[ 58.874232] audit: type=1800 audit(1546162041.886:28): pid=8910 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 59.948860] sshd (8974) used greatest stack depth: 54176 bytes left
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 60.279128] audit: type=1800 audit(1546162043.326:29): pid=8910 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[ 60.298882] audit: type=1800 audit(1546162043.326:30): pid=8910 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts.
2018/12/30 09:27:34 fuzzer started
2018/12/30 09:27:39 dialing manager at 10.128.0.26:41469
2018/12/30 09:27:39 syscalls: 1
2018/12/30 09:27:39 code coverage: enabled
2018/12/30 09:27:39 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 09:27:39 setuid sandbox: enabled
2018/12/30 09:27:39 namespace sandbox: enabled
2018/12/30 09:27:39 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 09:27:39 fault injection: enabled
2018/12/30 09:27:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 09:27:39 net packet injection: enabled
2018/12/30 09:27:39 net device setup: enabled
09:27:42 executing program 0:
r0 = socket$packet(0x11, 0x2, 0x300)
syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x0, 0x40)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg(r0, &(0x7f0000000140)=[{{&(0x7f0000000300)=@nfc={0x27, 0x1}, 0x81, &(0x7f0000000080), 0x0, &(0x7f0000000000)}}, {{&(0x7f0000000280)=@in6={0xa, 0x0, 0x4, @loopback}, 0x80, &(0x7f0000000080), 0x1, &(0x7f0000000000), 0x142}}], 0x2, 0x0)
syzkaller login: [ 79.526327] IPVS: ftp: loaded support on port[0] = 21
[ 79.641050] chnl_net:caif_netlink_parms(): no params data found
[ 79.696681] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.703207] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.711018] device bridge_slave_0 entered promiscuous mode
[ 79.719015] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.725529] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.733315] device bridge_slave_1 entered promiscuous mode
[ 79.759207] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 79.769650] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 79.795020] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 79.803180] team0: Port device team_slave_0 added
[ 79.809187] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 79.817233] team0: Port device team_slave_1 added
[ 79.823215] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 79.831176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 80.005727] device hsr_slave_0 entered promiscuous mode
[ 80.162142] device hsr_slave_1 entered promiscuous mode
[ 80.422601] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 80.429852] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 80.453941] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.460560] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.467585] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.474126] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.541033] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 80.547318] 8021q: adding VLAN 0 to HW filter on device bond0
[ 80.559124] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 80.570926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 80.581459] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.591202] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.601470] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 80.617603] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 80.623786] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.636592] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 80.644079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 80.652392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 80.660396] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.666868] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.680272] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 80.690880] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 80.699262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 80.707590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 80.715696] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.722164] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.730548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 80.744274] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 80.755339] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 80.766040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 80.777650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 80.788223] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 80.796046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 80.804802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 80.813392] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 80.821959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 80.830592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 80.839090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 80.847222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 80.855353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 80.863645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 80.873930] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 80.882874] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 80.888961] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 80.918000] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 80.941525] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.001724] ==================================================================
[ 81.009125] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[ 81.016663] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16
[ 81.023250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 81.032600] Call Trace:
[ 81.035179]
[ 81.037341] dump_stack+0x173/0x1d0
[ 81.040993] kmsan_report+0x12e/0x2a0
[ 81.044806] __msan_warning+0x82/0xf0
[ 81.048615] send_hsr_supervision_frame+0x1056/0x1510
[ 81.053826] hsr_announce+0x14c/0x3a0
[ 81.057653] call_timer_fn+0x285/0x600
[ 81.061544] ? hsr_dev_finalize+0xb90/0xb90
[ 81.065881] __run_timers+0xdb4/0x11d0
[ 81.069778] ? hsr_dev_finalize+0xb90/0xb90
[ 81.074115] ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 81.079581] ? irqtime_account_irq+0xcf/0x2e0
[ 81.084086] ? timers_dead_cpu+0xa50/0xa50
[ 81.088330] run_timer_softirq+0x2e/0x50
[ 81.092392] __do_softirq+0x53f/0x93a
[ 81.096216] irq_exit+0x214/0x250
[ 81.099772] exiting_irq+0xe/0x10
[ 81.103238] smp_apic_timer_interrupt+0x48/0x70
[ 81.107913] apic_timer_interrupt+0x2e/0x40
[ 81.112238]
[ 81.114477] RIP: 0010:default_idle+0x27e/0x4e0
[ 81.119059] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[ 81.137967] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 81.145681] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[ 81.152963] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[ 81.160230] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[ 81.167501] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[ 81.174774] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[ 81.182064] ? __cpuidle_text_start+0x8/0x8
[ 81.186397] ? default_idle+0x6e/0x4e0
[ 81.190287] ? __cpuidle_text_start+0x8/0x8
[ 81.194615] ? __cpuidle_text_start+0x8/0x8
[ 81.198953] arch_cpu_idle+0x26/0x30
[ 81.202668] do_idle+0x22d/0x800
[ 81.206046] cpu_startup_entry+0x45/0x50
[ 81.210111] rest_init+0x1c1/0x1f0
[ 81.213664] arch_call_rest_init+0x13/0x15
[ 81.217901] start_kernel+0x9d7/0xbb1
[ 81.221713] x86_64_start_reservations+0x19/0x2f
[ 81.226476] x86_64_start_kernel+0x84/0x87
[ 81.230713] secondary_startup_64+0xa4/0xb0
[ 81.235039]
[ 81.236658] Uninit was created at:
[ 81.240200] kmsan_save_stack_with_flags+0x7a/0x130
[ 81.245226] kmsan_internal_alloc_meta_for_pages+0x113/0x580
[ 81.251023] kmsan_alloc_page+0x7e/0x100
[ 81.255084] __alloc_pages_nodemask+0x1587/0x5f20
[ 81.259923] page_frag_alloc+0x3c1/0x980
[ 81.263991] __netdev_alloc_skb+0x1f1/0xa50
[ 81.268314] send_hsr_supervision_frame+0x168/0x1510
[ 81.273418] hsr_announce+0x14c/0x3a0
[ 81.277225] call_timer_fn+0x285/0x600
[ 81.281117] __run_timers+0xdb4/0x11d0
[ 81.285006] run_timer_softirq+0x2e/0x50
[ 81.289066] __do_softirq+0x53f/0x93a
[ 81.292856] ==================================================================
[ 81.300230] Disabling lock debugging due to kernel taint
[ 81.305674] Kernel panic - not syncing: panic_on_warn set ...
[ 81.311564] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.20.0-rc7+ #16
[ 81.319524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 81.328873] Call Trace:
[ 81.331454]
[ 81.333615] dump_stack+0x173/0x1d0
[ 81.337256] panic+0x3ce/0x961
[ 81.340480] kmsan_report+0x293/0x2a0
[ 81.344291] __msan_warning+0x82/0xf0
[ 81.348098] send_hsr_supervision_frame+0x1056/0x1510
[ 81.353314] hsr_announce+0x14c/0x3a0
[ 81.357126] call_timer_fn+0x285/0x600
[ 81.361019] ? hsr_dev_finalize+0xb90/0xb90
[ 81.365350] __run_timers+0xdb4/0x11d0
[ 81.369244] ? hsr_dev_finalize+0xb90/0xb90
[ 81.373585] ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 81.379040] ? irqtime_account_irq+0xcf/0x2e0
[ 81.383540] ? timers_dead_cpu+0xa50/0xa50
[ 81.387782] run_timer_softirq+0x2e/0x50
[ 81.391846] __do_softirq+0x53f/0x93a
[ 81.395662] irq_exit+0x214/0x250
[ 81.399122] exiting_irq+0xe/0x10
[ 81.402581] smp_apic_timer_interrupt+0x48/0x70
[ 81.407255] apic_timer_interrupt+0x2e/0x40
[ 81.411575]
[ 81.413822] RIP: 0010:default_idle+0x27e/0x4e0
[ 81.418409] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[ 81.437311] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 81.445024] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[ 81.452295] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[ 81.459566] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[ 81.466836] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[ 81.474109] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[ 81.481391] ? __cpuidle_text_start+0x8/0x8
[ 81.485724] ? default_idle+0x6e/0x4e0
[ 81.489799] ? __cpuidle_text_start+0x8/0x8
[ 81.494122] ? __cpuidle_text_start+0x8/0x8
[ 81.498448] arch_cpu_idle+0x26/0x30
[ 81.502165] do_idle+0x22d/0x800
[ 81.505544] cpu_startup_entry+0x45/0x50
[ 81.509611] rest_init+0x1c1/0x1f0
[ 81.513157] arch_call_rest_init+0x13/0x15
[ 81.517400] start_kernel+0x9d7/0xbb1
[ 81.521220] x86_64_start_reservations+0x19/0x2f
[ 81.525983] x86_64_start_kernel+0x84/0x87
[ 81.530230] secondary_startup_64+0xa4/0xb0
[ 81.535557] Kernel Offset: disabled
[ 81.539193] Rebooting in 86400 seconds..