[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 96.800599] audit: type=1800 audit(1549985679.853:25): pid=10585 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 96.819836] audit: type=1800 audit(1549985679.873:26): pid=10585 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 96.839332] audit: type=1800 audit(1549985679.883:27): pid=10585 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. 2019/02/12 15:34:54 fuzzer started 2019/02/12 15:35:00 dialing manager at 10.128.0.26:44891 2019/02/12 15:35:00 syscalls: 1 2019/02/12 15:35:00 code coverage: enabled 2019/02/12 15:35:00 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/02/12 15:35:00 extra coverage: extra coverage is not supported by the kernel 2019/02/12 15:35:00 setuid sandbox: enabled 2019/02/12 15:35:00 namespace sandbox: enabled 2019/02/12 15:35:00 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/12 15:35:00 fault injection: enabled 2019/02/12 15:35:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/12 15:35:00 net packet injection: enabled 2019/02/12 15:35:00 net device setup: enabled 15:38:19 executing program 0: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000002480)=[{&(0x7f00000024c0)="0500000023000000000289007f14140de0", 0x11}], 0x1, 0x0, 0x0, 0x50}, 0x0) syzkaller login: [ 317.582228] IPVS: ftp: loaded support on port[0] = 21 [ 317.761058] chnl_net:caif_netlink_parms(): no params data found [ 317.840011] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.846639] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.855277] device bridge_slave_0 entered promiscuous mode [ 317.865607] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.872205] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.880656] device bridge_slave_1 entered promiscuous mode [ 317.916723] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 317.928389] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 317.962217] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 317.970965] team0: Port device team_slave_0 added [ 317.978222] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 317.987015] team0: Port device team_slave_1 added [ 317.993984] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 318.003393] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 318.187042] device hsr_slave_0 entered promiscuous mode [ 318.442708] device hsr_slave_1 entered promiscuous mode [ 318.643601] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 318.651425] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 318.684371] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.690944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.698192] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.704779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.734921] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.745896] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.833190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.848650] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 318.863088] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 318.869416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 318.877633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 318.893387] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 318.899496] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.914982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 318.922939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 318.931671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 318.940047] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.946704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.961460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 318.968795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 318.977573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 318.986006] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.992570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.008773] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 319.016143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 319.032558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 319.039801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 319.057508] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 319.065467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 319.074709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 319.090397] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 319.098945] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 319.107254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 319.116437] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 319.131816] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 319.139769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 319.148216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 319.163619] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 319.173830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 319.186207] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 319.192388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 319.201434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 319.210218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 319.239755] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 319.264218] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 319.426892] ================================================================== [ 319.434331] BUG: KMSAN: uninit-value in nf_nat_setup_info+0x700/0x3b00 [ 319.441038] CPU: 1 PID: 10756 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 319.448229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.457598] Call Trace: [ 319.460237] dump_stack+0x173/0x1d0 [ 319.463936] kmsan_report+0x12e/0x2a0 [ 319.467782] __msan_warning+0x82/0xf0 [ 319.471609] nf_nat_setup_info+0x700/0x3b00 [ 319.476001] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 319.481239] nf_nat_inet_fn+0x106c/0x11f0 [ 319.485471] ? cpu_partial_store+0x60/0x270 [ 319.489858] nf_nat_ipv4_local_fn+0x2bf/0x870 [ 319.494436] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 319.499645] ? nf_nat_ipv4_out+0x790/0x790 [ 319.503924] nf_hook_slow+0x176/0x3d0 [ 319.507791] __ip_local_out+0x6dc/0x800 [ 319.511803] ? __ip_local_out+0x800/0x800 [ 319.515992] ip_local_out+0xa4/0x1d0 [ 319.519775] iptunnel_xmit+0x8a7/0xde0 [ 319.523726] ip_tunnel_xmit+0x35b9/0x3980 [ 319.527967] ipgre_xmit+0x1098/0x11c0 [ 319.531830] ? ipgre_close+0x230/0x230 [ 319.535778] dev_hard_start_xmit+0x604/0xc40 [ 319.540240] __dev_queue_xmit+0x2e48/0x3b80 [ 319.544634] dev_queue_xmit+0x4b/0x60 [ 319.548449] ? __netdev_pick_tx+0x1260/0x1260 [ 319.553007] packet_sendmsg+0x79bb/0x9760 [ 319.557193] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 319.562681] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 319.567885] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 319.573384] ___sys_sendmsg+0xdb9/0x11b0 [ 319.577522] ? compat_packet_setsockopt+0x360/0x360 [ 319.582582] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 319.587793] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 319.593183] ? __fget_light+0x6e1/0x750 [ 319.597203] __se_sys_sendmsg+0x305/0x460 [ 319.601398] __x64_sys_sendmsg+0x4a/0x70 [ 319.605513] do_syscall_64+0xbc/0xf0 [ 319.609276] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 319.614490] RIP: 0033:0x457e39 [ 319.617693] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.636601] RSP: 002b:00007f6352bb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.644315] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e39 [ 319.651587] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 319.658864] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 319.666142] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6352bb56d4 [ 319.673424] R13: 00000000004c53f6 R14: 00000000004d91c0 R15: 00000000ffffffff [ 319.680741] [ 319.682372] Uninit was created at: [ 319.685923] No stack [ 319.688246] ================================================================== [ 319.695604] Disabling lock debugging due to kernel taint [ 319.701057] Kernel panic - not syncing: panic_on_warn set ... [ 319.706969] CPU: 1 PID: 10756 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 319.715547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.724903] Call Trace: [ 319.727522] dump_stack+0x173/0x1d0 [ 319.731212] panic+0x3d1/0xb01 [ 319.734510] kmsan_report+0x293/0x2a0 [ 319.738339] __msan_warning+0x82/0xf0 [ 319.742177] nf_nat_setup_info+0x700/0x3b00 [ 319.746586] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 319.751801] nf_nat_inet_fn+0x106c/0x11f0 [ 319.755997] ? cpu_partial_store+0x60/0x270 [ 319.760340] nf_nat_ipv4_local_fn+0x2bf/0x870 [ 319.764884] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 319.770101] ? nf_nat_ipv4_out+0x790/0x790 [ 319.774352] nf_hook_slow+0x176/0x3d0 [ 319.778189] __ip_local_out+0x6dc/0x800 [ 319.782210] ? __ip_local_out+0x800/0x800 [ 319.786379] ip_local_out+0xa4/0x1d0 [ 319.790144] iptunnel_xmit+0x8a7/0xde0 [ 319.794087] ip_tunnel_xmit+0x35b9/0x3980 [ 319.798321] ipgre_xmit+0x1098/0x11c0 [ 319.802184] ? ipgre_close+0x230/0x230 [ 319.806088] dev_hard_start_xmit+0x604/0xc40 [ 319.810552] __dev_queue_xmit+0x2e48/0x3b80 [ 319.814943] dev_queue_xmit+0x4b/0x60 [ 319.818756] ? __netdev_pick_tx+0x1260/0x1260 [ 319.823267] packet_sendmsg+0x79bb/0x9760 [ 319.827464] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 319.832946] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 319.838159] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 319.843605] ___sys_sendmsg+0xdb9/0x11b0 [ 319.847699] ? compat_packet_setsockopt+0x360/0x360 [ 319.852750] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 319.857971] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 319.863355] ? __fget_light+0x6e1/0x750 [ 319.867372] __se_sys_sendmsg+0x305/0x460 [ 319.871574] __x64_sys_sendmsg+0x4a/0x70 [ 319.875661] do_syscall_64+0xbc/0xf0 [ 319.879397] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 319.884617] RIP: 0033:0x457e39 [ 319.887821] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.906733] RSP: 002b:00007f6352bb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.914462] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e39 [ 319.921735] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 319.929009] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 319.936284] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6352bb56d4 [ 319.943565] R13: 00000000004c53f6 R14: 00000000004d91c0 R15: 00000000ffffffff [ 319.951926] Kernel Offset: disabled [ 319.955555] Rebooting in 86400 seconds..