[....] Starting enhanced syslogd: rsyslogd[ 13.461298] audit: type=1400 audit(1516349852.405:5): avc: denied { syslog } for pid=3503 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.918157] audit: type=1400 audit(1516349856.861:6): avc: denied { map } for pid=3641 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.211' (ECDSA) to the list of known hosts. 2018/01/19 08:17:43 fuzzer started [ 24.153850] audit: type=1400 audit(1516349863.097:7): avc: denied { map } for pid=3652 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/19 08:17:43 dialing manager at 10.128.0.26:40619 [ 27.626826] can: request_module (can-proto-0) failed. [ 27.636100] can: request_module (can-proto-0) failed. 2018/01/19 08:17:47 kcov=true, comps=true [ 28.163082] audit: type=1400 audit(1516349867.106:8): avc: denied { map } for pid=3652 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=69 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/01/19 08:17:49 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000d4c000-0x58)={0x26, 'hash\x00', 0x0, 0x0, 'vmac(aes)\x00'}, 0x58) bind$alg(r0, &(0x7f0000bbf000-0x58)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-des3_ede-asm\x00'}, 0x58) 2018/01/19 08:17:49 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = shmget(0x1, 0x4000, 0xe85, &(0x7f0000813000/0x4000)=nil) shmctl$SHM_LOCK(r0, 0xb) fanotify_init(0x19, 0x2000000000041800) r1 = syz_open_dev$audion(&(0x7f0000e0c000-0xc)='/dev/audio#\x00', 0xffff, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000604000)=0x4b, 0x4) ioctl$sock_ipx_SIOCAIPXITFCRT(r1, 0x89e0, &(0x7f0000417000)=0x9) r2 = mmap$binder(&(0x7f0000a88000/0x1000)=nil, 0x1000, 0x8, 0x2010, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000ed5000-0x18)={r2, 0x0, 0x0, 0x0}) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000aba000)={0x8, 0xcf, 0x3, 0x9, 0x4563}, 0x14) ioctl$TTUNGETFILTER(r1, 0x801054db, &(0x7f00004f7000)=""/206) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r1, &(0x7f0000623000-0x80)=[{&(0x7f0000f80000-0xa)="939ce2f5642d08d5950d", 0xa}], 0x1) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000c75000)={0x8, 0xfff, 0x1, 0x8000, 0xfff, 0xd9a}) r3 = creat(&(0x7f000091c000-0x8)='./file0\x00', 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000974000-0x12)='net/ip6_flowlabel\x00') sendfile(r3, r4, &(0x7f0000184000-0x8)=0x0, 0x26a950e) 2018/01/19 08:17:49 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000c67000-0x78)={0x2, 0x78, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x15, 0x80005, 0x0) getsockopt(r0, 0x200000000114, 0x2713, &(0x7f0000c36000-0x1)=""/1, &(0x7f0000943000-0x4)=0x1) 2018/01/19 08:17:49 executing program 2: mmap(&(0x7f0000000000/0xb0d000)=nil, 0xb0d000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00007d6000)='/dev/kvm\x00', 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000741000)='/dev/rfkill\x00', 0x0, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, &(0x7f0000226000-0x14)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000a76000-0x158)={0x1, 0x0, [{0x0, 0x1, 0x0, 0x0, @msi={0xfff, 0x0, 0x0}}]}) 2018/01/19 08:17:49 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00002b6000-0x78)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000a31000-0x24)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000a61000-0xa)='/dev/ptmx\x00', 0x80a, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000a0a000-0x8)={0x0, 0x0, 0x0, 0x0}) 2018/01/19 08:17:49 executing program 4: mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x17f}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x5, &(0x7f0000002000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0}, [@jmp={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8}], {0x95, 0x0, 0x0, 0x0}}, &(0x7f0000004000-0xa)='GPL\x00', 0x3, 0xc3, &(0x7f000000c000-0xc3)=""/195, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x48) 2018/01/19 08:17:49 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f00000ee000-0x8)='keyring\x00', &(0x7f0000cc1000-0x5)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key(&(0x7f0000292000)='big_key\x00', &(0x7f0000db0000-0x5)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, &(0x7f0000555000)="fb", 0x1, r0) keyctl$read(0xb, r1, &(0x7f00002f8000)=""/0, 0x0) 2018/01/19 08:17:49 executing program 6: [ 30.152457] audit: type=1400 audit(1516349869.095:9): avc: denied { map } for pid=3652 comm="syz-fuzzer" path="/root/syzkaller-shm189197892" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 30.990707] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.513604] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.975968] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.011071] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.141843] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.349463] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.542473] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.584168] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.644152] audit: type=1400 audit(1516349872.587:10): avc: denied { sys_admin } for pid=3695 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.745451] audit: type=1400 audit(1516349872.646:11): avc: denied { sys_chroot } for pid=4481 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 34.147333] audit: type=1400 audit(1516349873.090:12): avc: denied { dac_override } for pid=4594 comm="syz-executor7" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 34.715312] audit: type=1400 audit(1516349873.658:13): avc: denied { prog_load } for pid=4738 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 34.722926] WARNING: CPU: 0 PID: 4739 at kernel/bpf/verifier.c:1885 adjust_ptr_min_max_vals+0x58c/0x1820 [ 34.722944] Kernel panic - not syncing: panic_on_warn set ... [ 34.722944] [ 34.722953] CPU: 0 PID: 4739 Comm: syz-executor4 Not tainted 4.15.0-rc8+ #268 [ 34.722958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.722961] Call Trace: [ 34.722974] dump_stack+0x194/0x257 [ 34.722989] ? arch_local_irq_restore+0x53/0x53 [ 34.723010] ? vsnprintf+0x1ed/0x1900 [ 34.723026] panic+0x1e4/0x41c [ 34.723035] ? refcount_error_report+0x214/0x214 [ 34.723044] ? show_regs_print_info+0x18/0x18 [ 34.723064] ? __warn+0x1c1/0x200 [ 34.723078] ? adjust_ptr_min_max_vals+0x58c/0x1820 [ 34.723084] __warn+0x1dc/0x200 [ 34.723094] ? adjust_ptr_min_max_vals+0x58c/0x1820 [ 34.723106] report_bug+0x211/0x2d0 [ 34.723124] fixup_bug.part.11+0x37/0x80 [ 34.723135] do_error_trap+0x2d7/0x3e0 [ 34.723150] ? math_error+0x400/0x400 [ 34.723160] ? kasan_check_read+0x11/0x20 [ 34.723169] ? _copy_to_user+0xa2/0xc0 [ 34.723183] ? verbose+0x1ab/0x590 [ 34.723196] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.723213] do_invalid_op+0x1b/0x20 [ 34.723221] invalid_op+0x22/0x40 [ 34.723228] RIP: 0010:adjust_ptr_min_max_vals+0x58c/0x1820 [ 34.723232] RSP: 0018:ffff8801bf4a7118 EFLAGS: 00010216 [ 34.723239] RAX: 0000000000010000 RBX: ffff8801d4736e10 RCX: ffffffff817e9b1c [ 34.723244] RDX: 000000000000bd54 RSI: ffffc90003b68000 RDI: ffffc90005937049 [ 34.723248] RBP: ffff8801bf4a71b0 R08: ffff8801bfe5d4e4 R09: ffff8801bfe5d4e0 [ 34.723252] R10: ffff8801bf4a71c0 R11: 0000000000000000 R12: ffff8801d4736e10 [ 34.723257] R13: ffff8801d4736dc0 R14: ffffc90005937048 R15: ffff8801d4736dc0 [ 34.723277] ? adjust_ptr_min_max_vals+0x58c/0x1820 [ 34.723294] ? adjust_ptr_min_max_vals+0x58c/0x1820 [ 34.723325] do_check+0x48ad/0xa5a0 [ 34.723334] ? __kernel_text_address+0xd/0x40 [ 34.723375] ? check_mem_access+0x1d20/0x1d20 [ 34.723381] ? save_stack+0x43/0xd0 [ 34.723388] ? kfree+0xd6/0x260 [ 34.723394] ? bpf_check+0x1f12/0x2770 [ 34.723400] ? bpf_prog_load+0xa15/0x1ab0 [ 34.723405] ? SyS_bpf+0x1049/0x4400 [ 34.723413] ? entry_SYSCALL_64_fastpath+0x29/0xa0 [ 34.723425] ? debug_check_no_obj_freed+0x3da/0xf1f [ 34.723433] ? print_irqtrace_events+0x270/0x270 [ 34.723448] ? check_noncircular+0x20/0x20 [ 34.723458] ? print_irqtrace_events+0x270/0x270 [ 34.723483] ? __lock_is_held+0xb6/0x140 [ 34.723504] ? cap_capable+0x1b5/0x230 [ 34.723522] ? security_capable+0x8e/0xc0 [ 34.723528] ? bpf_check+0x1f12/0x2770 [ 34.723549] bpf_check+0x1f5c/0x2770 [ 34.723555] ? bpf_check+0x1f5c/0x2770 [ 34.723563] ? ktime_get_with_offset+0x2c1/0x420 [ 34.723587] ? do_check+0xa5a0/0xa5a0 [ 34.723594] ? memset+0x31/0x40 [ 34.723607] ? bpf_obj_name_cpy+0x199/0x1f0 [ 34.723613] ? kasan_check_write+0x14/0x20 [ 34.723629] bpf_prog_load+0xa15/0x1ab0 [ 34.723645] ? bpf_prog_new_fd+0x50/0x50 [ 34.723656] ? avc_has_perm+0x4fb/0x680 [ 34.723664] ? avc_has_perm+0x43e/0x680 [ 34.723679] ? avc_has_perm_noaudit+0x520/0x520 [ 34.723699] ? __might_fault+0x110/0x1d0 [ 34.723709] ? lock_downgrade+0x980/0x980 [ 34.723727] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 34.723737] ? __check_object_size+0x25d/0x4f0 [ 34.723756] ? __might_sleep+0x95/0x190 [ 34.723771] ? selinux_bpf+0xc3/0x110 [ 34.723781] ? security_bpf+0x89/0xb0 [ 34.723795] SyS_bpf+0x1049/0x4400 [ 34.723814] ? bpf_prog_get+0x20/0x20 [ 34.723820] ? get_futex_key+0x1d50/0x1d50 [ 34.723851] ? __lock_is_held+0xb6/0x140 [ 34.723870] ? do_futex+0x86f/0x22a0 [ 34.723881] ? check_noncircular+0x20/0x20 [ 34.723891] ? vma_wants_writenotify+0x3b0/0x3b0 [ 34.723912] ? exit_robust_list+0x240/0x240 [ 34.723923] ? find_held_lock+0x35/0x1d0 [ 34.723943] ? __fget+0x333/0x570 [ 34.723953] ? lock_downgrade+0x980/0x980 [ 34.723966] ? lock_release+0xa40/0xa40 [ 34.723980] ? __lock_is_held+0xb6/0x140 [ 34.724007] ? __fget+0x35c/0x570 [ 34.724017] ? do_mmap+0x362/0xe00 [ 34.724032] ? iterate_fd+0x3f0/0x3f0 [ 34.724038] ? up_read+0x40/0x40 [ 34.724047] ? down_read_killable+0x180/0x180 [ 34.724057] ? security_mmap_file+0x143/0x180 [ 34.724075] ? vm_mmap_pgoff+0x1fc/0x280 [ 34.724084] ? vm_mmap_pgoff+0x13b/0x280 [ 34.724105] ? __fget_light+0x297/0x380 [ 34.724116] ? fget_raw+0x20/0x20 [ 34.724123] ? selinux_capable+0x40/0x40 [ 34.724139] ? SyS_futex+0x269/0x390 [ 34.724154] ? do_futex+0x22a0/0x22a0 [ 34.724176] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.724197] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 34.724202] RIP: 0033:0x452e99 [ 34.724206] RSP: 002b:00007f3a98840c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000141 [ 34.724213] RAX: ffffffffffffffda RBX: 00007f3a98841700 RCX: 0000000000452e99 [ 34.724217] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000005 [ 34.724221] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 34.724225] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 34.724230] R13: 0000000000a2f7ef R14: 00007f3a988419c0 R15: 0000000000000000 [ 34.738358] Dumping ftrace buffer: [ 34.738443] (ftrace buffer empty) [ 34.738445] Kernel Offset: disabled [ 35.231672] Rebooting in 86400 seconds..