[ 62.450287] audit: type=1800 audit(1546171690.458:27): pid=9180 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 62.469811] audit: type=1800 audit(1546171690.488:28): pid=9180 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.798251] audit: type=1800 audit(1546171691.848:29): pid=9180 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 63.817675] audit: type=1800 audit(1546171691.848:30): pid=9180 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. 2018/12/30 12:08:23 fuzzer started 2018/12/30 12:08:27 dialing manager at 10.128.0.26:38305 2018/12/30 12:08:27 syscalls: 1 2018/12/30 12:08:27 code coverage: enabled 2018/12/30 12:08:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 12:08:27 setuid sandbox: enabled 2018/12/30 12:08:27 namespace sandbox: enabled 2018/12/30 12:08:27 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 12:08:27 fault injection: enabled 2018/12/30 12:08:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 12:08:27 net packet injection: enabled 2018/12/30 12:08:27 net device setup: enabled 12:08:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000002c0)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)={[{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000008f00)={'bond0\x00\x00\x00\x00\xf9\x8b\x00'}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff0d) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syzkaller login: [ 82.815065] IPVS: ftp: loaded support on port[0] = 21 [ 82.935704] chnl_net:caif_netlink_parms(): no params data found [ 82.992979] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.999472] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.007452] device bridge_slave_0 entered promiscuous mode [ 83.015784] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.022513] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.030431] device bridge_slave_1 entered promiscuous mode [ 83.057682] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 83.068262] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 83.093184] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 83.101410] team0: Port device team_slave_0 added [ 83.107769] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 83.115996] team0: Port device team_slave_1 added [ 83.121819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 83.130245] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.306660] device hsr_slave_0 entered promiscuous mode [ 83.472700] device hsr_slave_1 entered promiscuous mode [ 83.693266] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 83.700662] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 83.725087] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.731682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.738832] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.745321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.813556] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 83.819691] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.832817] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 83.844654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.855546] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.864868] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.875966] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 83.891128] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 83.897394] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.911071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.919528] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.926060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.939392] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 83.950241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 83.958566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.967426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.975566] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.981996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.989445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.004007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 84.015151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 84.026223] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 84.036927] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 84.044857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.053781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.062732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.071010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.079582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.088035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.096295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.105853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.117229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 84.124311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.132353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.157200] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 84.166458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.189475] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 84.206091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.282288] ================================================================== [ 84.289708] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 84.297337] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16 [ 84.303926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.313272] Call Trace: [ 84.315882] [ 84.318041] dump_stack+0x173/0x1d0 [ 84.321683] kmsan_report+0x12e/0x2a0 [ 84.325493] __msan_warning+0x82/0xf0 [ 84.329306] send_hsr_supervision_frame+0x1056/0x1510 [ 84.334521] hsr_announce+0x14c/0x3a0 [ 84.338356] call_timer_fn+0x285/0x600 [ 84.342243] ? hsr_dev_finalize+0xb90/0xb90 [ 84.346593] __run_timers+0xdb4/0x11d0 [ 84.350487] ? hsr_dev_finalize+0xb90/0xb90 [ 84.354834] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 84.360765] ? irqtime_account_irq+0xcf/0x2e0 [ 84.365267] ? timers_dead_cpu+0xa50/0xa50 [ 84.369511] run_timer_softirq+0x2e/0x50 [ 84.373580] __do_softirq+0x53f/0x93a [ 84.377396] irq_exit+0x214/0x250 [ 84.380856] exiting_irq+0xe/0x10 [ 84.384314] smp_apic_timer_interrupt+0x48/0x70 [ 84.388985] apic_timer_interrupt+0x2e/0x40 [ 84.393304] [ 84.395546] RIP: 0010:default_idle+0x27e/0x4e0 [ 84.400134] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 84.419055] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 84.426764] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 84.434035] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 84.441303] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 84.448574] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 84.455845] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 84.463220] ? __cpuidle_text_start+0x8/0x8 [ 84.467558] ? __cpuidle_text_start+0x8/0x8 [ 84.471896] ? __cpuidle_text_start+0x8/0x8 [ 84.476227] arch_cpu_idle+0x26/0x30 [ 84.479945] do_idle+0x22d/0x800 [ 84.483323] cpu_startup_entry+0x45/0x50 [ 84.487383] ? setup_APIC_timer+0x200/0x200 [ 84.491712] start_secondary+0x4b2/0x5d0 [ 84.495784] secondary_startup_64+0xa4/0xb0 [ 84.500143] [ 84.501764] Uninit was created at: [ 84.505306] kmsan_save_stack_with_flags+0x7a/0x130 [ 84.510318] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 84.516114] kmsan_alloc_page+0x7e/0x100 [ 84.520284] __alloc_pages_nodemask+0x1587/0x5f20 [ 84.525124] page_frag_alloc+0x3c1/0x980 [ 84.529294] __netdev_alloc_skb+0x1f1/0xa50 [ 84.533641] send_hsr_supervision_frame+0x168/0x1510 [ 84.538740] hsr_announce+0x14c/0x3a0 [ 84.542546] call_timer_fn+0x285/0x600 [ 84.546430] __run_timers+0xdb4/0x11d0 [ 84.550323] run_timer_softirq+0x2e/0x50 [ 84.554386] __do_softirq+0x53f/0x93a [ 84.558350] ================================================================== [ 84.565787] Disabling lock debugging due to kernel taint [ 84.571232] Kernel panic - not syncing: panic_on_warn set ... [ 84.577128] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.20.0-rc7+ #16 [ 84.585092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.594456] Call Trace: [ 84.597038] [ 84.599195] dump_stack+0x173/0x1d0 [ 84.602841] panic+0x3ce/0x961 [ 84.606058] kmsan_report+0x293/0x2a0 [ 84.609872] __msan_warning+0x82/0xf0 [ 84.613679] send_hsr_supervision_frame+0x1056/0x1510 [ 84.618893] hsr_announce+0x14c/0x3a0 [ 84.622710] call_timer_fn+0x285/0x600 [ 84.626596] ? hsr_dev_finalize+0xb90/0xb90 [ 84.630925] __run_timers+0xdb4/0x11d0 [ 84.634826] ? hsr_dev_finalize+0xb90/0xb90 [ 84.639185] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 84.644639] ? irqtime_account_irq+0xcf/0x2e0 [ 84.649158] ? timers_dead_cpu+0xa50/0xa50 [ 84.653399] run_timer_softirq+0x2e/0x50 [ 84.657464] __do_softirq+0x53f/0x93a [ 84.661278] irq_exit+0x214/0x250 [ 84.664738] exiting_irq+0xe/0x10 [ 84.668197] smp_apic_timer_interrupt+0x48/0x70 [ 84.672869] apic_timer_interrupt+0x2e/0x40 [ 84.677186] [ 84.679426] RIP: 0010:default_idle+0x27e/0x4e0 [ 84.684011] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 84.702912] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 84.710622] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 84.717992] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 84.725271] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 84.732540] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 84.739815] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 84.747124] ? __cpuidle_text_start+0x8/0x8 [ 84.751462] ? __cpuidle_text_start+0x8/0x8 [ 84.755782] ? __cpuidle_text_start+0x8/0x8 [ 84.760117] arch_cpu_idle+0x26/0x30 [ 84.763838] do_idle+0x22d/0x800 [ 84.767210] cpu_startup_entry+0x45/0x50 [ 84.771276] ? setup_APIC_timer+0x200/0x200 [ 84.775606] start_secondary+0x4b2/0x5d0 [ 84.779677] secondary_startup_64+0xa4/0xb0 [ 84.785235] Kernel Offset: disabled [ 84.788861] Rebooting in 86400 seconds..