[   77.846348][   T32] audit: type=1800 audit(1569146076.896:25): pid=11583 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   77.882071][   T32] audit: type=1800 audit(1569146076.916:26): pid=11583 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   77.902449][   T32] audit: type=1800 audit(1569146076.926:27): pid=11583 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   78.205001][T11660] cron (11660) used greatest stack depth: 52088 bytes left
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts.
2019/09/22 09:54:48 fuzzer started
2019/09/22 09:54:52 dialing manager at 10.128.0.26:42045
2019/09/22 09:54:53 syscalls: 2382
2019/09/22 09:54:53 code coverage: enabled
2019/09/22 09:54:53 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/09/22 09:54:53 extra coverage: enabled
2019/09/22 09:54:53 setuid sandbox: enabled
2019/09/22 09:54:53 namespace sandbox: enabled
2019/09/22 09:54:53 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/22 09:54:53 fault injection: enabled
2019/09/22 09:54:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/22 09:54:53 net packet injection: enabled
2019/09/22 09:54:53 net device setup: enabled
09:57:32 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000300)="5500000018007f5300fe01b2a4a280930a600000ffa84306910000003900070035000c0006ffffffffffffff00000000000000dc1338d54400009b84136ef75afb83de0000001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0)

syzkaller login: [  253.897099][T11749] IPVS: ftp: loaded support on port[0] = 21
[  254.030801][T11749] chnl_net:caif_netlink_parms(): no params data found
[  254.083592][T11749] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.090806][T11749] bridge0: port 1(bridge_slave_0) entered disabled state
[  254.099683][T11749] device bridge_slave_0 entered promiscuous mode
[  254.109003][T11749] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.116301][T11749] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.125028][T11749] device bridge_slave_1 entered promiscuous mode
[  254.156551][T11749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  254.168967][T11749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  254.201845][T11749] team0: Port device team_slave_0 added
[  254.210981][T11749] team0: Port device team_slave_1 added
[  254.296381][T11749] device hsr_slave_0 entered promiscuous mode
[  254.512656][T11749] device hsr_slave_1 entered promiscuous mode
[  254.792535][T11749] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.799753][T11749] bridge0: port 2(bridge_slave_1) entered forwarding state
[  254.807559][T11749] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.814803][T11749] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.889202][T11749] 8021q: adding VLAN 0 to HW filter on device bond0
[  254.909133][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  254.921470][ T3869] bridge0: port 1(bridge_slave_0) entered disabled state
[  254.932251][ T3869] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.946451][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  254.966333][T11749] 8021q: adding VLAN 0 to HW filter on device team0
[  254.983994][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  254.993090][ T3869] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.000311][ T3869] bridge0: port 1(bridge_slave_0) entered forwarding state
[  255.018204][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  255.027903][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  255.037049][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.044353][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.061044][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  255.082751][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  255.092676][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  255.103090][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  255.130825][T11749] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  255.141443][T11749] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  255.155667][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  255.164898][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  255.174613][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  255.184412][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  255.193791][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  255.203414][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  255.212722][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  255.224025][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  255.257065][T11749] 8021q: adding VLAN 0 to HW filter on device batadv0
09:57:34 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x3, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000d000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000001c0)="bad004ecb828018ee00f20c06635100000000f22c066b9800000c00f326635010000000f3026262e2e0f381d9cac000f797e3826660f3a0d882ba7fc660f2206f0fe8d0800f20f01f9", 0x49}], 0x1, 0x0, 0x0, 0xfffffffffffffdc5)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000004cb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  255.448116][T11759] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
09:57:34 executing program 0:
r0 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="a4ab12f728db4b2b4d2f2f3f06ad273b1e89e46f905080af4c90ccb170e60b3a8b", 0x21}], 0x4, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x13)
ptrace$cont(0x18, r1, 0x0, 0x0)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)

[  255.701468][T11766] ptrace attach of "/root/syz-executor.0"[11764] was attempted by "/root/syz-executor.0"[11766]
09:57:35 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = perf_event_open$cgroup(&(0x7f0000000080)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0)

[  257.156098][T11769] IPVS: ftp: loaded support on port[0] = 21
[  257.293292][T11769] chnl_net:caif_netlink_parms(): no params data found
[  257.349097][T11769] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.356517][T11769] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.365180][T11769] device bridge_slave_0 entered promiscuous mode
[  257.376270][T11769] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.383639][T11769] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.392373][T11769] device bridge_slave_1 entered promiscuous mode
[  257.423845][T11769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  257.436535][T11769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  257.469541][T11769] team0: Port device team_slave_0 added
[  257.479017][T11769] team0: Port device team_slave_1 added
[  257.777053][T11769] device hsr_slave_0 entered promiscuous mode
[  258.013494][T11769] device hsr_slave_1 entered promiscuous mode
[  258.112036][T11769] debugfs: Directory 'hsr0' with parent '/' already present!
[  258.142066][T11769] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.149291][T11769] bridge0: port 2(bridge_slave_1) entered forwarding state
[  258.157189][T11769] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.164414][T11769] bridge0: port 1(bridge_slave_0) entered forwarding state
[  258.248127][T11769] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.270551][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  258.284044][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.294783][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.309058][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  258.329359][T11769] 8021q: adding VLAN 0 to HW filter on device team0
[  258.346055][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  258.356046][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  258.365261][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.372496][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  258.424638][T11769] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  258.435487][T11769] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  258.451925][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  258.461391][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  258.470676][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.477933][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  258.487232][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  258.497260][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  258.507253][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  258.517081][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  258.526623][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  258.536421][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  258.545958][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  258.555210][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  258.564991][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  258.574207][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  258.589544][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  258.598531][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  258.627515][T11769] 8021q: adding VLAN 0 to HW filter on device batadv0
09:57:37 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x806)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x10, 0x0, &(0x7f0000000300)=ANY=[@ANYPTR64, @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000180000000000000030"]], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000040)=[@register_looper], 0x48, 0x0, &(0x7f00000000c0)="70e1d068f9e650933538f09b570c48d49b023f40e514d81278c1b812f5a66963202662c071e6d5681b0b301cf8fafa7fa1a905dfe9848d8206b9c5c2f1dfb471b2a5430fff124547"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x44, 0x0, &(0x7f0000000480)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

09:57:37 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
socket$packet(0x11, 0x3, 0x300)
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000a00)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="9e4301000006000000011fe4ac14140ceb", 0x11}], 0x1}, 0x0)

[  258.808139][T11780] debugfs: File '11779' in directory 'proc' already present!
[  258.844934][T11780] binder: 11779:11780 unknown command 0
[  258.850711][T11780] binder: 11779:11780 ioctl c0306201 20000440 returned -22
09:57:37 executing program 0:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
close(r0)
openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x14})
r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc0109207, &(0x7f0000000100))
epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x2)
r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x8000)
r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f00000001c0)={0x4})

[  258.864562][T11780] binder: 11779:11780 ioctl c0306201 200001c0 returned -11
[  258.874862][T11780] debugfs: File '11779' in directory 'proc' already present!
[  258.886080][T11785] binder: 11779:11785 unknown command 0
[  258.891703][T11785] binder: 11779:11785 ioctl c0306201 20000440 returned -22
[  258.943660][T11787] ==================================================================
[  258.951891][T11787] BUG: KMSAN: uninit-value in __ip_select_ident+0x34f/0x640
[  258.959203][T11787] CPU: 1 PID: 11787 Comm: syz-executor.1 Not tainted 5.3.0-rc7+ #0
[  258.967099][T11787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  258.977166][T11787] Call Trace:
[  258.980572][T11787]  dump_stack+0x191/0x1f0
[  258.985023][T11787]  kmsan_report+0x162/0x2d0
[  258.989556][T11787]  __msan_warning+0x75/0xe0
[  258.994158][T11787]  __ip_select_ident+0x34f/0x640
[  258.999196][T11787]  iptunnel_xmit+0x80e/0xdc0
[  259.003830][T11787]  ip_tunnel_xmit+0x2c3e/0x3320
[  259.008767][T11787]  ipgre_xmit+0xff3/0x1120
[  259.013288][T11787]  ? ipgre_close+0x240/0x240
[  259.017913][T11787]  dev_hard_start_xmit+0x51a/0xab0
[  259.023051][T11787]  __dev_queue_xmit+0x394d/0x4270
[  259.028110][T11787]  dev_queue_xmit+0x4b/0x60
[  259.032613][T11787]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  259.037988][T11787]  packet_sendmsg+0x82d7/0x92e0
[  259.042850][T11787]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  259.048998][T11787]  ? aa_label_sk_perm+0x6d6/0x940
[  259.054067][T11787]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  259.059968][T11787]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  259.066169][T11787]  ? rw_copy_check_uvector+0x149/0x650
[  259.071703][T11787]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  259.077605][T11787]  ? aa_sk_perm+0x730/0xaf0
[  259.082733][T11787]  ? s2255_set_mode+0x2db/0x1a60
[  259.087703][T11787]  ? compat_packet_setsockopt+0x360/0x360
[  259.093494][T11787]  ___sys_sendmsg+0x14ff/0x1590
[  259.098360][T11787]  ? s2255_set_mode+0x1e0/0x1a60
[  259.103324][T11787]  ? kmsan_set_origin+0x6a/0xf0
[  259.108241][T11787]  ? __fget_light+0x6b1/0x710
[  259.113054][T11787]  __se_sys_sendmsg+0x305/0x460
[  259.117940][T11787]  __x64_sys_sendmsg+0x4a/0x70
[  259.122783][T11787]  do_syscall_64+0xbc/0xf0
[  259.127251][T11787]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  259.133144][T11787] RIP: 0033:0x459a09
[  259.137040][T11787] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  259.156644][T11787] RSP: 002b:00007fdcb262bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  259.165060][T11787] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a09
[  259.173037][T11787] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000005
[  259.181008][T11787] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[  259.189078][T11787] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcb262c6d4
[  259.197047][T11787] R13: 00000000004c78af R14: 00000000004dd268 R15: 00000000ffffffff
[  259.205126][T11787] 
[  259.207457][T11787] Uninit was stored to memory at:
[  259.212485][T11787]  kmsan_internal_chain_origin+0xcc/0x150
[  259.218203][T11787]  __msan_chain_origin+0x6b/0xe0
[  259.223140][T11787]  iptunnel_xmit+0xad2/0xdc0
[  259.227730][T11787]  ip_tunnel_xmit+0x2c3e/0x3320
[  259.232576][T11787]  ipgre_xmit+0xff3/0x1120
[  259.236989][T11787]  dev_hard_start_xmit+0x51a/0xab0
[  259.242099][T11787]  __dev_queue_xmit+0x394d/0x4270
[  259.247118][T11787]  dev_queue_xmit+0x4b/0x60
[  259.251622][T11787]  packet_sendmsg+0x82d7/0x92e0
[  259.256472][T11787]  ___sys_sendmsg+0x14ff/0x1590
[  259.261317][T11787]  __se_sys_sendmsg+0x305/0x460
[  259.266161][T11787]  __x64_sys_sendmsg+0x4a/0x70
[  259.270925][T11787]  do_syscall_64+0xbc/0xf0
[  259.275356][T11787]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  259.281234][T11787] 
[  259.283556][T11787] Uninit was stored to memory at:
[  259.288672][T11787]  kmsan_internal_chain_origin+0xcc/0x150
[  259.294400][T11787]  __msan_chain_origin+0x6b/0xe0
[  259.299334][T11787]  ip_tunnel_xmit+0x9ee/0x3320
[  259.304229][T11787]  ipgre_xmit+0xff3/0x1120
[  259.308745][T11787]  dev_hard_start_xmit+0x51a/0xab0
[  259.313852][T11787]  __dev_queue_xmit+0x394d/0x4270
[  259.318874][T11787]  dev_queue_xmit+0x4b/0x60
[  259.323379][T11787]  packet_sendmsg+0x82d7/0x92e0
[  259.328228][T11787]  ___sys_sendmsg+0x14ff/0x1590
[  259.333074][T11787]  __se_sys_sendmsg+0x305/0x460
[  259.338096][T11787]  __x64_sys_sendmsg+0x4a/0x70
[  259.342855][T11787]  do_syscall_64+0xbc/0xf0
[  259.347274][T11787]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  259.353169][T11787] 
[  259.355485][T11787] Uninit was stored to memory at:
[  259.360508][T11787]  kmsan_internal_chain_origin+0xcc/0x150
[  259.366225][T11787]  kmsan_memcpy_memmove_metadata+0x25b/0x2d0
[  259.372304][T11787]  kmsan_memcpy_metadata+0xb/0x10
[  259.377321][T11787]  __msan_memcpy+0x56/0x70
[  259.381737][T11787]  pskb_expand_head+0x38a/0x19f0
[  259.386761][T11787]  ipgre_xmit+0x6d9/0x1120
[  259.391175][T11787]  dev_hard_start_xmit+0x51a/0xab0
[  259.396367][T11787]  __dev_queue_xmit+0x394d/0x4270
[  259.401394][T11787]  dev_queue_xmit+0x4b/0x60
[  259.405899][T11787]  packet_sendmsg+0x82d7/0x92e0
[  259.411189][T11787]  ___sys_sendmsg+0x14ff/0x1590
[  259.416037][T11787]  __se_sys_sendmsg+0x305/0x460
[  259.420881][T11787]  __x64_sys_sendmsg+0x4a/0x70
[  259.425640][T11787]  do_syscall_64+0xbc/0xf0
[  259.430055][T11787]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  259.436213][T11787] 
[  259.438534][T11787] Uninit was created at:
[  259.442774][T11787]  kmsan_internal_poison_shadow+0x58/0xb0
[  259.448490][T11787]  kmsan_slab_alloc+0xaa/0x120
[  259.453309][T11787]  __kmalloc_node_track_caller+0xb55/0x1320
[  259.459203][T11787]  __alloc_skb+0x306/0xa10
[  259.463818][T11787]  alloc_skb_with_frags+0x18c/0xa80
[  259.469035][T11787]  sock_alloc_send_pskb+0xafd/0x10a0
[  259.474327][T11787]  packet_sendmsg+0x6785/0x92e0
[  259.479180][T11787]  ___sys_sendmsg+0x14ff/0x1590
[  259.484030][T11787]  __se_sys_sendmsg+0x305/0x460
[  259.488885][T11787]  __x64_sys_sendmsg+0x4a/0x70
[  259.493652][T11787]  do_syscall_64+0xbc/0xf0
[  259.498074][T11787]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  259.503955][T11787] ==================================================================
[  259.512017][T11787] Disabling lock debugging due to kernel taint
[  259.518185][T11787] Kernel panic - not syncing: panic_on_warn set ...
[  259.524788][T11787] CPU: 1 PID: 11787 Comm: syz-executor.1 Tainted: G    B             5.3.0-rc7+ #0
[  259.534146][T11787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  259.544207][T11787] Call Trace:
[  259.547598][T11787]  dump_stack+0x191/0x1f0
[  259.552026][T11787]  panic+0x3c9/0xc1e
[  259.555954][T11787]  kmsan_report+0x2ca/0x2d0
[  259.560468][T11787]  __msan_warning+0x75/0xe0
[  259.564980][T11787]  __ip_select_ident+0x34f/0x640
[  259.569935][T11787]  iptunnel_xmit+0x80e/0xdc0
[  259.574559][T11787]  ip_tunnel_xmit+0x2c3e/0x3320
[  259.579716][T11787]  ipgre_xmit+0xff3/0x1120
[  259.585722][T11787]  ? ipgre_close+0x240/0x240
[  259.592269][T11787]  dev_hard_start_xmit+0x51a/0xab0
[  259.597411][T11787]  __dev_queue_xmit+0x394d/0x4270
[  259.602475][T11787]  dev_queue_xmit+0x4b/0x60
[  259.606985][T11787]  ? netdev_core_pick_tx+0x4d0/0x4d0
[  259.612579][T11787]  packet_sendmsg+0x82d7/0x92e0
[  259.617448][T11787]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  259.623526][T11787]  ? aa_label_sk_perm+0x6d6/0x940
[  259.628573][T11787]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  259.634493][T11787]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  259.640650][T11787]  ? rw_copy_check_uvector+0x149/0x650
[  259.646121][T11787]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  259.652022][T11787]  ? aa_sk_perm+0x730/0xaf0
[  259.656548][T11787]  ? s2255_set_mode+0x2db/0x1a60
[  259.661508][T11787]  ? compat_packet_setsockopt+0x360/0x360
[  259.667348][T11787]  ___sys_sendmsg+0x14ff/0x1590
[  259.672300][T11787]  ? s2255_set_mode+0x1e0/0x1a60
[  259.677466][T11787]  ? kmsan_set_origin+0x6a/0xf0
[  259.682336][T11787]  ? __fget_light+0x6b1/0x710
[  259.687043][T11787]  __se_sys_sendmsg+0x305/0x460
[  259.692031][T11787]  __x64_sys_sendmsg+0x4a/0x70
[  259.696799][T11787]  do_syscall_64+0xbc/0xf0
[  259.701221][T11787]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  259.707128][T11787] RIP: 0033:0x459a09
[  259.711022][T11787] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  259.730897][T11787] RSP: 002b:00007fdcb262bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  259.739318][T11787] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a09
[  259.747293][T11787] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000005
[  259.755278][T11787] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[  259.763250][T11787] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcb262c6d4
[  259.771219][T11787] R13: 00000000004c78af R14: 00000000004dd268 R15: 00000000ffffffff
[  259.780854][T11787] Kernel Offset: disabled
[  259.785181][T11787] Rebooting in 86400 seconds..