[ 23.720637][ T25] audit: type=1804 audit(1569323797.963:46): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="init" name="/run/utmp" dev="sda1" ino=1421 res=1 [ 23.741313][ T25] audit: type=1804 audit(1569323797.993:47): pid=6854 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="init" name="/run/utmp" dev="sda1" ino=1421 res=1 [ 23.761699][ T25] audit: type=1804 audit(1569323797.993:48): pid=6852 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="init" name="/run/utmp" dev="sda1" ino=1421 res=1 [ 23.786081][ T25] audit: type=1804 audit(1569323798.023:49): pid=6852 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="getty" name="/run/utmp" dev="sda1" ino=1421 res=1 [ 23.806418][ T25] audit: type=1804 audit(1569323798.023:50): pid=6848 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="init" name="/run/utmp" dev="sda1" ino=1421 res=1 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.968638][ T25] kauditd_printk_skb: 11 callbacks suppressed [ 46.968645][ T25] audit: type=1400 audit(1569323821.213:62): avc: denied { map } for pid=6870 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. [ 996.890803][ T25] audit: type=1400 audit(1569324771.133:63): avc: denied { map } for pid=6877 comm="syz-executor098" path="/root/syz-executor098620413" dev="sda1" ino=16463 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 1003.686944][ T6878] IPVS: ftp: loaded support on port[0] = 21 [ 1003.705042][ T6878] chnl_net:caif_netlink_parms(): no params data found [ 1003.716299][ T6878] bridge0: port 1(bridge_slave_0) entered blocking state [ 1003.732028][ T6878] bridge0: port 1(bridge_slave_0) entered disabled state [ 1003.739306][ T6878] device bridge_slave_0 entered promiscuous mode [ 1003.746005][ T6878] bridge0: port 2(bridge_slave_1) entered blocking state [ 1003.753188][ T6878] bridge0: port 2(bridge_slave_1) entered disabled state [ 1003.760453][ T6878] device bridge_slave_1 entered promiscuous mode [ 1003.769364][ T6878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1003.778735][ T6878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1003.790008][ T6878] team0: Port device team_slave_0 added [ 1003.795893][ T6878] team0: Port device team_slave_1 added [ 1003.853511][ T6878] device hsr_slave_0 entered promiscuous mode [ 1003.903078][ T6878] device hsr_slave_1 entered promiscuous mode [ 1003.964794][ T6878] bridge0: port 2(bridge_slave_1) entered blocking state [ 1003.971818][ T6878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1003.979117][ T6878] bridge0: port 1(bridge_slave_0) entered blocking state [ 1003.986121][ T6878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1003.998876][ T6878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1004.007010][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1004.014577][ T6882] bridge0: port 1(bridge_slave_0) entered disabled state [ 1004.021785][ T6882] bridge0: port 2(bridge_slave_1) entered disabled state [ 1004.029184][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1004.038021][ T6878] 8021q: adding VLAN 0 to HW filter on device team0 [ 1004.045695][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1004.053809][ T2721] bridge0: port 1(bridge_slave_0) entered blocking state [ 1004.060844][ T2721] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1004.072470][ T6878] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1004.083027][ T6878] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1004.094117][ T6883] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1004.102295][ T6883] bridge0: port 2(bridge_slave_1) entered blocking state [ 1004.109344][ T6883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1004.117088][ T6883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1004.125150][ T6883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1004.133135][ T6883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1004.140969][ T6883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1004.148903][ T6883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1004.156131][ T6883] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program [ 1004.165371][ T6878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1004.180146][ T25] audit: type=1400 audit(1569324778.423:64): avc: denied { associate } for pid=6878 comm="syz-executor098" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 executing program [ 1011.296046][ T6878] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff888120a08380 (size 64): comm "syz-executor098", pid 6890, jiffies 4295037699 (age 14.130s) hex dump (first 32 bytes): 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ c8 a0 3e 17 82 88 ff ff 00 00 00 00 00 00 00 00 ..>............. backtrace: [<0000000035dfbfb0>] kmem_cache_alloc+0x13f/0x2c0 [<000000000172dc87>] sctp_get_port_local+0x189/0x5a0 [<00000000b78753bb>] sctp_do_bind+0xcc/0x200 [<00000000b274c79b>] sctp_bind+0x44/0x70 [<00000000bd3a8b93>] inet_bind+0x40/0xc0 [<000000008fadd132>] __sys_bind+0x11c/0x140 [<0000000090c4674e>] __x64_sys_bind+0x1e/0x30 [<00000000758e01f2>] do_syscall_64+0x73/0x1f0 [<00000000dae58f41>] entry_SYSCALL_64_after_hwframe+0x44/0xa9