[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 109.702031][ T32] audit: type=1800 audit(1582061496.767:25): pid=11520 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 109.726323][ T32] audit: type=1800 audit(1582061496.797:26): pid=11520 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 109.764887][ T32] audit: type=1800 audit(1582061496.817:27): pid=11520 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. syzkaller login: [ 123.261117][T11672] IPVS: ftp: loaded support on port[0] = 21 [ 123.352972][T11672] chnl_net:caif_netlink_parms(): no params data found [ 123.432095][T11672] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.439344][T11672] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.448163][T11672] device bridge_slave_0 entered promiscuous mode [ 123.457061][T11672] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.464453][T11672] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.472888][T11672] device bridge_slave_1 entered promiscuous mode [ 123.500134][T11672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.512027][T11672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.539970][T11672] team0: Port device team_slave_0 added [ 123.548374][T11672] team0: Port device team_slave_1 added [ 123.570977][T11672] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 123.578045][T11672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.604441][T11672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 123.616543][T11672] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 123.624008][T11672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 123.650122][T11672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 123.717844][T11672] device hsr_slave_0 entered promiscuous mode [ 123.764749][T11672] device hsr_slave_1 entered promiscuous mode [ 123.916015][T11672] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 123.958595][T11672] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 124.018776][T11672] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 124.078503][T11672] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 124.161292][T11672] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.168524][T11672] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.176364][T11672] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.183663][T11672] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.247503][T11672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.264346][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.275741][ T3914] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.285301][ T3914] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.295364][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 124.313062][T11672] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.330454][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 124.339457][ T27] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.346800][ T27] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.374724][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 124.383998][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 124.393492][T11678] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.400675][T11678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.409756][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 124.419392][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 124.429306][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 124.438715][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 124.452585][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 124.461645][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 124.472396][T11678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 124.490022][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 124.499734][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 124.515988][T11672] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 124.529147][T11672] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 124.539376][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 124.548841][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 124.576634][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 124.585530][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 124.601954][T11672] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 124.627169][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 124.638717][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 124.665607][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 124.675296][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 124.687642][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 124.696483][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 124.709303][T11672] device veth0_vlan entered promiscuous mode [ 124.724406][T11672] device veth1_vlan entered promiscuous mode [ 124.753473][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 124.762372][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 124.771551][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 124.780939][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 124.794566][T11672] device veth0_macvtap entered promiscuous mode [ 124.807793][T11672] device veth1_macvtap entered promiscuous mode [ 124.832247][T11672] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.846941][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 124.856067][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 124.865535][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 124.875171][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 124.890715][T11672] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.899088][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 124.909023][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 125.128426][T11672] ===================================================== [ 125.135445][T11672] BUG: KMSAN: uninit-value in nf_flow_table_offload_setup+0x964/0xac0 [ 125.143720][T11672] CPU: 1 PID: 11672 Comm: syz-executor942 Not tainted 5.6.0-rc2-syzkaller #0 [ 125.152494][T11672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.162940][T11672] Call Trace: [ 125.166239][T11672] dump_stack+0x1c9/0x220 [ 125.170587][T11672] kmsan_report+0xf7/0x1e0 [ 125.175005][T11672] __msan_warning+0x58/0xa0 [ 125.179532][T11672] nf_flow_table_offload_setup+0x964/0xac0 [ 125.185352][T11672] ? nf_flow_rule_route_inet+0x1d0/0x1d0 [ 125.190996][T11672] ? nf_flow_table_offload_flush+0xa0/0xa0 [ 125.196838][T11672] nf_tables_newflowtable+0x233c/0x3e30 [ 125.202628][T11672] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 125.208494][T11672] ? nf_tables_delobj+0x1990/0x1990 [ 125.213702][T11672] nfnetlink_rcv+0x155e/0x3ab0 [ 125.218743][T11672] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 125.226083][T11672] ? netlink_deliver_tap+0xdb0/0xea0 [ 125.231532][T11672] ? __netlink_lookup+0x8b9/0x980 [ 125.236717][T11672] ? kmsan_set_origin_checked+0x95/0xf0 [ 125.242363][T11672] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 125.248170][T11672] netlink_unicast+0xf9e/0x1100 [ 125.253048][T11672] ? nfnetlink_net_exit_batch+0x280/0x280 [ 125.258777][T11672] netlink_sendmsg+0x1246/0x14d0 [ 125.263715][T11672] ? netlink_getsockopt+0x1440/0x1440 [ 125.269073][T11672] ____sys_sendmsg+0x12b6/0x1350 [ 125.274023][T11672] __sys_sendmsg+0x451/0x5f0 [ 125.278634][T11672] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 125.284497][T11672] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 125.290549][T11672] ? do_user_addr_fault+0xe77/0x1520 [ 125.295959][T11672] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 125.301761][T11672] ? kmsan_get_metadata+0x11d/0x180 [ 125.306979][T11672] __se_sys_sendmsg+0x97/0xb0 [ 125.311679][T11672] __x64_sys_sendmsg+0x4a/0x70 [ 125.316440][T11672] do_syscall_64+0xb8/0x160 [ 125.320925][T11672] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 125.326805][T11672] RIP: 0033:0x443709 [ 125.330687][T11672] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 125.350276][T11672] RSP: 002b:00007fffe96ae538 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 125.358698][T11672] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443709 [ 125.366682][T11672] RDX: 0000000000000000 RSI: 0000000020003e00 RDI: 0000000000000003 [ 125.374635][T11672] RBP: 00007fffe96ae550 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 125.382812][T11672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.390827][T11672] R13: 0000000000404ca0 R14: 0000000000000000 R15: 0000000000000000 [ 125.398807][T11672] [ 125.401128][T11672] Local variable ----bo@nf_flow_table_offload_setup created at: [ 125.408741][T11672] nf_flow_table_offload_setup+0xba/0xac0 [ 125.414441][T11672] nf_flow_table_offload_setup+0xba/0xac0 [ 125.420266][T11672] ===================================================== [ 125.427188][T11672] Disabling lock debugging due to kernel taint [ 125.433324][T11672] Kernel panic - not syncing: panic_on_warn set ... [ 125.439932][T11672] CPU: 1 PID: 11672 Comm: syz-executor942 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 125.450084][T11672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.460152][T11672] Call Trace: [ 125.463443][T11672] dump_stack+0x1c9/0x220 [ 125.467780][T11672] panic+0x3d5/0xc3e [ 125.471674][T11672] kmsan_report+0x1df/0x1e0 [ 125.476163][T11672] __msan_warning+0x58/0xa0 [ 125.480648][T11672] nf_flow_table_offload_setup+0x964/0xac0 [ 125.486457][T11672] ? nf_flow_rule_route_inet+0x1d0/0x1d0 [ 125.492164][T11672] ? nf_flow_table_offload_flush+0xa0/0xa0 [ 125.497953][T11672] nf_tables_newflowtable+0x233c/0x3e30 [ 125.503521][T11672] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 125.509394][T11672] ? nf_tables_delobj+0x1990/0x1990 [ 125.514588][T11672] nfnetlink_rcv+0x155e/0x3ab0 [ 125.519364][T11672] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 125.525419][T11672] ? netlink_deliver_tap+0xdb0/0xea0 [ 125.530685][T11672] ? __netlink_lookup+0x8b9/0x980 [ 125.535695][T11672] ? kmsan_set_origin_checked+0x95/0xf0 [ 125.541240][T11672] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 125.547045][T11672] netlink_unicast+0xf9e/0x1100 [ 125.551889][T11672] ? nfnetlink_net_exit_batch+0x280/0x280 [ 125.557598][T11672] netlink_sendmsg+0x1246/0x14d0 [ 125.562548][T11672] ? netlink_getsockopt+0x1440/0x1440 [ 125.567912][T11672] ____sys_sendmsg+0x12b6/0x1350 [ 125.572896][T11672] __sys_sendmsg+0x451/0x5f0 [ 125.577520][T11672] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 125.583332][T11672] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 125.589395][T11672] ? do_user_addr_fault+0xe77/0x1520 [ 125.594665][T11672] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 125.600459][T11672] ? kmsan_get_metadata+0x11d/0x180 [ 125.605685][T11672] __se_sys_sendmsg+0x97/0xb0 [ 125.610347][T11672] __x64_sys_sendmsg+0x4a/0x70 [ 125.615093][T11672] do_syscall_64+0xb8/0x160 [ 125.619583][T11672] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 125.625497][T11672] RIP: 0033:0x443709 [ 125.629374][T11672] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 125.648960][T11672] RSP: 002b:00007fffe96ae538 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 125.657368][T11672] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443709 [ 125.665334][T11672] RDX: 0000000000000000 RSI: 0000000020003e00 RDI: 0000000000000003 [ 125.673290][T11672] RBP: 00007fffe96ae550 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 125.681255][T11672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.689208][T11672] R13: 0000000000404ca0 R14: 0000000000000000 R15: 0000000000000000 [ 125.698220][T11672] Kernel Offset: 0x29c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 125.709839][T11672] Rebooting in 86400 seconds..