[ 59.447628] audit: type=1800 audit(1546164503.454:27): pid=8732 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[ 59.467246] audit: type=1800 audit(1546164503.484:28): pid=8732 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 60.889184] audit: type=1800 audit(1546164504.934:29): pid=8732 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[ 60.908815] audit: type=1800 audit(1546164504.944:30): pid=8732 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts.
2018/12/30 10:08:37 fuzzer started
2018/12/30 10:08:41 dialing manager at 10.128.0.26:41469
2018/12/30 10:08:41 syscalls: 1
2018/12/30 10:08:41 code coverage: enabled
2018/12/30 10:08:41 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 10:08:41 setuid sandbox: enabled
2018/12/30 10:08:41 namespace sandbox: enabled
2018/12/30 10:08:41 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 10:08:41 fault injection: enabled
2018/12/30 10:08:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 10:08:41 net packet injection: enabled
2018/12/30 10:08:41 net device setup: enabled
10:08:44 executing program 0:
socketpair(0x22, 0x2, 0x1, &(0x7f0000000000))
syzkaller login: [ 81.038764] IPVS: ftp: loaded support on port[0] = 21
[ 81.159094] chnl_net:caif_netlink_parms(): no params data found
[ 81.216917] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.223567] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.231451] device bridge_slave_0 entered promiscuous mode
[ 81.240561] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.247098] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.255112] device bridge_slave_1 entered promiscuous mode
[ 81.283438] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 81.294044] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 81.320243] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 81.328559] team0: Port device team_slave_0 added
[ 81.335856] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 81.344011] team0: Port device team_slave_1 added
[ 81.349976] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 81.359127] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 81.536099] device hsr_slave_0 entered promiscuous mode
[ 81.692662] device hsr_slave_1 entered promiscuous mode
[ 81.953183] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 81.960573] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 81.984283] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.990776] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.997854] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.004355] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.074028] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 82.080156] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.093610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 82.106023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 82.115548] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.125520] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.135147] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 82.152145] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 82.158244] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.171351] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 82.179091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 82.187569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 82.196511] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.203009] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.219037] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 82.227116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 82.235626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 82.243690] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.250127] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.264321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 82.275788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 82.287500] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 82.299517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 82.307209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 82.316196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 82.324940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 82.333689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 82.342217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 82.350698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 82.361023] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 82.375621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 82.382571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 82.390781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 82.403738] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 82.412768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 82.420708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 82.431843] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 82.437913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 82.460188] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 82.477668] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 82.551878] ==================================================================
[ 82.559290] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[ 82.566843] CPU: 0 PID: 8893 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #16
[ 82.574030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 82.583385] Call Trace:
[ 82.585970]
[ 82.588139] dump_stack+0x173/0x1d0
[ 82.591777] kmsan_report+0x12e/0x2a0
[ 82.595589] __msan_warning+0x82/0xf0
[ 82.599396] send_hsr_supervision_frame+0x1056/0x1510
[ 82.604610] hsr_announce+0x14c/0x3a0
[ 82.608428] call_timer_fn+0x285/0x600
[ 82.612318] ? hsr_dev_finalize+0xb90/0xb90
[ 82.616655] __run_timers+0xdb4/0x11d0
[ 82.620545] ? hsr_dev_finalize+0xb90/0xb90
[ 82.624884] ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 82.630335] ? irqtime_account_irq+0xcf/0x2e0
[ 82.634864] ? timers_dead_cpu+0xa50/0xa50
[ 82.639112] run_timer_softirq+0x2e/0x50
[ 82.643175] __do_softirq+0x53f/0x93a
[ 82.646994] irq_exit+0x214/0x250
[ 82.650449] exiting_irq+0xe/0x10
[ 82.653908] smp_apic_timer_interrupt+0x48/0x70
[ 82.658579] apic_timer_interrupt+0x2e/0x40
[ 82.662987]
[ 82.665229] RIP: 0010:kmsan_kmalloc+0xd9/0x130
[ 82.669815] Code: 01 00 00 00 e8 a8 be ff ff 65 ff 0c 25 c4 8f 03 00 65 8b 04 25 c4 8f 03 00 85 c0 75 32 e8 8f c1 41 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 0f 48 83 c4 18 5b 41 5c
[ 82.688723] RSP: 0018:ffff88806315f6a8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 82.696433] RAX: 0000000000000000 RBX: ffff888062ad4de0 RCX: 0000000000000007
[ 82.703707] RDX: 0000000000000006 RSI: 000000008e6000f6 RDI: ffff888062ad4de0
[ 82.710979] RBP: ffff88806315f6e8 R08: ffff888062ad4df8 R09: 0000000000000000
[ 82.718245] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88812f807980
[ 82.725512] R13: 0000000000000246 R14: 0000000000000018 R15: 00000000006000c0
[ 82.732819] kmem_cache_alloc_trace+0x55a/0xb90
[ 82.737508] ? memcg_update_all_list_lrus+0x41c/0x1110
[ 82.742805] memcg_update_all_list_lrus+0x41c/0x1110
[ 82.747952] mem_cgroup_css_alloc+0x1c3b/0x22a0
[ 82.752640] ? __earlyonly_bootmem_alloc+0xd0/0xd0
[ 82.757574] cgroup_apply_control_enable+0x5c8/0x2660
[ 82.762799] cgroup_mkdir+0x218d/0x3690
[ 82.766837] kernfs_iop_mkdir+0x40e/0x5d0
[ 82.770995] ? css_task_iter_end+0x530/0x530
[ 82.775417] ? kernfs_iop_lookup+0x3f0/0x3f0
[ 82.779825] vfs_mkdir+0x6a4/0x950
[ 82.783388] do_mkdirat+0x39f/0x680
[ 82.787035] __se_sys_mkdir+0x76/0x90
[ 82.790850] __x64_sys_mkdir+0x3e/0x60
[ 82.794745] do_syscall_64+0xbc/0xf0
[ 82.798478] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 82.803668] RIP: 0033:0x4572e7
[ 82.806867] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 82.825775] RSP: 002b:0000000000a4f658 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
[ 82.833489] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004572e7
[ 82.840760] RDX: 0000000000a4fcb7 RSI: 00000000000001ff RDI: 0000000000a4fca0
[ 82.848034] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017
[ 82.855307] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000010
[ 82.862578] R13: 0000000000413b20 R14: 0000000000000000 R15: 0000000000000000
[ 82.869862]
[ 82.871484] Uninit was created at:
[ 82.875032] kmsan_save_stack_with_flags+0x7a/0x130
[ 82.880053] kmsan_internal_alloc_meta_for_pages+0x113/0x580
[ 82.885856] kmsan_alloc_page+0x7e/0x100
[ 82.889919] __alloc_pages_nodemask+0x1587/0x5f20
[ 82.894758] page_frag_alloc+0x3c1/0x980
[ 82.898819] __netdev_alloc_skb+0x1f1/0xa50
[ 82.903154] send_hsr_supervision_frame+0x168/0x1510
[ 82.908260] hsr_announce+0x14c/0x3a0
[ 82.912064] call_timer_fn+0x285/0x600
[ 82.915955] __run_timers+0xdb4/0x11d0
[ 82.919852] run_timer_softirq+0x2e/0x50
[ 82.923914] __do_softirq+0x53f/0x93a
[ 82.927707] ==================================================================
[ 82.935061] Disabling lock debugging due to kernel taint
[ 82.940510] Kernel panic - not syncing: panic_on_warn set ...
[ 82.946396] CPU: 0 PID: 8893 Comm: syz-executor0 Tainted: G B 4.20.0-rc7+ #16
[ 82.954968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 82.964316] Call Trace:
[ 82.966899]
[ 82.969059] dump_stack+0x173/0x1d0
[ 82.972699] panic+0x3ce/0x961
[ 82.976467] kmsan_report+0x293/0x2a0
[ 82.980280] __msan_warning+0x82/0xf0
[ 82.984093] send_hsr_supervision_frame+0x1056/0x1510
[ 82.989312] hsr_announce+0x14c/0x3a0
[ 82.993132] call_timer_fn+0x285/0x600
[ 82.997021] ? hsr_dev_finalize+0xb90/0xb90
[ 83.001352] __run_timers+0xdb4/0x11d0
[ 83.005247] ? hsr_dev_finalize+0xb90/0xb90
[ 83.009584] ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 83.015035] ? irqtime_account_irq+0xcf/0x2e0
[ 83.019535] ? timers_dead_cpu+0xa50/0xa50
[ 83.023773] run_timer_softirq+0x2e/0x50
[ 83.027843] __do_softirq+0x53f/0x93a
[ 83.031660] irq_exit+0x214/0x250
[ 83.035121] exiting_irq+0xe/0x10
[ 83.038580] smp_apic_timer_interrupt+0x48/0x70
[ 83.043255] apic_timer_interrupt+0x2e/0x40
[ 83.047572]
[ 83.049818] RIP: 0010:kmsan_kmalloc+0xd9/0x130
[ 83.054409] Code: 01 00 00 00 e8 a8 be ff ff 65 ff 0c 25 c4 8f 03 00 65 8b 04 25 c4 8f 03 00 85 c0 75 32 e8 8f c1 41 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 0f 48 83 c4 18 5b 41 5c
[ 83.073313] RSP: 0018:ffff88806315f6a8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 83.081025] RAX: 0000000000000000 RBX: ffff888062ad4de0 RCX: 0000000000000007
[ 83.088292] RDX: 0000000000000006 RSI: 000000008e6000f6 RDI: ffff888062ad4de0
[ 83.095561] RBP: ffff88806315f6e8 R08: ffff888062ad4df8 R09: 0000000000000000
[ 83.102836] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88812f807980
[ 83.110109] R13: 0000000000000246 R14: 0000000000000018 R15: 00000000006000c0
[ 83.117411] kmem_cache_alloc_trace+0x55a/0xb90
[ 83.122091] ? memcg_update_all_list_lrus+0x41c/0x1110
[ 83.127395] memcg_update_all_list_lrus+0x41c/0x1110
[ 83.132534] mem_cgroup_css_alloc+0x1c3b/0x22a0
[ 83.137222] ? __earlyonly_bootmem_alloc+0xd0/0xd0
[ 83.142159] cgroup_apply_control_enable+0x5c8/0x2660
[ 83.147387] cgroup_mkdir+0x218d/0x3690
[ 83.151504] kernfs_iop_mkdir+0x40e/0x5d0
[ 83.155670] ? css_task_iter_end+0x530/0x530
[ 83.160100] ? kernfs_iop_lookup+0x3f0/0x3f0
[ 83.164517] vfs_mkdir+0x6a4/0x950
[ 83.168070] do_mkdirat+0x39f/0x680
[ 83.171719] __se_sys_mkdir+0x76/0x90
[ 83.175550] __x64_sys_mkdir+0x3e/0x60
[ 83.179444] do_syscall_64+0xbc/0xf0
[ 83.183170] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 83.188362] RIP: 0033:0x4572e7
[ 83.191557] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 83.210549] RSP: 002b:0000000000a4f658 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
[ 83.218258] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004572e7
[ 83.225526] RDX: 0000000000a4fcb7 RSI: 00000000000001ff RDI: 0000000000a4fca0
[ 83.232797] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017
[ 83.240072] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000010
[ 83.247344] R13: 0000000000413b20 R14: 0000000000000000 R15: 0000000000000000
[ 83.255823] Kernel Offset: disabled
[ 83.259462] Rebooting in 86400 seconds..