[....] Starting enhanced syslogd: rsyslogd[   12.502454] audit: type=1400 audit(1516092770.471:5): avc:  denied  { syslog } for  pid=3505 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.147128] audit: type=1400 audit(1516092777.115:6): avc:  denied  { map } for  pid=3644 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.217' (ECDSA) to the list of known hosts.
2018/01/16 08:53:03 fuzzer started
[   25.356375] audit: type=1400 audit(1516092783.325:7): avc:  denied  { map } for  pid=3655 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/01/16 08:53:03 dialing manager at 10.128.0.26:45947
[   28.689941] can: request_module (can-proto-0) failed.
[   28.700345] can: request_module (can-proto-0) failed.
2018/01/16 08:53:07 kcov=true, comps=true
[   29.202710] audit: type=1400 audit(1516092787.171:8): avc:  denied  { map } for  pid=3655 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=8844 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2018/01/16 08:53:08 executing program 7:
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
bind$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, {0x4, 0x8b, 0x0, 0x2, 0x8, 0x0}, 0x8}, 0x9)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000001000)={r0, r0})
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000001000-0x4)=0x0, 0x4)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$sock_proto_private(r0, 0x89e0, &(0x7f0000002000)="7c111ff5a062efba5a8f34116e1909c3109c22f838ffdb32fa38cb23eca580809119d0573aa0470acc1e0f335b6e31da20775f7e6128ede6d06077f183fb3482c688be38dce1bf50d9dd802f3deeb5dc3125d8b91157ae9b3196ddc1c022d2aab9c790f336a5bdf81d8c99b3559add59ffd2edc9bae6fd4f512f6b777ce53ccf735d2e410f08ed92c481287a8538373f2bca")
mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000002000)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000003000)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000003000-0x4)=[0x0], &(0x7f0000003000-0x10)=[0x0, 0x0, 0x0, 0x0], 0x7, 0x4, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000005000-0x30)=[{&(0x7f0000004000)=""/133, 0x85}, {&(0x7f0000004000-0xf2)=""/242, 0xf2}, {&(0x7f0000004000)=""/168, 0xa8}], 0x3, 0x0)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000006000-0xa0)={<r1=>0x0, @in={{0x2, 0x1, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x55f1, 0x4, 0x1, 0x3, 0x2}, &(0x7f0000001000)=0xa0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000005000-0x20)={0x0, 0x0, 0x800c, 0xe0, 0x6, 0x3ff, 0x1, 0xfffffffffffeffff, r1}, &(0x7f0000003000)=0x20)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000002000-0x4)=0x3ff, 0x4)
mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000007000-0x4)=0x0, &(0x7f0000004000-0x4)=0x4)
accept$inet6(r0, 0x0, &(0x7f0000005000)=0x0)
ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f0000006000)={0x0, 0x7fffffff})
mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000008000-0xe8)={{{@in6=@loopback={0x0, 0x0}, @in=@broadcast=0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in=@remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0}, 0x0, @in=@rand_addr=0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000005000)=0xe8)
mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
getresuid(&(0x7f0000003000)=<r3=>0x0, &(0x7f0000007000)=0x0, &(0x7f0000007000)=0x0)
setreuid(r2, r3)
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000001000)='/selinux/context\x00', 0x2, 0x0)
r4 = gettid()
mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
get_robust_list(r4, &(0x7f0000008000)=&(0x7f0000009000-0x18)={&(0x7f0000000000/0x1000)=nil, 0x0, &(0x7f0000000000/0x1000)=nil}, &(0x7f0000009000-0x8)=0x18)

2018/01/16 08:53:08 executing program 3:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000a60000)='ramfs\x00', 0x0, &(0x7f00008a7000)="")
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000d9b000)={0x0, &(0x7f0000abd000)=[]})
umount2(&(0x7f0000efc000-0x1)='.', 0x4)
umount2(&(0x7f00008c8000)='.', 0xc)
stat(&(0x7f00005bc000)='.', &(0x7f000003d000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2018/01/16 08:53:08 executing program 0:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0)
read(r0, &(0x7f0000fb6000)=""/28, 0x1c)
r1 = getpid()
sched_setaffinity(r1, 0x8, &(0x7f0000cb2000-0x8)=0x5)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000419000-0xb0)={{0x80, 0x0}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef2013eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800ffff0000000000009fb42f37658970182", 0xa9824f69d1376637, 0x10800a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00001a0000-0x17)={0xc1, @time={0x0, 0x989680}, 0x0, {0x0, 0x0}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000732000-0x58)={0x0, 0x0, 0x80, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000c63000-0x5c)={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000dcd000)='/dev/sequencer2\x00', 0x0, 0x0)

2018/01/16 08:53:09 executing program 1:
sendmsg$key(0xffffffffffffffff, &(0x7f0000ed7000-0x38)={0x0, 0x0, &(0x7f0000aaf000)={&(0x7f00009bf000)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, []}, 0x10}, 0x1, 0x0, 0x0, 0x0}, 0x0)
sync()

2018/01/16 08:53:09 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00001de000)={0xa, 0x3, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @remote={0xac, 0x14, 0x0, 0xbb}}, 0x0}, 0x1c)
sendto$inet6(r0, &(0x7f0000f6f000)="", 0x0, 0x20000004, &(0x7f0000cc8000-0x1c)={0xa, 0x2, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c)

2018/01/16 08:53:09 executing program 4:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$loop(&(0x7f00002a0000)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000beb000-0x98)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000001001bf3ff000000006500ff00010000007db0e6f10efbf9a219d8f6aa6bd58d1c43473100e85026e7ff40f9b55bd1b3335d5bffff0001f3", "cfa40005000000f7ffffffff00000000000000ffb833220182ab867d00", [0x0, 0x0], 0x0})
sendto$inet6(0xffffffffffffffff, &(0x7f0000fac000-0xf)="", 0x0, 0x0, &(0x7f00006e5000-0x1c)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c)

2018/01/16 08:53:09 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000438000-0x90)={[0xfffffffffffffff8, 0x1, 0x0, 0x0, 0x103, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000005000)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f0000016000-0x10)={&(0x7f000000f000-0xd8)={0x18, 0x21, 0xaff, 0xffffffffffffffff, 0xffffffffffffffff, {0x0, 0x0, 0x0}, [@nested={0x4, 0x0, []}]}, 0x18}, 0x1, 0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000001000)={0x10005, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SMI(r2, 0xaeb7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000a81000-0xa)='/dev/ptmx\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

2018/01/16 08:53:09 executing program 6:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
timer_create(0x2, &(0x7f0000273000)={0x0, 0x36, 0x1, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000a71000)=0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f00002af000-0x20)={@common='ifb0\x00', @ifru_addrs={0x2, 0x3, @rand_addr=0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}})
timer_create(0x0, &(0x7f0000c8c000)={0x0, 0x1d, 0x4, @tid=0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00001e8000)=0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000ff2000-0xb)='/dev/mixer\x00', 0x10d402, 0x0)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00008c9000-0x4)=0x9, 0x4)
ioctl$sock_ipx_SIOCGIFADDR(r1, 0x8915, &(0x7f0000dfd000)={"0282b3f73a0900000000000000da6bea", {0x4, 0x9, 0x8, "a29fa8ff976b", 0xf8, 0x0}})
timer_create(0x1, &(0x7f0000abe000-0x60)={0x0, 0x1e, 0x0, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000db4000-0x4)=<r2=>0x0)
timer_gettime(r2, &(0x7f00007a1000)={{0x0, 0x0}, {0x0, 0x0}})
ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f00000ac000-0x4)=0x9)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00004c7000-0x4)=0x5, 0x4)
getsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000a4e000-0x10)={0x0, 0x0}, &(0x7f0000bb0000)=0x10)
ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f000096c000-0x4)=0x0)
mlock(&(0x7f000044e000/0x2000)=nil, 0x2000)
r3 = dup(r0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000163000)='/dev/ppp\x00', 0x101000, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x20000000000002, &(0x7f00007b1000)=0x81, 0x4)
r5 = semget$private(0x0, 0x4, 0x300)
semctl$GETPID(r5, 0x4, 0xb, &(0x7f0000ec2000-0xe6)=""/230)
bind$inet6(r0, &(0x7f0000fa1000-0x1c)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c)
sendto$inet6(r0, &(0x7f0000e78000-0x1)="", 0x0, 0x20000008, &(0x7f00008d5000-0x1c)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c)
ioctl$TIOCCONS(r1, 0x541d)
getsockopt$inet6_tcp_buf(r4, 0x6, 0x1d, &(0x7f0000001000)=""/4096, &(0x7f0000b1c000-0x4)=0x1000)
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0x7fff)
sendfile(r3, r6, &(0x7f0000d84000-0x8)=0x0, 0x8000fffffffe)

[   31.003250] audit: type=1400 audit(1516092788.972:9): avc:  denied  { map } for  pid=3655 comm="syz-fuzzer" path="/root/syzkaller-shm361797647" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   31.836966] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   32.134221] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   32.512244] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   32.974896] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   33.187323] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   33.320141] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   33.543812] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   33.563074] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   34.547656] audit: type=1400 audit(1516092792.515:10): avc:  denied  { sys_admin } for  pid=3699 comm="syz-executor7" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   34.640282] audit: type=1400 audit(1516092792.545:11): avc:  denied  { sys_chroot } for  pid=4482 comm="syz-executor7" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   35.667678] audit: type=1400 audit(1516092793.636:12): avc:  denied  { net_admin } for  pid=4736 comm="syz-executor6" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   35.704006] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
[   35.727906] audit: type=1400 audit(1516092793.696:13): avc:  denied  { dac_override } for  pid=4736 comm="syz-executor6" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   35.764091] ==================================================================
[   35.771496] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40
[   35.778751] 
[   35.780375] CPU: 1 PID: 4749 Comm: syz-executor4 Not tainted 4.15.0-rc8+ #263
[   35.787637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.796970] Call Trace:
[   35.799542]  dump_stack+0x194/0x257
[   35.803153]  ? arch_local_irq_restore+0x53/0x53
[   35.807808]  ? show_regs_print_info+0x18/0x18
[   35.812276]  ? __lock_is_held+0xb6/0x140
[   35.816333]  ? relay_open+0x6a1/0xa40
[   35.820110]  print_address_description+0x73/0x250
[   35.824936]  ? relay_open+0x6a1/0xa40
[   35.828709]  ? relay_open+0x6a1/0xa40
[   35.832919]  kasan_report_double_free+0x55/0x80
[   35.837568]  kasan_slab_free+0xa3/0xc0
[   35.841440]  kfree+0xd6/0x260
[   35.844524]  relay_open+0x6a1/0xa40
[   35.848130]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   35.853039]  ? __debugfs_create_file+0x2cf/0x3d0
[   35.858558]  ? debugfs_create_file+0x57/0x70
[   35.862951]  do_blk_trace_setup+0x4a4/0xcd0
[   35.867267]  ? blk_tracer_print_line+0x40/0x40
[   35.871829]  ? __might_sleep+0x95/0x190
[   35.875786]  ? kasan_check_write+0x14/0x20
[   35.880000]  ? _copy_from_user+0x99/0x110
[   35.884133]  __blk_trace_setup+0xbe/0x150
[   35.888273]  ? do_blk_trace_setup+0xcd0/0xcd0
[   35.892752]  ? disk_name+0x98/0x100
[   35.896364]  blk_trace_ioctl+0x206/0x2e0
[   35.900417]  ? blk_add_trace_rq_remap+0x680/0x680
[   35.905245]  ? avc_has_extended_perms+0x7fa/0x12c0
[   35.910156]  blkdev_ioctl+0x1845/0x1e00
[   35.914112]  ? blkpg_ioctl+0xb40/0xb40
[   35.918583]  ? avc_ss_reset+0x110/0x110
[   35.922534]  ? lock_downgrade+0x980/0x980
[   35.926686]  ? lock_release+0xa40/0xa40
[   35.931615]  ? __lock_is_held+0xb6/0x140
[   35.937509]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   35.945712]  ? up_read+0x1a/0x40
[   35.950017]  ? rcu_note_context_switch+0x710/0x710
[   35.955973]  block_ioctl+0xde/0x120
[   35.959577]  ? blkdev_fallocate+0x3b0/0x3b0
[   35.963874]  do_vfs_ioctl+0x1b1/0x1520
[   35.967734]  ? _cond_resched+0x14/0x30
[   35.971625]  ? ioctl_preallocate+0x2b0/0x2b0
[   35.976017]  ? selinux_capable+0x40/0x40
[   35.980063]  ? SyS_futex+0x269/0x390
[   35.983778]  ? security_file_ioctl+0x89/0xb0
[   35.988168]  SyS_ioctl+0x8f/0xc0
[   35.991516]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   35.996246] RIP: 0033:0x452df9
[   35.999499] RSP: 002b:00007f21f44d9c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
[   36.007181] RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452df9
[   36.014425] RDX: 0000000020beaf68 RSI: 00000000c0481273 RDI: 0000000000000014
[   36.021676] RBP: 00000000000005ee R08: 0000000000000000 R09: 0000000000000000
[   36.028930] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6ef0
[   36.036174] R13: 00000000ffffffff R14: 00007f21f44da6d4 R15: 0000000000000002
[   36.043438] 
[   36.045041] Allocated by task 4749:
[   36.048647]  save_stack+0x43/0xd0
[   36.052074]  kasan_kmalloc+0xad/0xe0
[   36.056291]  kmem_cache_alloc_trace+0x136/0x750
[   36.060932]  relay_open+0xf2/0xa40
[   36.064463]  do_blk_trace_setup+0x4a4/0xcd0
[   36.068759]  __blk_trace_setup+0xbe/0x150
[   36.072889]  blk_trace_ioctl+0x206/0x2e0
[   36.076934]  blkdev_ioctl+0x1845/0x1e00
[   36.080882]  block_ioctl+0xde/0x120
[   36.084482]  do_vfs_ioctl+0x1b1/0x1520
[   36.088341]  SyS_ioctl+0x8f/0xc0
[   36.091684]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   36.096410] 
[   36.098016] Freed by task 4749:
[   36.101271]  save_stack+0x43/0xd0
[   36.104704]  kasan_slab_free+0x71/0xc0
[   36.108579]  kfree+0xd6/0x260
[   36.111668]  relay_open+0x84a/0xa40
[   36.115272]  do_blk_trace_setup+0x4a4/0xcd0
[   36.119580]  __blk_trace_setup+0xbe/0x150
[   36.123710]  blk_trace_ioctl+0x206/0x2e0
[   36.129569]  blkdev_ioctl+0x1845/0x1e00
[   36.135020]  block_ioctl+0xde/0x120
[   36.138623]  do_vfs_ioctl+0x1b1/0x1520
[   36.142490]  SyS_ioctl+0x8f/0xc0
[   36.145831]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   36.150558] 
[   36.152159] The buggy address belongs to the object at ffff8801c139fcc0
[   36.152159]  which belongs to the cache kmalloc-512 of size 512
[   36.164789] The buggy address is located 0 bytes inside of
[   36.164789]  512-byte region [ffff8801c139fcc0, ffff8801c139fec0)
[   36.176461] The buggy address belongs to the page:
[   36.181365] page:ffffea000704e7c0 count:1 mapcount:0 mapping:ffff8801c139f040 index:0x0
[   36.189484] flags: 0x2fffc0000000100(slab)
[   36.193699] raw: 02fffc0000000100 ffff8801c139f040 0000000000000000 0000000100000006
[   36.201558] raw: ffffea00070415a0 ffffea00070477e0 ffff8801dac00940 0000000000000000
[   36.209414] page dumped because: kasan: bad access detected
[   36.215094] 
[   36.216694] Memory state around the buggy address:
[   36.221596]  ffff8801c139fb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.228934]  ffff8801c139fc00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   36.236266] >ffff8801c139fc80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   36.243598]                                            ^
[   36.249024]  ffff8801c139fd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.256357]  ffff8801c139fd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.263688] ==================================================================
[   36.271020] Disabling lock debugging due to kernel taint
[   36.276453] Kernel panic - not syncing: panic_on_warn set ...
[   36.276453] 
[   36.283792] CPU: 1 PID: 4749 Comm: syz-executor4 Tainted: G    B            4.15.0-rc8+ #263
[   36.292339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.301673] Call Trace:
[   36.304241]  dump_stack+0x194/0x257
[   36.307847]  ? arch_local_irq_restore+0x53/0x53
[   36.312488]  ? kasan_end_report+0x32/0x50
[   36.316613]  ? lock_downgrade+0x980/0x980
[   36.320751]  ? vsnprintf+0x1ed/0x1900
[   36.324528]  panic+0x1e4/0x41c
[   36.327696]  ? refcount_error_report+0x214/0x214
[   36.332431]  ? add_taint+0x40/0x50
[   36.335942]  ? add_taint+0x1c/0x50
[   36.339457]  ? relay_open+0x6a1/0xa40
[   36.343231]  ? relay_open+0x6a1/0xa40
[   36.347008]  kasan_end_report+0x50/0x50
[   36.350962]  kasan_report_double_free+0x72/0x80
[   36.355632]  kasan_slab_free+0xa3/0xc0
[   36.359496]  kfree+0xd6/0x260
[   36.362581]  relay_open+0x6a1/0xa40
[   36.366187]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   36.371006]  ? __debugfs_create_file+0x2cf/0x3d0
[   36.377132]  ? debugfs_create_file+0x57/0x70
[   36.381521]  do_blk_trace_setup+0x4a4/0xcd0
[   36.385821]  ? blk_tracer_print_line+0x40/0x40
[   36.390392]  ? __might_sleep+0x95/0x190
[   36.394346]  ? kasan_check_write+0x14/0x20
[   36.398558]  ? _copy_from_user+0x99/0x110
[   36.402689]  __blk_trace_setup+0xbe/0x150
[   36.406823]  ? do_blk_trace_setup+0xcd0/0xcd0
[   36.411297]  ? disk_name+0x98/0x100
[   36.414903]  blk_trace_ioctl+0x206/0x2e0
[   36.418941]  ? blk_add_trace_rq_remap+0x680/0x680
[   36.423764]  ? avc_has_extended_perms+0x7fa/0x12c0
[   36.428677]  blkdev_ioctl+0x1845/0x1e00
[   36.432625]  ? blkpg_ioctl+0xb40/0xb40
[   36.436486]  ? avc_ss_reset+0x110/0x110
[   36.440436]  ? lock_downgrade+0x980/0x980
[   36.444564]  ? lock_release+0xa40/0xa40
[   36.448514]  ? __lock_is_held+0xb6/0x140
[   36.452567]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   36.458423]  ? up_read+0x1a/0x40
[   36.461767]  ? rcu_note_context_switch+0x710/0x710
[   36.466676]  block_ioctl+0xde/0x120
[   36.470281]  ? blkdev_fallocate+0x3b0/0x3b0
[   36.474577]  do_vfs_ioctl+0x1b1/0x1520
[   36.478439]  ? _cond_resched+0x14/0x30
[   36.482305]  ? ioctl_preallocate+0x2b0/0x2b0
[   36.486702]  ? selinux_capable+0x40/0x40
[   36.490741]  ? SyS_futex+0x269/0x390
[   36.494437]  ? security_file_ioctl+0x89/0xb0
[   36.498823]  SyS_ioctl+0x8f/0xc0
[   36.502691]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   36.507419] RIP: 0033:0x452df9
[   36.510581] RSP: 002b:00007f21f44d9c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
[   36.518275] RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452df9
[   36.525520] RDX: 0000000020beaf68 RSI: 00000000c0481273 RDI: 0000000000000014
[   36.532763] RBP: 00000000000005ee R08: 0000000000000000 R09: 0000000000000000
[   36.540022] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6ef0
[   36.547266] R13: 00000000ffffffff R14: 00007f21f44da6d4 R15: 0000000000000002
[   36.555035] Dumping ftrace buffer:
[   36.558549]    (ftrace buffer empty)
[   36.562230] Kernel Offset: disabled
[   36.565841] Rebooting in 86400 seconds..