syzkaller login: [ 28.326025][ T25] audit: type=1400 audit(1564771726.650:35): avc: denied { map } for pid=6953 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts. [ 54.252924][ T25] audit: type=1400 audit(1564771752.570:36): avc: denied { map } for pid=6968 comm="syz-executor753" path="/root/syz-executor753751735" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 61.153914][ T6969] IPVS: ftp: loaded support on port[0] = 21 [ 61.172209][ T6969] chnl_net:caif_netlink_parms(): no params data found [ 61.183526][ T6969] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.190611][ T6969] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.198056][ T6969] device bridge_slave_0 entered promiscuous mode [ 61.205144][ T6969] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.212276][ T6969] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.219568][ T6969] device bridge_slave_1 entered promiscuous mode [ 61.228407][ T6969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.237885][ T6969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.249044][ T6969] team0: Port device team_slave_0 added [ 61.254935][ T6969] team0: Port device team_slave_1 added [ 61.273906][ T6969] device hsr_slave_0 entered promiscuous mode [ 61.323207][ T6969] device hsr_slave_1 entered promiscuous mode [ 61.385523][ T6969] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.392678][ T6969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.399901][ T6969] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.406919][ T6969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.420226][ T6969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.428212][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.435792][ T3056] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.443430][ T3056] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.450641][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 61.459426][ T6969] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.467092][ T3547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.475349][ T3547] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.482444][ T3547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.494789][ T6969] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 61.505254][ T6969] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.516284][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.524822][ T3056] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.531839][ T3056] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.539534][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.547574][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.555656][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.563569][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.571483][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.578855][ T3056] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program [ 61.588336][ T6969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.604471][ T6969] netlink: 'syz-executor753': attribute type 10 has an invalid length. [ 61.612926][ T6969] FAULT_INJECTION: forcing a failure. [ 61.612926][ T6969] name failslab, interval 1, probability 0, space 0, times 1 [ 61.625527][ T6969] CPU: 1 PID: 6969 Comm: syz-executor753 Not tainted 5.3.0-rc2+ #95 [ 61.633475][ T6969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.643500][ T6969] Call Trace: [ 61.646810][ T6969] dump_stack+0xaa/0xd6 [ 61.650943][ T6969] should_fail.cold+0x3c/0x49 [ 61.655595][ T6969] __should_failslab+0x65/0xa0 [ 61.660325][ T6969] should_failslab+0x9/0x14 [ 61.664799][ T6969] kmem_cache_alloc_trace+0x2d/0x2c0 [ 61.670056][ T6969] ? kobject_set_name_vargs+0xb4/0xe0 [ 61.675406][ T6969] device_add+0x65b/0x890 [ 61.679708][ T6969] netdev_register_kobject+0xa6/0x1b0 [ 61.685058][ T6969] register_netdevice+0x397/0x600 [ 61.690102][ T6969] ? br_netpoll_disable+0x40/0x40 [ 61.695095][ T6969] br_dev_newlink+0x26/0xb0 [ 61.699564][ T6969] ? br_afspec+0x2f0/0x2f0 [ 61.703947][ T6969] __rtnl_newlink+0x892/0xb30 [ 61.708595][ T6969] ? is_bpf_text_address+0x24/0x30 [ 61.713683][ T6969] ? tomoyo_merge_path_acl+0x39/0x60 [ 61.718939][ T6969] ? tomoyo_same_path_acl+0x60/0x60 [ 61.724111][ T6969] ? debug_smp_processor_id+0x2c/0xd4 [ 61.729455][ T6969] ? rcu_is_watching+0x11/0x50 [ 61.734200][ T6969] ? call_rcu+0xb/0x10 [ 61.738236][ T6969] ? put_object+0x28/0x30 [ 61.742535][ T6969] ? __delete_object+0x41/0x50 [ 61.747265][ T6969] ? delete_object_full+0x18/0x20 [ 61.752335][ T6969] ? bpf_prog_kallsyms_find+0x39/0x140 [ 61.757769][ T6969] ? __rtnl_newlink+0xb30/0xb30 [ 61.762592][ T6969] rtnl_newlink+0x4e/0x80 [ 61.766891][ T6969] rtnetlink_rcv_msg+0x178/0x4b0 [ 61.771796][ T6969] ? rtnl_calcit.isra.0+0x170/0x170 [ 61.777161][ T6969] netlink_rcv_skb+0x61/0x170 [ 61.781802][ T6969] rtnetlink_rcv+0x1d/0x30 [ 61.786196][ T6969] netlink_unicast+0x1ec/0x2d0 [ 61.790927][ T6969] netlink_sendmsg+0x270/0x480 [ 61.795660][ T6969] sock_sendmsg+0x54/0x70 [ 61.799958][ T6969] ___sys_sendmsg+0x393/0x3c0 [ 61.804600][ T6969] ? _parse_integer+0xbf/0xe0 [ 61.809243][ T6969] ? _kstrtoull+0x92/0xd0 [ 61.813573][ T6969] ? kstrtouint+0x76/0xa0 [ 61.817954][ T6969] ? kstrtouint_from_user+0x7f/0xb0 [ 61.823126][ T6969] ? selinux_file_permission+0x30/0x1f0 [ 61.828647][ T6969] ? __fget_light+0x70/0xb0 [ 61.833116][ T6969] ? __fdget+0x1b/0x20 [ 61.837158][ T6969] ? sockfd_lookup_light+0x6c/0xb0 [ 61.842246][ T6969] __sys_sendmsg+0x80/0xf0 [ 61.846645][ T6969] __x64_sys_sendmsg+0x23/0x30 [ 61.851386][ T6969] do_syscall_64+0x76/0x1a0 [ 61.855858][ T6969] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.861717][ T6969] RIP: 0033:0x4424f9 [ 61.865579][ T6969] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.885324][ T6969] RSP: 002b:00007ffed7e663b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.893709][ T6969] RAX: ffffffffffffffda RBX: 00007ffed7e66430 RCX: 00000000004424f9 [ 61.901647][ T6969] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 61.909586][ T6969] RBP: 0000000000000000 R08: 0000000000000002 R09: 00000000bb1414ac [ 61.917528][ T6969] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 61.925470][ T6969] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 [ 63.433240][ T2594] device bridge_slave_1 left promiscuous mode [ 63.439376][ T2594] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.483397][ T2594] device bridge_slave_0 left promiscuous mode [ 63.489595][ T2594] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.673519][ T2594] device hsr_slave_0 left promiscuous mode [ 63.723187][ T2594] device hsr_slave_1 left promiscuous mode [ 63.764361][ T2594] team0 (unregistering): Port device team_slave_1 removed [ 63.772278][ T2594] team0 (unregistering): Port device team_slave_0 removed [ 63.780011][ T2594] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 63.833772][ T2594] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 63.887145][ T2594] bond0 (unregistering): Released all slaves [ 68.058452][ T6968] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff888129536e80 (size 128): comm "syz-executor753", pid 6969, jiffies 4294943434 (age 8.460s) hex dump (first 32 bytes): 09 a9 50 20 81 88 ff ff 00 00 00 00 00 00 00 00 ..P ............ c2 87 e6 96 80 17 01 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006b9afd7e>] kmem_cache_alloc+0x13f/0x2c0 [<000000001bdab6f3>] fdb_create+0x3a/0x530 [<00000000ad2283c2>] fdb_insert+0xb7/0x100 [<000000003219240f>] br_fdb_insert+0x3b/0x60 [<0000000086a89d21>] __vlan_add+0x620/0xde0 [<000000000623387e>] br_vlan_add+0x27e/0x490 [<0000000031d7517c>] br_vlan_init+0xe9/0x130 [<00000000c221bb7e>] br_dev_init+0xa6/0x170 [<00000000a99e4e99>] register_netdevice+0xbf/0x600 [<00000000ca84706d>] br_dev_newlink+0x26/0xb0 [<00000000ad7dd340>] __rtnl_newlink+0x892/0xb30 [<000000003c6321c2>] rtnl_newlink+0x4e/0x80 [<00000000120d2639>] rtnetlink_rcv_msg+0x178/0x4b0 [<00000000973e6f59>] netlink_rcv_skb+0x61/0x170 [<000000001a71dfef>] rtnetlink_rcv+0x1d/0x30 [<000000004954f074>] netlink_unicast+0x1ec/0x2d0 BUG: memory leak unreferenced object 0xffff88811aca3c40 (size 32): comm "syz-executor753", pid 6969, jiffies 4294943434 (age 8.460s) hex dump (first 32 bytes): 62 72 69 64 67 65 31 00 6b 2f 36 39 36 39 00 6d bridge1.k/6969.m 30 00 74 65 00 00 00 00 00 00 00 00 00 00 00 00 0.te............ backtrace: [<00000000134fb0c9>] __kmalloc_track_caller+0x165/0x300 [<0000000023371275>] kstrdup+0x3a/0x70 [<000000000c9057ca>] kstrdup_const+0x48/0x60 [<0000000069f9ab1c>] kvasprintf_const+0x7e/0xe0 [<0000000094f87bfc>] kobject_set_name_vargs+0x40/0xe0 [<00000000400e0504>] dev_set_name+0x63/0x90 [<00000000f350f639>] netdev_register_kobject+0x5a/0x1b0 [<00000000b226d650>] register_netdevice+0x397/0x600 [<00000000ca84706d>] br_dev_newlink+0x26/0xb0 [<00000000ad7dd340>] __rtnl_newlink+0x892/0xb30 [<000000003c6321c2>] rtnl_newlink+0x4e/0x80 [<00000000120d2639>] rtnetlink_rcv_msg+0x178/0x4b0 [<00000000973e6f59>] netlink_rcv_skb+0x61/0x170 [<000000001a71dfef>] rtnetlink_rcv+0x1d/0x30 [<000000004954f074>] netlink_unicast+0x1ec/0x2d0 [<000000004d340424>] netlink_sendmsg+0x270/0x480