[....] Starting enhanced syslogd: rsyslogd[ 16.945635] audit: type=1400 audit(1521934463.082:5): avc: denied { syslog } for pid=4097 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.468803] audit: type=1400 audit(1521934468.605:6): avc: denied { map } for pid=4237 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. [ 28.784515] audit: type=1400 audit(1521934474.921:7): avc: denied { map } for pid=4251 comm="syzkaller117300" path="/root/syzkaller117300844" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 28.810343] IPVS: ftp: loaded support on port[0] = 21 [ 28.810444] audit: type=1400 audit(1521934474.921:8): avc: denied { sys_admin } for pid=4257 comm="syzkaller117300" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.850848] IPVS: ftp: loaded support on port[0] = 21 [ 28.857414] audit: type=1400 audit(1521934474.993:9): avc: denied { net_admin } for pid=4261 comm="syzkaller117300" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 28.890215] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 28.939399] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.accept_dad = 0 [ 28.989939] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.accept_dad = 0 [ 29.069253] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 29.158479] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 29.255331] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 RTNETLINK answers: File exists RTNETLINK answers: File exists RTNETLINK answers: File exists RTNETLINK answers: File exists RTNETLINK answers: File exists RTNETLINK answers: File exists RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: File exists RTNETLINK answers: Operation not supported RTNETLINK answers: File exists RTNETLINK answers: Operation not supported [ 30.204813] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.222512] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 30.330665] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available [ 30.414904] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 30.537561] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported [ 30.608627] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 30.730593] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 30.888911] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 32.559069] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.565276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.627530] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.633651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.755578] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.761875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.791699] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 32.803547] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.809655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.869635] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.875808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.892614] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 32.957453] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.963561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.983323] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.989575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.032514] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.051759] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.058064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.068956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program [ 33.089999] audit: type=1400 audit(1521934479.224:10): avc: denied { sys_chroot } for pid=4260 comm="syzkaller117300" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.090662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.128216] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready executing program [ 33.197193] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.203363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.210665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program executing program executing program [ 33.240246] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.270805] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.276906] 8021q: adding VLAN 0 to HW filter on device bond0 executing program [ 33.300732] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.322345] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 33.340530] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program [ 33.370383] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.376747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.386484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program [ 33.416061] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.422276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.433853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.451929] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready executing program executing program executing program executing program executing program executing program [ 33.462501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.470671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.481157] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program [ 33.549748] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.556159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.563491] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 33.572772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program executing program executing program executing program executing program executing program executing program executing program [ 33.608824] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.628833] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program [ 33.687796] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.694099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.703216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program executing program executing program executing program executing program executing program [ 33.728919] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program [ 33.797117] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 33.803733] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program [ 33.872833] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 33.903063] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program [ 33.938874] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 33.945271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.953537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.968149] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program [ 33.996922] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 34.010578] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program [ 34.037861] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 34.071538] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program [ 34.095785] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 34.113904] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 34.119835] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program [ 34.144776] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program [ 34.180516] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 34.224474] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 34.232746] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program [ 34.296065] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 34.419443] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program [ 34.477221] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 34.525861] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 34.558118] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 34.633971] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 34.718248] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 34.735756] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 34.754251] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program executing program [ 34.801080] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 34.809700] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 34.829925] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 34.943466] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program [ 34.992201] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 35.031561] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program [ 35.031796] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 35.085952] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -9 executing program executing program executing program executing program executing program executing program [ 35.131603] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 35.167760] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program [ 35.192226] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 35.279587] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 35.286891] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 35.304425] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program [ 35.340806] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 35.363698] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program [ 35.389719] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 35.429924] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 35.507193] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 35.541642] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 35.618119] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 35.621038] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 35.750668] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 [ 35.766880] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program [ 35.829887] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 35.842663] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 35.867828] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program [ 35.874460] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program [ 35.926182] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 35.932664] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 [ 35.942283] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 35.972609] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program [ 36.026391] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 36.066541] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program [ 36.068692] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program [ 36.106140] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 36.118080] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program [ 36.160132] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 36.179498] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program [ 36.208211] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program [ 36.254671] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 [ 36.272489] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 36.277544] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program [ 36.307864] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 36.374746] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 36.376411] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program executing program [ 36.437528] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 36.525895] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 36.553918] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 36.636517] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program [ 36.711436] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 36.730321] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program [ 36.775963] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 36.975485] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 36.981507] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 37.006655] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.094047] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 37.112281] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.173909] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 37.181690] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 37.198713] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.313734] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program [ 37.392365] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.502753] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 37.507927] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program [ 37.568461] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program [ 37.615700] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.732265] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 37.751760] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program [ 37.781083] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 37.804644] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program [ 37.866918] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 37.876976] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program [ 37.943972] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.018483] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 38.078502] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program [ 38.133267] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 38.183257] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 38.214933] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 38.265552] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 38.270108] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.432609] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 38.472197] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program [ 38.480394] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.574460] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 38.637772] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 38.640635] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 38.674256] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.809649] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 38.844534] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program [ 38.890312] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program [ 38.953225] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 38.983310] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program [ 38.997758] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 39.045503] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.221231] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 39.253153] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program [ 39.269143] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.335087] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 39.355786] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 39.373364] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.478937] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program executing program executing program [ 39.527744] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 39.534395] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program [ 39.582718] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 39.605617] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.706217] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 39.775379] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.905747] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 39.912702] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.012718] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.218751] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program [ 40.259314] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 40.267757] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program [ 40.300239] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 40.313047] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 40.346462] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 40.377042] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program [ 40.423655] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program [ 40.471336] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 40.481857] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 [ 40.502481] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 40.514352] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program [ 40.552435] l2tp_core: tunl 2: sockfd_lookup(fd=7) returned -9 [ 40.556134] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.665229] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 40.729853] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 40.738275] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program [ 40.780303] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 40.782139] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 40.795542] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program [ 40.851785] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 40.879800] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 40.890759] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.939282] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 40.941150] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 40.975494] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 41.071567] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 41.072074] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 41.190500] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 41.296972] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 executing program executing program executing program executing program executing program executing program executing program [ 41.347266] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program [ 41.391642] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 41.397871] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 [ 41.423120] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program [ 41.465785] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 41.466486] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program [ 41.508182] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 41.545421] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 41.549984] l2tp_core: tunl 2: sockfd_lookup(fd=5) returned -88 [ 41.551678] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program [ 41.584125] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 41.676328] l2tp_core: tunl 2: sockfd_lookup(fd=8) returned -9 [ 41.694496] l2tp_core: tunl 2: sockfd_lookup(fd=9) returned -9 executing program executing program executing program executing program [ 41.745713] ================================================================== [ 41.753209] BUG: KASAN: use-after-free in pppol2tp_connect+0x1a98/0x1dd0 [ 41.760043] Read of size 8 at addr ffff8801d18242a8 by task syzkaller117300/8372 [ 41.767570] [ 41.769198] CPU: 1 PID: 8372 Comm: syzkaller117300 Not tainted 4.16.0-rc6+ #365 [ 41.776636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.785985] Call Trace: [ 41.788570] dump_stack+0x194/0x24d executing program executing program executing program executing program [ 41.792211] ? arch_local_irq_restore+0x53/0x53 [ 41.796881] ? show_regs_print_info+0x18/0x18 [ 41.801390] ? lock_release+0xa40/0xa40 [ 41.805369] ? pppol2tp_connect+0x1a98/0x1dd0 [ 41.809868] print_address_description+0x73/0x250 [ 41.814708] ? pppol2tp_connect+0x1a98/0x1dd0 [ 41.819206] kasan_report+0x23c/0x360 [ 41.823018] __asan_report_load8_noabort+0x14/0x20 [ 41.827946] pppol2tp_connect+0x1a98/0x1dd0 [ 41.832301] ? pppol2tp_recv_payload_hook+0x1b0/0x1b0 [ 41.837519] ? selinux_netlbl_socket_connect+0x76/0x1b0 executing program executing program executing program [ 41.842895] ? selinux_socket_connect+0x311/0x730 [ 41.847741] ? lock_downgrade+0x980/0x980 [ 41.851906] ? selinux_socket_setsockopt+0x80/0x80 [ 41.856835] ? lock_release+0xa40/0xa40 [ 41.860808] ? check_same_owner+0x320/0x320 [ 41.865134] ? __check_object_size+0x8b/0x530 [ 41.869661] ? __might_sleep+0x95/0x190 [ 41.873688] ? security_socket_connect+0x89/0xb0 [ 41.878461] SYSC_connect+0x213/0x4a0 [ 41.882277] ? SYSC_bind+0x410/0x410 [ 41.886002] ? __handle_mm_fault+0x38c0/0x38c0 [ 41.890582] ? vmacache_find+0x5f/0x280 executing program executing program executing program [ 41.894555] ? vmacache_update+0xfe/0x130 [ 41.898764] ? mm_fault_error+0x2c0/0x2c0 [ 41.902908] ? SyS_userfaultfd+0x29f/0x3b0 [ 41.907148] ? userfaultfd_unmap_complete+0x510/0x510 [ 41.912367] SyS_connect+0x24/0x30 [ 41.915911] ? SyS_accept+0x30/0x30 [ 41.919546] do_syscall_64+0x281/0x940 [ 41.923431] ? __do_page_fault+0xc90/0xc90 [ 41.927689] ? syscall_return_slowpath+0x550/0x550 [ 41.932626] ? syscall_return_slowpath+0x2ac/0x550 [ 41.937563] ? prepare_exit_to_usermode+0x350/0x350 [ 41.942585] ? retint_user+0x18/0x18 executing program executing program executing program executing program [ 41.946318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.951191] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 41.956378] RIP: 0033:0x449f39 [ 41.959563] RSP: 002b:00007fa9d92efce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 41.967273] RAX: ffffffffffffffda RBX: 0000000000700024 RCX: 0000000000449f39 [ 41.974540] RDX: 000000000000002e RSI: 0000000020e92000 RDI: 0000000000000009 [ 41.981803] RBP: 0000000000700020 R08: 0000000000000000 R09: 0000000000000000 [ 41.989076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 executing program executing program executing program [ 41.996349] R13: 000000000080efcf R14: 00007fa9d92f09c0 R15: 0000000000000009 [ 42.003761] [ 42.005382] Allocated by task 8381: [ 42.009006] save_stack+0x43/0xd0 [ 42.012458] kasan_kmalloc+0xad/0xe0 [ 42.016172] kasan_slab_alloc+0x12/0x20 [ 42.020147] kmem_cache_alloc+0x12e/0x760 [ 42.024293] sk_prot_alloc+0x65/0x2a0 [ 42.028092] sk_alloc+0x105/0x1440 [ 42.031628] inet_create+0x47c/0xf50 [ 42.035335] __sock_create+0x4d4/0x850 [ 42.039222] SyS_socket+0xeb/0x1d0 [ 42.042759] do_syscall_64+0x281/0x940 executing program executing program executing program [ 42.046649] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.051829] [ 42.053447] Freed by task 21: [ 42.056549] save_stack+0x43/0xd0 [ 42.059995] __kasan_slab_free+0x11a/0x170 [ 42.064228] kasan_slab_free+0xe/0x10 [ 42.068028] kmem_cache_free+0x83/0x2a0 [ 42.071997] __sk_destruct+0x628/0x920 [ 42.075880] sk_destruct+0x47/0x80 [ 42.079418] __sk_free+0xf1/0x2b0 [ 42.082869] sk_free+0x2a/0x40 [ 42.086060] l2tp_tunnel_del_work+0x474/0x6a0 [ 42.090549] process_one_work+0xc47/0x1bb0 executing program executing program executing program [ 42.094783] worker_thread+0x223/0x1990 [ 42.098751] kthread+0x33c/0x400 [ 42.102120] ret_from_fork+0x3a/0x50 [ 42.105824] [ 42.107448] The buggy address belongs to the object at ffff8801d1824080 [ 42.107448] which belongs to the cache UDP of size 1472 [ 42.119499] The buggy address is located 552 bytes inside of [ 42.119499] 1472-byte region [ffff8801d1824080, ffff8801d1824640) [ 42.131451] The buggy address belongs to the page: [ 42.136380] page:ffffea0007460900 count:1 mapcount:0 mapping:ffff8801d1824080 index:0x0 compound_mapcount: 0 executing program executing program [ 42.146438] flags: 0x2fffc0000008100(slab|head) [ 42.151107] raw: 02fffc0000008100 ffff8801d1824080 0000000000000000 0000000100000005 [ 42.158981] raw: ffffea0006b0fda0 ffffea0006a53820 ffff8801d6f36640 0000000000000000 [ 42.166851] page dumped because: kasan: bad access detected [ 42.172552] [ 42.174172] Memory state around the buggy address: [ 42.179094] ffff8801d1824180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.186450] ffff8801d1824200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program executing program executing program executing program executing program [ 42.193805] >ffff8801d1824280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.201154] ^ [ 42.205817] ffff8801d1824300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.213171] ffff8801d1824380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.220519] ================================================================== [ 42.227867] Disabling lock debugging due to kernel taint [ 42.233887] Kernel panic - not syncing: panic_on_warn set ... [ 42.233887] executing program executing program [ 42.241252] CPU: 1 PID: 8372 Comm: syzkaller117300 Tainted: G B 4.16.0-rc6+ #365 [ 42.249990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.259337] Call Trace: [ 42.261925] dump_stack+0x194/0x24d [ 42.265560] ? arch_local_irq_restore+0x53/0x53 [ 42.270229] ? kasan_end_report+0x32/0x50 [ 42.274389] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 42.279142] ? vsnprintf+0x1ed/0x1900 [ 42.282948] ? pppol2tp_connect+0x1a00/0x1dd0 [ 42.287436] panic+0x1e4/0x41c [ 42.290609] ? refcount_error_report+0x214/0x214 [ 42.295368] ? pppol2tp_connect+0x1a98/0x1dd0 [ 42.299843] kasan_end_report+0x50/0x50 [ 42.303795] kasan_report+0x149/0x360 [ 42.307581] __asan_report_load8_noabort+0x14/0x20 [ 42.312487] pppol2tp_connect+0x1a98/0x1dd0 [ 42.316803] ? pppol2tp_recv_payload_hook+0x1b0/0x1b0 [ 42.321982] ? selinux_netlbl_socket_connect+0x76/0x1b0 [ 42.327331] ? selinux_socket_connect+0x311/0x730 [ 42.332155] ? lock_downgrade+0x980/0x980 [ 42.336286] ? selinux_socket_setsockopt+0x80/0x80 [ 42.341191] ? lock_release+0xa40/0xa40 [ 42.345144] ? check_same_owner+0x320/0x320 [ 42.349446] ? __check_object_size+0x8b/0x530 [ 42.353935] ? __might_sleep+0x95/0x190 [ 42.357910] ? security_socket_connect+0x89/0xb0 [ 42.362652] SYSC_connect+0x213/0x4a0 [ 42.366434] ? SYSC_bind+0x410/0x410 [ 42.370130] ? __handle_mm_fault+0x38c0/0x38c0 [ 42.374685] ? vmacache_find+0x5f/0x280 [ 42.378633] ? vmacache_update+0xfe/0x130 [ 42.382796] ? mm_fault_error+0x2c0/0x2c0 [ 42.386920] ? SyS_userfaultfd+0x29f/0x3b0 [ 42.391134] ? userfaultfd_unmap_complete+0x510/0x510 [ 42.396312] SyS_connect+0x24/0x30 [ 42.399829] ? SyS_accept+0x30/0x30 [ 42.403435] do_syscall_64+0x281/0x940 [ 42.407300] ? __do_page_fault+0xc90/0xc90 [ 42.411522] ? syscall_return_slowpath+0x550/0x550 [ 42.416428] ? syscall_return_slowpath+0x2ac/0x550 [ 42.421339] ? prepare_exit_to_usermode+0x350/0x350 [ 42.426335] ? retint_user+0x18/0x18 [ 42.430038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.434873] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.440036] RIP: 0033:0x449f39 [ 42.443202] RSP: 002b:00007fa9d92efce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 42.450888] RAX: ffffffffffffffda RBX: 0000000000700024 RCX: 0000000000449f39 [ 42.458136] RDX: 000000000000002e RSI: 0000000020e92000 RDI: 0000000000000009 [ 42.465380] RBP: 0000000000700020 R08: 0000000000000000 R09: 0000000000000000 [ 42.472626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.479870] R13: 000000000080efcf R14: 00007fa9d92f09c0 R15: 0000000000000009 [ 42.487601] Dumping ftrace buffer: [ 42.491115] (ftrace buffer empty) [ 42.494796] Kernel Offset: disabled [ 42.498398] Rebooting in 86400 seconds..