[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   99.190183] audit: type=1800 audit(1551744390.243:25): pid=10572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   99.209471] audit: type=1800 audit(1551744390.243:26): pid=10572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   99.229025] audit: type=1800 audit(1551744390.273:27): pid=10572 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.213' (ECDSA) to the list of known hosts.
2019/03/05 00:06:45 fuzzer started
2019/03/05 00:06:51 dialing manager at 10.128.0.26:34023
2019/03/05 00:06:51 syscalls: 1
2019/03/05 00:06:51 code coverage: enabled
2019/03/05 00:06:51 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/03/05 00:06:51 extra coverage: extra coverage is not supported by the kernel
2019/03/05 00:06:51 setuid sandbox: enabled
2019/03/05 00:06:51 namespace sandbox: enabled
2019/03/05 00:06:51 Android sandbox: /sys/fs/selinux/policy does not exist
2019/03/05 00:06:51 fault injection: enabled
2019/03/05 00:06:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/03/05 00:06:51 net packet injection: enabled
2019/03/05 00:06:51 net device setup: enabled
00:09:52 executing program 0:
r0 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)="c11400ffffff890000021fe4ac14140de0", 0x11}], 0x1}, 0x0)

syzkaller login: [  301.835672] IPVS: ftp: loaded support on port[0] = 21
[  302.017526] chnl_net:caif_netlink_parms(): no params data found
[  302.095338] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.102595] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.111267] device bridge_slave_0 entered promiscuous mode
[  302.121453] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.128089] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.136684] device bridge_slave_1 entered promiscuous mode
[  302.175272] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  302.187258] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  302.222047] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  302.230995] team0: Port device team_slave_0 added
[  302.238710] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  302.247610] team0: Port device team_slave_1 added
[  302.254787] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  302.263454] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  302.447291] device hsr_slave_0 entered promiscuous mode
[  302.702400] device hsr_slave_1 entered promiscuous mode
[  302.853785] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  302.861660] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  302.895304] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.901929] bridge0: port 2(bridge_slave_1) entered forwarding state
[  302.909179] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.915879] bridge0: port 1(bridge_slave_0) entered forwarding state
[  303.023067] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  303.029232] 8021q: adding VLAN 0 to HW filter on device bond0
[  303.045427] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  303.057194] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.068398] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.080798] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  303.102450] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  303.109435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  303.117326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  303.133135] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  303.139236] 8021q: adding VLAN 0 to HW filter on device team0
[  303.153715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  303.160926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  303.169975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  303.178386] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.184935] bridge0: port 1(bridge_slave_0) entered forwarding state
[  303.202577] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  303.216252] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  303.224171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  303.233138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  303.241503] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.248097] bridge0: port 2(bridge_slave_1) entered forwarding state
[  303.257569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  303.274459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  303.282646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  303.307523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  303.315494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  303.326937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  303.345274] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  303.352793] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  303.361163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  303.370358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  303.388275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  303.401778] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  303.409420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  303.418967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  303.427716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  303.436486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  303.451051] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  303.457281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  303.485974] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  303.507517] 8021q: adding VLAN 0 to HW filter on device batadv0
[  303.679612] ==================================================================
[  303.687109] BUG: KMSAN: uninit-value in _raw_spin_lock_bh+0xea/0x130
[  303.693681] CPU: 0 PID: 10745 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9
[  303.700879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  303.710235] Call Trace:
[  303.712907]  dump_stack+0x173/0x1d0
[  303.716606]  kmsan_report+0x12e/0x2a0
[  303.720446]  __msan_warning+0x82/0xf0
[  303.724282]  _raw_spin_lock_bh+0xea/0x130
[  303.728477]  inet_frag_find+0x1223/0x24a0
[  303.732722]  ? ip4_obj_hashfn+0x430/0x430
[  303.736925]  ? ip_expire+0xbd0/0xbd0
[  303.740660]  ? ip4_key_hashfn+0x420/0x420
[  303.744832]  ? ip_expire+0xbd0/0xbd0
[  303.748576]  ? ip4_key_hashfn+0x420/0x420
[  303.752751]  ? ip_expire+0xbd0/0xbd0
[  303.756482]  ? ip4_key_hashfn+0x420/0x420
[  303.760654]  ? ip4_obj_hashfn+0x430/0x430
[  303.764833]  ip_defrag+0x47c/0x6310
[  303.768585]  ? __x64_sys_sendmsg+0x4a/0x70
[  303.772852]  ? entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  303.778266]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  303.783493]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  303.788998]  ipv4_conntrack_defrag+0x673/0x7d0
[  303.793642]  ? defrag4_net_exit+0xe0/0xe0
[  303.797895]  nf_hook_slow+0x176/0x3d0
[  303.801750]  __ip_local_out+0x6dc/0x800
[  303.805819]  ? __ip_local_out+0x800/0x800
[  303.810008]  ip_local_out+0xa4/0x1d0
[  303.813760]  iptunnel_xmit+0x8a7/0xde0
[  303.817715]  ip_tunnel_xmit+0x35b9/0x3980
[  303.821941]  ipgre_xmit+0x1098/0x11c0
[  303.825782]  ? ipgre_close+0x230/0x230
[  303.829773]  dev_hard_start_xmit+0x604/0xc40
[  303.834242]  __dev_queue_xmit+0x2e48/0x3b80
[  303.838638]  dev_queue_xmit+0x4b/0x60
[  303.842462]  ? __netdev_pick_tx+0x1260/0x1260
[  303.847081]  packet_sendmsg+0x79bb/0x9760
[  303.851277]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  303.856775]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  303.861996]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  303.867459]  ___sys_sendmsg+0xdb9/0x11b0
[  303.871567]  ? compat_packet_setsockopt+0x360/0x360
[  303.876627]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  303.881844]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  303.887230]  ? __fget_light+0x6e1/0x750
[  303.891258]  __se_sys_sendmsg+0x305/0x460
[  303.895459]  __x64_sys_sendmsg+0x4a/0x70
[  303.899560]  do_syscall_64+0xbc/0xf0
[  303.903307]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  303.908511] RIP: 0033:0x457e29
[  303.911731] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  303.930640] RSP: 002b:00007fefdaafbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  303.938358] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[  303.945667] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  303.952943] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  303.960223] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefdaafc6d4
[  303.967509] R13: 00000000004c5461 R14: 00000000004d9308 R15: 00000000ffffffff
[  303.974818] 
[  303.976448] Uninit was created at:
[  303.979988] No stack
[  303.982312] ==================================================================
[  303.989755] Disabling lock debugging due to kernel taint
[  303.995231] Kernel panic - not syncing: panic_on_warn set ...
[  304.001137] CPU: 0 PID: 10745 Comm: syz-executor.0 Tainted: G    B             5.0.0-rc1+ #9
[  304.009721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  304.019084] Call Trace:
[  304.021737]  dump_stack+0x173/0x1d0
[  304.025443]  panic+0x3d1/0xb01
[  304.028731]  kmsan_report+0x293/0x2a0
[  304.032595]  __msan_warning+0x82/0xf0
[  304.036432]  _raw_spin_lock_bh+0xea/0x130
[  304.040622]  inet_frag_find+0x1223/0x24a0
[  304.044792]  ? ip4_obj_hashfn+0x430/0x430
[  304.048991]  ? ip_expire+0xbd0/0xbd0
[  304.052726]  ? ip4_key_hashfn+0x420/0x420
[  304.056895]  ? ip_expire+0xbd0/0xbd0
[  304.060624]  ? ip4_key_hashfn+0x420/0x420
[  304.064786]  ? ip_expire+0xbd0/0xbd0
[  304.068524]  ? ip4_key_hashfn+0x420/0x420
[  304.072696]  ? ip4_obj_hashfn+0x430/0x430
[  304.076865]  ip_defrag+0x47c/0x6310
[  304.080521]  ? __x64_sys_sendmsg+0x4a/0x70
[  304.084777]  ? entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  304.090173]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  304.095384]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  304.100801]  ipv4_conntrack_defrag+0x673/0x7d0
[  304.105419]  ? defrag4_net_exit+0xe0/0xe0
[  304.109588]  nf_hook_slow+0x176/0x3d0
[  304.113423]  __ip_local_out+0x6dc/0x800
[  304.117436]  ? __ip_local_out+0x800/0x800
[  304.121601]  ip_local_out+0xa4/0x1d0
[  304.125347]  iptunnel_xmit+0x8a7/0xde0
[  304.129292]  ip_tunnel_xmit+0x35b9/0x3980
[  304.133532]  ipgre_xmit+0x1098/0x11c0
[  304.137371]  ? ipgre_close+0x230/0x230
[  304.141277]  dev_hard_start_xmit+0x604/0xc40
[  304.145742]  __dev_queue_xmit+0x2e48/0x3b80
[  304.150129]  dev_queue_xmit+0x4b/0x60
[  304.153947]  ? __netdev_pick_tx+0x1260/0x1260
[  304.158466]  packet_sendmsg+0x79bb/0x9760
[  304.162697]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  304.168176]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  304.173390]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  304.178843]  ___sys_sendmsg+0xdb9/0x11b0
[  304.182943]  ? compat_packet_setsockopt+0x360/0x360
[  304.187991]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  304.193208]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  304.198582]  ? __fget_light+0x6e1/0x750
[  304.202607]  __se_sys_sendmsg+0x305/0x460
[  304.206805]  __x64_sys_sendmsg+0x4a/0x70
[  304.210886]  do_syscall_64+0xbc/0xf0
[  304.214661]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  304.219856] RIP: 0033:0x457e29
[  304.223064] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  304.241974] RSP: 002b:00007fefdaafbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  304.249691] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[  304.256964] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  304.264255] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  304.271533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefdaafc6d4
[  304.278821] R13: 00000000004c5461 R14: 00000000004d9308 R15: 00000000ffffffff
[  304.286989] Kernel Offset: disabled
[  304.290618] Rebooting in 86400 seconds..