[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  102.576232] audit: type=1800 audit(1555363799.639:25): pid=10786 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  102.600825] audit: type=1800 audit(1555363799.659:26): pid=10786 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  102.640219] audit: type=1800 audit(1555363799.689:27): pid=10786 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts.
2019/04/15 21:30:17 parsed 1 programs
2019/04/15 21:30:24 executed programs: 0
syzkaller login: [  127.748944] IPVS: ftp: loaded support on port[0] = 21
[  127.843440] chnl_net:caif_netlink_parms(): no params data found
[  127.890502] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.897068] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.905233] device bridge_slave_0 entered promiscuous mode
[  127.913819] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.920340] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.928456] device bridge_slave_1 entered promiscuous mode
[  127.952420] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  127.963306] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  127.987230] team0: Port device team_slave_0 added
[  127.994725] team0: Port device team_slave_1 added
[  128.065142] device hsr_slave_0 entered promiscuous mode
[  128.102505] device hsr_slave_1 entered promiscuous mode
[  128.155223] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.161941] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.168968] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.175655] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.229471] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.244436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.253815] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.261857] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.270003] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  128.284999] 8021q: adding VLAN 0 to HW filter on device team0
[  128.298030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.306554] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.313169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.334484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.343238] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.349814] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.365073] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  128.374845] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  128.397283] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  128.407980] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  128.423971] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  128.432839] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  128.440888] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  128.450502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  128.477171] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.562626] ==================================================================
[  128.570086] BUG: KMSAN: uninit-value in gre_parse_header+0x1396/0x1690
[  128.576793] CPU: 1 PID: 10957 Comm: syz-executor.0 Not tainted 5.1.0-rc4+ #1
[  128.584380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  128.593855] Call Trace:
[  128.596453]  <IRQ>
[  128.598628]  dump_stack+0x173/0x1d0
[  128.602299]  kmsan_report+0x131/0x2a0
[  128.606156]  __msan_warning+0x7a/0xf0
[  128.610000]  gre_parse_header+0x1396/0x1690
[  128.614389]  gre_rcv+0x1c3/0x1800
[  128.617910]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  128.623297]  ? raw_local_deliver+0xfc/0x1960
[  128.627785]  ? erspan_xmit+0x3640/0x3640
[  128.631892]  ? erspan_xmit+0x3640/0x3640
[  128.635962]  gre_rcv+0x2dd/0x3c0
[  128.639364]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  128.644610]  ? gre_parse_header+0x1690/0x1690
[  128.649225]  ip_protocol_deliver_rcu+0x584/0xbb0
[  128.654011]  ip_local_deliver+0x624/0x7b0
[  128.658207]  ? ip_local_deliver+0x7b0/0x7b0
[  128.662584]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  128.667514]  ip_rcv+0x6bd/0x740
[  128.670801]  ? ip_rcv_core+0x11d0/0x11d0
[  128.674888]  process_backlog+0x756/0x10e0
[  128.679033]  ? pfifo_fast_enqueue+0x730/0x730
[  128.683556]  ? ip_local_deliver_finish+0x320/0x320
[  128.688504]  ? rps_trigger_softirq+0x2e0/0x2e0
[  128.693084]  net_rx_action+0x78b/0x1a60
[  128.697236]  ? net_tx_action+0xca0/0xca0
[  128.701303]  __do_softirq+0x53f/0x93a
[  128.705116]  do_softirq_own_stack+0x49/0x80
[  128.709437]  </IRQ>
[  128.711706]  __local_bh_enable_ip+0x1a3/0x1f0
[  128.716228]  local_bh_enable+0x36/0x40
[  128.720145]  ip_finish_output2+0x1721/0x1930
[  128.724579]  ip_finish_output+0xd2b/0xfd0
[  128.728771]  ip_output+0x53f/0x610
[  128.732345]  ? ip_mc_finish_output+0x3b0/0x3b0
[  128.736946]  ? ip_finish_output+0xfd0/0xfd0
[  128.741280]  raw_sendmsg+0x41c7/0x4650
[  128.745235]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  128.750624]  ? aa_sk_perm+0x741/0xb00
[  128.754471]  ? raw_getfrag+0x640/0x640
[  128.758392]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  128.763626]  ? compat_raw_ioctl+0x100/0x100
[  128.767974]  inet_sendmsg+0x54a/0x720
[  128.771799]  ? inet_getname+0x490/0x490
[  128.775803]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  128.781021]  ? inet_getname+0x490/0x490
[  128.785019]  __sys_sendto+0x8c4/0xac0
[  128.788885]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  128.794092]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  128.799566]  ? prepare_exit_to_usermode+0x114/0x420
[  128.804611]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  128.809824]  ? syscall_return_slowpath+0x50/0x650
[  128.814715]  __se_sys_sendto+0x107/0x130
[  128.818800]  __x64_sys_sendto+0x6e/0x90
[  128.822781]  do_syscall_64+0xbc/0xf0
[  128.826532]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  128.831744] RIP: 0033:0x458c29
[  128.834951] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  128.853938] RSP: 002b:00007ffc5ed63748 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  128.861657] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458c29
[  128.869410] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003
[  128.876832] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120
[  128.884228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000002110914
[  128.891515] R13: 00000000004c6593 R14: 00000000004daf58 R15: 00000000ffffffff
[  128.898795] 
[  128.900415] Uninit was stored to memory at:
[  128.904737]  kmsan_internal_chain_origin+0x134/0x230
[  128.909844]  kmsan_memcpy_memmove_metadata+0x989/0xd60
[  128.915123]  kmsan_memcpy_metadata+0xb/0x10
[  128.919445]  __msan_memcpy+0x58/0x70
[  128.923158]  pskb_expand_head+0x3aa/0x1a30
[  128.927426]  ip_tunnel_xmit+0x2c4e/0x3310
[  128.931720]  erspan_xmit+0x1f5e/0x3640
[  128.935798]  dev_hard_start_xmit+0x604/0xc40
[  128.940293]  sch_direct_xmit+0x58a/0x880
[  128.944376]  __qdisc_run+0x1cd7/0x34b0
[  128.948265]  __dev_queue_xmit+0x1e51/0x3ce0
[  128.952589]  dev_queue_xmit+0x4b/0x60
[  128.956394]  neigh_resolve_output+0xab7/0xb40
[  128.960892]  ip_finish_output2+0x1709/0x1930
[  128.965390]  ip_finish_output+0xd2b/0xfd0
[  128.969750]  ip_output+0x53f/0x610
[  128.973374]  raw_sendmsg+0x41c7/0x4650
[  128.977272]  inet_sendmsg+0x54a/0x720
[  128.981071]  __sys_sendto+0x8c4/0xac0
[  128.984986]  __se_sys_sendto+0x107/0x130
[  128.989053]  __x64_sys_sendto+0x6e/0x90
[  128.993174]  do_syscall_64+0xbc/0xf0
[  128.996925]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  129.002128] 
[  129.003756] Uninit was created at:
[  129.007301]  kmsan_internal_poison_shadow+0x92/0x150
[  129.012431]  kmsan_kmalloc+0xa9/0x130
[  129.016255]  kmsan_slab_alloc+0xe/0x10
[  129.020144]  __kmalloc_node_track_caller+0xead/0x1000
[  129.025371]  __alloc_skb+0x309/0xa20
[  129.029085]  alloc_skb_with_frags+0x186/0xa60
[  129.033586]  sock_alloc_send_pskb+0xafd/0x10a0
[  129.038304]  sock_alloc_send_skb+0xca/0xe0
[  129.042558]  raw_sendmsg+0x2492/0x4650
[  129.046484]  inet_sendmsg+0x54a/0x720
[  129.050316]  __sys_sendto+0x8c4/0xac0
[  129.054140]  __se_sys_sendto+0x107/0x130
[  129.058231]  __x64_sys_sendto+0x6e/0x90
[  129.062238]  do_syscall_64+0xbc/0xf0
[  129.066067]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  129.071296] ==================================================================
[  129.078669] Disabling lock debugging due to kernel taint
[  129.086603] Kernel panic - not syncing: panic_on_warn set ...
[  129.092540] CPU: 1 PID: 10957 Comm: syz-executor.0 Tainted: G    B             5.1.0-rc4+ #1
[  129.101111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  129.110589] Call Trace:
[  129.113199]  <IRQ>
[  129.115357]  dump_stack+0x173/0x1d0
[  129.118989]  panic+0x3d1/0xb01
[  129.122242]  kmsan_report+0x29a/0x2a0
[  129.127237]  __msan_warning+0x7a/0xf0
[  129.131061]  gre_parse_header+0x1396/0x1690
[  129.135430]  gre_rcv+0x1c3/0x1800
[  129.138888]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  129.144343]  ? raw_local_deliver+0xfc/0x1960
[  129.148782]  ? erspan_xmit+0x3640/0x3640
[  129.152960]  ? erspan_xmit+0x3640/0x3640
[  129.157132]  gre_rcv+0x2dd/0x3c0
[  129.160544]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  129.165756]  ? gre_parse_header+0x1690/0x1690
[  129.170254]  ip_protocol_deliver_rcu+0x584/0xbb0
[  129.175041]  ip_local_deliver+0x624/0x7b0
[  129.179228]  ? ip_local_deliver+0x7b0/0x7b0
[  129.183549]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  129.188483]  ip_rcv+0x6bd/0x740
[  129.191793]  ? ip_rcv_core+0x11d0/0x11d0
[  129.195893]  process_backlog+0x756/0x10e0
[  129.200064]  ? pfifo_fast_enqueue+0x730/0x730
[  129.204604]  ? ip_local_deliver_finish+0x320/0x320
[  129.209584]  ? rps_trigger_softirq+0x2e0/0x2e0
[  129.214214]  net_rx_action+0x78b/0x1a60
[  129.218227]  ? net_tx_action+0xca0/0xca0
[  129.222295]  __do_softirq+0x53f/0x93a
[  129.226113]  do_softirq_own_stack+0x49/0x80
[  129.230425]  </IRQ>
[  129.233485]  __local_bh_enable_ip+0x1a3/0x1f0
[  129.237985]  local_bh_enable+0x36/0x40
[  129.241967]  ip_finish_output2+0x1721/0x1930
[  129.246402]  ip_finish_output+0xd2b/0xfd0
[  129.250570]  ip_output+0x53f/0x610
[  129.254121]  ? ip_mc_finish_output+0x3b0/0x3b0
[  129.259014]  ? ip_finish_output+0xfd0/0xfd0
[  129.264029]  raw_sendmsg+0x41c7/0x4650
[  129.267993]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  129.273398]  ? aa_sk_perm+0x741/0xb00
[  129.277239]  ? raw_getfrag+0x640/0x640
[  129.281144]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  129.286341]  ? compat_raw_ioctl+0x100/0x100
[  129.290662]  inet_sendmsg+0x54a/0x720
[  129.294462]  ? inet_getname+0x490/0x490
[  129.298439]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  129.303625]  ? inet_getname+0x490/0x490
[  129.307606]  __sys_sendto+0x8c4/0xac0
[  129.311442]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  129.316648]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  129.322094]  ? prepare_exit_to_usermode+0x114/0x420
[  129.327105]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  129.332317]  ? syscall_return_slowpath+0x50/0x650
[  129.337180]  __se_sys_sendto+0x107/0x130
[  129.341264]  __x64_sys_sendto+0x6e/0x90
[  129.345259]  do_syscall_64+0xbc/0xf0
[  129.349008]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  129.354200] RIP: 0033:0x458c29
[  129.357392] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  129.376295] RSP: 002b:00007ffc5ed63748 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  129.384017] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458c29
[  129.391301] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003
[  129.398581] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120
[  129.406123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000002110914
[  129.413408] R13: 00000000004c6593 R14: 00000000004daf58 R15: 00000000ffffffff
[  129.421353] Kernel Offset: disabled
[  129.425104] Rebooting in 86400 seconds..