[ 28.488935][ T24] audit: type=1800 audit(1575189648.626:40): pid=6932 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.218344][ T24] audit: type=1400 audit(1575189652.376:41): avc: denied { map } for pid=7103 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts. [ 58.458047][ T24] audit: type=1400 audit(1575189678.616:42): avc: denied { map } for pid=7117 comm="syz-executor138" path="/root/syz-executor138752731" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 65.187178][ T7118] IPVS: ftp: loaded support on port[0] = 21 [ 65.198314][ T24] audit: type=1400 audit(1575189685.356:43): avc: denied { create } for pid=7118 comm="syz-executor138" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 65.219136][ T7118] chnl_net:caif_netlink_parms(): no params data found [ 65.223016][ T24] audit: type=1400 audit(1575189685.356:44): avc: denied { write } for pid=7118 comm="syz-executor138" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 65.223026][ T24] audit: type=1400 audit(1575189685.356:45): avc: denied { read } for pid=7118 comm="syz-executor138" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 65.283435][ T7118] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.290486][ T7118] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.298265][ T7118] device bridge_slave_0 entered promiscuous mode [ 65.304995][ T7118] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.312490][ T7118] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.319717][ T7118] device bridge_slave_1 entered promiscuous mode [ 65.328522][ T7118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.337942][ T7118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.349185][ T7118] team0: Port device team_slave_0 added [ 65.355150][ T7118] team0: Port device team_slave_1 added [ 65.402120][ T7118] device hsr_slave_0 entered promiscuous mode [ 65.461544][ T7118] device hsr_slave_1 entered promiscuous mode [ 65.517052][ T7118] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.602152][ T7118] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.652102][ T7118] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.732131][ T7118] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.783598][ T7118] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.790641][ T7118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.797942][ T7118] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.804979][ T7118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.818557][ T7118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.826377][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.844027][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.862409][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.869777][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 65.878176][ T7118] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.896059][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.904208][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.911203][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.921557][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.929634][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.936649][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.944129][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.952483][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.960598][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.970216][ T7118] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.980635][ T7118] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network executing program [ 65.991826][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.999711][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.007634][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.016653][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.024110][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.032626][ T7118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.832135][ T497] tipc: TX() has been purged, node left! [ 67.401590][ T497] device bridge_slave_1 left promiscuous mode [ 67.407857][ T497] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.501691][ T497] device bridge_slave_0 left promiscuous mode [ 67.507866][ T497] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.682334][ T497] device hsr_slave_0 left promiscuous mode [ 67.721616][ T497] device hsr_slave_1 left promiscuous mode [ 67.762712][ T497] team0 (unregistering): Port device team_slave_1 removed [ 67.770479][ T497] team0 (unregistering): Port device team_slave_0 removed [ 67.778205][ T497] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.802421][ T497] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.855145][ T497] bond0 (unregistering): Released all slaves [ 71.895402][ T7117] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff888121379340 (size 32): comm "syz-executor138", pid 7118, jiffies 4294943875 (age 7.840s) hex dump (first 32 bytes): 40 e9 11 84 ff ff ff ff d8 0a b4 83 ff ff ff ff @............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000005c57b8f8>] kmem_cache_alloc_trace+0x145/0x2c0 [<000000005e5d1167>] genl_rcv_msg+0x385/0x580 [<00000000f3f6d30b>] netlink_rcv_skb+0x61/0x170 [<000000007bebabc8>] genl_rcv+0x29/0x40 [<0000000013f3b7b9>] netlink_unicast+0x223/0x310 [<00000000bd3e2e68>] netlink_sendmsg+0x29f/0x550 [<0000000061329f0f>] sock_sendmsg+0x54/0x70 [<000000006ede6ef7>] ____sys_sendmsg+0x2d0/0x300 [<000000008306e582>] ___sys_sendmsg+0x9c/0x100 [<00000000194a34f7>] __sys_sendmsg+0x80/0xf0 [<00000000a228fcfc>] __x64_sys_sendmsg+0x23/0x30 [<0000000035c29044>] do_syscall_64+0x73/0x220 [<000000005e1aef5b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9