[ 91.883204] audit: type=1800 audit(1546169365.947:25): pid=11084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 91.902421] audit: type=1800 audit(1546169365.957:26): pid=11084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 91.921881] audit: type=1800 audit(1546169365.967:27): pid=11084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 93.105149] sshd (11149) used greatest stack depth: 54176 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. 2018/12/30 11:29:38 fuzzer started 2018/12/30 11:29:43 dialing manager at 10.128.0.26:41469 2018/12/30 11:29:43 syscalls: 1 2018/12/30 11:29:43 code coverage: enabled 2018/12/30 11:29:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 11:29:43 setuid sandbox: enabled 2018/12/30 11:29:43 namespace sandbox: enabled 2018/12/30 11:29:43 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 11:29:43 fault injection: enabled 2018/12/30 11:29:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 11:29:43 net packet injection: enabled 2018/12/30 11:29:43 net device setup: enabled 11:29:46 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x4d) sendmmsg(r0, &(0x7f0000001e80)=[{{&(0x7f0000000100)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000024000000a6000000"], 0x14}}], 0x1, 0x0) syzkaller login: [ 112.812163] IPVS: ftp: loaded support on port[0] = 21 [ 112.963600] chnl_net:caif_netlink_parms(): no params data found [ 113.032215] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.038764] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.047170] device bridge_slave_0 entered promiscuous mode [ 113.056035] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.062660] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.070824] device bridge_slave_1 entered promiscuous mode [ 113.104215] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 113.116138] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 113.146485] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 113.155358] team0: Port device team_slave_0 added [ 113.161849] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 113.170407] team0: Port device team_slave_1 added [ 113.176885] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 113.185270] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 113.366537] device hsr_slave_0 entered promiscuous mode [ 113.532696] device hsr_slave_1 entered promiscuous mode [ 113.793512] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 113.801157] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 113.832037] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.838595] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.845864] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.852449] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.945226] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 113.951395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.968169] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 113.982347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 113.993389] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.004610] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.018772] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 114.036375] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 114.042629] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.057950] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 114.065688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 114.075701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 114.083983] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.090479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.103884] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 114.111123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 114.119439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 114.127722] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.134451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.149282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 114.161783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 114.174125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 114.182842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 114.192220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 114.201331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 114.210267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 114.220704] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 114.232489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 114.239529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 114.248688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 114.263993] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 114.276487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 114.284472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 114.292835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 114.301138] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 114.309691] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 114.324690] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 114.330872] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 114.355354] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 114.379766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.441818] ================================================================== [ 114.449263] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 114.456815] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16 [ 114.463402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.472768] Call Trace: [ 114.475382] [ 114.477611] dump_stack+0x173/0x1d0 [ 114.481273] kmsan_report+0x12e/0x2a0 [ 114.485106] __msan_warning+0x82/0xf0 [ 114.488981] send_hsr_supervision_frame+0x1056/0x1510 [ 114.494273] hsr_announce+0x14c/0x3a0 [ 114.498118] call_timer_fn+0x285/0x600 [ 114.502025] ? hsr_dev_finalize+0xb90/0xb90 [ 114.506378] __run_timers+0xdb4/0x11d0 [ 114.510285] ? hsr_dev_finalize+0xb90/0xb90 [ 114.514652] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 114.520125] ? irqtime_account_irq+0xcf/0x2e0 [ 114.524642] ? timers_dead_cpu+0xa50/0xa50 [ 114.528898] run_timer_softirq+0x2e/0x50 [ 114.532989] __do_softirq+0x53f/0x93a [ 114.536844] irq_exit+0x214/0x250 [ 114.540329] exiting_irq+0xe/0x10 [ 114.543812] smp_apic_timer_interrupt+0x48/0x70 [ 114.548508] apic_timer_interrupt+0x2e/0x40 [ 114.552843] [ 114.555151] RIP: 0010:default_idle+0x27e/0x4e0 [ 114.559760] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 114.578676] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 114.586426] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 114.593712] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 114.601003] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 114.608286] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 114.615569] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 114.622912] ? __cpuidle_text_start+0x8/0x8 [ 114.627298] ? __cpuidle_text_start+0x8/0x8 [ 114.631637] ? __cpuidle_text_start+0x8/0x8 [ 114.635987] arch_cpu_idle+0x26/0x30 [ 114.639745] do_idle+0x22d/0x800 [ 114.643147] cpu_startup_entry+0x45/0x50 [ 114.647226] ? setup_APIC_timer+0x200/0x200 [ 114.651575] start_secondary+0x4b2/0x5d0 [ 114.655698] secondary_startup_64+0xa4/0xb0 [ 114.660047] [ 114.661683] Uninit was created at: [ 114.665301] kmsan_save_stack_with_flags+0x7a/0x130 [ 114.670329] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 114.676140] kmsan_alloc_page+0x7e/0x100 [ 114.680235] __alloc_pages_nodemask+0x1587/0x5f20 [ 114.685091] page_frag_alloc+0x3c1/0x980 [ 114.689172] __netdev_alloc_skb+0x1f1/0xa50 [ 114.693541] send_hsr_supervision_frame+0x168/0x1510 [ 114.698658] hsr_announce+0x14c/0x3a0 [ 114.702476] call_timer_fn+0x285/0x600 [ 114.706377] __run_timers+0xdb4/0x11d0 [ 114.710282] run_timer_softirq+0x2e/0x50 [ 114.714364] __do_softirq+0x53f/0x93a [ 114.718167] ================================================================== [ 114.725531] Disabling lock debugging due to kernel taint [ 114.730991] Kernel panic - not syncing: panic_on_warn set ... [ 114.736897] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.20.0-rc7+ #16 [ 114.744882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.754270] Call Trace: [ 114.756878] [ 114.759056] dump_stack+0x173/0x1d0 [ 114.762729] panic+0x3ce/0x961 [ 114.766005] kmsan_report+0x293/0x2a0 [ 114.769837] __msan_warning+0x82/0xf0 [ 114.773696] send_hsr_supervision_frame+0x1056/0x1510 [ 114.778969] hsr_announce+0x14c/0x3a0 [ 114.782807] call_timer_fn+0x285/0x600 [ 114.786720] ? hsr_dev_finalize+0xb90/0xb90 [ 114.791082] __run_timers+0xdb4/0x11d0 [ 114.794989] ? hsr_dev_finalize+0xb90/0xb90 [ 114.799355] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 114.804820] ? irqtime_account_irq+0xcf/0x2e0 [ 114.809344] ? timers_dead_cpu+0xa50/0xa50 [ 114.813607] run_timer_softirq+0x2e/0x50 [ 114.817690] __do_softirq+0x53f/0x93a [ 114.821544] irq_exit+0x214/0x250 [ 114.825037] exiting_irq+0xe/0x10 [ 114.828511] smp_apic_timer_interrupt+0x48/0x70 [ 114.833202] apic_timer_interrupt+0x2e/0x40 [ 114.837533] [ 114.839792] RIP: 0010:default_idle+0x27e/0x4e0 [ 114.844420] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 114.863339] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 114.871066] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 114.878357] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 114.885643] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 114.892936] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 114.900218] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 114.907521] ? __cpuidle_text_start+0x8/0x8 [ 114.911881] ? __cpuidle_text_start+0x8/0x8 [ 114.916224] ? __cpuidle_text_start+0x8/0x8 [ 114.920575] arch_cpu_idle+0x26/0x30 [ 114.924307] do_idle+0x22d/0x800 [ 114.927712] cpu_startup_entry+0x45/0x50 [ 114.931800] ? setup_APIC_timer+0x200/0x200 [ 114.936144] start_secondary+0x4b2/0x5d0 [ 114.940240] secondary_startup_64+0xa4/0xb0 [ 114.945546] Kernel Offset: disabled [ 114.949180] Rebooting in 86400 seconds..