[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 98.250171] audit: type=1800 audit(1546166461.291:25): pid=11508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 98.269346] audit: type=1800 audit(1546166461.301:26): pid=11508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 98.288797] audit: type=1800 audit(1546166461.311:27): pid=11508 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.211' (ECDSA) to the list of known hosts. 2018/12/30 10:41:13 fuzzer started 2018/12/30 10:41:18 dialing manager at 10.128.0.26:41469 2018/12/30 10:41:18 syscalls: 1 2018/12/30 10:41:18 code coverage: enabled 2018/12/30 10:41:18 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 10:41:18 setuid sandbox: enabled 2018/12/30 10:41:18 namespace sandbox: enabled 2018/12/30 10:41:18 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 10:41:18 fault injection: enabled 2018/12/30 10:41:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 10:41:18 net packet injection: enabled 2018/12/30 10:41:18 net device setup: enabled 10:41:21 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'salsa20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="529cd86bf10000be19cba82507da0d00", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000015c0), 0x0, &(0x7f00000002c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) io_setup(0x4000007fc, &(0x7f0000000000)=0x0) io_submit(r2, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000340), 0x87}]) syzkaller login: [ 119.339649] IPVS: ftp: loaded support on port[0] = 21 [ 119.491902] chnl_net:caif_netlink_parms(): no params data found [ 119.559300] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.565967] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.574358] device bridge_slave_0 entered promiscuous mode [ 119.583835] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.590345] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.598710] device bridge_slave_1 entered promiscuous mode [ 119.631535] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.642843] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.674199] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.682838] team0: Port device team_slave_0 added [ 119.690388] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 119.699029] team0: Port device team_slave_1 added [ 119.705830] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.714847] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.809154] device hsr_slave_0 entered promiscuous mode [ 120.033897] device hsr_slave_1 entered promiscuous mode [ 120.294524] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 120.302136] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 120.332373] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.338971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.346180] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.352717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.447398] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 120.454123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.468824] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 120.483210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.504977] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.515390] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.526173] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 120.543921] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 120.550020] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.565337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 120.572551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.581242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.589519] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.596063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.617930] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 120.625896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.635948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.644223] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.650708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.665212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 120.672395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.686761] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 120.693827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.708838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 120.716934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.725993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.740032] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 120.747331] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.755428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.764452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.779303] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 120.792363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 120.799549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.807930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.816854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.825178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.840253] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 120.846875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.883411] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 120.904509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.963336] ================================================================== [ 120.970752] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 120.978311] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc7+ #16 [ 120.984897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.994260] Call Trace: [ 120.996855] [ 120.999028] dump_stack+0x173/0x1d0 [ 121.002689] kmsan_report+0x12e/0x2a0 [ 121.006521] __msan_warning+0x82/0xf0 [ 121.010383] send_hsr_supervision_frame+0x1056/0x1510 [ 121.015628] hsr_announce+0x14c/0x3a0 [ 121.019465] call_timer_fn+0x285/0x600 [ 121.023372] ? hsr_dev_finalize+0xb90/0xb90 [ 121.027728] __run_timers+0xdb4/0x11d0 [ 121.031650] ? hsr_dev_finalize+0xb90/0xb90 [ 121.036014] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 121.041486] ? irqtime_account_irq+0xcf/0x2e0 [ 121.046009] ? timers_dead_cpu+0xa50/0xa50 [ 121.050268] run_timer_softirq+0x2e/0x50 [ 121.054355] __do_softirq+0x53f/0x93a [ 121.058211] irq_exit+0x214/0x250 [ 121.061715] exiting_irq+0xe/0x10 [ 121.065215] smp_apic_timer_interrupt+0x48/0x70 [ 121.069906] apic_timer_interrupt+0x2e/0x40 [ 121.074234] [ 121.076493] RIP: 0010:default_idle+0x27e/0x4e0 [ 121.081089] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 121.100002] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 121.107727] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 121.115041] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 121.122323] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 121.129608] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 121.136889] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 121.144206] ? __cpuidle_text_start+0x8/0x8 [ 121.148590] ? default_idle+0x6e/0x4e0 [ 121.152524] ? __cpuidle_text_start+0x8/0x8 [ 121.156885] ? __cpuidle_text_start+0x8/0x8 [ 121.161234] arch_cpu_idle+0x26/0x30 [ 121.164982] do_idle+0x22d/0x800 [ 121.168396] cpu_startup_entry+0x45/0x50 [ 121.172479] rest_init+0x1c1/0x1f0 [ 121.176053] arch_call_rest_init+0x13/0x15 [ 121.180307] start_kernel+0x9d7/0xbb1 [ 121.184145] x86_64_start_reservations+0x19/0x2f [ 121.188923] x86_64_start_kernel+0x84/0x87 [ 121.193211] secondary_startup_64+0xa4/0xb0 [ 121.197561] [ 121.199200] Uninit was created at: [ 121.202774] kmsan_save_stack_with_flags+0x7a/0x130 [ 121.207813] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 121.213640] kmsan_alloc_page+0x7e/0x100 [ 121.217714] __alloc_pages_nodemask+0x1587/0x5f20 [ 121.222612] page_frag_alloc+0x3c1/0x980 [ 121.226692] __netdev_alloc_skb+0x1f1/0xa50 [ 121.231040] send_hsr_supervision_frame+0x168/0x1510 [ 121.236156] hsr_announce+0x14c/0x3a0 [ 121.239973] call_timer_fn+0x285/0x600 [ 121.243875] __run_timers+0xdb4/0x11d0 [ 121.247788] run_timer_softirq+0x2e/0x50 [ 121.251866] __do_softirq+0x53f/0x93a [ 121.255672] ================================================================== [ 121.263035] Disabling lock debugging due to kernel taint [ 121.268500] Kernel panic - not syncing: panic_on_warn set ... [ 121.274418] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.20.0-rc7+ #16 [ 121.282390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.291760] Call Trace: [ 121.294355] [ 121.296524] dump_stack+0x173/0x1d0 [ 121.300191] panic+0x3ce/0x961 [ 121.303475] kmsan_report+0x293/0x2a0 [ 121.307306] __msan_warning+0x82/0xf0 [ 121.311140] send_hsr_supervision_frame+0x1056/0x1510 [ 121.316386] hsr_announce+0x14c/0x3a0 [ 121.320232] call_timer_fn+0x285/0x600 [ 121.324137] ? hsr_dev_finalize+0xb90/0xb90 [ 121.328495] __run_timers+0xdb4/0x11d0 [ 121.332405] ? hsr_dev_finalize+0xb90/0xb90 [ 121.336782] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 121.342254] ? irqtime_account_irq+0xcf/0x2e0 [ 121.346790] ? timers_dead_cpu+0xa50/0xa50 [ 121.351062] run_timer_softirq+0x2e/0x50 [ 121.355160] __do_softirq+0x53f/0x93a [ 121.359006] irq_exit+0x214/0x250 [ 121.362510] exiting_irq+0xe/0x10 [ 121.365994] smp_apic_timer_interrupt+0x48/0x70 [ 121.370681] apic_timer_interrupt+0x2e/0x40 [ 121.375013] [ 121.377281] RIP: 0010:default_idle+0x27e/0x4e0 [ 121.381879] Code: 04 24 00 00 00 00 8b 45 c0 41 89 44 24 08 8b 45 c4 41 89 84 24 90 0c 00 00 48 c7 c7 d8 22 cb 8b 8b 75 bc e8 84 3b b0 f6 fb f4 <65> 8b 04 25 20 a1 02 00 89 45 b8 8b 1c 25 20 32 04 8c 48 c7 c7 20 [ 121.400793] RSP: 0018:ffffffff8bc0fd58 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 121.408519] RAX: ffff888112443220 RBX: 0000000000000000 RCX: ffff888112443220 [ 121.415816] RDX: ffff888112043220 RSI: 0000160000000000 RDI: ccccccccccccd000 [ 121.423126] RBP: ffffffff8bc0fda0 R08: 0000000000000002 R09: ffffffff8bc0fd08 [ 121.430410] R10: 0000000000000000 R11: ffffffff8acbf5c0 R12: ffffffff8bc36ac8 [ 121.437695] R13: 0000000000000000 R14: ffffffff8bc36140 R15: ffffffff8bc36ac8 [ 121.445006] ? __cpuidle_text_start+0x8/0x8 [ 121.449387] ? default_idle+0x6e/0x4e0 [ 121.453314] ? __cpuidle_text_start+0x8/0x8 [ 121.457658] ? __cpuidle_text_start+0x8/0x8 [ 121.462014] arch_cpu_idle+0x26/0x30 [ 121.465774] do_idle+0x22d/0x800 [ 121.469214] cpu_startup_entry+0x45/0x50 [ 121.473305] rest_init+0x1c1/0x1f0 [ 121.476877] arch_call_rest_init+0x13/0x15 [ 121.481130] start_kernel+0x9d7/0xbb1 [ 121.484967] x86_64_start_reservations+0x19/0x2f [ 121.489748] x86_64_start_kernel+0x84/0x87 [ 121.494010] secondary_startup_64+0xa4/0xb0 [ 121.499218] Kernel Offset: disabled [ 121.502846] Rebooting in 86400 seconds..