[ 54.734744] audit: type=1800 audit(1544956702.758:27): pid=6368 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 54.754338] audit: type=1800 audit(1544956702.778:28): pid=6368 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.485075] audit: type=1800 audit(1544956704.548:29): pid=6368 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 56.504561] audit: type=1800 audit(1544956704.548:30): pid=6368 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts. 2018/12/16 10:38:36 parsed 1 programs 2018/12/16 10:38:43 executed programs: 0 syzkaller login: [ 75.259870] IPVS: ftp: loaded support on port[0] = 21 [ 75.740878] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.747394] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.755541] device bridge_slave_0 entered promiscuous mode [ 75.786335] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.792890] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.800357] device bridge_slave_1 entered promiscuous mode [ 75.830890] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 75.860516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 75.949779] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 75.983762] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 76.126625] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 76.134647] team0: Port device team_slave_0 added [ 76.164253] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 76.172531] team0: Port device team_slave_1 added [ 76.202948] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.236386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.269457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.302099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.598264] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.604812] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.611878] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.618335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.688068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.797294] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.903613] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.909932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.918169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.026594] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.761961] ================================================================== [ 78.769370] BUG: KMSAN: uninit-value in check_6rd+0x65a/0x710 [ 78.775246] CPU: 1 PID: 6787 Comm: syz-executor0 Not tainted 4.20.0-rc5+ #2 [ 78.782334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.791689] Call Trace: [ 78.794277] dump_stack+0x1c9/0x220 [ 78.797919] kmsan_report+0x12d/0x290 [ 78.801722] __msan_warning+0x76/0xc0 [ 78.805533] check_6rd+0x65a/0x710 [ 78.809082] sit_tunnel_xmit+0xb58/0x34d0 [ 78.813255] ? dev_hard_start_xmit+0xb3/0xc80 [ 78.817794] ? ipip6_tunnel_uninit+0x800/0x800 [ 78.822374] dev_hard_start_xmit+0x627/0xc80 [ 78.826852] __dev_queue_xmit+0x3173/0x3cf0 [ 78.831253] dev_queue_xmit+0x4b/0x60 [ 78.835054] ? __netdev_pick_tx+0x1290/0x1290 [ 78.839542] packet_sendmsg+0x7cbd/0x9200 [ 78.843683] ? kmsan_memcpy_metadata+0xb/0x10 [ 78.848180] ? __msan_memcpy+0x61/0x70 [ 78.852076] ? do_iter_readv_writev+0x822/0xac0 [ 78.856771] ? __se_sys_writev+0x9b/0xb0 [ 78.860859] ? do_syscall_64+0xcd/0x110 [ 78.864839] ? should_fail+0x5e/0xb70 [ 78.868634] ? get_futex_key+0x2f9/0x1d40 [ 78.872833] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 78.878221] ? aa_sk_perm+0x7ab/0x9e0 [ 78.882102] ? compat_packet_setsockopt+0x360/0x360 [ 78.887115] sock_write_iter+0x3f4/0x4f0 [ 78.891190] ? sock_read_iter+0x4e0/0x4e0 [ 78.895331] do_iter_readv_writev+0x822/0xac0 [ 78.899850] ? sock_read_iter+0x4e0/0x4e0 [ 78.903993] do_iter_write+0x302/0xd80 [ 78.907878] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 78.913340] ? import_iovec+0x41f/0x680 [ 78.917341] do_writev+0x397/0x860 [ 78.920896] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 78.926355] ? prepare_exit_to_usermode+0x137/0x460 [ 78.931359] ? syscall_return_slowpath+0x50/0x680 [ 78.936212] __se_sys_writev+0x9b/0xb0 [ 78.940101] __x64_sys_writev+0x4a/0x70 [ 78.944080] do_syscall_64+0xcd/0x110 [ 78.947879] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 78.953057] RIP: 0033:0x457669 [ 78.956239] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.975133] RSP: 002b:00007ffec14b2c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 78.982836] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 78.990108] RDX: 0000000000000001 RSI: 00000000200003c0 RDI: 0000000000000003 [ 78.997381] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 79.004639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001f6a914 [ 79.011896] R13: 00000000004c39e8 R14: 00000000004dae38 R15: 00000000ffffffff [ 79.019168] [ 79.020780] Uninit was created at: [ 79.024317] kmsan_internal_poison_shadow+0x92/0x150 [ 79.029422] kmsan_kmalloc+0xa1/0x100 [ 79.033213] kmsan_slab_alloc+0xe/0x10 [ 79.037090] __kmalloc_node_track_caller+0xf06/0x1120 [ 79.042277] __alloc_skb+0x318/0xa40 [ 79.045980] alloc_skb_with_frags+0x1c9/0xa80 [ 79.050508] sock_alloc_send_pskb+0xb5d/0x1140 [ 79.055097] packet_sendmsg+0x66a2/0x9200 [ 79.059237] sock_write_iter+0x3f4/0x4f0 [ 79.063313] do_iter_readv_writev+0x822/0xac0 [ 79.067795] do_iter_write+0x302/0xd80 [ 79.071675] do_writev+0x397/0x860 [ 79.075204] __se_sys_writev+0x9b/0xb0 [ 79.079080] __x64_sys_writev+0x4a/0x70 [ 79.083046] do_syscall_64+0xcd/0x110 [ 79.086839] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 79.092009] ================================================================== [ 79.099351] Disabling lock debugging due to kernel taint [ 79.104799] Kernel panic - not syncing: panic_on_warn set ... [ 79.110677] CPU: 1 PID: 6787 Comm: syz-executor0 Tainted: G B 4.20.0-rc5+ #2 [ 79.119158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.128515] Call Trace: [ 79.131099] dump_stack+0x1c9/0x220 [ 79.134729] panic+0x3f0/0x98f [ 79.137973] kmsan_report+0x290/0x290 [ 79.141798] __msan_warning+0x76/0xc0 [ 79.145614] check_6rd+0x65a/0x710 [ 79.149210] sit_tunnel_xmit+0xb58/0x34d0 [ 79.153403] ? dev_hard_start_xmit+0xb3/0xc80 [ 79.157891] ? ipip6_tunnel_uninit+0x800/0x800 [ 79.162474] dev_hard_start_xmit+0x627/0xc80 [ 79.166917] __dev_queue_xmit+0x3173/0x3cf0 [ 79.171270] dev_queue_xmit+0x4b/0x60 [ 79.175065] ? __netdev_pick_tx+0x1290/0x1290 [ 79.179553] packet_sendmsg+0x7cbd/0x9200 [ 79.183712] ? kmsan_memcpy_metadata+0xb/0x10 [ 79.188220] ? __msan_memcpy+0x61/0x70 [ 79.192118] ? do_iter_readv_writev+0x822/0xac0 [ 79.196787] ? __se_sys_writev+0x9b/0xb0 [ 79.200840] ? do_syscall_64+0xcd/0x110 [ 79.204817] ? should_fail+0x5e/0xb70 [ 79.208626] ? get_futex_key+0x2f9/0x1d40 [ 79.212785] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 79.218161] ? aa_sk_perm+0x7ab/0x9e0 [ 79.222015] ? compat_packet_setsockopt+0x360/0x360 [ 79.227026] sock_write_iter+0x3f4/0x4f0 [ 79.231099] ? sock_read_iter+0x4e0/0x4e0 [ 79.235255] do_iter_readv_writev+0x822/0xac0 [ 79.239775] ? sock_read_iter+0x4e0/0x4e0 [ 79.243935] do_iter_write+0x302/0xd80 [ 79.247819] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 79.253287] ? import_iovec+0x41f/0x680 [ 79.257292] do_writev+0x397/0x860 [ 79.260849] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 79.266299] ? prepare_exit_to_usermode+0x137/0x460 [ 79.271320] ? syscall_return_slowpath+0x50/0x680 [ 79.276187] __se_sys_writev+0x9b/0xb0 [ 79.280077] __x64_sys_writev+0x4a/0x70 [ 79.284044] do_syscall_64+0xcd/0x110 [ 79.287844] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 79.293032] RIP: 0033:0x457669 [ 79.296231] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.315121] RSP: 002b:00007ffec14b2c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 79.322825] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 79.330285] RDX: 0000000000000001 RSI: 00000000200003c0 RDI: 0000000000000003 [ 79.337568] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 79.344838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001f6a914 [ 79.352107] R13: 00000000004c39e8 R14: 00000000004dae38 R15: 00000000ffffffff [ 79.360377] Kernel Offset: disabled [ 79.364009] Rebooting in 86400 seconds..