[....] Starting enhanced syslogd: rsyslogd[ 16.967830] audit: type=1400 audit(1518683020.033:5): avc: denied { syslog } for pid=4035 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.782253] audit: type=1400 audit(1518683025.848:6): avc: denied { map } for pid=4175 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. 2018/02/15 08:23:52 fuzzer started [ 29.039195] audit: type=1400 audit(1518683032.104:7): avc: denied { map } for pid=4186 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/15 08:23:52 dialing manager at 10.128.0.26:45603 [ 32.494407] can: request_module (can-proto-0) failed. [ 32.503713] can: request_module (can-proto-0) failed. 2018/02/15 08:23:56 kcov=true, comps=false 2018/02/15 08:23:57 executing program 7: 2018/02/15 08:23:57 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008ff000-0x10)={&(0x7f0000334000-0x78)={0x2, 0x1, 0x0, 0x9, 0xa, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, [@sadb_spirange={0x2, 0x10, 0xffffffffffffffff, 0x1}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xffffffffffffffff, @multicast1=0xe0000001}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0xffffffffffffffff, @multicast1=0xe0000001}}]}, 0x50}, 0x1}, 0x0) 2018/02/15 08:23:58 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000037d000-0x4), 0x4) dup3(r0, r1, 0x80000) 2018/02/15 08:23:58 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgid(0xffffffffffffffff) r1 = syz_open_procfs(r0, &(0x7f0000e40000-0xa)='numa_maps\x00') lseek(r1, 0x4000000000028dd, 0x0) 2018/02/15 08:23:58 executing program 4: mmap(&(0x7f0000000000/0x29000)=nil, 0x29000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000005000-0x38)={&(0x7f0000019000)={0x10}, 0xc, &(0x7f000000b000)={&(0x7f0000027000)=@mpls_newroute={0x20, 0x18, 0x21, 0xffffffffffffffff, 0xffffffffffffffff, {0x1c}, [@RTA_DST={0x4, 0x1, []}]}, 0x20}, 0x1}, 0x0) 2018/02/15 08:23:58 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000f79000)='/dev/loop#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000d58000-0xbf)="4cae24935258d8f034d10dd231bcebfd6b2b3a089c7deab4b08ba0b80423eceec3c78501927a1fc93623a9197e983b9f02b7898f28701b84e0c64e484b73bdfbaf4246d751c38fe1e48acbca2486347a5ca9c90c232bc51af8af78dc4c8bb58dc1f53300be16b2553c26679841ebcc497d6ee7a8e811b36a867dda277c68cb72b31743fb1f6e813c3350c75a648a8ae186782a64916d007d61d13430821eb63e239fc1d60e58014e52f974d4857ba6fa533db783d401c4e993e83f1420f5b8") nanosleep(&(0x7f00005c0000-0x8), &(0x7f0000617000)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @tid}, &(0x7f0000044000)) r2 = getuid() stat(&(0x7f0000cd4000-0x8)='./file0\x00', &(0x7f0000be1000)) chown(&(0x7f0000fa3000-0x8)='./file0\x00', r2, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) read(r0, &(0x7f0000b97000-0x24)=""/36, 0x24) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) tkill(r1, 0x1000000000016) 2018/02/15 08:23:58 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000fd2000-0xa)='net/tcp\x00') readv(r0, &(0x7f0000203000)=[{&(0x7f000012a000)=""/154, 0x9a}], 0x1) [ 34.911645] audit: type=1400 audit(1518683037.977:8): avc: denied { map } for pid=4186 comm="syz-fuzzer" path="/root/syzkaller-shm941671621" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2018/02/15 08:23:58 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000b6e000)={@link_local={0x1, 0x80, 0xc2}, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @udp={0xffffffffffffffff, 0xffffffffffffffff, 0x8}}}}}, 0x0) [ 34.943961] audit: type=1400 audit(1518683038.009:9): avc: denied { map } for pid=4231 comm="syz-executor1" path="/sys/kernel/debug/kcov" dev="debugfs" ino=9086 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 34.967763] IPVS: ftp: loaded support on port[0] = 21 [ 34.969271] audit: type=1400 audit(1518683038.026:10): avc: denied { sys_admin } for pid=4231 comm="syz-executor1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 35.044702] IPVS: ftp: loaded support on port[0] = 21 [ 35.086180] audit: type=1400 audit(1518683038.075:11): avc: denied { net_admin } for pid=4233 comm="syz-executor1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 35.124917] IPVS: ftp: loaded support on port[0] = 21 [ 35.178417] IPVS: ftp: loaded support on port[0] = 21 [ 35.249174] IPVS: ftp: loaded support on port[0] = 21 [ 35.316565] IPVS: ftp: loaded support on port[0] = 21 [ 35.407936] IPVS: ftp: loaded support on port[0] = 21 [ 35.512987] IPVS: ftp: loaded support on port[0] = 21 [ 36.229081] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 36.468440] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 36.595448] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 36.625185] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 36.801464] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 36.896430] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 37.016912] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 37.078353] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.899167] audit: type=1400 audit(1518683041.963:12): avc: denied { sys_chroot } for pid=4233 comm="syz-executor1" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 39.001212] audit: type=1400 audit(1518683042.066:13): avc: denied { dac_override } for pid=5167 comm="syz-executor1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/02/15 08:24:02 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f000014c000-0x9)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f000067e000-0xa)='/dev/vcs#\x00', 0x29, 0x40002) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000083000-0x8)={0x0, 0x101}, &(0x7f0000950000-0x4)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000a9d000-0x73)={r2, 0x1, 0x6b, "dc264a31fb6664d05edfed68624e4f78626cb1f5f2c4420d505c017bd50f208072a410a133573f5b492e8d73a1f8a6f9280cce318e84c06f0003eb10b7dead37f18051721d676d0eddb813ee92c9f2540057b09e77b6026a52c5271480b8f75563a8bfe97fd55f404034c1"}, 0x73) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = dup2(r0, r0) r5 = syz_open_dev$sndpcmc(&(0x7f0000a17000)='/dev/snd/pcmC#D#c\x00', 0x2b, 0x200280) sendfile64(r3, r5, &(0x7f0000782000), 0x1) ioctl$VT_DISALLOCATE(r4, 0x5608) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0xffffffffffffffff) ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000c9c000-0x138)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}) ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f000098d000)) exit_group(0xfffffffffffffff9) [ 39.227864] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 39.260114] netlink: 'syz-executor4': attribute type 1 has an invalid length. 2018/02/15 08:24:02 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) add_key$user(&(0x7f00009ef000)='user\x00', &(0x7f0000019000)={0x73, 0x79, 0x7a, 0x2}, &(0x7f00007d4000)="148c2e1ecca37a639c7e3f46", 0xc, 0xfffffffffffffffe) request_key(&(0x7f0000638000-0xc)='cifs.spnego\x00', &(0x7f000090b000)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000737000)='cgroup%GPLlo\x00', 0xfffffffffffffffb) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000005000-0x38)={&(0x7f0000014000)={0x10}, 0xc, &(0x7f0000015000)={&(0x7f0000017000-0x6e8)={0x24, 0x2000002c, 0x443, 0xffffffffffffffff, 0xffffffffffffffff, {}, [@nested={0x10, 0x0, [@typed={0xc, 0x0, @pid}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xffffffffffffffff}, 0x0) 2018/02/15 08:24:02 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) unshare(0x8000000) socket$can_bcm(0x1d, 0x2, 0x2) r0 = mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000b04000)={0x0, 0x5, 0x2}) mq_timedsend(r0, &(0x7f0000e72000-0x1), 0x0, 0xe65, 0x0) mq_timedsend(r0, &(0x7f000066c000), 0x0, 0x0, &(0x7f000058f000-0x10)={0x77359400}) 2018/02/15 08:24:02 executing program 4: mmap(&(0x7f0000000000/0x29000)=nil, 0x29000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000005000-0x38)={&(0x7f0000019000)={0x10}, 0xc, &(0x7f000000b000)={&(0x7f0000027000)=@mpls_newroute={0x20, 0x18, 0x21, 0xffffffffffffffff, 0xffffffffffffffff, {0x1c}, [@RTA_DST={0x4, 0x1, []}]}, 0x20}, 0x1}, 0x0) 2018/02/15 08:24:02 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f00007be000-0x12)='/dev/snd/pcmC#D#p\x00', 0x10001, 0x101000) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f000003e000-0x8)=0x7f) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00003de000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000c98000-0x8)) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000bd5000-0x88)={0x4, 0x0, [{0x3000, 0x6f, &(0x7f00003f5000)=""/111}, {0x10000, 0x5c, &(0x7f000071e000)=""/92}, {0x3000, 0x68, &(0x7f0000522000)=""/104}, {0x9eb7feeca0b377fb, 0x43, &(0x7f0000925000-0x43)=""/67}]}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000ee1000)={0x0, 0x0, []}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000594000)={0x3, {0x2, 0x2, @loopback=0x7f000001}, {0x2, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}}, {0x2, 0x1, @remote={0xac, 0x14, 0x0, 0xbb}}, 0x100, 0x101, 0x0, 0x4, 0xfffffffffffffffe, &(0x7f00006df000)=@syzn={0x73, 0x79, 0x7a, 0x0}, 0x6, 0x7, 0x7fffffff}) r3 = openat(0xffffffffffffff9c, &(0x7f0000647000)='./file0\x00', 0x121000, 0x20) ioctl$KVM_GET_FPU(r3, 0x81a0ae8c, &(0x7f00008fb000-0x1a0)) 2018/02/15 08:24:02 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000114000)='net/stat\x00') getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000114000)={0x1ff, 0x8000, 0x65, 0xe6, 0x0}, &(0x7f0000f1d000-0x4)=0x10) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000904000-0x8)={r1, 0x401, 0x6}, 0x8) mkdir(&(0x7f00001ec000-0x8)='./file0\x00', 0x0) r2 = open(&(0x7f0000aa0000)='./file0\x00', 0x0, 0x0) r3 = fcntl$dupfd(r2, 0x800000000402, 0xffffffffffffffff) r4 = openat(0xffffffffffffff9c, &(0x7f00004e3000-0x8)='./file0\x00', 0x0, 0x0) fcntl$dupfd(r4, 0x402, r3) 2018/02/15 08:24:02 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000b3d000-0xed)={@link_local={0x1, 0x80, 0xc2}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @rand_addr=0xfffffffffffffe02, @dev={0xac, 0x14, 0x0, 0x15}, {[]}}, @icmp=@redirect={0x5, 0x0, 0x0, @loopback=0x7f000001, {0x10, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2f, 0x0, @dev={0xac, 0x14}, @multicast1=0xe0000001, {[@ssrr={0x89, 0x17, 0x0, [@rand_addr, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @empty, @multicast2=0xe0000002, @broadcast=0xffffffff]}, @cipso={0x86, 0x12, 0x0, [{0x0, 0xc, "88fe44cd5abaaa4de7f7"}]}]}}}}}}}, &(0x7f0000ea3000)={0x0, 0x0, []}) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockname$packet(r0, &(0x7f0000929000-0x14)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00005c3000)=0x14) r2 = getuid() setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000d86000-0xe8)={{{@in6=@mcast1={0xff, 0x1, [], 0x1}, @in=@rand_addr=0xf8c, 0x0, 0x7, 0x2, 0x800, 0xa, 0x20, 0x20, 0x2f, r1, r2}, {0x2, 0x4, 0xfffffffffffffeff, 0x80000000, 0x3, 0x80000001, 0x8ee, 0x8}, {0x401, 0x6, 0x401, 0x1}, 0xfff, 0x9, 0x1, 0x0, 0x1}, {{@in=@loopback=0x7f000001, 0x0, 0x2b}, 0x2, @in=@rand_addr=0x7fa, 0x5, 0x2, 0x1, 0x1, 0x1, 0xfffffffffffffffb, 0x200000000}}, 0xe8) fcntl$notify(r0, 0x402, 0x80000012) 2018/02/15 08:24:02 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f00006ba000)={0x0, 0x1c9c380}, &(0x7f0000dab000-0x8)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000f2a000/0x1000)=nil, 0x1000, 0x2, &(0x7f000042e000)=0xfffffffffffff596, 0xb0f, 0x0) signalfd4(0xffffffffffffff9c, &(0x7f0000d19000), 0x644dcbfec3485e, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000758000-0xd)='/dev/usbmon#\x00', 0x6f2b011c, 0x1) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000ee000)={0x0, 0xffff, 0x30}, &(0x7f0000c1e000)=0xc) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000667000)={r1, 0x1}, 0x8) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0106434, &(0x7f000089a000)={0x100000001, 0x0, 0x10001}) ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0086438, &(0x7f0000a33000)={0xe0000, r2}) 2018/02/15 08:24:02 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000ffa000)='/dev/mixer\x00', 0x28000, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000888000)='/selinux/enforce\x00', 0x24c000, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={&(0x7f000038b000-0xc)={0x10}, 0xc, &(0x7f0000023000)={&(0x7f000011b000-0x208)={0x14, 0x1000000000006, 0x6, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, {}, []}, 0x14}, 0x1}, 0x0) [ 39.467539] audit: type=1400 audit(1518683042.533:14): avc: denied { net_raw } for pid=5274 comm="syz-executor0" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/02/15 08:24:02 executing program 4: mmap(&(0x7f0000000000/0x29000)=nil, 0x29000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000005000-0x38)={&(0x7f0000019000)={0x10}, 0xc, &(0x7f000000b000)={&(0x7f0000027000)=@mpls_newroute={0x20, 0x18, 0x21, 0xffffffffffffffff, 0xffffffffffffffff, {0x1c}, [@RTA_DST={0x4, 0x1, []}]}, 0x20}, 0x1}, 0x0) [ 39.537682] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 39.546048] audit: type=1400 audit(1518683042.611:15): avc: denied { create } for pid=5279 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 2018/02/15 08:24:02 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000f45000)='/dev/audio\x00', 0x3ffffe, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00007ed000-0xc), &(0x7f0000a16000)=0xc) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) sendmmsg$alg(r0, &(0x7f0000fba000-0x38)=[{0x0, 0x0, &(0x7f0000007000-0x28)=[{&(0x7f00000cc000)="295bd203dfa37d2f2245e6381087388cd1e1eeaeefb78aa341806546505c63c0d2c17f4908d88591bba607606d95607a2579a4ae3943f2d9789576b098e14d6181e81a8bc7f72f2095b6f86bfdd1b71cb5d4b2fe180d29e68507c4f4079aa3801bf3b9236bd170b05f5a464a026048a8e15227486c752b51d51a4fe49d90c14a4c5562da87156304abb74a6c1126b8b99668661d8736f8f62cc3c0b3f2bc8d79637161f61483ac569888dc46ea7dcba11f36c68f88e9ee2c55530bc61a380130445c61da45bf83d6171f06b683e5c79f7f5ee9bc130c467f3b8bb4c094dd10efb2dd52cedc3954", 0xe7}, {&(0x7f0000220000)="3032c520a15686daf5e5e1817778abb2051bac62fe02e500138d18c4ab0c63f84c09cb6913bbcf2a5d0ccf4d5340aed9c78c8de174c05b1a80cf4f8e122e58a5a80e388f03825078cf5ae5c0e7e7be602d8d5bab2717e6169782d6193b68a3347abc5d9b93830ab7f6eb175da47185084d6b912ee0f919b7d24b29bb233355e46b456c1391bba708aa2e6831e65e7dff86907a64b4f89f31d2fefe7ca7c96ce5ba3b454b9cd73b3c389c68271eb2eb05d5bb3f85f1f4", 0xb6}, {&(0x7f0000f87000-0x21)="e0bdd33ebf8177497c10ae27d5da91f12a1aa60fb4a9d47e4bfcc197f538f416f0", 0x21}, {&(0x7f0000cd0000)}, {&(0x7f00009c9000)="ca105bff6d25323840046f7789babd281f", 0x11}], 0x5, &(0x7f0000f15000)=[@assoc={0x10, 0x117, 0x4, 0x9}, @assoc={0x10, 0x117, 0x4, 0x6}, @iv={0x48, 0x117, 0x2, 0x36, "31ea014b6226634958994b80e107ee3146474535d1d29d6482f242ad822068a57085b59aa93ba04aed55e32576d6b34f542cd4fff426"}, @assoc={0x10, 0x117, 0x4, 0xba5}], 0x78}, {0x0, 0x0, &(0x7f0000b62000-0x28)=[{&(0x7f0000a42000-0x93)="fdf68a88b1c4078b62dc464d1cde3cdbd0227df10a3f3a129c2fad59f3a386f76586e95a741b39a38aa9968f86f8630fcfa7096f5cef6b3b8979a641cf063fd41104b0e12fc024d7eebeea94e60aa0de59a7d875c5d776121d7904c6089dc634b662023368bcfddd171de9d78cd8f45aa4f27d84895ba6e781c8455a24f76570cad192a74b42518461f11114f17c609d240a04", 0x93}, {&(0x7f00001e0000-0x8f)="ed9bb7704b86160bc598df7460aa256f9e4a66bd280ef221daaf560bd3450e352df073e182e2d530d2ff4eb45095d2657c1b67cded815c29d9e08339ac365bfaf7617f4665162ffe3ec8b2c68399406f5cf46a7d39299a8a06006229a4b2626710e90ae4efa603c4dc03c31a377e7a3f77fc6e155b78af19d7ec6f6a323b803714e162fa7edd3ec1d0360a0aceea46", 0x8f}, {&(0x7f0000435000)="b742c690e4f52ac16f7a526471221d676c236be927d8beeb0199942e22b57a5f09c1248ad40ac6efa80b954fec78f09231b7c46f3e5b4cde13dfb652f4c024a4304a3e6e59ee4ac6616f631f6b5469bab8ed735bc5c9ae457ed93d6633", 0x5d}, {&(0x7f0000961000-0x20)="18d27bc10f7c29af016077a18f5631583d56dc0268e0edb57775a7d6fcbbe85e", 0x20}, {&(0x7f00006a2000-0x9b)="7e5d11747306a543190257983a2377eb91184df4ae68bd5e9290fc06ad9040de6b3be11a25f0e618e942f41e11d59a29ed405920a662b9070e0040c94f24b133a8cb79af6163e206f4e7c2a919de7a74192c601e64f28948be82ee8fe3fdc064c0b4ac2a7947d03bbec207b2226c5071216dc67f5a1733cc1c41c1b312e38c2b3790b6fb4a176061fd012f1c730a6c0175becf7f39711643d97a4b", 0x9b}], 0x5, &(0x7f00008fb000)=[], 0x0, 0x20000000}], 0x2, 0x40000) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000924000-0xc)='/dev/rfkill\x00', 0x0, 0x0) r3 = userfaultfd(0x0) setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000456000-0x4), 0x4) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000e54000-0x18)={0xaa}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000008000-0x20)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) readv(r2, &(0x7f00001f3000-0x10)=[{&(0x7f0000002000-0x4e)=""/1, 0x1}], 0x1) ioctl$RNDADDTOENTCNT(r2, 0x40045201, &(0x7f0000b27000)) ioctl$RNDADDTOENTCNT(r2, 0x40045201, &(0x7f000011a000-0x4)=0xa7) ioctl$fiemap(r0, 0xc020660b, &(0x7f0000bfc000)={0x1f, 0x0, 0x0, 0x2, 0x4, [{0x80000000, 0x0, 0xff, 0x0, 0x0, 0x400}, {0x7, 0xffff, 0x0, 0x0, 0x0, 0x280}, {0x4, 0x8, 0x0, 0x0, 0x0, 0x100}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x1080}]}) ioctl$UFFDIO_UNREGISTER(r3, 0xc020aa04, &(0x7f0000008000-0x4)={&(0x7f0000000000/0x2000)=nil, 0x2000}) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f000070f000-0xa)={0x0, 0x58e, 0x1, [0x1]}, &(0x7f0000ef6000)=0xa) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000b62000-0x8)={r4, 0x1, 0x89}, &(0x7f0000fac000-0x4)=0x8) ioctl$TIOCLINUX7(r0, 0x541c, &(0x7f0000491000-0x2)={0x7, 0x71}) ioctl$SNDRV_TIMER_IOCTL_TREAD(r2, 0x40045402, &(0x7f000086e000-0x4)) 2018/02/15 08:24:02 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) unshare(0x20020000) mkdir(&(0x7f00001a3000)='./file0\x00', 0x0) mount(&(0x7f000052f000)='./file0\x00', &(0x7f00008fd000-0x1)='.', &(0x7f0000c08000)="0700cc667300", 0x1000, 0x0) mount(&(0x7f0000c6c000-0x8)='./file0\x00', &(0x7f000092f000)='./file0\x00', &(0x7f0000dcd000)='ramfs\x00', 0x0, &(0x7f000002f000)) mount(&(0x7f000000a000)='.', &(0x7f0000852000)='.', &(0x7f0000a60000)='ramfs\x00', 0xff8c, &(0x7f00008a7000)) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000bd6000)='/dev/ion\x00', 0x10002, 0x0) poll(&(0x7f000007e000-0x2)=[{r0, 0x200}, {r0, 0x8010}], 0x2, 0x7f) mkdir(&(0x7f0000a6f000-0x8)='./file0\x00', 0x88) r1 = syz_open_dev$mouse(&(0x7f0000cb3000-0x12)='/dev/input/mouse#\x00', 0x400, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000ebc000)=0x100000000, 0x4) rmdir(&(0x7f0000002000-0x8)='./file0\x00') r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f000068e000-0xf)='/dev/sequencer\x00', 0x10000, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f00003d2000)={0x0, 0xf5, "3224f41650f7b9d148d4579ce9a0e9a6db0249b88567fb304e3d9938d959a6c2b29ff98f6e18d857e718fd49d965565dfaf511e5f455d4787d30db3d92bc68b203eedacf09cb50310d02f88b3dc26c55f987cb0efd6df84763e4b58eb933d72598737c24744cc899c96e983b6e1c3f5cbf69c2c5cd63aeb2ebd1ea14e0da54d3aafd5173fe2b4efd191ec8995f6c6e80cc2942898101e2b149c0956cf349bc13a751dfababc7d2ae7318761f12d145d316f613eaa28073b6809890dad0a175569ca424d6e63f987764b12eea04089bf6a726857af21cf715e9d498c7b96a600fbec50dd3357ad3a383fde05efe9a6ffc8464145854"}, &(0x7f0000b7d000-0x4)=0xfd) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x1b, &(0x7f0000f86000-0x107)={r3, 0xff, "6c75b34585648767a14d60907c81ccbf6da43d7d823a26d084305d2d29b6d1ac867beed9cbdb364ab895ae103da2043542066f4b2eb8508581c68e6cf9eefcfdc732d30115fc32d8f7add3a30f4a314b3910d3d53e44feba92d0d1a746f2db6b8c620d13fa2cca1172ab0062f4d54a58be48be13ecf708eee1d081aef95cd1dba4d71b87669055f643ec98cf0c9735db8fc0fde7cec32b4f716b5ccaf46584b944a4509a04acc86b1022fade97977aae25f13c2d522225a36336e3faecb94484abf15b32aa6e69d3a7ccc07eabfa0afcf19bb03fb6fe78fef39d5bdb1d706e5fdd4011775d3f71304f6da3154ee3bb0501104302a2ea7f50dba6db96e31f27"}, &(0x7f0000cf7000)=0x107) 2018/02/15 08:24:02 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000c55000-0x9)='/dev/vcs\x00', 0x0, 0x0) ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f00006d0000)={0x5, 0xef, 0x0, 0x4, 0x3f}) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000d6d000)={0x3, 0x0, 0x11, 0x1, 0x800000000000000}) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000e44000)={0x0, 0x6, 0x10}, &(0x7f00007a6000-0x4)=0xc) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f000032c000-0x14)={r1, 0x6, 0x5, 0x7, 0x3}, 0x14) ioctl$TCSBRK(r0, 0x5409, 0x1000) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000d2d000-0x20)={0x1, 0x18, [0x7, 0x8, 0x7f, 0x487f, 0x2, 0x450cd1b0]}) [ 39.593275] audit: type=1400 audit(1518683042.645:16): avc: denied { dac_read_search } for pid=5284 comm="syz-executor5" capability=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 39.618262] audit: type=1400 audit(1518683042.651:17): avc: denied { write } for pid=5279 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 2018/02/15 08:24:02 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xffffffff80000001, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffff8}, 0x0, 0x0, 0xffffffffffffffff, 0x4) mlock2(&(0x7f0000efe000/0x7000)=nil, 0x7000, 0x1) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f000068f000-0x28)={@common='teql0\x00', &(0x7f0000aea000-0x14)=@ethtool_modinfo={0x42, 0x0, 0x0, "843102d9b5bcc3ca"}}) 2018/02/15 08:24:02 executing program 1: mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000002000)='/dev/usbmon#\x00', 0xf5, 0x280000) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000001000-0x1c)={&(0x7f0000009000)=@nl=@unspec, 0xc, &(0x7f0000009000)=[{&(0x7f0000009000)=""/187, 0xbb}, {&(0x7f0000006000-0x8c)=""/140, 0x8c}, {&(0x7f0000009000)=""/104, 0x68}, {&(0x7f0000005000)=""/19, 0x13}, {&(0x7f0000009000)=""/254, 0xfe}, {&(0x7f0000005000-0xd8)=""/216, 0xd8}], 0x6, 0x0, 0x0, 0x3}, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000008000)) getsockopt$ax25_buf(r0, 0x101, 0x19, &(0x7f0000003000)=""/241, &(0x7f0000003000)=0xf1) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000008000-0x10)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGKBLED(r1, 0x4004510d, &(0x7f0000001000-0x1)) 2018/02/15 08:24:02 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$admmidi(&(0x7f00008ef000)='/dev/admmidi#\x00', 0x2, 0x80000) getsockopt$inet_int(r0, 0x0, 0xf, &(0x7f000070d000-0x4), &(0x7f00008c5000)=0x4) syz_emit_ethernet(0x3e, &(0x7f0000695000-0x2)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2}, [], {@ipv6={0x86dd, {0x0, 0x6, "06f526", 0x1, 0x11, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff, 0xbb}, @mcast2={0xff, 0x2, [], 0x1}, {[], @udp={0xffffffffffffffff, 0xffffffffffffffff, 0x8}}}}}}, &(0x7f0000775000)={0x0, 0x1, [0x0]}) 2018/02/15 08:24:02 executing program 2: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000001000-0x2)='$\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) write$selinux_context(r0, &(0x7f0000001000-0x21)='system_u:object_r:mount_tmp_t:s0\x00', 0x21) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) renameat(0xffffffffffffffff, &(0x7f0000001000)='./file0\x00', 0xffffffffffffffff, &(0x7f0000001000)='./file0\x00') 2018/02/15 08:24:02 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) futex(&(0x7f000000d000-0x4)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000d000-0x4)=0x4, 0x80000000000b, 0x4, &(0x7f0000ee0000-0x10)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) socket$inet_sctp(0x2, 0x0, 0x84) futex(&(0x7f000000d000-0x4), 0xc, 0x1, &(0x7f0000fd8000-0x10)={0x77359400}, &(0x7f0000048000), 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000a01000-0x8)={0x0, 0x0}) ptrace$setregset(0x4205, r0, 0x207, &(0x7f0000837000)={&(0x7f0000897000-0x29)="8f921b9cf2970e73f453904059d931afe868b88a7c54020180795b3c44f934c1fe9fef829d279bb360", 0x29}) futex(&(0x7f000000d000-0x4)=0x4, 0xb, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000ec5000-0x9)='/dev/vcs\x00', 0x2400, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000295000-0xa)={0x0, 0x10001, 0x1, [0x2]}, &(0x7f000074d000)=0xa) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00003bc000)={&(0x7f0000c25000-0x18)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f000018a000)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000728000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000429000)=[0x0], 0x6, 0x5, 0xa, 0x1}) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000e4d000-0x8)={r2, 0x53}, &(0x7f0000db2000)=0x8) socket$pppoe(0x18, 0x1, 0x0) 2018/02/15 08:24:02 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f000018d000-0xa)='net/kcm\x00\b\x00') bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00002bb000-0xa)={r0, 0x28, &(0x7f0000517000-0x28)}, 0x10) r1 = socket$kcm(0x29, 0x800000002, 0x0) sendfile(r1, r0, &(0x7f0000077000-0x8)=0x20000000, 0xffffffff) ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f0000f7a000-0x138)={{0xd000, 0x5000, 0x1f, 0x2, 0xa9, 0x9, 0x2, 0xffffffff, 0x101, 0x8, 0x8, 0x99}, {0xf004, 0x0, 0x4, 0x401, 0x1000, 0x5, 0x6, 0x9, 0x3, 0x7fffffff, 0x8988, 0xdc}, {0x0, 0x102000, 0xf, 0x1ff, 0x1f, 0x5, 0x1, 0x47, 0x7, 0x3f0a, 0x1, 0x1f}, {0x0, 0xf004, 0x1b, 0x6, 0x1000, 0x0, 0x8, 0x101, 0x3, 0x6, 0x7fffffff, 0x40}, {0x1000, 0x2, 0xf, 0x7, 0x93a5, 0x9, 0x5, 0x80, 0x40, 0xff, 0x4, 0x7}, {0x1, 0x3000, 0x0, 0x20, 0x100, 0x1, 0x5, 0x6, 0x6, 0x5, 0x1, 0x1ff}, {0x4, 0x6000, 0xb, 0x6, 0x5, 0x4, 0x3, 0x401, 0x401, 0x5ad, 0x3ff, 0xdd7c}, {0x6000, 0x4000, 0xf, 0xe3, 0x8, 0x5, 0x100000001, 0x36ad, 0x8000, 0x3, 0x8, 0x8}, {0x1d000, 0xf001}, {0x10f004, 0x3000}, 0x40000, 0x0, 0x1d000, 0x140040, 0x5, 0x1400, 0x3000, [0x4, 0x80000000, 0x0, 0x10000]}) 2018/02/15 08:24:02 executing program 7: mmap(&(0x7f0000000000/0x5000)=nil, 0x5000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x1, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7, 0x101000) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000007000-0x8)) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000005000)) ioctl(r0, 0x1, &(0x7f0000004000)='I') 2018/02/15 08:24:02 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000622000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000ea7000-0x9)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup3(r2, r2, 0x0) ioctl$KVM_SET_XCRS(r3, 0x4188aea7, &(0x7f0000a49000)={0x1, 0x0, [{0x0, 0x0, 0x1}]}) 2018/02/15 08:24:02 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00001e1000-0x9)='pagemap\x00') ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000838000)={0x7, 0x5000}) lseek(r0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f00001cc000-0x20)=[{&(0x7f0000ff9000-0x40)=""/64, 0x40}], 0x1) read(r0, &(0x7f0000b87000)=""/151, 0x97) 2018/02/15 08:24:02 executing program 5: r0 = add_key$keyring(&(0x7f0000001000-0x8)='keyring\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x3, 0x8c01) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f00002a5000-0x4)={0xd}, 0x4) keyctl$get_keyring_id(0x0, r0, 0xfffffffffffffffb) clone(0x3e38b3adcbafe9c6, &(0x7f000055a000), &(0x7f000018a000), &(0x7f00009c9000), &(0x7f00004af000)) 2018/02/15 08:24:02 executing program 5: mmap(&(0x7f0000000000/0x29000)=nil, 0x29000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000010000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000016000-0x10)={&(0x7f0000007000-0x24)={0x24, 0x1e, 0xafb, 0xffffffffffffffff, 0xffffffffffffffff, {0x3}, [@nested={0x10, 0x2, [@typed={0xffffffffffffff73, 0x0, @pid}]}]}, 0x24}, 0x1}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 2018/02/15 08:24:02 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001000-0x10)='/dev/sequencer2\x00', 0x282, 0x0) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000fb5000-0x8)) mmap(&(0x7f0000000000/0xe7d000)=nil, 0xe7d000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000e7d000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_nanosleep(0x7, 0x1, &(0x7f0000e7d000), 0x0) mq_unlink(&(0x7f00005f8000-0xa)='vmnet0\\{}\x00') r1 = syz_open_dev$sg(&(0x7f0000e79000-0x9)='/dev/sg#\x00', 0x5, 0x10000) getsockopt$ax25_buf(r1, 0x101, 0x0, &(0x7f0000c91000)=""/215, &(0x7f0000e79000-0x4)=0xd7) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendto(r2, &(0x7f0000255000)="28aaa2a551f0feba228b6d9852de5363ac8d5ab25ec9539c0bf31c4452a93722c960a0ada72fd3038e9b97a0bd9e80cd1bc703ea8e3e577dc9893de347250e10a3ea5a3800dbcf47b1da8dccf6", 0x4d, 0xc010, 0x0, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000e7e000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) splice(r3, &(0x7f0000e7e000), r3, &(0x7f0000146000-0x8), 0x1, 0x8) connect$l2tp(r3, &(0x7f0000e71000)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x200000, 0x2, 0x0, {0xa, 0x1, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x4}}}, 0x32) recvmmsg(r3, &(0x7f0000e79000)=[{{&(0x7f0000442000-0x26)=@pppol2tp={0x0, 0x0, {0x0, 0x0, {0x0, 0xffffffffffffffff, @local}}}, 0x26, &(0x7f000059b000-0x70)=[{&(0x7f0000e7a000-0x51)=""/81, 0x51}, {&(0x7f0000e79000)=""/4096, 0x1000}, {&(0x7f0000e7a000-0x57)=""/87, 0x57}, {&(0x7f00009cf000)=""/214, 0xd6}, {&(0x7f0000461000)=""/164, 0xa4}, {&(0x7f0000273000-0x9e)=""/158, 0x9e}, {&(0x7f0000e7a000-0x29)=""/41, 0x29}], 0x7, 0x0, 0x0, 0x8}, 0xc0}, {{&(0x7f000015d000-0x10)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10, &(0x7f0000e7a000-0x20)=[{&(0x7f0000e7a000-0xdf)=""/223, 0xdf}, {&(0x7f00001f3000)=""/93, 0x5d}], 0x2, &(0x7f0000b1f000)=""/96, 0x60, 0x6}, 0x3}, {{&(0x7f0000ba7000-0x9)=@rc, 0x9, &(0x7f000010a000-0x50)=[{&(0x7f0000e79000)=""/24, 0x18}, {&(0x7f0000e7a000-0x6a)=""/109, 0x6d}, {&(0x7f0000e79000)=""/193, 0xc1}, {&(0x7f000095d000)=""/162, 0xa2}, {&(0x7f0000bd2000-0x70)=""/112, 0x70}], 0x5, &(0x7f000084c000-0x37)=""/55, 0x37, 0xffffffffffffff00}, 0xbc0}, {{&(0x7f0000a3c000)=@hci, 0x6, &(0x7f0000e7a000-0x40)=[{&(0x7f0000229000)=""/85, 0x55}, {&(0x7f0000e7a000-0x1000)=""/4096, 0x1000}, {&(0x7f0000e7a000-0xe8)=""/232, 0xe8}, {&(0x7f0000e79000)=""/4, 0x4}], 0x4, &(0x7f00001c3000-0xe5)=""/229, 0xe5, 0x2}, 0xffffffff}, {{&(0x7f0000132000)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x10, &(0x7f00007c3000-0x70)=[{&(0x7f0000e79000)=""/166, 0xa6}, {&(0x7f0000903000-0x87)=""/135, 0x87}, {&(0x7f00004cf000)=""/160, 0xa0}, {&(0x7f0000e7a000-0xe6)=""/230, 0xe6}, {&(0x7f0000268000-0xac)=""/172, 0xac}, {&(0x7f0000e7a000-0xbd)=""/189, 0xbd}, {&(0x7f0000e79000)=""/63, 0x3f}], 0x7, &(0x7f0000e7a000-0xad)=""/173, 0xad, 0xd4}}], 0x5, 0x120, &(0x7f000060f000-0x10)={0x77359400}) r4 = socket$l2tp(0x18, 0x1, 0x1) dup2(r4, r2) 2018/02/15 08:24:02 executing program 6: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000f2b000), 0xffffff90) r1 = syz_open_dev$sg(&(0x7f0000361000-0x9)='/dev/sg#\x00', 0x1, 0x1) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mknodat(r1, &(0x7f0000002000-0x8)='./file0\x00', 0x0, 0x1) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={@syzn={0x73, 0x79, 0x7a, 0x0}, @ifru_ivalue=0xf0}) 2018/02/15 08:24:02 executing program 3: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001000-0xe)='net/netfilter\x00') setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000abc000)=@common='ipddp0\x00', 0x10) mmap(&(0x7f0000000000/0xd000)=nil, 0xd000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) sendmsg(r1, &(0x7f0000003000-0x38)={&(0x7f000000a000)=@rc={0x1f}, 0x9, &(0x7f0000009000)=[{&(0x7f0000004000-0x7c), 0xfe4c}], 0x1, &(0x7f0000009000)=[]}, 0x0) 2018/02/15 08:24:02 executing program 2: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$urandom(&(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000000000+0xb58)) fadvise64(r0, 0x23, 0x1ff, 0x7) [ 39.939413] kauditd_printk_skb: 1 callbacks suppressed [ 39.939421] audit: type=1400 audit(1518683043.005:19): avc: denied { create } for pid=5349 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 2018/02/15 08:24:03 executing program 0: fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f000094a000-0x24)="240000002e001d003200000800407700fbffffff0100000000000000ffffffff0100ff10", 0x24) syz_open_dev$audion(&(0x7f0000891000)='/dev/audio#\x00', 0x299505b5, 0x10200) 2018/02/15 08:24:03 executing program 5: mmap(&(0x7f0000000000/0xc000)=nil, 0xc000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) mmap(&(0x7f000000c000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000007000)=@filter={'filter\x00', 0xe, 0x4, 0x2b8, 0xffffffff, 0x148, 0xb4, 0xb4, 0xffffffff, 0xffffffff, 0x224, 0x224, 0x224, 0xffffffff, 0x4, &(0x7f000000c000), {[{{@uncond, 0x0, 0x90, 0xb4, 0x0, {}, [@common=@socket0={0x20, 'socket\x00'}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0x70, 0x94, 0x0, {}, []}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x2}}}, {{@ip={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x0, 0xbb}, 0xffffff00, 0xffffffff, @generic="9ac83125fad37a9a2940ea675a65e5f0", @common='ip6gre0\x00', {}, {0xff}, 0x6c, 0x2, 0x10}, 0x0, 0xb8, 0xdc, 0x0, {}, [@common=@ttl={0x24, 'ttl\x00', 0x0, {0x1, 0x6}}, @common=@icmp={0x24, 'icmp\x00', 0x0, {0x1f, 0x0, 0x7, 0x1}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x7}}}], {{[], 0x0, 0x70, 0x94}, {0x24, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x314) sendmsg(r0, &(0x7f0000005000-0x38)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000006000)="170000001500030007fffd946fa283bc02eee6d87986c4", 0x17}], 0x1}, 0x0) 2018/02/15 08:24:03 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000f2f000)={@syzn={0x73, 0x79, 0x7a, 0x0}, @ifru_addrs={0x2, 0x1, @broadcast=0xffffffff}}) r1 = accept4$ipx(r0, &(0x7f00008c1000-0x10), &(0x7f0000ec1000-0x4)=0x10, 0x800) ioctl$sock_netdev_private(r1, 0x89f7, &(0x7f0000bbf000)="e2bca0b2ab30cba3ba23af95085463a79780ee63eb57defe187ac08c2ac6932184ceab65a5e6475c1f7cec77c1be9fefbf11b512718e3147fbda7b280e426a614c9e93de97fd0931b407ca12bc9b18de52cb77ee87fc47d2") 2018/02/15 08:24:03 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f000089d000-0xb)='/dev/vcsa#\x00', 0x5, 0x20040) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000255000)={0x0, 0x7}, &(0x7f0000328000)=0x6) ioctl$sock_ipx_SIOCSIFADDR(r0, 0x8916, &(0x7f0000daa000)={"b553a9a743ba4bdacd715765100640ad", {0x4, 0x9, 0x3, "a922c93ef31a", 0x3}}) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000643000)={r1, 0x3}, &(0x7f0000e4b000)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000f47000)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f000040f000-0x4)=0x1d) syz_open_dev$sndctrl(&(0x7f00001ac000)='/dev/snd/controlC#\x00', 0x46, 0x80000) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000a0d000-0x4)=0x0) ptrace$pokeuser(0x6, r3, 0x0, 0x4b1) write(r2, &(0x7f000018f000-0x24)="2400000052001f0014b2f4070009040002000710080001001500ffff0800000000000000", 0x24) fcntl$getflags(r0, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f000024b000)={r1, 0xa01, 0x8000, 0x4, 0x8001, 0x1ce6cae, 0x7, 0x2, {r1, @in={{0x2, 0x2, @multicast2=0xe0000002}}, 0x5, 0x6, 0x8, 0x1a, 0xff}}, &(0x7f00000f9000-0x4)=0xb8) setsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000f9b000)="756d53a2cfa07a603767b155d992792ad1905b9874a8a1266da4da", 0x1b) ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000742000)=""/107) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000fe5000)=0x4, &(0x7f0000636000-0x4)=0x1) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f00000b6000)={0x7ff}) [ 39.968931] audit: type=1400 audit(1518683043.015:20): avc: denied { write } for pid=5349 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 2018/02/15 08:24:03 executing program 3: mmap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000001000)='/dev/snd/controlC#\x00', 0x0, 0x0) mprotect(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x4) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000002000-0x10c)={0x4, 0x2, 0xfffffffffffff800, 0x0, 0x0, [], [], [], 0x0, 0x1}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000005000)) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000005000-0x8)='./file0\x00', &(0x7f0000009000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000009000)='./file0\x00', &(0x7f0000004000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f000000a000-0xc)={0x0, 0x0, 0x0}, &(0x7f000000a000-0x4)=0xc) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) stat(&(0x7f0000005000-0x8)='./file0\x00', &(0x7f0000009000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000002000)='./file0\x00', &(0x7f000000a000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f000000a000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000009000+0x83d)=0xc) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000009000)={0x0, 0x0, 0x0}, &(0x7f000000a000-0x4)=0xc) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000009000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getresgid(&(0x7f0000009000)=0x0, &(0x7f0000005000-0x4), &(0x7f0000009000)) getgroups(0x8, &(0x7f0000009000-0x20)=[r1, r2, r3, r4, r5, r6, r7, r8]) [ 40.079802] ================================================================== [ 40.087384] BUG: KASAN: use-after-free in l2tp_session_create+0x9aa/0xb80 [ 40.094296] Read of size 4 at addr ffff8801af1fc868 by task syz-executor7/5356 [ 40.101626] [ 40.103241] CPU: 1 PID: 5356 Comm: syz-executor7 Not tainted 4.16.0-rc1+ #223 [ 40.110488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.119819] Call Trace: [ 40.122390] dump_stack+0x194/0x257 [ 40.125998] ? arch_local_irq_restore+0x53/0x53 [ 40.130651] ? show_regs_print_info+0x18/0x18 [ 40.135132] ? l2tp_session_create+0x9aa/0xb80 [ 40.139694] print_address_description+0x73/0x250 [ 40.144515] ? l2tp_session_create+0x9aa/0xb80 [ 40.149076] kasan_report+0x23b/0x360 [ 40.152863] __asan_report_load4_noabort+0x14/0x20 [ 40.157768] l2tp_session_create+0x9aa/0xb80 [ 40.162157] ? l2tp_tunnel_delete+0x50/0x50 [ 40.166461] ? trace_hardirqs_on+0xd/0x10 [ 40.170591] ? __local_bh_enable_ip+0x121/0x230 [ 40.175246] pppol2tp_connect+0xed7/0x1dd0 [ 40.179472] ? pppol2tp_recv_payload_hook+0x1b0/0x1b0 [ 40.184669] ? selinux_netlbl_socket_connect+0x76/0x1b0 [ 40.190024] ? selinux_socket_connect+0x311/0x730 [ 40.194845] ? lock_downgrade+0x980/0x980 [ 40.198976] ? selinux_socket_setsockopt+0x80/0x80 [ 40.203880] ? lock_release+0xa40/0xa40 [ 40.207836] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 40.213696] ? __check_object_size+0x8b/0x530 [ 40.218181] ? __might_sleep+0x95/0x190 [ 40.222153] ? security_socket_connect+0x89/0xb0 [ 40.226894] SYSC_connect+0x213/0x4a0 [ 40.230677] ? SYSC_bind+0x410/0x410 [ 40.234376] ? vma_is_stack_for_current+0xa0/0xa0 [ 40.239199] ? fput+0xd2/0x140 [ 40.242386] ? trace_hardirqs_off+0xd/0x10 [ 40.246603] ? exit_to_usermode_loop+0x198/0x2f0 [ 40.251339] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 40.256864] SyS_connect+0x24/0x30 [ 40.260381] ? SyS_accept+0x30/0x30 [ 40.263985] do_fast_syscall_32+0x3ec/0xf9f [ 40.268298] ? do_int80_syscall_32+0x9c0/0x9c0 [ 40.272861] ? finish_task_switch+0x5af/0x890 [ 40.277339] ? syscall_return_slowpath+0x2ac/0x550 [ 40.282247] ? prepare_exit_to_usermode+0x350/0x350 [ 40.287244] ? sysret32_from_system_call+0x5/0x3c [ 40.292072] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.296902] entry_SYSENTER_compat+0x70/0x7f [ 40.301286] RIP: 0023:0xf7f70c79 [ 40.304625] RSP: 002b:00000000f776c09c EFLAGS: 00000286 ORIG_RAX: 000000000000016a [ 40.312311] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000020e71000 [ 40.319557] RDX: 0000000000000032 RSI: 0000000000000000 RDI: 0000000000000000 [ 40.326811] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 40.334057] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 40.341306] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 40.348574] [ 40.350179] Allocated by task 5356: [ 40.353785] save_stack+0x43/0xd0 [ 40.357214] kasan_kmalloc+0xad/0xe0 [ 40.360901] kmem_cache_alloc_trace+0x136/0x740 [ 40.365544] l2tp_tunnel_create+0x5e1/0x17f0 [ 40.369927] pppol2tp_connect+0x14b1/0x1dd0 [ 40.374224] SYSC_connect+0x213/0x4a0 [ 40.378002] SyS_connect+0x24/0x30 [ 40.381523] do_fast_syscall_32+0x3ec/0xf9f [ 40.385824] entry_SYSENTER_compat+0x70/0x7f [ 40.390203] [ 40.391806] Freed by task 5363: [ 40.395060] save_stack+0x43/0xd0 [ 40.398488] __kasan_slab_free+0x11a/0x170 [ 40.402700] kasan_slab_free+0xe/0x10 [ 40.406476] kfree+0xd9/0x260 [ 40.409565] rcu_process_callbacks+0xe94/0x17f0 [ 40.414208] __do_softirq+0x2d7/0xb85 [ 40.417979] [ 40.419583] The buggy address belongs to the object at ffff8801af1fc780 [ 40.419583] which belongs to the cache kmalloc-512 of size 512 [ 40.433428] The buggy address is located 232 bytes inside of [ 40.433428] 512-byte region [ffff8801af1fc780, ffff8801af1fc980) [ 40.445274] The buggy address belongs to the page: [ 40.450179] page:ffffea0006bc7f00 count:1 mapcount:0 mapping:ffff8801af1fc000 index:0x0 [ 40.458298] flags: 0x2fffc0000000100(slab) [ 40.462514] raw: 02fffc0000000100 ffff8801af1fc000 0000000000000000 0000000100000006 [ 40.470370] raw: ffffea0006bc58a0 ffffea00072ca0a0 ffff8801db000940 0000000000000000 [ 40.478221] page dumped because: kasan: bad access detected [ 40.483902] [ 40.485508] Memory state around the buggy address: [ 40.490413] ffff8801af1fc700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.497745] ffff8801af1fc780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.505079] >ffff8801af1fc800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.512410] ^ [ 40.519137] ffff8801af1fc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.526472] ffff8801af1fc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.533805] ================================================================== [ 40.541138] Disabling lock debugging due to kernel taint [ 40.547107] Kernel panic - not syncing: panic_on_warn set ... [ 40.547107] [ 40.554481] CPU: 1 PID: 5356 Comm: syz-executor7 Tainted: G B 4.16.0-rc1+ #223 [ 40.563077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.563082] Call Trace: [ 40.563101] dump_stack+0x194/0x257 [ 40.563114] ? arch_local_irq_restore+0x53/0x53 [ 40.563130] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.563143] ? vsnprintf+0x1ed/0x1900 [ 40.563156] ? l2tp_session_create+0x950/0xb80 [ 40.563169] panic+0x1e4/0x41c [ 40.563178] ? refcount_error_report+0x214/0x214 [ 40.563191] ? add_taint+0x1c/0x50 [ 40.563201] ? add_taint+0x1c/0x50 [ 40.563212] ? l2tp_session_create+0x9aa/0xb80 [ 40.563222] kasan_end_report+0x50/0x50 [ 40.563229] kasan_report+0x148/0x360 [ 40.563242] __asan_report_load4_noabort+0x14/0x20 [ 40.563251] l2tp_session_create+0x9aa/0xb80 [ 40.563261] ? l2tp_tunnel_delete+0x50/0x50 [ 40.563272] ? trace_hardirqs_on+0xd/0x10 [ 40.563283] ? __local_bh_enable_ip+0x121/0x230 [ 40.645978] pppol2tp_connect+0xed7/0x1dd0 [ 40.650206] ? pppol2tp_recv_payload_hook+0x1b0/0x1b0 [ 40.655376] ? selinux_netlbl_socket_connect+0x76/0x1b0 [ 40.660720] ? selinux_socket_connect+0x311/0x730 [ 40.665539] ? lock_downgrade+0x980/0x980 [ 40.669664] ? selinux_socket_setsockopt+0x80/0x80 [ 40.674569] ? lock_release+0xa40/0xa40 [ 40.678519] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 40.685147] ? __check_object_size+0x8b/0x530 [ 40.689626] ? __might_sleep+0x95/0x190 [ 40.693591] ? security_socket_connect+0x89/0xb0 [ 40.698328] SYSC_connect+0x213/0x4a0 [ 40.702105] ? SYSC_bind+0x410/0x410 [ 40.705797] ? vma_is_stack_for_current+0xa0/0xa0 [ 40.710618] ? fput+0xd2/0x140 [ 40.713799] ? trace_hardirqs_off+0xd/0x10 [ 40.718016] ? exit_to_usermode_loop+0x198/0x2f0 [ 40.722748] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 40.728266] SyS_connect+0x24/0x30 [ 40.731780] ? SyS_accept+0x30/0x30 [ 40.735381] do_fast_syscall_32+0x3ec/0xf9f [ 40.739683] ? do_int80_syscall_32+0x9c0/0x9c0 [ 40.744238] ? finish_task_switch+0x5af/0x890 [ 40.748710] ? syscall_return_slowpath+0x2ac/0x550 [ 40.753613] ? prepare_exit_to_usermode+0x350/0x350 [ 40.758609] ? sysret32_from_system_call+0x5/0x3c [ 40.763431] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.768254] entry_SYSENTER_compat+0x70/0x7f [ 40.772636] RIP: 0023:0xf7f70c79 [ 40.775973] RSP: 002b:00000000f776c09c EFLAGS: 00000286 ORIG_RAX: 000000000000016a [ 40.783657] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000020e71000 [ 40.790902] RDX: 0000000000000032 RSI: 0000000000000000 RDI: 0000000000000000 [ 40.798145] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 40.805387] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 40.812631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 40.820360] Dumping ftrace buffer: [ 40.823876] (ftrace buffer empty) [ 40.827558] Kernel Offset: disabled [ 40.831160] Rebooting in 86400 seconds..