[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 12.788696] sshd (3037) used greatest stack depth: 15056 bytes left [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.914452] audit: type=1400 audit(1513656444.769:6): avc: denied { map } for pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-9,10.128.0.10' (ECDSA) to the list of known hosts. 2017/12/19 04:07:30 fuzzer started [ 25.117923] audit: type=1400 audit(1513656450.972:7): avc: denied { map } for pid=3143 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2017/12/19 04:07:31 dialing manager at 10.128.0.26:32873 2017/12/19 04:07:33 kcov=true, comps=true [ 28.052067] audit: type=1400 audit(1513656453.906:8): avc: denied { map } for pid=3143 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1085 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2017/12/19 04:07:34 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f000028a000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 2017/12/19 04:07:35 executing program 7: mmap(&(0x7f0000000000/0xc000)=nil, 0xc000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f000000b000)='net/icmp\x00') ioctl$KVM_CREATE_PIT2(r0, 0xc0189436, &(0x7f000000a000)={0x0, [0x0, 0x0, 0x0, 0x2, 0x0, 0x7412, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0]}) 2017/12/19 04:07:35 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000f5b000-0x4)=0x0, &(0x7f0000da0000)=0x4) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000591000)={0x0, {0x2, 0x0, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x2, 0x0, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x2, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2017/12/19 04:07:35 executing program 4: mmap(&(0x7f0000000000/0xf7f000)=nil, 0xf7f000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000591000-0x58)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000220000)="0a0775b0d5e383e5b3b60ced5c54dbb7295df0df8217ad4000000000000000e6", 0x20) r1 = accept$alg(r0, 0x0, 0x0) io_setup(0x1, &(0x7f0000479000)=0x0) io_submit(r2, 0x1, &(0x7f0000738000)=[&(0x7f0000f74000-0x40)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f000079a000)="16", 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff}]) 2017/12/19 04:07:35 executing program 1: mmap(&(0x7f0000000000/0x288000)=nil, 0x288000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000276000)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000285000)={0x0, 0x0}, &(0x7f0000288000-0x4)=0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000280000)={@generic="375e0f271b4adc52d361c4f877a9aab5", @ifru_map={0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}) ioctl$TUNGETVNETHDRSZ(r0, 0x800454dd, &(0x7f0000285000)=0x0) 2017/12/19 04:07:35 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000401000-0x12)='/dev/input/event#\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000f48000)=0x8) 2017/12/19 04:07:35 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f000028a000)='/dev/hwrng\x00', 0x0, 0x0) fstatfs(r0, &(0x7f0000fe0000-0x1000)=""/4096) 2017/12/19 04:07:35 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000e87000-0x4)=0x40000000000003fe, 0x4) bind$inet6(r0, &(0x7f0000e8a000-0x1c)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) [ 29.131248] audit: type=1400 audit(1513656454.985:9): avc: denied { map } for pid=3143 comm="syz-fuzzer" path="/root/syzkaller-shm110417622" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 30.195327] audit: type=1400 audit(1513656456.050:10): avc: denied { sys_admin } for pid=3186 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.447671] audit: type=1400 audit(1513656456.302:11): avc: denied { sys_chroot } for pid=3347 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.503114] audit: type=1400 audit(1513656456.357:12): avc: denied { net_admin } for pid=3387 comm="syz-executor1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/19 04:07:36 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$tun(&(0x7f0000c7f000-0xd)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00001aa000+0x9be)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_map={0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000769000-0x20)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_addrs={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) connect$inet(r0, &(0x7f0000561000)={0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) getpeername$inet(r0, &(0x7f00006c3000)={0x0, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000e45000)=0x10) 2017/12/19 04:07:36 executing program 7: [ 30.550539] audit: type=1400 audit(1513656456.405:13): avc: denied { dac_override } for pid=3396 comm="syz-executor7" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/19 04:07:36 executing program 5: 2017/12/19 04:07:36 executing program 7: 2017/12/19 04:07:36 executing program 5: 2017/12/19 04:07:36 executing program 2: 2017/12/19 04:07:36 executing program 1: 2017/12/19 04:07:36 executing program 3: 2017/12/19 04:07:36 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) fstat(r0, &(0x7f0000ea7000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(r1, 0x0, 0x0) 2017/12/19 04:07:36 executing program 7: 2017/12/19 04:07:36 executing program 5: [ 30.700322] BUG: unable to handle kernel paging request at ffffffff00000001 [ 30.707446] IP: crypto_chacha20_crypt+0x557/0xbd0 [ 30.712255] PGD 6228067 P4D 6228067 PUD 0 [ 30.716461] Oops: 0000 [#1] SMP KASAN [ 30.720226] Dumping ftrace buffer: [ 30.723732] (ftrace buffer empty) [ 30.727407] Modules linked in: [ 30.730567] CPU: 1 PID: 3429 Comm: syz-executor4 Not tainted 4.15.0-rc2-mm1+ #39 [ 30.738067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.747404] RIP: 0010:crypto_chacha20_crypt+0x557/0xbd0 [ 30.752732] RSP: 0018:ffff8801bc0c7680 EFLAGS: 00010246 [ 30.758061] RAX: ffff8801bc0c76f0 RBX: 00000000e6000000 RCX: ffffffff8226f20b [ 30.765298] RDX: 0000000000000000 RSI: ffffc90003209000 RDI: ffff8801bc0c771c [ 30.772534] RBP: ffff8801bc0c78a0 R08: ffffed0038ff799c R09: ffff8801c7fbccc0 [ 30.779770] R10: ffff8801bc0c78b8 R11: ffffed0038ff799b R12: 0000000000000000 [ 30.787010] R13: ffffffff00000001 R14: 0000000000000000 R15: dffffc0000000000 [ 30.794251] FS: 00007fce9edb1700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 30.802445] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.808294] CR2: ffffffff00000001 CR3: 00000001bea7a004 CR4: 00000000001606e0 [ 30.815531] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.822785] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.830035] Call Trace: [ 30.832598] ? crypto_chacha20_setkey+0xc0/0xc0 [ 30.837242] ? rcu_read_lock_sched_held+0x108/0x120 [ 30.842230] ? sock_kmalloc+0x112/0x190 [ 30.846175] ? refcount_inc_not_zero+0xfe/0x180 [ 30.850813] ? refcount_add+0x60/0x60 [ 30.854580] ? lock_sock_nested+0x91/0x110 [ 30.858782] ? trace_hardirqs_on+0xd/0x10 [ 30.862903] skcipher_recvmsg+0x739/0xf20 [ 30.867019] ? skcipher_recvmsg+0x739/0xf20 [ 30.871317] ? skcipher_release+0x50/0x50 [ 30.875435] ? selinux_socket_recvmsg+0x36/0x40 [ 30.880073] ? security_socket_recvmsg+0x91/0xc0 [ 30.884798] ? skcipher_release+0x50/0x50 [ 30.888916] sock_recvmsg+0xc9/0x110 [ 30.892599] sock_read_iter+0x361/0x560 [ 30.896542] ? sock_recvmsg+0x110/0x110 [ 30.900482] ? selinux_file_permission+0x82/0x460 [ 30.905297] ? rw_verify_area+0xe5/0x2b0 [ 30.909327] aio_read+0x2b0/0x3a0 [ 30.912761] ? aio_write+0x5a0/0x5a0 [ 30.916445] ? lock_downgrade+0x980/0x980 [ 30.920574] ? lock_release+0xda0/0xda0 [ 30.924527] ? __might_sleep+0x95/0x190 [ 30.928471] do_io_submit+0xf99/0x14f0 [ 30.932327] ? do_io_submit+0xf99/0x14f0 [ 30.936362] ? aio_read+0x3a0/0x3a0 [ 30.939957] ? lock_downgrade+0x980/0x980 [ 30.944073] ? SyS_io_setup+0x10e/0x390 [ 30.948021] ? lock_release+0xda0/0xda0 [ 30.951982] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.956967] SyS_io_submit+0x27/0x30 [ 30.960649] ? SyS_io_submit+0x27/0x30 [ 30.964508] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 30.969229] RIP: 0033:0x452a09 [ 30.972386] RSP: 002b:00007fce9edb0c58 EFLAGS: 00000212 ORIG_RAX: 00000000000000d1 [ 30.980061] RAX: ffffffffffffffda RBX: 00007fce9edb1700 RCX: 0000000000452a09 [ 30.987297] RDX: 0000000020738000 RSI: 0000000000000001 RDI: 00007fce9ed90000 [ 30.994536] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 31.001774] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 31.009013] R13: 0000000000a2f7ff R14: 00007fce9edb19c0 R15: 0000000000000000 [ 31.016258] Code: df 89 9d 7c fe ff ff 48 c1 ea 03 0f b6 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 99 05 00 00 48 8b 85 28 fe ff ff <41> 8b 5d 00 48 8d 78 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa [ 31.035355] RIP: crypto_chacha20_crypt+0x557/0xbd0 RSP: ffff8801bc0c7680 [ 31.042158] CR2: ffffffff00000001 [ 31.045593] ---[ end trace d26759d8a8cf21db ]--- [ 31.050314] Kernel panic - not syncing: Fatal exception [ 31.056024] Dumping ftrace buffer: [ 31.059538] (ftrace buffer empty) [ 31.063214] Kernel Offset: disabled [ 31.066807] Rebooting in 86400 seconds..