[ 59.133055] audit: type=1800 audit(1546159092.150:28): pid=8867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 60.002057] sshd (8934) used greatest stack depth: 54176 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.306850] audit: type=1800 audit(1546159093.360:29): pid=8867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 60.326281] audit: type=1800 audit(1546159093.370:30): pid=8867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. 2018/12/30 08:38:26 fuzzer started 2018/12/30 08:38:30 dialing manager at 10.128.0.26:41469 2018/12/30 08:38:30 syscalls: 1 2018/12/30 08:38:30 code coverage: enabled 2018/12/30 08:38:30 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 08:38:30 setuid sandbox: enabled 2018/12/30 08:38:30 namespace sandbox: enabled 2018/12/30 08:38:30 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 08:38:30 fault injection: enabled 2018/12/30 08:38:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 08:38:30 net packet injection: enabled 2018/12/30 08:38:30 net device setup: enabled syzkaller login: [ 77.793128] ld (9027) used greatest stack depth: 53720 bytes left 08:38:33 executing program 0: socket$tipc(0x1e, 0x0, 0x0) r0 = socket(0x10, 0x2, 0xf) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x03\xd0\x1f\x05I\xa8\x9dx\xdcJ\xf8\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\xac\xc7\xed\xbc\xd7\xa0q\xfb53\x1c\xe3\x9cZ\xd3ex\x18\xfe\xb0\'\x91\x88\xb9+.k\x03\\\xdeLf\xc6\xb0\x00\x81\xbd\x10oj\xdf\xe5\x81\b\xa8\xbe\x89\xd3iVp7N0L\a\x1d\xe1v5\xf3\x03M\xe8\xc27.\a\x00\x00\x00\x00\x00\x00\x00}eo') sendfile(r0, r1, 0x0, 0x80000002) [ 80.931387] IPVS: ftp: loaded support on port[0] = 21 [ 81.049822] chnl_net:caif_netlink_parms(): no params data found [ 81.107834] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.114507] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.122426] device bridge_slave_0 entered promiscuous mode [ 81.130723] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.137257] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.145168] device bridge_slave_1 entered promiscuous mode [ 81.171777] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 81.182114] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 81.208556] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.216819] team0: Port device team_slave_0 added [ 81.223387] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 81.231530] team0: Port device team_slave_1 added [ 81.238383] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 81.246460] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 81.346888] device hsr_slave_0 entered promiscuous mode [ 81.613628] device hsr_slave_1 entered promiscuous mode [ 81.874082] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 81.881554] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 81.905916] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.912532] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.919790] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.926317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.995786] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 82.001915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.015213] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 82.027616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.037319] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.046682] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.057409] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 82.073713] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 82.079829] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.093251] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 82.100409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.109214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.117306] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.123786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.137991] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.151272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.159062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.167461] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.175457] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.181884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.190025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.202270] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.209398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.228036] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.235658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.245188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.255746] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.266547] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.274213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.282789] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.298177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 82.305981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.314032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.328534] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 82.336317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.344400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.359499] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 82.365792] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.388233] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 82.404201] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.484002] ================================================================== [ 82.491407] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 82.498983] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16 [ 82.505555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.514903] Call Trace: [ 82.517485] [ 82.519652] dump_stack+0x173/0x1d0 [ 82.523292] kmsan_report+0x12e/0x2a0 [ 82.527101] __msan_warning+0x82/0xf0 [ 82.530903] send_hsr_supervision_frame+0x1056/0x1510 [ 82.536113] hsr_announce+0x14c/0x3a0 [ 82.539922] call_timer_fn+0x285/0x600 [ 82.543808] ? hsr_dev_finalize+0xb90/0xb90 [ 82.548142] __run_timers+0xdb4/0x11d0 [ 82.552028] ? hsr_dev_finalize+0xb90/0xb90 [ 82.556368] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 82.561815] ? irqtime_account_irq+0xcf/0x2e0 [ 82.566320] ? timers_dead_cpu+0xa50/0xa50 [ 82.570565] run_timer_softirq+0x2e/0x50 [ 82.574633] __do_softirq+0x53f/0x93a [ 82.578468] irq_exit+0x214/0x250 [ 82.581919] exiting_irq+0xe/0x10 [ 82.585378] smp_apic_timer_interrupt+0x48/0x70 [ 82.590051] apic_timer_interrupt+0x2e/0x40 [ 82.594369] [ 82.596604] RIP: 0010:default_idle+0x27e/0x4e0 [ 82.601183] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 82.620084] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 82.627791] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 82.635059] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 82.642323] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 82.649694] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 82.656959] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 82.664252] ? __cpuidle_text_start+0x8/0x8 [ 82.668574] ? default_idle+0x6e/0x4e0 [ 82.672460] ? __cpuidle_text_start+0x8/0x8 [ 82.676781] ? __cpuidle_text_start+0x8/0x8 [ 82.681208] arch_cpu_idle+0x26/0x30 [ 82.684956] do_idle+0x22d/0x800 [ 82.688333] cpu_startup_entry+0x45/0x50 [ 82.692412] rest_init+0x1c1/0x1f0 [ 82.695960] arch_call_rest_init+0x13/0x15 [ 82.700192] start_kernel+0x9d7/0xbb1 [ 82.704004] x86_64_start_reservations+0x19/0x2f [ 82.708763] x86_64_start_kernel+0x84/0x87 [ 82.713002] secondary_startup_64+0xa4/0xb0 [ 82.717320] [ 82.718938] Uninit was created at: [ 82.722481] kmsan_save_stack_with_flags+0x7a/0x130 [ 82.727494] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 82.733310] kmsan_alloc_page+0x7e/0x100 [ 82.737383] __alloc_pages_nodemask+0x1587/0x5f20 [ 82.742226] page_frag_alloc+0x3c1/0x980 [ 82.746284] __netdev_alloc_skb+0x1f1/0xa50 [ 82.750600] send_hsr_supervision_frame+0x168/0x1510 [ 82.755719] hsr_announce+0x14c/0x3a0 [ 82.759516] call_timer_fn+0x285/0x600 [ 82.763488] __run_timers+0xdb4/0x11d0 [ 82.767406] run_timer_softirq+0x2e/0x50 [ 82.771487] __do_softirq+0x53f/0x93a [ 82.775279] ================================================================== [ 82.782631] Disabling lock debugging due to kernel taint [ 82.788069] Kernel panic - not syncing: panic_on_warn set ... [ 82.793971] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.20.0-rc7+ #16 [ 82.801931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.811283] Call Trace: [ 82.813867] [ 82.816023] dump_stack+0x173/0x1d0 [ 82.820181] panic+0x3ce/0x961 [ 82.823396] kmsan_report+0x293/0x2a0 [ 82.827211] __msan_warning+0x82/0xf0 [ 82.831018] send_hsr_supervision_frame+0x1056/0x1510 [ 82.836230] hsr_announce+0x14c/0x3a0 [ 82.840131] call_timer_fn+0x285/0x600 [ 82.844104] ? hsr_dev_finalize+0xb90/0xb90 [ 82.848443] __run_timers+0xdb4/0x11d0 [ 82.852328] ? hsr_dev_finalize+0xb90/0xb90 [ 82.856695] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 82.862145] ? irqtime_account_irq+0xcf/0x2e0 [ 82.866642] ? timers_dead_cpu+0xa50/0xa50 [ 82.870902] run_timer_softirq+0x2e/0x50 [ 82.874963] __do_softirq+0x53f/0x93a [ 82.878787] irq_exit+0x214/0x250 [ 82.882243] exiting_irq+0xe/0x10 [ 82.885708] smp_apic_timer_interrupt+0x48/0x70 [ 82.890379] apic_timer_interrupt+0x2e/0x40 [ 82.894695] [ 82.896941] RIP: 0010:default_idle+0x27e/0x4e0 [ 82.901531] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 82.920428] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 82.928131] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 82.935398] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 82.942679] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 82.950052] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 82.957318] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 82.964604] ? __cpuidle_text_start+0x8/0x8 [ 82.968937] ? default_idle+0x6e/0x4e0 [ 82.972829] ? __cpuidle_text_start+0x8/0x8 [ 82.977151] ? __cpuidle_text_start+0x8/0x8 [ 82.981472] arch_cpu_idle+0x26/0x30 [ 82.985187] do_idle+0x22d/0x800 [ 82.988568] cpu_startup_entry+0x45/0x50 [ 82.992661] rest_init+0x1c1/0x1f0 [ 82.996227] arch_call_rest_init+0x13/0x15 [ 83.000465] start_kernel+0x9d7/0xbb1 [ 83.004274] x86_64_start_reservations+0x19/0x2f [ 83.009028] x86_64_start_kernel+0x84/0x87 [ 83.013260] secondary_startup_64+0xa4/0xb0 [ 83.018680] Kernel Offset: disabled [ 83.022332] Rebooting in 86400 seconds..