[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   93.564648][   T30] audit: type=1800 audit(1574739748.634:25): pid=13294 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   93.588123][   T30] audit: type=1800 audit(1574739748.654:26): pid=13294 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   93.632156][   T30] audit: type=1800 audit(1574739748.684:27): pid=13294 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts.
syzkaller login: [  107.570446][T13445] IPVS: ftp: loaded support on port[0] = 21
[  107.655713][T13445] chnl_net:caif_netlink_parms(): no params data found
[  107.693655][T13445] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.700949][T13445] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.709671][T13445] device bridge_slave_0 entered promiscuous mode
[  107.718376][T13445] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.726160][T13445] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.734560][T13445] device bridge_slave_1 entered promiscuous mode
[  107.760371][T13445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.772686][T13445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.800047][T13445] team0: Port device team_slave_0 added
[  107.808244][T13445] team0: Port device team_slave_1 added
[  107.864903][T13445] device hsr_slave_0 entered promiscuous mode
[  107.902666][T13445] device hsr_slave_1 entered promiscuous mode
[  108.048298][T13445] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.055748][T13445] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.063586][T13445] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.070820][T13445] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.311709][T13445] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.345817][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  108.373002][ T3902] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.414252][ T3902] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.444027][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  108.493038][T13445] 8021q: adding VLAN 0 to HW filter on device team0
[  108.520974][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  108.530658][ T3902] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.538147][ T3902] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.630196][T13445] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  108.641675][T13445] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  108.662224][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  108.672565][ T3902] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.679883][ T3902] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.690550][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  108.700868][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  108.710732][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  108.720609][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  108.809676][T13445] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.852399][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  108.861574][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  108.870403][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  108.878894][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
executing program
[  109.108596][T13445] =====================================================
[  109.115600][T13445] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x3c6/0x3320
[  109.122696][T13445] CPU: 1 PID: 13445 Comm: syz-executor950 Not tainted 5.4.0-rc8-syzkaller #0
[  109.131429][T13445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.141463][T13445] Call Trace:
[  109.144741][T13445]  dump_stack+0x1c9/0x220
[  109.149054][T13445]  kmsan_report+0x128/0x220
[  109.153543][T13445]  __msan_warning+0x64/0xc0
[  109.158039][T13445]  ip_tunnel_xmit+0x3c6/0x3320
[  109.162795][T13445]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.169450][T13445]  ? skb_push+0x15b/0x250
[  109.173770][T13445]  ? gre_build_header+0x3ec/0x9f0
[  109.178804][T13445]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  109.184711][T13445]  ipgre_xmit+0xff3/0x1120
[  109.189211][T13445]  ? ipgre_close+0x240/0x240
[  109.193795][T13445]  dev_hard_start_xmit+0x51a/0xab0
[  109.198898][T13445]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  109.204775][T13445]  __dev_queue_xmit+0x35b6/0x4200
[  109.209790][T13445]  dev_queue_xmit+0x4b/0x60
[  109.214271][T13445]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  109.219540][T13445]  packet_sendmsg+0x8234/0x9100
[  109.224376][T13445]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.230429][T13445]  ? aa_label_sk_perm+0x6d6/0x940
[  109.235453][T13445]  ? kmsan_get_metadata+0x51/0x350
[  109.240548][T13445]  ? kmsan_internal_set_origin+0x6a/0xb0
[  109.246179][T13445]  ? metadata_is_contiguous+0x270/0x270
[  109.251746][T13445]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.257804][T13445]  ? aa_sk_perm+0x730/0xaf0
[  109.262345][T13445]  ? compat_packet_setsockopt+0x360/0x360
[  109.268050][T13445]  ___sys_sendmsg+0x14ff/0x1590
[  109.272897][T13445]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  109.278786][T13445]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  109.284852][T13445]  ? __fget_light+0x1b8/0x710
[  109.289622][T13445]  __se_sys_sendmsg+0x305/0x460
[  109.294488][T13445]  __x64_sys_sendmsg+0x4a/0x70
[  109.299251][T13445]  do_syscall_64+0xb6/0x160
[  109.303737][T13445]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  109.309606][T13445] RIP: 0033:0x441fb9
[  109.313481][T13445] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  109.333067][T13445] RSP: 002b:00007ffcaeaf5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  109.341466][T13445] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441fb9
[  109.349417][T13445] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  109.357374][T13445] RBP: 0000000000000004 R08: 0000000000000025 R09: 0000000000000025
[  109.365343][T13445] R10: 0000000000000025 R11: 0000000000000246 R12: 0000000000000000
[  109.373293][T13445] R13: 0000000000403530 R14: 0000000000000000 R15: 0000000000000000
[  109.381257][T13445] 
[  109.383567][T13445] Uninit was created at:
[  109.387801][T13445]  kmsan_internal_poison_shadow+0x60/0x120
[  109.393586][T13445]  kmsan_slab_alloc+0x97/0x100
[  109.398325][T13445]  __kmalloc_node_track_caller+0xe27/0x11a0
[  109.404290][T13445]  __alloc_skb+0x306/0xa10
[  109.408692][T13445]  alloc_skb_with_frags+0x18c/0xa80
[  109.413867][T13445]  sock_alloc_send_pskb+0xafd/0x10a0
[  109.419148][T13445]  packet_sendmsg+0x63a6/0x9100
[  109.424069][T13445]  ___sys_sendmsg+0x14ff/0x1590
[  109.428891][T13445]  __se_sys_sendmsg+0x305/0x460
[  109.433730][T13445]  __x64_sys_sendmsg+0x4a/0x70
[  109.439053][T13445]  do_syscall_64+0xb6/0x160
[  109.443560][T13445]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  109.449429][T13445] =====================================================
[  109.456351][T13445] Disabling lock debugging due to kernel taint
[  109.462486][T13445] Kernel panic - not syncing: panic_on_warn set ...
[  109.469071][T13445] CPU: 1 PID: 13445 Comm: syz-executor950 Tainted: G    B             5.4.0-rc8-syzkaller #0
[  109.479282][T13445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.489319][T13445] Call Trace:
[  109.492598][T13445]  dump_stack+0x1c9/0x220
[  109.496910][T13445]  panic+0x3c9/0xc1e
[  109.500795][T13445]  kmsan_report+0x215/0x220
[  109.505284][T13445]  __msan_warning+0x64/0xc0
[  109.509781][T13445]  ip_tunnel_xmit+0x3c6/0x3320
[  109.514538][T13445]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.520581][T13445]  ? skb_push+0x15b/0x250
[  109.524898][T13445]  ? gre_build_header+0x3ec/0x9f0
[  109.529907][T13445]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  109.535778][T13445]  ipgre_xmit+0xff3/0x1120
[  109.540286][T13445]  ? ipgre_close+0x240/0x240
[  109.544872][T13445]  dev_hard_start_xmit+0x51a/0xab0
[  109.549992][T13445]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  109.555898][T13445]  __dev_queue_xmit+0x35b6/0x4200
[  109.560924][T13445]  dev_queue_xmit+0x4b/0x60
[  109.565410][T13445]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  109.570675][T13445]  packet_sendmsg+0x8234/0x9100
[  109.575510][T13445]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.581588][T13445]  ? aa_label_sk_perm+0x6d6/0x940
[  109.586614][T13445]  ? kmsan_get_metadata+0x51/0x350
[  109.591721][T13445]  ? kmsan_internal_set_origin+0x6a/0xb0
[  109.597334][T13445]  ? metadata_is_contiguous+0x270/0x270
[  109.602874][T13445]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.608935][T13445]  ? aa_sk_perm+0x730/0xaf0
[  109.613465][T13445]  ? compat_packet_setsockopt+0x360/0x360
[  109.619726][T13445]  ___sys_sendmsg+0x14ff/0x1590
[  109.624589][T13445]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  109.630470][T13445]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  109.636617][T13445]  ? __fget_light+0x1b8/0x710
[  109.641306][T13445]  __se_sys_sendmsg+0x305/0x460
[  109.646152][T13445]  __x64_sys_sendmsg+0x4a/0x70
[  109.650917][T13445]  do_syscall_64+0xb6/0x160
[  109.655405][T13445]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  109.661274][T13445] RIP: 0033:0x441fb9
[  109.665160][T13445] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  109.684740][T13445] RSP: 002b:00007ffcaeaf5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  109.693149][T13445] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441fb9
[  109.702644][T13445] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  109.710782][T13445] RBP: 0000000000000004 R08: 0000000000000025 R09: 0000000000000025
[  109.719424][T13445] R10: 0000000000000025 R11: 0000000000000246 R12: 0000000000000000
[  109.727392][T13445] R13: 0000000000403530 R14: 0000000000000000 R15: 0000000000000000
[  109.737094][T13445] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  109.748967][T13445] Rebooting in 86400 seconds..