[....] Starting enhanced syslogd: rsyslogd[ 14.933784] audit: type=1400 audit(1520515424.527:4): avc: denied { syslog } for pid=3642 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. 2018/03/08 13:23:56 fuzzer started 2018/03/08 13:23:57 dialing manager at 10.128.0.26:33407 2018/03/08 13:24:01 kcov=true, comps=false 2018/03/08 13:24:02 executing program 0: r0 = socket$inet(0x2, 0x3, 0x800000000000004) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000ef0ffc)=0x7fe, 0x220) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000ee9ff0)={0x2, 0x4e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000087000)=0xfffffffffffffe01, 0x4) recvmsg(r0, &(0x7f0000bd9000)={0x0, 0x0, &(0x7f0000eee000), 0x0, &(0x7f0000b18faf)=""/81, 0x3a}, 0x0) 2018/03/08 13:24:02 executing program 1: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x82c00, 0x0) clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f00000d5000)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f00000affc0), &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f00000e0000)='stack\x00') readv(r0, &(0x7f000066dff0)=[{&(0x7f00008ad000)=""/178, 0xb2}], 0x1) preadv(r0, &(0x7f00000010c0)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1, 0x0) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x26102, 0x0) 2018/03/08 13:24:02 executing program 7: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000a66000)={0x2, 0x4e20, @rand_addr=0x7fffffff}, 0x10) listen(r0, 0x68400000009) r1 = accept4(r0, 0x0, &(0x7f00004a8ffc), 0x0) sendmmsg(r1, &(0x7f0000009240)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000500)="ce", 0x1}], 0x1, &(0x7f0000000600)}}, {{&(0x7f0000000640)=@in={0x2, 0x4e20, @loopback=0x7f000001}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000680)="dd", 0x1}], 0x1, &(0x7f0000000780)}}], 0x2, 0x0) 2018/03/08 13:24:02 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x78, 0x47, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x20000000005, 0x84) bind$inet6(r0, &(0x7f0000feb000)={0xa, 0x4e20}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000fe0fd5), &(0x7f00000e4ffc)=0xff8f) 2018/03/08 13:24:02 executing program 3: r0 = socket$inet6(0xa, 0x80002, 0x0) bind$inet6(r0, &(0x7f0000fe7fe4)={0xa, 0x6e20}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x4e20, 0x4e20, 0x8}}}}}}, &(0x7f0000000040)) 2018/03/08 13:24:02 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendmmsg(r0, &(0x7f0000001d80)=[{{&(0x7f0000000000)=@in6={0xa, 0x4e21, 0x0, @loopback={0x0, 0x1}}, 0x1c, &(0x7f0000000040), 0x0, &(0x7f0000000080)}}, {{&(0x7f0000000a80)=@in={0x2, 0x4e20, @rand_addr}, 0x10, &(0x7f0000001bc0), 0x0, &(0x7f0000000040)}}], 0x2, 0x0) 2018/03/08 13:24:02 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000469ffc)=0x7fe, 0x4) sendto$inet(r0, &(0x7f0000edf000), 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000e76000)=0x5, 0x4) setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000de9ffe)="f8", 0x1) recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, &(0x7f0000aea000), 0x1d5, &(0x7f0000603000)=""/81, 0x51}, 0x40002102) 2018/03/08 13:24:02 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000014000)={&(0x7f0000016edc)={0x28, 0x1e, 0x301, 0x0, 0x0, {0x7}, [@typed={0x0, 0x0, @ipv4}, @typed={0x8}]}, 0x28}, 0x1}, 0x0) recvmsg$netrom(r0, &(0x7f0000000580)={&(0x7f00000000c0)=@ax25={0x3, {"852c1e76ec5fad"}}, 0x10, &(0x7f0000000480), 0x0, &(0x7f00000004c0)}, 0x0) syzkaller login: [ 33.295269] audit: type=1400 audit(1520515442.887:5): avc: denied { sys_admin } for pid=3848 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.326508] IPVS: Creating netns size=2536 id=1 [ 33.341588] audit: type=1400 audit(1520515442.937:6): avc: denied { net_admin } for pid=3850 comm="syz-executor1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 33.377403] IPVS: Creating netns size=2536 id=2 [ 33.423581] IPVS: Creating netns size=2536 id=3 [ 33.452360] IPVS: Creating netns size=2536 id=4 [ 33.498071] IPVS: Creating netns size=2536 id=5 [ 33.557931] IPVS: Creating netns size=2536 id=6 [ 33.620604] IPVS: Creating netns size=2536 id=7 [ 33.672939] IPVS: Creating netns size=2536 id=8 [ 35.859578] audit: type=1400 audit(1520515445.457:7): avc: denied { sys_chroot } for pid=3852 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 35.962105] audit: type=1400 audit(1520515445.557:8): avc: denied { dac_override } for pid=5044 comm="syz-executor1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/03/08 13:24:05 executing program 0: unshare(0x20020000) mkdir(&(0x7f00001a3000)='./file0\x00', 0x0) mount(&(0x7f000052f000)='./file0\x00', &(0x7f00008fcfff)='.', &(0x7f00003a2ffa)="0700cc667300", 0x1000, 0x0) mount(&(0x7f0000c6bff8)='./file0\x00', &(0x7f000092f000)='./file0\x00', &(0x7f0000dcd000)='ramfs\x00', 0x0, &(0x7f000002f000)) mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000a60000)='ramfs\x00', 0xff8c, &(0x7f0000000080)) poll(&(0x7f00007a7fe8), 0x2000000000000098, 0x7f) rmdir(&(0x7f0000d19000)='./file0\x00') socketpair$packet(0x11, 0x0, 0x300, &(0x7f0000002740)) 2018/03/08 13:24:05 executing program 1: r0 = socket$inet6(0xa, 0x80005, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000020fe4)=@in6={0xa, 0x0, 0x0, @dev={0xfc, 0x7e}}, 0x80, &(0x7f0000012f70)=[{&(0x7f000001af95)='\'', 0x1}], 0x1, &(0x7f0000000000)}, 0x20004840) 2018/03/08 13:24:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) perf_event_open(&(0x7f0000aaa000)={0x2, 0x78, 0x47, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read$eventfd(r0, &(0x7f0000000100), 0x8) write$tun(r0, &(0x7f0000000040), 0x32) 2018/03/08 13:24:05 executing program 2: r0 = socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup3(r0, r1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback=0x7f000001}], 0x10) sendto$inet(r0, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x4e20, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) close(r0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f000059aff8)={r3}, &(0x7f000034f000)=0x8) sendmsg(0xffffffffffffffff, &(0x7f0000d01000)={&(0x7f0000647f80)=@generic={0x0, "997b960f999b390cd4968eadfd04bcc54ccff7f852dbd9d90eb8b1352944028dec5a286bdb131d7a9fa40f8f5a51c76d441721b03e5f1f0df6a44178adf388e64b0147bcfb8ee634718d3ca0ed9e434eefc17b39154425252c74dd3516ba5633f8ed995419e9b7ceff84518ef9347cfe1e3ec6d24183dcf928bf25fb7b44"}, 0x80, &(0x7f00006d2fb0), 0x0, &(0x7f00003a0000)}, 0x0) sendmmsg(r0, &(0x7f0000004180)=[{{&(0x7f0000002780)=@nfc={0x27}, 0x10, &(0x7f0000002b40)=[{&(0x7f0000002a80)='d', 0x1}], 0x1, &(0x7f0000002b80)=[{0xc}], 0xc}}], 0x1, 0x0) 2018/03/08 13:24:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xfd4000)=nil, 0xfd4000, 0x4, 0x40000000000031, 0xffffffffffffffff, 0x0) getpeername$packet(r0, &(0x7f0000000340), &(0x7f0000000380)=0x14) 2018/03/08 13:24:05 executing program 5: perf_event_open(&(0x7f0000740000)={0x2, 0x78, 0x47, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r0, &(0x7f0000002fe4)={0xa, 0x4e20}, 0x1c) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="0000000000000007c0cc3d2c0af82bb3", 0x10}], 0x1) 2018/03/08 13:24:05 executing program 6: r0 = getpgrp(0xffffffffffffffff) ioprio_get$pid(0x2, r0) 2018/03/08 13:24:05 executing program 4: setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, &(0x7f000001d000), 0x0) perf_event_open(&(0x7f000057c000)={0x2, 0x78, 0x47, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80005, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000ff0)={0x0, 0x1, &(0x7f0000000ff3)=[@in={0x2, 0x4e20}]}, &(0x7f0000003000)=0x10) 2018/03/08 13:24:05 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f000051f000)='./file0\x00', 0x40, 0x0) unshare(0x28060400) execveat(r0, &(0x7f0000001ff8)='./file0\x00', &(0x7f0000000ff0), &(0x7f0000001fe4), 0x0) 2018/03/08 13:24:05 executing program 7: perf_event_open(&(0x7f0000723f88)={0x2, 0x78, 0xc2e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2e, &(0x7f000025a000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @multicast1=0xe0000001, {[@timestamp={0x44, 0x4, 0x6}]}}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 2018/03/08 13:24:05 executing program 3: ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000001000)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001040), &(0x7f0000001080)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000005f80)={{{@in=@loopback, @in6=@ipv4={[], [], @remote}}}, {{@in=@local}, 0x0, @in6=@loopback}}, &(0x7f0000006080)=0xe8) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000006240)={&(0x7f0000000fc0)=@proc={0x10}, 0xc, &(0x7f0000005f00)=[{&(0x7f0000005c00)={0x10}, 0x10}, {&(0x7f0000005ec0)={0x10}, 0x10}], 0x2, &(0x7f0000006200)}, 0x0) perf_event_open(&(0x7f0000271000)={0x2, 0x78, 0x48, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpriority(0x1, 0x0) 2018/03/08 13:24:05 executing program 5: r0 = socket(0x11, 0x4000000000080003, 0x0) sendmmsg(r0, &(0x7f0000003e80)=[{{&(0x7f0000000040)=@in6={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}}, 0x1c, &(0x7f0000000300), 0x0, &(0x7f0000000080)=[{0xc}], 0xc}}, {{&(0x7f0000000e80)=@ipx={0x4, 0x0, 0x0, "85016dfe9b78"}, 0x10, &(0x7f0000000f80), 0x0, &(0x7f0000002480)}}], 0x2, 0x0) 2018/03/08 13:24:06 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000018000)={@local={0xac, 0x14, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14}, 0x0, 0x3fffffffffffff89}, 0x412e) 2018/03/08 13:24:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=@ipv4_newaddr={0x48, 0x14, 0x1, 0x0, 0x0, {0x2}, [@IFA_LOCAL={0x8, 0x2, @local={0xac, 0x14, 0x14, 0xaa}}, @IFA_LABEL={0x14, 0x3, 'ifb0\x00'}, @IFA_CACHEINFO={0x14, 0x6}]}, 0x48}, 0x1}, 0x0) sendmsg$nl_crypto(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)=@get={0xe0, 0x13, 0x0, 0x0, 0x0, {{'ccm_base(lrw(cbc(cast5)),sha512-avx2)\x00'}}}, 0xe0}, 0x1}, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)) 2018/03/08 13:24:06 executing program 3: timer_create(0x0, &(0x7f00003bb000)={0x0, 0x3a}, &(0x7f000024f000)) r0 = syz_open_procfs(0x0, &(0x7f0000337ff2)='timers\x00') preadv(r0, &(0x7f00000ea000)=[{&(0x7f0000093000)=""/4096, 0x1000}], 0x1, 0x2000000) 2018/03/08 13:24:06 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x32, 0xffffffffffffffff, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000ffc), 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000005ff0)={0x0, &(0x7f0000000080)}, 0x8) [ 36.401147] audit: type=1400 audit(1520515445.997:9): avc: denied { net_raw } for pid=5257 comm="syz-executor5" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/03/08 13:24:06 executing program 7: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_getres(0x0, &(0x7f0000dd8ff0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, r1}, {0x0, 0x9}}, &(0x7f0000040000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r3, 0x7, &(0x7f0000002000)={0x1}) unshare(0x400) perf_event_open(&(0x7f0000aaa000)={0x2, 0x78, 0x47, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$lock(r3, 0x7, &(0x7f0000010000)) tkill(r0, 0x1000000000016) getsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000080)={@remote, @loopback, @broadcast}, &(0x7f00000000c0)=0xc) dup3(r2, r3, 0x0) 2018/03/08 13:24:06 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x1, 0x32, 0xffffffffffffffff, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000ffc), 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000005ff0)={0x0, &(0x7f0000000080)}, 0x8) 2018/03/08 13:24:06 executing program 5: clone(0x200, &(0x7f0000fbf000), &(0x7f0000744000), &(0x7f0000f8b000), &(0x7f00000d5000)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f00000affc0), &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f00000e0000)='stack\x00') perf_event_open(&(0x7f0000271000)={0x0, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f000066dff0)=[{&(0x7f00008ad000)=""/178, 0xb2}], 0x1) open$dir(&(0x7f00003e8ff8)='./file0\x00', 0x26102, 0x0) 2018/03/08 13:24:06 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000400000084) bind$inet6(r0, &(0x7f00001c1000)={0xa, 0x4e20}, 0x1c) setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000dacff8)=@assoc_value={0x0, 0x200}, 0x8) sendto$inet6(r0, &(0x7f00009f1000)='G', 0x1, 0x0, &(0x7f0000108fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000)=0x4, 0x4) writev(r0, &(0x7f00007f2000)=[{&(0x7f00002bc000)="b6b23ebe2094b6c296b7f43c2ff9cec9a414ac8ab00820fbde9a0f4a1bd2773a23ca881cb2b8f6f7676ec3e23411c9a7b90c0d98413505ae48a6f9680b3b1c7d9d2083981adb57cc49d7c44eb888269d5ddad8a8ece4937a8c1bd5f6d54eb2fee4344a60a71f21a02b71241caa5bfb30ef20735987815557dd0712275e1cab0562f6e71d00f07d832fff291844ad8c73a6b27652f46020e42eebd5fd185751187d8455017d6e42c6492f282d3fcea50ef7e26862684165a175a262d5fdb1562a9dd53028ed11564d449b40c3dc6e1500aff5eb7c7ac29b27bcac0249c746425160e164ce64e5180f5b19b180bfa5a14ff6d6bac621a1723ffe9dbd05f91bed6ffd9ba2ca0ea7f3eca738786c6cf9be08976ab48f5ce579d5053ef537ba15f9ca286ef7299567bf2b50512cba39ca22e4eafa46593dfb19b29e524a5e0b527f23c3fd666357e9b397f2e720146853c8a4e590b620fd4f0c83a6a0d626fbc2d018596b5bd8b2b9496d3a83f8760b1fb0a6ec9de29b146334717e8cab34996e8474bbde59447f2cc876096f80b10134ed5d69027a9cdd109de0d161003880d10536725ab38afdff82208b8ca05f7661bc482b841d815c35660d7f7b036d0426f3cbfcd1448782af41483936f20b09e239d53be9df805d1a4dced5167eb9b8c8c681451329adcea047a3a00461916692c523647ed2b81b39080417072cf26db7733533", 0x201}], 0x1) 2018/03/08 13:24:06 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000001000), 0x4) bind$inet6(r0, &(0x7f00001c1000)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f0000b31000)="f9", 0x1, 0x0, &(0x7f00009e1000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0x87) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000100), 0x8) accept4(r0, &(0x7f0000000000)=@can, &(0x7f0000000040)=0x10, 0x0) 2018/03/08 13:24:06 executing program 2: pipe(&(0x7f0000d75000)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000072000), 0x0) 2018/03/08 13:24:06 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000ca1f70)={0x0, {{0xa, 0x4e20}}}, 0x3af2) 2018/03/08 13:24:06 executing program 0: unshare(0x20020000) mkdir(&(0x7f00001a3000)='./file0\x00', 0x0) mount(&(0x7f000052f000)='./file0\x00', &(0x7f00008fcfff)='.', &(0x7f00003a2ffa)="0700cc667300", 0x1000, 0x0) mount(&(0x7f0000c6bff8)='./file0\x00', &(0x7f000092f000)='./file0\x00', &(0x7f0000dcd000)='ramfs\x00', 0x0, &(0x7f000002f000)) mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000a60000)='ramfs\x00', 0xff8c, &(0x7f0000000080)) poll(&(0x7f00007a7fe8), 0x2000000000000098, 0x7f) rmdir(&(0x7f0000d19000)='./file0\x00') socketpair$packet(0x11, 0x0, 0x300, &(0x7f0000002740)) 2018/03/08 13:24:06 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_ifreq(r0, 0x8991, &(0x7f00000002c0)={'bond0\x00', @ifru_addrs=@in={0x0, 0x4e20}}) 2018/03/08 13:24:06 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000a56000), 0xfffffffffffffe0c, 0x20000004, &(0x7f00004b2fe4)={0xa, 0x4e22}, 0x1c) r2 = accept4(r1, &(0x7f0000218fa8)=@alg, &(0x7f0000b0fffc)=0x58, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x37, &(0x7f0000002480)=@srh={0x0, 0x0, 0x4}, 0x8) [ 36.592774] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 36.636816] ================================================================== [ 36.644203] BUG: KASAN: out-of-bounds in unwind_get_return_address+0x92/0xa0 [ 36.651377] Read of size 8 at addr ffff8801be7578d0 by task syz-executor5/5322 [ 36.658706] [ 36.660313] CPU: 1 PID: 5322 Comm: syz-executor5 Not tainted 4.9.86-g00db063 #60 [ 36.667814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.677245] ffff8801b321f7c0 ffffffff81d956f9 ffffea0006f9d5c0 ffff8801be7578d0 [ 36.685232] 0000000000000000 ffff8801be7578d8 0000000000000000 ffff8801b321f7f8 [ 36.693207] ffffffff8153e083 ffff8801be7578d0 0000000000000008 0000000000000000 [ 36.701182] Call Trace: [ 36.703743] [] dump_stack+0xc1/0x128 [ 36.709084] [] print_address_description+0x73/0x280 [ 36.715720] [] kasan_report+0x275/0x360 [ 36.721315] [] ? unwind_get_return_address+0x92/0xa0 [ 36.728040] [] __asan_report_load8_noabort+0x14/0x20 [ 36.734768] [] unwind_get_return_address+0x92/0xa0 [ 36.741318] [] __save_stack_trace+0x8d/0xf0 [ 36.747269] [] save_stack_trace_tsk+0x48/0x70 [ 36.753387] [] proc_pid_stack+0x146/0x230 [ 36.759156] [] ? lock_trace+0xc0/0xc0 [ 36.764585] [] proc_single_show+0xf8/0x170 [ 36.770445] [] seq_read+0x32f/0x1290 [ 36.775781] [] ? seq_escape+0x200/0x200 [ 36.781376] [] ? __fsnotify_parent+0xbc/0x340 [ 36.787490] [] ? fsnotify+0x86/0xf30 [ 36.792822] [] ? fsnotify+0xf30/0xf30 [ 36.798246] [] do_loop_readv_writev.part.17+0xc8/0x2b0 [ 36.805145] [] compat_do_readv_writev+0x5ff/0x740 [ 36.811607] [] ? do_pwritev+0x1a0/0x1a0 [ 36.817201] [] ? mutex_lock_nested+0x5e3/0x870 [ 36.823407] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.830216] [] ? mutex_lock_nested+0x56f/0x870 [ 36.836419] [] ? __fdget_pos+0x9f/0xc0 [ 36.841942] [] ? __fget+0x20a/0x3b0 [ 36.847189] [] ? mutex_lock_killable_nested+0x960/0x960 [ 36.854175] [] ? __fget+0x47/0x3b0 [ 36.859337] [] compat_readv+0xe3/0x150 [ 36.864847] [] do_compat_readv+0xf4/0x1d0 [ 36.870615] [] ? compat_readv+0x150/0x150 [ 36.876381] [] compat_SyS_readv+0x26/0x30 [ 36.882150] [] ? SyS_pwritev2+0x80/0x80 [ 36.887759] [] do_fast_syscall_32+0x2f5/0x870 [ 36.893875] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.900513] [] entry_SYSENTER_compat+0x90/0xa2 [ 36.906715] [ 36.908315] The buggy address belongs to the page: [ 36.913215] page:ffffea0006f9d5c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 36.921440] flags: 0x8000000000000000() [ 36.925379] page dumped because: kasan: bad access detected [ 36.931054] [ 36.932650] Memory state around the buggy address: [ 36.937548] ffff8801be757780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.944879] ffff8801be757800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.952207] >ffff8801be757880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.959538] ^ [ 36.965740] ffff8801be757900: 00 00 f1 f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 [ 36.973077] ffff8801be757980: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 36.980407] ================================================================== [ 36.987738] Disabling lock debugging due to kernel taint [ 37.002459] Kernel panic - not syncing: panic_on_warn set ... [ 37.002459] [ 37.009842] CPU: 1 PID: 5322 Comm: syz-executor5 Tainted: G B 4.9.86-g00db063 #60 [ 37.018566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.027902] ffff8801b321f718 ffffffff81d956f9 ffffffff84197a0f ffff8801b321f7f0 [ 37.035898] 0000000000000000 ffff8801be7578d8 0000000000000000 ffff8801b321f7e0 [ 37.043883] ffffffff8142f531 0000000041b58ab3 ffffffff8418b470 ffffffff8142f375 [ 37.051906] Call Trace: [ 37.054468] [] dump_stack+0xc1/0x128 [ 37.059809] [] panic+0x1bc/0x3a8 [ 37.064814] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 37.073032] [] ? preempt_schedule+0x25/0x30 [ 37.078984] [] ? ___preempt_schedule+0x16/0x18 [ 37.085196] [] kasan_end_report+0x50/0x50 [ 37.090971] [] kasan_report+0x167/0x360 [ 37.096572] [] ? unwind_get_return_address+0x92/0xa0 [ 37.103308] [] __asan_report_load8_noabort+0x14/0x20 [ 37.110031] [] unwind_get_return_address+0x92/0xa0 [ 37.116581] [] __save_stack_trace+0x8d/0xf0 [ 37.122543] [] save_stack_trace_tsk+0x48/0x70 [ 37.128678] [] proc_pid_stack+0x146/0x230 [ 37.134467] [] ? lock_trace+0xc0/0xc0 [ 37.139900] [] proc_single_show+0xf8/0x170 [ 37.145759] [] seq_read+0x32f/0x1290 [ 37.151108] [] ? seq_escape+0x200/0x200 [ 37.156701] [] ? __fsnotify_parent+0xbc/0x340 [ 37.162825] [] ? fsnotify+0x86/0xf30 [ 37.168166] [] ? fsnotify+0xf30/0xf30 [ 37.173601] [] do_loop_readv_writev.part.17+0xc8/0x2b0 [ 37.180511] [] compat_do_readv_writev+0x5ff/0x740 [ 37.186978] [] ? do_pwritev+0x1a0/0x1a0 [ 37.192574] [] ? mutex_lock_nested+0x5e3/0x870 [ 37.198777] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 37.205586] [] ? mutex_lock_nested+0x56f/0x870 [ 37.211789] [] ? __fdget_pos+0x9f/0xc0 [ 37.217302] [] ? __fget+0x20a/0x3b0 [ 37.222547] [] ? mutex_lock_killable_nested+0x960/0x960 [ 37.229528] [] ? __fget+0x47/0x3b0 [ 37.234687] [] compat_readv+0xe3/0x150 [ 37.240192] [] do_compat_readv+0xf4/0x1d0 [ 37.245966] [] ? compat_readv+0x150/0x150 [ 37.251754] [] compat_SyS_readv+0x26/0x30 [ 37.257536] [] ? SyS_pwritev2+0x80/0x80 [ 37.263141] [] do_fast_syscall_32+0x2f5/0x870 [ 37.269258] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.275898] [] entry_SYSENTER_compat+0x90/0xa2 [ 37.282150] Dumping ftrace buffer: [ 37.285663] (ftrace buffer empty) [ 37.289341] Kernel Offset: disabled [ 37.292938] Rebooting in 86400 seconds..