[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 95.333490] audit: type=1800 audit(1553608046.383:25): pid=10565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 95.352586] audit: type=1800 audit(1553608046.393:26): pid=10565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 95.372066] audit: type=1800 audit(1553608046.403:27): pid=10565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. 2019/03/26 13:47:42 parsed 1 programs 2019/03/26 13:47:49 executed programs: 0 syzkaller login: [ 118.797877] IPVS: ftp: loaded support on port[0] = 21 [ 118.889322] chnl_net:caif_netlink_parms(): no params data found [ 118.935139] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.943383] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.951014] device bridge_slave_0 entered promiscuous mode [ 118.959230] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.965806] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.973835] device bridge_slave_1 entered promiscuous mode [ 118.996840] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.006884] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.029942] team0: Port device team_slave_0 added [ 119.037469] team0: Port device team_slave_1 added [ 119.095078] device hsr_slave_0 entered promiscuous mode [ 119.152348] device hsr_slave_1 entered promiscuous mode [ 119.204792] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.211284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.218482] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.224980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.276215] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.290369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.299946] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.308247] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.316340] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 119.330940] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.343493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.351323] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.357884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.374436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.382569] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.389065] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.410120] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.419373] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.433213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.452594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.460582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.473215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.498964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.580557] ================================================================== [ 119.587987] BUG: KMSAN: uninit-value in gre_parse_header+0x1396/0x1690 [ 119.594688] CPU: 1 PID: 10736 Comm: syz-executor.0 Not tainted 5.0.0+ #17 [ 119.601625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.610995] Call Trace: [ 119.613581] [ 119.615747] dump_stack+0x173/0x1d0 [ 119.619391] kmsan_report+0x131/0x2a0 [ 119.623213] __msan_warning+0x7a/0xf0 [ 119.627027] gre_parse_header+0x1396/0x1690 [ 119.631368] gre_rcv+0x1db/0x1720 [ 119.634818] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 119.640178] ? raw_local_deliver+0xfc/0x1960 [ 119.644583] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 119.649971] ? erspan_xmit+0x38f0/0x38f0 [ 119.654042] gre_rcv+0x2dd/0x3c0 [ 119.657404] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 119.662593] ? gre_parse_header+0x1690/0x1690 [ 119.667088] ip_protocol_deliver_rcu+0x584/0xbb0 [ 119.671880] ip_local_deliver+0x624/0x7b0 [ 119.676051] ? ip_local_deliver+0x7b0/0x7b0 [ 119.680476] ? ip_protocol_deliver_rcu+0xbb0/0xbb0 [ 119.685415] ip_rcv+0x6bd/0x740 [ 119.688706] ? ip_rcv_core+0x11d0/0x11d0 [ 119.692764] process_backlog+0x756/0x10e0 [ 119.697026] ? ip_local_deliver_finish+0x320/0x320 [ 119.701981] ? rps_trigger_softirq+0x2e0/0x2e0 [ 119.706592] net_rx_action+0x78b/0x1a60 [ 119.710605] ? net_tx_action+0xca0/0xca0 [ 119.714706] __do_softirq+0x53f/0x93a [ 119.718531] do_softirq_own_stack+0x49/0x80 [ 119.722845] [ 119.725090] __local_bh_enable_ip+0x16f/0x1a0 [ 119.729607] local_bh_enable+0x36/0x40 [ 119.733507] ip_finish_output2+0x1627/0x1820 [ 119.737946] ip_finish_output+0xd2b/0xfd0 [ 119.742123] ip_mc_output+0x117a/0x1700 [ 119.746121] ? ip_mc_finish_output+0x3b0/0x3b0 [ 119.750705] ? ip_build_and_send_pkt+0xe80/0xe80 [ 119.755461] raw_sendmsg+0x4182/0x4610 [ 119.759397] ? aa_sk_perm+0x605/0x950 [ 119.763202] ? raw_getfrag+0x590/0x590 [ 119.767094] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 119.772309] ? compat_raw_ioctl+0x100/0x100 [ 119.776626] inet_sendmsg+0x54a/0x720 [ 119.780435] ? inet_getname+0x490/0x490 [ 119.784402] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 119.789593] ? inet_getname+0x490/0x490 [ 119.793575] __sys_sendto+0x8c4/0xac0 [ 119.797395] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 119.802584] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 119.808042] ? prepare_exit_to_usermode+0x114/0x420 [ 119.813073] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 119.818538] ? syscall_return_slowpath+0x50/0x650 [ 119.823445] __se_sys_sendto+0x107/0x130 [ 119.827534] __x64_sys_sendto+0x6e/0x90 [ 119.831506] do_syscall_64+0xbc/0xf0 [ 119.835244] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 119.840426] RIP: 0033:0x458209 [ 119.843628] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 119.862535] RSP: 002b:00007ffcc6e676e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 119.870234] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458209 [ 119.877494] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 0000000000000003 [ 119.884753] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120 [ 119.892018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001f17914 [ 119.899280] R13: 00000000004c58b8 R14: 00000000004d9838 R15: 00000000ffffffff [ 119.906555] [ 119.908174] Uninit was stored to memory at: [ 119.912509] kmsan_internal_chain_origin+0x134/0x230 [ 119.917624] kmsan_memcpy_memmove_metadata+0xb5b/0xfe0 [ 119.922903] kmsan_memcpy_metadata+0xb/0x10 [ 119.927233] __msan_memcpy+0x58/0x70 [ 119.930939] pskb_expand_head+0x34c/0x18f0 [ 119.935170] ip_tunnel_xmit+0x3290/0x3ca0 [ 119.939318] erspan_xmit+0x27c7/0x38f0 [ 119.943198] dev_hard_start_xmit+0x604/0xc40 [ 119.947604] sch_direct_xmit+0x58a/0x880 [ 119.951682] __qdisc_run+0x1cb7/0x34d0 [ 119.955579] __dev_queue_xmit+0x215c/0x3b80 [ 119.959894] dev_queue_xmit+0x4b/0x60 [ 119.963693] neigh_resolve_output+0xab7/0xb40 [ 119.968189] ip_finish_output2+0x1611/0x1820 [ 119.972601] ip_finish_output+0xd2b/0xfd0 [ 119.976739] ip_mc_output+0x117a/0x1700 [ 119.980700] raw_sendmsg+0x4182/0x4610 [ 119.984575] inet_sendmsg+0x54a/0x720 [ 119.988364] __sys_sendto+0x8c4/0xac0 [ 119.992155] __se_sys_sendto+0x107/0x130 [ 119.996219] __x64_sys_sendto+0x6e/0x90 [ 120.000214] do_syscall_64+0xbc/0xf0 [ 120.004024] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 120.009221] [ 120.010859] Uninit was created at: [ 120.014394] kmsan_internal_poison_shadow+0x92/0x150 [ 120.019488] kmsan_kmalloc+0xa6/0x130 [ 120.023277] kmsan_slab_alloc+0xe/0x10 [ 120.027156] __kmalloc_node_track_caller+0xe9e/0xff0 [ 120.032249] __alloc_skb+0x309/0xa20 [ 120.035956] alloc_skb_with_frags+0x186/0xa60 [ 120.040463] sock_alloc_send_pskb+0xafd/0x10a0 [ 120.045033] sock_alloc_send_skb+0xca/0xe0 [ 120.049263] raw_sendmsg+0x25f5/0x4610 [ 120.053158] inet_sendmsg+0x54a/0x720 [ 120.056966] __sys_sendto+0x8c4/0xac0 [ 120.060764] __se_sys_sendto+0x107/0x130 [ 120.064813] __x64_sys_sendto+0x6e/0x90 [ 120.068776] do_syscall_64+0xbc/0xf0 [ 120.072493] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 120.077678] ================================================================== [ 120.085022] Disabling lock debugging due to kernel taint [ 120.090458] Kernel panic - not syncing: panic_on_warn set ... [ 120.096335] CPU: 1 PID: 10736 Comm: syz-executor.0 Tainted: G B 5.0.0+ #17 [ 120.104635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.113983] Call Trace: [ 120.116566] [ 120.118733] dump_stack+0x173/0x1d0 [ 120.122380] panic+0x3d1/0xb01 [ 120.125612] kmsan_report+0x29a/0x2a0 [ 120.129436] __msan_warning+0x7a/0xf0 [ 120.133242] gre_parse_header+0x1396/0x1690 [ 120.137612] gre_rcv+0x1db/0x1720 [ 120.141103] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 120.146467] ? raw_local_deliver+0xfc/0x1960 [ 120.150872] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 120.156243] ? erspan_xmit+0x38f0/0x38f0 [ 120.160302] gre_rcv+0x2dd/0x3c0 [ 120.163672] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 120.168876] ? gre_parse_header+0x1690/0x1690 [ 120.173367] ip_protocol_deliver_rcu+0x584/0xbb0 [ 120.178129] ip_local_deliver+0x624/0x7b0 [ 120.182347] ? ip_local_deliver+0x7b0/0x7b0 [ 120.186683] ? ip_protocol_deliver_rcu+0xbb0/0xbb0 [ 120.191617] ip_rcv+0x6bd/0x740 [ 120.194928] ? ip_rcv_core+0x11d0/0x11d0 [ 120.199012] process_backlog+0x756/0x10e0 [ 120.203171] ? ip_local_deliver_finish+0x320/0x320 [ 120.208098] ? rps_trigger_softirq+0x2e0/0x2e0 [ 120.212767] net_rx_action+0x78b/0x1a60 [ 120.216752] ? net_tx_action+0xca0/0xca0 [ 120.220822] __do_softirq+0x53f/0x93a [ 120.224630] do_softirq_own_stack+0x49/0x80 [ 120.228957] [ 120.231188] __local_bh_enable_ip+0x16f/0x1a0 [ 120.235687] local_bh_enable+0x36/0x40 [ 120.239566] ip_finish_output2+0x1627/0x1820 [ 120.243988] ip_finish_output+0xd2b/0xfd0 [ 120.248319] ip_mc_output+0x117a/0x1700 [ 120.252320] ? ip_mc_finish_output+0x3b0/0x3b0 [ 120.257000] ? ip_build_and_send_pkt+0xe80/0xe80 [ 120.261759] raw_sendmsg+0x4182/0x4610 [ 120.265697] ? aa_sk_perm+0x605/0x950 [ 120.269505] ? raw_getfrag+0x590/0x590 [ 120.273389] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 120.278578] ? compat_raw_ioctl+0x100/0x100 [ 120.282906] inet_sendmsg+0x54a/0x720 [ 120.286701] ? inet_getname+0x490/0x490 [ 120.290673] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 120.295858] ? inet_getname+0x490/0x490 [ 120.299840] __sys_sendto+0x8c4/0xac0 [ 120.303678] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 120.308866] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 120.314308] ? prepare_exit_to_usermode+0x114/0x420 [ 120.319317] ? kmsan_get_shadow_origin_ptr+0x73/0x490 [ 120.324499] ? syscall_return_slowpath+0x50/0x650 [ 120.329354] __se_sys_sendto+0x107/0x130 [ 120.333427] __x64_sys_sendto+0x6e/0x90 [ 120.337401] do_syscall_64+0xbc/0xf0 [ 120.341128] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 120.346308] RIP: 0033:0x458209 [ 120.349499] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 120.368407] RSP: 002b:00007ffcc6e676e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 120.376140] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458209 [ 120.383403] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 0000000000000003 [ 120.390681] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120 [ 120.397959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001f17914 [ 120.405226] R13: 00000000004c58b8 R14: 00000000004d9838 R15: 00000000ffffffff [ 120.413278] Kernel Offset: disabled [ 120.416911] Rebooting in 86400 seconds..