[....] Starting enhanced syslogd: rsyslogd[ 15.995524] audit: type=1400 audit(1519722186.362:5): avc: denied { syslog } for pid=3999 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.295175] audit: type=1400 audit(1519722189.661:6): avc: denied { map } for pid=4139 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. 2018/02/27 09:03:16 fuzzer started [ 25.704496] audit: type=1400 audit(1519722196.071:7): avc: denied { map } for pid=4150 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/27 09:03:16 dialing manager at 10.128.0.26:35219 [ 28.484215] can: request_module (can-proto-0) failed. [ 28.493134] can: request_module (can-proto-0) failed. 2018/02/27 09:03:19 kcov=true, comps=true [ 28.991292] audit: type=1400 audit(1519722199.358:8): avc: denied { map } for pid=4150 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1046 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/02/27 09:03:19 executing program 7: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000010c0)=@security={'security\x00', 0xe, 0x4, 0x5a0, 0xffffffff, 0xf0, 0x3e0, 0xf0, 0xffffffff, 0xffffffff, 0x4d0, 0x4d0, 0x4d0, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ipv6={@remote={0xfe, 0x80, [], 0xbb}, @loopback={0x0, 0x1}, [], [], 'eql\x00', 'irlan0\x00'}, 0x0, 0xa8, 0xf0, 0x0, {}, []}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7, 'syz0\x00'}}}, {{@ipv6={@mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80}, [], [], 'bcsf0\x00', 'syzkaller1\x00'}, 0x0, 0x1c8, 0x2f0, 0x0, {}, [@common=@inet=@hashlimit1={0x58, 'hashlimit\x00', 0x1, {'sit0\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0x100, 0x1}}}, @common=@unspec=@conntrack3={0xc8, 'conntrack\x00', 0x3, {{@ipv4=@broadcast=0xffffffff, [], @ipv4=@loopback=0x7f000001, [], @ipv4=@local={0xac, 0x14, 0x14, 0xaa}, [], @ipv6=@local={0xfe, 0x80, [], 0xaa}, [], 0x0, 0x0, 0x0, 0x4e20, 0x4e20, 0x4e20, 0x4e20, 0x220}}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dhcpc_var_run_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0, 0x0, {}, []}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@remote={0xfe, 0x80, [], 0xbb}, 'bcsf0\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x600) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x33, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x4e20, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, {[]}}}}}}}}, &(0x7f00000002c0)) 2018/02/27 09:03:19 executing program 3: mkdir(&(0x7f000002b000)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f000002c000)='./file0\x00', &(0x7f000002cffa)='ramfs\x00', 0x1000818, &(0x7f000000a000)) r0 = creat(&(0x7f000001bff4)='./file0/bus\x00', 0x0) io_setup(0xdee, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f0000000180)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)}]) 2018/02/27 09:03:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fafff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000040)="440f0f880600000097f4f3430f3266baf80cb8dedbf587ef66bafc0cb000ee66ba4100ed0f01cb360f019943000000b805000000b9f2ffff7f0f01c166ba4100b0a9ee47f4", 0x45}], 0x1, 0x0, &(0x7f0000000040)=[], 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x40000073, 0x0, 0x3}]}) dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x0) 2018/02/27 09:03:19 executing program 1: r0 = socket$inet(0xa, 0x801, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000010000)=@nat={'nat\x00', 0x1b, 0x5, 0x358, 0x218, 0x218, 0xffffffff, 0xc8, 0x170, 0x2c0, 0x2c0, 0xffffffff, 0x2c0, 0x2c0, 0x5, &(0x7f0000002fb0), {[{{@uncond, 0x0, 0x90, 0xc8, 0x0, {}, [@common=@socket0={0x20, 'socket\x00'}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @port, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8, 0x0, {}, []}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @multicast1=0xe0000001, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa8, 0x0, {}, []}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x9, @multicast2=0xe0000002, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, @icmp_id, @port}}}}, {{@uncond, 0x0, 0x70, 0xa8, 0x0, {}, []}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x5, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, @dev={0xac, 0x14}, @icmp_id, @gre_key}}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x3b8) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @multicast1=0xe0000001, {[]}}, @icmp=@address_reply={0x12}}}}}, &(0x7f0000000040)) 2018/02/27 09:03:19 executing program 4: rt_sigaction(0x7, &(0x7f0000000040)={0x42a535}, &(0x7f0000c69000), 0x8, &(0x7f0000893000)) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x4, 0x44031, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/arp\x00') 2018/02/27 09:03:19 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f000000f000)={0x10}, 0xc, &(0x7f0000847000)={&(0x7f0000b05000)=@getsa={0x3c, 0x12, 0x21, 0xffffffffffffffff, 0xffffffffffffffff, {@in6=@mcast2={0xff, 0x2, [], 0x1}}, [@srcaddr={0x14, 0xd, @in=@rand_addr}]}, 0x3c}, 0x1}, 0x0) 2018/02/27 09:03:19 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000237fee)='/dev/input/event#\x00', 0x2, 0x28001) write$evdev(r0, &(0x7f0000037fe8)=[{{}, 0x1, 0x4c, 0x2}, {}], 0x30) 2018/02/27 09:03:19 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f000000a000)={&(0x7f000000bfe4)=@in6={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}}, 0x1a, &(0x7f0000010000)=[], 0x0, &(0x7f000000d000)=[]}, 0x0) [ 29.384382] audit: type=1400 audit(1519722199.751:9): avc: denied { map } for pid=4150 comm="syz-fuzzer" path="/root/syzkaller-shm249402776" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.437906] audit: type=1400 audit(1519722199.804:10): avc: denied { sys_admin } for pid=4194 comm="syz-executor1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 29.471279] IPVS: ftp: loaded support on port[0] = 21 [ 29.525203] audit: type=1400 audit(1519722199.891:11): avc: denied { net_admin } for pid=4200 comm="syz-executor5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 29.526221] IPVS: ftp: loaded support on port[0] = 21 [ 29.589432] IPVS: ftp: loaded support on port[0] = 21 [ 29.638365] IPVS: ftp: loaded support on port[0] = 21 [ 29.698208] IPVS: ftp: loaded support on port[0] = 21 [ 29.774568] IPVS: ftp: loaded support on port[0] = 21 [ 29.855626] IPVS: ftp: loaded support on port[0] = 21 [ 29.958131] IPVS: ftp: loaded support on port[0] = 21 [ 31.205476] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.276586] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.319961] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.384501] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.540635] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.614870] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.779858] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.854695] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 34.067858] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.073988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.108124] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.114233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.211710] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.217852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.242994] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.249775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.379872] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.419536] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.463389] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.469523] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.490288] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.503896] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.585897] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.592251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.626581] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.635826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.647431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.667740] audit: type=1400 audit(1519722205.034:12): avc: denied { sys_chroot } for pid=4208 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 34.741749] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.747898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.765919] kasan: CONFIG_KASAN_INLINE enabled [ 34.770624] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 34.773465] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.778038] general protection fault: 0000 [#1] SMP KASAN [ 34.778045] Dumping ftrace buffer: [ 34.789676] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.793104] (ftrace buffer empty) [ 34.793107] Modules linked in: [ 34.793121] CPU: 0 PID: 5412 Comm: syz-executor0 Not tainted 4.16.0-rc3+ #331 [ 34.799163] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.802837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.802852] RIP: 0010:hrtimer_active+0x1da/0x3c0 [ 34.802858] RSP: 0018:ffff8801c085f3c0 EFLAGS: 00010202 [ 34.838488] RAX: 0000000000000008 RBX: 1ffff1003810bea5 RCX: ffffffff81610225 [ 34.845731] RDX: 0000000000010000 RSI: ffffc90004b67000 RDI: 0000000000000010 [ 34.852974] RBP: ffff8801c085f500 R08: 0000000000002c02 R09: 0000000000000000 [ 34.860214] R10: 0000000000000011 R11: ffffed00381c1078 R12: 0000000000000010 [ 34.867457] R13: 0000000000000000 R14: ffffed003810be83 R15: dffffc0000000000 [ 34.874700] FS: 00007f4029e7c700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 34.882901] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.888751] CR2: 00007f4029e5b000 CR3: 00000001c0cf1006 CR4: 00000000001626f0 [ 34.895995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.903242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.910481] Call Trace: [ 34.913053] ? hrtimer_forward+0x2d0/0x2d0 [ 34.917268] ? vmx_update_msr_bitmap+0x13a/0x430 [ 34.922002] ? setup_msrs+0x926/0x1d80 [ 34.925866] ? vmx_set_cr4+0x353/0x610 [ 34.929731] hrtimer_try_to_cancel+0x91/0x5b0 [ 34.934202] ? update_exception_bitmap+0x19a/0x200 [ 34.939103] ? __hrtimer_get_remaining+0x1c0/0x1c0 [ 34.944003] ? vmx_vcpu_reset+0x55f/0xc70 [ 34.948136] ? load_vmcs12_host_state+0x1fa0/0x1fa0 [ 34.953130] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 34.957948] ? kvm_arch_vcpu_load+0x1c1/0x8d0 [ 34.962419] hrtimer_cancel+0x22/0x40 [ 34.966195] kvm_lapic_reset+0x93/0xf40 [ 34.970146] ? kvm_lapic_set_base+0x750/0x750 [ 34.974611] ? kvm_arch_vcpu_free+0x80/0x80 [ 34.978911] kvm_arch_vcpu_setup+0x31/0x50 [ 34.983118] kvm_vm_ioctl+0x52d/0x1cf0 [ 34.986986] ? kvm_set_memory_region+0x50/0x50 [ 34.991546] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.996708] ? find_held_lock+0x35/0x1d0 [ 35.000747] ? avc_has_extended_perms+0x6e5/0x12c0 [ 35.005647] ? lock_downgrade+0x980/0x980 [ 35.009768] ? lock_release+0xa40/0xa40 [ 35.013713] ? trace_hardirqs_off+0x10/0x10 [ 35.018017] ? find_held_lock+0x35/0x1d0 [ 35.022058] ? __fget+0x342/0x5b0 [ 35.025486] ? lock_downgrade+0x980/0x980 [ 35.029606] ? lock_release+0xa40/0xa40 [ 35.033554] ? __lock_is_held+0xb6/0x140 [ 35.037592] ? __fget+0x36b/0x5b0 [ 35.041016] ? lock_release+0xa40/0xa40 [ 35.044965] ? iterate_fd+0x3f0/0x3f0 [ 35.048737] ? check_same_owner+0x320/0x320 [ 35.053036] ? kcov_close+0x20/0x20 [ 35.056634] ? _raw_spin_unlock+0x22/0x30 [ 35.060758] ? kvm_set_memory_region+0x50/0x50 [ 35.065315] do_vfs_ioctl+0x1b1/0x1520 [ 35.069179] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 35.074082] ? ioctl_preallocate+0x2b0/0x2b0 [ 35.078467] ? selinux_capable+0x40/0x40 [ 35.082503] ? finish_task_switch+0x1c1/0x7e0 [ 35.086972] ? lock_downgrade+0x980/0x980 [ 35.091100] ? security_file_ioctl+0x7d/0xb0 [ 35.095485] ? security_file_ioctl+0x89/0xb0 [ 35.099867] SyS_ioctl+0x8f/0xc0 [ 35.103207] ? do_vfs_ioctl+0x1520/0x1520 [ 35.107328] do_syscall_64+0x281/0x940 [ 35.111188] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.115654] ? finish_task_switch+0x1c1/0x7e0 [ 35.120123] ? syscall_return_slowpath+0x550/0x550 [ 35.125025] ? syscall_return_slowpath+0x2ac/0x550 [ 35.129927] ? prepare_exit_to_usermode+0x350/0x350 [ 35.134915] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 35.140254] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.145074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.150235] RIP: 0033:0x453d69 [ 35.153396] RSP: 002b:00007f4029e7bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 35.161073] RAX: ffffffffffffffda RBX: 00007f4029e7c6d4 RCX: 0000000000453d69 [ 35.168317] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000014 [ 35.175558] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 [ 35.182802] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 35.190045] R13: 000000000000020e R14: 00000000006f31f0 R15: 0000000000000001 [ 35.197293] Code: ff ff 48 8d 85 18 ff ff ff 48 c1 e8 03 4e 8d 34 38 e8 1b f2 0f 00 48 8b 85 f0 fe ff ff c6 00 00 48 8b 85 d8 fe ff ff 48 c1 e8 03 <42> 80 3c 38 00 0f 85 c2 01 00 00 48 8b 85 e8 fe ff ff 48 8b 58 [ 35.216393] RIP: hrtimer_active+0x1da/0x3c0 RSP: ffff8801c085f3c0 [ 35.222649] ---[ end trace e9e0a5d71247582f ]--- [ 35.227413] Kernel panic - not syncing: Fatal exception [ 35.233142] Dumping ftrace buffer: [ 35.236657] (ftrace buffer empty) [ 35.240337] Kernel Offset: disabled [ 35.243932] Rebooting in 86400 seconds..