[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 125.231227][ T33] audit: type=1800 audit(1583169459.288:25): pid=11429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 125.263826][ T33] audit: type=1800 audit(1583169459.318:26): pid=11429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 125.312885][ T33] audit: type=1800 audit(1583169459.348:27): pid=11429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. 2020/03/02 17:18:25 parsed 1 programs 2020/03/02 17:18:34 executed programs: 0 syzkaller login: [ 180.442655][T11596] IPVS: ftp: loaded support on port[0] = 21 [ 180.568861][T11596] chnl_net:caif_netlink_parms(): no params data found [ 180.658153][T11596] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.665353][T11596] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.674627][T11596] device bridge_slave_0 entered promiscuous mode [ 180.684258][T11596] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.691371][T11596] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.700262][T11596] device bridge_slave_1 entered promiscuous mode [ 180.730933][T11596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.744026][T11596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.773824][T11596] team0: Port device team_slave_0 added [ 180.783116][T11596] team0: Port device team_slave_1 added [ 180.809106][T11596] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.816129][T11596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.842751][T11596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.855280][T11596] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.862256][T11596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.888317][T11596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.956510][T11596] device hsr_slave_0 entered promiscuous mode [ 181.003461][T11596] device hsr_slave_1 entered promiscuous mode [ 181.173742][T11596] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 181.218035][T11596] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 181.277798][T11596] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 181.338142][T11596] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 181.429075][T11596] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.436292][T11596] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.444280][T11596] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.451443][T11596] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.538560][T11596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.560622][ T3397] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.572003][ T3397] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.581788][ T3397] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.595184][ T3397] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 181.613466][T11596] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.626368][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.636359][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.645808][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.653049][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.667986][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.678568][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.688398][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.695660][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.711794][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.736986][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.746868][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.757378][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.783573][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.793584][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.803666][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.814438][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.823808][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.832934][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.841907][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.857778][T11596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.885866][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 181.897691][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 181.917702][T11596] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.951866][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 181.962836][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 181.995990][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 182.005290][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 182.019400][T11596] device veth0_vlan entered promiscuous mode [ 182.026671][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 182.036326][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 182.057932][T11596] device veth1_vlan entered promiscuous mode [ 182.095783][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 182.104652][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 182.114002][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 182.123813][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 182.139314][T11596] device veth0_macvtap entered promiscuous mode [ 182.157068][T11596] device veth1_macvtap entered promiscuous mode [ 182.186843][T11596] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 182.195088][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 182.204686][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 182.214367][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 182.224221][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 182.244463][T11596] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 182.264650][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 182.274259][T11604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 182.405281][ C0] ===================================================== [ 182.412285][ C0] BUG: KMSAN: use-after-free in find_match+0x317/0x1480 [ 182.419240][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc2-syzkaller #0 [ 182.427302][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.437357][ C0] Call Trace: [ 182.440676][ C0] dump_stack+0x1c9/0x220 [ 182.445034][ C0] kmsan_report+0xf7/0x1e0 [ 182.449473][ C0] __msan_warning+0x58/0xa0 [ 182.453991][ C0] find_match+0x317/0x1480 [ 182.458429][ C0] ? kmsan_task_context_state+0x47/0x90 [ 182.463982][ C0] ? stack_trace_save+0x117/0x1a0 [ 182.469015][ C0] ? stack_trace_save+0x117/0x1a0 [ 182.474058][ C0] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 182.480226][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 182.485469][ C0] __find_rr_leaf+0x3f9/0x1160 [ 182.490302][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 182.495435][ C0] fib6_table_lookup+0x586/0x1420 [ 182.500546][ C0] ip6_pol_route+0x203/0x2960 [ 182.505241][ C0] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 182.511326][ C0] ? ip6t_do_table+0x29d7/0x2ac0 [ 182.516342][ C0] ip6_pol_route_input+0x123/0x140 [ 182.521494][ C0] fib6_rule_lookup+0x38f/0xa10 [ 182.526367][ C0] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 182.531943][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 182.537430][ C0] ip6_route_input+0xb9d/0xcf0 [ 182.542237][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 182.547592][ C0] ip6_rcv_finish_core+0x1f9/0x470 [ 182.552723][ C0] ipv6_rcv+0x628/0x710 [ 182.557112][ C0] ? local_bh_enable+0x40/0x40 [ 182.562138][ C0] process_backlog+0xa41/0x1410 [ 182.567020][ C0] ? __list_add_valid+0xb8/0x420 [ 182.571978][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 182.577113][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 182.582334][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 182.587636][ C0] net_rx_action+0x786/0x1aa0 [ 182.592364][ C0] ? net_tx_action+0xc30/0xc30 [ 182.597143][ C0] __do_softirq+0x311/0x83d [ 182.601679][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 182.606884][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 182.612001][ C0] run_ksoftirqd+0x25/0x40 [ 182.616429][ C0] smpboot_thread_fn+0x493/0x980 [ 182.621409][ C0] kthread+0x4b5/0x4f0 [ 182.625495][ C0] ? cpu_report_death+0x180/0x180 [ 182.630548][ C0] ? kthread_blkcg+0xf0/0xf0 [ 182.635212][ C0] ret_from_fork+0x35/0x40 [ 182.639665][ C0] [ 182.641996][ C0] Uninit was created at: [ 182.646257][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 182.652061][ C0] kmsan_slab_free+0x6e/0xb0 [ 182.656653][ C0] kfree+0x565/0x30a0 [ 182.660641][ C0] netdev_name_node_alt_destroy+0x587/0x690 [ 182.666546][ C0] rtnl_linkprop+0x939/0xc00 [ 182.671145][ C0] rtnl_dellinkprop+0x9d/0xb0 [ 182.675828][ C0] rtnetlink_rcv_msg+0x1153/0x1570 [ 182.680941][ C0] netlink_rcv_skb+0x451/0x650 [ 182.685705][ C0] rtnetlink_rcv+0x50/0x60 [ 182.690125][ C0] netlink_unicast+0xf9e/0x1100 [ 182.694976][ C0] netlink_sendmsg+0x1246/0x14d0 [ 182.699913][ C0] ____sys_sendmsg+0x12b6/0x1350 [ 182.704851][ C0] __sys_sendmsg+0x451/0x5f0 [ 182.709447][ C0] __se_sys_sendmsg+0x97/0xb0 [ 182.714126][ C0] __x64_sys_sendmsg+0x4a/0x70 [ 182.718900][ C0] do_syscall_64+0xb8/0x160 [ 182.723417][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 182.729303][ C0] ===================================================== [ 182.736228][ C0] Disabling lock debugging due to kernel taint [ 182.742376][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 182.748970][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 182.758421][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.768476][ C0] Call Trace: [ 182.771778][ C0] dump_stack+0x1c9/0x220 [ 182.776135][ C0] panic+0x3d5/0xc3e [ 182.780102][ C0] kmsan_report+0x1df/0x1e0 [ 182.784637][ C0] __msan_warning+0x58/0xa0 [ 182.789163][ C0] find_match+0x317/0x1480 [ 182.793600][ C0] ? kmsan_task_context_state+0x47/0x90 [ 182.799158][ C0] ? stack_trace_save+0x117/0x1a0 [ 182.804189][ C0] ? stack_trace_save+0x117/0x1a0 [ 182.809222][ C0] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 182.815403][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 182.820649][ C0] __find_rr_leaf+0x3f9/0x1160 [ 182.825469][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 182.830595][ C0] fib6_table_lookup+0x586/0x1420 [ 182.835708][ C0] ip6_pol_route+0x203/0x2960 [ 182.840393][ C0] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 182.846466][ C0] ? ip6t_do_table+0x29d7/0x2ac0 [ 182.851474][ C0] ip6_pol_route_input+0x123/0x140 [ 182.856618][ C0] fib6_rule_lookup+0x38f/0xa10 [ 182.861483][ C0] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 182.867053][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 182.872274][ C0] ip6_route_input+0xb9d/0xcf0 [ 182.877072][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 182.882307][ C0] ip6_rcv_finish_core+0x1f9/0x470 [ 182.887434][ C0] ipv6_rcv+0x628/0x710 [ 182.891617][ C0] ? local_bh_enable+0x40/0x40 [ 182.896406][ C0] process_backlog+0xa41/0x1410 [ 182.901281][ C0] ? __list_add_valid+0xb8/0x420 [ 182.906244][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 182.911390][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 182.916612][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 182.921903][ C0] net_rx_action+0x786/0x1aa0 [ 182.926627][ C0] ? net_tx_action+0xc30/0xc30 [ 182.931415][ C0] __do_softirq+0x311/0x83d [ 182.935968][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 182.941173][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 182.946296][ C0] run_ksoftirqd+0x25/0x40 [ 182.950746][ C0] smpboot_thread_fn+0x493/0x980 [ 182.955727][ C0] kthread+0x4b5/0x4f0 [ 182.959799][ C0] ? cpu_report_death+0x180/0x180 [ 182.964852][ C0] ? kthread_blkcg+0xf0/0xf0 [ 182.969452][ C0] ret_from_fork+0x35/0x40 [ 182.974954][ C0] Kernel Offset: 0x2000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 182.986492][ C0] Rebooting in 86400 seconds..