[   56.659282] audit: type=1800 audit(1546165970.689:27): pid=8713 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   56.678860] audit: type=1800 audit(1546165970.699:28): pid=8713 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   58.001192] audit: type=1800 audit(1546165972.049:29): pid=8713 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   58.020724] audit: type=1800 audit(1546165972.049:30): pid=8713 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts.
2018/12/30 10:33:05 fuzzer started
2018/12/30 10:33:10 dialing manager at 10.128.0.26:41469
2018/12/30 10:33:10 syscalls: 1
2018/12/30 10:33:10 code coverage: enabled
2018/12/30 10:33:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 10:33:10 setuid sandbox: enabled
2018/12/30 10:33:10 namespace sandbox: enabled
2018/12/30 10:33:10 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 10:33:10 fault injection: enabled
2018/12/30 10:33:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 10:33:10 net packet injection: enabled
2018/12/30 10:33:10 net device setup: enabled
10:33:12 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x10008000000004)
sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f0000000040)=@bridge_getlink={0x58, 0x12, 0x88b1dc089af64ad5, 0x0, 0x0, {}, [@IFLA_CARRIER={0x8}, @IFLA_MAP={0x24}, @IFLA_ADDRESS={0xc, 0x1, @dev}]}, 0xff53}}, 0x0)

syzkaller login: [   78.993894] IPVS: ftp: loaded support on port[0] = 21
[   79.099701] chnl_net:caif_netlink_parms(): no params data found
[   79.150508] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.157048] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.164770] device bridge_slave_0 entered promiscuous mode
[   79.173080] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.179609] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.187446] device bridge_slave_1 entered promiscuous mode
[   79.211928] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   79.222029] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   79.246075] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   79.254241] team0: Port device team_slave_0 added
[   79.260182] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   79.268315] team0: Port device team_slave_1 added
[   79.274515] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   79.282561] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   79.455811] device hsr_slave_0 entered promiscuous mode
[   79.583003] device hsr_slave_1 entered promiscuous mode
[   79.713356] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   79.720909] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   79.745529] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.752024] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.759012] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.765490] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.829173] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   79.835575] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.847415] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   79.859376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.870353] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.879099] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.888531] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   79.903601] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   79.909691] 8021q: adding VLAN 0 to HW filter on device team0
[   79.923431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   79.931377] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.937853] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.975230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   79.983570] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.990015] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.999206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   80.007662] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   80.018629] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   80.033363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   80.041287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   80.060777] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   80.067042] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.089483] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   80.106294] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.182493] ==================================================================
[   80.190010] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[   80.197556] CPU: 1 PID: 8874 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #16
[   80.204738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   80.214086] Call Trace:
[   80.216684]  <IRQ>
[   80.218845]  dump_stack+0x173/0x1d0
[   80.222488]  kmsan_report+0x12e/0x2a0
[   80.226547]  __msan_warning+0x82/0xf0
[   80.230363]  send_hsr_supervision_frame+0x1056/0x1510
[   80.235584]  hsr_announce+0x14c/0x3a0
[   80.239405]  call_timer_fn+0x285/0x600
[   80.243300]  ? hsr_dev_finalize+0xb90/0xb90
[   80.247651]  __run_timers+0xdb4/0x11d0
[   80.251552]  ? hsr_dev_finalize+0xb90/0xb90
[   80.255893]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   80.261348]  ? irqtime_account_irq+0xcf/0x2e0
[   80.265940]  ? timers_dead_cpu+0xa50/0xa50
[   80.270197]  run_timer_softirq+0x2e/0x50
[   80.274264]  __do_softirq+0x53f/0x93a
[   80.278093]  irq_exit+0x214/0x250
[   80.281586]  exiting_irq+0xe/0x10
[   80.285049]  smp_apic_timer_interrupt+0x48/0x70
[   80.289728]  apic_timer_interrupt+0x2e/0x40
[   80.294043]  </IRQ>
[   80.296284] RIP: 0010:kmsan_kmalloc+0xd9/0x130
[   80.300862] Code: 01 00 00 00 e8 a8 be ff ff 65 ff 0c 25 c4 8f 03 00 65 8b 04 25 c4 8f 03 00 85 c0 75 32 e8 8f c1 41 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 0f 48 83 c4 18 5b 41 5c
[   80.319766] RSP: 0018:ffff88806359f6a8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   80.327475] RAX: 0000000000000000 RBX: ffff88808831e260 RCX: 0000000000000007
[   80.334744] RDX: 0000000000000006 RSI: 00000000d22000f5 RDI: ffff88808831e260
[   80.342015] RBP: ffff88806359f6e8 R08: ffff88808831e278 R09: 0000000000000000
[   80.349286] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88812f807980
[   80.356562] R13: 0000000000000246 R14: 0000000000000018 R15: 00000000006000c0
[   80.363878]  kmem_cache_alloc_trace+0x55a/0xb90
[   80.368581]  ? memcg_update_all_list_lrus+0x41c/0x1110
[   80.373900]  memcg_update_all_list_lrus+0x41c/0x1110
[   80.379042]  mem_cgroup_css_alloc+0x1c3b/0x22a0
[   80.383722]  ? __earlyonly_bootmem_alloc+0xd0/0xd0
[   80.388758]  cgroup_apply_control_enable+0x5c8/0x2660
[   80.394462]  cgroup_mkdir+0x218d/0x3690
[   80.398500]  kernfs_iop_mkdir+0x40e/0x5d0
[   80.402656]  ? css_task_iter_end+0x530/0x530
[   80.407076]  ? kernfs_iop_lookup+0x3f0/0x3f0
[   80.411482]  vfs_mkdir+0x6a4/0x950
[   80.415142]  do_mkdirat+0x39f/0x680
[   80.418822]  __se_sys_mkdir+0x76/0x90
[   80.422647]  __x64_sys_mkdir+0x3e/0x60
[   80.426532]  do_syscall_64+0xbc/0xf0
[   80.430258]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   80.435451] RIP: 0033:0x4572e7
[   80.438642] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   80.457642] RSP: 002b:0000000000a4f658 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
[   80.465352] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004572e7
[   80.472638] RDX: 0000000000a4fcb7 RSI: 00000000000001ff RDI: 0000000000a4fca0
[   80.479906] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017
[   80.487174] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000010
[   80.494523] R13: 0000000000413b20 R14: 0000000000000000 R15: 0000000000000000
[   80.501892] 
[   80.503519] Uninit was created at:
[   80.507083]  kmsan_save_stack_with_flags+0x7a/0x130
[   80.512091]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[   80.517882]  kmsan_alloc_page+0x7e/0x100
[   80.521938]  __alloc_pages_nodemask+0x1587/0x5f20
[   80.526795]  page_frag_alloc+0x3c1/0x980
[   80.530862]  __netdev_alloc_skb+0x1f1/0xa50
[   80.535179]  send_hsr_supervision_frame+0x168/0x1510
[   80.540275]  hsr_announce+0x14c/0x3a0
[   80.544081]  call_timer_fn+0x285/0x600
[   80.547966]  __run_timers+0xdb4/0x11d0
[   80.551853]  run_timer_softirq+0x2e/0x50
[   80.555920]  __do_softirq+0x53f/0x93a
[   80.559726] ==================================================================
[   80.567075] Disabling lock debugging due to kernel taint
[   80.572517] Kernel panic - not syncing: panic_on_warn set ...
[   80.578492] CPU: 1 PID: 8874 Comm: syz-executor0 Tainted: G    B             4.20.0-rc7+ #16
[   80.587056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   80.596406] Call Trace:
[   80.598985]  <IRQ>
[   80.601137]  dump_stack+0x173/0x1d0
[   80.604781]  panic+0x3ce/0x961
[   80.608003]  kmsan_report+0x293/0x2a0
[   80.611811]  __msan_warning+0x82/0xf0
[   80.615614]  send_hsr_supervision_frame+0x1056/0x1510
[   80.620826]  hsr_announce+0x14c/0x3a0
[   80.624640]  call_timer_fn+0x285/0x600
[   80.628528]  ? hsr_dev_finalize+0xb90/0xb90
[   80.633033]  __run_timers+0xdb4/0x11d0
[   80.636920]  ? hsr_dev_finalize+0xb90/0xb90
[   80.641259]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   80.646709]  ? irqtime_account_irq+0xcf/0x2e0
[   80.651206]  ? timers_dead_cpu+0xa50/0xa50
[   80.655447]  run_timer_softirq+0x2e/0x50
[   80.659508]  __do_softirq+0x53f/0x93a
[   80.663350]  irq_exit+0x214/0x250
[   80.666804]  exiting_irq+0xe/0x10
[   80.670276]  smp_apic_timer_interrupt+0x48/0x70
[   80.674945]  apic_timer_interrupt+0x2e/0x40
[   80.679254]  </IRQ>
[   80.681489] RIP: 0010:kmsan_kmalloc+0xd9/0x130
[   80.686065] Code: 01 00 00 00 e8 a8 be ff ff 65 ff 0c 25 c4 8f 03 00 65 8b 04 25 c4 8f 03 00 85 c0 75 32 e8 8f c1 41 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 0f 48 83 c4 18 5b 41 5c
[   80.704965] RSP: 0018:ffff88806359f6a8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   80.712670] RAX: 0000000000000000 RBX: ffff88808831e260 RCX: 0000000000000007
[   80.719949] RDX: 0000000000000006 RSI: 00000000d22000f5 RDI: ffff88808831e260
[   80.727228] RBP: ffff88806359f6e8 R08: ffff88808831e278 R09: 0000000000000000
[   80.734500] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88812f807980
[   80.741773] R13: 0000000000000246 R14: 0000000000000018 R15: 00000000006000c0
[   80.749068]  kmem_cache_alloc_trace+0x55a/0xb90
[   80.753744]  ? memcg_update_all_list_lrus+0x41c/0x1110
[   80.759052]  memcg_update_all_list_lrus+0x41c/0x1110
[   80.764190]  mem_cgroup_css_alloc+0x1c3b/0x22a0
[   80.768891]  ? __earlyonly_bootmem_alloc+0xd0/0xd0
[   80.773825]  cgroup_apply_control_enable+0x5c8/0x2660
[   80.779134]  cgroup_mkdir+0x218d/0x3690
[   80.783248]  kernfs_iop_mkdir+0x40e/0x5d0
[   80.787407]  ? css_task_iter_end+0x530/0x530
[   80.791824]  ? kernfs_iop_lookup+0x3f0/0x3f0
[   80.796236]  vfs_mkdir+0x6a4/0x950
[   80.799805]  do_mkdirat+0x39f/0x680
[   80.803472]  __se_sys_mkdir+0x76/0x90
[   80.807278]  __x64_sys_mkdir+0x3e/0x60
[   80.811167]  do_syscall_64+0xbc/0xf0
[   80.814905]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   80.820091] RIP: 0033:0x4572e7
[   80.823305] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   80.842386] RSP: 002b:0000000000a4f658 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
[   80.850098] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004572e7
[   80.857366] RDX: 0000000000a4fcb7 RSI: 00000000000001ff RDI: 0000000000a4fca0
[   80.864630] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017
[   80.871896] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000010
[   80.879344] R13: 0000000000413b20 R14: 0000000000000000 R15: 0000000000000000
[   80.887983] Kernel Offset: disabled
[   80.891605] Rebooting in 86400 seconds..