[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   87.591555] audit: type=1800 audit(1546173657.632:25): pid=10316 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   87.610732] audit: type=1800 audit(1546173657.632:26): pid=10316 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   87.630152] audit: type=1800 audit(1546173657.662:27): pid=10316 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts.
2018/12/30 12:41:10 fuzzer started
2018/12/30 12:41:15 dialing manager at 10.128.0.26:38305
2018/12/30 12:41:15 syscalls: 1
2018/12/30 12:41:15 code coverage: enabled
2018/12/30 12:41:15 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 12:41:15 setuid sandbox: enabled
2018/12/30 12:41:15 namespace sandbox: enabled
2018/12/30 12:41:15 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 12:41:15 fault injection: enabled
2018/12/30 12:41:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 12:41:15 net packet injection: enabled
2018/12/30 12:41:15 net device setup: enabled
12:41:18 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r1, 0x0, 0x13, &(0x7f0000000180)=0x800, 0x4)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @rand_addr=0xfffffffffffff001}, 0x10)

syzkaller login: [  109.075357] IPVS: ftp: loaded support on port[0] = 21
[  109.228099] chnl_net:caif_netlink_parms(): no params data found
[  109.297744] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.304366] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.312875] device bridge_slave_0 entered promiscuous mode
[  109.321792] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.328454] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.336769] device bridge_slave_1 entered promiscuous mode
[  109.369635] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  109.381150] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  109.412242] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  109.421103] team0: Port device team_slave_0 added
[  109.428207] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  109.436864] team0: Port device team_slave_1 added
[  109.443109] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  109.451888] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  109.637433] device hsr_slave_0 entered promiscuous mode
[  109.793074] device hsr_slave_1 entered promiscuous mode
[  110.044179] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  110.051716] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  110.081618] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.088261] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.095527] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.102070] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.192636] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  110.198791] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.214810] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  110.229327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.252700] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.260834] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.274822] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  110.291843] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  110.298082] 8021q: adding VLAN 0 to HW filter on device team0
[  110.313199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  110.320682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  110.329413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  110.337677] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.344218] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.359808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  110.367406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  110.376178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  110.385811] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.392347] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.408778] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  110.421153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  110.429035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  110.438336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  110.454420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  110.467609] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  110.474947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  110.484027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  110.492808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  110.501656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  110.517608] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  110.529843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  110.540196] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  110.549993] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  110.562902] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  110.570162] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  110.578675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  110.587196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  110.596009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  110.604563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  110.614939] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  110.642871] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  110.671745] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.703353] ==================================================================
[  110.710780] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[  110.718334] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16
[  110.724916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  110.734281] Call Trace:
[  110.736877]  <IRQ>
[  110.739053]  dump_stack+0x173/0x1d0
[  110.742717]  kmsan_report+0x12e/0x2a0
[  110.746553]  __msan_warning+0x82/0xf0
[  110.750383]  send_hsr_supervision_frame+0x1056/0x1510
[  110.755634]  hsr_announce+0x14c/0x3a0
[  110.759479]  call_timer_fn+0x285/0x600
[  110.763387]  ? hsr_dev_finalize+0xb90/0xb90
[  110.767743]  __run_timers+0xdb4/0x11d0
[  110.771650]  ? hsr_dev_finalize+0xb90/0xb90
[  110.776019]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  110.781495]  ? irqtime_account_irq+0xcf/0x2e0
[  110.786015]  ? timers_dead_cpu+0xa50/0xa50
[  110.790282]  run_timer_softirq+0x2e/0x50
[  110.794364]  __do_softirq+0x53f/0x93a
[  110.798205]  irq_exit+0x214/0x250
[  110.801682]  exiting_irq+0xe/0x10
[  110.805153]  smp_apic_timer_interrupt+0x48/0x70
[  110.809840]  apic_timer_interrupt+0x2e/0x40
[  110.814170]  </IRQ>
[  110.816430] RIP: 0010:default_idle+0x27e/0x4e0
[  110.821037] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[  110.839960] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  110.847686] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[  110.854969] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[  110.862249] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[  110.869533] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[  110.876811] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[  110.884117]  ? __cpuidle_text_start+0x8/0x8
[  110.888489]  ? default_idle+0x6e/0x4e0
[  110.892400]  ? __cpuidle_text_start+0x8/0x8
[  110.896746]  ? __cpuidle_text_start+0x8/0x8
[  110.901090]  arch_cpu_idle+0x26/0x30
[  110.904819]  do_idle+0x22d/0x800
[  110.908217]  cpu_startup_entry+0x45/0x50
[  110.912298]  rest_init+0x1c1/0x1f0
[  110.915865]  arch_call_rest_init+0x13/0x15
[  110.920121]  start_kernel+0x9d7/0xbb1
[  110.923955]  x86_64_start_reservations+0x19/0x2f
[  110.928732]  x86_64_start_kernel+0x84/0x87
[  110.932985]  secondary_startup_64+0xa4/0xb0
[  110.937421] 
[  110.939052] Uninit was created at:
[  110.942609]  kmsan_save_stack_with_flags+0x7a/0x130
[  110.947643]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[  110.953448]  kmsan_alloc_page+0x7e/0x100
[  110.957530]  __alloc_pages_nodemask+0x1587/0x5f20
[  110.962386]  page_frag_alloc+0x3c1/0x980
[  110.966460]  __netdev_alloc_skb+0x1f1/0xa50
[  110.970806]  send_hsr_supervision_frame+0x168/0x1510
[  110.975917]  hsr_announce+0x14c/0x3a0
[  110.979737]  call_timer_fn+0x285/0x600
[  110.983640]  __run_timers+0xdb4/0x11d0
[  110.987542]  run_timer_softirq+0x2e/0x50
[  110.991616]  __do_softirq+0x53f/0x93a
[  110.995416] ==================================================================
[  111.002792] Disabling lock debugging due to kernel taint
[  111.008248] Kernel panic - not syncing: panic_on_warn set ...
[  111.014152] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             4.20.0-rc7+ #16
[  111.022124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  111.031493] Call Trace:
[  111.034096]  <IRQ>
[  111.036270]  dump_stack+0x173/0x1d0
[  111.039934]  panic+0x3ce/0x961
[  111.043197]  kmsan_report+0x293/0x2a0
[  111.047024]  __msan_warning+0x82/0xf0
[  111.050858]  send_hsr_supervision_frame+0x1056/0x1510
[  111.056105]  hsr_announce+0x14c/0x3a0
[  111.059945]  call_timer_fn+0x285/0x600
[  111.063850]  ? hsr_dev_finalize+0xb90/0xb90
[  111.068199]  __run_timers+0xdb4/0x11d0
[  111.072106]  ? hsr_dev_finalize+0xb90/0xb90
[  111.076479]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  111.081951]  ? irqtime_account_irq+0xcf/0x2e0
[  111.086482]  ? timers_dead_cpu+0xa50/0xa50
[  111.090748]  run_timer_softirq+0x2e/0x50
[  111.094834]  __do_softirq+0x53f/0x93a
[  111.098677]  irq_exit+0x214/0x250
[  111.102155]  exiting_irq+0xe/0x10
[  111.105631]  smp_apic_timer_interrupt+0x48/0x70
[  111.110319]  apic_timer_interrupt+0x2e/0x40
[  111.114653]  </IRQ>
[  111.116915] RIP: 0010:default_idle+0x27e/0x4e0
[  111.121510] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[  111.140428] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  111.148166] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[  111.155451] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[  111.162753] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[  111.170037] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[  111.177319] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[  111.184626]  ? __cpuidle_text_start+0x8/0x8
[  111.189208]  ? default_idle+0x6e/0x4e0
[  111.193120]  ? __cpuidle_text_start+0x8/0x8
[  111.197458]  ? __cpuidle_text_start+0x8/0x8
[  111.201813]  arch_cpu_idle+0x26/0x30
[  111.205548]  do_idle+0x22d/0x800
[  111.208946]  cpu_startup_entry+0x45/0x50
[  111.213026]  rest_init+0x1c1/0x1f0
[  111.216591]  arch_call_rest_init+0x13/0x15
[  111.220845]  start_kernel+0x9d7/0xbb1
[  111.224685]  x86_64_start_reservations+0x19/0x2f
[  111.229462]  x86_64_start_kernel+0x84/0x87
[  111.233733]  secondary_startup_64+0xa4/0xb0
[  111.238978] Kernel Offset: disabled
[  111.242612] Rebooting in 86400 seconds..