[....] Starting enhanced syslogd: rsyslogd[ 12.922169] audit: type=1400 audit(1518851939.846:4): avc: denied { syslog } for pid=3648 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. 2018/02/17 07:19:14 fuzzer started 2018/02/17 07:19:14 dialing manager at 10.128.0.26:40441 2018/02/17 07:19:17 kcov=true, comps=false 2018/02/17 07:19:18 executing program 0: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) socketpair(0x5, 0x3, 0x7, &(0x7f0000001000-0x8)={0x0, 0x0}) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000001000-0xe8)={{{@in6=@dev, @in=@multicast1}}, {{@in=@loopback}, 0x0, @in=@rand_addr}}, &(0x7f0000e49000-0x4)=0xe8) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000001000-0x4)=0x10001, 0x4) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000002000-0x98)={0x0, @in6={{0xa, 0x3, 0x6, @loopback={0x0, 0x1}, 0x100}}, 0xace, 0x5}, &(0x7f0000001000)=0x98) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={r2, 0x4}, 0x8) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getdents(r0, &(0x7f0000003000-0x6c)=""/108, 0x6c) mkdirat(r0, &(0x7f0000001000-0x8)='./file0\x00', 0x16a) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000001000-0xf)='/dev/sequencer\x00', 0x10200, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000002000-0x1)={r2, 0x40}, 0x8) ioctl$EVIOCGVERSION(r3, 0x80044501, &(0x7f0000002000-0x14)=""/20) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) connect$pptp(r1, &(0x7f0000003000)={0x18, 0x2, {0x3, @dev={0xac, 0x14, 0x0, 0xb}}}, 0x20) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000001000)=0x1ff, 0x4) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000004000)={r2, 0x1, 0x9}, &(0x7f0000004000)=0x8) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000006000-0x4)=0x6, 0x4) tee(r1, r1, 0xcc, 0x4) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000005000-0x4), &(0x7f0000006000)=0x4) mmap(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000007000)='/dev/hwrng\x00', 0x0, 0x0) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, &(0x7f0000008000)=0x4) 2018/02/17 07:19:18 executing program 7: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x4400, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000001000-0x14)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000001000-0x4)=0x14) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@sack_info={r2, 0x1, 0x9}, &(0x7f000016a000)=0xc) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x2001, 0x0) accept$ipx(r3, &(0x7f0000000000), &(0x7f0000001000-0x1)=0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x3, @rand_addr=0xc}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r3, 0x28, 0x0, &(0x7f0000000000)=0x6, 0x8) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000001000-0x30)) ioctl$TCGETS(r3, 0x5401, &(0x7f0000001000-0x24)) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000000)={0x1, &(0x7f0000002000-0x4)=[0x4]}) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000003000-0x8)={0x0}, 0x0) setsockopt$netrom_NETROM_IDLE(r3, 0x103, 0x7, &(0x7f0000002000)=0x5, 0x4) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000001000)={r2, 0x7}, 0x6) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000003000)='./file0\x00', 0x14400, 0x100) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000004000)={0x0, 0x0}) mmap(&(0x7f0000004000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) timerfd_settime(r5, 0x1, &(0x7f0000005000-0x20)={{r6, r7+30000000}, {0x77359400}}, &(0x7f0000003000)) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000002000-0x15)='/proc/self/net/pfkey\x00', 0x80000, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r8, 0x84, 0x11, &(0x7f0000005000)={r1, 0x3ce}, &(0x7f0000006000-0x4)=0x8) arch_prctl(0x1002, &(0x7f0000004000)="244aa0f525a4968d8badd5f4cfab1a4996a202b11cff27526b0179339adba8c764b681bf25d4bc4db426c42d5a7a4c62e179ab27cdf054887835d21d8a1e9212f1b50b325ae009425152e8fc9b888bc4baf6eaf889635be61f9633f1b0e8db7ecfe5a3de6a1994ef1a3321f6812cc24ec91311f83f7e3bc8cb3c11027b13c3373d73cfd23e0ed77bca28fa3493fa7ac7ac1af5e17ea4cd4f0b90747f3b29ae8cc471987155af69d7d84489174afa1b5d24a880c5") 2018/02/17 07:19:18 executing program 3: 2018/02/17 07:19:18 executing program 4: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xe, &(0x7f0000039000), &(0x7f0000351000-0x4)=0x4) 2018/02/17 07:19:18 executing program 5: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f000053a000-0xb)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0xc0481273, &(0x7f0000f58000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "000000000100000000001bf3fffffff6ff64000000edff00007db0e6330ee7f9b319d8000018e58d1c43473000e05026fb0000008001d1a7335d5bffff0001d7", "cea40005003500f7ff0002ff000000000000000000810000dc01867dfffe0200"}) 2018/02/17 07:19:18 executing program 6: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tun(&(0x7f0000516000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000b2a000)={@common="ffffb70e7473300009dfffffff00", @ifru_map={0xb69}}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000c58000-0x50)={@syzn={0x73, 0x79, 0x7a}, @ifru_addrs=@in={0x2, 0xffffffffffffffff, @multicast1=0xe0000001}}) 2018/02/17 07:19:18 executing program 2: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x1000000010, 0x802, 0x0) sendmsg$nl_route(r0, &(0x7f0000546000)={&(0x7f000026e000-0xc)={0x10}, 0xc, &(0x7f0000f76000-0x10)={&(0x7f0000aa5000)=@ipv4_deladdr={0x18, 0x15, 0x9, 0xffffffffffffffff, 0xffffffffffffffff, {0x2}, []}, 0x18}, 0x1}, 0x0) 2018/02/17 07:19:18 executing program 1: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000220000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x2, 0x0) write(r1, &(0x7f0000064000), 0x0) dup3(r0, r1, 0x0) syzkaller login: [ 32.064675] audit: type=1400 audit(1518851958.986:5): avc: denied { sys_admin } for pid=3861 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 32.100455] IPVS: Creating netns size=2536 id=1 [ 32.114612] audit: type=1400 audit(1518851959.036:6): avc: denied { net_admin } for pid=3866 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 32.147873] IPVS: Creating netns size=2536 id=2 [ 32.174344] IPVS: Creating netns size=2536 id=3 [ 32.206146] IPVS: Creating netns size=2536 id=4 [ 32.242087] IPVS: Creating netns size=2536 id=5 [ 32.289310] IPVS: Creating netns size=2536 id=6 [ 32.346984] IPVS: Creating netns size=2536 id=7 [ 32.393790] IPVS: Creating netns size=2536 id=8 [ 34.121138] audit: type=1400 audit(1518851961.046:7): avc: denied { sys_chroot } for pid=3865 comm="syz-executor7" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/02/17 07:19:21 executing program 4: 2018/02/17 07:19:21 executing program 3: 2018/02/17 07:19:21 executing program 7: 2018/02/17 07:19:21 executing program 4: 2018/02/17 07:19:21 executing program 3: 2018/02/17 07:19:21 executing program 4: 2018/02/17 07:19:21 executing program 3: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000334000)={0x2, 0x0, @empty}, 0x10) listen(r0, 0x400000000000040) r1 = socket$inet(0x2, 0x1, 0x0) r2 = syz_open_dev$tun(&(0x7f0000520000-0xd)='/dev/net/tun\x00', 0x0, 0xa) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000d7000)={@common='gre0\x00', @ifru_names=@generic="4f54000cc0a1ed4f3a0a1fdc222073b5"}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000630000-0x20)={@common='gre0\x00', @ifru_flags=0x301}) write$tun(r3, &(0x7f000059a000)=@hdr={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x78, 0xffffffffffffffff, 0x0, 0x0, 0x4006, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, {[]}}, @tcp={{0xffffffffffffffff, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x7, 0xca, 0x0, 0x0, 0x0, {[@generic={0x22, 0x8, "0f79e1af0829"}]}}, {"9adef60f80c8cd36c09d957a78da82b815d304a52293f9ea9852950118e371aaba2735f079761900f68f94d9a4c7865c080625960f3ba4c500e30abe69f303dafcafaf50087d919f"}}}}, 0x82) 2018/02/17 07:19:21 executing program 7: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f000056c000-0xd8)={@link_local={0x1, 0x80, 0xc2}, @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff, 0xaa}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @rand_addr, @multicast1=0xe0000001, {[]}}, @tcp={{0xffffffffffffffff, 0xffffffffffffffff, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, {[]}}}}}}}, &(0x7f000060a000+0xfc5)={0x0, 0x0, []}) [ 34.307331] device gre0 entered promiscuous mode [ 34.431288] ================================================================== [ 34.438689] BUG: KASAN: double-free or invalid-free in relay_open+0x603/0x860 [ 34.445939] [ 34.447558] CPU: 1 PID: 4981 Comm: syz-executor5 Not tainted 4.9.81-ga25ea24 #36 [ 34.455071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.464401] ffff8801cddbf860 ffffffff81d94de9 ffffea0006fb4580 ffff8801bed16f00 [ 34.472389] ffff8801da001280 ffffffff8137d9b3 0000000000000282 ffff8801cddbf898 [ 34.480363] ffffffff8153e173 ffff8801bed16f00 ffffffff8137d9b3 ffff8801da001280 [ 34.488342] Call Trace: [ 34.490905] [] dump_stack+0xc1/0x128 [ 34.496242] [] ? relay_open+0x603/0x860 [ 34.501837] [] print_address_description+0x73/0x280 [ 34.508474] [] ? relay_open+0x603/0x860 [ 34.514066] [] ? relay_open+0x603/0x860 [ 34.519661] [] kasan_report_double_free+0x64/0xa0 [ 34.526124] [] kasan_slab_free+0xa4/0xc0 [ 34.531806] [] kfree+0x103/0x300 [ 34.536792] [] relay_open+0x603/0x860 [ 34.542212] [] do_blk_trace_setup+0x3e9/0x950 [ 34.548326] [] blk_trace_setup+0xe0/0x1a0 [ 34.554102] [] ? do_blk_trace_setup+0x950/0x950 [ 34.560390] [] ? disk_name+0x98/0x100 [ 34.565810] [] blk_trace_ioctl+0x1de/0x300 [ 34.572207] [] ? compat_blk_trace_setup+0x250/0x250 [ 34.578844] [] ? avc_has_extended_perms+0xe2/0xf10 [ 34.585394] [] ? get_futex_key+0x1050/0x1050 [ 34.591422] [] ? save_stack_trace+0x16/0x20 [ 34.597363] [] ? save_stack+0x43/0xd0 [ 34.602785] [] blkdev_ioctl+0xb00/0x1a60 [ 34.608466] [] ? blkpg_ioctl+0x930/0x930 [ 34.614148] [] ? __lock_acquire+0x629/0x3640 [ 34.620176] [] ? do_futex+0x3f8/0x15c0 [ 34.625684] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 34.632583] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 34.639397] [] block_ioctl+0xde/0x120 [ 34.644819] [] ? blkdev_fallocate+0x440/0x440 [ 34.650935] [] do_vfs_ioctl+0x1aa/0x1140 [ 34.656617] [] ? ioctl_preallocate+0x220/0x220 [ 34.662818] [] ? selinux_file_ioctl+0x355/0x530 [ 34.669106] [] ? selinux_capable+0x40/0x40 [ 34.674960] [] ? __fget+0x20a/0x3b0 [ 34.680207] [] ? __fget+0x231/0x3b0 [ 34.685452] [] ? __fget+0x47/0x3b0 [ 34.690614] [] ? security_file_ioctl+0x89/0xb0 [ 34.696815] [] SyS_ioctl+0x8f/0xc0 [ 34.701976] [] ? do_vfs_ioctl+0x1140/0x1140 [ 34.707916] [] do_syscall_64+0x1a5/0x490 [ 34.713599] [] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 34.720493] [ 34.722096] Allocated by task 4981: [ 34.725695] save_stack_trace+0x16/0x20 [ 34.729638] save_stack+0x43/0xd0 [ 34.733060] kasan_kmalloc+0xad/0xe0 [ 34.736742] kmem_cache_alloc_trace+0xfb/0x2a0 [ 34.741304] relay_open+0x91/0x860 [ 34.744815] do_blk_trace_setup+0x3e9/0x950 [ 34.749108] blk_trace_setup+0xe0/0x1a0 [ 34.753051] blk_trace_ioctl+0x1de/0x300 [ 34.757082] blkdev_ioctl+0xb00/0x1a60 [ 34.760941] block_ioctl+0xde/0x120 [ 34.764537] do_vfs_ioctl+0x1aa/0x1140 [ 34.768392] SyS_ioctl+0x8f/0xc0 [ 34.771730] do_syscall_64+0x1a5/0x490 [ 34.775588] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 34.780656] [ 34.782252] Freed by task 4981: [ 34.785498] save_stack_trace+0x16/0x20 [ 34.789444] save_stack+0x43/0xd0 [ 34.792866] kasan_slab_free+0x72/0xc0 [ 34.796721] kfree+0x103/0x300 [ 34.799881] relay_destroy_channel+0x16/0x20 [ 34.804258] relay_open+0x5ea/0x860 [ 34.807857] do_blk_trace_setup+0x3e9/0x950 [ 34.812149] blk_trace_setup+0xe0/0x1a0 [ 34.816094] blk_trace_ioctl+0x1de/0x300 [ 34.820124] blkdev_ioctl+0xb00/0x1a60 [ 34.823980] block_ioctl+0xde/0x120 [ 34.827581] do_vfs_ioctl+0x1aa/0x1140 [ 34.831439] SyS_ioctl+0x8f/0xc0 [ 34.834773] do_syscall_64+0x1a5/0x490 [ 34.838633] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 34.843705] [ 34.845305] The buggy address belongs to the object at ffff8801bed16f00 [ 34.845305] which belongs to the cache kmalloc-512 of size 512 [ 34.857929] The buggy address is located 0 bytes inside of [ 34.857929] 512-byte region [ffff8801bed16f00, ffff8801bed17100) [ 34.869600] The buggy address belongs to the page: [ 34.874500] page:ffffea0006fb4580 count:1 mapcount:0 mapping: (null) index:0xffff8801bed16000 compound_mapcount: 0 [ 34.885969] flags: 0x8000000000004080(slab|head) [ 34.890691] page dumped because: kasan: bad access detected [ 34.896365] [ 34.897962] Memory state around the buggy address: [ 34.902861] ffff8801bed16e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.910189] ffff8801bed16e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.917519] >ffff8801bed16f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.924844] ^ [ 34.928177] ffff8801bed16f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.935505] ffff8801bed17000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.942832] ================================================================== [ 34.950158] Disabling lock debugging due to kernel taint [ 34.957503] Kernel panic - not syncing: panic_on_warn set ... [ 34.957503] [ 34.964870] CPU: 1 PID: 4981 Comm: syz-executor5 Tainted: G B 4.9.81-ga25ea24 #36 [ 34.973590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.982917] ffff8801cddbf7b8 ffffffff81d94de9 ffffffff84197637 ffff8801cddbf890 [ 34.990886] ffff8801da001200 ffffffff8137d9b3 0000000000000282 ffff8801cddbf880 [ 34.998864] ffffffff8142f621 0000000041b58ab3 ffffffff8418b0a8 ffffffff8142f465 [ 35.006845] Call Trace: [ 35.009408] [] dump_stack+0xc1/0x128 [ 35.014743] [] ? relay_open+0x603/0x860 [ 35.020337] [] panic+0x1bc/0x3a8 [ 35.025323] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 35.033532] [] ? preempt_schedule+0x25/0x30 [ 35.039472] [] ? ___preempt_schedule+0x16/0x18 [ 35.045673] [] ? relay_open+0x603/0x860 [ 35.051273] [] ? relay_open+0x603/0x860 [ 35.056866] [] kasan_end_report+0x50/0x50 [ 35.062633] [] kasan_report_double_free+0x81/0xa0 [ 35.069094] [] kasan_slab_free+0xa4/0xc0 [ 35.074778] [] kfree+0x103/0x300 [ 35.079762] [] relay_open+0x603/0x860 [ 35.085182] [] do_blk_trace_setup+0x3e9/0x950 [ 35.091297] [] blk_trace_setup+0xe0/0x1a0 [ 35.097066] [] ? do_blk_trace_setup+0x950/0x950 [ 35.103356] [] ? disk_name+0x98/0x100 [ 35.108777] [] blk_trace_ioctl+0x1de/0x300 [ 35.114634] [] ? compat_blk_trace_setup+0x250/0x250 [ 35.121274] [] ? avc_has_extended_perms+0xe2/0xf10 [ 35.127824] [] ? get_futex_key+0x1050/0x1050 [ 35.133854] [] ? save_stack_trace+0x16/0x20 [ 35.139793] [] ? save_stack+0x43/0xd0 [ 35.145213] [] blkdev_ioctl+0xb00/0x1a60 [ 35.150897] [] ? blkpg_ioctl+0x930/0x930 [ 35.156577] [] ? __lock_acquire+0x629/0x3640 [ 35.162604] [] ? do_futex+0x3f8/0x15c0 [ 35.168113] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 35.175011] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.181825] [] block_ioctl+0xde/0x120 [ 35.187245] [] ? blkdev_fallocate+0x440/0x440 [ 35.193360] [] do_vfs_ioctl+0x1aa/0x1140 [ 35.199039] [] ? ioctl_preallocate+0x220/0x220 [ 35.205242] [] ? selinux_file_ioctl+0x355/0x530 [ 35.211532] [] ? selinux_capable+0x40/0x40 [ 35.217385] [] ? __fget+0x20a/0x3b0 [ 35.222633] [] ? __fget+0x231/0x3b0 [ 35.227879] [] ? __fget+0x47/0x3b0 [ 35.233037] [] ? security_file_ioctl+0x89/0xb0 [ 35.239236] [] SyS_ioctl+0x8f/0xc0 [ 35.244395] [] ? do_vfs_ioctl+0x1140/0x1140 [ 35.250338] [] do_syscall_64+0x1a5/0x490 [ 35.256020] [] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 35.263347] Dumping ftrace buffer: [ 35.266857] (ftrace buffer empty) [ 35.270536] Kernel Offset: disabled [ 35.274132] Rebooting in 86400 seconds..