[....] Starting enhanced syslogd: rsyslogd[ 13.709911] audit: type=1400 audit(1517233173.856:4): avc: denied { syslog } for pid=3839 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. 2018/01/29 13:39:45 fuzzer started 2018/01/29 13:39:45 dialing manager at 10.128.0.26:32911 2018/01/29 13:39:48 kcov=true, comps=false 2018/01/29 13:39:49 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000b07000)='./file0\x00') 2018/01/29 13:39:49 executing program 7: perf_event_open(&(0x7f0000940000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000ee2000-0x4)=0x0, &(0x7f0000026000-0x4)=0x0, &(0x7f0000c8f000)=0x0) 2018/01/29 13:39:49 executing program 3: fchownat(0xffffffffffffffff, &(0x7f00006ff000)='./file0/file0\x00', 0x0, 0x0, 0x1500) 2018/01/29 13:39:50 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000975000-0x4)=0x0, &(0x7f00002cd000)=0x0, &(0x7f0000c99000-0x4)=0x0) getresgid(&(0x7f0000611000-0x4)=0x0, &(0x7f0000382000-0x4)=0x0, &(0x7f0000959000-0x4)=0x0) fchown(r0, 0x0, 0x0) 2018/01/29 13:39:50 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000081e000-0xa)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003ba000-0x24)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f000067e000-0x24)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2018/01/29 13:39:50 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) rt_sigprocmask(0x0, &(0x7f000003a000-0x8)={0xfffffffffffffffa}, 0x0, 0x8) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0xa, 0x4, @tid=r0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000044000)=0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000854000-0x10)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f000004a000)={{r1, 0x0}, {0x0, 0xe4c}}, &(0x7f0000040000)={{0x0, 0x0}, {0x0, 0x0}}) rt_sigtimedwait(&(0x7f0000b5f000-0x8)={0xffffffffffffffff}, &(0x7f0000e70000-0x10)={0x0, 0x0, 0x0, 0x0}, &(0x7f0000685000)={0x77359400, 0x0}, 0x8) 2018/01/29 13:39:50 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000504000)={&(0x7f0000ba3000-0xc)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f0000813000-0x10)={&(0x7f0000d77000-0x260c)=@newlink={0x30, 0x10, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, [@IFLA_GROUP={0x8, 0x1b, 0x0}, @IFLA_VFINFO_LIST={0x8, 0x16, [{0x4, 0x1, []}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/29 13:39:50 executing program 2: syz_fuseblk_mount(&(0x7f0000ac5000-0x8)='./file0\x00', &(0x7f00004a9000-0x8)='./file0\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f000081f000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000a60000-0x4)=0xc) setgroups(0x2, &(0x7f0000b7f000)=[0x0, 0x0]) syzkaller login: [ 29.863677] audit: type=1400 audit(1517233190.006:6): avc: denied { sys_admin } for pid=4053 comm="syz-executor3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 29.863682] audit: type=1400 audit(1517233190.006:5): avc: denied { sys_admin } for pid=4052 comm="syz-executor7" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 29.912792] IPVS: Creating netns size=2536 id=1 [ 29.937974] audit: type=1400 audit(1517233190.086:7): avc: denied { net_admin } for pid=4054 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 29.975148] IPVS: Creating netns size=2536 id=2 [ 30.014907] IPVS: Creating netns size=2536 id=3 [ 30.039077] IPVS: Creating netns size=2536 id=4 [ 30.078505] IPVS: Creating netns size=2536 id=5 [ 30.121396] IPVS: Creating netns size=2536 id=6 [ 30.184655] IPVS: Creating netns size=2536 id=7 [ 30.244813] IPVS: Creating netns size=2536 id=8 [ 31.899901] audit: type=1400 audit(1517233192.046:8): avc: denied { sys_chroot } for pid=4054 comm="syz-executor7" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/29 13:39:52 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) faccessat(0xffffffffffffffff, &(0x7f0000959000-0x8)='./file0\x00', 0x0, 0x0) 2018/01/29 13:39:52 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getrusage(0x0, &(0x7f0000f07000)={{0x0, 0x0}, {0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ppoll(&(0x7f00004de000-0x20)=[{r0, 0x0, 0x0}], 0x2000000000000359, &(0x7f00003ae000)={0x0, 0x0}, &(0x7f0000960000-0x8)={0x0}, 0x8) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000006000-0x2c)=[@acquire_done={0x40486311, 0x0, 0x0}], 0x0, 0x0, &(0x7f0000002000)=""}) [ 32.036045] audit: type=1400 audit(1517233192.176:9): avc: denied { set_context_mgr } for pid=5060 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 32.096132] audit: type=1400 audit(1517233192.236:10): avc: denied { call } for pid=5060 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 32.130938] binder: BINDER_SET_CONTEXT_MGR already set [ 32.130952] binder: 5060:5065 ioctl 40046207 0 returned -16 [ 32.132430] binder_alloc: 5060: binder_alloc_buf, no vma [ 32.132453] binder: 5060:5103 transaction failed 29189/-3, size 0-0 line 3127 [ 32.186873] binder_alloc: 5060: binder_alloc_buf, no vma [ 32.198148] binder: 5060:5081 transaction failed 29189/-3, size 0-0 line 3127 [ 32.211415] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.218383] binder: undelivered TRANSACTION_ERROR: 29189 [ 32.228669] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 32.249039] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 2018/01/29 13:39:52 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000)=0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000c7b000-0xa)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000002000-0x4)=0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x63, &(0x7f0000002000-0x1e)=""/30, &(0x7f0000000000)=0x1e) 2018/01/29 13:39:52 executing program 3: sync() mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x0, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000000000)=0x0, &(0x7f000060c000-0x4)=0x0, &(0x7f0000000000)=0x0) 2018/01/29 13:39:52 executing program 6: fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f000022e000-0x8)='./file0\x00') 2018/01/29 13:39:52 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x32, 0xffffffffffffffff, 0x0) capset(&(0x7f0000618000-0x8)={0x0, 0x0}, &(0x7f0000c2e000-0x18)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2018/01/29 13:39:52 executing program 5: r0 = epoll_create(0x7) fadvise64(r0, 0x0, 0x0, 0x3) 2018/01/29 13:39:52 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) timer_create(0x3, &(0x7f0000044000)={0x0, 0x12, 0x0, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f000046c000-0x4)=0x0) clock_getres(0x0, &(0x7f00009d8000)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000c49000)={{0x0, r0}, {0x0, r0}}, &(0x7f0000040000)={{0x0, 0x0}, {0x0, 0x0}}) 2018/01/29 13:39:52 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x0, 0xffffffffffffffff, 0x0) fdatasync(0xffffffffffffffff) 2018/01/29 13:39:52 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000dbe000)={0x0, 0x4, 0x0}, &(0x7f000080f000)=0xc) setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f0000f6e000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000e1b000)={0xa, 0xffffffffffffffff, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x37) dup3(r0, r1, 0x0) fsync(0xffffffffffffffff) 2018/01/29 13:39:52 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000f9b000-0x8)=0x2) [ 32.300247] audit: type=1400 audit(1517233192.446:11): avc: denied { setgid } for pid=5142 comm="syz-executor2" capability=6 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/29 13:39:52 executing program 6: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000683000-0x4)=0x0) sync() 2018/01/29 13:39:52 executing program 4: clone(0x0, &(0x7f0000a46000-0x1000)="", &(0x7f000087d000-0x4)=0x0, &(0x7f0000001000-0x4)=0x0, &(0x7f0000001000-0xe4)="") sync() 2018/01/29 13:39:52 executing program 1: llistxattr(&(0x7f0000c9c000-0x8)='./file0\x00', &(0x7f0000f15000-0x14)=""/20, 0x14) 2018/01/29 13:39:52 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) ioprio_get$pid(0x3, r0) 2018/01/29 13:39:52 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) 2018/01/29 13:39:52 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet(0x2, 0x80a, 0x5, &(0x7f000015c000)={0x0, 0x0}) 2018/01/29 13:39:52 executing program 3: tee(0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x0) 2018/01/29 13:39:52 executing program 0: r0 = syz_fuseblk_mount(&(0x7f0000ac5000-0x8)='./file0\x00', &(0x7f00004a9000-0x8)='./file0\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) setns(r0, 0x0) 2018/01/29 13:39:52 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xe, &(0x7f0000d9b000-0x4)=0x0, 0x4) 2018/01/29 13:39:52 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000839000)={@local={[0xaa, 0xaa, 0xaa, 0xaa], 0x0, 0xaa}, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [], {@ipv4={0x800, {{0x8, 0x4, 0x0, 0x0, 0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x6c, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, {[@lsrr={0x83, 0x7, 0x8, [@remote={0xac, 0x14, 0x0, 0xbb}]}, @ssrr={0x89, 0x3, 0x0, []}]}}, @icmp=@time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @multicast2=0xe0000002, @multicast2=0xe0000002, {[]}}, ""}}}}}, &(0x7f0000ab4000)={0x0, 0x0, []}) 2018/01/29 13:39:52 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f00009aa000-0x88)="", 0x0, 0x20008045, &(0x7f00000b0000)={0x2, 0xffffffffffffffff, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/29 13:39:52 executing program 1: getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000265000-0x8)=0x0, &(0x7f0000c3b000)=0x8) fchownat(0xffffffffffffffff, &(0x7f00005f0000)='./file0\x00', 0x0, 0x0, 0x0) 2018/01/29 13:39:52 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) dup(0xffffffffffffff9c) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x0, 0x300) syz_emit_ethernet(0x2a, &(0x7f00002f3000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x0}, @dev={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0x0}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, @empty=0x0, {[]}}, @igmp={0x0, 0x0, 0x0, @multicast2=0xe0000002, ""}}}}}, 0x0) 2018/01/29 13:39:52 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f00008c5000-0x9)='/dev/ppp\x00', 0x8840, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000f61000-0x18)={0x0, 0xd51e, 0x0, 0x3, 0x6}, &(0x7f00006e5000)=0x18) r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000b14000)="29000000140007b7ffffffffff08e0eb01001000e0a40e07fff00fd5fb25ffffff0100002a00f3ff09", 0x29) 2018/01/29 13:39:52 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sync() 2018/01/29 13:39:52 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000c71000-0xe8)={{{@in6=@remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, @in=@dev={0x0, 0x0, 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in6=@local={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0}, 0x0, @in6=@dev={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f000059c000-0x4)=0xe8) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000da6000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0xffffffffffffffec, &(0x7f000056e000)={0x0, 0x0}) dup2(0xffffffffffffffff, 0xffffffffffffffff) 2018/01/29 13:39:52 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00002b6000-0x78)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r0 = socket$unix(0x1, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000671000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f000018c000/0x800000)=nil, 0x800000, 0x4) recvmsg(r2, &(0x7f0000132000-0x38)={&(0x7f0000380000)=@in6={0x0, 0xffffffffffffffff, 0x0, @remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0x0}, 0x1c, &(0x7f0000299000-0x20)=[], 0x0, &(0x7f00007ac000-0x1000)=""/428, 0x1ac, 0x0}, 0x0) sendmsg$unix(r1, &(0x7f0000001000-0x38)={&(0x7f0000239000-0x8)=@abs={0x0, 0x0, 0xffffffffffffffff}, 0x8, &(0x7f0000008000)=[], 0x0, &(0x7f0000001000-0x10)=[@rights={0x200, 0x1, 0x1, [r0]}], 0x1, 0x0}, 0x0) [ 32.474762] syz-executor7 uses obsolete (PF_INET,SOCK_PACKET) [ 32.484235] sock: process `syz-executor4' is using obsolete setsockopt SO_BSDCOMPAT 2018/01/29 13:39:52 executing program 1: setxattr(&(0x7f0000001000-0x8)='./file0\x00', &(0x7f0000001000)=@known='system.advise\x00', &(0x7f0000001000-0xf)='],..wlan1nodev\x00', 0xf, 0x0) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001000-0x5a)=""/90, &(0x7f0000000000)=0x5a) 2018/01/29 13:39:52 executing program 2: mmap(&(0x7f0000000000/0x11000)=nil, 0x11000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000005000-0x38)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000d000)="2f0000001d000300000000000000000002dd00d802000000000000c9080001000000737e0beeffff005867855e7fa5", 0x2f}], 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/29 13:39:52 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000bba000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp(0x1, 0x0, &(0x7f000094e000-0x10)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffffff}]}) 2018/01/29 13:39:52 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f00006f1000)=[{&(0x7f0000d25000)=""/136, 0x88}], 0x1) [ 32.500327] audit: type=1400 audit(1517233192.646:12): avc: denied { net_raw } for pid=5200 comm="syz-executor2" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/29 13:39:52 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f00005cb000-0xb)='/dev/loop#\x00', 0x2, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000dc6000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000000001bf3ffffff000065000000edff00007db0e6330ee7f9b319d8000018e58d1c43473000e05026fb0000008001d1a7335d5bffff0001d7", "cea40005003500f7ff0002ff000000000000000000810000dc01867dfffe0200", [0x0, 0x0], 0x0}) 2018/01/29 13:39:52 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000257000-0x8)='./file0\x00', 0x80053, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) 2018/01/29 13:39:52 executing program 3: perf_event_open(&(0x7f0000940000)={0x0, 0x78, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(&(0x7f0000bed000-0x8)='./file0\x00', &(0x7f0000286000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2018/01/29 13:39:52 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000acb000-0x23)="c417", 0x0) write(r0, &(0x7f0000ee9000)='[', 0x1) sendfile(r0, r0, &(0x7f0000001000)=0x0, 0x8000) fallocate(r0, 0x0, 0x0, 0x5) fsetxattr(r0, &(0x7f00001c8000-0x8)=@random={'btrfs.', "c417"}, &(0x7f0000a78000-0x9)='cgrouplo\x00', 0x9, 0x0) 2018/01/29 13:39:52 executing program 1: rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000f64000)={0x0, 0x0, 0x0, 0x0}) 2018/01/29 13:39:52 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000a9e000-0xd)='/dev/net/tun\x00', 0x0, 0x6) write$tun(r0, &(0x7f000065d000)=@hdr={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @empty=0x0, @broadcast=0xffffffff, {[]}}, @tcp={{0xffffffffffffffff, 0xffffffffffffffff, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, {[]}}, {""}}}}, 0x32) 2018/01/29 13:39:52 executing program 5: perf_event_open(&(0x7f0000940000)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000e03000-0x8)='./file0\x00') 2018/01/29 13:39:52 executing program 2: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000006000)=0x0) setpriority(0x0, r0, 0x0) 2018/01/29 13:39:52 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f00001a8000)={0xa, 0xffffffffffffffff, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) 2018/01/29 13:39:52 executing program 2: 2018/01/29 13:39:52 executing program 2: [ 32.658318] ================================================================== [ 32.665737] BUG: KASAN: double-free or invalid-free in relay_open+0x603/0x860 [ 32.667904] audit: type=1400 audit(1517233192.816:13): avc: denied { dac_override } for pid=5232 comm="syz-executor4" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 32.697450] [ 32.699067] CPU: 0 PID: 5244 Comm: syz-executor6 Not tainted 4.9.78-g68d447c #23 [ 32.706581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.715925] ffff8801bc57f8b8 ffffffff81d943a9 ffffea0007287a00 ffff8801ca1e8f00 [ 32.723970] ffff8801da001280 ffffffff8137d7c3 0000000000000282 ffff8801bc57f8f0 [ 32.731985] ffffffff8153dc23 ffff8801ca1e8f00 ffffffff8137d7c3 ffff8801da001280 [ 32.739957] Call Trace: [ 32.742516] [] dump_stack+0xc1/0x128 [ 32.747854] [] ? relay_open+0x603/0x860 [ 32.753450] [] print_address_description+0x73/0x280 [ 32.760086] [] ? relay_open+0x603/0x860 [ 32.765682] [] ? relay_open+0x603/0x860 [ 32.771288] [] kasan_report_double_free+0x64/0xa0 [ 32.777754] [] kasan_slab_free+0xa4/0xc0 [ 32.783447] [] kfree+0x103/0x300 [ 32.788439] [] relay_open+0x603/0x860 [ 32.793892] [] do_blk_trace_setup+0x3e9/0x950 [ 32.800010] [] blk_trace_setup+0xe0/0x1a0 [ 32.805780] [] ? do_blk_trace_setup+0x950/0x950 [ 32.812071] [] ? disk_name+0x98/0x100 [ 32.817499] [] blk_trace_ioctl+0x1de/0x300 [ 32.823361] [] ? compat_blk_trace_setup+0x250/0x250 [ 32.830015] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 32.836657] [] ? get_futex_key+0x1050/0x1050 [ 32.842701] [] ? putname+0xee/0x130 [ 32.847961] [] blkdev_ioctl+0xb00/0x1a60 [ 32.853645] [] ? blkpg_ioctl+0x930/0x930 [ 32.859338] [] ? __lock_acquire+0x629/0x3640 [ 32.865369] [] ? do_futex+0x3f8/0x15c0 [ 32.870984] [] ? debug_check_no_obj_freed+0x154/0xa10 [ 32.877799] [] block_ioctl+0xde/0x120 [ 32.883223] [] ? blkdev_fallocate+0x440/0x440 [ 32.889341] [] do_vfs_ioctl+0x1aa/0x1140 [ 32.895025] [] ? ioctl_preallocate+0x220/0x220 [ 32.901231] [] ? selinux_file_ioctl+0x355/0x530 [ 32.907524] [] ? selinux_capable+0x40/0x40 [ 32.913400] [] ? __fget+0x201/0x3a0 [ 32.918655] [] ? __fget+0x228/0x3a0 [ 32.923903] [] ? __fget+0x47/0x3a0 [ 32.929071] [] ? security_file_ioctl+0x89/0xb0 [ 32.935286] [] SyS_ioctl+0x8f/0xc0 [ 32.940456] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 32.947006] [ 32.948603] Allocated by task 5244: [ 32.952206] save_stack_trace+0x16/0x20 [ 32.956587] save_stack+0x43/0xd0 [ 32.960020] kasan_kmalloc+0xad/0xe0 [ 32.963719] kmem_cache_alloc_trace+0xfb/0x2a0 [ 32.968291] relay_open+0x91/0x860 [ 32.971806] do_blk_trace_setup+0x3e9/0x950 [ 32.976101] blk_trace_setup+0xe0/0x1a0 [ 32.980048] blk_trace_ioctl+0x1de/0x300 [ 32.984080] blkdev_ioctl+0xb00/0x1a60 [ 32.987940] block_ioctl+0xde/0x120 [ 32.991543] do_vfs_ioctl+0x1aa/0x1140 [ 32.995398] SyS_ioctl+0x8f/0xc0 [ 32.998735] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 33.003457] [ 33.005056] Freed by task 5244: [ 33.008308] save_stack_trace+0x16/0x20 [ 33.012254] save_stack+0x43/0xd0 [ 33.015676] kasan_slab_free+0x72/0xc0 [ 33.019535] kfree+0x103/0x300 [ 33.022700] relay_destroy_channel+0x16/0x20 [ 33.027093] relay_open+0x5ea/0x860 [ 33.030701] do_blk_trace_setup+0x3e9/0x950 [ 33.034994] blk_trace_setup+0xe0/0x1a0 [ 33.038943] blk_trace_ioctl+0x1de/0x300 [ 33.044365] blkdev_ioctl+0xb00/0x1a60 [ 33.048236] block_ioctl+0xde/0x120 [ 33.051834] do_vfs_ioctl+0x1aa/0x1140 [ 33.055692] SyS_ioctl+0x8f/0xc0 [ 33.059034] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 33.063758] [ 33.065377] The buggy address belongs to the object at ffff8801ca1e8f00 [ 33.065377] which belongs to the cache kmalloc-512 of size 512 [ 33.078007] The buggy address is located 0 bytes inside of [ 33.078007] 512-byte region [ffff8801ca1e8f00, ffff8801ca1e9100) [ 33.089683] The buggy address belongs to the page: [ 33.094592] page:ffffea0007287a00 count:1 mapcount:0 mapping: (null) index:0xffff8801ca1e8280 compound_mapcount: 0 [ 33.106073] flags: 0x8000000000004080(slab|head) [ 33.110813] page dumped because: kasan: bad access detected [ 33.116491] [ 33.118091] Memory state around the buggy address: [ 33.122993] ffff8801ca1e8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.130325] ffff8801ca1e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.137664] >ffff8801ca1e8f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.145002] ^ [ 33.148352] ffff8801ca1e8f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 2018/01/29 13:39:53 executing program 3: 2018/01/29 13:39:53 executing program 4: [ 33.155691] ffff8801ca1e9000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.163108] ================================================================== [ 33.170443] Disabling lock debugging due to kernel taint [ 33.182256] Kernel panic - not syncing: panic_on_warn set ... [ 33.182256] [ 33.189651] CPU: 0 PID: 5244 Comm: syz-executor6 Tainted: G B 4.9.78-g68d447c #23 [ 33.198385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.207717] ffff8801bc57f810 ffffffff81d943a9 ffffffff841971bf ffff8801bc57f8e8 [ 33.215705] ffff8801da001200 ffffffff8137d7c3 0000000000000282 ffff8801bc57f8d8 [ 33.223687] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 33.231673] Call Trace: [ 33.234236] [] dump_stack+0xc1/0x128 [ 33.239585] [] ? relay_open+0x603/0x860 [ 33.245183] [] panic+0x1bc/0x3a8 [ 33.250176] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 33.258389] [] ? preempt_schedule+0x25/0x30 [ 33.264335] [] ? ___preempt_schedule+0x16/0x18 [ 33.270550] [] ? relay_open+0x603/0x860 [ 33.276145] [] ? relay_open+0x603/0x860 [ 33.281750] [] kasan_end_report+0x50/0x50 [ 33.287527] [] kasan_report_double_free+0x81/0xa0 [ 33.293995] [] kasan_slab_free+0xa4/0xc0 [ 33.299687] [] kfree+0x103/0x300 [ 33.304678] [] relay_open+0x603/0x860 [ 33.310115] [] do_blk_trace_setup+0x3e9/0x950 [ 33.316237] [] blk_trace_setup+0xe0/0x1a0 [ 33.322012] [] ? do_blk_trace_setup+0x950/0x950 [ 33.328309] [] ? disk_name+0x98/0x100 [ 33.333732] [] blk_trace_ioctl+0x1de/0x300 [ 33.339589] [] ? compat_blk_trace_setup+0x250/0x250 [ 33.346236] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 33.352878] [] ? get_futex_key+0x1050/0x1050 [ 33.358908] [] ? putname+0xee/0x130 [ 33.364159] [] blkdev_ioctl+0xb00/0x1a60 [ 33.369846] [] ? blkpg_ioctl+0x930/0x930 [ 33.375552] [] ? __lock_acquire+0x629/0x3640 [ 33.381586] [] ? do_futex+0x3f8/0x15c0 [ 33.387108] [] ? debug_check_no_obj_freed+0x154/0xa10 [ 33.393936] [] block_ioctl+0xde/0x120 [ 33.399376] [] ? blkdev_fallocate+0x440/0x440 [ 33.405497] [] do_vfs_ioctl+0x1aa/0x1140 [ 33.411183] [] ? ioctl_preallocate+0x220/0x220 [ 33.417394] [] ? selinux_file_ioctl+0x355/0x530 [ 33.423688] [] ? selinux_capable+0x40/0x40 [ 33.429547] [] ? __fget+0x201/0x3a0 [ 33.434799] [] ? __fget+0x228/0x3a0 [ 33.440057] [] ? __fget+0x47/0x3a0 [ 33.445225] [] ? security_file_ioctl+0x89/0xb0 [ 33.451449] [] SyS_ioctl+0x8f/0xc0 [ 33.456631] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 33.463706] Dumping ftrace buffer: [ 33.467220] (ftrace buffer empty) [ 33.470907] Kernel Offset: disabled [ 33.474579] Rebooting in 86400 seconds..