[....] Starting enhanced syslogd: rsyslogd[   12.505837] audit: type=1400 audit(1519719677.131:4): avc:  denied  { syslog } for  pid=3649 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts.
2018/02/27 08:21:29 fuzzer started
2018/02/27 08:21:29 dialing manager at 10.128.0.26:35233
2018/02/27 08:21:33 kcov=true, comps=false
2018/02/27 08:21:34 executing program 0:

2018/02/27 08:21:34 executing program 7:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000d85fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
r1 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f0000c29ffc)=0x3, 0x4)
recvmsg(r0, &(0x7f0000005500)={&(0x7f0000000000)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x32, &(0x7f0000005340)=[], 0x0, &(0x7f0000005400)=""/216, 0xd8}, 0x10002)
sendmsg$inet_sctp(r1, &(0x7f0000557fc8)={&(0x7f0000e3aff0)=@in={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000b03000)=[{&(0x7f00007fd000)="5e9089917e12fcbb93cd6160fb19d989f547ed2a604f2d9f3fd855d81fda4f30b5ceca48c3d46ad973c8014ee6f9b3afdaa008defaa7791427bcddcea7524db1da4d08c688", 0x45}], 0x1}, 0x0)

2018/02/27 08:21:34 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f13000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x1, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000694ffe)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x6, "06f526", 0x8, 0x11, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @udp={0x4e20, 0x4e22, 0x8}}}}}}, &(0x7f0000775000))

2018/02/27 08:21:34 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000080)=0x100, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f000070aef1)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @broadcast=0xffffffff, {[]}}, @udp={0x4e20, 0x4e20, 0x8}}}}}, 0x0)

2018/02/27 08:21:34 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f000000b000)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000beeff0)={&(0x7f000063de2c)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80}, @in=@rand_addr, 0x4e20, 0x0, 0x4e20, 0x0, 0x3}, {@in6=@mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x32}, @in6=@ipv4={[], [0xff, 0xff], @empty}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}, 0x1}, 0x0)

2018/02/27 08:21:34 executing program 2:
r0 = socket(0xa, 0x2000000001, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000000))
getsockopt(r0, 0x0, 0x50, &(0x7f000000d000)=""/8, &(0x7f0000fedffc)=0x8)

2018/02/27 08:21:34 executing program 6:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000bfcfe0)={@dev={0xfe, 0x80}, 0x0, 0x0, 0x3, 0x1}, 0x20)

2018/02/27 08:21:34 executing program 5:
perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x7a, 0x0)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, "020003fe040000000000031703ffffe78be5e600000000000000030809a7e633"})

syzkaller login: [   30.022168] audit: type=1400 audit(1519719694.641:5): avc:  denied  { sys_admin } for  pid=3864 comm="syz-executor7" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   30.051838] IPVS: Creating netns size=2536 id=1
[   30.066114] audit: type=1400 audit(1519719694.691:6): avc:  denied  { net_admin } for  pid=3866 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   30.093137] IPVS: Creating netns size=2536 id=2
[   30.139896] IPVS: Creating netns size=2536 id=3
[   30.157974] IPVS: Creating netns size=2536 id=4
[   30.191737] IPVS: Creating netns size=2536 id=5
[   30.226719] IPVS: Creating netns size=2536 id=6
[   30.283080] IPVS: Creating netns size=2536 id=7
[   30.345071] IPVS: Creating netns size=2536 id=8
[   32.404087] audit: type=1400 audit(1519719697.031:7): avc:  denied  { sys_chroot } for  pid=3868 comm="syz-executor4" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
INIT: Id "3" respawning too fast: disabled for 5 minutes
INIT: Id "2" respawning too fast: disabled for 5 minutes
INIT: Id "1" respawning too fast: disabled for 5 minutes
INIT: Id "4" respawning too fast: disabled for 5 minutes
INIT: Id "5" respawning too fast: disabled for 5 minutes
INIT: Id "6" respawning too fast: disabled for 5 minutes
[  118.251794] random: crng init done
[  244.873527] INFO: task syz-executor2:5200 blocked for more than 120 seconds.
[  244.880729]       Not tainted 4.9.84-ge7f51a5 #53
[  244.885921] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  244.893986] syz-executor2   D29336  5200   3878 0x20020004
[  244.899706]  ffff8801b4b0c800 0000000000000000 ffff8801b4d7d500 ffff8801d9b73000
[  244.907823]  ffff8801db321b98 ffff8801b4b4f988 ffffffff838a438b ffff8801b4b0c800
[  244.915842]  ffffffff8114529a 00fffc0000000000 ffff8801db322468 ffff8801db322490
[  244.923821] Call Trace:
[  244.926380]  [<ffffffff838a438b>] ? __schedule+0x67b/0x1ba0
[  244.932057]  [<ffffffff8114529a>] ? __local_bh_enable_ip+0x6a/0xd0
[  244.938431]  [<ffffffff838a592f>] schedule+0x7f/0x1b0
[  244.943603]  [<ffffffff82ee4eac>] __lock_sock+0x13c/0x260
[  244.949106]  [<ffffffff82ee4d70>] ? proto_unregister+0x370/0x370
[  244.955262]  [<ffffffff81224fc0>] ? prepare_to_wait_event+0x450/0x450
[  244.961815]  [<ffffffff82ee50c6>] lock_sock_nested+0xf6/0x120
[  244.967707]  [<ffffffff8336ffdc>] getorigdst+0xac/0x480
[  244.973043]  [<ffffffff8336ff30>] ? ipv4_print_tuple+0x30/0x30
[  244.978998]  [<ffffffff838adc10>] ? __ww_mutex_lock+0x14a0/0x14a0
[  244.985205]  [<ffffffff838adfe9>] ? mutex_unlock+0x9/0x10
[  244.990710]  [<ffffffff830a2f37>] ? nf_sockopt_find.constprop.0+0x1a7/0x220
[  244.997789]  [<ffffffff830a335d>] compat_nf_getsockopt+0xfd/0x130
[  245.004004]  [<ffffffff8320fdac>] compat_ip_getsockopt+0x17c/0x1d0
[  245.010291]  [<ffffffff8320fc30>] ? ip_getsockopt+0x1a0/0x1a0
[  245.016162]  [<ffffffff81dfcb1b>] ? check_preemption_disabled+0x3b/0x200
[  245.022968]  [<ffffffff832bb8f5>] compat_udp_getsockopt+0x45/0x80
[  245.029188]  [<ffffffff832bb8b0>] ? udp_getsockopt+0x80/0x80
[  245.034965]  [<ffffffff834794dd>] compat_ipv6_getsockopt+0x10d/0x2f0
[  245.041424]  [<ffffffff834793d0>] ? ipv6_getsockopt+0x250/0x250
[  245.047551]  [<ffffffff81dfcb1b>] ? check_preemption_disabled+0x3b/0x200
[  245.054383]  [<ffffffff8321c8a5>] inet_csk_compat_getsockopt+0x95/0x120
[  245.061105]  [<ffffffff834793d0>] ? ipv6_getsockopt+0x250/0x250
[  245.067185]  [<ffffffff8322f28d>] compat_tcp_getsockopt+0x3d/0x70
[  245.073388]  [<ffffffff82edef72>] compat_sock_common_getsockopt+0xb2/0x140
[  245.080408]  [<ffffffff8322f250>] ? tcp_getsockopt+0xd0/0xd0
[  245.086192]  [<ffffffff82fdefcf>] compat_SyS_getsockopt+0x14f/0x2a0
[  245.092567]  [<ffffffff82edeec0>] ? sock_common_getsockopt+0xd0/0xd0
[  245.099045]  [<ffffffff82fdee80>] ? compat_SyS_setsockopt+0x290/0x290
[  245.105608]  [<ffffffff8167d27c>] ? compat_SyS_ioctl+0x8c/0x2050
[  245.111722]  [<ffffffff81006d6f>] ? do_fast_syscall_32+0xcf/0x870
[  245.117935]  [<ffffffff82fdee80>] ? compat_SyS_setsockopt+0x290/0x290
[  245.124490]  [<ffffffff81006f95>] do_fast_syscall_32+0x2f5/0x870
[  245.130600]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[  245.137253]  [<ffffffff838b6b10>] entry_SYSENTER_compat+0x90/0xa2
[  245.143458] 
[  245.143458] Showing all locks held in the system:
[  245.149749] 2 locks held by khungtaskd/514:
[  245.154057]  #0:  (rcu_read_lock){......}, at: [<ffffffff813730a5>] watchdog+0x125/0xa70
[  245.162722]  #1:  (tasklist_lock){.+.+..}, at: [<ffffffff81238190>] debug_show_all_locks+0x70/0x280
[  245.172370] 1 lock held by rsyslogd/3652:
[  245.176501]  #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d3bef>] __fdget_pos+0x9f/0xc0
[  245.185361] 2 locks held by getty/3780:
[  245.189301]  #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff838b3602>] ldsem_down_read+0x32/0x40
[  245.198586]  #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff8200ab14>] n_tty_read+0x1f4/0x16c0
[  245.208499] 1 lock held by syz-executor2/5200:
[  245.213046]  #0:  (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff8320fd96>] compat_ip_getsockopt+0x166/0x1d0
[  245.223037] 
[  245.224659] =============================================
[  245.224659] 
[  245.231701] NMI backtrace for cpu 1
[  245.235354] CPU: 1 PID: 514 Comm: khungtaskd Not tainted 4.9.84-ge7f51a5 #53
[  245.242511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  245.251838]  ffff8801d869fd00 ffffffff81d956b9 0000000000000000 0000000000000001
[  245.259809]  0000000000000001 0000000000000001 ffffffff810bb190 ffff8801d869fd38
[  245.267769]  ffffffff81da07dd 0000000000000001 0000000000000000 ffff8801b49e6418
[  245.275734] Call Trace:
[  245.278295]  [<ffffffff81d956b9>] dump_stack+0xc1/0x128
[  245.283628]  [<ffffffff810bb190>] ? irq_force_complete_move+0x390/0x390
[  245.290348]  [<ffffffff81da07dd>] nmi_cpu_backtrace+0xfd/0x120
[  245.296284]  [<ffffffff810bb190>] ? irq_force_complete_move+0x390/0x390
[  245.303001]  [<ffffffff81da0917>] nmi_trigger_cpumask_backtrace+0x117/0x190
[  245.310066]  [<ffffffff810bb284>] arch_trigger_cpumask_backtrace+0x14/0x20
[  245.317049]  [<ffffffff81373670>] watchdog+0x6f0/0xa70
[  245.322291]  [<ffffffff813730a5>] ? watchdog+0x125/0xa70
[  245.327706]  [<ffffffff8119a7bd>] kthread+0x26d/0x300
[  245.332863]  [<ffffffff81372f80>] ? reset_hung_task_detector+0x20/0x20
[  245.339494]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[  245.345085]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[  245.350674]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[  245.356267]  [<ffffffff838b558c>] ret_from_fork+0x5c/0x70
[  245.361889] Sending NMI from CPU 1 to CPUs 0:
[  245.366388] NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff838b4076
[  245.373771] Kernel panic - not syncing: hung_task: blocked tasks
[  245.379890] CPU: 0 PID: 514 Comm: khungtaskd Not tainted 4.9.84-ge7f51a5 #53
[  245.387042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  245.396363]  ffff8801d869fcb8 ffffffff81d956b9 ffffffff83a8b2a0 ffff8801d869fd90
[  245.404324]  ffff8801b49e6400 dffffc0000000000 ffffffff84409000 ffff8801d869fd80
[  245.412288]  ffffffff8142f571 0000000041b58ab3 ffffffff8418b2c0 ffffffff8142f3b5
[  245.420255] Call Trace:
[  245.422811]  [<ffffffff81d956b9>] dump_stack+0xc1/0x128
[  245.428143]  [<ffffffff8142f571>] panic+0x1bc/0x3a8
[  245.433128]  [<ffffffff8142f3b5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[  245.441322]  [<ffffffff81da093b>] ? nmi_trigger_cpumask_backtrace+0x13b/0x190
[  245.448565]  [<ffffffff81da0945>] ? nmi_trigger_cpumask_backtrace+0x145/0x190
[  245.455808]  [<ffffffff81373681>] watchdog+0x701/0xa70
[  245.461052]  [<ffffffff813730a5>] ? watchdog+0x125/0xa70
[  245.466469]  [<ffffffff8119a7bd>] kthread+0x26d/0x300
[  245.471626]  [<ffffffff81372f80>] ? reset_hung_task_detector+0x20/0x20
[  245.478262]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[  245.483857]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[  245.489449]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[  245.495039]  [<ffffffff838b558c>] ret_from_fork+0x5c/0x70
[  245.500947] Dumping ftrace buffer:
[  245.504480]    (ftrace buffer empty)
[  245.508157] Kernel Offset: disabled
[  245.511756] Rebooting in 86400 seconds..