[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   52.178820] kauditd_printk_skb: 5 callbacks suppressed
[   52.178840] audit: type=1800 audit(1546129025.223:29): pid=8659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   52.203794] audit: type=1800 audit(1546129025.233:30): pid=8659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
2018/12/30 00:17:17 fuzzer started
2018/12/30 00:17:21 dialing manager at 10.128.0.26:41469
2018/12/30 00:17:21 syscalls: 1
2018/12/30 00:17:21 code coverage: enabled
2018/12/30 00:17:21 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 00:17:21 setuid sandbox: enabled
2018/12/30 00:17:21 namespace sandbox: enabled
2018/12/30 00:17:21 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 00:17:21 fault injection: enabled
2018/12/30 00:17:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 00:17:21 net packet injection: enabled
2018/12/30 00:17:21 net device setup: enabled
00:17:23 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x20, r1, 0xffffffffffffffff, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8}]}]}, 0x20}}, 0x0)

syzkaller login: [   70.873146] IPVS: ftp: loaded support on port[0] = 21
[   70.972077] chnl_net:caif_netlink_parms(): no params data found
[   71.020045] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.026510] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.034207] device bridge_slave_0 entered promiscuous mode
[   71.042115] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.048558] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.056479] device bridge_slave_1 entered promiscuous mode
[   71.079672] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   71.089618] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   71.111531] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   71.119413] team0: Port device team_slave_0 added
[   71.125328] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   71.133184] team0: Port device team_slave_1 added
[   71.139127] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   71.147577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   71.434784] device hsr_slave_0 entered promiscuous mode
[   71.602030] device hsr_slave_1 entered promiscuous mode
[   71.852536] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   71.859845] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   71.883088] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.889560] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.896566] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.903086] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.966190] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   71.972418] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.983257] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   71.995532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   72.005147] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.014830] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.025389] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   72.040290] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   72.046508] 8021q: adding VLAN 0 to HW filter on device team0
[   72.057995] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   72.065486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   72.073960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   72.082111] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.088549] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.103315] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   72.114512] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   72.122727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   72.131249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   72.139542] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.145978] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.153104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   72.175363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   72.182356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   72.197801] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   72.204813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   72.213784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   72.223421] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   72.234162] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   72.241679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   72.249897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   72.261785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   72.272505] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   72.279601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   72.287709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   72.295653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   72.303883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   72.315600] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   72.321702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   72.338888] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   72.352770] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.432470] ==================================================================
[   72.439843] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[   72.447702] CPU: 1 PID: 8813 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #16
[   72.454615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.463962] Call Trace:
[   72.466540]  <IRQ>
[   72.468694]  dump_stack+0x173/0x1d0
[   72.472327]  kmsan_report+0x12e/0x2a0
[   72.476129]  __msan_warning+0x82/0xf0
[   72.479936]  send_hsr_supervision_frame+0x1056/0x1510
[   72.485141]  hsr_announce+0x14c/0x3a0
[   72.488947]  call_timer_fn+0x285/0x600
[   72.492829]  ? hsr_dev_finalize+0xb90/0xb90
[   72.497151]  __run_timers+0xdb4/0x11d0
[   72.501034]  ? hsr_dev_finalize+0xb90/0xb90
[   72.505364]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   72.510815]  ? irqtime_account_irq+0xcf/0x2e0
[   72.515313]  ? timers_dead_cpu+0xa50/0xa50
[   72.519543]  run_timer_softirq+0x2e/0x50
[   72.523588]  __do_softirq+0x53f/0x93a
[   72.527382]  irq_exit+0x214/0x250
[   72.530820]  exiting_irq+0xe/0x10
[   72.534260]  smp_apic_timer_interrupt+0x48/0x70
[   72.538915]  apic_timer_interrupt+0x2e/0x40
[   72.543711]  </IRQ>
[   72.545949] RIP: 0010:kmsan_get_shadow_origin_ptr+0xc2/0x3e0
[   72.551728] Code: 61 8c 48 85 c9 74 29 48 89 c2 48 c1 ea 22 48 8b 0c d1 48 85 c9 74 19 48 c1 e8 1b 83 e0 7f 48 c1 e0 05 48 01 c1 74 09 f6 01 02 <0f> 85 cc 01 00 00 4c 89 f0 48 c1 e8 28 48 3d c9 ff ff 00 72 0f 48
[   72.570614] RSP: 0018:ffff88807c31ecf0 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[   72.578324] RAX: 00000000000001e0 RBX: ffffffff8c614000 RCX: ffff88812fffb1e0
[   72.585573] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807c31ef88
[   72.592822] RBP: ffff88807c31ed20 R08: ffff88807c31f040 R09: 0000000000000000
[   72.600069] R10: 0000000000000000 R11: 00000000617f9c40 R12: 0000000000000000
[   72.607317] R13: 0000778000000000 R14: ffff88807c31ef88 R15: ffff8880fc31ef88
[   72.614586]  __msan_metadata_ptr_for_store_4+0x13/0x20
[   72.619856]  sha256_generic_block_fn+0x36b/0xab60
[   72.624729]  crypto_sha256_update+0x35f/0x3b0
[   72.629216]  ? sha1_base_init+0x180/0x180
[   72.633346]  crypto_shash_update+0x484/0x4f0
[   72.637746]  ? integrity_kernel_read+0x221/0x280
[   72.642747]  ima_calc_file_hash+0x25ca/0x2ca0
[   72.647239]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[   72.651992]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[   72.657365]  ? ext4_xattr_get+0xcd0/0xff0
[   72.661513]  ? __msan_poison_alloca+0x1f0/0x2a0
[   72.666171]  ima_collect_measurement+0x48d/0x980
[   72.671070]  process_measurement+0x1b37/0x2740
[   72.675741]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   72.681096]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[   72.686535]  ? apparmor_task_getsecid+0x172/0x190
[   72.691362]  ? apparmor_task_alloc+0x300/0x300
[   72.695925]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   72.701272]  ? security_task_getsecid+0x17f/0x190
[   72.706112]  ima_file_check+0x131/0x170
[   72.710092]  path_openat+0x4af5/0x6b90
[   72.713983]  ? expand_files+0x5d/0xcf0
[   72.717871]  ? do_sys_open+0x640/0x960
[   72.721741]  do_filp_open+0x2b8/0x710
[   72.725547]  do_sys_open+0x640/0x960
[   72.729251]  __se_sys_openat+0xcb/0xe0
[   72.733125]  __x64_sys_openat+0x56/0x70
[   72.737080]  do_syscall_64+0xbc/0xf0
[   72.740795]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   72.746253] RIP: 0033:0x47fcba
[   72.749437] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[   72.768322] RSP: 002b:000000c42033f7e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[   72.776011] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[   72.783262] RDX: 0000000000080002 RSI: 000000c420084ee0 RDI: ffffffffffffff9c
[   72.790517] RBP: 000000c42033f868 R08: 0000000000000000 R09: 0000000000000000
[   72.797773] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[   72.805022] R13: 00000000000000f5 R14: 0000000000000075 R15: 0000000000000004
[   72.812281] 
[   72.813886] Uninit was created at:
[   72.817409]  kmsan_save_stack_with_flags+0x7a/0x130
[   72.822403]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[   72.828178]  kmsan_alloc_page+0x7e/0x100
[   72.832219]  __alloc_pages_nodemask+0x1587/0x5f20
[   72.837041]  page_frag_alloc+0x3c1/0x980
[   72.841918]  __netdev_alloc_skb+0x1f1/0xa50
[   72.846220]  send_hsr_supervision_frame+0x168/0x1510
[   72.851299]  hsr_announce+0x14c/0x3a0
[   72.855083]  call_timer_fn+0x285/0x600
[   72.858958]  __run_timers+0xdb4/0x11d0
[   72.862826]  run_timer_softirq+0x2e/0x50
[   72.866866]  __do_softirq+0x53f/0x93a
[   72.870638] ==================================================================
[   72.877973] Disabling lock debugging due to kernel taint
[   72.883403] Kernel panic - not syncing: panic_on_warn set ...
[   72.889272] CPU: 1 PID: 8813 Comm: syz-fuzzer Tainted: G    B             4.20.0-rc7+ #16
[   72.897559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.906888] Call Trace:
[   72.909452]  <IRQ>
[   72.911587]  dump_stack+0x173/0x1d0
[   72.915208]  panic+0x3ce/0x961
[   72.918398]  kmsan_report+0x293/0x2a0
[   72.922185]  __msan_warning+0x82/0xf0
[   72.925969]  send_hsr_supervision_frame+0x1056/0x1510
[   72.931155]  hsr_announce+0x14c/0x3a0
[   72.934942]  call_timer_fn+0x285/0x600
[   72.938813]  ? hsr_dev_finalize+0xb90/0xb90
[   72.943404]  __run_timers+0xdb4/0x11d0
[   72.947279]  ? hsr_dev_finalize+0xb90/0xb90
[   72.951591]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   72.957022]  ? irqtime_account_irq+0xcf/0x2e0
[   72.961500]  ? timers_dead_cpu+0xa50/0xa50
[   72.965720]  run_timer_softirq+0x2e/0x50
[   72.969770]  __do_softirq+0x53f/0x93a
[   72.973564]  irq_exit+0x214/0x250
[   72.976999]  exiting_irq+0xe/0x10
[   72.980447]  smp_apic_timer_interrupt+0x48/0x70
[   72.985099]  apic_timer_interrupt+0x2e/0x40
[   72.989396]  </IRQ>
[   72.991617] RIP: 0010:kmsan_get_shadow_origin_ptr+0xc2/0x3e0
[   72.997394] Code: 61 8c 48 85 c9 74 29 48 89 c2 48 c1 ea 22 48 8b 0c d1 48 85 c9 74 19 48 c1 e8 1b 83 e0 7f 48 c1 e0 05 48 01 c1 74 09 f6 01 02 <0f> 85 cc 01 00 00 4c 89 f0 48 c1 e8 28 48 3d c9 ff ff 00 72 0f 48
[   73.016281] RSP: 0018:ffff88807c31ecf0 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[   73.023970] RAX: 00000000000001e0 RBX: ffffffff8c614000 RCX: ffff88812fffb1e0
[   73.031218] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807c31ef88
[   73.038467] RBP: ffff88807c31ed20 R08: ffff88807c31f040 R09: 0000000000000000
[   73.046116] R10: 0000000000000000 R11: 00000000617f9c40 R12: 0000000000000000
[   73.053365] R13: 0000778000000000 R14: ffff88807c31ef88 R15: ffff8880fc31ef88
[   73.060635]  __msan_metadata_ptr_for_store_4+0x13/0x20
[   73.065902]  sha256_generic_block_fn+0x36b/0xab60
[   73.070778]  crypto_sha256_update+0x35f/0x3b0
[   73.075263]  ? sha1_base_init+0x180/0x180
[   73.079400]  crypto_shash_update+0x484/0x4f0
[   73.083800]  ? integrity_kernel_read+0x221/0x280
[   73.088545]  ima_calc_file_hash+0x25ca/0x2ca0
[   73.093029]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[   73.097797]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[   73.103148]  ? ext4_xattr_get+0xcd0/0xff0
[   73.107292]  ? __msan_poison_alloca+0x1f0/0x2a0
[   73.111951]  ima_collect_measurement+0x48d/0x980
[   73.116708]  process_measurement+0x1b37/0x2740
[   73.121299]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   73.126645]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[   73.132084]  ? apparmor_task_getsecid+0x172/0x190
[   73.136925]  ? apparmor_task_alloc+0x300/0x300
[   73.141493]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[   73.147173]  ? security_task_getsecid+0x17f/0x190
[   73.152000]  ima_file_check+0x131/0x170
[   73.155961]  path_openat+0x4af5/0x6b90
[   73.159850]  ? expand_files+0x5d/0xcf0
[   73.163726]  ? do_sys_open+0x640/0x960
[   73.167599]  do_filp_open+0x2b8/0x710
[   73.171397]  do_sys_open+0x640/0x960
[   73.175102]  __se_sys_openat+0xcb/0xe0
[   73.178973]  __x64_sys_openat+0x56/0x70
[   73.182940]  do_syscall_64+0xbc/0xf0
[   73.186650]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   73.191836] RIP: 0033:0x47fcba
[   73.195017] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[   73.213901] RSP: 002b:000000c42033f7e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[   73.221586] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[   73.228837] RDX: 0000000000080002 RSI: 000000c420084ee0 RDI: ffffffffffffff9c
[   73.236089] RBP: 000000c42033f868 R08: 0000000000000000 R09: 0000000000000000
[   73.243870] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[   73.251119] R13: 00000000000000f5 R14: 0000000000000075 R15: 0000000000000004
[   73.259383] Kernel Offset: disabled
[   73.262996] Rebooting in 86400 seconds..