[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 24.266370][ T24] kauditd_printk_skb: 16 callbacks suppressed [ 24.266376][ T24] audit: type=1800 audit(1559127755.434:33): pid=6766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 24.295083][ T24] audit: type=1800 audit(1559127755.434:34): pid=6766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.544442][ T24] audit: type=1400 audit(1559127763.714:35): avc: denied { map } for pid=6969 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.226' (ECDSA) to the list of known hosts. [ 52.643124][ T24] audit: type=1400 audit(1559127783.814:36): avc: denied { map } for pid=6983 comm="syz-executor542" path="/root/syz-executor542098554" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 60.368152][ T6984] IPVS: ftp: loaded support on port[0] = 21 [ 60.388623][ T6984] chnl_net:caif_netlink_parms(): no params data found [ 60.401327][ T6984] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.408586][ T6984] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.416024][ T6984] device bridge_slave_0 entered promiscuous mode [ 60.423347][ T6984] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.430517][ T6984] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.437772][ T6984] device bridge_slave_1 entered promiscuous mode [ 60.447186][ T6984] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.455920][ T6984] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.467158][ T6984] team0: Port device team_slave_0 added [ 60.473203][ T6984] team0: Port device team_slave_1 added [ 60.511140][ T6984] device hsr_slave_0 entered promiscuous mode [ 60.550683][ T6984] device hsr_slave_1 entered promiscuous mode [ 60.603044][ T6984] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.610204][ T6984] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.617713][ T6984] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.624882][ T6984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.640803][ T6984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.649423][ T3523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.657287][ T3523] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.665644][ T3523] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.674022][ T3523] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 60.682790][ T6984] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.690942][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.699050][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.706186][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.719056][ T6984] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.729809][ T6984] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.740967][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.749112][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.756150][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.764335][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.772759][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.780974][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.788966][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready executing program [ 60.798438][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.805752][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.816363][ T6984] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.835787][ T24] audit: type=1400 audit(1559127792.004:37): avc: denied { create } for pid=6992 comm="syz-executor542" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 60.836818][ T6992] FAULT_INJECTION: forcing a failure. [ 60.836818][ T6992] name failslab, interval 1, probability 0, space 0, times 1 [ 60.861283][ T24] audit: type=1400 audit(1559127792.004:38): avc: denied { write } for pid=6992 comm="syz-executor542" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 60.874457][ T6992] CPU: 0 PID: 6992 Comm: syz-executor542 Not tainted 5.2.0-rc2+ #13 [ 60.907151][ T6992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.917231][ T6992] Call Trace: [ 60.920735][ T6992] dump_stack+0xaa/0xd6 [ 60.925039][ T6992] should_fail.cold+0x3c/0x49 [ 60.929727][ T6992] __should_failslab+0x65/0xa0 [ 60.934480][ T6992] should_failslab+0x9/0x14 [ 60.938961][ T6992] kmem_cache_alloc_node+0x35/0x2a0 [ 60.944582][ T6992] __alloc_skb+0x6e/0x210 [ 60.949104][ T6992] ? netlink_autobind.isra.0+0xd7/0x110 [ 60.954712][ T6992] netlink_sendmsg+0x353/0x480 [ 60.959571][ T6992] sock_sendmsg+0x54/0x70 [ 60.963910][ T6992] ___sys_sendmsg+0x393/0x3c0 [ 60.968576][ T6992] ? _parse_integer+0xbf/0xe0 [ 60.973228][ T6992] ? _kstrtoull+0x92/0xd0 [ 60.977537][ T6992] ? kstrtouint+0x76/0xa0 [ 60.981851][ T6992] ? kstrtouint_from_user+0x7f/0xb0 [ 60.987045][ T6992] ? selinux_file_permission+0x30/0x1f0 [ 60.992573][ T6992] ? __fget_light+0x70/0xb0 [ 60.997189][ T6992] ? __fdget+0x1b/0x20 [ 61.001427][ T6992] ? sockfd_lookup_light+0x6c/0xb0 [ 61.006618][ T6992] __sys_sendmsg+0x80/0xf0 [ 61.011229][ T6992] __x64_sys_sendmsg+0x23/0x30 [ 61.016112][ T6992] do_syscall_64+0x76/0x1a0 [ 61.020757][ T6992] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.026999][ T6992] RIP: 0033:0x4426c9 [ 61.030880][ T6992] Code: e8 cc e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.050859][ T6992] RSP: 002b:00007fff36f5bf48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.059242][ T6992] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004426c9 [ 61.067300][ T6992] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 61.075249][ T6992] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000000 [ 61.083300][ T6992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 61.091427][ T6992] R13: 00007fff36f5bfb0 R14: 0000000000000000 R15: 0000000000000000 executing program [ 67.138715][ T6993] netlink: 'syz-executor542': attribute type 12 has an invalid length. [ 67.147165][ T6993] FAULT_INJECTION: forcing a failure. [ 67.147165][ T6993] name failslab, interval 1, probability 0, space 0, times 0 [ 67.159868][ T6993] CPU: 1 PID: 6993 Comm: syz-executor542 Not tainted 5.2.0-rc2+ #13 [ 67.167829][ T6993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.177950][ T6993] Call Trace: [ 67.181212][ T6993] dump_stack+0xaa/0xd6 [ 67.185339][ T6993] should_fail.cold+0x3c/0x49 [ 67.189986][ T6993] __should_failslab+0x65/0xa0 [ 67.194745][ T6993] should_failslab+0x9/0x14 [ 67.199223][ T6993] __kmalloc+0x54/0x2c0 [ 67.203461][ T6993] ? rfkill_alloc+0x7d/0x130 [ 67.208036][ T6993] rfkill_alloc+0x7d/0x130 [ 67.212457][ T6993] wiphy_new_nm+0x5a9/0x820 [ 67.217042][ T6993] ieee80211_alloc_hw_nm+0x158/0x770 [ 67.222317][ T6993] mac80211_hwsim_new_radio+0xad/0x1150 [ 67.227837][ T6993] ? __nla_validate_parse+0x7b/0xab0 [ 67.233092][ T6993] ? security_capable+0x5d/0x80 [ 67.237999][ T6993] hwsim_new_radio_nl+0x369/0x50a [ 67.243015][ T6993] genl_family_rcv_msg+0x2ab/0x5b0 [ 67.248109][ T6993] ? __radix_tree_lookup+0x105/0x130 [ 67.253376][ T6993] genl_rcv_msg+0x54/0x9c [ 67.257671][ T6993] ? genl_family_rcv_msg+0x5b0/0x5b0 [ 67.262922][ T6993] netlink_rcv_skb+0x61/0x170 [ 67.267575][ T6993] genl_rcv+0x29/0x40 [ 67.271532][ T6993] netlink_unicast+0x1ec/0x2d0 [ 67.276265][ T6993] netlink_sendmsg+0x26a/0x480 [ 67.281025][ T6993] sock_sendmsg+0x54/0x70 [ 67.285324][ T6993] ___sys_sendmsg+0x393/0x3c0 [ 67.289972][ T6993] ? _parse_integer+0xbf/0xe0 [ 67.294614][ T6993] ? _kstrtoull+0x92/0xd0 [ 67.298934][ T6993] ? kstrtouint+0x76/0xa0 [ 67.303231][ T6993] ? kstrtouint_from_user+0x7f/0xb0 [ 67.308400][ T6993] ? selinux_file_permission+0x30/0x1f0 [ 67.313939][ T6993] ? __fget_light+0x70/0xb0 [ 67.318419][ T6993] ? __fdget+0x1b/0x20 [ 67.322464][ T6993] ? sockfd_lookup_light+0x6c/0xb0 [ 67.327539][ T6993] __sys_sendmsg+0x80/0xf0 [ 67.331923][ T6993] __x64_sys_sendmsg+0x23/0x30 [ 67.336666][ T6993] do_syscall_64+0x76/0x1a0 [ 67.341155][ T6993] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.347016][ T6993] RIP: 0033:0x4426c9 [ 67.350879][ T6993] Code: e8 cc e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.370455][ T6993] RSP: 002b:00007fff36f5bf48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.378955][ T6993] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004426c9 [ 67.386925][ T6993] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 67.394904][ T6993] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000000 [ 67.402856][ T6993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 67.410809][ T6993] R13: 00007fff36f5bfb0 R14: 0000000000000000 R15: 0000000000000000 [ 73.292727][ T6984] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff88811d8a84e0 (size 32): comm "syz-executor542", pid 6993, jiffies 4294943975 (age 8.330s) hex dump (first 32 bytes): 70 68 79 33 00 74 61 73 6b 2f 36 39 39 33 00 de phy3.task/6993.. 33 33 ff aa aa 28 00 00 00 00 00 00 00 00 00 00 33...(.......... backtrace: [<000000007298dac3>] __kmalloc_track_caller+0x15d/0x2c0 [<000000002d35f1ca>] kvasprintf+0x6d/0xe0 [<00000000a242e8c2>] kvasprintf_const+0x96/0xe0 [<000000009923ecab>] kobject_set_name_vargs+0x40/0xe0 [<0000000031da656f>] dev_set_name+0x63/0x90 [<00000000cb933060>] wiphy_new_nm+0x2d9/0x820 [<00000000fe076c30>] ieee80211_alloc_hw_nm+0x158/0x770 [<000000002d397aa1>] mac80211_hwsim_new_radio+0xad/0x1150 [<00000000de4d0f50>] hwsim_new_radio_nl+0x369/0x50a [<00000000c2565b18>] genl_family_rcv_msg+0x2ab/0x5b0 [<00000000dbd164a1>] genl_rcv_msg+0x54/0x9c [<00000000cfe4f152>] netlink_rcv_skb+0x61/0x170 [<000000001803b485>] genl_rcv+0x29/0x40 [<000000008f236552>] netlink_unicast+0x1ec/0x2d0 [<0000000030d22a07>] netlink_sendmsg+0x26a/0x480 [<00000000b09b44f1>] sock_sendmsg+0x54/0x70