[ 56.021739] audit: type=1800 audit(1546162527.033:27): pid=8681 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 56.041283] audit: type=1800 audit(1546162527.033:28): pid=8681 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.109802] audit: type=1800 audit(1546162528.153:29): pid=8681 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 57.129156] audit: type=1800 audit(1546162528.153:30): pid=8681 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.209' (ECDSA) to the list of known hosts. 2018/12/30 09:35:41 fuzzer started 2018/12/30 09:35:45 dialing manager at 10.128.0.26:41469 2018/12/30 09:35:45 syscalls: 1 2018/12/30 09:35:45 code coverage: enabled 2018/12/30 09:35:45 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 09:35:45 setuid sandbox: enabled 2018/12/30 09:35:45 namespace sandbox: enabled 2018/12/30 09:35:45 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 09:35:45 fault injection: enabled 2018/12/30 09:35:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 09:35:45 net packet injection: enabled 2018/12/30 09:35:45 net device setup: enabled 09:35:47 executing program 0: r0 = socket$inet(0x2, 0x3, 0x80000000001) getsockopt(r0, 0xff, 0x1, &(0x7f0000001180)=""/166, &(0x7f0000000040)=0xa6) syzkaller login: [ 77.135414] IPVS: ftp: loaded support on port[0] = 21 [ 77.251943] chnl_net:caif_netlink_parms(): no params data found [ 77.304504] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.310965] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.318840] device bridge_slave_0 entered promiscuous mode [ 77.327481] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.333983] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.341714] device bridge_slave_1 entered promiscuous mode [ 77.368813] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 77.379180] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 77.404332] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 77.412361] team0: Port device team_slave_0 added [ 77.418839] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 77.426936] team0: Port device team_slave_1 added [ 77.433792] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 77.441723] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 77.725358] device hsr_slave_0 entered promiscuous mode [ 77.882323] device hsr_slave_1 entered promiscuous mode [ 78.033227] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 78.040555] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 78.063665] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.070158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.077648] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.084152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.150317] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 78.156484] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.168453] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.180299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.190864] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.199084] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.208946] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 78.224414] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 78.230512] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.243039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 78.250745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 78.258989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.267039] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.273517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.285317] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 78.296690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 78.304316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.312574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.320491] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.327015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.335246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.348201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 78.358525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 78.369285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 78.379924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 78.387549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.396298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.404809] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.413387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.421743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.430131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.438259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.448116] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.459038] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 78.466197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.473965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.489057] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 78.495905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.520136] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 78.535247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.611990] ================================================================== [ 78.619411] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 78.626948] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16 [ 78.633519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.642889] Call Trace: [ 78.645474] [ 78.647630] dump_stack+0x173/0x1d0 [ 78.651282] kmsan_report+0x12e/0x2a0 [ 78.655088] __msan_warning+0x82/0xf0 [ 78.658892] send_hsr_supervision_frame+0x1056/0x1510 [ 78.664099] hsr_announce+0x14c/0x3a0 [ 78.667906] call_timer_fn+0x285/0x600 [ 78.671792] ? hsr_dev_finalize+0xb90/0xb90 [ 78.676125] __run_timers+0xdb4/0x11d0 [ 78.680024] ? hsr_dev_finalize+0xb90/0xb90 [ 78.684362] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 78.689811] ? irqtime_account_irq+0xcf/0x2e0 [ 78.694305] ? timers_dead_cpu+0xa50/0xa50 [ 78.698553] run_timer_softirq+0x2e/0x50 [ 78.702620] __do_softirq+0x53f/0x93a [ 78.706437] irq_exit+0x214/0x250 [ 78.709890] exiting_irq+0xe/0x10 [ 78.713338] smp_apic_timer_interrupt+0x48/0x70 [ 78.718005] apic_timer_interrupt+0x2e/0x40 [ 78.722316] [ 78.724553] RIP: 0010:default_idle+0x27e/0x4e0 [ 78.729163] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 78.748061] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 78.755764] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 78.763030] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 78.770299] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 78.777565] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af588988 [ 78.784834] R13: 0000000000000001 R14: ffff8880af588000 R15: ffff8880af588988 [ 78.792119] ? __cpuidle_text_start+0x8/0x8 [ 78.796460] ? __cpuidle_text_start+0x8/0x8 [ 78.800780] ? __cpuidle_text_start+0x8/0x8 [ 78.805109] arch_cpu_idle+0x26/0x30 [ 78.808826] do_idle+0x22d/0x800 [ 78.812213] cpu_startup_entry+0x45/0x50 [ 78.816273] ? setup_APIC_timer+0x200/0x200 [ 78.820595] start_secondary+0x4b2/0x5d0 [ 78.824683] secondary_startup_64+0xa4/0xb0 [ 78.829010] [ 78.830627] Uninit was created at: [ 78.834174] kmsan_save_stack_with_flags+0x7a/0x130 [ 78.839189] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 78.844981] kmsan_alloc_page+0x7e/0x100 [ 78.849041] __alloc_pages_nodemask+0x1587/0x5f20 [ 78.853877] page_frag_alloc+0x3c1/0x980 [ 78.857940] __netdev_alloc_skb+0x1f1/0xa50 [ 78.862275] send_hsr_supervision_frame+0x168/0x1510 [ 78.867374] hsr_announce+0x14c/0x3a0 [ 78.871174] call_timer_fn+0x285/0x600 [ 78.875059] __run_timers+0xdb4/0x11d0 [ 78.878942] run_timer_softirq+0x2e/0x50 [ 78.882997] __do_softirq+0x53f/0x93a [ 78.886806] ================================================================== [ 78.894161] Disabling lock debugging due to kernel taint [ 78.899601] Kernel panic - not syncing: panic_on_warn set ... [ 78.905495] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.20.0-rc7+ #16 [ 78.913998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.923471] Call Trace: [ 78.926051] [ 78.928212] dump_stack+0x173/0x1d0 [ 78.931845] panic+0x3ce/0x961 [ 78.935066] kmsan_report+0x293/0x2a0 [ 78.938881] __msan_warning+0x82/0xf0 [ 78.942691] send_hsr_supervision_frame+0x1056/0x1510 [ 78.947898] hsr_announce+0x14c/0x3a0 [ 78.951705] call_timer_fn+0x285/0x600 [ 78.955589] ? hsr_dev_finalize+0xb90/0xb90 [ 78.959928] __run_timers+0xdb4/0x11d0 [ 78.963815] ? hsr_dev_finalize+0xb90/0xb90 [ 78.968179] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 78.973633] ? irqtime_account_irq+0xcf/0x2e0 [ 78.978131] ? timers_dead_cpu+0xa50/0xa50 [ 78.982380] run_timer_softirq+0x2e/0x50 [ 78.986445] __do_softirq+0x53f/0x93a [ 78.990260] irq_exit+0x214/0x250 [ 78.993718] exiting_irq+0xe/0x10 [ 78.997180] smp_apic_timer_interrupt+0x48/0x70 [ 79.001850] apic_timer_interrupt+0x2e/0x40 [ 79.006166] [ 79.008407] RIP: 0010:default_idle+0x27e/0x4e0 [ 79.013005] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 79.031901] RSP: 0018:ffff8880af66fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 79.039607] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 79.046872] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 79.054137] RBP: ffff8880af66fe18 R08: 0000000000000002 R09: ffff8880af66fd78 [ 79.061407] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af588988 [ 79.068677] R13: 0000000000000001 R14: ffff8880af588000 R15: ffff8880af588988 [ 79.076430] ? __cpuidle_text_start+0x8/0x8 [ 79.080758] ? __cpuidle_text_start+0x8/0x8 [ 79.085076] ? __cpuidle_text_start+0x8/0x8 [ 79.089404] arch_cpu_idle+0x26/0x30 [ 79.093118] do_idle+0x22d/0x800 [ 79.096495] cpu_startup_entry+0x45/0x50 [ 79.100555] ? setup_APIC_timer+0x200/0x200 [ 79.104889] start_secondary+0x4b2/0x5d0 [ 79.108957] secondary_startup_64+0xa4/0xb0 [ 79.114501] Kernel Offset: disabled [ 79.118125] Rebooting in 86400 seconds..