[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.270700] audit: type=1400 audit(1517587893.393:6): avc: denied { map } for pid=4148 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. 2018/02/02 16:11:39 fuzzer started syzkaller login: [ 24.556950] audit: type=1400 audit(1517587899.679:7): avc: denied { map } for pid=4159 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/02 16:11:39 dialing manager at 10.128.0.26:41559 [ 28.558888] can: request_module (can-proto-0) failed. [ 28.568149] can: request_module (can-proto-0) failed. 2018/02/02 16:11:44 kcov=true, comps=true [ 29.111243] audit: type=1400 audit(1517587904.233:8): avc: denied { map } for pid=4159 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=9093 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/02/02 16:11:46 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000001000-0x12)='/dev/snd/pcmC#D#c\x00', 0x1, 0x2000) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000001000-0x4), &(0x7f00003e5000-0x4)=0x4) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000), &(0x7f0000001000)=0x4) setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, &(0x7f0000000000)=0x8, 0x4) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000003000-0xe8)={0x0, 0x0, 0x0, 0x100000000, 0x2, 0x0, 0xa, 0x1e, 0x14, "35daa36159c7bf0eb3639439444cecb49bef983d9df248f52719ab3e9d1b1bd31ca1f6cd8a869a7eb985f048ec85366611ae8e76607b699cb7b1911f96cc827f", "0ce40ca148ba79400826bb7573dd2d244532e55ab10219ffc32f9f83c241a836c9287cd1370ab24ece333863234f8de8c911362dffc8650562a977bbc8e07c11", "1b3eb305ed5fca68d7267e84e91226169b66458eba02a51697538482b7342266", [0xd9f9, 0xfffffffffffffffa]}) ioctl$KVM_GET_PIT2(r0, 0x8070ae9f, &(0x7f0000000000)) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000003000)=0x101, 0x4) getsockopt$inet6_udp_int(r0, 0x11, 0x0, &(0x7f0000001000), &(0x7f0000004000-0x4)=0x4) ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f0000003000-0x4)=0x6) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = add_key(&(0x7f0000003000-0xb)='asymmetric\x00', &(0x7f0000005000-0x5)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000003000)="016a2aea4006593bc8950cc3166b09aa32e4cf9b9dcc1d48eaac4ec33142", 0x1e, 0xfffffffffffffff8) stat(&(0x7f0000001000-0x8)='./file0\x00', &(0x7f0000003000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fstat(r0, &(0x7f0000005000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, r1, r2, r3) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000002000)=0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) migrate_pages(r4, 0xfffffffffffffff7, &(0x7f0000005000)=0x4, &(0x7f0000005000)=0x5) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000005000)) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000006000-0x34)={{0x3, 0x3, 0x2b61, 0x0, 0x6}}) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f0000002000)={0x3, 0xa58b}) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000007000-0x16)={0x9, [0x800, 0x80000001, 0x7, 0x0, 0x400, 0x8, 0xffff, 0xffff, 0x3]}, 0x16) openat$vnet(0xffffffffffffff9c, &(0x7f0000002000)='/dev/vhost-net\x00', 0x2, 0x0) 2018/02/02 16:11:46 executing program 3: 2018/02/02 16:11:46 executing program 0: 2018/02/02 16:11:46 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000858000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sysfs$2(0x2, 0x0, &(0x7f0000993000)=""/232) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000a20000-0xc)={0x4, 0xffffffffffffffff}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000005000)={0x4, 0xffffffffffffffff}) 2018/02/02 16:11:46 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f00005cb000-0xb)='/dev/loop#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000f58000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000000001bf3ffffff000065000000edff00007db0e6330ee7f9b319d8000018e58d1c43473000e05026fb0000008001d1a7335d5bffff0001d7", "cea40005003500f7ff0002ff000000000000000000810000dc01867dfffe0200"}) 2018/02/02 16:11:46 executing program 5: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000cc8000-0x24)={0x100000000, 0xffffffffffffffff, 0x6, 0x2, 0x6, 0x2, 0x80000000, 0x4, 0x5, 0x400, 0xfffffffffffffff7, 0x1}) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000000)={0x0}) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000000)=0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)=0x0) rt_tgsigqueueinfo(r2, r3, 0x7, &(0x7f0000001000-0x10)={0x37, 0x7, 0x8, 0x9}) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) rt_sigtimedwait(&(0x7f0000001000)={0x3}, &(0x7f0000002000-0x10), &(0x7f0000001000)={0x77359400}, 0x8) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000001000)=[{&(0x7f0000001000)="80166194a04b5e4c441924013093ca476805f2835a85cb5e96e1897e4cbab642b6314ef8c299e95a", 0x28}, {&(0x7f0000000000)="6ab3e595683cd56a2d1b93d031aabe56417824631c968c9a97a5bdb8775bea9f55bc1712f6c4b50676df831e240486625b03dc8eef89862332c407", 0x3b}, {&(0x7f0000002000)="cdf7100bba20410fe3d15c6082fae49aef5b0f867470ad7ea773365446c1cd78305909568e5b9045dc1ace536ed488e7bc6707ca802e5e83ea9a3e6bb09dbd37cca8c0b9ecb977f0faaf3f079fab4df32ba80c7f0bdb8d32f83e27d7f8c6d2cf438ec860565f61d151ea3b0713f608599509c992a3326d68f496b12130fd5e72064b529cfef1520c91b928c334599e9e5172c82e3a2c96322589da40abddf817cb4972e3a6efaf88af7e68eede7aa0d6d202bce76fd8a0971bdbcdf846b19c15951d7c2683638d", 0xc7}], 0x3) socket$nl_crypto(0x10, 0x3, 0x15) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$packet_buf(r0, 0x107, 0xd, &(0x7f0000004000-0x1000)=""/4096, &(0x7f0000002000-0x4)=0x1000) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000001000-0x10)={0x0, 0x0}) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) futimesat(r1, &(0x7f0000005000-0x8)='./file0\x00', &(0x7f0000005000-0x20)={{r4, r5/1000+30000}}) pause() msgget$private(0x0, 0x10) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000005000-0xb), &(0x7f0000005000)=0xb) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000006000)=[{&(0x7f0000007000-0xf9)=""/249, 0xf9}, {&(0x7f0000005000)}, {&(0x7f0000006000)=""/222, 0xde}, {&(0x7f0000007000-0x14)=""/20, 0x14}], 0x4) 2018/02/02 16:11:46 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000b07000-0x12)='/dev/input/event#\x00', 0x8, 0x10000) fallocate(r0, 0x0, 0x6, 0x400) setitimer(0x0, &(0x7f0000388000-0x20)={{0x77359400}, {0x0, 0x2710}}, &(0x7f0000a68000)) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f000009e000-0x1d)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000001000-0x4)=0x7, 0x4) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000002000-0x8), 0x6) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000003000-0xb), &(0x7f0000002000-0x4)=0xb) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000004000-0x38)={0x0, 0x0, &(0x7f0000003000)=[{&(0x7f0000004000-0x69)=""/105, 0x69}], 0x1, &(0x7f0000003000-0x230)=[@mask_fadd={0x58, 0x114, 0x8, {{0x1, 0x9}, &(0x7f0000002000-0x8)=0x7ff, &(0x7f0000004000-0x8)=0x100000, 0xe92, 0x84d4, 0x365, 0x7ff, 0x4, 0x887e}}, @mask_fadd={0x58, 0x114, 0x8, {{0x401, 0xffffffffffffffe1}, &(0x7f0000001000-0x8)=0x5cdbee83, &(0x7f0000003000)=0xff, 0x3, 0x7, 0x6, 0xffffffffffffff3c, 0x0, 0x800}}, @rdma_args={0x48, 0x114, 0x1, {{0x79, 0x10000}, {&(0x7f0000003000)=""/152, 0x98}, &(0x7f0000003000)=[{&(0x7f0000001000)=""/42, 0x2a}, {&(0x7f0000000000)=""/7, 0x7}, {&(0x7f0000000000)=""/71, 0x47}], 0x3, 0x8, 0x5}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000003000)=""/229, 0xe5}, &(0x7f0000000000), 0x2d}}, @mask_cswp={0x58, 0x114, 0x9, {{0x5, 0x8}, &(0x7f0000004000-0x8)=0x7fff000000000000, &(0x7f0000003000)=0x7, 0x5, 0x1, 0x7, 0x6, 0x0, 0x100000000}}, @mask_cswp={0x58, 0x114, 0x9, {{0x0, 0x8}, &(0x7f0000003000)=0x5, &(0x7f0000001000)=0x1, 0x401, 0x3, 0x4, 0xff, 0x1}}, @mask_fadd={0x58, 0x114, 0x8, {{0x8000, 0x4}, &(0x7f0000003000)=0x3, &(0x7f0000004000-0x8)=0x3a24773c, 0x0, 0x0, 0x7ff, 0x5, 0x60, 0x5}}], 0x230, 0x4000}, 0x4000010) fcntl$setflags(r0, 0x2, 0x1) ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x7f2) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r1, 0x8040ae69, &(0x7f0000005000-0x14)={0x0, 0xff, 0x4, 0x2, 0x7}) ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f0000002000-0x28)={&(0x7f0000000000/0x1000)=nil, 0x80, 0x2, 0x19, &(0x7f000026e000/0xe000)=nil, 0x60}) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x2, 0x0) 2018/02/02 16:11:46 executing program 4: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000001000-0x1e)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000a0a000-0x10)={0x4, 0x679}) ioctl$LOOP_CLR_FD(r0, 0x4c01) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000001000-0x4), &(0x7f0000001000-0x4)=0x4) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) connect$pppoe(r0, &(0x7f0000002000-0x1e)={0x18, 0x0, {0x2, @dev={[0xaa, 0xaa, 0xaa, 0xaa], 0x0, 0xb}, @common='nr0\x00'}}, 0x1e) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4008ae93, &(0x7f0000000000)=0x1000) ioctl$KVM_SMI(r0, 0xaeb7) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000002000-0x88)={0x2, {{0xa, 0x0, 0x6, @dev={0xfe, 0x80, [], 0x0, 0x13}, 0x9c}}}, 0x88) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000001000-0x10)={0x3ff, 0x9, 0x3ff, 0xffffffff}, 0x10) r1 = shmget(0x0, 0x4000, 0x200, &(0x7f0000973000/0x4000)=nil) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000003000-0x57)=""/87) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000004000-0x8)='net/ipx\x00') fdatasync(r2) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000004000)=0x0) ptrace$setopts(0x4200, r3, 0x2, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) sched_setattr(r3, &(0x7f0000003000-0x30)={0x30, 0x0, 0x1, 0x0, 0x0, 0x401, 0x103}, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fcntl$setownex(r2, 0xf, &(0x7f0000005000)={0x0, r3}) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000007000-0x8)={0x1, r2}) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000008000-0x8c)={0xd6, 0x3, 0x1, 'queue1\x00', 0x2}) [ 31.408588] audit: type=1400 audit(1517587906.531:9): avc: denied { map } for pid=4159 comm="syz-fuzzer" path="/root/syzkaller-shm170699720" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 31.464491] audit: type=1400 audit(1517587906.587:10): avc: denied { sys_admin } for pid=4205 comm="syz-executor6" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 31.470567] IPVS: ftp: loaded support on port[0] = 21 [ 31.559985] audit: type=1400 audit(1517587906.682:11): avc: denied { net_admin } for pid=4207 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 31.579892] IPVS: ftp: loaded support on port[0] = 21 [ 31.623170] IPVS: ftp: loaded support on port[0] = 21 [ 31.677757] IPVS: ftp: loaded support on port[0] = 21 [ 31.744639] IPVS: ftp: loaded support on port[0] = 21 [ 31.837630] IPVS: ftp: loaded support on port[0] = 21 [ 31.929547] IPVS: ftp: loaded support on port[0] = 21 [ 32.026522] IPVS: ftp: loaded support on port[0] = 21 [ 32.853984] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.883927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.982144] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.144809] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.285573] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.454112] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.507516] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.561658] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 35.399242] audit: type=1400 audit(1517587910.521:12): avc: denied { sys_chroot } for pid=4218 comm="syz-executor3" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/02/02 16:11:50 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000006000)={0x7fffffff}, 0x8, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000dd0000-0x28)={@generic="94eb13bc1e14490f529fc0e0e0aa16d4", &(0x7f0000f0c000)=@ethtool_test={0x1a, 0x14, 0x49d, 0x1, [0x8]}}) sched_setaffinity(0x0, 0x8, &(0x7f0000f9c000)=0x1) readv(r0, &(0x7f0000b9c000-0x10)=[{&(0x7f000004f000)=""/128, 0x80}], 0x1000000000000047) timer_create(0x2, &(0x7f000004c000)={0x0, 0x19, 0x3, @thr={&(0x7f0000aa1000), &(0x7f0000b70000)}}, &(0x7f000004d000-0x4)) r2 = memfd_create(&(0x7f000028c000)=']\x00', 0x2) ioctl$TCGETA(r2, 0x5405, &(0x7f000040b000-0x14)) timer_settime(0x0, 0x1, &(0x7f000004a000)={{0x0, 0x989680}, {0x0, 0x7}}, &(0x7f000004b000-0x20)) 2018/02/02 16:11:50 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00004a3000)=[{&(0x7f0000aef000-0x2)="6f10", 0x2}], 0x1) r1 = socket(0x10, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000610000-0x10)={0x2, &(0x7f0000615000)=[{0x94, 0x0, 0x0, 0x7a}, {0x6}]}, 0x10) write(r1, &(0x7f0000195000-0x27)="26000000110047f1935ebff70722000c07fff700010000000700ff36b807475105001a000000", 0x26) 2018/02/02 16:11:50 executing program 3: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000176000)='/dev/rfkill\x00', 0x200, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f000034e000)='/dev/audio\x00', 0x428000, 0x0) futex(&(0x7f000000d000-0x4), 0x800000000005, 0x0, &(0x7f00005b3000)={0x0, 0xfffffffffffffffc}, &(0x7f0000048000), 0x4000000) 2018/02/02 16:11:50 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000d37000)='/dev/cuse\x00', 0x400, 0x0) r0 = syz_open_dev$loop(&(0x7f000035a000)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x40000, 0x9, 0x4) 2018/02/02 16:11:50 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f00002ca000)='/dev/loop#\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup3(r0, r1, 0x0) ioctl(r1, 0x9, &(0x7f0000735000)="2604be75a40056460d6cb73426759abfe00400e46d5113202ed8a8108b6d46a18030c4fc396a85744af40a47ded20350119315d2ddc956697a3cebf8f101da50a8f779aca657915687e81dff769ef5299fb3000084ce68c557d0a8b73a026624fee55c4e8fb5b080a67edd57a1be18df30dd8da97b49d5fec0811d2943888313f61e95ae5fd47248acd90029146b4c09af251bc5b33c9e2c7aed560227592b") [ 35.657536] ================================================================== [ 35.665012] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40 [ 35.672282] [ 35.673908] CPU: 1 PID: 5194 Comm: syz-executor2 Not tainted 4.15.0+ #292 [ 35.680823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.690164] Call Trace: [ 35.692743] dump_stack+0x194/0x257 [ 35.696354] ? arch_local_irq_restore+0x53/0x53 [ 35.701001] ? show_regs_print_info+0x18/0x18 [ 35.705478] ? __lock_is_held+0xb6/0x140 [ 35.709523] ? relay_open+0x6a1/0xa40 [ 35.713315] print_address_description+0x73/0x250 [ 35.718133] ? relay_open+0x6a1/0xa40 [ 35.721910] ? relay_open+0x6a1/0xa40 [ 35.725685] kasan_report_double_free+0x55/0x80 [ 35.730330] kasan_slab_free+0xa3/0xc0 [ 35.734194] kfree+0xd6/0x260 [ 35.737279] relay_open+0x6a1/0xa40 [ 35.740886] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 35.745709] ? __debugfs_create_file+0x2cf/0x3d0 [ 35.750445] ? debugfs_create_file+0x57/0x70 [ 35.754837] do_blk_trace_setup+0x4a4/0xcd0 [ 35.759142] ? blk_tracer_print_line+0x40/0x40 [ 35.763700] ? __might_sleep+0x95/0x190 [ 35.767657] ? kasan_check_write+0x14/0x20 [ 35.771869] ? _copy_from_user+0x99/0x110 [ 35.775997] __blk_trace_setup+0xbe/0x150 [ 35.780127] ? do_blk_trace_setup+0xcd0/0xcd0 [ 35.784605] ? disk_name+0x98/0x100 [ 35.788217] blk_trace_ioctl+0x206/0x2e0 [ 35.792254] ? blk_add_trace_rq_remap+0x680/0x680 [ 35.797084] ? avc_has_extended_perms+0x7fa/0x12c0 [ 35.801995] blkdev_ioctl+0x1845/0x1e00 [ 35.805948] ? blkpg_ioctl+0xb40/0xb40 [ 35.809812] ? avc_ss_reset+0x110/0x110 [ 35.813761] ? lock_downgrade+0x980/0x980 [ 35.817890] ? lock_release+0xa40/0xa40 [ 35.821844] ? __lock_is_held+0xb6/0x140 [ 35.825909] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 35.831775] ? rcu_note_context_switch+0x710/0x710 [ 35.836683] block_ioctl+0xde/0x120 [ 35.840287] ? blkdev_fallocate+0x3b0/0x3b0 [ 35.844583] do_vfs_ioctl+0x1b1/0x1520 [ 35.848446] ? _cond_resched+0x14/0x30 [ 35.852315] ? ioctl_preallocate+0x2b0/0x2b0 [ 35.856705] ? selinux_capable+0x40/0x40 [ 35.860747] ? SyS_futex+0x269/0x390 [ 35.864447] ? security_file_ioctl+0x89/0xb0 [ 35.868838] SyS_ioctl+0x8f/0xc0 [ 35.872189] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 35.876916] RIP: 0033:0x453299 [ 35.880082] RSP: 002b:00007fbf33d8bc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 35.887765] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 [ 35.895012] RDX: 0000000020f58000 RSI: 00000000c0481273 RDI: 0000000000000013 [ 35.902259] RBP: 0000000000000622 R08: 0000000000000000 R09: 0000000000000000 [ 35.909502] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f83d0 [ 35.916749] R13: 00000000ffffffff R14: 00007fbf33d8c6d4 R15: 0000000000000000 [ 35.924017] [ 35.925622] Allocated by task 5194: [ 35.929226] save_stack+0x43/0xd0 [ 35.932654] kasan_kmalloc+0xad/0xe0 [ 35.936342] kmem_cache_alloc_trace+0x136/0x750 [ 35.940984] relay_open+0xf2/0xa40 [ 35.944505] do_blk_trace_setup+0x4a4/0xcd0 [ 35.948802] __blk_trace_setup+0xbe/0x150 [ 35.952921] blk_trace_ioctl+0x206/0x2e0 [ 35.956959] blkdev_ioctl+0x1845/0x1e00 [ 35.960907] block_ioctl+0xde/0x120 [ 35.964508] do_vfs_ioctl+0x1b1/0x1520 [ 35.968378] SyS_ioctl+0x8f/0xc0 [ 35.971722] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 35.976450] [ 35.978052] Freed by task 5194: [ 35.981307] save_stack+0x43/0xd0 [ 35.984732] kasan_slab_free+0x71/0xc0 [ 35.988592] kfree+0xd6/0x260 [ 35.991671] relay_open+0x84a/0xa40 [ 35.995275] do_blk_trace_setup+0x4a4/0xcd0 [ 35.999569] __blk_trace_setup+0xbe/0x150 [ 36.003687] blk_trace_ioctl+0x206/0x2e0 [ 36.007722] blkdev_ioctl+0x1845/0x1e00 [ 36.011670] block_ioctl+0xde/0x120 [ 36.015270] do_vfs_ioctl+0x1b1/0x1520 [ 36.019128] SyS_ioctl+0x8f/0xc0 [ 36.022467] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 36.027193] [ 36.028795] The buggy address belongs to the object at ffff8801afb35ac0 [ 36.028795] which belongs to the cache kmalloc-512 of size 512 [ 36.041427] The buggy address is located 0 bytes inside of [ 36.041427] 512-byte region [ffff8801afb35ac0, ffff8801afb35cc0) [ 36.053100] The buggy address belongs to the page: [ 36.058005] page:ffffea0006becd40 count:1 mapcount:0 mapping:ffff8801afb350c0 index:0x0 [ 36.066128] flags: 0x2fffc0000000100(slab) [ 36.070339] raw: 02fffc0000000100 ffff8801afb350c0 0000000000000000 0000000100000006 [ 36.078192] raw: ffffea0006be46a0 ffffea0006bf0820 ffff8801db000940 0000000000000000 [ 36.086042] page dumped because: kasan: bad access detected [ 36.091723] [ 36.093324] Memory state around the buggy address: [ 36.098228] ffff8801afb35980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.105558] ffff8801afb35a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.112891] >ffff8801afb35a80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.120228] ^ [ 36.125651] ffff8801afb35b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.132982] ffff8801afb35b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.140314] ================================================================== [ 36.147644] Disabling lock debugging due to kernel taint [ 36.153063] Kernel panic - not syncing: panic_on_warn set ... [ 36.153063] [ 36.160396] CPU: 1 PID: 5194 Comm: syz-executor2 Tainted: G B 4.15.0+ #292 [ 36.168595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.177922] Call Trace: [ 36.180487] dump_stack+0x194/0x257 [ 36.184095] ? arch_local_irq_restore+0x53/0x53 [ 36.188738] ? kasan_end_report+0x32/0x50 [ 36.192858] ? lock_downgrade+0x980/0x980 [ 36.196977] ? vsnprintf+0x1ed/0x1900 [ 36.200752] panic+0x1e4/0x41c [ 36.203915] ? refcount_error_report+0x214/0x214 [ 36.208644] ? add_taint+0x40/0x50 [ 36.212156] ? add_taint+0x1c/0x50 [ 36.215673] ? relay_open+0x6a1/0xa40 [ 36.219443] ? relay_open+0x6a1/0xa40 [ 36.223219] kasan_end_report+0x50/0x50 [ 36.227165] kasan_report_double_free+0x72/0x80 [ 36.231808] kasan_slab_free+0xa3/0xc0 [ 36.235670] kfree+0xd6/0x260 [ 36.238750] relay_open+0x6a1/0xa40 [ 36.242350] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 36.247170] ? __debugfs_create_file+0x2cf/0x3d0 [ 36.251900] ? debugfs_create_file+0x57/0x70 [ 36.256287] do_blk_trace_setup+0x4a4/0xcd0 [ 36.260586] ? blk_tracer_print_line+0x40/0x40 [ 36.265141] ? __might_sleep+0x95/0x190 [ 36.269092] ? kasan_check_write+0x14/0x20 [ 36.273300] ? _copy_from_user+0x99/0x110 [ 36.277422] __blk_trace_setup+0xbe/0x150 [ 36.281543] ? do_blk_trace_setup+0xcd0/0xcd0 [ 36.286019] ? disk_name+0x98/0x100 [ 36.289622] blk_trace_ioctl+0x206/0x2e0 [ 36.293657] ? blk_add_trace_rq_remap+0x680/0x680 [ 36.298479] ? avc_has_extended_perms+0x7fa/0x12c0 [ 36.303387] blkdev_ioctl+0x1845/0x1e00 [ 36.307337] ? blkpg_ioctl+0xb40/0xb40 [ 36.311195] ? avc_ss_reset+0x110/0x110 [ 36.315141] ? lock_downgrade+0x980/0x980 [ 36.319266] ? lock_release+0xa40/0xa40 [ 36.323213] ? __lock_is_held+0xb6/0x140 [ 36.327263] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 36.333121] ? rcu_note_context_switch+0x710/0x710 [ 36.338028] block_ioctl+0xde/0x120 [ 36.341631] ? blkdev_fallocate+0x3b0/0x3b0 [ 36.345925] do_vfs_ioctl+0x1b1/0x1520 [ 36.349786] ? _cond_resched+0x14/0x30 [ 36.353651] ? ioctl_preallocate+0x2b0/0x2b0 [ 36.358035] ? selinux_capable+0x40/0x40 [ 36.362070] ? SyS_futex+0x269/0x390 [ 36.365762] ? security_file_ioctl+0x89/0xb0 [ 36.370145] SyS_ioctl+0x8f/0xc0 [ 36.373493] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 36.378221] RIP: 0033:0x453299 [ 36.381384] RSP: 002b:00007fbf33d8bc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 36.389062] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 [ 36.396302] RDX: 0000000020f58000 RSI: 00000000c0481273 RDI: 0000000000000013 [ 36.403545] RBP: 0000000000000622 R08: 0000000000000000 R09: 0000000000000000 [ 36.410788] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f83d0 [ 36.418031] R13: 00000000ffffffff R14: 00007fbf33d8c6d4 R15: 0000000000000000 [ 36.425316] Dumping ftrace buffer: [ 36.428826] (ftrace buffer empty) [ 36.432504] Kernel Offset: disabled [ 36.436102] Rebooting in 86400 seconds..