[?25l[?1c7[ ok 8[?25h[?0c. [ 83.358444] audit: type=1800 audit(1547215897.412:25): pid=11652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 83.378228] audit: type=1800 audit(1547215897.412:26): pid=11652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 83.397727] audit: type=1800 audit(1547215897.442:27): pid=11652 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.196' (ECDSA) to the list of known hosts. 2019/01/11 14:11:49 fuzzer started 2019/01/11 14:11:54 dialing manager at 10.128.0.26:40403 2019/01/11 14:11:54 syscalls: 1 2019/01/11 14:11:54 code coverage: enabled 2019/01/11 14:11:54 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/11 14:11:54 setuid sandbox: enabled 2019/01/11 14:11:54 namespace sandbox: enabled 2019/01/11 14:11:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/11 14:11:54 fault injection: enabled 2019/01/11 14:11:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/11 14:11:54 net packet injection: enabled 2019/01/11 14:11:54 net device setup: enabled 14:12:19 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-net\x00', 0x2, 0x0) r2 = dup(r1) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000127c0)={'team0\x00'}) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af30, &(0x7f00000001c0)) socketpair$unix(0x1, 0x100000000000005, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af25, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r0) syzkaller login: [ 125.842160] IPVS: ftp: loaded support on port[0] = 21 [ 125.973403] chnl_net:caif_netlink_parms(): no params data found [ 126.035776] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.042454] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.050664] device bridge_slave_0 entered promiscuous mode [ 126.059398] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.065968] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.074104] device bridge_slave_1 entered promiscuous mode [ 126.104110] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 126.115053] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 126.141764] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.150046] team0: Port device team_slave_0 added [ 126.157086] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.165341] team0: Port device team_slave_1 added [ 126.171229] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.179759] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.356389] device hsr_slave_0 entered promiscuous mode [ 126.612626] device hsr_slave_1 entered promiscuous mode [ 126.873204] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 126.880736] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 126.906659] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.913190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.920227] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.926791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.977683] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.986432] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.025201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.037794] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 127.049294] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 127.055674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 127.063744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 127.077786] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 127.084069] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.097120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 127.104361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 127.113178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 127.121627] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.128062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.142814] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 127.155446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 127.167226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 127.175758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 127.184420] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 127.192653] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.199106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.206713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 127.215957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 127.231262] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 127.238678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 127.247494] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 127.261092] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 127.268367] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 127.276385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 127.285379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 127.300503] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 127.312602] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 127.320025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 127.328456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 127.336848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 127.345731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 127.358793] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 127.365107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 127.385738] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 127.404839] 8021q: adding VLAN 0 to HW filter on device batadv0 14:12:22 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-net\x00', 0x2, 0x0) r2 = dup(r1) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000127c0)={'team0\x00'}) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af30, &(0x7f00000001c0)) socketpair$unix(0x1, 0x100000000000005, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af25, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r0) 14:12:22 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-net\x00', 0x2, 0x0) r2 = dup(r1) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000127c0)={'team0\x00'}) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af30, &(0x7f00000001c0)) socketpair$unix(0x1, 0x100000000000005, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af25, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r0) 14:12:22 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-net\x00', 0x2, 0x0) r2 = dup(r1) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000127c0)={'team0\x00'}) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af30, &(0x7f00000001c0)) socketpair$unix(0x1, 0x100000000000005, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af25, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r0) 14:12:22 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-net\x00', 0x2, 0x0) r2 = dup(r1) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000127c0)={'team0\x00'}) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af30, &(0x7f00000001c0)) socketpair$unix(0x1, 0x100000000000005, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af25, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r0) [ 128.905498] IPVS: ftp: loaded support on port[0] = 21 [ 129.039920] chnl_net:caif_netlink_parms(): no params data found 14:12:23 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in6=@mcast1, 0x0, 0x6c}, 0x0, @in6=@remote}}, 0x214) [ 129.105372] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.112219] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.120174] device bridge_slave_0 entered promiscuous mode [ 129.132755] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.139297] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.147396] device bridge_slave_1 entered promiscuous mode [ 129.193869] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.208033] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.235844] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 129.244532] team0: Port device team_slave_0 added [ 129.263963] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 129.272837] team0: Port device team_slave_1 added 14:12:23 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in6=@mcast1, 0x0, 0x6c}, 0x0, @in6=@remote}}, 0x214) [ 129.286577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 129.302699] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 14:12:23 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in6=@mcast1, 0x0, 0x6c}, 0x0, @in6=@remote}}, 0x214) [ 129.426119] device hsr_slave_0 entered promiscuous mode [ 129.462464] device hsr_slave_1 entered promiscuous mode [ 129.514289] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 129.521958] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready 14:12:23 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in6=@mcast1, 0x0, 0x6c}, 0x0, @in6=@remote}}, 0x214) [ 129.561436] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.567974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.574990] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.581488] bridge0: port 1(bridge_slave_0) entered forwarding state 14:12:23 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r0, 0x11, 0x66, 0x0, &(0x7f0000000180)=0xe729801c37c5724) [ 129.681381] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 129.687947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.726813] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 129.746136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 129.755997] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.764984] bridge0: port 2(bridge_slave_1) entered disabled state 14:12:23 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r0, 0x11, 0x66, 0x0, &(0x7f0000000180)=0xe729801c37c5724) [ 129.778950] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 129.820554] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 129.827321] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.851248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 129.859523] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.866039] bridge0: port 1(bridge_slave_0) entered forwarding state 14:12:24 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r0, 0x11, 0x66, 0x0, &(0x7f0000000180)=0xe729801c37c5724) [ 129.914026] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 129.923902] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 129.935124] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.946026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 129.954268] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.960712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.970124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 129.979117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.987760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.996413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 14:12:24 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r0, 0x11, 0x66, 0x0, &(0x7f0000000180)=0xe729801c37c5724) [ 130.027228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 130.034869] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 130.071289] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 14:12:24 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe0000306, @dev={0xac, 0x14, 0x14, 0xc}, @multicast1}, 0xc) [ 130.112101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.232066] ================================================================== [ 130.239496] BUG: KMSAN: uninit-value in br_mdb_ip_get+0x52b/0x740 [ 130.245725] CPU: 0 PID: 11803 Comm: syz-fuzzer Not tainted 5.0.0-rc1+ #7 [ 130.252550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.261893] Call Trace: [ 130.264465] [ 130.266621] dump_stack+0x173/0x1d0 [ 130.270259] kmsan_report+0x12e/0x2a0 [ 130.274069] __msan_warning+0x82/0xf0 [ 130.277877] br_mdb_ip_get+0x52b/0x740 [ 130.281774] ? br_multicast_new_group+0x5e/0x1640 [ 130.286622] br_multicast_new_group+0xa7/0x1640 [ 130.291291] ? csum_partial+0x423/0x4c0 [ 130.295396] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.300599] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.305808] br_multicast_add_group+0x242/0xf00 [ 130.310463] ? ip_mc_check_igmp+0xe3b/0x1680 [ 130.314861] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.320045] br_multicast_rcv+0x3a88/0x6560 [ 130.324363] ? ip_local_out+0xa4/0x1d0 [ 130.328251] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.333421] br_dev_xmit+0xbc5/0x16a0 [ 130.337217] ? br_net_exit+0x230/0x230 [ 130.341087] dev_hard_start_xmit+0x604/0xc40 [ 130.345489] __dev_queue_xmit+0x2e48/0x3b80 [ 130.349793] ? kmsan_memcpy_memmove_metadata+0xbb4/0xf10 [ 130.355237] ? llc_sysctl_exit+0x120/0x120 [ 130.359457] dev_queue_xmit+0x4b/0x60 [ 130.363254] neigh_resolve_output+0xab7/0xb40 [ 130.367758] ? neigh_event_ns+0x8a0/0x8a0 [ 130.371895] ip_finish_output2+0x1611/0x1820 [ 130.376303] ip_finish_output+0xd2b/0xfd0 [ 130.380459] ip_output+0x53f/0x610 [ 130.384011] ? ip_mc_finish_output+0x3b0/0x3b0 [ 130.388584] ? ip_finish_output+0xfd0/0xfd0 [ 130.392892] ip_local_out+0x164/0x1d0 [ 130.396692] igmp_ifc_timer_expire+0x12cb/0x1aa0 [ 130.401450] call_timer_fn+0x285/0x600 [ 130.405321] ? igmp_gq_timer_expire+0xe0/0xe0 [ 130.409801] __run_timers+0xdb4/0x11d0 [ 130.413673] ? igmp_gq_timer_expire+0xe0/0xe0 [ 130.418177] ? timers_dead_cpu+0xa50/0xa50 [ 130.422400] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.427569] ? timers_dead_cpu+0xa50/0xa50 [ 130.431784] run_timer_softirq+0x2e/0x50 [ 130.435829] __do_softirq+0x53f/0x93a [ 130.439616] irq_exit+0x214/0x250 [ 130.443052] exiting_irq+0xe/0x10 [ 130.446489] smp_apic_timer_interrupt+0x48/0x70 [ 130.451137] apic_timer_interrupt+0x2e/0x40 [ 130.455436] [ 130.457659] RIP: 0010:kmsan_get_shadow_origin_ptr+0xd2/0x440 [ 130.463449] Code: 75 36 48 8b 0c 25 e0 0d 62 8c 48 85 c9 74 29 48 89 c2 48 c1 ea 22 48 8b 0c d1 48 85 c9 74 19 48 c1 e8 1b 83 e0 7f 48 c1 e0 05 <48> 01 c1 74 09 f6 01 02 0f 85 ad 01 00 00 4c 89 f0 48 c1 e8 28 48 [ 130.482329] RSP: 0018:ffff88809d24ecf0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 [ 130.490020] RAX: 0000000000000260 RBX: ffffffff8c625000 RCX: ffff88812fffb000 [ 130.497281] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88809d24ef7c [ 130.504537] RBP: ffff88809d24ed20 R08: ffff88809d24f040 R09: 0000000000000000 [ 130.511786] R10: 0000000000000000 R11: 00000000935fd0df R12: 0000000000000000 [ 130.519039] R13: ffff88811d24ef7c R14: ffff88809d24ef7c R15: 0000000000000004 [ 130.526407] __msan_metadata_ptr_for_load_4+0x10/0x20 [ 130.531596] sha256_generic_block_fn+0x2c2/0xab50 [ 130.536487] crypto_sha256_update+0x35f/0x3b0 [ 130.541103] ? sha1_base_init+0x180/0x180 [ 130.545239] crypto_shash_update+0x484/0x4f0 [ 130.549639] ? integrity_kernel_read+0x221/0x280 [ 130.554389] ima_calc_file_hash+0x25ca/0x2ca0 [ 130.558871] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 130.564242] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 130.569614] ? strncmp+0xc4/0x200 [ 130.573060] ima_collect_measurement+0x48d/0x980 [ 130.577815] process_measurement+0x1b37/0x2740 [ 130.582397] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 130.587742] ? refcount_dec_and_test_checked+0x1e8/0x2c0 [ 130.593179] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.598367] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.603541] ima_file_check+0x131/0x170 [ 130.607502] path_openat+0x4af5/0x6b90 [ 130.611387] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.616612] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.621874] do_filp_open+0x2b8/0x710 [ 130.625676] do_sys_open+0x642/0xa30 [ 130.629374] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.634553] __se_sys_openat+0xcb/0xe0 [ 130.638432] __x64_sys_openat+0x56/0x70 [ 130.642389] do_syscall_64+0xbc/0xf0 [ 130.646088] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 130.651271] RIP: 0033:0x47fd2a [ 130.654456] Code: e8 bb 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 130.673582] RSP: 002b:000000c42018d7e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101 [ 130.681297] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd2a [ 130.688558] RDX: 0000000000080002 RSI: 000000c420084f60 RDI: ffffffffffffff9c [ 130.695818] RBP: 000000c42018d868 R08: 0000000000000000 R09: 0000000000000000 [ 130.703069] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000 [ 130.710318] R13: 00000000000000f3 R14: 0000000000000033 R15: 0000000000000004 [ 130.717673] [ 130.719280] Local variable description: ----br_group.i.i@br_multicast_rcv [ 130.726195] Variable was created at: [ 130.729898] br_multicast_rcv+0x1e7/0x6560 [ 130.734108] br_dev_xmit+0xbc5/0x16a0 [ 130.737880] ================================================================== [ 130.745222] Disabling lock debugging due to kernel taint [ 130.750654] Kernel panic - not syncing: panic_on_warn set ... [ 130.756609] CPU: 0 PID: 11803 Comm: syz-fuzzer Tainted: G B 5.0.0-rc1+ #7 [ 130.764811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.774147] Call Trace: [ 130.776718] [ 130.778868] dump_stack+0x173/0x1d0 [ 130.782490] panic+0x3d1/0xb01 [ 130.785677] kmsan_report+0x293/0x2a0 [ 130.789464] __msan_warning+0x82/0xf0 [ 130.793262] br_mdb_ip_get+0x52b/0x740 [ 130.797146] ? br_multicast_new_group+0x5e/0x1640 [ 130.801987] br_multicast_new_group+0xa7/0x1640 [ 130.806656] ? csum_partial+0x423/0x4c0 [ 130.810625] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.815812] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.820992] br_multicast_add_group+0x242/0xf00 [ 130.825648] ? ip_mc_check_igmp+0xe3b/0x1680 [ 130.830129] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.835448] br_multicast_rcv+0x3a88/0x6560 [ 130.839760] ? ip_local_out+0xa4/0x1d0 [ 130.843672] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.848850] br_dev_xmit+0xbc5/0x16a0 [ 130.852644] ? br_net_exit+0x230/0x230 [ 130.856516] dev_hard_start_xmit+0x604/0xc40 [ 130.860939] __dev_queue_xmit+0x2e48/0x3b80 [ 130.865252] ? kmsan_memcpy_memmove_metadata+0xbb4/0xf10 [ 130.870690] ? llc_sysctl_exit+0x120/0x120 [ 130.874913] dev_queue_xmit+0x4b/0x60 [ 130.878700] neigh_resolve_output+0xab7/0xb40 [ 130.883182] ? neigh_event_ns+0x8a0/0x8a0 [ 130.887315] ip_finish_output2+0x1611/0x1820 [ 130.891712] ip_finish_output+0xd2b/0xfd0 [ 130.895847] ip_output+0x53f/0x610 [ 130.899463] ? ip_mc_finish_output+0x3b0/0x3b0 [ 130.904027] ? ip_finish_output+0xfd0/0xfd0 [ 130.908344] ip_local_out+0x164/0x1d0 [ 130.912143] igmp_ifc_timer_expire+0x12cb/0x1aa0 [ 130.916890] call_timer_fn+0x285/0x600 [ 130.920863] ? igmp_gq_timer_expire+0xe0/0xe0 [ 130.925347] __run_timers+0xdb4/0x11d0 [ 130.929242] ? igmp_gq_timer_expire+0xe0/0xe0 [ 130.933758] ? timers_dead_cpu+0xa50/0xa50 [ 130.937989] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 130.943281] ? timers_dead_cpu+0xa50/0xa50 [ 130.947496] run_timer_softirq+0x2e/0x50 [ 130.951538] __do_softirq+0x53f/0x93a [ 130.955326] irq_exit+0x214/0x250 [ 130.958761] exiting_irq+0xe/0x10 [ 130.962195] smp_apic_timer_interrupt+0x48/0x70 [ 130.966850] apic_timer_interrupt+0x2e/0x40 [ 130.971150] [ 130.973374] RIP: 0010:kmsan_get_shadow_origin_ptr+0xd2/0x440 [ 130.979149] Code: 75 36 48 8b 0c 25 e0 0d 62 8c 48 85 c9 74 29 48 89 c2 48 c1 ea 22 48 8b 0c d1 48 85 c9 74 19 48 c1 e8 1b 83 e0 7f 48 c1 e0 05 <48> 01 c1 74 09 f6 01 02 0f 85 ad 01 00 00 4c 89 f0 48 c1 e8 28 48 [ 130.998031] RSP: 0018:ffff88809d24ecf0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 [ 131.005715] RAX: 0000000000000260 RBX: ffffffff8c625000 RCX: ffff88812fffb000 [ 131.012964] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88809d24ef7c [ 131.020311] RBP: ffff88809d24ed20 R08: ffff88809d24f040 R09: 0000000000000000 [ 131.027646] R10: 0000000000000000 R11: 00000000935fd0df R12: 0000000000000000 [ 131.034892] R13: ffff88811d24ef7c R14: ffff88809d24ef7c R15: 0000000000000004 [ 131.042175] __msan_metadata_ptr_for_load_4+0x10/0x20 [ 131.047349] sha256_generic_block_fn+0x2c2/0xab50 [ 131.052219] crypto_sha256_update+0x35f/0x3b0 [ 131.056701] ? sha1_base_init+0x180/0x180 [ 131.060831] crypto_shash_update+0x484/0x4f0 [ 131.065241] ? integrity_kernel_read+0x221/0x280 [ 131.069984] ima_calc_file_hash+0x25ca/0x2ca0 [ 131.074465] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 131.079817] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 131.085184] ? strncmp+0xc4/0x200 [ 131.088660] ima_collect_measurement+0x48d/0x980 [ 131.093418] process_measurement+0x1b37/0x2740 [ 131.097997] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 131.103378] ? refcount_dec_and_test_checked+0x1e8/0x2c0 [ 131.108829] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 131.114006] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 131.119186] ima_file_check+0x131/0x170 [ 131.123175] path_openat+0x4af5/0x6b90 [ 131.127084] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 131.132275] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 131.137445] do_filp_open+0x2b8/0x710 [ 131.141245] do_sys_open+0x642/0xa30 [ 131.144936] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 131.150115] __se_sys_openat+0xcb/0xe0 [ 131.153987] __x64_sys_openat+0x56/0x70 [ 131.157947] do_syscall_64+0xbc/0xf0 [ 131.161643] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 131.166813] RIP: 0033:0x47fd2a [ 131.170001] Code: e8 bb 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 131.188905] RSP: 002b:000000c42018d7e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101 [ 131.196691] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd2a [ 131.203954] RDX: 0000000000080002 RSI: 000000c420084f60 RDI: ffffffffffffff9c [ 131.211213] RBP: 000000c42018d868 R08: 0000000000000000 R09: 0000000000000000 [ 131.218582] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000 [ 131.225840] R13: 00000000000000f3 R14: 0000000000000033 R15: 0000000000000004 [ 131.234277] Kernel Offset: disabled [ 131.237901] Rebooting in 86400 seconds..