[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 104.710203][ T31] audit: type=1800 audit(1564045065.755:25): pid=12171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 104.734904][ T31] audit: type=1800 audit(1564045065.785:26): pid=12171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 104.772184][ T31] audit: type=1800 audit(1564045065.805:27): pid=12171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. syzkaller login: [ 117.041491][T12323] IPVS: ftp: loaded support on port[0] = 21 [ 117.130451][T12323] chnl_net:caif_netlink_parms(): no params data found [ 117.174775][T12323] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.182058][T12323] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.190368][T12323] device bridge_slave_0 entered promiscuous mode [ 117.199302][T12323] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.206564][T12323] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.215330][T12323] device bridge_slave_1 entered promiscuous mode [ 117.239567][T12323] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 117.250929][T12323] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 117.275906][T12323] team0: Port device team_slave_0 added [ 117.284675][T12323] team0: Port device team_slave_1 added [ 117.345913][T12323] device hsr_slave_0 entered promiscuous mode [ 117.392476][T12323] device hsr_slave_1 entered promiscuous mode [ 117.488239][T12323] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.495587][T12323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.503458][T12323] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.510622][T12323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.576088][T12323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.593743][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 117.603880][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.612956][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.621674][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 117.640726][T12323] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.654919][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 117.663998][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.671141][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.696680][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 117.708851][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.716129][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.731323][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 117.743180][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 117.759258][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 117.781830][T12323] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 117.792894][T12323] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 117.815469][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 117.825438][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 117.837011][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 117.868755][T12323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.922405][T12323] raw_sendmsg: syz-executor773 forgot to set AF_INET. Fix it! [ 117.931571][ C0] ================================================================== [ 117.939648][ C0] BUG: KMSAN: uninit-value in gre_parse_header+0x1395/0x1690 [ 117.947022][ C0] CPU: 0 PID: 12323 Comm: syz-executor773 Not tainted 5.2.0+ #15 [ 117.954742][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.965085][ C0] Call Trace: [ 117.968368][ C0] [ 117.971257][ C0] dump_stack+0x191/0x1f0 [ 117.975598][ C0] kmsan_report+0x162/0x2d0 [ 117.980106][ C0] __msan_warning+0x75/0xe0 [ 117.984634][ C0] gre_parse_header+0x1395/0x1690 [ 117.989689][ C0] gre_rcv+0x1cb/0x1900 [ 117.993861][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 117.999749][ C0] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 118.005807][ C0] ? raw_local_deliver+0xdd/0x1930 [ 118.010920][ C0] ? erspan_xmit+0x35c0/0x35c0 [ 118.015761][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.021651][ C0] ? erspan_xmit+0x35c0/0x35c0 [ 118.026405][ C0] gre_rcv+0x2dd/0x3c0 [ 118.030471][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.036366][ C0] ? gre_parse_header+0x1690/0x1690 [ 118.041550][ C0] ip_protocol_deliver_rcu+0x722/0xbc0 [ 118.047104][ C0] ip_local_deliver+0x62a/0x7c0 [ 118.051991][ C0] ? ip_local_deliver+0x7c0/0x7c0 [ 118.057014][ C0] ? ip_protocol_deliver_rcu+0xbc0/0xbc0 [ 118.062641][ C0] ip_rcv+0x6c5/0x740 [ 118.066621][ C0] ? ip_rcv_core+0x11d0/0x11d0 [ 118.071379][ C0] process_backlog+0xef5/0x1410 [ 118.076236][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 118.081870][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 118.087159][ C0] net_rx_action+0x738/0x1940 [ 118.091861][ C0] ? net_tx_action+0xb70/0xb70 [ 118.096710][ C0] __do_softirq+0x4ad/0x858 [ 118.101228][ C0] do_softirq_own_stack+0x49/0x80 [ 118.106234][ C0] [ 118.109171][ C0] __local_bh_enable_ip+0x199/0x1e0 [ 118.114366][ C0] local_bh_enable+0x36/0x40 [ 118.118957][ C0] ip_finish_output2+0x20dc/0x25d0 [ 118.124081][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.129979][ C0] ip_finish_output+0xd2a/0xfd0 [ 118.134843][ C0] ip_output+0x541/0x610 [ 118.139092][ C0] ? ip_mc_finish_output+0x630/0x630 [ 118.144415][ C0] ? ip_finish_output+0xfd0/0xfd0 [ 118.149458][ C0] ip_push_pending_frames+0x243/0x460 [ 118.154848][ C0] raw_sendmsg+0x2df8/0x46d0 [ 118.159486][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.165377][ C0] ? compat_raw_ioctl+0x100/0x100 [ 118.170397][ C0] inet_sendmsg+0x48e/0x750 [ 118.174936][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.180824][ C0] ? inet_getname+0x490/0x490 [ 118.185497][ C0] ___sys_sendmsg+0xe92/0x13c0 [ 118.190370][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.196259][ C0] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 118.202404][ C0] ? __fget_light+0x1b8/0x710 [ 118.207095][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.212982][ C0] __se_sys_sendmsg+0x305/0x460 [ 118.218032][ C0] __x64_sys_sendmsg+0x4a/0x70 [ 118.222797][ C0] do_syscall_64+0xbc/0xf0 [ 118.227291][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 118.233257][ C0] RIP: 0033:0x441a59 [ 118.237135][ C0] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.256755][ C0] RSP: 002b:00007ffee7686738 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 118.265169][ C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441a59 [ 118.273134][ C0] RDX: 0000000000000000 RSI: 0000000020003d00 RDI: 0000000000000004 [ 118.281358][ C0] RBP: 00007ffee7686750 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 118.289322][ C0] R10: 0000000000000044 R11: 0000000000000246 R12: 0000000000000000 [ 118.297306][ C0] R13: 0000000000402ff0 R14: 0000000000000000 R15: 0000000000000000 [ 118.305279][ C0] [ 118.307606][ C0] Uninit was stored to memory at: [ 118.312621][ C0] kmsan_internal_chain_origin+0xcc/0x150 [ 118.318324][ C0] kmsan_memcpy_memmove_metadata+0x9f9/0xe00 [ 118.324289][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 118.329310][ C0] __msan_memcpy+0x56/0x70 [ 118.333729][ C0] pskb_expand_head+0x38a/0x19f0 [ 118.338660][ C0] ip_tunnel_xmit+0x2971/0x3320 [ 118.343632][ C0] erspan_xmit+0x1ef8/0x35c0 [ 118.348227][ C0] dev_hard_start_xmit+0x51a/0xab0 [ 118.353328][ C0] sch_direct_xmit+0x56c/0x18c0 [ 118.358165][ C0] __dev_queue_xmit+0x1e53/0x4270 [ 118.363170][ C0] dev_queue_xmit+0x4b/0x60 [ 118.367657][ C0] neigh_resolve_output+0xab7/0xb50 [ 118.372839][ C0] ip_finish_output2+0x1a8e/0x25d0 [ 118.377963][ C0] ip_finish_output+0xd2a/0xfd0 [ 118.382819][ C0] ip_output+0x541/0x610 [ 118.387044][ C0] ip_push_pending_frames+0x243/0x460 [ 118.392401][ C0] raw_sendmsg+0x2df8/0x46d0 [ 118.396976][ C0] inet_sendmsg+0x48e/0x750 [ 118.401477][ C0] ___sys_sendmsg+0xe92/0x13c0 [ 118.406238][ C0] __se_sys_sendmsg+0x305/0x460 [ 118.411081][ C0] __x64_sys_sendmsg+0x4a/0x70 [ 118.415831][ C0] do_syscall_64+0xbc/0xf0 [ 118.420320][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 118.426199][ C0] [ 118.428520][ C0] Uninit was created at: [ 118.432767][ C0] kmsan_internal_poison_shadow+0x53/0xa0 [ 118.438477][ C0] kmsan_slab_alloc+0xaa/0x120 [ 118.443232][ C0] __kmalloc_node_track_caller+0xc8f/0xf10 [ 118.449096][ C0] __alloc_skb+0x306/0xa10 [ 118.453551][ C0] __ip_append_data+0x3901/0x52c0 [ 118.458570][ C0] ip_append_data+0x324/0x480 [ 118.463236][ C0] raw_sendmsg+0x2d02/0x46d0 [ 118.467813][ C0] inet_sendmsg+0x48e/0x750 [ 118.472475][ C0] ___sys_sendmsg+0xe92/0x13c0 [ 118.477224][ C0] __se_sys_sendmsg+0x305/0x460 [ 118.482107][ C0] __x64_sys_sendmsg+0x4a/0x70 [ 118.486889][ C0] do_syscall_64+0xbc/0xf0 [ 118.491310][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 118.497182][ C0] ================================================================== [ 118.505224][ C0] Disabling lock debugging due to kernel taint [ 118.511367][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 118.517942][ C0] CPU: 0 PID: 12323 Comm: syz-executor773 Tainted: G B 5.2.0+ #15 [ 118.527050][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.537112][ C0] Call Trace: [ 118.540383][ C0] [ 118.543229][ C0] dump_stack+0x191/0x1f0 [ 118.547560][ C0] panic+0x3c9/0xc1e [ 118.551480][ C0] kmsan_report+0x2ca/0x2d0 [ 118.556023][ C0] __msan_warning+0x75/0xe0 [ 118.560541][ C0] gre_parse_header+0x1395/0x1690 [ 118.565592][ C0] gre_rcv+0x1cb/0x1900 [ 118.569736][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.575626][ C0] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 118.581709][ C0] ? raw_local_deliver+0xdd/0x1930 [ 118.586829][ C0] ? erspan_xmit+0x35c0/0x35c0 [ 118.591588][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.597502][ C0] ? erspan_xmit+0x35c0/0x35c0 [ 118.602260][ C0] gre_rcv+0x2dd/0x3c0 [ 118.606325][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.612212][ C0] ? gre_parse_header+0x1690/0x1690 [ 118.617410][ C0] ip_protocol_deliver_rcu+0x722/0xbc0 [ 118.622871][ C0] ip_local_deliver+0x62a/0x7c0 [ 118.627729][ C0] ? ip_local_deliver+0x7c0/0x7c0 [ 118.632737][ C0] ? ip_protocol_deliver_rcu+0xbc0/0xbc0 [ 118.638358][ C0] ip_rcv+0x6c5/0x740 [ 118.642340][ C0] ? ip_rcv_core+0x11d0/0x11d0 [ 118.647097][ C0] process_backlog+0xef5/0x1410 [ 118.651965][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 118.657631][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 118.662917][ C0] net_rx_action+0x738/0x1940 [ 118.667615][ C0] ? net_tx_action+0xb70/0xb70 [ 118.672373][ C0] __do_softirq+0x4ad/0x858 [ 118.677010][ C0] do_softirq_own_stack+0x49/0x80 [ 118.682025][ C0] [ 118.684986][ C0] __local_bh_enable_ip+0x199/0x1e0 [ 118.690182][ C0] local_bh_enable+0x36/0x40 [ 118.694763][ C0] ip_finish_output2+0x20dc/0x25d0 [ 118.699904][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.705813][ C0] ip_finish_output+0xd2a/0xfd0 [ 118.710673][ C0] ip_output+0x541/0x610 [ 118.714923][ C0] ? ip_mc_finish_output+0x630/0x630 [ 118.720202][ C0] ? ip_finish_output+0xfd0/0xfd0 [ 118.725247][ C0] ip_push_pending_frames+0x243/0x460 [ 118.730624][ C0] raw_sendmsg+0x2df8/0x46d0 [ 118.735271][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.741256][ C0] ? compat_raw_ioctl+0x100/0x100 [ 118.746278][ C0] inet_sendmsg+0x48e/0x750 [ 118.750784][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.756674][ C0] ? inet_getname+0x490/0x490 [ 118.761348][ C0] ___sys_sendmsg+0xe92/0x13c0 [ 118.766136][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.772063][ C0] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 118.778135][ C0] ? __fget_light+0x1b8/0x710 [ 118.783840][ C0] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.789731][ C0] __se_sys_sendmsg+0x305/0x460 [ 118.794602][ C0] __x64_sys_sendmsg+0x4a/0x70 [ 118.799362][ C0] do_syscall_64+0xbc/0xf0 [ 118.803787][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 118.809682][ C0] RIP: 0033:0x441a59 [ 118.821137][ C0] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.841550][ C0] RSP: 002b:00007ffee7686738 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 118.849985][ C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441a59 [ 118.858153][ C0] RDX: 0000000000000000 RSI: 0000000020003d00 RDI: 0000000000000004 [ 118.866118][ C0] RBP: 00007ffee7686750 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 118.874104][ C0] R10: 0000000000000044 R11: 0000000000000246 R12: 0000000000000000 [ 118.882090][ C0] R13: 0000000000402ff0 R14: 0000000000000000 R15: 0000000000000000 [ 118.890764][ C0] Kernel Offset: disabled [ 118.895099][ C0] Rebooting in 86400 seconds..