[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   85.885935][   T30] audit: type=1800 audit(1575099634.935:25): pid=12386 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   85.908991][   T30] audit: type=1800 audit(1575099634.955:26): pid=12386 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   85.971809][   T30] audit: type=1800 audit(1575099634.985:27): pid=12386 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.1' (ECDSA) to the list of known hosts.
syzkaller login: [   99.421659][T12536] IPVS: ftp: loaded support on port[0] = 21
[   99.494990][T12536] chnl_net:caif_netlink_parms(): no params data found
[   99.529108][T12536] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.536358][T12536] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.544633][T12536] device bridge_slave_0 entered promiscuous mode
[   99.553605][T12536] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.560715][T12536] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.569278][T12536] device bridge_slave_1 entered promiscuous mode
[   99.591063][T12536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.603338][T12536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.625937][T12536] team0: Port device team_slave_0 added
[   99.634057][T12536] team0: Port device team_slave_1 added
[   99.714620][T12536] device hsr_slave_0 entered promiscuous mode
[   99.752220][T12536] device hsr_slave_1 entered promiscuous mode
[   99.928577][T12536] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.935874][T12536] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.943682][T12536] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.950878][T12536] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.199935][T12536] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.246107][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.273214][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.294180][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.323872][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  100.369622][T12536] 8021q: adding VLAN 0 to HW filter on device team0
[  100.401571][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.411179][ T2802] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.418571][ T2802] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.500160][T12536] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  100.511047][T12536] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  100.543467][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.553203][ T2802] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.560371][ T2802] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.570784][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.580943][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.590570][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.600209][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.685925][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.695773][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.704346][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  100.712026][ T2802] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  100.731205][T12536] 8021q: adding VLAN 0 to HW filter on device batadv0
executing program
executing program
[  100.889829][T12578] =====================================================
[  100.896920][T12578] BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x3c6/0x3320
[  100.904014][T12578] CPU: 0 PID: 12578 Comm: syz-executor160 Not tainted 5.4.0-rc8-syzkaller #0
[  100.912750][T12578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  100.922802][T12578] Call Trace:
[  100.926080][T12578]  dump_stack+0x1c9/0x220
[  100.930395][T12578]  kmsan_report+0x128/0x220
[  100.934885][T12578]  __msan_warning+0x64/0xc0
[  100.941747][T12578]  ip_tunnel_xmit+0x3c6/0x3320
[  100.946518][T12578]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  100.952578][T12578]  ? skb_push+0x15b/0x250
[  100.956903][T12578]  ? gre_build_header+0x3ec/0x9f0
[  100.961920][T12578]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  100.967810][T12578]  ipgre_xmit+0xff3/0x1120
[  100.972488][T12578]  ? ipgre_close+0x240/0x240
[  100.977066][T12578]  dev_hard_start_xmit+0x51a/0xab0
[  100.982198][T12578]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  100.988089][T12578]  __dev_queue_xmit+0x35b6/0x4200
[  100.993121][T12578]  dev_queue_xmit+0x4b/0x60
[  100.997609][T12578]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  101.002998][T12578]  packet_sendmsg+0x8234/0x9100
[  101.007843][T12578]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  101.014778][T12578]  ? aa_label_sk_perm+0x6d6/0x940
[  101.019796][T12578]  ? kmsan_get_metadata+0x51/0x350
[  101.024909][T12578]  ? kmsan_internal_set_origin+0x6a/0xb0
[  101.030530][T12578]  ? metadata_is_contiguous+0x270/0x270
[  101.036066][T12578]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  101.042119][T12578]  ? aa_sk_perm+0x730/0xaf0
[  101.046645][T12578]  ? compat_packet_setsockopt+0x360/0x360
[  101.052346][T12578]  __sys_sendto+0xc44/0xc70
[  101.056848][T12578]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  101.062727][T12578]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  101.068779][T12578]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  101.074486][T12578]  __se_sys_sendto+0x107/0x130
[  101.079238][T12578]  __x64_sys_sendto+0x6e/0x90
[  101.083903][T12578]  do_syscall_64+0xb6/0x160
[  101.088392][T12578]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  101.094799][T12578] RIP: 0033:0x442909
[  101.098675][T12578] Code: e8 ac 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  101.118270][T12578] RSP: 002b:00007ffc438e20d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  101.126737][T12578] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442909
[  101.134706][T12578] RDX: 000000000000000e RSI: 0000000020000200 RDI: 0000000000000003
[  101.142658][T12578] RBP: 0000000000018a19 R08: 00000000200000c0 R09: 0000000000000014
[  101.150621][T12578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.158585][T12578] R13: 0000000000403840 R14: 0000000000000000 R15: 0000000000000000
[  101.166622][T12578] 
[  101.168930][T12578] Uninit was created at:
[  101.173163][T12578]  kmsan_internal_poison_shadow+0x5c/0x110
[  101.178954][T12578]  kmsan_slab_alloc+0x97/0x100
[  101.184435][T12578]  __kmalloc_node_track_caller+0xe27/0x11a0
[  101.190383][T12578]  __alloc_skb+0x306/0xa10
[  101.194786][T12578]  alloc_skb_with_frags+0x18c/0xa80
[  101.199965][T12578]  sock_alloc_send_pskb+0xafd/0x10a0
[  101.205230][T12578]  packet_sendmsg+0x63a6/0x9100
[  101.210076][T12578]  __sys_sendto+0xc44/0xc70
[  101.214565][T12578]  __se_sys_sendto+0x107/0x130
[  101.219330][T12578]  __x64_sys_sendto+0x6e/0x90
[  101.223992][T12578]  do_syscall_64+0xb6/0x160
[  101.228477][T12578]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  101.234714][T12578] =====================================================
[  101.241625][T12578] Disabling lock debugging due to kernel taint
[  101.247764][T12578] Kernel panic - not syncing: panic_on_warn set ...
[  101.254344][T12578] CPU: 0 PID: 12578 Comm: syz-executor160 Tainted: G    B             5.4.0-rc8-syzkaller #0
[  101.264480][T12578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  101.274535][T12578] Call Trace:
[  101.277831][T12578]  dump_stack+0x1c9/0x220
[  101.282163][T12578]  panic+0x3c9/0xc1e
[  101.286053][T12578]  kmsan_report+0x215/0x220
[  101.290543][T12578]  __msan_warning+0x64/0xc0
[  101.295043][T12578]  ip_tunnel_xmit+0x3c6/0x3320
[  101.299817][T12578]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  101.305885][T12578]  ? skb_push+0x15b/0x250
[  101.310246][T12578]  ? gre_build_header+0x3ec/0x9f0
[  101.315270][T12578]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  101.321232][T12578]  ipgre_xmit+0xff3/0x1120
[  101.325636][T12578]  ? ipgre_close+0x240/0x240
[  101.330209][T12578]  dev_hard_start_xmit+0x51a/0xab0
[  101.335326][T12578]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  101.341206][T12578]  __dev_queue_xmit+0x35b6/0x4200
[  101.346230][T12578]  dev_queue_xmit+0x4b/0x60
[  101.350712][T12578]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  101.355976][T12578]  packet_sendmsg+0x8234/0x9100
[  101.360810][T12578]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  101.366857][T12578]  ? aa_label_sk_perm+0x6d6/0x940
[  101.371878][T12578]  ? kmsan_get_metadata+0x51/0x350
[  101.377071][T12578]  ? kmsan_internal_set_origin+0x6a/0xb0
[  101.383654][T12578]  ? metadata_is_contiguous+0x270/0x270
[  101.389184][T12578]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  101.395250][T12578]  ? aa_sk_perm+0x730/0xaf0
[  101.399795][T12578]  ? compat_packet_setsockopt+0x360/0x360
[  101.405503][T12578]  __sys_sendto+0xc44/0xc70
[  101.409998][T12578]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  101.415883][T12578]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  101.422019][T12578]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  101.427732][T12578]  __se_sys_sendto+0x107/0x130
[  101.432512][T12578]  __x64_sys_sendto+0x6e/0x90
[  101.437171][T12578]  do_syscall_64+0xb6/0x160
[  101.441673][T12578]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  101.447558][T12578] RIP: 0033:0x442909
[  101.451445][T12578] Code: e8 ac 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  101.471061][T12578] RSP: 002b:00007ffc438e20d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  101.479458][T12578] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442909
[  101.487425][T12578] RDX: 000000000000000e RSI: 0000000020000200 RDI: 0000000000000003
[  101.495496][T12578] RBP: 0000000000018a19 R08: 00000000200000c0 R09: 0000000000000014
[  101.503457][T12578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.511503][T12578] R13: 0000000000403840 R14: 0000000000000000 R15: 0000000000000000
[  101.520819][T12578] Kernel Offset: 0x20400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  101.532567][T12578] Rebooting in 86400 seconds..