[....] Starting enhanced syslogd: rsyslogd[ 10.421453] audit: type=1400 audit(1514551194.537:5): avc: denied { syslog } for pid=2994 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.999626] audit: type=1400 audit(1514551200.115:6): avc: denied { map } for pid=3134 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. 2017/12/29 12:40:06 fuzzer started [ 22.133404] audit: type=1400 audit(1514551206.249:7): avc: denied { map } for pid=3145 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2017/12/29 12:40:06 dialing manager at 10.128.0.26:46011 2017/12/29 12:40:09 kcov=true, comps=true [ 25.721519] audit: type=1400 audit(1514551209.837:8): avc: denied { map } for pid=3145 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=8887 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2017/12/29 12:40:11 executing program 7: 2017/12/29 12:40:11 executing program 3: 2017/12/29 12:40:11 executing program 4: 2017/12/29 12:40:11 executing program 0: 2017/12/29 12:40:11 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000-0x18)={0xaa, 0x0, 0x0}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000-0x20)={{&(0x7f0000012000/0x1000)=nil, 0x1000}, 0x1, 0x0}) r1 = socket$inet6_sctp(0xa, 0x800000005, 0x84) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000012000)=[@in={0x2, 0x0, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}], 0x10) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000004000-0x10)={&(0x7f0000012000/0x1000)=nil, 0x1000}) close(r0) 2017/12/29 12:40:11 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b4d000-0x30)={0x1, 0x2, &(0x7f0000ef3000)=[@generic={0x8db7, 0x0, 0x0, 0x0}, @generic={0xd395, 0x0, 0x0, 0x0}], &(0x7f0000cce000-0x6)='syseO\x00', 0x1, 0x80, &(0x7f000000a000)=""/128, 0x0, 0x0}, 0x30) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendto$inet6(r2, &(0x7f00000aa000-0xe5)="", 0x0, 0xc805, &(0x7f0000681000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000db7000-0x8)={r2, r0}) sendmmsg(r1, &(0x7f0000e84000-0x3c)=[{{0x0, 0x0, &(0x7f000036d000)=[{&(0x7f00008e7000)="ca", 0x1}], 0x1, &(0x7f00000d9000)=[], 0x0, 0x0}, 0x0}], 0x1, 0x0) 2017/12/29 12:40:11 executing program 5: unshare(0x8000400) mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x4, 0x40000000000031, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000fd5000-0x6)=0x0, &(0x7f000053b000-0x4)=0x8) 2017/12/29 12:40:11 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) unshare(0x28060400) mkdir(&(0x7f000045a000-0x8)='./file0\x00', 0x0) mount(&(0x7f0000213000-0x8)='./file0\x00', &(0x7f000078f000-0x8)='./file0\x00', &(0x7f0000983000-0x7)='mqueue\x00', 0x0, &(0x7f0000654000-0x1)="") r0 = creat(&(0x7f0000016000-0xc)='./file0/bus\x00', 0x0) mq_notify(r0, &(0x7f0000478000-0x60)={0x0, 0x0, 0x0, @thr={&(0x7f0000bc8000)="", &(0x7f0000cf3000)=""}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mq_notify(r0, &(0x7f0000da1000)={0x0, 0x0, 0x0, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 28.407408] audit: type=1400 audit(1514551212.523:9): avc: denied { sys_admin } for pid=3190 comm="syz-executor3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.549601] audit: type=1400 audit(1514551212.665:10): avc: denied { sys_chroot } for pid=3351 comm="syz-executor3" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/29 12:40:12 executing program 3: mmap(&(0x7f0000001000/0xdc2000)=nil, 0xdc2000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xca5000)=nil, 0xca5000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000003000-0x1e)="441f1a76ffda1bd9e41b665bdb5c5c000b655b1304634ca60d3712a1d5", 0x1d) r1 = socket(0x10, 0x802, 0x0) write(r1, &(0x7f000088a000-0x23)="2200000019000704009433280900040002000000000000000000000006001580a427", 0x22) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendmmsg$alg(r1, &(0x7f0000000000)=[{0x0, 0x0, &(0x7f0000c7f000-0x20)=[{&(0x7f00005a9000-0x5f)="53a9f76ce2b2705a084fcb5d699d0bfd8d83a578543f2648163904c833fa9dd368b4e767410398ea9a73f209c141cec31752fe729d96e8aeb1fe30bedb42fcf1a30ee4cb653fc7d7d2f03ef363a4ecd2d0742928ddb4151db0cce3a0a8d677", 0x5f}, {&(0x7f0000b64000-0x83)="bd710ecc54473359344a9423ca2d43cbbd0cee33633c64a2055f8fa5e562705ec17ba71d5dce7022c51de064696c17df12d89c37a40d438e40ad40e7a8c4a4a4dfdacf78343d153264bc622ec9876685cc7caf0de6b294dc1652b96407b1f95bb7b6d5be5496145bb62194de12367d8b665057815925cd565a60c4b564db1922dc0268", 0x83}], 0x2, &(0x7f0000000000)=[@iv={0x48, 0x117, 0x2, 0x2f, "c01048853ba7b72220e3734621659cf8fb9a039a0d37dc5167a8e6d38dfe3d786ed1c0215cd324aa0f1c7c651837e7"}, @op={0x18, 0x117, 0x3, 0x0}, @op={0x18, 0x117, 0x3, 0x0}, @assoc={0x18, 0x117, 0x4, 0x3}, @assoc={0x18, 0x117, 0x4, 0x26}], 0xa8, 0x84}, {0x0, 0x0, &(0x7f0000001000-0x10)=[{&(0x7f00008ae000)="fe5f44116eb46966", 0x8}], 0x1, &(0x7f0000001000-0xa8)=[@iv={0xa8, 0x117, 0x2, 0x93, "d5d33ecf6f872a345abdd06eebcb462bbb5d7e20d97cc39452998d98dbc14865fb1ec0fbfdae34f70fd023b1fbe51aed9ac1fe3d0cc446b0f261e7a3003727f7a42d343683a2f4c6c19379a25d23159c889ab73daa262c7e811c81260f73e149cecc5dc22b1047dfb476c8abf27180543298c8d90659314f71379d5a79b8335762bdc0cb89e76edf96f54fcdf5f8de32c2eb50"}], 0xa8, 0x0}, {0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001000-0x64)="5b98999c9cac2634d21d28ada14f603a96d77452da82c106d245e50964a8fc7fc0652e41a8687bff1f7c4450ab6898940f6d918fcfea1acca5c545003ca803292e441ef35b4df147a4f5c53a9c0fa7840926af85b0e79c8d9a13be3986e8e41c3493f9af", 0x64}, {&(0x7f000056b000-0x9d)="a341fb0e14aa8a312c5ac20430db8e9acdf0c83f584a5413632086520373b725a2afbd312501418042034cfee5b833ed067075c5d2e875af6e83b0d54973fc6ecba089ade305f587cb9d66bf7bff2574760698b39463edcb8601c9b1a64b83214ace03f5c18e468e0af79ebadc98b10a5e6a7b29489992d8363c3e6021cc2b166afb36af01dd83bde916f4d20ada1e99fa0a34fc765ab8390dd8f00b5f", 0x9d}, {&(0x7f00009b6000-0xe9)="6e36a2df29ff3d78776b245b72e74f8d6a037e2ac1fc5c41ce8a90a7b96721fc5b1e0d0330bac0e6f77e26cf9634d7fb724046aacb8cf9f7df276c74f1721b9f61005d68044766fbf5c41d50fb5d54a7c65ddce32a48556f95f96dd7355236df1cf92e0681d08bf5491bfcbd317af5a9a4f5e838896fa5c894c5523861be7800e4bbbd638cfa6543e88fea2426594a720f439f6843eed76e6d2d1348fccd9d24c476a6f1740eb2951f8ab2d9871d9a55e18e1ec56d975f723afe4b6fac9fab615583024eb912b1bc2730c724ffe5de219c83596a07d770f2bd7ad795603e55794c4cfa9478f223d700", 0xe9}, {&(0x7f0000d84000)="ed9896a5ddbae4e1bb2107405ec18dc1cbc77619b7dc4fa9618b", 0x1a}, {&(0x7f0000001000-0xb1)="b3a906f05db1530a490b44d42e506cbac7040333af709b41508fd996649600eab79333f97886bb631123a3b849b0b705146df0c20d3ca3a9bfbbe22f9f5d0d9a33125a9865b8009de402a71cf9ef6d230bf5f7279773ba9f9a30f25600401c1a5b9b871978ef6cb011345dc41b1c3a75cba0123d89f7a51afe75b3ae91f7fea6bfb4a8e8e5eba7aaeec190dad78f1aec93e682b6c8a88ef373885509baad5cbb06230ca992da846dbdcaf7cf83507dc919", 0xb1}, {&(0x7f0000000000)="f2c85a64a2158ce53c9d67ebb9a0d716b2d99903bf9be8ecc7afa310469ec4daad0b236ed875adc59bd0b41b4b34c2a902fca3f920735bcca490e7c7d19d8c2ca9574aa037212cb5d4c72574602b63", 0x4f}], 0x6, &(0x7f0000001000-0x78)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x64e1}, @assoc={0x18, 0x117, 0x4, 0x0}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x0}], 0x78, 0x24000800}, {0x0, 0x0, &(0x7f0000149000)=[{&(0x7f00002fb000)="58e42d7ed6e2aac13911e44a7a47497c9acb1b052423923583a149fc778eb83d165b6ecc786bd7bdb076f87551586f17e069bb82feb9a73e16b7b9951ca9a92c9709b38494b15111703de059e754849f12dd9c1f2282691a4620b50550e9330ea5e385ae2ad2ec6e9359435f99f2f1e4620881c2e0efff929a231d3baf14ab106207e5f48db4ca7272be9e52c4a2bf9790ee29f44eeda4b59d4ca676036310171c8193aabf0e451122b254e50708c88479909becbeaa9238f47892f22536b8b591c283d34de2ea3ee5c856ef63fac409ca84", 0xd2}, {&(0x7f0000d7d000-0x55)="80287bf7627a1df7ee99408bcffb45a4f50b512cc4fe3ec22b3d667ec072e676054f813d47323f7acaaf800f0e7eb2d81beab9fd3aef371a518e79eb6edd976f6b8d0187fd025697f2dd258eb8d140d545de8a91a6", 0x55}, {&(0x7f00003d3000)="309c1ce4259ec1b4a9a7e6ec9ac0a6b9001f19ffa35fd24ab0311bd80dbb503bc2fc354bb6657e61ffee958bfe445bf40d3b7c2f1d9d2ca1b91abe518717114d007e9e98f6f8638a81dbd254918b15555f8103fd0a5b2d223c952a", 0x5b}, {&(0x7f0000000000)="cc0011c72a951385fb284a6abdbe0d439dbaec4d94646945348c62aa0efed9ad5b6a3ad9fad9f7a4691c8e95fb3b0dce9a56991a65995c012225cdaaa4767f89920623caab04e74f556f3f55c21f6d6d9a2a68cd76bc6be21bcf782df791f259db73bbc2f5480652eff09eab49e69a16dc2c850eb62b219ab600f1343b1ec3d0f36adb2242bfe3bb578967988f64f1c59b1823b15f95e0ed2debe24034b04de5fcd477e82b89ee481fc8926a1542053038b6d4ccba5b8f0e516f2f8dc51a7057", 0xc0}, {&(0x7f000000c000)="fcc5c5675c2d678cab659f7eb998dedf0cf07663ac7a36de07", 0x19}, {&(0x7f0000cf7000)="5f0e65a13f769e30a8768f9e737f1978ea7655a66e5c00d233416c71f4d0d85e3bab3b2112e7b7593fd3485cc7f84460b262", 0x32}, {&(0x7f0000000000)="e27ccf09cf9ca962bf3d5667db851e4b857695b9b4e25f5c863c26488e333b03030e7f7a5e448e917a4699ad00bc793cd23a78bb077e647e1fbbee3d1ec285a21a11feed520d9662e8180d82140912591f328945141285049b8201d417fa5a37f6f86630c27736029ad71847aba4b38cdb37aaeacde147a3404dc660278839aabb842ca159e990482bf179328811d74fa808da2fcef1d8b4f71a1cde36db1a0d1d06549653a884f0ab9c4bd10addcd5683afaa57749a8065dd747135e67fc3a24b6481dd39df8bec96304e4b99f2fe60aed1cdd1e5be9d2fcc723454432b", 0xde}, {&(0x7f0000992000)="4178d8f9a31b365c1014175b1804e6bfce01132bf4eff15ddf0a0d6cc219d3314c8e999789f579ac68c857fcd3e2736e7b1364c4aae5dfef5af3947c3e3909d7feadca01e3defb1e321fab19b416d558a00b8fb3a310947850f4db22f80f66eeff3601c74a658fe7e58350a3bdadec84cfbdfa96aa504e35ac72ec5a3e9ebbca40881ec26eef3e757ddacbbc6476c68cf3a23d91118c9cb53cb1a3acc6d95a86db206957734ec70bf9ca4777dda9e911464b0ec683bbb1f967359d6a2ca7c8d5ff6b2127cd4c70ba0f64e488ca0babc94f3a306984b176b95376f2a493cd47b8eac81b448eeb4100b63118a2d74d0ae3f4e6cfff7aa3104890e42b", 0xfb}], 0x8, 0x0, 0x0, 0x4000}, {0x0, 0x0, &(0x7f0000288000-0x30)=[{&(0x7f00002bc000)="9dbe428c4a99aeb711837e093259f002176ba426ad88347484e9726a8bb7890b59a4d075c8f0805fddb22e175122d359b9593fbaa84d1852751322dbbedc45ed54fb320a1a6fe180669c20491b5bc87173d98e0819874a17c412ff5f8b014b3fb47106c2d9514e3a375bfdf90cab17f2c080574482a02abc8e9e59a4f96a8da49d87f70aa5c4145183f56b7d1ef42c65bd0b0e07bf6785450652e6cc228cd235633c6d1de89813d241e29eced59309b549188ccd19", 0xb5}, {&(0x7f0000001000-0x99)="59a4286cd3be7b7b3fafc34cd9511a137ea62c69ce728e265f3ec0c10312fa12b1666c1f888e01fe1ba6316f05f1a3b8a963e8ce380760deb9524d92d137854dcf6048a694897b18f503d6c8f21d1dd36ff780b18bc393d4995d9a68a0034d652c02fadef63cd42148727c3137deccf984f2d0692bfb40402393181354023d1792b903e85322a5534b3d1b561ee5235ad1c00a8a4f7a419827", 0x99}, {&(0x7f00008b5000-0x23)="f83e96c36552b8d8868b35a60c00461818d73ef44f7d5f2a49c2ddc9dbad839bc9d0f2", 0x23}], 0x3, &(0x7f0000001000-0x18)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x8040}, {0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001000-0xaf)="9b12fe4df74e5b1a135f846924c21d95bf265095058addb70423293f5f662c4e86120943aae934647aee3899bb497b067d8aa5fa3004f577a27f3067d57d4e7e161ada38d6ed966bde4c4d5ae2c4b5864ef7b538a3c3f308d5c43fa5aae17f8bf5e0120c101db1afda31d1a85597fb36a417829314521bf99ffbbf188222ab9e9df1883efb3c43f06b9b28785d64684532f03e7eceb1b4709849b3c6c6dc3fc4e922a7e83e12dd1169e22d59e2fae0", 0xaf}], 0x1, &(0x7f00005c5000-0x48)=[@iv={0x48, 0x117, 0x2, 0x30, "e306d1d96b265e45246342258b31b13fed398425719dd61f7da67647c81d5655d0442bb1e22e4074ca028b41c9abd988"}], 0x48, 0x40}, {0x0, 0x0, &(0x7f0000cf0000)=[{&(0x7f000048a000)="f7e743a9c2e011dafad224773e4883b9f2ce20dfd0c6aee3ca3c1fa5252f02ae1e9712aa248b873913723e4967ac843850f5918b28f6b895300138b87a89be6d073cb7944c573a6e90de3de9a6", 0x4d}, {&(0x7f00001b2000)="296f821b3f0728727b4162d0991045b6f4e1c3d09c575b61a22b3bcc544a9b04c64fc63d3901adc2937a925e37c3b1dbe5b0ba6423495e766f90b61fa3b1dc383dbfeeb81b77fec8466e84f0b70507e528a61262fac188b71d266c582c02f0e43bd13cfe9948ce6cf84b45b68dda504b26e01619cac1e6ab2f8db15a7c96b86c5fb3f19dabfbfcd5b033187b62f8d339a53dbd74d3c1d2e1bfda3dd96ce2", 0x9e}], 0x2, &(0x7f0000001000-0x200)=[@assoc={0x18, 0x117, 0x4, 0x1}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x48, 0x117, 0x2, 0x33, "d7d4c8f9f3ad50b90e5f4a78dfb1eb2bfce586642537ee7b96246cde8bb2d8ab2f4a07470ace63861048274045e1fc6563fd12"}, @op={0x18, 0x117, 0x3, 0x0}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x110, 0x117, 0x2, 0xfa, "dde63b16528e5f8d2b3eeccc1252eaba0433f74c92ff8b022902c96ab3710b5eb62add75cee70794120ff52355067c1d7e37eb611dea4f26e17d53e967786014efe201a5687a6e9a0f4a2aa89dbd05a7f1750d41c49de1e12db5616ee8824d7b16c4859fcbf0dbf47c93845eb054a44c6ca474640e64a6b3d843a6013e3ef3b0ec844125c899ea6dfcd6bb47ea73167ea76632c9dc10ab0b875952ec5cc47e1e804fd00a04a1f40f7d96a9589d4c1e374a050c2d18eab0832db23f5d45f0b869ddf2fd88c62902985b239cba0221dbee8d73b05748568fec0dff5cdfec573e915e4cc0ba87ae0416e389eb1c838b6c7c6c39a68eef9e880eff53"}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}], 0x200, 0x4000010}, {0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000c9c000)="4976a337ee1efda60c250f31437c7b0584cdace2f9c8784e7ead2a04db59df24ec7e1a3f379b7c5c6878ba67e6e46f9a6de0e1b20a740c7e977a99cc6a6bbf126fb7252e5ba164172d9b439198381869c33c0b50b0d0a17511f5c8bd78951faf11a7d0", 0x63}], 0x1, &(0x7f0000116000)=[@iv={0xc0, 0x117, 0x2, 0xa8, "70c9aeaa696c029e80e003ec01862a7ee379e97974d01db63bde9148e9850e5e85d57bb949e9ca76116e645b8cc48d054088100b871cb690f9a31a25033c5db75e383008cfeb556ab0d8a5145cb0b522a88a6317742879723c677be8cd0b7b3fcd2dee01c3ee9ffe9d08dbe82deec576c823b25ae8aa54a1febfdd566d2c56aa131270c118cab512e5e425cfdaf2634edef41f08cfae74c9f3609c160802d3c2993d1542fa61ce33"}, @assoc={0x18, 0x117, 0x4, 0x9}, @iv={0xe0, 0x117, 0x2, 0xc8, "67e85a9036a6571143cfc0594d10b11524812069ce7b7fa334ad8fcb22f7f9f867aacb11b325f09d5eb586f29158800880bd4d72fde3641b28b3b601e8a07789e4ca18f4c6650d1a1b8412806fabf39aee6306b7a6badfcb63ba273229347e63098db4fed04bea5687e7586300f0692b234bf45714831a485fd99c96f0dbfb1c9f4a735c9b769e2ce4faf1b2d7a38912a50b79ecff03b03aefa9f7be7170e0d21b6c9dd6bca72ffb6bef1798c44835f74871234e8471ff34b927da92677571ad09aa3d990c4b47f2"}, @assoc={0x18, 0x117, 0x4, 0x8000}], 0x1d0, 0x0}, {0x0, 0x0, &(0x7f0000001000-0x20)=[{&(0x7f0000001000-0xfd)="fa9b0bfc8db73163d72cfd2145467cf4702bd4de39b7e461d6a51d21a12bd21183f582780495758419e293a42f08602b12c1fc9f5ea2604b82ef975ea71a30432dc75b2cd6b94a57a31320a877cdce3ad776eb531b0ab6ac53eafc6853a5448841810f390b459273a5e307c41534d28218cfc0db1119e4f304e94ee5a0a85ed5926a03bfaa73874d7a125085d1e5f17a47bf239fed911b63d3a4fb95e082565e62067fd3fdcc5ad4eb36baac7d42dfbcac760737da81733335090daf67eb276fcd590be67b941b1e31551c21bdd643145ba5b4ac04e918509cca160743be45afdc6edb181fefc7187131eb981ea2273a134b70c41876d3f78384638683", 0xfd}, {&(0x7f0000000000)="55591e95b37e1e91d84bc320f73aa014c10e38ea6e8f9b0834cc0d9ab02ccc153f308feeda8deb39bc92491a9d0e78ffde4f8380d543b108e35792ce07fd33eeaa2a8e2319286e35498009fbbb2e020b", 0x50}], 0x2, &(0x7f0000709000)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x0}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x20}], 0x60, 0x804}], 0x9, 0x4) openat$rfkill(0xffffffffffffff9c, &(0x7f00000de000)='/dev/rfkill\x00', 0x40, 0x0) mmap(&(0x7f0000dc3000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000dc3000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) 2017/12/29 12:40:12 executing program 4: r0 = socket$inet(0x2, 0x7ffffffffffe, 0x1f) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000002000-0xc)={@loopback=0x7f000001, @multicast1=0xe0000001, @remote={0xac, 0x14, 0x0, 0xbb}}, 0xc) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x84000) close(r0) [ 28.632732] audit: type=1400 audit(1514551212.748:11): avc: denied { net_raw } for pid=3391 comm="syz-executor3" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2017/12/29 12:40:12 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00009c9000-0x8)='./file0\x00', 0x0) mount(&(0x7f0000e13000-0x8)='./file0\x00', &(0x7f0000b8f000-0x8)='./file0\x00', &(0x7f0000ca9000)='ramfs\x00', 0x0, &(0x7f0000662000)="") clock_gettime(0x0, &(0x7f0000be3000)={0x0, 0x0}) utimes(&(0x7f0000385000-0xe)='./file0/file0\x00', &(0x7f00008e9000)={{r0, r1/1000+30000}, {0x0, 0x0}}) creat(&(0x7f00009f5000)='./file0/bus\x00', 0x0) rename(&(0x7f0000248000-0xc)='./file0/bus\x00', &(0x7f0000336000-0xe)='./file0/file0\x00') [ 28.694070] audit: type=1400 audit(1514551212.809:12): avc: denied { net_admin } for pid=3391 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.718691] audit: type=1400 audit(1514551212.819:13): avc: denied { dac_read_search } for pid=3396 comm="syz-executor6" capability=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.744394] FAULT_FLAG_ALLOW_RETRY missing 30 [ 28.744443] CPU: 0 PID: 3403 Comm: syz-executor1 Not tainted 4.15.0-rc4-next-20171221+ #78 [ 28.744449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.744452] Call Trace: [ 28.744467] dump_stack+0x194/0x257 [ 28.744484] ? arch_local_irq_restore+0x53/0x53 [ 28.744501] ? do_raw_spin_lock+0x185/0x220 [ 28.744516] ? handle_userfault+0xb97/0x2500 [ 28.744536] handle_userfault+0xbd9/0x2500 [ 28.744548] ? handle_userfault+0x185a/0x2500 [ 28.744578] ? userfaultfd_ioctl+0x4520/0x4520 [ 28.744587] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.744600] ? print_irqtrace_events+0x270/0x270 [ 28.744615] ? __lock_acquire+0x630/0x3e00 [ 28.744626] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.744640] ? print_irqtrace_events+0x270/0x270 [ 28.744652] ? print_irqtrace_events+0x270/0x270 [ 28.744667] ? print_irqtrace_events+0x270/0x270 [ 28.744688] ? __lock_acquire+0x664/0x3e00 [ 28.744699] ? __is_insn_slot_addr+0x1fc/0x330 [ 28.744719] ? __lock_acquire+0x664/0x3e00 [ 28.744730] ? check_noncircular+0x20/0x20 [ 28.744738] ? __lock_acquire+0x664/0x3e00 [ 28.744756] ? lock_downgrade+0x980/0x980 [ 28.744779] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.744791] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.744800] ? modules_open+0xa0/0xa0 [ 28.744816] ? find_held_lock+0x35/0x1d0 [ 28.744840] ? __handle_mm_fault+0x3296/0x3ce0 [ 28.744852] ? lock_downgrade+0x980/0x980 [ 28.744869] ? lock_release+0xa40/0xa40 [ 28.744880] ? rcutorture_record_progress+0x10/0x10 [ 28.744895] ? do_raw_spin_trylock+0x190/0x190 [ 28.744906] ? userfaultfd_ctx_put+0x720/0x720 [ 28.744936] __handle_mm_fault+0x32a3/0x3ce0 [ 28.744957] ? __pmd_alloc+0x4e0/0x4e0 [ 28.744967] ? print_lockdep_cache.isra.31+0x109/0x109 [ 28.744988] ? find_held_lock+0x35/0x1d0 [ 28.745011] ? handle_mm_fault+0x2a0/0x930 [ 28.745022] ? lock_downgrade+0x980/0x980 [ 28.745068] handle_mm_fault+0x38f/0x930 [ 28.745082] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 28.745096] ? vmacache_find+0x5f/0x280 [ 28.745113] ? find_vma+0x30/0x150 [ 28.745133] __do_page_fault+0x5c9/0xc90 [ 28.745157] ? mm_fault_error+0x2c0/0x2c0 [ 28.745170] ? check_noncircular+0x20/0x20 [ 28.745175] ? check_noncircular+0x20/0x20 [ 28.745192] do_page_fault+0xee/0x720 [ 28.745204] ? __do_page_fault+0xc90/0xc90 [ 28.745212] ? __lock_is_held+0xb6/0x140 [ 28.745227] ? find_held_lock+0x35/0x1d0 [ 28.745260] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.745283] page_fault+0x2c/0x60 [ 28.745292] RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 [ 28.745297] RSP: 0018:ffff8801a7cdf678 EFLAGS: 00010202 [ 28.745305] RAX: dffffc0000000000 RBX: 0000000020012000 RCX: 0000000000000002 [ 28.745310] RDX: 0000000000000000 RSI: 0000000020012000 RDI: ffff8801c98f4880 [ 28.745315] RBP: ffff8801a7cdf6c8 R08: ffff8801dac001c0 R09: 0000000000000000 [ 28.745321] R10: 0000000000000002 R11: ffffed003931e911 R12: 00000000fffffff4 [ 28.745325] R13: 0000000000000010 R14: ffff8801c98f4880 R15: 0000000000000010 [ 28.745366] ? sctp_setsockopt_bindx+0x106/0x350 [ 28.745387] sctp_setsockopt+0xe73/0x61a0 [ 28.745406] ? sctp_setsockopt_paddr_thresholds+0x550/0x550 [ 28.745424] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.745432] ? check_noncircular+0x20/0x20 [ 28.745447] ? switched_to_fair+0xb0/0xb0 [ 28.745464] ? __enqueue_entity+0x109/0x1e0 [ 28.745495] ? find_held_lock+0x35/0x1d0 [ 28.745514] ? check_noncircular+0x20/0x20 [ 28.745521] ? finish_task_switch+0x1d3/0x740 [ 28.745532] ? lock_downgrade+0x980/0x980 [ 28.745541] ? check_noncircular+0x20/0x20 [ 28.745548] ? load_balance+0x34c0/0x34c0 [ 28.745563] ? lock_release+0xa40/0xa40 [ 28.745572] ? compat_start_thread+0x80/0x80 [ 28.745583] ? do_raw_spin_trylock+0x190/0x190 [ 28.745603] ? find_held_lock+0x35/0x1d0 [ 28.745622] ? avc_has_perm+0x35e/0x680 [ 28.745632] ? lock_downgrade+0x980/0x980 [ 28.745646] ? lock_release+0xa40/0xa40 [ 28.745653] ? lock_downgrade+0x980/0x980 [ 28.745667] ? lock_release+0xa40/0xa40 [ 28.745681] ? __lock_is_held+0xb6/0x140 [ 28.745699] ? avc_has_perm+0x43e/0x680 [ 28.745714] ? avc_has_perm_noaudit+0x520/0x520 [ 28.745738] ? iterate_fd+0x3f0/0x3f0 [ 28.745745] ? selinux_mmap_addr+0x1f/0xf0 [ 28.745755] ? userfaultfd_unmap_complete+0x327/0x510 [ 28.745773] ? file_map_prot_check+0x2e0/0x2e0 [ 28.745783] ? userfaultfd_unmap_prep+0x540/0x540 [ 28.745800] ? schedule+0xf5/0x430 [ 28.745814] ? sock_has_perm+0x2a4/0x420 [ 28.745828] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 28.745836] ? security_mmap_file+0x143/0x180 [ 28.745846] ? selinux_netlbl_socket_setsockopt+0x10c/0x460 [ 28.745857] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 28.745898] sock_common_setsockopt+0x95/0xd0 [ 28.745917] SyS_setsockopt+0x189/0x360 [ 28.745933] ? SyS_recv+0x40/0x40 [ 28.745944] ? entry_SYSCALL_64_fastpath+0x5/0x96 [ 28.745956] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.745967] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.745987] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.745995] RIP: 0033:0x452ac9 [ 28.745999] RSP: 002b:00007f9a584aec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 [ 28.746008] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 [ 28.746012] RDX: 0000000000000065 RSI: 0000000000000084 RDI: 0000000000000014 [ 28.746017] RBP: 000000000000039b R08: 0000000000000010 R09: 0000000000000000 [ 28.746021] R10: 0000000020012000 R11: 0000000000000212 R12: 00000000006f2728 [ 28.746025] R13: 00000000ffffffff R14: 00007f9a584af6d4 R15: 0000000000000000 [ 28.755988] ================================================================== [ 28.756014] BUG: KASAN: use-after-free in refcount_inc_not_zero+0x16e/0x180 [ 28.756021] Read of size 4 at addr ffff8801c1550ec0 by task syz-executor6/3398 [ 28.756022] [ 28.756030] CPU: 1 PID: 3398 Comm: syz-executor6 Not tainted 4.15.0-rc4-next-20171221+ #78 [ 28.756034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.756037] Call Trace: [ 28.756049] dump_stack+0x194/0x257 [ 28.756063] ? arch_local_irq_restore+0x53/0x53 [ 28.756073] ? show_regs_print_info+0x18/0x18 [ 28.756090] ? refcount_inc_not_zero+0x16e/0x180 [ 28.756103] print_address_description+0x73/0x250 [ 28.756112] ? refcount_inc_not_zero+0x16e/0x180 [ 28.756122] kasan_report+0x25b/0x340 [ 28.756138] __asan_report_load4_noabort+0x14/0x20 [ 28.756145] refcount_inc_not_zero+0x16e/0x180 [ 28.756154] ? refcount_add+0x60/0x60 [ 28.756174] ? do_mq_timedreceive+0xf40/0xf40 [ 28.756186] refcount_inc+0x15/0x50 [ 28.756194] mqueue_evict_inode+0x137/0x9c0 [ 28.756207] ? inode_wait_for_writeback+0x2f/0x40 [ 28.756218] ? lock_downgrade+0x980/0x980 [ 28.756231] ? do_mq_timedreceive+0xf40/0xf40 [ 28.756240] ? __inode_wait_for_writeback+0x292/0x330 [ 28.756254] ? do_raw_spin_trylock+0x190/0x190 [ 28.756268] ? bit_waitqueue+0x30/0x30 [ 28.756286] ? _raw_spin_unlock+0x22/0x30 [ 28.756294] ? do_mq_timedreceive+0xf40/0xf40 [ 28.756308] evict+0x481/0x920 [ 28.756326] ? destroy_inode+0x200/0x200 [ 28.756343] ? iput+0x7b1/0xaf0 [ 28.756354] ? lock_downgrade+0x980/0x980 [ 28.756373] ? _raw_spin_lock+0x32/0x40 [ 28.756379] ? _atomic_dec_and_lock+0x125/0x196 [ 28.756392] ? do_raw_spin_trylock+0x190/0x190 [ 28.756401] ? cpumask_local_spread+0x260/0x260 [ 28.756412] ? reacquire_held_locks+0x1f9/0x3e0 [ 28.756421] ? shrink_dentry_list+0x3b0/0xcf0 [ 28.756440] iput+0x7b9/0xaf0 [ 28.756460] ? evict_inodes+0x580/0x580 [ 28.756466] ? dentry_unlink_inode+0x38e/0x5e0 [ 28.756477] ? lock_downgrade+0x980/0x980 [ 28.756498] ? reacquire_held_locks+0x1f9/0x3e0 [ 28.756506] ? reacquire_held_locks+0x1f9/0x3e0 [ 28.756516] ? do_raw_spin_trylock+0x190/0x190 [ 28.756533] ? find_held_lock+0x138/0x1d0 [ 28.756553] dentry_unlink_inode+0x4b0/0x5e0 [ 28.756559] ? __dentry_kill+0x37b/0x6d0 [ 28.756575] ? release_dentry_name_snapshot+0x70/0x70 [ 28.756590] ? __lock_acquire+0x664/0x3e00 [ 28.756601] ? __d_drop+0x2b9/0x4b0 [ 28.756613] ? do_raw_spin_trylock+0x190/0x190 [ 28.756622] ? d_exact_alias+0x620/0x620 [ 28.756632] ? lock_acquire+0x1d5/0x580 [ 28.756640] ? lock_acquire+0x1d5/0x580 [ 28.756658] __dentry_kill+0x3b7/0x6d0 [ 28.756672] ? check_and_drop+0x170/0x170 [ 28.756680] ? lock_downgrade+0x980/0x980 [ 28.756713] shrink_dentry_list+0x3c5/0xcf0 [ 28.756730] ? d_add+0xa70/0xa70 [ 28.756743] ? d_shrink_add+0x280/0x280 [ 28.756754] ? dget_parent+0x5b0/0x5b0 [ 28.756766] ? trace_hardirqs_off+0xd/0x10 [ 28.756774] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 28.756788] ? find_held_lock+0x35/0x1d0 [ 28.756814] shrink_dcache_parent+0xba/0x230 [ 28.756829] ? path_has_submounts+0x1a0/0x1a0 [ 28.756837] ? lock_release+0xa40/0xa40 [ 28.756844] ? check_noncircular+0x20/0x20 [ 28.756864] ? d_walk+0x1d2/0xb20 [ 28.756878] do_one_tree+0x15/0x50 [ 28.756887] shrink_dcache_for_umount+0xbb/0x290 [ 28.756893] ? d_walk+0x6f2/0xb20 [ 28.756907] ? d_set_mounted+0x2d0/0x2d0 [ 28.756919] ? d_find_any_alias+0x1c0/0x1c0 [ 28.756939] generic_shutdown_super+0xcd/0x540 [ 28.756949] ? trace_hardirqs_on+0xd/0x10 [ 28.756957] ? destroy_super_rcu+0x200/0x200 [ 28.756970] ? unregister_shrinker+0x22c/0x3a0 [ 28.756977] ? __might_sleep+0x95/0x190 [ 28.756990] ? perf_trace_mm_vmscan_writepage+0x790/0x790 [ 28.756995] ? down_write+0x87/0x120 [ 28.757015] kill_litter_super+0x72/0x90 [ 28.757026] deactivate_locked_super+0x88/0xd0 [ 28.757037] deactivate_super+0x141/0x1b0 [ 28.757047] ? __sb_start_write+0x2a0/0x2a0 [ 28.757073] cleanup_mnt+0xb2/0x150 [ 28.757083] __cleanup_mnt+0x16/0x20 [ 28.757093] task_work_run+0x199/0x270 [ 28.757108] ? task_work_cancel+0x210/0x210 [ 28.757117] ? free_nsproxy+0x185/0x1f0 [ 28.757127] ? switch_task_namespaces+0xa2/0xc0 [ 28.757144] do_exit+0x9bb/0x1ad0 [ 28.757163] ? mm_update_next_owner+0x930/0x930 [ 28.757176] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.757181] ? check_noncircular+0x20/0x20 [ 28.757195] ? rcu_segcblist_first_pend_cb+0x90/0x90 [ 28.757201] ? check_noncircular+0x20/0x20 [ 28.757211] ? __call_rcu.constprop.68+0x4a5/0xef0 [ 28.757223] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.757233] ? trace_hardirqs_on+0xd/0x10 [ 28.757244] ? __is_insn_slot_addr+0x1fc/0x330 [ 28.757259] ? check_noncircular+0x20/0x20 [ 28.757267] ? rcu_process_callbacks+0x17f0/0x17f0 [ 28.757273] ? find_held_lock+0x35/0x1d0 [ 28.757293] ? node_tag_set+0xae/0x130 [ 28.757309] ? check_noncircular+0x20/0x20 [ 28.757326] ? find_held_lock+0x35/0x1d0 [ 28.757345] ? task_work_run+0x16c/0x270 [ 28.757354] ? lock_downgrade+0x980/0x980 [ 28.757367] ? find_held_lock+0x35/0x1d0 [ 28.757387] ? get_signal+0x7ae/0x16c0 [ 28.757397] ? lock_downgrade+0x980/0x980 [ 28.757415] do_group_exit+0x149/0x400 [ 28.757423] ? do_raw_spin_trylock+0x190/0x190 [ 28.757430] ? SyS_exit+0x30/0x30 [ 28.757435] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.757444] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.757457] get_signal+0x73f/0x16c0 [ 28.757475] ? ptrace_notify+0x130/0x130 [ 28.757487] ? free_obj_work+0x690/0x690 [ 28.757509] ? trace_hardirqs_off+0xd/0x10 [ 28.757517] ? rcu_pm_notify+0xc0/0xc0 [ 28.757541] do_signal+0x94/0x1ee0 [ 28.757547] ? create_new_namespaces+0x4f0/0x880 [ 28.757554] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.757563] ? kmem_cache_free+0x267/0x2a0 [ 28.757576] ? create_new_namespaces+0x459/0x880 [ 28.757594] ? setup_sigcontext+0x7d0/0x7d0 [ 28.757606] ? sys_ni_syscall+0x20/0x20 [ 28.757617] ? ns_capable_common+0xcf/0x160 [ 28.757632] ? unshare_nsproxy_namespaces+0xdf/0x1e0 [ 28.757646] ? SyS_unshare+0x4a0/0xfa0 [ 28.757664] ? walk_process_tree+0x400/0x400 [ 28.757677] ? exit_to_usermode_loop+0x8c/0x2f0 [ 28.757697] exit_to_usermode_loop+0x258/0x2f0 [ 28.757719] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 28.757746] syscall_return_slowpath+0x490/0x550 [ 28.757756] ? prepare_exit_to_usermode+0x340/0x340 [ 28.757766] ? entry_SYSCALL_64_fastpath+0x69/0x96 [ 28.757778] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.757788] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.757809] entry_SYSCALL_64_fastpath+0x94/0x96 [ 28.757816] RIP: 0033:0x452ac9 [ 28.757824] RSP: 002b:00007f2804be8c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000110 [ 28.757832] RAX: ffffffffffffffea RBX: 000000000071bea0 RCX: 0000000000452ac9 [ 28.757837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000028060400 [ 28.757841] RBP: 00000000000005d3 R08: 0000000000000000 R09: 0000000000000000 [ 28.757846] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f5c68 [ 28.757851] R13: 00000000ffffffff R14: 00007f2804be96d4 R15: 0000000000000000 [ 28.757882] [ 28.757886] Allocated by task 3398: [ 28.757894] save_stack+0x43/0xd0 [ 28.757899] kasan_kmalloc+0xad/0xe0 [ 28.757905] kmem_cache_alloc_trace+0x136/0x750 [ 28.757913] copy_ipcs+0x1b3/0x520 [ 28.757919] create_new_namespaces+0x278/0x880 [ 28.757925] unshare_nsproxy_namespaces+0xae/0x1e0 [ 28.757931] SyS_unshare+0x653/0xfa0 [ 28.757937] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.757939] [ 28.757942] Freed by task 3398: [ 28.757948] save_stack+0x43/0xd0 [ 28.757953] kasan_slab_free+0x71/0xc0 [ 28.757959] kfree+0xd6/0x260 [ 28.757964] put_ipc_ns+0x112/0x150 [ 28.757969] free_nsproxy+0xc0/0x1f0 [ 28.757976] switch_task_namespaces+0x9d/0xc0 [ 28.757981] exit_task_namespaces+0x17/0x20 [ 28.757987] do_exit+0x9b6/0x1ad0 [ 28.757993] do_group_exit+0x149/0x400 [ 28.757999] get_signal+0x73f/0x16c0 [ 28.758005] do_signal+0x94/0x1ee0 [ 28.758011] exit_to_usermode_loop+0x258/0x2f0 [ 28.758017] syscall_return_slowpath+0x490/0x550 [ 28.758023] entry_SYSCALL_64_fastpath+0x94/0x96 [ 28.758025] [ 28.758030] The buggy address belongs to the object at ffff8801c1550ec0 [ 28.758030] which belongs to the cache kmalloc-2048 of size 2048 [ 28.758036] The buggy address is located 0 bytes inside of [ 28.758036] 2048-byte region [ffff8801c1550ec0, ffff8801c15516c0) [ 28.758039] The buggy address belongs to the page: [ 28.758046] page:0000000076e02623 count:1 mapcount:0 mapping:00000000c1606be4 index:0x0 compound_mapcount: 0 [ 28.758055] flags: 0x2fffc0000008100(slab|head) [ 28.758065] raw: 02fffc0000008100 ffff8801c1550640 0000000000000000 0000000100000003 [ 28.758073] raw: ffffea0007057e20 ffffea0007053f20 ffff8801dac00c40 0000000000000000 [ 28.758076] page dumped because: kasan: bad access detected [ 28.758078] [ 28.758081] Memory state around the buggy address: [ 28.758086] ffff8801c1550d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.758091] ffff8801c1550e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 28.758097] >ffff8801c1550e80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 28.758100] ^ [ 28.758106] ffff8801c1550f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.758111] ffff8801c1550f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.758114] ================================================================== [ 28.758117] Disabling lock debugging due to kernel taint [ 28.758143] Kernel panic - not syncing: panic_on_warn set ... [ 28.758143] [ 28.758150] CPU: 1 PID: 3398 Comm: syz-executor6 Tainted: G B 4.15.0-rc4-next-20171221+ #78 [ 28.758154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.758156] Call Trace: [ 28.758164] dump_stack+0x194/0x257 [ 28.758173] ? arch_local_irq_restore+0x53/0x53 [ 28.758182] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.758190] ? vsnprintf+0x1ed/0x1900 [ 28.758198] ? refcount_inc_not_zero+0xd0/0x180 [ 28.758206] panic+0x1e4/0x41c [ 28.758213] ? refcount_error_report+0x214/0x214 [ 28.758223] ? add_taint+0x1c/0x50 [ 28.758231] ? add_taint+0x1c/0x50 [ 28.758240] ? refcount_inc_not_zero+0x16e/0x180 [ 28.758248] kasan_end_report+0x50/0x50 [ 28.758256] kasan_report+0x144/0x340 [ 28.758267] __asan_report_load4_noabort+0x14/0x20 [ 28.758274] refcount_inc_not_zero+0x16e/0x180 [ 28.758281] ? refcount_add+0x60/0x60 [ 28.758293] ? do_mq_timedreceive+0xf40/0xf40 [ 28.758301] refcount_inc+0x15/0x50 [ 28.758309] mqueue_evict_inode+0x137/0x9c0 [ 28.758319] ? inode_wait_for_writeback+0x2f/0x40 [ 28.758327] ? lock_downgrade+0x980/0x980 [ 28.758337] ? do_mq_timedreceive+0xf40/0xf40 [ 28.758345] ? __inode_wait_for_writeback+0x292/0x330 [ 28.758355] ? do_raw_spin_trylock+0x190/0x190 [ 28.758366] ? bit_waitqueue+0x30/0x30 [ 28.758377] ? _raw_spin_unlock+0x22/0x30 [ 28.758384] ? do_mq_timedreceive+0xf40/0xf40 [ 28.758392] evict+0x481/0x920 [ 28.758404] ? destroy_inode+0x200/0x200 [ 28.758415] ? iput+0x7b1/0xaf0 [ 28.758423] ? lock_downgrade+0x980/0x980 [ 28.758434] ? _raw_spin_lock+0x32/0x40 [ 28.758440] ? _atomic_dec_and_lock+0x125/0x196 [ 28.758450] ? do_raw_spin_trylock+0x190/0x190 [ 28.758456] ? cpumask_local_spread+0x260/0x260 [ 28.758464] ? reacquire_held_locks+0x1f9/0x3e0 [ 28.758471] ? shrink_dentry_list+0x3b0/0xcf0 [ 28.758482] iput+0x7b9/0xaf0 [ 28.758494] ? evict_inodes+0x580/0x580 [ 28.758499] ? dentry_unlink_inode+0x38e/0x5e0 [ 28.758507] ? lock_downgrade+0x980/0x980 [ 28.758519] ? reacquire_held_locks+0x1f9/0x3e0 [ 28.758526] ? reacquire_held_locks+0x1f9/0x3e0 [ 28.758534] ? do_raw_spin_trylock+0x190/0x190 [ 28.758544] ? find_held_lock+0x138/0x1d0 [ 28.758556] dentry_unlink_inode+0x4b0/0x5e0 [ 28.758561] ? __dentry_kill+0x37b/0x6d0 [ 28.758572] ? release_dentry_name_snapshot+0x70/0x70 [ 28.758580] ? __lock_acquire+0x664/0x3e00 [ 28.758593] ? __d_drop+0x2b9/0x4b0 [ 28.758601] ? do_raw_spin_trylock+0x190/0x190 [ 28.758608] ? d_exact_alias+0x620/0x620 [ 28.758616] ? lock_acquire+0x1d5/0x580 [ 28.758622] ? lock_acquire+0x1d5/0x580 [ 28.758634] __dentry_kill+0x3b7/0x6d0 [ 28.758644] ? check_and_drop+0x170/0x170 [ 28.758651] ? lock_downgrade+0x980/0x980 [ 28.758671] shrink_dentry_list+0x3c5/0xcf0 [ 28.758684] ? d_add+0xa70/0xa70 [ 28.758696] ? d_shrink_add+0x280/0x280 [ 28.758705] ? dget_parent+0x5b0/0x5b0 [ 28.758714] ? trace_hardirqs_off+0xd/0x10 [ 28.758721] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 28.758732] ? find_held_lock+0x35/0x1d0 [ 28.758748] shrink_dcache_parent+0xba/0x230 [ 28.758759] ? path_has_submounts+0x1a0/0x1a0 [ 28.758766] ? lock_release+0xa40/0xa40 [ 28.758773] ? check_noncircular+0x20/0x20 [ 28.758785] ? d_walk+0x1d2/0xb20 [ 28.758795] do_one_tree+0x15/0x50 [ 28.758803] shrink_dcache_for_umount+0xbb/0x290 [ 28.758808] ? d_walk+0x6f2/0xb20 [ 28.758818] ? d_set_mounted+0x2d0/0x2d0 [ 28.758827] ? d_find_any_alias+0x1c0/0x1c0 [ 28.758840] generic_shutdown_super+0xcd/0x540 [ 28.758848] ? trace_hardirqs_on+0xd/0x10 [ 28.758856] ? destroy_super_rcu+0x200/0x200 [ 28.758866] ? unregister_shrinker+0x22c/0x3a0 [ 28.758872] ? __might_sleep+0x95/0x190 [ 28.758881] ? perf_trace_mm_vmscan_writepage+0x790/0x790 [ 28.758887] ? down_write+0x87/0x120 [ 28.758899] kill_litter_super+0x72/0x90 [ 28.758908] deactivate_locked_super+0x88/0xd0 [ 28.758916] deactivate_super+0x141/0x1b0 [ 28.758925] ? __sb_start_write+0x2a0/0x2a0 [ 28.758941] cleanup_mnt+0xb2/0x150 [ 28.758948] __cleanup_mnt+0x16/0x20 [ 28.758956] task_work_run+0x199/0x270 [ 28.758965] ? task_work_cancel+0x210/0x210 [ 28.758972] ? free_nsproxy+0x185/0x1f0 [ 28.758980] ? switch_task_namespaces+0xa2/0xc0 [ 28.758990] do_exit+0x9bb/0x1ad0 [ 28.759006] ? mm_update_next_owner+0x930/0x930 [ 28.759016] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 28.759022] ? check_noncircular+0x20/0x20 [ 28.759031] ? rcu_segcblist_first_pend_cb+0x90/0x90 [ 28.759037] ? check_noncircular+0x20/0x20 [ 28.759046] ? __call_rcu.constprop.68+0x4a5/0xef0 [ 28.759054] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.759062] ? trace_hardirqs_on+0xd/0x10 [ 28.759070] ? __is_insn_slot_addr+0x1fc/0x330 [ 28.759079] ? check_noncircular+0x20/0x20 [ 28.759086] ? rcu_process_callbacks+0x17f0/0x17f0 [ 28.759092] ? find_held_lock+0x35/0x1d0 [ 28.759104] ? node_tag_set+0xae/0x130 [ 28.759116] ? check_noncircular+0x20/0x20 [ 28.759127] ? find_held_lock+0x35/0x1d0 [ 28.759140] ? task_work_run+0x16c/0x270 [ 28.759148] ? lock_downgrade+0x980/0x980 [ 28.759157] ? find_held_lock+0x35/0x1d0 [ 28.759169] ? get_signal+0x7ae/0x16c0 [ 28.759177] ? lock_downgrade+0x980/0x980 [ 28.759190] do_group_exit+0x149/0x400 [ 28.759198] ? do_raw_spin_trylock+0x190/0x190 [ 28.759205] ? SyS_exit+0x30/0x30 [ 28.759210] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.759219] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.759230] get_signal+0x73f/0x16c0 [ 28.759244] ? ptrace_notify+0x130/0x130 [ 28.759254] ? free_obj_work+0x690/0x690 [ 28.759271] ? trace_hardirqs_off+0xd/0x10 [ 28.759278] ? rcu_pm_notify+0xc0/0xc0 [ 28.759292] do_signal+0x94/0x1ee0 [ 28.759298] ? create_new_namespaces+0x4f0/0x880 [ 28.759305] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.759312] ? kmem_cache_free+0x267/0x2a0 [ 28.759321] ? create_new_namespaces+0x459/0x880 [ 28.759330] ? setup_sigcontext+0x7d0/0x7d0 [ 28.759339] ? sys_ni_syscall+0x20/0x20 [ 28.759349] ? ns_capable_common+0xcf/0x160 [ 28.759360] ? unshare_nsproxy_namespaces+0xdf/0x1e0 [ 28.759368] ? SyS_unshare+0x4a0/0xfa0 [ 28.759378] ? walk_process_tree+0x400/0x400 [ 28.759387] ? exit_to_usermode_loop+0x8c/0x2f0 [ 28.759399] exit_to_usermode_loop+0x258/0x2f0 [ 28.759408] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 28.759424] syscall_return_slowpath+0x490/0x550 [ 28.759432] ? prepare_exit_to_usermode+0x340/0x340 [ 28.759439] ? entry_SYSCALL_64_fastpath+0x69/0x96 [ 28.759447] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.759455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.759467] entry_SYSCALL_64_fastpath+0x94/0x96 [ 28.759471] RIP: 0033:0x452ac9 [ 28.759475] RSP: 002b:00007f2804be8c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000110 [ 28.759482] RAX: ffffffffffffffea RBX: 000000000071bea0 RCX: 0000000000452ac9 [ 28.759486] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000028060400 [ 28.759490] RBP: 00000000000005d3 R08: 0000000000000000 R09: 0000000000000000 [ 28.759493] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f5c68 [ 28.759497] R13: 00000000ffffffff R14: 00007f2804be96d4 R15: 0000000000000000 [ 28.759985] Dumping ftrace buffer: [ 28.759988] (ftrace buffer empty) [ 28.759991] Kernel Offset: disabled [ 30.863668] Rebooting in 86400 seconds..