[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 90.371428][ T31] audit: type=1800 audit(1559797247.411:25): pid=12403 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 90.396015][ T31] audit: type=1800 audit(1559797247.441:26): pid=12403 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 90.432135][ T31] audit: type=1800 audit(1559797247.471:27): pid=12403 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts. syzkaller login: [ 100.538041][T12554] IPVS: ftp: loaded support on port[0] = 21 [ 100.616870][T12554] chnl_net:caif_netlink_parms(): no params data found [ 100.657306][T12554] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.664653][T12554] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.673207][T12554] device bridge_slave_0 entered promiscuous mode [ 100.681481][T12554] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.688797][T12554] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.696997][T12554] device bridge_slave_1 entered promiscuous mode [ 100.717775][T12554] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.728472][T12554] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.749876][T12554] team0: Port device team_slave_0 added [ 100.757630][T12554] team0: Port device team_slave_1 added [ 100.814663][T12554] device hsr_slave_0 entered promiscuous mode [ 100.852279][T12554] device hsr_slave_1 entered promiscuous mode [ 100.903093][T12554] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.910282][T12554] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.918009][T12554] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.925239][T12554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.972854][T12554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.986892][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.997090][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.005826][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.014448][ T50] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 101.028761][T12554] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.041317][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.050233][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.057424][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.070910][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.079943][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.087244][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.110064][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.133821][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.142732][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.152134][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.160903][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.171563][T12554] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 101.198067][T12554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.220106][T12554] ================================================================== [ 101.228386][T12554] BUG: KMSAN: uninit-value in memchr+0xce/0x110 [ 101.234643][T12554] CPU: 0 PID: 12554 Comm: syz-executor731 Not tainted 5.1.0+ #1 [ 101.242263][T12554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.252668][T12554] Call Trace: [ 101.255977][T12554] dump_stack+0x191/0x1f0 [ 101.260355][T12554] kmsan_report+0x130/0x2a0 [ 101.264895][T12554] __msan_warning+0x75/0xe0 [ 101.269439][T12554] memchr+0xce/0x110 [ 101.273378][T12554] tipc_nl_compat_bearer_disable+0x2a1/0x480 [ 101.279408][T12554] ? tipc_nl_compat_doit+0xb00/0xb00 [ 101.284722][T12554] tipc_nl_compat_doit+0x3ac/0xb00 [ 101.289914][T12554] tipc_nl_compat_recv+0x1b1b/0x27b0 [ 101.295279][T12554] ? tipc_nl_bearer_get+0xa10/0xa10 [ 101.300611][T12554] ? tipc_nl_compat_doit+0xb00/0xb00 [ 101.305932][T12554] ? tipc_netlink_compat_stop+0x40/0x40 [ 101.311540][T12554] genl_rcv_msg+0x185a/0x1a40 [ 101.316293][T12554] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 101.322418][T12554] netlink_rcv_skb+0x431/0x620 [ 101.327223][T12554] ? genl_unbind+0x390/0x390 [ 101.331869][T12554] genl_rcv+0x63/0x80 [ 101.335889][T12554] netlink_unicast+0xf3e/0x1020 [ 101.340820][T12554] netlink_sendmsg+0x127e/0x12f0 [ 101.345828][T12554] ? netlink_getsockopt+0x1430/0x1430 [ 101.351244][T12554] ___sys_sendmsg+0xcc6/0x1200 [ 101.356080][T12554] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 101.362013][T12554] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 101.368114][T12554] ? __fget_light+0x1cd/0x6e0 [ 101.372812][T12554] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 101.378737][T12554] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 101.384657][T12554] __se_sys_sendmsg+0x305/0x460 [ 101.389587][T12554] __x64_sys_sendmsg+0x4a/0x70 [ 101.394373][T12554] do_syscall_64+0xbc/0xf0 [ 101.398811][T12554] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 101.404721][T12554] RIP: 0033:0x442639 [ 101.408622][T12554] Code: 41 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 101.428238][T12554] RSP: 002b:00000000007efea8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 101.436671][T12554] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442639 [ 101.444659][T12554] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 101.452675][T12554] RBP: 00000000007eff00 R08: 0000000000000003 R09: 0000000000000003 [ 101.460662][T12554] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000003 [ 101.468653][T12554] R13: 0000000000403c50 R14: 0000000000000000 R15: 0000000000000000 [ 101.476660][T12554] [ 101.478992][T12554] Uninit was created at: [ 101.483253][T12554] kmsan_internal_poison_shadow+0x92/0x150 [ 101.489063][T12554] kmsan_kmalloc+0xa4/0x130 [ 101.493661][T12554] kmsan_slab_alloc+0xe/0x10 [ 101.498259][T12554] __kmalloc_node_track_caller+0xcba/0xf30 [ 101.504078][T12554] __alloc_skb+0x306/0xa10 [ 101.508507][T12554] netlink_sendmsg+0xb81/0x12f0 [ 101.513370][T12554] ___sys_sendmsg+0xcc6/0x1200 [ 101.518146][T12554] __se_sys_sendmsg+0x305/0x460 [ 101.523010][T12554] __x64_sys_sendmsg+0x4a/0x70 [ 101.527784][T12554] do_syscall_64+0xbc/0xf0 [ 101.532215][T12554] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 101.538108][T12554] ================================================================== [ 101.546169][T12554] Disabling lock debugging due to kernel taint [ 101.552323][T12554] Kernel panic - not syncing: panic_on_warn set ... [ 101.558926][T12554] CPU: 0 PID: 12554 Comm: syz-executor731 Tainted: G B 5.1.0+ #1 [ 101.567947][T12554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.578012][T12554] Call Trace: [ 101.581327][T12554] dump_stack+0x191/0x1f0 [ 101.585681][T12554] panic+0x3ca/0xafe [ 101.589635][T12554] kmsan_report+0x298/0x2a0 [ 101.594168][T12554] __msan_warning+0x75/0xe0 [ 101.598698][T12554] memchr+0xce/0x110 [ 101.602625][T12554] tipc_nl_compat_bearer_disable+0x2a1/0x480 [ 101.608643][T12554] ? tipc_nl_compat_doit+0xb00/0xb00 [ 101.613945][T12554] tipc_nl_compat_doit+0x3ac/0xb00 [ 101.619118][T12554] tipc_nl_compat_recv+0x1b1b/0x27b0 [ 101.624491][T12554] ? tipc_nl_bearer_get+0xa10/0xa10 [ 101.631241][T12554] ? tipc_nl_compat_doit+0xb00/0xb00 [ 101.636547][T12554] ? tipc_netlink_compat_stop+0x40/0x40 [ 101.642112][T12554] genl_rcv_msg+0x185a/0x1a40 [ 101.646864][T12554] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 101.652974][T12554] netlink_rcv_skb+0x431/0x620 [ 101.657758][T12554] ? genl_unbind+0x390/0x390 [ 101.662389][T12554] genl_rcv+0x63/0x80 [ 101.666388][T12554] netlink_unicast+0xf3e/0x1020 [ 101.671284][T12554] netlink_sendmsg+0x127e/0x12f0 [ 101.676278][T12554] ? netlink_getsockopt+0x1430/0x1430 [ 101.681669][T12554] ___sys_sendmsg+0xcc6/0x1200 [ 101.686494][T12554] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 101.692421][T12554] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 101.698531][T12554] ? __fget_light+0x1cd/0x6e0 [ 101.703227][T12554] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 101.709161][T12554] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 101.715092][T12554] __se_sys_sendmsg+0x305/0x460 [ 101.719994][T12554] __x64_sys_sendmsg+0x4a/0x70 [ 101.724775][T12554] do_syscall_64+0xbc/0xf0 [ 101.729222][T12554] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 101.735128][T12554] RIP: 0033:0x442639 [ 101.739032][T12554] Code: 41 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 101.758651][T12554] RSP: 002b:00000000007efea8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 101.767677][T12554] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442639 [ 101.775659][T12554] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 101.783643][T12554] RBP: 00000000007eff00 R08: 0000000000000003 R09: 0000000000000003 [ 101.791628][T12554] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000003 [ 101.799617][T12554] R13: 0000000000403c50 R14: 0000000000000000 R15: 0000000000000000 [ 101.808736][T12554] Kernel Offset: disabled [ 101.813079][T12554] Rebooting in 86400 seconds..