[   61.230668] audit: type=1800 audit(1546174115.275:25): pid=9300 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   61.249935] audit: type=1800 audit(1546174115.275:26): pid=9300 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   61.269285] audit: type=1800 audit(1546174115.275:27): pid=9300 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   62.081332] sshd (9364) used greatest stack depth: 53584 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts.
2018/12/30 12:48:48 fuzzer started
2018/12/30 12:48:52 dialing manager at 10.128.0.26:38305
2018/12/30 12:48:52 syscalls: 1
2018/12/30 12:48:52 code coverage: enabled
2018/12/30 12:48:52 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 12:48:52 setuid sandbox: enabled
2018/12/30 12:48:52 namespace sandbox: enabled
2018/12/30 12:48:52 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 12:48:52 fault injection: enabled
2018/12/30 12:48:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 12:48:52 net packet injection: enabled
2018/12/30 12:48:52 net device setup: enabled
12:48:55 executing program 0:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
mount(&(0x7f0000000400)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f00000013c0)='ramfs\x00', 0x0, &(0x7f000000a000))
chroot(&(0x7f0000000280)='./file0\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mount(&(0x7f0000000200)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x201000, &(0x7f00000002c0))
unshare(0x28020400)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00')

syzkaller login: [   81.890372] IPVS: ftp: loaded support on port[0] = 21
[   82.006984] chnl_net:caif_netlink_parms(): no params data found
[   82.064665] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.071260] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.079421] device bridge_slave_0 entered promiscuous mode
[   82.089008] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.095526] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.103492] device bridge_slave_1 entered promiscuous mode
[   82.130229] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   82.140570] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   82.165828] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   82.174013] team0: Port device team_slave_0 added
[   82.180414] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   82.188557] team0: Port device team_slave_1 added
[   82.194654] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   82.202932] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   82.355956] device hsr_slave_0 entered promiscuous mode
[   82.512804] device hsr_slave_1 entered promiscuous mode
[   82.773307] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   82.780697] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   82.804507] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.811014] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.818079] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.824696] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.894167] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   82.900296] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.913815] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   82.926931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   82.937405] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.946853] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.956390] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   82.973281] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   82.979385] 8021q: adding VLAN 0 to HW filter on device team0
[   82.994516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   83.002986] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.009418] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.022347] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   83.033187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   83.045267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   83.058293] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   83.065736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   83.074179] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   83.082202] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.088635] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.096092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   83.104779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   83.113539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   83.122067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   83.136201] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   83.145790] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   83.152937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   83.161415] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   83.174105] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   83.182641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   83.190904] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   83.202393] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   83.211538] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   83.223270] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   83.229325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   83.237685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   83.245851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   83.268368] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   83.286095] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.341784] ==================================================================
[   83.349209] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[   83.356749] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16
[   83.363333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.372682] Call Trace:
[   83.375264]  <IRQ>
[   83.377424]  dump_stack+0x173/0x1d0
[   83.381066]  kmsan_report+0x12e/0x2a0
[   83.384879]  __msan_warning+0x82/0xf0
[   83.388701]  send_hsr_supervision_frame+0x1056/0x1510
[   83.393928]  hsr_announce+0x14c/0x3a0
[   83.397743]  call_timer_fn+0x285/0x600
[   83.401639]  ? hsr_dev_finalize+0xb90/0xb90
[   83.405983]  __run_timers+0xdb4/0x11d0
[   83.409879]  ? hsr_dev_finalize+0xb90/0xb90
[   83.414229]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   83.419678]  ? irqtime_account_irq+0xcf/0x2e0
[   83.424183]  ? timers_dead_cpu+0xa50/0xa50
[   83.428421]  run_timer_softirq+0x2e/0x50
[   83.432490]  __do_softirq+0x53f/0x93a
[   83.436308]  irq_exit+0x214/0x250
[   83.439768]  exiting_irq+0xe/0x10
[   83.443223]  smp_apic_timer_interrupt+0x48/0x70
[   83.447904]  apic_timer_interrupt+0x2e/0x40
[   83.452222]  </IRQ>
[   83.454468] RIP: 0010:default_idle+0x27e/0x4e0
[   83.459050] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[   83.478129] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   83.485839] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[   83.493111] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[   83.500382] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[   83.507660] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[   83.514929] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[   83.522215]  ? __cpuidle_text_start+0x8/0x8
[   83.526548]  ? default_idle+0x6e/0x4e0
[   83.530441]  ? __cpuidle_text_start+0x8/0x8
[   83.534765]  ? __cpuidle_text_start+0x8/0x8
[   83.539095]  arch_cpu_idle+0x26/0x30
[   83.542815]  do_idle+0x22d/0x800
[   83.546191]  cpu_startup_entry+0x45/0x50
[   83.550260]  rest_init+0x1c1/0x1f0
[   83.553808]  arch_call_rest_init+0x13/0x15
[   83.558048]  start_kernel+0x9d7/0xbb1
[   83.561864]  x86_64_start_reservations+0x19/0x2f
[   83.566630]  x86_64_start_kernel+0x84/0x87
[   83.570871]  secondary_startup_64+0xa4/0xb0
[   83.575204] 
[   83.576827] Uninit was created at:
[   83.580489]  kmsan_save_stack_with_flags+0x7a/0x130
[   83.585509]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[   83.591304]  kmsan_alloc_page+0x7e/0x100
[   83.595365]  __alloc_pages_nodemask+0x1587/0x5f20
[   83.600205]  page_frag_alloc+0x3c1/0x980
[   83.604269]  __netdev_alloc_skb+0x1f1/0xa50
[   83.608594]  send_hsr_supervision_frame+0x168/0x1510
[   83.613710]  hsr_announce+0x14c/0x3a0
[   83.617516]  call_timer_fn+0x285/0x600
[   83.621519]  __run_timers+0xdb4/0x11d0
[   83.625406]  run_timer_softirq+0x2e/0x50
[   83.629553]  __do_softirq+0x53f/0x93a
[   83.633351] ==================================================================
[   83.640702] Disabling lock debugging due to kernel taint
[   83.646145] Kernel panic - not syncing: panic_on_warn set ...
[   83.652038] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             4.20.0-rc7+ #16
[   83.660001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.669352] Call Trace:
[   83.671935]  <IRQ>
[   83.674094]  dump_stack+0x173/0x1d0
[   83.677742]  panic+0x3ce/0x961
[   83.680968]  kmsan_report+0x293/0x2a0
[   83.684780]  __msan_warning+0x82/0xf0
[   83.688592]  send_hsr_supervision_frame+0x1056/0x1510
[   83.693809]  hsr_announce+0x14c/0x3a0
[   83.697624]  call_timer_fn+0x285/0x600
[   83.701514]  ? hsr_dev_finalize+0xb90/0xb90
[   83.705844]  __run_timers+0xdb4/0x11d0
[   83.709733]  ? hsr_dev_finalize+0xb90/0xb90
[   83.714083]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   83.719534]  ? irqtime_account_irq+0xcf/0x2e0
[   83.724056]  ? timers_dead_cpu+0xa50/0xa50
[   83.728295]  run_timer_softirq+0x2e/0x50
[   83.732357]  __do_softirq+0x53f/0x93a
[   83.736172]  irq_exit+0x214/0x250
[   83.739631]  exiting_irq+0xe/0x10
[   83.743088]  smp_apic_timer_interrupt+0x48/0x70
[   83.747757]  apic_timer_interrupt+0x2e/0x40
[   83.752075]  </IRQ>
[   83.754315] RIP: 0010:default_idle+0x27e/0x4e0
[   83.758904] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[   83.777804] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   83.785516] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[   83.792787] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[   83.800054] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[   83.807323] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[   83.814678] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[   83.821961]  ? __cpuidle_text_start+0x8/0x8
[   83.826297]  ? default_idle+0x6e/0x4e0
[   83.830188]  ? __cpuidle_text_start+0x8/0x8
[   83.834513]  ? __cpuidle_text_start+0x8/0x8
[   83.838841]  arch_cpu_idle+0x26/0x30
[   83.842559]  do_idle+0x22d/0x800
[   83.845961]  cpu_startup_entry+0x45/0x50
[   83.850032]  rest_init+0x1c1/0x1f0
[   83.853583]  arch_call_rest_init+0x13/0x15
[   83.857819]  start_kernel+0x9d7/0xbb1
[   83.861634]  x86_64_start_reservations+0x19/0x2f
[   83.866393]  x86_64_start_kernel+0x84/0x87
[   83.870628]  secondary_startup_64+0xa4/0xb0
[   83.876105] Kernel Offset: disabled
[   83.879735] Rebooting in 86400 seconds..