[?25l[?1c7[ ok 8[?25h[?0c. [ 72.709982] audit: type=1800 audit(1547758949.751:25): pid=9551 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 72.729176] audit: type=1800 audit(1547758949.751:26): pid=9551 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 72.748542] audit: type=1800 audit(1547758949.751:27): pid=9551 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. 2019/01/17 21:02:42 fuzzer started 2019/01/17 21:02:47 dialing manager at 10.128.0.26:36085 2019/01/17 21:02:47 syscalls: 1 2019/01/17 21:02:47 code coverage: enabled 2019/01/17 21:02:47 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/17 21:02:47 extra coverage: extra coverage is not supported by the kernel 2019/01/17 21:02:47 setuid sandbox: enabled 2019/01/17 21:02:47 namespace sandbox: enabled 2019/01/17 21:02:47 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/17 21:02:47 fault injection: enabled 2019/01/17 21:02:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/17 21:02:47 net packet injection: enabled 2019/01/17 21:02:47 net device setup: enabled 21:04:52 executing program 0: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000001b40)='cpuset.effective_mems\x00', 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000004440)={0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000001c80)="85379c98de871b54dfcfd64c5fb637478881770d96c6741ca8fa4ab8565b3c6b2ca1bed7e3ebfca5583a6d01c42ac10598da42ca7ef6", 0x36}, {0x0}, {0x0}], 0x3}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x3e, 0x0, &(0x7f0000000580)="ba6f3bbd933181761ec0da3f2e147fe2f0e9b93652ba572c4c50095ff96df94f0b68649e916de756e59f38316c3713fd851f382ad1306ee0c30d0a6b0b0e", 0x0, 0xa}, 0x28) socket$kcm(0x29, 0x2, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e000000220005000000c187185095cf0400b0eba0b4d65c0000000051894d5d1dac000000000000000000000000", 0x2e}], 0x1}, 0x0) perf_event_open(&(0x7f0000000240)={0x4, 0x70, 0x40000000000, 0x9, 0x0, 0x1, 0x0, 0x10001, 0x0, 0x0, 0x7, 0x9, 0x0, 0x0, 0x100000001, 0x233, 0x0, 0x8, 0x0, 0x0, 0x7, 0x7, 0x0, 0x8, 0x100000000, 0x0, 0xd3, 0x0, 0x7fffffff, 0x0, 0xd81f, 0x5, 0xda5d, 0x0, 0x9, 0x3c2, 0x7fffffff, 0x0, 0x0, 0x800, 0x2, @perf_bp={0x0, 0x2}, 0x80, 0x80000001, 0x0, 0x4, 0x6, 0x0, 0x80000001}, 0x0, 0x8, 0xffffffffffffffff, 0x8) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x867, 0x0, 0x9, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r5, &(0x7f000000df40)={&(0x7f000000de00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f000000df00)=[{&(0x7f000000de80)=""/103, 0x67}], 0x1}, 0x42) bpf$PROG_LOAD(0x5, &(0x7f000000df80)={0x1d, 0x6, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xe0, 0x0, 0x0, 0x0, 0x1000}, @call={0x85, 0x0, 0x0, 0x35}]}, &(0x7f0000000300)='GPL\x00', 0x39d3, 0x61, &(0x7f00000005c0)=""/97, 0x41100, 0x0, [], r6, 0x4}, 0x48) write$cgroup_subtree(r2, &(0x7f0000000400)=ANY=[@ANYBLOB="00637000800000a1153fedfcfb49dc5596bebcc99999d8b4b1a9970c937f470a4a5e746467e8753e5cf6983b7297efd1f84a83beec7300fd6622b88063e16f034206e129239cf62bdd912282a53fa4e6a5f68fc2a54b0a1999e26a9b8de459c5d3d5ddfab2d0fe29e83d9962593d78"], 0x6f) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r7 = perf_event_open$cgroup(&(0x7f0000000500)={0x0, 0x70, 0x3, 0x9, 0x1, 0x10001, 0x0, 0xfffffffffffffff9, 0x200, 0x8, 0x2c, 0x800000000000005, 0x7, 0x9, 0x9ab, 0x4, 0x2, 0x6900000, 0x1ff, 0x4, 0x86f2, 0x4fbdab61, 0x2, 0x3, 0x2e, 0xfe93, 0x2, 0x100, 0x5, 0x88000, 0x10001, 0x800000000002, 0x1010, 0x0, 0x7f, 0x9, 0x6, 0x83, 0x0, 0x3, 0x0, @perf_bp={&(0x7f00000000c0), 0xf}, 0x2000, 0x4, 0x7, 0xb, 0x2, 0x8, 0x1ff}, r1, 0xc, 0xffffffffffffffff, 0x2) openat$cgroup_subtree(r5, &(0x7f0000000200)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x70, 0x8, 0x103, 0x4, 0x0, 0x0, 0x7, 0x200, 0x4, 0x1, 0x101, 0x8001, 0x5, 0x7ff, 0x7fff, 0x7f, 0x0, 0x9, 0x8, 0x5, 0xfff, 0x374d, 0x3ff, 0x25, 0x4, 0x3, 0x3f, 0x80, 0xa8, 0x40, 0x7fffffff, 0xdad, 0x2, 0x4, 0x800, 0x2000000000, 0x8, 0x0, 0x6, 0x4, @perf_bp={&(0x7f0000000340), 0x4}, 0x20000, 0x200, 0x7a77, 0x0, 0x2, 0x7f, 0x2}, 0xffffffffffffffff, 0xa, r7, 0x8) write$cgroup_pid(r4, &(0x7f0000000000), 0xfffffea6) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x4) socket$kcm(0x29, 0x5, 0x0) syzkaller login: [ 216.163727] IPVS: ftp: loaded support on port[0] = 21 [ 216.296406] chnl_net:caif_netlink_parms(): no params data found [ 216.359032] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.365630] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.373793] device bridge_slave_0 entered promiscuous mode [ 216.382322] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.388780] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.397281] device bridge_slave_1 entered promiscuous mode [ 216.426946] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.437887] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.465702] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 216.474022] team0: Port device team_slave_0 added [ 216.480166] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.488399] team0: Port device team_slave_1 added [ 216.494495] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 216.502741] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 216.625323] device hsr_slave_0 entered promiscuous mode [ 216.662772] device hsr_slave_1 entered promiscuous mode [ 216.882905] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 216.890337] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 216.916335] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.922884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.929948] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.936499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.011444] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 217.017783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.029842] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 217.042960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.053414] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.063184] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.075277] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 217.090687] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 217.097095] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.113640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.122081] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.128540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.174762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.183235] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.189696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.199153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.208724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.233165] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 217.243282] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 217.254807] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 217.275944] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 217.287789] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 217.295857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 217.304465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 217.323938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.343876] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 217.504990] netlink: 26 bytes leftover after parsing attributes in process `syz-executor0'. [ 217.533693] hrtimer: interrupt took 34593 ns [ 217.583081] netlink: 26 bytes leftover after parsing attributes in process `syz-executor0'. 21:04:54 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xa, 0x9, 0xbecc, 0x80, 0x10}, 0x2c) 21:04:54 executing program 0: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000140)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000000)="c1080000bbc1000000011fe4ac141412e0", 0x11}], 0x1}, 0x0) [ 217.792557] ================================================================== [ 217.799989] BUG: KMSAN: uninit-value in ___neigh_create+0x20cc/0x2890 [ 217.806577] CPU: 1 PID: 9728 Comm: syz-executor0 Not tainted 5.0.0-rc1+ #7 [ 217.813601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.822951] Call Trace: [ 217.825549] dump_stack+0x173/0x1d0 [ 217.829190] kmsan_report+0x12e/0x2a0 [ 217.833008] __msan_warning+0x82/0xf0 [ 217.836820] ___neigh_create+0x20cc/0x2890 [ 217.841095] __neigh_create+0xbd/0xd0 [ 217.844916] ip_finish_output2+0xa0f/0x1820 [ 217.849263] ip_finish_output+0xd2b/0xfd0 [ 217.853433] ip_output+0x53f/0x610 [ 217.856987] ? ip_mc_finish_output+0x3b0/0x3b0 [ 217.861574] ? ip_finish_output+0xfd0/0xfd0 [ 217.865910] ip_local_out+0x164/0x1d0 [ 217.869723] iptunnel_xmit+0x8a7/0xde0 [ 217.873645] ip_tunnel_xmit+0x35b9/0x3980 [ 217.877832] ipgre_xmit+0x1098/0x11c0 [ 217.881664] ? ipgre_close+0x230/0x230 [ 217.885558] dev_hard_start_xmit+0x604/0xc40 [ 217.889996] __dev_queue_xmit+0x2e48/0x3b80 [ 217.894353] dev_queue_xmit+0x4b/0x60 [ 217.898161] ? __netdev_pick_tx+0x1260/0x1260 [ 217.902667] packet_sendmsg+0x79bb/0x9760 [ 217.906832] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 217.912300] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 217.917500] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 217.922914] ___sys_sendmsg+0xdb9/0x11b0 [ 217.926993] ? compat_packet_setsockopt+0x360/0x360 [ 217.932023] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 217.937241] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 217.942614] ? __fget_light+0x6e1/0x750 [ 217.946617] __se_sys_sendmsg+0x305/0x460 [ 217.950789] __x64_sys_sendmsg+0x4a/0x70 [ 217.954860] do_syscall_64+0xbc/0xf0 [ 217.958585] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 217.963781] RIP: 0033:0x458099 [ 217.966980] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.985971] RSP: 002b:00007f1b30b1fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.994548] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458099 [ 218.001820] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 218.009303] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 218.016572] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1b30b206d4 [ 218.023851] R13: 00000000004c5590 R14: 00000000004d91c0 R15: 00000000ffffffff [ 218.031132] [ 218.032754] Uninit was created at: [ 218.036284] No stack [ 218.038608] ================================================================== [ 218.045959] Disabling lock debugging due to kernel taint [ 218.051402] Kernel panic - not syncing: panic_on_warn set ... [ 218.057317] CPU: 1 PID: 9728 Comm: syz-executor0 Tainted: G B 5.0.0-rc1+ #7 [ 218.065735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.075371] Call Trace: [ 218.077975] dump_stack+0x173/0x1d0 [ 218.081619] panic+0x3d1/0xb01 [ 218.084844] kmsan_report+0x293/0x2a0 [ 218.088660] __msan_warning+0x82/0xf0 [ 218.092472] ___neigh_create+0x20cc/0x2890 [ 218.096749] __neigh_create+0xbd/0xd0 [ 218.100567] ip_finish_output2+0xa0f/0x1820 [ 218.104919] ip_finish_output+0xd2b/0xfd0 [ 218.109088] ip_output+0x53f/0x610 [ 218.112648] ? ip_mc_finish_output+0x3b0/0x3b0 [ 218.117237] ? ip_finish_output+0xfd0/0xfd0 [ 218.121567] ip_local_out+0x164/0x1d0 [ 218.125394] iptunnel_xmit+0x8a7/0xde0 [ 218.129314] ip_tunnel_xmit+0x35b9/0x3980 [ 218.133504] ipgre_xmit+0x1098/0x11c0 [ 218.137324] ? ipgre_close+0x230/0x230 [ 218.141221] dev_hard_start_xmit+0x604/0xc40 [ 218.145666] __dev_queue_xmit+0x2e48/0x3b80 [ 218.150021] dev_queue_xmit+0x4b/0x60 [ 218.153834] ? __netdev_pick_tx+0x1260/0x1260 [ 218.158336] packet_sendmsg+0x79bb/0x9760 [ 218.162501] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 218.167964] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 218.173166] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 218.178577] ___sys_sendmsg+0xdb9/0x11b0 [ 218.182659] ? compat_packet_setsockopt+0x360/0x360 [ 218.187692] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 218.192891] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 218.198260] ? __fget_light+0x6e1/0x750 [ 218.202262] __se_sys_sendmsg+0x305/0x460 [ 218.206433] __x64_sys_sendmsg+0x4a/0x70 [ 218.210499] do_syscall_64+0xbc/0xf0 [ 218.214226] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 218.219437] RIP: 0033:0x458099 [ 218.222638] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 218.241943] RSP: 002b:00007f1b30b1fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 218.249653] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458099 [ 218.256926] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 218.264199] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 218.271469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1b30b206d4 [ 218.278743] R13: 00000000004c5590 R14: 00000000004d91c0 R15: 00000000ffffffff [ 218.286767] Kernel Offset: disabled [ 218.290392] Rebooting in 86400 seconds..