[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 97.969415] audit: type=1800 audit(1548030821.012:25): pid=10618 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 97.988631] audit: type=1800 audit(1548030821.012:26): pid=10618 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 98.008122] audit: type=1800 audit(1548030821.042:27): pid=10618 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. 2019/01/21 00:33:54 fuzzer started 2019/01/21 00:33:59 dialing manager at 10.128.0.26:39359 2019/01/21 00:33:59 syscalls: 1 2019/01/21 00:33:59 code coverage: enabled 2019/01/21 00:33:59 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/21 00:33:59 extra coverage: extra coverage is not supported by the kernel 2019/01/21 00:33:59 setuid sandbox: enabled 2019/01/21 00:33:59 namespace sandbox: enabled 2019/01/21 00:33:59 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/21 00:33:59 fault injection: enabled 2019/01/21 00:33:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/21 00:33:59 net packet injection: enabled 2019/01/21 00:33:59 net device setup: enabled 00:36:54 executing program 0: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000500)="c1bbf9010003400000881ee4ac141411e0", 0x11}], 0x1}, 0x0) syzkaller login: [ 291.820905] IPVS: ftp: loaded support on port[0] = 21 [ 291.999068] chnl_net:caif_netlink_parms(): no params data found [ 292.078089] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.084804] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.093446] device bridge_slave_0 entered promiscuous mode [ 292.103295] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.109802] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.118502] device bridge_slave_1 entered promiscuous mode [ 292.155773] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 292.167282] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 292.201386] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 292.210228] team0: Port device team_slave_0 added [ 292.217327] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 292.226081] team0: Port device team_slave_1 added [ 292.232431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 292.241444] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 292.367208] device hsr_slave_0 entered promiscuous mode [ 292.632456] device hsr_slave_1 entered promiscuous mode [ 292.793745] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 292.801502] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 292.833097] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.839671] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.846953] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.853543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.946670] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 292.952856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 292.967608] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 292.976620] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.985874] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.997612] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 293.016021] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 293.022562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 293.030452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 293.046548] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 293.052889] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.069058] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 293.076462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 293.086730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 293.095352] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.101908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.118382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 293.126645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 293.135385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 293.143832] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.150316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.178488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 293.186059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 293.202725] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 293.213251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 293.227637] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 293.234850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 293.244000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 293.256834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 293.269573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 293.276860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 293.286324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 293.303458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 293.313512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 293.322164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 293.337218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 293.344754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 293.353706] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 293.370085] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 293.376314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 293.405250] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 293.427609] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.573695] ================================================================== [ 293.581186] BUG: KMSAN: uninit-value in ___neigh_create+0x20cc/0x2890 [ 293.587825] CPU: 1 PID: 10789 Comm: syz-executor0 Not tainted 5.0.0-rc1+ #7 [ 293.594933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.604299] Call Trace: [ 293.606958] dump_stack+0x173/0x1d0 [ 293.610638] kmsan_report+0x12e/0x2a0 [ 293.614480] __msan_warning+0x82/0xf0 [ 293.618319] ___neigh_create+0x20cc/0x2890 [ 293.622654] __neigh_create+0xbd/0xd0 [ 293.626532] ip_finish_output2+0xa0f/0x1820 [ 293.630905] ip_finish_output+0xd2b/0xfd0 [ 293.635093] ip_output+0x53f/0x610 [ 293.638679] ? ip_mc_finish_output+0x3b0/0x3b0 [ 293.643277] ? ip_finish_output+0xfd0/0xfd0 [ 293.647626] ip_local_out+0x164/0x1d0 [ 293.651471] iptunnel_xmit+0x8a7/0xde0 [ 293.655419] ? pskb_expand_head+0xf10/0x18f0 [ 293.659916] ip_tunnel_xmit+0x35b9/0x3980 [ 293.664156] ipgre_xmit+0x1098/0x11c0 [ 293.667999] ? ipgre_close+0x230/0x230 [ 293.671934] dev_hard_start_xmit+0x604/0xc40 [ 293.676403] __dev_queue_xmit+0x2e48/0x3b80 [ 293.680788] dev_queue_xmit+0x4b/0x60 [ 293.684619] ? __netdev_pick_tx+0x1260/0x1260 [ 293.689191] packet_sendmsg+0x79bb/0x9760 [ 293.693380] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 293.698857] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 293.704076] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 293.709562] ___sys_sendmsg+0xdb9/0x11b0 [ 293.713673] ? compat_packet_setsockopt+0x360/0x360 [ 293.718724] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 293.723942] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 293.729324] ? __fget_light+0x6e1/0x750 [ 293.733345] __se_sys_sendmsg+0x305/0x460 [ 293.737639] __x64_sys_sendmsg+0x4a/0x70 [ 293.741732] do_syscall_64+0xbc/0xf0 [ 293.745505] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 293.750726] RIP: 0033:0x458099 [ 293.753937] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 293.772850] RSP: 002b:00007f8bbddbcc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 293.780570] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458099 [ 293.787857] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 293.795138] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 293.802415] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8bbddbd6d4 [ 293.809692] R13: 00000000004c5590 R14: 00000000004d91c0 R15: 00000000ffffffff [ 293.816991] [ 293.818619] Uninit was created at: [ 293.822159] No stack [ 293.824481] ================================================================== [ 293.831836] Disabling lock debugging due to kernel taint [ 293.837285] Kernel panic - not syncing: panic_on_warn set ... [ 293.843184] CPU: 1 PID: 10789 Comm: syz-executor0 Tainted: G B 5.0.0-rc1+ #7 [ 293.851675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.861034] Call Trace: [ 293.863648] dump_stack+0x173/0x1d0 [ 293.867304] panic+0x3d1/0xb01 [ 293.870559] kmsan_report+0x293/0x2a0 [ 293.874397] __msan_warning+0x82/0xf0 [ 293.878232] ___neigh_create+0x20cc/0x2890 [ 293.882544] __neigh_create+0xbd/0xd0 [ 293.886390] ip_finish_output2+0xa0f/0x1820 [ 293.890762] ip_finish_output+0xd2b/0xfd0 [ 293.894955] ip_output+0x53f/0x610 [ 293.898926] ? ip_mc_finish_output+0x3b0/0x3b0 [ 293.903530] ? ip_finish_output+0xfd0/0xfd0 [ 293.907868] ip_local_out+0x164/0x1d0 [ 293.911707] iptunnel_xmit+0x8a7/0xde0 [ 293.915626] ? pskb_expand_head+0xf10/0x18f0 [ 293.920089] ip_tunnel_xmit+0x35b9/0x3980 [ 293.924317] ipgre_xmit+0x1098/0x11c0 [ 293.928158] ? ipgre_close+0x230/0x230 [ 293.932065] dev_hard_start_xmit+0x604/0xc40 [ 293.936540] __dev_queue_xmit+0x2e48/0x3b80 [ 293.940936] dev_queue_xmit+0x4b/0x60 [ 293.944754] ? __netdev_pick_tx+0x1260/0x1260 [ 293.949270] packet_sendmsg+0x79bb/0x9760 [ 293.953454] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 293.958930] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 293.964145] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 293.969605] ___sys_sendmsg+0xdb9/0x11b0 [ 293.973703] ? compat_packet_setsockopt+0x360/0x360 [ 293.978749] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 293.983967] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 293.989348] ? __fget_light+0x6e1/0x750 [ 293.993387] __se_sys_sendmsg+0x305/0x460 [ 293.997606] __x64_sys_sendmsg+0x4a/0x70 [ 294.001704] do_syscall_64+0xbc/0xf0 [ 294.005448] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 294.010648] RIP: 0033:0x458099 [ 294.013852] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 294.032761] RSP: 002b:00007f8bbddbcc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 294.040476] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458099 [ 294.047750] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 294.055030] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 294.062307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8bbddbd6d4 [ 294.069591] R13: 00000000004c5590 R14: 00000000004d91c0 R15: 00000000ffffffff [ 294.077896] Kernel Offset: disabled [ 294.081528] Rebooting in 86400 seconds..