[  112.676226] audit: type=1800 audit(1555915382.733:25): pid=11726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  112.700694] audit: type=1800 audit(1555915382.753:26): pid=11726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  112.740026] audit: type=1800 audit(1555915382.783:27): pid=11726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  114.135156] sshd (11793) used greatest stack depth: 54128 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts.
2019/04/22 06:43:16 parsed 1 programs
2019/04/22 06:43:24 executed programs: 0
syzkaller login: [  134.346378] IPVS: ftp: loaded support on port[0] = 21
[  134.448060] chnl_net:caif_netlink_parms(): no params data found
[  134.497545] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.504443] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.513507] device bridge_slave_0 entered promiscuous mode
[  134.522329] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.528857] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.537452] device bridge_slave_1 entered promiscuous mode
[  134.562280] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  134.573692] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  134.598723] team0: Port device team_slave_0 added
[  134.606629] team0: Port device team_slave_1 added
[  134.675315] device hsr_slave_0 entered promiscuous mode
[  134.722776] device hsr_slave_1 entered promiscuous mode
[  134.766645] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.773405] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.781024] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.788801] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.845192] 8021q: adding VLAN 0 to HW filter on device bond0
[  134.860861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  134.871613] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.880855] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.890209] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  134.906435] 8021q: adding VLAN 0 to HW filter on device team0
[  134.920020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  134.928734] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.935580] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.949902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  134.959106] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.966221] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.993319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  135.014413] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  135.024357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  135.033314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  135.049973] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  135.061984] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  135.070724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  135.101445] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.191620] ==================================================================
[  135.199119] BUG: KMSAN: uninit-value in gre_parse_header+0x1396/0x1690
[  135.205997] CPU: 0 PID: 11896 Comm: syz-executor.0 Not tainted 5.1.0-rc4+ #1
[  135.213216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  135.222806] Call Trace:
[  135.225397]  <IRQ>
[  135.227845]  dump_stack+0x173/0x1d0
[  135.231616]  kmsan_report+0x131/0x2a0
[  135.236271]  __msan_warning+0x7a/0xf0
[  135.241391]  gre_parse_header+0x1396/0x1690
[  135.246863]  gre_rcv+0x1c3/0x1800
[  135.250441]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  135.255926]  ? raw_local_deliver+0xfc/0x1960
[  135.260588]  ? erspan_xmit+0x3640/0x3640
[  135.264699]  ? erspan_xmit+0x3640/0x3640
[  135.268909]  gre_rcv+0x2dd/0x3c0
[  135.272729]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.278340]  ? gre_parse_header+0x1690/0x1690
[  135.283023]  ip_protocol_deliver_rcu+0x584/0xbb0
[  135.288283]  ip_local_deliver+0x624/0x7b0
[  135.293152]  ? ip_local_deliver+0x7b0/0x7b0
[  135.298452]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  135.304106]  ip_rcv+0x6bd/0x740
[  135.307646]  ? ip_rcv_core+0x11d0/0x11d0
[  135.312176]  process_backlog+0x756/0x10e0
[  135.316539]  ? ip_local_deliver_finish+0x320/0x320
[  135.321605]  ? rps_trigger_softirq+0x2e0/0x2e0
[  135.326509]  net_rx_action+0x78b/0x1a60
[  135.330727]  ? net_tx_action+0xca0/0xca0
[  135.335209]  __do_softirq+0x53f/0x93a
[  135.339737]  do_softirq_own_stack+0x49/0x80
[  135.344540]  </IRQ>
[  135.346932]  __local_bh_enable_ip+0x1a3/0x1f0
[  135.351674]  local_bh_enable+0x36/0x40
[  135.355943]  ip_finish_output2+0x1721/0x1930
[  135.360578]  ip_finish_output+0xd2b/0xfd0
[  135.365259]  ip_output+0x53f/0x610
[  135.368993]  ? ip_mc_finish_output+0x3b0/0x3b0
[  135.373589]  ? ip_finish_output+0xfd0/0xfd0
[  135.377941]  raw_sendmsg+0x41c7/0x4650
[  135.382270]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  135.387861]  ? aa_sk_perm+0x741/0xb00
[  135.391743]  ? raw_getfrag+0x640/0x640
[  135.395834]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.401412]  ? compat_raw_ioctl+0x100/0x100
[  135.406138]  inet_sendmsg+0x54a/0x720
[  135.410123]  ? inet_getname+0x490/0x490
[  135.414156]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.419539]  ? inet_getname+0x490/0x490
[  135.423644]  __sys_sendto+0x8c4/0xac0
[  135.427807]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.433373]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  135.439272]  ? prepare_exit_to_usermode+0x114/0x420
[  135.444582]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.450055]  ? syscall_return_slowpath+0x50/0x650
[  135.455224]  __se_sys_sendto+0x107/0x130
[  135.459644]  __x64_sys_sendto+0x6e/0x90
[  135.463820]  do_syscall_64+0xbc/0xf0
[  135.468178]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  135.473573] RIP: 0033:0x458c29
[  135.476966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  135.496849] RSP: 002b:00007ffd5b641cf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  135.505507] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458c29
[  135.513099] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003
[  135.520797] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120
[  135.528335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001017914
[  135.535844] R13: 00000000004c6593 R14: 00000000004daf58 R15: 00000000ffffffff
[  135.543438] 
[  135.545157] Uninit was stored to memory at:
[  135.549803]  kmsan_internal_chain_origin+0x134/0x230
[  135.555613]  kmsan_memcpy_memmove_metadata+0x989/0xd60
[  135.561175]  kmsan_memcpy_metadata+0xb/0x10
[  135.565504]  __msan_memcpy+0x58/0x70
[  135.569519]  pskb_expand_head+0x3aa/0x1a30
[  135.573929]  ip_tunnel_xmit+0x2c4e/0x3310
[  135.578180]  erspan_xmit+0x1f5e/0x3640
[  135.582298]  dev_hard_start_xmit+0x604/0xc40
[  135.586859]  sch_direct_xmit+0x58a/0x880
[  135.591125]  __qdisc_run+0x1cd7/0x34b0
[  135.595470]  __dev_queue_xmit+0x1e51/0x3ce0
[  135.600209]  dev_queue_xmit+0x4b/0x60
[  135.604127]  neigh_resolve_output+0xab7/0xb40
[  135.608739]  ip_finish_output2+0x1709/0x1930
[  135.613280]  ip_finish_output+0xd2b/0xfd0
[  135.617840]  ip_output+0x53f/0x610
[  135.621441]  raw_sendmsg+0x41c7/0x4650
[  135.625611]  inet_sendmsg+0x54a/0x720
[  135.629529]  __sys_sendto+0x8c4/0xac0
[  135.633432]  __se_sys_sendto+0x107/0x130
[  135.638004]  __x64_sys_sendto+0x6e/0x90
[  135.642484]  do_syscall_64+0xbc/0xf0
[  135.646272]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  135.651798] 
[  135.653447] Uninit was created at:
[  135.657016]  kmsan_internal_poison_shadow+0x92/0x150
[  135.662378]  kmsan_kmalloc+0xa9/0x130
[  135.666390]  kmsan_slab_alloc+0xe/0x10
[  135.670281]  __kmalloc_node_track_caller+0xead/0x1000
[  135.675482]  __alloc_skb+0x309/0xa20
[  135.679199]  alloc_skb_with_frags+0x186/0xa60
[  135.683799]  sock_alloc_send_pskb+0xafd/0x10a0
[  135.688485]  sock_alloc_send_skb+0xca/0xe0
[  135.692818]  raw_sendmsg+0x2492/0x4650
[  135.696729]  inet_sendmsg+0x54a/0x720
[  135.700599]  __sys_sendto+0x8c4/0xac0
[  135.704549]  __se_sys_sendto+0x107/0x130
[  135.708867]  __x64_sys_sendto+0x6e/0x90
[  135.712846]  do_syscall_64+0xbc/0xf0
[  135.716564]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  135.721789] ==================================================================
[  135.729150] Disabling lock debugging due to kernel taint
[  135.734591] Kernel panic - not syncing: panic_on_warn set ...
[  135.740472] CPU: 0 PID: 11896 Comm: syz-executor.0 Tainted: G    B             5.1.0-rc4+ #1
[  135.749080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  135.758423] Call Trace:
[  135.761015]  <IRQ>
[  135.763189]  dump_stack+0x173/0x1d0
[  135.766823]  panic+0x3d1/0xb01
[  135.770051]  kmsan_report+0x29a/0x2a0
[  135.773875]  __msan_warning+0x7a/0xf0
[  135.777706]  gre_parse_header+0x1396/0x1690
[  135.782068]  gre_rcv+0x1c3/0x1800
[  135.785530]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  135.790900]  ? raw_local_deliver+0xfc/0x1960
[  135.795319]  ? erspan_xmit+0x3640/0x3640
[  135.799396]  ? erspan_xmit+0x3640/0x3640
[  135.803470]  gre_rcv+0x2dd/0x3c0
[  135.806866]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.812083]  ? gre_parse_header+0x1690/0x1690
[  135.816590]  ip_protocol_deliver_rcu+0x584/0xbb0
[  135.821384]  ip_local_deliver+0x624/0x7b0
[  135.825575]  ? ip_local_deliver+0x7b0/0x7b0
[  135.829915]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  135.834845]  ip_rcv+0x6bd/0x740
[  135.838131]  ? ip_rcv_core+0x11d0/0x11d0
[  135.842205]  process_backlog+0x756/0x10e0
[  135.846394]  ? ip_local_deliver_finish+0x320/0x320
[  135.851333]  ? rps_trigger_softirq+0x2e0/0x2e0
[  135.855914]  net_rx_action+0x78b/0x1a60
[  135.859917]  ? net_tx_action+0xca0/0xca0
[  135.863991]  __do_softirq+0x53f/0x93a
[  135.867820]  do_softirq_own_stack+0x49/0x80
[  135.872131]  </IRQ>
[  135.874362]  __local_bh_enable_ip+0x1a3/0x1f0
[  135.878873]  local_bh_enable+0x36/0x40
[  135.882778]  ip_finish_output2+0x1721/0x1930
[  135.887216]  ip_finish_output+0xd2b/0xfd0
[  135.891378]  ip_output+0x53f/0x610
[  135.894951]  ? ip_mc_finish_output+0x3b0/0x3b0
[  135.899531]  ? ip_finish_output+0xfd0/0xfd0
[  135.903853]  raw_sendmsg+0x41c7/0x4650
[  135.907787]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  135.913160]  ? aa_sk_perm+0x741/0xb00
[  135.916968]  ? raw_getfrag+0x640/0x640
[  135.920851]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.926040]  ? compat_raw_ioctl+0x100/0x100
[  135.930367]  inet_sendmsg+0x54a/0x720
[  135.934177]  ? inet_getname+0x490/0x490
[  135.938149]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.943335]  ? inet_getname+0x490/0x490
[  135.947304]  __sys_sendto+0x8c4/0xac0
[  135.951144]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.956351]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  135.961810]  ? prepare_exit_to_usermode+0x114/0x420
[  135.966859]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[  135.972057]  ? syscall_return_slowpath+0x50/0x650
[  135.976901]  __se_sys_sendto+0x107/0x130
[  135.980984]  __x64_sys_sendto+0x6e/0x90
[  135.984956]  do_syscall_64+0xbc/0xf0
[  135.988666]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  135.993843] RIP: 0033:0x458c29
[  135.997061] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  136.015966] RSP: 002b:00007ffd5b641cf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  136.023683] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458c29
[  136.030977] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003
[  136.038248] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000120
[  136.045508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001017914
[  136.052788] R13: 00000000004c6593 R14: 00000000004daf58 R15: 00000000ffffffff
[  136.060951] Kernel Offset: disabled
[  136.064599] Rebooting in 86400 seconds..