[....] Starting enhanced syslogd: rsyslogd[ 12.087829] audit: type=1400 audit(1517128605.357:5): avc: denied { syslog } for pid=3528 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.285958] audit: type=1400 audit(1517128610.555:6): avc: denied { map } for pid=3666 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.36' (ECDSA) to the list of known hosts. 2018/01/28 08:36:56 fuzzer started [ 23.593394] audit: type=1400 audit(1517128616.863:7): avc: denied { map } for pid=3677 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/28 08:36:57 dialing manager at 10.128.0.26:42189 [ 27.128470] can: request_module (can-proto-0) failed. [ 27.137773] can: request_module (can-proto-0) failed. 2018/01/28 08:37:00 kcov=true, comps=true [ 27.708649] audit: type=1400 audit(1517128620.978:8): avc: denied { map } for pid=3677 comm="syz-fuzzer" path="/sys/kernel/debug/kcov" dev="debugfs" ino=9099 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/01/28 08:37:03 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000740000)={0x2, 0x78, 0x47, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x8000000) unshare(0xc000000) 2018/01/28 08:37:03 executing program 7: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000-0x20)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) r1 = dup2(r0, r0) futimesat(0xffffffffffffffff, &(0x7f0000002000-0x8)='./file0\x00', &(0x7f0000012000-0x20)={{0x0, 0x0}, {0x77359400, 0x0}}) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000013000-0x10)={&(0x7f00000d4000/0x5000)=nil, 0x5000}) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f0000004000)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/28 08:37:03 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setitimer(0x0, &(0x7f000047b000-0x20)={{0x77359400, 0x0}, {0x0, 0x0}}, &(0x7f00004dc000-0x20)={{0x0, 0x0}, {0x0, 0x0}}) 2018/01/28 08:37:03 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000002f000-0x78)={0x1, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000029000/0x3000)=nil, 0x3000, 0x0, 0x51, r0, 0x0) remap_file_pages(&(0x7f0000029000/0x2000)=nil, 0x2000, 0x0, 0x4, 0x0) 2018/01/28 08:37:03 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000003000-0xb)='/dev/vcsa#\x00', 0x2, 0x1) write(r0, &(0x7f0000fe4000-0xfa3)="a74f9540ff07520c5a9ec05a2c8013d53fd7c66b678f11032ee52509e872ff8ea5b03f8cd09139bf9f3a73cfd3d2c4f69f7a298b7bdb6026717234d0d056b4058205d5911c487b9fcc3b5a024073766a6fe08393a51cdba75c4823eb0651bb901c18cc6c21e1bc3dc43b98b89ee8a89e24545fcc16262c4c84f140a8affde6fb84fddee1256d7d2c6b086d1617235500326816243113750afdc7f882e8de3d063bda0ceb265b49ac2a0672a3e9eb7766593f8d22e584b37fdfa5fb3a10391c2ec2a4c76bdcf8c5b0fd558705dff9e650a23c624979e7a811640e216cf6b7732c6d223843ddfe30446e9dd5a35d272934ed268af9e3d6b57ab97f9b29a70df83c32a8814895411e6512b6a8be7c2fa70c1a5cd2279bc6896ffbbe9f462d4510e691f5fd094d7213d649edbda81dbb869f39c41f788f36271c2cf6b4be00631eaef54f244c45378b0baba2c04cc390f161acaf5a90a9d06394369dbf27e333141cf3d31927d6fd0c29f2389b2135cf07f06184564b83a136b41f04b88888a3c71f702f4010f6ca20928e4a752e5ab216eb183682c9b803e3eb481cea86d4a9af14efdf6b5a6d5e7701f29bd87ddcf0aa1ae3c661b5ae8a701e4bbfe3b9ca71fd5ff86f388b77345b1d61ba9961deafdd69891398559decb58c0aa8cb5b088681cad47bbe22ccb2c89b95a56822cee3cbedb551a3fbf0bcc76524aeaac8997fb09bcbe1c354492c7df4fc8009fe10246192894c91364c93c587000000000000000177637a6ce93b1f09e7f2649bca711bbc96b851c1bd7188231d8a05f3b1c05772c3f306187832940ed17798b19a8318d96eda700f4e3ec9d7e6edd56e50090b99b141f05a98fbddbe32f6f7eba7f70854f4b93f80b6e7013b0e18428494345dada1a11026ddbc61d5ee93d38b5b4d99669a99bbbcec57f09104c21a46840eb798f1eec89e1133a2af27a21f2af94a141ff5737211764906d44a1686dece9780c633af3383966bc7355ae37881a2731022b4573b4eb2a381e00ea262495fc4aa616767f5bec31a19209577bfe37f5d87b333eb9ff03641bcc5628e2750010cea07c8c23cca563968f16b975194b310e50adb5903a9d8fcab5d9af8ba1a372d52233651b76d2e1143c3ddc387c1d66ad4f563d9adf354914c8418085e5b523e9d0001cffb2fbfeeb6f6c0f22e631adaf444984eedeaee2dad4d8d6ca03fbf93c04a81f02306506ca4db8d8eab529df81526f583698b20226bd87cd23d2531b8de9a49f2c38cf3cabd4b29cbc05f3f1ad49671c019a05c04d88ecca252d4ee7afc8fb6bee501f378629c34c50fddd7767064484c7e726e75c7d84de6ca035e0e6707f30e9a480f8371f80de537bbadd688e24b89fbb624cc1fe739126b002469938051f5683218d335102a84d0bcfb75b0c398e930adc1a606613d7ffe938d2f7277939f450d4eae43af613b0c0340ab26cece2a77eb55c758b3b14e511c05b070dd7913e57ade34190d17345999c91597dc36cfa65559e39e4d6ba91e90485734a97022fc7aa51d2de22a802b2d3f1e2b53d982caebec8753dba46bbac7e2cb76c0255ca236166c22a9ce966ab16420254a9713266f9916f4e05d6f6c2fd6ef1e8d8a6ff052c7402c52cae16d08964d7575529bb480fe7beddad52ebf7220978c978a78d891d3f112aa056554ec5707536b6a27ce3340bd4f498909335fe6e20f21a638a6176d4b33facf45d272fb66635cc1338f513011be80104f6acbf00a8329835cafd97386a20d7a0d9ec74ebed02d190db1558909643ad344ca55cbb30ea2b1618842e164562d045caaf8dea14e68ea06b0bc5654828ec5e719db9bc1725a7d01ad0d561cfcb2972ad0f39016d22534b461971d601428af797db95e7477fe432c8e6970730433c52a8c9dedd00b6895101232bc62e3907151d12c392925f415164d21255479bf72f6ff6ed8c7d5521929067b33c2c9bca189b0a2deb7435c9b4e805581dcd9d1a3e5314399abe58166376345e414c5445b293dc04634d654454dcb736fb571aecd0491d94d15db25e57862c7bf813f9f16a6a4137f1852d55c8d2d1ea0e598ddd7345cd057fc0805a410c4c739d923b0cd0c6a032ad900ad4e84c0821ced5ce84cd1afa9e6c4a1f5e99dfc0cdd4c146eb0cce18d414b4d86ecff0fa5cdeca598ffe221a2cb3b1857ee30d3f6b7a83ca313cf60080645a94277844fbf40c84d9074fda2c7b223a4bde379b8d2da750336c5032af55d2496241a9de77a6a53703ead8036792e0f370fe774d9500f76d541b3c3be1acc60479f07db1e61e0001244cb7e5511d860f8f31f8c01a2e97d082b0ec413051e49a54e65ffa3e4af4dd0e0f0fb227ab775937a2c42a4da381f2a457ac175799bcd5556a462b2096211f7efc487567cde7287afd71039b7fbc290161987cb74a5c3d5018188af7933e12a0d3681570933a562e9e883fcc63495c5f54c446433c07689937595628b07662cee923a1500519f4f52490205befd0ac832160b43cf40725b2c6dc22ed0fdf0f619d404b9399494b6b7aebb334f621d352ea233420884db5cbf8f94474142eaa30ce8e5415b6f6aa16a7606d67fd0fe485ddfdec992d2364c281993522b587c837e4363ca79b32d52b032ccf27083cf8d438378d5012d3db1e9706fb6bab465a3da9e5ebb9cbb1bc832a5b79775b6628ed72ce45af1d34aba76f5cc9a58bfe5309f55deb7a41bf16eda03c796c144c475805a6eb481ee2e74d6a6baab144d3c53ef6f075f624aa736ea66b6956e6c46a1684195b38fa604669dc624325e0c7582030c18f6a43c7a16ef2a8704e23cfd9ecc97e72335c07702fd3868d87da30e6668db7e87fddea5f8f0cad8da479fcdaa8817cffb5b3527f494a0147674746fb89536a8e590e41c9841a4d089ee513d8f0cbf79173951e66a1244dbd9d434fbfa0d63ff049a058de101cf545b811a669b701952e96c356f17f0ee3689f26c2ce6942e8f87af57732b36c5169f30776ceb344a25f00bc401b43fb04172bf5c28688d26a41aa13c45949f1a44666e63f109b6a9fe67c2e1645e40b6f577d73e03f202d5ceac0c1477089eefad9e74cec31cf5a280d314c8b1168977ea410114b402220091e7e390263e5b4b800abb8a227e07b22d212bc392463dc58518756e7e8a6de797a78cf09ef7862ac7c71bdc14a090c71f1e14ede1c97beece6cb32f0cde8fc7b961daab53f12e3fdc42109dcd53e12a50f823cb33fc9c537de23d5997bc6e0f6e4bd9cdbdd6cba5d9cc72370485d11d011d8a54b91e19ca5349bdd07b4bc68d17824bdeb3d0529541a10e69f9f14751c732c4118f20569632df63e747552dab2e533a0c84c260f2f4f586fc355ffda0725ec822b2a099f8f4e69d206e86bf38035e85a07bb862fae491d4dd91560bc069ad9f7d990524336185a95907fdf19bea5ad62c83cfd4478c7447d68661d2e09e617e4261a0223142d9f7f151425f586cfa86421a6249556a5ac4d1a2f8869ad6921421410fafcb023abf212dfc1d666dc9dc478cc4ecf45dfaced8fc56b65141887bd6aa14ed52c42087000cb4f66f7fc339065bbbcd42848fb078a58c39fd7c3b4f091f2a98e8ebf08f4df1bcc3e889b342ca011e6253e8eb4e83fbfffe04c2fef2dd345a9df0d738d8e7b90791ea13a659056aa949a1ce3685bb6e48e2adb14d42c2e1b108ba6ebf441ccf62ccc5d9c4116a0980eb2f71797f3091cf6dfca689896100196375686869f6b4ca95a6850243e5baf4456982e237daaf7b4638503caf6b0a8efd3dd4b8c5d0d79fba0bc504b32c5e9ad4788fe3a010f477174484568f464473be0ad07fe174bd1b8f61684eb8f26e976538d0725064dc868c854978be87f659128ac72ab7ed392f1e2ab477cf5ab6e029f332709eb02ae3a51bcd30ab41a5cc7be26b3438d2cbff2b85fd4d9cf2df48049af139ee4b1d01567642948ceb1de433b78486a4657bc78dcae560cb75477b7518f3a67ab2ccf96ef009b576d4113ee3e86b5e5acc0e68e695ac4eee91d5ba8465b7f214ed884acfb10828933bcfe697170d82659299fe109c0e8bf896b40ff1e4fd7f5c1270b08c1cbdfc8f4466a6d36911aed316ed00dedb4880574638cbbe3d41da9f6d7b86e897c40f57fd03d4bf98b33fb3b32576095eba9c1b633b5d243fdfe222bfc11ff1813d8915424db4300658f2cbe76521234697be621308a565b200577b16d3bbbb01c031706b92088f5a1f6d92bfeb9cbe90e3ce193a405854f61b9c07494345f088d853f5685fda148b79dbc9a5ae1b7f9075a35c2e1079130756b30bbf339edfcae77c90fe9301794673e92b408d7c5ac371c9d6a64d66399d124957475e0162635dfa810c85f6477753b2c7a8aee95fdcbae6fc0299fe3341e31e375623c5ba281d272598a5c20c49853ff320a17eb94e75422feef69c291ca7befa0b1ed2fc8cd75e9418c04df8ddd58ccd4ece339915cf00c79063c9f9bc546032ce16eb05a1d93a5d8ba1d5bb96751ac259750c71fb3d1d15c2a64c768dce39fb21fb0823baabfd5ffc15441792fe24fff2218de4ca464ef41fc339e3a180d8235cb6d21dc9d02020632d6c1ace1a694d30e16862410403162b60d772113d5748423a32d40fcd933a24c83e9628afe16cdee8fe50b58c8b8053023353a36f19ebbe1dc55f04e605e9a1a1ce84e4873828c8dbc3004818a06efe95f83a4ab9c44d07c61a02a33c2f51cc0060f101c7ca3690777c2b17db2c5437edafea79e8f263f28c53052c0c6628a2cf14e09e761c0c03564e4bb875ba1a04e1aa5cfe83738a1022f8f5fce3012d4cd32a54ada24c2375d3ac9de1eca2d4dc943666eb84503e99473c24a3ca46d5d8cf46b2651bae2d4136fd81b1f0c7cb3345253a73888a084aa345be7924d058e4a83d64830f34cb94200ca43245a493130c062814115b366fa3aea9a2c7d6935bc596a2f55053ef105d94ae664a2767582eeca95ca9bad7c8b6caff26505c0019001f702551f00b6eb843908face8f77681ec7e750ad1a12dfdd9808d3fa1cece08333aab963a0050df400cf7c34918f2460781843b024efb8497c4c079890c0006245359b84b8338a385aae672556a922554570c9dce137ad66804046bd094b412013a6354b297110d0ce47ad06994391ce31c365281db40a13619333406b8ad065bf0d0e7aeb4188d7cbc66c5b9a87bb30dc767f6f9938176350ffadc6eaf59d2dbaeba9e4cf8ed82a619de89c7486ed60288959f53055006f0259ed9156071f5526fbfb27cabaac95d9433bb53bf4f80d1590c410a40ea671c987b90dabc546104e4fea1deaa04a23cc479a38e67f625be53f755822205fc633587a1a8b2082dea821f776b134dd527c53d43661ea66676ad3f5f4c120776dbfd3b8d0be50cba987f7c990ac3c2bae2a4c6dc34c09108ebd5bb83ba96b723fd0adc18e3ad465f60d59bee89323064e6d8c9c390b56dd7783690b0008ebe6a7895777aac7932d1bb7c07ee09adfc78261d908fec2497e865a5a97c4070b4d76d10cb80ba0a3608a0c7a36e7a4ab703a17e32d4a2054da640a5aa9535b67a328f20f8961785a8dba40e8f312c8a0bfea24deb2631a59c08bc5496ac013e854187d32545b2691882b6a1feb1ac", 0xfa3) 2018/01/28 08:37:03 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000fbf000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f0000804000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8b000-0x8)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f00006fd000-0x10)=[]) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000009000-0x8)=0x3f) execve(&(0x7f00003f0000-0x8)='./file0\x00', &(0x7f0000a7c000-0x8)=[], &(0x7f0000c6e000)=[]) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) open(&(0x7f00000ed000)='./file0\x00', 0x401, 0x0) 2018/01/28 08:37:03 executing program 5: unshare(0x400) 2018/01/28 08:37:03 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000008000-0xd)='net/mcfilter\x00') preadv(r0, &(0x7f00009d6000-0x10)=[{&(0x7f0000882000)=""/96, 0x60}], 0x1, 0x53) [ 29.927186] audit: type=1400 audit(1517128623.196:9): avc: denied { map } for pid=3677 comm="syz-fuzzer" path="/root/syzkaller-shm184607945" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.975074] audit: type=1400 audit(1517128623.244:10): avc: denied { sys_admin } for pid=3722 comm="syz-executor7" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.188073] IPVS: ftp: loaded support on port[0] = 21 [ 30.269773] audit: type=1400 audit(1517128623.538:11): avc: denied { net_admin } for pid=3725 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.384758] IPVS: ftp: loaded support on port[0] = 21 [ 30.574211] IPVS: ftp: loaded support on port[0] = 21 [ 30.578783] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 30.752674] IPVS: ftp: loaded support on port[0] = 21 [ 30.900586] IPVS: ftp: loaded support on port[0] = 21 [ 31.035724] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 31.046166] IPVS: ftp: loaded support on port[0] = 21 [ 31.220839] IPVS: ftp: loaded support on port[0] = 21 [ 31.387148] IPVS: ftp: loaded support on port[0] = 21 [ 31.759366] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.182719] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.507989] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.515653] audit: type=1400 audit(1517128625.785:12): avc: denied { sys_chroot } for pid=3725 comm="syz-executor7" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 32.611613] FAULT_FLAG_ALLOW_RETRY missing 30 [ 32.611645] FAULT_FLAG_ALLOW_RETRY missing 30 [ 32.611668] CPU: 0 PID: 4238 Comm: syz-executor7 Not tainted 4.15.0-rc9+ #283 [ 32.611679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.611681] Call Trace: [ 32.611696] dump_stack+0x194/0x257 [ 32.611709] ? arch_local_irq_restore+0x53/0x53 [ 32.611719] ? __update_load_avg_se.isra.27+0x56a/0x7c0 [ 32.611729] ? handle_userfault+0x12b7/0x24c0 [ 32.611744] handle_userfault+0x12fa/0x24c0 [ 32.611751] ? handle_userfault+0x150b/0x24c0 [ 32.611778] ? userfaultfd_ioctl+0x4520/0x4520 [ 32.611788] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 32.611799] ? __lock_is_held+0xb6/0x140 [ 32.611823] ? print_irqtrace_events+0x270/0x270 [ 32.611835] ? print_irqtrace_events+0x270/0x270 [ 32.611852] ? __lock_acquire+0x664/0x3e00 [ 32.611882] ? __lock_acquire+0x664/0x3e00 [ 32.611891] ? check_noncircular+0x20/0x20 [ 32.611898] ? __lock_acquire+0x664/0x3e00 [ 32.611927] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 32.611938] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 32.611943] ? rb_next+0x140/0x140 [ 32.611958] ? find_held_lock+0x35/0x1d0 [ 32.611979] ? __handle_mm_fault+0x3296/0x3ce0 [ 32.611989] ? lock_downgrade+0x980/0x980 [ 32.612007] ? lock_release+0xa40/0xa40 [ 32.612025] ? do_raw_spin_trylock+0x190/0x190 [ 32.612034] ? userfaultfd_ctx_put+0x740/0x740 [ 32.612062] __handle_mm_fault+0x32a3/0x3ce0 [ 32.612081] ? __pmd_alloc+0x4e0/0x4e0 [ 32.612089] ? check_noncircular+0x20/0x20 [ 32.612099] ? get_user_pages_fast+0x277/0x340 [ 32.612115] ? find_held_lock+0x35/0x1d0 [ 32.612138] ? handle_mm_fault+0x248/0x8d0 [ 32.612150] ? lock_downgrade+0x980/0x980 [ 32.612199] handle_mm_fault+0x334/0x8d0 [ 32.612208] ? down_read+0x96/0x150 [ 32.612220] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 32.612229] ? vmacache_find+0x5f/0x280 [ 32.612245] ? find_vma+0x30/0x150 [ 32.612260] __do_page_fault+0x5c9/0xc90 [ 32.612268] ? finish_task_switch+0x1d3/0x740 [ 32.612287] ? mm_fault_error+0x2c0/0x2c0 [ 32.612313] do_page_fault+0xee/0x720 [ 32.612326] ? __do_page_fault+0xc90/0xc90 [ 32.612342] ? find_held_lock+0x35/0x1d0 [ 32.612362] ? __might_fault+0x110/0x1d0 [ 32.612378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.612399] page_fault+0x2c/0x60 [ 32.612408] RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 [ 32.612412] RSP: 0018:ffff8801ce4af530 EFLAGS: 00010202 [ 32.612419] RAX: ffffed0039c95f56 RBX: 0000000020012ff0 RCX: 0000000000000002 [ 32.612424] RDX: 0000000000000000 RSI: 0000000020012ff0 RDI: ffff8801ce4afaa0 [ 32.612428] RBP: ffff8801ce4af560 R08: ffffed0039c95f56 R09: ffffed0039c95f56 [ 32.612433] R10: 0000000000000002 R11: ffffed0039c95f55 R12: 0000000000000010 [ 32.612437] R13: ffff8801ce4afaa0 R14: 00007ffffffff000 R15: 0000000020013000 [ 32.612472] ? _copy_from_user+0xc5/0x110 [ 32.612486] userfaultfd_ioctl+0xf1b/0x4520 [ 32.612500] ? rcu_note_context_switch+0x710/0x710 [ 32.612507] ? futex_wait_setup+0x14a/0x3d0 [ 32.612526] ? __might_sleep+0x95/0x190 [ 32.612539] ? userfaultfd_read+0x220/0x220 [ 32.612546] ? futex_wait_queue_me+0x527/0x7e0 [ 32.612559] ? refill_pi_state_cache.part.5+0x2f0/0x2f0 [ 32.612576] ? print_irqtrace_events+0x270/0x270 [ 32.612589] ? get_futex_value_locked+0xc3/0xf0 [ 32.612603] ? futex_wait_setup+0x22e/0x3d0 [ 32.612626] ? futex_wake+0x680/0x680 [ 32.612643] ? __lock_acquire+0x664/0x3e00 [ 32.612650] ? switched_to_fair+0xb0/0xb0 [ 32.612659] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 32.612669] ? futex_wait+0x6a9/0x9a0 [ 32.612694] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 32.612703] ? find_held_lock+0x35/0x1d0 [ 32.612723] ? finish_task_switch+0x1d3/0x740 [ 32.612734] ? lock_downgrade+0x980/0x980 [ 32.612745] ? load_balance+0x34c0/0x34c0 [ 32.612758] ? lock_release+0xa40/0xa40 [ 32.612766] ? compat_start_thread+0x80/0x80 [ 32.612795] ? trace_hardirqs_on+0xd/0x10 [ 32.612805] ? check_noncircular+0x20/0x20 [ 32.612817] ? do_futex+0x86f/0x22a0 [ 32.612827] ? copy_overflow+0x20/0x20 [ 32.612860] ? find_held_lock+0x35/0x1d0 [ 32.612881] ? __fget+0x333/0x570 [ 32.612891] ? lock_downgrade+0x980/0x980 [ 32.612897] ? find_held_lock+0x35/0x1d0 [ 32.612911] ? lock_release+0xa40/0xa40 [ 32.612924] ? __lock_is_held+0xb6/0x140 [ 32.612952] ? __fget+0x35c/0x570 [ 32.612973] ? iterate_fd+0x3f0/0x3f0 [ 32.612983] ? up_read+0x1a/0x40 [ 32.612992] ? __do_page_fault+0x3d6/0xc90 [ 32.613013] ? userfaultfd_read+0x220/0x220 [ 32.613021] do_vfs_ioctl+0x1b1/0x1520 [ 32.613027] ? do_vfs_ioctl+0x1b1/0x1520 [ 32.613044] ? ioctl_preallocate+0x2b0/0x2b0 [ 32.613059] ? selinux_capable+0x40/0x40 [ 32.613075] ? SyS_futex+0x269/0x390 [ 32.613103] ? security_file_ioctl+0x89/0xb0 [ 32.613117] SyS_ioctl+0x8f/0xc0 [ 32.613134] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 32.613139] RIP: 0033:0x453299 [ 32.613143] RSP: 002b:00007f3f1d21dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 32.613151] RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000453299 [ 32.613156] RDX: 0000000020012ff0 RSI: 000000008010aa01 RDI: 0000000000000013 [ 32.613160] RBP: 00000000000003d6 R08: 0000000000000000 R09: 0000000000000000 [ 32.613164] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4cb0 [ 32.613168] R13: 00000000ffffffff R14: 00007f3f1d21e6d4 R15: 0000000000000008 [ 32.705072] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 32.891532] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 2018/01/28 08:37:07 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) write(r0, &(0x7f0000804000-0x81)="260000005e000905000000f839e3000000f40f000100000aeff069b1bbffffffffe9ff6e44ea", 0x26) [ 33.037495] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 34.488350] CPU: 1 PID: 4232 Comm: syz-executor7 Not tainted 4.15.0-rc9+ #283 [ 34.488356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 2018/01/28 08:37:07 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = mq_open(&(0x7f0000112000)='eth0\x00', 0x42, 0x0, &(0x7f000061f000)={0x0, 0x7, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}) mq_timedsend(r0, &(0x7f00000e6000)="", 0x0, 0x0, &(0x7f0000e0b000)={0x0, 0x0}) 2018/01/28 08:37:07 executing program 2: pipe2(&(0x7f00008ae000)={0x0, 0x0}, 0x7ffff) [ 34.488362] Call Trace: 2018/01/28 08:37:07 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f0000139000)="", 0x0, 0x200007ff, &(0x7f0000fe9000)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f00006fd000)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x51, &(0x7f0000e66000)={0x2, 0xffffffffffffffff, @rand_addr=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) writev(r0, &(0x7f0000c82000-0x40)=[{&(0x7f0000b78000)="7cd0", 0x2}], 0x1) sendto$inet(r0, &(0x7f0000f5e000)='B', 0x1, 0x0, &(0x7f0000686000)={0x2, 0xffffffffffffffff, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/28 08:37:07 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) listen(r0, 0x20000003) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) accept4(r0, &(0x7f00004d4000)=@nl=@proc={0x0, 0x0, 0xffffffffffffffff, 0x0}, &(0x7f0000048000-0x4)=0xc, 0x0) [ 34.488375] dump_stack+0x194/0x257 [ 34.488387] ? arch_local_irq_restore+0x53/0x53 [ 34.488402] ? handle_userfault+0x12b7/0x24c0 [ 34.488415] handle_userfault+0x12fa/0x24c0 [ 34.488422] ? handle_userfault+0x150b/0x24c0 2018/01/28 08:37:07 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f00007ed000-0x10)={&(0x7f00001fa000-0x8)='./file0\x00', 0x0, 0x18}, 0x10) 2018/01/28 08:37:07 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x20000000000000a, 0x2, 0x0) connect$inet6(r0, &(0x7f000022e000-0x1c)={0xa, 0xffffffffffffffff, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xbb}, 0xfffffffe}, 0x1c) 2018/01/28 08:37:08 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00005c4000-0x10)={0x0, 0x1c, &(0x7f000051a000-0x58)=[@in6={0xa, 0xffffffffffffffff, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x5}]}, &(0x7f0000f92000-0x4)=0x10) bpf$PROG_LOAD(0x5, &(0x7f00001a3000)={0x1, 0x5, &(0x7f000051a000-0x58)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, [@alu={0x1, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0}], {0x95, 0x0, 0x0, 0x0}}, &(0x7f000073f000-0xa)="73597a6b61ce2900000d", 0x8000, 0x1000, &(0x7f0000b6d000)=""/4096, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x48) [ 34.488449] ? userfaultfd_ioctl+0x4520/0x4520 [ 34.488458] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.488468] ? print_irqtrace_events+0x270/0x270 [ 34.488484] ? put_prev_task_fair+0x80/0x80 [ 34.488497] ? print_irqtrace_events+0x270/0x270 [ 34.488508] ? print_irqtrace_events+0x270/0x270 [ 34.488518] ? print_irqtrace_events+0x270/0x270 [ 34.488537] ? __lock_acquire+0x664/0x3e00 [ 34.488545] ? check_noncircular+0x20/0x20 [ 34.488564] ? __lock_acquire+0x664/0x3e00 [ 34.488573] ? check_noncircular+0x20/0x20 [ 34.488579] ? __lock_acquire+0x664/0x3e00 [ 34.488591] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.488601] ? do_raw_spin_trylock+0x190/0x190 [ 34.488621] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.488632] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.488647] ? find_held_lock+0x35/0x1d0 [ 34.488668] ? __handle_mm_fault+0x3296/0x3ce0 [ 34.488678] ? lock_downgrade+0x980/0x980 [ 34.488692] ? lock_release+0xa40/0xa40 [ 34.488710] ? do_raw_spin_trylock+0x190/0x190 [ 34.488718] ? userfaultfd_ctx_put+0x740/0x740 [ 34.488743] __handle_mm_fault+0x32a3/0x3ce0 [ 34.488761] ? __pmd_alloc+0x4e0/0x4e0 [ 34.488781] ? find_held_lock+0x35/0x1d0 [ 34.488802] ? handle_mm_fault+0x248/0x8d0 [ 34.488812] ? lock_downgrade+0x980/0x980 [ 34.488863] handle_mm_fault+0x334/0x8d0 [ 34.488871] ? down_read+0x96/0x150 [ 34.488881] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 34.488890] ? vmacache_find+0x5f/0x280 [ 34.488905] ? find_vma+0x30/0x150 [ 34.488921] __do_page_fault+0x5c9/0xc90 [ 34.488942] ? mm_fault_error+0x2c0/0x2c0 [ 34.488954] ? lock_release+0xa40/0xa40 [ 34.488972] do_page_fault+0xee/0x720 [ 34.488984] ? __do_page_fault+0xc90/0xc90 [ 34.489004] ? find_held_lock+0x35/0x1d0 [ 34.489024] ? __might_fault+0x110/0x1d0 [ 34.489041] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.489062] page_fault+0x2c/0x60 [ 34.489071] RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 [ 34.489075] RSP: 0018:ffff8801cc8e7e10 EFLAGS: 00010202 [ 34.489083] RAX: ffffed003991cfd6 RBX: 0000000020011fe0 RCX: 0000000000000004 [ 34.489088] RDX: 0000000000000000 RSI: 0000000020011fe0 RDI: ffff8801cc8e7e90 [ 34.489092] RBP: ffff8801cc8e7e40 R08: ffffed003991cfd6 R09: ffffed003991cfd6 [ 34.489097] R10: 0000000000000004 R11: ffffed003991cfd5 R12: 0000000000000020 [ 34.489101] R13: ffff8801cc8e7e90 R14: 00007ffffffff000 R15: 0000000020012000 [ 34.489136] ? _copy_from_user+0xc5/0x110 [ 34.489150] SyS_futimesat+0xa1/0x390 [ 34.489163] ? SyS_utimensat+0x1a0/0x1a0 [ 34.489171] ? prepare_exit_to_usermode+0x340/0x340 [ 34.489182] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 34.489194] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 34.489205] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.489224] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 34.489229] RIP: 0033:0x453299 [ 34.489233] RSP: 002b:00007f3f1d23ec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000105 [ 34.489240] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 [ 34.489245] RDX: 0000000020011fe0 RSI: 0000000020001ff8 RDI: ffffffffffffffff [ 34.489248] RBP: 000000000000006c R08: 0000000000000000 R09: 0000000000000000 [ 34.489253] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006efac0 [ 34.489257] R13: 00000000ffffffff R14: 00007f3f1d23f6d4 R15: 0000000000000000 [ 34.489264] ? entry_SYSCALL_64_fastpath+0x29/0xa0 [ 34.529242] mmap: syz-executor2 (4661) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. [ 34.582171] audit: type=1400 audit(1517128627.851:13): avc: denied { dac_override } for pid=4670 comm="syz-executor7" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 34.624987] audit: type=1400 audit(1517128627.894:14): avc: denied { name_bind } for pid=4684 comm="syz-executor7" src=20028 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 34.625009] audit: type=1400 audit(1517128627.894:15): avc: denied { node_bind } for pid=4684 comm="syz-executor7" saddr=::1 src=20028 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 34.629300] audit: type=1400 audit(1517128627.898:16): avc: denied { name_connect } for pid=4684 comm="syz-executor7" dest=20028 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 2018/01/28 08:37:08 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000232000)='net/ip6_mr_cache\x00') 2018/01/28 08:37:08 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000044a000-0x30)={0x5c, 0x0, &(0x7f00004f2000-0x6c)=[@release={0x40046306, 0x4}, @reply_sg={0x40486312, {{0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x50, 0x28, &(0x7f0000799000-0x50)=[@ptr={0x70742a85, 0x0, &(0x7f00006ed000-0x1)=0x0, 0x1, 0x4, 0x39}, @ptr={0x70742a85, 0x1, &(0x7f0000924000)=0x0, 0x1, 0x0, 0x17}], &(0x7f0000dc2000-0x28)=[0x78, 0x0, 0x18, 0x30, 0x0]}, 0x1}}, @acquire={0x40046305, 0x0}], 0xaf8, 0x0, &(0x7f0000901000)="056a6c39ae30a0b39203be4d99c5def690689c8f4948f62eb138ef13c85855880a65755994cc9ec2e8a4ca01a66255c26f1dc2bc827720fc2842c0d03e1ea85af94dac643b27c6ada6393b734f18f3d2adf6e4908dfa6b17431df3c03987dca304f249310329946c5881e9e54ab35173edcd7d4b70fccfbd8adeb816863e3135ac80f487b1ff9de2a189ded5056d8c30aced8f8776ac6e89a58c46e010a978ea0e5cbf8b823be3d55b1a5bb9e9e31cf3b327b032f94f79ec25c07e5f201650ff60fc82748460e7d7ef2bf03b055722101fef788f3cf8caffb70e6772fe3f3d04561198cde2349d1a485f7dc55a66bad77858f1bd0d6a6bd3485f1ebbba3f32099edc58a5574c8778c3d49589c2bdacedb1c5c3417ab2faf9e92cbad1ee7ac8d9d188f3a63dd840cea1601c4e4c07b460401a64bd2a2df3b116259d56753f6f250ba8cb6a42c64d54ec1f05d37e9aeaa91438560f1a4c2681ae640725569fb60785313768a624697789451aca914d4fec4112d74cd69a1c5354b57b4e1ae0b607eedc6e8db9acaf1d97c5a4fce46da69e5f57f7512d6b23e96316c250a77c55d848ade16555389e4d48a365ded1ed10bd42478635eb4f17e7f3b1e448581760127000397cbdaf9b5eb3c0409e2087c2a6b62444bc82eefd4ed3b1284d4cf823805430701273c152f2f615374682a1d285cd93375031f00cc67b53241321c6a2bcf7d148648776f3fab76f6202ec09bc27f23ffc80cbced6b3b23a5947df5a68fdad1be7ea1fd019bad91013d7de3ed3616e1b793b9b42ff37b74668f8b8758758655dd758186d6c525415609481dc340cd022244e98ca7bd99bab4dda2bf14eef1480720440ba00b9856db1a1ea3595477021c181b19c521bb07958e223e7d55951b66c6c18755d05f71eb722b16fa32525b098f005daa8d8605795e21b8dc8a0eb0cbb3378f318c9239e8912699a4f03ce2d3d6f5fc14fe16a3c649e65ad9115b08b798a5f80bc7069dc972efcaa8b4edfed4baa798c6c263d6cd6c7dd51bd6f27aaabf6bb1fd09ed7b2872ebbd828d06de3b8e6bee14bf77f3cf648f0fa8be0e28c1eb98c14c668e0d70c0df73dba55e4a70342b3016218bb35ce83183d091d2475b481e0b2a5c5dea2765f9e026b87ec25ab23e2ead0d0c9408212161b42297306e85c6f385c4796340cc25f734c00b0561be4c38340b4b273d01ad3b3e6d3e829c77b9a1f433fad31351098d8deffb4d8c2ecb63ab3e9e5403f9f1bb30e66cf63c8ff59f26af37cccc7a5e9d7471674b57496990c26742a95752c612095aecef11adab6532e94f7662b147c0537dcd9421bd5809f75c72d2ac3e0b120a2d4350696e493c938d9268507f6ebb59ad22888d84f257cd31026e42bb10fb3b27a2a4d7b055629aa04ebe168bb3484ef1dc61ffcd962df0933b59a032eab10b1717d4f490d1e5d2f939be41bc73600b8cd2769c20a09a4fcb91ac4206525584f2a561d24c0f14f5f16d8fbd4ee0bdae4bf416931376fde00797706efc257c282c0b85d371ee535dcc6e5008705b3e9a010bcaa57194c7bfed89bbb482d89012f44d1f9bba25ab67df7241575bd248fdbd913e5aa924971d2f57a0779156a00d68b1b9cc2e1bdcff48cf9f9171ddeef147c81499e63425829213ae4c47f1a7130ac734b0e8c04055f7b898b29f609962c65d1f23fb2a5322dca4045405705cbf54b5c4b465b8f8058fa35dfcbad15466712f6f6874780e6e4e8527f672addc00feb8994f4f1c48281cb2fdd06dc21b2d8d82ac33e81dffe010a5c81c48348fc25db29815375cd7aa82dd23fac6dc9fa14809ebbbea8ce6e3e9ad000838075c7156859a0f3218ac6146596b1f31d10b1a62f18a1c79e4d5e759c82afc2b240c8490b6aed60ec57407cd82bff35aa9b8092f0a37043f600302d5c03dc4877003ec9829ddb64e42e12e3dfb0a8c9406b435713ebd43b6ea3bdcf392df2988dfa2dadff4ec7678b45ef37b197f0661817d688c3b0c6c0a5cb8ea0bdcd7c0b2e38211887836aa50d9c9ea0c05647a724f26671e0038f2fd11044ba11ee5aa5fdaaf069158f986edad2e872dafc7555d930e4caa9231f38fc9642693e3a747fe76024ac3676bef6e13aebda61b51924510224d783a1fe2b8efeebf7ac61a40a68fdb660a7ca459df5d40e93f970879540897fd9fe1d4556d3154242d657951f5d8d6bcf4986359f51720748651fd7f66e360f993df132f0189e5ed63b49c16302d0c32bd17d93a61ec8f763607eeb6bf7362fe6102b67c6c2cc617432722f2ee0bb4cf1103fed7e625330c4c8411ea47e78b80cf1ec5fe56d882bccfda4d00def98bb6ead3110952dbd03d3a83502e1a468deecee697ffed7694668aeb887b2beda99964020e8e5a5daa85486be5481be17d932d532da84f1899b773b7b9f75312522ab42dabe318a888e3cde276318ca8d85c97cfb392bb84ba5deece2758ac0d90770e546e600f5cc8acf623751915dd675a02e801422383a640d14467a993ec332d04bceaf8a2f935d6680388b9b13fe291c32990af8432701d9d33eb1df9b0c7ecb354a63a1e6536e3c77b6234335a3f47ec53f0e7d203757f09ae48702d32f45fb23d2e523b59b202a0618509d85b4a99c5694bb14861cca02bfe1426fb4f45c0b0f917edc933d748e46711e9cf7dacfcc90ccfd964cd191ca94c9c59f19468e216692df8170339d9062af97ed1ea03fea864ef9aee38b32a05658f7b4216db2ea57dbc96c5517e61e94aeed314e3e6d8a3ab164dee5d50705576206cc81fde15ccfb096bfb2046d7a27e445dfe0757d359617152dd54758c76ad1bff113f73a85184462c470a7825675dc488da29661ca20ac068ccc836c479cdf437fca7feffd24982522bfd6da24635ced9e8ca53513d4dafd819b744e6f55dbde884504683fabca08e4ca2b9adcd548938a0f7fd628ee5582603729bcac77eb350ba459502bf48435f0b70b11b8a5b409d904f806c89c21fe7321a093cd8bab22b89a3c1550669b32b0e995afc373467783f833cd5a2855e851f1d5804be6db917c2a63aa1853c56b4f085419f7e96cc033d529dfcc129882f81fce0ad8da241399bee1cc11671af51776dbee931e41c3efeb5153c315bea18c38b68b1890c3dccded9a307dc92730c7311599d047760685443a0ad2482f960347ded16b1ef8f234789ce32a67a7ad42ead91a00fc6db3645af2e428ee9842392db610310efd8f07673c2da2eb0991ab6775d8f206f1600297a3b1c52fff1d17ac5a4e16a003d11fc4ae5078ed920c870929b12d96b9f3a815cacde43ae5f6c0306f0986be4ad3546416efbc6ed556772cc1f81fe4c87d92e219fa7fab09a76d2a1b1826fe204e489c36c851964cac2e077f071405164636b6c45947ea709375d8ea6e83022526138f77ff03a48cf6cea46012f701091ec61f1ee2705862428b875f44b4dc716e93631a25039ef7bc379340f911f12ac2984d677d23a5232e7b3441ddae7561b077e4475c6354939b35c9ad45d28aaf60d3a8bd67c049c6bd7c99c3e02e9a0c1620cbd25b706527b00637e56e341ab6e610d5b8866a79605590ce1d7a7059f422d5d10ddc3b03b704985014d5a5dffc2fdd45d4c6675350e777816f7a30540dbde2ff79ff8076c5bed01c19d476fae5e3b29441e4e78f02bfe2cf61f01cff56aa069f4f4fe5299ca96768b3c67f6307d876eac5e11068756122fb990995fe28484712d1161e18d12c6644053f7c83ecbedaeed1499c2c94cd47a355ee5defe39f8b3a1f040411f2555ea172c744cc96af3692669fee5826ec2ef7610c89e33614c3207049d6f48e52fa979918e969e54a728c6ae2c1259d6aded8260d85bc13e35dd462b7e4bed7d31811e40451f4ece4a9abb1a285b83de58d0b49f92bad1b2b8a3752d6bb86b516c6d0b3bac99b5a40eb4aab9e6d08e720d0d541be4858"}) 2018/01/28 08:37:08 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000fbf000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f0000804000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8b000-0x8)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f00006fd000-0x10)=[]) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000009000-0x8)=0x3f) execve(&(0x7f00003f0000-0x8)='./file0\x00', &(0x7f0000a7c000-0x8)=[], &(0x7f0000c6e000)=[]) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) open(&(0x7f00000ed000)='./file0\x00', 0x401, 0x0) 2018/01/28 08:37:08 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000607000-0x10)={0x2, 0xffffffffffffffff, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000e7c000)="", 0x0, 0x0, &(0x7f0000063000)={0x2, 0xffffffffffffffff, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) shutdown(r0, 0x1) 2018/01/28 08:37:08 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000eed000-0x10)={0x0, 0x38, &(0x7f00004a0000-0x94)=[@in6={0xa, 0xffffffffffffffff, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xffffffffffffffff, 0xaa}, 0x9}, @in6={0xa, 0xffffffffffffffff, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}]}, &(0x7f0000384000-0x4)=0x10) 2018/01/28 08:37:08 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000666000)=0x0, 0x4) 2018/01/28 08:37:08 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00008f0000-0x18)={0xffffffffffffffff, &(0x7f000071f000)="", &(0x7f000012e000-0x22)=""/34}, 0x18) 2018/01/28 08:37:08 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00001ee000-0x10)={0x2, 0x0, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) connect$inet(r0, &(0x7f0000561000)={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f0000763000-0x1)="", 0xfdc7, 0x0, &(0x7f000057c000-0x10)={0x2, 0x0, @multicast1=0xe0000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/28 08:37:08 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000d26000-0xc)={0x10, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe}, 0xc) bind$netlink(r0, &(0x7f0000437000-0xc)={0x10, 0x0, 0xffffffffffffffff, 0x0}, 0xc) 2018/01/28 08:37:08 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00006a7000-0x1c)=[@in6={0xa, 0x3, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}], 0x1c) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}, 0x0}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000757000-0xb)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0}, 0xb) [ 35.448630] binder: 4798:4806 Release 1 refcount change on invalid ref 4 ret -22 [ 35.466693] binder: 4798:4806 got reply transaction with no transaction stack [ 35.490414] binder: 4798:4806 transaction failed 29201/-71, size 80-40 line 2703 2018/01/28 08:37:08 executing program 0: prctl$seccomp(0x16, 0x1, &(0x7f0000f6d000)={0x0, &(0x7f000098c000)=[]}) 2018/01/28 08:37:08 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create(0x9) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c3c000-0xc)={0x0, 0x0}) r2 = perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000)=0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(r2, r0, 0x0) 2018/01/28 08:37:08 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000fbf000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f0000804000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8b000-0x8)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f00006fd000-0x10)=[]) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000009000-0x8)=0x3f) execve(&(0x7f00003f0000-0x8)='./file0\x00', &(0x7f0000a7c000-0x8)=[], &(0x7f0000c6e000)=[]) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) open(&(0x7f00000ed000)='./file0\x00', 0x401, 0x0) 2018/01/28 08:37:08 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = timerfd_create(0x0, 0x0) timerfd_settime(r2, 0x3, &(0x7f0000005000)={{0x77359400, 0x0}, {0x0, 0x989680}}, &(0x7f0000f0e000)={{0x0, 0x0}, {0x0, 0x0}}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000559000)={0x0, 0x0}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000022000-0xc)={0x2003, 0x0}) 2018/01/28 08:37:08 executing program 7: mmap(&(0x7f0000000000/0xa79000)=nil, 0xa79000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000033000-0x8)={0xfffffffffffffffe}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000a75000)={0x0, 0x0, 0x30004, 0x0}) 2018/01/28 08:37:08 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) capset(&(0x7f0000003000-0x6)={0x20080522, 0x0}, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2018/01/28 08:37:08 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000001000)=@req={0x28, &(0x7f0000000000)={@generic="d4abfe0205ba5e046d9469627fcda5bd", @ifru_names=@generic="9fd465fdd8d77bbee66ceefacc67d0b1"}}) 2018/01/28 08:37:08 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) seccomp(0x1, 0x0, &(0x7f000005e000)={0x2, &(0x7f00009ea000)=[{0x200000000035, 0x0, 0x0, 0xfffffffffffffffd}, {0x200000000006, 0x0, 0x0, 0x0}]}) [ 35.546725] kauditd_printk_skb: 2 callbacks suppressed [ 35.546733] audit: type=1326 audit(1517128628.816:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=4826 comm="syz-executor0" exe="/root/syz-executor0" sig=9 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0 2018/01/28 08:37:08 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f5a000-0x4)=0x5, 0x4) connect$inet6(r0, &(0x7f0000f07000)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], [0xff, 0xff], @dev={0xac, 0x14, 0xffffffffffffffff, 0x14}}, 0x0}, 0x1c) 2018/01/28 08:37:08 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000002c000-0x8)='./file0\x00', 0x0) mount(&(0x7f000002b000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f000001a000)='devpts\x00', 0x0, &(0x7f000000a000)="") mount(&(0x7f0000034000-0xc)='./file0/bus\x00', &(0x7f0000010000-0x8)='./file0\x00', &(0x7f0000033000-0x5)='fuse\x00', 0x7ffbf, &(0x7f0000032000)="") 2018/01/28 08:37:08 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000bec000-0x8)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000027000-0x8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000)="") mount(&(0x7f0000c6c000-0x8)='.', &(0x7f0000200000)='./file0\x00', &(0x7f00002e8000-0x4)='ramfs\x00', 0x20000, &(0x7f0000509000-0x1)="") 2018/01/28 08:37:08 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) chroot(&(0x7f00000a5000-0x1)='.') 2018/01/28 08:37:08 executing program 6: mmap(&(0x7f0000000000/0x26000)=nil, 0x26000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x0) sendmsg(r0, &(0x7f0000026000-0x38)={0x0, 0x0, &(0x7f0000025000)=[], 0x0, &(0x7f0000018000-0x1470)=[], 0x0, 0x0}, 0x20040000) 2018/01/28 08:37:08 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000109000+0x282)='./file0\x00', 0x0) r0 = creat(&(0x7f0000139000)='./file0/bus\x00', 0x0) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1, 0x0, 0x0, 0x0, 0x0}) writev(r0, &(0x7f0000977000-0x20)=[{&(0x7f0000912000-0x17)="8d", 0x1}], 0x1) 2018/01/28 08:37:08 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000fbf000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f0000804000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8b000-0x8)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f00006fd000-0x10)=[]) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000009000-0x8)=0x3f) execve(&(0x7f00003f0000-0x8)='./file0\x00', &(0x7f0000a7c000-0x8)=[], &(0x7f0000c6e000)=[]) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) open(&(0x7f00000ed000)='./file0\x00', 0x401, 0x0) 2018/01/28 08:37:08 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000501000)={0x0, 0x0}, 0x0) vmsplice(r0, &(0x7f0000072000)=[{&(0x7f0000994000)='W', 0x1}], 0x1, 0x0) writev(r1, &(0x7f0000d13000-0x30)=[{&(0x7f0000e9b000)="91", 0x1}], 0x1) [ 35.585791] audit: type=1326 audit(1517128628.853:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=4835 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0 2018/01/28 08:37:08 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f00000c3000)="6d6f756e74696e666f00a4") 2018/01/28 08:37:08 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00002a7000)='./file0\x00', 0x0) chdir(&(0x7f0000e6a000-0x8)='./file0\x00') 2018/01/28 08:37:08 executing program 1: mmap(&(0x7f0000000000/0xfcf000)=nil, 0xfcf000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000fb1000-0x8)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(r1, &(0x7f0000fcd000-0x10)=[{&(0x7f0000fb3000)="b0", 0x1}], 0x1, 0x0) writev(r1, &(0x7f00008d6000)=[{&(0x7f0000fb7000-0x1000)="45545f161f6e4585967cba6f95756862cc02b91a181a42f25242be9c40250862e8e14687c0dbe55e242247e378a8c718a53a3176351798243cdfbb102d169b1de57e6e53113f3c1496a401acc2a7d2585356eed7c4d71de7e349f1edfde41da3af78605ad97a08b4a5d1bfc4e56838353eed9548db5690d02d88b9824b32d103e0ffb483251cc0e2eae2950f59397aedc3b1450263f54db0784efb0baf9df36a22c9b11038dd9c2af943d797dfd6210a4a5f278393597ded1ccf1b9825de0668a6494ce9acb3e4500f2746b8ea9eb6179b113eec6507b822fe08cb0fb5ee028a0101cad23bb9ca7b09b3796ebe1019e893ea55cc41350c596dca1c08f2e15a39423d6a46bbf06f5867b74a8dd1e50187dd437fca000cbc75eeeab23169b38030a9ed0f62005108174b4f915605ea42ddca449c89b0c650bbc6bc62fe56ff69eb0746acec60ee1e17c43ecd0ddd9811b1d40c1396c33491a810cf21f2bbb985384174fcfb63ddfb1b94de5be32f8416481f50e9662d5457dbf9f9301361e9285fa9163395643ea052bdcdc066151c433818d105e2c8291e2c177e0cdb19f13663eb626ad72127f0e5c6878ffd76128b262b72cb6cff8b93ddeb4e0df3af65a38847782c47788b532a8de846f928d1c1289db98d593d3646bb6f91d8dd9795ca841627781d6cfca9f33143cd617b042dcf3d0bae6b07cbdace6af8263201d52ae9828858d0d364661b15c827c2c6541a5932fcf7cc17270ec0a3ecebf66409a8ba6d3fa2556bf1b37597c435dad667e497a809aecf7ae5f63a6ca5c4af3ab102816df85ea60447af43b883da59aec794ece1bc103ccd30525d7e7b7dfc", 0x25c}, {&(0x7f0000fcb000)="452cf289840e09343e9ecd69a217caac77d61108c740b3aa0379db786accc49da4c38d29b00c97b08d3efcccb9fcd6dadbde0000000000000009c2bade6336cbea7aa6ef8089b85e6d69df1f25ced4dae00bca67071144ba4df2d5dfbcd461dfbd68bafaa12407529dc0152cce617408858ef0a29c035876526f9ab9fcf57f69b6c0bd8a85bb78b9f8971cd49d3a2e3446ec0d0b59ff9d33efb6a2a6b58a42bb", 0xa0}, {&(0x7f0000de1000+0x449)="e012", 0x2}], 0x3) readv(r0, &(0x7f0000e81000)=[{&(0x7f0000fc9000-0x88)=""/136, 0x88}, {&(0x7f0000fcc000)=""/145, 0x91}, {&(0x7f0000fcb000-0x6b)=""/107, 0x6b}, {&(0x7f0000fcd000-0xb0)=""/176, 0xb0}], 0x4) 2018/01/28 08:37:08 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000c6000-0x9)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/01/28 08:37:08 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000992000)={0x2, 0xffffffffffffffff, @local={0xac, 0x14, 0x0, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) connect$inet(r0, &(0x7f0000390000)={0x2, 0xffffffffffffffff, @multicast2=0xe0000002, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/28 08:37:08 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00008f7000-0x7)='mounts\x00') r1 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000faf000-0xc)={0x0, 0x0}) mount(&(0x7f0000a39000-0x8)='./file0\x00', &(0x7f0000852000)='.', &(0x7f0000a60000)='ramfs\x00', 0x0, &(0x7f00008a7000)="") [ 35.666608] audit: type=1400 audit(1517128628.935:21): avc: denied { dac_read_search } for pid=4851 comm="syz-executor0" capability=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/28 08:37:09 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f0000fd0000)="", 0x0, 0x200007ff, &(0x7f0000deb000-0x10)={0x2, 0x3, @loopback=0x7f000001, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) sendto$inet(r0, &(0x7f00006fd000)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x81, &(0x7f0000e66000)={0x2, 0xffffffffffffffff, @rand_addr=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) writev(r0, &(0x7f0000447000-0x40)=[{&(0x7f0000f63000)="87", 0x1}], 0x1) 2018/01/28 08:37:09 executing program 6: r0 = userfaultfd(0x0) dup2(r0, r0) 2018/01/28 08:37:09 executing program 3: mmap(&(0x7f0000000000/0x51000)=nil, 0x51000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000049000)='\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000049000)='/dev/snd/seq\x00', 0x0, 0x800000000010d) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f000002b000)={0x0, 0x0, 0x0, "9ede7a8c5ae95ec8672c93340f643a664f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa8faf8fb574dbcfa6dc4d", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) write$sndseq(r0, &(0x7f0000043000-0x90)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @addr={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @addr={0x0, 0x0}}], 0x60) 2018/01/28 08:37:09 executing program 7: mmap(&(0x7f0000000000/0x51000)=nil, 0x51000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000049000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f000004d000)={0x80, 0x1, "636c69656e743100fffc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008", 0x0, "7fd82d5e02ca3901", "88e7ed00007fff051eaa961ef6c6992b6900000000f9ffff7711be18a3d918e0", 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 2018/01/28 08:37:09 executing program 6: syslog(0x3, 0x0, 0x94f551776839ccbf) 2018/01/28 08:37:09 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) mprotect(&(0x7f0000012000/0x2000)=nil, 0x2000, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) 2018/01/28 08:37:09 executing program 3: mmap(&(0x7f0000000000/0x51000)=nil, 0x51000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000049000)='\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000049000)='/dev/snd/seq\x00', 0x0, 0x800000000010d) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f000002b000)={0x0, 0x0, 0x0, "9ede7a8c5ae95ec8672c93340f643a664f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa8faf8fb574dbcfa6dc4d", 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) write$sndseq(r0, &(0x7f0000043000-0x90)=[{0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @addr={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick=0x0, {0x0, 0x0}, {0x0, 0x0}, @addr={0x0, 0x0}}], 0x60) 2018/01/28 08:37:09 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000fbf000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f0000804000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8b000-0x8)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f00006fd000-0x10)=[]) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000009000-0x8)=0x3f) execve(&(0x7f00003f0000-0x8)='./file0\x00', &(0x7f0000a7c000-0x8)=[], &(0x7f0000c6e000)=[]) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) open(&(0x7f00000ed000)='./file0\x00', 0x401, 0x0) 2018/01/28 08:37:09 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) 2018/01/28 08:37:09 executing program 1: mmap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001000-0x9)='/dev/rtc\x00', 0x0, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f00005ff000-0x4)=0x0) 2018/01/28 08:37:09 executing program 3: mmap(&(0x7f0000000000/0x27000)=nil, 0x27000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x80001, 0x0) bind$inet(r0, &(0x7f000000b000-0x10)={0x2, 0xffffffffffffffff, @broadcast=0xffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) connect(r0, &(0x7f0000024000-0x10)=@ethernet={0x0, @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) 2018/01/28 08:37:09 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f11000)=0xffffffffffffff40, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6, 0x0, 0x0, 0x0}]}, 0x10) 2018/01/28 08:37:09 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000d1d000)=0x0, 0x4) 2018/01/28 08:37:09 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000125000-0xd)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f000053b000)=0x8000201) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000f58000)={@generic="431df1f38e6e005a112f648d1c22ce26", @ifru_addrs=@rc={0x1f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0}}) 2018/01/28 08:37:09 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)={0xaa, 0x0, 0x0}) mprotect(&(0x7f0000012000/0x2000)=nil, 0x2000, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1, 0x0}) [ 36.815122] IPVS: ftp: loaded support on port[0] = 21 [ 37.125963] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 2018/01/28 08:37:10 executing program 5: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000002000-0x20)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1, 0x0}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000004000-0x8)='./file0\x00', 0x0) writev(r1, &(0x7f0000004000-0x28)=[{&(0x7f0000013000-0x49)='5', 0x1}], 0x1) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000004000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00004db000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/28 08:37:10 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003000)={@syzn={0x73, 0x79, 0x7a, 0x0, 0x0}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) socket$packet(0x11, 0x3, 0x300) bind$packet(r0, &(0x7f0000877000-0x14)={0x11, 0xf7, 0x0, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x0}, [0x0, 0x0]}, 0x14) 2018/01/28 08:37:10 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f000071c000-0xb)='/dev/loop#\x00', 0x0, 0x181001) memfd_create(&(0x7f00006ec000-0x11)="74756e08000000000000008000000000a4", 0x0) 2018/01/28 08:37:10 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000de3000-0xc)={0x10, 0x0, 0x0, 0x0}, 0xc, &(0x7f0000403000)={&(0x7f0000d7f000-0x14)={0x14, 0x0, 0x0, 0xfffffffffaffffff, 0xffffffffffffffff, 0xffffffffffffffff, {0x0, 0x0, 0x0}, []}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0) 2018/01/28 08:37:10 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000b5a000)={0x0, {{0xa, 0xffffffffffffffff, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x0}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x88) 2018/01/28 08:37:10 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) request_key(&(0x7f0000a91000)='syzkaller\x00', &(0x7f0000acf000)={0x73, 0x79, 0x7a, 0xffffffffffffffff, 0x0}, &(0x7f0000bc6000-0x8)='selinux\x00', 0xfffffffffffffff9) 2018/01/28 08:37:10 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f000003d000-0xc)={0x0, 0x0, 0x0}, &(0x7f0000e37000)=0x156) fcntl$setown(r0, 0x8, r1) fcntl$getownex(r0, 0x10, &(0x7f0000000000+0xca6)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4207, r2) wait4(r1, &(0x7f0000238000)=0x0, 0x0, &(0x7f0000002000-0x48)={{0x0, 0x0}, {0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) wait4(r2, &(0x7f0000000000)=0x0, 0x80000001, &(0x7f0000000000)={{0x0, 0x0}, {0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2018/01/28 08:37:10 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000fbf000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f0000804000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8b000-0x8)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f00006fd000-0x10)=[]) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000009000-0x8)=0x3f) execve(&(0x7f00003f0000-0x8)='./file0\x00', &(0x7f0000a7c000-0x8)=[], &(0x7f0000c6e000)=[]) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) open(&(0x7f00000ed000)='./file0\x00', 0x401, 0x0) 2018/01/28 08:37:10 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f00002a7000-0xb)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000d0c000-0x2)="7b10", 0x0) sendfile(r1, r0, &(0x7f0000c9d000-0x8)=0x0, 0xfe) 2018/01/28 08:37:10 executing program 1: 2018/01/28 08:37:10 executing program 0: 2018/01/28 08:37:11 executing program 1: [ 37.687261] audit: type=1400 audit(1517128630.954:22): avc: denied { create } for pid=5062 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 2018/01/28 08:37:11 executing program 1: 2018/01/28 08:37:11 executing program 7: 2018/01/28 08:37:11 executing program 1: 2018/01/28 08:37:11 executing program 0: [ 37.737061] audit: type=1400 audit(1517128630.956:23): avc: denied { write } for pid=5062 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 2018/01/28 08:37:11 executing program 5: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000002000-0x20)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1, 0x0}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000004000-0x8)='./file0\x00', 0x0) writev(r1, &(0x7f0000004000-0x28)=[{&(0x7f0000013000-0x49)='5', 0x1}], 0x1) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000004000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00004db000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) [ 37.775552] ptrace attach of "/root/syz-executor2"[4926] was attempted by "/root/syz-executor2"[5076] [ 37.792123] audit: type=1400 audit(1517128630.986:24): avc: denied { net_raw } for pid=5061 comm="syz-executor6" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/28 08:37:11 executing program 6: 2018/01/28 08:37:11 executing program 3: 2018/01/28 08:37:11 executing program 1: 2018/01/28 08:37:11 executing program 7: 2018/01/28 08:37:11 executing program 2: 2018/01/28 08:37:11 executing program 0: 2018/01/28 08:37:11 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000fbf000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f0000804000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8b000-0x8)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f00006fd000-0x10)=[]) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000009000-0x8)=0x3f) execve(&(0x7f00003f0000-0x8)='./file0\x00', &(0x7f0000a7c000-0x8)=[], &(0x7f0000c6e000)=[]) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) 2018/01/28 08:37:11 executing program 5: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000002000-0x20)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1, 0x0}) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000004000-0x8)='./file0\x00', 0x0) writev(r1, &(0x7f0000004000-0x28)=[{&(0x7f0000013000-0x49)='5', 0x1}], 0x1) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000004000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa02, &(0x7f00004db000-0x10)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 2018/01/28 08:37:11 executing program 1: 2018/01/28 08:37:11 executing program 6: 2018/01/28 08:37:11 executing program 2: 2018/01/28 08:37:11 executing program 3: 2018/01/28 08:37:11 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000159000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000beb000-0x98)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000001001bf3ffff00000065000000010000007db0e6f10efbf9a219d8f6aa6bd58d1c43473100e85026e7ff40f9b55bd1b3335d5bffff0001f3", "cfa40005000000f7ffffffff00000000000000ffb833220182ab867d00", [0x0, 0x0], 0x0}) 2018/01/28 08:37:11 executing program 0: 2018/01/28 08:37:11 executing program 1: 2018/01/28 08:37:11 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clone(0x200, &(0x7f0000fbf000)="", &(0x7f0000744000)=0x0, &(0x7f0000f8b000)=0x0, &(0x7f0000804000)="") mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8b000-0x8)='./file0\x00', &(0x7f0000a7c000-0x38)=[], &(0x7f00006fd000-0x10)=[]) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000d000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000009000-0x8)=0x3f) execve(&(0x7f00003f0000-0x8)='./file0\x00', &(0x7f0000a7c000-0x8)=[], &(0x7f0000c6e000)=[]) fcntl$setown(r1, 0x8, r0) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) tkill(r0, 0x16) 2018/01/28 08:37:11 executing program 5: 2018/01/28 08:37:11 executing program 6: 2018/01/28 08:37:11 executing program 1: 2018/01/28 08:37:11 executing program 3: 2018/01/28 08:37:11 executing program 2: [ 38.007915] ================================================================== [ 38.015350] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40 [ 38.022613] [ 38.024232] CPU: 0 PID: 5126 Comm: syz-executor7 Not tainted 4.15.0-rc9+ #283 [ 38.031486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.040847] Call Trace: [ 38.043423] dump_stack+0x194/0x257 [ 38.047040] ? arch_local_irq_restore+0x53/0x53 [ 38.051688] ? show_regs_print_info+0x18/0x18 [ 38.056193] ? __lock_is_held+0xb6/0x140 [ 38.060238] ? relay_open+0x6a1/0xa40 [ 38.064017] print_address_description+0x73/0x250 [ 38.068838] ? relay_open+0x6a1/0xa40 [ 38.072610] ? relay_open+0x6a1/0xa40 [ 38.076386] kasan_report_double_free+0x55/0x80 [ 38.081036] kasan_slab_free+0xa3/0xc0 [ 38.084899] kfree+0xd6/0x260 [ 38.087981] relay_open+0x6a1/0xa40 [ 38.091587] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 38.096418] ? __debugfs_create_file+0x2cf/0x3d0 [ 38.101154] ? debugfs_create_file+0x57/0x70 [ 38.105542] do_blk_trace_setup+0x4a4/0xcd0 [ 38.109846] ? blk_tracer_print_line+0x40/0x40 [ 38.114405] ? __might_sleep+0x95/0x190 [ 38.118362] ? kasan_check_write+0x14/0x20 [ 38.122573] ? _copy_from_user+0x99/0x110 [ 38.126699] __blk_trace_setup+0xbe/0x150 [ 38.130824] ? do_blk_trace_setup+0xcd0/0xcd0 [ 38.135301] ? disk_name+0x98/0x100 [ 38.138910] blk_trace_ioctl+0x206/0x2e0 [ 38.142946] ? blk_add_trace_rq_remap+0x680/0x680 [ 38.147773] ? avc_has_extended_perms+0x7fa/0x12c0 [ 38.152680] blkdev_ioctl+0x1845/0x1e00 [ 38.156630] ? blkpg_ioctl+0xb40/0xb40 [ 38.160492] ? avc_ss_reset+0x110/0x110 [ 38.164437] ? lock_downgrade+0x980/0x980 [ 38.168563] ? lock_release+0xa40/0xa40 [ 38.172515] ? __lock_is_held+0xb6/0x140 [ 38.176582] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 38.182454] ? get_unused_fd_flags+0x190/0x190 [ 38.187019] ? rcu_note_context_switch+0x710/0x710 [ 38.191931] block_ioctl+0xde/0x120 [ 38.195534] ? blkdev_fallocate+0x3b0/0x3b0 [ 38.199828] do_vfs_ioctl+0x1b1/0x1520 [ 38.203688] ? _cond_resched+0x14/0x30 [ 38.207557] ? ioctl_preallocate+0x2b0/0x2b0 [ 38.211945] ? selinux_capable+0x40/0x40 [ 38.215985] ? SyS_futex+0x269/0x390 [ 38.219686] ? security_file_ioctl+0x89/0xb0 [ 38.224084] SyS_ioctl+0x8f/0xc0 [ 38.227432] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 38.232159] RIP: 0033:0x453299 [ 38.235324] RSP: 002b:00007f3f1d23ec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 38.243008] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 [ 38.250260] RDX: 0000000020beaf68 RSI: 00000000c0481273 RDI: 0000000000000013 [ 38.257502] RBP: 000000000000061d R08: 0000000000000000 R09: 0000000000000000 [ 38.264747] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8358 [ 38.271989] R13: 00000000ffffffff R14: 00007f3f1d23f6d4 R15: 0000000000000000 [ 38.279255] [ 38.280856] Allocated by task 5126: [ 38.284459] save_stack+0x43/0xd0 [ 38.287885] kasan_kmalloc+0xad/0xe0 [ 38.291573] kmem_cache_alloc_trace+0x136/0x750 [ 38.296215] relay_open+0xf2/0xa40 [ 38.299730] do_blk_trace_setup+0x4a4/0xcd0 [ 38.304026] __blk_trace_setup+0xbe/0x150 [ 38.308146] blk_trace_ioctl+0x206/0x2e0 [ 38.312182] blkdev_ioctl+0x1845/0x1e00 [ 38.316131] block_ioctl+0xde/0x120 [ 38.320562] do_vfs_ioctl+0x1b1/0x1520 [ 38.324423] SyS_ioctl+0x8f/0xc0 [ 38.327764] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 38.332490] [ 38.334092] Freed by task 5126: [ 38.337343] save_stack+0x43/0xd0 [ 38.340770] kasan_slab_free+0x71/0xc0 [ 38.344631] kfree+0xd6/0x260 [ 38.347709] relay_open+0x84a/0xa40 [ 38.351310] do_blk_trace_setup+0x4a4/0xcd0 [ 38.355602] __blk_trace_setup+0xbe/0x150 [ 38.359723] blk_trace_ioctl+0x206/0x2e0 [ 38.363756] blkdev_ioctl+0x1845/0x1e00 [ 38.367708] block_ioctl+0xde/0x120 [ 38.371311] do_vfs_ioctl+0x1b1/0x1520 [ 38.375169] SyS_ioctl+0x8f/0xc0 [ 38.378510] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 38.383233] [ 38.384835] The buggy address belongs to the object at ffff8801cd5a0800 [ 38.384835] which belongs to the cache kmalloc-512 of size 512 [ 38.397464] The buggy address is located 0 bytes inside of [ 38.397464] 512-byte region [ffff8801cd5a0800, ffff8801cd5a0a00) [ 38.409147] The buggy address belongs to the page: [ 38.414053] page:ffffea0007356800 count:1 mapcount:0 mapping:ffff8801cd5a0080 index:0x0 [ 38.422168] flags: 0x2fffc0000000100(slab) [ 38.426379] raw: 02fffc0000000100 ffff8801cd5a0080 0000000000000000 0000000100000006 [ 38.434233] raw: ffffea00070c4ca0 ffffea00070cd9a0 ffff8801dac00940 0000000000000000 [ 38.442081] page dumped because: kasan: bad access detected [ 38.447758] [ 38.449357] Memory state around the buggy address: [ 38.454258] ffff8801cd5a0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.461588] ffff8801cd5a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.468919] >ffff8801cd5a0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.476250] ^ [ 38.479587] ffff8801cd5a0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.486917] ffff8801cd5a0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.494244] ================================================================== [ 38.501572] Disabling lock debugging due to kernel taint [ 38.506997] Kernel panic - not syncing: panic_on_warn set ... [ 38.506997] [ 38.514335] CPU: 0 PID: 5126 Comm: syz-executor7 Tainted: G B 4.15.0-rc9+ #283 [ 38.522878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.532202] Call Trace: [ 38.534764] dump_stack+0x194/0x257 [ 38.538363] ? arch_local_irq_restore+0x53/0x53 [ 38.543016] ? kasan_end_report+0x32/0x50 [ 38.547140] ? lock_downgrade+0x980/0x980 [ 38.551258] ? vsnprintf+0x1ed/0x1900 [ 38.555035] panic+0x1e4/0x41c [ 38.558206] ? refcount_error_report+0x214/0x214 [ 38.562935] ? add_taint+0x40/0x50 [ 38.566446] ? add_taint+0x1c/0x50 [ 38.569959] ? relay_open+0x6a1/0xa40 [ 38.573735] ? relay_open+0x6a1/0xa40 [ 38.577508] kasan_end_report+0x50/0x50 [ 38.581456] kasan_report_double_free+0x72/0x80 [ 38.586099] kasan_slab_free+0xa3/0xc0 [ 38.589960] kfree+0xd6/0x260 [ 38.593052] relay_open+0x6a1/0xa40 [ 38.596663] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 38.601483] ? __debugfs_create_file+0x2cf/0x3d0 [ 38.606216] ? debugfs_create_file+0x57/0x70 [ 38.610599] do_blk_trace_setup+0x4a4/0xcd0 [ 38.614909] ? blk_tracer_print_line+0x40/0x40 [ 38.619469] ? __might_sleep+0x95/0x190 [ 38.623420] ? kasan_check_write+0x14/0x20 [ 38.627629] ? _copy_from_user+0x99/0x110 [ 38.631752] __blk_trace_setup+0xbe/0x150 [ 38.635874] ? do_blk_trace_setup+0xcd0/0xcd0 [ 38.640347] ? disk_name+0x98/0x100 [ 38.643954] blk_trace_ioctl+0x206/0x2e0 [ 38.647999] ? blk_add_trace_rq_remap+0x680/0x680 [ 38.652821] ? avc_has_extended_perms+0x7fa/0x12c0 [ 38.657736] blkdev_ioctl+0x1845/0x1e00 [ 38.661689] ? blkpg_ioctl+0xb40/0xb40 [ 38.665548] ? avc_ss_reset+0x110/0x110 [ 38.669493] ? lock_downgrade+0x980/0x980 [ 38.673616] ? lock_release+0xa40/0xa40 [ 38.677565] ? __lock_is_held+0xb6/0x140 [ 38.681613] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 38.687473] ? get_unused_fd_flags+0x190/0x190 [ 38.692029] ? rcu_note_context_switch+0x710/0x710 [ 38.696935] block_ioctl+0xde/0x120 [ 38.700536] ? blkdev_fallocate+0x3b0/0x3b0 [ 38.704829] do_vfs_ioctl+0x1b1/0x1520 [ 38.708687] ? _cond_resched+0x14/0x30 [ 38.712548] ? ioctl_preallocate+0x2b0/0x2b0 [ 38.716943] ? selinux_capable+0x40/0x40 [ 38.720985] ? SyS_futex+0x269/0x390 [ 38.724678] ? security_file_ioctl+0x89/0xb0 [ 38.729060] SyS_ioctl+0x8f/0xc0 [ 38.732403] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 38.737128] RIP: 0033:0x453299 [ 38.740291] RSP: 002b:00007f3f1d23ec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 [ 38.747975] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 [ 38.755218] RDX: 0000000020beaf68 RSI: 00000000c0481273 RDI: 0000000000000013 [ 38.762469] RBP: 000000000000061d R08: 0000000000000000 R09: 0000000000000000 [ 38.769715] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8358 [ 38.776959] R13: 00000000ffffffff R14: 00007f3f1d23f6d4 R15: 0000000000000000 [ 38.784608] Dumping ftrace buffer: [ 38.788135] (ftrace buffer empty) [ 38.791814] Kernel Offset: disabled [ 38.795409] Rebooting in 86400 seconds..