[  107.172612] audit: type=1800 audit(1555659181.229:25): pid=11490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  107.212102] audit: type=1800 audit(1555659181.249:26): pid=11490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  107.231689] audit: type=1800 audit(1555659181.259:27): pid=11490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  108.600002] sshd (11557) used greatest stack depth: 54128 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts.
2019/04/19 07:33:17 parsed 1 programs
2019/04/19 07:33:24 executed programs: 0
syzkaller login: [  131.122182] IPVS: ftp: loaded support on port[0] = 21
[  131.216221] chnl_net:caif_netlink_parms(): no params data found
[  131.263477] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.269971] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.277959] device bridge_slave_0 entered promiscuous mode
[  131.285719] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.292440] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.299861] device bridge_slave_1 entered promiscuous mode
[  131.323532] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  131.334233] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  131.357294] team0: Port device team_slave_0 added
[  131.364609] team0: Port device team_slave_1 added
[  131.435418] device hsr_slave_0 entered promiscuous mode
[  131.472248] device hsr_slave_1 entered promiscuous mode
[  131.525087] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.531695] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.538873] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.545552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.598542] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.614101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.623443] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.631293] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.640219] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  131.655628] 8021q: adding VLAN 0 to HW filter on device team0
[  131.667724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.675669] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.682278] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.694809] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.702976] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.709513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.736129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  131.752730] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  131.761248] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  131.777034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  131.791267] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  131.803083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  131.814067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  131.841033] 8021q: adding VLAN 0 to HW filter on device batadv0
[  131.925008] ==================================================================
[  131.932936] BUG: KMSAN: uninit-value in gre_parse_header+0x1396/0x1690
[  131.939620] CPU: 0 PID: 11660 Comm: syz-executor.0 Not tainted 5.1.0-rc4+ #1
[  131.946816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  131.956194] Call Trace:
[  131.958783]  <IRQ>
[  131.960939]  dump_stack+0x173/0x1d0
[  131.964631]  kmsan_report+0x131/0x2a0
[  131.968443]  __msan_warning+0x7a/0xf0
[  131.972266]  gre_parse_header+0x1396/0x1690
[  131.976613]  gre_rcv+0x1c3/0x1800
[  131.980082]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  131.985453]  ? raw_local_deliver+0xfc/0x1960
[  131.989876]  ? erspan_xmit+0x3640/0x3640
[  131.993947]  ? erspan_xmit+0x3640/0x3640
[  131.998002]  gre_rcv+0x2dd/0x3c0
[  132.001374]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.006557]  ? gre_parse_header+0x1690/0x1690
[  132.011094]  ip_protocol_deliver_rcu+0x584/0xbb0
[  132.015892]  ip_local_deliver+0x624/0x7b0
[  132.020050]  ? ip_local_deliver+0x7b0/0x7b0
[  132.024364]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  132.029290]  ip_rcv+0x6bd/0x740
[  132.032606]  ? ip_rcv_core+0x11d0/0x11d0
[  132.036684]  process_backlog+0x756/0x10e0
[  132.040832]  ? lapic_next_event+0x6f/0xa0
[  132.044994]  ? ip_local_deliver_finish+0x320/0x320
[  132.049929]  ? rps_trigger_softirq+0x2e0/0x2e0
[  132.054520]  net_rx_action+0x78b/0x1a60
[  132.058513]  ? net_tx_action+0xca0/0xca0
[  132.062572]  __do_softirq+0x53f/0x93a
[  132.066383]  do_softirq_own_stack+0x49/0x80
[  132.070693]  </IRQ>
[  132.072932]  __local_bh_enable_ip+0x1a3/0x1f0
[  132.077433]  local_bh_enable+0x36/0x40
[  132.081319]  ip_finish_output2+0x1721/0x1930
[  132.085771]  ip_finish_output+0xd2b/0xfd0
[  132.089944]  ip_output+0x53f/0x610
[  132.093490]  ? ip_mc_finish_output+0x3b0/0x3b0
[  132.098068]  ? ip_finish_output+0xfd0/0xfd0
[  132.102384]  raw_sendmsg+0x41c7/0x4650
[  132.106328]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  132.111683]  ? aa_sk_perm+0x741/0xb00
[  132.115493]  ? raw_getfrag+0x640/0x640
[  132.119391]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.124612]  ? compat_raw_ioctl+0x100/0x100
[  132.128944]  inet_sendmsg+0x54a/0x720
[  132.132757]  ? inet_getname+0x490/0x490
[  132.136759]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.142072]  ? inet_getname+0x490/0x490
[  132.146053]  __sys_sendto+0x8c4/0xac0
[  132.149918]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.155164]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  132.160632]  ? prepare_exit_to_usermode+0x114/0x420
[  132.165644]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.170848]  ? syscall_return_slowpath+0x50/0x650
[  132.175704]  __se_sys_sendto+0x107/0x130
[  132.179785]  __x64_sys_sendto+0x6e/0x90
[  132.183763]  do_syscall_64+0xbc/0xf0
[  132.187490]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  132.192695] RIP: 0033:0x458c29
[  132.195877] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  132.214772] RSP: 002b:00007ffd49e9d9a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  132.222476] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458c29
[  132.229772] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003
[  132.237042] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120
[  132.244304] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000021ed914
[  132.251562] R13: 00000000004c6593 R14: 00000000004daf58 R15: 00000000ffffffff
[  132.258843] 
[  132.260456] Uninit was stored to memory at:
[  132.264786]  kmsan_internal_chain_origin+0x134/0x230
[  132.269891]  kmsan_memcpy_memmove_metadata+0x989/0xd60
[  132.275164]  kmsan_memcpy_metadata+0xb/0x10
[  132.279487]  __msan_memcpy+0x58/0x70
[  132.283190]  pskb_expand_head+0x3aa/0x1a30
[  132.287419]  ip_tunnel_xmit+0x2c4e/0x3310
[  132.291559]  erspan_xmit+0x1f5e/0x3640
[  132.295463]  dev_hard_start_xmit+0x604/0xc40
[  132.299873]  sch_direct_xmit+0x58a/0x880
[  132.303940]  __qdisc_run+0x1cd7/0x34b0
[  132.307827]  __dev_queue_xmit+0x1e51/0x3ce0
[  132.312151]  dev_queue_xmit+0x4b/0x60
[  132.315949]  neigh_resolve_output+0xab7/0xb40
[  132.320433]  ip_finish_output2+0x1709/0x1930
[  132.324850]  ip_finish_output+0xd2b/0xfd0
[  132.329003]  ip_output+0x53f/0x610
[  132.332542]  raw_sendmsg+0x41c7/0x4650
[  132.336432]  inet_sendmsg+0x54a/0x720
[  132.340233]  __sys_sendto+0x8c4/0xac0
[  132.344037]  __se_sys_sendto+0x107/0x130
[  132.348087]  __x64_sys_sendto+0x6e/0x90
[  132.352063]  do_syscall_64+0xbc/0xf0
[  132.355819]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  132.361015] 
[  132.362657] Uninit was created at:
[  132.366203]  kmsan_internal_poison_shadow+0x92/0x150
[  132.371296]  kmsan_kmalloc+0xa9/0x130
[  132.375110]  kmsan_slab_alloc+0xe/0x10
[  132.379009]  __kmalloc_node_track_caller+0xead/0x1000
[  132.384207]  __alloc_skb+0x309/0xa20
[  132.387936]  alloc_skb_with_frags+0x186/0xa60
[  132.392431]  sock_alloc_send_pskb+0xafd/0x10a0
[  132.397031]  sock_alloc_send_skb+0xca/0xe0
[  132.401272]  raw_sendmsg+0x2492/0x4650
[  132.405190]  inet_sendmsg+0x54a/0x720
[  132.408982]  __sys_sendto+0x8c4/0xac0
[  132.412781]  __se_sys_sendto+0x107/0x130
[  132.416871]  __x64_sys_sendto+0x6e/0x90
[  132.420848]  do_syscall_64+0xbc/0xf0
[  132.424558]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  132.429730] ==================================================================
[  132.437078] Disabling lock debugging due to kernel taint
[  132.442537] Kernel panic - not syncing: panic_on_warn set ...
[  132.448418] CPU: 0 PID: 11660 Comm: syz-executor.0 Tainted: G    B             5.1.0-rc4+ #1
[  132.456977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  132.466324] Call Trace:
[  132.468905]  <IRQ>
[  132.471070]  dump_stack+0x173/0x1d0
[  132.474735]  panic+0x3d1/0xb01
[  132.477956]  kmsan_report+0x29a/0x2a0
[  132.481777]  __msan_warning+0x7a/0xf0
[  132.485591]  gre_parse_header+0x1396/0x1690
[  132.489952]  gre_rcv+0x1c3/0x1800
[  132.493438]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  132.498814]  ? raw_local_deliver+0xfc/0x1960
[  132.503254]  ? erspan_xmit+0x3640/0x3640
[  132.507331]  ? erspan_xmit+0x3640/0x3640
[  132.511394]  gre_rcv+0x2dd/0x3c0
[  132.514753]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.519938]  ? gre_parse_header+0x1690/0x1690
[  132.524430]  ip_protocol_deliver_rcu+0x584/0xbb0
[  132.529199]  ip_local_deliver+0x624/0x7b0
[  132.533358]  ? ip_local_deliver+0x7b0/0x7b0
[  132.537679]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  132.542639]  ip_rcv+0x6bd/0x740
[  132.545946]  ? ip_rcv_core+0x11d0/0x11d0
[  132.550037]  process_backlog+0x756/0x10e0
[  132.554198]  ? lapic_next_event+0x6f/0xa0
[  132.558364]  ? ip_local_deliver_finish+0x320/0x320
[  132.563298]  ? rps_trigger_softirq+0x2e0/0x2e0
[  132.567878]  net_rx_action+0x78b/0x1a60
[  132.571905]  ? net_tx_action+0xca0/0xca0
[  132.575987]  __do_softirq+0x53f/0x93a
[  132.579796]  do_softirq_own_stack+0x49/0x80
[  132.584102]  </IRQ>
[  132.586337]  __local_bh_enable_ip+0x1a3/0x1f0
[  132.590860]  local_bh_enable+0x36/0x40
[  132.594751]  ip_finish_output2+0x1721/0x1930
[  132.599202]  ip_finish_output+0xd2b/0xfd0
[  132.603363]  ip_output+0x53f/0x610
[  132.606917]  ? ip_mc_finish_output+0x3b0/0x3b0
[  132.611495]  ? ip_finish_output+0xfd0/0xfd0
[  132.615809]  raw_sendmsg+0x41c7/0x4650
[  132.619758]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  132.625115]  ? aa_sk_perm+0x741/0xb00
[  132.628951]  ? raw_getfrag+0x640/0x640
[  132.632844]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.638033]  ? compat_raw_ioctl+0x100/0x100
[  132.642363]  inet_sendmsg+0x54a/0x720
[  132.646205]  ? inet_getname+0x490/0x490
[  132.650191]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.655388]  ? inet_getname+0x490/0x490
[  132.659371]  __sys_sendto+0x8c4/0xac0
[  132.663193]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.668386]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  132.673872]  ? prepare_exit_to_usermode+0x114/0x420
[  132.678895]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  132.684098]  ? syscall_return_slowpath+0x50/0x650
[  132.688940]  __se_sys_sendto+0x107/0x130
[  132.693040]  __x64_sys_sendto+0x6e/0x90
[  132.697053]  do_syscall_64+0xbc/0xf0
[  132.700765]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  132.705961] RIP: 0033:0x458c29
[  132.709166] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  132.728057] RSP: 002b:00007ffd49e9d9a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  132.735753] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458c29
[  132.743013] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003
[  132.750283] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120
[  132.757549] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000021ed914
[  132.764806] R13: 00000000004c6593 R14: 00000000004daf58 R15: 00000000ffffffff
[  132.772940] Kernel Offset: disabled
[  132.776568] Rebooting in 86400 seconds..