[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  123.248398][   T32] kauditd_printk_skb: 4 callbacks suppressed
[  123.248432][   T32] audit: type=1800 audit(1582781727.292:39): pid=11264 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[  123.285045][   T32] audit: type=1800 audit(1582781727.332:40): pid=11264 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
[  124.121429][   T32] audit: type=1400 audit(1582781728.162:41): avc:  denied  { map } for  pid=11436 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts.
syzkaller login: [ 1018.893565][   T32] audit: type=1400 audit(1582782622.942:42): avc:  denied  { map } for  pid=11453 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2020/02/27 05:50:23 parsed 1 programs
[ 1024.027137][   T32] audit: type=1400 audit(1582782628.072:43): avc:  denied  { integrity } for  pid=11453 comm="syz-execprog" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1
[ 1024.142515][   T32] audit: type=1400 audit(1582782628.182:44): avc:  denied  { map } for  pid=11453 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1141 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2020/02/27 05:50:31 executed programs: 0
[ 1027.740017][T11471] IPVS: ftp: loaded support on port[0] = 21
[ 1027.856183][T11471] chnl_net:caif_netlink_parms(): no params data found
[ 1027.942013][T11471] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1027.949790][T11471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1027.958607][T11471] device bridge_slave_0 entered promiscuous mode
[ 1027.969365][T11471] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1027.976795][T11471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1027.985211][T11471] device bridge_slave_1 entered promiscuous mode
[ 1028.015096][T11471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1028.029235][T11471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1028.059984][T11471] team0: Port device team_slave_0 added
[ 1028.070350][T11471] team0: Port device team_slave_1 added
[ 1028.096770][T11471] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1028.103878][T11471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1028.130021][T11471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1028.144929][T11471] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1028.152022][T11471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1028.178195][T11471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1028.266586][T11471] device hsr_slave_0 entered promiscuous mode
[ 1028.323353][T11471] device hsr_slave_1 entered promiscuous mode
[ 1028.493010][   T32] audit: type=1400 audit(1582782632.532:45): avc:  denied  { create } for  pid=11471 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 1028.500050][T11471] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1028.518211][   T32] audit: type=1400 audit(1582782632.542:46): avc:  denied  { write } for  pid=11471 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 1028.518307][   T32] audit: type=1400 audit(1582782632.542:47): avc:  denied  { read } for  pid=11471 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 1028.598092][T11471] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1028.648393][T11471] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1028.708267][T11471] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1028.803337][T11471] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1028.810921][T11471] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1028.818866][T11471] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1028.826212][T11471] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1028.905943][   T30] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1028.915836][   T30] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1028.950705][T11471] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1028.973986][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1028.982356][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1028.999636][T11471] 8021q: adding VLAN 0 to HW filter on device team0
[ 1029.016631][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1029.026212][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1029.035531][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1029.042911][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1029.060230][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1029.070169][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1029.079572][ T2740] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1029.086778][ T2740] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1029.102310][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1029.123466][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1029.140331][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1029.150489][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1029.184406][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1029.194115][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1029.204431][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1029.214207][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1029.224364][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1029.233717][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1029.243035][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1029.262180][T11471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1029.299867][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1029.307876][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1029.330560][T11471] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1029.371670][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1029.382765][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1029.420618][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1029.429567][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1029.443480][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1029.452125][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1029.464715][T11471] device veth0_vlan entered promiscuous mode
[ 1029.488733][T11471] device veth1_vlan entered promiscuous mode
[ 1029.535988][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1029.545362][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1029.554932][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1029.564475][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1029.579958][T11471] device veth0_macvtap entered promiscuous mode
[ 1029.597220][T11471] device veth1_macvtap entered promiscuous mode
[ 1029.634534][T11471] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1029.642180][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1029.651291][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1029.660102][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1029.669811][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1029.689771][T11471] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1029.697583][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1029.708165][T11480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1029.948187][   T32] audit: type=1400 audit(1582782633.992:48): avc:  denied  { associate } for  pid=11471 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2020/02/27 05:50:36 executed programs: 39
[ 1032.838414][T11744] =====================================================
[ 1032.845439][T11744] BUG: KMSAN: use-after-free in __list_add_valid+0x280/0x420
[ 1032.852904][T11744] CPU: 0 PID: 11744 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0
[ 1032.861629][T11744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1032.871853][T11744] Call Trace:
[ 1032.875170][T11744]  dump_stack+0x1c9/0x220
[ 1032.879514][T11744]  kmsan_report+0xf7/0x1e0
[ 1032.883962][T11744]  __msan_warning+0x58/0xa0
[ 1032.888477][T11744]  __list_add_valid+0x280/0x420
[ 1032.893942][T11744]  rdma_listen+0x623/0x10b0
[ 1032.898860][T11744]  ? kmsan_set_origin_checked+0x95/0xf0
[ 1032.904405][T11744]  ? kmsan_get_metadata+0x11d/0x180
[ 1032.909658][T11744]  ucma_listen+0x36c/0x5e0
[ 1032.914093][T11744]  ? ucma_connect+0xa40/0xa40
[ 1032.918760][T11744]  ucma_write+0x5c5/0x630
[ 1032.923183][T11744]  ? ucma_get_global_nl_info+0xe0/0xe0
[ 1032.928722][T11744]  __vfs_write+0x1a9/0xca0
[ 1032.933143][T11744]  ? rw_verify_area+0x2c4/0x5b0
[ 1032.938195][T11744]  ? kmsan_get_metadata+0x11d/0x180
[ 1032.943401][T11744]  vfs_write+0x44a/0x8f0
[ 1032.947669][T11744]  ksys_write+0x267/0x450
[ 1032.952110][T11744]  __ia32_sys_write+0xdb/0x120
[ 1032.956879][T11744]  ? __se_sys_write+0xb0/0xb0
[ 1032.961556][T11744]  do_fast_syscall_32+0x3c7/0x6e0
[ 1032.966581][T11744]  entry_SYSENTER_compat+0x68/0x77
[ 1032.971740][T11744] RIP: 0023:0xf7fbfd99
[ 1032.975931][T11744] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 1032.996012][T11744] RSP: 002b:00000000f7f990cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 1033.004605][T11744] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000140
[ 1033.012623][T11744] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[ 1033.020610][T11744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1033.028713][T11744] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1033.036807][T11744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1033.044791][T11744] 
[ 1033.047114][T11744] Uninit was created at:
[ 1033.051489][T11744]  kmsan_internal_poison_shadow+0x66/0xd0
[ 1033.057211][T11744]  kmsan_slab_free+0x6e/0xb0
[ 1033.061808][T11744]  kfree+0x565/0x30a0
[ 1033.065819][T11744]  rdma_destroy_id+0x197e/0x1b40
[ 1033.070800][T11744]  ucma_close+0x334/0x4c0
[ 1033.075117][T11744]  __fput+0x4c7/0xb90
[ 1033.079096][T11744]  ____fput+0x37/0x40
[ 1033.083109][T11744]  task_work_run+0x214/0x2b0
[ 1033.087695][T11744]  prepare_exit_to_usermode+0x3c8/0x520
[ 1033.093239][T11744]  syscall_return_slowpath+0x95/0x5f0
[ 1033.098594][T11744]  do_fast_syscall_32+0x422/0x6e0
[ 1033.103624][T11744]  entry_SYSENTER_compat+0x68/0x77
[ 1033.108718][T11744] =====================================================
[ 1033.115634][T11744] Disabling lock debugging due to kernel taint
[ 1033.121787][T11744] Kernel panic - not syncing: panic_on_warn set ...
[ 1033.128383][T11744] CPU: 0 PID: 11744 Comm: syz-executor.0 Tainted: G    B             5.6.0-rc2-syzkaller #0
[ 1033.138496][T11744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1033.148691][T11744] Call Trace:
[ 1033.152029][T11744]  dump_stack+0x1c9/0x220
[ 1033.156353][T11744]  panic+0x3d5/0xc3e
[ 1033.160266][T11744]  kmsan_report+0x1df/0x1e0
[ 1033.164762][T11744]  __msan_warning+0x58/0xa0
[ 1033.169266][T11744]  __list_add_valid+0x280/0x420
[ 1033.174117][T11744]  rdma_listen+0x623/0x10b0
[ 1033.178614][T11744]  ? kmsan_set_origin_checked+0x95/0xf0
[ 1033.184418][T11744]  ? kmsan_get_metadata+0x11d/0x180
[ 1033.189664][T11744]  ucma_listen+0x36c/0x5e0
[ 1033.194905][T11744]  ? ucma_connect+0xa40/0xa40
[ 1033.199689][T11744]  ucma_write+0x5c5/0x630
[ 1033.204438][T11744]  ? ucma_get_global_nl_info+0xe0/0xe0
[ 1033.209999][T11744]  __vfs_write+0x1a9/0xca0
[ 1033.214421][T11744]  ? rw_verify_area+0x2c4/0x5b0
[ 1033.219320][T11744]  ? kmsan_get_metadata+0x11d/0x180
[ 1033.224532][T11744]  vfs_write+0x44a/0x8f0
[ 1033.228808][T11744]  ksys_write+0x267/0x450
[ 1033.233144][T11744]  __ia32_sys_write+0xdb/0x120
[ 1033.237913][T11744]  ? __se_sys_write+0xb0/0xb0
[ 1033.242586][T11744]  do_fast_syscall_32+0x3c7/0x6e0
[ 1033.247660][T11744]  entry_SYSENTER_compat+0x68/0x77
[ 1033.252803][T11744] RIP: 0023:0xf7fbfd99
[ 1033.256863][T11744] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 1033.276690][T11744] RSP: 002b:00000000f7f990cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 1033.285123][T11744] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000140
[ 1033.293372][T11744] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[ 1033.310431][T11744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1033.318402][T11744] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1033.326496][T11744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1033.335998][T11744] Kernel Offset: 0xca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1033.347544][T11744] Rebooting in 86400 seconds..