[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   91.759975] audit: type=1800 audit(1546196677.805:25): pid=10837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   91.779119] audit: type=1800 audit(1546196677.805:26): pid=10837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   91.798542] audit: type=1800 audit(1546196677.835:27): pid=10837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
2018/12/30 19:04:52 fuzzer started
2018/12/30 19:04:57 dialing manager at 10.128.0.26:36695
2018/12/30 19:04:57 syscalls: 1
2018/12/30 19:04:57 code coverage: enabled
2018/12/30 19:04:57 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 19:04:57 setuid sandbox: enabled
2018/12/30 19:04:57 namespace sandbox: enabled
2018/12/30 19:04:57 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 19:04:57 fault injection: enabled
2018/12/30 19:04:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 19:04:57 net packet injection: enabled
2018/12/30 19:04:57 net device setup: enabled
19:08:20 executing program 0:

syzkaller login: [  315.202336] IPVS: ftp: loaded support on port[0] = 21
[  315.359913] chnl_net:caif_netlink_parms(): no params data found
[  315.433279] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.439808] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.448399] device bridge_slave_0 entered promiscuous mode
[  315.457260] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.463911] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.472309] device bridge_slave_1 entered promiscuous mode
[  315.516643] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  315.528550] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  315.559289] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  315.567971] team0: Port device team_slave_0 added
[  315.574461] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  315.583169] team0: Port device team_slave_1 added
[  315.589828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  315.598321] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  315.697369] device hsr_slave_0 entered promiscuous mode
[  315.953144] device hsr_slave_1 entered promiscuous mode
[  316.083398] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  316.090972] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  316.122906] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.129471] bridge0: port 2(bridge_slave_1) entered forwarding state
[  316.136731] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.143338] bridge0: port 1(bridge_slave_0) entered forwarding state
[  316.239072] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  316.245842] 8021q: adding VLAN 0 to HW filter on device bond0
[  316.260026] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  316.275469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  316.287565] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.297168] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.309098] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  316.329053] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  316.335265] 8021q: adding VLAN 0 to HW filter on device team0
[  316.351139] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  316.358444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  316.367211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  316.377093] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.383634] bridge0: port 1(bridge_slave_0) entered forwarding state
[  316.402339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  316.414249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  316.424993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  316.433805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  316.442090] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.448612] bridge0: port 2(bridge_slave_1) entered forwarding state
[  316.457245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  316.472648] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  316.480151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  316.499646] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  316.506827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  316.515940] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  316.525418] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  316.539565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  316.548177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  316.557403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  316.573154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  316.580897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  316.589367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  316.605386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  316.613426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  316.621729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  316.635175] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  316.641246] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  316.670527] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  316.694230] 8021q: adding VLAN 0 to HW filter on device batadv0
19:08:22 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev}}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4000000000001b9, 0x0)

19:08:23 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='/exe\x00\x00\x00\xb3\xca]\xd5\x00K\xdd\xdd\xde\x91\xbe\x10\xee\xaf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xdau\xaf\x1f\x02\xac\x06\xed\xbc\xd7\xa0q\xfb53\x1c\xe3\x9cZ\x00\x00\x9c\x93')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fsetxattr(r0, &(0x7f0000000180)=@known='user.syz\x00', 0x0, 0x0, 0x0)

19:08:23 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

19:08:23 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x182)
r1 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pipe(0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, "f192e05ceb360d6dc53133724b636c5cfd44b9426c3145b37135e8be868e2e84092442b6040b61e58080415e8e9c8190763743e36b3fca5391faa109cb46140c", "e5fb1ab255dfd013129ebd0113a7d0dc5716a84e72771273eb750445b6595d5a16626b9257ca9a1c8dc065920282627802d4a4ae3c9efd92a2210f159ad24d00", "ddb510ab823f2eb1ba3adaa15f6a0c382e79b5b2aedf025d63b74854b9010618"})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
ioctl$LOOP_SET_FD(r0, 0x4c00, 0xffffffffffffffff)

[  317.312211] loop_reread_partitions: partition scan of loop0 (ñ’à\ë6mÅ13rKcl\ýD¹Bl1E³q5è¾†Ž.„	$B¶aå€€A^Žœv7Cãk?ÊS‘ú¡	ËF) failed (rc=-13)
19:08:23 executing program 0:
r0 = socket(0x200000000000011, 0x4000000000080002, 0xdd86)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'ip6_vti0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev}, 0x14)
write$binfmt_elf64(r0, 0x0, 0x0)

[  317.562778] loop_reread_partitions: partition scan of loop0 () failed (rc=-13)
[  317.662931] ==================================================================
[  317.670357] BUG: KMSAN: uninit-value in vti6_tnl_xmit+0x4cb/0x2360
[  317.676703] CPU: 0 PID: 11030 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #1
[  317.683894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  317.693267] Call Trace:
[  317.695897]  dump_stack+0x173/0x1d0
[  317.699559]  kmsan_report+0x12e/0x2a0
[  317.703411]  __msan_warning+0x82/0xf0
[  317.707260]  vti6_tnl_xmit+0x4cb/0x2360
[  317.711317]  ? vti6_dev_uninit+0x660/0x660
[  317.715577]  dev_hard_start_xmit+0x607/0xc40
[  317.720065]  __dev_queue_xmit+0x2e42/0x3bc0
[  317.724497]  dev_queue_xmit+0x4b/0x60
[  317.728318]  ? __netdev_pick_tx+0x1270/0x1270
[  317.732839]  packet_sendmsg+0x8306/0x8f30
[  317.737029]  ? kmsan_memcpy_memmove_metadata+0x58f/0xfa0
[  317.742496]  ? sock_write_iter+0x102/0x4d0
[  317.746752]  ? vfs_write+0x478/0x8d0
[  317.750490]  ? do_syscall_64+0xbc/0xf0
[  317.754403]  ? entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  317.759825]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  317.765287]  ? compat_packet_setsockopt+0x360/0x360
[  317.770320]  sock_write_iter+0x3f4/0x4d0
[  317.774428]  ? sock_read_iter+0x4e0/0x4e0
[  317.778864]  __vfs_write+0x888/0xb70
[  317.782629]  vfs_write+0x478/0x8d0
[  317.786219]  __se_sys_write+0x17a/0x370
[  317.790239]  __x64_sys_write+0x4a/0x70
[  317.794157]  do_syscall_64+0xbc/0xf0
[  317.797908]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  317.803108] RIP: 0033:0x457ec9
[  317.806329] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  317.825242] RSP: 002b:00007f4e6d81cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  317.832969] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9
[  317.840492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  317.847776] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  317.855057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e6d81d6d4
[  317.862363] R13: 00000000004c6f0a R14: 00000000004dc2b8 R15: 00000000ffffffff
[  317.869698] 
[  317.871362] Uninit was created at:
[  317.874925]  kmsan_internal_poison_shadow+0x92/0x150
[  317.880042]  kmsan_kmalloc+0xa6/0x130
[  317.883877]  kmsan_slab_alloc+0xe/0x10
[  317.887779]  __kmalloc_node_track_caller+0xe18/0x1030
[  317.893001]  __alloc_skb+0x309/0xa20
[  317.896762]  alloc_skb_with_frags+0x1c7/0xac0
[  317.901297]  sock_alloc_send_pskb+0xafd/0x10e0
[  317.905893]  packet_sendmsg+0x661a/0x8f30
[  317.910053]  sock_write_iter+0x3f4/0x4d0
[  317.914136]  __vfs_write+0x888/0xb70
[  317.917875]  vfs_write+0x478/0x8d0
[  317.921433]  __se_sys_write+0x17a/0x370
[  317.925416]  __x64_sys_write+0x4a/0x70
[  317.929315]  do_syscall_64+0xbc/0xf0
[  317.933044]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  317.938234] ==================================================================
[  317.945598] Disabling lock debugging due to kernel taint
[  317.951058] Kernel panic - not syncing: panic_on_warn set ...
[  317.956974] CPU: 0 PID: 11030 Comm: syz-executor0 Tainted: G    B             4.20.0-rc7+ #1
[  317.965558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  317.974914] Call Trace:
[  317.977542]  dump_stack+0x173/0x1d0
[  317.981199]  panic+0x3ce/0x961
[  317.984462]  kmsan_report+0x293/0x2a0
[  317.988292]  __msan_warning+0x82/0xf0
[  317.992144]  vti6_tnl_xmit+0x4cb/0x2360
[  317.996224]  ? vti6_dev_uninit+0x660/0x660
[  318.000485]  dev_hard_start_xmit+0x607/0xc40
[  318.004978]  __dev_queue_xmit+0x2e42/0x3bc0
[  318.009375]  dev_queue_xmit+0x4b/0x60
[  318.013213]  ? __netdev_pick_tx+0x1270/0x1270
[  318.017734]  packet_sendmsg+0x8306/0x8f30
[  318.021921]  ? kmsan_memcpy_memmove_metadata+0x58f/0xfa0
[  318.027408]  ? sock_write_iter+0x102/0x4d0
[  318.031659]  ? vfs_write+0x478/0x8d0
[  318.035402]  ? do_syscall_64+0xbc/0xf0
[  318.039344]  ? entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  318.044778]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  318.050254]  ? compat_packet_setsockopt+0x360/0x360
[  318.055294]  sock_write_iter+0x3f4/0x4d0
[  318.059403]  ? sock_read_iter+0x4e0/0x4e0
[  318.063571]  __vfs_write+0x888/0xb70
[  318.067336]  vfs_write+0x478/0x8d0
[  318.070922]  __se_sys_write+0x17a/0x370
[  318.074940]  __x64_sys_write+0x4a/0x70
[  318.078858]  do_syscall_64+0xbc/0xf0
[  318.082601]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  318.087804] RIP: 0033:0x457ec9
[  318.091047] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  318.109957] RSP: 002b:00007f4e6d81cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  318.117693] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9
[  318.124990] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  318.132267] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  318.139551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4e6d81d6d4
[  318.146834] R13: 00000000004c6f0a R14: 00000000004dc2b8 R15: 00000000ffffffff
[  318.155209] Kernel Offset: disabled
[  318.158841] Rebooting in 86400 seconds..