[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 85.418544] audit: type=1800 audit(1546175068.467:25): pid=10760 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 85.437617] audit: type=1800 audit(1546175068.477:26): pid=10760 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 85.456996] audit: type=1800 audit(1546175068.487:27): pid=10760 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. 2018/12/30 13:04:43 fuzzer started 2018/12/30 13:04:48 dialing manager at 10.128.0.26:38305 2018/12/30 13:04:48 syscalls: 1 2018/12/30 13:04:48 code coverage: enabled 2018/12/30 13:04:48 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 13:04:48 setuid sandbox: enabled 2018/12/30 13:04:48 namespace sandbox: enabled 2018/12/30 13:04:48 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 13:04:48 fault injection: enabled 2018/12/30 13:04:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 13:04:48 net packet injection: enabled 2018/12/30 13:04:48 net device setup: enabled 13:04:51 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000002000)=@ethernet, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f000000ffd8)={'vcan0\x00', 0x0}) r2 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r2, &(0x7f0000010ff0), 0x10) setsockopt$sock_int(r2, 0x1, 0x1d, &(0x7f0000000040)=0xfffffffffffffffa, 0x4) sendmsg$can_bcm(r0, &(0x7f0000000000)={&(0x7f0000007ff0)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f000000afb8)={0x1, 0x3, 0x0, {0x0, 0x2710}, {0x0, 0x7530}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "8e15adecfc04aba1"}}, 0x48}}, 0x0) recvmmsg(r2, &(0x7f0000001200)=[{{&(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f00000011c0)}}], 0x1, 0x0, 0x0) syzkaller login: [ 108.622856] IPVS: ftp: loaded support on port[0] = 21 [ 108.774440] chnl_net:caif_netlink_parms(): no params data found [ 108.839572] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.846152] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.854399] device bridge_slave_0 entered promiscuous mode [ 108.863505] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.869981] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.878990] device bridge_slave_1 entered promiscuous mode [ 108.910181] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 108.921178] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 108.950859] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 108.959542] team0: Port device team_slave_0 added [ 108.965967] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 108.974725] team0: Port device team_slave_1 added [ 108.980816] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 108.989623] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 109.087073] device hsr_slave_0 entered promiscuous mode [ 109.342658] device hsr_slave_1 entered promiscuous mode [ 109.603277] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 109.610869] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 109.641065] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.647646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.654861] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.661458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.751847] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 109.758061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.772626] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 109.785445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 109.797086] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.805700] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.817020] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 109.834171] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 109.840259] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.854492] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 109.861655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 109.870206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 109.878369] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.884899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.899813] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 109.913420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 109.925275] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 109.933365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 109.941900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 109.950231] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.956756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.965805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 109.974785] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 109.989542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 109.996692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 110.005306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.021434] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 110.028975] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 110.037173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 110.046149] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 110.060818] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 110.068335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 110.077088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 110.092780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 110.099876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 110.108367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.123660] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 110.129790] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 110.157415] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 110.181249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.242213] ================================================================== [ 110.249603] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 110.257156] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16 [ 110.263741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.273096] Call Trace: [ 110.275686] [ 110.277844] dump_stack+0x173/0x1d0 [ 110.281492] kmsan_report+0x12e/0x2a0 [ 110.285316] __msan_warning+0x82/0xf0 [ 110.289153] send_hsr_supervision_frame+0x1056/0x1510 [ 110.294409] hsr_announce+0x14c/0x3a0 [ 110.298277] call_timer_fn+0x285/0x600 [ 110.302208] ? hsr_dev_finalize+0xb90/0xb90 [ 110.306572] __run_timers+0xdb4/0x11d0 [ 110.310477] ? hsr_dev_finalize+0xb90/0xb90 [ 110.314831] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 110.320291] ? irqtime_account_irq+0xcf/0x2e0 [ 110.324813] ? timers_dead_cpu+0xa50/0xa50 [ 110.329064] run_timer_softirq+0x2e/0x50 [ 110.333161] __do_softirq+0x53f/0x93a [ 110.336996] irq_exit+0x214/0x250 [ 110.340467] exiting_irq+0xe/0x10 [ 110.343973] smp_apic_timer_interrupt+0x48/0x70 [ 110.348656] apic_timer_interrupt+0x2e/0x40 [ 110.352984] [ 110.355235] RIP: 0010:default_idle+0x27e/0x4e0 [ 110.359828] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 110.378747] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 110.386499] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 110.393777] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 110.401057] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 110.408335] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 110.415619] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 110.422912] ? __cpuidle_text_start+0x8/0x8 [ 110.427294] ? __cpuidle_text_start+0x8/0x8 [ 110.431639] ? __cpuidle_text_start+0x8/0x8 [ 110.436015] arch_cpu_idle+0x26/0x30 [ 110.439784] do_idle+0x22d/0x800 [ 110.443181] cpu_startup_entry+0x45/0x50 [ 110.447258] ? setup_APIC_timer+0x200/0x200 [ 110.451615] start_secondary+0x4b2/0x5d0 [ 110.455714] secondary_startup_64+0xa4/0xb0 [ 110.460082] [ 110.461736] Uninit was created at: [ 110.465305] kmsan_save_stack_with_flags+0x7a/0x130 [ 110.470386] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 110.476193] kmsan_alloc_page+0x7e/0x100 [ 110.480271] __alloc_pages_nodemask+0x1587/0x5f20 [ 110.485155] page_frag_alloc+0x3c1/0x980 [ 110.489230] __netdev_alloc_skb+0x1f1/0xa50 [ 110.493567] send_hsr_supervision_frame+0x168/0x1510 [ 110.498680] hsr_announce+0x14c/0x3a0 [ 110.502495] call_timer_fn+0x285/0x600 [ 110.506399] __run_timers+0xdb4/0x11d0 [ 110.510297] run_timer_softirq+0x2e/0x50 [ 110.514380] __do_softirq+0x53f/0x93a [ 110.518184] ================================================================== [ 110.525543] Disabling lock debugging due to kernel taint [ 110.530995] Kernel panic - not syncing: panic_on_warn set ... [ 110.536887] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.20.0-rc7+ #16 [ 110.544856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.554216] Call Trace: [ 110.556802] [ 110.558964] dump_stack+0x173/0x1d0 [ 110.562618] panic+0x3ce/0x961 [ 110.565864] kmsan_report+0x293/0x2a0 [ 110.569683] __msan_warning+0x82/0xf0 [ 110.573505] send_hsr_supervision_frame+0x1056/0x1510 [ 110.578778] hsr_announce+0x14c/0x3a0 [ 110.582636] call_timer_fn+0x285/0x600 [ 110.586538] ? hsr_dev_finalize+0xb90/0xb90 [ 110.590883] __run_timers+0xdb4/0x11d0 [ 110.594788] ? hsr_dev_finalize+0xb90/0xb90 [ 110.599154] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 110.604617] ? irqtime_account_irq+0xcf/0x2e0 [ 110.609152] ? timers_dead_cpu+0xa50/0xa50 [ 110.613406] run_timer_softirq+0x2e/0x50 [ 110.617486] __do_softirq+0x53f/0x93a [ 110.621328] irq_exit+0x214/0x250 [ 110.624815] exiting_irq+0xe/0x10 [ 110.628285] smp_apic_timer_interrupt+0x48/0x70 [ 110.632974] apic_timer_interrupt+0x2e/0x40 [ 110.637828] [ 110.640107] RIP: 0010:default_idle+0x27e/0x4e0 [ 110.644711] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 110.663628] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 110.671367] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 110.678652] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 110.685928] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 110.693207] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af640988 [ 110.700488] R13: 0000000000000001 R14: ffff8880af640000 R15: ffff8880af640988 [ 110.707784] ? __cpuidle_text_start+0x8/0x8 [ 110.712148] ? __cpuidle_text_start+0x8/0x8 [ 110.716486] ? __cpuidle_text_start+0x8/0x8 [ 110.720832] arch_cpu_idle+0x26/0x30 [ 110.724565] do_idle+0x22d/0x800 [ 110.727973] cpu_startup_entry+0x45/0x50 [ 110.732046] ? setup_APIC_timer+0x200/0x200 [ 110.736402] start_secondary+0x4b2/0x5d0 [ 110.740493] secondary_startup_64+0xa4/0xb0 [ 110.745811] Kernel Offset: disabled [ 110.749440] Rebooting in 86400 seconds..