[....] Starting enhanced syslogd: rsyslogd[ 10.901299] audit: type=1400 audit(1517060926.864:4): avc: denied { syslog } for pid=3190 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.219' (ECDSA) to the list of known hosts. 2018/01/27 13:48:54 fuzzer started 2018/01/27 13:48:54 dialing manager at 10.128.0.26:33003 syzkaller login: [ 19.731809] random: crng init done 2018/01/27 13:48:58 kcov=true, comps=false 2018/01/27 13:48:59 executing program 0: r0 = timerfd_create(0x1, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x5473, &(0x7f0000001000-0x8)=0xffffffffffff8000) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000001000)='/selinux/mls\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000001000-0x4)=0x0, &(0x7f0000002000-0x4)=0x4) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) recvmmsg(r1, &(0x7f0000003000-0x1a4)=[{{&(0x7f0000002000)=@ethernet={0x0, @remote={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10, &(0x7f0000001000)=[{&(0x7f0000002000)=""/226, 0xe2}, {&(0x7f0000002000-0x4c)=""/76, 0x4c}, {&(0x7f0000002000-0x44)=""/68, 0x44}, {&(0x7f0000001000-0x61)=""/97, 0x61}, {&(0x7f0000003000-0x8a)=""/138, 0x8a}, {&(0x7f0000000000+0x80e)=""/245, 0xf5}], 0x6, &(0x7f0000000000)=""/218, 0xda, 0x4}, 0x0}, {{&(0x7f0000002000-0x9)=@rc={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0}, 0x9, &(0x7f0000002000-0x80)=[{&(0x7f0000002000)=""/151, 0x97}, {&(0x7f0000003000-0x40)=""/64, 0x40}, {&(0x7f0000001000)=""/67, 0x43}, {&(0x7f0000002000)=""/69, 0x45}, {&(0x7f0000002000-0x65)=""/101, 0x65}, {&(0x7f0000003000-0x61)=""/97, 0x61}, {&(0x7f0000001000-0x77)=""/119, 0x77}, {&(0x7f0000001000-0x34)=""/52, 0x34}], 0x8, &(0x7f0000000000)=""/7, 0x7, 0x20}, 0x20}, {{&(0x7f0000001000)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, 0x14, &(0x7f0000000000)=[{&(0x7f0000002000-0xfb)=""/251, 0xfb}, {&(0x7f0000001000)=""/50, 0x32}, {&(0x7f0000001000)=""/19, 0x13}, {&(0x7f0000002000-0x82)=""/130, 0x82}], 0x4, &(0x7f0000002000-0x30)=""/48, 0x30, 0x0}, 0x10001}, {{&(0x7f0000002000-0x20)=@pptp={0x0, 0x0, {0x0, @local={0x0, 0x0, 0xffffffffffffffff, 0x0}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x20, &(0x7f0000002000)=[{&(0x7f0000003000-0x12)=""/18, 0x12}, {&(0x7f0000002000)=""/4096, 0x1000}, {&(0x7f0000003000-0xc0)=""/192, 0xc0}, {&(0x7f0000002000)=""/129, 0x81}], 0x4, &(0x7f0000001000)=""/209, 0xd1, 0x20}, 0x0}, {{&(0x7f0000001000-0x1c)=@in6={0x0, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x0}, 0x0}, 0x1c, &(0x7f0000003000-0x10)=[{&(0x7f0000001000-0xcf)=""/207, 0xcf}], 0x1, 0x0, 0x0, 0x0}, 0x9}, {{&(0x7f0000003000-0x14)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0]}, 0x14, &(0x7f0000003000-0x30)=[{&(0x7f0000000000)=""/195, 0xc3}, {&(0x7f0000000000)=""/246, 0xf6}, {&(0x7f0000001000-0xe7)=""/231, 0xe7}], 0x3, &(0x7f0000001000-0xf6)=""/246, 0xf6, 0x4d}, 0x4}, {{&(0x7f0000000000)=@can={0x0, 0x0, 0x0, 0x0}, 0x10, &(0x7f0000000000)=[{&(0x7f0000002000)=""/88, 0x58}, {&(0x7f0000001000-0xb1)=""/177, 0xb1}, {&(0x7f0000002000)=""/29, 0x1d}, {&(0x7f0000002000)=""/145, 0x91}, {&(0x7f0000002000)=""/218, 0xda}, {&(0x7f0000002000-0x47)=""/71, 0x47}], 0x6, &(0x7f0000002000-0x9c)=""/156, 0x9c, 0x1}, 0x566b70d}], 0x7, 0x10000, &(0x7f0000003000-0x10)={0x0, 0x0}) 2018/01/27 13:48:59 executing program 7: r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000a90000)=0x0, &(0x7f0000045000-0x4)=0x4) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x204400) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000001000)=@get={0x1, &(0x7f0000002000-0x55)=""/85, 0x7}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000002000)={0xfffffffffffffff9, {0x2, 0x1, @dev={0xac, 0x14, 0x0, 0xb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x2, 0x3, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x8, 0x40, 0x9, 0x9, 0x100000001, &(0x7f0000002000)=@generic="1f17541a1d4571ca25e6e3b41dc572a2", 0x8, 0xfffffffffffffffe, 0xfff}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000003000)={0x3, 0x40, "e0ace9e2556b25449866b532dc8264963e2fd648d30f28f056af8fb3efcbf31e08e0cf0ba177dc24a80bd40db6afe5b6cb79821ac371fb15eaa4206290de1bdb"}) ioctl$TCSETA(r0, 0x5406, &(0x7f0000001000-0x14)={0x9d3, 0x4, 0x100000000, 0x2000000000, 0x3ff, 0x84, 0xfe, 0x3, 0x7ff, 0x3}) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x10001) r2 = gettid() mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$TIOCSPGRP(r1, 0x5410, &(0x7f0000004000)=r2) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000005000)=r1) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000007000-0x4)=0x0, &(0x7f0000005000-0x4)=0x0, &(0x7f0000006000)=0x0) quotactl(0xb3c, &(0x7f0000004000)='./file0\x00', r3, &(0x7f0000002000)="afa01266b36232830a5b393868e1cf6132909c01c91174060b7cdd1a60d4f650bd4d5004fbe0ec94235eed7479c56c98775ab25fd79044083a812bbcfe293daf56cd8b442513e7d447f44549b153ed4b5b0ffef0c1f8a59286645ff70145d69efb69116e6c79d09ee2e69c3e673638ef") mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000007000)={0x3, 0x1, 0x3b0000, 0x3}, 0x10) socket$inet(0x2, 0x5, 0x0) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000009000-0x14)={0x8, [0xfffffffffffffff9, 0x0, 0x7fffffff, 0x80000000, 0x5, 0x0, 0x9, 0x0]}, 0x14) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000009000)={0x0, 0x0, 0x0, 0x0}, &(0x7f0000008000-0x4)=0x8) 2018/01/27 13:48:59 executing program 1: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000001000-0x8)='./file0\x00', 0x90) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) rename(&(0x7f0000001000-0x8)='./file0\x00', &(0x7f0000001000)='./file0\x00') ioctl$TUNSETNOCSUM(r0, 0x400454c8, &(0x7f0000002000-0x4)=0xffff) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) times(&(0x7f0000003000-0x20)={0x0, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000001000-0x58)={{0x2, 0x2}, 0x0, 0xcf5, 0x2000000000, {0x800, 0x9}, 0x6, 0xe5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = geteuid() r2 = getegid() chown(&(0x7f0000004000-0x8)='./file0\x00', r1, r2) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000004000)='./file0\x00', 0x200000, 0x10) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) faccessat(r0, &(0x7f0000006000-0x8)='./file0\x00', 0x40, 0x1400) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) timer_create(0x2, &(0x7f0000006000)={0x0, 0x2b, 0x2, @tid=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000007000-0x4)=0x0) timer_delete(r4) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000002000-0x8)={0x0, 0x7}, &(0x7f0000007000)=0x8) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000005000)={r5, 0x44, "941287d016ce9336f06dd661ec53c5b680b8ea7c13e6d6a9bfa2396b800f44bfaa331cce18ecb122ef0262fbb33c1c974d13074aea932f9b532e1aa62b1b095bef403cd8"}, &(0x7f0000002000)=0x4c) setregid(r2, r2) ioprio_get$uid(0x3, r1) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet6_dccp_int(r3, 0x21, 0x10, &(0x7f0000003000)=0x0, &(0x7f0000008000)=0x4) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000008000-0x50)={@common='bridge0\x00', @ifru_names=@common='nr0\x00'}) fstat(r3, &(0x7f0000008000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bind$ipx(r0, &(0x7f0000009000)={0x4, 0x1, 0x9, "a4e60aff0392", 0x9fd9, 0x0}, 0x10) 2018/01/27 13:48:59 executing program 2: pipe(&(0x7f00009ca000)={0x0, 0x0}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f000061b000)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000001000-0x168)=[{{&(0x7f0000a75000-0x8)=@sco={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x8, &(0x7f0000000000)=[{&(0x7f000035c000-0xf0)=""/240, 0xf0}, {&(0x7f000016c000)=""/178, 0xb2}, {&(0x7f00002e8000)=""/119, 0x77}, {&(0x7f0000793000)=""/4096, 0x1000}, {&(0x7f0000dea000-0xc)=""/12, 0xc}], 0x5, &(0x7f0000ac7000-0x87)=""/135, 0x87, 0x0}, 0x3}, {{&(0x7f0000ccb000)=@sco={0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x8, &(0x7f0000053000-0x20)=[{&(0x7f0000000000)=""/64, 0x40}, {&(0x7f0000e8f000)=""/209, 0xd1}], 0x2, &(0x7f0000001000-0xee)=""/238, 0xee, 0xffffffff80000001}, 0x5}, {{&(0x7f0000001000-0x10)=@can={0x0, 0x0, 0x0, 0x0}, 0x10, &(0x7f00002ff000-0x10)=[{&(0x7f000094d000)=""/123, 0x7b}], 0x1, 0x0, 0x0, 0x4}, 0x20}, {{&(0x7f000016b000-0x10)=@in={0x0, 0xffffffffffffffff, @multicast1=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10, &(0x7f0000000000)=[{&(0x7f000075d000)=""/28, 0x1c}, {&(0x7f0000001000-0xb2)=""/178, 0xb2}, {&(0x7f0000000000)=""/46, 0x2e}, {&(0x7f0000bb5000-0xdc)=""/220, 0xdc}, {&(0x7f0000001000-0xc5)=""/197, 0xc5}, {&(0x7f0000000000)=""/125, 0x7d}], 0x6, &(0x7f0000001000-0x76)=""/118, 0x76, 0xffff}, 0x3}, {{&(0x7f0000cbb000)=@alg={0x0, ""/14, 0x0, 0x0, ""/64}, 0x58, &(0x7f0000404000)=[{&(0x7f000025b000-0xac)=""/172, 0xac}, {&(0x7f0000000000)=""/77, 0x4d}], 0x2, 0x0, 0x0, 0x0}, 0x100000001}, {{&(0x7f0000001000-0x10)=@in={0x0, 0xffffffffffffffff, @rand_addr=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000000)=""/176, 0xb0}, {&(0x7f0000a88000-0xaf)=""/175, 0xaf}, {&(0x7f0000000000)=""/181, 0xb5}, {&(0x7f0000000000)=""/225, 0xe1}, {&(0x7f0000d40000-0xf4)=""/244, 0xf4}], 0x5, &(0x7f0000000000)=""/4096, 0x1000, 0x0}, 0x7}], 0x6, 0x10000, &(0x7f0000853000)={r2, r3+30000000}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000f55000-0x50)={@empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @multicast2=0xe0000002}, @loopback={0x0, 0x1}, 0x3, 0x200, 0x80, 0x100, 0x8, 0x900140, r4}) ioctl$void(r1, 0xc0045c79) r5 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000001000-0x10)='/selinux/access\x00', 0x2, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet6_dccp_buf(r5, 0x21, 0x0, &(0x7f0000000000)=""/245, &(0x7f0000001000)=0xf5) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000002000-0x28)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f0000002000-0x24)=@ethtool_channels={0x3c, 0x1, 0x4, 0x8000, 0x2, 0x1f, 0x3, 0xdc9, 0xfffffffffffffff7}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000001000)={0x0, 0x9}, &(0x7f0000003000-0x4)=0x8) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000003000-0xc)={r6, 0x2, 0x0}, 0xc) 2018/01/27 13:48:59 executing program 3: pipe2(&(0x7f0000416000-0x8)={0x0, 0x0}, 0x80000) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000001000-0x8)={0x0, 0xd9}, &(0x7f0000ff0000-0x4)=0x8) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000588000-0x8c)={r2, @in={{0x2, 0x1, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, &(0x7f0000000000)=0x8c) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000001000-0xcc)={r2, 0xc4, "0a6e271e22930be14ae014a6253280f229537cf6173344eb215f4da2a0c719979f8fc4f8248cf4d57ef60d256a161b09f8853fddf670e82fdf3de114ad7ac6cdfe9d1401e576371d998b76b0550d3127dbc86ddc504450437b2d38be12c08bb17ed784acc7a37bd2475b706457a7603adb562e136c2608f5f27bfbc1042a08fc8818492ce36ad953c482b01be7cd0b084b259ea6f7ef31b317167f4b9004a22c726075b9d757a9d40d94995dcfcb5e0b08d3b54edfbf32122e3afec6be190733b7726556"}, &(0x7f0000001000)=0xcc) fallocate(r0, 0x1, 0xff, 0x8000) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000)=0x8, 0x4) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000003000-0xb)={0xfffffffffffffff8, 0x1, 0x9, 0x42, 0x8000, 0x100000001, 0x7, 0xdc1, 0x7fff, 0x8, 0x0}, 0xb) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000003000)={@common='gre0\x00', @ifru_data=&(0x7f0000003000)="48e904bdce8d59648a3e9da63735b86e650808b3197ab74082294acd1a769035"}) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000005000-0x50)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, @ifru_mtu=0x9}) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000006000-0x14)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000006000-0x4)=0x14) iopl(0xfffffffffffffffa) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000007000-0xc)={0x0, 0x80000, r0}) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000003000)={0x0, 0x0, 0x2}) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000007000-0x8)={r3, r4}) r5 = getpid() mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fcntl$setownex(r1, 0xf, &(0x7f0000007000)={0x2, r5}) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) accept$ax25(r0, &(0x7f0000008000)={0x0, {""/7}, 0x0}, &(0x7f0000009000-0x4)=0x10) 2018/01/27 13:48:59 executing program 4: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/rtc\x00', 0x480002, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000000)=0x5, 0x4) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000001000)=0x0, 0x4) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000002000)='/dev/sg#\x00', 0x9, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000004000-0xe8)={{{@in=@dev={0x0, 0x0, 0xffffffffffffffff, 0x0}, @in6=@dev={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, {{@in6=@mcast1={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0xffffffffffffffff, 0x0}, 0x0, @in6=@remote={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, &(0x7f0000003000)=0xe8) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000001000-0x4)=0x0, &(0x7f0000002000)=0x0, &(0x7f0000003000)=0x0) setresuid(r2, r3, r4) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000001000-0x10)={&(0x7f0000001000/0x2000)=nil, 0x2000}) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fstat(r1, &(0x7f0000004000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getxattr(&(0x7f0000005000)='./file0\x00', &(0x7f0000006000-0x14)=@known='security.capability\x00', &(0x7f0000001000-0xbd)=""/189, 0xbd) connect$l2tp(r1, &(0x7f0000001000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x4, 0x3, 0x0}}, 0x26) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000005000-0x10)={&(0x7f0000000000/0x2000)=nil, 0x2000}) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000007000-0x4)=0x0, &(0x7f0000007000-0x4)=0x4) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_ipx_SIOCIPXCFGDATA(r1, 0x89e2, &(0x7f0000008000-0x4)={0x0, 0x0}) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000008000)=0x0) 2018/01/27 13:48:59 executing program 5: r0 = add_key$user(&(0x7f0000168000+0xf4b)='user\x00', &(0x7f0000898000-0x5)={0x73, 0x79, 0x7a, 0x2, 0x0}, &(0x7f0000450000-0x89)="c620cea612f843d66f156a826d741b1831c72a31c64cac08d3bc4753de6eb21e5d5bd7871d174e84fd118c5fe57d61c90f6ad78726e173cc61e7fd787915e34b0d6675f63704f8fd286b99ed1488f65f1fcc52d0bbb46ff2e054dcb0c26669ab6643f6e84edea72a8ef017e2cd8b7ebd75e71f7580ffe6c78c982e592d050e6a48dc756ae15b8d9d36", 0x89, 0xfffffffffffffffc) keyctl$assume_authority(0x10, r0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) r2 = getpgid(0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sched_getattr(r2, &(0x7f0000001000-0x30)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x30, 0x8c94c2d863940ac7) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000001000-0x8)={0x0, 0x800000000000}, &(0x7f0000002000-0x4)=0x8) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000001000)={r3, 0xea, "489a549206f97f2b39df90590f3831bbb0a056f2d4f94b61f3a23cd916009af0b7a381c6b6b5dd9e4350b39898961176117da9cfb01ac987c0f836ab71eb8b6a480d539f5325df10c218de8c58abd96307f02948e488c789421b5f0bf546de0b63c4e2427541b6a0cde8e54407c3ca4bb532ad1ce41c7f3c36248b9e417f2e333a5e3e8e10ee3319bb1062a4645c4e6c5b535aee53a400ea908faed49b65ac936b9a9ffb6b6f260b4dff2e6889c1b5e58eaaee1f6117021871c52091bc2bac159f5550189e32338842d63bd4bd3752e21c93f2f83bfe08916bb2d3230be2edee0733f35afa5b17e2fde7"}, &(0x7f0000002000-0x4)=0xf2) ptrace$getsig(0x4202, r2, 0x2, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) utime(&(0x7f0000003000-0x8)='./file0\x00', &(0x7f0000002000-0x10)={0x9, 0x7}) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000000)={0x3, 0x2, 0xfff, 0x2, 0xa543}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000004000-0x8)=0x0, 0x4) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000005000-0x4)=0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000005000)=@generic=""/16, 0x10) getpgrp(r2) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f0000006000)={0x5a9, 0x7, 0x3}) r4 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000002000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fsetxattr(r1, &(0x7f0000008000-0xb)=@random={'security.', 'I\x00'}, &(0x7f0000004000)='\x00', 0x1, 0x3) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$VT_RESIZE(r4, 0x5609, &(0x7f0000008000)={0x7baa, 0x4, 0x4}) 2018/01/27 13:48:59 executing program 6: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000155000)='/dev/rfkill\x00', 0x40000, 0x0) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f00008ca000)=""/243) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = accept$llc(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, [0x0, 0x0]}, &(0x7f0000000000)=0x10) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendto(r1, &(0x7f0000000000)="1ad36a89be1a2b9c9b8f1e4c6ed2ab4ae9942b4ee33e075423d2eea5fc7c83b10fcd13b13f824148827c3b6940b50374c2ddd2377c1a17437cbd627c46d3a6258d9fd9d5677b4dc9e93f14f20fab2ea109cfaba85322f1a5b9c912b16dba1a35d6778b8c3c70d89528dd38", 0x6b, 0x40001, &(0x7f0000001000)=@l2={0x1f, 0xfffffffffffffffb, {0x4, 0x7ff, 0x80000001, 0x1, 0x457, 0x9}, 0x2, 0x4}, 0xe) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000002000)=[], 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000001000-0x8)={0x0, 0x0}) r3 = syz_open_procfs(r2, &(0x7f0000000000+0xe4a)='attr/fscreate\x00') mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000004000-0x340)={0x5, {{0x2, 0x2, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x1, 0x5, [{{0x2, 0x3, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x2, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x0, @rand_addr=0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x1, @rand_addr=0xb80a, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x1, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, 0x340) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000003000)=0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000002000)=@buf={0x0, 0x0}) ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$packet_int(r3, 0x107, 0x1a, &(0x7f0000004000)=0x0, &(0x7f0000004000)=0x4) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000006000-0x4)=0x4, 0x4) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000003000)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x3, [@broadcast=0xffffffff, @rand_addr=0x7d, @loopback=0x7f000001]}, 0x1c) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000006000)={0x0, 0xfff}, &(0x7f0000007000-0x4)=0x8) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000006000)=@assoc_id=r4, &(0x7f0000007000-0x4)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000001000)='/dev/sequencer\x00', 0x100, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) accept4$inet6(r3, 0x0, &(0x7f0000007000)=0x0, 0x80800) [ 23.431932] audit: type=1400 audit(1517060939.394:5): avc: denied { sys_admin } for pid=3401 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 23.471518] IPVS: Creating netns size=2536 id=1 [ 23.485618] audit: type=1400 audit(1517060939.454:6): avc: denied { net_admin } for pid=3404 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 23.532099] IPVS: Creating netns size=2536 id=2 [ 23.575148] IPVS: Creating netns size=2536 id=3 [ 23.613102] IPVS: Creating netns size=2536 id=4 [ 23.665427] IPVS: Creating netns size=2536 id=5 [ 23.729209] IPVS: Creating netns size=2536 id=6 [ 23.789731] IPVS: Creating netns size=2536 id=7 [ 23.838708] IPVS: Creating netns size=2536 id=8 [ 25.283990] audit: type=1400 audit(1517060941.254:7): avc: denied { sys_chroot } for pid=3406 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.699190] audit: type=1400 audit(1517060941.664:8): avc: denied { setuid } for pid=4476 comm="syz-executor4" capability=7 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/27 13:49:01 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000bfb000)={0x0, 0x0, 0x800000ffc}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000561000)={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r1, &(0x7f0000c96000-0x3)="", 0x62a, 0x8000, &(0x7f000057c000-0x10)={0x2, 0x0, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r1, &(0x7f0000e77000-0x1000)="", 0x0, 0x0, &(0x7f0000bc9000-0x10)={0x2, 0xffffffffffffffff, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/27 13:49:01 executing program 7: 2018/01/27 13:49:01 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000002000)={@generic="6b0b9e0500471f23a9367a03cbadec54", @ifru_settings={0x0, 0xf8, @fr_pvc_info=&(0x7f0000009000)={0x0, @syzn={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}}}}) syz_open_procfs(0x0, &(0x7f0000002000-0x8)='syscall\x00') ioctl$DRM_IOCTL_MARK_BUFS(0xffffffffffffffff, 0x40206417, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x100000004, 0x0, 0x0}) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000018000-0x9)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x4028700f, &(0x7f0000002000-0x4)=0x0) 2018/01/27 13:49:01 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000553000-0xb)='/dev/loop#\x00', 0x3, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000dc6000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000000001bf3ffffff000065000000edff00007db0e6330ee7f9b319d8000018e58d1c43473000e05026fb0000008001d1a7335d5bffff0001d7", "cfa40005000000f7ff0002ff00000000000000ffb83322ab8201867d00", [0x0, 0x0], 0x0}) 2018/01/27 13:49:01 executing program 2: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x3, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000dc6000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000000001bf3ffffff000065000000edff00007db0e6330ee7f9b319d8000018e58d1c43473000e05026fb0000008001d1a7335d5bffff0001d7", "cfa40005000000f7ff0002ff00000000000000ffb83322ab8201867d00", [0x0, 0x0], 0x0}) 2018/01/27 13:49:01 executing program 4: clock_gettime(0x0, &(0x7f0000526000-0x10)={0x0, 0x0}) r2 = dup(0xffffffffffffff9c) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000df5000)=@req3={0xff, 0x8, 0x9, 0x5, 0x80000001, 0x6, 0x6}, 0x1c) futex(&(0x7f000075e000-0x4)=0x0, 0x400000085, 0x0, &(0x7f0000002000)={r0, r1+10000000}, &(0x7f0000f9b000-0x4)=0x0, 0x401ffffffc) fchdir(0xffffffffffffffff) 2018/01/27 13:49:01 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000416000-0x38)={&(0x7f000034c000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f00000db000-0x10)={&(0x7f000002b000-0x24c)=@newsa={0x140, 0x10, 0x203, 0xffffffffffffffff, 0xffffffffffffffff, {{@in=@broadcast=0xffffffff, @in=@multicast1=0xe0000001, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {@in=@loopback=0x7f000001, 0xffffffffffffffff, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0}, [@algo_auth_trunc={0x50, 0x14, {{'md5\x00'}, 0x8, 0x0, "03"}}]}, 0x140}, 0x1, 0x0, 0x0, 0x0}, 0x0) r1 = accept(r0, &(0x7f00002d2000-0x32)=@pppol2tpin6={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0], @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}}, 0x0}}}, &(0x7f00002f3000-0x4)=0x32) getsockopt$sock_buf(r2, 0x1, 0x0, &(0x7f0000c02000-0x8f)=""/143, &(0x7f00002d9000-0x4)=0x8f) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f000002a000-0x4)=0xfffffffffffffff8, 0x4) mremap(&(0x7f0000c65000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000da9000/0x4000)=nil) 2018/01/27 13:49:01 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008ff000-0x10)={&(0x7f0000334000-0x78)={0x2, 0x3, 0x0, 0x9, 0xc, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, [@sadb_x_sa2={0x2, 0x13, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xffffffffffffffff, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0xffffffffffffffff, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/27 13:49:01 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000001000-0x8)='./file0\x00', 0x101) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f00005bf000)={@generic="fdaf1c84e3c5f6f5d7793904a6a64bf1", @ifru_addrs={0x2, 0x2, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}) prctl$intptr(0x1, 0x0) 2018/01/27 13:49:01 executing program 3: mmap(&(0x7f0000000000/0xf7a000)=nil, 0xf7a000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00009eb000-0x19)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f00003e5000)={0x5, 0x1, 0x2, 0x1, 0x7, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = socket(0x10, 0x2, 0xc) mmap(&(0x7f0000f7a000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000f7b000-0x4)=0x0) mmap(&(0x7f0000f7b000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000f7c000-0x1f)="1f0000000105ff00fdde45c80711e4fff205f0f00800018009fd00dcffdf00", 0xfffffffffffffcc6) [ 25.795613] ================================================================== [ 25.802476] audit: type=1400 audit(1517060941.764:9): avc: denied { dac_override } for pid=4495 comm="syz-executor3" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.822231] audit: type=1400 audit(1517060941.764:10): avc: denied { create } for pid=4512 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 25.823214] audit: type=1400 audit(1517060941.764:11): avc: denied { ioctl } for pid=4512 comm="syz-executor3" path="socket:[11923]" dev="sockfs" ino=11923 ioctlcmd=0x5411 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 25.828100] audit: type=1400 audit(1517060941.764:12): avc: denied { net_raw } for pid=4493 comm="syz-executor0" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.904512] BUG: KASAN: double-free or invalid-free in relay_open+0x603/0x860 [ 25.911762] [ 25.913376] CPU: 0 PID: 4497 Comm: syz-executor1 Not tainted 4.9.78-g68d447c #23 [ 25.920886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.930214] ffff8801d01b78b8 ffffffff81d943a9 ffffea000742b800 ffff8801d0ae0500 [ 25.938197] ffff8801da001280 ffffffff8137d7c3 0000000000000282 ffff8801d01b78f0 [ 25.946178] ffffffff8153dc23 ffff8801d0ae0500 ffffffff8137d7c3 ffff8801da001280 [ 25.954159] Call Trace: [ 25.956732] [] dump_stack+0xc1/0x128 [ 25.962073] [] ? relay_open+0x603/0x860 [ 25.967674] [] print_address_description+0x73/0x280 [ 25.974319] [] ? relay_open+0x603/0x860 [ 25.979916] [] ? relay_open+0x603/0x860 [ 25.985513] [] kasan_report_double_free+0x64/0xa0 [ 25.991977] [] kasan_slab_free+0xa4/0xc0 [ 25.997668] [] kfree+0x103/0x300 [ 26.002663] [] relay_open+0x603/0x860 [ 26.008090] [] do_blk_trace_setup+0x3e9/0x950 [ 26.014216] [] blk_trace_setup+0xe0/0x1a0 [ 26.019999] [] ? do_blk_trace_setup+0x950/0x950 [ 26.026293] [] ? disk_name+0x98/0x100 [ 26.031716] [] blk_trace_ioctl+0x1de/0x300 [ 26.037580] [] ? compat_blk_trace_setup+0x250/0x250 [ 26.044229] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 26.050882] [] ? get_futex_key+0x1050/0x1050 [ 26.056917] [] ? putname+0xee/0x130 [ 26.062189] [] blkdev_ioctl+0xb00/0x1a60 [ 26.067896] [] ? blkpg_ioctl+0x930/0x930 [ 26.073599] [] ? __lock_acquire+0x629/0x3640 [ 26.079638] [] ? do_futex+0x3f8/0x15c0 [ 26.085167] [] ? debug_check_no_obj_freed+0x154/0xa10 [ 26.091991] [] block_ioctl+0xde/0x120 [ 26.097415] [] ? blkdev_fallocate+0x440/0x440 [ 26.103540] [] do_vfs_ioctl+0x1aa/0x1140 [ 26.109248] [] ? ioctl_preallocate+0x220/0x220 [ 26.115468] [] ? selinux_file_ioctl+0x355/0x530 [ 26.121764] [] ? selinux_capable+0x40/0x40 [ 26.127625] [] ? __fget+0x201/0x3a0 [ 26.132875] [] ? __fget+0x228/0x3a0 [ 26.138130] [] ? __fget+0x47/0x3a0 [ 26.143311] [] ? security_file_ioctl+0x89/0xb0 [ 26.149519] [] SyS_ioctl+0x8f/0xc0 [ 26.154692] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 26.161248] [ 26.162859] Allocated by task 4497: [ 26.166462] save_stack_trace+0x16/0x20 [ 26.170414] save_stack+0x43/0xd0 [ 26.173841] kasan_kmalloc+0xad/0xe0 [ 26.177527] kmem_cache_alloc_trace+0xfb/0x2a0 [ 26.182082] relay_open+0x91/0x860 [ 26.185598] do_blk_trace_setup+0x3e9/0x950 [ 26.189896] blk_trace_setup+0xe0/0x1a0 [ 26.193844] blk_trace_ioctl+0x1de/0x300 [ 26.197878] blkdev_ioctl+0xb00/0x1a60 [ 26.201739] block_ioctl+0xde/0x120 [ 26.205341] do_vfs_ioctl+0x1aa/0x1140 [ 26.209206] SyS_ioctl+0x8f/0xc0 [ 26.212549] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 26.217273] [ 26.218873] Freed by task 4497: [ 26.222128] save_stack_trace+0x16/0x20 [ 26.226077] save_stack+0x43/0xd0 [ 26.229509] kasan_slab_free+0x72/0xc0 [ 26.233373] kfree+0x103/0x300 [ 26.236554] relay_destroy_channel+0x16/0x20 [ 26.240938] relay_open+0x5ea/0x860 [ 26.244541] do_blk_trace_setup+0x3e9/0x950 [ 26.248834] blk_trace_setup+0xe0/0x1a0 [ 26.252779] blk_trace_ioctl+0x1de/0x300 [ 26.256816] blkdev_ioctl+0xb00/0x1a60 [ 26.260678] block_ioctl+0xde/0x120 [ 26.264281] do_vfs_ioctl+0x1aa/0x1140 [ 26.268137] SyS_ioctl+0x8f/0xc0 [ 26.271476] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 26.276210] [ 26.277821] The buggy address belongs to the object at ffff8801d0ae0500 [ 26.277821] which belongs to the cache kmalloc-512 of size 512 [ 26.290461] The buggy address is located 0 bytes inside of [ 26.290461] 512-byte region [ffff8801d0ae0500, ffff8801d0ae0700) [ 26.302157] The buggy address belongs to the page: [ 26.307070] page:ffffea000742b800 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 26.317246] flags: 0x8000000000004080(slab|head) [ 26.321975] page dumped because: kasan: bad access detected [ 26.327662] [ 26.329262] Memory state around the buggy address: [ 26.334164] ffff8801d0ae0400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.341498] ffff8801d0ae0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.348835] >ffff8801d0ae0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.356181] ^ [ 26.359531] ffff8801d0ae0580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.366863] ffff8801d0ae0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.374190] ================================================================== [ 26.381516] Disabling lock debugging due to kernel taint [ 26.387368] Kernel panic - not syncing: panic_on_warn set ... [ 26.387368] [ 26.394733] CPU: 0 PID: 4497 Comm: syz-executor1 Tainted: G B 4.9.78-g68d447c #23 [ 26.403467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.412806] ffff8801d01b7810 ffffffff81d943a9 ffffffff841971bf ffff8801d01b78e8 [ 26.420779] ffff8801da001200 ffffffff8137d7c3 0000000000000282 ffff8801d01b78d8 [ 26.428762] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 26.436753] Call Trace: [ 26.439316] [] dump_stack+0xc1/0x128 [ 26.444654] [] ? relay_open+0x603/0x860 [ 26.450250] [] panic+0x1bc/0x3a8 [ 26.455240] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.463445] [] ? preempt_schedule+0x25/0x30 [ 26.469387] [] ? ___preempt_schedule+0x16/0x18 [ 26.475587] [] ? relay_open+0x603/0x860 [ 26.481179] [] ? relay_open+0x603/0x860 [ 26.486775] [] kasan_end_report+0x50/0x50 [ 26.492542] [] kasan_report_double_free+0x81/0xa0 [ 26.499004] [] kasan_slab_free+0xa4/0xc0 [ 26.504681] [] kfree+0x103/0x300 [ 26.509666] [] relay_open+0x603/0x860 [ 26.515088] [] do_blk_trace_setup+0x3e9/0x950 [ 26.521210] [] blk_trace_setup+0xe0/0x1a0 [ 26.526988] [] ? do_blk_trace_setup+0x950/0x950 [ 26.533279] [] ? disk_name+0x98/0x100 [ 26.538701] [] blk_trace_ioctl+0x1de/0x300 [ 26.544555] [] ? compat_blk_trace_setup+0x250/0x250 [ 26.551192] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 26.557833] [] ? get_futex_key+0x1050/0x1050 [ 26.563872] [] ? putname+0xee/0x130 [ 26.569117] [] blkdev_ioctl+0xb00/0x1a60 [ 26.574797] [] ? blkpg_ioctl+0x930/0x930 [ 26.580479] [] ? __lock_acquire+0x629/0x3640 [ 26.586508] [] ? do_futex+0x3f8/0x15c0 [ 26.592781] [] ? debug_check_no_obj_freed+0x154/0xa10 [ 26.599595] [] block_ioctl+0xde/0x120 [ 26.605016] [] ? blkdev_fallocate+0x440/0x440 [ 26.611132] [] do_vfs_ioctl+0x1aa/0x1140 [ 26.616812] [] ? ioctl_preallocate+0x220/0x220 [ 26.623014] [] ? selinux_file_ioctl+0x355/0x530 [ 26.629302] [] ? selinux_capable+0x40/0x40 [ 26.635158] [] ? __fget+0x201/0x3a0 [ 26.640405] [] ? __fget+0x228/0x3a0 [ 26.645648] [] ? __fget+0x47/0x3a0 [ 26.650811] [] ? security_file_ioctl+0x89/0xb0 [ 26.657023] [] SyS_ioctl+0x8f/0xc0 [ 26.662183] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 26.669156] Dumping ftrace buffer: [ 26.672666] (ftrace buffer empty) [ 26.676345] Kernel Offset: disabled [ 26.679941] Rebooting in 86400 seconds..