[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  123.535468][   T32] kauditd_printk_skb: 4 callbacks suppressed
[  123.535516][   T32] audit: type=1800 audit(1583913151.590:39): pid=11235 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[  123.563995][   T32] audit: type=1800 audit(1583913151.590:40): pid=11235 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [  125.339777][   T32] audit: type=1400 audit(1583913153.390:41): avc:  denied  { map } for  pid=11409 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts.
[  133.920045][   T32] audit: type=1400 audit(1583913161.970:42): avc:  denied  { map } for  pid=11421 comm="syz-executor661" path="/root/syz-executor661911311" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  133.962815][T11422] IPVS: ftp: loaded support on port[0] = 21
[  134.055588][T11422] chnl_net:caif_netlink_parms(): no params data found
[  134.136997][T11422] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.144345][T11422] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.152741][T11422] device bridge_slave_0 entered promiscuous mode
[  134.164441][T11422] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.171608][T11422] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.180504][T11422] device bridge_slave_1 entered promiscuous mode
[  134.209603][T11422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.224536][T11422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.254508][T11422] team0: Port device team_slave_0 added
[  134.265438][T11422] team0: Port device team_slave_1 added
[  134.290636][T11422] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.297736][T11422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.324080][T11422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.338081][T11422] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.345265][T11422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.371758][T11422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  134.457846][T11422] device hsr_slave_0 entered promiscuous mode
[  134.504349][T11422] device hsr_slave_1 entered promiscuous mode
[  134.670015][   T32] audit: type=1400 audit(1583913162.720:43): avc:  denied  { create } for  pid=11422 comm="syz-executor661" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  134.697364][   T32] audit: type=1400 audit(1583913162.760:44): avc:  denied  { write } for  pid=11422 comm="syz-executor661" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  134.701079][T11422] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  134.723330][   T32] audit: type=1400 audit(1583913162.760:45): avc:  denied  { read } for  pid=11422 comm="syz-executor661" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  134.809362][T11422] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  134.869366][T11422] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  134.929279][T11422] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  135.021763][T11422] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.029176][T11422] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.037077][T11422] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.045380][T11422] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.058414][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.070275][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.167801][T11422] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.191423][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  135.200148][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  135.217529][T11422] 8021q: adding VLAN 0 to HW filter on device team0
[  135.232533][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  135.242655][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  135.251774][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.259380][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.275362][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  135.284930][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  135.294050][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.301215][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.320791][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  135.345296][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  135.366023][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  135.375758][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  135.386137][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  135.397616][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  135.408659][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  135.424951][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  135.434693][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  135.456349][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  135.467315][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  135.480984][T11422] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  135.518916][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  135.527120][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  135.549516][T11422] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.588426][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  135.597976][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  135.632797][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  135.642481][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  135.652987][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  135.662758][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  135.679854][T11422] device veth0_vlan entered promiscuous mode
[  135.701628][T11422] device veth1_vlan entered promiscuous mode
[  135.748233][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  135.757237][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  135.766229][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  135.775488][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  135.793378][T11422] device veth0_macvtap entered promiscuous mode
[  135.808984][T11422] device veth1_macvtap entered promiscuous mode
[  135.844496][T11422] batman_adv: batadv0: Interface activated: batadv_slave_0
[  135.852073][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  135.861355][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  135.869978][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  135.879482][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  135.898731][T11422] batman_adv: batadv0: Interface activated: batadv_slave_1
[  135.906612][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  135.916248][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[  136.195309][T11422] =====================================================
[  136.202291][T11422] BUG: KMSAN: uninit-value in stack_trace_consume_entry+0x171/0x310
[  136.210344][T11422] CPU: 1 PID: 11422 Comm: syz-executor661 Not tainted 5.6.0-rc2-syzkaller #0
[  136.219170][T11422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.229213][T11422] Call Trace:
[  136.232595][T11422]  dump_stack+0x1c9/0x220
[  136.236931][T11422]  kmsan_report+0xf7/0x1e0
[  136.241351][T11422]  __msan_warning+0x58/0xa0
[  136.245844][T11422]  stack_trace_consume_entry+0x171/0x310
[  136.251476][T11422]  ? kmsan_internal_chain_origin+0xad/0x130
[  136.257376][T11422]  ? kmsan_internal_chain_origin+0xad/0x130
[  136.263384][T11422]  arch_stack_walk+0x317/0x3e0
[  136.268152][T11422]  ? stack_trace_save+0x1a0/0x1a0
[  136.273304][T11422]  ? kmsan_internal_chain_origin+0xad/0x130
[  136.279197][T11422]  stack_trace_save+0x117/0x1a0
[  136.284040][T11422]  kmsan_internal_chain_origin+0xad/0x130
[  136.289754][T11422]  ? kmsan_get_metadata+0x4f/0x180
[  136.294919][T11422]  ? kmsan_internal_set_origin+0x75/0xb0
[  136.300541][T11422]  ? __msan_poison_alloca+0xf0/0x120
[  136.305918][T11422]  ? kmsan_get_metadata+0x4f/0x180
[  136.311043][T11422]  kmsan_memcpy_memmove_metadata+0x272/0x2e0
[  136.317303][T11422]  kmsan_memcpy_metadata+0xb/0x10
[  136.322515][T11422]  __msan_memcpy+0x43/0x50
[  136.327111][T11422]  sock_write_iter+0x4f6/0x6d0
[  136.332173][T11422]  ? sock_read_iter+0x700/0x700
[  136.337023][T11422]  __vfs_write+0xa5a/0xca0
[  136.341465][T11422]  vfs_write+0x44a/0x8f0
[  136.346532][T11422]  ksys_write+0x267/0x450
[  136.351982][T11422]  __ia32_sys_write+0xdb/0x120
[  136.356854][T11422]  ? __se_sys_write+0xb0/0xb0
[  136.361535][T11422]  do_fast_syscall_32+0x3c7/0x6e0
[  136.366580][T11422]  entry_SYSENTER_compat+0x68/0x77
[  136.372810][T11422] RIP: 0023:0xf7fd1d99
[  136.376958][T11422] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  136.396657][T11422] RSP: 002b:00000000ffaf2dfc EFLAGS: 00000286 ORIG_RAX: 0000000000000004
[  136.405055][T11422] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200003c0
[  136.414073][T11422] RDX: 0000000000000018 RSI: 00000000f7fd128c RDI: 0000000000000004
[  136.422240][T11422] RBP: 0000000009b09018 R08: 0000000000000000 R09: 0000000000000000
[  136.430345][T11422] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  136.438328][T11422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  136.446302][T11422] 
[  136.448633][T11422] Uninit was stored to memory at:
[  136.453652][T11422]  kmsan_internal_chain_origin+0xad/0x130
[  136.459375][T11422]  __msan_chain_origin+0x50/0x90
[  136.464300][T11422]  stack_trace_consume_entry+0x27a/0x310
[  136.470160][T11422]  arch_stack_walk+0x317/0x3e0
[  136.476774][T11422]  stack_trace_save+0x117/0x1a0
[  136.482154][T11422]  kmsan_internal_chain_origin+0xad/0x130
[  136.488481][T11422]  kmsan_memcpy_memmove_metadata+0x272/0x2e0
[  136.495702][T11422]  kmsan_memcpy_metadata+0xb/0x10
[  136.501420][T11422]  __msan_memcpy+0x43/0x50
[  136.505829][T11422]  sock_write_iter+0x4f6/0x6d0
[  136.510586][T11422]  __vfs_write+0xa5a/0xca0
[  136.515214][T11422]  vfs_write+0x44a/0x8f0
[  136.519458][T11422]  ksys_write+0x267/0x450
[  136.525297][T11422]  __ia32_sys_write+0xdb/0x120
[  136.530074][T11422]  do_fast_syscall_32+0x3c7/0x6e0
[  136.535091][T11422]  entry_SYSENTER_compat+0x68/0x77
[  136.540353][T11422] 
[  136.542670][T11422] Uninit was stored to memory at:
[  136.547890][T11422]  kmsan_internal_chain_origin+0xad/0x130
[  136.553609][T11422]  __msan_chain_origin+0x50/0x90
[  136.558724][T11422]  stack_trace_save+0x193/0x1a0
[  136.563920][T11422]  kmsan_internal_chain_origin+0xad/0x130
[  136.570856][T11422]  kmsan_memcpy_memmove_metadata+0x272/0x2e0
[  136.577484][T11422]  kmsan_memcpy_metadata+0xb/0x10
[  136.583569][T11422]  __msan_memcpy+0x43/0x50
[  136.588272][T11422]  sock_write_iter+0x4f6/0x6d0
[  136.594194][T11422]  __vfs_write+0xa5a/0xca0
[  136.599678][T11422]  vfs_write+0x44a/0x8f0
[  136.604142][T11422]  ksys_write+0x267/0x450
[  136.608781][T11422]  __ia32_sys_write+0xdb/0x120
[  136.614692][T11422]  do_fast_syscall_32+0x3c7/0x6e0
[  136.620911][T11422]  entry_SYSENTER_compat+0x68/0x77
[  136.626109][T11422] 
[  136.628418][T11422] Uninit was created at:
[  136.632664][T11422]  kmsan_internal_poison_shadow+0x66/0xd0
[  136.638398][T11422]  kmsan_slab_alloc+0x8a/0xe0
[  136.643060][T11422]  __kmalloc_node_track_caller+0xb40/0x1200
[  136.649550][T11422]  __alloc_skb+0x2fd/0xac0
[  136.654224][T11422]  alloc_skb_with_frags+0x18c/0xa70
[  136.659943][T11422]  sock_alloc_send_pskb+0xada/0xc60
[  136.665230][T11422]  packet_sendmsg+0x66a0/0x93b0
[  136.671506][T11422]  sock_write_iter+0x6bc/0x6d0
[  136.676258][T11422]  __vfs_write+0xa5a/0xca0
[  136.680695][T11422]  vfs_write+0x44a/0x8f0
[  136.685356][T11422]  ksys_write+0x267/0x450
[  136.689677][T11422]  __ia32_sys_write+0xdb/0x120
[  136.694444][T11422]  do_fast_syscall_32+0x3c7/0x6e0
[  136.699494][T11422]  entry_SYSENTER_compat+0x68/0x77
[  136.705019][T11422] =====================================================
[  136.712169][T11422] Disabling lock debugging due to kernel taint
[  136.718505][T11422] Kernel panic - not syncing: panic_on_warn set ...
[  136.725185][T11422] CPU: 1 PID: 11422 Comm: syz-executor661 Tainted: G    B             5.6.0-rc2-syzkaller #0
[  136.735330][T11422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.745573][T11422] Call Trace:
[  136.748855][T11422]  dump_stack+0x1c9/0x220
[  136.754109][T11422]  panic+0x3d5/0xc3e
[  136.758325][T11422]  kmsan_report+0x1df/0x1e0
[  136.762991][T11422]  __msan_warning+0x58/0xa0
[  136.767602][T11422]  stack_trace_consume_entry+0x171/0x310
[  136.773815][T11422]  ? kmsan_internal_chain_origin+0xad/0x130
[  136.779825][T11422]  ? kmsan_internal_chain_origin+0xad/0x130
[  136.785712][T11422]  arch_stack_walk+0x317/0x3e0
[  136.790510][T11422]  ? stack_trace_save+0x1a0/0x1a0
[  136.795562][T11422]  ? kmsan_internal_chain_origin+0xad/0x130
[  136.801570][T11422]  stack_trace_save+0x117/0x1a0
[  136.806555][T11422]  kmsan_internal_chain_origin+0xad/0x130
[  136.812482][T11422]  ? kmsan_get_metadata+0x4f/0x180
[  136.817612][T11422]  ? kmsan_internal_set_origin+0x75/0xb0
[  136.823255][T11422]  ? __msan_poison_alloca+0xf0/0x120
[  136.828563][T11422]  ? kmsan_get_metadata+0x4f/0x180
[  136.833709][T11422]  kmsan_memcpy_memmove_metadata+0x272/0x2e0
[  136.839723][T11422]  kmsan_memcpy_metadata+0xb/0x10
[  136.845908][T11422]  __msan_memcpy+0x43/0x50
[  136.850411][T11422]  sock_write_iter+0x4f6/0x6d0
[  136.855705][T11422]  ? sock_read_iter+0x700/0x700
[  136.861436][T11422]  __vfs_write+0xa5a/0xca0
[  136.866439][T11422]  vfs_write+0x44a/0x8f0
[  136.870700][T11422]  ksys_write+0x267/0x450
[  136.875927][T11422]  __ia32_sys_write+0xdb/0x120
[  136.880809][T11422]  ? __se_sys_write+0xb0/0xb0
[  136.885824][T11422]  do_fast_syscall_32+0x3c7/0x6e0
[  136.890843][T11422]  entry_SYSENTER_compat+0x68/0x77
[  136.896036][T11422] RIP: 0023:0xf7fd1d99
[  136.900108][T11422] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  136.919698][T11422] RSP: 002b:00000000ffaf2dfc EFLAGS: 00000286 ORIG_RAX: 0000000000000004
[  136.928117][T11422] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200003c0
[  136.936088][T11422] RDX: 0000000000000018 RSI: 00000000f7fd128c RDI: 0000000000000004
[  136.944046][T11422] RBP: 0000000009b09018 R08: 0000000000000000 R09: 0000000000000000
[  136.952000][T11422] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  136.960302][T11422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  136.970262][T11422] Kernel Offset: 0x7a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  136.981984][T11422] Rebooting in 86400 seconds..