[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 81.060401][ T31] audit: type=1800 audit(1572807980.108:25): pid=11649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 81.091972][ T31] audit: type=1800 audit(1572807980.138:26): pid=11649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 81.112221][ T31] audit: type=1800 audit(1572807980.148:27): pid=11649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. syzkaller login: [ 109.438544][T11800] IPVS: ftp: loaded support on port[0] = 21 [ 109.508389][T11800] chnl_net:caif_netlink_parms(): no params data found [ 109.542503][T11800] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.549604][T11800] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.558004][T11800] device bridge_slave_0 entered promiscuous mode [ 109.566044][T11800] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.573310][T11800] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.581255][T11800] device bridge_slave_1 entered promiscuous mode [ 109.602596][T11800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.614931][T11800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.637801][T11800] team0: Port device team_slave_0 added [ 109.649009][T11800] team0: Port device team_slave_1 added [ 109.704583][T11800] device hsr_slave_0 entered promiscuous mode [ 109.752507][T11800] device hsr_slave_1 entered promiscuous mode [ 109.913105][T11800] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.920327][T11800] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.928172][T11800] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.935454][T11800] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.137267][T11800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.167094][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 110.203783][ T3896] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.222738][ T3896] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.245595][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 110.278015][T11800] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.309665][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.319176][ T3896] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.326448][ T3896] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.408309][T11800] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 110.419230][T11800] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 110.437426][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 110.446814][ T3896] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.454079][ T3896] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.464589][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.474718][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 110.484245][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 110.494445][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.531449][T11800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.585700][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 110.594547][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program [ 110.755649][T11800] ===================================================== [ 110.762641][T11800] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x3c6/0x3320 [ 110.769757][T11800] CPU: 1 PID: 11800 Comm: syz-executor448 Not tainted 5.4.0-rc5+ #0 [ 110.777735][T11800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.787795][T11800] Call Trace: [ 110.791094][T11800] dump_stack+0x191/0x1f0 [ 110.795444][T11800] kmsan_report+0x128/0x220 [ 110.799966][T11800] __msan_warning+0x73/0xe0 [ 110.804482][T11800] ip_tunnel_xmit+0x3c6/0x3320 [ 110.809258][T11800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 110.815331][T11800] ? skb_push+0x15b/0x250 [ 110.819679][T11800] ? gre_build_header+0x3ec/0x9f0 [ 110.822442][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 110.824777][T11800] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 110.830860][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 110.836361][T11800] ipgre_xmit+0xff3/0x1120 [ 110.836389][T11800] ? ipgre_close+0x240/0x240 [ 110.836406][T11800] dev_hard_start_xmit+0x51a/0xab0 [ 110.836434][T11800] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 110.836519][T11800] __dev_queue_xmit+0x35b6/0x4200 [ 110.867226][T11800] dev_queue_xmit+0x4b/0x60 [ 110.871738][T11800] ? netdev_core_pick_tx+0x4d0/0x4d0 [ 110.877032][T11800] packet_sendmsg+0x82d7/0x92e0 [ 110.881897][T11800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 110.887970][T11800] ? aa_label_sk_perm+0x6d6/0x940 [ 110.893013][T11800] ? kmsan_get_metadata+0x39/0x350 [ 110.898132][T11800] ? kmsan_internal_set_origin+0x6a/0xb0 [ 110.903779][T11800] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 110.909710][T11800] ? aa_sk_perm+0x730/0xaf0 [ 110.914265][T11800] ? compat_packet_setsockopt+0x360/0x360 [ 110.919998][T11800] ___sys_sendmsg+0x14ff/0x1590 [ 110.924885][T11800] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 110.930801][T11800] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 110.936911][T11800] ? __fget_light+0x1b8/0x710 [ 110.941607][T11800] __se_sys_sendmsg+0x305/0x460 [ 110.946496][T11800] __x64_sys_sendmsg+0x4a/0x70 [ 110.951275][T11800] do_syscall_64+0xb6/0x160 [ 110.952408][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 110.955850][T11800] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 110.962018][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 110.967495][T11800] RIP: 0033:0x441a29 [ 110.977117][T11800] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 110.996984][T11800] RSP: 002b:00007ffd00ef23c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.005380][T11800] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441a29 [ 111.013333][T11800] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 111.021321][T11800] RBP: 00007ffd00ef23e0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 111.029273][T11800] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 0000000000000000 [ 111.037231][T11800] R13: 0000000000402fc0 R14: 0000000000000000 R15: 0000000000000000 [ 111.045210][T11800] [ 111.047536][T11800] Uninit was created at: [ 111.051770][T11800] kmsan_internal_poison_shadow+0x60/0x120 [ 111.057571][T11800] kmsan_slab_alloc+0xaa/0x120 [ 111.062316][T11800] __kmalloc_node_track_caller+0xd7b/0x1390 [ 111.068285][T11800] __alloc_skb+0x306/0xa10 [ 111.072703][T11800] alloc_skb_with_frags+0x18c/0xa80 [ 111.077905][T11800] sock_alloc_send_pskb+0xafd/0x10a0 [ 111.083181][T11800] packet_sendmsg+0x6785/0x92e0 [ 111.088013][T11800] ___sys_sendmsg+0x14ff/0x1590 [ 111.092844][T11800] __se_sys_sendmsg+0x305/0x460 [ 111.097679][T11800] __x64_sys_sendmsg+0x4a/0x70 [ 111.102435][T11800] do_syscall_64+0xb6/0x160 [ 111.106930][T11800] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 111.112795][T11800] ===================================================== [ 111.119709][T11800] Disabling lock debugging due to kernel taint [ 111.125835][T11800] Kernel panic - not syncing: panic_on_warn set ... [ 111.132427][T11800] CPU: 1 PID: 11800 Comm: syz-executor448 Tainted: G B 5.4.0-rc5+ #0 [ 111.141780][T11800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.151829][T11800] Call Trace: [ 111.155114][T11800] dump_stack+0x191/0x1f0 [ 111.159512][T11800] panic+0x3c9/0xc1e [ 111.163406][T11800] kmsan_report+0x215/0x220 [ 111.167890][T11800] __msan_warning+0x73/0xe0 [ 111.172373][T11800] ip_tunnel_xmit+0x3c6/0x3320 [ 111.177119][T11800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 111.183161][T11800] ? skb_push+0x15b/0x250 [ 111.187472][T11800] ? gre_build_header+0x3ec/0x9f0 [ 111.192499][T11800] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 111.198385][T11800] ipgre_xmit+0xff3/0x1120 [ 111.202788][T11800] ? ipgre_close+0x240/0x240 [ 111.207354][T11800] dev_hard_start_xmit+0x51a/0xab0 [ 111.212468][T11800] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 111.218347][T11800] __dev_queue_xmit+0x35b6/0x4200 [ 111.223366][T11800] dev_queue_xmit+0x4b/0x60 [ 111.227846][T11800] ? netdev_core_pick_tx+0x4d0/0x4d0 [ 111.233112][T11800] packet_sendmsg+0x82d7/0x92e0 [ 111.237945][T11800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 111.243990][T11800] ? aa_label_sk_perm+0x6d6/0x940 [ 111.248997][T11800] ? kmsan_get_metadata+0x39/0x350 [ 111.254094][T11800] ? kmsan_internal_set_origin+0x6a/0xb0 [ 111.259708][T11800] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 111.265584][T11800] ? aa_sk_perm+0x730/0xaf0 [ 111.270272][T11800] ? compat_packet_setsockopt+0x360/0x360 [ 111.275978][T11800] ___sys_sendmsg+0x14ff/0x1590 [ 111.280827][T11800] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 111.286785][T11800] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 111.292842][T11800] ? __fget_light+0x1b8/0x710 [ 111.297522][T11800] __se_sys_sendmsg+0x305/0x460 [ 111.302386][T11800] __x64_sys_sendmsg+0x4a/0x70 [ 111.307141][T11800] do_syscall_64+0xb6/0x160 [ 111.311635][T11800] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 111.317506][T11800] RIP: 0033:0x441a29 [ 111.321383][T11800] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 111.340967][T11800] RSP: 002b:00007ffd00ef23c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.349360][T11800] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441a29 [ 111.357331][T11800] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 111.365372][T11800] RBP: 00007ffd00ef23e0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 111.373332][T11800] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 0000000000000000 [ 111.381295][T11800] R13: 0000000000402fc0 R14: 0000000000000000 R15: 0000000000000000 [ 111.390614][T11800] Kernel Offset: disabled [ 111.395022][T11800] Rebooting in 86400 seconds..