[?25l[?1c7[ ok [39;[ 32.437427] audit: type=1800 audit(1584584098.783:34): pid=7123 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.979235] random: sshd: uninitialized urandom read (32 bytes read) [ 37.286525] audit: type=1400 audit(1584584103.663:35): avc: denied { map } for pid=7297 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.330779] random: sshd: uninitialized urandom read (32 bytes read) [ 38.053374] random: sshd: uninitialized urandom read (32 bytes read) [ 38.247438] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.199' (ECDSA) to the list of known hosts. [ 43.849399] random: sshd: uninitialized urandom read (32 bytes read) [ 43.971787] audit: type=1400 audit(1584584110.353:36): avc: denied { map } for pid=7309 comm="syz-executor505" path="/root/syz-executor505390253" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.201021] IPVS: ftp: loaded support on port[0] = 21 [ 45.046777] chnl_net:caif_netlink_parms(): no params data found [ 45.092147] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.098673] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.105857] device bridge_slave_0 entered promiscuous mode [ 45.113144] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.119513] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.127506] device bridge_slave_1 entered promiscuous mode [ 45.143819] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.152679] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.168466] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.175695] team0: Port device team_slave_0 added [ 45.181344] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.188352] team0: Port device team_slave_1 added [ 45.202259] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.208492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.233717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.244538] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.250823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.276112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.286547] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.294072] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.352284] device hsr_slave_0 entered promiscuous mode [ 45.400396] device hsr_slave_1 entered promiscuous mode [ 45.440799] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.448034] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.497568] audit: type=1400 audit(1584584111.873:37): avc: denied { create } for pid=7310 comm="syz-executor505" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 45.516098] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.522455] audit: type=1400 audit(1584584111.873:38): avc: denied { write } for pid=7310 comm="syz-executor505" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 45.527989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.552868] audit: type=1400 audit(1584584111.883:39): avc: denied { read } for pid=7310 comm="syz-executor505" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 45.558813] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.588563] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.622727] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 45.628806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.637350] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.646534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.665560] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.672751] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.683256] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.689334] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.697932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.706150] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.712656] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.731942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.739668] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.746064] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.753175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.760952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.768448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.776442] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.785592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.795330] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 45.801576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.816267] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 45.824044] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.831081] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.843003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.903044] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 45.913021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.948991] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 45.956683] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 45.963724] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 45.973421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.981536] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.988356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.997415] device veth0_vlan entered promiscuous mode [ 46.006495] device veth1_vlan entered promiscuous mode [ 46.012496] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 46.021388] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 46.034370] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 46.041373] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 46.048328] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.055642] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.065197] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 46.072450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.080088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.089102] device veth0_macvtap entered promiscuous mode [ 46.095339] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 46.104153] device veth1_macvtap entered promiscuous mode [ 46.110480] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 46.118727] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 46.127769] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 46.137307] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 46.144636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.153200] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.160958] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.167943] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.175744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.186194] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 46.193210] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.200419] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.208055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 46.297762] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 46.305715] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.312508] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.320378] skbuff: skb_over_panic: text:ffffffff8577f2ff len:40 put:40 head:ffff88808d34b800 data:ffff88808d34b8b0 tail:0xd8 end:0xc0 dev:ip6gretap0 [ 46.334382] ------------[ cut here ]------------ [ 46.339153] kernel BUG at net/core/skbuff.c:104! [ 46.344007] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 46.349365] Modules linked in: [ 46.352538] CPU: 1 PID: 7310 Comm: syz-executor505 Not tainted 4.14.173-syzkaller #0 [ 46.360395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.369727] task: ffff888092a40140 task.stack: ffff8880887c8000 [ 46.375779] RIP: 0010:skb_panic+0x172/0x174 [ 46.380074] RSP: 0018:ffff8880aeb07a10 EFLAGS: 00010286 [ 46.385427] RAX: 0000000000000089 RBX: ffff88809ea88540 RCX: 0000000000000000 [ 46.392673] RDX: 0000000000000100 RSI: ffffffff86ac07e0 RDI: ffffed1015d60f38 [ 46.399950] RBP: ffffffff873830a0 R08: 0000000000000089 R09: 0000000000000000 [ 46.407209] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8577f2ff [ 46.414470] R13: 0000000000000028 R14: ffff88809e4b4d00 R15: 00000000000000c0 [ 46.421731] FS: 0000000001910880(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 46.429932] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.435801] CR2: 0000000020000000 CR3: 00000000881e3000 CR4: 00000000001406e0 [ 46.443065] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.450329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.457592] Call Trace: [ 46.460150] [ 46.462293] ? ip6_mc_hdr.isra.0.constprop.0+0x11f/0x580 [ 46.467718] skb_put.cold+0x24/0x24 [ 46.471340] ip6_mc_hdr.isra.0.constprop.0+0x11f/0x580 [ 46.476619] mld_newpack+0x3ab/0x7a0 [ 46.480332] ? ip6_mc_hdr.isra.0.constprop.0+0x580/0x580 [ 46.485781] ? trace_hardirqs_on+0x10/0x10 [ 46.489997] add_grhead.isra.0+0x299/0x370 [ 46.494214] add_grec+0x69c/0xef0 [ 46.497649] ? find_held_lock+0x2d/0x110 [ 46.501690] ? mld_ifc_timer_expire+0x627/0x7b0 [ 46.506340] ? mld_sendpack+0xca0/0xca0 [ 46.510296] mld_ifc_timer_expire+0x33b/0x7b0 [ 46.514777] call_timer_fn+0x14a/0x650 [ 46.518641] ? mld_dad_timer_expire+0x160/0x160 [ 46.523287] ? __next_timer_interrupt+0x140/0x140 [ 46.528131] ? _raw_spin_unlock_irq+0x24/0x80 [ 46.532620] ? mld_dad_timer_expire+0x160/0x160 [ 46.537282] ? mld_dad_timer_expire+0x160/0x160 [ 46.541980] run_timer_softirq+0x52a/0x1390 [ 46.546292] ? add_timer+0xa20/0xa20 [ 46.549985] ? __lock_is_held+0xad/0x140 [ 46.554031] __do_softirq+0x254/0x9bf [ 46.557813] ? check_preemption_disabled+0x35/0x240 [ 46.562810] irq_exit+0x15b/0x1a0 [ 46.566243] smp_apic_timer_interrupt+0x141/0x5e0 [ 46.571068] apic_timer_interrupt+0x8f/0xa0 [ 46.575365] [ 46.577581] RIP: 0010:kmem_cache_free+0xa9/0x2b0 [ 46.582308] RSP: 0018:ffff8880887cf020 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 [ 46.590015] RAX: 0000000000000007 RBX: ffff88809ea88900 RCX: 1ffff1101254813c [ 46.597278] RDX: 0000000000000000 RSI: ffff888092a409c0 RDI: 0000000000000282 [ 46.604537] RBP: ffff8880a9984a80 R08: 0000000000000001 R09: 0000000000000000 [ 46.611789] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000282 [ 46.619045] R13: ffffffff84f92548 R14: 0000000000000000 R15: 00000000014000c0 [ 46.626358] ? kfree_skbmem+0x98/0x100 [ 46.630229] kfree_skbmem+0x98/0x100 [ 46.633921] consume_skb+0xaf/0x330 [ 46.637528] netlink_broadcast_filtered+0x2b3/0x9d0 [ 46.642575] ? br_get_linkxstats_size+0x310/0x310 [ 46.647399] nlmsg_notify+0x126/0x170 [ 46.651180] rtmsg_ifinfo_event.part.0+0x9a/0xc0 [ 46.655914] rtmsg_ifinfo+0x64/0x80 [ 46.659535] netdev_state_change+0xc3/0xd0 [ 46.663753] ? dev_valid_name+0x1a0/0x1a0 [ 46.667892] ? validate_linkmsg+0x3a1/0x460 [ 46.672196] do_setlink+0x23eb/0x2c00 [ 46.675990] ? rtnl_register+0x50/0x50 [ 46.679858] ? trace_hardirqs_on+0x10/0x10 [ 46.684069] ? deref_stack_reg+0x8a/0xc0 [ 46.688110] ? trace_hardirqs_on+0x10/0x10 [ 46.692328] ? find_held_lock+0x2d/0x110 [ 46.696399] ? save_trace+0x290/0x290 [ 46.700188] ? __lock_acquire+0x5f7/0x4620 [ 46.704415] ? lock_acquire+0x170/0x3f0 [ 46.708370] ? validate_nla+0x1f0/0x5d0 [ 46.712325] ? nla_parse+0x183/0x240 [ 46.716032] ? validate_linkmsg+0x3a1/0x460 [ 46.720332] rtnl_newlink+0xbe4/0x1720 [ 46.724211] ? save_trace+0x290/0x290 [ 46.728005] ? trace_hardirqs_on+0x10/0x10 [ 46.732222] ? rtnl_link_unregister+0x1f0/0x1f0 [ 46.736869] ? lock_acquire+0x170/0x3f0 [ 46.740824] ? __lock_acquire+0x5f7/0x4620 [ 46.745051] ? lock_acquire+0x170/0x3f0 [ 46.749020] ? rtnetlink_rcv_msg+0x31d/0xb10 [ 46.753421] ? __lock_is_held+0xad/0x140 [ 46.757473] ? lock_downgrade+0x6e0/0x6e0 [ 46.761601] ? rtnl_link_unregister+0x1f0/0x1f0 [ 46.766248] rtnetlink_rcv_msg+0x3be/0xb10 [ 46.770464] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 46.775030] ? netdev_pick_tx+0x2e0/0x2e0 [ 46.779167] ? skb_clone+0x11c/0x310 [ 46.782870] ? save_trace+0x290/0x290 [ 46.786661] netlink_rcv_skb+0x127/0x370 [ 46.790709] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 46.795268] ? netlink_ack+0x960/0x960 [ 46.799227] netlink_unicast+0x437/0x620 [ 46.803292] ? netlink_attachskb+0x600/0x600 [ 46.807685] netlink_sendmsg+0x733/0xbe0 [ 46.811735] ? netlink_unicast+0x620/0x620 [ 46.815956] ? SYSC_sendto+0x2b0/0x2b0 [ 46.819882] ? security_socket_sendmsg+0x83/0xb0 [ 46.824628] ? netlink_unicast+0x620/0x620 [ 46.828843] sock_sendmsg+0xc5/0x100 [ 46.832546] ___sys_sendmsg+0x70a/0x840 [ 46.836500] ? copy_msghdr_from_user+0x380/0x380 [ 46.841236] ? trace_hardirqs_on+0x10/0x10 [ 46.845463] ? save_trace+0x290/0x290 [ 46.849246] ? selinux_file_alloc_security+0xaf/0x190 [ 46.854419] ? find_held_lock+0x2d/0x110 [ 46.858475] ? __fd_install+0x1ec/0x5c0 [ 46.862432] ? __lock_is_held+0xad/0x140 [ 46.866474] ? lock_downgrade+0x6e0/0x6e0 [ 46.870604] ? __fget_light+0x16a/0x1f0 [ 46.874558] ? sockfd_lookup_light+0xb2/0x160 [ 46.879031] __sys_sendmsg+0xa3/0x120 [ 46.882813] ? SyS_shutdown+0x160/0x160 [ 46.886828] ? move_addr_to_kernel+0x60/0x60 [ 46.891316] ? __do_page_fault+0x35b/0xb40 [ 46.895556] SyS_sendmsg+0x27/0x40 [ 46.899082] ? __sys_sendmsg+0x120/0x120 [ 46.903127] do_syscall_64+0x1d5/0x640 [ 46.906995] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.912163] RIP: 0033:0x443d99 [ 46.915330] RSP: 002b:00007fff2a053b58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 46.923022] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443d99 [ 46.930276] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 46.937528] RBP: 00007fff2a053b80 R08: 000000000000bf8c R09: 000000000000bf8c [ 46.944824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff2a053bb0 [ 46.952073] R13: 00007fff2a053b70 R14: 0000000000000000 R15: 0000000000000000 [ 46.959326] Code: 8b 4c 24 10 8b 8b 80 00 00 00 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 e0 28 38 87 ff 74 24 10 ff 74 24 20 e8 26 9e 4d fc <0f> 0b e8 34 e0 5e fc 4c 8b 64 24 18 e8 6a 1d 88 fc 48 c7 c1 60 [ 46.978426] RIP: skb_panic+0x172/0x174 RSP: ffff8880aeb07a10 [ 46.984252] ---[ end trace 92e51089cd0e72bc ]--- [ 46.988997] Kernel panic - not syncing: Fatal exception in interrupt [ 46.996137] Kernel Offset: disabled [ 46.999760] Rebooting in 86400 seconds..