[....] Starting enhanced syslogd: rsyslogd[   16.398258] audit: type=1400 audit(1519721678.598:5): avc:  denied  { syslog } for  pid=4026 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.984273] audit: type=1400 audit(1519721681.184:6): avc:  denied  { map } for  pid=4165 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
2018/02/27 08:54:47 fuzzer started
[   25.284645] audit: type=1400 audit(1519721687.484:7): avc:  denied  { map } for  pid=4177 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/02/27 08:54:47 dialing manager at 10.128.0.26:35219
[   27.679826] can: request_module (can-proto-0) failed.
[   27.688571] can: request_module (can-proto-0) failed.
2018/02/27 08:54:50 kcov=true, comps=true
[   28.173482] audit: type=1400 audit(1519721690.373:8): avc:  denied  { map } for  pid=4177 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1087 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2018/02/27 08:54:50 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
splice(0xffffffffffffffff, &(0x7f0000000080), 0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xbf8}]})

2018/02/27 08:54:50 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='cgroup\x00')
pread64(r0, &(0x7f0000f81800)=""/2048, 0x800, 0x0)

2018/02/27 08:54:50 executing program 1:
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x10)
r0 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt(r0, 0x107, 0xd, &(0x7f0000001000), 0x47e)

2018/02/27 08:54:50 executing program 2:
setitimer(0x80000001, &(0x7f0000000100)={{0x77359400}}, &(0x7f0000000140))

2018/02/27 08:54:50 executing program 3:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a}, &(0x7f0000000200)='SNAT\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0xfffffffffffffffe)
keyctl$get_persistent(0x16, 0x0, r0)

2018/02/27 08:54:50 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00004da000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4)
syz_emit_ethernet(0x36, &(0x7f0000c22000)={@random="9a52438e8227", @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x23a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast1=0xe0000001, {[]}}, @icmp=@timestamp={0xd}}}}}, &(0x7f0000ea3000))

2018/02/27 08:54:50 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
connect$inet6(r0, &(0x7f000052f000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x7}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000c9af18)={{{@in=@rand_addr, @in6=@dev={0xfe, 0x80}, 0x4e20, 0x0, 0x4e20, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2=0xe0000002, 0x0, 0x3c}, 0x0, @in6=@ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}}, 0xe8)
sendmsg(r0, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000002400)=[]}, 0x0)

[   28.267095] audit: type=1400 audit(1519721690.466:9): avc:  denied  { map } for  pid=4177 comm="syz-fuzzer" path="/root/syzkaller-shm680889286" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
2018/02/27 08:54:50 executing program 6:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000e44ffc)=0x5, 0x4)
sendto$inet(r0, &(0x7f00002cb000), 0x0, 0x0, &(0x7f0000264ff0)={0x2, 0x4e21, @empty}, 0x10)

[   28.299799] audit: type=1400 audit(1519721690.499:10): avc:  denied  { sys_admin } for  pid=4219 comm="syz-executor0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   28.304698] IPVS: ftp: loaded support on port[0] = 21
[   28.374709] IPVS: ftp: loaded support on port[0] = 21
[   28.381908] audit: type=1400 audit(1519721690.581:11): avc:  denied  { net_admin } for  pid=4222 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   28.413821] IPVS: ftp: loaded support on port[0] = 21
[   28.441970] IPVS: ftp: loaded support on port[0] = 21
[   28.489145] IPVS: ftp: loaded support on port[0] = 21
[   28.543971] IPVS: ftp: loaded support on port[0] = 21
[   28.595681] IPVS: ftp: loaded support on port[0] = 21
[   28.658252] IPVS: ftp: loaded support on port[0] = 21
[   29.424631] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   29.450994] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   29.588954] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   29.675487] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   29.690739] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   29.849491] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   29.925776] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.193142] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   32.411460] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.417633] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.433201] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.439289] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.498454] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.504594] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.529390] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.535505] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.580555] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.586688] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.722909] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   32.736413] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   32.757640] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.763759] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.790558] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   32.801508] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   32.812065] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.818152] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.891929] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.035603] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.049647] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.056334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.065129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.085776] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.087078] audit: type=1400 audit(1519721695.284:12): avc:  denied  { sys_chroot } for  pid=4222 comm="syz-executor0" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   33.093495] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.127238] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.135064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.147118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.166464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.176921] audit: type=1400 audit(1519721695.375:13): avc:  denied  { net_raw } for  pid=5461 comm="syz-executor1" capability=13  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   33.179393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.202202] audit: type=1400 audit(1519721695.401:14): avc:  denied  { dac_override } for  pid=5460 comm="syz-executor7" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2018/02/27 08:54:55 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='cgroup\x00')
pread64(r0, &(0x7f0000f81800)=""/2048, 0x800, 0x0)

[   33.212803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.241000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.262050] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.273956] kasan: CONFIG_KASAN_INLINE enabled
[   33.278659] kasan: GPF could be caused by NULL-ptr deref or user memory access
2018/02/27 08:54:55 executing program 2:
setitimer(0x80000001, &(0x7f0000000100)={{0x77359400}}, &(0x7f0000000140))

[   33.286059] general protection fault: 0000 [#1] SMP KASAN
[   33.291582] Dumping ftrace buffer:
[   33.295106]    (ftrace buffer empty)
[   33.298801] Modules linked in:
[   33.301990] CPU: 1 PID: 5462 Comm: syz-executor0 Not tainted 4.16.0-rc3+ #331
[   33.309246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.309614] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.318589] RIP: 0010:hrtimer_active+0x1da/0x3c0
[   33.318594] RSP: 0018:ffff8801d2f8f3c0 EFLAGS: 00010202
2018/02/27 08:54:55 executing program 2:
setitimer(0x80000001, &(0x7f0000000100)={{0x77359400}}, &(0x7f0000000140))

2018/02/27 08:54:55 executing program 2:
setitimer(0x80000001, &(0x7f0000000100)={{0x77359400}}, &(0x7f0000000140))

[   33.318601] RAX: 0000000000000008 RBX: 1ffff1003a5f1ea5 RCX: ffffffff81610225
[   33.318608] RDX: 0000000000010000 RSI: ffffc9000199f000 RDI: 0000000000000010
[   33.324723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.329369] RBP: ffff8801d2f8f500 R08: 0000000000002c02 R09: 0000000000000000
[   33.329373] R10: 0000000000000011 R11: ffffed0039581078 R12: 0000000000000010
[   33.329378] R13: 0000000000000000 R14: ffffed003a5f1e83 R15: dffffc0000000000
[   33.329384] FS:  00007feca2667700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
2018/02/27 08:54:55 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='cgroup\x00')
pread64(r0, &(0x7f0000f81800)=""/2048, 0x800, 0x0)

[   33.329389] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.329395] CR2: 00007feca2625000 CR3: 00000001bca6f002 CR4: 00000000001626e0
[   33.339267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.341972] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.341978] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.341980] Call Trace:
[   33.341999]  ? hrtimer_forward+0x2d0/0x2d0
[   33.383248] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
2018/02/27 08:54:55 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='cgroup\x00')
pread64(r0, &(0x7f0000f81800)=""/2048, 0x800, 0x0)

[   33.385687]  ? vmx_update_msr_bitmap+0x13a/0x430
[   33.385701]  ? setup_msrs+0x926/0x1d80
[   33.391635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.398808]  ? vmx_set_cr4+0x353/0x610
[   33.398830]  hrtimer_try_to_cancel+0x91/0x5b0
[   33.405698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.413236]  ? update_exception_bitmap+0x19a/0x200
[   33.413245]  ? __hrtimer_get_remaining+0x1c0/0x1c0
[   33.413254]  ? vmx_vcpu_reset+0x55f/0xc70
[   33.460134] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.463176]  ? load_vmcs12_host_state+0x1fa0/0x1fa0
[   33.463189]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   33.463204]  ? kvm_arch_vcpu_load+0x1c1/0x8d0
[   33.468115] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.473010]  ? futex_wake+0x680/0x680
[   33.473022]  hrtimer_cancel+0x22/0x40
[   33.510877]  kvm_lapic_reset+0x93/0xf40
[   33.514852]  ? kvm_lapic_set_base+0x750/0x750
[   33.519339]  ? kvm_arch_vcpu_free+0x80/0x80
[   33.523660]  kvm_arch_vcpu_setup+0x31/0x50
[   33.523935] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.527885]  kvm_vm_ioctl+0x52d/0x1cf0
[   33.527894]  ? wake_up_q+0x8a/0xe0
[   33.527905]  ? kvm_set_memory_region+0x50/0x50
[   33.527919]  ? get_futex_key+0x1d50/0x1d50
[   33.550729]  ? do_raw_spin_trylock+0x190/0x190
[   33.555313]  ? do_wp_page+0x65b/0x1260
[   33.559196]  ? trace_hardirqs_off+0x10/0x10
[   33.563513]  ? lock_release+0xa40/0xa40
[   33.567484]  ? find_held_lock+0x35/0x1d0
[   33.571546]  ? __fget+0x342/0x5b0
[   33.573623] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   33.574990]  ? lock_downgrade+0x980/0x980
[   33.575001]  ? lock_release+0xa40/0xa40
[   33.581119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.585163]  ? __lock_is_held+0xb6/0x140
[   33.585183]  ? __fget+0x36b/0x5b0
[   33.589472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.595590]  ? handle_mm_fault+0x35b/0xb10
[   33.595606]  ? iterate_fd+0x3f0/0x3f0
[   33.595621]  ? __do_page_fault+0x5f7/0xc90
[   33.621721]  ? lock_downgrade+0x980/0x980
[   33.625852]  ? kvm_set_memory_region+0x50/0x50
[   33.630407]  do_vfs_ioctl+0x1b1/0x1520
[   33.634266]  ? handle_mm_fault+0x465/0xb10
[   33.638472]  ? check_same_owner+0x320/0x320
[   33.642765]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.647667]  ? ioctl_preallocate+0x2b0/0x2b0
[   33.652048]  ? selinux_capable+0x40/0x40
[   33.656085]  ? SyS_futex+0x1fb/0x390
[   33.659776]  ? security_file_ioctl+0x7d/0xb0
[   33.664155]  ? security_file_ioctl+0x89/0xb0
[   33.668541]  SyS_ioctl+0x8f/0xc0
[   33.671878]  ? do_vfs_ioctl+0x1520/0x1520
[   33.675997]  do_syscall_64+0x281/0x940
[   33.679859]  ? __do_page_fault+0xc90/0xc90
[   33.684064]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.688532]  ? finish_task_switch+0x1c1/0x7e0
[   33.692996]  ? syscall_return_slowpath+0x550/0x550
[   33.697903]  ? syscall_return_slowpath+0x2ac/0x550
[   33.702803]  ? prepare_exit_to_usermode+0x350/0x350
[   33.707794]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   33.713130]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.717957]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   33.723129] RIP: 0033:0x453d69
[   33.726292] RSP: 002b:00007feca2666c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   33.733967] RAX: ffffffffffffffda RBX: 00007feca26676d4 RCX: 0000000000453d69
[   33.741214] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000014
[   33.748453] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000
[   33.755691] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   33.762931] R13: 000000000000020e R14: 00000000006f31f0 R15: 0000000000000001
[   33.770181] Code: ff ff 48 8d 85 18 ff ff ff 48 c1 e8 03 4e 8d 34 38 e8 1b f2 0f 00 48 8b 85 f0 fe ff ff c6 00 00 48 8b 85 d8 fe ff ff 48 c1 e8 03 <42> 80 3c 38 00 0f 85 c2 01 00 00 48 8b 85 e8 fe ff ff 48 8b 58 
[   33.789257] RIP: hrtimer_active+0x1da/0x3c0 RSP: ffff8801d2f8f3c0
[   33.796480] ---[ end trace 5e0f5d04d3423cac ]---
[   33.801256] Kernel panic - not syncing: Fatal exception
[   33.807056] Dumping ftrace buffer:
[   33.810571]    (ftrace buffer empty)
[   33.814248] Kernel Offset: disabled
[   33.817845] Rebooting in 86400 seconds..