[ 129.381828][ T32] audit: type=1400 audit(1584113514.445:41): avc: denied { map } for pid=11778 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. syzkaller login: [ 137.788683][ T32] audit: type=1400 audit(1584113522.855:42): avc: denied { map } for pid=11790 comm="syz-executor250" path="/root/syz-executor250570054" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 137.831189][T11791] IPVS: ftp: loaded support on port[0] = 21 [ 137.923673][T11791] chnl_net:caif_netlink_parms(): no params data found [ 138.007128][T11791] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.014334][T11791] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.023149][T11791] device bridge_slave_0 entered promiscuous mode [ 138.034582][T11791] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.041682][T11791] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.050570][T11791] device bridge_slave_1 entered promiscuous mode [ 138.079038][T11791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.093368][T11791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.122535][T11791] team0: Port device team_slave_0 added [ 138.133327][T11791] team0: Port device team_slave_1 added [ 138.157815][T11791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 138.164867][T11791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.190925][T11791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 138.205482][T11791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 138.212910][T11791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.238935][T11791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 138.316428][T11791] device hsr_slave_0 entered promiscuous mode [ 138.362702][T11791] device hsr_slave_1 entered promiscuous mode [ 138.533177][ T32] audit: type=1400 audit(1584113523.595:43): avc: denied { create } for pid=11791 comm="syz-executor250" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 138.560273][ T32] audit: type=1400 audit(1584113523.635:44): avc: denied { write } for pid=11791 comm="syz-executor250" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 138.565294][T11791] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 138.585600][ T32] audit: type=1400 audit(1584113523.635:45): avc: denied { read } for pid=11791 comm="syz-executor250" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 138.638086][T11791] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 138.698266][T11791] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 138.758168][T11791] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 138.853629][T11791] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.860834][T11791] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.868686][T11791] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.876054][T11791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.954349][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.964662][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.000591][T11791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.023349][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.031653][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.048284][T11791] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.064007][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.073928][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.083325][ T2736] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.091373][ T2736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.112826][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.121952][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.131408][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.138623][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.153471][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 139.169484][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 139.195617][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 139.205090][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 139.214931][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 139.224602][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 139.236331][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 139.262727][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.271707][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.281120][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 139.290795][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.305485][T11791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 139.341506][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 139.349504][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 139.371728][T11791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.410187][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 139.420368][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 139.456507][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 139.465834][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 139.481881][T11791] device veth0_vlan entered promiscuous mode [ 139.504821][T11791] device veth1_vlan entered promiscuous mode [ 139.514373][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 139.523881][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 139.533609][ T2736] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 139.579768][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 139.589839][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 139.599335][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 139.618539][T11791] device veth0_macvtap entered promiscuous mode [ 139.635627][T11791] device veth1_macvtap entered promiscuous mode [ 139.671138][T11791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 139.679084][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 139.688382][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 139.697377][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 139.707234][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 139.725620][T11791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 139.733526][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 139.743279][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 139.993188][ C1] ===================================================== [ 140.000194][ C1] BUG: KMSAN: use-after-free in find_match+0x317/0x1480 [ 140.007119][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc2-syzkaller #0 [ 140.015260][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.025298][ C1] Call Trace: [ 140.028581][ C1] dump_stack+0x1c9/0x220 [ 140.032907][ C1] kmsan_report+0xf7/0x1e0 [ 140.037316][ C1] __msan_warning+0x58/0xa0 [ 140.041821][ C1] find_match+0x317/0x1480 [ 140.046237][ C1] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 140.052375][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.057578][ C1] __find_rr_leaf+0x3f9/0x1160 [ 140.062350][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 140.067451][ C1] fib6_table_lookup+0x586/0x1420 [ 140.072499][ C1] ip6_pol_route+0x203/0x2960 [ 140.077167][ C1] ? nf_ip6_checksum+0x501/0x610 [ 140.082118][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.087326][ C1] ip6_pol_route_input+0x123/0x140 [ 140.092437][ C1] fib6_rule_lookup+0x38f/0xa10 [ 140.097276][ C1] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 140.102819][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.108010][ C1] ip6_route_input+0xb9d/0xcf0 [ 140.112783][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.117988][ C1] ip6_rcv_finish_core+0x1f9/0x470 [ 140.123086][ C1] ipv6_rcv+0x628/0x710 [ 140.127234][ C1] ? local_bh_enable+0x40/0x40 [ 140.131991][ C1] process_backlog+0xa41/0x1410 [ 140.136835][ C1] ? __list_add_valid+0xb8/0x420 [ 140.141771][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 140.146876][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.152072][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 140.157343][ C1] net_rx_action+0x786/0x1aa0 [ 140.162026][ C1] ? net_tx_action+0xc30/0xc30 [ 140.166778][ C1] __do_softirq+0x311/0x83d [ 140.171292][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 140.176476][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 140.181574][ C1] run_ksoftirqd+0x25/0x40 [ 140.185985][ C1] smpboot_thread_fn+0x493/0x980 [ 140.192926][ C1] kthread+0x4b5/0x4f0 [ 140.196979][ C1] ? cpu_report_death+0x180/0x180 [ 140.201999][ C1] ? kthread_blkcg+0xf0/0xf0 [ 140.206662][ C1] ret_from_fork+0x35/0x40 [ 140.211071][ C1] [ 140.213379][ C1] Uninit was created at: [ 140.217608][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 140.223310][ C1] kmsan_slab_free+0x6e/0xb0 [ 140.227890][ C1] kfree+0x565/0x30a0 [ 140.231866][ C1] netdev_name_node_alt_destroy+0x587/0x690 [ 140.237758][ C1] rtnl_linkprop+0x939/0xc00 [ 140.242341][ C1] rtnl_dellinkprop+0x9d/0xb0 [ 140.247011][ C1] rtnetlink_rcv_msg+0x1153/0x1570 [ 140.252128][ C1] netlink_rcv_skb+0x451/0x650 [ 140.256889][ C1] rtnetlink_rcv+0x50/0x60 [ 140.261292][ C1] netlink_unicast+0xf9e/0x1100 [ 140.266128][ C1] netlink_sendmsg+0x1246/0x14d0 [ 140.271076][ C1] ____sys_sendmsg+0x12b6/0x1350 [ 140.276000][ C1] __sys_sendmsg+0x451/0x5f0 [ 140.280585][ C1] __ia32_compat_sys_sendmsg+0xed/0x130 [ 140.286201][ C1] do_fast_syscall_32+0x3c7/0x6e0 [ 140.291213][ C1] entry_SYSENTER_compat+0x68/0x77 [ 140.296301][ C1] ===================================================== [ 140.303213][ C1] Disabling lock debugging due to kernel taint [ 140.309346][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 140.309349][ C0] ===================================================== [ 140.309372][ C0] BUG: KMSAN: use-after-free in find_match+0x317/0x1480 [ 140.315941][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 140.339325][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.349381][ C1] Call Trace: [ 140.352679][ C1] dump_stack+0x1c9/0x220 [ 140.357007][ C1] panic+0x3d5/0xc3e [ 140.360929][ C1] kmsan_report+0x1df/0x1e0 [ 140.365430][ C1] __msan_warning+0x58/0xa0 [ 140.369931][ C1] find_match+0x317/0x1480 [ 140.374345][ C1] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 140.380491][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.385689][ C1] __find_rr_leaf+0x3f9/0x1160 [ 140.390463][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 140.395565][ C1] fib6_table_lookup+0x586/0x1420 [ 140.400609][ C1] ip6_pol_route+0x203/0x2960 [ 140.405276][ C1] ? nf_ip6_checksum+0x501/0x610 [ 140.410203][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.415409][ C1] ip6_pol_route_input+0x123/0x140 [ 140.420519][ C1] fib6_rule_lookup+0x38f/0xa10 [ 140.425357][ C1] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 140.430900][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.436089][ C1] ip6_route_input+0xb9d/0xcf0 [ 140.440853][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.446068][ C1] ip6_rcv_finish_core+0x1f9/0x470 [ 140.451179][ C1] ipv6_rcv+0x628/0x710 [ 140.455330][ C1] ? local_bh_enable+0x40/0x40 [ 140.460091][ C1] process_backlog+0xa41/0x1410 [ 140.464943][ C1] ? __list_add_valid+0xb8/0x420 [ 140.469889][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 140.475002][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 140.480199][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 140.485481][ C1] net_rx_action+0x786/0x1aa0 [ 140.490171][ C1] ? net_tx_action+0xc30/0xc30 [ 140.494942][ C1] __do_softirq+0x311/0x83d [ 140.499454][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 140.504640][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 140.509750][ C1] run_ksoftirqd+0x25/0x40 [ 140.514166][ C1] smpboot_thread_fn+0x493/0x980 [ 140.519103][ C1] kthread+0x4b5/0x4f0 [ 140.523156][ C1] ? cpu_report_death+0x180/0x180 [ 140.528185][ C1] ? kthread_blkcg+0xf0/0xf0 [ 140.532769][ C1] ret_from_fork+0x35/0x40 [ 140.537199][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 140.546750][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.556788][ C0] Call Trace: [ 140.560071][ C0] dump_stack+0x1c9/0x220 [ 140.564405][ C0] kmsan_report+0xf7/0x1e0 [ 140.568815][ C0] __msan_warning+0x58/0xa0 [ 140.573315][ C0] find_match+0x317/0x1480 [ 140.577740][ C0] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 140.583898][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 140.589127][ C0] __find_rr_leaf+0x3f9/0x1160 [ 140.593939][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 140.599053][ C0] fib6_table_lookup+0x586/0x1420 [ 140.604103][ C0] ip6_pol_route+0x203/0x2960 [ 140.608785][ C0] ? nf_ip6_checksum+0x501/0x610 [ 140.613719][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 140.618929][ C0] ip6_pol_route_input+0x123/0x140 [ 140.624043][ C0] fib6_rule_lookup+0x38f/0xa10 [ 140.628884][ C0] ? ip6_route_input_lookup+0x1f0/0x1f0 [ 140.634429][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 140.639628][ C0] ip6_route_input+0xb9d/0xcf0 [ 140.644389][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 140.649587][ C0] ip6_rcv_finish_core+0x1f9/0x470 [ 140.654689][ C0] ipv6_rcv+0x628/0x710 [ 140.658881][ C0] ? local_bh_enable+0x40/0x40 [ 140.663639][ C0] process_backlog+0xa41/0x1410 [ 140.669704][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 140.674809][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 140.680013][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 140.685287][ C0] net_rx_action+0x786/0x1aa0 [ 140.690058][ C0] ? net_tx_action+0xc30/0xc30 [ 140.694825][ C0] __do_softirq+0x311/0x83d [ 140.699328][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 140.704515][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 140.709613][ C0] run_ksoftirqd+0x25/0x40 [ 140.714026][ C0] smpboot_thread_fn+0x493/0x980 [ 140.718978][ C0] kthread+0x4b5/0x4f0 [ 140.723031][ C0] ? cpu_report_death+0x180/0x180 [ 140.728050][ C0] ? kthread_blkcg+0xf0/0xf0 [ 140.732627][ C0] ret_from_fork+0x35/0x40 [ 140.737041][ C0] [ 140.739352][ C0] Uninit was created at: [ 140.743583][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 140.749286][ C0] kmsan_slab_free+0x6e/0xb0 [ 140.753859][ C0] kfree+0x565/0x30a0 [ 140.757827][ C0] netdev_name_node_alt_destroy+0x587/0x690 [ 140.763708][ C0] rtnl_linkprop+0x939/0xc00 [ 140.768292][ C0] rtnl_dellinkprop+0x9d/0xb0 [ 140.772955][ C0] rtnetlink_rcv_msg+0x1153/0x1570 [ 140.778050][ C0] netlink_rcv_skb+0x451/0x650 [ 140.782798][ C0] rtnetlink_rcv+0x50/0x60 [ 140.787197][ C0] netlink_unicast+0xf9e/0x1100 [ 140.792041][ C0] netlink_sendmsg+0x1246/0x14d0 [ 140.796978][ C0] ____sys_sendmsg+0x12b6/0x1350 [ 140.801915][ C0] __sys_sendmsg+0x451/0x5f0 [ 140.806501][ C0] __ia32_compat_sys_sendmsg+0xed/0x130 [ 140.812043][ C0] do_fast_syscall_32+0x3c7/0x6e0 [ 140.817083][ C0] entry_SYSENTER_compat+0x68/0x77 [ 140.822184][ C0] ===================================================== [ 141.746613][ C1] Shutting down cpus with NMI [ 141.764549][ C1] Kernel Offset: 0x29a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 141.776195][ C1] Rebooting in 86400 seconds..