[   60.694118] audit: type=1800 audit(1546163041.710:27): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   60.713688] audit: type=1800 audit(1546163041.720:28): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   61.920082] audit: type=1800 audit(1546163042.960:29): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   61.939790] audit: type=1800 audit(1546163042.970:30): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.100' (ECDSA) to the list of known hosts.
2018/12/30 09:44:16 fuzzer started
2018/12/30 09:44:20 dialing manager at 10.128.0.26:41469
2018/12/30 09:44:20 syscalls: 1
2018/12/30 09:44:20 code coverage: enabled
2018/12/30 09:44:20 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 09:44:20 setuid sandbox: enabled
2018/12/30 09:44:20 namespace sandbox: enabled
2018/12/30 09:44:20 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 09:44:20 fault injection: enabled
2018/12/30 09:44:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 09:44:20 net packet injection: enabled
2018/12/30 09:44:20 net device setup: enabled
09:44:23 executing program 0:
syz_emit_ethernet(0x12, &(0x7f0000000340)={@remote, @broadcast, [], {@generic={0x88a8, '*Kn^'}}}, &(0x7f0000000140))

syzkaller login: [   82.969575] IPVS: ftp: loaded support on port[0] = 21
[   83.087044] chnl_net:caif_netlink_parms(): no params data found
[   83.142265] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.148747] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.156754] device bridge_slave_0 entered promiscuous mode
[   83.165330] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.171829] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.179602] device bridge_slave_1 entered promiscuous mode
[   83.207456] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   83.217912] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   83.243629] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   83.251857] team0: Port device team_slave_0 added
[   83.258097] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   83.266280] team0: Port device team_slave_1 added
[   83.272838] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   83.280872] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   83.495777] device hsr_slave_0 entered promiscuous mode
[   83.642122] device hsr_slave_1 entered promiscuous mode
[   83.902641] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   83.910044] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   83.934049] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.940525] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.947552] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.954052] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.021992] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   84.028102] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.040370] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   84.053185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   84.063243] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.074500] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.085065] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   84.099687] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   84.105930] 8021q: adding VLAN 0 to HW filter on device team0
[   84.119514] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   84.127054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   84.135394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   84.143383] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.149822] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.163161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   84.174799] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   84.185855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   84.194011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   84.202475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   84.210462] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.216944] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.225440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   84.234139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   84.247849] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   84.259160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   84.271108] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   84.282044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   84.291782] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   84.301465] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   84.312618] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   84.321194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   84.330109] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   84.338542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   84.346962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   84.355514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   84.363698] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   84.372174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   84.380325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   84.393276] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   84.401372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   84.419022] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   84.439723] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.481730] ==================================================================
[   84.489122] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[   84.496659] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16
[   84.503233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.512584] Call Trace:
[   84.515168]  <IRQ>
[   84.517330]  dump_stack+0x173/0x1d0
[   84.520969]  kmsan_report+0x12e/0x2a0
[   84.524776]  __msan_warning+0x82/0xf0
[   84.528585]  send_hsr_supervision_frame+0x1056/0x1510
[   84.533801]  hsr_announce+0x14c/0x3a0
[   84.537624]  call_timer_fn+0x285/0x600
[   84.541516]  ? hsr_dev_finalize+0xb90/0xb90
[   84.545858]  __run_timers+0xdb4/0x11d0
[   84.549752]  ? hsr_dev_finalize+0xb90/0xb90
[   84.554092]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   84.559543]  ? irqtime_account_irq+0xcf/0x2e0
[   84.564044]  ? timers_dead_cpu+0xa50/0xa50
[   84.568271]  run_timer_softirq+0x2e/0x50
[   84.572326]  __do_softirq+0x53f/0x93a
[   84.576139]  irq_exit+0x214/0x250
[   84.579597]  exiting_irq+0xe/0x10
[   84.583052]  smp_apic_timer_interrupt+0x48/0x70
[   84.587723]  apic_timer_interrupt+0x2e/0x40
[   84.592041]  </IRQ>
[   84.594281] RIP: 0010:default_idle+0x27e/0x4e0
[   84.598867] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[   84.617767] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   84.625474] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[   84.632743] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[   84.640009] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[   84.647278] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[   84.654545] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[   84.661846]  ? __cpuidle_text_start+0x8/0x8
[   84.666188]  ? default_idle+0x6e/0x4e0
[   84.670083]  ? __cpuidle_text_start+0x8/0x8
[   84.674424]  ? __cpuidle_text_start+0x8/0x8
[   84.678758]  arch_cpu_idle+0x26/0x30
[   84.682479]  do_idle+0x22d/0x800
[   84.685869]  cpu_startup_entry+0x45/0x50
[   84.689950]  rest_init+0x1c1/0x1f0
[   84.693499]  arch_call_rest_init+0x13/0x15
[   84.697739]  start_kernel+0x9d7/0xbb1
[   84.701550]  x86_64_start_reservations+0x19/0x2f
[   84.706307]  x86_64_start_kernel+0x84/0x87
[   84.710543]  secondary_startup_64+0xa4/0xb0
[   84.714872] 
[   84.716500] Uninit was created at:
[   84.720044]  kmsan_save_stack_with_flags+0x7a/0x130
[   84.725059]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[   84.730859]  kmsan_alloc_page+0x7e/0x100
[   84.734917]  __alloc_pages_nodemask+0x1587/0x5f20
[   84.739755]  page_frag_alloc+0x3c1/0x980
[   84.743822]  __netdev_alloc_skb+0x1f1/0xa50
[   84.748148]  send_hsr_supervision_frame+0x168/0x1510
[   84.753250]  hsr_announce+0x14c/0x3a0
[   84.757056]  call_timer_fn+0x285/0x600
[   84.760941]  __run_timers+0xdb4/0x11d0
[   84.764841]  run_timer_softirq+0x2e/0x50
[   84.768899]  __do_softirq+0x53f/0x93a
[   84.772691] ==================================================================
[   84.780041] Disabling lock debugging due to kernel taint
[   84.785489] Kernel panic - not syncing: panic_on_warn set ...
[   84.791377] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             4.20.0-rc7+ #16
[   84.799336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.808682] Call Trace:
[   84.811267]  <IRQ>
[   84.813423]  dump_stack+0x173/0x1d0
[   84.817062]  panic+0x3ce/0x961
[   84.820295]  kmsan_report+0x293/0x2a0
[   84.824107]  __msan_warning+0x82/0xf0
[   84.827917]  send_hsr_supervision_frame+0x1056/0x1510
[   84.833131]  hsr_announce+0x14c/0x3a0
[   84.836948]  call_timer_fn+0x285/0x600
[   84.840846]  ? hsr_dev_finalize+0xb90/0xb90
[   84.845183]  __run_timers+0xdb4/0x11d0
[   84.849071]  ? hsr_dev_finalize+0xb90/0xb90
[   84.853411]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   84.858924]  ? irqtime_account_irq+0xcf/0x2e0
[   84.863427]  ? timers_dead_cpu+0xa50/0xa50
[   84.867667]  run_timer_softirq+0x2e/0x50
[   84.871729]  __do_softirq+0x53f/0x93a
[   84.875550]  irq_exit+0x214/0x250
[   84.879005]  exiting_irq+0xe/0x10
[   84.882462]  smp_apic_timer_interrupt+0x48/0x70
[   84.887138]  apic_timer_interrupt+0x2e/0x40
[   84.891450]  </IRQ>
[   84.893698] RIP: 0010:default_idle+0x27e/0x4e0
[   84.898278] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20
[   84.917178] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   84.924889] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220
[   84.932156] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000
[   84.939428] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08
[   84.946695] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8
[   84.953967] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8
[   84.961252]  ? __cpuidle_text_start+0x8/0x8
[   84.965590]  ? default_idle+0x6e/0x4e0
[   84.969479]  ? __cpuidle_text_start+0x8/0x8
[   84.973803]  ? __cpuidle_text_start+0x8/0x8
[   84.978144]  arch_cpu_idle+0x26/0x30
[   84.981866]  do_idle+0x22d/0x800
[   84.985241]  cpu_startup_entry+0x45/0x50
[   84.989317]  rest_init+0x1c1/0x1f0
[   84.992875]  arch_call_rest_init+0x13/0x15
[   84.997119]  start_kernel+0x9d7/0xbb1
[   85.000935]  x86_64_start_reservations+0x19/0x2f
[   85.005694]  x86_64_start_kernel+0x84/0x87
[   85.009935]  secondary_startup_64+0xa4/0xb0
[   85.015417] Kernel Offset: disabled
[   85.019037] Rebooting in 86400 seconds..