[ 61.258225] audit: type=1800 audit(1546168390.289:27): pid=9332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 61.277756] audit: type=1800 audit(1546168390.309:28): pid=9332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 62.494520] audit: type=1800 audit(1546168391.569:29): pid=9332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 62.513909] audit: type=1800 audit(1546168391.569:30): pid=9332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. 2018/12/30 11:13:23 fuzzer started 2018/12/30 11:13:27 dialing manager at 10.128.0.26:41469 2018/12/30 11:13:27 syscalls: 1 2018/12/30 11:13:27 code coverage: enabled 2018/12/30 11:13:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/30 11:13:27 setuid sandbox: enabled 2018/12/30 11:13:27 namespace sandbox: enabled 2018/12/30 11:13:27 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/30 11:13:27 fault injection: enabled 2018/12/30 11:13:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/30 11:13:27 net packet injection: enabled 2018/12/30 11:13:27 net device setup: enabled 11:13:30 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) lchown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) read$FUSE(r0, 0x0, 0x0) syzkaller login: [ 81.999702] IPVS: ftp: loaded support on port[0] = 21 [ 82.116580] chnl_net:caif_netlink_parms(): no params data found [ 82.171008] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.177533] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.185380] device bridge_slave_0 entered promiscuous mode [ 82.193302] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.199849] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.207678] device bridge_slave_1 entered promiscuous mode [ 82.234663] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 82.245055] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 82.269914] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 82.278197] team0: Port device team_slave_0 added [ 82.284350] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 82.292384] team0: Port device team_slave_1 added [ 82.298686] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.306765] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.497888] device hsr_slave_0 entered promiscuous mode [ 82.644413] device hsr_slave_1 entered promiscuous mode [ 82.795002] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 82.802378] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 82.826251] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.832837] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.839881] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.846390] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.912977] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 82.919408] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.930954] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 82.942271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.953495] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.961651] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.971896] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 82.987964] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 82.994147] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.007091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.015746] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.022194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.066471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.074762] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.081264] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.090148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.098678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.107100] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.119998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.127517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.146952] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 83.153013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.174063] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 83.189931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.263613] ================================================================== [ 83.270995] BUG: KMSAN: uninit-value in send_hsr_supervision_frame+0x1056/0x1510 [ 83.278519] CPU: 1 PID: 9493 Comm: syz-fuzzer Not tainted 4.20.0-rc7+ #16 [ 83.285439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.294779] Call Trace: [ 83.297345] [ 83.299480] dump_stack+0x173/0x1d0 [ 83.303094] kmsan_report+0x12e/0x2a0 [ 83.306885] __msan_warning+0x82/0xf0 [ 83.310669] send_hsr_supervision_frame+0x1056/0x1510 [ 83.315855] hsr_announce+0x14c/0x3a0 [ 83.319644] call_timer_fn+0x285/0x600 [ 83.323526] ? hsr_dev_finalize+0xb90/0xb90 [ 83.327844] __run_timers+0xdb4/0x11d0 [ 83.331715] ? hsr_dev_finalize+0xb90/0xb90 [ 83.336032] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 83.341466] ? irqtime_account_irq+0xcf/0x2e0 [ 83.345956] ? timers_dead_cpu+0xa50/0xa50 [ 83.350175] run_timer_softirq+0x2e/0x50 [ 83.354231] __do_softirq+0x53f/0x93a [ 83.358066] irq_exit+0x214/0x250 [ 83.361516] exiting_irq+0xe/0x10 [ 83.364951] smp_apic_timer_interrupt+0x48/0x70 [ 83.369606] apic_timer_interrupt+0x2e/0x40 [ 83.373907] [ 83.376142] RIP: 0010:sha256_generic_block_fn+0x4d12/0xab60 [ 83.381835] Code: 4c 8b 9c 24 b0 00 00 00 4c 89 a4 24 d0 00 00 00 43 8d 14 1c 89 54 24 50 21 d3 44 89 ca 89 74 24 48 21 f2 44 09 f3 09 d3 09 cb <89> 5c 24 70 0f 44 bc 24 a8 00 00 00 89 44 24 14 85 c0 41 0f 45 fa [ 83.401032] RSP: 0018:ffff888076f3ed40 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 83.408723] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 83.415976] RDX: 0000000000000000 RSI: 000000008efcf1e4 RDI: 0000000000000000 [ 83.423230] RBP: ffff888076f3f078 R08: 0000000065cad975 R09: 0000000000000000 [ 83.430496] R10: 0000000000000000 R11: 00000000569e7d34 R12: 0000000006766916 [ 83.437751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000078d6f1e2 [ 83.445067] crypto_sha256_update+0x35f/0x3b0 [ 83.449554] ? sha1_base_init+0x180/0x180 [ 83.453684] crypto_shash_update+0x484/0x4f0 [ 83.458082] ? integrity_kernel_read+0x221/0x280 [ 83.462825] ima_calc_file_hash+0x25ca/0x2ca0 [ 83.467321] ? ext4_xattr_ibody_get+0x1a0/0x1290 [ 83.472072] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 83.477427] ? ext4_xattr_get+0xcd0/0xff0 [ 83.481571] ? __msan_poison_alloca+0x1f0/0x2a0 [ 83.486230] ima_collect_measurement+0x48d/0x980 [ 83.490986] process_measurement+0x1b37/0x2740 [ 83.495570] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 83.500920] ? refcount_dec_and_test_checked+0x1e8/0x2c0 [ 83.506370] ? apparmor_task_getsecid+0x172/0x190 [ 83.511197] ? apparmor_task_alloc+0x300/0x300 [ 83.515765] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 83.521124] ? security_task_getsecid+0x17f/0x190 [ 83.525960] ima_file_check+0x131/0x170 [ 83.529924] path_openat+0x4af5/0x6b90 [ 83.533813] ? expand_files+0x5d/0xcf0 [ 83.537696] ? do_sys_open+0x640/0x960 [ 83.541568] do_filp_open+0x2b8/0x710 [ 83.545369] do_sys_open+0x640/0x960 [ 83.549073] __se_sys_openat+0xcb/0xe0 [ 83.552947] __x64_sys_openat+0x56/0x70 [ 83.556906] do_syscall_64+0xbc/0xf0 [ 83.560610] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 83.565782] RIP: 0033:0x47fcba [ 83.568970] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 83.587852] RSP: 002b:000000c42018b7e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101 [ 83.595542] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba [ 83.602796] RDX: 0000000000080002 RSI: 000000c420012a20 RDI: ffffffffffffff9c [ 83.610049] RBP: 000000c42018b868 R08: 0000000000000000 R09: 0000000000000000 [ 83.617302] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000 [ 83.624554] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000001 [ 83.631811] [ 83.633419] Uninit was created at: [ 83.636955] kmsan_save_stack_with_flags+0x7a/0x130 [ 83.641954] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 83.647754] kmsan_alloc_page+0x7e/0x100 [ 83.651796] __alloc_pages_nodemask+0x1587/0x5f20 [ 83.656624] page_frag_alloc+0x3c1/0x980 [ 83.660670] __netdev_alloc_skb+0x1f1/0xa50 [ 83.664987] send_hsr_supervision_frame+0x168/0x1510 [ 83.670075] hsr_announce+0x14c/0x3a0 [ 83.673856] call_timer_fn+0x285/0x600 [ 83.677729] __run_timers+0xdb4/0x11d0 [ 83.681617] run_timer_softirq+0x2e/0x50 [ 83.685660] __do_softirq+0x53f/0x93a [ 83.689448] ================================================================== [ 83.696783] Disabling lock debugging due to kernel taint [ 83.702213] Kernel panic - not syncing: panic_on_warn set ... [ 83.708092] CPU: 1 PID: 9493 Comm: syz-fuzzer Tainted: G B 4.20.0-rc7+ #16 [ 83.716389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.725734] Call Trace: [ 83.728298] [ 83.730434] dump_stack+0x173/0x1d0 [ 83.734060] panic+0x3ce/0x961 [ 83.737266] kmsan_report+0x293/0x2a0 [ 83.741053] __msan_warning+0x82/0xf0 [ 83.744839] send_hsr_supervision_frame+0x1056/0x1510 [ 83.750027] hsr_announce+0x14c/0x3a0 [ 83.753830] call_timer_fn+0x285/0x600 [ 83.757700] ? hsr_dev_finalize+0xb90/0xb90 [ 83.762018] __run_timers+0xdb4/0x11d0 [ 83.765889] ? hsr_dev_finalize+0xb90/0xb90 [ 83.770203] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 83.775637] ? irqtime_account_irq+0xcf/0x2e0 [ 83.780116] ? timers_dead_cpu+0xa50/0xa50 [ 83.784336] run_timer_softirq+0x2e/0x50 [ 83.788382] __do_softirq+0x53f/0x93a [ 83.792170] irq_exit+0x214/0x250 [ 83.795610] exiting_irq+0xe/0x10 [ 83.799046] smp_apic_timer_interrupt+0x48/0x70 [ 83.803716] apic_timer_interrupt+0x2e/0x40 [ 83.808033] [ 83.810265] RIP: 0010:sha256_generic_block_fn+0x4d12/0xab60 [ 83.815957] Code: 4c 8b 9c 24 b0 00 00 00 4c 89 a4 24 d0 00 00 00 43 8d 14 1c 89 54 24 50 21 d3 44 89 ca 89 74 24 48 21 f2 44 09 f3 09 d3 09 cb <89> 5c 24 70 0f 44 bc 24 a8 00 00 00 89 44 24 14 85 c0 41 0f 45 fa [ 83.834840] RSP: 0018:ffff888076f3ed40 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 83.842530] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 83.849793] RDX: 0000000000000000 RSI: 000000008efcf1e4 RDI: 0000000000000000 [ 83.857044] RBP: ffff888076f3f078 R08: 0000000065cad975 R09: 0000000000000000 [ 83.864298] R10: 0000000000000000 R11: 00000000569e7d34 R12: 0000000006766916 [ 83.871550] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000078d6f1e2 [ 83.878861] crypto_sha256_update+0x35f/0x3b0 [ 83.883347] ? sha1_base_init+0x180/0x180 [ 83.887475] crypto_shash_update+0x484/0x4f0 [ 83.891876] ? integrity_kernel_read+0x221/0x280 [ 83.896623] ima_calc_file_hash+0x25ca/0x2ca0 [ 83.901110] ? ext4_xattr_ibody_get+0x1a0/0x1290 [ 83.905857] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 83.911220] ? ext4_xattr_get+0xcd0/0xff0 [ 83.915371] ? __msan_poison_alloca+0x1f0/0x2a0 [ 83.920030] ima_collect_measurement+0x48d/0x980 [ 83.924785] process_measurement+0x1b37/0x2740 [ 83.929368] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 83.934728] ? refcount_dec_and_test_checked+0x1e8/0x2c0 [ 83.940166] ? apparmor_task_getsecid+0x172/0x190 [ 83.945520] ? apparmor_task_alloc+0x300/0x300 [ 83.950096] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 83.955457] ? security_task_getsecid+0x17f/0x190 [ 83.960288] ima_file_check+0x131/0x170 [ 83.964259] path_openat+0x4af5/0x6b90 [ 83.968142] ? expand_files+0x5d/0xcf0 [ 83.972022] ? do_sys_open+0x640/0x960 [ 83.975894] do_filp_open+0x2b8/0x710 [ 83.979691] do_sys_open+0x640/0x960 [ 83.983407] __se_sys_openat+0xcb/0xe0 [ 83.987285] __x64_sys_openat+0x56/0x70 [ 83.991252] do_syscall_64+0xbc/0xf0 [ 83.994971] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 84.000143] RIP: 0033:0x47fcba [ 84.003493] Code: e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 84.022388] RSP: 002b:000000c42018b7e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101 [ 84.030089] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcba [ 84.037351] RDX: 0000000000080002 RSI: 000000c420012a20 RDI: ffffffffffffff9c [ 84.044602] RBP: 000000c42018b868 R08: 0000000000000000 R09: 0000000000000000 [ 84.051854] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000 [ 84.059109] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000001 [ 84.067364] Kernel Offset: disabled [ 84.070986] Rebooting in 86400 seconds..