[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 94.834334] audit: type=1800 audit(1546166961.882:25): pid=11313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 94.853511] audit: type=1800 audit(1546166961.882:26): pid=11313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 94.872989] audit: type=1800 audit(1546166961.902:27): pid=11313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. 2018/12/30 10:49:37 fuzzer started 2018/12/30 10:49:42 dialing manager at 10.128.0.26:41469 2018/12/30 10:49:42 syscalls: 1 2018/12/30 10:49:42 code coverage: enabled 2018/12/30 10:49:42 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 10:49:42 setuid sandbox: enabled 2018/12/30 10:49:42 namespace sandbox: enabled 2018/12/30 10:49:42 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 10:49:42 fault injection: enabled 2018/12/30 10:49:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 10:49:42 net packet injection: enabled 2018/12/30 10:49:42 net device setup: enabled 10:49:45 executing program 0: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x800, 0x0) mlock2(&(0x7f000034c000/0x4000)=nil, 0x4000, 0x0) mlock2(&(0x7f0000bbf000/0x3000)=nil, 0x3000, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2000000000002) syzkaller login: [ 118.811802] IPVS: ftp: loaded support on port[0] = 21 [ 118.966127] chnl_net:caif_netlink_parms(): no params data found [ 119.038990] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.045593] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.054159] device bridge_slave_0 entered promiscuous mode [ 119.063278] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.069776] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.078038] device bridge_slave_1 entered promiscuous mode [ 119.111147] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.122425] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.152746] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.161441] team0: Port device team_slave_0 added [ 119.168093] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 119.176926] team0: Port device team_slave_1 added [ 119.183682] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.192076] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.346487] device hsr_slave_0 entered promiscuous mode [ 119.472674] device hsr_slave_1 entered promiscuous mode [ 119.733599] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 119.741212] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 119.771465] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.778058] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.785405] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.791976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.880483] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 119.886825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.900685] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.914669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.925753] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.935011] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.946256] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 119.963748] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 119.969849] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.985643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.993904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.004243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.012567] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.019086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.036311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 120.050248] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 120.058006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.066879] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.075468] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.082001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.090813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.105131] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 120.112444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.128828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 120.135989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.145279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.160644] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 120.167889] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.176144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.185111] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.199509] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 120.206471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.215194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.230036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 120.237206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.245600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.260157] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 120.266854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.293188] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 120.314352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.381741] ================================================================== [ 120.389143] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 120.396697] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16 [ 120.403282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.412645] Call Trace: [ 120.415246] [ 120.417425] dump_stack+0x173/0x1d0 [ 120.421099] kmsan_report+0x12e/0x2a0 [ 120.424940] __msan_warning+0x82/0xf0 [ 120.428786] send_hsr_supervision_frame+0x1056/0x1510 [ 120.434047] hsr_announce+0x14c/0x3a0 [ 120.437885] call_timer_fn+0x285/0x600 [ 120.441800] ? hsr_dev_finalize+0xb90/0xb90 [ 120.446152] __run_timers+0xdb4/0x11d0 [ 120.450060] ? hsr_dev_finalize+0xb90/0xb90 [ 120.454431] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 120.459908] ? irqtime_account_irq+0xcf/0x2e0 [ 120.464433] ? timers_dead_cpu+0xa50/0xa50 [ 120.468690] run_timer_softirq+0x2e/0x50 [ 120.472773] __do_softirq+0x53f/0x93a [ 120.477085] irq_exit+0x214/0x250 [ 120.480562] exiting_irq+0xe/0x10 [ 120.484055] smp_apic_timer_interrupt+0x48/0x70 [ 120.488743] apic_timer_interrupt+0x2e/0x40 [ 120.493071] [ 120.495331] RIP: 0010:default_idle+0x27e/0x4e0 [ 120.499952] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 120.518869] RSP: 0018:ffff8880af67fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 120.526609] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 120.533903] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 120.541197] RBP: ffff8880af67fe18 R08: 0000000000000002 R09: ffff8880af67fd78 [ 120.548505] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af598988 [ 120.555786] R13: 0000000000000001 R14: ffff8880af598000 R15: ffff8880af598988 [ 120.563090] ? __cpuidle_text_start+0x8/0x8 [ 120.567455] ? __cpuidle_text_start+0x8/0x8 [ 120.571795] ? __cpuidle_text_start+0x8/0x8 [ 120.576146] arch_cpu_idle+0x26/0x30 [ 120.579880] do_idle+0x22d/0x800 [ 120.583290] cpu_startup_entry+0x45/0x50 [ 120.587365] ? setup_APIC_timer+0x200/0x200 [ 120.591860] start_secondary+0x4b2/0x5d0 [ 120.595959] secondary_startup_64+0xa4/0xb0 [ 120.600311] [ 120.601945] Uninit was created at: [ 120.605519] kmsan_save_stack_with_flags+0x7a/0x130 [ 120.610604] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 120.616426] kmsan_alloc_page+0x7e/0x100 [ 120.620500] __alloc_pages_nodemask+0x1587/0x5f20 [ 120.625357] page_frag_alloc+0x3c1/0x980 [ 120.629440] __netdev_alloc_skb+0x1f1/0xa50 [ 120.633774] send_hsr_supervision_frame+0x168/0x1510 [ 120.638906] hsr_announce+0x14c/0x3a0 [ 120.642724] call_timer_fn+0x285/0x600 [ 120.646623] __run_timers+0xdb4/0x11d0 [ 120.650528] run_timer_softirq+0x2e/0x50 [ 120.654602] __do_softirq+0x53f/0x93a [ 120.658407] ================================================================== [ 120.665772] Disabling lock debugging due to kernel taint [ 120.671256] Kernel panic - not syncing: panic_on_warn set ... [ 120.677160] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.20.0-rc7+ #16 [ 120.685132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.694491] Call Trace: [ 120.697088] [ 120.699255] dump_stack+0x173/0x1d0 [ 120.702931] panic+0x3ce/0x961 [ 120.706189] kmsan_report+0x293/0x2a0 [ 120.710016] __msan_warning+0x82/0xf0 [ 120.713842] send_hsr_supervision_frame+0x1056/0x1510 [ 120.719092] hsr_announce+0x14c/0x3a0 [ 120.722936] call_timer_fn+0x285/0x600 [ 120.726845] ? hsr_dev_finalize+0xb90/0xb90 [ 120.731196] __run_timers+0xdb4/0x11d0 [ 120.735101] ? hsr_dev_finalize+0xb90/0xb90 [ 120.739468] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 120.744943] ? irqtime_account_irq+0xcf/0x2e0 [ 120.749461] ? timers_dead_cpu+0xa50/0xa50 [ 120.753718] run_timer_softirq+0x2e/0x50 [ 120.757803] __do_softirq+0x53f/0x93a [ 120.761644] irq_exit+0x214/0x250 [ 120.765117] exiting_irq+0xe/0x10 [ 120.768586] smp_apic_timer_interrupt+0x48/0x70 [ 120.773276] apic_timer_interrupt+0x2e/0x40 [ 120.777606] [ 120.779864] RIP: 0010:default_idle+0x27e/0x4e0 [ 120.784468] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 120.803385] RSP: 0018:ffff8880af67fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 120.811111] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 120.818392] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 120.825674] RBP: ffff8880af67fe18 R08: 0000000000000002 R09: ffff8880af67fd78 [ 120.832957] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af598988 [ 120.840242] R13: 0000000000000001 R14: ffff8880af598000 R15: ffff8880af598988 [ 120.847545] ? __cpuidle_text_start+0x8/0x8 [ 120.851926] ? __cpuidle_text_start+0x8/0x8 [ 120.856265] ? __cpuidle_text_start+0x8/0x8 [ 120.860616] arch_cpu_idle+0x26/0x30 [ 120.864352] do_idle+0x22d/0x800 [ 120.867753] cpu_startup_entry+0x45/0x50 [ 120.871834] ? setup_APIC_timer+0x200/0x200 [ 120.876175] start_secondary+0x4b2/0x5d0 [ 120.880272] secondary_startup_64+0xa4/0xb0 [ 120.885538] Kernel Offset: disabled [ 120.889167] Rebooting in 86400 seconds..