[....] Starting enhanced syslogd: rsyslogd[ 14.476126] audit: type=1400 audit(1517386366.517:4): avc: denied { syslog } for pid=3914 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. 2018/01/31 08:12:59 fuzzer started 2018/01/31 08:13:00 dialing manager at 10.128.0.26:43577 syzkaller login: [ 29.108870] random: crng init done 2018/01/31 08:13:03 kcov=true, comps=false 2018/01/31 08:13:04 executing program 0: 2018/01/31 08:13:04 executing program 7: 2018/01/31 08:13:04 executing program 3: mmap(&(0x7f0000000000/0xff6000)=nil, 0xff6000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000949000)="890f04000300000000e60000e3", 0xd) 2018/01/31 08:13:04 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f00005cb000-0xb)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000dc6000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000000001bf3ffffff000065000000edff00007db0e6330ee7f9b319d8000018e58d1c43473000e05026fb0000008001d1a7335d5bffff0001d7", "cea40005003500f7ff0002ff000000000000000000810000dc01867dfffe0200", [0x0, 0x0], 0x0}) 2018/01/31 08:13:04 executing program 5: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000001000-0x8)={0x0, 0x0}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) prlimit64(r0, 0xf, 0x0, &(0x7f0000000000)={0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc01, 0x104) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fcntl$lock(r1, 0x7, &(0x7f0000001000)={0x1, 0x0, 0x200, 0xfffffffffffffffd, r0}) readahead(r1, 0x8, 0x3) fcntl$setownex(r1, 0xf, &(0x7f0000002000-0x8)={0x0, r0}) ioctl$KDSKBMETA(r1, 0x4b63, &(0x7f0000001000)=0x3) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = accept$nfc_llcp(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/63, 0x0}, &(0x7f0000002000)=0x60) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$packet_buf(r1, 0x107, 0x17, &(0x7f0000003000)="1b3a17047fd3b7da875aebd06006dc22e0eafe786d2219126014dc6a5f5cf7f855d34ba0117d40e37bafab9a8559e7a1bc3c5f574fa1686af1e5cee5d412f178d3bcb8e69ddc90fcedf10b9375a1f7f2acabb04758f0564a9180d7bc12ee2ee1761cf8b31fbba30c8f630328283d2ca10f005df9c03fa1bb1cee0a3e9e2055444279af845b4229de5d709aadc6e65d1eb9c421bb47efce88881c606599c2cfdd6c13ef9e5083c35503674297f250229918f2bd5ac34d8ffb973d55a8cd313b902b1d4e43f6b07facecdab02bf139bb5513f97cc755bd90c4881291023fd9", 0xde) socketpair$packet(0x11, 0x0, 0x300, &(0x7f0000003000-0x8)={0x0, 0x0}) socket$inet_icmp_raw(0x2, 0x3, 0x1) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000004000)=[@in={0x2, 0x2, @remote={0xac, 0x14, 0x0, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x3, @rand_addr=0x80000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x1, @dev={0xac, 0x14, 0x0, 0x11}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6={0xa, 0x2, 0x625, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x15}, 0x1}, @in={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in={0x2, 0x0, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @in6={0xa, 0x0, 0x9, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x3}, @in6={0xa, 0x3, 0x401, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x6}, @in6={0xa, 0x3, 0x3, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x12}, 0x100}, @in={0x2, 0x0, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}], 0xd0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) prctl$getreaper(0x28, &(0x7f0000006000-0x8)=0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000001000)=0x7) fcntl$setstatus(r2, 0x4, 0x2800) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000007000-0x108)={0x0, @in={{0x2, 0x0, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0xffffffffffffff3d, 0xffffffff, 0x7, 0x4081, 0x7ff, 0xf32, 0x1, 0x9, 0x9, 0x7, 0x3f, 0x58bc9e22, 0x2, 0xc6, 0x40]}, &(0x7f0000005000)=0x108) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000007000-0x8)={r3, 0x3}, &(0x7f0000007000-0x4)=0x8) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000001000-0x24)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000008000-0x28)={@common='bpq0\x00', 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000002000-0xc)={@multicast1=0xe0000001, @multicast2=0xe0000002, r4}, 0xc) 2018/01/31 08:13:04 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000757000-0x12)='/dev/input/event#\x00', 0x4, 0x80040) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000381000-0xc)='/dev/rfkill\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getpeername$ax25(r1, &(0x7f00003ef000)={0x0, {""/7}, 0x0}, &(0x7f0000000000)=0x10) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) write$fuse(r1, &(0x7f0000002000-0x18)={0x18, 0x0, 0x2, @fuse_bmap_out={0x7}}, 0x18) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000000)={0x20}, 0x1) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000003000-0x8)='./file0\x00', &(0x7f0000001000)='adfs\x00', 0x1410, &(0x7f0000003000-0xf7)="3e45d24f3be5a9ce13b291bda42f6ee0857d26189cb2c3d0c767fea8222c1e04f97765bf856ddacc9d6f0b402ab24a9743ac7324fbc21ef9fac265fd5dc2aa140eb0b9f1449b664e37a6d70cb5675696819d4043ee382f4a8ebfc7aea799f961495a3e68fe0143c6cea40059c96b48830203ad636e1b55fd337f77890db7be556c8d4a2b81c20a1009d5593fb154ba1649f9ee6a7368c7dca96f9d01a222824471506651d2cafd35ebd42962383a8459d0230e42ef67c206ea98b6848e4344cd16ba4d8c38e907b7402bbe82c723cd6b29a0fa87800b00f6a2e0a17f0de0a1bafc2fa436e70781c96eaa2f0b0603a9f167e4aaed1a59fd") r2 = creat(&(0x7f0000001000-0x8)='./file0\x00', 0x1) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000002000-0x14)={0xc9, 0x2, 0x1ff, 0xffff, 0xfffffffffffffffb}, 0x14) ioctl$TIOCCBRK(r2, 0x5428) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000001000)={0x0, 0x1f}, &(0x7f0000003000)=0x8) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000003000)={r3, @in={{0x2, 0x0, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x8c) inotify_init() mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000005000-0x9)='/dev/ppp\x00', 0x20000, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/rtc\x00', 0x400000, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f0000005000)={0x4, 0x3}) mknod(&(0x7f0000004000-0x8)='./file0\x00', 0x8000, 0xa773) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$nfc_llcp(r4, 0x118, 0x0, &(0x7f0000007000-0x51)=""/81, 0x51) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f0000001000-0x9e)=""/158, &(0x7f0000003000)=0x9e) ioctl$TCSETAF(r4, 0x5408, &(0x7f0000004000-0x14)={0x0, 0xee, 0x9, 0x9, 0x4284, 0x8001, 0xfffffffffffffff9, 0x8, 0x40d, 0x10001}) flistxattr(r0, &(0x7f0000001000)=""/4096, 0x1000) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000007000)='/selinux/checkreqprot\x00', 0x200000, 0x0) 2018/01/31 08:13:04 executing program 1: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000000)='selinux&\x00', 0x1) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000000)={0xffffffff, {{0x2, 0x1, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, {{0x2, 0x0, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x118) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000001000-0x10)={0x8, 0x4, 0x8, 0x8}, 0x10) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000001000)={0x0, 0x0}) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000002000-0x8)={r1, 0x1}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000003000-0x8)={0x0, 0x0}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000004000-0x4)=0x0, &(0x7f0000002000-0x4)=0x4) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000002000)={0x8, &(0x7f0000000000)=[{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000003000)={0x6, 0xe1, 0xffff, 0x8, 0x7ff, 0x4, 0xffffffffffffb6d8, 0x4, 0x1, 0x8001, 0x4e2375a1}, 0xb) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000002000)={&(0x7f0000002000/0x2000)=nil, 0x2000}) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) execve(&(0x7f0000004000-0x8)='./file0\x00', &(0x7f0000004000)=[], &(0x7f0000005000-0x8)=[&(0x7f0000001000-0x9)='selinux&\x00']) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = request_key(&(0x7f0000005000)='big_key\x00', &(0x7f0000006000-0x5)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f0000005000-0x9)='system(^\x00', 0xfffffffffffffffe) keyctl$revoke(0x3, r2) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockname$packet(r0, &(0x7f0000003000-0x14)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f0000006000)=0x14) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x200, r3}) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000004000-0x1c)={0x0, 0x8000, 0xa, [0x10001, 0x1, 0x0, 0x4, 0x7, 0x400, 0x0, 0x19, 0x9, 0x1]}, &(0x7f0000003000-0x4)=0x1c) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000005000)=@assoc_value={r4, 0x7f}, 0x8) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$random(&(0x7f0000008000-0xc)='/dev/random\x00', 0x0, 0x800) 2018/01/31 08:13:04 executing program 2: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$pktcdvd(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pktcdvd/control\x00', 0x4000, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)={0x1, 0x1, [@remote={[0xaa, 0xaa, 0xaa, 0xaa], 0x0, 0xbb}]}) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000002000-0x17)=""/23) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x5473, &(0x7f0000002000)=0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000004000-0xc)={0x55, 0x1, 0x6, 0x4, 0x4}, 0xc) connect$llc(r0, &(0x7f0000001000)={0x1a, 0x0, 0x800, 0x30, 0x1, 0x7fffffff, @random="cd76edb635f2", [0x0, 0x0]}, 0x10) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000005000-0x28)={&(0x7f0000000000/0x3000)=nil, 0x6, 0x3, 0x80, &(0x7f0000001000/0x3000)=nil, 0x7}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000002000)=0xc) ioctl$TUNSETOWNER(r0, 0x400454cc, &(0x7f0000001000)=r2) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000005000)={0xc359, 0x0, 0x10003, 0x9}) ioctl$DRM_IOCTL_AGP_FREE(r0, 0x40206435, &(0x7f0000004000-0x20)={0x3, r3, 0x10002, 0xff}) ioctl$EVIOCGID(r0, 0x80084502, &(0x7f0000002000)=""/78) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) signalfd4(r0, &(0x7f0000007000-0x8)={0x7}, 0x8, 0x80800) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) timer_create(0x7, &(0x7f0000008000-0x60)={0x0, 0x3b, 0x6, @tid=r1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000008000-0x4)=0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000007000)={0x0, 0x0}) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) timer_settime(r4, 0x1, &(0x7f0000008000-0x20)={{r5, r6+30000000}, {0x0, 0x0}}, &(0x7f0000008000-0x20)={{0x0, 0x0}, {0x0, 0x0}}) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000005000-0x4)=0x9) [ 32.589779] audit: type=1400 audit(1517386384.637:5): avc: denied { sys_admin } for pid=4128 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 32.620137] IPVS: Creating netns size=2536 id=1 [ 32.631434] audit: type=1400 audit(1517386384.677:6): avc: denied { net_admin } for pid=4131 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 32.670462] IPVS: Creating netns size=2536 id=2 [ 32.694886] IPVS: Creating netns size=2536 id=3 [ 32.723710] IPVS: Creating netns size=2536 id=4 [ 32.764382] IPVS: Creating netns size=2536 id=5 [ 32.809487] IPVS: Creating netns size=2536 id=6 [ 32.854228] IPVS: Creating netns size=2536 id=7 [ 32.900114] IPVS: Creating netns size=2536 id=8 [ 34.539517] audit: type=1400 audit(1517386386.587:7): avc: denied { sys_chroot } for pid=4131 comm="syz-executor3" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 34.746319] ================================================================== [ 34.753741] BUG: KASAN: double-free or invalid-free in relay_open+0x603/0x860 [ 34.760997] [ 34.762619] CPU: 0 PID: 5172 Comm: syz-executor4 Not tainted 4.9.78-g7be1985 #24 [ 34.770139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.779484] ffff8801b563f8b8 ffffffff81d94409 ffffea0006dc0e80 ffff8801b703aa00 [ 34.787525] ffff8801da001280 ffffffff8137d813 0000000000000282 ffff8801b563f8f0 [ 34.795558] ffffffff8153dc73 ffff8801b703aa00 ffffffff8137d813 ffff8801da001280 [ 34.803591] Call Trace: [ 34.806173] [] dump_stack+0xc1/0x128 [ 34.811537] [] ? relay_open+0x603/0x860 [ 34.817171] [] print_address_description+0x73/0x280 [ 34.823831] [] ? relay_open+0x603/0x860 [ 34.829459] [] ? relay_open+0x603/0x860 [ 34.835079] [] kasan_report_double_free+0x64/0xa0 [ 34.841572] [] kasan_slab_free+0xa4/0xc0 [ 34.847280] [] kfree+0x103/0x300 [ 34.852293] [] relay_open+0x603/0x860 [ 34.857739] [] do_blk_trace_setup+0x3e9/0x950 [ 34.863874] [] blk_trace_setup+0xe0/0x1a0 [ 34.869662] [] ? do_blk_trace_setup+0x950/0x950 [ 34.875950] [] ? disk_name+0x98/0x100 [ 34.881374] [] blk_trace_ioctl+0x1de/0x300 [ 34.887228] [] ? compat_blk_trace_setup+0x250/0x250 [ 34.893864] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 34.900502] [] ? get_futex_key+0x1050/0x1050 [ 34.906537] [] ? putname+0xee/0x130 [ 34.911795] [] blkdev_ioctl+0xb00/0x1a60 [ 34.917476] [] ? blkpg_ioctl+0x930/0x930 [ 34.923158] [] ? __lock_acquire+0x629/0x3640 [ 34.929187] [] ? do_futex+0x3f8/0x15c0 [ 34.934695] [] ? debug_check_no_obj_freed+0x154/0xa10 [ 34.941506] [] block_ioctl+0xde/0x120 [ 34.946927] [] ? blkdev_fallocate+0x440/0x440 [ 34.953042] [] do_vfs_ioctl+0x1aa/0x1140 [ 34.958722] [] ? ioctl_preallocate+0x220/0x220 [ 34.964924] [] ? selinux_file_ioctl+0x355/0x530 [ 34.971210] [] ? selinux_capable+0x40/0x40 [ 34.977064] [] ? __fget+0x201/0x3a0 [ 34.982309] [] ? __fget+0x228/0x3a0 [ 34.987554] [] ? __fget+0x47/0x3a0 [ 34.992715] [] ? security_file_ioctl+0x89/0xb0 [ 34.998919] [] SyS_ioctl+0x8f/0xc0 [ 35.004081] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 35.010627] [ 35.012229] Allocated by task 5172: [ 35.015829] save_stack_trace+0x16/0x20 [ 35.019783] save_stack+0x43/0xd0 [ 35.023213] kasan_kmalloc+0xad/0xe0 [ 35.026898] kmem_cache_alloc_trace+0xfb/0x2a0 [ 35.031453] relay_open+0x91/0x860 [ 35.034965] do_blk_trace_setup+0x3e9/0x950 [ 35.039258] blk_trace_setup+0xe0/0x1a0 [ 35.043201] blk_trace_ioctl+0x1de/0x300 [ 35.047232] blkdev_ioctl+0xb00/0x1a60 [ 35.051091] block_ioctl+0xde/0x120 [ 35.054687] do_vfs_ioctl+0x1aa/0x1140 [ 35.058544] SyS_ioctl+0x8f/0xc0 [ 35.061880] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 35.066603] [ 35.068202] Freed by task 5172: [ 35.071455] save_stack_trace+0x16/0x20 [ 35.075407] save_stack+0x43/0xd0 [ 35.078828] kasan_slab_free+0x72/0xc0 [ 35.082684] kfree+0x103/0x300 [ 35.085845] relay_destroy_channel+0x16/0x20 [ 35.090222] relay_open+0x5ea/0x860 [ 35.093817] do_blk_trace_setup+0x3e9/0x950 [ 35.098110] blk_trace_setup+0xe0/0x1a0 [ 35.102051] blk_trace_ioctl+0x1de/0x300 [ 35.106082] blkdev_ioctl+0xb00/0x1a60 [ 35.109939] block_ioctl+0xde/0x120 [ 35.113536] do_vfs_ioctl+0x1aa/0x1140 [ 35.117396] SyS_ioctl+0x8f/0xc0 [ 35.120733] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 35.125456] [ 35.127058] The buggy address belongs to the object at ffff8801b703aa00 [ 35.127058] which belongs to the cache kmalloc-512 of size 512 [ 35.139695] The buggy address is located 0 bytes inside of [ 35.139695] 512-byte region [ffff8801b703aa00, ffff8801b703ac00) [ 35.151364] The buggy address belongs to the page: [ 35.156266] page:ffffea0006dc0e80 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 35.166442] flags: 0x8000000000004080(slab|head) [ 35.171163] page dumped because: kasan: bad access detected [ 35.176838] [ 35.178434] Memory state around the buggy address: [ 35.183336] ffff8801b703a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.190667] ffff8801b703a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.197996] >ffff8801b703aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.205323] ^ [ 35.208660] ffff8801b703aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.215988] ffff8801b703ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.223313] ================================================================== [ 35.230650] Disabling lock debugging due to kernel taint [ 35.237848] Kernel panic - not syncing: panic_on_warn set ... [ 35.237848] [ 35.241527] audit: type=1400 audit(1517386387.287:8): avc: denied { net_raw } for pid=5200 comm="syz-executor5" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 35.269205] CPU: 0 PID: 5172 Comm: syz-executor4 Tainted: G B 4.9.78-g7be1985 #24 [ 35.277933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.287260] ffff8801b563f810 ffffffff81d94409 ffffffff841971bf ffff8801b563f8e8 [ 35.295232] ffff8801da001200 ffffffff8137d813 0000000000000282 ffff8801b563f8d8 [ 35.303196] ffffffff8142f4a1 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f2e5 [ 35.306113] Call Trace: [ 35.306125] [] dump_stack+0xc1/0x128 [ 35.306133] [] ? relay_open+0x603/0x860 [ 35.306141] [] panic+0x1bc/0x3a8 [ 35.306148] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 35.306158] [] ? preempt_schedule+0x25/0x30 [ 35.306165] [] ? ___preempt_schedule+0x16/0x18 [ 35.306171] [] ? relay_open+0x603/0x860 [ 35.306178] [] ? relay_open+0x603/0x860 [ 35.306186] [] kasan_end_report+0x50/0x50 [ 35.306193] [] kasan_report_double_free+0x81/0xa0 [ 35.306200] [] kasan_slab_free+0xa4/0xc0 [ 35.306206] [] kfree+0x103/0x300 [ 35.306212] [] relay_open+0x603/0x860 [ 35.306220] [] do_blk_trace_setup+0x3e9/0x950 [ 35.306227] [] blk_trace_setup+0xe0/0x1a0 [ 35.306234] [] ? do_blk_trace_setup+0x950/0x950 [ 35.306240] [] ? disk_name+0x98/0x100 [ 35.306247] [] blk_trace_ioctl+0x1de/0x300 [ 35.306253] [] ? compat_blk_trace_setup+0x250/0x250 [ 35.306261] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 35.306268] [] ? get_futex_key+0x1050/0x1050 [ 35.306274] [] ? putname+0xee/0x130 [ 35.306282] [] blkdev_ioctl+0xb00/0x1a60 [ 35.306288] [] ? blkpg_ioctl+0x930/0x930 [ 35.306296] [] ? __lock_acquire+0x629/0x3640 [ 35.306301] [] ? do_futex+0x3f8/0x15c0 [ 35.306310] [] ? debug_check_no_obj_freed+0x154/0xa10 [ 35.306318] [] block_ioctl+0xde/0x120 [ 35.306325] [] ? blkdev_fallocate+0x440/0x440 [ 35.306332] [] do_vfs_ioctl+0x1aa/0x1140 [ 35.306339] [] ? ioctl_preallocate+0x220/0x220 [ 35.306345] [] ? selinux_file_ioctl+0x355/0x530 [ 35.306351] [] ? selinux_capable+0x40/0x40 [ 35.306357] [] ? __fget+0x201/0x3a0 [ 35.306363] [] ? __fget+0x228/0x3a0 [ 35.306369] [] ? __fget+0x47/0x3a0 [ 35.306375] [] ? security_file_ioctl+0x89/0xb0 [ 35.306382] [] SyS_ioctl+0x8f/0xc0 [ 35.306389] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 35.311253] Dumping ftrace buffer: [ 35.311257] (ftrace buffer empty) [ 35.311259] Kernel Offset: disabled [ 35.552879] Rebooting in 86400 seconds..