[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 86.619130] audit: type=1800 audit(1546173129.679:25): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 86.638371] audit: type=1800 audit(1546173129.679:26): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 86.657810] audit: type=1800 audit(1546173129.699:27): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. 2018/12/30 12:32:23 fuzzer started 2018/12/30 12:32:28 dialing manager at 10.128.0.26:38305 2018/12/30 12:32:28 syscalls: 1 2018/12/30 12:32:28 code coverage: enabled 2018/12/30 12:32:28 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 12:32:28 setuid sandbox: enabled 2018/12/30 12:32:28 namespace sandbox: enabled 2018/12/30 12:32:28 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 12:32:28 fault injection: enabled 2018/12/30 12:32:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 12:32:28 net packet injection: enabled 2018/12/30 12:32:28 net device setup: enabled 12:32:31 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r1, &(0x7f00000040c0), 0x1000) read$FUSE(r1, &(0x7f0000002000), 0x1000) write$FUSE_INTERRUPT(r1, &(0x7f0000000240)={0x10, 0x0, 0x2}, 0x10) llistxattr(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write$FUSE_GETXATTR(r1, &(0x7f00000002c0)={0x18, 0x0, 0x4}, 0x18) syzkaller login: [ 108.872387] IPVS: ftp: loaded support on port[0] = 21 [ 109.024501] chnl_net:caif_netlink_parms(): no params data found [ 109.092201] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.098744] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.107182] device bridge_slave_0 entered promiscuous mode [ 109.117239] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.123811] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.132202] device bridge_slave_1 entered promiscuous mode [ 109.167384] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 109.178871] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 109.210056] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 109.218761] team0: Port device team_slave_0 added [ 109.226310] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 109.234909] team0: Port device team_slave_1 added [ 109.241031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 109.250665] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 109.396781] device hsr_slave_0 entered promiscuous mode [ 109.652495] device hsr_slave_1 entered promiscuous mode [ 109.923604] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 109.931075] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 109.959963] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.966547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.973815] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.980357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.003766] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.014133] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.100994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.114614] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 110.126666] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 110.133720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 110.141447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 110.154492] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 110.160605] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.173771] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 110.181371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.190304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.199867] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.206452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.220333] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 110.227564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 110.236428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 110.244966] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.251450] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.266820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 110.279262] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 110.286569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 110.295682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 110.310889] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 110.319646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 110.328607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.343770] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 110.356604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 110.364617] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 110.372718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 110.381580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 110.390511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 110.399949] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 110.415000] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 110.422011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 110.430539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.444115] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 110.450212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 110.479379] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 110.500357] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.562032] ================================================================== [ 110.569459] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 110.577014] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16 [ 110.583594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.592950] Call Trace: [ 110.595542] [ 110.597719] dump_stack+0x173/0x1d0 [ 110.601379] kmsan_report+0x12e/0x2a0 [ 110.605225] __msan_warning+0x82/0xf0 [ 110.609055] send_hsr_supervision_frame+0x1056/0x1510 [ 110.614304] hsr_announce+0x14c/0x3a0 [ 110.618145] call_timer_fn+0x285/0x600 [ 110.622066] ? hsr_dev_finalize+0xb90/0xb90 [ 110.626421] __run_timers+0xdb4/0x11d0 [ 110.630332] ? hsr_dev_finalize+0xb90/0xb90 [ 110.634695] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 110.640180] ? irqtime_account_irq+0xcf/0x2e0 [ 110.644707] ? timers_dead_cpu+0xa50/0xa50 [ 110.648962] run_timer_softirq+0x2e/0x50 [ 110.653044] __do_softirq+0x53f/0x93a [ 110.656884] irq_exit+0x214/0x250 [ 110.660356] exiting_irq+0xe/0x10 [ 110.663826] smp_apic_timer_interrupt+0x48/0x70 [ 110.668511] apic_timer_interrupt+0x2e/0x40 [ 110.672839] [ 110.675097] RIP: 0010:default_idle+0x27e/0x4e0 [ 110.679690] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 110.698604] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 110.706328] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 110.713611] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 110.720898] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 110.728189] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 110.735482] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 110.742789] ? __cpuidle_text_start+0x8/0x8 [ 110.747167] ? default_idle+0x6e/0x4e0 [ 110.751076] ? __cpuidle_text_start+0x8/0x8 [ 110.755414] ? __cpuidle_text_start+0x8/0x8 [ 110.759760] arch_cpu_idle+0x26/0x30 [ 110.763494] do_idle+0x22d/0x800 [ 110.766890] cpu_startup_entry+0x45/0x50 [ 110.770973] rest_init+0x1c1/0x1f0 [ 110.774542] arch_call_rest_init+0x13/0x15 [ 110.778803] start_kernel+0x9d7/0xbb1 [ 110.782636] x86_64_start_reservations+0x19/0x2f [ 110.787413] x86_64_start_kernel+0x84/0x87 [ 110.791665] secondary_startup_64+0xa4/0xb0 [ 110.796014] [ 110.797644] Uninit was created at: [ 110.801214] kmsan_save_stack_with_flags+0x7a/0x130 [ 110.806246] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 110.812065] kmsan_alloc_page+0x7e/0x100 [ 110.816137] __alloc_pages_nodemask+0x1587/0x5f20 [ 110.820996] page_frag_alloc+0x3c1/0x980 [ 110.825071] __netdev_alloc_skb+0x1f1/0xa50 [ 110.829402] send_hsr_supervision_frame+0x168/0x1510 [ 110.834519] hsr_announce+0x14c/0x3a0 [ 110.838336] call_timer_fn+0x285/0x600 [ 110.842236] __run_timers+0xdb4/0x11d0 [ 110.846147] run_timer_softirq+0x2e/0x50 [ 110.850233] __do_softirq+0x53f/0x93a [ 110.854035] ================================================================== [ 110.861395] Disabling lock debugging due to kernel taint [ 110.866852] Kernel panic - not syncing: panic_on_warn set ... [ 110.872757] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.20.0-rc7+ #16 [ 110.880730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.890097] Call Trace: [ 110.892689] [ 110.894863] dump_stack+0x173/0x1d0 [ 110.898525] panic+0x3ce/0x961 [ 110.901785] kmsan_report+0x293/0x2a0 [ 110.905616] __msan_warning+0x82/0xf0 [ 110.909449] send_hsr_supervision_frame+0x1056/0x1510 [ 110.914695] hsr_announce+0x14c/0x3a0 [ 110.918559] call_timer_fn+0x285/0x600 [ 110.922473] ? hsr_dev_finalize+0xb90/0xb90 [ 110.926825] __run_timers+0xdb4/0x11d0 [ 110.930731] ? hsr_dev_finalize+0xb90/0xb90 [ 110.935093] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 110.940557] ? irqtime_account_irq+0xcf/0x2e0 [ 110.945077] ? timers_dead_cpu+0xa50/0xa50 [ 110.949333] run_timer_softirq+0x2e/0x50 [ 110.953415] __do_softirq+0x53f/0x93a [ 110.957265] irq_exit+0x214/0x250 [ 110.960738] exiting_irq+0xe/0x10 [ 110.964214] smp_apic_timer_interrupt+0x48/0x70 [ 110.968905] apic_timer_interrupt+0x2e/0x40 [ 110.973237] [ 110.975491] RIP: 0010:default_idle+0x27e/0x4e0 [ 110.980086] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 110.998997] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 111.006718] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 111.014013] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 111.021294] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 111.028576] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 111.035855] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 111.043186] ? __cpuidle_text_start+0x8/0x8 [ 111.047577] ? default_idle+0x6e/0x4e0 [ 111.051485] ? __cpuidle_text_start+0x8/0x8 [ 111.056277] ? __cpuidle_text_start+0x8/0x8 [ 111.060620] arch_cpu_idle+0x26/0x30 [ 111.064351] do_idle+0x22d/0x800 [ 111.067748] cpu_startup_entry+0x45/0x50 [ 111.071834] rest_init+0x1c1/0x1f0 [ 111.075403] arch_call_rest_init+0x13/0x15 [ 111.079655] start_kernel+0x9d7/0xbb1 [ 111.083492] x86_64_start_reservations+0x19/0x2f [ 111.088268] x86_64_start_kernel+0x84/0x87 [ 111.092522] secondary_startup_64+0xa4/0xb0 [ 111.097854] Kernel Offset: disabled [ 111.101485] Rebooting in 86400 seconds..