[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 92.578617] audit: type=1800 audit(1546176080.626:25): pid=11123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 92.597785] audit: type=1800 audit(1546176080.626:26): pid=11123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 92.617196] audit: type=1800 audit(1546176080.646:27): pid=11123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. 2018/12/30 13:21:35 fuzzer started 2018/12/30 13:21:40 dialing manager at 10.128.0.26:38305 2018/12/30 13:21:40 syscalls: 1 2018/12/30 13:21:40 code coverage: enabled 2018/12/30 13:21:40 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 13:21:40 setuid sandbox: enabled 2018/12/30 13:21:40 namespace sandbox: enabled 2018/12/30 13:21:40 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 13:21:40 fault injection: enabled 2018/12/30 13:21:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 13:21:40 net packet injection: enabled 2018/12/30 13:21:40 net device setup: enabled 13:21:43 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='oom_score_adj\x00\x9f\xc5r\x0e8J\xdb@\xf8\xbfj1\xe8\xce\x88\x02^\xb2\xf4hTR2\xf1\x89\x1e~m\x19\xc9lG^l\x13c7\xf7$\x7f?9>b\xe8/<\xdbj>:\xd9\x10\x04r\x18\x15\xdc)\x10I<\xd0:\x0f\x18\xec\x00\xc2w\x8a0C\xf8\xa9\xeaa\x16\x8c\xe6C\xf5\xcb\xdc\x1c\xea`\x9c\xe1\x8e\xdd\x8e\xaa\x1f\xf4\xaf\xa3Z\xbf\x17M\x1a\xff\xb1\x8dP]<\x9e\xe1B[y\xe6\xae\xe9I\xdb)\x9b\xcb\xa3Wlt\xe9\xa9\xfc\xf8\xde\xf0]\n\xa5S\x16\x1dh\x88\xc5\xea\xcf\xca5\xd2.\x93\xfd\t\x90#hq\r\x9b;\x83\xdd\x0fs\x80\x12\xc6\x8e~\xd4\xef\xc7:\xee4cu\xb2\x03\xd5\xd5)\xc9\xf1/\xea\x95_\'\xfb\xb9\xa94\xca\x9e\xf3\xfb\xc9\xd6~\xd5\xb7}B\xe5.\x86\xbf\xbb#\xb9\xf7N\xb3\xfe?x\xccX^\x16bz\"\x8a\xa45\x10t\xbb\xb7\xca\xa7\xcc\xde_\xdc\xab\xf2\xb8\xc7\xb3\xd3&$\xbb4\x81\t\xbb\xe3\xbfB(ln\xbc\xe9E<6$\x8f)\xb0\x1a\xc9\xe3\x18\xa6\xd9zk\x94Z\xed\x96\xad\xe2\\\xcb,!\x13\rv)r\xf1\x00E\xcccgr\xbf\xd4uB\x9f\xa5\x8c8\xe4D\x0f\xd3Vtd\x89\xc8V\x14\x17=\xd9\xcf*\xc8\xc7\xb7\xcc\x182/Jm\x8c5\x93\x14\xfd\x02\'\xe3\xc9\x12~\xc3\x10\xb7\xc7\xae\xcfA\x823|\xfd\xba2\xbd\xc6-\xe0E_x\xc7i\x8dV\xd9\\_l\xfb\xd8xX.N\x9bd\x91\xd5\xc1\xa1\xbahL\x95wF\x13{\xfd\xc8T\x1f\xe1)h\a\xe8Wn]\xe4') lseek(r1, 0x0, 0x0) syzkaller login: [ 116.261672] IPVS: ftp: loaded support on port[0] = 21 [ 116.414853] chnl_net:caif_netlink_parms(): no params data found [ 116.488578] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.495187] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.503718] device bridge_slave_0 entered promiscuous mode [ 116.512922] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.519421] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.527758] device bridge_slave_1 entered promiscuous mode [ 116.560711] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 116.572061] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 116.601759] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 116.610460] team0: Port device team_slave_0 added [ 116.616882] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 116.625701] team0: Port device team_slave_1 added [ 116.631798] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 116.640394] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 116.716604] device hsr_slave_0 entered promiscuous mode [ 116.962565] device hsr_slave_1 entered promiscuous mode [ 117.103286] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 117.110821] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 117.140781] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.147387] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.154604] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.161141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.249094] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 117.255344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.268179] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 117.280521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 117.291058] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.300289] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.311415] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 117.329529] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 117.335699] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.350547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 117.359272] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.365845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.405733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 117.414673] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.421164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.430706] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 117.443381] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 117.456647] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 117.463721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 117.472725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 117.490235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 117.497338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 117.505773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 117.522515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 117.529456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 117.537968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 117.553422] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 117.559487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 117.587122] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 117.609000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.672062] ================================================================== [ 117.679501] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 117.687056] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16 [ 117.693641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.703005] Call Trace: [ 117.705605] [ 117.707786] dump_stack+0x173/0x1d0 [ 117.711447] kmsan_report+0x12e/0x2a0 [ 117.715308] __msan_warning+0x82/0xf0 [ 117.719139] send_hsr_supervision_frame+0x1056/0x1510 [ 117.724392] hsr_announce+0x14c/0x3a0 [ 117.728238] call_timer_fn+0x285/0x600 [ 117.732145] ? hsr_dev_finalize+0xb90/0xb90 [ 117.736498] __run_timers+0xdb4/0x11d0 [ 117.740410] ? hsr_dev_finalize+0xb90/0xb90 [ 117.744779] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 117.750257] ? irqtime_account_irq+0xcf/0x2e0 [ 117.754785] ? timers_dead_cpu+0xa50/0xa50 [ 117.759041] run_timer_softirq+0x2e/0x50 [ 117.763126] __do_softirq+0x53f/0x93a [ 117.766984] irq_exit+0x214/0x250 [ 117.770458] exiting_irq+0xe/0x10 [ 117.773943] smp_apic_timer_interrupt+0x48/0x70 [ 117.778630] apic_timer_interrupt+0x2e/0x40 [ 117.782955] [ 117.785219] RIP: 0010:default_idle+0x27e/0x4e0 [ 117.789835] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 117.808757] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 117.816484] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 117.823766] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 117.831047] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 117.838327] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 117.845605] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 117.852939] ? __cpuidle_text_start+0x8/0x8 [ 117.857306] ? __cpuidle_text_start+0x8/0x8 [ 117.861646] ? __cpuidle_text_start+0x8/0x8 [ 117.866024] arch_cpu_idle+0x26/0x30 [ 117.869776] do_idle+0x22d/0x800 [ 117.873177] cpu_startup_entry+0x45/0x50 [ 117.877263] ? setup_APIC_timer+0x200/0x200 [ 117.881609] start_secondary+0x4b2/0x5d0 [ 117.885704] secondary_startup_64+0xa4/0xb0 [ 117.890054] [ 117.891681] Uninit was created at: [ 117.895244] kmsan_save_stack_with_flags+0x7a/0x130 [ 117.900279] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 117.906093] kmsan_alloc_page+0x7e/0x100 [ 117.910163] __alloc_pages_nodemask+0x1587/0x5f20 [ 117.915016] page_frag_alloc+0x3c1/0x980 [ 117.919096] __netdev_alloc_skb+0x1f1/0xa50 [ 117.923431] send_hsr_supervision_frame+0x168/0x1510 [ 117.928551] hsr_announce+0x14c/0x3a0 [ 117.932366] call_timer_fn+0x285/0x600 [ 117.936267] __run_timers+0xdb4/0x11d0 [ 117.940167] run_timer_softirq+0x2e/0x50 [ 117.944246] __do_softirq+0x53f/0x93a [ 117.948052] ================================================================== [ 117.955415] Disabling lock debugging due to kernel taint [ 117.960867] Kernel panic - not syncing: panic_on_warn set ... [ 117.966769] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.20.0-rc7+ #16 [ 117.974746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.984110] Call Trace: [ 117.986708] [ 117.988891] dump_stack+0x173/0x1d0 [ 117.992556] panic+0x3ce/0x961 [ 117.995818] kmsan_report+0x293/0x2a0 [ 117.999652] __msan_warning+0x82/0xf0 [ 118.003481] send_hsr_supervision_frame+0x1056/0x1510 [ 118.008744] hsr_announce+0x14c/0x3a0 [ 118.012589] call_timer_fn+0x285/0x600 [ 118.016493] ? hsr_dev_finalize+0xb90/0xb90 [ 118.020848] __run_timers+0xdb4/0x11d0 [ 118.024762] ? hsr_dev_finalize+0xb90/0xb90 [ 118.029136] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 118.034600] ? irqtime_account_irq+0xcf/0x2e0 [ 118.039132] ? timers_dead_cpu+0xa50/0xa50 [ 118.043387] run_timer_softirq+0x2e/0x50 [ 118.047468] __do_softirq+0x53f/0x93a [ 118.051312] irq_exit+0x214/0x250 [ 118.054790] exiting_irq+0xe/0x10 [ 118.058289] smp_apic_timer_interrupt+0x48/0x70 [ 118.062981] apic_timer_interrupt+0x2e/0x40 [ 118.067311] [ 118.069576] RIP: 0010:default_idle+0x27e/0x4e0 [ 118.074172] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 118.093094] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 118.100817] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 118.108097] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 118.115387] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 118.122676] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 118.129978] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 118.137288] ? __cpuidle_text_start+0x8/0x8 [ 118.141655] ? __cpuidle_text_start+0x8/0x8 [ 118.145997] ? __cpuidle_text_start+0x8/0x8 [ 118.150341] arch_cpu_idle+0x26/0x30 [ 118.154079] do_idle+0x22d/0x800 [ 118.157482] cpu_startup_entry+0x45/0x50 [ 118.161562] ? setup_APIC_timer+0x200/0x200 [ 118.165909] start_secondary+0x4b2/0x5d0 [ 118.170004] secondary_startup_64+0xa4/0xb0 [ 118.175417] Kernel Offset: disabled [ 118.179050] Rebooting in 86400 seconds..