[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 90.240196] audit: type=1800 audit(1546175570.299:25): pid=10490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 90.259363] audit: type=1800 audit(1546175570.299:26): pid=10490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 90.278831] audit: type=1800 audit(1546175570.319:27): pid=10490 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 94.359202] sshd (10626) used greatest stack depth: 53720 bytes left Warning: Permanently added '10.128.15.223' (ECDSA) to the list of known hosts. 2018/12/30 13:13:04 fuzzer started 2018/12/30 13:13:09 dialing manager at 10.128.0.26:38305 2018/12/30 13:13:09 syscalls: 1 2018/12/30 13:13:09 code coverage: enabled 2018/12/30 13:13:09 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 13:13:09 setuid sandbox: enabled 2018/12/30 13:13:09 namespace sandbox: enabled 2018/12/30 13:13:09 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 13:13:09 fault injection: enabled 2018/12/30 13:13:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 13:13:09 net packet injection: enabled 2018/12/30 13:13:09 net device setup: enabled 13:13:12 executing program 0: unshare(0x2000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000080)={0x0, 0x2000000001, 0x1, &(0x7f0000000040)=0x3fffffffffffffe}) [ 112.578092] IPVS: ftp: loaded support on port[0] = 21 [ 112.730632] chnl_net:caif_netlink_parms(): no params data found [ 112.800331] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.806965] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.815464] device bridge_slave_0 entered promiscuous mode [ 112.824504] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.831022] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.839281] device bridge_slave_1 entered promiscuous mode [ 112.871953] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 112.883386] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 112.914141] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 112.922755] team0: Port device team_slave_0 added [ 112.929609] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 112.938228] team0: Port device team_slave_1 added [ 112.945729] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 112.954346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 113.138059] device hsr_slave_0 entered promiscuous mode [ 113.304037] device hsr_slave_1 entered promiscuous mode [ 113.564974] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 113.572546] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 113.603133] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.609715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.616930] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.623644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.714907] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 113.721012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.735656] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 113.750943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 113.761883] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.772610] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.786992] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 113.804279] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 113.810391] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.824606] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 113.831782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 113.840454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 113.849191] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.855738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.871517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 113.884256] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 113.896853] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 113.905073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 113.913689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 113.921900] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.928463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.937510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 113.946624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 113.960439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 113.967525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 113.976552] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 113.992775] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 114.004252] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 114.012390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 114.021613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 114.033657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 114.040958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 114.049396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 114.079029] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 114.086632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 114.095390] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 114.109834] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 114.116026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 114.144245] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 114.171006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.233110] ================================================================== [ 114.240504] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 114.248052] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16 [ 114.254633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.264000] Call Trace: [ 114.266591] [ 114.268758] dump_stack+0x173/0x1d0 [ 114.272438] kmsan_report+0x12e/0x2a0 [ 114.276268] __msan_warning+0x82/0xf0 [ 114.280099] send_hsr_supervision_frame+0x1056/0x1510 [ 114.285368] hsr_announce+0x14c/0x3a0 [ 114.289227] call_timer_fn+0x285/0x600 [ 114.293147] ? hsr_dev_finalize+0xb90/0xb90 [ 114.297497] __run_timers+0xdb4/0x11d0 [ 114.301410] ? hsr_dev_finalize+0xb90/0xb90 [ 114.305778] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 114.311246] ? irqtime_account_irq+0xcf/0x2e0 [ 114.315766] ? timers_dead_cpu+0xa50/0xa50 [ 114.320023] run_timer_softirq+0x2e/0x50 [ 114.324101] __do_softirq+0x53f/0x93a [ 114.327950] irq_exit+0x214/0x250 [ 114.331423] exiting_irq+0xe/0x10 [ 114.334897] smp_apic_timer_interrupt+0x48/0x70 [ 114.339584] apic_timer_interrupt+0x2e/0x40 [ 114.343914] [ 114.346175] RIP: 0010:default_idle+0x27e/0x4e0 [ 114.350784] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 114.369698] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 114.377417] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 114.384695] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 114.391973] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 114.399249] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 114.406551] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 114.413848] ? __cpuidle_text_start+0x8/0x8 [ 114.418202] ? default_idle+0x6e/0x4e0 [ 114.422107] ? __cpuidle_text_start+0x8/0x8 [ 114.426450] ? __cpuidle_text_start+0x8/0x8 [ 114.430798] arch_cpu_idle+0x26/0x30 [ 114.434531] do_idle+0x22d/0x800 [ 114.438029] cpu_startup_entry+0x45/0x50 [ 114.442112] rest_init+0x1c1/0x1f0 [ 114.445688] arch_call_rest_init+0x13/0x15 [ 114.449952] start_kernel+0x9d7/0xbb1 [ 114.453780] x86_64_start_reservations+0x19/0x2f [ 114.458555] x86_64_start_kernel+0x84/0x87 [ 114.462807] secondary_startup_64+0xa4/0xb0 [ 114.467154] [ 114.468786] Uninit was created at: [ 114.472347] kmsan_save_stack_with_flags+0x7a/0x130 [ 114.477403] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 114.483213] kmsan_alloc_page+0x7e/0x100 [ 114.487289] __alloc_pages_nodemask+0x1587/0x5f20 [ 114.492144] page_frag_alloc+0x3c1/0x980 [ 114.496221] __netdev_alloc_skb+0x1f1/0xa50 [ 114.500555] send_hsr_supervision_frame+0x168/0x1510 [ 114.505701] hsr_announce+0x14c/0x3a0 [ 114.509534] call_timer_fn+0x285/0x600 [ 114.513452] __run_timers+0xdb4/0x11d0 [ 114.517380] run_timer_softirq+0x2e/0x50 [ 114.521465] __do_softirq+0x53f/0x93a [ 114.525299] ================================================================== [ 114.532654] Disabling lock debugging due to kernel taint [ 114.538109] Kernel panic - not syncing: panic_on_warn set ... [ 114.544008] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.20.0-rc7+ #16 [ 114.551976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.561336] Call Trace: [ 114.563939] [ 114.566137] dump_stack+0x173/0x1d0 [ 114.569792] panic+0x3ce/0x961 [ 114.573050] kmsan_report+0x293/0x2a0 [ 114.576881] __msan_warning+0x82/0xf0 [ 114.580704] send_hsr_supervision_frame+0x1056/0x1510 [ 114.585941] hsr_announce+0x14c/0x3a0 [ 114.589774] call_timer_fn+0x285/0x600 [ 114.593677] ? hsr_dev_finalize+0xb90/0xb90 [ 114.598025] __run_timers+0xdb4/0x11d0 [ 114.601929] ? hsr_dev_finalize+0xb90/0xb90 [ 114.606289] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 114.611751] ? irqtime_account_irq+0xcf/0x2e0 [ 114.616283] ? timers_dead_cpu+0xa50/0xa50 [ 114.620538] run_timer_softirq+0x2e/0x50 [ 114.624627] __do_softirq+0x53f/0x93a [ 114.628496] irq_exit+0x214/0x250 [ 114.631971] exiting_irq+0xe/0x10 [ 114.635448] smp_apic_timer_interrupt+0x48/0x70 [ 114.640132] apic_timer_interrupt+0x2e/0x40 [ 114.644454] [ 114.646735] RIP: 0010:default_idle+0x27e/0x4e0 [ 114.651323] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 114.670244] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 114.677964] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 114.685248] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 114.692532] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 114.699812] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 114.707088] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 114.714398] ? __cpuidle_text_start+0x8/0x8 [ 114.718758] ? default_idle+0x6e/0x4e0 [ 114.722688] ? __cpuidle_text_start+0x8/0x8 [ 114.727022] ? __cpuidle_text_start+0x8/0x8 [ 114.731407] arch_cpu_idle+0x26/0x30 [ 114.735139] do_idle+0x22d/0x800 [ 114.738543] cpu_startup_entry+0x45/0x50 [ 114.742625] rest_init+0x1c1/0x1f0 [ 114.746192] arch_call_rest_init+0x13/0x15 [ 114.750462] start_kernel+0x9d7/0xbb1 [ 114.754292] x86_64_start_reservations+0x19/0x2f [ 114.759061] x86_64_start_kernel+0x84/0x87 [ 114.763331] secondary_startup_64+0xa4/0xb0 [ 114.768679] Kernel Offset: disabled [ 114.772310] Rebooting in 86400 seconds..