[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 126.412304][ T32] kauditd_printk_skb: 4 callbacks suppressed
[ 126.412356][ T32] audit: type=1800 audit(1583293191.463:39): pid=11494 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[ 126.455271][ T32] audit: type=1800 audit(1583293191.503:40): pid=11494 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 131.010624][ T32] audit: type=1400 audit(1583293196.063:41): avc: denied { map } for pid=11668 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
[ 156.959987][ T32] audit: type=1400 audit(1583293222.013:42): avc: denied { map } for pid=11680 comm="syz-executor595" path="/root/syz-executor595767509" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 157.002785][T11681] IPVS: ftp: loaded support on port[0] = 21
[ 157.098678][T11681] chnl_net:caif_netlink_parms(): no params data found
[ 157.181906][T11681] bridge0: port 1(bridge_slave_0) entered blocking state
[ 157.189134][T11681] bridge0: port 1(bridge_slave_0) entered disabled state
[ 157.198479][T11681] device bridge_slave_0 entered promiscuous mode
[ 157.209572][T11681] bridge0: port 2(bridge_slave_1) entered blocking state
[ 157.217204][T11681] bridge0: port 2(bridge_slave_1) entered disabled state
[ 157.226006][T11681] device bridge_slave_1 entered promiscuous mode
[ 157.255901][T11681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 157.269995][T11681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 157.299772][T11681] team0: Port device team_slave_0 added
[ 157.310209][T11681] team0: Port device team_slave_1 added
[ 157.336371][T11681] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 157.343500][T11681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 157.369570][T11681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 157.383829][T11681] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 157.391204][T11681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 157.417825][T11681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 157.488010][T11681] device hsr_slave_0 entered promiscuous mode
[ 157.524887][T11681] device hsr_slave_1 entered promiscuous mode
[ 157.700413][ T32] audit: type=1400 audit(1583293222.753:43): avc: denied { create } for pid=11681 comm="syz-executor595" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 157.727407][ T32] audit: type=1400 audit(1583293222.783:44): avc: denied { write } for pid=11681 comm="syz-executor595" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 157.731131][T11681] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 157.752500][ T32] audit: type=1400 audit(1583293222.783:45): avc: denied { read } for pid=11681 comm="syz-executor595" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 157.810022][T11681] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 157.869616][T11681] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 157.929852][T11681] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 158.024051][T11681] bridge0: port 2(bridge_slave_1) entered blocking state
[ 158.031498][T11681] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 158.039454][T11681] bridge0: port 1(bridge_slave_0) entered blocking state
[ 158.046795][T11681] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 158.089060][ T3919] bridge0: port 1(bridge_slave_0) entered disabled state
[ 158.099161][ T3919] bridge0: port 2(bridge_slave_1) entered disabled state
[ 158.169024][T11681] 8021q: adding VLAN 0 to HW filter on device bond0
[ 158.192108][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 158.201114][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 158.219078][T11681] 8021q: adding VLAN 0 to HW filter on device team0
[ 158.235910][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 158.245856][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 158.255680][ T2719] bridge0: port 1(bridge_slave_0) entered blocking state
[ 158.262894][ T2719] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 158.279279][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 158.288522][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 158.297781][ T3919] bridge0: port 2(bridge_slave_1) entered blocking state
[ 158.305095][ T3919] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 158.323369][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 158.345502][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 158.368615][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 158.379990][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 158.390128][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 158.399769][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 158.412391][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 158.427540][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 158.437405][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 158.453794][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 158.463437][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 158.479361][T11681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 158.517956][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 158.526241][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 158.548299][T11681] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 158.587008][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 158.597032][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 158.634668][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 158.644048][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 158.656726][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 158.665714][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 158.678699][T11681] device veth0_vlan entered promiscuous mode
[ 158.700855][T11681] device veth1_vlan entered promiscuous mode
[ 158.747465][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 158.756463][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 158.766344][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 158.776296][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 158.794588][T11681] device veth0_macvtap entered promiscuous mode
[ 158.810190][T11681] device veth1_macvtap entered promiscuous mode
[ 158.844786][T11681] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 158.852749][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 158.862021][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 158.870646][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 158.880271][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 158.898751][T11681] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 158.906852][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 158.916537][ T2719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 159.195190][ C1] =====================================================
[ 159.202175][ C1] BUG: KMSAN: use-after-free in find_match+0x317/0x1480
[ 159.209706][ C1] CPU: 1 PID: 2719 Comm: kworker/1:2 Not tainted 5.6.0-rc2-syzkaller #0
[ 159.219005][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 159.229230][ C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 159.235283][ C1] Call Trace:
[ 159.238566][ C1]
[ 159.241425][ C1] dump_stack+0x1c9/0x220
[ 159.245754][ C1] kmsan_report+0xf7/0x1e0
[ 159.250160][ C1] __msan_warning+0x58/0xa0
[ 159.254658][ C1] find_match+0x317/0x1480
[ 159.259201][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.264399][ C1] __find_rr_leaf+0x3f9/0x1160
[ 159.269200][ C1] ? kmsan_get_metadata+0x4f/0x180
[ 159.274317][ C1] fib6_table_lookup+0x586/0x1420
[ 159.279495][ C1] ip6_pol_route+0x203/0x2960
[ 159.284216][ C1] ip6_pol_route_input+0x123/0x140
[ 159.289332][ C1] fib6_rule_lookup+0x38f/0xa10
[ 159.294226][ C1] ? ip6_route_input_lookup+0x1f0/0x1f0
[ 159.299883][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.305185][ C1] ip6_route_input+0xb9d/0xcf0
[ 159.310670][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.315872][ C1] ip6_rcv_finish_core+0x1f9/0x470
[ 159.321153][ C1] ipv6_rcv+0x628/0x710
[ 159.325297][ C1] ? local_bh_enable+0x40/0x40
[ 159.330149][ C1] process_backlog+0xa41/0x1410
[ 159.334993][ C1] ? kmsan_get_metadata+0x4f/0x180
[ 159.340264][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.345452][ C1] ? rps_trigger_softirq+0x2e0/0x2e0
[ 159.350930][ C1] net_rx_action+0x786/0x1aa0
[ 159.355835][ C1] ? net_tx_action+0xc30/0xc30
[ 159.360581][ C1] __do_softirq+0x311/0x83d
[ 159.365072][ C1] do_softirq_own_stack+0x49/0x80
[ 159.370068][ C1]
[ 159.373008][ C1] __local_bh_enable_ip+0x184/0x1d0
[ 159.378191][ C1] local_bh_enable+0x36/0x40
[ 159.382864][ C1] ip6_finish_output2+0x2113/0x2640
[ 159.388091][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.393297][ C1] __ip6_finish_output+0x824/0x8e0
[ 159.398406][ C1] ip6_finish_output+0x166/0x410
[ 159.403421][ C1] ip6_output+0x60a/0x770
[ 159.407750][ C1] ? ip6_output+0x770/0x770
[ 159.412250][ C1] ? ac6_seq_show+0x200/0x200
[ 159.416906][ C1] ndisc_send_skb+0x1047/0x15a0
[ 159.421924][ C1] ? ndisc_error_report+0x1a0/0x1a0
[ 159.427104][ C1] ndisc_send_ns+0xe38/0xe80
[ 159.431684][ C1] ? __queue_delayed_work+0x27f/0x450
[ 159.437142][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 159.443038][ C1] addrconf_dad_work+0xc0b/0x2aa0
[ 159.448039][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.453236][ C1] ? ipv6_get_saddr_eval+0x1350/0x1350
[ 159.458674][ C1] process_one_work+0x1555/0x1f40
[ 159.463691][ C1] worker_thread+0xef6/0x2450
[ 159.468361][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 159.474157][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.479376][ C1] kthread+0x4b5/0x4f0
[ 159.483514][ C1] ? process_one_work+0x1f40/0x1f40
[ 159.488736][ C1] ? kthread_blkcg+0xf0/0xf0
[ 159.493332][ C1] ret_from_fork+0x35/0x40
[ 159.497737][ C1]
[ 159.500049][ C1] Uninit was created at:
[ 159.504284][ C1] kmsan_internal_poison_shadow+0x66/0xd0
[ 159.509992][ C1] kmsan_slab_free+0x6e/0xb0
[ 159.514569][ C1] kfree+0x565/0x30a0
[ 159.518529][ C1] netdev_name_node_alt_destroy+0x587/0x690
[ 159.524408][ C1] rtnl_linkprop+0x939/0xc00
[ 159.529506][ C1] rtnl_dellinkprop+0x9d/0xb0
[ 159.534514][ C1] rtnetlink_rcv_msg+0x1153/0x1570
[ 159.539699][ C1] netlink_rcv_skb+0x451/0x650
[ 159.544453][ C1] rtnetlink_rcv+0x50/0x60
[ 159.548852][ C1] netlink_unicast+0xf9e/0x1100
[ 159.553679][ C1] netlink_sendmsg+0x1246/0x14d0
[ 159.558608][ C1] ____sys_sendmsg+0x12b6/0x1350
[ 159.563520][ C1] __sys_sendmsg+0x451/0x5f0
[ 159.568111][ C1] __ia32_compat_sys_sendmsg+0xed/0x130
[ 159.573668][ C1] do_fast_syscall_32+0x3c7/0x6e0
[ 159.578697][ C1] entry_SYSENTER_compat+0x68/0x77
[ 159.583782][ C1] =====================================================
[ 159.590703][ C1] Disabling lock debugging due to kernel taint
[ 159.597796][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 159.604399][ C1] CPU: 1 PID: 2719 Comm: kworker/1:2 Tainted: G B 5.6.0-rc2-syzkaller #0
[ 159.614103][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 159.624158][ C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 159.630214][ C1] Call Trace:
[ 159.633481][ C1]
[ 159.636323][ C1] dump_stack+0x1c9/0x220
[ 159.640656][ C1] panic+0x3d5/0xc3e
[ 159.644552][ C1] kmsan_report+0x1df/0x1e0
[ 159.649037][ C1] __msan_warning+0x58/0xa0
[ 159.653533][ C1] find_match+0x317/0x1480
[ 159.657951][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.663157][ C1] __find_rr_leaf+0x3f9/0x1160
[ 159.667916][ C1] ? kmsan_get_metadata+0x4f/0x180
[ 159.673023][ C1] fib6_table_lookup+0x586/0x1420
[ 159.678073][ C1] ip6_pol_route+0x203/0x2960
[ 159.682763][ C1] ip6_pol_route_input+0x123/0x140
[ 159.687877][ C1] fib6_rule_lookup+0x38f/0xa10
[ 159.692720][ C1] ? ip6_route_input_lookup+0x1f0/0x1f0
[ 159.698274][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.703467][ C1] ip6_route_input+0xb9d/0xcf0
[ 159.708745][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.714739][ C1] ip6_rcv_finish_core+0x1f9/0x470
[ 159.719859][ C1] ipv6_rcv+0x628/0x710
[ 159.723999][ C1] ? local_bh_enable+0x40/0x40
[ 159.728750][ C1] process_backlog+0xa41/0x1410
[ 159.733591][ C1] ? kmsan_get_metadata+0x4f/0x180
[ 159.738690][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.743971][ C1] ? rps_trigger_softirq+0x2e0/0x2e0
[ 159.750208][ C1] net_rx_action+0x786/0x1aa0
[ 159.754895][ C1] ? net_tx_action+0xc30/0xc30
[ 159.759790][ C1] __do_softirq+0x311/0x83d
[ 159.764304][ C1] do_softirq_own_stack+0x49/0x80
[ 159.769501][ C1]
[ 159.772439][ C1] __local_bh_enable_ip+0x184/0x1d0
[ 159.777778][ C1] local_bh_enable+0x36/0x40
[ 159.782351][ C1] ip6_finish_output2+0x2113/0x2640
[ 159.787577][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.792784][ C1] __ip6_finish_output+0x824/0x8e0
[ 159.797889][ C1] ip6_finish_output+0x166/0x410
[ 159.802837][ C1] ip6_output+0x60a/0x770
[ 159.807277][ C1] ? ip6_output+0x770/0x770
[ 159.812399][ C1] ? ac6_seq_show+0x200/0x200
[ 159.817066][ C1] ndisc_send_skb+0x1047/0x15a0
[ 159.822186][ C1] ? ndisc_error_report+0x1a0/0x1a0
[ 159.827463][ C1] ndisc_send_ns+0xe38/0xe80
[ 159.832063][ C1] ? __queue_delayed_work+0x27f/0x450
[ 159.837439][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 159.843250][ C1] addrconf_dad_work+0xc0b/0x2aa0
[ 159.848275][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.853475][ C1] ? ipv6_get_saddr_eval+0x1350/0x1350
[ 159.858934][ C1] process_one_work+0x1555/0x1f40
[ 159.864389][ C1] worker_thread+0xef6/0x2450
[ 159.869071][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 159.874960][ C1] ? kmsan_get_metadata+0x11d/0x180
[ 159.880152][ C1] kthread+0x4b5/0x4f0
[ 159.884217][ C1] ? process_one_work+0x1f40/0x1f40
[ 159.889410][ C1] ? kthread_blkcg+0xf0/0xf0
[ 159.893981][ C1] ret_from_fork+0x35/0x40
[ 159.899779][ C1] Kernel Offset: 0x5800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 159.911329][ C1] Rebooting in 86400 seconds..