[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  101.548650][   T31] audit: type=1800 audit(1562543414.594:25): pid=13420 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  101.574025][   T31] audit: type=1800 audit(1562543414.624:26): pid=13420 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  101.611312][   T31] audit: type=1800 audit(1562543414.644:27): pid=13420 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts.
syzkaller login: [  112.600988][T13571] IPVS: ftp: loaded support on port[0] = 21
[  112.679686][T13571] chnl_net:caif_netlink_parms(): no params data found
[  112.718242][T13571] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.725581][T13571] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.734115][T13571] device bridge_slave_0 entered promiscuous mode
[  112.742833][T13571] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.749994][T13571] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.758620][T13571] device bridge_slave_1 entered promiscuous mode
[  112.781750][T13571] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  112.793285][T13571] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  112.816286][T13571] team0: Port device team_slave_0 added
[  112.824429][T13571] team0: Port device team_slave_1 added
[  112.884863][T13571] device hsr_slave_0 entered promiscuous mode
[  112.922409][T13571] device hsr_slave_1 entered promiscuous mode
[  112.974742][T13571] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.982041][T13571] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.989595][T13571] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.996936][T13571] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.049095][T13571] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.065006][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  113.075292][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.084100][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.093403][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  113.109643][T13571] 8021q: adding VLAN 0 to HW filter on device team0
[  113.123698][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  113.132656][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.140082][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.155260][ T3931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  113.164121][ T3931] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.171541][ T3931] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.195657][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  113.219202][T13571] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  113.230161][T13571] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.246013][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  113.254702][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  113.264129][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  113.274196][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  113.283971][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[  113.310531][T13571] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.402380][T13571] ==================================================================
[  113.410571][T13571] BUG: KMSAN: uninit-value in hsr_register_frame_in+0x12c/0x200
[  113.418198][T13571] CPU: 1 PID: 13571 Comm: syz-executor406 Not tainted 5.2.0-rc4+ #10
[  113.426247][T13571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  113.436321][T13571] Call Trace:
[  113.439616][T13571]  dump_stack+0x191/0x1f0
[  113.444034][T13571]  kmsan_report+0x162/0x2d0
[  113.448534][T13571]  __msan_warning+0x75/0xe0
[  113.453057][T13571]  hsr_register_frame_in+0x12c/0x200
[  113.458431][T13571]  hsr_forward_skb+0xd11/0x3070
[  113.463365][T13571]  hsr_dev_xmit+0xf8/0x160
[  113.467847][T13571]  ? is_hsr_master+0xb0/0xb0
[  113.472433][T13571]  dev_hard_start_xmit+0x51a/0xab0
[  113.477551][T13571]  __dev_queue_xmit+0x394d/0x4270
[  113.482683][T13571]  dev_queue_xmit+0x4b/0x60
[  113.487172][T13571]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  113.492461][T13571]  packet_sendmsg+0x815c/0x8f80
[  113.497328][T13571]  ? arch_local_irq_disable+0x10/0x10
[  113.502698][T13571]  ? rcu_force_quiescent_state+0x530/0x530
[  113.508497][T13571]  ? wait_for_completion+0x3e/0x50
[  113.513603][T13571]  ? __wait_rcu_gp+0x4b9/0x520
[  113.518630][T13571]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  113.524524][T13571]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  113.530608][T13571]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  113.536512][T13571]  ? compat_packet_setsockopt+0x360/0x360
[  113.542242][T13571]  __sys_sendto+0xa95/0xb90
[  113.546770][T13571]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  113.552662][T13571]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  113.558739][T13571]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  113.564454][T13571]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  113.570352][T13571]  __se_sys_sendto+0x107/0x130
[  113.575121][T13571]  __x64_sys_sendto+0x6e/0x90
[  113.579807][T13571]  do_syscall_64+0xbc/0xf0
[  113.584217][T13571]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  113.590183][T13571] RIP: 0033:0x4419d9
[  113.594078][T13571] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  113.613684][T13571] RSP: 002b:00007ffe2ee20638 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  113.622087][T13571] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004419d9
[  113.630054][T13571] RDX: 000000000000000e RSI: 0000000020000040 RDI: 0000000000000003
[  113.638027][T13571] RBP: 00000000004a9070 R08: 0000000000000000 R09: 0000000000000000
[  113.645985][T13571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402f20
[  113.653946][T13571] R13: 0000000000402fb0 R14: 0000000000000000 R15: 0000000000000000
[  113.662062][T13571] 
[  113.664373][T13571] Uninit was stored to memory at:
[  113.669388][T13571]  kmsan_internal_chain_origin+0xcc/0x150
[  113.675106][T13571]  __msan_chain_origin+0x6b/0xe0
[  113.680026][T13571]  hsr_get_node+0xc90/0xe10
[  113.684510][T13571]  hsr_forward_skb+0x780/0x3070
[  113.689360][T13571]  hsr_dev_xmit+0xf8/0x160
[  113.693763][T13571]  dev_hard_start_xmit+0x51a/0xab0
[  113.698857][T13571]  __dev_queue_xmit+0x394d/0x4270
[  113.703865][T13571]  dev_queue_xmit+0x4b/0x60
[  113.708349][T13571]  packet_sendmsg+0x815c/0x8f80
[  113.713183][T13571]  __sys_sendto+0xa95/0xb90
[  113.717666][T13571]  __se_sys_sendto+0x107/0x130
[  113.722411][T13571]  __x64_sys_sendto+0x6e/0x90
[  113.727197][T13571]  do_syscall_64+0xbc/0xf0
[  113.731602][T13571]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  113.737475][T13571] 
[  113.739783][T13571] Uninit was created at:
[  113.744009][T13571]  kmsan_internal_poison_shadow+0x53/0xa0
[  113.749712][T13571]  kmsan_kmalloc+0xa4/0x130
[  113.754198][T13571]  kmsan_slab_alloc+0xe/0x10
[  113.758782][T13571]  __kmalloc_node_track_caller+0xcba/0xf30
[  113.764572][T13571]  __alloc_skb+0x306/0xa10
[  113.768970][T13571]  alloc_skb_with_frags+0x18c/0xa80
[  113.774155][T13571]  sock_alloc_send_pskb+0xafd/0x10a0
[  113.779427][T13571]  packet_sendmsg+0x6419/0x8f80
[  113.784270][T13571]  __sys_sendto+0xa95/0xb90
[  113.788774][T13571]  __se_sys_sendto+0x107/0x130
[  113.793520][T13571]  __x64_sys_sendto+0x6e/0x90
[  113.798614][T13571]  do_syscall_64+0xbc/0xf0
[  113.803107][T13571]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  113.808979][T13571] ==================================================================
[  113.817019][T13571] Disabling lock debugging due to kernel taint
[  113.823268][T13571] Kernel panic - not syncing: panic_on_warn set ...
[  113.829877][T13571] CPU: 1 PID: 13571 Comm: syz-executor406 Tainted: G    B             5.2.0-rc4+ #10
[  113.840272][T13571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  113.850324][T13571] Call Trace:
[  113.853619][T13571]  dump_stack+0x191/0x1f0
[  113.857961][T13571]  panic+0x3c9/0xc1e
[  113.861898][T13571]  kmsan_report+0x2ca/0x2d0
[  113.866416][T13571]  __msan_warning+0x75/0xe0
[  113.870934][T13571]  hsr_register_frame_in+0x12c/0x200
[  113.879081][T13571]  hsr_forward_skb+0xd11/0x3070
[  113.883981][T13571]  hsr_dev_xmit+0xf8/0x160
[  113.888494][T13571]  ? is_hsr_master+0xb0/0xb0
[  113.893097][T13571]  dev_hard_start_xmit+0x51a/0xab0
[  113.898239][T13571]  __dev_queue_xmit+0x394d/0x4270
[  113.903302][T13571]  dev_queue_xmit+0x4b/0x60
[  113.907797][T13571]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  113.913084][T13571]  packet_sendmsg+0x815c/0x8f80
[  113.917931][T13571]  ? arch_local_irq_disable+0x10/0x10
[  113.923313][T13571]  ? rcu_force_quiescent_state+0x530/0x530
[  113.930439][T13571]  ? wait_for_completion+0x3e/0x50
[  113.936077][T13571]  ? __wait_rcu_gp+0x4b9/0x520
[  113.940957][T13571]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  113.946870][T13571]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  113.953134][T13571]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  113.959042][T13571]  ? compat_packet_setsockopt+0x360/0x360
[  113.964886][T13571]  __sys_sendto+0xa95/0xb90
[  113.969434][T13571]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  113.975360][T13571]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  113.981417][T13571]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  113.987227][T13571]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  113.993119][T13571]  __se_sys_sendto+0x107/0x130
[  113.997888][T13571]  __x64_sys_sendto+0x6e/0x90
[  114.002736][T13571]  do_syscall_64+0xbc/0xf0
[  114.007141][T13571]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  114.013015][T13571] RIP: 0033:0x4419d9
[  114.016894][T13571] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  114.036680][T13571] RSP: 002b:00007ffe2ee20638 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  114.045096][T13571] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004419d9
[  114.053262][T13571] RDX: 000000000000000e RSI: 0000000020000040 RDI: 0000000000000003
[  114.061394][T13571] RBP: 00000000004a9070 R08: 0000000000000000 R09: 0000000000000000
[  114.069356][T13571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402f20
[  114.077317][T13571] R13: 0000000000402fb0 R14: 0000000000000000 R15: 0000000000000000
[  114.086530][T13571] Kernel Offset: disabled
[  114.090894][T13571] Rebooting in 86400 seconds..