[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   82.287978][   T31] audit: type=1800 audit(1574445585.335:25): pid=11879 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   82.322132][   T31] audit: type=1800 audit(1574445585.355:26): pid=11879 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   82.342979][   T31] audit: type=1800 audit(1574445585.365:27): pid=11879 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts.
2019/11/22 17:59:57 fuzzer started
2019/11/22 18:00:01 dialing manager at 10.128.0.26:44687
2019/11/22 18:00:02 syscalls: 2397
2019/11/22 18:00:02 code coverage: enabled
2019/11/22 18:00:02 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/11/22 18:00:02 extra coverage: enabled
2019/11/22 18:00:02 setuid sandbox: enabled
2019/11/22 18:00:02 namespace sandbox: enabled
2019/11/22 18:00:02 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/22 18:00:02 fault injection: enabled
2019/11/22 18:00:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/22 18:00:02 net packet injection: enabled
2019/11/22 18:00:02 net device setup: enabled
2019/11/22 18:00:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/11/22 18:00:02 devlink PCI setup: PCI device 0000:00:10.0 is not available
18:03:04 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
shmctl$IPC_SET(0x0, 0x1, 0x0)

syzkaller login: [  281.332993][T12044] IPVS: ftp: loaded support on port[0] = 21
[  281.474089][T12044] chnl_net:caif_netlink_parms(): no params data found
[  281.530132][T12044] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.537440][T12044] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.546260][T12044] device bridge_slave_0 entered promiscuous mode
[  281.556207][T12044] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.563486][T12044] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.572492][T12044] device bridge_slave_1 entered promiscuous mode
[  281.603889][T12044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  281.617102][T12044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  281.650093][T12044] team0: Port device team_slave_0 added
[  281.659590][T12044] team0: Port device team_slave_1 added
[  281.737056][T12044] device hsr_slave_0 entered promiscuous mode
[  281.972668][T12044] device hsr_slave_1 entered promiscuous mode
[  282.145196][T12044] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.152464][T12044] bridge0: port 2(bridge_slave_1) entered forwarding state
[  282.160341][T12044] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.167755][T12044] bridge0: port 1(bridge_slave_0) entered forwarding state
[  282.489118][T12044] 8021q: adding VLAN 0 to HW filter on device bond0
[  282.505572][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.532988][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.575231][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  282.627838][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  282.636875][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  282.667838][T12044] 8021q: adding VLAN 0 to HW filter on device team0
[  282.713212][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  282.722765][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  282.732161][ T3674] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.739506][ T3674] bridge0: port 1(bridge_slave_0) entered forwarding state
[  282.748725][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  282.758168][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  282.767359][ T3674] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.774588][ T3674] bridge0: port 2(bridge_slave_1) entered forwarding state
[  282.934480][T12044] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  282.945445][T12044] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  282.983748][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  282.994121][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  283.003967][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  283.013681][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  283.023223][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  283.033236][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  283.042869][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  283.052400][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  283.062158][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  283.071459][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  283.168639][T12044] 8021q: adding VLAN 0 to HW filter on device batadv0
[  283.295896][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  283.305537][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  283.314117][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  283.322044][ T3674] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
18:03:06 executing program 0:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00')
bind$isdn_base(r2, 0x0, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28)
sendto$inet6(r0, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000), 0x10)
fcntl$setflags(0xffffffffffffffff, 0x2, 0x1)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000200))
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000000280)={0x0, 0x0})
accept(0xffffffffffffffff, 0x0, 0x0)

[  283.503114][    C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  283.590134][T12085] =====================================================
[  283.597377][T12085] BUG: KMSAN: uninit-value in gf128mul_4k_lle+0x1fb/0x2b0
[  283.604514][T12085] CPU: 1 PID: 12085 Comm: syz-executor.0 Not tainted 5.4.0-rc5-syzkaller #0
[  283.613194][T12085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  283.623378][T12085] Call Trace:
[  283.626698][T12085]  dump_stack+0x191/0x1f0
[  283.631036][T12085]  kmsan_report+0x128/0x220
[  283.635543][T12085]  __msan_warning+0x64/0xc0
[  283.640063][T12085]  gf128mul_4k_lle+0x1fb/0x2b0
[  283.645033][T12085]  ghash_update+0x9db/0x1130
[  283.649788][T12085]  ? ghash_init+0x50/0x50
[  283.654132][T12085]  shash_ahash_update+0x53a/0x650
[  283.659180][T12085]  ? kmsan_internal_set_origin+0x6a/0xb0
[  283.664837][T12085]  shash_async_update+0x50/0x60
[  283.669760][T12085]  ? shash_async_init+0x1e0/0x1e0
[  283.674786][T12085]  gcm_hash+0x15d8/0x2400
[  283.679126][T12085]  crypto_gcm_encrypt+0x710/0x9e0
[  283.684161][T12085]  ? crypto_gcm_setauthsize+0xc0/0xc0
[  283.689623][T12085]  crypto_aead_encrypt+0xf2/0x180
[  283.694710][T12085]  tls_push_record+0x3438/0x4eb0
[  283.699658][T12085]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  283.705866][T12085]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  283.711806][T12085]  bpf_exec_tx_verdict+0x1454/0x1c80
[  283.717096][T12085]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  283.723160][T12085]  ? get_user_pages_fast+0x69b/0x6e0
[  283.728541][T12085]  ? kmsan_get_metadata+0x37/0x350
[  283.733716][T12085]  tls_sw_sendmsg+0x158d/0x2710
[  283.738656][T12085]  ? udpv6_rcv+0x70/0x70
[  283.743421][T12085]  ? tls_tx_records+0xb40/0xb40
[  283.748402][T12085]  inet6_sendmsg+0x2d8/0x2e0
[  283.753072][T12085]  ? inet6_ioctl+0x340/0x340
[  283.757662][T12085]  __sys_sendto+0x8fc/0xc70
[  283.762195][T12085]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  283.768098][T12085]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  283.774168][T12085]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  283.779890][T12085]  __se_sys_sendto+0x107/0x130
[  283.784949][T12085]  __x64_sys_sendto+0x6e/0x90
[  283.789728][T12085]  do_syscall_64+0xb6/0x160
[  283.794240][T12085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  283.800274][T12085] RIP: 0033:0x45a639
[  283.804342][T12085] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  283.823988][T12085] RSP: 002b:00007f5443b63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  283.832444][T12085] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045a639
[  283.840416][T12085] RDX: ffffffffffffffc1 RSI: 0000000020000080 RDI: 0000000000000003
[  283.849517][T12085] RBP: 000000000075bf20 R08: 0000000000000000 R09: fffffffffffffe5b
[  283.857664][T12085] R10: 0000000000000040 R11: 0000000000000246 R12: 00007f5443b646d4
[  283.865642][T12085] R13: 00000000004c8e0b R14: 00000000004df6e8 R15: 00000000ffffffff
[  283.873805][T12085] 
[  283.876146][T12085] Uninit was stored to memory at:
[  283.881292][T12085]  kmsan_internal_chain_origin+0xbd/0x180
[  283.887096][T12085]  __msan_chain_origin+0x5c/0xc0
[  283.892204][T12085]  ghash_update+0xa83/0x1130
[  283.896963][T12085]  shash_ahash_update+0x53a/0x650
[  283.902159][T12085]  shash_async_update+0x50/0x60
[  283.907004][T12085]  gcm_hash+0x15d8/0x2400
[  283.911704][T12085]  crypto_gcm_encrypt+0x710/0x9e0
[  283.916774][T12085]  crypto_aead_encrypt+0xf2/0x180
[  283.921839][T12085]  tls_push_record+0x3438/0x4eb0
[  283.926776][T12085]  bpf_exec_tx_verdict+0x1454/0x1c80
[  283.933969][T12085]  tls_sw_sendmsg+0x158d/0x2710
[  283.938856][T12085]  inet6_sendmsg+0x2d8/0x2e0
[  283.943516][T12085]  __sys_sendto+0x8fc/0xc70
[  283.948149][T12085]  __se_sys_sendto+0x107/0x130
[  283.952910][T12085]  __x64_sys_sendto+0x6e/0x90
[  283.957594][T12085]  do_syscall_64+0xb6/0x160
[  283.962299][T12085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  283.968181][T12085] 
[  283.970516][T12085] Uninit was stored to memory at:
[  283.975610][T12085]  kmsan_internal_chain_origin+0xbd/0x180
[  283.981364][T12085]  __msan_chain_origin+0x5c/0xc0
[  283.986299][T12085]  __crypto_xor+0x1e8/0x1470
[  283.990885][T12085]  crypto_ctr_crypt+0x613/0xaf0
[  283.995736][T12085]  crypto_skcipher_encrypt+0xd2/0x150
[  284.001106][T12085]  crypto_gcm_encrypt+0x4a5/0x9e0
[  284.006162][T12085]  crypto_aead_encrypt+0xf2/0x180
[  284.011403][T12085]  tls_push_record+0x3438/0x4eb0
[  284.016339][T12085]  bpf_exec_tx_verdict+0x1454/0x1c80
[  284.021625][T12085]  tls_sw_sendmsg+0x158d/0x2710
[  284.026492][T12085]  inet6_sendmsg+0x2d8/0x2e0
[  284.031079][T12085]  __sys_sendto+0x8fc/0xc70
[  284.035678][T12085]  __se_sys_sendto+0x107/0x130
[  284.040440][T12085]  __x64_sys_sendto+0x6e/0x90
[  284.045111][T12085]  do_syscall_64+0xb6/0x160
[  284.049632][T12085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  284.055512][T12085] 
[  284.057886][T12085] Uninit was created at:
[  284.062170][T12085]  kmsan_save_stack_with_flags+0x3f/0x90
[  284.067800][T12085]  kmsan_alloc_page+0x140/0x330
[  284.072658][T12085]  __alloc_pages_nodemask+0x1421/0x5fd0
[  284.078201][T12085]  alloc_pages_current+0x68d/0x9a0
[  284.083328][T12085]  skb_page_frag_refill+0x2b0/0x580
[  284.088602][T12085]  sk_page_frag_refill+0xa4/0x330
[  284.093623][T12085]  sk_msg_alloc+0x203/0x1050
[  284.098272][T12085]  tls_sw_sendmsg+0xb56/0x2710
[  284.103031][T12085]  inet6_sendmsg+0x2d8/0x2e0
[  284.107627][T12085]  __sys_sendto+0x8fc/0xc70
[  284.112129][T12085]  __se_sys_sendto+0x107/0x130
[  284.116893][T12085]  __x64_sys_sendto+0x6e/0x90
[  284.121565][T12085]  do_syscall_64+0xb6/0x160
[  284.126078][T12085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  284.131959][T12085] =====================================================
[  284.138884][T12085] Disabling lock debugging due to kernel taint
[  284.145032][T12085] Kernel panic - not syncing: panic_on_warn set ...
[  284.151626][T12085] CPU: 1 PID: 12085 Comm: syz-executor.0 Tainted: G    B             5.4.0-rc5-syzkaller #0
[  284.161823][T12085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  284.171943][T12085] Call Trace:
[  284.175269][T12085]  dump_stack+0x191/0x1f0
[  284.179718][T12085]  panic+0x3c9/0xc1e
[  284.183633][T12085]  kmsan_report+0x215/0x220
[  284.188205][T12085]  __msan_warning+0x64/0xc0
[  284.192715][T12085]  gf128mul_4k_lle+0x1fb/0x2b0
[  284.197549][T12085]  ghash_update+0x9db/0x1130
[  284.202157][T12085]  ? ghash_init+0x50/0x50
[  284.206881][T12085]  shash_ahash_update+0x53a/0x650
[  284.211923][T12085]  ? kmsan_internal_set_origin+0x6a/0xb0
[  284.217571][T12085]  shash_async_update+0x50/0x60
[  284.222435][T12085]  ? shash_async_init+0x1e0/0x1e0
[  284.227648][T12085]  gcm_hash+0x15d8/0x2400
[  284.232055][T12085]  crypto_gcm_encrypt+0x710/0x9e0
[  284.237181][T12085]  ? crypto_gcm_setauthsize+0xc0/0xc0
[  284.242862][T12085]  crypto_aead_encrypt+0xf2/0x180
[  284.247903][T12085]  tls_push_record+0x3438/0x4eb0
[  284.252994][T12085]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  284.259142][T12085]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  284.265056][T12085]  bpf_exec_tx_verdict+0x1454/0x1c80
[  284.270354][T12085]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  284.276557][T12085]  ? get_user_pages_fast+0x69b/0x6e0
[  284.281852][T12085]  ? kmsan_get_metadata+0x37/0x350
[  284.287034][T12085]  tls_sw_sendmsg+0x158d/0x2710
[  284.291942][T12085]  ? udpv6_rcv+0x70/0x70
[  284.296191][T12085]  ? tls_tx_records+0xb40/0xb40
[  284.301040][T12085]  inet6_sendmsg+0x2d8/0x2e0
[  284.305698][T12085]  ? inet6_ioctl+0x340/0x340
[  284.310289][T12085]  __sys_sendto+0x8fc/0xc70
[  284.314816][T12085]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[  284.320715][T12085]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  284.326788][T12085]  ? prepare_exit_to_usermode+0x19a/0x4d0
[  284.332523][T12085]  __se_sys_sendto+0x107/0x130
[  284.337329][T12085]  __x64_sys_sendto+0x6e/0x90
[  284.342009][T12085]  do_syscall_64+0xb6/0x160
[  284.346543][T12085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  284.352718][T12085] RIP: 0033:0x45a639
[  284.356759][T12085] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  284.376697][T12085] RSP: 002b:00007f5443b63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  284.385114][T12085] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045a639
[  284.393089][T12085] RDX: ffffffffffffffc1 RSI: 0000000020000080 RDI: 0000000000000003
[  284.401054][T12085] RBP: 000000000075bf20 R08: 0000000000000000 R09: fffffffffffffe5b
[  284.409110][T12085] R10: 0000000000000040 R11: 0000000000000246 R12: 00007f5443b646d4
[  284.417082][T12085] R13: 00000000004c8e0b R14: 00000000004df6e8 R15: 00000000ffffffff
[  284.426730][T12085] Kernel Offset: 0x1ce00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  284.438703][T12085] Rebooting in 86400 seconds..