[ 77.930611] audit: type=1800 audit(1551701565.975:25): pid=10508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 77.949819] audit: type=1800 audit(1551701565.985:26): pid=10508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 77.969269] audit: type=1800 audit(1551701565.995:27): pid=10508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 79.128478] sshd (10572) used greatest stack depth: 54192 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts. 2019/03/04 12:12:59 fuzzer started syzkaller login: [ 95.013945] cc1 (10663) used greatest stack depth: 54176 bytes left 2019/03/04 12:13:05 dialing manager at 10.128.0.26:34023 [ 97.012510] ld (10666) used greatest stack depth: 53632 bytes left 2019/03/04 12:13:05 syscalls: 1 2019/03/04 12:13:05 code coverage: enabled 2019/03/04 12:13:05 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/04 12:13:05 extra coverage: extra coverage is not supported by the kernel 2019/03/04 12:13:05 setuid sandbox: enabled 2019/03/04 12:13:05 namespace sandbox: enabled 2019/03/04 12:13:05 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/04 12:13:05 fault injection: enabled 2019/03/04 12:13:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/04 12:13:05 net packet injection: enabled 2019/03/04 12:13:05 net device setup: enabled 12:15:23 executing program 0: r0 = memfd_create(&(0x7f0000000300)='\vemI\xc1\x8dO\xc0\xa3\\\xe2\xcb\xa2\xba\xcb\xf4\x97\xac#*\xff\xc0\xd0\xe7\x99y\x05\f\xb9\x15R8\xce1\xb3\xd6\xcf\xbf\xaa\x88\xcb\xf0\x1cw61\x9f\xc2\x85+\x87 \\\xde\xde\x0f0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) [ 236.511220] IPVS: ftp: loaded support on port[0] = 21 [ 236.651449] chnl_net:caif_netlink_parms(): no params data found [ 236.725667] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.732284] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.740585] device bridge_slave_0 entered promiscuous mode [ 236.750036] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.756595] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.764906] device bridge_slave_1 entered promiscuous mode [ 236.796446] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.807410] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.836430] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 236.844896] team0: Port device team_slave_0 added [ 236.851171] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.859503] team0: Port device team_slave_1 added [ 236.866293] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.874672] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.996516] device hsr_slave_0 entered promiscuous mode [ 237.152653] device hsr_slave_1 entered promiscuous mode [ 237.422787] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 237.430364] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 237.457550] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.464118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.471155] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.477702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.555366] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 237.562053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.574235] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 237.587396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.597955] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.607227] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.618231] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 237.636665] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 237.642855] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.657054] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 237.664810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.674704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.683089] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.689531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.706793] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 237.719158] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 237.727569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.736466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.744724] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.751170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.759751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.776212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 237.788566] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.801922] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.815156] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 237.823395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.832977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.841752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.850308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.858837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.867408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 237.875840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 237.889145] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 237.896297] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 237.904476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 237.912962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 237.928775] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 237.935023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 237.968886] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 237.987554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.218795] bpf_jit: unknown opcode 00 12:15:26 executing program 0: r0 = memfd_create(&(0x7f0000000300)='\vemI\xc1\x8dO\xc0\xa3\\\xe2\xcb\xa2\xba\xcb\xf4\x97\xac#*\xff\xc0\xd0\xe7\x99y\x05\f\xb9\x15R8\xce1\xb3\xd6\xcf\xbf\xaa\x88\xcb\xf0\x1cw61\x9f\xc2\x85+\x87 \\\xde\xde\x0f0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) [ 238.462984] hrtimer: interrupt took 77263 ns [ 238.541306] ================================================================== [ 238.548804] BUG: KMSAN: uninit-value in bpf_convert_filter+0x2a33/0x5c50 [ 238.555686] CPU: 0 PID: 10683 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 238.563107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.572459] Call Trace: [ 238.575140] dump_stack+0x173/0x1d0 [ 238.578792] kmsan_report+0x12e/0x2a0 [ 238.582609] __msan_warning+0x82/0xf0 [ 238.586432] bpf_convert_filter+0x2a33/0x5c50 [ 238.591025] bpf_prepare_filter+0x15e4/0x1c90 [ 238.595551] __get_filter+0x4f8/0x730 [ 238.599374] sk_attach_filter+0x72/0x2e0 [ 238.603528] sock_setsockopt+0x396f/0x4bb0 [ 238.607976] __sys_setsockopt+0x336/0x540 [ 238.612161] __se_sys_setsockopt+0xdd/0x100 [ 238.616502] __x64_sys_setsockopt+0x62/0x80 [ 238.620834] do_syscall_64+0xbc/0xf0 [ 238.624627] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 238.629822] RIP: 0033:0x457e29 [ 238.633051] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 238.651970] RSP: 002b:00007f3b0f872c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 238.659705] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 238.666977] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000006 [ 238.674264] RBP: 000000000073bfa0 R08: 0000000000000010 R09: 0000000000000000 [ 238.681542] R10: 000000002002eff0 R11: 0000000000000246 R12: 00007f3b0f8736d4 [ 238.688824] R13: 00000000004c584f R14: 00000000004d9a88 R15: 00000000ffffffff [ 238.696109] [ 238.697733] Uninit was created at: [ 238.701260] No stack [ 238.703584] ================================================================== [ 238.710939] Disabling lock debugging due to kernel taint [ 238.716391] Kernel panic - not syncing: panic_on_warn set ... [ 238.722286] CPU: 0 PID: 10683 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 238.730859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.740208] Call Trace: [ 238.742812] dump_stack+0x173/0x1d0 [ 238.746448] panic+0x3d1/0xb01 [ 238.749674] kmsan_report+0x293/0x2a0 [ 238.753487] __msan_warning+0x82/0xf0 [ 238.757307] bpf_convert_filter+0x2a33/0x5c50 [ 238.761888] bpf_prepare_filter+0x15e4/0x1c90 [ 238.766412] __get_filter+0x4f8/0x730 [ 238.770228] sk_attach_filter+0x72/0x2e0 [ 238.774323] sock_setsockopt+0x396f/0x4bb0 [ 238.778590] __sys_setsockopt+0x336/0x540 [ 238.782763] __se_sys_setsockopt+0xdd/0x100 [ 238.787101] __x64_sys_setsockopt+0x62/0x80 [ 238.791427] do_syscall_64+0xbc/0xf0 [ 238.795160] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 238.800348] RIP: 0033:0x457e29 [ 238.803545] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 238.822452] RSP: 002b:00007f3b0f872c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 238.830163] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 238.837433] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000006 [ 238.844701] RBP: 000000000073bfa0 R08: 0000000000000010 R09: 0000000000000000 [ 238.851969] R10: 000000002002eff0 R11: 0000000000000246 R12: 00007f3b0f8736d4 [ 238.859238] R13: 00000000004c584f R14: 00000000004d9a88 R15: 00000000ffffffff [ 238.867335] Kernel Offset: disabled [ 238.870957] Rebooting in 86400 seconds..