[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   75.767528][   T32] audit: type=1800 audit(1569699340.817:25): pid=11351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   75.790457][   T32] audit: type=1800 audit(1569699340.837:26): pid=11351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   75.832552][   T32] audit: type=1800 audit(1569699340.867:27): pid=11351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts.
2019/09/28 19:35:54 fuzzer started
2019/09/28 19:35:58 dialing manager at 10.128.0.26:40453
2019/09/28 19:35:58 syscalls: 2385
2019/09/28 19:35:58 code coverage: enabled
2019/09/28 19:35:58 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/09/28 19:35:58 extra coverage: enabled
2019/09/28 19:35:58 setuid sandbox: enabled
2019/09/28 19:35:58 namespace sandbox: enabled
2019/09/28 19:35:58 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/28 19:35:58 fault injection: enabled
2019/09/28 19:35:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/28 19:35:58 net packet injection: enabled
2019/09/28 19:35:58 net device setup: enabled
19:38:44 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7a, 0x0, [0x400000b1], [0x3a]})

syzkaller login: [  259.586580][T11517] IPVS: ftp: loaded support on port[0] = 21
[  259.719655][T11517] chnl_net:caif_netlink_parms(): no params data found
[  259.772631][T11517] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.779846][T11517] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.788578][T11517] device bridge_slave_0 entered promiscuous mode
[  259.798080][T11517] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.805453][T11517] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.814110][T11517] device bridge_slave_1 entered promiscuous mode
[  259.844931][T11517] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  259.857484][T11517] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  259.889980][T11517] team0: Port device team_slave_0 added
[  259.899478][T11517] team0: Port device team_slave_1 added
[  260.036465][T11517] device hsr_slave_0 entered promiscuous mode
[  260.292558][T11517] device hsr_slave_1 entered promiscuous mode
[  260.532449][T11517] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.539774][T11517] bridge0: port 2(bridge_slave_1) entered forwarding state
[  260.547590][T11517] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.554822][T11517] bridge0: port 1(bridge_slave_0) entered forwarding state
[  260.632727][T11517] 8021q: adding VLAN 0 to HW filter on device bond0
[  260.653015][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  260.665059][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.679274][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.698621][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  260.719113][T11517] 8021q: adding VLAN 0 to HW filter on device team0
[  260.736762][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  260.746474][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  260.755477][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.762695][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  260.779883][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  260.789669][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  260.798668][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.805887][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  260.848865][T11517] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  260.859900][T11517] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  260.876023][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  260.886380][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  260.896546][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  260.906311][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  260.915658][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  260.925364][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  260.934810][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  260.944004][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  260.953882][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  260.962926][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  260.973332][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  260.982069][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  261.017850][T11517] 8021q: adding VLAN 0 to HW filter on device batadv0
[  261.032419][T11517] =====================================================
[  261.039476][T11517] BUG: KMSAN: uninit-value in skb_clone+0x326/0x5d0
[  261.046156][T11517] CPU: 0 PID: 11517 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0
[  261.054344][T11517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.064481][T11517] Call Trace:
[  261.067935][T11517]  dump_stack+0x191/0x1f0
[  261.072274][T11517]  kmsan_report+0x13a/0x2b0
[  261.076798][T11517]  __msan_warning+0x73/0xe0
[  261.081315][T11517]  kmem_cache_alloc+0x4ed/0xd10
[  261.086177][T11517]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  261.092096][T11517]  ? skb_clone+0x326/0x5d0
[  261.096544][T11517]  skb_clone+0x326/0x5d0
[  261.100878][T11517]  netlink_deliver_tap+0x804/0xeb0
[  261.106040][T11517]  netlink_unicast+0x9bd/0x1050
[  261.110922][T11517]  netlink_ack+0x1101/0x1240
[  261.115961][T11517]  ? kmsan_internal_set_origin+0x20/0xb0
[  261.121626][T11517]  netlink_rcv_skb+0x316/0x620
[  261.126436][T11517]  ? rtnetlink_bind+0x120/0x120
[  261.131312][T11517]  rtnetlink_rcv+0x50/0x60
[  261.135765][T11517]  netlink_unicast+0xf6c/0x1050
[  261.140995][T11517]  netlink_sendmsg+0x110f/0x1330
[  261.145955][T11517]  ? netlink_getsockopt+0x1430/0x1430
[  261.151816][T11517]  __sys_sendto+0xc44/0xc70
[  261.156795][T11517]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  261.162784][T11517]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  261.168858][T11517]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  261.174594][T11517]  __se_sys_sendto+0x107/0x130
[  261.179373][T11517]  __x64_sys_sendto+0x6e/0x90
[  261.184052][T11517]  do_syscall_64+0xbc/0xf0
[  261.188498][T11517]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  261.194390][T11517] RIP: 0033:0x413873
[  261.198287][T11517] Code: ff 0f 83 b0 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 1d 2a 66 00 00 75 17 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff
[  261.218006][T11517] RSP: 002b:0000000000a6fb18 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  261.226423][T11517] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413873
[  261.234480][T11517] RDX: 0000000000000038 RSI: 0000000000a70070 RDI: 0000000000000003
[  261.242450][T11517] RBP: 0000000000000000 R08: 0000000000a6fb20 R09: 000000000000000c
[  261.250443][T11517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  261.258424][T11517] R13: 0000000000000003 R14: 0000000000a6fbc8 R15: 0000000000000006
[  261.266406][T11517] 
[  261.268728][T11517] Uninit was stored to memory at:
[  261.273755][T11517]  kmsan_internal_chain_origin+0xd2/0x170
[  261.279575][T11517]  __msan_chain_origin+0x6b/0xe0
[  261.284515][T11517]  ___slab_alloc+0x1dbc/0x1fb0
[  261.289277][T11517]  kmem_cache_alloc_node+0x769/0xe70
[  261.294570][T11517]  __alloc_skb+0x215/0xa10
[  261.298990][T11517]  netlink_ack+0x579/0x1240
[  261.303494][T11517]  netlink_rcv_skb+0x316/0x620
[  261.308254][T11517]  rtnetlink_rcv+0x50/0x60
[  261.312672][T11517]  netlink_unicast+0xf6c/0x1050
[  261.317518][T11517]  netlink_sendmsg+0x110f/0x1330
[  261.322451][T11517]  __sys_sendto+0xc44/0xc70
[  261.327037][T11517]  __se_sys_sendto+0x107/0x130
[  261.331798][T11517]  __x64_sys_sendto+0x6e/0x90
[  261.336559][T11517]  do_syscall_64+0xbc/0xf0
[  261.341163][T11517]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  261.347041][T11517] 
[  261.350259][T11517] Uninit was created at:
[  261.354509][T11517]  kmsan_internal_poison_shadow+0x53/0x100
[  261.360312][T11517]  kmsan_slab_free+0x8d/0x100
[  261.364993][T11517]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  261.370357][T11517]  napi_consume_skb+0x593/0x5d0
[  261.375209][T11517]  free_old_xmit_skbs+0x1a1/0x450
[  261.381055][T11517]  virtnet_poll_tx+0x24c/0x4c0
[  261.385848][T11517]  net_rx_action+0x74b/0x1950
[  261.390564][T11517]  __do_softirq+0x4a1/0x83a
[  261.395675][T11517]  irq_exit+0x230/0x280
[  261.399826][T11517]  do_IRQ+0x20d/0x3a0
[  261.403821][T11517]  ret_from_intr+0x0/0x33
[  261.408159][T11517]  default_idle+0x53/0x90
[  261.412498][T11517]  arch_cpu_idle+0x25/0x30
[  261.416912][T11517]  do_idle+0x1d7/0x790
[  261.421075][T11517]  cpu_startup_entry+0x45/0x50
[  261.425834][T11517]  start_secondary+0x370/0x470
[  261.430592][T11517]  secondary_startup_64+0xa4/0xb0
[  261.435615][T11517] =====================================================
[  261.442625][T11517] Disabling lock debugging due to kernel taint
[  261.448866][T11517] Kernel panic - not syncing: panic_on_warn set ...
[  261.455804][T11517] CPU: 0 PID: 11517 Comm: syz-executor.0 Tainted: G    B             5.3.0-rc7+ #0
[  261.465073][T11517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.475121][T11517] Call Trace:
[  261.478436][T11517]  dump_stack+0x191/0x1f0
[  261.482778][T11517]  panic+0x3c9/0xc1e
[  261.486705][T11517]  kmsan_report+0x2a2/0x2b0
[  261.491218][T11517]  __msan_warning+0x73/0xe0
[  261.495745][T11517]  kmem_cache_alloc+0x4ed/0xd10
[  261.500597][T11517]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  261.506489][T11517]  ? skb_clone+0x326/0x5d0
[  261.510920][T11517]  skb_clone+0x326/0x5d0
[  261.515178][T11517]  netlink_deliver_tap+0x804/0xeb0
[  261.520317][T11517]  netlink_unicast+0x9bd/0x1050
[  261.525303][T11517]  netlink_ack+0x1101/0x1240
[  261.529990][T11517]  ? kmsan_internal_set_origin+0x20/0xb0
[  261.535644][T11517]  netlink_rcv_skb+0x316/0x620
[  261.540417][T11517]  ? rtnetlink_bind+0x120/0x120
[  261.545282][T11517]  rtnetlink_rcv+0x50/0x60
[  261.549704][T11517]  netlink_unicast+0xf6c/0x1050
[  261.554575][T11517]  netlink_sendmsg+0x110f/0x1330
[  261.559552][T11517]  ? netlink_getsockopt+0x1430/0x1430
[  261.564926][T11517]  __sys_sendto+0xc44/0xc70
[  261.569456][T11517]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  261.575380][T11517]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  261.581625][T11517]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  261.587442][T11517]  __se_sys_sendto+0x107/0x130
[  261.592222][T11517]  __x64_sys_sendto+0x6e/0x90
[  261.596905][T11517]  do_syscall_64+0xbc/0xf0
[  261.601348][T11517]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  261.607235][T11517] RIP: 0033:0x413873
[  261.611133][T11517] Code: ff 0f 83 b0 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 1d 2a 66 00 00 75 17 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff
[  261.631171][T11517] RSP: 002b:0000000000a6fb18 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  261.639582][T11517] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413873
[  261.647555][T11517] RDX: 0000000000000038 RSI: 0000000000a70070 RDI: 0000000000000003
[  261.655618][T11517] RBP: 0000000000000000 R08: 0000000000a6fb20 R09: 000000000000000c
[  261.663586][T11517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  261.671560][T11517] R13: 0000000000000003 R14: 0000000000a6fbc8 R15: 0000000000000006
[  261.680880][T11517] Kernel Offset: disabled
[  261.685341][T11517] Rebooting in 86400 seconds..