[....] Starting enhanced syslogd: rsyslogd[ 9.927046] audit: type=1400 audit(1514069778.018:5): avc: denied { syslog } for pid=2988 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 12.032973] audit: type=1400 audit(1514069780.124:6): avc: denied { map } for pid=3127 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-6,10.128.0.13' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 18.167636] audit: type=1400 audit(1514069786.259:7): avc: denied { map } for pid=3141 comm="syzkaller016205" path="/root/syzkaller016205651" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program [ 18.282746] ------------[ cut here ]------------ [ 18.287561] kernel BUG at ./include/linux/skbuff.h:2073! [ 18.293207] invalid opcode: 0000 [#1] SMP KASAN [ 18.297858] Dumping ftrace buffer: [ 18.301363] (ftrace buffer empty) [ 18.305040] Modules linked in: [ 18.308201] CPU: 0 PID: 3141 Comm: syzkaller016205 Not tainted 4.15.0-rc4-next-20171221+ #78 [ 18.316739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.326066] RIP: 0010:skb_pull+0xd5/0xf0 [ 18.330094] RSP: 0018:ffff8801c9027230 EFLAGS: 00010293 [ 18.335422] RAX: ffff8801ca3fe080 RBX: ffff8801c9231800 RCX: ffffffff842a03f5 [ 18.342657] RDX: 0000000000000000 RSI: 0000000000000028 RDI: ffff8801c923187c [ 18.349893] RBP: ffff8801c9027248 R08: 1ffff10039204daf R09: 0000000000000002 [ 18.357130] R10: ffff8801c9027238 R11: 0000000000000000 R12: 0000000000000028 [ 18.364364] R13: 0000000000000010 R14: dffffc0000000000 R15: 0000000000000000 [ 18.371603] FS: 0000000001520880(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 18.379794] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 18.385644] CR2: 000000002084c000 CR3: 00000001cd005001 CR4: 00000000001606f0 [ 18.392881] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 18.400116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 18.407349] Call Trace: [ 18.409908] esp6_gro_receive+0xb4/0xbe0 [ 18.413939] ? esp6_output+0xf20/0xf20 [ 18.417796] ? __lock_is_held+0xb6/0x140 [ 18.421825] ? esp6_output+0xf20/0xf20 [ 18.425678] ipv6_gro_receive+0x83e/0x13c0 [ 18.429884] ? ipv6_gso_pull_exthdrs+0x580/0x580 [ 18.434609] ? rcutorture_record_progress+0x10/0x10 [ 18.439590] ? check_noncircular+0x20/0x20 [ 18.443791] ? check_noncircular+0x20/0x20 [ 18.447993] dev_gro_receive+0xd2c/0x2100 [ 18.452113] ? memcpy+0x45/0x50 [ 18.455359] ? net_rx_action+0x1910/0x1910 [ 18.459560] ? __lock_is_held+0xb6/0x140 [ 18.463593] napi_gro_frags+0x377/0xad0 [ 18.467536] ? napi_gro_receive+0x500/0x500 [ 18.471829] ? tun_get_user+0x26f6/0x3900 [ 18.475947] tun_get_user+0x271f/0x3900 [ 18.479888] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 18.485054] ? tun_build_skb.isra.48+0x17d0/0x17d0 [ 18.489954] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 18.495113] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 18.500270] ? trace_hardirqs_on+0xd/0x10 [ 18.504387] ? find_held_lock+0x35/0x1d0 [ 18.508420] ? tun_get+0x1ab/0x2e0 [ 18.511929] ? lock_release+0xa40/0xa40 [ 18.515870] ? __lock_is_held+0xb6/0x140 [ 18.519904] ? tun_get+0x1d4/0x2e0 [ 18.523409] ? tun_chr_close+0x60/0x60 [ 18.527261] ? __check_object_size+0x25d/0x4f0 [ 18.531816] ? rcu_note_context_switch+0x710/0x710 [ 18.536714] tun_chr_write_iter+0xb9/0x160 [ 18.540919] do_iter_readv_writev+0x525/0x7f0 [ 18.545382] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 18.550108] ? rw_verify_area+0xe5/0x2b0 [ 18.554136] do_iter_write+0x154/0x540 [ 18.557992] ? dup_iter+0x260/0x260 [ 18.561591] vfs_writev+0x18a/0x340 [ 18.565187] ? __fget_light+0x297/0x380 [ 18.569138] ? vfs_iter_write+0xb0/0xb0 [ 18.573078] ? up_read+0x1a/0x40 [ 18.576413] ? __do_page_fault+0x3d6/0xc90 [ 18.580616] ? mm_fault_error+0x2c0/0x2c0 [ 18.584732] ? __fdget_pos+0x130/0x190 [ 18.588594] ? __fdget_raw+0x20/0x20 [ 18.592274] ? __do_page_fault+0xc90/0xc90 [ 18.596481] do_writev+0xfc/0x2a0 [ 18.599902] ? do_writev+0xfc/0x2a0 [ 18.603498] ? vfs_writev+0x340/0x340 [ 18.607265] ? entry_SYSCALL_64_fastpath+0x5/0x96 [ 18.612074] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 18.617059] SyS_writev+0x27/0x30 [ 18.620483] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 18.625206] RIP: 0033:0x444e50 [ 18.628364] RSP: 002b:00007fff562d73d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 18.636040] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000444e50 [ 18.643281] RDX: 0000000000000002 RSI: 00007fff562d73e0 RDI: 0000000000000003 [ 18.650523] RBP: 00000000006d0018 R08: 000000002084c046 R09: 0000000000000046 [ 18.657767] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000402390 [ 18.665016] R13: 0000000000402420 R14: 0000000000000000 R15: 0000000000000000 [ 18.672263] Code: a3 d0 00 00 00 e8 0c 2f 46 fd 4c 89 e0 5b 41 5c 41 5d 5d c3 45 31 e4 e8 fa 2e 46 fd 4c 89 e0 5b 41 5c 41 5d 5d c3 e8 eb 2e 46 fd <0f> 0b e8 54 8d 7d fd eb 9a e8 4d 8d 7d fd e9 51 ff ff ff e8 63 [ 18.691337] RIP: skb_pull+0xd5/0xf0 RSP: ffff8801c9027230 [ 18.696895] ---[ end trace e8bfde0cbc38aa8c ]--- [ 18.701642] Kernel panic - not syncing: Fatal exception in interrupt [ 18.708830] Dumping ftrace buffer: [ 18.712341] (ftrace buffer empty) [ 18.716017] Kernel Offset: disabled [ 18.719609] Rebooting in 86400 seconds..