Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts. [ 51.608499] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/18 05:19:42 fuzzer started [ 51.707784] audit: type=1400 audit(1539839982.138:7): avc: denied { map } for pid=1803 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.755273] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/18 05:19:44 dialing manager at 10.128.0.26:35303 2018/10/18 05:19:44 syscalls: 1 2018/10/18 05:19:44 code coverage: enabled 2018/10/18 05:19:44 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2018/10/18 05:19:44 setuid sandbox: enabled 2018/10/18 05:19:44 namespace sandbox: enabled 2018/10/18 05:19:44 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/18 05:19:44 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/10/18 05:19:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/18 05:19:44 net packed injection: enabled 2018/10/18 05:19:44 net device setup: enabled [ 54.981989] random: crng init done INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes 05:21:06 executing program 5: r0 = dup(0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000000)={{{@in=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6}}, &(0x7f0000000100)=0xe8) ioctl$TUNSETOWNER(r0, 0x400454cc, r1) fcntl$setpipe(r0, 0x407, 0x1) r2 = eventfd2(0xfffffffffffff1e8, 0x80001) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000140)={{{@in=@multicast2, @in6=@mcast2}}, {{@in=@dev}, 0x0, @in=@rand_addr}}, &(0x7f0000000240)=0xe8) r3 = fcntl$dupfd(r2, 0x406, r2) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000280)=0x4) ioctl$LOOP_SET_FD(r0, 0x4c00, r3) write$P9_RRENAMEAT(r3, &(0x7f00000002c0)={0x7, 0x4b, 0x2}, 0x7) getpeername$inet(r3, &(0x7f0000000300)={0x2, 0x0, @remote}, &(0x7f0000000340)=0x10) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000380)=0x8001, 0x4) epoll_wait(r3, &(0x7f00000003c0)=[{}, {}, {}], 0x3, 0x8) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x1010, r3, 0x0) write$P9_RLOCK(r0, &(0x7f0000000400)={0x8, 0x35, 0x2, 0x2}, 0x8) getsockopt$IPT_SO_GET_REVISION_MATCH(r3, 0x0, 0x42, &(0x7f0000000440)={'NETMAP\x00'}, &(0x7f0000000480)=0x1e) fsetxattr$security_smack_entry(r3, &(0x7f00000004c0)='security.SMACK64MMAP\x00', &(0x7f0000000500)='NETMAP\x00', 0x7, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000800)=@nat={'nat\x00', 0x19, 0x2, 0x258, [0x20000580, 0x0, 0x0, 0x200005b0, 0x200005e0], 0x0, &(0x7f0000000540), &(0x7f0000000580)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x11, 0x1, 0x88be, 'ipddp0\x00', 'veth0_to_bridge\x00', 'veth1\x00', 'bond_slave_1\x00', @random="90f029182b9a", [0x0, 0xff, 0x0, 0xff, 0xff], @local, [0xff, 0xff, 0xff, 0xff, 0x0, 0xff], 0x70, 0xa8, 0xf8}, [@arpreply={'arpreply\x00', 0x10, {{@remote, 0xffffffffffffffff}}}]}, @common=@LED={'LED\x00', 0x28, {{'syz0\x00', 0x1, 0x3, 0x7}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0x2457dab3952807dc, 0x8, 0xf8, 'syzkaller0\x00', 'bond_slave_0\x00', 'irlan0\x00', 'vlan0\x00', @dev={[], 0x16}, [0xff, 0xff, 0x0, 0xff], @remote, [0xff, 0x0, 0xff, 0x0, 0x0, 0xff], 0x70, 0x70, 0xa0}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8, {{0x5}}}}]}]}, 0x2d0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCDARP(r4, 0x8953, &(0x7f00000008c0)={{0x2, 0x4e24}, {0x0, @remote}, 0x64, {0x2, 0x4e21, @local}, 'teql0\x00'}) sendfile(r3, r3, &(0x7f0000000940), 0x3ff) ioctl$SIOCGIFHWADDR(r3, 0x8927, &(0x7f0000000980)) ioctl$GIO_CMAP(r3, 0x4b70, &(0x7f00000009c0)) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000000a00)) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000000a40)) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000a80)=0x0) sched_setparam(r5, &(0x7f0000000ac0)=0x4) r6 = request_key(&(0x7f0000000b00)='dns_resolver\x00', &(0x7f0000000b40)={'syz', 0x1}, &(0x7f0000000b80)='irlan0\x00', 0xfffffffffffffffa) r7 = add_key$keyring(&(0x7f0000000c40)='keyring\x00', &(0x7f0000000c80)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$search(0xa, r6, &(0x7f0000000bc0)='keyring\x00', &(0x7f0000000c00)={'syz', 0x0}, r7) 05:21:06 executing program 0: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x880, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000080)={0xfffffffffffffffd, 0x5}) fcntl$getownex(r1, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000100)=r2) getegid() r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10800}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)={0x160, r3, 0x325, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x36}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'dh\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1e, 0x36}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x6c}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'dh\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'sit0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x28, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xc24}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x160}, 0x1, 0x0, 0x0, 0x4080}, 0x0) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f00000003c0)=""/45) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_VL_CLR(r0, 0x7014) r6 = add_key(&(0x7f0000000440)='.dead\x00', &(0x7f0000000480)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$read(0xb, r6, 0x0, 0x0) read$eventfd(r5, &(0x7f00000004c0), 0x8) syz_open_procfs$namespace(r2, &(0x7f0000000500)='ns/cgroup\x00') socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_tcp_int(r5, 0x6, 0x17, &(0x7f0000000580)=0x5, 0x4) ioctl$KDGETKEYCODE(r4, 0x4b4c, &(0x7f00000005c0)={0x0, 0x2}) getsockopt$inet_tcp_int(r5, 0x6, 0x7, &(0x7f0000000600), &(0x7f0000000640)=0x4) lsetxattr(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)=@random={'trusted.', '\x00'}, &(0x7f0000000700)='sit0\x00', 0x5, 0x2) getsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000740)={{{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f0000000840)=0xe8) ioctl$RTC_PIE_OFF(r4, 0x7006) write$selinux_context(r0, &(0x7f0000000880)='system_u:object_r:tmpreaper_exec_t:s0\x00', 0x26) r9 = syz_genetlink_get_family_id$team(&(0x7f0000000900)='team\x00') sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000c00)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x800010}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000940)={0x274, r9, 0x21, 0x70bd2b, 0x25dfdbfe, {}, [{{0x8, 0x1, r8}, {0x160, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x20}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r8}}}, {0x74, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x44, 0x4, [{0xfffffffffffffffd, 0x4, 0x8000, 0xff}, {0x8, 0x8dbe, 0x1000, 0x3}, {0x7, 0x5, 0x3, 0x6}, {0xffff, 0xfff, 0x5}, {0x1, 0x6f, 0x3, 0x1f}, {0x6, 0x8000, 0x2, 0x9}, {0x80000001, 0x5, 0x800, 0xfffffffffffffffd}, {0x8, 0x48a8, 0xce9c, 0x9d6}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x8}}}]}}, {{0x8, 0x1, r8}, {0xf0, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r8}}}]}}]}, 0x274}, 0x1, 0x0, 0x0, 0x20000081}, 0x1) fcntl$setlease(r7, 0x400, 0x0) getdents64(r5, &(0x7f0000000c40)=""/58, 0x3a) fsync(r5) syz_open_procfs(r2, &(0x7f0000000c80)='net/ip6_flowlabel\x00') ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) 05:21:06 executing program 3: setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000f18)={{{@in6=@loopback, @in6=@loopback}}, {{@in=@loopback}, 0x0, @in6}}, 0xe8) mmap(&(0x7f0000000000/0xb29000)=nil, 0xb29000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mprotect(&(0x7f00002b1000/0xc00000)=nil, 0xc00000, 0x7) 05:21:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000300)) 05:21:06 executing program 2: mkdir(&(0x7f00000018c0)='./file0\x00', 0x0) mount(&(0x7f0000000100), &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380)) mount(&(0x7f0000d04000), &(0x7f0000903000)='./file0\x00', &(0x7f00000003c0)='\x00\x00\x00\x00\x00', 0x100000, &(0x7f0000000580)) mount(&(0x7f0000000240), &(0x7f0000000200)='.', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0) mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='cgroup\x00', 0x80400, &(0x7f00000002c0)='(\x00') mount(&(0x7f0000000240), &(0x7f0000000140)='.', &(0x7f0000000340)='ext4\x00', 0x3002480, &(0x7f0000000700)) 05:21:06 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34005}, 0xc, &(0x7f0000000100)={&(0x7f0000000140)={0x2c, 0x2f, 0x829, 0x0, 0x0, {0x4}, [@nested={0x18, 0x0, [@typed={0x14, 0x9, @ipv6=@loopback={0x6000000000000000}}]}]}, 0x2c}}, 0x0) [ 136.329469] audit: type=1400 audit(1539840066.758:8): avc: denied { map } for pid=1803 comm="syz-fuzzer" path="/root/syzkaller-shm236512030" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 136.375609] audit: type=1400 audit(1539840066.788:9): avc: denied { map } for pid=1848 comm="syz-executor5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4999 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 05:21:16 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000001f000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0x22, 0xd7, &(0x7f0000000100)="3c08003f00f08b41637c2fee86dd5473aa58936c4c740d149cc074a1935b27b5aa7c", &(0x7f0000000480)=""/215, 0x2000000}, 0x28) [ 146.313136] audit: type=1400 audit(1539840076.738:10): avc: denied { prog_load } for pid=4317 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 146.392800] audit: type=1400 audit(1539840076.778:11): avc: denied { prog_run } for pid=4317 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 05:21:17 executing program 5: perf_event_open(&(0x7f0000000d40)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@link_local, @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @local={0xac, 0x28}, @dev}, @tcp={{0x0, 0x6558, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000000000)) 05:21:17 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local, @multicast2}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)={@multicast1, @local, 0x0, 0x2, [@remote, @remote]}, 0x18) 05:21:17 executing program 5: syz_emit_ethernet(0x36, &(0x7f0000000040)={@link_local, @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @local={0xac, 0x28}, @dev}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000000000)) 05:21:17 executing program 5: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000b80)={&(0x7f0000000ac0), 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x14}, 0x14}}, 0x0) 05:21:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000100), 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/tcp6\x00') preadv(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/169, 0xa9}], 0x1, 0x1f6) [ 147.331662] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4497 comm=syz-executor5 05:21:17 executing program 5: perf_event_open(&(0x7f0000000000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0xf4, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00000001c0)=ANY=[], &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000000380)='%:eth1cgroup(\x00') mount(&(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) [ 147.461735] audit: type=1400 audit(1539840077.898:12): avc: denied { create } for pid=4519 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 05:21:17 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000001f000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0x13, 0xd7, &(0x7f0000000100)="3c08003f00f08b41637c2fee86dd5473aa5893", &(0x7f0000000480)=""/215, 0x6000}, 0x28) [ 147.492887] audit: type=1400 audit(1539840077.898:13): avc: denied { write } for pid=4519 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 147.526504] audit: type=1400 audit(1539840077.908:14): avc: denied { read } for pid=4519 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 05:21:19 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000440)='veno\x00', 0x5) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x7fff) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 05:21:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000461000)={0x10, 0x0, 0x0, 0x401}, 0xc) 05:21:19 executing program 0: getpriority(0x2, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) getpgrp(0x0) 05:21:19 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0xfa) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="02120000020000000a000097d3d34473"], 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000f00), 0x400000000000308, 0x10000, &(0x7f0000001000)={0x77359400}) 05:21:19 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x40000000000037a, 0x0) 05:21:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00003dd000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) 05:21:19 executing program 1: sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001340), 0xc, &(0x7f0000001400)={&(0x7f00000013c0)={0x14}, 0x14}}, 0x0) chdir(&(0x7f0000000000)='./file0\x00') clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) mknod(&(0x7f00000056c0)='./file0\x00', 0xffc, 0x0) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300), &(0x7f00000001c0)) 05:21:19 executing program 5: [ 148.614792] audit: type=1400 audit(1539840079.048:15): avc: denied { create } for pid=4557 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 05:21:19 executing program 0: 05:21:19 executing program 2: 05:21:19 executing program 4: 05:21:19 executing program 1: 05:21:19 executing program 3: 05:21:19 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000540)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x28fefa0a, 0x0, 0x0, 0x9341, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x2, 0x0, 0x0, 0x10000000, 0x0, 0x3, 0x0, 0x3bcf, 0x0, 0xffffffffffff3cd2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0xfffffffffffffff7, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8f9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x81, 0x1, 0x8, 0x40, 0x6, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0xbd, 0xe2, 0x0, 0x0, 0xf0d0, 0x0, 0x5, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x9, 0x0, 0x20, 0x3f, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f]}, 0x45c) write$cgroup_int(r0, &(0x7f0000000080), 0x297ef) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:21:19 executing program 0: 05:21:19 executing program 4: 05:21:19 executing program 2: 05:21:19 executing program 1: [ 148.747128] hrtimer: interrupt took 22757 ns [ 148.778926] audit: type=1400 audit(1539840079.078:16): avc: denied { bind } for pid=4557 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 05:21:19 executing program 4: 05:21:19 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000001f000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0x22, 0xd7, &(0x7f0000000100)="3c08003f00f08b41637c2fee86dd5473aa58936c4c740d149cc074a1935b27b5aa7c", &(0x7f0000000480)=""/215, 0x6000}, 0x28) 05:21:19 executing program 2: 05:21:19 executing program 3: 05:21:19 executing program 1: 05:21:19 executing program 4: 05:21:19 executing program 3: 05:21:19 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000001f000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0x22, 0xd7, &(0x7f0000000100)="3c08003f00f08b41637c2fee86dd5473aa58936c4c740d149cc074a1935b27b5aa7c", &(0x7f0000000480)=""/215, 0x6000}, 0x28) 05:21:19 executing program 2: 05:21:19 executing program 1: 05:21:19 executing program 3: 05:21:19 executing program 4: 05:21:19 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000001f000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0x22, 0xd7, &(0x7f0000000100)="3c08003f00f08b41637c2fee86dd5473aa58936c4c740d149cc074a1935b27b5aa7c", &(0x7f0000000480)=""/215, 0x6000}, 0x28) 05:21:19 executing program 3: 05:21:19 executing program 2: 05:21:19 executing program 4: 05:21:19 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) recvmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000080)=@ipx, 0x80, &(0x7f0000000180), 0x0, &(0x7f0000001540)=""/4096, 0x1000}}], 0x2, 0x0, 0x0) 05:21:19 executing program 4: 05:21:19 executing program 3: [ 149.158079] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. [ 149.219760] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. [ 149.249576] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. 05:21:19 executing program 5: r0 = openat$keychord(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/keychord\x00', 0x80, 0x0) setsockopt$packet_buf(r0, 0x107, 0x7, &(0x7f0000000200)="0213505b2dd8f78093", 0x9) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001a00)={0x0, 0x0}, &(0x7f0000001a40)=0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001c00)) fstat(r0, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001e00)={r0, 0x10, &(0x7f0000001dc0)={&(0x7f0000001cc0)=""/193, 0xc1, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001e80)={r0, 0x10, &(0x7f0000001e40)={&(0x7f0000001c40)=""/107, 0x6b, r3}}, 0x10) syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f00000003c0)='./file0\x00', 0x8, 0x8, &(0x7f0000001940)=[{&(0x7f0000000400)="5b0f75d1827ecb6646be0721acf297b60a787bafb2122584a5f0e2bcf5b902a9abdfc0af8b67eaa098450a75c50e1b558ad8a7365a5e67c23a9f607607e815ee146015628bc9c670a96dd0e62bb43f44131dc3644a76d654b86e016f04e8db64c5bac64fdd65dfa379ce3ea07989996aa580271acfbc27caca94b54c25807e3b5a6b6d77e0daf9152f565cc8b705aa9b1808634abd03cb805d44c2c10e32a63f0712bf192e257c5493047f4b1b8ad0110ca57e7fc5832547b0a3a85673a05f397682f1da82447bce470ea91d", 0xcc}, {&(0x7f0000000500)="4f1b0af0f0308feb75c1fd9ddb3feb3c4b7b7f3e33d4a822b96ea66e6ce4c82da4192506382105a5bd1edb22f206a807cfc0a0f6771d024c55f0ee61581c81e6ef2781edd9f9a127a6f33db31e20fe584308e53be14103d9f860864a72f1a098d5d0326676c7da43ce293a087624e41f712950b34480e8441a278eb6166fda5f3301231c6ab6def80f5d4fc7e94ca2f222d56dcee6301f6703d05d9d992bbea369e65425885cf715c1b057077b73f6c9faf1a0cd", 0xb4, 0x9}, {&(0x7f00000005c0)="9848e2a7360bfb7e9d6d5010b0c12b2191fed1c05897cebd2eebb430d087cb6b84ade671a2b9f5d714c810b3b6bc1b951d440d06c01b7801294548371b86a8b65df1ad690afa4c8e6395a5b68c2fe6a9f9a9a463292ea2d80ab1b5ffee7f8b698cb7d0a4cc54c5b5d3b99e8eb125cdbe029b44db49c14f0a70539f7af64055626bc3cc519a214447ce885d3882cd89a0f3e555008f5807d508db2c1a8c8d8fec65969052a916673c65682061c04fc308851cb5ed2f2f7d87b74455a0a837067178fd9d4c0db5179ea8420914d8afe4bd5a1226e4", 0xd4, 0x7fff}, {&(0x7f00000006c0)="a501f406d262c751a435fbf273d713dc5cbdd2074979eb6d2ed0d0f5bece676cdbd0cbad92541a2d23585862084c5f1cfb1ea9c2ada8f809c2d5c2ee47db20f6db756a65a41c9524a30da411e75ab6a0d46fa6d04968acc07f1ed47a8e964e532f45b5ffc2c435208fd89fcbf3d9fe83410727f2b75c1ae0ebd545a393ec027e4334904512b207ade7326e5867f578c0fcb131a994c98fbefa7a410966bd1ed9cdaf9ed00e40c35b0e45755120f648d169e1b59be246bd2c1d65c01515960756b10e2a4c56620a50aa63f7c5396a178f4e8a2dc8a582cc9e2496a66f3a11431a2ff6327469e5e391485484c0d84afb5ec71229637ea5a41bcd560d16c545556ac99d451677930cd4d3649fa782055064f2e3b51326d0ba0a598970dd3376b00b3ce20745f8e911c13e613647bc9911359616d842d176738b57740c9de3f091794489d4bf3288082b0be5f12da525d42f532b3d54b1470eb8fa10dc8b4106c1b970320d40fb080b15a7d4445dd786ac1003874d3073b98e30112fa64dcb99cd341615a070d45e9326dc6a73b3f3a39cc3aa65c68f17d30b9f7ba560590d98c5ff8c6835df8f056c48b3d28e091a1a74daf563cce2de1500ded30f6eba9a5712cf79203ea6494b50b778abc956bbcb23363c5a08d4f0ba8c38f2826da87b3859971ab716e5984a4e2163d9695f0ec9c268e8eef8cdb9452ea4e153c5d76052403cb3297eed30d040c56014249673fec722f369912b6c772265dba86c7ad49d91ddf3df484ba37979d17296efd9fd9437ffcf456824fbe519403ec5187a9d5c41483c088ed6e01d8329a2f61d4fa6f7c9415e02e4e6e61735eaddd86f54566325793148310fb77999b2edf5024f6254e21d76433a56bae7763ae677c9022b3ef388e0cf35df848de6b2886a92ae9a2ab6c852bfd84e18cd6856fb9e59bb8e149a783915ca6aabacf8aead20b647b3c3389a6f33387e473cc5eb67884c1da0696da420aa638fa714358fb673db619399db53d6a112f503642b3b8dbe4f5d42bd4a666bcd9f1a87f867736a60dbd59df4f955484c61aaaf2708489ba4e3d01d2ca2901886be070e7ca03dea56a4e6cea823aa1d68c56033edfc5e2b20293a2d7a5478311eb6e88d76c7cdc9d26ea6e5ec2ce06721a7edce70179e6718052aea41af66f601b9d209df776195c286f1c598bb095b666c0d7c8439507fb00ce294fb6292dfa3185b79f3eb094e7d80f259a6c7175ce65c58e07183f33c5dd236c612601f007e89323fcba8b49b1dbe869b3d74899eb9120655f8183e279508759f2ba4fa52267f0ad721f8733cedcbfee06244eda376697cb1ba64f2bf89abf84e747ca9cd7d73348753526dbfabe624a34c79712b6edbd648364447bf5cc0a6fb61cdf2697611e754978a08a600714201de81f5cb315cb6ee9298e318cbbae86d63f486be7e2bf0b01b70bb1b2aaefdea910798f3e5699c1c0f5b744c58113f3de0779dcb5c0f0eab84a57509f576e40650b090d339f3a7a219afba4f367aeadf3e8347977e063f371c927b78d07713f3ada99754eecf7317388358b55a9ae74305d46e32d9549cdebd4a9a65a44680e05c1e55fc70ce84d29c58c6b2bbf8548feb84bbf6a532ffd15a43f6892b36d0cafd12306469a28518580ce77ab4985ce3dd86b0912d90f224d921bb3544e4af6d696d02fd360c66210c0bd64cab42226106dc7536d48620f54a6c51e8c2d90e4d3192f3ed07d32d1cfd8d38e489ae116396d45a41604d60632fe9cdb2520b5ad1b22a1fb241c42ab4bced86a6ffbb00579b57ba0a969b0863e6414504cf136daba6fd63b9f7fd732d7607d74468474e6658352843567411b1529f11e728baa5d819334e3fdd511372d7c032335952b9a251b71c5d72547a9f0a8d1a1b2b0c18dfd894cc93f929b66740652d205ba19540953dc11e13f5def0b8756eaf5940689067b0f2d7f8398789da1b76ba8fdf73fb34d44f74b2585cfa9a6921982061dd41bbccebdc9e930070e9f8aa0e8e552111796309321e3bab6490baa2a900a55df49ee6e117fd3a0d775e29a16c412678abcffc4ca6159186590d155a54cc9d9cc8281d385c922d6692793da9afbbf89f20ae509371763a13f9c4b12956a3104a4fd72073145367a2587c6d1062bac7aa8675ad7c46324c9b4bad2f297372fd9c629b89fa3173134dc2c7d900ceafc761e22850cae12d2c84c77fe3c7832a8ceb9be0ca61961e2cbc47f5995e6ea8cfb506a50b9cc450c5a6aafddf6632a59b54972346834dba29420c37eea5e5d5147a7bd35f524abfe9d9d1d7fc8057cf598b26482e30a687b011ed4b2cc2c6c0987e4808057b4ee706e50c2e50256b3174e5c4acc4a888675afb76aa55b958130b401cc4036469e3decb1c0265717b86a248cebb11b8f7019252e3e8e86ffd43e8e963c90c19ba6b9a18cac1f88f46b2c207d5c925f8bc74996423b2d3c7154c212d884ce414de8e92ffc1d56fc7d4e68bc29c33deb5fc14fb536c06ac2bddeefff328d588b1a0a5468b7c7938a35547693513f377aab253986ea856847bd4b5945fa23f10c0cfb79408982f19c1c2a8bd1593751c3dd2b55a488155b8c750323cf081703a0bc2e37e8fec30c24bb07902a06830c5bdde897a796297838665eea5f3f0efde5019e9c28c284e7df274f843c0207937184a4733164fd8af40e89f1dbfe35c7071871b9861648c5c14ea806671977c564459a0fa79bdcc61847ebeea16367bc8221adde1fa0503c470e5642cea19b091965d929a450b813085cc1c1be3de0b7c2fcbece0820b595698c93dac785013bbe411f4f323f3e637b21e2526bd3ba91999ab15d194fe8dd46ce8762962e85438c0b2718f03e8b9807d552a079d3c003c10d438bf5fe327a8552c834bf3910fb7a0afdbb2bde9a51ba4e47cc014050f3f1dbf44d9f17bbdb0d84872525d88c0776d52fc1d2782d6d8c87cbb47dec3e4088eb40cc8540d327e0e6a607c8bc8a1e34f5f2a86d70c5a4125067824881615ac0bef2b25c62792c0f7f9628a088e79e90fc42c368454014f4ca13c5a26e97144184576cbfa96329f326a758ab9a0adbe0790b3d8e056fdebcbbcba366d16a2191b951e46a4769d3294291a12823a7cff15dc441fee32f4a8a946f9dea7be7803dc56466b6c1d0702885425a7422b0c3c23b77bfecdcd371b1c5962bcf580568f09cc18daff52440ca3e3920aeb690051a2000510473e54472c80f4b64627ecb8a2a4903cac064d2bfb04f873d6584db93412668ba347cb96a599146caebd9d29720b49f47d7fe2356157a78395de2a08fc9259a8fda34f85c6246a9fdaaa6cd456fbe5fbdefdf19dadaf087de412a19905a2b05f355ab95e5cfc6a53a561505384f4a5b5025144fd966c70ae377c8dbf5f5f879ace1dab0e95ad8ec22c479f39b9c65835ceb36dc311f45f52ed9c05ae16cda0be4c4f4ff9f064a7650c2adbb981eb0f43c41019499c45be5a9e9edc5ff8a41098a93cfa249882cf0d027118cc19fe9fd0483cafe61da28ab9ff21f5904d23895dbb45cd47eb2772e58b9e9c7ec43f4fdc635a294c069dbfd35471d69be8a9c69298cbb3c88a61cda9416732236c7fe2ff164b02c42c91acded0f6b98215343ed6472d36d3f7171fdb51e2d57c8421f2e896fc9d6360e3468dbdc278823b66fe6de863b79453877d65be3ff7c3b41163eea78a78bb6e3c4ecd882ee22d87c78be8e4987d6ff2d7b7a5b9e54fb26e3d6210425c030e8bdf485ee4b518f0035fa6639fa86ce8e2122c85b347bbab7fa33879168cce845707ffec4aecbf0c8cb6e480b7a48c3640cc3b3d15d1a594632396f5cb7fcd5d6451e1322eae0d2a18ab71e64f1f523e5014694770b44be84f23cad6c03bfcf21efa0cd79c7c5b2891463423244a8bfb885afdb1a270650dd6c4ef83f4ede4ffb260b22c85395da30f78172f336146f508c0d32ce9f78bf13006ef6b0835fe47f2a4744fe3be664700b09ed0310af3ac0b2670549c48fa95d85ca0aaf44f30bf271dbe62065e1ff933001fc0b5ce18babcc2a03b0d1351814e5341fdc02c6f5a78e59269cebe919ac4b922ab2cfbd2a43b62f394f574e684d1180337ee32c37873eb4b8dfe079e83c4d4c905570ef3a8a89f4bf71b82de8afc4d5323e281ddce3f8995c263dd50b83dd84b361d651194a9c1a6d996b6c1150871b2c37da94239e6484a2050b76baa361383cb5084de2a5acfa587937e01921fbe617438941ce8abc0c3a1c3fe73aa47d6bd98f36b4a919facbd391f3bb614efea7b03d7920d9defe7acea4da81f7bdb76823cd243e6d56459c6be5661f2de8e1fbbdc404daae23ac71b72cac6578396409f99a7035a96c9c1b277c1fc8a7f459f81e70de1f0114f96e06f7592d948b862b95befc1971be79a024a01a2dde33883dd821bdf1a1e577c95f4ade3ae392b15e5d9c973f4fabc468ed3d001e2fd19a6b939f62fc0fe36e841c38baef7fbb910ef4b652505bb8f93c69c6fd38422a4b6bd5f02f572538cee2c08ba930519f1faba3c8799163055bdee54015ba104caa1c6f3c195217fd0f78e2f0778e348dd9359965cfb1835119dee04059f69d9e89823c52853936909a32d8a3cac6f05f2c521001da47cfefbd84576e87fa9f34d804fd324c1f0a1999f980725df4843cad36a33a864c94e6a2b25c2bcf23c829f726c4ebca0a14b27468cf46d648b0b8900060bfb928bfbf7a30e8b2715aea6a761175fd5a3f57891d6994ef41c241cc57ac3a63199dc786c4c4782e0daa0af0ca8e5ae48d4c1497b99c688835e46ed5b4fb310e461d522df2ba97feb38d5de401b80ee0fc7bbe79f309672913648e2aeb877eb43eadccb25a63cde0c8643d0575abbe39a95e42dd84ef5cdfb8eccb823c477722d1bb02f152c2a3a1c0b15546d32f87a68f7f38f16e826bd1392f566beec4df3ee933a5de2c48c83a3eefdb560e1cb48c920738c205c2aec0ba3222daeb19e7bd41bfc3c09559a480d1a366b5246e90382fa73bc88919aa9543937e7cb99b66d393656996240782fbde7f550b47d97e8dcea9eaf96b54b7579279d7295223ebcd29acafb1acccd20736ef6aac9ea753e9f177b37bbba44d28a9bc0f57c65fa0bcb1f3595254e0fb98aab301406407e9b383e37cc601937942bff567b268fe4b7f12faa25a342581ce9763cd50c162bf35d8e430fe9fa9e744542bb6c1fdfb428f1695e85a851a8576e1cb68e812f9f84cc34fc2c610516b170e5cffc3211b6aba531b1cbc7db98f770d971043b00479252473a08abaa20d71dca454069520cc2ee5df1afd5a5bbf6bef5900f0c77264323ae917045238818329ae9b7c64f2c306dcfdb0320e6f99abf8fc6c6e46b11a171466e882b355e54dc123327660d82719d992bc97977e59b05f63d0288928c77025ab62691f16f80a8a130d2e40e14f4e3f51fb04c85b95014e201860bb8e8660f6603d49e485609cce374e870eaeb92e21c16760f01312d51338e0d75cc381eccbbc0ce34be553598d2eefbe8717427ff018ca1f785dbf3876782f5ee92dda058927bd16b3036c5807581c6d512222786e98a3bb3f886c58af4e862cd373f89cce7e1ef5b42a09c7393387b0944d5d01da8ad6878a887f78c1094dba517c0ff80667b2c658e641c55b6c6cd54ee112bf3276a193454290c0ff3a9855cea411b8aaa4490e06b174d2d07d73ec78363692e007ab7168201949f756b41118233c7c652fcb45216b3f5298c47e98a5bde3ebd217683b5556f7a60f266a059", 0x1000, 0xffffffff}, {&(0x7f00000016c0)="35f92efa5cfbeed5867b0a3cb798eb1e74136ea55790b3b057dd145782400c7772c5f43710af38aa34bc810ca30c2a39906324024ec72e5aee6e8d56d89e08a9aa8666891a5aa72c3972552255230faded131c8d23a2787f5950129db0235743fb541b25da17172c4eb03b238e969e3950aa3476204bb14b50c23e012145f5f8ca10604ae965c7c7420aa8017d063e6bfb2a47a4a73fbc88df0e0f54740d82b0", 0xa0, 0x2}, {&(0x7f0000001780)="89cfb22f2a8c1f6fbeaa4e92928bd2e480e26fba37375413d2c96f4ecb60c96510123384e830ede288c2856ae395596e67082f9e2a2cdcbc2d3472796e729d53c72dd8f9771dc490eb0d23ce9a9083ead1ed3186f72a222ed62d8d45a532d0f3662177475940fee76d97", 0x6a, 0x80}, {&(0x7f0000001800)="299cacfdbb7336a6ae585d1ee0e0e0c4acf05ba22606113154bbfdf41b494ba503f095ce42898e6d76582ab5d4b0cc8b08b81f5216ee45af7ca48ba3ec33a43ccc0b49e6147e2d95b54c6008b18c733d46324dfda910940f371dabe5d000935e163ff82ddef5431c8da95f91369cdd33de5578304727261c44ef585f3100e60fc669d0b1c494a094fd359f90b030afdf109cf66c935da4c51a79d87a4e482a2745aafcf84fa6842bc414", 0xaa, 0x10001}, {&(0x7f00000018c0)="ea4c9a985363372d2d00a49ade1a66d88c2f82253519a35f9f9e443826d84b93a5854424c0820e4a17b413c6ad3e74a48352f40863da9468e572fbfce158f0105e7658e23c81ee2b8fbb3481ab218cea2069febac5fbc6fcd2edd67e47aaa453c37fbd08d51c19996ea014a7a716a9a4aeb9", 0x72, 0x7}], 0x0, &(0x7f0000001b00)=ANY=[@ANYBLOB="6e6f626172726965722c7573726a71756f74613d2e2f66696c65302c6273646772050000800000000064662c7569643e", @ANYRESDEC=r1, @ANYBLOB=',fsname=keyringmd5sumvmnet1security),smackfsdef=keyring\x00,rootcontext=staff_u,smackfsroot=keyring\x00,uid<', @ANYRESDEC=r2, @ANYBLOB=',appraise,\x00']) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r4, 0x10e, 0xf, &(0x7f0000000180)=""/123, &(0x7f0000000000)=0x7b) sendmsg$nl_netfilter(r4, &(0x7f0000000100)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000124c023b00000000000000000000000000"], 0x14}}, 0x0) openat(r0, &(0x7f0000000340)='./file0\x00', 0x129000, 0x2a) r5 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, r5) 05:21:19 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xc, 0xe, &(0x7f0000000080)=ANY=[@ANYBLOB="b702000013000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000002b000000b70000000000f6009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xe, 0x98, &(0x7f0000000380)="9cc8000000000000200000000000", &(0x7f00000003c0)=""/152, 0x22}, 0x28) 05:21:19 executing program 4: perf_event_open(&(0x7f0000000d40)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000880)='cgroup.procs\x00', 0x2, 0x0) close(r1) 05:21:19 executing program 3: r0 = socket(0x11, 0x40000000000003, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") clock_adjtime(0x0, &(0x7f0000000180)={0xe18d}) 05:21:19 executing program 1: times(0x0) setxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.evm\x00', &(0x7f00000000c0)=@sha1={0x1, "48628d7c3a07d49ee6a344fd593d4b507bf69730"}, 0x15, 0x3) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000100)=""/141) [ 149.262382] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. 05:21:19 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000001f000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0x22, 0xd7, &(0x7f0000000100)="3c08003f00f08b41637c2fee86dd5473aa58936c4c740d149cc074a1935b27b5aa7c", &(0x7f0000000480)=""/215, 0x6000}, 0x28) [ 149.328578] ================================================================== [ 149.335997] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x9a/0xc0 [ 149.342563] Read of size 660 at addr ffff88019f57fffa by task syz-executor2/4667 [ 149.350079] [ 149.351705] CPU: 0 PID: 4667 Comm: syz-executor2 Not tainted 4.14.76+ #20 [ 149.358613] Call Trace: [ 149.361188] dump_stack+0xb9/0x11b [ 149.364721] print_address_description+0x60/0x22b [ 149.369554] kasan_report.cold.6+0x11b/0x2dd [ 149.373947] ? _copy_to_user+0x9a/0xc0 [ 149.377821] _copy_to_user+0x9a/0xc0 [ 149.381535] bpf_test_finish.isra.0+0xc8/0x190 [ 149.386104] ? bpf_test_run+0x350/0x350 [ 149.390081] ? kvm_clock_read+0x1f/0x30 [ 149.394040] ? ktime_get+0x17f/0x1c0 [ 149.397747] ? bpf_test_run+0x280/0x350 [ 149.401721] bpf_prog_test_run_skb+0x4d0/0x8c0 [ 149.406296] ? bpf_test_init.isra.1+0xc0/0xc0 [ 149.410781] ? __fget_light+0x192/0x1f0 [ 149.414745] ? bpf_prog_add+0x42/0xa0 [ 149.418534] ? fput+0xa/0x130 [ 149.421632] ? bpf_test_init.isra.1+0xc0/0xc0 [ 149.426144] SyS_bpf+0x79d/0x3640 [ 149.429604] ? bpf_prog_get+0x20/0x20 [ 149.433393] ? _copy_to_user+0x7f/0xc0 [ 149.437272] ? put_timespec64+0xb9/0x110 [ 149.441329] ? do_clock_gettime+0x30/0xb0 [ 149.445468] ? SyS_clock_gettime+0x7b/0xd0 [ 149.449690] ? do_clock_gettime+0xb0/0xb0 [ 149.453858] ? do_syscall_64+0x43/0x4b0 [ 149.457824] ? bpf_prog_get+0x20/0x20 [ 149.461610] do_syscall_64+0x19b/0x4b0 [ 149.465491] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 149.470668] RIP: 0033:0x457569 [ 149.473844] RSP: 002b:00007f0ca4424c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 149.481536] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 149.488793] RDX: 0000000000000028 RSI: 0000000020000000 RDI: 000000000000000a [ 149.496056] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 149.503311] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ca44256d4 [ 149.510566] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 149.517834] [ 149.519451] Allocated by task 4543: [ 149.523065] kasan_kmalloc.part.1+0x4f/0xd0 [ 149.527376] kmem_cache_alloc+0xe4/0x2b0 [ 149.531426] getname_flags+0xc4/0x540 [ 149.535212] user_path_at_empty+0x28/0x80 [ 149.539353] SyS_faccessat+0x20d/0x660 [ 149.543225] do_syscall_64+0x19b/0x4b0 [ 149.547104] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 149.552289] [ 149.553901] Freed by task 4543: [ 149.557169] kasan_slab_free+0xac/0x190 [ 149.561126] kmem_cache_free+0x12d/0x350 [ 149.565170] putname+0xcf/0x100 [ 149.568455] filename_lookup.part.18+0x21e/0x370 [ 149.573213] user_path_at_empty+0x4b/0x80 [ 149.577353] SyS_faccessat+0x20d/0x660 [ 149.581224] do_syscall_64+0x19b/0x4b0 [ 149.585101] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 149.590290] [ 149.591901] The buggy address belongs to the object at ffff88019f57e600 [ 149.591901] which belongs to the cache names_cache of size 4096 [ 149.604630] The buggy address is located 2554 bytes to the right of [ 149.604630] 4096-byte region [ffff88019f57e600, ffff88019f57f600) [ 149.617198] The buggy address belongs to the page: [ 149.622112] page:ffffea00067d5e00 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 149.632067] flags: 0x4000000000008100(slab|head) [ 149.636826] raw: 4000000000008100 0000000000000000 0000000000000000 0000000100070007 [ 149.644707] raw: dead000000000100 dead000000000200 ffff8801da97e000 0000000000000000 [ 149.652570] page dumped because: kasan: bad access detected [ 149.658274] [ 149.659881] Memory state around the buggy address: [ 149.664793] ffff88019f57fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 149.672135] ffff88019f57ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 149.679495] >ffff88019f57ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 149.686848] ^ [ 149.694105] ffff88019f580000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 149.701449] ffff88019f580080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 149.708788] ================================================================== [ 149.716126] Disabling lock debugging due to kernel taint 05:21:20 executing program 1: clone(0x2122001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x0, 0x0) openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='status\x00') exit(0x0) sendfile(r0, r1, &(0x7f0000000040), 0x7fe) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r1, 0x10, &(0x7f0000000240)={&(0x7f00000001c0)=""/73, 0x49, 0xffffffffffffffff}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r1, 0x10, &(0x7f00000002c0)={&(0x7f0000000100)=""/173, 0xad, r2}}, 0x10) ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0) 05:21:20 executing program 1: clone(0x2122001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x0, 0x0) openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='status\x00') exit(0x0) sendfile(r0, r1, &(0x7f0000000040), 0x7fe) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r1, 0x10, &(0x7f0000000240)={&(0x7f00000001c0)=""/73, 0x49, 0xffffffffffffffff}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r1, 0x10, &(0x7f00000002c0)={&(0x7f0000000100)=""/173, 0xad, r2}}, 0x10) ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0) [ 149.730189] Kernel panic - not syncing: panic_on_warn set ... [ 149.730189] [ 149.737572] CPU: 0 PID: 4667 Comm: syz-executor2 Tainted: G B 4.14.76+ #20 [ 149.745704] Call Trace: [ 149.748295] dump_stack+0xb9/0x11b [ 149.751837] panic+0x1bf/0x3a4 [ 149.755024] ? add_taint.cold.4+0x16/0x16 [ 149.759201] ? ___preempt_schedule+0x16/0x18 [ 149.763627] kasan_end_report+0x43/0x49 [ 149.767604] kasan_report.cold.6+0x77/0x2dd [ 149.771925] ? _copy_to_user+0x9a/0xc0 [ 149.775816] _copy_to_user+0x9a/0xc0 05:21:20 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe00000000850000001f000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0x22, 0xd7, &(0x7f0000000100)="3c08003f00f08b41637c2fee86dd5473aa58936c4c740d149cc074a1935b27b5aa7c", &(0x7f0000000480)=""/215, 0x6000}, 0x28) [ 149.779976] bpf_test_finish.isra.0+0xc8/0x190 [ 149.784556] ? bpf_test_run+0x350/0x350 [ 149.788539] ? kvm_clock_read+0x1f/0x30 [ 149.792521] ? ktime_get+0x17f/0x1c0 [ 149.796225] ? bpf_test_run+0x280/0x350 [ 149.800199] bpf_prog_test_run_skb+0x4d0/0x8c0 [ 149.804783] ? bpf_test_init.isra.1+0xc0/0xc0 [ 149.809285] ? __fget_light+0x192/0x1f0 [ 149.813251] ? bpf_prog_add+0x42/0xa0 [ 149.817037] ? fput+0xa/0x130 [ 149.820142] ? bpf_test_init.isra.1+0xc0/0xc0 [ 149.824638] SyS_bpf+0x79d/0x3640 [ 149.828082] ? bpf_prog_get+0x20/0x20 [ 149.831880] ? _copy_to_user+0x7f/0xc0 [ 149.835756] ? put_timespec64+0xb9/0x110 [ 149.839804] ? do_clock_gettime+0x30/0xb0 [ 149.843951] ? SyS_clock_gettime+0x7b/0xd0 [ 149.848169] ? do_clock_gettime+0xb0/0xb0 [ 149.852301] ? do_syscall_64+0x43/0x4b0 [ 149.856264] ? bpf_prog_get+0x20/0x20 [ 149.860045] do_syscall_64+0x19b/0x4b0 [ 149.863924] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 149.869095] RIP: 0033:0x457569 [ 149.872273] RSP: 002b:00007f0ca4424c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 149.879978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 149.887258] RDX: 0000000000000028 RSI: 0000000020000000 RDI: 000000000000000a [ 149.894509] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 149.901768] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ca44256d4 [ 149.909020] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 149.916622] Kernel Offset: 0x16c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 149.927524] Rebooting in 86400 seconds..