[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 126.412304][ T32] kauditd_printk_skb: 4 callbacks suppressed [ 126.412356][ T32] audit: type=1800 audit(1583293191.463:39): pid=11494 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 126.455271][ T32] audit: type=1800 audit(1583293191.503:40): pid=11494 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 131.010624][ T32] audit: type=1400 audit(1583293196.063:41): avc: denied { map } for pid=11668 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts. [ 156.959987][ T32] audit: type=1400 audit(1583293222.013:42): avc: denied { map } for pid=11680 comm="syz-executor595" path="/root/syz-executor595767509" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 157.002785][T11681] IPVS: ftp: loaded support on port[0] = 21 [ 157.098678][T11681] chnl_net:caif_netlink_parms(): no params data found [ 157.181906][T11681] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.189134][T11681] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.198479][T11681] device bridge_slave_0 entered promiscuous mode [ 157.209572][T11681] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.217204][T11681] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.226006][T11681] device bridge_slave_1 entered promiscuous mode [ 157.255901][T11681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.269995][T11681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.299772][T11681] team0: Port device team_slave_0 added [ 157.310209][T11681] team0: Port device team_slave_1 added [ 157.336371][T11681] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.343500][T11681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.369570][T11681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.383829][T11681] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.391204][T11681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.417825][T11681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.488010][T11681] device hsr_slave_0 entered promiscuous mode [ 157.524887][T11681] device hsr_slave_1 entered promiscuous mode [ 157.700413][ T32] audit: type=1400 audit(1583293222.753:43): avc: denied { create } for pid=11681 comm="syz-executor595" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 157.727407][ T32] audit: type=1400 audit(1583293222.783:44): avc: denied { write } for pid=11681 comm="syz-executor595" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 157.731131][T11681] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 157.752500][ T32] audit: type=1400 audit(1583293222.783:45): avc: denied { read } for pid=11681 comm="syz-executor595" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 157.810022][T11681] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 157.869616][T11681] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 157.929852][T11681] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 158.024051][T11681] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.031498][T11681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.039454][T11681] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.046795][T11681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.089060][ T3919] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.099161][ T3919] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.169024][T11681] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.192108][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.201114][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.219078][T11681] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.235910][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.245856][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.255680][ T2719] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.262894][ T2719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.279279][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.288522][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.297781][ T3919] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.305095][ T3919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.323369][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.345502][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.368615][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.379990][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.390128][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.399769][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.412391][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.427540][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.437405][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.453794][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.463437][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.479361][T11681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.517956][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 158.526241][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 158.548299][T11681] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.587008][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 158.597032][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 158.634668][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 158.644048][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 158.656726][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 158.665714][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 158.678699][T11681] device veth0_vlan entered promiscuous mode [ 158.700855][T11681] device veth1_vlan entered promiscuous mode [ 158.747465][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 158.756463][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 158.766344][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 158.776296][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 158.794588][T11681] device veth0_macvtap entered promiscuous mode [ 158.810190][T11681] device veth1_macvtap entered promiscuous mode [ 158.844786][T11681] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.852749][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 158.862021][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 158.870646][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 158.880271][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 158.898751][T11681] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.906852][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 158.916537][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 159.195190][ C1] ===================================================== [ 159.202175][ C1] BUG: KMSAN: use-after-free in find_match+0x317/0x1480 [ 159.209706][ C1] CPU: 1 PID: 2719 Comm: kworker/1:2 Not tainted 5.6.0-rc2-syzkaller #0 [ 159.219005][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.229230][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 159.235283][ C1] Call Trace: [ 159.238566][ C1] [ 159.241425][ C1] dump_stack+0x1c9/0x220 [ 159.245754][ C1] kmsan_report+0xf7/0x1e0 [ 159.250160][ C1] __msan_warning+0x58/0xa0 [ 159.254658][ C1] find_match+0x317/0x1480 [ 159.259201][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.264399][ C1] __find_rr_leaf+0x3f9/0x1160 [ 159.269200][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 159.274317][ C1] fib6_table_lookup+0x586/0x1420 [ 159.279495][ C1] ip6_pol_route+0x203/0x2960 [ 159.284216][ C1] ip6_pol_route_input+0x123/0x140 [ 159.289332][ C1] fib6_rule_lookup+0x38f/0xa10 [ 159.294226][ C1] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 159.299883][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.305185][ C1] ip6_route_input+0xb9d/0xcf0 [ 159.310670][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.315872][ C1] ip6_rcv_finish_core+0x1f9/0x470 [ 159.321153][ C1] ipv6_rcv+0x628/0x710 [ 159.325297][ C1] ? local_bh_enable+0x40/0x40 [ 159.330149][ C1] process_backlog+0xa41/0x1410 [ 159.334993][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 159.340264][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.345452][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 159.350930][ C1] net_rx_action+0x786/0x1aa0 [ 159.355835][ C1] ? net_tx_action+0xc30/0xc30 [ 159.360581][ C1] __do_softirq+0x311/0x83d [ 159.365072][ C1] do_softirq_own_stack+0x49/0x80 [ 159.370068][ C1] [ 159.373008][ C1] __local_bh_enable_ip+0x184/0x1d0 [ 159.378191][ C1] local_bh_enable+0x36/0x40 [ 159.382864][ C1] ip6_finish_output2+0x2113/0x2640 [ 159.388091][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.393297][ C1] __ip6_finish_output+0x824/0x8e0 [ 159.398406][ C1] ip6_finish_output+0x166/0x410 [ 159.403421][ C1] ip6_output+0x60a/0x770 [ 159.407750][ C1] ? ip6_output+0x770/0x770 [ 159.412250][ C1] ? ac6_seq_show+0x200/0x200 [ 159.416906][ C1] ndisc_send_skb+0x1047/0x15a0 [ 159.421924][ C1] ? ndisc_error_report+0x1a0/0x1a0 [ 159.427104][ C1] ndisc_send_ns+0xe38/0xe80 [ 159.431684][ C1] ? __queue_delayed_work+0x27f/0x450 [ 159.437142][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 159.443038][ C1] addrconf_dad_work+0xc0b/0x2aa0 [ 159.448039][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.453236][ C1] ? ipv6_get_saddr_eval+0x1350/0x1350 [ 159.458674][ C1] process_one_work+0x1555/0x1f40 [ 159.463691][ C1] worker_thread+0xef6/0x2450 [ 159.468361][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 159.474157][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.479376][ C1] kthread+0x4b5/0x4f0 [ 159.483514][ C1] ? process_one_work+0x1f40/0x1f40 [ 159.488736][ C1] ? kthread_blkcg+0xf0/0xf0 [ 159.493332][ C1] ret_from_fork+0x35/0x40 [ 159.497737][ C1] [ 159.500049][ C1] Uninit was created at: [ 159.504284][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 159.509992][ C1] kmsan_slab_free+0x6e/0xb0 [ 159.514569][ C1] kfree+0x565/0x30a0 [ 159.518529][ C1] netdev_name_node_alt_destroy+0x587/0x690 [ 159.524408][ C1] rtnl_linkprop+0x939/0xc00 [ 159.529506][ C1] rtnl_dellinkprop+0x9d/0xb0 [ 159.534514][ C1] rtnetlink_rcv_msg+0x1153/0x1570 [ 159.539699][ C1] netlink_rcv_skb+0x451/0x650 [ 159.544453][ C1] rtnetlink_rcv+0x50/0x60 [ 159.548852][ C1] netlink_unicast+0xf9e/0x1100 [ 159.553679][ C1] netlink_sendmsg+0x1246/0x14d0 [ 159.558608][ C1] ____sys_sendmsg+0x12b6/0x1350 [ 159.563520][ C1] __sys_sendmsg+0x451/0x5f0 [ 159.568111][ C1] __ia32_compat_sys_sendmsg+0xed/0x130 [ 159.573668][ C1] do_fast_syscall_32+0x3c7/0x6e0 [ 159.578697][ C1] entry_SYSENTER_compat+0x68/0x77 [ 159.583782][ C1] ===================================================== [ 159.590703][ C1] Disabling lock debugging due to kernel taint [ 159.597796][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 159.604399][ C1] CPU: 1 PID: 2719 Comm: kworker/1:2 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 159.614103][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.624158][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 159.630214][ C1] Call Trace: [ 159.633481][ C1] [ 159.636323][ C1] dump_stack+0x1c9/0x220 [ 159.640656][ C1] panic+0x3d5/0xc3e [ 159.644552][ C1] kmsan_report+0x1df/0x1e0 [ 159.649037][ C1] __msan_warning+0x58/0xa0 [ 159.653533][ C1] find_match+0x317/0x1480 [ 159.657951][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.663157][ C1] __find_rr_leaf+0x3f9/0x1160 [ 159.667916][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 159.673023][ C1] fib6_table_lookup+0x586/0x1420 [ 159.678073][ C1] ip6_pol_route+0x203/0x2960 [ 159.682763][ C1] ip6_pol_route_input+0x123/0x140 [ 159.687877][ C1] fib6_rule_lookup+0x38f/0xa10 [ 159.692720][ C1] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 159.698274][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.703467][ C1] ip6_route_input+0xb9d/0xcf0 [ 159.708745][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.714739][ C1] ip6_rcv_finish_core+0x1f9/0x470 [ 159.719859][ C1] ipv6_rcv+0x628/0x710 [ 159.723999][ C1] ? local_bh_enable+0x40/0x40 [ 159.728750][ C1] process_backlog+0xa41/0x1410 [ 159.733591][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 159.738690][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.743971][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 159.750208][ C1] net_rx_action+0x786/0x1aa0 [ 159.754895][ C1] ? net_tx_action+0xc30/0xc30 [ 159.759790][ C1] __do_softirq+0x311/0x83d [ 159.764304][ C1] do_softirq_own_stack+0x49/0x80 [ 159.769501][ C1] [ 159.772439][ C1] __local_bh_enable_ip+0x184/0x1d0 [ 159.777778][ C1] local_bh_enable+0x36/0x40 [ 159.782351][ C1] ip6_finish_output2+0x2113/0x2640 [ 159.787577][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.792784][ C1] __ip6_finish_output+0x824/0x8e0 [ 159.797889][ C1] ip6_finish_output+0x166/0x410 [ 159.802837][ C1] ip6_output+0x60a/0x770 [ 159.807277][ C1] ? ip6_output+0x770/0x770 [ 159.812399][ C1] ? ac6_seq_show+0x200/0x200 [ 159.817066][ C1] ndisc_send_skb+0x1047/0x15a0 [ 159.822186][ C1] ? ndisc_error_report+0x1a0/0x1a0 [ 159.827463][ C1] ndisc_send_ns+0xe38/0xe80 [ 159.832063][ C1] ? __queue_delayed_work+0x27f/0x450 [ 159.837439][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 159.843250][ C1] addrconf_dad_work+0xc0b/0x2aa0 [ 159.848275][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.853475][ C1] ? ipv6_get_saddr_eval+0x1350/0x1350 [ 159.858934][ C1] process_one_work+0x1555/0x1f40 [ 159.864389][ C1] worker_thread+0xef6/0x2450 [ 159.869071][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 159.874960][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 159.880152][ C1] kthread+0x4b5/0x4f0 [ 159.884217][ C1] ? process_one_work+0x1f40/0x1f40 [ 159.889410][ C1] ? kthread_blkcg+0xf0/0xf0 [ 159.893981][ C1] ret_from_fork+0x35/0x40 [ 159.899779][ C1] Kernel Offset: 0x5800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 159.911329][ C1] Rebooting in 86400 seconds..