Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. [ 1027.924827][ T33] audit: type=1400 audit(1582880125.970:42): avc: denied { map } for pid=12143 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=2339 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/02/28 08:55:26 parsed 1 programs [ 1032.803871][ T33] audit: type=1400 audit(1582880130.850:43): avc: denied { integrity } for pid=12143 comm="syz-execprog" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 1032.905389][ T33] audit: type=1400 audit(1582880130.950:44): avc: denied { map } for pid=12143 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=85 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2020/02/28 08:55:34 executed programs: 0 [ 1036.266594][T12159] IPVS: ftp: loaded support on port[0] = 21 [ 1036.372164][T12159] chnl_net:caif_netlink_parms(): no params data found [ 1036.448613][T12159] bridge0: port 1(bridge_slave_0) entered blocking state [ 1036.455771][T12159] bridge0: port 1(bridge_slave_0) entered disabled state [ 1036.464366][T12159] device bridge_slave_0 entered promiscuous mode [ 1036.475125][T12159] bridge0: port 2(bridge_slave_1) entered blocking state [ 1036.482930][T12159] bridge0: port 2(bridge_slave_1) entered disabled state [ 1036.490982][T12159] device bridge_slave_1 entered promiscuous mode [ 1036.518783][T12159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1036.532142][T12159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1036.559197][T12159] team0: Port device team_slave_0 added [ 1036.568944][T12159] team0: Port device team_slave_1 added [ 1036.591490][T12159] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1036.598598][T12159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1036.624546][T12159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1036.638428][T12159] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1036.645495][T12159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1036.671446][T12159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1036.745508][T12159] device hsr_slave_0 entered promiscuous mode [ 1036.812417][T12159] device hsr_slave_1 entered promiscuous mode [ 1037.011297][ T33] audit: type=1400 audit(1582880135.050:45): avc: denied { create } for pid=12159 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 1037.016391][T12159] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1037.036384][ T33] audit: type=1400 audit(1582880135.060:46): avc: denied { write } for pid=12159 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 1037.067788][ T33] audit: type=1400 audit(1582880135.060:47): avc: denied { read } for pid=12159 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 1037.117039][T12159] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1037.176873][T12159] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1037.237035][T12159] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1037.329752][T12159] bridge0: port 2(bridge_slave_1) entered blocking state [ 1037.336960][T12159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1037.344814][T12159] bridge0: port 1(bridge_slave_0) entered blocking state [ 1037.352033][T12159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1037.374168][ T2793] bridge0: port 1(bridge_slave_0) entered disabled state [ 1037.383854][ T2793] bridge0: port 2(bridge_slave_1) entered disabled state [ 1037.464781][T12159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1037.486502][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1037.495980][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1037.510090][T12159] 8021q: adding VLAN 0 to HW filter on device team0 [ 1037.524413][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1037.534714][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1037.543947][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1037.551021][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1037.567589][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1037.577372][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1037.586735][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 1037.593966][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1037.612296][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1037.632289][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1037.652935][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1037.663297][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1037.676031][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1037.685635][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1037.695177][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1037.713088][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1037.722067][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1037.742851][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1037.752130][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1037.764101][T12159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1037.799209][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1037.807320][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1037.829180][T12159] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1037.866507][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1037.875607][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1037.910479][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1037.919369][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1037.931854][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1037.940280][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1037.952822][T12159] device veth0_vlan entered promiscuous mode [ 1037.974810][T12159] device veth1_vlan entered promiscuous mode [ 1038.018961][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1038.027654][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1038.036438][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1038.045586][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1038.061706][T12159] device veth0_macvtap entered promiscuous mode [ 1038.076895][T12159] device veth1_macvtap entered promiscuous mode [ 1038.111487][T12159] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1038.119325][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1038.128520][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1038.136883][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1038.146161][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1038.164301][T12159] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1038.171713][T12168] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1038.181601][T12168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1038.394872][ T33] audit: type=1400 audit(1582880136.440:48): avc: denied { associate } for pid=12159 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2020/02/28 08:55:39 executed programs: 20 [ 1042.537151][T12367] ===================================================== [ 1042.544115][T12367] BUG: KMSAN: use-after-free in __list_add_valid+0x280/0x420 [ 1042.551454][T12367] CPU: 0 PID: 12367 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0 [ 1042.560094][T12367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1042.570173][T12367] Call Trace: [ 1042.573440][T12367] dump_stack+0x1c9/0x220 [ 1042.577748][T12367] kmsan_report+0xf7/0x1e0 [ 1042.582157][T12367] __msan_warning+0x58/0xa0 [ 1042.586652][T12367] __list_add_valid+0x280/0x420 [ 1042.591485][T12367] rdma_listen+0x623/0x10b0 [ 1042.595982][T12367] ? kmsan_set_origin_checked+0x95/0xf0 [ 1042.601514][T12367] ? kmsan_get_metadata+0x11d/0x180 [ 1042.606706][T12367] ucma_listen+0x36c/0x5e0 [ 1042.611108][T12367] ? ucma_connect+0xa40/0xa40 [ 1042.615791][T12367] ucma_write+0x5c5/0x630 [ 1042.620102][T12367] ? ucma_get_global_nl_info+0xe0/0xe0 [ 1042.625580][T12367] __vfs_write+0x1a9/0xca0 [ 1042.629980][T12367] ? rw_verify_area+0x2c4/0x5b0 [ 1042.634807][T12367] ? kmsan_get_metadata+0x11d/0x180 [ 1042.639985][T12367] vfs_write+0x44a/0x8f0 [ 1042.644245][T12367] ksys_write+0x267/0x450 [ 1042.648565][T12367] __ia32_sys_write+0xdb/0x120 [ 1042.653307][T12367] ? __se_sys_write+0xb0/0xb0 [ 1042.657964][T12367] do_fast_syscall_32+0x3c7/0x6e0 [ 1042.662975][T12367] entry_SYSENTER_compat+0x68/0x77 [ 1042.668056][T12367] RIP: 0023:0xf7f58d99 [ 1042.672117][T12367] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1042.691749][T12367] RSP: 002b:00000000f7f320cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 1042.700150][T12367] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 1042.708102][T12367] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 1042.716048][T12367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1042.723998][T12367] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1042.731953][T12367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1042.739918][T12367] [ 1042.742224][T12367] Uninit was created at: [ 1042.746453][T12367] kmsan_internal_poison_shadow+0x66/0xd0 [ 1042.752143][T12367] kmsan_slab_free+0x6e/0xb0 [ 1042.756708][T12367] kfree+0x565/0x30a0 [ 1042.760661][T12367] rdma_destroy_id+0x197e/0x1b40 [ 1042.765594][T12367] ucma_close+0x334/0x4c0 [ 1042.769896][T12367] __fput+0x4c7/0xb90 [ 1042.773847][T12367] ____fput+0x37/0x40 [ 1042.777820][T12367] task_work_run+0x214/0x2b0 [ 1042.782391][T12367] prepare_exit_to_usermode+0x3c8/0x520 [ 1042.787905][T12367] syscall_return_slowpath+0x95/0x5f0 [ 1042.793263][T12367] do_fast_syscall_32+0x422/0x6e0 [ 1042.798258][T12367] entry_SYSENTER_compat+0x68/0x77 [ 1042.803336][T12367] ===================================================== [ 1042.810234][T12367] Disabling lock debugging due to kernel taint [ 1042.816356][T12367] Kernel panic - not syncing: panic_on_warn set ... [ 1042.822950][T12367] CPU: 0 PID: 12367 Comm: syz-executor.0 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 1042.832989][T12367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1042.843025][T12367] Call Trace: [ 1042.846305][T12367] dump_stack+0x1c9/0x220 [ 1042.850622][T12367] panic+0x3d5/0xc3e [ 1042.854514][T12367] kmsan_report+0x1df/0x1e0 [ 1042.859010][T12367] __msan_warning+0x58/0xa0 [ 1042.863501][T12367] __list_add_valid+0x280/0x420 [ 1042.868340][T12367] rdma_listen+0x623/0x10b0 [ 1042.872821][T12367] ? kmsan_set_origin_checked+0x95/0xf0 [ 1042.878339][T12367] ? kmsan_get_metadata+0x11d/0x180 [ 1042.883571][T12367] ucma_listen+0x36c/0x5e0 [ 1042.887967][T12367] ? ucma_connect+0xa40/0xa40 [ 1042.892633][T12367] ucma_write+0x5c5/0x630 [ 1042.896958][T12367] ? ucma_get_global_nl_info+0xe0/0xe0 [ 1042.902410][T12367] __vfs_write+0x1a9/0xca0 [ 1042.906818][T12367] ? rw_verify_area+0x2c4/0x5b0 [ 1042.911645][T12367] ? kmsan_get_metadata+0x11d/0x180 [ 1042.916911][T12367] vfs_write+0x44a/0x8f0 [ 1042.921142][T12367] ksys_write+0x267/0x450 [ 1042.925458][T12367] __ia32_sys_write+0xdb/0x120 [ 1042.930232][T12367] ? __se_sys_write+0xb0/0xb0 [ 1042.934884][T12367] do_fast_syscall_32+0x3c7/0x6e0 [ 1042.939892][T12367] entry_SYSENTER_compat+0x68/0x77 [ 1042.944974][T12367] RIP: 0023:0xf7f58d99 [ 1042.949015][T12367] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1042.968596][T12367] RSP: 002b:00000000f7f320cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 1042.976981][T12367] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 1042.984936][T12367] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 1042.992981][T12367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1043.000946][T12367] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1043.008890][T12367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1043.018019][T12367] Kernel Offset: 0x29400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 1043.029631][T12367] Rebooting in 86400 seconds..