[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   76.566749][   T31] audit: type=1800 audit(1569305425.619:25): pid=11623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   76.589460][   T31] audit: type=1800 audit(1569305425.639:26): pid=11623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   76.632226][   T31] audit: type=1800 audit(1569305425.669:27): pid=11623 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts.
2019/09/24 06:10:38 fuzzer started
2019/09/24 06:10:42 dialing manager at 10.128.0.26:34199
2019/09/24 06:10:42 syscalls: 2382
2019/09/24 06:10:42 code coverage: enabled
2019/09/24 06:10:42 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/09/24 06:10:42 extra coverage: enabled
2019/09/24 06:10:42 setuid sandbox: enabled
2019/09/24 06:10:42 namespace sandbox: enabled
2019/09/24 06:10:42 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/24 06:10:42 fault injection: enabled
2019/09/24 06:10:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/24 06:10:42 net packet injection: enabled
2019/09/24 06:10:42 net device setup: enabled
06:13:16 executing program 0:

syzkaller login: [  247.484034][T11790] IPVS: ftp: loaded support on port[0] = 21
[  247.623438][T11790] chnl_net:caif_netlink_parms(): no params data found
[  247.676360][T11790] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.683645][T11790] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.692288][T11790] device bridge_slave_0 entered promiscuous mode
[  247.702202][T11790] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.709359][T11790] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.717960][T11790] device bridge_slave_1 entered promiscuous mode
[  247.748575][T11790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  247.761358][T11790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.792859][T11790] team0: Port device team_slave_0 added
[  247.801678][T11790] team0: Port device team_slave_1 added
[  248.046406][T11790] device hsr_slave_0 entered promiscuous mode
[  248.302648][T11790] device hsr_slave_1 entered promiscuous mode
[  248.581598][T11790] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.588870][T11790] bridge0: port 2(bridge_slave_1) entered forwarding state
[  248.596642][T11790] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.603853][T11790] bridge0: port 1(bridge_slave_0) entered forwarding state
[  248.667567][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.677004][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.709944][T11790] 8021q: adding VLAN 0 to HW filter on device bond0
[  248.728167][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  248.736943][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  248.751209][T11790] 8021q: adding VLAN 0 to HW filter on device team0
[  248.764939][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  248.774554][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  248.784414][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.791554][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  248.838158][T11790] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  248.848653][T11790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  248.863953][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  248.873684][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  248.882604][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.889725][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  248.898036][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  248.907779][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  248.917497][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  248.927093][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  248.936453][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  248.946111][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  248.955465][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  248.964473][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  248.973810][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  248.982832][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  248.997376][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  249.005904][   T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  249.037525][T11790] 8021q: adding VLAN 0 to HW filter on device batadv0
[  249.049583][T11790] ==================================================================
[  249.057670][T11790] BUG: KMSAN: uninit-value in kmem_cache_alloc_node+0x5d0/0xe70
[  249.065300][T11790] CPU: 1 PID: 11790 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0
[  249.073181][T11790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  249.083227][T11790] Call Trace:
[  249.086608][T11790]  dump_stack+0x191/0x1f0
[  249.090943][T11790]  kmsan_report+0x162/0x2d0
[  249.095448][T11790]  __msan_warning+0x75/0xe0
[  249.099953][T11790]  kmem_cache_alloc_node+0x5d0/0xe70
[  249.105304][T11790]  ? __alloc_skb+0x215/0xa10
[  249.109908][T11790]  __alloc_skb+0x215/0xa10
[  249.114349][T11790]  ? kmsan_get_shadow_origin_ptr+0x1/0x4c0
[  249.120222][T11790]  netlink_ack+0x579/0x1240
[  249.124751][T11790]  netlink_rcv_skb+0x316/0x620
[  249.129545][T11790]  ? rtnetlink_bind+0x120/0x120
[  249.134407][T11790]  rtnetlink_rcv+0x50/0x60
[  249.138827][T11790]  netlink_unicast+0xf6c/0x1050
[  249.143700][T11790]  netlink_sendmsg+0x110f/0x1330
[  249.148654][T11790]  ? netlink_getsockopt+0x1430/0x1430
[  249.154019][T11790]  __sys_sendto+0xc44/0xc70
[  249.158541][T11790]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  249.164438][T11790]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  249.170500][T11790]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  249.176218][T11790]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  249.182113][T11790]  __se_sys_sendto+0x107/0x130
[  249.186887][T11790]  __x64_sys_sendto+0x6e/0x90
[  249.191562][T11790]  do_syscall_64+0xbc/0xf0
[  249.196008][T11790]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  249.202505][T11790] RIP: 0033:0x413853
[  249.206401][T11790] Code: ff 0f 83 b0 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 3d 2a 66 00 00 75 17 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff
[  249.226004][T11790] RSP: 002b:0000000000a6fb18 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  249.234928][T11790] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413853
[  249.242996][T11790] RDX: 0000000000000038 RSI: 0000000000a70070 RDI: 0000000000000003
[  249.250962][T11790] RBP: 0000000000000000 R08: 0000000000a6fb20 R09: 000000000000000c
[  249.258929][T11790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  249.266894][T11790] R13: 0000000000000003 R14: 0000000000a6fbc8 R15: 0000000000000006
[  249.274873][T11790] 
[  249.277195][T11790] Uninit was stored to memory at:
[  249.282219][T11790]  kmsan_internal_chain_origin+0xcc/0x150
[  249.287930][T11790]  __msan_chain_origin+0x6b/0xe0
[  249.292864][T11790]  ___slab_alloc+0x1dbc/0x1fb0
[  249.297623][T11790]  kmem_cache_alloc_node+0x769/0xe70
[  249.302903][T11790]  __alloc_skb+0x215/0xa10
[  249.307337][T11790]  alloc_skb_with_frags+0x18c/0xa80
[  249.312535][T11790]  sock_alloc_send_pskb+0xafd/0x10a0
[  249.317816][T11790]  sock_alloc_send_skb+0xca/0xe0
[  249.322821][T11790]  mld_newpack+0x2ad/0xd60
[  249.327234][T11790]  add_grec+0x1cdf/0x2120
[  249.331559][T11790]  mld_ifc_timer_expire+0xf58/0x1680
[  249.336837][T11790]  call_timer_fn+0x232/0x530
[  249.341419][T11790]  __run_timers+0xcdc/0x11a0
[  249.346005][T11790]  run_timer_softirq+0x2d/0x50
[  249.350800][T11790]  __do_softirq+0x4a1/0x83a
[  249.355301][T11790]  irq_exit+0x230/0x280
[  249.359452][T11790]  exiting_irq+0xe/0x10
[  249.363601][T11790]  smp_apic_timer_interrupt+0x48/0x70
[  249.368968][T11790]  apic_timer_interrupt+0x2e/0x40
[  249.373997][T11790]  console_unlock+0x191b/0x1cb0
[  249.378843][T11790]  vprintk_emit+0x45b/0x8f0
[  249.383351][T11790]  vprintk_default+0x90/0xa0
[  249.387941][T11790]  vprintk_func+0x635/0x810
[  249.392449][T11790]  printk+0x180/0x1c3
[  249.396602][T11790]  vlan_device_event+0x2c05/0x3140
[  249.401717][T11790]  raw_notifier_call_chain+0x13d/0x240
[  249.407172][T11790]  __dev_notify_flags+0x3dc/0x830
[  249.412195][T11790]  dev_change_flags+0x1d6/0x260
[  249.417041][T11790]  do_setlink+0x1669/0x5e30
[  249.421544][T11790]  rtnl_newlink+0x2e23/0x38d0
[  249.426221][T11790]  rtnetlink_rcv_msg+0x115a/0x1580
[  249.431330][T11790]  netlink_rcv_skb+0x431/0x620
[  249.436187][T11790]  rtnetlink_rcv+0x50/0x60
[  249.440613][T11790]  netlink_unicast+0xf6c/0x1050
[  249.445464][T11790]  netlink_sendmsg+0x110f/0x1330
[  249.450394][T11790]  __sys_sendto+0xc44/0xc70
[  249.454890][T11790]  __se_sys_sendto+0x107/0x130
[  249.459646][T11790]  __x64_sys_sendto+0x6e/0x90
[  249.464321][T11790]  do_syscall_64+0xbc/0xf0
[  249.468733][T11790]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  249.474612][T11790] 
[  249.476931][T11790] Uninit was created at:
[  249.481169][T11790]  kmsan_internal_poison_shadow+0x58/0xb0
[  249.486894][T11790]  kmsan_slab_free+0x8d/0x100
[  249.491570][T11790]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  249.496934][T11790]  __kfree_skb_flush+0xb0/0x100
[  249.501783][T11790]  net_rx_action+0x1908/0x1950
[  249.506543][T11790]  __do_softirq+0x4a1/0x83a
[  249.511041][T11790]  irq_exit+0x230/0x280
[  249.515192][T11790]  do_IRQ+0x20d/0x3a0
[  249.519165][T11790]  ret_from_intr+0x0/0x33
[  249.523487][T11790]  default_idle+0x53/0x90
[  249.527809][T11790]  arch_cpu_idle+0x25/0x30
[  249.532220][T11790]  do_idle+0x1d7/0x790
[  249.536284][T11790]  cpu_startup_entry+0x45/0x50
[  249.541040][T11790]  start_secondary+0x370/0x470
[  249.545798][T11790]  secondary_startup_64+0xa4/0xb0
[  249.550915][T11790] ==================================================================
[  249.558972][T11790] Disabling lock debugging due to kernel taint
[  249.565119][T11790] Kernel panic - not syncing: panic_on_warn set ...
[  249.571794][T11790] CPU: 1 PID: 11790 Comm: syz-executor.0 Tainted: G    B             5.3.0-rc7+ #0
[  249.581064][T11790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  249.591113][T11790] Call Trace:
[  249.594412][T11790]  dump_stack+0x191/0x1f0
[  249.598752][T11790]  panic+0x3c9/0xc1e
[  249.602685][T11790]  kmsan_report+0x2ca/0x2d0
[  249.607196][T11790]  __msan_warning+0x75/0xe0
[  249.611702][T11790]  kmem_cache_alloc_node+0x5d0/0xe70
[  249.616996][T11790]  ? __alloc_skb+0x215/0xa10
[  249.621599][T11790]  __alloc_skb+0x215/0xa10
[  249.626027][T11790]  ? kmsan_get_shadow_origin_ptr+0x1/0x4c0
[  249.631836][T11790]  netlink_ack+0x579/0x1240
[  249.636363][T11790]  netlink_rcv_skb+0x316/0x620
[  249.641122][T11790]  ? rtnetlink_bind+0x120/0x120
[  249.645994][T11790]  rtnetlink_rcv+0x50/0x60
[  249.650413][T11790]  netlink_unicast+0xf6c/0x1050
[  249.655281][T11790]  netlink_sendmsg+0x110f/0x1330
[  249.660237][T11790]  ? netlink_getsockopt+0x1430/0x1430
[  249.665605][T11790]  __sys_sendto+0xc44/0xc70
[  249.670132][T11790]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  249.676052][T11790]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  249.682119][T11790]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  249.687847][T11790]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  249.693738][T11790]  __se_sys_sendto+0x107/0x130
[  249.698516][T11790]  __x64_sys_sendto+0x6e/0x90
[  249.703201][T11790]  do_syscall_64+0xbc/0xf0
[  249.707619][T11790]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  249.713505][T11790] RIP: 0033:0x413853
[  249.717414][T11790] Code: ff 0f 83 b0 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 3d 2a 66 00 00 75 17 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff
[  249.737026][T11790] RSP: 002b:0000000000a6fb18 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  249.745612][T11790] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413853
[  249.753583][T11790] RDX: 0000000000000038 RSI: 0000000000a70070 RDI: 0000000000000003
[  249.761558][T11790] RBP: 0000000000000000 R08: 0000000000a6fb20 R09: 000000000000000c
[  249.769614][T11790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  249.777581][T11790] R13: 0000000000000003 R14: 0000000000a6fbc8 R15: 0000000000000006
[  249.786898][T11790] Kernel Offset: disabled
[  249.791222][T11790] Rebooting in 86400 seconds..