[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 93.838777] audit: type=1800 audit(1546164977.882:25): pid=11319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 93.857908] audit: type=1800 audit(1546164977.882:26): pid=11319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 93.877330] audit: type=1800 audit(1546164977.912:27): pid=11319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. 2018/12/30 10:16:30 fuzzer started 2018/12/30 10:16:35 dialing manager at 10.128.0.26:41469 2018/12/30 10:16:35 syscalls: 1 2018/12/30 10:16:35 code coverage: enabled 2018/12/30 10:16:35 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 10:16:35 setuid sandbox: enabled 2018/12/30 10:16:35 namespace sandbox: enabled 2018/12/30 10:16:35 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 10:16:35 fault injection: enabled 2018/12/30 10:16:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 10:16:35 net packet injection: enabled 2018/12/30 10:16:35 net device setup: enabled 10:16:38 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f00000001c0)='./bus\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000540)='ecryptfs\x00', 0x0, &(0x7f0000000500)='nfs4\x00') syzkaller login: [ 115.460421] IPVS: ftp: loaded support on port[0] = 21 [ 115.618200] chnl_net:caif_netlink_parms(): no params data found [ 115.690880] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.697521] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.705965] device bridge_slave_0 entered promiscuous mode [ 115.716271] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.722901] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.731087] device bridge_slave_1 entered promiscuous mode [ 115.765542] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 115.777235] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 115.808099] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 115.816847] team0: Port device team_slave_0 added [ 115.824030] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 115.832720] team0: Port device team_slave_1 added [ 115.839119] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 115.849048] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 115.917182] device hsr_slave_0 entered promiscuous mode [ 115.952669] device hsr_slave_1 entered promiscuous mode [ 116.053562] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 116.061235] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 116.092378] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.098968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.106226] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.113007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.203295] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 116.209443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.223204] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 116.237718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.248546] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.258277] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.268367] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 116.286827] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 116.293100] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.309036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 116.318266] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.324876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.375187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.383908] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.390416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.400121] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 116.409478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 116.424612] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 116.432815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 116.459648] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 116.478569] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 116.484774] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 116.515055] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 116.536722] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.602807] ================================================================== [ 116.610240] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 116.617827] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16 [ 116.624421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.633805] Call Trace: [ 116.636423] [ 116.638596] dump_stack+0x173/0x1d0 [ 116.642269] kmsan_report+0x12e/0x2a0 [ 116.646109] __msan_warning+0x82/0xf0 [ 116.649941] send_hsr_supervision_frame+0x1056/0x1510 [ 116.655199] hsr_announce+0x14c/0x3a0 [ 116.659042] call_timer_fn+0x285/0x600 [ 116.662956] ? hsr_dev_finalize+0xb90/0xb90 [ 116.667336] __run_timers+0xdb4/0x11d0 [ 116.671242] ? hsr_dev_finalize+0xb90/0xb90 [ 116.675626] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 116.681093] ? irqtime_account_irq+0xcf/0x2e0 [ 116.685616] ? timers_dead_cpu+0xa50/0xa50 [ 116.689871] run_timer_softirq+0x2e/0x50 [ 116.693967] __do_softirq+0x53f/0x93a [ 116.697816] irq_exit+0x214/0x250 [ 116.701301] exiting_irq+0xe/0x10 [ 116.704780] smp_apic_timer_interrupt+0x48/0x70 [ 116.709475] apic_timer_interrupt+0x2e/0x40 [ 116.713843] [ 116.716129] RIP: 0010:default_idle+0x27e/0x4e0 [ 116.720736] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 116.739692] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 116.747427] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 116.754722] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 116.762018] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 116.769306] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 116.776701] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 116.784030] ? __cpuidle_text_start+0x8/0x8 [ 116.788408] ? __cpuidle_text_start+0x8/0x8 [ 116.792775] ? __cpuidle_text_start+0x8/0x8 [ 116.797132] arch_cpu_idle+0x26/0x30 [ 116.800882] do_idle+0x22d/0x800 [ 116.804290] cpu_startup_entry+0x45/0x50 [ 116.808373] ? setup_APIC_timer+0x200/0x200 [ 116.812723] start_secondary+0x4b2/0x5d0 [ 116.816821] secondary_startup_64+0xa4/0xb0 [ 116.821170] [ 116.822827] Uninit was created at: [ 116.826385] kmsan_save_stack_with_flags+0x7a/0x130 [ 116.831417] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 116.837231] kmsan_alloc_page+0x7e/0x100 [ 116.841316] __alloc_pages_nodemask+0x1587/0x5f20 [ 116.846171] page_frag_alloc+0x3c1/0x980 [ 116.850256] __netdev_alloc_skb+0x1f1/0xa50 [ 116.854603] send_hsr_supervision_frame+0x168/0x1510 [ 116.859717] hsr_announce+0x14c/0x3a0 [ 116.863576] call_timer_fn+0x285/0x600 [ 116.867504] __run_timers+0xdb4/0x11d0 [ 116.871417] run_timer_softirq+0x2e/0x50 [ 116.875496] __do_softirq+0x53f/0x93a [ 116.879298] ================================================================== [ 116.886661] Disabling lock debugging due to kernel taint [ 116.892118] Kernel panic - not syncing: panic_on_warn set ... [ 116.898071] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.20.0-rc7+ #16 [ 116.906090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.915461] Call Trace: [ 116.918072] [ 116.920278] dump_stack+0x173/0x1d0 [ 116.923968] panic+0x3ce/0x961 [ 116.927269] kmsan_report+0x293/0x2a0 [ 116.931105] __msan_warning+0x82/0xf0 [ 116.934964] send_hsr_supervision_frame+0x1056/0x1510 [ 116.940210] hsr_announce+0x14c/0x3a0 [ 116.944063] call_timer_fn+0x285/0x600 [ 116.947977] ? hsr_dev_finalize+0xb90/0xb90 [ 116.952341] __run_timers+0xdb4/0x11d0 [ 116.956269] ? hsr_dev_finalize+0xb90/0xb90 [ 116.960982] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 116.966456] ? irqtime_account_irq+0xcf/0x2e0 [ 116.970996] ? timers_dead_cpu+0xa50/0xa50 [ 116.975265] run_timer_softirq+0x2e/0x50 [ 116.979351] __do_softirq+0x53f/0x93a [ 116.983197] irq_exit+0x214/0x250 [ 116.986677] exiting_irq+0xe/0x10 [ 116.990154] smp_apic_timer_interrupt+0x48/0x70 [ 116.994850] apic_timer_interrupt+0x2e/0x40 [ 116.999178] [ 117.001436] RIP: 0010:default_idle+0x27e/0x4e0 [ 117.006035] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 117.024972] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 117.032713] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 117.040013] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 117.047305] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 117.054620] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 117.061923] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 117.069271] ? __cpuidle_text_start+0x8/0x8 [ 117.073641] ? __cpuidle_text_start+0x8/0x8 [ 117.077987] ? __cpuidle_text_start+0x8/0x8 [ 117.082341] arch_cpu_idle+0x26/0x30 [ 117.086074] do_idle+0x22d/0x800 [ 117.089481] cpu_startup_entry+0x45/0x50 [ 117.094085] ? setup_APIC_timer+0x200/0x200 [ 117.098436] start_secondary+0x4b2/0x5d0 [ 117.102531] secondary_startup_64+0xa4/0xb0 [ 117.108005] Kernel Offset: disabled [ 117.111659] Rebooting in 86400 seconds..