[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 122.491838][ T33] kauditd_printk_skb: 4 callbacks suppressed [ 122.491886][ T33] audit: type=1800 audit(1582824596.554:39): pid=11379 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 122.533573][ T33] audit: type=1800 audit(1582824596.594:40): pid=11379 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 123.416687][ T33] audit: type=1400 audit(1582824597.484:41): avc: denied { map } for pid=11554 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. syzkaller login: [ 139.398208][ T33] audit: type=1400 audit(1582824613.464:42): avc: denied { map } for pid=11566 comm="syz-executor064" path="/root/syz-executor064396043" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 139.439988][T11567] IPVS: ftp: loaded support on port[0] = 21 [ 139.529786][T11567] chnl_net:caif_netlink_parms(): no params data found [ 139.611573][T11567] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.618805][T11567] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.627496][T11567] device bridge_slave_0 entered promiscuous mode [ 139.638101][T11567] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.645540][T11567] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.654519][T11567] device bridge_slave_1 entered promiscuous mode [ 139.682933][T11567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.696896][T11567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.725539][T11567] team0: Port device team_slave_0 added [ 139.736232][T11567] team0: Port device team_slave_1 added [ 139.760219][T11567] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.767371][T11567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.793706][T11567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.807835][T11567] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 139.815125][T11567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.841108][T11567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.930807][T11567] device hsr_slave_0 entered promiscuous mode [ 139.972751][T11567] device hsr_slave_1 entered promiscuous mode [ 140.147941][ T33] audit: type=1400 audit(1582824614.214:43): avc: denied { create } for pid=11567 comm="syz-executor064" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 140.174560][ T33] audit: type=1400 audit(1582824614.244:44): avc: denied { write } for pid=11567 comm="syz-executor064" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 140.178479][T11567] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 140.199590][ T33] audit: type=1400 audit(1582824614.244:45): avc: denied { read } for pid=11567 comm="syz-executor064" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 140.267486][T11567] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 140.327536][T11567] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 140.387651][T11567] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 140.479800][T11567] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.487065][T11567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.494923][T11567] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.502213][T11567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.554573][ T3905] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.564933][ T3905] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.620755][T11567] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.643594][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 140.651858][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 140.669650][T11567] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.686489][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 140.696743][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 140.706007][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.713181][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.729594][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 140.739347][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.748601][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.755873][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.774397][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.793846][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.813896][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.824661][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.839611][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.849122][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.858780][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.882407][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.891764][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.907339][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.917038][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.934998][T11567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.968930][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 140.978007][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 140.999960][T11567] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.043768][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 141.053966][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 141.090758][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 141.099889][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 141.111842][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 141.121872][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 141.134722][T11567] device veth0_vlan entered promiscuous mode [ 141.155922][T11567] device veth1_vlan entered promiscuous mode [ 141.201645][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 141.214082][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 141.223496][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 141.233132][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 141.249367][T11567] device veth0_macvtap entered promiscuous mode [ 141.265415][T11567] device veth1_macvtap entered promiscuous mode [ 141.300048][T11567] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 141.307943][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 141.317271][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 141.325997][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 141.335478][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 141.354395][T11567] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 141.374240][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 141.384371][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 141.612993][ C1] ===================================================== [ 141.620010][ C1] BUG: KMSAN: use-after-free in find_match+0x317/0x1480 [ 141.632838][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc2-syzkaller #0 [ 141.640964][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.651005][ C1] Call Trace: [ 141.654290][ C1] dump_stack+0x1c9/0x220 [ 141.658618][ C1] kmsan_report+0xf7/0x1e0 [ 141.663033][ C1] __msan_warning+0x58/0xa0 [ 141.667521][ C1] find_match+0x317/0x1480 [ 141.671921][ C1] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 141.678065][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 141.683349][ C1] __find_rr_leaf+0x3f9/0x1160 [ 141.688104][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 141.693212][ C1] fib6_table_lookup+0x586/0x1420 [ 141.698238][ C1] ip6_pol_route+0x203/0x2960 [ 141.702897][ C1] ? nf_ip6_checksum+0x501/0x610 [ 141.707829][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 141.713016][ C1] ip6_pol_route_input+0x123/0x140 [ 141.718152][ C1] fib6_rule_lookup+0x38f/0xa10 [ 141.723085][ C1] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 141.728718][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 141.733931][ C1] ip6_route_input+0xb9d/0xcf0 [ 141.738830][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 141.744036][ C1] ip6_rcv_finish_core+0x1f9/0x470 [ 141.749146][ C1] ipv6_rcv+0x628/0x710 [ 141.753342][ C1] ? local_bh_enable+0x40/0x40 [ 141.758103][ C1] process_backlog+0xa41/0x1410 [ 141.762945][ C1] ? __list_add_valid+0xb8/0x420 [ 141.767867][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 141.772966][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 141.778774][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 141.784067][ C1] net_rx_action+0x786/0x1aa0 [ 141.788801][ C1] ? net_tx_action+0xc30/0xc30 [ 141.793546][ C1] __do_softirq+0x311/0x83d [ 141.798060][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 141.803367][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 141.808465][ C1] run_ksoftirqd+0x25/0x40 [ 141.813216][ C1] smpboot_thread_fn+0x493/0x980 [ 141.818146][ C1] kthread+0x4b5/0x4f0 [ 141.822295][ C1] ? cpu_report_death+0x180/0x180 [ 141.827352][ C1] ? kthread_blkcg+0xf0/0xf0 [ 141.831941][ C1] ret_from_fork+0x35/0x40 [ 141.836347][ C1] [ 141.838649][ C1] Uninit was created at: [ 141.842879][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 141.848576][ C1] kmsan_slab_free+0x6e/0xb0 [ 141.853244][ C1] kfree+0x565/0x30a0 [ 141.857205][ C1] netdev_name_node_alt_destroy+0x587/0x690 [ 141.863074][ C1] rtnl_linkprop+0x939/0xc00 [ 141.867640][ C1] rtnl_dellinkprop+0x9d/0xb0 [ 141.872304][ C1] rtnetlink_rcv_msg+0x1153/0x1570 [ 141.877390][ C1] netlink_rcv_skb+0x451/0x650 [ 141.882132][ C1] rtnetlink_rcv+0x50/0x60 [ 141.886529][ C1] netlink_unicast+0xf9e/0x1100 [ 141.891368][ C1] netlink_sendmsg+0x1246/0x14d0 [ 141.896307][ C1] ____sys_sendmsg+0x12b6/0x1350 [ 141.901351][ C1] __sys_sendmsg+0x451/0x5f0 [ 141.905962][ C1] __ia32_compat_sys_sendmsg+0xed/0x130 [ 141.911536][ C1] do_fast_syscall_32+0x3c7/0x6e0 [ 141.916550][ C1] entry_SYSENTER_compat+0x68/0x77 [ 141.921683][ C1] ===================================================== [ 141.928640][ C1] Disabling lock debugging due to kernel taint [ 141.934818][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 141.941396][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 141.950917][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.961303][ C1] Call Trace: [ 141.964585][ C1] dump_stack+0x1c9/0x220 [ 141.968899][ C1] panic+0x3d5/0xc3e [ 141.972821][ C1] kmsan_report+0x1df/0x1e0 [ 141.977320][ C1] __msan_warning+0x58/0xa0 [ 141.981803][ C1] find_match+0x317/0x1480 [ 141.986204][ C1] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 141.993205][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 141.998391][ C1] __find_rr_leaf+0x3f9/0x1160 [ 142.003155][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 142.008246][ C1] fib6_table_lookup+0x586/0x1420 [ 142.013281][ C1] ip6_pol_route+0x203/0x2960 [ 142.017939][ C1] ? nf_ip6_checksum+0x501/0x610 [ 142.022873][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 142.028065][ C1] ip6_pol_route_input+0x123/0x140 [ 142.033163][ C1] fib6_rule_lookup+0x38f/0xa10 [ 142.038009][ C1] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 142.043551][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 142.048803][ C1] ip6_route_input+0xb9d/0xcf0 [ 142.053575][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 142.058777][ C1] ip6_rcv_finish_core+0x1f9/0x470 [ 142.063874][ C1] ipv6_rcv+0x628/0x710 [ 142.068020][ C1] ? local_bh_enable+0x40/0x40 [ 142.072769][ C1] process_backlog+0xa41/0x1410 [ 142.077606][ C1] ? __list_add_valid+0xb8/0x420 [ 142.082541][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 142.087637][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 142.092886][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 142.098500][ C1] net_rx_action+0x786/0x1aa0 [ 142.103196][ C1] ? net_tx_action+0xc30/0xc30 [ 142.107961][ C1] __do_softirq+0x311/0x83d [ 142.112457][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 142.117635][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 142.122737][ C1] run_ksoftirqd+0x25/0x40 [ 142.127132][ C1] smpboot_thread_fn+0x493/0x980 [ 142.132059][ C1] kthread+0x4b5/0x4f0 [ 142.136115][ C1] ? cpu_report_death+0x180/0x180 [ 142.141134][ C1] ? kthread_blkcg+0xf0/0xf0 [ 142.145704][ C1] ret_from_fork+0x35/0x40 [ 142.151665][ C1] Kernel Offset: 0x22a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 142.163380][ C1] Rebooting in 86400 seconds..