[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[ 25.452778][ T25] audit: type=1400 audit(1584936774.527:37): avc: denied { watch } for pid=6999 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [?25l[?1c7[1[ 25.479052][ T25] audit: type=1400 audit(1584936774.527:38): avc: denied { watch } for pid=6999 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 G[ ok [39;[ 25.506285][ T25] audit: type=1800 audit(1584936774.577:39): pid=6903 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 49m8[?25h[?0c[ 25.528227][ T25] audit: type=1800 audit(1584936774.577:40): pid=6903 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 . Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.512799][ T25] audit: type=1400 audit(1584936778.587:41): avc: denied { map } for pid=7081 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts. [ 76.580092][ T25] audit: type=1400 audit(1584936825.647:42): avc: denied { map } for pid=7096 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/03/23 04:13:45 parsed 1 programs [ 77.840401][ T25] audit: type=1400 audit(1584936826.907:43): avc: denied { integrity } for pid=7096 comm="syz-execprog" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 77.842792][ T3823] kmemleak: Automatic memory scanning thread ended [ 77.866851][ T25] audit: type=1400 audit(1584936826.907:44): avc: denied { map } for pid=7096 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=16993 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2020/03/23 04:13:53 executed programs: 0 [ 84.777656][ T7115] IPVS: ftp: loaded support on port[0] = 21 [ 84.799082][ T7115] chnl_net:caif_netlink_parms(): no params data found [ 84.818037][ T7115] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.825424][ T7115] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.832789][ T7115] device bridge_slave_0 entered promiscuous mode [ 84.839890][ T7115] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.847298][ T7115] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.854782][ T7115] device bridge_slave_1 entered promiscuous mode [ 84.864437][ T7115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.874473][ T7115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.886585][ T7115] team0: Port device team_slave_0 added [ 84.893043][ T7115] team0: Port device team_slave_1 added [ 84.901362][ T7115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.908809][ T7115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.934862][ T7115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.946223][ T7115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.953164][ T7115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.980218][ T7115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.053066][ T7115] device hsr_slave_0 entered promiscuous mode [ 85.092486][ T7115] device hsr_slave_1 entered promiscuous mode [ 85.150007][ T25] audit: type=1400 audit(1584936834.217:45): avc: denied { create } for pid=7115 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 85.175991][ T7115] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.182441][ T25] audit: type=1400 audit(1584936834.247:46): avc: denied { write } for pid=7115 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 85.207877][ T25] audit: type=1400 audit(1584936834.247:47): avc: denied { read } for pid=7115 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 85.213756][ T7115] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.293380][ T7115] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.353371][ T7115] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.418882][ T7115] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.426110][ T7115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.433360][ T7115] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.440395][ T7115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.461563][ T7115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.471564][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.489602][ T7122] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.497496][ T7122] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.505342][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 85.514152][ T7115] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.522479][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.530863][ T476] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.537902][ T476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.552689][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.560840][ T7122] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.567870][ T7122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.575349][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.583695][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.592898][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.600856][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.610095][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.619031][ T7115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.630303][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.637843][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.647471][ T7115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.659352][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.671496][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.679755][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.687275][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.696018][ T7115] device veth0_vlan entered promiscuous mode [ 85.704567][ T7115] device veth1_vlan entered promiscuous mode [ 85.716757][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.724489][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.732132][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.741624][ T7115] device veth0_macvtap entered promiscuous mode [ 85.749555][ T7115] device veth1_macvtap entered promiscuous mode [ 85.760154][ T7115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.767373][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.775827][ T7122] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.785113][ T7115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.792594][ T476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.835408][ T25] audit: type=1400 audit(1584936834.907:48): avc: denied { associate } for pid=7115 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 85.891079][ T7143] ubi0: attaching mtd0 [ 85.895586][ T7143] ubi0: scanning is finished [ 85.900182][ T7143] ubi0: empty MTD device detected [ 85.923057][ T7143] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 85.930534][ T7143] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 85.937761][ T7143] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 85.944815][ T7143] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 85.952173][ T7143] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 85.959445][ T7143] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 85.967514][ T7143] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2193331804 [ 85.977616][ T7143] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 85.987644][ T7145] ubi0: background thread "ubi_bgt0d" started, PID 7145 2020/03/23 04:14:01 executed programs: 1 [ 92.081279][ T7148] ubi0: detaching mtd0 [ 92.085947][ T7148] ubi0: mtd0 is detached [ 92.090318][ T7148] ubi0: attaching mtd0 [ 92.094536][ T7148] ubi0: scanning is finished [ 92.123033][ T7148] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 92.130521][ T7148] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 92.137866][ T7148] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 92.144818][ T7148] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 92.152155][ T7148] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 92.158936][ T7148] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 92.166917][ T7148] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2193331804 [ 92.176893][ T7148] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 92.186784][ T7149] ubi0: background thread "ubi_bgt0d" started, PID 7149 [ 92.198808][ T7150] ubi0: detaching mtd0 [ 92.203326][ T7150] ubi0: mtd0 is detached [ 92.207715][ T7150] ubi0: attaching mtd0 [ 92.212055][ T7150] ubi0: scanning is finished [ 92.243231][ T7150] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 92.250722][ T7150] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 92.258541][ T7150] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 92.265479][ T7150] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 92.272845][ T7150] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 92.279774][ T7150] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 92.287887][ T7150] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2193331804 [ 92.298470][ T7150] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 92.308617][ T7152] ubi0: background thread "ubi_bgt0d" started, PID 7152 2020/03/23 04:14:07 executed programs: 3 [ 98.395806][ T7155] ubi0: detaching mtd0 [ 98.400354][ T7155] ubi0: mtd0 is detached [ 98.405081][ T7155] ubi0: attaching mtd0 [ 98.409690][ T7155] ubi0: scanning is finished [ 98.443004][ T7155] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 98.450578][ T7155] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 98.458025][ T7155] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 98.465041][ T7155] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 98.472875][ T7155] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 98.479629][ T7155] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 98.489078][ T7155] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2193331804 [ 98.499054][ T7155] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 98.509225][ T7156] ubi0: background thread "ubi_bgt0d" started, PID 7156 [ 98.521161][ T7157] ubi0: detaching mtd0 [ 98.525574][ T7157] ubi0: mtd0 is detached [ 98.530121][ T7157] ubi0: attaching mtd0 [ 98.534624][ T7157] ubi0: scanning is finished [ 98.572998][ T7157] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 98.580885][ T7157] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 98.588204][ T7157] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 98.595159][ T7157] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 98.602528][ T7157] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 98.609301][ T7157] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 98.617283][ T7157] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2193331804 [ 98.627253][ T7157] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 98.637350][ T7159] ubi0: background thread "ubi_bgt0d" started, PID 7159 2020/03/23 04:14:13 executed programs: 5 [ 104.724575][ T7162] ubi0: detaching mtd0 [ 104.729223][ T7162] ubi0: mtd0 is detached [ 104.733724][ T7162] ubi0: attaching mtd0 [ 104.738014][ T7162] ubi0: scanning is finished [ 104.793003][ T7162] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 104.800560][ T7162] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 104.807903][ T7162] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 104.814830][ T7162] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 104.822166][ T7162] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 104.828990][ T7162] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 104.836967][ T7162] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2193331804 [ 104.846976][ T7162] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 104.856948][ T7163] ubi0: background thread "ubi_bgt0d" started, PID 7163 [ 104.869014][ T7164] ubi0: detaching mtd0 [ 104.873560][ T7164] ubi0: mtd0 is detached [ 104.877927][ T7164] ubi0: attaching mtd0 [ 104.882121][ T7164] ubi0: scanning is finished [ 104.922949][ T7164] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 104.930601][ T7164] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 104.937920][ T7164] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 104.944851][ T7164] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 104.952203][ T7164] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 104.959262][ T7164] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 104.967345][ T7164] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2193331804 [ 104.978292][ T7164] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 104.988275][ T7166] ubi0: background thread "ubi_bgt0d" started, PID 7166 2020/03/23 04:14:20 executed programs: 7 [ 111.067150][ T7169] ubi0: detaching mtd0 [ 111.071743][ T7169] ubi0: mtd0 is detached [ 111.076262][ T7169] ubi0: attaching mtd0 [ 111.080438][ T7169] ubi0: scanning is finished [ 111.112903][ T7169] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 111.120514][ T7169] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 111.127727][ T7169] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 111.134690][ T7169] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 111.142029][ T7169] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 111.149210][ T7169] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 111.157409][ T7169] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2193331804 [ 111.167526][ T7169] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 111.177673][ T7170] ubi0: background thread "ubi_bgt0d" started, PID 7170 [ 111.189555][ T7171] ubi0: detaching mtd0 [ 111.194257][ T7171] ubi0: mtd0 is detached [ 111.198674][ T7171] ubi0: attaching mtd0 [ 111.203979][ T7171] ubi0: scanning is finished [ 111.253217][ T7171] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 111.260773][ T7171] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 111.268133][ T7171] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 111.275102][ T7171] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 111.282535][ T7171] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 111.289267][ T7171] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 111.297312][ T7171] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2193331804 [ 111.307287][ T7171] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 111.317399][ T7173] ubi0: background thread "ubi_bgt0d" started, PID 7173 [ 117.278137][ T7174] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff888122b7b820 (size 32): comm "syz-executor.0", pid 7143, jiffies 4294945854 (age 33.510s) hex dump (first 32 bytes): 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........"....... 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 ................ backtrace: [<000000002fa254db>] erase_aeb+0x25/0x110 [<000000007af6081d>] ubi_wl_init+0x193/0x5c0 [<00000000cf818333>] ubi_attach+0x611/0x18ba [<00000000ca65afe5>] ubi_attach_mtd_dev+0x584/0xca0 [<00000000a7d8b84d>] ctrl_cdev_ioctl+0x143/0x1b0 [<00000000cf9f4f88>] ksys_ioctl+0xa6/0xd0 [<00000000186631f9>] __x64_sys_ioctl+0x1a/0x20 [<00000000d15f6ef6>] do_syscall_64+0x6e/0x220 [<000000002ca78120>] entry_SYSCALL_64_after_hwframe+0x44/0xa9