device batadv0 19:30:21 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000140)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_MANUFACTURER_CMD(r0, 0xc0104320, 0x0) 19:30:21 executing program 0: syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x2, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[], 0x0}, 0x20) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000140)={0x3}) [ 250.857797][T12417] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 19:30:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, r1, 0x403, 0x0, 0x0, {{}, 0x0, 0x5, 0x0, {0x5, 0x19, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x0) 19:30:22 executing program 0: r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x0, 0x2) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000300)={0x8, @raw_data="156bfacb79287986eb8f7f8c4b663225a2dd0aeca0b38a818527fd6bbfe5a874bbec67b1c8f19ea084609fcd5e53c6fb97fc6645bf584bfe44d63a58350283e17d83f6da8ac948f6389462c652486e3e3950258b63d500851e0295a6fcecbcc050fe275dab7dc98813dd52ffef0fbb3b56d806b57b70ef006978d1ddcb106463d621533a38d3b3b2cc715e3addd3809fbd054de8abd6be2fa2388c89da0e1ddd78ab517c639e46ac18594797a144fc5983bce4fa04851ce08b66edb12bb0eab7ff346e81476a6a2e"}) 19:30:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r1, 0x403, 0x0, 0x0, {{}, 0x0, 0x5, 0x0, {0x2, 0x19, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x0) [ 251.196012][T12428] ================================================================== [ 251.204342][T12428] BUG: KMSAN: uninit-value in tipc_nl_compat_name_table_dump+0x59f/0xcf0 [ 251.213507][T12428] CPU: 0 PID: 12428 Comm: syz-executor.0 Not tainted 5.3.0-rc3+ #17 [ 251.222010][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.232668][T12428] Call Trace: [ 251.236244][T12428] dump_stack+0x191/0x1f0 [ 251.240768][T12428] kmsan_report+0x162/0x2d0 [ 251.245720][T12428] __msan_warning+0x75/0xe0 [ 251.250672][T12428] tipc_nl_compat_name_table_dump+0x59f/0xcf0 [ 251.257489][T12428] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 251.264022][T12428] ? tipc_nl_compat_name_table_dump_header+0x2c0/0x2c0 [ 251.271048][T12428] __tipc_nl_compat_dumpit+0x595/0xda0 [ 251.276747][T12428] tipc_nl_compat_dumpit+0x6fb/0x8b0 [ 251.282425][T12428] tipc_nl_compat_recv+0x1577/0x27b0 [ 251.287805][T12428] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 251.294055][T12428] ? tipc_nl_compat_link_reset_stats+0x4b0/0x4b0 [ 251.300797][T12428] ? tipc_nametbl_stop+0x1040/0x1040 [ 251.306295][T12428] ? tipc_nl_compat_name_table_dump_header+0x2c0/0x2c0 [ 251.313426][T12428] ? tipc_netlink_compat_stop+0x40/0x40 [ 251.319544][T12428] genl_rcv_msg+0x16c5/0x1f20 [ 251.324352][T12428] ? kmsan_set_origin+0x26d/0x340 [ 251.329931][T12428] netlink_rcv_skb+0x431/0x620 [ 251.334883][T12428] ? genl_unbind+0x390/0x390 [ 251.340373][T12428] genl_rcv+0x63/0x80 [ 251.344466][T12428] netlink_unicast+0xf6c/0x1050 [ 251.349345][T12428] netlink_sendmsg+0x110f/0x1330 [ 251.354316][T12428] ? netlink_getsockopt+0x1430/0x1430 [ 251.360010][T12428] ___sys_sendmsg+0x14ff/0x1590 [ 251.365367][T12428] ? __fget_light+0x6b1/0x710 [ 251.370149][T12428] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 251.376524][T12428] __se_sys_sendmsg+0x305/0x460 [ 251.381486][T12428] __x64_sys_sendmsg+0x4a/0x70 [ 251.386530][T12428] do_syscall_64+0xbc/0xf0 [ 251.391135][T12428] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.397033][T12428] RIP: 0033:0x459879 [ 251.400934][T12428] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.420721][T12428] RSP: 002b:00007f045992fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 251.429599][T12428] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 251.438023][T12428] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 251.446267][T12428] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 251.454849][T12428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f04599306d4 [ 251.463004][T12428] R13: 00000000004ce870 R14: 00000000004dcaf0 R15: 00000000ffffffff [ 251.471258][T12428] [ 251.473582][T12428] Uninit was created at: [ 251.477838][T12428] kmsan_internal_poison_shadow+0x53/0xa0 [ 251.484703][T12428] kmsan_slab_alloc+0xaa/0x120 [ 251.489670][T12428] __kmalloc_node_track_caller+0xb55/0x1320 [ 251.495633][T12428] __alloc_skb+0x306/0xa10 [ 251.500146][T12428] netlink_sendmsg+0x783/0x1330 [ 251.505004][T12428] ___sys_sendmsg+0x14ff/0x1590 [ 251.509852][T12428] __se_sys_sendmsg+0x305/0x460 [ 251.515043][T12428] __x64_sys_sendmsg+0x4a/0x70 [ 251.519923][T12428] do_syscall_64+0xbc/0xf0 [ 251.524549][T12428] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.530796][T12428] ================================================================== [ 251.539823][T12428] Disabling lock debugging due to kernel taint [ 251.546520][T12428] Kernel panic - not syncing: panic_on_warn set ... [ 251.553644][T12428] CPU: 0 PID: 12428 Comm: syz-executor.0 Tainted: G B 5.3.0-rc3+ #17 [ 251.563351][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.573763][T12428] Call Trace: [ 251.577067][T12428] dump_stack+0x191/0x1f0 [ 251.581630][T12428] panic+0x3c9/0xc1e [ 251.585654][T12428] kmsan_report+0x2ca/0x2d0 [ 251.590439][T12428] __msan_warning+0x75/0xe0 [ 251.595049][T12428] tipc_nl_compat_name_table_dump+0x59f/0xcf0 [ 251.601221][T12428] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 251.607554][T12428] ? tipc_nl_compat_name_table_dump_header+0x2c0/0x2c0 [ 251.615107][T12428] __tipc_nl_compat_dumpit+0x595/0xda0 [ 251.620831][T12428] tipc_nl_compat_dumpit+0x6fb/0x8b0 [ 251.626790][T12428] tipc_nl_compat_recv+0x1577/0x27b0 [ 251.632350][T12428] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 251.638356][T12428] ? tipc_nl_compat_link_reset_stats+0x4b0/0x4b0 [ 251.644878][T12428] ? tipc_nametbl_stop+0x1040/0x1040 [ 251.650170][T12428] ? tipc_nl_compat_name_table_dump_header+0x2c0/0x2c0 [ 251.657375][T12428] ? tipc_netlink_compat_stop+0x40/0x40 [ 251.663013][T12428] genl_rcv_msg+0x16c5/0x1f20 [ 251.667834][T12428] ? kmsan_set_origin+0x26d/0x340 [ 251.672962][T12428] netlink_rcv_skb+0x431/0x620 [ 251.677818][T12428] ? genl_unbind+0x390/0x390 [ 251.682805][T12428] genl_rcv+0x63/0x80 [ 251.687147][T12428] netlink_unicast+0xf6c/0x1050 [ 251.692198][T12428] netlink_sendmsg+0x110f/0x1330 [ 251.697392][T12428] ? netlink_getsockopt+0x1430/0x1430 [ 251.703226][T12428] ___sys_sendmsg+0x14ff/0x1590 [ 251.708831][T12428] ? __fget_light+0x6b1/0x710 [ 251.713884][T12428] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 251.720481][T12428] __se_sys_sendmsg+0x305/0x460 [ 251.725985][T12428] __x64_sys_sendmsg+0x4a/0x70 [ 251.731893][T12428] do_syscall_64+0xbc/0xf0 [ 251.737853][T12428] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.746640][T12428] RIP: 0033:0x459879 [ 251.751461][T12428] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.772554][T12428] RSP: 002b:00007f045992fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 251.781089][T12428] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 251.789309][T12428] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 251.797642][T12428] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 251.806152][T12428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f04599306d4 [ 251.814389][T12428] R13: 00000000004ce870 R14: 00000000004dcaf0 R15: 00000000ffffffff [ 251.825215][T12428] Kernel Offset: disabled [ 251.830417][T12428] Rebooting in 86400 seconds..