[....] Starting enhanced syslogd: rsyslogd[ 12.229609] audit: type=1400 audit(1515699146.904:5): avc: denied { syslog } for pid=3343 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.649630] audit: type=1400 audit(1515699152.324:6): avc: denied { map } for pid=3485 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. 2018/01/11 19:32:38 fuzzer started [ 23.833657] audit: type=1400 audit(1515699158.508:7): avc: denied { map } for pid=3495 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/11 19:32:38 dialing manager at 10.128.0.26:42497 2018/01/11 19:32:42 kcov=true, comps=true [ 27.694433] audit: type=1400 audit(1515699162.369:8): avc: denied { map } for pid=3495 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1120 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/01/11 19:32:44 executing program 7: 2018/01/11 19:32:44 executing program 3: 2018/01/11 19:32:44 executing program 0: 2018/01/11 19:32:44 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) inotify_init() r0 = syz_open_dev$loop(&(0x7f00002a0000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000beb000-0x98)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000001001bf3ff000000006500ff00010000007db0e6f10efbf9a219d8f6aa6bd58d1c43473100e85026e7ff40f9b55bd1b3335d5bffff0001f3", "cfa40005000000f7ffffffff00000000000000ffb833220182ab867d00", [0x0, 0x0], 0x0}) 2018/01/11 19:32:44 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x800000000000011, 0x4000000000080003, 0x0) sendmsg$nfc_llcp(r0, &(0x7f0000370000)={&(0x7f0000cdb000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "cd3fb8ab069207ff1b00db85ab2c03f8e399e2dddbe912f21fbab62736d9b6121f2a0000d44bc4192217502101d9f934026b0b8bdf3dce4eb76a3dfa585c05", 0x0}, 0x60, &(0x7f000049a000)=[{&(0x7f000072c000)="ab1664534abc9c2d5794deef9cfc2bdfed4be4d4552a6c804abaffbc6634f7c7db2c2994410ba5b3f0236db35066ff7c28692e5e2cec2ba52726e0fa420d4c9be658a89b7fe098e281e5d17bc9ed5cb339abce7c44a65a9ae6e54e274e2d25e1d65d7197d65214feee02eb327da550c316edb5dc134d0dab4bf6794c9dc4c8bf20053df4a017b2ba1bda22871b5d10fa9d046de8bb83f1175655c90e3deb270cbfa0439742fc4e3432264fe5f594c2c86f7aa85d106e45f42aef0e0217347e2431cda3a00624f2f9d18a11340c33fd9bd9ad2c7a0c4df8fba1f7b5d1a56b9931258d8edfeae80ed865f4b0b390e05e97cbc9743da03a7606598a6ce36671311855297997bd4dec43f82c53df03b1d618169ac5cb2c1443900f86c5f45a8949017bc0a46936200c3acc5c1fdbd622e567e85b3c9d5d9c072ab0740f92de6d856830a30b3599258195537ae53cbfd91c7cf8507a075941d48949eadcb2cbf1f1ac21198e2e316183d494402b40f7654dd1ea392d43c5a0bc925fb58d0c750abc93fbe4795bebbd6d62272be834e5edb602bc7e9d74fc644cfd33bd4716225382c8aabe3d879d4c4fa0a07a66a3e3510392abeb84bdcc6ebc01c90f56ca6b806299f1b2f12006da4e42352b70790bf30b62fcc73e3bca370d53f3b250b0371d204516af8e5d31a664772ea39bde33879fa37b40ea2d87d353ba18eccc7fa682647b27f7627cd73a50418dff965cba5d42572685ab5231461314dea65097d964b9d2f199dd1de8c98e874245dec1caf6c27ba1ee7dd65c6ff56c18ce49052c9f9a971e0e4cd538345cf77ec8bbbd13f6bfbf75e647f1e74a1a618cb5eaf7003b14c8935da3c5c4f66f2c1d27da79aff6d1def705eee4599ee2ce8e93fc9274ee2c28fe13cd6f4f6a53adb6cd69dd727487e5fc2943a5471762958908262a4132889c5a64191d549447cee3053910037f06bc73793a812ef7e73586efa2b4d10833daf01c825a0fe06caa03b442d470bb447987a78e046d13859938af780e3ed3b22b683abbde537df1292d16396b0d4717be4983974ae023bdbacdf8b2d8ca5a945f43bed72c2ad50785e068d2c114684bd4f6cf5473eb1d2e7b309c01ae9138827325ca26b176233fe49ff0db5dcbd600937f1e13e96be1c5307ff816832d6427e70830ce67be6b475a61c882dae68b376561934bec10ae3ab581ebac222e440f15e9ef7d053fd38e138ddf94eea8d7532a635828d0d907867fb2e21c3403f8f84d9f9c6f250466d9ae2aae6fd2b4595614833bb02b0b56950422c660484bf8dcb789075fdccbc8acb5106e45e5045eae81ecd56c735f291d91b9c0b80402f42b27d602a76ce2b2cc7b75b22f9a191eda1d131d5f47fbcc73cb6091c0b8de2c4f405e010279c2db75adc521e45dfbf4d66faa06aeb843a07b25e7742c5cbe9010c27c860b349730c45e35349c962acded3f4ac87ba39be6d7d09537323d4276023d86e7ef5b4d396064a6a1150da29c9b7f3b6305f0e984763396efa0127aec1b16430d7b458fcf59f3d41ad6490bcc08a328f25d563a12255f472d48285c4b065e5cc310232761efc8b418486680719b369a9541ae4b52e86db9de776e5262a944c340761099688fc8c491a4e62bc673993c1c72cc94f9d3f17d74b39b724ef17523d011e85f674d13ccde83733f0bb8529ed0f94727e529386bfa654520182641de909a3069cf553bb9933967fbd4d2232dc5e6010bc4805a0f7244a4884547d931e18caeb24e792999c96e332c66124b69a1a649912470feb6eb4c268f849031d4c424024c8a6f5e2a208530dbc54c843bb708392c7e654a4dd7e86e9f5da7dd5ccc238b840791db84d80ba2f986f08ae415ec5d6ed3d398141eaf53e154c703b9f741596edaada349d05aad5a91aa6599da575c684d8a27ec86f3a1a49f2b4b61001f882c419705c819ef5c90a820fd2eb137fb4155dc2064b5c7d99e02e5c000c046b7d28b37875d943b434453f62863d72ae1f15f980fc1db15d14a53ae7cca0b833137dc5334b9ff4e9a26a9b452096fbc21979a1ccfff7801b2b84e20a2411cd5381bb6f8b718ffe80e1d7442899a06607438f04e081ed5c83d5ff32172c09deaeb67e473aa087e45f9fedf5acb14e20d980547539cf0f911b92c091d9b53c97d72123dda816dfbd150853e067d074038832c6a1c281fe225872507ed2286e224eaebf8f9dbfc7d71018d797bbbfabb141e57f8d3f16c4590eacf49c64e8be68fae38e38098baf87cab48b7c4720a67af84faea009418762c193d6a5326eca50fee8c2cacc05b881d1d6e91df7514dda4ba6e03122d3dfb5731d293e6a7e41d0c8435a1ba83c17ac269753a82202306b1303b48bece77fea7b52f60693936de1cb9b14b536c2a9825209d52f6d66e2861be435c3c9b620127abe62d0810161992e3828662d0e847df81235484ba3782ca218b0323b2958f6e3b71c6b906c91017fadcc8b91399c2bcf403d38d5e8e33697fe43ad5f01fbc19b847ef557e9b25ca6cff525b1f7a736d50c4e45bbc6c4c10a5573c75457bd341f268ab80e50da271a25381a6d5bc584a205bf82b1ae76de42faf6c53094e4121fa47d452ad9d866ac76dd1216cbada79bd51e29430ef313020d2a9e23784061f0c2fd8e898362e6afb0f69482ab59da608de8aef8edef4de3c6df277f99743f6bc7b166f3b42376929c1ffde9705499e51b8c21dcabcd07b7a58083acfa271cea3be3d3e3b17655f200be9ec089ed1ac0147d9c503138d3b84073c723ff31d39cac0c99e58d78db08dffdb6204b4515eb853062a36c24d15d4395fa7c686b0207e840914847b7e3a9cacc28b8146d1d2b28e67ee1cddf3f2095975d77aeeae930747b14f576a1264a05b386f8fef6d574061fc425fed574762061c225a987b25259fe4879dd841852b5b50f38d4564e15e66ab351aeb6d16aa92a289c4ab8596a9147d6aebb7d1584b1323175b87933a1fdaa29f678faa1e700fc06e1266cc93a5c66f7ee8f96da3435ead2a4f325556a44a3655f0d86eb296662b92670dda25cb0fccac767102dfca3466cd747609458336f7d269f75756c12195f14bdc95346d9a7e10a8b14c7eb35ed9a0f4c81e1c165b82af48a3c6ea5a0a0b7d057ecbebea6b9b00b2a9237cc7b1b3fccdc7113ba85c9f3fb3367b481f9112089fff0b83304b3aad0e53cfd24a76f4e26941491a96b80629388a2dae75e56a900380ed860212f8a024fbf9ada354ace2011314cf315a3e88be80cbd0a8fd97d3d19116193d6d690c5878803bc9e969ed0aa277fd4979239fbe20a262102f7f02891db39f532520b1ff2a0367f3724bb523876779997da1dbf81e21503d86e8133618a14b820f30203a8d5a171ec26adfe885d31d578a222bea350a12fb7fd3f2a6227447be50cb1b62924a1005180c004ec057fa80c33ae794e356318f3788701cb598048d5889a470f0621ec3934302ac25565285502faf00dae26c515c411025fbe72b4cef441be6770ec2f9c3533532a325d3ca745b2adea6875fe9ba28ad9410becdb6becbdb81eb9fa50a1f6fa90de99d5c3bf368046adfce4a2a53b0c385da0fedd8d4f742419eea4db95fd2722fd42cefcedcd8fcb4b2367eb5e0c6ebd61f4cde8ffaf996604c3059d0845f9b8722efcf6d43989fcfa58e547529903073bac3f581528ea81b3c5a3f0ed2bb01495af0652eba133c8ef31d0dc0684ac6a4d21b6fc04bcdf9460b83c2ac75f57802a46fe2ad7e518f0d92d4bc1e3ae4c57864abf8bc3c11bf032cba356e4b7261380a04d2ad6985e507d0a8f5a3a7a2d1acd456010efe2e259f663ca145b24ee3f7afefb7de2ff8f0331a0fd22d8301556878b9fb19f4ce17a86d7e25cafe8790437a518b76824434f35529a5292456bb430cc8f0e39621d19ce085529450889d249d564203ad9134d2d84160c69f10bb86a31d0bf6ba0411b6b65d82a804f3a58ca4f725485b833fe508884458c4ddd7f1fac0165b69dd8aa5d72ffe3069dc94b3e75af43a2f39acccdb9450eae28dff9a93a51f1aa7f1a7f39f78d9ca6a0bf971bdd459ae877cc73348ebd0257963be8236e0f278275b383887a0c1616d4b4cd9b8a14cc9fed48c7912db2cbf4349c60919bdac4f178ba9088dce9ea58728ef68ef61f572e0dbd0dfa68eca65ee4efc7febaa58f7cd1a84100a389b67ee5dc558134df07fb0da2744c0b679282ec584fc99fb71c70e4f327d8d322d949863e9db3b9611863b1fb84cb38079a49ef12db3b7c110db419ea7c63e662ebd3525a57c9a0749b41d7db5b4f21214891cc0a452bca1e39a8c52012435f704f309a1bde0dcf6a25b256904eb9923afdfe91418a073cf43158c766ab6f4cb8108abfa0f7a16ce8b8bb693bc312d3719b9591671a472b411b3050abb976c819f6f5a8b9ae838f0e01383ac5c86c2e9a22c7b2e91d380aaad2da5cabe651d96a42ff7ec9293ae26aecf512310eb6f0656a12859216b25963047c39534d8aa6babb01fded1e9f8e82af0e8b65a4f96e244c735b79ca92be5e2480088f60c39e69d9d20f097566f51d9120b0aa9772e17f904b2b4019773830e3c4ca92032c78262ee1da6c8286b7ba8f0189e5dc552495068795edc4d8634524d98fb22e407e9efc517002937b88a6f7a6127a5786e3309d65f06d179d39c1547e3431c1bf09457c7d800b85442748012927d851c33072588f45f09359ad80f96293d127169beeead667a5793f2ff45c65ac16abfe099f4a65e673d1c4307b121ac872f9cb780cb6941f63b0efbb4b8", 0xd4b}, {&(0x7f00000be000)="ba2a00782618dc9081447a90fff5a99a994f96728c203fe435893fa8c054a7bca9b1f3b66e5294ea2e3f3c2690f4abd4dc7fcd1eb2e01e252220b509d13918c994008b94afe0cee57a5d19b7dca05ffafcb49181d2c84fce09ae3b83bba65a6e595cbe5b2a2b28be1a4cb595480e5d9add898dd6f1ccf409c69edc0c78b481bb89db8aa85f69621bd57da436aca94607e4867e49fd05fec04c38069cf933c487d2e62b33a662bb89b0c2cbeb53612a588eb24348a266f157618abb2b7e300c9b50350958be2c03bf616c87834ce010023ea7e5e5e4cfd0b6ee40609ac68555f2601204e8056099", 0xe7}, {&(0x7f00000dc000)="91f45e9225eb8498aece60e8dfc0bcf4e8b222ba9f5c38c7619f72610a9ba8d08aa5336a844ccc5b711bb28316fc1d80af9baf097a95686dbf761e6e8dd297a6fdd62e6d427c5240285404eafe8b26b282f0909e1556b58df90e9e900d248547e1856145cd774d601514f4439c4ae6bc622a22468aaa1229084cca865f07e844ce5f759050c500bef48084c4be0e214b8b688a3484a241540c7543b9cede9a4e7325ae7dd4c1f7a3c4e46e130e3c90f69ffc8b3902ac302e9d607f0b93ab30cc9d3b0313c1c0514850c8184a6cb09be8c7b0587cf86eaeca872131284e869805d9", 0xe1}], 0x3, &(0x7f000057f000-0x1010)={0x10, 0x0, 0x0, ""}, 0x10, 0x0}, 0x0) 2018/01/11 19:32:44 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f000042a000-0xd)='net/if_inet6\x00') pread64(r0, &(0x7f00008e6000)=""/219, 0xdb, 0x200002) 2018/01/11 19:32:44 executing program 5: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) timer_create(0x7, &(0x7f00007f1000-0x60)={0x0, 0x23, 0x6, @tid=0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000000)=0x0) timer_getoverrun(r0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000002000-0x10)={0x0, 0x0}) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) timer_settime(r0, 0x1, &(0x7f0000001000)={{r1, r2+10000000}, {0x77359400, 0x0}}, &(0x7f0000000000)={{0x0, 0x0}, {0x0, 0x0}}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) timer_gettime(r0, &(0x7f0000003000-0x20)={{0x0, 0x0}, {0x0, 0x0}}) r3 = syz_open_dev$sg(&(0x7f0000002000)='/dev/sg#\x00', 0xd4, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r4 = syz_open_dev$sndmidi(&(0x7f0000002000-0x4)='/dev/snd/midiC#D#\x00', 0x1773, 0x1) ioctl$KVM_S390_UCAS_MAP(r3, 0x4018ae50, &(0x7f0000001000-0x18)={0x619b, 0x1, 0x2}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000003000)={0x9, &(0x7f0000003000-0x48)=[{0x0, 0x8, 0x7852, 0x6}, {0x100000001, 0x8001, 0xd60a, 0xff}, {0x6, 0xfffffffffffffffb, 0x4ca0, 0x7fffffff}, {0xffffffffffff8000, 0xffff, 0x3521, 0x2}, {0x7f, 0x6, 0x7, 0x8}, {0x7f, 0x1000, 0xb54, 0x1}, {0x91, 0xbe, 0x0, 0x9}, {0x1, 0x9, 0xffff, 0x6}, {0x7, 0x10001, 0x9, 0x1}]}, 0x10) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000003000)=0x0) perf_event_open(&(0x7f0000003000-0x78)={0x0, 0x78, 0x9, 0xaf6a, 0x9, 0x4, 0x0, 0x7efb, 0x10, 0x5, 0x8, 0x304, 0x2, 0x2, 0x9, 0x3f, 0x7, 0x1, 0x91ad, 0x0, 0x3ff, 0x1d, 0x4cb0, 0x5, 0x9, 0x6, 0x0, 0xdf8, 0x1, 0x0, 0x8, 0x5, 0x4, 0x3ff, 0x558, 0x9, 0x1000, 0x8, 0x0, 0x1000, 0x0, @perf_config_ext={0x5, 0xc0}, 0x800, 0x0, 0x0, 0x7, 0x3ff, 0x7fff, 0x8001, 0x0}, r5, 0xaea, r3, 0x2) mlock(&(0x7f0000001000/0x2000)=nil, 0x2000) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000003000)={{{@in6=@loopback={0x0, 0x0}, @in=@local={0x0, 0x0, 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in6=@remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0}, 0x0, @in6=@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000001000)=0xe8) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fstat(r3, &(0x7f0000005000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000004000)={{{@in6=@mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x2, 0x3, 0x0, 0x3, 0xa, 0x20, 0x80, 0x0, r6, r7}, {0x7fffffff, 0x5, 0xff, 0x400, 0x401, 0x1ff, 0x7, 0x1}, {0x6, 0x2de, 0xe95c, 0x9}, 0x10000, 0x0, 0x2, 0x1, 0x1, 0x3}, {{@in6=@mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0, 0x2b}, 0x0, @in=@broadcast=0xffffffff, 0x7, 0x2, 0x0, 0x3, 0x9, 0xffffffffffffffff, 0x80}}, 0xe8) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f0000000000)=0x4b, &(0x7f0000005000)=0x2) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000007000-0x4c8)={{0xed, 0x7, 0x1, 0x8001, "4909cb428a39b237cdf5b27e15d62ac10955bacd41fcad775de209fa983f7ab950d7f94f59d47fdc5eb14bf1", 0x1}, 0x18d, [0x7ff, 0x7ff, 0x1, 0x9, 0x81, 0x0, 0x8, 0xff, 0x3, 0x1000, 0x0, 0x1, 0x0, 0x100000000, 0x2, 0x1ff, 0x1, 0x7, 0x8, 0x3, 0x8, 0x1, 0x80000000, 0x7, 0x7, 0x96e7, 0xffffffff, 0xffffffffffff8000, 0x3, 0x2, 0xe00000, 0x9, 0xffffffffffff3897, 0x80, 0xfffffffffffffffb, 0x7, 0x52c, 0x10000, 0x6, 0x401, 0x65, 0x28e, 0x8, 0x56e1800000000, 0x8001, 0x78d, 0xfff, 0xd425, 0x7, 0xa49c, 0x1, 0x7f, 0x9, 0x1, 0x5, 0x7f, 0x5, 0x0, 0x0, 0x65, 0x5d3, 0x9, 0x6, 0x7, 0x3ff, 0xfffffffffffff725, 0x40, 0x9, 0x0, 0x6, 0x7fff, 0x2, 0x0, 0x7fff, 0xfffffffffffffff8, 0xffffffffffffff01, 0x100000001, 0x400000000, 0x8, 0x9, 0x576b, 0x3, 0xfffffffffffffff7, 0x7b50, 0x5175, 0x46, 0xfff, 0xd5, 0x7fffffff, 0x80, 0x2, 0x3, 0x0, 0x7, 0x40, 0x2, 0x6, 0x8, 0x9, 0x6, 0x81, 0x6, 0x7, 0x8, 0x1ff, 0x6, 0xa2, 0xfffffffffffffffb, 0x1, 0xffff, 0x270, 0x80000000, 0x0, 0xd38, 0x4, 0x7, 0x0, 0x1, 0x20, 0x10000, 0x1, 0x1, 0x5, 0x2, 0x7, 0x6, 0x1, 0x1ff], {0x0, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000007000)=0x0, &(0x7f0000007000)=0x4) 2018/01/11 19:32:44 executing program 6: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000d60000)=0x0, &(0x7f0000654000-0x1)=0x4) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f000009d000-0x10)='/dev/sequencer2\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_INFO(r1, 0x80386433, &(0x7f0000001000-0x60)=""/96) r2 = mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2000002, 0x50, r1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001000-0x30)={0x28, 0x0, &(0x7f0000000000)=[@free_buffer={0x40086303, r2}, @increfs={0x40046304, 0x4}, @acquire={0x40046305, 0x3}, @decrefs={0x40046307, 0x1}, @exit_looper={0x630d}], 0x7a, 0x0, &(0x7f0000001000)="f7c3c7b10122408d6e67886cad608d3cd01f6241865222085f34a015bbcb23e62e5aa1aac7b96d86aaaad187cf13280ae1d0eac444f214c67c051d44dca7b8620f18ba628c46ffb2e89a2f6ee0e09db189ea176ae8a4ac3637c623bb2b91ca9708b3f96695a9afbb52e9f1ffc9b7f1a09601557e03cabf87eead"}) socket$nfc_raw(0x27, 0x3, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000003000-0x4)=0x1) syz_open_dev$sndtimer(&(0x7f0000001000-0xf)='/dev/snd/timer\x00', 0x0, 0x80) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000000)={r0}) getsockname$packet(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random=""/6, [0x0, 0x0]}, &(0x7f0000001000)=0x14) setsockopt$inet_mreqn(r3, 0x0, 0x0, &(0x7f0000001000)={@broadcast=0xffffffff, @broadcast=0xffffffff, r4}, 0xc) fcntl$setsig(r1, 0xa, 0x2a) ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f0000003000-0xf0)=""/240) prctl$getreaper(0x0, &(0x7f0000001000-0x8)=0x0) r5 = getpgrp(0x0) r6 = getuid() getresgid(&(0x7f0000002000-0x4)=0x0, &(0x7f0000002000-0x4)=0x0, &(0x7f0000001000-0x4)=0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000004000-0xc)={r5, r6, r7}, 0xc) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000004000)={0x10001, 0x0, [0x76, 0xde4, 0xe09, 0x1, 0x8, 0x7, 0x80cf, 0xd97a]}) ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f0000002000)={0x3, [0x0, 0x0, 0x0]}) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000005000)=0x0, &(0x7f0000004000)=0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000005000-0x68)={0x7fffffff, 0xfffe0000, 0x100000001, {0x0, 0x989680}, 0x0, 0xc4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) setsockopt$netrom_NETROM_N2(r1, 0x103, 0x3, &(0x7f0000001000-0x4)=0x320, 0x4) [ 29.844538] audit: type=1400 audit(1515699164.519:9): avc: denied { map } for pid=3495 comm="syz-fuzzer" path="/root/syzkaller-shm237776633" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 30.880148] audit: type=1400 audit(1515699165.554:10): avc: denied { sys_admin } for pid=3539 comm="syz-executor4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/11 19:32:45 executing program 0: mmap(&(0x7f0000000000/0xb6f000)=nil, 0xb6f000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00003b0000)={&(0x7f00006dd000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f0000b6d000)={&(0x7f00000f2000-0x2d0)=@acquire={0x134, 0x17, 0x11, 0x0, 0x0, {{@in=@remote={0xac, 0x14, 0x0, 0xbb}, 0x0, 0x0}, @in6=@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {@in6=@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6=@remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {{@in6=@ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @empty=0x0}, @in=@broadcast=0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0}, [@mark={0xc, 0x15, {0x0, 0x0}}]}, 0x134}, 0x1, 0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000b6f000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000b70000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000b70000)='/dev/snd/pcmC#D#p\x00', 0x7f, 0x41) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f000077a000-0x14)={0x200, 0x4, 0x4, 0xffff, 0x4}, 0x14) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f000032b000)={0x0, 0x7fffffff, 0x10}, &(0x7f0000b70000-0x4)=0xc) mmap(&(0x7f0000b6f000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000b6f000)={0x2, 0x800c, 0x9459, 0x3f57cd2, r2}, 0x10) 2018/01/11 19:32:45 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f000094f000)='/selinux/load\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000001000-0x8)={0x0, 0x1}, &(0x7f0000000000)=0x8) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={r2, 0x3}, &(0x7f0000c7e000-0x4)=0x8) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000252000-0x1000)=""/4096, &(0x7f00002e9000-0x2)=0x1000) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f00008a9000)='./file0\x00', 0xfffffffffffffffc) socket$nl_crypto(0x10, 0x3, 0x15) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000076000)={0x5, 0xffffffffffffff81, 0x7624, 0x1000, 0x6}, 0x14) seccomp(0x1, 0x0, &(0x7f000057a000)={0x27f, &(0x7f0000000000)=[]}) pread64(r3, &(0x7f0000f9e000)=""/143, 0x8f, 0x0) setsockopt$inet_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f000070b000-0x4)='tls\x00', 0x4) [ 31.057492] audit: type=1400 audit(1515699165.732:11): avc: denied { sys_chroot } for pid=3725 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 31.082105] audit: type=1400 audit(1515699165.746:12): avc: denied { net_admin } for pid=3742 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/11 19:32:45 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000)=0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00007fc000-0x78)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xa, &(0x7f0000339000-0x1000)=""/4096, &(0x7f0000000000)=0x1000) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00009f9000-0x15)='/proc/self/net/pfkey\x00', 0x28000, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000780000-0x3)={0x0, 0xffffffff}, &(0x7f000080a000)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000245000)={r2, 0x6, 0xd9, "abf2b24b3c61d898fd798f9415738d525cfbdafb475cd6122382fa3d34388e1ec8e6773fa1d3d4d50c01f99b42a62fa965f89566838f466e1015a4cd0d24cca97b50266d295199a2a9624ab725aa6bb2cd4a58e13391e4e5de39a8f2b281266f9f757b9223194f6edfe1d1920fd8f963088683e83f6624662d4f36de066f2984d570c1a722c83f53259a514da66a5ccc4bc1c2d8a9cfd5e23285844b5fe55d6115adf5d37c0becf7b3b49fcc16d7244518ab391387961715ccada59ebdffd939af1007180fd80f863e635d3abe48c9b4226f262b5e4512f90a"}, 0xe1) mbind(&(0x7f0000b60000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000061000)=0x0, 0x0, 0x0) [ 31.108059] audit: type=1400 audit(1515699165.755:13): avc: denied { dac_override } for pid=3742 comm="syz-executor0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 31.132794] audit: type=1400 audit(1515699165.771:14): avc: denied { create } for pid=3745 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 2018/01/11 19:32:45 executing program 0: mmap(&(0x7f0000000000/0xd000)=nil, 0xd000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x42001, 0x0) write(r0, &(0x7f000019a000-0x51)="a3", 0x1) writev(r0, &(0x7f0000002000)=[{&(0x7f000000c000-0x1000)="857a303677c75210670b344e4bc5992ec29e8816a6fca5285ddd32dd92d55f1fe4c2cfcf1b18154aab0c5c386fbf988d5f79479500c424ace21684aeba9e1bea8043819e6c38abb90c60b229bd09f7f2a79d56651b40340c8e36361645816a505ae847d77d75517b2675cf728f396649fd1f4e7fbf6a041bb6a17edf8c2efb539ed7615cba06b9ae6eeedcde15bbea9ae6e4cf43a9a5f23c2002fb106b0cb5ef8b285931b07b6a0221c5dca241c74abafa6b4ce87af09bd28d78c513334326c83c297c80a050b812ae09afcacd18fd3fd9d5dc9bc727ba2d1650b5139be9eff5755a233708a4b213d870dee0c4d9035016c4c3eaf87de28e63bb1f8815599e67c1eafc2ad9c0ffab20dd0592d588075f7592b6f803727041af17bf35c565acc2d503235b3e5767196395d6c69b12d2ba122448d2c2d0b17f5538edad6f6c1a95a2727e7fdac79fa64e2f3fa61c014a16e594932c06485511e1aab5a5292acd3797dc95424c7d0d4c53f1d1447f42d4bc5f58b25109cfd10a7327a7bccbc2c4b7994571fc01c7c5e81fc38eef191beb4e6187802ddb686a0f0c95b12db03f540324b8109f6daf539d2768fa6be272035cb3cbde7b44b8757ff8d191ee448f70157ef9774fcd5ab3fe86bfb6a655601c98f443f855ef27d4d56b6949490ab055a49aa153f6787e41f4e98930de3627142fd5e3821dd153546e11301fc0f988f2ca9bd3d9d3a72836ac438911835991c13bdca4bb9dc73d462db8285eec8fe1ff18ee8bcdf2effb9acbe0c4fccecd190c0574493d1f761b1d4b8ae6580823c5b1eda61f6304fb4fa59f571a18adf7e4d92b79154a5b9197dd18b1cfdfb4cde068cf9015ca0bf45958bc1c15f8016bc2588fd51ff23b3ff2a66b2986cf6319df61b97e2e28ce6a1f197d17cf60167b64502331e1da71c12574a8ffa371488e35056b92e325ed6687227770bebe6f36a732fba17a1e2cdfa2bce1d45e7e40ed4cc25e45fba25cf095339bf4c7442128aad96d34cc7837bad2766a9f049f42d550b3bb6f559fb25ba8d542c348485e04f44b3c8869e4fc9c6aba62f7e5999bebec179f582e1532993c557634eed261884443ec36e8bc53c342fbc424089d44c67f59fe6559255bed7f4ff53767f32b058d21d8edca26951aa929b01c96d898b7bc0f8160988045c4282ef6bc69c61ce12715c8b16a0a5c82dede085b76a32e07954c9b15753f231c9042fdf6b762b43cd440dd62470dce7d649b08d4db4bbe6617852e92f97b3093a60b0901004c6a75ec9974ddc600eb9f1b9e6fb5047cd08396f9f396af61b53961ccc3d83e4a8e4ad84ceb0026102c36bb9804212564e79903dfc9d736bd6aaaedef0fd3a5a2fd82c20822b7f84cac2bc29fa6c39c830fe4ec6273b3a6c97afe7fba952d2ef4b85ec09f1542f0827b1bc6b8e1d77475f99d59f86ff5", 0x401}], 0x1) mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f000000e000-0x8)='./file0\x00', 0x8000, 0x1) mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mq_notify(r1, &(0x7f000000d000)={0x0, 0x1f, 0x0, @thr={&(0x7f0000004000)="d3ff5739b3d80de97746181cb8849b1f8cd0006ac1bb1e8ae9d4670ddc463f1a443f2e56da95c37b5d7b2dd519b2d54c86dee73060215b79ec841017bb9e0efcdcd8651cceba87a8b6aafb724f84275860686f76def530b8962eac01797438d6c0d7d18f079fd760da45e34aa60735728618a59c693c3e7a011b493bb2a9f3ea847c28146cbebecae07cbbc457f1052f51e7ea24b0db375c5a3f19654e0e9d0d0d6367e77b30debb68059fb8de2f7f3fa69800430d7d2994736f4cf152ab5e5d5138447237e4af5921af55c8b0618c6462271a09c71ddd2c33b188560dc9cf4e", &(0x7f0000008000-0xa7)="469f4769258551a1bb99ffae19b950c5c4ae82f39d66e5538a8c2a38a3644117caf385a0dec7969a3e25ea763c22718a627b1d0742ddbb889f37b3b0496a5ec79147ac516f965543c285b0930e2f6abdfe30181a6fb2793d0c7cab4b057716317573207df441e9c49803fe7ff6b1110e8005c4098e43f9ebde183ccbedbbcc71b8f177156d41cf8374b26d0f4ef69a767fde7934af1bf04b9fa37819b5c10a94ffa3c109478a5a"}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f000000e000)='/proc/self/net/pfkey\x00', 0x4000, 0x0) 2018/01/11 19:32:45 executing program 0: mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f000000f000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000002000)={@generic="6b0b9e043847f41ea9367a03cbadec54", @ifru_settings={0x0, 0x100, @fr_pvc=&(0x7f000000f000)={0x8001}}}) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000005000)='/dev/ppp\x00', 0x80040, 0x0) mmap(&(0x7f0000010000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000010000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000011000-0x10)={0x0, 0x0}) write$sndseq(r0, &(0x7f000000a000-0x180)=[{0x9, 0x9, 0x8000, 0x8, @time={0x0, 0x989680}, {0x9, 0x7}, {0xf842, 0x80}, @queue={0xffffffff, {0x5, 0xfffffffffffffffc}}}, {0x5, 0x3, 0x94, 0x2, @time={0x77359400, 0x0}, {0xffffffff, 0x9}, {0x10001, 0xa23}, @control={0x8, 0x1, 0x5}}, {0x40, 0x10000, 0x3, 0xab, @time={0x77359400, 0x0}, {0x1000, 0xfff}, {0x5, 0x2}, @connect={{0x3, 0x9}, {0x5, 0xafc4}}}, {0x1, 0x3ff, 0xb4a, 0x240, @time={0x77359400, 0x0}, {0xf3, 0x4}, {0x7, 0x3}, @raw8={"cdc12761c3daa735579d47b7"}}, {0x1000, 0x7fff, 0x0, 0x8000, @time={0x0, 0x0}, {0x10000, 0xcb8}, {0x1ff, 0x401}, @quote={{0x6, 0x0}, 0xddb, &(0x7f0000011000-0x30)={0x3f, 0x20, 0x6, 0x80000000, @tick=0x3, {0xffff, 0x9}, {0x2df5aaf2, 0x1}, @addr={0x100000001, 0x4}}}}, {0x4, 0x4, 0x5, 0x6, @time={0x77359400, 0x0}, {0x0, 0x10000}, {0x2, 0x5}, @control={0x1, 0x20, 0x7}}, {0x2, 0xfffffffffffffffe, 0x10001, 0xf634, @time={r1, r2+30000000}, {0xbf2, 0xa79}, {0x6, 0xfffffffffffffffc}, @quote={{0x8000, 0x0}, 0x6, &(0x7f000000c000+0x30d)={0x0, 0x7fff, 0x314, 0x1000, @tick=0x5, {0x1829, 0xfffffffffffffffc}, {0x2, 0x7fff}, @result={0x9, 0x3}}}}, {0x0, 0x40, 0x0, 0x7, @time={0x77359400, 0x0}, {0x200, 0x9}, {0x0, 0xffffffffffffa917}, @addr={0x6, 0x8}}], 0x180) bind$inet(0xffffffffffffffff, &(0x7f0000002000)={0x2, 0xffffffffffffffff, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) ioctl$VT_WAITACTIVE(r0, 0x5607) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001000)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r3, 0x4028700f, &(0x7f0000002000-0x4)=0x0) 2018/01/11 19:32:45 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f0000fa7000-0x40)={0x1, 0x81, 0x1ff, 0x3, 0xfffffffffffffffc, 0x9, 0x7, 0xd73}, &(0x7f0000a29000-0x40)={0x5, 0x401, 0x4, 0x1, 0x2, 0x2f, 0x401, 0x3}, &(0x7f0000dca000)={0xfb5, 0x0, 0x3, 0x7, 0xf00, 0x4, 0x9, 0x200}, &(0x7f0000f58000)={0x0, 0x1c9c380}, &(0x7f0000dfb000-0x10)={&(0x7f00005c5000)={0xdf}, 0x8}) r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000044000)=0x0) clock_getres(0x0, &(0x7f0000dd6000-0x10)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, r2}, {0x0, 0x9}}, &(0x7f0000040000)={{0x0, 0x0}, {0x0, 0x0}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000589000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000fa6000-0x20)={0x0, 0x0, 0x10001, 0xfffffffffffffffc, r1}) unshare(0x400) fcntl$lock(r4, 0x7, &(0x7f0000010000)={0x0, 0x0, 0x0, 0x0, 0x0}) tkill(r1, 0x1000000000016) dup3(r3, r4, 0x0) 2018/01/11 19:32:45 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x3, 0x84) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000)=0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8d, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt(r0, 0xff, 0x4000000000007, &(0x7f000031e000)=""/0, &(0x7f0000000000)=0x0) 2018/01/11 19:32:45 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) syz_open_dev$sg(&(0x7f0000f44000)='/dev/sg#\x00', 0x8, 0x40800) bind$alg(r0, &(0x7f0000ecd000-0x58)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) poll(&(0x7f000037f000)=[{r1, 0x0, 0x0}], 0x1, 0x8) [ 31.277972] audit: type=1400 audit(1515699165.952:15): avc: denied { net_raw } for pid=3760 comm="syz-executor0" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 32.069561] ================================================================== [ 32.076964] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40 [ 32.084210] [ 32.085817] CPU: 1 PID: 3779 Comm: syz-executor1 Not tainted 4.15.0-rc7+ #257 [ 32.093059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.102394] Call Trace: [ 32.104963] dump_stack+0x194/0x257 [ 32.108566] ? arch_local_irq_restore+0x53/0x53 [ 32.113211] ? show_regs_print_info+0x18/0x18 [ 32.117678] ? __lock_is_held+0xb6/0x140 [ 32.121718] ? relay_open+0x6a1/0xa40 [ 32.125493] print_address_description+0x73/0x250 [ 32.130322] ? relay_open+0x6a1/0xa40 [ 32.134093] ? relay_open+0x6a1/0xa40 [ 32.137867] kasan_report_double_free+0x55/0x80 [ 32.142510] kasan_slab_free+0xa3/0xc0 [ 32.146373] kfree+0xd6/0x260 [ 32.149451] relay_open+0x6a1/0xa40 [ 32.153056] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 32.157874] ? __debugfs_create_file+0x2cf/0x3d0 [ 32.162610] ? debugfs_create_file+0x57/0x70 [ 32.166997] do_blk_trace_setup+0x4a4/0xcd0 [ 32.171303] ? blk_tracer_print_line+0x40/0x40 [ 32.175867] ? __might_sleep+0x95/0x190 [ 32.179829] ? kasan_check_write+0x14/0x20 [ 32.184045] ? _copy_from_user+0x99/0x110 [ 32.188170] __blk_trace_setup+0xbe/0x150 [ 32.192293] ? do_blk_trace_setup+0xcd0/0xcd0 [ 32.196780] ? disk_name+0x98/0x100 [ 32.200397] blk_trace_ioctl+0x206/0x2e0 [ 32.204435] ? blk_add_trace_rq_remap+0x680/0x680 [ 32.209263] ? avc_has_extended_perms+0x7fa/0x12c0 [ 32.214170] blkdev_ioctl+0x1845/0x1e00 [ 32.218121] ? blkpg_ioctl+0xb40/0xb40 [ 32.221984] ? avc_ss_reset+0x110/0x110 [ 32.225942] ? lock_downgrade+0x980/0x980 [ 32.230078] ? lock_release+0xa40/0xa40 [ 32.234033] ? __lock_is_held+0xb6/0x140 [ 32.238099] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 32.243973] ? get_unused_fd_flags+0x190/0x190 [ 32.248550] ? rcu_note_context_switch+0x710/0x710 [ 32.253459] block_ioctl+0xde/0x120 [ 32.257061] ? blkdev_fallocate+0x3b0/0x3b0 [ 32.261363] do_vfs_ioctl+0x1b1/0x1520 [ 32.265223] ? _cond_resched+0x14/0x30 [ 32.269089] ? ioctl_preallocate+0x2b0/0x2b0 [ 32.273472] ? selinux_capable+0x40/0x40 [ 32.277525] ? SyS_futex+0x269/0x390 [ 32.281234] ? security_file_ioctl+0x89/0xb0 [ 32.285618] SyS_ioctl+0x8f/0xc0 [ 32.288965] entry_SYSCALL_64_fastpath+0x23/0x9a [ 32.293702] RIP: 0033:0x452ac9 [ 32.296869] RSP: 002b:00007f6f4e46ec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 32.304810] RAX: ffffffffffffffda RBX: 00007f6f4e46f700 RCX: 0000000000452ac9 [ 32.312053] RDX: 0000000020beaf68 RSI: 00000000c0481273 RDI: 0000000000000015 [ 32.319294] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 32.326560] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 32.333810] R13: 0000000000a2f7ef R14: 00007f6f4e46f9c0 R15: 0000000000000000 [ 32.341072] [ 32.342692] Allocated by task 3779: [ 32.346294] save_stack+0x43/0xd0 [ 32.349718] kasan_kmalloc+0xad/0xe0 [ 32.353409] kmem_cache_alloc_trace+0x136/0x750 [ 32.358046] relay_open+0xf2/0xa40 [ 32.361565] do_blk_trace_setup+0x4a4/0xcd0 [ 32.365856] __blk_trace_setup+0xbe/0x150 [ 32.369975] blk_trace_ioctl+0x206/0x2e0 [ 32.374022] blkdev_ioctl+0x1845/0x1e00 [ 32.377969] block_ioctl+0xde/0x120 [ 32.381580] do_vfs_ioctl+0x1b1/0x1520 [ 32.385437] SyS_ioctl+0x8f/0xc0 [ 32.388777] entry_SYSCALL_64_fastpath+0x23/0x9a [ 32.393604] [ 32.395204] Freed by task 3779: [ 32.398457] save_stack+0x43/0xd0 [ 32.402063] kasan_slab_free+0x71/0xc0 [ 32.405921] kfree+0xd6/0x260 [ 32.408997] relay_open+0x84a/0xa40 [ 32.412599] do_blk_trace_setup+0x4a4/0xcd0 [ 32.416892] __blk_trace_setup+0xbe/0x150 [ 32.421030] blk_trace_ioctl+0x206/0x2e0 [ 32.425062] blkdev_ioctl+0x1845/0x1e00 [ 32.429010] block_ioctl+0xde/0x120 [ 32.432610] do_vfs_ioctl+0x1b1/0x1520 [ 32.436469] SyS_ioctl+0x8f/0xc0 [ 32.439808] entry_SYSCALL_64_fastpath+0x23/0x9a [ 32.444532] [ 32.446131] The buggy address belongs to the object at ffff8801bc8c9800 [ 32.446131] which belongs to the cache kmalloc-512 of size 512 [ 32.458766] The buggy address is located 0 bytes inside of [ 32.458766] 512-byte region [ffff8801bc8c9800, ffff8801bc8c9a00) [ 32.470445] The buggy address belongs to the page: [ 32.475346] page:ffffea0006f23240 count:1 mapcount:0 mapping:ffff8801bc8c9080 index:0x0 [ 32.483481] flags: 0x2fffc0000000100(slab) [ 32.487692] raw: 02fffc0000000100 ffff8801bc8c9080 0000000000000000 0000000100000006 [ 32.495544] raw: ffffea000767ff60 ffff8801dac01748 ffff8801dac00940 0000000000000000 [ 32.503395] page dumped because: kasan: bad access detected [ 32.509072] [ 32.510694] Memory state around the buggy address: [ 32.515601] ffff8801bc8c9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.522932] ffff8801bc8c9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.530263] >ffff8801bc8c9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.537599] ^ [ 32.540936] ffff8801bc8c9880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.548268] ffff8801bc8c9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.555599] ================================================================== [ 32.562927] Disabling lock debugging due to kernel taint [ 32.568354] Kernel panic - not syncing: panic_on_warn set ... [ 32.568354] [ 32.575689] CPU: 1 PID: 3779 Comm: syz-executor1 Tainted: G B 4.15.0-rc7+ #257 [ 32.584247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.593666] Call Trace: [ 32.596231] dump_stack+0x194/0x257 [ 32.599832] ? arch_local_irq_restore+0x53/0x53 [ 32.604474] ? kasan_end_report+0x32/0x50 [ 32.608596] ? lock_downgrade+0x980/0x980 [ 32.612723] ? vsnprintf+0x1ed/0x1900 [ 32.616497] panic+0x1e4/0x41c [ 32.619670] ? refcount_error_report+0x214/0x214 [ 32.624407] ? add_taint+0x40/0x50 [ 32.627920] ? add_taint+0x1c/0x50 [ 32.631436] ? relay_open+0x6a1/0xa40 [ 32.635207] ? relay_open+0x6a1/0xa40 [ 32.638987] kasan_end_report+0x50/0x50 [ 32.642934] kasan_report_double_free+0x72/0x80 [ 32.647574] kasan_slab_free+0xa3/0xc0 [ 32.651435] kfree+0xd6/0x260 [ 32.654513] relay_open+0x6a1/0xa40 [ 32.658115] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 32.662931] ? __debugfs_create_file+0x2cf/0x3d0 [ 32.667661] ? debugfs_create_file+0x57/0x70 [ 32.672043] do_blk_trace_setup+0x4a4/0xcd0 [ 32.676339] ? blk_tracer_print_line+0x40/0x40 [ 32.680899] ? __might_sleep+0x95/0x190 [ 32.684849] ? kasan_check_write+0x14/0x20 [ 32.689056] ? _copy_from_user+0x99/0x110 [ 32.693178] __blk_trace_setup+0xbe/0x150 [ 32.697300] ? do_blk_trace_setup+0xcd0/0xcd0 [ 32.701768] ? disk_name+0x98/0x100 [ 32.705369] blk_trace_ioctl+0x206/0x2e0 [ 32.709405] ? blk_add_trace_rq_remap+0x680/0x680 [ 32.714224] ? avc_has_extended_perms+0x7fa/0x12c0 [ 32.719125] blkdev_ioctl+0x1845/0x1e00 [ 32.723071] ? blkpg_ioctl+0xb40/0xb40 [ 32.726939] ? avc_ss_reset+0x110/0x110 [ 32.730886] ? lock_downgrade+0x980/0x980 [ 32.735017] ? lock_release+0xa40/0xa40 [ 32.738963] ? __lock_is_held+0xb6/0x140 [ 32.743016] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 32.748874] ? get_unused_fd_flags+0x190/0x190 [ 32.753429] ? rcu_note_context_switch+0x710/0x710 [ 32.758331] block_ioctl+0xde/0x120 [ 32.761932] ? blkdev_fallocate+0x3b0/0x3b0 [ 32.766227] do_vfs_ioctl+0x1b1/0x1520 [ 32.770087] ? _cond_resched+0x14/0x30 [ 32.773949] ? ioctl_preallocate+0x2b0/0x2b0 [ 32.778331] ? selinux_capable+0x40/0x40 [ 32.782367] ? SyS_futex+0x269/0x390 [ 32.786060] ? security_file_ioctl+0x89/0xb0 [ 32.790441] SyS_ioctl+0x8f/0xc0 [ 32.793786] entry_SYSCALL_64_fastpath+0x23/0x9a [ 32.798512] RIP: 0033:0x452ac9 [ 32.801678] RSP: 002b:00007f6f4e46ec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 32.809369] RAX: ffffffffffffffda RBX: 00007f6f4e46f700 RCX: 0000000000452ac9 [ 32.816617] RDX: 0000000020beaf68 RSI: 00000000c0481273 RDI: 0000000000000015 [ 32.823858] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 32.831099] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 [ 32.838341] R13: 0000000000a2f7ef R14: 00007f6f4e46f9c0 R15: 0000000000000000 [ 32.846099] Dumping ftrace buffer: [ 32.849629] (ftrace buffer empty) [ 32.853308] Kernel Offset: disabled [ 32.856906] Rebooting in 86400 seconds..