[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  100.769891] audit: type=1800 audit(1548504902.826:25): pid=11018 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  100.789110] audit: type=1800 audit(1548504902.826:26): pid=11018 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  100.808558] audit: type=1800 audit(1548504902.856:27): pid=11018 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.252' (ECDSA) to the list of known hosts.
2019/01/26 12:15:18 fuzzer started
2019/01/26 12:15:24 dialing manager at 10.128.0.26:39403
2019/01/26 12:15:24 syscalls: 1
2019/01/26 12:15:24 code coverage: enabled
2019/01/26 12:15:24 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/01/26 12:15:24 extra coverage: extra coverage is not supported by the kernel
2019/01/26 12:15:24 setuid sandbox: enabled
2019/01/26 12:15:24 namespace sandbox: enabled
2019/01/26 12:15:24 Android sandbox: /sys/fs/selinux/policy does not exist
2019/01/26 12:15:24 fault injection: enabled
2019/01/26 12:15:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/01/26 12:15:24 net packet injection: enabled
2019/01/26 12:15:24 net device setup: enabled
12:18:12 executing program 0:
r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x0, 0x70, 0x6, 0x31, 0x100, 0x1ff, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffff, 0xff, 0x0, 0x0, 0x0, 0xbce, 0xffff, 0x0, 0x2aa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7}, 0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, r0, 0x0)
r1 = socket$kcm(0x10, 0x4000000002, 0x10)
sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e0000002b00812de41ae087185082cf0124b0eba06ec400014100000000001700080000001f5ba7721b8980ee5c", 0x2e}], 0x1}, 0x0)

syzkaller login: [  291.183956] IPVS: ftp: loaded support on port[0] = 21
[  291.350223] chnl_net:caif_netlink_parms(): no params data found
[  291.437888] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.444563] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.453056] device bridge_slave_0 entered promiscuous mode
[  291.463390] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.469908] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.478453] device bridge_slave_1 entered promiscuous mode
[  291.515463] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  291.527749] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  291.560529] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  291.569313] team0: Port device team_slave_0 added
[  291.577125] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  291.585887] team0: Port device team_slave_1 added
[  291.592798] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  291.602266] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  291.696768] device hsr_slave_0 entered promiscuous mode
[  291.952281] device hsr_slave_1 entered promiscuous mode
[  292.083492] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  292.091157] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  292.122884] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.129480] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.136755] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.143350] bridge0: port 1(bridge_slave_0) entered forwarding state
[  292.242417] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  292.248562] 8021q: adding VLAN 0 to HW filter on device bond0
[  292.264857] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  292.278753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  292.290362] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.300159] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.311334] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  292.331301] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  292.337506] 8021q: adding VLAN 0 to HW filter on device team0
[  292.353599] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  292.360866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  292.369696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  292.379627] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.386200] bridge0: port 1(bridge_slave_0) entered forwarding state
[  292.402314] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  292.410875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  292.420207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  292.428530] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.435072] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.453447] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  292.466517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  292.479776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  292.487757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  292.497244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  292.506791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  292.515991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  292.533046] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  292.546739] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  292.557472] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  292.566079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  292.575461] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  292.585047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  292.593787] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  292.606306] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  292.613373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  292.622176] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  292.636450] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  292.642676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  292.675100] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  292.695901] 8021q: adding VLAN 0 to HW filter on device batadv0
[  292.848049] ==================================================================
[  292.855579] BUG: KMSAN: uninit-value in validate_nla+0x179d/0x2690
[  292.861974] CPU: 1 PID: 11193 Comm: syz-executor0 Not tainted 5.0.0-rc1+ #7
[  292.869089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  292.878458] Call Trace:
[  292.881076]  dump_stack+0x173/0x1d0
[  292.884755]  kmsan_report+0x12e/0x2a0
[  292.889124]  __msan_warning+0x82/0xf0
[  292.892966]  validate_nla+0x179d/0x2690
[  292.896962]  ? do_syscall_64+0xbc/0xf0
[  292.900874]  ? __x64_sys_sendmsg+0x4a/0x70
[  292.905130]  ? do_syscall_64+0xbc/0xf0
[  292.909076]  __nla_parse+0x38a/0x7e0
[  292.912849]  nla_parse+0x119/0x130
[  292.916446]  __tipc_nl_bearer_enable+0x24e/0x1d50
[  292.921319]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  292.926725]  ? __nla_parse+0x532/0x7e0
[  292.930695]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  292.935915]  ? tipc_nl_bearer_disable+0xb0/0xb0
[  292.940613]  ? tipc_nl_bearer_disable+0xb0/0xb0
[  292.945316]  tipc_nl_compat_doit+0x756/0xaf0
[  292.949791]  tipc_nl_compat_recv+0x14d1/0x2750
[  292.954430]  ? tipc_nl_bearer_disable+0xb0/0xb0
[  292.959119]  ? tipc_nl_compat_dumpit+0x820/0x820
[  292.963907]  ? tipc_netlink_compat_stop+0x40/0x40
[  292.968785]  genl_rcv_msg+0x185f/0x1a60
[  292.972853]  netlink_rcv_skb+0x431/0x620
[  292.976939]  ? genl_unbind+0x390/0x390
[  292.980870]  genl_rcv+0x63/0x80
[  292.984186]  netlink_unicast+0xf3e/0x1020
[  292.988394]  netlink_sendmsg+0x127f/0x1300
[  292.992716]  ___sys_sendmsg+0xdb9/0x11b0
[  292.996821]  ? netlink_getsockopt+0x1460/0x1460
[  293.001531]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  293.006764]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  293.012158]  ? __fget_light+0x6e1/0x750
[  293.016174]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  293.021397]  __se_sys_sendmsg+0x305/0x460
[  293.025611]  __x64_sys_sendmsg+0x4a/0x70
[  293.029712]  do_syscall_64+0xbc/0xf0
[  293.033464]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  293.038690] RIP: 0033:0x458099
[  293.041905] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  293.060824] RSP: 002b:00007f73ff1fdc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  293.068556] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458099
[  293.075841] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[  293.083121] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  293.090405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73ff1fe6d4
[  293.097701] R13: 00000000004c5614 R14: 00000000004d9348 R15: 00000000ffffffff
[  293.105003] 
[  293.106633] Uninit was created at:
[  293.110191] No stack
[  293.112517] ==================================================================
[  293.119882] Disabling lock debugging due to kernel taint
[  293.125340] Kernel panic - not syncing: panic_on_warn set ...
[  293.131244] CPU: 1 PID: 11193 Comm: syz-executor0 Tainted: G    B             5.0.0-rc1+ #7
[  293.139739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  293.149098] Call Trace:
[  293.151722]  dump_stack+0x173/0x1d0
[  293.155380]  panic+0x3d1/0xb01
[  293.158634]  kmsan_report+0x293/0x2a0
[  293.162493]  __msan_warning+0x82/0xf0
[  293.166324]  validate_nla+0x179d/0x2690
[  293.170318]  ? do_syscall_64+0xbc/0xf0
[  293.174228]  ? __x64_sys_sendmsg+0x4a/0x70
[  293.178476]  ? do_syscall_64+0xbc/0xf0
[  293.182411]  __nla_parse+0x38a/0x7e0
[  293.186176]  nla_parse+0x119/0x130
[  293.189762]  __tipc_nl_bearer_enable+0x24e/0x1d50
[  293.194629]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  293.200024]  ? __nla_parse+0x532/0x7e0
[  293.203967]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  293.209182]  ? tipc_nl_bearer_disable+0xb0/0xb0
[  293.213869]  ? tipc_nl_bearer_disable+0xb0/0xb0
[  293.218558]  tipc_nl_compat_doit+0x756/0xaf0
[  293.223023]  tipc_nl_compat_recv+0x14d1/0x2750
[  293.227673]  ? tipc_nl_bearer_disable+0xb0/0xb0
[  293.232358]  ? tipc_nl_compat_dumpit+0x820/0x820
[  293.237140]  ? tipc_netlink_compat_stop+0x40/0x40
[  293.242001]  genl_rcv_msg+0x185f/0x1a60
[  293.246058]  netlink_rcv_skb+0x431/0x620
[  293.250133]  ? genl_unbind+0x390/0x390
[  293.254055]  genl_rcv+0x63/0x80
[  293.257357]  netlink_unicast+0xf3e/0x1020
[  293.261550]  netlink_sendmsg+0x127f/0x1300
[  293.265841]  ___sys_sendmsg+0xdb9/0x11b0
[  293.269933]  ? netlink_getsockopt+0x1460/0x1460
[  293.274636]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  293.279868]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  293.285246]  ? __fget_light+0x6e1/0x750
[  293.289258]  ? kmsan_get_shadow_origin_ptr+0x60/0x440
[  293.294480]  __se_sys_sendmsg+0x305/0x460
[  293.298696]  __x64_sys_sendmsg+0x4a/0x70
[  293.302778]  do_syscall_64+0xbc/0xf0
[  293.306515]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  293.311719] RIP: 0033:0x458099
[  293.314924] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  293.333842] RSP: 002b:00007f73ff1fdc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  293.341564] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458099
[  293.348845] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[  293.356126] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  293.363405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73ff1fe6d4
[  293.370746] R13: 00000000004c5614 R14: 00000000004d9348 R15: 00000000ffffffff
[  293.379049] Kernel Offset: disabled
[  293.382698] Rebooting in 86400 seconds..