[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   32.917499] kauditd_printk_skb: 9 callbacks suppressed
[   32.917513] audit: type=1800 audit(1544482538.916:33): pid=6065 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   32.945969] audit: type=1800 audit(1544482538.926:34): pid=6065 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.987246] audit: type=1400 audit(1544482540.986:35): avc:  denied  { map } for  pid=6239 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   35.032983] sshd (6237) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts.
[   48.560410] audit: type=1400 audit(1544482554.566:36): avc:  denied  { map } for  pid=6253 comm="syz-executor663" path="/root/syz-executor663545111" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   48.574966] IPVS: ftp: loaded support on port[0] = 21
[   48.738617] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.745950] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.754086] device bridge_slave_0 entered promiscuous mode
[   48.772660] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.779429] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.786869] device bridge_slave_1 entered promiscuous mode
[   48.808240] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   48.826222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   48.875986] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   48.897472] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   48.968577] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   48.976423] team0: Port device team_slave_0 added
[   48.994572] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   49.002278] team0: Port device team_slave_1 added
[   49.018612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   49.038913] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   49.058406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   49.076935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   49.218596] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.225431] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.233166] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.239794] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   49.734286] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.784324] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   49.834286] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   49.841006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.849252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.897612] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   50.169289] audit: type=1400 audit(1544482556.176:37): avc:  denied  { create } for  pid=6254 comm="syz-executor663" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   50.172675] Started in network mode
[   50.194162] audit: type=1400 audit(1544482556.176:38): avc:  denied  { write } for  pid=6254 comm="syz-executor663" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   50.194185] audit: type=1400 audit(1544482556.176:39): avc:  denied  { read } for  pid=6254 comm="syz-executor663" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   50.199458] Own node identity ac14141a, cluster identity 4711
[   50.255800] kasan: CONFIG_KASAN_INLINE enabled
[   50.262049] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   50.269510] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   50.277457] CPU: 1 PID: 6254 Comm: syz-executor663 Not tainted 4.20.0-rc6+ #150
[   50.285618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.295534] RIP: 0010:__ipv6_sock_mc_join+0x24a/0xc10
[   50.300971] Code: 00 00 e8 a9 31 9b fa 48 8b 85 d0 fe ff ff 48 83 c0 60 48 89 c2 48 89 85 c0 fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 32 09 00 00 48 8b 85 d0 fe ff ff 4c 8d ad 10 ff
[   50.322677] RSP: 0018:ffff8881d83e6bc8 EFLAGS: 00010206
[   50.331758] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff86e459ac
[   50.339172] RDX: 000000000000000c RSI: ffffffff86e452c7 RDI: 0000000000000001
[   50.346583] RBP: ffff8881d83e6d18 R08: ffff88819f46e3c0 R09: ffffed103b5e5b5f
[   50.353842] R10: ffffed103b5e5b5f R11: ffff8881daf2dafb R12: 000000000000000f
[   50.361365] R13: ffff8881d83e6fb4 R14: ffff8881d83e6fb4 R15: ffff8881c0ff0e80
[   50.368912] FS:  000000000096d880(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
[   50.377420] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.383282] CR2: 000056530466c130 CR3: 00000001c26ae000 CR4: 00000000001406e0
[   50.390818] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.398078] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.405621] Call Trace:
[   50.408228]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.413747]  ? __ipv6_dev_mc_inc+0xc50/0xc50
[   50.418294]  ? cpus_read_unlock+0x8b/0xb0
[   50.422571]  ? static_key_enable+0x1f/0x30
[   50.427159]  ? udp_encap_enable+0x15/0x20
[   50.431647]  ? setup_udp_tunnel_sock+0x3ac/0x5e0
[   50.437041]  ? udp_tunnel_xmit_skb+0x320/0x320
[   50.441641]  ipv6_sock_mc_join+0x27/0x30
[   50.445699]  tipc_udp_enable+0x1476/0x1ed0
[   50.450498]  ? tipc_udp_recv+0xe20/0xe20
[   50.454606]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   50.459964]  ? tipc_udp_send_msg+0x670/0x670
[   50.465859]  ? save_stack+0xa9/0xd0
[   50.469472]  ? save_stack+0x43/0xd0
[   50.473440]  ? kasan_kmalloc+0xc7/0xe0
[   50.477439]  ? kmem_cache_alloc_trace+0x152/0x750
[   50.484204]  ? tipc_enable_bearer+0x90d/0xf10
[   50.488837]  ? __tipc_nl_bearer_enable+0x37c/0x4a0
[   50.494325]  ? tipc_nl_bearer_enable+0x22/0x30
[   50.498894]  ? genl_rcv_msg+0xc6/0x168
[   50.503101]  ? netlink_rcv_skb+0x172/0x440
[   50.507523]  ? genl_rcv+0x28/0x40
[   50.511095]  ? netlink_unicast+0x5a5/0x760
[   50.516002]  ? netlink_sendmsg+0xa18/0xfc0
[   50.520376]  ? sock_sendmsg+0xd5/0x120
[   50.524245]  ? ___sys_sendmsg+0x7fd/0x930
[   50.528866]  ? __x64_sys_sendmsg+0x78/0xb0
[   50.534049]  ? do_syscall_64+0x1b9/0x820
[   50.538235]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.543584]  ? mark_held_locks+0x130/0x130
[   50.548308]  ? zap_class+0x640/0x640
[   50.552013]  ? check_preemption_disabled+0x48/0x280
[   50.557388]  ? tipc_enable_bearer+0x90d/0xf10
[   50.562047]  ? rcu_read_lock_sched_held+0x14f/0x180
[   50.567544]  tipc_enable_bearer+0x9a6/0xf10
[   50.572022]  ? tipc_udp_recv+0xe20/0xe20
[   50.576093]  ? tipc_enable_bearer+0x9a6/0xf10
[   50.580572]  ? tipc_bearer_xmit_skb+0x350/0x350
[   50.585239]  ? nla_memcmp+0x90/0x90
[   50.589050]  ? lock_release+0xa00/0xa00
[   50.593230]  ? perf_trace_sched_process_exec+0x860/0x860
[   50.598664]  ? mark_held_locks+0x130/0x130
[   50.602915]  ? check_preemption_disabled+0x48/0x280
[   50.607922]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.613801]  ? __nla_parse+0x12c/0x3e0
[   50.617678]  ? nla_parse+0x46/0x60
[   50.621232]  __tipc_nl_bearer_enable+0x37c/0x4a0
[   50.625985]  ? __tipc_nl_bearer_enable+0x37c/0x4a0
[   50.630893]  ? tipc_nl_bearer_disable+0x30/0x30
[   50.635822]  tipc_nl_bearer_enable+0x22/0x30
[   50.640224]  genl_family_rcv_msg+0x8a7/0x11a0
[   50.644875]  ? genl_unregister_family+0x8a0/0x8a0
[   50.650058]  ? lock_downgrade+0x900/0x900
[   50.654199]  ? check_preemption_disabled+0x48/0x280
[   50.659286]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   50.664195]  ? kasan_check_read+0x11/0x20
[   50.668624]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   50.674257]  ? rcu_softirq_qs+0x20/0x20
[   50.678218]  genl_rcv_msg+0xc6/0x168
[   50.681919]  netlink_rcv_skb+0x172/0x440
[   50.685973]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   50.690985]  ? netlink_ack+0xb80/0xb80
[   50.694962]  ? down_read+0x8d/0x120
[   50.698584]  genl_rcv+0x28/0x40
[   50.701869]  netlink_unicast+0x5a5/0x760
[   50.705933]  ? netlink_attachskb+0x9a0/0x9a0
[   50.710344]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.715861]  netlink_sendmsg+0xa18/0xfc0
[   50.719993]  ? netlink_unicast+0x760/0x760
[   50.724225]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.729747]  ? security_socket_sendmsg+0x94/0xc0
[   50.734570]  ? netlink_unicast+0x760/0x760
[   50.738817]  sock_sendmsg+0xd5/0x120
[   50.742523]  ___sys_sendmsg+0x7fd/0x930
[   50.746493]  ? copy_msghdr_from_user+0x580/0x580
[   50.751260]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   50.756779]  ? rcu_pm_notify+0xc0/0xc0
[   50.760651]  ? blkcg_maybe_throttle_current+0xa38/0x1080
[   50.766085]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.771608]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.777310]  ? __fget_light+0x2e9/0x430
[   50.781265]  ? fget_raw+0x20/0x20
[   50.784793]  ? task_work_run+0x1af/0x2a0
[   50.788873]  ? _raw_spin_unlock_irq+0x27/0x80
[   50.793352]  ? _raw_spin_unlock_irq+0x27/0x80
[   50.797851]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   50.803115]  ? trace_hardirqs_on+0xbd/0x310
[   50.807449]  ? kasan_check_read+0x11/0x20
[   50.811593]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   50.817216]  ? sockfd_lookup_light+0xc5/0x160
[   50.821704]  __sys_sendmsg+0x11d/0x280
[   50.825660]  ? __ia32_sys_shutdown+0x80/0x80
[   50.830068]  ? do_syscall_64+0x6be/0x820
[   50.834982]  ? trace_hardirqs_on+0x310/0x310
[   50.839373]  ? do_syscall_64+0x9a/0x820
[   50.843326]  ? do_syscall_64+0x9a/0x820
[   50.847285]  ? trace_hardirqs_off_caller+0x310/0x310
[   50.852631]  __x64_sys_sendmsg+0x78/0xb0
[   50.856687]  do_syscall_64+0x1b9/0x820
[   50.860593]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   50.865944]  ? syscall_return_slowpath+0x5e0/0x5e0
[   50.870857]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   50.876223]  ? trace_hardirqs_on_caller+0x310/0x310
[   50.881236]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   50.886237]  ? prepare_exit_to_usermode+0x291/0x3b0
[   50.893256]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   50.898082]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.903253] RIP: 0033:0x445d49
[   50.906952] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb ce fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   50.925928] RSP: 002b:00007ffea68351c8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   50.933702] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000445d49
[   50.940954] RDX: 000000000000c000 RSI: 0000000020000c00 RDI: 0000000000000003
[   50.948387] RBP: 00000000006d1018 R08: 0000000000000000 R09: 0000000000000100
[   50.955910] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004030d0
[   50.963173] R13: 0000000000403160 R14: 0000000000000000 R15: 0000000000000000
[   50.970483] Modules linked in:
[   50.974676] ---[ end trace ce829bd40fb9893b ]---
[   50.979492] RIP: 0010:__ipv6_sock_mc_join+0x24a/0xc10
[   50.984672] Code: 00 00 e8 a9 31 9b fa 48 8b 85 d0 fe ff ff 48 83 c0 60 48 89 c2 48 89 85 c0 fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 32 09 00 00 48 8b 85 d0 fe ff ff 4c 8d ad 10 ff
[   51.003794] RSP: 0018:ffff8881d83e6bc8 EFLAGS: 00010206
[   51.009214] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff86e459ac
[   51.016568] RDX: 000000000000000c RSI: ffffffff86e452c7 RDI: 0000000000000001
[   51.023867] RBP: ffff8881d83e6d18 R08: ffff88819f46e3c0 R09: ffffed103b5e5b5f
[   51.031263] R10: ffffed103b5e5b5f R11: ffff8881daf2dafb R12: 000000000000000f
[   51.038570] R13: ffff8881d83e6fb4 R14: ffff8881d83e6fb4 R15: ffff8881c0ff0e80
[   51.045858] FS:  000000000096d880(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
[   51.054388] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.060293] CR2: 000056530466c130 CR3: 00000001c26ae000 CR4: 00000000001406e0
[   51.067596] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.075052] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.082353] Kernel panic - not syncing: Fatal exception
[   51.089052] Kernel Offset: disabled
[   51.094268] Rebooting in 86400 seconds..