[....] Starting enhanced syslogd: rsyslogd[ 12.753243] audit: type=1400 audit(1518433017.478:4): avc: denied { syslog } for pid=3651 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. 2018/02/12 10:57:11 fuzzer started 2018/02/12 10:57:11 dialing manager at 10.128.0.26:33975 2018/02/12 10:57:15 kcov=true, comps=false 2018/02/12 10:57:15 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00003ea000-0xc)='/dev/rfkill\x00', 0x11f241, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000001000-0x2c)=[@in6={0xa, 0x2, 0x80000001, @local={0xfe, 0x80, [], 0x0, 0xaa}, 0x5}, @in={0x2, 0x2, @remote={0xac, 0x14, 0x0, 0xbb}}], 0x2c) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000001000)='./file0\x00', 0x8) listen$netrom(r1, 0x1f) fcntl$addseals(r1, 0x409, 0x5) ioctl$sock_ipx_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000000)={"9b41b1ab77a16b8ce31c15f34d9ce91b", {0x4, 0x1, 0x4, "2096ccca9614", 0x2}}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000003000-0x14), &(0x7f0000001000)=0x14) fcntl$setflags(r0, 0x2, 0x1) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000004000-0x4)=0x8) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000002000-0xc)=@sack_info={r2, 0x92, 0x3}, &(0x7f0000003000)=0xc) close(r1) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000005000-0x10)={0x400, 0x1, 0x8001, 0x10001}) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000005000)={0x76, 0x3, 0x40, 0x30000000000000, 0x9, 0x6}) ioctl$KDDISABIO(r1, 0x4b37) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000006000)=0x4) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000007000)=0x400, 0x4) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000008000-0x4)=0x84, 0x4) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000002000)={&(0x7f0000004000/0x1000)=nil, 0x1000}) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000008000-0x12)={@common='bond0\x00', 0x7}) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000005000)=@assoc_value, &(0x7f0000001000-0x4)=0x8) 2018/02/12 10:57:15 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x40980, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000000)=@routing={0x3e, 0xe, 0x1, 0xaf, 0x0, [@mcast2={0xff, 0x2, [], 0x1}, @empty, @local={0xfe, 0x80, [], 0x0, 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, @local={0xfe, 0x80, [], 0x0, 0xaa}, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x0, 0x14}}]}, 0x78) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000002000-0x44)={{0x2, 0x0, @multicast2=0xe0000002}, {0x1, @link_local={0x1, 0x80, 0xc2}}, 0x0, {0x2, 0x2, @multicast2=0xe0000002}, @generic="07fccb25d117bd32839da24b5b30dfa4"}) getsockname$packet(r0, &(0x7f0000002000-0x14)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000001000-0x4)=0x14) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000001000)={@loopback={0x0, 0x1}, 0x41af, r1}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000002000)={&(0x7f0000092000/0x4000)=nil, 0x4000}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000003000)={@mcast2={0xff, 0x2, [], 0x1}, 0x8000, 0x0, 0xff, 0xc, 0x0, 0x2, 0xa6}, 0x20) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000004000)={0x18, 0x0, {0x1, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @common='vlan0\x00'}}) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000005000)) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000007000-0x418)={'filter\x00', 0x7, 0x4, 0x3c8, 0xe8, 0x1f8, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, &(0x7f0000006000), {[{{@arp={@empty, @empty, 0xffffffff, 0xffffffff, @mac=@random="0298142dc00b", {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}, @empty, {[0x0, 0x0, 0x0, 0x0, 0xff]}, 0x877, 0x6, 0x73df8eb7, 0x1, 0x23, 0x8, @common='bpq0\x00', @syzn={0x73, 0x79, 0x7a, 0x0}, {}, {0xff}, 0x0, 0x100}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@arp={@broadcast=0xffffffff, @rand_addr=0xfffffffffffffc00, 0xffffffff, 0xffffffff, @empty, {[0xff, 0xff, 0xff, 0x0, 0x0, 0xff]}, @empty, {[0x0, 0xff, 0xff, 0xff, 0xff]}, 0x858, 0x10001, 0x3, 0xbe, 0x4, 0x4, @syzn={0x73, 0x79, 0x7a, 0x0}, @generic="8174395565f62461b6e461df7a25e5f6", {}, {}, 0x0, 0x44}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast1=0xe0000001, @loopback=0x7f000001, 0x4, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x3}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x418) ioctl$sock_ipx_SIOCIPXNCPCONN(r0, 0x89e3, &(0x7f0000000000)=0x1) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000004000)='/selinux/load\x00', 0x2, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) execve(&(0x7f0000007000)='./file0\x00', &(0x7f0000003000)=[&(0x7f0000007000)='/selinux/load\x00', &(0x7f0000005000)='/dev/hwrng\x00', &(0x7f0000008000-0xb)='/dev/hwrng\x00', &(0x7f0000004000-0x8)=')cpuset\x00', &(0x7f0000008000-0xe)='/selinux/load\x00'], &(0x7f0000007000)=[&(0x7f0000006000-0xb)='/dev/hwrng\x00']) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000009000-0xe0)="10c1d15b3f054c826478bf1329819c7cc1202ee761ea02cc1861d8c3e1e57c18bb06879934f7d378fc1e20f41ac88c3013206ec8c03f80e3f24ce2fb63d6863cc26e2a048d8cd4e1ac849c2bec678778a4f1fa8709a2da0e5ee80a7b62930f43ffdd47c6171ad48fc832c4b9a7c04e137db1d236f51ec4972048e9bdff84bb7757b63d72d2c9e74bbea2f0101fa8561b0ffdd9d6ba8f82142f9e51f76a4d90fbb6317db1d01f1fe5b5d9df6d55f2c20fa8b7f7d77515e00f188eba62c856794ff910ef74338f74eec888904a3e3f1a1e3385f40ec27303649824de99ae297cd3", 0xe0, 0x800, 0x0, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f000000a000-0x90)={0x6, {{0x2, 0x2, @remote={0xac, 0x14, 0x0, 0xbb}}}}, 0x90) 2018/02/12 10:57:15 executing program 1: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000eca000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = inotify_add_watch(0xffffffffffffff9c, &(0x7f00008bf000-0x8)='./file0\x00', 0x123) inotify_rm_watch(r0, r1) ioctl$LOOP_SET_FD(r0, 0x4c00, r0) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000de5000)={0x0, 0x8000}, &(0x7f0000bd4000-0x4)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000078000-0xc)={r2, 0xffff, 0x10}, &(0x7f00000e8000-0x4)=0xc) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000475000)={0x100, 0x2, {0xffffffffffffffff, 0x3, 0x7}}) getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f0000213000-0x4), &(0x7f0000bd8000-0x4)=0x4) r3 = openat$selinux_access(0xffffffffffffff9c, &(0x7f000054a000-0x10)='/selinux/access\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f00002f0000-0x38)={&(0x7f00002b8000-0x14)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x14, &(0x7f0000001000-0x10)=[{&(0x7f00006a5000-0x18)=""/24, 0x18}], 0x1, &(0x7f00006ad000)=""/111, 0x6f, 0x3ff}, 0x10000) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000002000-0x9)='/dev/rtc\x00', 0x80, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_group_source_req(r4, 0x0, 0x2b, &(0x7f0000002000)={0x8000, {{0x2, 0x3, @dev={0xac, 0x14, 0x0, 0xb}}}, {{0x2, 0x2, @dev={0xac, 0x14, 0x0, 0x13}}}}, 0x118) ioctl$sock_inet6_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000001000)) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$KDGKBLED(r4, 0x4b64, &(0x7f0000004000-0x1)) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) signalfd(r3, &(0x7f0000004000)={0x3}, 0x8) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000006000-0xc)={0x0}, &(0x7f0000006000-0x4)=0xc) ioprio_set$pid(0x3, r5, 0x20) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) accept$inet(r0, &(0x7f0000000000)={0x0, 0xffffffffffffffff, @loopback}, &(0x7f0000006000)=0x10) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x1, 0x4) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000004000-0x4)) bind$ipx(r4, &(0x7f0000003000)={0x4, 0x1, 0x5, "3452a6cfcee7", 0x3}, 0x10) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$RNDADDTOENTCNT(r4, 0x40045201, &(0x7f0000007000)=0x7) 2018/02/12 10:57:15 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) nanosleep(&(0x7f0000d1e000)={0x0, 0x1c9c380}, &(0x7f0000f01000-0x10)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ef3000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000f4a000/0x2000)=nil) munmap(&(0x7f0000c1d000/0x3000)=nil, 0x3000) 2018/02/12 10:57:15 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) fremovexattr(r0, &(0x7f0000499000-0x14)=@known='security.capability\x00') 2018/02/12 10:57:15 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000d67000-0xca)={@link_local={0x1, 0x80, 0xc2}, @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @dev={0xac, 0x14}, {[]}}, @icmp=@dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @empty, @empty, {[]}}}}}}}, &(0x7f0000490000-0xc)={0x0, 0x1, [0x0]}) 2018/02/12 10:57:15 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000057c000)={0x2, 0x78, 0x48, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000fea000-0xa)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create(0x10007fff) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003ba000-0x24)) r2 = syz_open_pts(r0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000fe2000-0xc)) dup2(r2, r0) 2018/02/12 10:57:15 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000ee8000-0x38)={&(0x7f0000e35000)={0x10}, 0xc, &(0x7f0000bb1000)={&(0x7f0000404000-0x14c)=@flushpolicy={0x10, 0x1d, 0x709, 0xffffffffffffffff, 0xffffffffffffffff, "", []}, 0x10}, 0x1}, 0x0) syzkaller login: [ 31.239289] audit: type=1400 audit(1518433035.958:5): avc: denied { sys_admin } for pid=3867 comm="syz-executor7" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 31.274223] IPVS: Creating netns size=2536 id=1 [ 31.284782] audit: type=1400 audit(1518433036.008:6): avc: denied { net_admin } for pid=3869 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 31.320069] IPVS: Creating netns size=2536 id=2 [ 31.359064] IPVS: Creating netns size=2536 id=3 [ 31.397179] IPVS: Creating netns size=2536 id=4 [ 31.438205] IPVS: Creating netns size=2536 id=5 [ 31.486454] IPVS: Creating netns size=2536 id=6 [ 31.541245] IPVS: Creating netns size=2536 id=7 [ 31.595369] IPVS: Creating netns size=2536 id=8 [ 33.192921] audit: type=1400 audit(1518433037.918:7): avc: denied { sys_chroot } for pid=3869 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.307289] audit: type=1400 audit(1518433038.028:8): avc: denied { create } for pid=4854 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 2018/02/12 10:57:18 executing program 1: gettid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) syslog(0x3, &(0x7f0000041000)=""/177, 0xb1) [ 33.359368] audit: type=1400 audit(1518433038.078:9): avc: denied { dac_override } for pid=4854 comm="syz-executor0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/02/12 10:57:18 executing program 1: gettid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) syslog(0x3, &(0x7f0000041000)=""/177, 0xb1) 2018/02/12 10:57:18 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_int(r0, 0x1, 0xe, &(0x7f0000000000), 0x4) [ 33.410943] audit: type=1400 audit(1518433038.128:11): avc: denied { getopt } for pid=4854 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 2018/02/12 10:57:18 executing program 1: gettid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) syslog(0x3, &(0x7f0000041000)=""/177, 0xb1) 2018/02/12 10:57:18 executing program 1: gettid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) syslog(0x3, &(0x7f0000041000)=""/177, 0xb1) 2018/02/12 10:57:18 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000058000-0x8)={@link_local={0x1, 0x80, 0xc2}, @dev={[0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000001, {[]}}, @igmp={0x17, 0x0, 0x0, @multicast1=0xe0000001}}}}}, &(0x7f00004b3000-0xc)={0x0, 0x0, []}) [ 33.413132] audit: type=1400 audit(1518433038.128:10): avc: denied { listen } for pid=4854 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 2018/02/12 10:57:18 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000462000)='wchan\x00') r1 = syz_open_dev$urandom(&(0x7f0000ba5000)='/dev/urandom\x00', 0x0, 0x1) sendfile(r1, r0, &(0x7f0000fda000-0x8), 0x100000001) 2018/02/12 10:57:18 executing program 1: gettid() syslog(0x3, &(0x7f0000041000)=""/177, 0xb1) [ 33.424503] audit: type=1400 audit(1518433038.148:12): avc: denied { setopt } for pid=4854 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 33.426143] audit: type=1400 audit(1518433038.148:13): avc: denied { ioctl } for pid=4854 comm="syz-executor0" path="socket:[13621]" dev="sockfs" ino=13621 ioctlcmd=0xaa03 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 2018/02/12 10:57:18 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x0, 0x8000f, 0x0, &(0x7f0000000000)) 2018/02/12 10:57:18 executing program 3: mmap(&(0x7f0000000000/0x5000)=nil, 0x5000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f0000001000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0, {0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}}}}, 0x3a) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000002000-0x20)={@common='rose0\x00', @ifru_flags}) 2018/02/12 10:57:18 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f0000a78000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000145000)=[{{&(0x7f000011a000)=@alg, 0x58, &(0x7f00009fd000)=[{&(0x7f0000e29000)=""/1, 0x1}], 0x1, &(0x7f0000729000-0x77)}}], 0x1, 0x0, &(0x7f0000173000-0x10)={0x77359400}) dup2(r1, r0) 2018/02/12 10:57:18 executing program 2: mmap(&(0x7f0000000000/0x14000)=nil, 0x14000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2, 0x6) sendmsg(r0, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000007000-0x10)=[{&(0x7f0000005000)="10000000150061dd18c84c16290c729b", 0x10}], 0x1, &(0x7f0000002000-0x78)=[]}, 0x0) recvmmsg(r0, &(0x7f0000009000)=[{{&(0x7f000000e000-0x10)=@nfc, 0x10, &(0x7f0000010000-0x10)=[], 0x0, &(0x7f000000c000-0x23)=""/35, 0x23}}], 0x1, 0x0, &(0x7f0000002000-0x10)) 2018/02/12 10:57:18 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x20000000000000a, 0x2, 0x0) connect$inet6(r0, &(0x7f0000fba000-0x1c)={0xa, 0xffffffffffffffff, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x3}, 0x1c) connect(r0, &(0x7f0000bfa000)=@generic={0x2, "dc9ce0fa7349447a5180e20d42dd0930e26e1709aa7aaa0f5a7e8ab61bd27c891495e60100db0d2772febfd6a9657a04a2cf779b09770089adc94bb9baca63a49ddb220f8732eb22d74ca029005b9932dd12aa0deb7be64e411cdc7b22deafaa78e25ce6f6ea0689bc4ae551aa2a8ad8508ae3bc4917e596b85af88e0ef5"}, 0x80) sendmsg$unix(r0, &(0x7f0000bb5000)={&(0x7f0000ffe000)=@file={0x0, './file0\x00'}, 0xa, &(0x7f00004d7000)=[]}, 0x0) 2018/02/12 10:57:18 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80003, 0x2c) sendto$inet6(r0, &(0x7f00004e6000)='a', 0x1, 0x0, &(0x7f00007c0000)={0xa, 0xffffffffffffffff, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2018/02/12 10:57:18 executing program 1: syslog(0x3, &(0x7f0000041000)=""/177, 0xb1) 2018/02/12 10:57:18 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f00005cb000-0xb)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000e71000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000000001bf3ffffff000065000000edff00007db0e6330ee7f9b319d8000018e58d1c43473000e05026fb0000008001d1a7335d5bffff0001d7", "cea40005003500f7ff0002ff000000000000000000810000dc01867dfffe0200"}) 2018/02/12 10:57:18 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000e02000)={@syzn={0x73, 0x79, 0x7a, 0x0}, 0x0}) sendmsg$nl_route(r0, &(0x7f0000873000)={&(0x7f0000187000-0xc)={0x10}, 0xc, &(0x7f0000712000-0x10)={&(0x7f000028c000)=@bridge_setlink={0x28, 0x13, 0x101, 0xffffffffffffffff, 0xffffffffffffffff, {0x7, 0x0, 0x0, r1}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0x1f}]}]}, 0x28}, 0x1}, 0x0) 2018/02/12 10:57:18 executing program 1: syslog(0x0, &(0x7f0000041000)=""/177, 0xb1) 2018/02/12 10:57:18 executing program 3: mmap(&(0x7f0000000000/0xffd000)=nil, 0xffd000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000ff1000-0x4)=0x8000000000004, 0x9c) socket$packet(0x11, 0x200000003, 0x300) sendto$inet(r0, &(0x7f0000865000), 0xffe4, 0x0, &(0x7f0000fda000-0x10)={0x2, 0x0, @rand_addr}, 0x10) [ 33.783678] ================================================================== [ 33.791097] BUG: KASAN: double-free or invalid-free in relay_open+0x603/0x860 [ 33.798362] [ 33.799980] CPU: 1 PID: 5014 Comm: syz-executor7 Not tainted 4.9.80-g8a174b47 #31 [ 33.807585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.816420] audit: type=1400 audit(1518433038.538:14): avc: denied { net_raw } for pid=5024 comm="syz-executor3" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.818281] IPv4: Oversized IP packet from 127.0.0.1 [ 33.846270] ffff8801b59a78b8 ffffffff81d94be9 ffffea0006d62080 ffff8801b5883180 [ 33.854311] ffff8801da001280 ffffffff8137d923 0000000000000282 ffff8801b59a78f0 [ 33.862338] ffffffff8153e113 ffff8801b5883180 ffffffff8137d923 ffff8801da001280 [ 33.870306] Call Trace: [ 33.872866] [] dump_stack+0xc1/0x128 [ 33.878205] [] ? relay_open+0x603/0x860 [ 33.883799] [] print_address_description+0x73/0x280 [ 33.890432] [] ? relay_open+0x603/0x860 [ 33.896025] [] ? relay_open+0x603/0x860 [ 33.901618] [] kasan_report_double_free+0x64/0xa0 [ 33.908077] [] kasan_slab_free+0xa4/0xc0 [ 33.913756] [] kfree+0x103/0x300 [ 33.918740] [] relay_open+0x603/0x860 [ 33.924159] [] do_blk_trace_setup+0x3e9/0x950 [ 33.930271] [] blk_trace_setup+0xe0/0x1a0 [ 33.936037] [] ? do_blk_trace_setup+0x950/0x950 [ 33.942326] [] ? disk_name+0x98/0x100 [ 33.947743] [] blk_trace_ioctl+0x1de/0x300 [ 33.953606] [] ? compat_blk_trace_setup+0x250/0x250 [ 33.960252] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 33.966888] [] ? get_futex_key+0x1050/0x1050 [ 33.972914] [] ? save_stack_trace+0x16/0x20 [ 33.978854] [] ? save_stack+0x43/0xd0 [ 33.984280] [] ? kasan_slab_free+0x72/0xc0 [ 33.990141] [] blkdev_ioctl+0xb00/0x1a60 [ 33.995820] [] ? blkpg_ioctl+0x930/0x930 [ 34.001499] [] ? __lock_acquire+0x629/0x3640 [ 34.007528] [] ? do_futex+0x3f8/0x15c0 [ 34.013041] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 34.019945] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 34.026756] [] block_ioctl+0xde/0x120 [ 34.032177] [] ? blkdev_fallocate+0x440/0x440 [ 34.038293] [] do_vfs_ioctl+0x1aa/0x1140 [ 34.043980] [] ? ioctl_preallocate+0x220/0x220 [ 34.050181] [] ? selinux_file_ioctl+0x355/0x530 [ 34.056480] [] ? selinux_capable+0x40/0x40 [ 34.062343] [] ? __fget+0x201/0x3a0 [ 34.067590] [] ? __fget+0x228/0x3a0 [ 34.072836] [] ? __fget+0x47/0x3a0 [ 34.078003] [] ? security_file_ioctl+0x89/0xb0 [ 34.084204] [] SyS_ioctl+0x8f/0xc0 [ 34.089364] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 34.095909] [ 34.097505] Allocated by task 5014: [ 34.101103] save_stack_trace+0x16/0x20 [ 34.105054] save_stack+0x43/0xd0 [ 34.108486] kasan_kmalloc+0xad/0xe0 [ 34.112169] kmem_cache_alloc_trace+0xfb/0x2a0 [ 34.116721] relay_open+0x91/0x860 [ 34.120245] do_blk_trace_setup+0x3e9/0x950 [ 34.124534] blk_trace_setup+0xe0/0x1a0 [ 34.128479] blk_trace_ioctl+0x1de/0x300 [ 34.132518] blkdev_ioctl+0xb00/0x1a60 [ 34.136383] block_ioctl+0xde/0x120 [ 34.139976] do_vfs_ioctl+0x1aa/0x1140 [ 34.143830] SyS_ioctl+0x8f/0xc0 [ 34.147175] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 34.151896] [ 34.153493] Freed by task 5014: [ 34.156740] save_stack_trace+0x16/0x20 [ 34.160683] save_stack+0x43/0xd0 [ 34.164106] kasan_slab_free+0x72/0xc0 [ 34.167962] kfree+0x103/0x300 [ 34.171122] relay_destroy_channel+0x16/0x20 [ 34.175499] relay_open+0x5ea/0x860 [ 34.179103] do_blk_trace_setup+0x3e9/0x950 [ 34.183399] blk_trace_setup+0xe0/0x1a0 [ 34.187341] blk_trace_ioctl+0x1de/0x300 [ 34.191378] blkdev_ioctl+0xb00/0x1a60 [ 34.195240] block_ioctl+0xde/0x120 [ 34.198835] do_vfs_ioctl+0x1aa/0x1140 [ 34.202692] SyS_ioctl+0x8f/0xc0 [ 34.206026] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 34.210745] [ 34.212346] The buggy address belongs to the object at ffff8801b5883180 [ 34.212346] which belongs to the cache kmalloc-512 of size 512 [ 34.224978] The buggy address is located 0 bytes inside of [ 34.224978] 512-byte region [ffff8801b5883180, ffff8801b5883380) [ 34.236643] The buggy address belongs to the page: [ 34.241541] page:ffffea0006d62080 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 34.251716] flags: 0x8000000000004080(slab|head) [ 34.256446] page dumped because: kasan: bad access detected [ 34.262121] [ 34.263718] Memory state around the buggy address: [ 34.268622] ffff8801b5883080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.275951] ffff8801b5883100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.283278] >ffff8801b5883180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.290603] ^ [ 34.293938] ffff8801b5883200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.301266] ffff8801b5883280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.308590] ================================================================== [ 34.315921] Disabling lock debugging due to kernel taint [ 34.321792] Kernel panic - not syncing: panic_on_warn set ... [ 34.321792] [ 34.329148] CPU: 1 PID: 5014 Comm: syz-executor7 Tainted: G B 4.9.80-g8a174b47 #31 [ 34.337953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.347279] ffff8801b59a7810 ffffffff81d94be9 ffffffff841970c7 ffff8801b59a78e8 [ 34.355246] ffff8801da001200 ffffffff8137d923 0000000000000282 ffff8801b59a78d8 [ 34.363211] ffffffff8142f5c1 0000000041b58ab3 ffffffff8418ab38 ffffffff8142f405 [ 34.371172] Call Trace: [ 34.373731] [] dump_stack+0xc1/0x128 [ 34.379064] [] ? relay_open+0x603/0x860 [ 34.384658] [] panic+0x1bc/0x3a8 [ 34.389641] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 34.397845] [] ? preempt_schedule+0x25/0x30 [ 34.403784] [] ? ___preempt_schedule+0x16/0x18 [ 34.409981] [] ? relay_open+0x603/0x860 [ 34.415573] [] ? relay_open+0x603/0x860 [ 34.421508] [] kasan_end_report+0x50/0x50 [ 34.427276] [] kasan_report_double_free+0x81/0xa0 [ 34.433734] [] kasan_slab_free+0xa4/0xc0 [ 34.439417] [] kfree+0x103/0x300 [ 34.444400] [] relay_open+0x603/0x860 [ 34.449824] [] do_blk_trace_setup+0x3e9/0x950 [ 34.455935] [] blk_trace_setup+0xe0/0x1a0 [ 34.461702] [] ? do_blk_trace_setup+0x950/0x950 [ 34.467989] [] ? disk_name+0x98/0x100 [ 34.473415] [] blk_trace_ioctl+0x1de/0x300 [ 34.479267] [] ? compat_blk_trace_setup+0x250/0x250 [ 34.485904] [] ? avc_has_extended_perms+0x3fc/0xf10 [ 34.492536] [] ? get_futex_key+0x1050/0x1050 [ 34.498568] [] ? save_stack_trace+0x16/0x20 [ 34.504505] [] ? save_stack+0x43/0xd0 [ 34.509921] [] ? kasan_slab_free+0x72/0xc0 [ 34.515776] [] blkdev_ioctl+0xb00/0x1a60 [ 34.521456] [] ? blkpg_ioctl+0x930/0x930 [ 34.527135] [] ? __lock_acquire+0x629/0x3640 [ 34.533162] [] ? do_futex+0x3f8/0x15c0 [ 34.538667] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 34.545562] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 34.552370] [] block_ioctl+0xde/0x120 [ 34.557788] [] ? blkdev_fallocate+0x440/0x440 [ 34.563902] [] do_vfs_ioctl+0x1aa/0x1140 [ 34.569583] [] ? ioctl_preallocate+0x220/0x220 [ 34.575787] [] ? selinux_file_ioctl+0x355/0x530 [ 34.582074] [] ? selinux_capable+0x40/0x40 [ 34.587924] [] ? __fget+0x201/0x3a0 [ 34.593166] [] ? __fget+0x228/0x3a0 [ 34.598408] [] ? __fget+0x47/0x3a0 [ 34.603572] [] ? security_file_ioctl+0x89/0xb0 [ 34.609776] [] SyS_ioctl+0x8f/0xc0 [ 34.614935] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 34.622205] Dumping ftrace buffer: [ 34.625717] (ftrace buffer empty) [ 34.629396] Kernel Offset: disabled [ 34.632996] Rebooting in 86400 seconds..