[....] Starting enhanced syslogd: rsyslogd[   15.865697] audit: type=1400 audit(1519722169.079:5): avc:  denied  { syslog } for  pid=3932 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.319323] audit: type=1400 audit(1519722171.533:6): avc:  denied  { map } for  pid=4070 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
2018/02/27 09:02:58 fuzzer started
[   24.804425] audit: type=1400 audit(1519722178.018:7): avc:  denied  { map } for  pid=4081 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/02/27 09:02:58 dialing manager at 10.128.0.26:35219
[   27.635876] can: request_module (can-proto-0) failed.
[   27.645091] can: request_module (can-proto-0) failed.
2018/02/27 09:03:01 kcov=true, comps=true
[   28.144721] audit: type=1400 audit(1519722181.358:8): avc:  denied  { map } for  pid=4081 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=9446 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2018/02/27 09:03:01 executing program 7:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000ff7)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000f0a)=""/246)
ioctl$EVIOCGREP(r0, 0x40107446, &(0x7f0000000000)=""/174)

2018/02/27 09:03:01 executing program 0:
fchownat(0xffffffffffffffff, &(0x7f0000001000)='./file0\x00', 0x0, 0x0, 0xd00)

2018/02/27 09:03:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000021ff7)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000713000/0x1000)=nil})

2018/02/27 09:03:01 executing program 1:
r0 = gettid()
timer_create(0x2, &(0x7f0000044000)={0x100000000000002, 0x14, 0x4, @tid=r0}, &(0x7f0000044000))
exit(0x0)
timer_settime(0x0, 0x1, &(0x7f0000040fe0)={{}, {0x0, 0x9}}, &(0x7f0000040000))

2018/02/27 09:03:01 executing program 2:
r0 = socket$nl_generic(0xa, 0x3, 0x10)
r1 = dup2(r0, r0)
ioctl$sock_ifreq(r1, 0x8971, &(0x7f00000000c0)={'ip6_vti0\x00', @ifru_mtu})

2018/02/27 09:03:01 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000091fa8)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001000), 0x0)
r2 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0)
fallocate(r2, 0x0, 0x0, 0x9)
sendfile(r1, r2, &(0x7f0000b89000), 0x8)

2018/02/27 09:03:01 executing program 6:
r0 = socket$inet(0x10, 0x3, 0x10)
sendmsg(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000010fdc)="2300000024009115460000000000001201000000000000270b80ffff00000002007352", 0x23}], 0x1}, 0x0)

2018/02/27 09:03:01 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000021ff7)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
close(r3)
syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000200)="f30f51f5f20f2a8da400baf80c66b8949c298066efbafc0c66ed0f2281a8a10f3803d7bad104ed66b9dd0a000066b89800000066ba000000000f308884faff643e0f2046", 0x44}], 0x1, 0x0, &(0x7f00000002c0)=[], 0x0)

[   28.550731] audit: type=1400 audit(1519722181.764:9): avc:  denied  { map } for  pid=4081 comm="syz-fuzzer" path="/root/syzkaller-shm090832093" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   28.584389] audit: type=1400 audit(1519722181.794:10): avc:  denied  { sys_admin } for  pid=4125 comm="syz-executor7" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   28.600768] IPVS: ftp: loaded support on port[0] = 21
[   28.693895] audit: type=1400 audit(1519722181.907:11): avc:  denied  { net_admin } for  pid=4127 comm="syz-executor7" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   28.696159] IPVS: ftp: loaded support on port[0] = 21
[   28.758187] IPVS: ftp: loaded support on port[0] = 21
[   28.806577] IPVS: ftp: loaded support on port[0] = 21
[   28.877603] IPVS: ftp: loaded support on port[0] = 21
[   28.947406] IPVS: ftp: loaded support on port[0] = 21
[   29.017708] IPVS: ftp: loaded support on port[0] = 21
[   29.120105] IPVS: ftp: loaded support on port[0] = 21
[   30.316687] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.467239] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.485533] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.594720] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.678398] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.751805] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   31.009235] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   31.089270] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   33.238665] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.244792] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.348545] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.354692] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.382140] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.388349] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.511467] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.517584] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.541185] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.588883] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.595059] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.612916] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.632447] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.638557] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.682382] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.788103] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.795926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.807144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.833888] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.835341] audit: type=1400 audit(1519722187.045:12): avc:  denied  { sys_chroot } for  pid=4127 comm="syz-executor7" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   33.899272] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.928058] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.964663] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.970831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.979080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.989321] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   34.008398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   34.023984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.042746] audit: type=1400 audit(1519722187.256:13): avc:  denied  { map } for  pid=5353 comm="syz-executor4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=13282 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1
[   34.072867] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   34.078989] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.093124] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   34.099212] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.140861] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   34.147127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   34.160384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.189304] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   34.195445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   34.204510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.228916] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   34.235151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   34.244568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.250674] audit: type=1400 audit(1519722187.458:14): avc:  denied  { net_raw } for  pid=5389 comm="syz-executor2" capability=13  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   34.280345] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   34.298624] audit: type=1400 audit(1519722187.512:15): avc:  denied  { dac_override } for  pid=5397 comm="syz-executor3" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   34.301988] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   34.387634] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   34.393891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   34.401215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.411466] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   34.417618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   34.424928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.435307] kasan: CONFIG_KASAN_INLINE enabled
[   34.440075] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   34.447466] general protection fault: 0000 [#1] SMP KASAN
[   34.452986] Dumping ftrace buffer:
[   34.456503]    (ftrace buffer empty)
[   34.460185] Modules linked in:
[   34.463352] CPU: 0 PID: 5418 Comm: syz-executor5 Not tainted 4.16.0-rc3+ #331
[   34.470600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.479936] RIP: 0010:hrtimer_active+0x1da/0x3c0
[   34.484661] RSP: 0018:ffff8801d7e773c0 EFLAGS: 00010202
[   34.489994] RAX: 0000000000000008 RBX: 1ffff1003afceea5 RCX: ffffffff81610225
[   34.497237] RDX: 0000000000010000 RSI: ffffc900049f3000 RDI: 0000000000000010
[   34.504478] RBP: ffff8801d7e77500 R08: 0000000000002c02 R09: 0000000000000000
[   34.511718] R10: 0000000000000011 R11: ffffed003af1f078 R12: 0000000000000010
[   34.518957] R13: 0000000000000000 R14: ffffed003afcee83 R15: dffffc0000000000
[   34.526203] FS:  00007f5c59fe3700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[   34.534399] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.540251] CR2: 00007f5c59fc2000 CR3: 00000001cd6d6003 CR4: 00000000001626f0
[   34.547493] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.554734] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.561973] Call Trace:
[   34.564538]  ? hrtimer_forward+0x2d0/0x2d0
[   34.568747]  ? vmx_update_msr_bitmap+0x13a/0x430
[   34.573480]  ? setup_msrs+0x926/0x1d80
[   34.577339]  ? vmx_set_cr4+0x353/0x610
[   34.581206]  hrtimer_try_to_cancel+0x91/0x5b0
[   34.585677]  ? update_exception_bitmap+0x19a/0x200
[   34.590578]  ? __hrtimer_get_remaining+0x1c0/0x1c0
[   34.595481]  ? vmx_vcpu_reset+0x55f/0xc70
[   34.599603]  ? load_vmcs12_host_state+0x1fa0/0x1fa0
[   34.604600]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   34.609416]  ? trace_hardirqs_off+0x10/0x10
[   34.613711]  ? __lock_is_held+0xb6/0x140
[   34.617747]  ? kvm_arch_vcpu_load+0x1c1/0x8d0
[   34.622216]  hrtimer_cancel+0x22/0x40
[   34.625988]  kvm_lapic_reset+0x93/0xf40
[   34.629938]  ? kvm_lapic_set_base+0x750/0x750
[   34.634406]  ? kvm_arch_vcpu_free+0x80/0x80
[   34.638705]  kvm_arch_vcpu_setup+0x31/0x50
[   34.642912]  kvm_vm_ioctl+0x52d/0x1cf0
[   34.646773]  ? kvm_set_memory_region+0x50/0x50
[   34.651327]  ? find_held_lock+0x35/0x1d0
[   34.655366]  ? finish_task_switch+0x1c1/0x7e0
[   34.659836]  ? lock_downgrade+0x980/0x980
[   34.663962]  ? lock_release+0xa40/0xa40
[   34.667911]  ? do_raw_spin_trylock+0x190/0x190
[   34.672465]  ? compat_start_thread+0x80/0x80
[   34.676847]  ? trace_hardirqs_off+0x10/0x10
[   34.681140]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.686130]  ? trace_hardirqs_on+0xd/0x10
[   34.690247]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.694712]  ? finish_task_switch+0x1c1/0x7e0
[   34.699177]  ? finish_task_switch+0x182/0x7e0
[   34.703649]  ? find_held_lock+0x35/0x1d0
[   34.707688]  ? __fget+0x342/0x5b0
[   34.711117]  ? lock_downgrade+0x980/0x980
[   34.715241]  ? lock_release+0xa40/0xa40
[   34.719187]  ? __lock_is_held+0xb6/0x140
[   34.723230]  ? __fget+0x36b/0x5b0
[   34.726659]  ? iterate_fd+0x3f0/0x3f0
[   34.730431]  ? check_same_owner+0x320/0x320
[   34.734727]  ? get_unused_fd_flags+0x190/0x190
[   34.739289]  ? kvm_set_memory_region+0x50/0x50
[   34.743844]  do_vfs_ioctl+0x1b1/0x1520
[   34.747704]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.752607]  ? ioctl_preallocate+0x2b0/0x2b0
[   34.756988]  ? selinux_capable+0x40/0x40
[   34.761028]  ? exit_to_usermode_loop+0x8b/0x2f0
[   34.765675]  ? security_file_ioctl+0x7d/0xb0
[   34.770055]  ? security_file_ioctl+0x89/0xb0
[   34.774439]  SyS_ioctl+0x8f/0xc0
[   34.777776]  ? do_vfs_ioctl+0x1520/0x1520
[   34.781897]  do_syscall_64+0x281/0x940
[   34.785758]  ? __do_page_fault+0xc90/0xc90
[   34.789964]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.794429]  ? finish_task_switch+0x1c1/0x7e0
[   34.798896]  ? syscall_return_slowpath+0x550/0x550
[   34.803797]  ? syscall_return_slowpath+0x2ac/0x550
[   34.808698]  ? prepare_exit_to_usermode+0x350/0x350
[   34.813688]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   34.819026]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.823845]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   34.829003] RIP: 0033:0x453d69
[   34.832169] RSP: 002b:00007f5c59fe2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   34.839850] RAX: ffffffffffffffda RBX: 00007f5c59fe36d4 RCX: 0000000000453d69
[   34.847094] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000014
[   34.854334] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   34.861579] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   34.868821] R13: 000000000000020e R14: 00000000006f31f0 R15: 0000000000000000
[   34.876070] Code: ff ff 48 8d 85 18 ff ff ff 48 c1 e8 03 4e 8d 34 38 e8 1b f2 0f 00 48 8b 85 f0 fe ff ff c6 00 00 48 8b 85 d8 fe ff ff 48 c1 e8 03 <42> 80 3c 38 00 0f 85 c2 01 00 00 48 8b 85 e8 fe ff ff 48 8b 58 
[   34.895173] RIP: hrtimer_active+0x1da/0x3c0 RSP: ffff8801d7e773c0
[   34.901417] ---[ end trace e064fb4b41ac2d17 ]---
[   34.906171] Kernel panic - not syncing: Fatal exception
[   34.911917] Dumping ftrace buffer:
[   34.915431]    (ftrace buffer empty)
[   34.919113] Kernel Offset: disabled
[   34.922708] Rebooting in 86400 seconds..