[   86.808824] audit: type=1800 audit(1546176538.856:25): pid=10352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   86.827998] audit: type=1800 audit(1546176538.856:26): pid=10352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   86.847448] audit: type=1800 audit(1546176538.886:27): pid=10352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   87.893975] sshd (10419) used greatest stack depth: 53848 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts.
2018/12/30 13:29:11 fuzzer started
2018/12/30 13:29:16 dialing manager at 10.128.0.26:38305
2018/12/30 13:29:16 syscalls: 1
2018/12/30 13:29:16 code coverage: enabled
2018/12/30 13:29:16 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 13:29:16 setuid sandbox: enabled
2018/12/30 13:29:16 namespace sandbox: enabled
2018/12/30 13:29:16 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 13:29:16 fault injection: enabled
2018/12/30 13:29:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 13:29:16 net packet injection: enabled
2018/12/30 13:29:16 net device setup: enabled
13:29:19 executing program 0:
unshare(0x8000400)
r0 = socket$inet(0x2, 0x3, 0x800000000000b)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x2, 0x340, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000a68], 0x0, 0x0, &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'team_slave_1\x00', 'vlan0\x00', 'veth1_to_team\x00', 'dummy0\x00', @local, [], @empty, [], 0x1d8, 0x1d8, 0x208, [@statistic={'statistic\x00', 0x18}, @comment={'comment\x00', 0x100}]}}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x806, '\x03\x00sf0\x00\x00\x10\x00', 'dummy0\x00', 'ifb0\x00', 'lo\x00', @broadcast, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev, 0xffffffffffffffff}}}}]}]}, 0x3b8)

syzkaller login: [  107.859208] IPVS: ftp: loaded support on port[0] = 21
[  108.011427] chnl_net:caif_netlink_parms(): no params data found
[  108.080223] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.086857] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.095232] device bridge_slave_0 entered promiscuous mode
[  108.104784] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.111297] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.119751] device bridge_slave_1 entered promiscuous mode
[  108.154693] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  108.166504] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  108.197199] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  108.205933] team0: Port device team_slave_0 added
[  108.213008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  108.221724] team0: Port device team_slave_1 added
[  108.229101] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  108.237544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  108.416279] device hsr_slave_0 entered promiscuous mode
[  108.672199] device hsr_slave_1 entered promiscuous mode
[  108.932996] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  108.940587] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  108.970901] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.977545] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.984808] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.991348] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.053946] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.064479] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.103485] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.118510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  109.131047] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  109.138534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  109.146592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  109.167307] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  109.173537] 8021q: adding VLAN 0 to HW filter on device team0
[  109.188550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  109.196187] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  109.204837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  109.213216] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.219711] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.234959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  109.242665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  109.251426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  109.261298] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.267844] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.284862] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  109.297309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  109.305256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  109.314853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  109.330196] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  109.339023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  109.348014] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  109.363644] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  109.372693] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  109.380755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  109.389793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  109.404488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  109.417501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  109.427054] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  109.436872] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  109.448701] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  109.456436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  109.465574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  109.474549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  109.483097] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  109.495023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  109.522574] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  109.548127] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.582526] ==================================================================
[  109.589937] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[  109.597490] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16
[  109.604075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.613435] Call Trace:
[  109.616033]  <IRQ>
[  109.618204]  dump_stack+0x173/0x1d0
[  109.621867]  kmsan_report+0x12e/0x2a0
[  109.625704]  __msan_warning+0x82/0xf0
[  109.629534]  send_hsr_supervision_frame+0x1056/0x1510
[  109.634785]  hsr_announce+0x14c/0x3a0
[  109.638622]  call_timer_fn+0x285/0x600
[  109.642529]  ? hsr_dev_finalize+0xb90/0xb90
[  109.646883]  __run_timers+0xdb4/0x11d0
[  109.650791]  ? hsr_dev_finalize+0xb90/0xb90
[  109.655155]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  109.660624]  ? irqtime_account_irq+0xcf/0x2e0
[  109.665174]  ? timers_dead_cpu+0xa50/0xa50
[  109.669434]  run_timer_softirq+0x2e/0x50
[  109.673516]  __do_softirq+0x53f/0x93a
[  109.677375]  irq_exit+0x214/0x250
[  109.680851]  exiting_irq+0xe/0x10
[  109.684327]  smp_apic_timer_interrupt+0x48/0x70
[  109.689030]  apic_timer_interrupt+0x2e/0x40
[  109.693378]  </IRQ>
[  109.695636] RIP: 0010:default_idle+0x27e/0x4e0
[  109.700233] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[  109.719156] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  109.726887] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[  109.734171] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[  109.741453] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[  109.748735] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[  109.756019] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[  109.763329]  ? __cpuidle_text_start+0x8/0x8
[  109.767706]  ? default_idle+0x6e/0x4e0
[  109.771615]  ? __cpuidle_text_start+0x8/0x8
[  109.775958]  ? __cpuidle_text_start+0x8/0x8
[  109.780336]  arch_cpu_idle+0x26/0x30
[  109.784086]  do_idle+0x22d/0x800
[  109.787486]  cpu_startup_entry+0x45/0x50
[  109.791569]  rest_init+0x1c1/0x1f0
[  109.795638]  arch_call_rest_init+0x13/0x15
[  109.799896]  start_kernel+0x9d7/0xbb1
[  109.803733]  x86_64_start_reservations+0x19/0x2f
[  109.808507]  x86_64_start_kernel+0x84/0x87
[  109.812766]  secondary_startup_64+0xa4/0xb0
[  109.817119] 
[  109.818748] Uninit was created at:
[  109.822310]  kmsan_save_stack_with_flags+0x7a/0x130
[  109.827366]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[  109.833180]  kmsan_alloc_page+0x7e/0x100
[  109.837257]  __alloc_pages_nodemask+0x1587/0x5f20
[  109.842118]  page_frag_alloc+0x3c1/0x980
[  109.846196]  __netdev_alloc_skb+0x1f1/0xa50
[  109.850530]  send_hsr_supervision_frame+0x168/0x1510
[  109.855651]  hsr_announce+0x14c/0x3a0
[  109.859470]  call_timer_fn+0x285/0x600
[  109.863384]  __run_timers+0xdb4/0x11d0
[  109.867305]  run_timer_softirq+0x2e/0x50
[  109.871396]  __do_softirq+0x53f/0x93a
[  109.875199] ==================================================================
[  109.882565] Disabling lock debugging due to kernel taint
[  109.888023] Kernel panic - not syncing: panic_on_warn set ...
[  109.893927] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             4.20.0-rc7+ #16
[  109.901905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.911262] Call Trace:
[  109.913863]  <IRQ>
[  109.916038]  dump_stack+0x173/0x1d0
[  109.919697]  panic+0x3ce/0x961
[  109.922958]  kmsan_report+0x293/0x2a0
[  109.926804]  __msan_warning+0x82/0xf0
[  109.930683]  send_hsr_supervision_frame+0x1056/0x1510
[  109.935932]  hsr_announce+0x14c/0x3a0
[  109.939771]  call_timer_fn+0x285/0x600
[  109.943681]  ? hsr_dev_finalize+0xb90/0xb90
[  109.948035]  __run_timers+0xdb4/0x11d0
[  109.951948]  ? hsr_dev_finalize+0xb90/0xb90
[  109.956314]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  109.961797]  ? irqtime_account_irq+0xcf/0x2e0
[  109.966318]  ? timers_dead_cpu+0xa50/0xa50
[  109.970589]  run_timer_softirq+0x2e/0x50
[  109.974672]  __do_softirq+0x53f/0x93a
[  109.978518]  irq_exit+0x214/0x250
[  109.981992]  exiting_irq+0xe/0x10
[  109.985468]  smp_apic_timer_interrupt+0x48/0x70
[  109.990156]  apic_timer_interrupt+0x2e/0x40
[  109.994491]  </IRQ>
[  109.996752] RIP: 0010:default_idle+0x27e/0x4e0
[  110.001358] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[  110.020281] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  110.028002] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[  110.035289] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[  110.042573] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[  110.049857] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[  110.057140] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[  110.064440]  ? __cpuidle_text_start+0x8/0x8
[  110.068797]  ? default_idle+0x6e/0x4e0
[  110.072709]  ? __cpuidle_text_start+0x8/0x8
[  110.077050]  ? __cpuidle_text_start+0x8/0x8
[  110.081400]  arch_cpu_idle+0x26/0x30
[  110.085133]  do_idle+0x22d/0x800
[  110.088536]  cpu_startup_entry+0x45/0x50
[  110.092619]  rest_init+0x1c1/0x1f0
[  110.096189]  arch_call_rest_init+0x13/0x15
[  110.100446]  start_kernel+0x9d7/0xbb1
[  110.104281]  x86_64_start_reservations+0x19/0x2f
[  110.109059]  x86_64_start_kernel+0x84/0x87
[  110.113313]  secondary_startup_64+0xa4/0xb0
[  110.118591] Kernel Offset: disabled
[  110.122222] Rebooting in 86400 seconds..