[ 25.310144][ T24] audit: type=1800 audit(1562826064.349:32): pid=6799 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 25.861433][ T24] audit: type=1800 audit(1562826064.899:33): pid=6799 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.020064][ T24] kauditd_printk_skb: 1 callbacks suppressed [ 31.020071][ T24] audit: type=1400 audit(1562826070.059:35): avc: denied { map } for pid=6970 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. [ 104.494677][ T24] audit: type=1400 audit(1562826143.539:36): avc: denied { map } for pid=6985 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/07/11 06:22:24 parsed 1 programs [ 105.527784][ T24] audit: type=1400 audit(1562826144.569:37): avc: denied { map } for pid=6985 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=145 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 105.530098][ T3784] kmemleak: Automatic memory scanning thread ended 2019/07/11 06:22:32 executed programs: 0 [ 113.602425][ T7000] IPVS: ftp: loaded support on port[0] = 21 [ 113.624901][ T7000] chnl_net:caif_netlink_parms(): no params data found [ 113.643847][ T7000] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.652199][ T7000] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.661075][ T7000] device bridge_slave_0 entered promiscuous mode [ 113.670783][ T7000] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.681127][ T7000] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.689893][ T7000] device bridge_slave_1 entered promiscuous mode [ 113.700761][ T7000] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 113.710524][ T7000] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 113.722225][ T7000] team0: Port device team_slave_0 added [ 113.729198][ T7000] team0: Port device team_slave_1 added [ 113.774306][ T7000] device hsr_slave_0 entered promiscuous mode [ 113.813734][ T7000] device hsr_slave_1 entered promiscuous mode [ 113.855938][ T7000] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.866256][ T7000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.874735][ T7000] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.882905][ T7000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.898824][ T7000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.908703][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 113.918331][ T25] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.927631][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.936488][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 113.946644][ T7000] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.957916][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 113.970553][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.980036][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.994692][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 114.004550][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.012844][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.022457][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 114.031203][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 114.041330][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 114.049653][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 114.060229][ T7000] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 114.077376][ T7000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 114.085666][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 114.099026][ T7000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.117309][ T24] audit: type=1400 audit(1562826153.159:38): avc: denied { associate } for pid=7000 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2019/07/11 06:22:39 executed programs: 1 2019/07/11 06:22:39 result: hanged=false err=executor 0: exit status 67 setns(netns) failed (errno 9) child failed (errno 0) loop exited with status 67 setns(netns) failed (errno 9) child failed (errno 0) loop exited with status 67 [ 120.141928][ T7018] IPVS: ftp: loaded support on port[0] = 21 [ 120.161622][ T7018] chnl_net:caif_netlink_parms(): no params data found [ 120.174139][ T7018] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.181215][ T7018] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.189279][ T7018] device bridge_slave_0 entered promiscuous mode [ 120.205958][ T7018] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.213545][ T7018] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.220879][ T7018] device bridge_slave_1 entered promiscuous mode [ 120.230224][ T7018] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 120.239106][ T7018] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 120.255266][ T7018] team0: Port device team_slave_0 added [ 120.261443][ T7018] team0: Port device team_slave_1 added [ 120.344239][ T7018] device hsr_slave_0 entered promiscuous mode [ 120.403630][ T7018] device hsr_slave_1 entered promiscuous mode [ 120.459564][ T7018] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.467018][ T7018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.476528][ T7018] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.485063][ T7018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.500232][ T7018] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.509278][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.518197][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.525845][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.540046][ T7018] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.548433][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.557182][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.564317][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.581213][ T7018] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 120.593117][ T7018] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 120.609904][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.618506][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.628742][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.641702][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.651382][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.664600][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.673728][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.682290][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.690792][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.707016][ T7018] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.083716][ T2772] device bridge_slave_1 left promiscuous mode [ 121.096557][ T2772] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.173951][ T2772] device bridge_slave_0 left promiscuous mode [ 121.180206][ T2772] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.435184][ T2772] device hsr_slave_1 left promiscuous mode [ 121.514682][ T2772] device hsr_slave_0 left promiscuous mode [ 121.544859][ T2772] team0 (unregistering): Port device team_slave_1 removed [ 121.553370][ T2772] team0 (unregistering): Port device team_slave_0 removed [ 121.562115][ T2772] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 121.684399][ T2772] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 121.747599][ T2772] bond0 (unregistering): Released all slaves 2019/07/11 06:22:45 executed programs: 3 [ 127.470440][ T7037] kmemleak: 6 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff888121bd4180 (size 64): comm "softirq", pid 0, jiffies 4294948631 (age 20.610s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 e0 dc a0 20 81 88 ff ff ........... .... 00 00 00 00 00 00 00 00 50 a1 16 83 ff ff ff ff ........P....... backtrace: [<0000000044a983e5>] kmem_cache_alloc_trace+0x13d/0x280 [<0000000020211b67>] batadv_tvlv_handler_register+0xa3/0x170 [<00000000dd741d22>] batadv_tt_init+0x78/0x180 [<000000004ddc392f>] batadv_mesh_init+0x196/0x230 [<000000008642fd95>] batadv_softif_init_late+0x1ca/0x220 [<0000000090e3982e>] register_netdevice+0xbf/0x600 [<0000000041c03e58>] __rtnl_newlink+0xaca/0xb30 [<000000001a42ca38>] rtnl_newlink+0x4e/0x80 [<00000000da84729c>] rtnetlink_rcv_msg+0x178/0x4b0 [<00000000924589ed>] netlink_rcv_skb+0x61/0x170 [<00000000e174235e>] rtnetlink_rcv+0x1d/0x30 [<00000000519ba418>] netlink_unicast+0x1ec/0x2d0 [<00000000184d9ca2>] netlink_sendmsg+0x26a/0x480 [<00000000cf6f88e1>] sock_sendmsg+0x54/0x70 [<000000004d1546af>] __sys_sendto+0x148/0x1f0 [<000000004fa15999>] __x64_sys_sendto+0x2a/0x30 BUG: memory leak unreferenced object 0xffff8881208c2a80 (size 128): comm "syz-executor.0", pid 7000, jiffies 4294948641 (age 20.510s) hex dump (first 32 bytes): f0 c8 18 21 81 88 ff ff f0 c8 18 21 81 88 ff ff ...!.......!.... 96 06 24 2d 83 b3 92 9c 4f 1f 95 8a 00 00 00 00 ..$-....O....... backtrace: [<0000000044a983e5>] kmem_cache_alloc_trace+0x13d/0x280 [<00000000991c13d7>] hsr_create_self_node+0x42/0x150 [<000000009853a1b3>] hsr_dev_finalize+0xa4/0x233 [<000000002d12132d>] hsr_newlink+0xf3/0x140 [<00000000f32430e1>] __rtnl_newlink+0x892/0xb30 [<000000001a42ca38>] rtnl_newlink+0x4e/0x80 [<00000000da84729c>] rtnetlink_rcv_msg+0x178/0x4b0 [<00000000924589ed>] netlink_rcv_skb+0x61/0x170 [<00000000e174235e>] rtnetlink_rcv+0x1d/0x30 [<00000000519ba418>] netlink_unicast+0x1ec/0x2d0 [<00000000184d9ca2>] netlink_sendmsg+0x26a/0x480 [<00000000cf6f88e1>] sock_sendmsg+0x54/0x70 [<000000004d1546af>] __sys_sendto+0x148/0x1f0 [<000000004fa15999>] __x64_sys_sendto+0x2a/0x30 [<00000000bb93ef14>] do_syscall_64+0x76/0x1a0 [<000000009801b4fe>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888120b2f1c0 (size 64): comm "syz-executor.0", pid 7000, jiffies 4294948641 (age 20.510s) hex dump (first 32 bytes): 00 d4 61 29 81 88 ff ff 00 02 00 00 00 00 ad de ..a)............ 00 c0 18 21 81 88 ff ff c0 c8 18 21 81 88 ff ff ...!.......!.... backtrace: [<0000000044a983e5>] kmem_cache_alloc_trace+0x13d/0x280 [<00000000e4a4c2fe>] hsr_add_port+0xe7/0x220 [<0000000090ca9226>] hsr_dev_finalize+0x14f/0x233 [<000000002d12132d>] hsr_newlink+0xf3/0x140 [<00000000f32430e1>] __rtnl_newlink+0x892/0xb30 [<000000001a42ca38>] rtnl_newlink+0x4e/0x80 [<00000000da84729c>] rtnetlink_rcv_msg+0x178/0x4b0 [<00000000924589ed>] netlink_rcv_skb+0x61/0x170 [<00000000e174235e>] rtnetlink_rcv+0x1d/0x30 [<00000000519ba418>] netlink_unicast+0x1ec/0x2d0 [<00000000184d9ca2>] netlink_sendmsg+0x26a/0x480 [<00000000cf6f88e1>] sock_sendmsg+0x54/0x70 [<000000004d1546af>] __sys_sendto+0x148/0x1f0 [<000000004fa15999>] __x64_sys_sendto+0x2a/0x30 [<00000000bb93ef14>] do_syscall_64+0x76/0x1a0 [<000000009801b4fe>] entry_SYSCALL_64_after_hwframe+0x44/0xa9