[   54.345688] audit: type=1800 audit(1546158167.369:27): pid=8510 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   54.365181] audit: type=1800 audit(1546158167.379:28): pid=8510 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   55.420468] audit: type=1800 audit(1546158168.469:29): pid=8510 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   55.440154] audit: type=1800 audit(1546158168.479:30): pid=8510 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.232' (ECDSA) to the list of known hosts.
2018/12/30 08:23:00 fuzzer started
2018/12/30 08:23:04 dialing manager at 10.128.0.26:41469
2018/12/30 08:23:04 syscalls: 1
2018/12/30 08:23:04 code coverage: enabled
2018/12/30 08:23:04 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 08:23:04 setuid sandbox: enabled
2018/12/30 08:23:04 namespace sandbox: enabled
2018/12/30 08:23:04 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 08:23:04 fault injection: enabled
2018/12/30 08:23:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 08:23:04 net packet injection: enabled
2018/12/30 08:23:04 net device setup: enabled
08:23:06 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xc8, &(0x7f0000000040), 0x4)
setsockopt$inet6_int(r0, 0x29, 0xd0, &(0x7f0000000000), 0x3e5)

syzkaller login: [   74.275580] IPVS: ftp: loaded support on port[0] = 21
[   74.382251] chnl_net:caif_netlink_parms(): no params data found
[   74.433817] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.440289] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.448092] device bridge_slave_0 entered promiscuous mode
[   74.457086] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.463609] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.471421] device bridge_slave_1 entered promiscuous mode
[   74.498403] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   74.508701] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   74.533317] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   74.541444] team0: Port device team_slave_0 added
[   74.548157] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   74.556220] team0: Port device team_slave_1 added
[   74.562359] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   74.570479] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   74.745828] device hsr_slave_0 entered promiscuous mode
[   75.002605] device hsr_slave_1 entered promiscuous mode
[   75.202995] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   75.210322] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   75.233746] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.240202] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.247206] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.253684] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.316093] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   75.322387] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.333632] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   75.345771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.355157] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.364357] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.374571] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   75.389894] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   75.396109] 8021q: adding VLAN 0 to HW filter on device team0
[   75.408689] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   75.416750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   75.425354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   75.433369] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.439805] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.452808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   75.465251] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   75.475854] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   75.484060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   75.492571] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   75.500555] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.507047] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.515060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   75.523690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   75.536258] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   75.546815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   75.557349] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   75.568407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   75.577067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   75.586079] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   75.594331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   75.602806] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   75.611092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   75.619910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   75.628035] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   75.636189] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   75.646099] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   75.652168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   75.659578] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   75.688353] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   75.709288] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.762167] ==================================================================
[   75.769534] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[   75.777045] CPU: 0 PID: 8671 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #16
[   75.783946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.793276] Call Trace:
[   75.795847]  <IRQ>
[   75.797982]  dump_stack+0x173/0x1d0
[   75.801606]  kmsan_report+0x12e/0x2a0
[   75.805389]  __msan_warning+0x82/0xf0
[   75.809170]  send_hsr_supervision_frame+0x1056/0x1510
[   75.814362]  hsr_announce+0x14c/0x3a0
[   75.818149]  call_timer_fn+0x285/0x600
[   75.822024]  ? hsr_dev_finalize+0xb90/0xb90
[   75.826335]  __run_timers+0xdb4/0x11d0
[   75.830200]  ? hsr_dev_finalize+0xb90/0xb90
[   75.834515]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   75.839943]  ? irqtime_account_irq+0xcf/0x2e0
[   75.844415]  ? timers_dead_cpu+0xa50/0xa50
[   75.848630]  run_timer_softirq+0x2e/0x50
[   75.852676]  __do_softirq+0x53f/0x93a
[   75.856463]  irq_exit+0x214/0x250
[   75.859901]  exiting_irq+0xe/0x10
[   75.863335]  smp_apic_timer_interrupt+0x48/0x70
[   75.867991]  apic_timer_interrupt+0x2e/0x40
[   75.872290]  </IRQ>
[   75.874519] RIP: 0010:kmsan_get_shadow_origin_ptr+0x30f/0x3e0
[   75.880385] Code: 0f 84 80 00 00 00 4c 89 ea 48 c1 ea 22 48 8b 0c d1 48 85 c9 74 70 49 c1 ed 1b 41 83 e5 7f 49 c1 e5 05 4c 01 e9 74 5f f6 01 02 <74> 5a 49 39 c6 76 29 48 8b 04 25 10 50 c3 8b eb 29 31 d2 48 89 f3
[   75.899270] RSP: 0018:ffff8880799cecf0 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[   75.906968] RAX: ffffffff7fffffff RBX: ffffffff8c615000 RCX: ffff88812fffb1e0
[   75.914233] RDX: 0000000000000000 RSI: ffff8880f99cefc8 RDI: ffff8880799cefc8
[   75.921509] RBP: ffff8880799ced20 R08: 000000000c98365c R09: 00000000830000a7
[   75.928768] R10: 00000000f3032ed6 R11: 0000000000000000 R12: 0000000000000000
[   75.936018] R13: 00000000000001e0 R14: ffff8880799cefc8 R15: ffff8880f99cefc8
[   75.943282]  __msan_metadata_ptr_for_load_4+0x10/0x20
[   75.948454]  sha256_generic_block_fn+0x561e/0xab60
[   75.953414]  crypto_sha256_update+0x35f/0x3b0
[   75.957896]  ? sha1_base_init+0x180/0x180
[   75.962045]  crypto_shash_update+0x484/0x4f0
[   75.966460]  ? integrity_kernel_read+0x221/0x280
[   75.971204]  ima_calc_file_hash+0x25ca/0x2ca0
[   75.975687]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[   75.980429]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[   75.985778]  ? ext4_xattr_get+0xcd0/0xff0
[   75.989923]  ? __msan_poison_alloca+0x1f0/0x2a0
[   75.994575]  ima_collect_measurement+0x48d/0x980
[   75.999333]  process_measurement+0x1b37/0x2740
[   76.003908]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   76.009249]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[   76.014681]  ? apparmor_task_getsecid+0x172/0x190
[   76.019507]  ? apparmor_task_alloc+0x300/0x300
[   76.024069]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   76.029409]  ? security_task_getsecid+0x17f/0x190
[   76.034231]  ima_file_check+0x131/0x170
[   76.038186]  path_openat+0x4af5/0x6b90
[   76.042064]  ? expand_files+0x5d/0xcf0
[   76.045945]  ? do_sys_open+0x640/0x960
[   76.049812]  do_filp_open+0x2b8/0x710
[   76.053604]  do_sys_open+0x640/0x960
[   76.057304]  __se_sys_openat+0xcb/0xe0
[   76.061171]  __x64_sys_openat+0x56/0x70
[   76.065123]  do_syscall_64+0xbc/0xf0
[   76.068818]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   76.073988] RIP: 0033:0x47fcba
[   76.077159] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[   76.096039] RSP: 002b:000000c4201897e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[   76.103723] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[   76.110967] RDX: 0000000000080002 RSI: 000000c4200842e0 RDI: ffffffffffffff9c
[   76.118224] RBP: 000000c420189868 R08: 0000000000000000 R09: 0000000000000000
[   76.125480] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[   76.132861] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000001
[   76.140110] 
[   76.141711] Uninit was created at:
[   76.145227]  kmsan_save_stack_with_flags+0x7a/0x130
[   76.150223]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[   76.155996]  kmsan_alloc_page+0x7e/0x100
[   76.160034]  __alloc_pages_nodemask+0x1587/0x5f20
[   76.164851]  page_frag_alloc+0x3c1/0x980
[   76.168892]  __netdev_alloc_skb+0x1f1/0xa50
[   76.173205]  send_hsr_supervision_frame+0x168/0x1510
[   76.178290]  hsr_announce+0x14c/0x3a0
[   76.182068]  call_timer_fn+0x285/0x600
[   76.185935]  __run_timers+0xdb4/0x11d0
[   76.189798]  run_timer_softirq+0x2e/0x50
[   76.193846]  __do_softirq+0x53f/0x93a
[   76.197616] ==================================================================
[   76.204954] Disabling lock debugging due to kernel taint
[   76.210378] Kernel panic - not syncing: panic_on_warn set ...
[   76.216241] CPU: 0 PID: 8671 Comm: syz-fuzzer Tainted: G    B             4.20.0-rc7+ #16
[   76.224529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.233860] Call Trace:
[   76.236420]  <IRQ>
[   76.238548]  dump_stack+0x173/0x1d0
[   76.242156]  panic+0x3ce/0x961
[   76.245336]  kmsan_report+0x293/0x2a0
[   76.249125]  __msan_warning+0x82/0xf0
[   76.252916]  send_hsr_supervision_frame+0x1056/0x1510
[   76.258100]  hsr_announce+0x14c/0x3a0
[   76.261893]  call_timer_fn+0x285/0x600
[   76.265757]  ? hsr_dev_finalize+0xb90/0xb90
[   76.270061]  __run_timers+0xdb4/0x11d0
[   76.273927]  ? hsr_dev_finalize+0xb90/0xb90
[   76.278231]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   76.283660]  ? irqtime_account_irq+0xcf/0x2e0
[   76.288133]  ? timers_dead_cpu+0xa50/0xa50
[   76.292360]  run_timer_softirq+0x2e/0x50
[   76.296399]  __do_softirq+0x53f/0x93a
[   76.300227]  irq_exit+0x214/0x250
[   76.303659]  exiting_irq+0xe/0x10
[   76.307089]  smp_apic_timer_interrupt+0x48/0x70
[   76.311744]  apic_timer_interrupt+0x2e/0x40
[   76.316124]  </IRQ>
[   76.318340] RIP: 0010:kmsan_get_shadow_origin_ptr+0x30f/0x3e0
[   76.324200] Code: 0f 84 80 00 00 00 4c 89 ea 48 c1 ea 22 48 8b 0c d1 48 85 c9 74 70 49 c1 ed 1b 41 83 e5 7f 49 c1 e5 05 4c 01 e9 74 5f f6 01 02 <74> 5a 49 39 c6 76 29 48 8b 04 25 10 50 c3 8b eb 29 31 d2 48 89 f3
[   76.343092] RSP: 0018:ffff8880799cecf0 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[   76.350782] RAX: ffffffff7fffffff RBX: ffffffff8c615000 RCX: ffff88812fffb1e0
[   76.358027] RDX: 0000000000000000 RSI: ffff8880f99cefc8 RDI: ffff8880799cefc8
[   76.365274] RBP: ffff8880799ced20 R08: 000000000c98365c R09: 00000000830000a7
[   76.372523] R10: 00000000f3032ed6 R11: 0000000000000000 R12: 0000000000000000
[   76.379772] R13: 00000000000001e0 R14: ffff8880799cefc8 R15: ffff8880f99cefc8
[   76.387037]  __msan_metadata_ptr_for_load_4+0x10/0x20
[   76.392212]  sha256_generic_block_fn+0x561e/0xab60
[   76.397154]  crypto_sha256_update+0x35f/0x3b0
[   76.401641]  ? sha1_base_init+0x180/0x180
[   76.405768]  crypto_shash_update+0x484/0x4f0
[   76.410165]  ? integrity_kernel_read+0x221/0x280
[   76.414903]  ima_calc_file_hash+0x25ca/0x2ca0
[   76.419381]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[   76.424122]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[   76.429484]  ? ext4_xattr_get+0xcd0/0xff0
[   76.433635]  ? __msan_poison_alloca+0x1f0/0x2a0
[   76.438287]  ima_collect_measurement+0x48d/0x980
[   76.443033]  process_measurement+0x1b37/0x2740
[   76.447609]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   76.452951]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[   76.458394]  ? apparmor_task_getsecid+0x172/0x190
[   76.463215]  ? apparmor_task_alloc+0x300/0x300
[   76.467775]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   76.473120]  ? security_task_getsecid+0x17f/0x190
[   76.477944]  ima_file_check+0x131/0x170
[   76.481901]  path_openat+0x4af5/0x6b90
[   76.485792]  ? expand_files+0x5d/0xcf0
[   76.489673]  ? do_sys_open+0x640/0x960
[   76.493563]  do_filp_open+0x2b8/0x710
[   76.497371]  do_sys_open+0x640/0x960
[   76.501072]  __se_sys_openat+0xcb/0xe0
[   76.504960]  __x64_sys_openat+0x56/0x70
[   76.508915]  do_syscall_64+0xbc/0xf0
[   76.512613]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   76.517778] RIP: 0033:0x47fcba
[   76.520946] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[   76.539826] RSP: 002b:000000c4201897e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[   76.547518] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[   76.554769] RDX: 0000000000080002 RSI: 000000c4200842e0 RDI: ffffffffffffff9c
[   76.562034] RBP: 000000c420189868 R08: 0000000000000000 R09: 0000000000000000
[   76.569286] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[   76.576533] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000001
[   76.585152] Kernel Offset: disabled
[   76.588795] Rebooting in 86400 seconds..