[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   88.389708] audit: type=1800 audit(1546159590.437:25): pid=10234 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   88.408850] audit: type=1800 audit(1546159590.437:26): pid=10234 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   88.428280] audit: type=1800 audit(1546159590.457:27): pid=10234 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts.
2018/12/30 08:46:47 fuzzer started
2018/12/30 08:46:51 dialing manager at 10.128.0.26:41469
2018/12/30 08:46:51 syscalls: 1
2018/12/30 08:46:51 code coverage: enabled
2018/12/30 08:46:51 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/30 08:46:51 setuid sandbox: enabled
2018/12/30 08:46:51 namespace sandbox: enabled
2018/12/30 08:46:51 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/30 08:46:51 fault injection: enabled
2018/12/30 08:46:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/30 08:46:51 net packet injection: enabled
2018/12/30 08:46:51 net device setup: enabled
08:46:54 executing program 0:
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r0 = socket(0x11, 0x1000080002, 0x0)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4)
setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0xc5)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f0000000040)="0a5c2d02402b6285717070")
r2 = socket$netlink(0x10, 0x3, 0x4)
write(r2, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)
socket$packet(0x11, 0x2, 0x300)
clock_gettime(0x0, &(0x7f00000066c0)={0x0, <r3=>0x0})
recvmmsg(r2, &(0x7f0000006500), 0x2c7, 0x40010000, &(0x7f0000006700)={0x0, r3+30000000})

syzkaller login: [  113.526141] IPVS: ftp: loaded support on port[0] = 21
[  113.676442] chnl_net:caif_netlink_parms(): no params data found
[  113.747360] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.754062] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.762461] device bridge_slave_0 entered promiscuous mode
[  113.772111] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.778628] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.786936] device bridge_slave_1 entered promiscuous mode
[  113.819481] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  113.830593] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  113.861366] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  113.870074] team0: Port device team_slave_0 added
[  113.877156] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  113.885794] team0: Port device team_slave_1 added
[  113.891934] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  113.900500] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  114.036562] device hsr_slave_0 entered promiscuous mode
[  114.292341] device hsr_slave_1 entered promiscuous mode
[  114.513007] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  114.520533] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  114.551467] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.558054] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.565254] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.571844] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.656632] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.666053] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.689675] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.702380] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  114.715006] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  114.721263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  114.729873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  114.745374] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  114.751484] 8021q: adding VLAN 0 to HW filter on device team0
[  114.765916] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  114.774075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  114.782751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  114.791125] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.797659] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.810396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  114.817651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  114.826506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  114.835051] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.841613] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.857876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  114.865322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  114.879222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  114.887371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  114.902296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  114.909519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  114.919073] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  114.933447] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  114.946200] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  114.953773] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  114.962204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  114.971318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  114.980112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  114.989451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.004254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  115.013815] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  115.025410] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  115.031464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  115.039886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  115.048461] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.076208] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  115.094862] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.141755] ==================================================================
[  115.149151] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510
[  115.156678] CPU: 1 PID: 10396 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #16
[  115.163681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  115.173049] Call Trace:
[  115.175638]  <IRQ>
[  115.177787]  dump_stack+0x173/0x1d0
[  115.181414]  kmsan_report+0x12e/0x2a0
[  115.185250]  __msan_warning+0x82/0xf0
[  115.189114]  send_hsr_supervision_frame+0x1056/0x1510
[  115.194322]  hsr_announce+0x14c/0x3a0
[  115.198126]  call_timer_fn+0x285/0x600
[  115.202005]  ? hsr_dev_finalize+0xb90/0xb90
[  115.206328]  __run_timers+0xdb4/0x11d0
[  115.210246]  ? hsr_dev_finalize+0xb90/0xb90
[  115.214577]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  115.220019]  ? irqtime_account_irq+0xcf/0x2e0
[  115.224539]  ? timers_dead_cpu+0xa50/0xa50
[  115.228766]  run_timer_softirq+0x2e/0x50
[  115.232820]  __do_softirq+0x53f/0x93a
[  115.236630]  irq_exit+0x214/0x250
[  115.240076]  exiting_irq+0xe/0x10
[  115.243519]  smp_apic_timer_interrupt+0x48/0x70
[  115.248178]  apic_timer_interrupt+0x2e/0x40
[  115.252486]  </IRQ>
[  115.254720] RIP: 0010:kmsan_get_shadow_origin_ptr+0x358/0x3e0
[  115.260591] Code: 90 7f 99 8b 48 8d 94 01 60 ad 07 00 4c 89 fb eb 2f 48 b8 00 00 00 80 7f 77 00 00 48 01 f0 48 c1 e8 0c 48 8d 0c 80 48 c1 e1 04 <48> b8 00 00 00 00 00 ea ff ff 48 01 c8 0f 85 16 fe ff ff 48 89 da
[  115.279530] RSP: 0018:ffff88807c35ecf0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
[  115.287232] RAX: 000000000007c35e RBX: ffffffff8c615000 RCX: 00000000026d0d60
[  115.294494] RDX: 0000000000000000 RSI: ffff8880fc35ef7c RDI: ffff88807c35ef7c
[  115.301752] RBP: ffff88807c35ed20 R08: 00000000fca000a6 R09: 0000000000000000
[  115.309010] R10: 0000000000000000 R11: 00000000ff4726b7 R12: 00000000836a0a6d
[  115.316267] R13: 00000000000001e0 R14: ffff88807c35ef7c R15: ffff8880fc35ef7c
[  115.323573]  __msan_metadata_ptr_for_load_4+0x10/0x20
[  115.328764]  sha256_generic_block_fn+0x2675/0xab60
[  115.333788]  crypto_sha256_update+0x35f/0x3b0
[  115.338288]  ? sha1_base_init+0x180/0x180
[  115.342425]  crypto_shash_update+0x484/0x4f0
[  115.346844]  ? integrity_kernel_read+0x221/0x280
[  115.351604]  ima_calc_file_hash+0x25ca/0x2ca0
[  115.356102]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[  115.360882]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  115.366252]  ? ext4_xattr_get+0xcd0/0xff0
[  115.370415]  ? __msan_poison_alloca+0x1f0/0x2a0
[  115.375104]  ima_collect_measurement+0x48d/0x980
[  115.379882]  process_measurement+0x1b37/0x2740
[  115.384492]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  115.389843]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[  115.395295]  ? apparmor_task_getsecid+0x172/0x190
[  115.400129]  ? apparmor_task_alloc+0x300/0x300
[  115.404718]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  115.410074]  ? security_task_getsecid+0x17f/0x190
[  115.414914]  ima_file_check+0x131/0x170
[  115.418890]  path_openat+0x4af5/0x6b90
[  115.422806]  ? expand_files+0x5d/0xcf0
[  115.426736]  ? do_sys_open+0x640/0x960
[  115.430622]  do_filp_open+0x2b8/0x710
[  115.434448]  do_sys_open+0x640/0x960
[  115.438171]  __se_sys_openat+0xcb/0xe0
[  115.442056]  __x64_sys_openat+0x56/0x70
[  115.446021]  do_syscall_64+0xbc/0xf0
[  115.449730]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  115.454909] RIP: 0033:0x47fcba
[  115.458088] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[  115.476977] RSP: 002b:000000c4204297e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[  115.484674] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[  115.491939] RDX: 0000000000080002 RSI: 000000c420152140 RDI: ffffffffffffff9c
[  115.499194] RBP: 000000c420429868 R08: 0000000000000000 R09: 0000000000000000
[  115.506458] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[  115.513715] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000001
[  115.520987] 
[  115.522597] Uninit was created at:
[  115.526130]  kmsan_save_stack_with_flags+0x7a/0x130
[  115.531144]  kmsan_internal_alloc_meta_for_pages+0x113/0x580
[  115.536929]  kmsan_alloc_page+0x7e/0x100
[  115.541065]  __alloc_pages_nodemask+0x1587/0x5f20
[  115.545893]  page_frag_alloc+0x3c1/0x980
[  115.549943]  __netdev_alloc_skb+0x1f1/0xa50
[  115.554278]  send_hsr_supervision_frame+0x168/0x1510
[  115.559365]  hsr_announce+0x14c/0x3a0
[  115.563157]  call_timer_fn+0x285/0x600
[  115.567034]  __run_timers+0xdb4/0x11d0
[  115.570911]  run_timer_softirq+0x2e/0x50
[  115.574970]  __do_softirq+0x53f/0x93a
[  115.578749] ==================================================================
[  115.586088] Disabling lock debugging due to kernel taint
[  115.591665] Kernel panic - not syncing: panic_on_warn set ...
[  115.597549] CPU: 1 PID: 10396 Comm: syz-fuzzer Tainted: G    B             4.20.0-rc7+ #16
[  115.605931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  115.615270] Call Trace:
[  115.617845]  <IRQ>
[  115.619987]  dump_stack+0x173/0x1d0
[  115.623618]  panic+0x3ce/0x961
[  115.626831]  kmsan_report+0x293/0x2a0
[  115.630628]  __msan_warning+0x82/0xf0
[  115.634425]  send_hsr_supervision_frame+0x1056/0x1510
[  115.641855]  hsr_announce+0x14c/0x3a0
[  115.645661]  call_timer_fn+0x285/0x600
[  115.649543]  ? hsr_dev_finalize+0xb90/0xb90
[  115.653863]  __run_timers+0xdb4/0x11d0
[  115.657761]  ? hsr_dev_finalize+0xb90/0xb90
[  115.662096]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  115.667538]  ? irqtime_account_irq+0xcf/0x2e0
[  115.672028]  ? timers_dead_cpu+0xa50/0xa50
[  115.676260]  run_timer_softirq+0x2e/0x50
[  115.680312]  __do_softirq+0x53f/0x93a
[  115.684122]  irq_exit+0x214/0x250
[  115.687585]  exiting_irq+0xe/0x10
[  115.691032]  smp_apic_timer_interrupt+0x48/0x70
[  115.695710]  apic_timer_interrupt+0x2e/0x40
[  115.700028]  </IRQ>
[  115.702263] RIP: 0010:kmsan_get_shadow_origin_ptr+0x358/0x3e0
[  115.708133] Code: 90 7f 99 8b 48 8d 94 01 60 ad 07 00 4c 89 fb eb 2f 48 b8 00 00 00 80 7f 77 00 00 48 01 f0 48 c1 e8 0c 48 8d 0c 80 48 c1 e1 04 <48> b8 00 00 00 00 00 ea ff ff 48 01 c8 0f 85 16 fe ff ff 48 89 da
[  115.727197] RSP: 0018:ffff88807c35ecf0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
[  115.734893] RAX: 000000000007c35e RBX: ffffffff8c615000 RCX: 00000000026d0d60
[  115.742150] RDX: 0000000000000000 RSI: ffff8880fc35ef7c RDI: ffff88807c35ef7c
[  115.749407] RBP: ffff88807c35ed20 R08: 00000000fca000a6 R09: 0000000000000000
[  115.756665] R10: 0000000000000000 R11: 00000000ff4726b7 R12: 00000000836a0a6d
[  115.763953] R13: 00000000000001e0 R14: ffff88807c35ef7c R15: ffff8880fc35ef7c
[  115.771247]  __msan_metadata_ptr_for_load_4+0x10/0x20
[  115.776434]  sha256_generic_block_fn+0x2675/0xab60
[  115.781438]  crypto_sha256_update+0x35f/0x3b0
[  115.785939]  ? sha1_base_init+0x180/0x180
[  115.790078]  crypto_shash_update+0x484/0x4f0
[  115.794493]  ? integrity_kernel_read+0x221/0x280
[  115.799272]  ima_calc_file_hash+0x25ca/0x2ca0
[  115.803769]  ? ext4_xattr_ibody_get+0x1a0/0x1290
[  115.808549]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  115.813916]  ? ext4_xattr_get+0xcd0/0xff0
[  115.818078]  ? __msan_poison_alloca+0x1f0/0x2a0
[  115.822752]  ima_collect_measurement+0x48d/0x980
[  115.827545]  process_measurement+0x1b37/0x2740
[  115.832157]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  115.837527]  ? refcount_dec_and_test_checked+0x1e8/0x2c0
[  115.842978]  ? apparmor_task_getsecid+0x172/0x190
[  115.847814]  ? apparmor_task_alloc+0x300/0x300
[  115.852403]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  115.857761]  ? security_task_getsecid+0x17f/0x190
[  115.862601]  ima_file_check+0x131/0x170
[  115.866577]  path_openat+0x4af5/0x6b90
[  115.870489]  ? expand_files+0x5d/0xcf0
[  115.874383]  ? do_sys_open+0x640/0x960
[  115.878265]  do_filp_open+0x2b8/0x710
[  115.882093]  do_sys_open+0x640/0x960
[  115.885819]  __se_sys_openat+0xcb/0xe0
[  115.889712]  __x64_sys_openat+0x56/0x70
[  115.893680]  do_syscall_64+0xbc/0xf0
[  115.897398]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  115.902591] RIP: 0033:0x47fcba
[  115.905776] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[  115.924680] RSP: 002b:000000c4204297e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
[  115.932382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba
[  115.939641] RDX: 0000000000080002 RSI: 000000c420152140 RDI: ffffffffffffff9c
[  115.946911] RBP: 000000c420429868 R08: 0000000000000000 R09: 0000000000000000
[  115.954171] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000
[  115.961425] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000001
[  115.969621] Kernel Offset: disabled
[  115.973258] Rebooting in 86400 seconds..