[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   92.060927] audit: type=1800 audit(1546161044.107:25): pid=11149 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   92.080155] audit: type=1800 audit(1546161044.107:26): pid=11149 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   92.099587] audit: type=1800 audit(1546161044.137:27): pid=11149 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts.
2018/12/30 09:10:59 fuzzer started
2018/12/30 09:11:03 dialing manager at 10.128.0.26:41469
2018/12/30 09:11:03 syscalls: 1
2018/12/30 09:11:03 code coverage: enabled
2018/12/30 09:11:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 09:11:03 setuid sandbox: enabled
2018/12/30 09:11:03 namespace sandbox: enabled
2018/12/30 09:11:03 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 09:11:03 fault injection: enabled
2018/12/30 09:11:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 09:11:03 net packet injection: enabled
2018/12/30 09:11:03 net device setup: enabled
09:11:06 executing program 0:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$VHOST_GET_FEATURES(r0, 0x80044d76, &(0x7f0000000080))

syzkaller login: [  115.342733] IPVS: ftp: loaded support on port[0] = 21
[  115.496704] chnl_net:caif_netlink_parms(): no params data found
[  115.568374] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.575013] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.583388] device bridge_slave_0 entered promiscuous mode
[  115.593003] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.599539] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.607902] device bridge_slave_1 entered promiscuous mode
[  115.643560] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  115.655690] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  115.687470] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  115.696161] team0: Port device team_slave_0 added
[  115.703253] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  115.712082] team0: Port device team_slave_1 added
[  115.718497] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  115.727707] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  115.846659] device hsr_slave_0 entered promiscuous mode
[  115.982177] device hsr_slave_1 entered promiscuous mode
[  116.042906] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  116.050556] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  116.081118] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.087753] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.094948] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.101487] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.193682] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  116.199804] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.214855] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  116.229788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  116.240364] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.251309] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.264264] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  116.282648] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  116.288843] 8021q: adding VLAN 0 to HW filter on device team0
[  116.304966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  116.313343] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.319870] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.357006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  116.365506] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.372077] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.381899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  116.417307] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  116.427026] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  116.439109] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  116.447919] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  116.456930] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  116.465876] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  116.474660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  116.493451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  116.519483] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  116.550313] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.592710] ==================================================================
[  116.600162] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[  116.607763] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16
[  116.614370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  116.623729] Call Trace:
[  116.626324]  <IRQ>
[  116.628494]  dump_stack+0x173/0x1d0
[  116.632155]  kmsan_report+0x12e/0x2a0
[  116.635987]  __msan_warning+0x82/0xf0
[  116.639820]  send_hsr_supervision_frame+0x1056/0x1510
[  116.645077]  hsr_announce+0x14c/0x3a0
[  116.648921]  call_timer_fn+0x285/0x600
[  116.652842]  ? hsr_dev_finalize+0xb90/0xb90
[  116.657215]  __run_timers+0xdb4/0x11d0
[  116.661128]  ? hsr_dev_finalize+0xb90/0xb90
[  116.665492]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  116.671022]  ? irqtime_account_irq+0xcf/0x2e0
[  116.675548]  ? timers_dead_cpu+0xa50/0xa50
[  116.679805]  run_timer_softirq+0x2e/0x50
[  116.683940]  __do_softirq+0x53f/0x93a
[  116.687831]  irq_exit+0x214/0x250
[  116.691322]  exiting_irq+0xe/0x10
[  116.694798]  smp_apic_timer_interrupt+0x48/0x70
[  116.699487]  apic_timer_interrupt+0x2e/0x40
[  116.703831]  </IRQ>
[  116.706098] RIP: 0010:default_idle+0x27e/0x4e0
[  116.710696] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[  116.729608] RSP: 0018:ffff8880af68fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  116.737333] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[  116.744647] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[  116.751923] RBP: ffff8880af68fe18 R08: 0000000000000002 R09: ffff8880af68fd78
[  116.759202] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af660988
[  116.766487] R13: 0000000000000001 R14: ffff8880af660000 R15: ffff8880af660988
[  116.773784]  ? __cpuidle_text_start+0x8/0x8
[  116.778146]  ? __cpuidle_text_start+0x8/0x8
[  116.782485]  ? __cpuidle_text_start+0x8/0x8
[  116.786834]  arch_cpu_idle+0x26/0x30
[  116.790570]  do_idle+0x22d/0x800
[  116.793972]  cpu_startup_entry+0x45/0x50
[  116.798102]  ? setup_APIC_timer+0x200/0x200
[  116.802463]  start_secondary+0x4b2/0x5d0
[  116.806565]  secondary_startup_64+0xa4/0xb0
[  116.810911] 
[  116.812554] Uninit was created at:
[  116.816118]  kmsan_save_stack_with_flags+0x7a/0x130
[  116.821153]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[  116.826963]  kmsan_alloc_page+0x7e/0x100
[  116.831038]  __alloc_pages_nodemask+0x1587/0x5f20
[  116.835905]  page_frag_alloc+0x3c1/0x980
[  116.839990]  __netdev_alloc_skb+0x1f1/0xa50
[  116.844323]  send_hsr_supervision_frame+0x168/0x1510
[  116.849442]  hsr_announce+0x14c/0x3a0
[  116.853256]  call_timer_fn+0x285/0x600
[  116.857156]  __run_timers+0xdb4/0x11d0
[  116.861063]  run_timer_softirq+0x2e/0x50
[  116.865143]  __do_softirq+0x53f/0x93a
[  116.868943] ==================================================================
[  116.876315] Disabling lock debugging due to kernel taint
[  116.881775] Kernel panic - not syncing: panic_on_warn set ...
[  116.887682] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             4.20.0-rc7+ #16
[  116.895657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  116.905030] Call Trace:
[  116.907644]  <IRQ>
[  116.909828]  dump_stack+0x173/0x1d0
[  116.913490]  panic+0x3ce/0x961
[  116.916749]  kmsan_report+0x293/0x2a0
[  116.920617]  __msan_warning+0x82/0xf0
[  116.924447]  send_hsr_supervision_frame+0x1056/0x1510
[  116.929737]  hsr_announce+0x14c/0x3a0
[  116.933578]  call_timer_fn+0x285/0x600
[  116.937483]  ? hsr_dev_finalize+0xb90/0xb90
[  116.941833]  __run_timers+0xdb4/0x11d0
[  116.945743]  ? hsr_dev_finalize+0xb90/0xb90
[  116.950113]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  116.955596]  ? irqtime_account_irq+0xcf/0x2e0
[  116.960125]  ? timers_dead_cpu+0xa50/0xa50
[  116.964388]  run_timer_softirq+0x2e/0x50
[  116.968475]  __do_softirq+0x53f/0x93a
[  116.972321]  irq_exit+0x214/0x250
[  116.975794]  exiting_irq+0xe/0x10
[  116.979299]  smp_apic_timer_interrupt+0x48/0x70
[  116.983988]  apic_timer_interrupt+0x2e/0x40
[  116.988313]  </IRQ>
[  116.990580] RIP: 0010:default_idle+0x27e/0x4e0
[  116.995178] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[  117.014096] RSP: 0018:ffff8880af68fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  117.021861] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[  117.029153] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[  117.036433] RBP: ffff8880af68fe18 R08: 0000000000000002 R09: ffff8880af68fd78
[  117.043717] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af660988
[  117.051017] R13: 0000000000000001 R14: ffff8880af660000 R15: ffff8880af660988
[  117.058328]  ? __cpuidle_text_start+0x8/0x8
[  117.062686]  ? __cpuidle_text_start+0x8/0x8
[  117.067024]  ? __cpuidle_text_start+0x8/0x8
[  117.071398]  arch_cpu_idle+0x26/0x30
[  117.075127]  do_idle+0x22d/0x800
[  117.078528]  cpu_startup_entry+0x45/0x50
[  117.082609]  ? setup_APIC_timer+0x200/0x200
[  117.086955]  start_secondary+0x4b2/0x5d0
[  117.091057]  secondary_startup_64+0xa4/0xb0
[  117.096299] Kernel Offset: disabled
[  117.099932] Rebooting in 86400 seconds..