[ 107.172612] audit: type=1800 audit(1555659181.229:25): pid=11490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 107.212102] audit: type=1800 audit(1555659181.249:26): pid=11490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 107.231689] audit: type=1800 audit(1555659181.259:27): pid=11490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 108.600002] sshd (11557) used greatest stack depth: 54128 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. 2019/04/19 07:33:17 parsed 1 programs 2019/04/19 07:33:24 executed programs: 0 syzkaller login: [ 131.122182] IPVS: ftp: loaded support on port[0] = 21 [ 131.216221] chnl_net:caif_netlink_parms(): no params data found [ 131.263477] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.269971] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.277959] device bridge_slave_0 entered promiscuous mode [ 131.285719] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.292440] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.299861] device bridge_slave_1 entered promiscuous mode [ 131.323532] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 131.334233] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 131.357294] team0: Port device team_slave_0 added [ 131.364609] team0: Port device team_slave_1 added [ 131.435418] device hsr_slave_0 entered promiscuous mode [ 131.472248] device hsr_slave_1 entered promiscuous mode [ 131.525087] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.531695] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.538873] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.545552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.598542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.614101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 131.623443] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.631293] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.640219] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 131.655628] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.667724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.675669] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.682278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.694809] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.702976] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.709513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.736129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.752730] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.761248] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.777034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.791267] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 131.803083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.814067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.841033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.925008] ================================================================== [ 131.932936] BUG: KMSAN: uninit-value in gre_parse_header+0x1396/0x1690 [ 131.939620] CPU: 0 PID: 11660 Comm: syz-executor.0 Not tainted 5.1.0-rc4+ #1 [ 131.946816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.956194] Call Trace: [ 131.958783] [ 131.960939] dump_stack+0x173/0x1d0 [ 131.964631] kmsan_report+0x131/0x2a0 [ 131.968443] __msan_warning+0x7a/0xf0 [ 131.972266] gre_parse_header+0x1396/0x1690 [ 131.976613] gre_rcv+0x1c3/0x1800 [ 131.980082] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 131.985453] ? raw_local_deliver+0xfc/0x1960 [ 131.989876] ? erspan_xmit+0x3640/0x3640 [ 131.993947] ? erspan_xmit+0x3640/0x3640 [ 131.998002] gre_rcv+0x2dd/0x3c0 [ 132.001374] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.006557] ? gre_parse_header+0x1690/0x1690 [ 132.011094] ip_protocol_deliver_rcu+0x584/0xbb0 [ 132.015892] ip_local_deliver+0x624/0x7b0 [ 132.020050] ? ip_local_deliver+0x7b0/0x7b0 [ 132.024364] ? ip_protocol_deliver_rcu+0xbb0/0xbb0 [ 132.029290] ip_rcv+0x6bd/0x740 [ 132.032606] ? ip_rcv_core+0x11d0/0x11d0 [ 132.036684] process_backlog+0x756/0x10e0 [ 132.040832] ? lapic_next_event+0x6f/0xa0 [ 132.044994] ? ip_local_deliver_finish+0x320/0x320 [ 132.049929] ? rps_trigger_softirq+0x2e0/0x2e0 [ 132.054520] net_rx_action+0x78b/0x1a60 [ 132.058513] ? net_tx_action+0xca0/0xca0 [ 132.062572] __do_softirq+0x53f/0x93a [ 132.066383] do_softirq_own_stack+0x49/0x80 [ 132.070693] [ 132.072932] __local_bh_enable_ip+0x1a3/0x1f0 [ 132.077433] local_bh_enable+0x36/0x40 [ 132.081319] ip_finish_output2+0x1721/0x1930 [ 132.085771] ip_finish_output+0xd2b/0xfd0 [ 132.089944] ip_output+0x53f/0x610 [ 132.093490] ? ip_mc_finish_output+0x3b0/0x3b0 [ 132.098068] ? ip_finish_output+0xfd0/0xfd0 [ 132.102384] raw_sendmsg+0x41c7/0x4650 [ 132.106328] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 132.111683] ? aa_sk_perm+0x741/0xb00 [ 132.115493] ? raw_getfrag+0x640/0x640 [ 132.119391] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.124612] ? compat_raw_ioctl+0x100/0x100 [ 132.128944] inet_sendmsg+0x54a/0x720 [ 132.132757] ? inet_getname+0x490/0x490 [ 132.136759] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.142072] ? inet_getname+0x490/0x490 [ 132.146053] __sys_sendto+0x8c4/0xac0 [ 132.149918] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.155164] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 132.160632] ? prepare_exit_to_usermode+0x114/0x420 [ 132.165644] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.170848] ? syscall_return_slowpath+0x50/0x650 [ 132.175704] __se_sys_sendto+0x107/0x130 [ 132.179785] __x64_sys_sendto+0x6e/0x90 [ 132.183763] do_syscall_64+0xbc/0xf0 [ 132.187490] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 132.192695] RIP: 0033:0x458c29 [ 132.195877] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 132.214772] RSP: 002b:00007ffd49e9d9a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 132.222476] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458c29 [ 132.229772] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003 [ 132.237042] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120 [ 132.244304] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000021ed914 [ 132.251562] R13: 00000000004c6593 R14: 00000000004daf58 R15: 00000000ffffffff [ 132.258843] [ 132.260456] Uninit was stored to memory at: [ 132.264786] kmsan_internal_chain_origin+0x134/0x230 [ 132.269891] kmsan_memcpy_memmove_metadata+0x989/0xd60 [ 132.275164] kmsan_memcpy_metadata+0xb/0x10 [ 132.279487] __msan_memcpy+0x58/0x70 [ 132.283190] pskb_expand_head+0x3aa/0x1a30 [ 132.287419] ip_tunnel_xmit+0x2c4e/0x3310 [ 132.291559] erspan_xmit+0x1f5e/0x3640 [ 132.295463] dev_hard_start_xmit+0x604/0xc40 [ 132.299873] sch_direct_xmit+0x58a/0x880 [ 132.303940] __qdisc_run+0x1cd7/0x34b0 [ 132.307827] __dev_queue_xmit+0x1e51/0x3ce0 [ 132.312151] dev_queue_xmit+0x4b/0x60 [ 132.315949] neigh_resolve_output+0xab7/0xb40 [ 132.320433] ip_finish_output2+0x1709/0x1930 [ 132.324850] ip_finish_output+0xd2b/0xfd0 [ 132.329003] ip_output+0x53f/0x610 [ 132.332542] raw_sendmsg+0x41c7/0x4650 [ 132.336432] inet_sendmsg+0x54a/0x720 [ 132.340233] __sys_sendto+0x8c4/0xac0 [ 132.344037] __se_sys_sendto+0x107/0x130 [ 132.348087] __x64_sys_sendto+0x6e/0x90 [ 132.352063] do_syscall_64+0xbc/0xf0 [ 132.355819] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 132.361015] [ 132.362657] Uninit was created at: [ 132.366203] kmsan_internal_poison_shadow+0x92/0x150 [ 132.371296] kmsan_kmalloc+0xa9/0x130 [ 132.375110] kmsan_slab_alloc+0xe/0x10 [ 132.379009] __kmalloc_node_track_caller+0xead/0x1000 [ 132.384207] __alloc_skb+0x309/0xa20 [ 132.387936] alloc_skb_with_frags+0x186/0xa60 [ 132.392431] sock_alloc_send_pskb+0xafd/0x10a0 [ 132.397031] sock_alloc_send_skb+0xca/0xe0 [ 132.401272] raw_sendmsg+0x2492/0x4650 [ 132.405190] inet_sendmsg+0x54a/0x720 [ 132.408982] __sys_sendto+0x8c4/0xac0 [ 132.412781] __se_sys_sendto+0x107/0x130 [ 132.416871] __x64_sys_sendto+0x6e/0x90 [ 132.420848] do_syscall_64+0xbc/0xf0 [ 132.424558] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 132.429730] ================================================================== [ 132.437078] Disabling lock debugging due to kernel taint [ 132.442537] Kernel panic - not syncing: panic_on_warn set ... [ 132.448418] CPU: 0 PID: 11660 Comm: syz-executor.0 Tainted: G B 5.1.0-rc4+ #1 [ 132.456977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 132.466324] Call Trace: [ 132.468905] [ 132.471070] dump_stack+0x173/0x1d0 [ 132.474735] panic+0x3d1/0xb01 [ 132.477956] kmsan_report+0x29a/0x2a0 [ 132.481777] __msan_warning+0x7a/0xf0 [ 132.485591] gre_parse_header+0x1396/0x1690 [ 132.489952] gre_rcv+0x1c3/0x1800 [ 132.493438] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 132.498814] ? raw_local_deliver+0xfc/0x1960 [ 132.503254] ? erspan_xmit+0x3640/0x3640 [ 132.507331] ? erspan_xmit+0x3640/0x3640 [ 132.511394] gre_rcv+0x2dd/0x3c0 [ 132.514753] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.519938] ? gre_parse_header+0x1690/0x1690 [ 132.524430] ip_protocol_deliver_rcu+0x584/0xbb0 [ 132.529199] ip_local_deliver+0x624/0x7b0 [ 132.533358] ? ip_local_deliver+0x7b0/0x7b0 [ 132.537679] ? ip_protocol_deliver_rcu+0xbb0/0xbb0 [ 132.542639] ip_rcv+0x6bd/0x740 [ 132.545946] ? ip_rcv_core+0x11d0/0x11d0 [ 132.550037] process_backlog+0x756/0x10e0 [ 132.554198] ? lapic_next_event+0x6f/0xa0 [ 132.558364] ? ip_local_deliver_finish+0x320/0x320 [ 132.563298] ? rps_trigger_softirq+0x2e0/0x2e0 [ 132.567878] net_rx_action+0x78b/0x1a60 [ 132.571905] ? net_tx_action+0xca0/0xca0 [ 132.575987] __do_softirq+0x53f/0x93a [ 132.579796] do_softirq_own_stack+0x49/0x80 [ 132.584102] [ 132.586337] __local_bh_enable_ip+0x1a3/0x1f0 [ 132.590860] local_bh_enable+0x36/0x40 [ 132.594751] ip_finish_output2+0x1721/0x1930 [ 132.599202] ip_finish_output+0xd2b/0xfd0 [ 132.603363] ip_output+0x53f/0x610 [ 132.606917] ? ip_mc_finish_output+0x3b0/0x3b0 [ 132.611495] ? ip_finish_output+0xfd0/0xfd0 [ 132.615809] raw_sendmsg+0x41c7/0x4650 [ 132.619758] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 132.625115] ? aa_sk_perm+0x741/0xb00 [ 132.628951] ? raw_getfrag+0x640/0x640 [ 132.632844] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.638033] ? compat_raw_ioctl+0x100/0x100 [ 132.642363] inet_sendmsg+0x54a/0x720 [ 132.646205] ? inet_getname+0x490/0x490 [ 132.650191] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.655388] ? inet_getname+0x490/0x490 [ 132.659371] __sys_sendto+0x8c4/0xac0 [ 132.663193] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.668386] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 132.673872] ? prepare_exit_to_usermode+0x114/0x420 [ 132.678895] ? kmsan_get_shadow_origin_ptr+0x73/0x480 [ 132.684098] ? syscall_return_slowpath+0x50/0x650 [ 132.688940] __se_sys_sendto+0x107/0x130 [ 132.693040] __x64_sys_sendto+0x6e/0x90 [ 132.697053] do_syscall_64+0xbc/0xf0 [ 132.700765] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 132.705961] RIP: 0033:0x458c29 [ 132.709166] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 132.728057] RSP: 002b:00007ffd49e9d9a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 132.735753] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458c29 [ 132.743013] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003 [ 132.750283] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120 [ 132.757549] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000021ed914 [ 132.764806] R13: 00000000004c6593 R14: 00000000004daf58 R15: 00000000ffffffff [ 132.772940] Kernel Offset: disabled [ 132.776568] Rebooting in 86400 seconds..