[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 96.331375] audit: type=1800 audit(1552513743.376:25): pid=10284 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 96.350698] audit: type=1800 audit(1552513743.376:26): pid=10284 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 96.370254] audit: type=1800 audit(1552513743.406:27): pid=10284 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. 2019/03/13 21:49:19 fuzzer started 2019/03/13 21:49:24 dialing manager at 10.128.0.26:37519 2019/03/13 21:49:24 syscalls: 1 2019/03/13 21:49:24 code coverage: enabled 2019/03/13 21:49:24 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/13 21:49:24 extra coverage: extra coverage is not supported by the kernel 2019/03/13 21:49:24 setuid sandbox: enabled 2019/03/13 21:49:24 namespace sandbox: enabled 2019/03/13 21:49:24 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/13 21:49:24 fault injection: enabled 2019/03/13 21:49:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/13 21:49:24 net packet injection: enabled 2019/03/13 21:49:24 net device setup: enabled 21:52:41 executing program 0: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x8000000000000a6, 0x9, 0x0, 0xffffffffffffffff, 0x3}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000000700)={0xd, 0x0, 0x0, 0x0, 0x0, r0}, 0x2c) syzkaller login: [ 315.417068] IPVS: ftp: loaded support on port[0] = 21 [ 315.587325] chnl_net:caif_netlink_parms(): no params data found [ 315.667967] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.674795] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.683655] device bridge_slave_0 entered promiscuous mode [ 315.693515] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.700129] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.709025] device bridge_slave_1 entered promiscuous mode [ 315.746371] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 315.758473] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 315.795625] team0: Port device team_slave_0 added [ 315.804996] team0: Port device team_slave_1 added [ 315.898320] device hsr_slave_0 entered promiscuous mode [ 316.042920] device hsr_slave_1 entered promiscuous mode [ 316.317138] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.323970] bridge0: port 2(bridge_slave_1) entered forwarding state [ 316.331260] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.338025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 316.429993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 316.453668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 316.465944] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.475849] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.488520] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 316.509720] 8021q: adding VLAN 0 to HW filter on device team0 [ 316.529963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 316.538519] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.545464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 316.607764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 316.616398] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.623108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 316.634775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 316.644261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 316.654054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 316.664541] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 316.683219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 316.691892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 316.716296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 316.760407] 8021q: adding VLAN 0 to HW filter on device batadv0 21:52:44 executing program 0: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x8000000000000a6, 0x9, 0x0, 0xffffffffffffffff, 0x3}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000000700)={0xd, 0x0, 0x0, 0x0, 0x0, r0}, 0x2c) 21:52:44 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) lstat(&(0x7f0000000240)='./file0/file0/../file0\x00', 0x0) read$FUSE(r0, &(0x7f0000003000), 0x10e6) stat(&(0x7f00000004c0)='./file0/file0/../file0\x00', 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="9000000000000000020000000000000001f916bfdfbc988ae80046070000000000000076656d31000000000000000000f386616a1a0a3c00000000d8d4df6600000000f6619fed3823dad0c82aebd8b511535650f5b7c9c6bd3276ce8c946100000093000000051c0005000000000079737465346a48be1b31486dcc637075736574636772185f426bbb9299b7f5c20a"], 0x90) 21:52:44 executing program 0: perf_event_open(&(0x7f000001d000)={0x4, 0x70, 0x41, 0x8008001, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe348, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x8, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) socket$inet6(0xa, 0xb, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x280, 0x0) ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0x5) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/full\x00', 0x400, 0x0) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000340)={0x0, {0x2, 0x4e21, @local}, {0x2, 0x4e20, @multicast2}, {0x2, 0x4e24, @dev}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0xfffffffffffffff9}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getpid() stat(0x0, &(0x7f0000000240)) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) socket$inet(0x2, 0x3, 0x5) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 317.663759] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 21:52:44 executing program 0: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="3c000700030001000000000025000000000000000000"], 0x16) sendfile(r0, r0, &(0x7f0000000140), 0xffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1e4, &(0x7f0000000000)=[{}]}, 0x10) [ 318.007613] hrtimer: interrupt took 44358 ns 21:52:45 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x143e) 21:52:45 executing program 0: r0 = socket$inet6(0xa, 0x8000000000000802, 0x88) sendmsg$inet_sctp(r0, &(0x7f0000a29000)={&(0x7f00005dafe4)=@in6={0xa, 0x3, 0x0, @mcast2}, 0x1c, 0x0}, 0x8000) sendto$inet6(r0, &(0x7f0000b0cf6e), 0x0, 0x0, 0x0, 0x0) 21:52:45 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x2000c0984124, 0xfffffffffffffffd) io_setup(0x4, &(0x7f0000000000)) ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f00000001c0)) 21:52:45 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000240), 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='vboxnet1@\x00', r1}, 0x10) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)=""/49, 0x31}], 0x10000023, &(0x7f00000002c0)=""/77, 0xf76925ac}, 0x0) recvmsg$kcm(r2, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x100, 0x0) ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000440)=0x0) waitid(0x1, r5, &(0x7f00000003c0), 0x2, &(0x7f00000004c0)) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x8000000000000000, &(0x7f0000000100), 0x4c, &(0x7f0000000000), 0xf}, 0x0) [ 318.978377] ================================================================== [ 318.985941] BUG: KMSAN: uninit-value in __se_sys_waitid+0x32c/0xb30 [ 318.992467] CPU: 0 PID: 10492 Comm: syz-executor.0 Not tainted 5.0.0+ #12 [ 318.999421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.008894] Call Trace: [ 319.011626] dump_stack+0x173/0x1d0 [ 319.015310] kmsan_report+0x12e/0x2a0 [ 319.019206] kmsan_internal_check_memory+0xa62/0xb80 [ 319.024408] kmsan_check_memory+0xd/0x10 [ 319.028633] __se_sys_waitid+0x32c/0xb30 [ 319.033017] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 319.038710] ? prepare_exit_to_usermode+0x114/0x420 [ 319.043900] ? kmsan_get_shadow_origin_ptr+0x70/0x490 [ 319.049512] ? syscall_return_slowpath+0xb2/0x650 [ 319.054658] __x64_sys_waitid+0x62/0x80 [ 319.058695] do_syscall_64+0xbc/0xf0 [ 319.062569] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 319.067816] RIP: 0033:0x457f29 [ 319.071143] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.090187] RSP: 002b:00007f12abd6cc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000f7 [ 319.097933] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457f29 [ 319.105256] RDX: 00000000200003c0 RSI: 0000000000000000 RDI: 0000000000000001 [ 319.112562] RBP: 000000000073bfa0 R08: 00000000200004c0 R09: 0000000000000000 [ 319.119872] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f12abd6d6d4 [ 319.127181] R13: 00000000004c6d82 R14: 00000000004dc5d0 R15: 00000000ffffffff [ 319.134497] [ 319.136149] Local variable description: ----__pu_val120.i@__se_sys_waitid [ 319.143084] Variable was created at: [ 319.146932] __se_sys_waitid+0x18c/0xb30 [ 319.151028] __x64_sys_waitid+0x62/0x80 [ 319.155020] [ 319.156667] Bytes 0-3 of 4 are uninitialized [ 319.161097] Memory access of size 4 starts at ffff8880812bfe78 [ 319.167097] ================================================================== [ 319.174478] Disabling lock debugging due to kernel taint [ 319.179956] Kernel panic - not syncing: panic_on_warn set ... [ 319.185886] CPU: 0 PID: 10492 Comm: syz-executor.0 Tainted: G B 5.0.0+ #12 [ 319.194228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.203630] Call Trace: [ 319.206279] dump_stack+0x173/0x1d0 [ 319.209962] panic+0x3d1/0xb01 [ 319.213236] kmsan_report+0x293/0x2a0 [ 319.217091] kmsan_internal_check_memory+0xa62/0xb80 [ 319.222315] kmsan_check_memory+0xd/0x10 [ 319.226425] __se_sys_waitid+0x32c/0xb30 [ 319.230669] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 319.236167] ? prepare_exit_to_usermode+0x114/0x420 [ 319.241234] ? kmsan_get_shadow_origin_ptr+0x70/0x490 [ 319.246495] ? syscall_return_slowpath+0xb2/0x650 [ 319.251428] __x64_sys_waitid+0x62/0x80 [ 319.255575] do_syscall_64+0xbc/0xf0 [ 319.259355] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 319.264592] RIP: 0033:0x457f29 [ 319.267814] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.286858] RSP: 002b:00007f12abd6cc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000f7 [ 319.294917] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457f29 [ 319.302407] RDX: 00000000200003c0 RSI: 0000000000000000 RDI: 0000000000000001 [ 319.309816] RBP: 000000000073bfa0 R08: 00000000200004c0 R09: 0000000000000000 [ 319.317118] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f12abd6d6d4 [ 319.324420] R13: 00000000004c6d82 R14: 00000000004dc5d0 R15: 00000000ffffffff [ 319.332585] Kernel Offset: disabled [ 319.336264] Rebooting in 86400 seconds..