[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 91.499625] audit: type=1800 audit(1546165461.542:25): pid=10772 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 91.518781] audit: type=1800 audit(1546165461.552:26): pid=10772 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 91.538188] audit: type=1800 audit(1546165461.562:27): pid=10772 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. 2018/12/30 10:24:36 fuzzer started 2018/12/30 10:24:41 dialing manager at 10.128.0.26:41469 2018/12/30 10:24:41 syscalls: 1 2018/12/30 10:24:41 code coverage: enabled 2018/12/30 10:24:41 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 10:24:41 setuid sandbox: enabled 2018/12/30 10:24:41 namespace sandbox: enabled 2018/12/30 10:24:41 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 10:24:41 fault injection: enabled 2018/12/30 10:24:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 10:24:41 net packet injection: enabled 2018/12/30 10:24:41 net device setup: enabled 10:24:44 executing program 0: r0 = socket$inet(0x2, 0x200000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@broute={'broute\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, 0x0, &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x11, 0x0, 0x0, 'n*0Ek\x88k\xc2\x16[A\xfei\x00', 'yam0\x00', 'yam0\x00', 'lo\x00', @link_local, [], @link_local, [], 0xb8, 0xb8, 0xe8, [@limit={'limit\x00', 0x20, {{0xecc8, 0x7fffffff}}}]}}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}]}, 0x1f0) syzkaller login: [ 114.888853] IPVS: ftp: loaded support on port[0] = 21 [ 115.040659] chnl_net:caif_netlink_parms(): no params data found [ 115.111335] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.117988] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.126451] device bridge_slave_0 entered promiscuous mode [ 115.135901] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.142507] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.150679] device bridge_slave_1 entered promiscuous mode [ 115.184704] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 115.195814] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 115.225629] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 115.234502] team0: Port device team_slave_0 added [ 115.241311] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 115.250043] team0: Port device team_slave_1 added [ 115.256477] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 115.264877] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 115.446810] device hsr_slave_0 entered promiscuous mode [ 115.612923] device hsr_slave_1 entered promiscuous mode [ 115.873599] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 115.881268] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 115.911291] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.917905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.925117] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.931655] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.022857] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 116.028985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.039233] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.048830] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.060707] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 116.079268] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 116.091138] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 116.097991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 116.105763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.123415] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 116.129522] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.144066] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 116.151258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 116.159915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 116.168143] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.174675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.189597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 116.201936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 116.214771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 116.223565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 116.232383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.240839] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.247380] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.256384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 116.265510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 116.282352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 116.294649] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 116.307432] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 116.321369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 116.331112] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 116.341073] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 116.352841] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 116.360619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 116.369836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 116.378559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 116.387482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 116.396355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 116.404979] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 116.414013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 116.422587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 116.433208] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 116.441167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 116.476738] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 116.501406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.531978] ================================================================== [ 116.539380] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 116.546937] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc7+ #16 [ 116.553521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.562886] Call Trace: [ 116.565493] [ 116.567669] dump_stack+0x173/0x1d0 [ 116.571327] kmsan_report+0x12e/0x2a0 [ 116.575161] __msan_warning+0x82/0xf0 [ 116.578994] send_hsr_supervision_frame+0x1056/0x1510 [ 116.584255] hsr_announce+0x14c/0x3a0 [ 116.588095] call_timer_fn+0x285/0x600 [ 116.592005] ? hsr_dev_finalize+0xb90/0xb90 [ 116.596353] __run_timers+0xdb4/0x11d0 [ 116.600269] ? hsr_dev_finalize+0xb90/0xb90 [ 116.604633] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 116.610097] ? irqtime_account_irq+0xcf/0x2e0 [ 116.614619] ? timers_dead_cpu+0xa50/0xa50 [ 116.618875] run_timer_softirq+0x2e/0x50 [ 116.622974] __do_softirq+0x53f/0x93a [ 116.626825] irq_exit+0x214/0x250 [ 116.630299] exiting_irq+0xe/0x10 [ 116.633794] smp_apic_timer_interrupt+0x48/0x70 [ 116.638496] apic_timer_interrupt+0x2e/0x40 [ 116.642827] [ 116.645085] RIP: 0010:default_idle+0x27e/0x4e0 [ 116.649684] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 116.668602] RSP: 0018:ffff8880af69fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 116.676326] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 116.683606] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 116.690889] RBP: ffff8880af69fe18 R08: 0000000000000002 R09: ffff8880af69fd78 [ 116.698170] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af670988 [ 116.705450] R13: 0000000000000001 R14: ffff8880af670000 R15: ffff8880af670988 [ 116.712754] ? __cpuidle_text_start+0x8/0x8 [ 116.717117] ? __cpuidle_text_start+0x8/0x8 [ 116.721454] ? __cpuidle_text_start+0x8/0x8 [ 116.725807] arch_cpu_idle+0x26/0x30 [ 116.729543] do_idle+0x22d/0x800 [ 116.732944] cpu_startup_entry+0x45/0x50 [ 116.737025] ? setup_APIC_timer+0x200/0x200 [ 116.741369] start_secondary+0x4b2/0x5d0 [ 116.745461] secondary_startup_64+0xa4/0xb0 [ 116.749809] [ 116.751455] Uninit was created at: [ 116.755012] kmsan_save_stack_with_flags+0x7a/0x130 [ 116.760042] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 116.765852] kmsan_alloc_page+0x7e/0x100 [ 116.769954] __alloc_pages_nodemask+0x1587/0x5f20 [ 116.774810] page_frag_alloc+0x3c1/0x980 [ 116.778889] __netdev_alloc_skb+0x1f1/0xa50 [ 116.783281] send_hsr_supervision_frame+0x168/0x1510 [ 116.788403] hsr_announce+0x14c/0x3a0 [ 116.792218] call_timer_fn+0x285/0x600 [ 116.796584] __run_timers+0xdb4/0x11d0 [ 116.800484] run_timer_softirq+0x2e/0x50 [ 116.804559] __do_softirq+0x53f/0x93a [ 116.808367] ================================================================== [ 116.815741] Disabling lock debugging due to kernel taint [ 116.821199] Kernel panic - not syncing: panic_on_warn set ... [ 116.827105] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 4.20.0-rc7+ #16 [ 116.835083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.844447] Call Trace: [ 116.847042] [ 116.849216] dump_stack+0x173/0x1d0 [ 116.852885] panic+0x3ce/0x961 [ 116.856144] kmsan_report+0x293/0x2a0 [ 116.859974] __msan_warning+0x82/0xf0 [ 116.863811] send_hsr_supervision_frame+0x1056/0x1510 [ 116.869060] hsr_announce+0x14c/0x3a0 [ 116.872901] call_timer_fn+0x285/0x600 [ 116.876810] ? hsr_dev_finalize+0xb90/0xb90 [ 116.881160] __run_timers+0xdb4/0x11d0 [ 116.885070] ? hsr_dev_finalize+0xb90/0xb90 [ 116.889434] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 116.894902] ? irqtime_account_irq+0xcf/0x2e0 [ 116.899419] ? timers_dead_cpu+0xa50/0xa50 [ 116.903676] run_timer_softirq+0x2e/0x50 [ 116.907760] __do_softirq+0x53f/0x93a [ 116.911610] irq_exit+0x214/0x250 [ 116.915087] exiting_irq+0xe/0x10 [ 116.918559] smp_apic_timer_interrupt+0x48/0x70 [ 116.923256] apic_timer_interrupt+0x2e/0x40 [ 116.927620] [ 116.929877] RIP: 0010:default_idle+0x27e/0x4e0 [ 116.934471] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 116.953387] RSP: 0018:ffff8880af69fdd0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 116.961114] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 116.968398] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 116.975788] RBP: ffff8880af69fe18 R08: 0000000000000002 R09: ffff8880af69fd78 [ 116.983069] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffff8880af670988 [ 116.990347] R13: 0000000000000001 R14: ffff8880af670000 R15: ffff8880af670988 [ 116.997651] ? __cpuidle_text_start+0x8/0x8 [ 117.002013] ? __cpuidle_text_start+0x8/0x8 [ 117.006352] ? __cpuidle_text_start+0x8/0x8 [ 117.010697] arch_cpu_idle+0x26/0x30 [ 117.014428] do_idle+0x22d/0x800 [ 117.017835] cpu_startup_entry+0x45/0x50 [ 117.021914] ? setup_APIC_timer+0x200/0x200 [ 117.026273] start_secondary+0x4b2/0x5d0 [ 117.030367] secondary_startup_64+0xa4/0xb0 [ 117.035563] Kernel Offset: disabled [ 117.039191] Rebooting in 86400 seconds..