[   96.879191] audit: type=1800 audit(1553324482.918:26): pid=10571 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   96.898711] audit: type=1800 audit(1553324482.938:27): pid=10571 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   98.299811] sshd (10637) used greatest stack depth: 54176 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   99.936968] sshd (10708) used greatest stack depth: 54160 bytes left

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts.
2019/03/23 07:01:36 parsed 1 programs
2019/03/23 07:01:43 executed programs: 0
syzkaller login: [  117.911187] IPVS: ftp: loaded support on port[0] = 21
[  118.001696] chnl_net:caif_netlink_parms(): no params data found
[  118.047953] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.054647] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.062254] device bridge_slave_0 entered promiscuous mode
[  118.070429] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.077053] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.084999] device bridge_slave_1 entered promiscuous mode
[  118.109063] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  118.120091] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  118.143317] team0: Port device team_slave_0 added
[  118.150655] team0: Port device team_slave_1 added
[  118.205812] device hsr_slave_0 entered promiscuous mode
[  118.243468] device hsr_slave_1 entered promiscuous mode
[  118.325564] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.332056] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.339319] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.345913] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.397277] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.410927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  118.420418] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.428821] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.437088] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  118.451785] 8021q: adding VLAN 0 to HW filter on device team0
[  118.464880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  118.473090] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.479538] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.504039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  118.512334] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.519193] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.528237] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  118.538968] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  118.552778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  118.571958] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  118.584544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  118.598576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  118.606930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  118.616135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  118.642068] 8021q: adding VLAN 0 to HW filter on device batadv0
[  118.721085] ==================================================================
[  118.728528] BUG: KMSAN: uninit-value in gre_parse_header+0x1396/0x1690
[  118.735221] CPU: 1 PID: 10742 Comm: syz-executor.0 Not tainted 5.0.0+ #16
[  118.742174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  118.751612] Call Trace:
[  118.754201]  <IRQ>
[  118.756356]  dump_stack+0x173/0x1d0
[  118.759988]  kmsan_report+0x131/0x2a0
[  118.763810]  __msan_warning+0x7a/0xf0
[  118.767621]  gre_parse_header+0x1396/0x1690
[  118.771984]  gre_rcv+0x1db/0x1720
[  118.775439]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  118.780796]  ? raw_local_deliver+0xfc/0x1960
[  118.785206]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  118.790577]  ? erspan_xmit+0x38f0/0x38f0
[  118.794633]  gre_rcv+0x2dd/0x3c0
[  118.798001]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  118.803230]  ? gre_parse_header+0x1690/0x1690
[  118.807839]  ip_protocol_deliver_rcu+0x584/0xbb0
[  118.812638]  ip_local_deliver+0x624/0x7b0
[  118.816827]  ? ip_local_deliver+0x7b0/0x7b0
[  118.821149]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  118.826089]  ip_rcv+0x6bd/0x740
[  118.829375]  ? ip_rcv_core+0x11d0/0x11d0
[  118.833447]  process_backlog+0x756/0x10e0
[  118.837614]  ? pfifo_fast_enqueue+0x760/0x760
[  118.842115]  ? ip_local_deliver_finish+0x320/0x320
[  118.847095]  ? rps_trigger_softirq+0x2e0/0x2e0
[  118.851675]  net_rx_action+0x78b/0x1a60
[  118.855667]  ? net_tx_action+0xca0/0xca0
[  118.859732]  __do_softirq+0x53f/0x93a
[  118.863543]  do_softirq_own_stack+0x49/0x80
[  118.867851]  </IRQ>
[  118.870085]  __local_bh_enable_ip+0x16f/0x1a0
[  118.874587]  local_bh_enable+0x36/0x40
[  118.878476]  ip_finish_output2+0x1627/0x1820
[  118.882903]  ip_finish_output+0xd2b/0xfd0
[  118.887062]  ip_mc_output+0x117a/0x1700
[  118.891049]  ? ip_mc_finish_output+0x3b0/0x3b0
[  118.895645]  ? ip_build_and_send_pkt+0xe80/0xe80
[  118.900480]  raw_sendmsg+0x4182/0x4610
[  118.904398]  ? aa_sk_perm+0x605/0x950
[  118.908215]  ? raw_getfrag+0x590/0x590
[  118.912104]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  118.917289]  ? compat_raw_ioctl+0x100/0x100
[  118.921603]  inet_sendmsg+0x54a/0x720
[  118.925401]  ? inet_getname+0x490/0x490
[  118.929404]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  118.934617]  ? inet_getname+0x490/0x490
[  118.938603]  __sys_sendto+0x8c4/0xac0
[  118.942419]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  118.947606]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  118.953059]  ? prepare_exit_to_usermode+0x114/0x420
[  118.958080]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  118.963265]  ? syscall_return_slowpath+0x50/0x650
[  118.968119]  __se_sys_sendto+0x107/0x130
[  118.972211]  __x64_sys_sendto+0x6e/0x90
[  118.976204]  do_syscall_64+0xbc/0xf0
[  118.979921]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  118.985101] RIP: 0033:0x458209
[  118.988286] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  119.007300] RSP: 002b:00007ffed8599138 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  119.015010] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458209
[  119.022280] RDX: 0000000000000370 RSI: 00000000200000c0 RDI: 0000000000000003
[  119.029570] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  119.036837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001b98914
[  119.044105] R13: 00000000004c58b8 R14: 00000000004d9838 R15: 00000000ffffffff
[  119.051383] 
[  119.053008] Uninit was stored to memory at:
[  119.063889]  kmsan_internal_chain_origin+0x134/0x230
[  119.069008]  kmsan_memcpy_memmove_metadata+0xb5b/0xfe0
[  119.074284]  kmsan_memcpy_metadata+0xb/0x10
[  119.078600]  __msan_memcpy+0x58/0x70
[  119.082312]  pskb_expand_head+0x34c/0x18f0
[  119.086554]  ip_tunnel_xmit+0x3290/0x3ca0
[  119.090746]  erspan_xmit+0x27c7/0x38f0
[  119.094642]  dev_hard_start_xmit+0x604/0xc40
[  119.099052]  sch_direct_xmit+0x58a/0x880
[  119.103107]  __qdisc_run+0x1cb7/0x34d0
[  119.106986]  __dev_queue_xmit+0x215c/0x3b80
[  119.111300]  dev_queue_xmit+0x4b/0x60
[  119.115093]  neigh_resolve_output+0xab7/0xb40
[  119.119578]  ip_finish_output2+0x1611/0x1820
[  119.123989]  ip_finish_output+0xd2b/0xfd0
[  119.128158]  ip_mc_output+0x117a/0x1700
[  119.132135]  raw_sendmsg+0x4182/0x4610
[  119.136042]  inet_sendmsg+0x54a/0x720
[  119.139879]  __sys_sendto+0x8c4/0xac0
[  119.143672]  __se_sys_sendto+0x107/0x130
[  119.147752]  __x64_sys_sendto+0x6e/0x90
[  119.151733]  do_syscall_64+0xbc/0xf0
[  119.155461]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  119.160634] 
[  119.162247] Uninit was created at:
[  119.165782]  kmsan_internal_poison_shadow+0x92/0x150
[  119.170890]  kmsan_kmalloc+0xa6/0x130
[  119.174701]  kmsan_slab_alloc+0xe/0x10
[  119.178601]  __kmalloc_node_track_caller+0xe9e/0xff0
[  119.183694]  __alloc_skb+0x309/0xa20
[  119.187411]  alloc_skb_with_frags+0x186/0xa60
[  119.191913]  sock_alloc_send_pskb+0xafd/0x10a0
[  119.196498]  sock_alloc_send_skb+0xca/0xe0
[  119.200734]  raw_sendmsg+0x25f5/0x4610
[  119.204624]  inet_sendmsg+0x54a/0x720
[  119.208430]  __sys_sendto+0x8c4/0xac0
[  119.212220]  __se_sys_sendto+0x107/0x130
[  119.216275]  __x64_sys_sendto+0x6e/0x90
[  119.220251]  do_syscall_64+0xbc/0xf0
[  119.223976]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  119.229150] ==================================================================
[  119.236513] Disabling lock debugging due to kernel taint
[  119.241958] Kernel panic - not syncing: panic_on_warn set ...
[  119.247851] CPU: 1 PID: 10742 Comm: syz-executor.0 Tainted: G    B             5.0.0+ #16
[  119.256182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  119.265528] Call Trace:
[  119.268129]  <IRQ>
[  119.270280]  dump_stack+0x173/0x1d0
[  119.273913]  panic+0x3d1/0xb01
[  119.277130]  kmsan_report+0x29a/0x2a0
[  119.280935]  __msan_warning+0x7a/0xf0
[  119.284740]  gre_parse_header+0x1396/0x1690
[  119.289083]  gre_rcv+0x1db/0x1720
[  119.292545]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  119.297914]  ? raw_local_deliver+0xfc/0x1960
[  119.302324]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  119.307747]  ? erspan_xmit+0x38f0/0x38f0
[  119.311833]  gre_rcv+0x2dd/0x3c0
[  119.315203]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  119.320403]  ? gre_parse_header+0x1690/0x1690
[  119.324910]  ip_protocol_deliver_rcu+0x584/0xbb0
[  119.329673]  ip_local_deliver+0x624/0x7b0
[  119.333828]  ? ip_local_deliver+0x7b0/0x7b0
[  119.338151]  ? ip_protocol_deliver_rcu+0xbb0/0xbb0
[  119.343089]  ip_rcv+0x6bd/0x740
[  119.346387]  ? ip_rcv_core+0x11d0/0x11d0
[  119.350446]  process_backlog+0x756/0x10e0
[  119.354591]  ? pfifo_fast_enqueue+0x760/0x760
[  119.359107]  ? ip_local_deliver_finish+0x320/0x320
[  119.364066]  ? rps_trigger_softirq+0x2e0/0x2e0
[  119.368646]  net_rx_action+0x78b/0x1a60
[  119.372662]  ? net_tx_action+0xca0/0xca0
[  119.376735]  __do_softirq+0x53f/0x93a
[  119.380544]  do_softirq_own_stack+0x49/0x80
[  119.384855]  </IRQ>
[  119.387089]  __local_bh_enable_ip+0x16f/0x1a0
[  119.391586]  local_bh_enable+0x36/0x40
[  119.395474]  ip_finish_output2+0x1627/0x1820
[  119.399909]  ip_finish_output+0xd2b/0xfd0
[  119.404067]  ip_mc_output+0x117a/0x1700
[  119.408055]  ? ip_mc_finish_output+0x3b0/0x3b0
[  119.412648]  ? ip_build_and_send_pkt+0xe80/0xe80
[  119.417431]  raw_sendmsg+0x4182/0x4610
[  119.421378]  ? aa_sk_perm+0x605/0x950
[  119.425212]  ? raw_getfrag+0x590/0x590
[  119.429105]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  119.434313]  ? compat_raw_ioctl+0x100/0x100
[  119.438637]  inet_sendmsg+0x54a/0x720
[  119.442447]  ? inet_getname+0x490/0x490
[  119.446430]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  119.451615]  ? inet_getname+0x490/0x490
[  119.455591]  __sys_sendto+0x8c4/0xac0
[  119.459409]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  119.464596]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  119.470040]  ? prepare_exit_to_usermode+0x114/0x420
[  119.475047]  ? kmsan_get_shadow_origin_ptr+0x73/0x490
[  119.480242]  ? syscall_return_slowpath+0x50/0x650
[  119.485099]  __se_sys_sendto+0x107/0x130
[  119.489172]  __x64_sys_sendto+0x6e/0x90
[  119.493156]  do_syscall_64+0xbc/0xf0
[  119.496893]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  119.502260] RIP: 0033:0x458209
[  119.505441] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  119.524337] RSP: 002b:00007ffed8599138 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  119.532058] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000458209
[  119.539336] RDX: 0000000000000370 RSI: 00000000200000c0 RDI: 0000000000000003
[  119.546599] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  119.553885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001b98914
[  119.561336] R13: 00000000004c58b8 R14: 00000000004d9838 R15: 00000000ffffffff
[  119.569362] Kernel Offset: disabled
[  119.572997] Rebooting in 86400 seconds..