Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts. [ 42.057680] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/18 18:22:32 fuzzer started [ 42.163348] audit: type=1400 audit(1568830952.506:7): avc: denied { map } for pid=1785 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.575324] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/18 18:22:33 dialing manager at 10.128.0.26:38793 2019/09/18 18:22:33 syscalls: 1347 2019/09/18 18:22:33 code coverage: enabled 2019/09/18 18:22:33 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/18 18:22:33 extra coverage: extra coverage is not supported by the kernel 2019/09/18 18:22:33 setuid sandbox: enabled 2019/09/18 18:22:33 namespace sandbox: enabled 2019/09/18 18:22:33 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/18 18:22:33 fault injection: CONFIG_FAULT_INJECTION is not enabled 2019/09/18 18:22:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/18 18:22:33 net packet injection: enabled 2019/09/18 18:22:33 net device setup: enabled [ 44.514482] random: crng init done 18:23:28 executing program 0: 18:23:28 executing program 1: 18:23:28 executing program 5: 18:23:28 executing program 2: 18:23:28 executing program 3: 18:23:28 executing program 4: [ 98.044442] audit: type=1400 audit(1568831008.386:8): avc: denied { map } for pid=1785 comm="syz-fuzzer" path="/root/syzkaller-shm006313750" dev="sda1" ino=15976 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 98.100881] audit: type=1400 audit(1568831008.386:9): avc: denied { map } for pid=1830 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 18:23:29 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x51, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000000006ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit(0x0) r0 = socket(0xa, 0x3, 0x87) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @rand_addr="ffba4195a8914923d5b3b6e33004d368"}, 0x1c) r1 = dup(r0) write$P9_RLOCK(r1, &(0x7f0000000000)={0x8}, 0x8) 18:23:29 executing program 0: 18:23:29 executing program 0: 18:23:29 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) sendfile(r2, r2, 0x0, 0x20000) 18:23:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000068000/0x3000)=nil, 0x3000, 0xf, 0x840000000000a132, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) 18:23:30 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) 18:23:30 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) 18:23:31 executing program 1: 18:23:32 executing program 5: 18:23:32 executing program 2: 18:23:32 executing program 3: 18:23:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r0, r1, 0x0) writev(r1, &(0x7f0000000040)=[{&(0x7f0000fb4000)="1f00000001021900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 18:23:32 executing program 1: 18:23:32 executing program 5: 18:23:32 executing program 2: 18:23:32 executing program 4: 18:23:32 executing program 5: 18:23:32 executing program 4: 18:23:32 executing program 4: 18:23:32 executing program 2: 18:23:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000500)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000580), 0xc2) 18:23:32 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x3) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) [ 102.404859] audit: type=1400 audit(1568831012.746:10): avc: denied { create } for pid=2780 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 102.418841] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.0'. 18:23:32 executing program 4: [ 102.479639] audit: type=1400 audit(1568831012.756:11): avc: denied { write } for pid=2780 comm="syz-executor.0" path="socket:[7145]" dev="sockfs" ino=7145 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 18:23:32 executing program 0: 18:23:32 executing program 5: 18:23:32 executing program 3: 18:23:32 executing program 2: 18:23:32 executing program 1: 18:23:32 executing program 4: 18:23:33 executing program 5: 18:23:33 executing program 3: 18:23:33 executing program 2: 18:23:33 executing program 1: 18:23:33 executing program 0: 18:23:33 executing program 4: 18:23:33 executing program 3: 18:23:33 executing program 0: 18:23:33 executing program 5: 18:23:33 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000100)=ANY=[@ANYBLOB="000004d06424b2d0540003248620bc1db2ad205700000a00050000000000ff02000003001200000000000000000100000000fe80d79bf15a082f6ab25700000000c04300000000000000000000000000000000e60c000000000000000000000000a3f000000000000000003ed8d3f10000000000000000afec749c0000000000000000000000000000000009000000000059ffebdb2323c566a71a483b18e3000000000000000000000000000000000000005b477f787d07e05641cd327b3819b061ea5cf2bb220c7765742cddabf2f0f7b633e7b562f95dee6a4ddf1ecd5d34d3e50466a12076c64b8dd5e36e47a9980e67ed41e35e89d3c8761a11340b01acaa9e9396e8c851dab48ed9a625"], 0x90) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) 18:23:33 executing program 2: r0 = getpgrp(0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x1, 0x3, 0x36}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 18:23:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, [@tunl_policy=[@IFLA_IPTUN_ENCAP_TYPE={0x8}]]}}}]}, 0x38}}, 0x0) 18:23:33 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSRS485(0xffffffffffffffff, 0x542f, &(0x7f0000000240)) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') rmdir(0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) 18:23:33 executing program 3: 18:23:33 executing program 5: 18:23:33 executing program 2: 18:23:33 executing program 4: 18:23:33 executing program 3: 18:23:33 executing program 5: 18:23:33 executing program 2: 18:23:33 executing program 4: [ 102.914534] hrtimer: interrupt took 44313 ns 18:23:36 executing program 5: 18:23:36 executing program 3: 18:23:36 executing program 2: 18:23:36 executing program 4: 18:23:36 executing program 1: 18:23:36 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSRS485(0xffffffffffffffff, 0x542f, &(0x7f0000000240)) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') rmdir(0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) 18:23:36 executing program 3: 18:23:36 executing program 4: 18:23:36 executing program 2: 18:23:36 executing program 5: 18:23:36 executing program 1: 18:23:36 executing program 5: 18:23:36 executing program 3: 18:23:36 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000400)='ramfs\x00\x9b\x95\x84\x10D\xfb\x9b\x81R#\x10O\xd3\xb4\xe8\xa3\x1f\x00\r\xf6\xd9\xbbt\x95f\x9e\x02\x06\xf946\\{(\xc8\xa7s\xd2>\x81\x88l\x0e\xc5%\x99\x00\x02\x9d\x85\xfc\xa9\\\x99:\xe4\x9c\xf9z>w\xe7\xa9\xa8=\xe9o\x9f\xfbKE\xd7\x9a\x1b\xf8\x86@\x8e\xe6\x9em\x89\xab\x19\xea1\x8e\xa1\xb5\xd7\xc6\xc62\x05\xc7\xe5\xd2m\xeczV\x1d\x84\xcd\xc0\xdf', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') umount2(&(0x7f0000000040)='../file0\x00', 0x2) 18:23:36 executing program 2: 18:23:36 executing program 1: 18:23:36 executing program 3: 18:23:39 executing program 0: 18:23:39 executing program 5: 18:23:39 executing program 2: 18:23:39 executing program 3: 18:23:39 executing program 1: 18:23:39 executing program 4: 18:23:39 executing program 5: 18:23:39 executing program 2: 18:23:39 executing program 1: 18:23:39 executing program 3: 18:23:39 executing program 4: fstat(0xffffffffffffffff, 0x0) getuid() perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) 18:23:39 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:39 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c02, &(0x7f0000000240)) 18:23:39 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r2, r1, 0x0, 0x141) 18:23:39 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) clone(0x0, 0x0, 0x0, 0x0, 0x0) 18:23:39 executing program 3: memfd_create(0x0, 0x0) perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 18:23:39 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_SECUREBITS(0x1c, 0xf) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0xee01, r2) r3 = open(&(0x7f0000000000)='./file0\x00', 0x82040, 0x0) fcntl$setlease(r3, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000da1000)={0xfffffffffffffffe}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000061000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) fcntl$setlease(r3, 0x400, 0x2) [ 109.477210] audit: type=1400 audit(1568831019.816:12): avc: denied { map } for pid=3083 comm="blkid" path="/lib/x86_64-linux-gnu/libuuid.so.1.3.0" dev="sda1" ino=2819 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 109.505930] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=12297 sclass=netlink_xfrm_socket pig=3093 comm=syz-executor.5 18:23:39 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:39 executing program 2: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_tables_matches\x00') pread64(r0, 0x0, 0x0, 0x800000000005) syz_genetlink_get_family_id$ipvs(0x0) [ 109.582498] audit: type=1400 audit(1568831019.926:13): avc: denied { map } for pid=3102 comm="blkid" path="/sbin/blkid" dev="sda1" ino=15619 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 18:23:39 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:40 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x2ee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_getaffinity(0x0, 0x8, &(0x7f0000000000)) [ 109.636936] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=12297 sclass=netlink_xfrm_socket pig=3111 comm=syz-executor.5 18:23:40 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) [ 109.672397] audit: type=1400 audit(1568831019.966:14): avc: denied { create } for pid=3106 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 18:23:40 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:40 executing program 2: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_tables_matches\x00') pread64(r0, 0x0, 0x0, 0x800000000005) syz_genetlink_get_family_id$ipvs(0x0) 18:23:40 executing program 4: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_tables_matches\x00') pread64(r0, 0x0, 0x0, 0x800000000005) syz_genetlink_get_family_id$ipvs(0x0) [ 109.719205] audit: type=1400 audit(1568831019.986:15): avc: denied { write } for pid=3106 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 109.750470] audit: type=1400 audit(1568831020.036:16): avc: denied { map } for pid=3114 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 109.816426] audit: type=1400 audit(1568831020.056:17): avc: denied { read } for pid=3106 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 109.865366] audit: type=1400 audit(1568831020.146:18): avc: denied { map } for pid=3124 comm="blkid" path="/lib/x86_64-linux-gnu/libblkid.so.1.1.0" dev="sda1" ino=2825 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 18:23:40 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r2, r1, 0x0, 0x141) 18:23:40 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) 18:23:40 executing program 2: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_tables_matches\x00') pread64(r0, 0x0, 0x0, 0x800000000005) syz_genetlink_get_family_id$ipvs(0x0) 18:23:40 executing program 1: pwritev(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:40 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:40 executing program 1: pwritev(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:40 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) [ 109.996636] SELinux: failed to load policy [ 109.999145] audit: type=1400 audit(1568831020.156:19): avc: denied { create } for pid=3126 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 110.034547] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=12297 sclass=netlink_xfrm_socket pig=3146 comm=syz-executor.5 [ 110.081614] audit: type=1400 audit(1568831020.156:20): avc: denied { write } for pid=3126 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 110.141829] audit: type=1400 audit(1568831020.186:21): avc: denied { read } for pid=3126 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes 18:23:43 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x2ee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syslog(0x9, 0x0, 0x0) 18:23:43 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:43 executing program 1: pwritev(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:43 executing program 2: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000880)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x0, 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0x2) 18:23:43 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r2, r1, 0x0, 0x141) 18:23:43 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) 18:23:43 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:43 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x164c) 18:23:43 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) [ 113.334561] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=12297 sclass=netlink_xfrm_socket pig=3317 comm=syz-executor.5 [ 113.340948] SELinux: failed to load policy 18:23:43 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:43 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:43 executing program 2: ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @loopback}, {0x2, 0x0, @local}}) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f00000001c0)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c8158ae9e0ea7b5ad8", 0x9b}], 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaae53, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000000b00000040000080000000000000006d5ebe5a0000ffff53ef", 0x5cf, 0x400}], 0x1, 0x0) [ 113.410975] SELinux: failed to load policy 18:23:43 executing program 0: unshare(0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) 18:23:43 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r2, r1, 0x0, 0x141) 18:23:43 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:43 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x164c) 18:23:43 executing program 1: openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) [ 113.513531] SELinux: failed to load policy 18:23:43 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x164c) 18:23:43 executing program 4: write$selinux_load(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) [ 113.548943] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=12297 sclass=netlink_xfrm_socket pig=3357 comm=syz-executor.5 18:23:43 executing program 1: openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:43 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) [ 113.593861] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 113.603740] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem 18:23:44 executing program 4: write$selinux_load(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:44 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0x141) [ 113.675513] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 113.704370] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 113.730462] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 113.751720] EXT4-fs error (device loop2): ext4_iget:4967: inode #2: comm syz-executor.2: bogus i_mode (0) [ 113.762903] EXT4-fs (loop2): get root inode failed [ 113.768102] EXT4-fs (loop2): mount failed [ 113.853013] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 113.861152] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 113.870832] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 113.880322] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 113.889814] EXT4-fs: failed to create workqueue [ 113.894916] EXT4-fs (loop2): mount failed 18:23:44 executing program 4: write$selinux_load(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:44 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r1) r3 = add_key$user(0x0, 0x0, &(0x7f0000000280), 0x0, 0xfffffffffffffffc) keyctl$revoke(0x3, r3) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x7704, 0x0) poll(0x0, 0x0, 0xffffffff) 18:23:44 executing program 1: openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000002c0)='-', 0x1}], 0x2, 0x0) 18:23:44 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) 18:23:44 executing program 2: ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @loopback}, {0x2, 0x0, @local}}) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f00000001c0)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c8158ae9e0ea7b5ad8", 0x9b}], 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaae53, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000000b00000040000080000000000000006d5ebe5a0000ffff53ef", 0x5cf, 0x400}], 0x1, 0x0) 18:23:44 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0x141) 18:23:44 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) [ 114.321188] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. 18:23:44 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) 18:23:44 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:44 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, 0x0, 0x0, 0x0) 18:23:44 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0x141) 18:23:44 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:44 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) [ 114.530494] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 114.540454] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 114.570629] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 114.579697] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 114.600202] EXT4-fs error (device loop2): ext4_iget:4967: inode #2: comm syz-executor.2: bogus i_mode (0) [ 114.610498] EXT4-fs (loop2): get root inode failed [ 114.615476] EXT4-fs (loop2): mount failed 18:23:45 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r1) r3 = add_key$user(0x0, 0x0, &(0x7f0000000280), 0x0, 0xfffffffffffffffc) keyctl$revoke(0x3, r3) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x7704, 0x0) poll(0x0, 0x0, 0xffffffff) 18:23:45 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r1, 0xffffffffffffffff, 0x0, 0x141) 18:23:45 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, 0x0, 0x0, 0x0) 18:23:45 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) 18:23:45 executing program 4: openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:45 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r2, 0x0) writev(r2, &(0x7f0000000040)=[{&(0x7f0000fb4000)="1f00000001051900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 18:23:45 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x164c) 18:23:45 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, 0x0, 0x0, 0x0) 18:23:45 executing program 4: openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:45 executing program 3: openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x164c) [ 115.262196] kauditd_printk_skb: 4 callbacks suppressed [ 115.262204] audit: type=1400 audit(1568831025.606:26): avc: denied { create } for pid=3455 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 18:23:45 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r1, 0xffffffffffffffff, 0x0, 0x141) 18:23:45 executing program 2: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29af91ad4861d1922"], 0x5f) [ 115.367297] audit: type=1400 audit(1568831025.606:27): avc: denied { write } for pid=3455 comm="syz-executor.2" path="socket:[9936]" dev="sockfs" ino=9936 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 115.391174] SELinux: failed to load policy 18:23:46 executing program 0: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x10000000070, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0xfffffffffffffffa, 0x20000802, &(0x7f00000000c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) socket$inet(0x2, 0x0, 0x0) 18:23:46 executing program 4: openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29a"], 0x4b) 18:23:46 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}], 0x1, 0x0) 18:23:46 executing program 3: openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x164c) 18:23:46 executing program 2: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29af91ad4861d1922"], 0x5f) 18:23:46 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r1, 0xffffffffffffffff, 0x0, 0x141) 18:23:46 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, 0x0, 0x0) [ 116.088240] SELinux: failed to load policy 18:23:46 executing program 3: openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x164c) 18:23:46 executing program 2: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f00060000000700000006000000000000000000c27ed0e81f000300000000000000676813fd070000000000000000fb6c7a2ce29af91ad4861d1922"], 0x5f) 18:23:46 executing program 5: openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r1, r0, 0x0, 0x141) 18:23:46 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000001540)=[{&(0x7f00000001c0)='8', 0x1}], 0x1, 0x0) [ 116.116307] audit: type=1400 audit(1568831026.456:28): avc: denied { map } for pid=3504 comm="modprobe" path="/lib/x86_64-linux-gnu/libkmod.so.2.1.3" dev="sda1" ino=2811 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 116.177676] SELinux: failed to load policy 18:23:46 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x0) [ 116.200440] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) [ 116.213189] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=12297 sclass=netlink_xfrm_socket pig=3519 comm=syz-executor.5 [ 116.226275] ================================================================== [ 116.233771] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x19d/0x1f0 [ 116.240526] Read of size 2 at addr ffff8881c77d4030 by task syz-executor.0/3502 [ 116.247967] [ 116.249596] CPU: 1 PID: 3502 Comm: syz-executor.0 Not tainted 4.14.144+ #0 [ 116.256608] Call Trace: [ 116.259201] dump_stack+0xca/0x134 [ 116.262750] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.267168] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.271581] print_address_description+0x60/0x226 [ 116.276426] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.280833] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.285239] __kasan_report.cold+0x1a/0x41 [ 116.289478] ? kvm_guest_cpu_init+0x220/0x220 [ 116.293970] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.298373] tcp_init_tso_segs+0x19d/0x1f0 [ 116.302596] ? tcp_tso_segs+0x7b/0x1c0 [ 116.306478] tcp_write_xmit+0x15a/0x4730 [ 116.310541] ? memset+0x20/0x40 [ 116.313824] __tcp_push_pending_frames+0xa0/0x230 [ 116.318656] tcp_send_fin+0x154/0xbc0 [ 116.322449] tcp_close+0xc62/0xf40 [ 116.325984] inet_release+0xe9/0x1c0 [ 116.329690] __sock_release+0xd2/0x2c0 [ 116.333566] ? __sock_release+0x2c0/0x2c0 [ 116.337698] sock_close+0x15/0x20 [ 116.341142] __fput+0x25e/0x710 [ 116.344422] task_work_run+0x125/0x1a0 [ 116.348303] exit_to_usermode_loop+0x13b/0x160 [ 116.352878] do_syscall_64+0x3a3/0x520 [ 116.356760] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.361935] RIP: 0033:0x4135d1 [ 116.365112] RSP: 002b:00007fff8bbc6390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 116.372806] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004135d1 [ 116.380064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 116.387322] RBP: 0000000000000001 R08: 0000000080e89025 R09: 0000000080e89029 [ 116.394576] R10: 00007fff8bbc6470 R11: 0000000000000293 R12: 000000000075c9a0 [ 116.401830] R13: 000000000075c9a0 R14: 0000000000760bf0 R15: 000000000075bf2c [ 116.409103] [ 116.409110] CPU: 0 PID: 3515 Comm: syz-executor.4 Not tainted 4.14.144+ #0 [ 116.409114] Call Trace: [ 116.410720] Allocated by task 3503: [ 116.417735] dump_stack+0xca/0x134 [ 116.420291] __kasan_kmalloc.part.0+0x53/0xc0 [ 116.423905] warn_alloc.cold+0x91/0x1ab [ 116.427415] kmem_cache_alloc+0xee/0x360 [ 116.431888] ? zone_watermark_ok_safe+0x260/0x260 [ 116.435832] __alloc_skb+0xea/0x5c0 [ 116.435840] sk_stream_alloc_skb+0xf4/0x8a0 [ 116.439877] ? lock_acquire+0x12b/0x360 [ 116.444692] tcp_sendmsg_locked+0xf11/0x2f50 [ 116.448295] ? avc_has_perm+0x9c/0x350 [ 116.452585] tcp_sendmsg+0x2b/0x40 [ 116.456545] ? avc_has_perm+0x1b7/0x350 [ 116.460917] inet_sendmsg+0x15b/0x520 [ 116.460924] sock_sendmsg+0xb7/0x100 [ 116.464791] ? avc_has_perm_noaudit+0x2d0/0x2d0 [ 116.468303] SyS_sendto+0x1de/0x2f0 [ 116.472254] ? drop_futex_key_refs.isra.0+0x17/0xb0 [ 116.476026] do_syscall_64+0x19b/0x520 [ 116.479725] __vmalloc_node_range+0x395/0x690 [ 116.484374] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.487977] ? trace_hardirqs_on+0x10/0x10 [ 116.492962] 0xffffffffffffffff [ 116.496837] ? sel_write_load+0x199/0xfb0 [ 116.501301] [ 116.506471] vmalloc+0x60/0x80 [ 116.510678] Freed by task 3503: [ 116.513937] ? sel_write_load+0x199/0xfb0 [ 116.518059] __kasan_slab_free+0x164/0x210 [ 116.519667] sel_write_load+0x199/0xfb0 [ 116.522832] kmem_cache_free+0xd7/0x3b0 [ 116.526098] ? sel_read_bool+0x240/0x240 [ 116.530219] kfree_skbmem+0x84/0x110 [ 116.534440] ? trace_hardirqs_on+0x10/0x10 [ 116.538390] tcp_remove_empty_skb+0x264/0x320 [ 116.538399] tcp_sendmsg_locked+0x1c09/0x2f50 [ 116.542361] __vfs_write+0xf9/0x5a0 [ 116.546394] tcp_sendmsg+0x2b/0x40 [ 116.550094] ? sel_read_bool+0x240/0x240 [ 116.554302] inet_sendmsg+0x15b/0x520 [ 116.558773] ? kernel_read+0x110/0x110 [ 116.563240] sock_sendmsg+0xb7/0x100 [ 116.566854] ? check_preemption_disabled+0x35/0x1f0 [ 116.570358] SyS_sendto+0x1de/0x2f0 [ 116.574405] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 116.578174] do_syscall_64+0x19b/0x520 [ 116.582042] ? rcu_read_lock_sched_held+0x10a/0x130 [ 116.585730] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.590727] vfs_write+0x17f/0x4d0 [ 116.594324] 0xffffffffffffffff [ 116.599758] SyS_write+0x102/0x250 [ 116.603609] [ 116.608602] ? SyS_read+0x250/0x250 [ 116.613766] The buggy address belongs to the object at ffff8881c77d4000 [ 116.613766] which belongs to the cache skbuff_fclone_cache of size 456 [ 116.617280] ? do_clock_gettime+0xd0/0xd0 [ 116.620532] The buggy address is located 48 bytes inside of [ 116.620532] 456-byte region [ffff8881c77d4000, ffff8881c77d41c8) [ 116.624050] ? do_syscall_64+0x43/0x520 [ 116.625648] The buggy address belongs to the page: [ 116.629257] ? SyS_read+0x250/0x250 [ 116.642581] page:ffffea00071df500 count:1 mapcount:0 mapping: (null) index:0xffff8881c77d4500 [ 116.646711] do_syscall_64+0x19b/0x520 [ 116.658468] compound_mapcount: 0 [ 116.662435] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.667327] flags: 0x4000000000010200(slab|head) [ 116.667337] raw: 4000000000010200 0000000000000000 ffff8881c77d4500 00000001800c000b [ 116.670935] RIP: 0033:0x4598e9 [ 116.680360] raw: ffffea00076a3600 0000000500000005 ffff8881dab70400 0000000000000000 [ 116.684228] RSP: 002b:00007fe0c7fe7c78 EFLAGS: 00000246 [ 116.687661] page dumped because: kasan: bad access detected [ 116.692824] ORIG_RAX: 0000000000000001 [ 116.697557] [ 116.697562] Memory state around the buggy address: [ 116.705421] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 116.708588] ffff8881c77d3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 116.716440] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 116.716447] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 116.721783] ffff8881c77d3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 116.727468] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe0c7fe86d4 [ 116.731414] >ffff8881c77d4000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.733032] R13: 00000000004c9b57 R14: 00000000004e12c8 R15: 00000000ffffffff [ 116.737944] ^ [ 116.745522] Mem-Info: [ 116.752543] ffff8881c77d4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.752548] ffff8881c77d4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.752551] ================================================================== [ 116.752554] Disabling lock debugging due to kernel taint [ 116.757631] Kernel panic - not syncing: panic_on_warn set ... [ 116.757631] [ 116.771627] active_anon:61256 inactive_anon:40 isolated_anon:0 [ 116.771627] active_file:4416 inactive_file:11045 isolated_file:0 [ 116.771627] unevictable:0 dirty:106 writeback:0 unstable:0 [ 116.771627] slab_reclaimable:4888 slab_unreclaimable:58474 [ 116.771627] mapped:58867 shmem:48 pagetables:890 bounce:0 [ 116.771627] free:1439607 free_pcp:304 free_cma:0 [ 116.774451] CPU: 1 PID: 3502 Comm: syz-executor.0 Tainted: G B 4.14.144+ #0 [ 116.774454] Call Trace: [ 116.774470] dump_stack+0xca/0x134 [ 116.774482] panic+0x1ea/0x3d3 [ 116.781811] Node 0 active_anon:245024kB inactive_anon:160kB active_file:17664kB inactive_file:44180kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235468kB dirty:424kB writeback:0kB shmem:192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 116.789081] ? add_taint.cold+0x16/0x16 [ 116.789090] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.789099] ? ___preempt_schedule+0x16/0x18 [ 116.796411] DMA32 free:3079672kB min:4792kB low:7868kB high:10944kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3079672kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 116.801270] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.801277] end_report+0x43/0x49 [ 116.801286] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.803694] lowmem_reserve[]: [ 116.811008] __kasan_report.cold+0xd/0x41 [ 116.811017] ? kvm_guest_cpu_init+0x220/0x220 [ 116.811022] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.811031] tcp_init_tso_segs+0x19d/0x1f0 [ 116.818386] 0 [ 116.825715] ? tcp_tso_segs+0x7b/0x1c0 [ 116.825723] tcp_write_xmit+0x15a/0x4730 [ 116.825734] ? memset+0x20/0x40 [ 116.825747] __tcp_push_pending_frames+0xa0/0x230 [ 116.831214] 3437 [ 116.838526] tcp_send_fin+0x154/0xbc0 [ 116.838536] tcp_close+0xc62/0xf40 [ 116.838557] inet_release+0xe9/0x1c0 [ 116.872316] 3437 [ 116.880491] __sock_release+0xd2/0x2c0 [ 116.880499] ? __sock_release+0x2c0/0x2c0 [ 116.880503] sock_close+0x15/0x20 [ 116.880513] __fput+0x25e/0x710 [ 116.886594] task_work_run+0x125/0x1a0 [ 116.886604] exit_to_usermode_loop+0x13b/0x160 [ 116.889848] Normal free:2678756kB min:5480kB low:9000kB high:12520kB active_anon:245024kB inactive_anon:160kB active_file:17664kB inactive_file:44180kB unevictable:0kB writepending:424kB present:4718592kB managed:3521564kB mlocked:0kB kernel_stack:3104kB pagetables:3560kB bounce:0kB free_pcp:1216kB local_pcp:596kB free_cma:0kB [ 116.913139] do_syscall_64+0x3a3/0x520 [ 116.913152] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.913158] RIP: 0033:0x4135d1 [ 116.913161] RSP: 002b:00007fff8bbc6390 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 116.913168] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004135d1 [ 116.913171] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 116.913175] RBP: 0000000000000001 R08: 0000000080e89025 R09: 0000000080e89029 [ 116.913183] R10: 00007fff8bbc6470 R11: 0000000000000293 R12: 000000000075c9a0 [ 116.917205] lowmem_reserve[]: [ 116.921529] R13: 000000000075c9a0 R14: 0000000000760bf0 R15: 000000000075bf2c [ 116.922099] Kernel Offset: 0x21800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 117.140564] Rebooting in 86400 seconds..