[   62.128895] audit: type=1800 audit(1546171227.143:27): pid=9109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   62.128928] audit: type=1800 audit(1546171227.163:28): pid=9109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   63.348856] audit: type=1800 audit(1546171228.393:29): pid=9109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   63.368450] audit: type=1800 audit(1546171228.393:30): pid=9109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts.
2018/12/30 12:00:39 fuzzer started
2018/12/30 12:00:43 dialing manager at 10.128.0.26:38305
2018/12/30 12:00:43 syscalls: 1
2018/12/30 12:00:43 code coverage: enabled
2018/12/30 12:00:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 12:00:43 setuid sandbox: enabled
2018/12/30 12:00:43 namespace sandbox: enabled
2018/12/30 12:00:43 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 12:00:43 fault injection: enabled
2018/12/30 12:00:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 12:00:43 net packet injection: enabled
2018/12/30 12:00:43 net device setup: enabled
12:00:46 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xdau\xaf\x1f\x02\xac\xc7\xed\xbc\xd7\xa0q\xfb53\x1c\xe3\x9cZ\x00\x00\x00\x00')
flistxattr(r0, &(0x7f0000000140)=""/20, 0xffffffffffffff56)

syzkaller login: [   81.851253] IPVS: ftp: loaded support on port[0] = 21
[   81.970333] chnl_net:caif_netlink_parms(): no params data found
[   82.028832] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.035426] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.043659] device bridge_slave_0 entered promiscuous mode
[   82.052198] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.059029] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.066918] device bridge_slave_1 entered promiscuous mode
[   82.092397] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   82.102970] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   82.127888] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   82.136164] team0: Port device team_slave_0 added
[   82.142238] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   82.150493] team0: Port device team_slave_1 added
[   82.156595] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   82.164739] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   82.336136] device hsr_slave_0 entered promiscuous mode
[   82.493378] device hsr_slave_1 entered promiscuous mode
[   82.653671] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   82.660974] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   82.685166] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.691659] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.698687] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.705246] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.771121] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   82.777416] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.789258] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   82.800722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   82.810871] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.819328] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.830369] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   82.845168] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   82.851256] 8021q: adding VLAN 0 to HW filter on device team0
[   82.864052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   82.872145] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.878640] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.920242] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   82.930071] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   82.941196] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   82.952059] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   82.960478] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.966938] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.976814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   82.985500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   82.993856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   83.002301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   83.012637] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   83.020349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   83.048352] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   83.069446] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.103243] ==================================================================
[   83.110620] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[   83.118251] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16
[   83.124819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.134277] Call Trace:
[   83.136852]  <IRQ>
[   83.139010]  dump_stack+0x173/0x1d0
[   83.142648]  kmsan_report+0x12e/0x2a0
[   83.146448]  __msan_warning+0x82/0xf0
[   83.150253]  send_hsr_supervision_frame+0x1056/0x1510
[   83.155458]  hsr_announce+0x14c/0x3a0
[   83.159269]  call_timer_fn+0x285/0x600
[   83.163176]  ? hsr_dev_finalize+0xb90/0xb90
[   83.167506]  __run_timers+0xdb4/0x11d0
[   83.171392]  ? hsr_dev_finalize+0xb90/0xb90
[   83.175750]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   83.181305]  ? irqtime_account_irq+0xcf/0x2e0
[   83.185809]  ? timers_dead_cpu+0xa50/0xa50
[   83.190044]  run_timer_softirq+0x2e/0x50
[   83.194105]  __do_softirq+0x53f/0x93a
[   83.197917]  irq_exit+0x214/0x250
[   83.201365]  exiting_irq+0xe/0x10
[   83.204814]  smp_apic_timer_interrupt+0x48/0x70
[   83.209476]  apic_timer_interrupt+0x2e/0x40
[   83.213801]  </IRQ>
[   83.216036] RIP: 0010:default_idle+0x27e/0x4e0
[   83.220631] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[   83.239532] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   83.247235] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[   83.254518] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[   83.261788] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[   83.269060] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[   83.276324] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[   83.283605]  ? __cpuidle_text_start+0x8/0x8
[   83.287955]  ? default_idle+0x6e/0x4e0
[   83.291856]  ? __cpuidle_text_start+0x8/0x8
[   83.296174]  ? __cpuidle_text_start+0x8/0x8
[   83.300495]  arch_cpu_idle+0x26/0x30
[   83.304310]  do_idle+0x22d/0x800
[   83.307681]  cpu_startup_entry+0x45/0x50
[   83.311769]  rest_init+0x1c1/0x1f0
[   83.315314]  arch_call_rest_init+0x13/0x15
[   83.319548]  start_kernel+0x9d7/0xbb1
[   83.323363]  x86_64_start_reservations+0x19/0x2f
[   83.328122]  x86_64_start_kernel+0x84/0x87
[   83.332368]  secondary_startup_64+0xa4/0xb0
[   83.336685] 
[   83.338309] Uninit was created at:
[   83.341868]  kmsan_save_stack_with_flags+0x7a/0x130
[   83.346883]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[   83.352676]  kmsan_alloc_page+0x7e/0x100
[   83.356760]  __alloc_pages_nodemask+0x1587/0x5f20
[   83.361595]  page_frag_alloc+0x3c1/0x980
[   83.365654]  __netdev_alloc_skb+0x1f1/0xa50
[   83.369974]  send_hsr_supervision_frame+0x168/0x1510
[   83.375074]  hsr_announce+0x14c/0x3a0
[   83.378881]  call_timer_fn+0x285/0x600
[   83.382771]  __run_timers+0xdb4/0x11d0
[   83.386658]  run_timer_softirq+0x2e/0x50
[   83.390747]  __do_softirq+0x53f/0x93a
[   83.394546] ==================================================================
[   83.401891] Disabling lock debugging due to kernel taint
[   83.407346] Kernel panic - not syncing: panic_on_warn set ...
[   83.413240] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             4.20.0-rc7+ #16
[   83.421195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.430540] Call Trace:
[   83.433125]  <IRQ>
[   83.435287]  dump_stack+0x173/0x1d0
[   83.439013]  panic+0x3ce/0x961
[   83.442234]  kmsan_report+0x293/0x2a0
[   83.446049]  __msan_warning+0x82/0xf0
[   83.449859]  send_hsr_supervision_frame+0x1056/0x1510
[   83.455072]  hsr_announce+0x14c/0x3a0
[   83.458884]  call_timer_fn+0x285/0x600
[   83.462769]  ? hsr_dev_finalize+0xb90/0xb90
[   83.467093]  __run_timers+0xdb4/0x11d0
[   83.470978]  ? hsr_dev_finalize+0xb90/0xb90
[   83.475320]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   83.480770]  ? irqtime_account_irq+0xcf/0x2e0
[   83.485266]  ? timers_dead_cpu+0xa50/0xa50
[   83.489502]  run_timer_softirq+0x2e/0x50
[   83.493582]  __do_softirq+0x53f/0x93a
[   83.497403]  irq_exit+0x214/0x250
[   83.500861]  exiting_irq+0xe/0x10
[   83.504419]  smp_apic_timer_interrupt+0x48/0x70
[   83.509101]  apic_timer_interrupt+0x2e/0x40
[   83.513418]  </IRQ>
[   83.515658] RIP: 0010:default_idle+0x27e/0x4e0
[   83.520248] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[   83.539144] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   83.546852] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[   83.554119] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[   83.561385] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[   83.568737] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[   83.576008] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[   83.583292]  ? __cpuidle_text_start+0x8/0x8
[   83.587622]  ? default_idle+0x6e/0x4e0
[   83.591504]  ? __cpuidle_text_start+0x8/0x8
[   83.595832]  ? __cpuidle_text_start+0x8/0x8
[   83.600163]  arch_cpu_idle+0x26/0x30
[   83.603881]  do_idle+0x22d/0x800
[   83.607258]  cpu_startup_entry+0x45/0x50
[   83.611324]  rest_init+0x1c1/0x1f0
[   83.614989]  arch_call_rest_init+0x13/0x15
[   83.619219]  start_kernel+0x9d7/0xbb1
[   83.623046]  x86_64_start_reservations+0x19/0x2f
[   83.627801]  x86_64_start_kernel+0x84/0x87
[   83.632036]  secondary_startup_64+0xa4/0xb0
[   83.637438] Kernel Offset: disabled
[   83.641060] Rebooting in 86400 seconds..