[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   75.899289][   T30] audit: type=1800 audit(1564896548.947:25): pid=11838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   75.923054][   T30] audit: type=1800 audit(1564896548.977:26): pid=11838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   75.959348][   T30] audit: type=1800 audit(1564896548.997:27): pid=11838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts.
syzkaller login: [  100.194786][T11989] IPVS: ftp: loaded support on port[0] = 21
[  100.264465][T11989] chnl_net:caif_netlink_parms(): no params data found
[  100.297634][T11989] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.304942][T11989] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.313537][T11989] device bridge_slave_0 entered promiscuous mode
[  100.322625][T11989] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.329950][T11989] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.338508][T11989] device bridge_slave_1 entered promiscuous mode
[  100.359675][T11989] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  100.370152][T11989] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  100.391900][T11989] team0: Port device team_slave_0 added
[  100.399829][T11989] team0: Port device team_slave_1 added
[  100.454713][T11989] device hsr_slave_0 entered promiscuous mode
[  100.522416][T11989] device hsr_slave_1 entered promiscuous mode
[  100.573541][T11989] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.580916][T11989] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.588815][T11989] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.596914][T11989] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.641527][T11989] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.656321][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.666684][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.676174][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.686443][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  100.701143][T11989] 8021q: adding VLAN 0 to HW filter on device team0
[  100.714282][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.723557][ T3358] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.730911][ T3358] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.753175][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.762928][ T3358] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.770145][ T3358] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.785960][T11991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.796195][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.810378][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.826930][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.840268][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
executing program
[  100.853924][T11989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.878958][T11989] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.193106][   T33] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  101.552221][   T33] usb 1-1: config 29 has an invalid interface number: 217 but max is 0
[  101.562341][   T33] usb 1-1: config 29 has no interface number 0
[  101.568589][   T33] usb 1-1: config 29 interface 217 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  101.579797][   T33] usb 1-1: config 29 interface 217 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  101.591274][   T33] usb 1-1: config 29 interface 217 altsetting 0 endpoint 0x4 has invalid maxpacket 128, setting to 64
[  101.603071][   T33] usb 1-1: config 29 interface 217 altsetting 0 has a duplicate endpoint with address 0xF, skipping
[  101.852742][   T33] usb 1-1: string descriptor 0 read error: -22
[  101.859441][   T33] usb 1-1: New USB device found, idVendor=1618, idProduct=9116, bcdDevice=9e.a5
[  101.868793][   T33] usb 1-1: New USB device strings: Mfr=2, Product=255, SerialNumber=3
[  101.915176][   T33] rsi_91x: rsi_probe: Failed to init usb interface
[  101.923367][   T33] rsi_91x: rsi_probe: Failed in probe...Exiting
[  101.929938][   T33] RSI-USB WLAN: probe of 1-1:29.217 failed with error -22
[  101.942078][T11991] ==================================================================
[  101.950301][T11991] BUG: KMSAN: uninit-value in __list_add_valid+0x292/0x430
[  101.957862][T11991] CPU: 1 PID: 11991 Comm: kworker/1:2 Not tainted 5.2.0+ #15
[  101.965362][T11991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  101.975744][T11991] Workqueue: ipv6_addrconf addrconf_dad_work
[  101.981953][T11991] Call Trace:
[  101.985303][T11991]  dump_stack+0x191/0x1f0
[  101.989636][T11991]  kmsan_report+0x162/0x2d0
[  101.994366][T11991]  __msan_warning+0x75/0xe0
[  101.999026][T11991]  __list_add_valid+0x292/0x430
[  102.003887][T11991]  ___neigh_create+0x24ad/0x2990
[  102.008962][T11991]  __neigh_create+0xbd/0xd0
[  102.013490][T11991]  ip6_finish_output2+0x149a/0x2670
[  102.018943][T11991]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  102.025687][T11991]  ip6_finish_output+0xae4/0xbc0
[  102.030674][T11991]  ip6_output+0x5d3/0x720
[  102.035017][T11991]  ? ip6_output+0x720/0x720
[  102.039509][T11991]  ? ac6_seq_show+0x200/0x200
[  102.044488][T11991]  ndisc_send_skb+0x1083/0x15e0
[  102.050220][T11991]  ? ndisc_error_report+0x1a0/0x1a0
[  102.055536][T11991]  ndisc_send_ns+0xda8/0xe10
[  102.060365][T11991]  ndisc_solicit+0x498/0x5d0
[  102.065031][T11991]  ? ndisc_cleanup+0x70/0x70
[  102.069950][T11991]  __neigh_event_send+0x111d/0x1a80
[  102.075395][T11991]  neigh_resolve_output+0x25e/0xb50
[  102.080713][T11991]  ? neigh_event_ns+0x8a0/0x8a0
[  102.085586][T11991]  ip6_finish_output2+0x2129/0x2670
[  102.090953][T11991]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  102.097674][T11991]  ip6_finish_output+0xae4/0xbc0
[  102.102774][T11991]  ip6_output+0x5d3/0x720
[  102.107665][T11991]  ? ip6_output+0x720/0x720
[  102.112523][T11991]  ? ac6_seq_show+0x200/0x200
[  102.117325][T11991]  ndisc_send_skb+0x1083/0x15e0
[  102.122457][T11991]  ? ndisc_error_report+0x1a0/0x1a0
[  102.127676][T11991]  ndisc_send_rs+0xb5d/0xb90
[  102.132274][T11991]  addrconf_dad_completed+0xc03/0x1490
[  102.137970][T11991]  addrconf_dad_work+0x17b3/0x26e0
[  102.143166][T11991]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  102.149070][T11991]  ? ipv6_get_saddr_eval+0x13b0/0x13b0
[  102.154743][T11991]  ? ipv6_get_saddr_eval+0x13b0/0x13b0
[  102.160320][T11991]  process_one_work+0x1572/0x1f00
[  102.165530][T11991]  worker_thread+0x111b/0x2460
[  102.170311][T11991]  kthread+0x4b5/0x4f0
[  102.174439][T11991]  ? process_one_work+0x1f00/0x1f00
[  102.179652][T11991]  ? kthread_blkcg+0xf0/0xf0
[  102.184428][T11991]  ret_from_fork+0x35/0x40
[  102.188958][T11991] 
[  102.191274][T11991] Uninit was created at:
[  102.195641][T11991]  kmsan_internal_poison_shadow+0x53/0xa0
[  102.201424][T11991]  kmsan_slab_alloc+0xaa/0x120
[  102.206194][T11991]  __kmalloc_node_track_caller+0xc8f/0xf10
[  102.212136][T11991]  __alloc_skb+0x306/0xa10
[  102.216547][T11991]  ndisc_alloc_skb+0x1ba/0x5b0
[  102.221401][T11991]  ndisc_send_ns+0x5e9/0xe10
[  102.226009][T11991]  ndisc_solicit+0x498/0x5d0
[  102.230700][T11991]  __neigh_event_send+0x111d/0x1a80
[  102.235904][T11991]  neigh_resolve_output+0x25e/0xb50
[  102.241097][T11991]  ip6_finish_output2+0x2129/0x2670
[  102.246413][T11991]  ip6_finish_output+0xae4/0xbc0
[  102.251445][T11991]  ip6_output+0x5d3/0x720
[  102.255898][T11991]  ndisc_send_skb+0x1083/0x15e0
[  102.260738][T11991]  ndisc_send_rs+0xb5d/0xb90
[  102.265401][T11991]  addrconf_dad_completed+0xc03/0x1490
[  102.271087][T11991]  addrconf_dad_work+0x17b3/0x26e0
[  102.276697][T11991]  process_one_work+0x1572/0x1f00
[  102.281729][T11991]  worker_thread+0x111b/0x2460
[  102.286635][T11991]  kthread+0x4b5/0x4f0
[  102.291034][T11991]  ret_from_fork+0x35/0x40
[  102.295642][T11991] ==================================================================
[  102.303843][T11991] Disabling lock debugging due to kernel taint
[  102.310217][T11991] Kernel panic - not syncing: panic_on_warn set ...
[  102.316798][T11991] CPU: 1 PID: 11991 Comm: kworker/1:2 Tainted: G    B             5.2.0+ #15
[  102.325856][T11991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  102.336172][T11991] Workqueue: ipv6_addrconf addrconf_dad_work
[  102.342193][T11991] Call Trace:
[  102.345606][T11991]  dump_stack+0x191/0x1f0
[  102.349945][T11991]  panic+0x3c9/0xc1e
[  102.353858][T11991]  kmsan_report+0x2ca/0x2d0
[  102.358362][T11991]  __msan_warning+0x75/0xe0
[  102.363134][T11991]  __list_add_valid+0x292/0x430
[  102.367984][T11991]  ___neigh_create+0x24ad/0x2990
[  102.372986][T11991]  __neigh_create+0xbd/0xd0
[  102.377620][T11991]  ip6_finish_output2+0x149a/0x2670
[  102.382859][T11991]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  102.388873][T11991]  ip6_finish_output+0xae4/0xbc0
[  102.393835][T11991]  ip6_output+0x5d3/0x720
[  102.398277][T11991]  ? ip6_output+0x720/0x720
[  102.403149][T11991]  ? ac6_seq_show+0x200/0x200
[  102.408117][T11991]  ndisc_send_skb+0x1083/0x15e0
[  102.413117][T11991]  ? ndisc_error_report+0x1a0/0x1a0
[  102.418328][T11991]  ndisc_send_ns+0xda8/0xe10
[  102.423027][T11991]  ndisc_solicit+0x498/0x5d0
[  102.427654][T11991]  ? ndisc_cleanup+0x70/0x70
[  102.432240][T11991]  __neigh_event_send+0x111d/0x1a80
[  102.437731][T11991]  neigh_resolve_output+0x25e/0xb50
[  102.443085][T11991]  ? neigh_event_ns+0x8a0/0x8a0
[  102.448221][T11991]  ip6_finish_output2+0x2129/0x2670
[  102.453635][T11991]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  102.459526][T11991]  ip6_finish_output+0xae4/0xbc0
[  102.464461][T11991]  ip6_output+0x5d3/0x720
[  102.468786][T11991]  ? ip6_output+0x720/0x720
[  102.473388][T11991]  ? ac6_seq_show+0x200/0x200
[  102.478075][T11991]  ndisc_send_skb+0x1083/0x15e0
[  102.482946][T11991]  ? ndisc_error_report+0x1a0/0x1a0
[  102.488389][T11991]  ndisc_send_rs+0xb5d/0xb90
[  102.492976][T11991]  addrconf_dad_completed+0xc03/0x1490
[  102.498637][T11991]  addrconf_dad_work+0x17b3/0x26e0
[  102.503964][T11991]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  102.509981][T11991]  ? ipv6_get_saddr_eval+0x13b0/0x13b0
[  102.515585][T11991]  ? ipv6_get_saddr_eval+0x13b0/0x13b0
[  102.521162][T11991]  process_one_work+0x1572/0x1f00
[  102.526219][T11991]  worker_thread+0x111b/0x2460
[  102.531085][T11991]  kthread+0x4b5/0x4f0
[  102.535177][T11991]  ? process_one_work+0x1f00/0x1f00
[  102.540458][T11991]  ? kthread_blkcg+0xf0/0xf0
[  102.545942][T11991]  ret_from_fork+0x35/0x40
[  102.551903][T11991] Kernel Offset: disabled
[  102.556405][T11991] Rebooting in 86400 seconds..