[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   49.800773] kauditd_printk_skb: 4 callbacks suppressed
[   49.800795] audit: type=1800 audit(1546170772.859:29): pid=8309 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   49.825605] audit: type=1800 audit(1546170772.869:30): pid=8309 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.227' (ECDSA) to the list of known hosts.
2018/12/30 11:53:03 fuzzer started
2018/12/30 11:53:07 dialing manager at 10.128.0.26:38305
2018/12/30 11:53:07 syscalls: 1
2018/12/30 11:53:07 code coverage: enabled
2018/12/30 11:53:07 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 11:53:07 setuid sandbox: enabled
2018/12/30 11:53:07 namespace sandbox: enabled
2018/12/30 11:53:07 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 11:53:07 fault injection: enabled
2018/12/30 11:53:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 11:53:07 net packet injection: enabled
2018/12/30 11:53:07 net device setup: enabled
11:53:09 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$sock_ifreq(r0, 0x200008924, &(0x7f0000000080)={'batadv0\x00', @ifru_settings={0x1, 0x0, @fr_pvc=0x0}})

syzkaller login: [   67.264114] IPVS: ftp: loaded support on port[0] = 21
[   67.366671] chnl_net:caif_netlink_parms(): no params data found
[   67.412872] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.419432] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.427110] device bridge_slave_0 entered promiscuous mode
[   67.435300] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.441988] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.449577] device bridge_slave_1 entered promiscuous mode
[   67.473672] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   67.483522] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   67.507137] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   67.515184] team0: Port device team_slave_0 added
[   67.521006] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   67.528890] team0: Port device team_slave_1 added
[   67.535582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   67.543703] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   67.725274] device hsr_slave_0 entered promiscuous mode
[   67.972267] device hsr_slave_1 entered promiscuous mode
[   68.152488] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   68.159665] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   68.181301] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.187784] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.194858] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.201292] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.264387] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   68.270482] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.281243] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   68.293178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.304004] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.312000] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.321197] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   68.335587] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   68.341763] 8021q: adding VLAN 0 to HW filter on device team0
[   68.354400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.362646] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.369057] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.380353] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   68.390676] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   68.398463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.406957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.414887] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.421380] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.428678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   68.442003] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   68.452498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   68.462890] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   68.472870] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   68.483290] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   68.492172] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   68.501965] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   68.512783] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   68.519708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   68.528393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   68.536904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.545231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   68.553645] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.561895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   68.569984] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.578203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   68.586275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.597660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.605395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   68.617342] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   68.639918] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.681696] ==================================================================
[   68.689307] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[   68.696924] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16
[   68.703487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.712827] Call Trace:
[   68.715416]  <IRQ>
[   68.717586]  dump_stack+0x173/0x1d0
[   68.721217]  kmsan_report+0x12e/0x2a0
[   68.725017]  __msan_warning+0x82/0xf0
[   68.728821]  send_hsr_supervision_frame+0x1056/0x1510
[   68.734021]  hsr_announce+0x14c/0x3a0
[   68.737844]  call_timer_fn+0x285/0x600
[   68.741725]  ? hsr_dev_finalize+0xb90/0xb90
[   68.746051]  __run_timers+0xdb4/0x11d0
[   68.749935]  ? hsr_dev_finalize+0xb90/0xb90
[   68.754266]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   68.759706]  ? irqtime_account_irq+0xcf/0x2e0
[   68.764197]  ? timers_dead_cpu+0xa50/0xa50
[   68.768429]  run_timer_softirq+0x2e/0x50
[   68.772486]  __do_softirq+0x53f/0x93a
[   68.776295]  irq_exit+0x214/0x250
[   68.779763]  exiting_irq+0xe/0x10
[   68.783215]  smp_apic_timer_interrupt+0x48/0x70
[   68.787880]  apic_timer_interrupt+0x2e/0x40
[   68.792278]  </IRQ>
[   68.794607] RIP: 0010:default_idle+0x27e/0x4e0
[   68.799283] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[   68.818483] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   68.826192] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[   68.833467] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[   68.840733] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[   68.847999] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[   68.855273] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[   68.862566]  ? __cpuidle_text_start+0x8/0x8
[   68.866903]  ? default_idle+0x6e/0x4e0
[   68.870802]  ? __cpuidle_text_start+0x8/0x8
[   68.875133]  ? __cpuidle_text_start+0x8/0x8
[   68.879462]  arch_cpu_idle+0x26/0x30
[   68.883180]  do_idle+0x22d/0x800
[   68.886569]  cpu_startup_entry+0x45/0x50
[   68.890632]  rest_init+0x1c1/0x1f0
[   68.894184]  arch_call_rest_init+0x13/0x15
[   68.898425]  start_kernel+0x9d7/0xbb1
[   68.902242]  x86_64_start_reservations+0x19/0x2f
[   68.907004]  x86_64_start_kernel+0x84/0x87
[   68.911243]  secondary_startup_64+0xa4/0xb0
[   68.916095] 
[   68.917720] Uninit was created at:
[   68.921263]  kmsan_save_stack_with_flags+0x7a/0x130
[   68.926293]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[   68.932093]  kmsan_alloc_page+0x7e/0x100
[   68.936153]  __alloc_pages_nodemask+0x1587/0x5f20
[   68.940996]  page_frag_alloc+0x3c1/0x980
[   68.945060]  __netdev_alloc_skb+0x1f1/0xa50
[   68.949380]  send_hsr_supervision_frame+0x168/0x1510
[   68.954481]  hsr_announce+0x14c/0x3a0
[   68.958284]  call_timer_fn+0x285/0x600
[   68.962170]  __run_timers+0xdb4/0x11d0
[   68.966058]  run_timer_softirq+0x2e/0x50
[   68.970120]  __do_softirq+0x53f/0x93a
[   68.973933] ==================================================================
[   68.981282] Disabling lock debugging due to kernel taint
[   68.986842] Kernel panic - not syncing: panic_on_warn set ...
[   68.992729] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             4.20.0-rc7+ #16
[   69.000687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.010033] Call Trace:
[   69.012617]  <IRQ>
[   69.014776]  dump_stack+0x173/0x1d0
[   69.018419]  panic+0x3ce/0x961
[   69.021646]  kmsan_report+0x293/0x2a0
[   69.025471]  __msan_warning+0x82/0xf0
[   69.029297]  send_hsr_supervision_frame+0x1056/0x1510
[   69.034511]  hsr_announce+0x14c/0x3a0
[   69.038333]  call_timer_fn+0x285/0x600
[   69.042218]  ? hsr_dev_finalize+0xb90/0xb90
[   69.046556]  __run_timers+0xdb4/0x11d0
[   69.050443]  ? hsr_dev_finalize+0xb90/0xb90
[   69.054784]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   69.060244]  ? irqtime_account_irq+0xcf/0x2e0
[   69.064743]  ? timers_dead_cpu+0xa50/0xa50
[   69.068976]  run_timer_softirq+0x2e/0x50
[   69.073037]  __do_softirq+0x53f/0x93a
[   69.076871]  irq_exit+0x214/0x250
[   69.080326]  exiting_irq+0xe/0x10
[   69.083778]  smp_apic_timer_interrupt+0x48/0x70
[   69.088471]  apic_timer_interrupt+0x2e/0x40
[   69.092783]  </IRQ>
[   69.095033] RIP: 0010:default_idle+0x27e/0x4e0
[   69.099621] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[   69.118520] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   69.126237] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[   69.133509] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[   69.140788] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[   69.148058] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[   69.155325] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[   69.162606]  ? __cpuidle_text_start+0x8/0x8
[   69.166937]  ? default_idle+0x6e/0x4e0
[   69.170832]  ? __cpuidle_text_start+0x8/0x8
[   69.175262]  ? __cpuidle_text_start+0x8/0x8
[   69.179593]  arch_cpu_idle+0x26/0x30
[   69.183415]  do_idle+0x22d/0x800
[   69.186802]  cpu_startup_entry+0x45/0x50
[   69.190871]  rest_init+0x1c1/0x1f0
[   69.194506]  arch_call_rest_init+0x13/0x15
[   69.198749]  start_kernel+0x9d7/0xbb1
[   69.202570]  x86_64_start_reservations+0x19/0x2f
[   69.207413]  x86_64_start_kernel+0x84/0x87
[   69.211652]  secondary_startup_64+0xa4/0xb0
[   69.217092] Kernel Offset: disabled
[   69.220716] Rebooting in 86400 seconds..