[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 89.656980] audit: type=1800 audit(1546164029.703:25): pid=10645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 89.676134] audit: type=1800 audit(1546164029.713:26): pid=10645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 89.695516] audit: type=1800 audit(1546164029.723:27): pid=10645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. 2018/12/30 10:00:43 fuzzer started 2018/12/30 10:00:48 dialing manager at 10.128.0.26:41469 2018/12/30 10:00:48 syscalls: 1 2018/12/30 10:00:48 code coverage: enabled 2018/12/30 10:00:48 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 10:00:48 setuid sandbox: enabled 2018/12/30 10:00:48 namespace sandbox: enabled 2018/12/30 10:00:48 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 10:00:48 fault injection: enabled 2018/12/30 10:00:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 10:00:48 net packet injection: enabled 2018/12/30 10:00:48 net device setup: enabled 10:00:51 executing program 0: mkdir(&(0x7f0000001b40)='./file0\x00', 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x400042, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0) creat(&(0x7f0000f66ff4)='./file0/bus\x00', 0x0) open$dir(&(0x7f0000000040)='./file0/bus\x00', 0x0, 0x0) syzkaller login: [ 111.601602] IPVS: ftp: loaded support on port[0] = 21 [ 111.754710] chnl_net:caif_netlink_parms(): no params data found [ 111.825426] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.832016] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.840277] device bridge_slave_0 entered promiscuous mode [ 111.850101] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.856767] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.864948] device bridge_slave_1 entered promiscuous mode [ 111.897204] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 111.908235] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 111.938618] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 111.947231] team0: Port device team_slave_0 added [ 111.953585] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 111.962127] team0: Port device team_slave_1 added [ 111.968159] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.976535] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 112.166618] device hsr_slave_0 entered promiscuous mode [ 112.332672] device hsr_slave_1 entered promiscuous mode [ 112.513421] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 112.520973] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 112.550797] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.557398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.564659] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.571175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.661313] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 112.667462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.681623] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 112.696323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.707791] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.717188] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.728636] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 112.748056] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 112.754239] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.768187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 112.776615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 112.785464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.794840] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.801334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.817848] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 112.830757] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 112.839139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 112.848246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.856474] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.862981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.870570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 112.883980] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 112.892062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 112.906132] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 112.914087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 112.922908] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 112.935953] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 112.949030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 112.956151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 112.964995] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 112.979629] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 112.986865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 112.995283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 113.009709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 113.018274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 113.026823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 113.038626] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 113.044997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 113.071010] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 113.090411] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.162870] ================================================================== [ 113.170282] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 113.177837] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16 [ 113.184425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.193784] Call Trace: [ 113.196379] [ 113.198549] dump_stack+0x173/0x1d0 [ 113.202223] kmsan_report+0x12e/0x2a0 [ 113.206055] __msan_warning+0x82/0xf0 [ 113.209880] send_hsr_supervision_frame+0x1056/0x1510 [ 113.215117] hsr_announce+0x14c/0x3a0 [ 113.218947] call_timer_fn+0x285/0x600 [ 113.222846] ? hsr_dev_finalize+0xb90/0xb90 [ 113.227215] __run_timers+0xdb4/0x11d0 [ 113.231142] ? hsr_dev_finalize+0xb90/0xb90 [ 113.235504] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 113.240967] ? irqtime_account_irq+0xcf/0x2e0 [ 113.245500] ? timers_dead_cpu+0xa50/0xa50 [ 113.249941] run_timer_softirq+0x2e/0x50 [ 113.254019] __do_softirq+0x53f/0x93a [ 113.257871] irq_exit+0x214/0x250 [ 113.261341] exiting_irq+0xe/0x10 [ 113.264829] smp_apic_timer_interrupt+0x48/0x70 [ 113.269515] apic_timer_interrupt+0x2e/0x40 [ 113.273847] [ 113.276121] RIP: 0010:default_idle+0x27e/0x4e0 [ 113.280716] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 113.299636] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 113.307370] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 113.314662] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 113.321938] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 113.329212] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 113.336490] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 113.343784] ? __cpuidle_text_start+0x8/0x8 [ 113.348129] ? default_idle+0x6e/0x4e0 [ 113.352026] ? __cpuidle_text_start+0x8/0x8 [ 113.356355] ? __cpuidle_text_start+0x8/0x8 [ 113.360693] arch_cpu_idle+0x26/0x30 [ 113.364426] do_idle+0x22d/0x800 [ 113.367853] cpu_startup_entry+0x45/0x50 [ 113.371937] rest_init+0x1c1/0x1f0 [ 113.375504] arch_call_rest_init+0x13/0x15 [ 113.379752] start_kernel+0x9d7/0xbb1 [ 113.383581] x86_64_start_reservations+0x19/0x2f [ 113.388366] x86_64_start_kernel+0x84/0x87 [ 113.392616] secondary_startup_64+0xa4/0xb0 [ 113.396962] [ 113.398588] Uninit was created at: [ 113.402139] kmsan_save_stack_with_flags+0x7a/0x130 [ 113.407166] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 113.412965] kmsan_alloc_page+0x7e/0x100 [ 113.417030] __alloc_pages_nodemask+0x1587/0x5f20 [ 113.421878] page_frag_alloc+0x3c1/0x980 [ 113.425956] __netdev_alloc_skb+0x1f1/0xa50 [ 113.430298] send_hsr_supervision_frame+0x168/0x1510 [ 113.435442] hsr_announce+0x14c/0x3a0 [ 113.439271] call_timer_fn+0x285/0x600 [ 113.443188] __run_timers+0xdb4/0x11d0 [ 113.447109] run_timer_softirq+0x2e/0x50 [ 113.451199] __do_softirq+0x53f/0x93a [ 113.454994] ================================================================== [ 113.462348] Disabling lock debugging due to kernel taint [ 113.467795] Kernel panic - not syncing: panic_on_warn set ... [ 113.473689] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.20.0-rc7+ #16 [ 113.481673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.491029] Call Trace: [ 113.493620] [ 113.495784] dump_stack+0x173/0x1d0 [ 113.499435] panic+0x3ce/0x961 [ 113.502702] kmsan_report+0x293/0x2a0 [ 113.506543] __msan_warning+0x82/0xf0 [ 113.510371] send_hsr_supervision_frame+0x1056/0x1510 [ 113.515622] hsr_announce+0x14c/0x3a0 [ 113.519450] call_timer_fn+0x285/0x600 [ 113.523400] ? hsr_dev_finalize+0xb90/0xb90 [ 113.527761] __run_timers+0xdb4/0x11d0 [ 113.531669] ? hsr_dev_finalize+0xb90/0xb90 [ 113.536046] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 113.541513] ? irqtime_account_irq+0xcf/0x2e0 [ 113.546043] ? timers_dead_cpu+0xa50/0xa50 [ 113.550324] run_timer_softirq+0x2e/0x50 [ 113.554399] __do_softirq+0x53f/0x93a [ 113.558240] irq_exit+0x214/0x250 [ 113.561754] exiting_irq+0xe/0x10 [ 113.565223] smp_apic_timer_interrupt+0x48/0x70 [ 113.569954] apic_timer_interrupt+0x2e/0x40 [ 113.574304] [ 113.576557] RIP: 0010:default_idle+0x27e/0x4e0 [ 113.581153] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 113.600065] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 113.607798] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 113.615087] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 113.622407] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 113.629684] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 113.636980] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 113.644366] ? __cpuidle_text_start+0x8/0x8 [ 113.648726] ? default_idle+0x6e/0x4e0 [ 113.652624] ? __cpuidle_text_start+0x8/0x8 [ 113.656965] ? __cpuidle_text_start+0x8/0x8 [ 113.661322] arch_cpu_idle+0x26/0x30 [ 113.665044] do_idle+0x22d/0x800 [ 113.668453] cpu_startup_entry+0x45/0x50 [ 113.672578] rest_init+0x1c1/0x1f0 [ 113.676134] arch_call_rest_init+0x13/0x15 [ 113.680395] start_kernel+0x9d7/0xbb1 [ 113.684266] x86_64_start_reservations+0x19/0x2f [ 113.689043] x86_64_start_kernel+0x84/0x87 [ 113.693305] secondary_startup_64+0xa4/0xb0 [ 113.698682] Kernel Offset: disabled [ 113.702316] Rebooting in 86400 seconds..