[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   81.021152][   T31] audit: type=1800 audit(1565020407.063:25): pid=11804 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   81.045747][   T31] audit: type=1800 audit(1565020407.093:26): pid=11804 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   81.084355][   T31] audit: type=1800 audit(1565020407.123:27): pid=11804 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts.
2019/08/05 15:53:40 fuzzer started
2019/08/05 15:53:46 dialing manager at 10.128.0.26:46627
2019/08/05 15:53:46 syscalls: 2367
2019/08/05 15:53:46 code coverage: enabled
2019/08/05 15:53:46 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/08/05 15:53:46 extra coverage: enabled
2019/08/05 15:53:46 setuid sandbox: enabled
2019/08/05 15:53:46 namespace sandbox: enabled
2019/08/05 15:53:46 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/05 15:53:46 fault injection: enabled
2019/08/05 15:53:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/05 15:53:46 net packet injection: enabled
2019/08/05 15:53:46 net device setup: enabled
15:56:07 executing program 0:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000080)="11dca5055e0bcfe47bf070")
pwritev(r0, &(0x7f0000000300)=[{&(0x7f00000000c0)="a7", 0x1}], 0x1, 0x2)

syzkaller login: [  241.564906][T11970] IPVS: ftp: loaded support on port[0] = 21
[  241.714272][T11970] chnl_net:caif_netlink_parms(): no params data found
[  241.771812][T11970] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.779182][T11970] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.788089][T11970] device bridge_slave_0 entered promiscuous mode
[  241.798477][T11970] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.805846][T11970] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.814601][T11970] device bridge_slave_1 entered promiscuous mode
[  241.846486][T11970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.859112][T11970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.892091][T11970] team0: Port device team_slave_0 added
[  241.901463][T11970] team0: Port device team_slave_1 added
[  242.037717][T11970] device hsr_slave_0 entered promiscuous mode
[  242.203396][T11970] device hsr_slave_1 entered promiscuous mode
[  242.503198][T11970] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.510429][T11970] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.518256][T11970] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.525558][T11970] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.604603][T11970] 8021q: adding VLAN 0 to HW filter on device bond0
[  242.625089][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  242.643692][   T30] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.654528][   T30] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.674423][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  242.693106][T11970] 8021q: adding VLAN 0 to HW filter on device team0
[  242.710541][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  242.720450][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  242.729887][T11973] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.737257][T11973] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.783607][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  242.793598][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  242.802748][T11973] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.809914][T11973] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.818550][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  242.828611][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  242.838833][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  242.849913][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  242.859762][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  242.870227][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  242.880000][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  242.889267][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  242.898536][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  242.907742][T11973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  242.920670][T11970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  242.931793][T11974] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  242.968861][T11970] 8021q: adding VLAN 0 to HW filter on device batadv0
15:56:09 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x2)
recvmmsg(r0, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002ac0)=""/92, 0x5c}}], 0x3, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1a)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)

[  243.280404][T11982] ==================================================================
[  243.288542][T11982] BUG: KMSAN: uninit-value in kmem_cache_alloc_node+0x5d0/0xe70
[  243.296194][T11982] CPU: 0 PID: 11982 Comm: syz-executor.0 Not tainted 5.3.0-rc3+ #16
[  243.304171][T11982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  243.314233][T11982] Call Trace:
[  243.317608][T11982]  dump_stack+0x191/0x1f0
[  243.321951][T11982]  kmsan_report+0x162/0x2d0
[  243.326552][T11982]  __msan_warning+0x75/0xe0
[  243.331062][T11982]  kmem_cache_alloc_node+0x5d0/0xe70
[  243.336349][T11982]  ? kmsan_set_origin+0x26d/0x340
[  243.341467][T11982]  ? __alloc_skb+0x215/0xa10
[  243.346439][T11982]  __alloc_skb+0x215/0xa10
[  243.350862][T11982]  ? kmsan_get_metadata_or_null+0x208/0x290
[  243.356947][T11982]  __ip6_append_data+0x46ad/0x6060
[  243.362088][T11982]  ? kmsan_get_metadata_or_null+0x208/0x290
[  243.368043][T11982]  ip6_append_data+0x3c2/0x650
[  243.372862][T11982]  ? do_rawv6_getsockopt+0x4a0/0x4a0
[  243.378299][T11982]  ? do_rawv6_getsockopt+0x4a0/0x4a0
[  243.383606][T11982]  rawv6_sendmsg+0x232e/0x5b10
[  243.388373][T11982]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  243.394442][T11982]  ? __update_load_avg_se+0x738/0x1220
[  243.400116][T11982]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  243.406149][T11982]  ? udp_cmsg_send+0x5d0/0x5d0
[  243.410918][T11982]  ? compat_rawv6_ioctl+0x100/0x100
[  243.416121][T11982]  inet_sendmsg+0x2d8/0x2e0
[  243.420657][T11982]  ? inet_send_prepare+0x600/0x600
[  243.425770][T11982]  ___sys_sendmsg+0x12c4/0x1590
[  243.430649][T11982]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  243.436663][T11982]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  243.442736][T11982]  ? balance_callback+0x48/0x260
[  243.447687][T11982]  ? kmsan_internal_check_memory+0x27a/0x8d0
[  243.453671][T11982]  ? kmsan_get_metadata_or_null+0x208/0x290
[  243.459573][T11982]  ? __msan_get_context_state+0x9/0x20
[  243.465035][T11982]  ? rcu_all_qs+0x23/0x240
[  243.469465][T11982]  __sys_sendmmsg+0x53a/0xae0
[  243.474178][T11982]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  243.480261][T11982]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  243.486342][T11982]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  243.492155][T11982]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  243.498535][T11982]  __se_sys_sendmmsg+0xbd/0xe0
[  243.503315][T11982]  __x64_sys_sendmmsg+0x56/0x70
[  243.508179][T11982]  do_syscall_64+0xbc/0xf0
[  243.512673][T11982]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  243.518602][T11982] RIP: 0033:0x459829
[  243.522522][T11982] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  243.542323][T11982] RSP: 002b:00007f1d5f9c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  243.550932][T11982] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459829
[  243.558903][T11982] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003
[  243.566893][T11982] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[  243.574884][T11982] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d5f9c56d4
[  243.583047][T11982] R13: 00000000004c7000 R14: 00000000004dc570 R15: 00000000ffffffff
[  243.591046][T11982] 
[  243.593361][T11982] Uninit was stored to memory at:
[  243.599015][T11982]  kmsan_internal_chain_origin+0xcc/0x150
[  243.604739][T11982]  __msan_chain_origin+0x6b/0xe0
[  243.609677][T11982]  ___slab_alloc+0x1dbc/0x1fb0
[  243.614447][T11982]  kmem_cache_alloc+0xade/0xd10
[  243.619324][T11982]  skb_clone+0x326/0x5d0
[  243.623567][T11982]  raw6_local_deliver+0xad1/0x1140
[  243.628676][T11982]  ip6_protocol_deliver_rcu+0x617/0x22f0
[  243.634579][T11982]  ip6_input+0x2af/0x340
[  243.639005][T11982]  ipv6_rcv+0x683/0x710
[  243.643197][T11982]  process_backlog+0x721/0x1410
[  243.648048][T11982]  net_rx_action+0x74b/0x1950
[  243.652727][T11982]  __do_softirq+0x4a1/0x83a
[  243.657227][T11982]  do_softirq_own_stack+0x49/0x80
[  243.662266][T11982]  __local_bh_enable_ip+0x184/0x1d0
[  243.667460][T11982]  local_bh_enable+0x36/0x40
[  243.672046][T11982]  ip6_finish_output2+0x213f/0x2670
[  243.677240][T11982]  __ip6_finish_output+0x83d/0x8f0
[  243.682350][T11982]  ip6_finish_output+0x2db/0x420
[  243.687283][T11982]  ip6_output+0x5d3/0x720
[  243.691695][T11982]  ip6_local_out+0x164/0x1d0
[  243.696380][T11982]  ip6_push_pending_frames+0x215/0x4f0
[  243.701837][T11982]  rawv6_sendmsg+0x40da/0x5b10
[  243.706688][T11982]  inet_sendmsg+0x2d8/0x2e0
[  243.711187][T11982]  ___sys_sendmsg+0x12c4/0x1590
[  243.716044][T11982]  __sys_sendmmsg+0x53a/0xae0
[  243.720717][T11982]  __se_sys_sendmmsg+0xbd/0xe0
[  243.725571][T11982]  __x64_sys_sendmmsg+0x56/0x70
[  243.730417][T11982]  do_syscall_64+0xbc/0xf0
[  243.734920][T11982]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  243.740798][T11982] 
[  243.743117][T11982] Uninit was created at:
[  243.747364][T11982]  kmsan_internal_poison_shadow+0x53/0xa0
[  243.753081][T11982]  kmsan_slab_free+0x8d/0x100
[  243.757760][T11982]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  243.763128][T11982]  __kfree_skb_flush+0xb0/0x100
[  243.767977][T11982]  net_rx_action+0x1908/0x1950
[  243.772736][T11982]  __do_softirq+0x4a1/0x83a
[  243.777326][T11982]  irq_exit+0x230/0x280
[  243.781485][T11982]  do_IRQ+0x20d/0x3a0
[  243.785468][T11982]  ret_from_intr+0x0/0x33
[  243.789792][T11982]  default_idle+0x53/0x90
[  243.794122][T11982]  arch_cpu_idle+0x25/0x30
[  243.798537][T11982]  do_idle+0x1d7/0x790
[  243.802612][T11982]  cpu_startup_entry+0x45/0x50
[  243.807380][T11982]  start_secondary+0x370/0x470
[  243.812141][T11982]  secondary_startup_64+0xa4/0xb0
[  243.817153][T11982] ==================================================================
[  243.825202][T11982] Disabling lock debugging due to kernel taint
[  243.831435][T11982] Kernel panic - not syncing: panic_on_warn set ...
[  243.838033][T11982] CPU: 0 PID: 11982 Comm: syz-executor.0 Tainted: G    B             5.3.0-rc3+ #16
[  243.847475][T11982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  243.857654][T11982] Call Trace:
[  243.860965][T11982]  dump_stack+0x191/0x1f0
[  243.865307][T11982]  panic+0x3c9/0xc1e
[  243.869332][T11982]  kmsan_report+0x2ca/0x2d0
[  243.875663][T11982]  __msan_warning+0x75/0xe0
[  243.880443][T11982]  kmem_cache_alloc_node+0x5d0/0xe70
[  243.885726][T11982]  ? kmsan_set_origin+0x26d/0x340
[  243.890750][T11982]  ? __alloc_skb+0x215/0xa10
[  243.895360][T11982]  __alloc_skb+0x215/0xa10
[  243.899775][T11982]  ? kmsan_get_metadata_or_null+0x208/0x290
[  243.905688][T11982]  __ip6_append_data+0x46ad/0x6060
[  243.910826][T11982]  ? kmsan_get_metadata_or_null+0x208/0x290
[  243.916776][T11982]  ip6_append_data+0x3c2/0x650
[  243.921540][T11982]  ? do_rawv6_getsockopt+0x4a0/0x4a0
[  243.926827][T11982]  ? do_rawv6_getsockopt+0x4a0/0x4a0
[  243.932135][T11982]  rawv6_sendmsg+0x232e/0x5b10
[  243.937023][T11982]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  243.943095][T11982]  ? __update_load_avg_se+0x738/0x1220
[  243.948594][T11982]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  243.954594][T11982]  ? udp_cmsg_send+0x5d0/0x5d0
[  243.959355][T11982]  ? compat_rawv6_ioctl+0x100/0x100
[  243.964552][T11982]  inet_sendmsg+0x2d8/0x2e0
[  243.969061][T11982]  ? inet_send_prepare+0x600/0x600
[  243.974168][T11982]  ___sys_sendmsg+0x12c4/0x1590
[  243.979047][T11982]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  243.985029][T11982]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  243.991094][T11982]  ? balance_callback+0x48/0x260
[  243.996050][T11982]  ? kmsan_internal_check_memory+0x27a/0x8d0
[  244.002027][T11982]  ? kmsan_get_metadata_or_null+0x208/0x290
[  244.007920][T11982]  ? __msan_get_context_state+0x9/0x20
[  244.013379][T11982]  ? rcu_all_qs+0x23/0x240
[  244.017808][T11982]  __sys_sendmmsg+0x53a/0xae0
[  244.022521][T11982]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  244.028508][T11982]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  244.034574][T11982]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  244.040294][T11982]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  244.046286][T11982]  __se_sys_sendmmsg+0xbd/0xe0
[  244.051061][T11982]  __x64_sys_sendmmsg+0x56/0x70
[  244.055924][T11982]  do_syscall_64+0xbc/0xf0
[  244.060456][T11982]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  244.067845][T11982] RIP: 0033:0x459829
[  244.071747][T11982] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  244.091347][T11982] RSP: 002b:00007f1d5f9c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  244.099759][T11982] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459829
[  244.107823][T11982] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000003
[  244.115799][T11982] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[  244.123770][T11982] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d5f9c56d4
[  244.131736][T11982] R13: 00000000004c7000 R14: 00000000004dc570 R15: 00000000ffffffff
[  244.141223][T11982] Kernel Offset: disabled
[  244.145553][T11982] Rebooting in 86400 seconds..