[ 70.151972][ T30] audit: type=1800 audit(1561995721.206:25): pid=11173 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 70.176206][ T30] audit: type=1800 audit(1561995721.236:26): pid=11173 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 70.210078][ T30] audit: type=1800 audit(1561995721.256:27): pid=11173 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 72.082727][T11312] bash (11312) used greatest stack depth: 53288 bytes left
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts.
2019/07/01 15:42:12 fuzzer started
2019/07/01 15:42:18 dialing manager at 10.128.0.26:37509
2019/07/01 15:42:18 syscalls: 2347
2019/07/01 15:42:18 code coverage: enabled
2019/07/01 15:42:18 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/07/01 15:42:18 extra coverage: enabled
2019/07/01 15:42:18 setuid sandbox: enabled
2019/07/01 15:42:18 namespace sandbox: enabled
2019/07/01 15:42:18 Android sandbox: /sys/fs/selinux/policy does not exist
2019/07/01 15:42:18 fault injection: enabled
2019/07/01 15:42:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/07/01 15:42:18 net packet injection: enabled
2019/07/01 15:42:18 net device setup: enabled
15:44:27 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c)
recvfrom$inet6(r2, &(0x7f00000001c0)=""/31, 0xfffffffffffffe3c, 0x100, &(0x7f0000001880), 0x17c)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$can_raw(0x1d, 0x3, 0x1)
accept4$packet(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
socket$isdn(0x22, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
shutdown(r2, 0x1)
r3 = accept4(r1, 0x0, 0x0, 0x0)
sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x16, 0x0, 0x300)
syzkaller login: [ 216.403658][T11338] IPVS: ftp: loaded support on port[0] = 21
[ 216.525036][T11338] chnl_net:caif_netlink_parms(): no params data found
[ 216.577202][T11338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 216.584533][T11338] bridge0: port 1(bridge_slave_0) entered disabled state
[ 216.593474][T11338] device bridge_slave_0 entered promiscuous mode
[ 216.602981][T11338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 216.610217][T11338] bridge0: port 2(bridge_slave_1) entered disabled state
[ 216.619012][T11338] device bridge_slave_1 entered promiscuous mode
[ 216.648353][T11338] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 216.660414][T11338] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 216.689663][T11338] team0: Port device team_slave_0 added
[ 216.698849][T11338] team0: Port device team_slave_1 added
[ 216.826796][T11338] device hsr_slave_0 entered promiscuous mode
[ 216.993618][T11338] device hsr_slave_1 entered promiscuous mode
[ 217.209707][T11338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 217.217045][T11338] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 217.224756][T11338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 217.231993][T11338] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 217.300742][T11338] 8021q: adding VLAN 0 to HW filter on device bond0
[ 217.319451][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 217.330551][ T3055] bridge0: port 1(bridge_slave_0) entered disabled state
[ 217.341260][ T3055] bridge0: port 2(bridge_slave_1) entered disabled state
[ 217.351567][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 217.372579][T11338] 8021q: adding VLAN 0 to HW filter on device team0
[ 217.390290][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 217.399721][ T3055] bridge0: port 1(bridge_slave_0) entered blocking state
[ 217.407017][ T3055] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 217.451396][T11338] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 217.462390][T11338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 217.479400][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 217.488696][ T3055] bridge0: port 2(bridge_slave_1) entered blocking state
[ 217.496177][ T3055] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 217.506602][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 217.516529][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 217.525862][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 217.535257][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 217.553540][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 217.561570][ T3055] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 217.577755][T11338] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 217.712421][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 217.784592][ C1] ==================================================================
[ 217.792987][ C1] BUG: KMSAN: uninit-value in tcp_create_openreq_child+0x157f/0x1cc0
[ 217.801061][ C1] CPU: 1 PID: 11346 Comm: syz-executor.0 Not tainted 5.2.0-rc4+ #7
[ 217.809368][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 217.821032][ C1] Call Trace:
[ 217.824315][ C1]
[ 217.827266][ C1] dump_stack+0x191/0x1f0
[ 217.831604][ C1] kmsan_report+0x162/0x2d0
[ 217.836112][ C1] __msan_warning+0x75/0xe0
[ 217.840834][ C1] tcp_create_openreq_child+0x157f/0x1cc0
[ 217.847042][ C1] tcp_v6_syn_recv_sock+0x761/0x2d80
[ 217.852350][ C1] ? __msan_poison_alloca+0x1c0/0x270
[ 217.857726][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 217.863705][ C1] ? cookie_v6_check+0x27e0/0x29a0
[ 217.868827][ C1] ? tcp_v6_conn_request+0x2d0/0x2d0
[ 217.874290][ C1] tcp_get_cookie_sock+0x16e/0x6b0
[ 217.879418][ C1] cookie_v6_check+0x27e0/0x29a0
[ 217.884395][ C1] tcp_v6_do_rcv+0xf1c/0x1ce0
[ 217.889075][ C1] ? kmsan_memcpy_memmove_metadata+0x8bc/0xe00
[ 217.895246][ C1] tcp_v6_rcv+0x60b7/0x6a30
[ 217.899931][ C1] ip6_protocol_deliver_rcu+0x1433/0x22f0
[ 217.905714][ C1] ip6_input+0x2af/0x340
[ 217.909965][ C1] ? ip6_input+0x340/0x340
[ 217.914387][ C1] ? ip6_protocol_deliver_rcu+0x22f0/0x22f0
[ 217.920279][ C1] ipv6_rcv+0x683/0x710
[ 217.924443][ C1] ? local_bh_enable+0x40/0x40
[ 217.929387][ C1] process_backlog+0x721/0x1410
[ 217.934259][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 217.940156][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 217.946056][ C1] ? rps_trigger_softirq+0x2e0/0x2e0
[ 217.951346][ C1] net_rx_action+0x738/0x1940
[ 217.956223][ C1] ? net_tx_action+0xb70/0xb70
[ 217.960990][ C1] __do_softirq+0x4ad/0x858
[ 217.965509][ C1] do_softirq_own_stack+0x49/0x80
[ 217.970520][ C1]
[ 217.973457][ C1] __local_bh_enable_ip+0x199/0x1e0
[ 217.979009][ C1] local_bh_enable+0x36/0x40
[ 217.983604][ C1] ip6_finish_output2+0x213f/0x2670
[ 217.988838][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 217.994785][ C1] ip6_finish_output+0xae4/0xbc0
[ 217.999956][ C1] ip6_output+0x5d3/0x720
[ 218.004324][ C1] ? ip6_output+0x720/0x720
[ 218.008842][ C1] ? ac6_seq_show+0x200/0x200
[ 218.014137][ C1] ip6_xmit+0x1f53/0x2650
[ 218.018503][ C1] ? ip6_xmit+0x2650/0x2650
[ 218.023044][ C1] inet6_csk_xmit+0x3df/0x4f0
[ 218.027741][ C1] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0
[ 218.033381][ C1] __tcp_transmit_skb+0x4076/0x5b40
[ 218.038613][ C1] tcp_write_xmit+0x39a9/0xa730
[ 218.043506][ C1] ? memcg_kmem_put_cache+0x42/0x250
[ 218.049254][ C1] ? kmsan_get_shadow_origin_ptr+0x10/0x470
[ 218.055157][ C1] __tcp_push_pending_frames+0x124/0x4e0
[ 218.060887][ C1] tcp_send_fin+0xd43/0x1540
[ 218.065490][ C1] tcp_shutdown+0x18a/0x1f0
[ 218.070111][ C1] ? tcp_set_state+0x9b0/0x9b0
[ 218.074974][ C1] inet_shutdown+0x34b/0x5f0
[ 218.079578][ C1] ? inet_recvmsg+0x640/0x640
[ 218.084259][ C1] __se_sys_shutdown+0x28b/0x3e0
[ 218.089204][ C1] __x64_sys_shutdown+0x3e/0x60
[ 218.094060][ C1] do_syscall_64+0xbc/0xf0
[ 218.098487][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 218.104377][ C1] RIP: 0033:0x459519
[ 218.108271][ C1] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 218.128230][ C1] RSP: 002b:00007f47b899cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
[ 218.136648][ C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000459519
[ 218.145928][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000006
[ 218.153921][ C1] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[ 218.161926][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47b899d6d4
[ 218.169992][ C1] R13: 00000000004c7e9d R14: 00000000004de600 R15: 00000000ffffffff
[ 218.177980][ C1]
[ 218.180307][ C1] Uninit was created at:
[ 218.184552][ C1] kmsan_internal_poison_shadow+0x53/0xa0
[ 218.190550][ C1] kmsan_kmalloc+0xa4/0x130
[ 218.195064][ C1] kmem_cache_alloc+0x534/0xb00
[ 218.199933][ C1] inet_reqsk_alloc+0xa8/0x600
[ 218.204698][ C1] cookie_v6_check+0xadb/0x29a0
[ 218.209555][ C1] tcp_v6_do_rcv+0xf1c/0x1ce0
[ 218.214245][ C1] tcp_v6_rcv+0x60b7/0x6a30
[ 218.219023][ C1] ip6_protocol_deliver_rcu+0x1433/0x22f0
[ 218.224743][ C1] ip6_input+0x2af/0x340
[ 218.229094][ C1] ipv6_rcv+0x683/0x710
[ 218.233295][ C1] process_backlog+0x721/0x1410
[ 218.238347][ C1] net_rx_action+0x738/0x1940
[ 218.243022][ C1] __do_softirq+0x4ad/0x858
[ 218.247524][ C1] do_softirq_own_stack+0x49/0x80
[ 218.252719][ C1] __local_bh_enable_ip+0x199/0x1e0
[ 218.257916][ C1] local_bh_enable+0x36/0x40
[ 218.262588][ C1] ip6_finish_output2+0x213f/0x2670
[ 218.267782][ C1] ip6_finish_output+0xae4/0xbc0
[ 218.272716][ C1] ip6_output+0x5d3/0x720
[ 218.277039][ C1] ip6_xmit+0x1f53/0x2650
[ 218.281367][ C1] inet6_csk_xmit+0x3df/0x4f0
[ 218.286053][ C1] __tcp_transmit_skb+0x4076/0x5b40
[ 218.291244][ C1] tcp_write_xmit+0x39a9/0xa730
[ 218.296096][ C1] __tcp_push_pending_frames+0x124/0x4e0
[ 218.301720][ C1] tcp_send_fin+0xd43/0x1540
[ 218.306311][ C1] tcp_shutdown+0x18a/0x1f0
[ 218.310902][ C1] inet_shutdown+0x34b/0x5f0
[ 218.315575][ C1] __se_sys_shutdown+0x28b/0x3e0
[ 218.320505][ C1] __x64_sys_shutdown+0x3e/0x60
[ 218.325358][ C1] do_syscall_64+0xbc/0xf0
[ 218.329782][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 218.335669][ C1] ==================================================================
[ 218.343721][ C1] Disabling lock debugging due to kernel taint
[ 218.349865][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 218.356453][ C1] CPU: 1 PID: 11346 Comm: syz-executor.0 Tainted: G B 5.2.0-rc4+ #7
[ 218.366070][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 218.376126][ C1] Call Trace:
[ 218.379411][ C1]
[ 218.382360][ C1] dump_stack+0x191/0x1f0
[ 218.386875][ C1] panic+0x3c9/0xc1e
[ 218.390999][ C1] kmsan_report+0x2ca/0x2d0
[ 218.395509][ C1] __msan_warning+0x75/0xe0
[ 218.400019][ C1] tcp_create_openreq_child+0x157f/0x1cc0
[ 218.405855][ C1] tcp_v6_syn_recv_sock+0x761/0x2d80
[ 218.411607][ C1] ? __msan_poison_alloca+0x1c0/0x270
[ 218.417160][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 218.423058][ C1] ? cookie_v6_check+0x27e0/0x29a0
[ 218.428171][ C1] ? tcp_v6_conn_request+0x2d0/0x2d0
[ 218.433459][ C1] tcp_get_cookie_sock+0x16e/0x6b0
[ 218.438583][ C1] cookie_v6_check+0x27e0/0x29a0
[ 218.443563][ C1] tcp_v6_do_rcv+0xf1c/0x1ce0
[ 218.448244][ C1] ? kmsan_memcpy_memmove_metadata+0x8bc/0xe00
[ 218.454429][ C1] tcp_v6_rcv+0x60b7/0x6a30
[ 218.459073][ C1] ip6_protocol_deliver_rcu+0x1433/0x22f0
[ 218.464828][ C1] ip6_input+0x2af/0x340
[ 218.469075][ C1] ? ip6_input+0x340/0x340
[ 218.473493][ C1] ? ip6_protocol_deliver_rcu+0x22f0/0x22f0
[ 218.479386][ C1] ipv6_rcv+0x683/0x710
[ 218.483743][ C1] ? local_bh_enable+0x40/0x40
[ 218.488516][ C1] process_backlog+0x721/0x1410
[ 218.493378][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 218.499282][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 218.505359][ C1] ? rps_trigger_softirq+0x2e0/0x2e0
[ 218.510639][ C1] net_rx_action+0x738/0x1940
[ 218.515339][ C1] ? net_tx_action+0xb70/0xb70
[ 218.520102][ C1] __do_softirq+0x4ad/0x858
[ 218.524614][ C1] do_softirq_own_stack+0x49/0x80
[ 218.529637][ C1]
[ 218.532585][ C1] __local_bh_enable_ip+0x199/0x1e0
[ 218.537794][ C1] local_bh_enable+0x36/0x40
[ 218.542483][ C1] ip6_finish_output2+0x213f/0x2670
[ 218.547709][ C1] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 218.553696][ C1] ip6_finish_output+0xae4/0xbc0
[ 218.558675][ C1] ip6_output+0x5d3/0x720
[ 218.563377][ C1] ? ip6_output+0x720/0x720
[ 218.567879][ C1] ? ac6_seq_show+0x200/0x200
[ 218.572555][ C1] ip6_xmit+0x1f53/0x2650
[ 218.576911][ C1] ? ip6_xmit+0x2650/0x2650
[ 218.581420][ C1] inet6_csk_xmit+0x3df/0x4f0
[ 218.586137][ C1] ? inet6_csk_addr2sockaddr+0x2c0/0x2c0
[ 218.591775][ C1] __tcp_transmit_skb+0x4076/0x5b40
[ 218.597097][ C1] tcp_write_xmit+0x39a9/0xa730
[ 218.601979][ C1] ? memcg_kmem_put_cache+0x42/0x250
[ 218.607291][ C1] ? kmsan_get_shadow_origin_ptr+0x10/0x470
[ 218.613203][ C1] __tcp_push_pending_frames+0x124/0x4e0
[ 218.619021][ C1] tcp_send_fin+0xd43/0x1540
[ 218.623625][ C1] tcp_shutdown+0x18a/0x1f0
[ 218.628135][ C1] ? tcp_set_state+0x9b0/0x9b0
[ 218.632902][ C1] inet_shutdown+0x34b/0x5f0
[ 218.638887][ C1] ? inet_recvmsg+0x640/0x640
[ 218.643567][ C1] __se_sys_shutdown+0x28b/0x3e0
[ 218.648516][ C1] __x64_sys_shutdown+0x3e/0x60
[ 218.653367][ C1] do_syscall_64+0xbc/0xf0
[ 218.657783][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 218.663670][ C1] RIP: 0033:0x459519
[ 218.667827][ C1] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 218.687439][ C1] RSP: 002b:00007f47b899cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
[ 218.696024][ C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000459519
[ 218.703993][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000006
[ 218.711960][ C1] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[ 218.720125][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47b899d6d4
[ 218.728097][ C1] R13: 00000000004c7e9d R14: 00000000004de600 R15: 00000000ffffffff
[ 218.737331][ C1] Kernel Offset: disabled
[ 218.741924][ C1] Rebooting in 86400 seconds..