[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 106.383728] audit: type=1800 audit(1552049136.444:25): pid=11148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 106.402864] audit: type=1800 audit(1552049136.444:26): pid=11148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 106.422309] audit: type=1800 audit(1552049136.464:27): pid=11148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.165' (ECDSA) to the list of known hosts. 2019/03/08 12:45:51 fuzzer started 2019/03/08 12:45:56 dialing manager at 10.128.0.26:42131 2019/03/08 12:45:56 syscalls: 1 2019/03/08 12:45:56 code coverage: enabled 2019/03/08 12:45:56 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/08 12:45:56 extra coverage: extra coverage is not supported by the kernel 2019/03/08 12:45:56 setuid sandbox: enabled 2019/03/08 12:45:56 namespace sandbox: enabled 2019/03/08 12:45:56 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/08 12:45:56 fault injection: enabled 2019/03/08 12:45:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/08 12:45:56 net packet injection: enabled 2019/03/08 12:45:56 net device setup: enabled 12:48:44 executing program 0: ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000080)={0x0, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x60, &(0x7f0000000040)={0x0, @empty, 0x0, 0x0, 'dh\x00', 0x0, 0xffffffffffffffff}, 0x2c) syzkaller login: [ 295.349128] IPVS: ftp: loaded support on port[0] = 21 [ 295.520941] chnl_net:caif_netlink_parms(): no params data found [ 295.611645] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.618242] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.627078] device bridge_slave_0 entered promiscuous mode [ 295.637327] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.644001] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.652644] device bridge_slave_1 entered promiscuous mode [ 295.689227] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 295.701122] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 295.736100] team0: Port device team_slave_0 added [ 295.745447] team0: Port device team_slave_1 added [ 295.917189] device hsr_slave_0 entered promiscuous mode [ 296.032369] device hsr_slave_1 entered promiscuous mode [ 296.317412] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.324052] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.331218] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.337850] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.435336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 296.459693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 296.472758] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.492904] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.513961] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 296.534359] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.552435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 296.561213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 296.569749] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.576322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.634180] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 296.644026] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 296.657650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 296.666914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 296.675421] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.682007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.689906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 296.699302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 296.708953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 296.718167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 296.727224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 296.736439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 296.745482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 296.754249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 296.763489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 296.772159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 296.812615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.892728] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 296.901308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 12:48:47 executing program 0: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000240)="c109000000002f0000021fe4ac14140de0", 0x11}], 0x1}, 0x0) [ 297.071838] ================================================================== [ 297.079274] BUG: KMSAN: uninit-value in _raw_spin_lock_bh+0xea/0x130 [ 297.085787] CPU: 0 PID: 11326 Comm: syz-executor.0 Not tainted 5.0.0+ #11 [ 297.092725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.102085] Call Trace: [ 297.104705] dump_stack+0x173/0x1d0 [ 297.108372] kmsan_report+0x12e/0x2a0 [ 297.112203] __msan_warning+0x82/0xf0 [ 297.116037] _raw_spin_lock_bh+0xea/0x130 [ 297.120217] inet_frag_find+0x1223/0x24a0 [ 297.124403] ? ip4_obj_hashfn+0x430/0x430 [ 297.128621] ? ip_expire+0xbe0/0xbe0 [ 297.132352] ? ip4_key_hashfn+0x420/0x420 [ 297.136549] ? ip_expire+0xbe0/0xbe0 [ 297.140283] ? ip4_key_hashfn+0x420/0x420 [ 297.144457] ? ip_expire+0xbe0/0xbe0 [ 297.148186] ? ip4_key_hashfn+0x420/0x420 [ 297.152352] ? ip4_obj_hashfn+0x430/0x430 [ 297.156528] ip_defrag+0x47c/0x6310 [ 297.160179] ? do_syscall_64+0xbc/0xf0 [ 297.164119] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.169344] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 297.174738] ? should_fail+0x1fa/0xb20 [ 297.178702] ? apic_timer_interrupt+0xa/0x40 [ 297.183169] ipv4_conntrack_defrag+0x673/0x7d0 [ 297.187794] ? defrag4_net_exit+0xe0/0xe0 [ 297.191964] nf_hook_slow+0x176/0x3d0 [ 297.195810] __ip_local_out+0x6dc/0x800 [ 297.199822] ? __ip_local_out+0x800/0x800 [ 297.204006] ip_local_out+0xa4/0x1d0 [ 297.207770] iptunnel_xmit+0x8a7/0xde0 [ 297.211737] ip_tunnel_xmit+0x357d/0x3ca0 [ 297.215964] ipgre_xmit+0x1098/0x11c0 [ 297.219810] ? ipgre_close+0x230/0x230 [ 297.223728] dev_hard_start_xmit+0x604/0xc40 [ 297.228197] __dev_queue_xmit+0x2e48/0x3b80 [ 297.232627] dev_queue_xmit+0x4b/0x60 [ 297.236445] ? __netdev_pick_tx+0x1260/0x1260 [ 297.240963] packet_sendmsg+0x7d3a/0x8d30 [ 297.245163] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 297.250649] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.255867] ? aa_sk_perm+0x605/0x950 [ 297.259771] ___sys_sendmsg+0xdb9/0x11b0 [ 297.263877] ? compat_packet_setsockopt+0x360/0x360 [ 297.268930] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.274144] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 297.279524] ? __fget_light+0x6e1/0x750 [ 297.283550] __se_sys_sendmsg+0x305/0x460 [ 297.287767] __x64_sys_sendmsg+0x4a/0x70 [ 297.291850] do_syscall_64+0xbc/0xf0 [ 297.295591] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 297.300795] RIP: 0033:0x457f29 [ 297.304011] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 297.322925] RSP: 002b:00007f3599e5fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 297.330644] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 297.337930] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 297.345209] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.352487] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3599e606d4 [ 297.359763] R13: 00000000004c5561 R14: 00000000004d9408 R15: 00000000ffffffff [ 297.367063] [ 297.368695] Uninit was created at: [ 297.372243] No stack [ 297.374565] ================================================================== [ 297.381926] Disabling lock debugging due to kernel taint [ 297.387391] Kernel panic - not syncing: panic_on_warn set ... [ 297.393290] CPU: 0 PID: 11326 Comm: syz-executor.0 Tainted: G B 5.0.0+ #11 [ 297.401610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.410965] Call Trace: [ 297.413601] dump_stack+0x173/0x1d0 [ 297.417254] panic+0x3d1/0xb01 [ 297.420547] kmsan_report+0x293/0x2a0 [ 297.424393] __msan_warning+0x82/0xf0 [ 297.428222] _raw_spin_lock_bh+0xea/0x130 [ 297.432392] inet_frag_find+0x1223/0x24a0 [ 297.436558] ? ip4_obj_hashfn+0x430/0x430 [ 297.440757] ? ip_expire+0xbe0/0xbe0 [ 297.444503] ? ip4_key_hashfn+0x420/0x420 [ 297.448693] ? ip_expire+0xbe0/0xbe0 [ 297.452471] ? ip4_key_hashfn+0x420/0x420 [ 297.456629] ? ip_expire+0xbe0/0xbe0 [ 297.460353] ? ip4_key_hashfn+0x420/0x420 [ 297.464509] ? ip4_obj_hashfn+0x430/0x430 [ 297.468672] ip_defrag+0x47c/0x6310 [ 297.472316] ? do_syscall_64+0xbc/0xf0 [ 297.476240] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.481451] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 297.486831] ? should_fail+0x1fa/0xb20 [ 297.490759] ? apic_timer_interrupt+0xa/0x40 [ 297.495209] ipv4_conntrack_defrag+0x673/0x7d0 [ 297.499823] ? defrag4_net_exit+0xe0/0xe0 [ 297.503988] nf_hook_slow+0x176/0x3d0 [ 297.507832] __ip_local_out+0x6dc/0x800 [ 297.511839] ? __ip_local_out+0x800/0x800 [ 297.516024] ip_local_out+0xa4/0x1d0 [ 297.519777] iptunnel_xmit+0x8a7/0xde0 [ 297.523733] ip_tunnel_xmit+0x357d/0x3ca0 [ 297.527956] ipgre_xmit+0x1098/0x11c0 [ 297.531819] ? ipgre_close+0x230/0x230 [ 297.535752] dev_hard_start_xmit+0x604/0xc40 [ 297.540231] __dev_queue_xmit+0x2e48/0x3b80 [ 297.544619] dev_queue_xmit+0x4b/0x60 [ 297.548439] ? __netdev_pick_tx+0x1260/0x1260 [ 297.552959] packet_sendmsg+0x7d3a/0x8d30 [ 297.557144] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 297.562621] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.567858] ? aa_sk_perm+0x605/0x950 [ 297.571760] ___sys_sendmsg+0xdb9/0x11b0 [ 297.575865] ? compat_packet_setsockopt+0x360/0x360 [ 297.580914] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.586176] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 297.591555] ? __fget_light+0x6e1/0x750 [ 297.595581] __se_sys_sendmsg+0x305/0x460 [ 297.599782] __x64_sys_sendmsg+0x4a/0x70 [ 297.603877] do_syscall_64+0xbc/0xf0 [ 297.607620] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 297.612833] RIP: 0033:0x457f29 [ 297.616034] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 297.634942] RSP: 002b:00007f3599e5fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 297.642660] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 297.649933] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 297.657209] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.664490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3599e606d4 [ 297.671787] R13: 00000000004c5561 R14: 00000000004d9408 R15: 00000000ffffffff [ 297.679804] Kernel Offset: disabled [ 297.683434] Rebooting in 86400 seconds..