[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[   81.759119] audit: type=1800 audit(1546163521.807:25): pid=9932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   81.778234] audit: type=1800 audit(1546163521.807:26): pid=9932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   81.797612] audit: type=1800 audit(1546163521.827:27): pid=9932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts.
2018/12/30 09:52:17 fuzzer started
2018/12/30 09:52:22 dialing manager at 10.128.0.26:41469
2018/12/30 09:52:22 syscalls: 1
2018/12/30 09:52:22 code coverage: enabled
2018/12/30 09:52:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 09:52:22 setuid sandbox: enabled
2018/12/30 09:52:22 namespace sandbox: enabled
2018/12/30 09:52:22 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 09:52:22 fault injection: enabled
2018/12/30 09:52:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 09:52:22 net packet injection: enabled
2018/12/30 09:52:22 net device setup: enabled
09:52:25 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

syzkaller login: [  105.869750] IPVS: ftp: loaded support on port[0] = 21
[  106.023652] chnl_net:caif_netlink_parms(): no params data found
[  106.095034] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.101723] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.110157] device bridge_slave_0 entered promiscuous mode
[  106.120025] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.126635] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.135057] device bridge_slave_1 entered promiscuous mode
[  106.167962] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  106.179092] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  106.210563] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  106.219311] team0: Port device team_slave_0 added
[  106.226585] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  106.235303] team0: Port device team_slave_1 added
[  106.241432] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  106.250449] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  106.426577] device hsr_slave_0 entered promiscuous mode
[  106.602497] device hsr_slave_1 entered promiscuous mode
[  106.813674] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  106.821228] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  106.851114] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.857717] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.864943] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.871500] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.961434] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  106.967619] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.981944] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  106.996869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.008999] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.019711] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.030752] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  107.049437] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  107.055737] 8021q: adding VLAN 0 to HW filter on device team0
[  107.071318] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  107.079056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  107.087786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  107.096071] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.102622] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.120046] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  107.128065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  107.136762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  107.145071] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.151569] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.166990] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  107.178702] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  107.190991] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  107.199026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  107.208249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  107.217519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  107.226525] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  107.241003] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  107.253122] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  107.265903] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  107.273556] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  107.281627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  107.290718] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  107.300403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  107.308876] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  107.317379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  107.325975] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  107.345540] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  107.351568] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  107.376978] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  107.396294] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.462015] ==================================================================
[  107.469419] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[  107.476956] CPU: 1 PID: 10085 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #16
[  107.483958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  107.493309] Call Trace:
[  107.495886]  <IRQ>
[  107.498075]  dump_stack+0x173/0x1d0
[  107.501712]  kmsan_report+0x12e/0x2a0
[  107.505519]  __msan_warning+0x82/0xf0
[  107.509329]  send_hsr_supervision_frame+0x1056/0x1510
[  107.514547]  hsr_announce+0x14c/0x3a0
[  107.518362]  call_timer_fn+0x285/0x600
[  107.522254]  ? hsr_dev_finalize+0xb90/0xb90
[  107.526604]  __run_timers+0xdb4/0x11d0
[  107.530493]  ? hsr_dev_finalize+0xb90/0xb90
[  107.534832]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  107.540301]  ? irqtime_account_irq+0xcf/0x2e0
[  107.544797]  ? timers_dead_cpu+0xa50/0xa50
[  107.549027]  run_timer_softirq+0x2e/0x50
[  107.553093]  __do_softirq+0x53f/0x93a
[  107.556906]  irq_exit+0x214/0x250
[  107.560418]  exiting_irq+0xe/0x10
[  107.563869]  smp_apic_timer_interrupt+0x48/0x70
[  107.568537]  apic_timer_interrupt+0x2e/0x40
[  107.572855]  </IRQ>
[  107.575093] RIP: 0010:sha256_generic_block_fn+0x862f/0xab60
[  107.580801] Code: c1 c2 15 31 ca 44 89 e9 c1 c1 07 31 d1 8b 44 24 18 44 21 e8 33 44 24 10 48 8b 94 24 f0 00 00 00 01 c2 44 8d 8c 11 b5 bc b0 34 <8b> 4c 24 68 0b 4c 24 78 0b 4c 24 48 44 89 e0 44 8b 64 24 30 45 89
[  107.599696] RSP: 0018:ffff888078b0ed40 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
[  107.607400] RAX: 000000001b22a3ad RBX: 0000000000000000 RCX: 0000000093a700f8
[  107.614666] RDX: 00000000266cd46b RSI: 0000160000000000 RDI: 0000000000000000
[  107.621933] RBP: ffff888078b0f078 R08: 0000000000000000 R09: 00000000eec49218
[  107.629198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  107.636463] R13: 00000000ab8e7891 R14: 0000000000000000 R15: 0000000000000000
[  107.643856]  crypto_sha256_update+0x35f/0x3b0
[  107.648361]  ? sha1_base_init+0x180/0x180
[  107.652560]  crypto_shash_update+0x484/0x4f0
[  107.656988]  ? integrity_kernel_read+0x221/0x280
[  107.661757]  ima_calc_file_hash+0x25ca/0x2ca0
[  107.666286]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[  107.671063]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  107.676443]  ? ext4_xattr_get+0xcd0/0xff0
[  107.680615]  ? __msan_poison_alloca+0x1f0/0x2a0
[  107.685344]  ima_collect_measurement+0x48d/0x980
[  107.690132]  process_measurement+0x1b37/0x2740
[  107.694750]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  107.700115]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[  107.705574]  ? apparmor_task_getsecid+0x172/0x190
[  107.710422]  ? apparmor_task_alloc+0x300/0x300
[  107.715046]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  107.720413]  ? security_task_getsecid+0x17f/0x190
[  107.725280]  ima_file_check+0x131/0x170
[  107.729282]  path_openat+0x4af5/0x6b90
[  107.733203]  ? expand_files+0x5d/0xcf0
[  107.737107]  ? do_sys_open+0x640/0x960
[  107.740998]  do_filp_open+0x2b8/0x710
[  107.744830]  do_sys_open+0x640/0x960
[  107.748564]  __se_sys_openat+0xcb/0xe0
[  107.752458]  __x64_sys_openat+0x56/0x70
[  107.756432]  do_syscall_64+0xbc/0xf0
[  107.760146]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  107.765373] RIP: 0033:0x47fcba
[  107.768562] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[  107.787461] RSP: 002b:000000c4201d17e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[  107.795206] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[  107.802473] RDX: 0000000000080002 RSI: 000000c420012b40 RDI: ffffffffffffff9c
[  107.809735] RBP: 000000c4201d1868 R08: 0000000000000000 R09: 0000000000000000
[  107.817001] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[  107.824279] R13: 00000000000000f5 R14: 0000000000000075 R15: 0000000000000004
[  107.831559] 
[  107.833179] Uninit was created at:
[  107.836716]  kmsan_save_stack_with_flags+0x7a/0x130
[  107.841725]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[  107.847515]  kmsan_alloc_page+0x7e/0x100
[  107.851578]  __alloc_pages_nodemask+0x1587/0x5f20
[  107.856416]  page_frag_alloc+0x3c1/0x980
[  107.860474]  __netdev_alloc_skb+0x1f1/0xa50
[  107.864791]  send_hsr_supervision_frame+0x168/0x1510
[  107.869886]  hsr_announce+0x14c/0x3a0
[  107.873726]  call_timer_fn+0x285/0x600
[  107.877607]  __run_timers+0xdb4/0x11d0
[  107.881491]  run_timer_softirq+0x2e/0x50
[  107.885549]  __do_softirq+0x53f/0x93a
[  107.889339] ==================================================================
[  107.896688] Disabling lock debugging due to kernel taint
[  107.902130] Kernel panic - not syncing: panic_on_warn set ...
[  107.908117] CPU: 1 PID: 10085 Comm: syz-fuzzer Tainted: G    B             4.20.0-rc7+ #16
[  107.916508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  107.925856] Call Trace:
[  107.928435]  <IRQ>
[  107.930585]  dump_stack+0x173/0x1d0
[  107.934259]  panic+0x3ce/0x961
[  107.937499]  kmsan_report+0x293/0x2a0
[  107.941316]  __msan_warning+0x82/0xf0
[  107.945120]  send_hsr_supervision_frame+0x1056/0x1510
[  107.950334]  hsr_announce+0x14c/0x3a0
[  107.954143]  call_timer_fn+0x285/0x600
[  107.958030]  ? hsr_dev_finalize+0xb90/0xb90
[  107.962363]  __run_timers+0xdb4/0x11d0
[  107.966252]  ? hsr_dev_finalize+0xb90/0xb90
[  107.970605]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  107.976057]  ? irqtime_account_irq+0xcf/0x2e0
[  107.980555]  ? timers_dead_cpu+0xa50/0xa50
[  107.984807]  run_timer_softirq+0x2e/0x50
[  107.988911]  __do_softirq+0x53f/0x93a
[  107.992750]  irq_exit+0x214/0x250
[  107.996204]  exiting_irq+0xe/0x10
[  107.999653]  smp_apic_timer_interrupt+0x48/0x70
[  108.004328]  apic_timer_interrupt+0x2e/0x40
[  108.008642]  </IRQ>
[  108.010884] RIP: 0010:sha256_generic_block_fn+0x862f/0xab60
[  108.016590] Code: c1 c2 15 31 ca 44 89 e9 c1 c1 07 31 d1 8b 44 24 18 44 21 e8 33 44 24 10 48 8b 94 24 f0 00 00 00 01 c2 44 8d 8c 11 b5 bc b0 34 <8b> 4c 24 68 0b 4c 24 78 0b 4c 24 48 44 89 e0 44 8b 64 24 30 45 89
[  108.035532] RSP: 0018:ffff888078b0ed40 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
[  108.043240] RAX: 000000001b22a3ad RBX: 0000000000000000 RCX: 0000000093a700f8
[  108.050520] RDX: 00000000266cd46b RSI: 0000160000000000 RDI: 0000000000000000
[  108.057831] RBP: ffff888078b0f078 R08: 0000000000000000 R09: 00000000eec49218
[  108.065096] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  108.072405] R13: 00000000ab8e7891 R14: 0000000000000000 R15: 0000000000000000
[  108.079877]  crypto_sha256_update+0x35f/0x3b0
[  108.084389]  ? sha1_base_init+0x180/0x180
[  108.088540]  crypto_shash_update+0x484/0x4f0
[  108.092970]  ? integrity_kernel_read+0x221/0x280
[  108.097741]  ima_calc_file_hash+0x25ca/0x2ca0
[  108.102249]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[  108.107044]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  108.112425]  ? ext4_xattr_get+0xcd0/0xff0
[  108.116598]  ? __msan_poison_alloca+0x1f0/0x2a0
[  108.121293]  ima_collect_measurement+0x48d/0x980
[  108.126082]  process_measurement+0x1b37/0x2740
[  108.130696]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  108.136059]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[  108.141518]  ? apparmor_task_getsecid+0x172/0x190
[  108.146366]  ? apparmor_task_alloc+0x300/0x300
[  108.150946]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  108.156335]  ? security_task_getsecid+0x17f/0x190
[  108.161218]  ima_file_check+0x131/0x170
[  108.165205]  path_openat+0x4af5/0x6b90
[  108.169126]  ? expand_files+0x5d/0xcf0
[  108.173030]  ? do_sys_open+0x640/0x960
[  108.176929]  do_filp_open+0x2b8/0x710
[  108.180762]  do_sys_open+0x640/0x960
[  108.184491]  __se_sys_openat+0xcb/0xe0
[  108.188419]  __x64_sys_openat+0x56/0x70
[  108.192397]  do_syscall_64+0xbc/0xf0
[  108.196115]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  108.201324] RIP: 0033:0x47fcba
[  108.204517] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[  108.223416] RSP: 002b:000000c4201d17e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[  108.231117] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[  108.238420] RDX: 0000000000080002 RSI: 000000c420012b40 RDI: ffffffffffffff9c
[  108.245685] RBP: 000000c4201d1868 R08: 0000000000000000 R09: 0000000000000000
[  108.252950] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[  108.260215] R13: 00000000000000f5 R14: 0000000000000075 R15: 0000000000000004
[  108.268665] Kernel Offset: disabled
[  108.272359] Rebooting in 86400 seconds..