[....] Starting enhanced syslogd: rsyslogd[ 15.789628] audit: type=1400 audit(1520298162.476:4): avc: denied { syslog } for pid=3635 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. 2018/03/06 01:02:54 fuzzer started 2018/03/06 01:02:54 dialing manager at 10.128.0.26:45933 2018/03/06 01:02:58 kcov=true, comps=false 2018/03/06 01:03:00 executing program 0: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000380)=@nat={"252574ffab00", 0x19, 0x0, 0x90, [0x20000040, 0x0, 0x0, 0x20000070, 0x200000a0], 0x0, &(0x7f0000000000), &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, []}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x0, []}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x0, []}]}, 0x108) 2018/03/06 01:03:00 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00005d5ff3)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x200000000000a, &(0x7f0000dedffc)=0x2, 0x4) sendto$inet(r0, &(0x7f0000de1fff), 0x0, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000b0c000)="11a58fde7649496403db92ed306004b3d3cbfc195485c3b895d864ab91a3aebde4f70a917a91ec9612d004000a7b43a35bb73249ede41bf5c05ab608fb7b74ffd57f6e8e43cf9cb723fc0d8d8cabbbbae3a5fde8ad6f52d667c512596f50b9962aa2193688d872a7eeca57801742d74d39c4b003a5e292e077ed102e7999329aab95a3d96363505f76c86a6d2352dd8025207ae531701f1ce353d6b017eb64000000bc2e9f8b66fe4a8e64f0fc7a0aa55d4103e1d7d5b0dd5750071e9b3a786021678a86fcbb0b9f9364ec0f0310306fef9c21b3b20d8b44423b495299cea2c6f40c377a72534453ad7f5af27b1efb2514ace1f9a68cf205a9ddb8fd954e34bde3612e6e05686cf3b968a14bd3a356f7b8d20214c0f7a388ef5ea8d063c65f2aabff685e69f86b4a0b3697f8bfbfe66796f0489ad2e49bdbc1742941c28c88cb93e1f8ccc3db4782cdf9cbd797ddc8d7b1364da50ad48e081a38622280169eba5c6a3bf9b5f15bdf8a8b6483340a3297c31154905db209195c28f15d10153204fbe0586516c714ddc939e0eb68c73969e81fc6f215b476ddf3fcf1a604603360089dadba2779cfed9027ac163067fc0d7592ac8a013b907372a42b242405241ac1f63f85a52fff2d78b30e87a156b5cfa133dabc259bb027bec5eb8c8eb623e9776a13d3ce972a6769de8a78153f498084a244b0146b77be3d1cba7b02fe8906ed8a88f105c763d1772825b986d52823bf38b6f95eca494fd9c64497874b9f450bec65311493cc108b27611eaa6819305a3730d29368f25f7e816d60884a1e0271c3c786ad36391366ac3b65f04c148974f6973005c5ff73d6f0b3f7e44c65da7c4115c4ee543991e4ad26938384cafffffffc8f7e79aaf1b8ef37f627e3c7168ecda2cf224a491bea6129fcd954b88dbb2d29464931bcd5378041db67ddc70ee856ae09c1b26b9ada008a7d52bf1a160606865a29794f36b2a3811c66e9fe27af8fc8356374e37f3eca244367fb535dde71fae4683710761b89f18820d4f06065450c3d1f76fa26ef28320edf6c36480af14f4444edb40ebb3f8ea264486ec31c40c7f0007a69c24da10db6f60da3e648f16b5fc6b5a5c6217e46c1f3ff354a8b49beb3b46a69dcb4c5d547a7b7ba8fe22da0173f9fe80f4bd47afbec4d2e0d3c91b1a326d8bb9fded873e87f847032af52bd6d129f3ce3f11ea9d0b4250af7eaa2649d9972b9b8dc773c869b3a431eac7f55d6bb92dc29f08d7d8959e2af7571efb7ec88eac4b62850e8f6b60d4a5d06d66875b4bd260a9014a2eb88621f4c6eb3f9ed2190b48acf0358d8b82fb4794535fcb8dd50ba86d23d230a94f07a768142ff3b4c8558dac21726b6279980c238041f26e86c8e3fa83028345999464e3e37d610ab7c15daaffb744a505a3dd9802b3721f29553ee23e1cf376f12cc3fe6b7ac76bd13da44356855be096155e355c9cad31fcdeedc6679c531bc1a2765dc8777108ec5e31d793005e718a9ced77d6505e44f649128a29f5264fecba132f9f5016eaf690751edd64d903b36ceb2b08042c60e9e97f8bc985476e6088a5ebd3743c2358171b30b16d730a5dd49c92fa19cc267e2c1927f200fc3d23a804f0a12b06a6a88a2685051ab28f1721209ada2c14b557a49423795b07040d510bb21ce5d15acedd18cb7cb7a93389ceb934206e4ffb220048a7a82fb3c251d0a31ba5af9eb0c16e29f33f9d0a78f5e6300cf04d17eb5f67711cafa0d4e99eeaf0f8fdbd34170318879a0d12c01891127ba7b677d204268524c5af1d7dc27176826302e34f9d35d2f2eefad5f22f68929d3456c11d5f00d4a8ce8b784bca8088805731eff2d47024c2da68abc2d2c0f7806d7d76cdf489f3bffa75cb826bc0809331d89a3255a498b8150d4ae31d03414ab244939455b6377c2917cb2d8a9f9ebf282657e417860e49ac94f4a838aefd34f28960a78da47933252d8cb2fdb27d413ee54502cd1bf75585468b77b8dca627cab29ef0a5297ee3dcb4c987520804e9a5f45e8241019281bab7e30f4b008bf0edf3b6fb5e8d1c2ab619b2eb84293d636a6a37d716cd8e102b7099676693cb7b01031b57ee93fd22cb18229893fd4d4ef87f1596879ac9f61b2f0c35be34cb6e6f75087ff963c188d43bcb464a95e956e75559eb1f6f2224fb2ca8f0bdc90ae5c2ce712498ee4026b13b8f3137000aa1545a75e5b48e80da30e6dac5529cac1099244e79ad542f45dcfbf16c62b5eb63daee8185c5e79ebfa1ca60880f9e2895f54ab95bbae38ae62200c1e439d73fa63d0bff75935a8ad2ae73b82132e8d4eb4bd55844b2f55c65d5ffa0c65aaf0cc5bc73925d05cf7c1c4383af074feb3a53919d2a3b5bef96115aab966821dbfc4577d19d85911a485c58a5b87cf44d230cfdc255486bb09d5c16f2164397f0fc5f652a171f0269bdcd98291410c010cc377d2690a6032fe5701117adbd0f6b847c9617a9b3d20529024d8d9749b9c49827694d346d3b1bbe434122331986b9f6e84430dfd75d123f3e307d6f5514f3da09b527408bfb6816da54beeefad160e4b095517f3292c2e17fb3bba47527671d0afe7c35d54d25ab307b15d069a05395a9cddd4b519224fe3c689d14827ede6d91ebace2a80afaad3dcd1f8ce20e92012b8934d7ff3ebdd285cc24202a86d70b96674a6af05a3c29065afa4e38b9c34006cb3eb9c87985cfc511a8c261cdeb0c7a3c7a682c40c5b9f1d7d5ef6f97e32d02fdd3f2ded413f4a36c4db899b96c8e40d91c2743cd1d435013e3c3431c82fc5b3345b66cce79fa49f10baa4ef28535eee8c5c1a4b38bace2fb14ec11d34d620b1cc2396dc1fa857ac6ac9f5689b5935f2f25184edd40f8f5c70714f941beae3e1bc9af757edd9d68fb24218e2a02aad4dc0b3c2e5ff94ce547f358f38e52673473fd0e57497978324aee16559e9cdbe5b3a0b96dd69fe5bc97e644487274b6158a0412bd60172bb66f774b8eae7bc1f52ed64d44c553bdc26823e35f18683554e7359802173d1fa86a66104abb1977c3e9fa6970ed7ee483b14b65673a81786fe0ed301f8edb0669fd25bfa0d565e3e93b19b8572c98dbacb103053527a95ee758be002e13df756bbc486def0db079124db72fadc26f0a26b42e21f260f902bb4cd881baae57eff1c3cc15063be17e48208b9a69622adfc03991d204fe0f5ae2528b22c7743f97e0669a1c3c0d0d90f39846fd954d681be0265d14b12285fb1b20bcbaa95915ad51ab8f84094674cbac0071021b261c39a46b0177b98f1662100ef31a3e981236d51e6c1429144a89d46b149301873ef99959f8ab15c12309620d5d548b62ff92233a3f200e0d0a9c2122be615dd91e6a6cd89290d24895540635fead9a56f481ee3fd7890852e271fa7c37b1836a3e1764574960e1ab9fda1d25693cfc33defea84f65c08cce479c66dc16b28d453a1b717fdd9f6ff46b1fa1b6866b4a8c1ad53439c5958403953b3a844b660b28b11d427b392a7c710edbf25725a65e6b94e4c64ae458a8c97c9f7a05a7d8ebf6c76e3afc0204ced97be84986da5403ef31eff1790c039fe00a89976ccab7638d2e217fc64609a41f3a008ed78b25d1a9420b782deef6ce2db0c6d427580087b69c75c1357ed2908c32cffee1c6ddd08510562ab015507a4eb4f54ae5c097cdca34f521f9fa8df7667645a696a472650c1ca9c035e95f34db54722897159c31dc6be5693a5f3871ccbb48a7ead233d03b76875590fa20bae4f37a2011622d0203a3e9d9e198cb075aba26f5e78a8f0b0cd27052527daf0f8e77858dbddec7038c198b868e93ae32f1745d166afed4129460e07af8cb6c3debb6503e87f3cb309e39ed3d682d24adec48ea22702c4d8d48386977a89b73e585f8c2c5fcb0a693cd5028a601b04b833a41ec705735c767c70d316b60aba2da24bd6523533f3180accade90f47e412b393ee1d2456cf8bb430289ddb824350764985c5e35f738f830a378bfa65fd167c7307c13acb912beefa69e499d4a750e820a7af08a7c204ffb64e09fcc921a4e79999757d608880bfd52255bbc16369af4f779edfd9439cfcd17fcc02d5aaa81bac66fa2e551cef55779bd90e8be587ee698575918fced59ec652af26718b3afd1471379132ba0b5143a78f84605b1ef51e49e820a8a8c1639f66bca5afd83602287e982eb125a3a032e4cc5b5be91ab4d8d958fd4dc4cbd310eddc91d89ada4d33fcc963d259e222520281d14e13577906e33665a31afa7cb501cc0c1198d1f755005e82f29bcda62bbf8680bc23d09cac6a8c89709b30c91d27ea148f01ba745346f1ba9ce89cd9b71ff18668a0254c07479762dbb78117c50450506e2a0a606309aa383ec55a49d2569c3a3fef8aad456aa81cb859519765de18a4b92194e8a6a43f1dade801f71eb56699bc021fa48f320f4128d6c153a2ec1fba1c5ca55c5058641692365d311c8902aaf1428d83281aa970af5d98591cd3af30fbb5ee4a1b697491ff6dd727a329feb17b782f254d691f949baf96afa195c62f2c3fd1855a79b25268cef9822e3c6a1b3aa226ec494b070a8774426a5f8877714fe206e569635805208ac7823c8546ec33e4482a85d6fddf86a37a1c60f0a19b5dfe88031b7541af0e93cac8a3bb1ff3e60190b96faedc3b6f63d38f3ee4286fbaa053e8e27ed13b77b2c576d824d777ca53df76d9572e71f74ff180778bf57458b37fe9dbaa6f9927b48b059e5c7fd908ac826aed8f68764285022f4b5cb6b73ef7222ecb0d701c782ed5c16a7c94235fe7c3e0bef9da7310c5f3cda407c5ae7ecfb6b392ad576610b48af17b3fc8a2fd6cd2eee1153cc48a21ba6768a88367a807be008bea547402da4c92c2006c83d74c9d0ef2ca711c54036c8e76ac26c7d22060c9bfc2e67f1d1c6f6bd2f751879295ee21fcf8588c9504cacb02fa3e3fc6e2bed352447a5c2677caba0538960357d6d1706adef5e7d4f6298ed4ecacb7776de15d9bbd672f9991f4bdc4f07401f67cf3a74c0495ea58d0f76a2e6060cecc1d04b93808dc8d61130305740b408359d5552cc23a7b1eff4285d563b4b6b011a4a11372a2bb01cbda724482f95c4487b02c85cc121012b3213041ff6a689072daa4d86a4c125b110f4e2eeed2dd73db0f94ce995896e0b8a9f8f3e9559024251a5b1726b0b3775bac9fabed968d2d4ea31bbdfb2910331d92cb4ff5cc9037cc08cd35f88c4d7b89e46a8cbd05e3c35732b5046b33060dce5372b171daa526a46c3444b331e71f0455fb8b43dc46e2c9f2c4effccf040e56de00000007b16de337f13e7a610feac2f336e75405a530815366e7edfbb429babfd0e68db56892b94621edd9df6ff454ab1dcdb8d39d282fa7932ec7ba5203df2f4196538a1fa040c8014d20ff57fdb8515325a6997b9b71f2094e053f126402a47e628eeb7d8f665fbabe8f1a409ca9c7c5c25baaa0e9945acf27e96f8241a445f7d3352494ba4210b348fa0ec11ea67dead4fc1e5e4f9202931386468882bee59f8d12174198142ef7764d6b930e937e20d018c0cc5a780490356f5521aac74d2c1736e20ae5e0cd8cf6676ac337e8a8976aac75a698e34e72bac561038f228c13b6e974bc21bb79618111db507f3ba314dd2d05fd050d684cf33d8da5f8e5f723a092098ac5b180a6579d543515c2e1d0eb502193aedab526d354b625990c7d5a9f90d86c4e374054f1d14270b603065293e7fa3840de575413b74bfbc4f8c139947ade9a6f48907053f1ae3a95c2", 0x1001, 0xc004, 0x0, 0x0) recvmsg(r0, &(0x7f0000df6fc8)={&(0x7f0000df6f80)=@generic, 0x80, &(0x7f0000df5000)=[], 0x0, &(0x7f0000c27ff9)=""/7, 0x7, 0x8000}, 0x40000100) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000080)={@loopback={0x0, 0x1}, @remote={0xfe, 0x80, [], 0xbb}, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x34, 0x98, 0x1, 0x400, 0x76, 0x8}) 2018/03/06 01:03:00 executing program 7: syz_emit_ethernet(0x66, &(0x7f0000101000)={@random="cd390b081bf2", @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @rand_addr}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@pkt_toobig={0x38, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @loopback={0x0, 0x1}, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, []}}}}}}}, 0x0) 2018/03/06 01:03:00 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000100)={'nat\x00'}, &(0x7f0000000180)=0x54) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) 2018/03/06 01:03:00 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/03/06 01:03:00 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f00000006c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, &(0x7f0000000780)=0x90) recvmsg(r0, &(0x7f0000000680)={&(0x7f00000000c0)=@rc, 0x80, &(0x7f0000000600)=[]}, 0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000184000)={0x2, 0x4000000000000d, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, []}, 0x10}, 0x1}, 0x0) 2018/03/06 01:03:00 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18010000120001050000000000000000e0000001000000000000000000000000000000000000000008000c00000000000800030000000000b000070000000000fe800000000000000000000000000000ac1414aa00000000000000000000000000000000000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001d000000000028001a00000000000000f985aa5100000000ffff7f000001fe8000000000000000000000000000aa"], 0x3}, 0x1}, 0x0) 2018/03/06 01:03:00 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='/exe\x00\x00\x00\x00\x00\x00') ioctl$fiemap(r0, 0xc020660b, &(0x7f00000001c0)={0x100000000, 0x5, 0x0, 0x0, 0x0, []}) syzkaller login: [ 33.975339] audit: type=1400 audit(1520298180.656:5): avc: denied { sys_admin } for pid=3844 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 34.003815] IPVS: Creating netns size=2536 id=1 [ 34.013555] audit: type=1400 audit(1520298180.696:6): avc: denied { net_admin } for pid=3846 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 34.052382] IPVS: Creating netns size=2536 id=2 [ 34.093852] IPVS: Creating netns size=2536 id=3 [ 34.136949] IPVS: Creating netns size=2536 id=4 [ 34.187806] IPVS: Creating netns size=2536 id=5 [ 34.240569] IPVS: Creating netns size=2536 id=6 [ 34.308322] IPVS: Creating netns size=2536 id=7 [ 34.362587] IPVS: Creating netns size=2536 id=8 [ 34.725947] ip (4157) used greatest stack depth: 24496 bytes left [ 34.851605] ip (4216) used greatest stack depth: 24000 bytes left [ 36.577615] audit: type=1400 audit(1520298183.266:7): avc: denied { sys_chroot } for pid=3846 comm="syz-executor3" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/03/06 01:03:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSBRK(r1, 0x5427) 2018/03/06 01:03:03 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x4) sendto$inet6(r0, &(0x7f0000000000), 0x292, 0x0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0x27dfbd5f}, 0x1c) 2018/03/06 01:03:03 executing program 7: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0)) clock_adjtime(0x0, &(0x7f0000000200)={0x400, 0x0, 0x0, 0x3ff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0xddb7, 0xfffffffffffffeff, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1ff, 0xcdb, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x6}) 2018/03/06 01:03:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup2(r1, r0) 2018/03/06 01:03:03 executing program 4: r0 = add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a}, &(0x7f00000002c0)='(', 0x1, 0xfffffffffffffffd) keyctl$search(0xa, r0, &(0x7f0000000300)='dns_resolver\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a}, 0x0) 2018/03/06 01:03:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18010000120001050000000000000000e0000001000000000000000000000000000000000000000008000c00000000000800030000000000b000070000000000fe800000000000000000000000000000ac1414aa00000000000000000000000000000000000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001d000000000028001a00000000000000f985aa5100000000ffff7f000001fe8000000000000000000000000000aa"], 0x3}, 0x1}, 0x0) 2018/03/06 01:03:03 executing program 6: r0 = socket(0x40000000015, 0x5, 0x0) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f00004b3fff), 0x380, 0x0, &(0x7f00002b4000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) 2018/03/06 01:03:03 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r0, &(0x7f0000006a00)=[{{&(0x7f0000005680)=@generic, 0x80, &(0x7f00000068c0)=[], 0x0, &(0x7f0000006900)=""/245, 0xf5}}], 0x1, 0x10040, &(0x7f0000006b80)) 2018/03/06 01:03:03 executing program 2: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @empty=0x2000000, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @dev={0xac, 0x14, 0x14}}}}}, &(0x7f0000000040)) 2018/03/06 01:03:03 executing program 1: mkdir(&(0x7f0000d90ff8)='./file0\x00', 0x0) mount(&(0x7f0000212ff8)='./file0\x00', &(0x7f000078eff8)='./file0\x00', &(0x7f0000982ff9)='mqueue\x00', 0x0, &(0x7f0000653fff)) r0 = creat(&(0x7f00000000c0)='./file0/bus\x00', 0x0) mq_notify(r0, &(0x7f0000477fa0)={0x0, 0x0, 0x0, @thr={&(0x7f0000bc8000), &(0x7f0000231000)}}) mq_timedsend(r0, &(0x7f0000d8e000), 0x0, 0x0, 0x0) 2018/03/06 01:03:03 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={&(0x7f0000f8d000)={0x10}, 0xc, &(0x7f00008a7000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c00000001040101ffffffffffffffff00000002090000000000000000000000000000"], 0x23}, 0x1}, 0x0) 2018/03/06 01:03:03 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr=0x5}, 0x10) sendto$inet(r0, &(0x7f00001b9000), 0x0, 0x20008007, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) 2018/03/06 01:03:03 executing program 4: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)=')', 0x1}], 0x1) 2018/03/06 01:03:03 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00') write(r0, &(0x7f0000000100), 0x0) 2018/03/06 01:03:03 executing program 1: mount(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100)='/', &(0x7f0000000140)='\x00\x00\x00\x00\x00\x00\x00', 0x0, &(0x7f0000000180)) 2018/03/06 01:03:03 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000000)="220000001800070700be0020090007000a00f688fccb008d2cd3c7f713b90900f8ff", 0x22) 2018/03/06 01:03:03 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) close(r0) 2018/03/06 01:03:03 executing program 6: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000180), &(0x7f0000000000)=0x4) [ 37.161102] audit: type=1400 audit(1520298183.846:8): avc: denied { dac_override } for pid=5223 comm="syz-executor1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/03/06 01:03:03 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa, 0x4e20, 0x0, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}}}}, 0x108) bind$inet6(r0, &(0x7f0000f13000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000694ffe)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x6, "06f526", 0x8, 0x11, 0x0, @empty, @mcast2={0xff, 0x2, [], 0x1}, {[], @udp={0x4e20, 0x4e22, 0x8}}}}}}, &(0x7f0000775000)) 2018/03/06 01:03:03 executing program 7: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40042406, &(0x7f0000000040)='\x00') 2018/03/06 01:03:03 executing program 5: request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={0x73, 0x79, 0x7a}, &(0x7f00000003c0)='\x00', 0xfffffffffffffffd) 2018/03/06 01:03:03 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00007b6ff7)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000007c0)=""/246) r1 = socket(0x11, 0x2, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt(r1, 0x107, 0x1, &(0x7f0000dfaff0)="010000000000060000071a00009139cc", 0x10) ioctl$EVIOCGREP(r0, 0x4004743c, &(0x7f0000000300)=""/174) 2018/03/06 01:03:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000005000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4)=[], 0x1, 0x0, &(0x7f0000000040)="cd"}) 2018/03/06 01:03:03 executing program 7: syz_open_procfs(0x0, &(0x7f0000000200)='setgroups\x00') [ 37.208359] audit: type=1400 audit(1520298183.896:9): avc: denied { create } for pid=5240 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 2018/03/06 01:03:03 executing program 7: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000180)={@ipv4={[], [0xff, 0xff], @empty}, @loopback={0x0, 0x1}, @dev={0xfe, 0x80}, 0x0, 0x0, 0x0, 0x0, 0xff}) 2018/03/06 01:03:03 executing program 6: mkdir(&(0x7f0000014000)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000c40000)='./file0\x00', &(0x7f0000014000)='ramfs\x00', 0x0, &(0x7f0000000000)) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f000001effd)='/', r0, &(0x7f0000d06ff8)='./file0\x00') lremovexattr(&(0x7f0000000040)='./file0/file0/file0/file0\x00', &(0x7f0000000080)=@known='security.ima\x00') [ 37.215333] netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'. [ 37.215770] netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'. 2018/03/06 01:03:04 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f00000000c0)={'IDLETIMER\x00'}, &(0x7f0000000040)=0x1e) 2018/03/06 01:03:04 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000058000)={0x1, {{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f000060a000)={0x1, {{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, 0x0, 0x0, []}, 0x90) 2018/03/06 01:03:04 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000040)={'security\x00', 0x2, [{}, {}]}, 0x48) 2018/03/06 01:03:04 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000040)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) 2018/03/06 01:03:04 executing program 3: r0 = socket$inet6(0xa, 0x80005, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000020fe4)=@in6={0xa, 0x4e20, 0x0, @dev={0xfc, 0x7e}}, 0x80, &(0x7f0000012f70)=[{&(0x7f000001af95)='\'', 0x1}], 0x1, &(0x7f0000000000)=[]}, 0x20004840) 2018/03/06 01:03:04 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f00000017c0)={'ip_vti0\x00', {0x2, 0x4e20, @loopback=0x7f000001}}) 2018/03/06 01:03:04 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x1) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) read(r0, &(0x7f0000000180)=""/217, 0xd9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000de2ffc)) ioctl$TCXONC(r1, 0x540a, 0x0) 2018/03/06 01:03:04 executing program 2: r0 = socket$inet(0x2, 0x80003, 0xab) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000c00)=@filter={'filter\x00', 0xe, 0x2, 0x340, [0x0, 0x200008c0, 0x200008f0, 0x20000920], 0x0, &(0x7f0000000000), &(0x7f00000008c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x0, []}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x0, []}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x9, 0x0, 0x0, 'syz_tun\x00', 'bond0\x00', 'bond0\x00', 'tunl0\x00', @link_local={0x1, 0x80, 0xc2}, [], @random="91628975df1b", [], 0xc0, 0x160, 0x1b0, [@helper={'helper\x00', 0x28, {{0x1, 'tftp-20000\x00'}}}]}, [@common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x0, 'syz1\x00'}}}, @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x1, 'syz0\x00'}}}]}, @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x0, 'syz0\x00'}}}}, {{{0x9, 0x0, 0x0, 'bcsh0\x00', 'bcsh0\x00', 'teql0\x00', 'gretap0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0xb0, 0xb0, 0x100, [@owner={'owner\x00', 0x18}]}, []}, @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x0, 'syz0\x00'}}}}]}]}, 0x3b8) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000d00)) 2018/03/06 01:03:04 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000140)=0x44) 2018/03/06 01:03:04 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000050bff6)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000b04000)) ioctl$TIOCSCTTY(r0, 0x540e, 0x0) ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, &(0x7f0000000180)) [ 37.247409] audit: type=1400 audit(1520298183.926:10): avc: denied { net_raw } for pid=5261 comm="syz-executor4" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 37.256860] binder: 5262:5266 ioctl c0306201 20007000 returned -14 [ 37.277409] binder_alloc: binder_alloc_mmap_handler: 5262 20000000-20002000 already mapped failed -16 2018/03/06 01:03:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper={0x630b}], 0x48, 0x0, &(0x7f0000000040)="200a4f7d2cd3cf681df3e40f9a52c906790667ea55684d1647b5e62cd403c20cdc7d576f7ea8e978c8aec8834536b5140fed9f16c9c0763033919c342ff0084dd944f0455006071b"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f000026c000)=[], &(0x7f000000afd0)=[]}}], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[], &(0x7f0000000080)=[]}}], 0x0, 0x0, &(0x7f0000000500)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000015c0)={0x0, 0x0, &(0x7f00000002c0)=[], 0x1, 0x0, &(0x7f0000000500)='j'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[], 0x4c, 0x0, &(0x7f0000000400)="33ec06451893c8ed9866ad6bd15b0d3d5c95f3d43a33a35c427aa7dddfb2246f59cc0578868c646549d6bc4e7b5941f777be027db99e2221ad00ea2da4f4276cf293df269c7325dd0659b79d"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x10, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1163484000000000", @ANYPTR=&(0x7f00000001c0)=ANY=[]], 0x0, 0x0, &(0x7f00000002c0)}) 2018/03/06 01:03:04 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) 2018/03/06 01:03:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xa) writev(r0, &(0x7f0000fdbff8)=[{&(0x7f0000ac9000)="290000002000190000003fffffffda060200000000e80001040000040d000300ea1100000005000000", 0x29}], 0x1) 2018/03/06 01:03:04 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000001380)=[{&(0x7f0000001100)=""/92, 0x5c}, {&(0x7f0000001300)=""/41, 0x29}, {&(0x7f0000001340)=""/54, 0x36}], 0x3, 0x0) 2018/03/06 01:03:04 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f000001bff0)={0x2, 0x4e22, @loopback=0x7f000001}, 0x10) connect$inet(r0, &(0x7f0000024ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000037000)=@sco, 0x80, &(0x7f0000000b40)=[{&(0x7f00000008c0)=""/208, 0xd0}], 0x1, &(0x7f0000021f03)=""/253, 0xfd}, 0x0) sendmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="a0", 0x1}], 0x1, &(0x7f0000000180)=[]}, 0x0) 2018/03/06 01:03:04 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000000c0), &(0x7f0000000180)=0x8) 2018/03/06 01:03:04 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000000)=""/28, 0xe) 2018/03/06 01:03:04 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000001c0)) 2018/03/06 01:03:04 executing program 7: perf_event_open(&(0x7f0000220000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000bc000)=@abs, 0x8) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10) sendmmsg$unix(r1, &(0x7f00000bd000)=[], 0x80, 0x0) 2018/03/06 01:03:04 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f000012e000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000e9bff0)={0x1, &(0x7f0000f07000)=[{0x6, 0x0, 0x0, 0x101}]}, 0x10) connect$inet(r0, &(0x7f0000987000)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r0, &(0x7f00002e8f1e)="96427feebcc603c266d2a2c2da2644124066d6c52746a66fd07a4a9370b924b494651c3febca0be535e0f30bbafe65b8b859d6696b208f558b002bbc2366429da28cdb97727474f32fcce772ce439a1b5785bb74b8040705191a3d28e775b402a04cdf7881cf1c80eb042835db0e8c24fd0e3c0f396da612f44d9999de32f883521dfa4593a5772e19b5c0c27ace555870d7fe3a1819c614a8d9447cfa592c236d96bf255bf3966b0c1c34711ce489df2032a31902ae0742b79d7334ef248790fa0e3787e4b945215cddc03c4f384e6815bab43d34b8c04eb06ff00f10743a0e25f6", 0xe2, 0x0, &(0x7f0000848ff0)={0x2, 0x4e20, @dev={0xac, 0x14}}, 0x10) sendto$inet(r0, &(0x7f0000000080)="000ebcbc", 0x4, 0x1, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000266ffc), 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00002bff1e), 0x0, 0x0, &(0x7f0000a28000)={0x2, 0x4e20, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x500800}, 0xc, &(0x7f0000000240)={&(0x7f0000000700)={0x31c, 0x22, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@generic="d63299a632b5fe85507d5d3db009c20237d6afe0870dea640367cad37f2cca9a54892ec993612a8fcecfa2bd64afff9464dc158b57880b0740185057623856db3ddf52e875884c6728b1569b0bb2b4c6bafb4a33e861ca6c5e8f6c8e0881ca11547c7c59149b9a298efda7cceb3246eb54b697311fae06177c0024f279f069b064051484b2cc7746652f2b4aaf628d65c9b16e77951c9173bddc5bd1eea440088f9672b65dde839f102807a412bc4f5293c3cd722bfb293131d2a90e996dbf8305b4d8b88f261addb0cb24d47163122bb41a9cb93690731cba4458bbe3435e704a968b709dbae1", @generic, @nested={0xd8, 0x4a, [@generic="1e0975f0e183bd5a54d88a2cc97ea940d11df9bd7dad63577f7e052fa0acb534aaee09761bc7db087d7265d4c4afaf1a00743a86c9275ee6d16ff99569434226510c7b7f883f1bb561c73f5b705c7e352ce78b13437af2be531a36cd5c7ffebf3c739c2ba74cce42e42a0abfd0806842b3c867f3ffeae0bd4833c6dd17106b9c53c764c1f72d7b3a212bdaaba154c7667d381b2480c4eb6848a0aa93b4d9d5873e168d8c304d5cdf31039cc84ebd518c025176c55ec7b61f8f2e54d51a4b813f449259aa389e4b33013b28d9b641aa21a5"]}, @nested={0x50, 0x6c, [@generic="ab4372c95614c9190269c6b8d0c8a657a6858a1a65870debabdd5c620cc43ed5c9bfb485522c3a0a1d807f", @typed={0xc, 0x5, @pid}, @typed={0x8, 0x1e}, @typed={0xc, 0x7, @u32=0xc3e5}]}, @nested={0xf8, 0x77, [@typed={0xc, 0xc, @ipv4=@multicast1=0xe0000001}, @typed={0x18, 0x96, @ipv6=@remote={0xfe, 0x80, [], 0xbb}}, @typed={0x10, 0x4c, @str='irlan0\x00'}, @generic="f6d913a6eccf3617e073140f8f12550aff4d1713c08c10862c8ac560fc9c33488a276691273c320ddf3face5d792420e76c12b3b026ee9fedcea16c11c5ee2674cb5e1c815a10c596376c6a978ae17073fcc1086b3e41c2aee754e7522fa21d2c4418babd11ad27b12533a78e6a5fc5a87984109332206926be5be2741a4086d7c521bb6443f38facff5b8bd4c2aec5672ef6d91f140071e4e33683334ce9703f9b1636ea0171be588084aa22821532f911dbddf427812d0a43cb14a94"]}]}, 0x31c}, 0x1, 0x0, 0x0, 0x20040001}, 0xc000) shutdown(r1, 0x1) recvmmsg(r1, &(0x7f0000000640)=[{{&(0x7f0000000000)=ANY=[], 0x0, &(0x7f0000000540)=[{&(0x7f0000000300)=""/204, 0xcc}, {&(0x7f00000004c0)=""/108, 0x6c}], 0x2, &(0x7f0000000600)=""/10, 0xa}}], 0x1, 0x100, &(0x7f00000006c0)) [ 37.391933] audit: type=1400 audit(1520298184.076:11): avc: denied { create } for pid=5333 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [ 37.423022] audit: type=1400 audit(1520298184.106:12): avc: denied { set_context_mgr } for pid=5328 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 37.427969] binder: 5328:5339 ERROR: BC_REGISTER_LOOPER called without request [ 37.454220] audit: type=1400 audit(1520298184.136:13): avc: denied { call } for pid=5328 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 37.457487] binder: release 5328:5339 transaction 3 out, still active [ 37.457492] binder: release 5328:5339 transaction 2 in, still active [ 37.457495] binder: undelivered TRANSACTION_COMPLETE [ 37.521472] binder: BINDER_SET_CONTEXT_MGR already set [ 37.521482] binder: 5328:5378 ioctl 40046207 0 returned -16 [ 37.522645] binder: 5328:5365 ERROR: BC_REGISTER_LOOPER called without request [ 37.522690] binder_alloc: 5328: binder_alloc_buf, no vma [ 37.522708] binder: 5328:5378 transaction failed 29189/-3, size 0-0 line 3127 [ 37.523865] binder_alloc: 5328: binder_alloc_buf, no vma [ 37.523878] binder: 5328:5365 transaction failed 29189/-3, size 0-0 line 3127 [ 37.523898] binder: undelivered TRANSACTION_ERROR: 29189 [ 37.526236] binder_alloc: 5328: binder_alloc_buf, no vma [ 37.526250] binder: 5328:5378 transaction failed 29189/-3, size 0-0 line 3127 [ 37.539924] binder: undelivered TRANSACTION_ERROR: 29189 [ 37.540044] binder: release 5328:5365 transaction 4 in, still active [ 37.540053] binder: send failed reply for transaction 4 to 5328:5365 [ 37.540193] ================================================================== [ 37.540207] BUG: KASAN: use-after-free in __list_del_entry+0x196/0x1d0 [ 37.540211] Read of size 8 at addr ffff8801c6176410 by task kworker/1:2/1810 [ 37.540213] [ 37.540220] CPU: 1 PID: 1810 Comm: kworker/1:2 Not tainted 4.9.86-gb324a70 #50 [ 37.540223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.540232] Workqueue: events binder_deferred_func [ 37.540242] ffff8801cefd7a50 ffffffff81d956f9 ffffea0007185d80 ffff8801c6176410 [ 37.540251] 0000000000000000 ffff8801c6176410 ffffed00379e36d9 ffff8801cefd7a88 [ 37.540259] ffffffff8153e083 ffff8801c6176410 0000000000000008 0000000000000000 [ 37.540260] Call Trace: [ 37.540269] [] dump_stack+0xc1/0x128 [ 37.540279] [] print_address_description+0x73/0x280 [ 37.540285] [] kasan_report+0x275/0x360 [ 37.540292] [] ? __list_del_entry+0x196/0x1d0 [ 37.540298] [] __asan_report_load8_noabort+0x14/0x20 [ 37.540305] [] __list_del_entry+0x196/0x1d0 [ 37.540310] [] binder_release_work+0x8c/0x260 [ 37.540316] [] ? binder_send_failed_reply+0x18a/0x3a0 [ 37.540322] [] binder_thread_release+0x428/0x600 [ 37.540327] [] binder_deferred_func+0x43f/0xd10 [ 37.540335] [] ? __lock_is_held+0xa1/0xf0 [ 37.540343] [] process_one_work+0x7e0/0x1610 [ 37.540349] [] ? process_one_work+0x72c/0x1610 [ 37.540356] [] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 37.540363] [] worker_thread+0xe0/0x10d0 [ 37.540370] [] ? __schedule+0x683/0x1ba0 [ 37.540376] [] kthread+0x26d/0x300 [ 37.540383] [] ? process_one_work+0x1610/0x1610 [ 37.540388] [] ? kthread_park+0xa0/0xa0 [ 37.540395] [] ? kthread_park+0xa0/0xa0 [ 37.540400] [] ? kthread_park+0xa0/0xa0 [ 37.540406] [] ret_from_fork+0x5c/0x70 [ 37.540408] [ 37.540411] Allocated by task 5365: [ 37.540417] save_stack_trace+0x16/0x20 [ 37.540422] save_stack+0x43/0xd0 [ 37.540426] kasan_kmalloc+0xad/0xe0 [ 37.540431] kmem_cache_alloc_trace+0xfb/0x2a0 [ 37.540436] binder_transaction+0x103c/0x7040 [ 37.540440] binder_thread_write+0x8d4/0x31f0 [ 37.540445] binder_ioctl_write_read.isra.55+0x1ed/0x9a0 [ 37.540449] binder_ioctl+0xaea/0x11b0 [ 37.540455] do_vfs_ioctl+0x1aa/0x1140 [ 37.540460] SyS_ioctl+0x8f/0xc0 [ 37.540465] do_syscall_64+0x1a4/0x490 [ 37.540470] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 37.540471] [ 37.540473] Freed by task 1810: [ 37.540477] save_stack_trace+0x16/0x20 [ 37.540482] save_stack+0x43/0xd0 [ 37.540487] kasan_slab_free+0x72/0xc0 [ 37.540491] kfree+0x103/0x300 [ 37.540497] binder_free_transaction+0x6a/0x90 [ 37.540501] binder_send_failed_reply+0x185/0x3a0 [ 37.540505] binder_thread_release+0x416/0x600 [ 37.540510] binder_deferred_func+0x43f/0xd10 [ 37.540515] process_one_work+0x7e0/0x1610 [ 37.540520] worker_thread+0xe0/0x10d0 [ 37.540524] kthread+0x26d/0x300 [ 37.540528] ret_from_fork+0x5c/0x70 [ 37.540529] [ 37.540533] The buggy address belongs to the object at ffff8801c6176400 [ 37.540533] which belongs to the cache kmalloc-192 of size 192 [ 37.540538] The buggy address is located 16 bytes inside of [ 37.540538] 192-byte region [ffff8801c6176400, ffff8801c61764c0) [ 37.540540] The buggy address belongs to the page: [ 37.540546] page:ffffea0007185d80 count:1 mapcount:0 mapping: (null) index:0x0 [ 37.540550] flags: 0x8000000000000080(slab) [ 37.540552] page dumped because: kasan: bad access detected [ 37.540553] [ 37.540555] Memory state around the buggy address: [ 37.540560] ffff8801c6176300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.540564] ffff8801c6176380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.540569] >ffff8801c6176400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.540571] ^ [ 37.540575] ffff8801c6176480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.540579] ffff8801c6176500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.540581] ================================================================== [ 37.540582] Disabling lock debugging due to kernel taint [ 37.540586] Kernel panic - not syncing: panic_on_warn set ... [ 37.540586] [ 37.540591] CPU: 1 PID: 1810 Comm: kworker/1:2 Tainted: G B 4.9.86-gb324a70 #50 [ 37.540594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.540600] Workqueue: events binder_deferred_func [ 37.540609] ffff8801cefd79a8 ffffffff81d956f9 ffffffff841979cf ffff8801cefd7a80 [ 37.540617] 0000000000000000 ffff8801c6176410 ffffed00379e36d9 ffff8801cefd7a70 [ 37.540625] ffffffff8142f531 0000000041b58ab3 ffffffff8418b430 ffffffff8142f375 [ 37.540627] Call Trace: [ 37.540632] [] dump_stack+0xc1/0x128 [ 37.540640] [] panic+0x1bc/0x3a8 [ 37.540648] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 37.540655] [] kasan_end_report+0x50/0x50 [ 37.540660] [] kasan_report+0x167/0x360 [ 37.540667] [] ? __list_del_entry+0x196/0x1d0 [ 37.540673] [] __asan_report_load8_noabort+0x14/0x20 [ 37.540679] [] __list_del_entry+0x196/0x1d0 [ 37.540685] [] binder_release_work+0x8c/0x260 [ 37.540690] [] ? binder_send_failed_reply+0x18a/0x3a0 [ 37.540696] [] binder_thread_release+0x428/0x600 [ 37.540702] [] binder_deferred_func+0x43f/0xd10 [ 37.540708] [] ? __lock_is_held+0xa1/0xf0 [ 37.540715] [] process_one_work+0x7e0/0x1610 [ 37.540721] [] ? process_one_work+0x72c/0x1610 [ 37.540728] [] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 37.540735] [] worker_thread+0xe0/0x10d0 [ 37.540741] [] ? __schedule+0x683/0x1ba0 [ 37.540747] [] kthread+0x26d/0x300 [ 37.540754] [] ? process_one_work+0x1610/0x1610 [ 37.540759] [] ? kthread_park+0xa0/0xa0 [ 37.540765] [] ? kthread_park+0xa0/0xa0 [ 37.540771] [] ? kthread_park+0xa0/0xa0 [ 37.540776] [] ret_from_fork+0x5c/0x70 [ 37.541576] Dumping ftrace buffer: [ 37.541579] (ftrace buffer empty) [ 37.541582] Kernel Offset: disabled [ 38.254663] Rebooting in 86400 seconds..