[....] Starting enhanced syslogd: rsyslogd[ 13.725825] audit: type=1400 audit(1516927603.089:5): avc: denied { syslog } for pid=3507 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.002051] audit: type=1400 audit(1516927609.365:6): avc: denied { map } for pid=3646 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. 2018/01/26 00:46:55 fuzzer started [ 26.218540] audit: type=1400 audit(1516927615.582:7): avc: denied { map } for pid=3657 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/26 00:46:55 dialing manager at 10.128.0.26:39625 [ 29.897983] can: request_module (can-proto-0) failed. [ 29.907066] can: request_module (can-proto-0) failed. 2018/01/26 00:46:59 kcov=true, comps=true [ 30.446338] audit: type=1400 audit(1516927619.810:8): avc: denied { map } for pid=3657 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=8837 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/01/26 00:47:01 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/ppp\x00', 0x640280, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000957000)="07ecabe88403df585fcc62255c7ac37e876b7e03c0be9610db7a52da55d6e5efb8b6af44444751b8f8496dd5f769ed81dc7918f585448f5f2a32cda187e45402df98cfdcd3316b55ea2153d17c2a8e80d59cda", 0x53) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = add_key$keyring(&(0x7f0000001000)='keyring\x00', &(0x7f0000001000-0x5)={0x73, 0x79, 0x7a, 0x1, 0x0}, 0x0, 0x0, 0xfffffffffffffffc) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r2 = request_key(&(0x7f0000001000-0x12)='.request_key_auth\x00', &(0x7f0000001000)={0x73, 0x79, 0x7a, 0x0, 0x0}, &(0x7f0000001000)='/bdev\\\x00', 0xfffffffffffffff8) keyctl$reject(0x13, r1, 0x5f5b, 0x3ff, r2) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000002000-0x46)="e4432c980c4cebd23d2a079d28c151d345fb47be3d06cbe21dc8ba6e8f5743509e9eac1f2d66fdff1d491473c82c09230e8017f6cca74a1a3cf416892c8b534e1970d7b691dd") mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000002000)={0x0, 0x0}) sched_getscheduler(r3) keyctl$assume_authority(0x10, r2) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000004000-0xbd)=""/189, &(0x7f0000002000-0x4)=0xbd) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000002000)='/proc/self/net/pfkey\x00', 0x40000, 0x0) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000005000-0x18)='/selinux/avc/hash_stats\x00', 0x0, 0x0) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000004000)={0x0, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, @dev={0x0, 0x0, 0xffffffffffffffff, 0x0}}, &(0x7f0000001000)=0xc) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDELRT(r5, 0x890c, &(0x7f0000004000)={@local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @multicast1=0xe0000001}, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, 0x5e, 0x9da, 0x2, 0x100, 0x2, 0x4000000, r6}) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$GIO_UNISCRNMAP(r5, 0x4b69, &(0x7f0000005000)=""/79) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_LOG_BASE(r4, 0x4008af04, &(0x7f0000001000-0x8)=&(0x7f0000006000)=0x0) request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000005000-0x5)={0x73, 0x79, 0x7a, 0x3, 0x0}, &(0x7f0000004000-0x1)='\x00', r1) ptrace$pokeuser(0x6, r3, 0x1000, 0x100000001) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={[0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0x0}, [0x0, 0x0]}, &(0x7f0000008000-0x4)=0x14) 2018/01/26 00:47:01 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) sendto$inet(r0, &(0x7f0000ef9000)="", 0x0, 0x0, &(0x7f000015a000)={0x2, 0x1, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/26 00:47:01 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$vcsn(&(0x7f000023f000-0xa)='/dev/vcs#\x00', 0x0, 0x20000) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000d44000)={0x0, @in={{0x2, 0xffffffffffffffff, @dev={0xac, 0x14, 0xffffffffffffffff, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0, 0x0, 0x0, 0x0, 0x50}, &(0x7f0000b0f000-0x4)=0xa0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) 2018/01/26 00:47:01 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) msgrcv(0x0, &(0x7f00008e9000-0x74)={0x0, ""/108}, 0x74, 0x0, 0x0) msgctl$IPC_RMID(0x0, 0x0) 2018/01/26 00:47:01 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_crypto(r0, &(0x7f000069c000-0x38)={&(0x7f0000859000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f00002df000-0x10)={&(0x7f000058f000-0xe8)=@alg={0xe0, 0x10, 0x1fd44641bdc12859, 0xffffffffffffffff, 0xffffffffffffffff, {{'stdrng\x00'}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x0}, []}, 0xe0}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/26 00:47:01 executing program 5: shmget(0x2, 0x3000, 0x0, &(0x7f000031b000/0x3000)=nil) 2018/01/26 00:47:01 executing program 2: mmap(&(0x7f0000000000/0x2b000)=nil, 0x2b000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000001c000-0x38)={&(0x7f0000016000)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f0000029000-0x10)={&(0x7f0000005000)=@ipv4_newroute={0x2c, 0x18, 0x21, 0xffffffffffffffff, 0xffffffffffffffff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, [@RTA_GATEWAY={0x8, 0x5, @local={0xac, 0x14, 0x0, 0xaa}}, @RTA_PREFSRC={0x8, 0x7, @loopback=0x7f000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/26 00:47:01 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f000000d000-0x78)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) msgsnd(r0, &(0x7f0000ba1000)={0x3, ""}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 32.535351] audit: type=1400 audit(1516927621.899:9): avc: denied { map } for pid=3657 comm="syz-fuzzer" path="/root/syzkaller-shm808982666" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 32.590988] audit: type=1400 audit(1516927621.954:10): avc: denied { sys_admin } for pid=3702 comm="syz-executor1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 32.777380] audit: type=1400 audit(1516927622.139:11): avc: denied { net_admin } for pid=3706 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.084823] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 33.560546] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 34.395977] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 34.472168] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 34.726109] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 34.916439] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 35.084994] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 35.260642] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 35.483709] audit: type=1400 audit(1516927624.847:12): avc: denied { sys_chroot } for pid=3706 comm="syz-executor2" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/26 00:47:04 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000ff1000-0x4)=0x8000000000004, 0x9c) r1 = socket$packet(0x11, 0x400000002, 0x300) recvfrom(r1, &(0x7f0000bf5000)=""/228, 0xe4, 0x0, &(0x7f0000cb2000-0x9)=@rc={0x1f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0}, 0x9) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000ff6000-0x4)={0x0, 0x3, 0x0}, 0x4) r2 = add_key$user(&(0x7f0000398000)='user\x00', &(0x7f0000f0a000)={0x73, 0x79, 0x7a, 0x3, 0x0}, &(0x7f0000e85000-0x7a)="", 0x0, 0xffffffffffffffff) keyctl$read(0xb, r2, &(0x7f00008e6000-0x5f)=""/95, 0x5f) [ 35.581788] audit: type=1400 audit(1516927624.945:13): avc: denied { net_raw } for pid=4370 comm="syz-executor2" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/26 00:47:05 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f000026c000-0x8a)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @rand_addr=0xfffffffffffffe01, @remote={0xac, 0x14, 0x0, 0xbb}, {[]}}, @icmp=@source_quench={0x3, 0x4, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, {[]}}, ""}}}}}, &(0x7f00000b3000)={0x0, 0x1, [0x0]}) 2018/01/26 00:47:05 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00008eb000)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000d88000-0x7)='wchan\x00') r2 = syz_open_procfs(0x0, &(0x7f00003a0000)='projid_map\x00') sendfile(r2, r1, &(0x7f000030f000)=0x0, 0x7563) 2018/01/26 00:47:05 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000fa1000)={0x0, 0x0, 0x0}, &(0x7f0000fa1000)=0xc) fcntl$setown(r0, 0x8, r1) fcntl$getownex(r0, 0x10, &(0x7f0000795000-0x8)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4207, r2) ptrace$getregs(0xe, r2, 0x0, &(0x7f0000471000-0x26)=""/38) [ 35.719496] audit: type=1400 audit(1516927625.083:14): avc: denied { dac_override } for pid=4402 comm="syz-executor2" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/26 00:47:05 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000cc3000)=""/58, &(0x7f0000f1a000)=0x3a) 2018/01/26 00:47:05 executing program 2: msgrcv(0x0, &(0x7f00008e9000-0x74)={0x0, ""/108}, 0x74, 0x0, 0x0) [ 35.802355] ptrace attach of "/root/syz-executor2"[3706] was attempted by "/root/syz-executor2"[4424] [ 35.822368] ptrace attach of "/root/syz-executor2"[3706] was attempted by "/root/syz-executor2"[4424] 2018/01/26 00:47:05 executing program 2: r0 = socket$inet(0x2, 0xa, 0x0) getsockname$inet(r0, &(0x7f00005f2000)={0x0, 0xffffffffffffffff, @remote={0x0, 0x0, 0xffffffffffffffff, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f000096b000)=0x10) 2018/01/26 00:47:05 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000872000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000f05000-0x70)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}], 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) [ 35.915311] syz-executor2 uses obsolete (PF_INET,SOCK_PACKET) [ 36.183304] netlink: 192 bytes leftover after parsing attributes in process `syz-executor4'. [ 36.218599] netlink: 192 bytes leftover after parsing attributes in process `syz-executor4'. [ 37.107760] audit: type=1400 audit(1516927626.471:15): avc: denied { ipc_owner } for pid=4756 comm="syz-executor6" capability=15 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/26 00:47:06 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000992000)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r1, 0x1fffffffffffd) flock(r0, 0x1) 2018/01/26 00:47:06 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x48, 0x80000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x8009) write(r0, &(0x7f0000b0f000)="b63db85e1e8d00000001b29d00000000ffffffffed5ed2bc7018cebc9b97ae21914d872c678ce22c9b160e96aa1fae1a", 0x30) write(r0, &(0x7f0000eb0000-0x59)="dbef803e3d9f6de1e52055bb7c8a326fe46092b668269ad789c5d7acad0e771f13ffcb59029b011ded54a09c41c6cfcfbcd743cc665c33af223d42438b496a0304891c88697ae700a70f330e6fe3a1c9c76f315019b32968", 0x58) 2018/01/26 00:47:06 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000057c000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000159000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000beb000-0x98)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000001001bf3ffff00000065000000010000007db0e6f10efbf9a219d8f6aa6bd58d1c43473100e85026e7ff40f9b55bd1b3335d5bffff0001f3", "cfa40005000000f7ffffffff00000000000000ffb833220182ab867d00", [0x0, 0x0], 0x0}) pipe(&(0x7f0000f00000-0x8)={0x0, 0x0}) 2018/01/26 00:47:06 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000de3000-0xc)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f0000074000-0x8)={&(0x7f0000fc6000-0xf0)={0x1c, 0x1, 0x4, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, {0x0, 0x0, 0x0}, [@nested={0x8, 0x6, [@generic="b954"]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f00001de000)={0x0, 0x0}) 2018/01/26 00:47:06 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000fd0000)="", 0x0, 0x200007ff, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) shutdown(r0, 0x1) 2018/01/26 00:47:06 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f00000c5000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) mmap$binder(&(0x7f0000e91000/0x1000)=nil, 0x1000, 0xfffffffffffffffd, 0xa8012, r0, 0x80000) 2018/01/26 00:47:06 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000e29000-0x46)={@local={[0xaa, 0xaa, 0xaa, 0xaa], 0x0, 0xaa}, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, {[]}}, @tcp={{0xffffffffffffffff, 0xffffffffffffffff, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}, &(0x7f0000632000-0xc)={0x0, 0x1, [0x0]}) 2018/01/26 00:47:06 executing program 6: mmap(&(0x7f0000000000/0xfd000)=nil, 0xfd000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f00000e1000)={@random="f3e850ef1049", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x0}, [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @random="569cd569f6ad", @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @empty=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], @local={0xac, 0x14, 0x0, 0xaa}}}}}, 0x0) [ 37.189982] audit: type=1400 audit(1516927626.553:16): avc: denied { create } for pid=4772 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 37.208717] ================================================================== [ 37.208736] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40 [ 37.208739] [ 37.208749] CPU: 1 PID: 4783 Comm: syz-executor7 Not tainted 4.15.0-rc9+ #280 [ 37.208754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.208757] Call Trace: [ 37.208771] dump_stack+0x194/0x257 [ 37.208787] ? arch_local_irq_restore+0x53/0x53 [ 37.208796] ? show_regs_print_info+0x18/0x18 [ 37.208804] ? __lock_is_held+0xb6/0x140 [ 37.208821] ? relay_open+0x6a1/0xa40 [ 37.208833] print_address_description+0x73/0x250 [ 37.208841] ? relay_open+0x6a1/0xa40 [ 37.208848] ? relay_open+0x6a1/0xa40 [ 37.208857] kasan_report_double_free+0x55/0x80 [ 37.208869] kasan_slab_free+0xa3/0xc0 [ 37.208880] kfree+0xd6/0x260 [ 37.208891] relay_open+0x6a1/0xa40 [ 37.208908] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 37.208922] ? __debugfs_create_file+0x2cf/0x3d0 [ 37.208939] ? debugfs_create_file+0x57/0x70 [ 37.208956] do_blk_trace_setup+0x4a4/0xcd0 [ 37.208972] ? blk_tracer_print_line+0x40/0x40 [ 37.208983] ? __might_sleep+0x95/0x190 [ 37.209009] ? kasan_check_write+0x14/0x20 [ 37.209020] ? _copy_from_user+0x99/0x110 [ 37.209036] __blk_trace_setup+0xbe/0x150 [ 37.209049] ? do_blk_trace_setup+0xcd0/0xcd0 [ 37.209072] ? disk_name+0x98/0x100 [ 37.209096] blk_trace_ioctl+0x206/0x2e0 [ 37.209109] ? blk_add_trace_rq_remap+0x680/0x680 [ 37.209135] ? avc_has_extended_perms+0x7fa/0x12c0 [ 37.209151] blkdev_ioctl+0x1845/0x1e00 [ 37.209162] ? blkpg_ioctl+0xb40/0xb40 [ 37.209170] ? avc_ss_reset+0x110/0x110 [ 37.209177] ? lock_downgrade+0x980/0x980 [ 37.209190] ? lock_release+0xa40/0xa40 [ 37.209205] ? __lock_is_held+0xb6/0x140 [ 37.209252] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 37.209262] ? get_unused_fd_flags+0x190/0x190 [ 37.209272] ? rcu_note_context_switch+0x710/0x710 [ 37.209287] block_ioctl+0xde/0x120 [ 37.209299] ? blkdev_fallocate+0x3b0/0x3b0 [ 37.209307] do_vfs_ioctl+0x1b1/0x1520 [ 37.209314] ? _cond_resched+0x14/0x30 [ 37.209331] ? ioctl_preallocate+0x2b0/0x2b0 [ 37.209345] ? selinux_capable+0x40/0x40 [ 37.209362] ? SyS_futex+0x269/0x390 [ 37.209390] ? security_file_ioctl+0x89/0xb0 [ 37.209405] SyS_ioctl+0x8f/0xc0 [ 37.209421] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 37.209427] RIP: 0033:0x452f19 [ 37.209431] RSP: 002b:00007f60f7c86c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 37.209439] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452f19 [ 37.209444] RDX: 0000000020beaf68 RSI: 00000000c0481273 RDI: 0000000000000013 [ 37.209448] RBP: 000000000000061c R08: 0000000000000000 R09: 0000000000000000 [ 37.209452] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8340 [ 37.209457] R13: 00000000ffffffff R14: 00007f60f7c876d4 R15: 0000000000000000 [ 37.209493] [ 37.209497] Allocated by task 4783: [ 37.209505] save_stack+0x43/0xd0 [ 37.209512] kasan_kmalloc+0xad/0xe0 [ 37.209519] kmem_cache_alloc_trace+0x136/0x750 [ 37.209525] relay_open+0xf2/0xa40 [ 37.209533] do_blk_trace_setup+0x4a4/0xcd0 [ 37.209542] __blk_trace_setup+0xbe/0x150 [ 37.209549] blk_trace_ioctl+0x206/0x2e0 [ 37.209557] blkdev_ioctl+0x1845/0x1e00 [ 37.209563] block_ioctl+0xde/0x120 [ 37.209571] do_vfs_ioctl+0x1b1/0x1520 [ 37.209577] SyS_ioctl+0x8f/0xc0 [ 37.209584] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 37.209587] [ 37.209590] Freed by task 4783: [ 37.209596] save_stack+0x43/0xd0 [ 37.209603] kasan_slab_free+0x71/0xc0 [ 37.209609] kfree+0xd6/0x260 [ 37.209614] relay_open+0x84a/0xa40 [ 37.209620] do_blk_trace_setup+0x4a4/0xcd0 [ 37.209627] __blk_trace_setup+0xbe/0x150 [ 37.209633] blk_trace_ioctl+0x206/0x2e0 [ 37.209638] blkdev_ioctl+0x1845/0x1e00 [ 37.209644] block_ioctl+0xde/0x120 [ 37.209650] do_vfs_ioctl+0x1b1/0x1520 [ 37.209656] SyS_ioctl+0x8f/0xc0 [ 37.209662] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 37.209663] [ 37.209669] The buggy address belongs to the object at ffff8801c2e23840 [ 37.209669] which belongs to the cache kmalloc-512 of size 512 [ 37.209675] The buggy address is located 0 bytes inside of [ 37.209675] 512-byte region [ffff8801c2e23840, ffff8801c2e23a40) [ 37.209677] The buggy address belongs to the page: [ 37.209683] page:ffffea00070b88c0 count:1 mapcount:0 mapping:ffff8801c2e230c0 index:0x0 [ 37.209690] flags: 0x2fffc0000000100(slab) [ 37.209700] raw: 02fffc0000000100 ffff8801c2e230c0 0000000000000000 0000000100000006 [ 37.209708] raw: ffffea00070fbe60 ffff8801dac01748 ffff8801dac00940 0000000000000000 [ 37.209711] page dumped because: kasan: bad access detected [ 37.209713] [ 37.209715] Memory state around the buggy address: [ 37.209722] ffff8801c2e23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.209727] ffff8801c2e23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.209732] >ffff8801c2e23800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.209735] ^ [ 37.209740] ffff8801c2e23880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.209745] ffff8801c2e23900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.209748] ================================================================== [ 37.209751] Disabling lock debugging due to kernel taint [ 37.209754] Kernel panic - not syncing: panic_on_warn set ... [ 37.209754] [ 37.209761] CPU: 1 PID: 4783 Comm: syz-executor7 Tainted: G B 4.15.0-rc9+ #280 [ 37.209765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.209767] Call Trace: [ 37.209774] dump_stack+0x194/0x257 [ 37.209784] ? arch_local_irq_restore+0x53/0x53 [ 37.209790] ? kasan_end_report+0x32/0x50 [ 37.209798] ? lock_downgrade+0x980/0x980 [ 37.209806] ? vsnprintf+0x1ed/0x1900 [ 37.209816] panic+0x1e4/0x41c [ 37.209824] ? refcount_error_report+0x214/0x214 [ 37.209834] ? add_taint+0x40/0x50 [ 37.209841] ? add_taint+0x1c/0x50 [ 37.209848] ? relay_open+0x6a1/0xa40 [ 37.209854] ? relay_open+0x6a1/0xa40 [ 37.209860] kasan_end_report+0x50/0x50 [ 37.209868] kasan_report_double_free+0x72/0x80 [ 37.209876] kasan_slab_free+0xa3/0xc0 [ 37.209883] kfree+0xd6/0x260 [ 37.209891] relay_open+0x6a1/0xa40 [ 37.209901] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 37.209910] ? __debugfs_create_file+0x2cf/0x3d0 [ 37.209922] ? debugfs_create_file+0x57/0x70 [ 37.209932] do_blk_trace_setup+0x4a4/0xcd0 [ 37.209944] ? blk_tracer_print_line+0x40/0x40 [ 37.209952] ? __might_sleep+0x95/0x190 [ 37.209965] ? kasan_check_write+0x14/0x20 [ 37.209972] ? _copy_from_user+0x99/0x110 [ 37.209982] __blk_trace_setup+0xbe/0x150 [ 37.209990] ? do_blk_trace_setup+0xcd0/0xcd0 [ 37.210003] ? disk_name+0x98/0x100 [ 37.210017] blk_trace_ioctl+0x206/0x2e0 [ 37.210026] ? blk_add_trace_rq_remap+0x680/0x680 [ 37.210039] ? avc_has_extended_perms+0x7fa/0x12c0 [ 37.210049] blkdev_ioctl+0x1845/0x1e00 [ 37.210058] ? blkpg_ioctl+0xb40/0xb40 [ 37.210064] ? avc_ss_reset+0x110/0x110 [ 37.210071] ? lock_downgrade+0x980/0x980 [ 37.210080] ? lock_release+0xa40/0xa40 [ 37.210090] ? __lock_is_held+0xb6/0x140 [ 37.210116] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 37.210124] ? get_unused_fd_flags+0x190/0x190 [ 37.210131] ? rcu_note_context_switch+0x710/0x710 [ 37.210141] block_ioctl+0xde/0x120 [ 37.210151] ? blkdev_fallocate+0x3b0/0x3b0 [ 37.210157] do_vfs_ioctl+0x1b1/0x1520 [ 37.210162] ? _cond_resched+0x14/0x30 [ 37.210173] ? ioctl_preallocate+0x2b0/0x2b0 [ 37.210183] ? selinux_capable+0x40/0x40 [ 37.210193] ? SyS_futex+0x269/0x390 [ 37.210210] ? security_file_ioctl+0x89/0xb0 [ 37.210220] SyS_ioctl+0x8f/0xc0 [ 37.210230] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 37.210234] RIP: 0033:0x452f19 [ 37.210238] RSP: 002b:00007f60f7c86c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 37.210244] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452f19 [ 37.210248] RDX: 0000000020beaf68 RSI: 00000000c0481273 RDI: 0000000000000013 [ 37.210252] RBP: 000000000000061c R08: 0000000000000000 R09: 0000000000000000 [ 37.210255] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8340 [ 37.210259] R13: 00000000ffffffff R14: 00007f60f7c876d4 R15: 0000000000000000 [ 37.214439] Dumping ftrace buffer: [ 37.214443] (ftrace buffer empty) [ 37.214445] Kernel Offset: disabled [ 38.000979] Rebooting in 86400 seconds..