[   97.341797] audit: type=1800 audit(1553182250.393:25): pid=10719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   97.361145] audit: type=1800 audit(1553182250.393:26): pid=10719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   97.380686] audit: type=1800 audit(1553182250.423:27): pid=10719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   98.762233] sshd (10786) used greatest stack depth: 54160 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts.
2019/03/21 15:31:05 parsed 1 programs
2019/03/21 15:31:13 executed programs: 0
syzkaller login: [  120.192396] IPVS: ftp: loaded support on port[0] = 21
[  120.292094] chnl_net:caif_netlink_parms(): no params data found
[  120.338485] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.345223] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.352783] device bridge_slave_0 entered promiscuous mode
[  120.361068] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.367860] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.375866] device bridge_slave_1 entered promiscuous mode
[  120.398916] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  120.410188] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  120.433272] team0: Port device team_slave_0 added
[  120.440979] team0: Port device team_slave_1 added
[  120.497119] device hsr_slave_0 entered promiscuous mode
[  120.544480] device hsr_slave_1 entered promiscuous mode
[  120.596968] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.603460] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.610691] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.617209] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.668499] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.682844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  120.692705] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.700969] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.709427] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  120.724611] 8021q: adding VLAN 0 to HW filter on device team0
[  120.737076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  120.745323] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.751863] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.765035] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  120.773116] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.779766] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.805175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  120.814837] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  120.836641] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  120.844960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  120.853043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  120.866374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  120.893435] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.974165] ==================================================================
[  120.981600] BUG: KMSAN: uninit-value in gre_parse_header+0x1396/0x1690
[  120.988301] CPU: 1 PID: 10888 Comm: syz-executor.0 Not tainted 5.0.0+ #16
[  120.995251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  121.004650] Call Trace:
[  121.007287]  <IRQ>
[  121.009454]  dump_stack+0x173/0x1d0
[  121.013103]  kmsan_report+0x131/0x2a0
[  121.016925]  __msan_warning+0x7a/0xf0
[  121.020742]  gre_parse_header+0x1396/0x1690
[  121.025100]  gre_rcv+0x1db/0x1720
[  121.028558]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  121.033934]  ? raw_local_deliver+0xfc/0x1960
[  121.038362]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  121.043784]  ? erspan_xmit+0x38f0/0x38f0
[  121.047884]  gre_rcv+0x2dd/0x3c0
[  121.051251]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.056437]  ? gre_parse_header+0x1690/0x1690
[  121.060933]  ip_protocol_deliver_rcu+0x584/0xbb0
[  121.065702]  ip_local_deliver+0x624/0x7b0
[  121.069870]  ? ip_local_deliver+0x7b0/0x7b0
[  121.074195]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  121.079136]  ip_rcv+0x6bd/0x740
[  121.082447]  ? ip_rcv_core+0x11d0/0x11d0
[  121.086522]  process_backlog+0x756/0x10e0
[  121.090685]  ? ip_local_deliver_finish+0x320/0x320
[  121.095648]  ? rps_trigger_softirq+0x2e0/0x2e0
[  121.100538]  net_rx_action+0x78b/0x1a60
[  121.104542]  ? net_tx_action+0xca0/0xca0
[  121.108610]  __do_softirq+0x53f/0x93a
[  121.112427]  do_softirq_own_stack+0x49/0x80
[  121.116751]  </IRQ>
[  121.119104]  __local_bh_enable_ip+0x16f/0x1a0
[  121.123617]  local_bh_enable+0x36/0x40
[  121.127618]  ip_finish_output2+0x1627/0x1820
[  121.132044]  ip_finish_output+0xd2b/0xfd0
[  121.136216]  ip_mc_output+0x117a/0x1700
[  121.140240]  ? ip_mc_finish_output+0x3b0/0x3b0
[  121.144866]  ? ip_build_and_send_pkt+0xe80/0xe80
[  121.149624]  raw_sendmsg+0x4182/0x4610
[  121.153550]  ? aa_sk_perm+0x605/0x950
[  121.157372]  ? raw_getfrag+0x590/0x590
[  121.161280]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.166483]  ? compat_raw_ioctl+0x100/0x100
[  121.170807]  inet_sendmsg+0x54a/0x720
[  121.174647]  ? inet_getname+0x490/0x490
[  121.178661]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.184140]  ? inet_getname+0x490/0x490
[  121.188139]  __sys_sendto+0x8c4/0xac0
[  121.191980]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.197177]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  121.202638]  ? prepare_exit_to_usermode+0x114/0x420
[  121.207671]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.212862]  ? syscall_return_slowpath+0x50/0x650
[  121.217716]  __se_sys_sendto+0x107/0x130
[  121.221794]  __x64_sys_sendto+0x6e/0x90
[  121.225780]  do_syscall_64+0xbc/0xf0
[  121.229499]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  121.234716] RIP: 0033:0x458079
[  121.237929] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  121.256860] RSP: 002b:00007ffd4b3356b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  121.264586] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458079
[  121.271872] RDX: 0000000000000370 RSI: 00000000200000c0 RDI: 0000000000000003
[  121.279158] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000007003
[  121.286475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001d73914
[  121.293764] R13: 00000000004c5718 R14: 00000000004d9698 R15: 00000000ffffffff
[  121.301144] 
[  121.302770] Uninit was stored to memory at:
[  121.307092]  kmsan_internal_chain_origin+0x134/0x230
[  121.312192]  kmsan_memcpy_memmove_metadata+0xb5b/0xfe0
[  121.317469]  kmsan_memcpy_metadata+0xb/0x10
[  121.321787]  __msan_memcpy+0x58/0x70
[  121.325499]  pskb_expand_head+0x34c/0x18f0
[  121.329734]  ip_tunnel_xmit+0x3290/0x3ca0
[  121.333895]  erspan_xmit+0x27c7/0x38f0
[  121.337796]  dev_hard_start_xmit+0x604/0xc40
[  121.342338]  sch_direct_xmit+0x58a/0x880
[  121.346425]  __qdisc_run+0x1cb7/0x34d0
[  121.350319]  __dev_queue_xmit+0x215c/0x3b80
[  121.357558]  dev_queue_xmit+0x4b/0x60
[  121.363659]  neigh_resolve_output+0xab7/0xb40
[  121.368192]  ip_finish_output2+0x1611/0x1820
[  121.372613]  ip_finish_output+0xd2b/0xfd0
[  121.376781]  ip_mc_output+0x117a/0x1700
[  121.380763]  raw_sendmsg+0x4182/0x4610
[  121.384662]  inet_sendmsg+0x54a/0x720
[  121.388458]  __sys_sendto+0x8c4/0xac0
[  121.392256]  __se_sys_sendto+0x107/0x130
[  121.396316]  __x64_sys_sendto+0x6e/0x90
[  121.400307]  do_syscall_64+0xbc/0xf0
[  121.404053]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  121.409240] 
[  121.410859] Uninit was created at:
[  121.414502]  kmsan_internal_poison_shadow+0x92/0x150
[  121.419609]  kmsan_kmalloc+0xa6/0x130
[  121.423544]  kmsan_slab_alloc+0xe/0x10
[  121.427427]  __kmalloc_node_track_caller+0xe9e/0xff0
[  121.432532]  __alloc_skb+0x309/0xa20
[  121.436246]  alloc_skb_with_frags+0x186/0xa60
[  121.440738]  sock_alloc_send_pskb+0xafd/0x10a0
[  121.445330]  sock_alloc_send_skb+0xca/0xe0
[  121.449575]  raw_sendmsg+0x25f5/0x4610
[  121.453458]  inet_sendmsg+0x54a/0x720
[  121.457365]  __sys_sendto+0x8c4/0xac0
[  121.461171]  __se_sys_sendto+0x107/0x130
[  121.465227]  __x64_sys_sendto+0x6e/0x90
[  121.469199]  do_syscall_64+0xbc/0xf0
[  121.472924]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  121.478107] ==================================================================
[  121.485482] Disabling lock debugging due to kernel taint
[  121.490946] Kernel panic - not syncing: panic_on_warn set ...
[  121.496839] CPU: 1 PID: 10888 Comm: syz-executor.0 Tainted: G    B             5.0.0+ #16
[  121.505165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  121.514521] Call Trace:
[  121.517106]  <IRQ>
[  121.519258]  dump_stack+0x173/0x1d0
[  121.522890]  panic+0x3d1/0xb01
[  121.526114]  kmsan_report+0x29a/0x2a0
[  121.529924]  __msan_warning+0x7a/0xf0
[  121.533743]  gre_parse_header+0x1396/0x1690
[  121.538105]  gre_rcv+0x1db/0x1720
[  121.541567]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  121.546931]  ? raw_local_deliver+0xfc/0x1960
[  121.551377]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  121.556790]  ? erspan_xmit+0x38f0/0x38f0
[  121.560861]  gre_rcv+0x2dd/0x3c0
[  121.564331]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.569543]  ? gre_parse_header+0x1690/0x1690
[  121.574039]  ip_protocol_deliver_rcu+0x584/0xbb0
[  121.578860]  ip_local_deliver+0x624/0x7b0
[  121.583045]  ? ip_local_deliver+0x7b0/0x7b0
[  121.587399]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  121.592334]  ip_rcv+0x6bd/0x740
[  121.595637]  ? ip_rcv_core+0x11d0/0x11d0
[  121.599702]  process_backlog+0x756/0x10e0
[  121.603897]  ? ip_local_deliver_finish+0x320/0x320
[  121.608861]  ? rps_trigger_softirq+0x2e0/0x2e0
[  121.613446]  net_rx_action+0x78b/0x1a60
[  121.617440]  ? net_tx_action+0xca0/0xca0
[  121.621501]  __do_softirq+0x53f/0x93a
[  121.625314]  do_softirq_own_stack+0x49/0x80
[  121.629628]  </IRQ>
[  121.631864]  __local_bh_enable_ip+0x16f/0x1a0
[  121.636370]  local_bh_enable+0x36/0x40
[  121.640260]  ip_finish_output2+0x1627/0x1820
[  121.645029]  ip_finish_output+0xd2b/0xfd0
[  121.649555]  ip_mc_output+0x117a/0x1700
[  121.653552]  ? ip_mc_finish_output+0x3b0/0x3b0
[  121.658163]  ? ip_build_and_send_pkt+0xe80/0xe80
[  121.662925]  raw_sendmsg+0x4182/0x4610
[  121.666877]  ? aa_sk_perm+0x605/0x950
[  121.671231]  ? raw_getfrag+0x590/0x590
[  121.675128]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.680370]  ? compat_raw_ioctl+0x100/0x100
[  121.684843]  inet_sendmsg+0x54a/0x720
[  121.688670]  ? inet_getname+0x490/0x490
[  121.692657]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.697869]  ? inet_getname+0x490/0x490
[  121.701865]  __sys_sendto+0x8c4/0xac0
[  121.705713]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.710948]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  121.716432]  ? prepare_exit_to_usermode+0x114/0x420
[  121.722248]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  121.727458]  ? syscall_return_slowpath+0x50/0x650
[  121.732310]  __se_sys_sendto+0x107/0x130
[  121.736389]  __x64_sys_sendto+0x6e/0x90
[  121.740367]  do_syscall_64+0xbc/0xf0
[  121.744105]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  121.749303] RIP: 0033:0x458079
[  121.752503] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  121.771446] RSP: 002b:00007ffd4b3356b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  121.779173] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458079
[  121.786440] RDX: 0000000000000370 RSI: 00000000200000c0 RDI: 0000000000000003
[  121.793718] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000007003
[  121.801027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001d73914
[  121.808300] R13: 00000000004c5718 R14: 00000000004d9698 R15: 00000000ffffffff
[  121.816368] Kernel Offset: disabled
[  121.820008] Rebooting in 86400 seconds..