[....] Starting enhanced syslogd: rsyslogd[ 16.090049] audit: type=1400 audit(1519722019.315:5): avc: denied { syslog } for pid=4082 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.058710] audit: type=1400 audit(1519722022.284:6): avc: denied { map } for pid=4220 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. 2018/02/27 09:00:28 fuzzer started [ 25.307973] audit: type=1400 audit(1519722028.533:7): avc: denied { map } for pid=4231 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/27 09:00:28 dialing manager at 10.128.0.26:35219 [ 28.011438] can: request_module (can-proto-0) failed. [ 28.021251] can: request_module (can-proto-0) failed. 2018/02/27 09:00:31 kcov=true, comps=true [ 28.512852] audit: type=1400 audit(1519722031.738:8): avc: denied { map } for pid=4231 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1172 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/02/27 09:00:32 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000469ffc)=0x47fe, 0x4) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e20, @empty}, 0x10) 2018/02/27 09:00:32 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000240), 0x0) 2018/02/27 09:00:32 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r0, 0x10d, 0x20000000010, &(0x7f0000320ffc)=""/4, &(0x7f0000d5f000)=0x4) 2018/02/27 09:00:32 executing program 2: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00007e8fde)="220000002100070700be0000090007010a00001e00000000ff000400050011800041", 0x22) 2018/02/27 09:00:32 executing program 3: r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_buf(r0, 0x0, 0x2a, &(0x7f0000000000), 0x0) 2018/02/27 09:00:32 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ctr(aes-aesni),md5-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58) 2018/02/27 09:00:32 executing program 5: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0) dup3(r0, r1, 0x0) 2018/02/27 09:00:32 executing program 6: r0 = socket(0x10, 0x20000000000003, 0x0) write(r0, &(0x7f0000000000)="2a0000005e000721004f10faedff000000e700ff02f157da76370bbfb5fdd12794a2e9ba24a3f0430208", 0x2a) [ 28.827086] audit: type=1400 audit(1519722032.052:9): avc: denied { map } for pid=4231 comm="syz-fuzzer" path="/root/syzkaller-shm912261706" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 28.875954] audit: type=1400 audit(1519722032.101:10): avc: denied { sys_admin } for pid=4274 comm="syz-executor4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.890872] IPVS: ftp: loaded support on port[0] = 21 [ 28.973499] audit: type=1400 audit(1519722032.198:11): avc: denied { net_admin } for pid=4275 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.974464] IPVS: ftp: loaded support on port[0] = 21 [ 29.040137] IPVS: ftp: loaded support on port[0] = 21 [ 29.089893] IPVS: ftp: loaded support on port[0] = 21 [ 29.145584] IPVS: ftp: loaded support on port[0] = 21 [ 29.211785] IPVS: ftp: loaded support on port[0] = 21 [ 29.301173] IPVS: ftp: loaded support on port[0] = 21 [ 29.389883] IPVS: ftp: loaded support on port[0] = 21 [ 30.581354] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.645680] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.819965] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.917628] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.925730] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.051898] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.146590] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.353642] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.435610] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.441920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.534448] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.540733] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.599477] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.605638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.758771] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.822535] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.828691] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.850996] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.863468] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.920993] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.927217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.043056] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.049395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.059630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.088125] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.094236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.100158] audit: type=1400 audit(1519722037.310:12): avc: denied { sys_chroot } for pid=4275 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 34.121980] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.130855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.153975] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.162062] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.172274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.197135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.210783] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.220806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.228517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.331979] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.356414] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.362593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.371150] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.387107] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.408189] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.414326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.421726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.510517] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.516945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.524286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.539102] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.569265] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.575395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.582366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.595120] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.602226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.611330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/02/27 09:00:37 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000469ffc)=0x47fe, 0x4) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e20, @empty}, 0x10) 2018/02/27 09:00:37 executing program 5: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0) dup3(r0, r1, 0x0) 2018/02/27 09:00:37 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ctr(aes-aesni),md5-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58) 2018/02/27 09:00:37 executing program 7: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x8020400000000803, 0x0) bind(r0, &(0x7f0000ed6f80)=@generic={0x11, "0000010000000000080044944eeba71a496ae252922cb18f722e2ada000000012e0b3836005404b0e00100000014f26effffffffffffff67b100800000000000000101013c5804459e15775027ecce66fd792bbf0e5bf5ff1b080000dad11c000100fff6000000004974000000030000000000000000076d3a09ffc2c654"}, 0x80) sendmsg$key(r0, &(0x7f000090b000)={0x0, 0x0, &(0x7f0000250ff0)={&(0x7f00007d2000)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, []}, 0xfda9}, 0x1}, 0x0) 2018/02/27 09:00:37 executing program 3: r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_buf(r0, 0x0, 0x2a, &(0x7f0000000000), 0x0) 2018/02/27 09:00:37 executing program 6: r0 = socket(0x10, 0x20000000000003, 0x0) write(r0, &(0x7f0000000000)="2a0000005e000721004f10faedff000000e700ff02f157da76370bbfb5fdd12794a2e9ba24a3f0430208", 0x2a) 2018/02/27 09:00:37 executing program 2: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00007e8fde)="220000002100070700be0000090007010a00001e00000000ff000400050011800041", 0x22) 2018/02/27 09:00:37 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r0, 0x10d, 0x20000000010, &(0x7f0000320ffc)=""/4, &(0x7f0000d5f000)=0x4) 2018/02/27 09:00:37 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r0, 0x10d, 0x20000000010, &(0x7f0000320ffc)=""/4, &(0x7f0000d5f000)=0x4) 2018/02/27 09:00:37 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000469ffc)=0x47fe, 0x4) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e20, @empty}, 0x10) [ 34.656516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.662669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.670048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/02/27 09:00:37 executing program 5: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0) dup3(r0, r1, 0x0) 2018/02/27 09:00:37 executing program 3: r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_buf(r0, 0x0, 0x2a, &(0x7f0000000000), 0x0) 2018/02/27 09:00:37 executing program 6: r0 = socket(0x10, 0x20000000000003, 0x0) write(r0, &(0x7f0000000000)="2a0000005e000721004f10faedff000000e700ff02f157da76370bbfb5fdd12794a2e9ba24a3f0430208", 0x2a) 2018/02/27 09:00:37 executing program 3: r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_buf(r0, 0x0, 0x2a, &(0x7f0000000000), 0x0) 2018/02/27 09:00:37 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ctr(aes-aesni),md5-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58) 2018/02/27 09:00:38 executing program 2: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00007e8fde)="220000002100070700be0000090007010a00001e00000000ff000400050011800041", 0x22) 2018/02/27 09:00:38 executing program 7: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x8020400000000803, 0x0) bind(r0, &(0x7f0000ed6f80)=@generic={0x11, "0000010000000000080044944eeba71a496ae252922cb18f722e2ada000000012e0b3836005404b0e00100000014f26effffffffffffff67b100800000000000000101013c5804459e15775027ecce66fd792bbf0e5bf5ff1b080000dad11c000100fff6000000004974000000030000000000000000076d3a09ffc2c654"}, 0x80) sendmsg$key(r0, &(0x7f000090b000)={0x0, 0x0, &(0x7f0000250ff0)={&(0x7f00007d2000)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, []}, 0xfda9}, 0x1}, 0x0) 2018/02/27 09:00:38 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000469ffc)=0x47fe, 0x4) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e20, @empty}, 0x10) [ 34.737116] audit: type=1400 audit(1519722037.962:13): avc: denied { net_raw } for pid=5587 comm="syz-executor7" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/02/27 09:00:38 executing program 5: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0) dup3(r0, r1, 0x0) 2018/02/27 09:00:38 executing program 6: r0 = socket(0x10, 0x20000000000003, 0x0) write(r0, &(0x7f0000000000)="2a0000005e000721004f10faedff000000e700ff02f157da76370bbfb5fdd12794a2e9ba24a3f0430208", 0x2a) 2018/02/27 09:00:38 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r0, 0x10d, 0x20000000010, &(0x7f0000320ffc)=""/4, &(0x7f0000d5f000)=0x4) 2018/02/27 09:00:38 executing program 7: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x8020400000000803, 0x0) bind(r0, &(0x7f0000ed6f80)=@generic={0x11, "0000010000000000080044944eeba71a496ae252922cb18f722e2ada000000012e0b3836005404b0e00100000014f26effffffffffffff67b100800000000000000101013c5804459e15775027ecce66fd792bbf0e5bf5ff1b080000dad11c000100fff6000000004974000000030000000000000000076d3a09ffc2c654"}, 0x80) sendmsg$key(r0, &(0x7f000090b000)={0x0, 0x0, &(0x7f0000250ff0)={&(0x7f00007d2000)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, []}, 0xfda9}, 0x1}, 0x0) 2018/02/27 09:00:38 executing program 2: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00007e8fde)="220000002100070700be0000090007010a00001e00000000ff000400050011800041", 0x22) 2018/02/27 09:00:38 executing program 3: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x8020400000000803, 0x0) bind(r0, &(0x7f0000ed6f80)=@generic={0x11, "0000010000000000080044944eeba71a496ae252922cb18f722e2ada000000012e0b3836005404b0e00100000014f26effffffffffffff67b100800000000000000101013c5804459e15775027ecce66fd792bbf0e5bf5ff1b080000dad11c000100fff6000000004974000000030000000000000000076d3a09ffc2c654"}, 0x80) sendmsg$key(r0, &(0x7f000090b000)={0x0, 0x0, &(0x7f0000250ff0)={&(0x7f00007d2000)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, []}, 0xfda9}, 0x1}, 0x0) 2018/02/27 09:00:38 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000d8d000)='smaps\x00') clone(0x0, &(0x7f0000feb000), &(0x7f000089dffc), &(0x7f00000be000), &(0x7f0000a48000)) pread64(r0, &(0x7f0000015000), 0x0, 0x2000000000) 2018/02/27 09:00:38 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00009feff6)='/dev/cuse\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) close(r0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f000042b000)=[], 0x0, &(0x7f0000002000)=[{0x10, 0x10e}], 0x10}, 0x0) ioctl(r1, 0xc0184900, &(0x7f0000002000)) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000ce4000)=0x1000000000007) 2018/02/27 09:00:38 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ctr(aes-aesni),md5-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58) 2018/02/27 09:00:38 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x4148, &(0x7f0000000e7e)) 2018/02/27 09:00:38 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x4148, &(0x7f0000000e7e)) 2018/02/27 09:00:38 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00009feff6)='/dev/cuse\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) close(r0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f000042b000)=[], 0x0, &(0x7f0000002000)=[{0x10, 0x10e}], 0x10}, 0x0) ioctl(r1, 0xc0184900, &(0x7f0000002000)) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000ce4000)=0x1000000000007) 2018/02/27 09:00:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f00000001c0), &(0x7f0000000200)=0x8) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0f000000021100ddff020000230004dd1522"]) 2018/02/27 09:00:38 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x2, &(0x7f0000000ff0)=[{0x28, 0x0, 0x0, 0xfffffffffffff010}, {0x80000006}]}, 0x10) r2 = fcntl$dupfd(r0, 0x0, r1) sendmsg$kcm(r2, &(0x7f00000007c0)={&(0x7f0000000040)=@nfc={0x27}, 0x10, &(0x7f0000000480)=[], 0x0, &(0x7f0000000500)=[]}, 0x0) 2018/02/27 09:00:38 executing program 1: syz_emit_ethernet(0x3a8, &(0x7f0000000080)={@random="cd390b081bf2", @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x3a, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0xffffff80, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @loopback={0x0, 0x1}, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, []}}}}}}}, 0x0) 2018/02/27 09:00:38 executing program 3: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x8020400000000803, 0x0) bind(r0, &(0x7f0000ed6f80)=@generic={0x11, "0000010000000000080044944eeba71a496ae252922cb18f722e2ada000000012e0b3836005404b0e00100000014f26effffffffffffff67b100800000000000000101013c5804459e15775027ecce66fd792bbf0e5bf5ff1b080000dad11c000100fff6000000004974000000030000000000000000076d3a09ffc2c654"}, 0x80) sendmsg$key(r0, &(0x7f000090b000)={0x0, 0x0, &(0x7f0000250ff0)={&(0x7f00007d2000)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, []}, 0xfda9}, 0x1}, 0x0) [ 34.881866] audit: type=1400 audit(1519722038.107:14): avc: denied { dac_override } for pid=5637 comm="syz-executor6" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/02/27 09:00:38 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x4148, &(0x7f0000000e7e)) 2018/02/27 09:00:38 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00009feff6)='/dev/cuse\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) close(r0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f000042b000)=[], 0x0, &(0x7f0000002000)=[{0x10, 0x10e}], 0x10}, 0x0) ioctl(r1, 0xc0184900, &(0x7f0000002000)) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000ce4000)=0x1000000000007) 2018/02/27 09:00:38 executing program 7: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x78, 0x1e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x8020400000000803, 0x0) bind(r0, &(0x7f0000ed6f80)=@generic={0x11, "0000010000000000080044944eeba71a496ae252922cb18f722e2ada000000012e0b3836005404b0e00100000014f26effffffffffffff67b100800000000000000101013c5804459e15775027ecce66fd792bbf0e5bf5ff1b080000dad11c000100fff6000000004974000000030000000000000000076d3a09ffc2c654"}, 0x80) sendmsg$key(r0, &(0x7f000090b000)={0x0, 0x0, &(0x7f0000250ff0)={&(0x7f00007d2000)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, []}, 0xfda9}, 0x1}, 0x0) 2018/02/27 09:00:38 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x2, &(0x7f0000000ff0)=[{0x28, 0x0, 0x0, 0xfffffffffffff010}, {0x80000006}]}, 0x10) r2 = fcntl$dupfd(r0, 0x0, r1) sendmsg$kcm(r2, &(0x7f00000007c0)={&(0x7f0000000040)=@nfc={0x27}, 0x10, &(0x7f0000000480)=[], 0x0, &(0x7f0000000500)=[]}, 0x0) [ 34.993612] kasan: CONFIG_KASAN_INLINE enabled [ 34.998329] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 35.005728] general protection fault: 0000 [#1] SMP KASAN [ 35.011250] Dumping ftrace buffer: [ 35.014763] (ftrace buffer empty) [ 35.018450] Modules linked in: [ 35.021620] CPU: 0 PID: 5658 Comm: syz-executor2 Not tainted 4.16.0-rc3+ #331 [ 35.028863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.038199] RIP: 0010:hrtimer_active+0x1da/0x3c0 [ 35.042924] RSP: 0018:ffff8801a93873c0 EFLAGS: 00010202 [ 35.048262] RAX: 0000000000000008 RBX: 1ffff10035270ea5 RCX: ffffffff81610225 [ 35.055504] RDX: 0000000000010000 RSI: ffffc90003ca8000 RDI: 0000000000000010 [ 35.062746] RBP: ffff8801a9387500 R08: 0000000000002c02 R09: 0000000000000000 [ 35.069986] R10: 0000000000000011 R11: ffffed0036dc6078 R12: 0000000000000010 [ 35.077231] R13: 0000000000000000 R14: ffffed0035270e83 R15: dffffc0000000000 [ 35.084475] FS: 00007faae5a44700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 35.092674] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.098525] CR2: 0000000000930008 CR3: 00000001b6373005 CR4: 00000000001626f0 [ 35.105774] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.113019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.120259] Call Trace: [ 35.122831] ? hrtimer_forward+0x2d0/0x2d0 [ 35.127041] ? vmx_update_msr_bitmap+0x13a/0x430 [ 35.131780] ? setup_msrs+0x926/0x1d80 [ 35.135640] ? vmx_set_cr4+0x353/0x610 [ 35.139507] hrtimer_try_to_cancel+0x91/0x5b0 [ 35.143977] ? update_exception_bitmap+0x19a/0x200 [ 35.148878] ? __hrtimer_get_remaining+0x1c0/0x1c0 [ 35.153798] ? vmx_vcpu_reset+0x55f/0xc70 [ 35.157921] ? load_vmcs12_host_state+0x1fa0/0x1fa0 [ 35.162917] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 35.167742] ? kvm_arch_vcpu_load+0x1c1/0x8d0 [ 35.172208] ? futex_wake+0x680/0x680 [ 35.175984] hrtimer_cancel+0x22/0x40 [ 35.179761] kvm_lapic_reset+0x93/0xf40 [ 35.183717] ? kvm_lapic_set_base+0x750/0x750 [ 35.188184] ? kvm_arch_vcpu_free+0x80/0x80 [ 35.192487] kvm_arch_vcpu_setup+0x31/0x50 [ 35.196699] kvm_vm_ioctl+0x52d/0x1cf0 [ 35.200559] ? wake_up_q+0x8a/0xe0 [ 35.204074] ? kvm_set_memory_region+0x50/0x50 [ 35.208633] ? get_futex_key+0x1d50/0x1d50 [ 35.212857] ? lock_release+0xa40/0xa40 [ 35.216813] ? trace_hardirqs_off+0x10/0x10 [ 35.221110] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 35.226099] ? trace_hardirqs_on+0xd/0x10 [ 35.230232] ? find_held_lock+0x35/0x1d0 [ 35.234275] ? __fget+0x342/0x5b0 [ 35.237703] ? lock_downgrade+0x980/0x980 [ 35.241827] ? lock_release+0xa40/0xa40 [ 35.245782] ? __lock_is_held+0xb6/0x140 [ 35.249826] ? __fget+0x36b/0x5b0 [ 35.253262] ? iterate_fd+0x3f0/0x3f0 [ 35.257033] ? check_same_owner+0x320/0x320 [ 35.261328] ? get_unused_fd_flags+0x190/0x190 [ 35.265892] ? kvm_set_memory_region+0x50/0x50 [ 35.270448] do_vfs_ioctl+0x1b1/0x1520 [ 35.274314] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 35.279221] ? ioctl_preallocate+0x2b0/0x2b0 [ 35.283605] ? selinux_capable+0x40/0x40 [ 35.287649] ? SyS_futex+0x1fb/0x390 [ 35.291349] ? security_file_ioctl+0x7d/0xb0 [ 35.295728] ? security_file_ioctl+0x89/0xb0 [ 35.300113] SyS_ioctl+0x8f/0xc0 [ 35.303455] ? do_vfs_ioctl+0x1520/0x1520 [ 35.307577] do_syscall_64+0x281/0x940 [ 35.311442] ? __do_page_fault+0xc90/0xc90 [ 35.315652] ? finish_task_switch+0x1c1/0x7e0 [ 35.320122] ? syscall_return_slowpath+0x550/0x550 [ 35.325025] ? syscall_return_slowpath+0x2ac/0x550 [ 35.329929] ? prepare_exit_to_usermode+0x350/0x350 [ 35.334919] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 35.340258] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.345080] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.350243] RIP: 0033:0x453d69 [ 35.353407] RSP: 002b:00007faae5a43c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 35.361087] RAX: ffffffffffffffda RBX: 00007faae5a446d4 RCX: 0000000000453d69 [ 35.368329] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000014 [ 35.375569] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 35.382816] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 35.390057] R13: 000000000000020e R14: 00000000006f31f0 R15: 0000000000000000 [ 35.397310] Code: ff ff 48 8d 85 18 ff ff ff 48 c1 e8 03 4e 8d 34 38 e8 1b f2 0f 00 48 8b 85 f0 fe ff ff c6 00 00 48 8b 85 d8 fe ff ff 48 c1 e8 03 <42> 80 3c 38 00 0f 85 c2 01 00 00 48 8b 85 e8 fe ff ff 48 8b 58 [ 35.416443] RIP: hrtimer_active+0x1da/0x3c0 RSP: ffff8801a93873c0 [ 35.423641] ---[ end trace c5ac06dcf30a445f ]--- [ 35.428406] Kernel panic - not syncing: Fatal exception [ 35.434266] Dumping ftrace buffer: [ 35.437781] (ftrace buffer empty) [ 35.441460] Kernel Offset: disabled [ 35.445059] Rebooting in 86400 seconds..