[....] Starting enhanced syslogd: rsyslogd[ 12.995900] audit: type=1400 audit(1573648475.825:4): avc: denied { syslog } for pid=1916 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts. 2019/11/13 12:34:47 fuzzer started 2019/11/13 12:34:49 dialing manager at 10.128.0.26:35689 2019/11/13 12:34:49 syscalls: 1350 2019/11/13 12:34:49 code coverage: enabled 2019/11/13 12:34:49 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/11/13 12:34:49 extra coverage: extra coverage is not supported by the kernel 2019/11/13 12:34:49 setuid sandbox: enabled 2019/11/13 12:34:49 namespace sandbox: enabled 2019/11/13 12:34:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/13 12:34:49 fault injection: kernel does not have systematic fault injection support 2019/11/13 12:34:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/13 12:34:49 net packet injection: enabled 2019/11/13 12:34:49 net device setup: enabled 2019/11/13 12:34:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/13 12:34:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 12:35:18 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@local, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in=@multicast1}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) 12:35:18 executing program 3: socket(0x0, 0x0, 0x0) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) prctl$PR_GET_KEEPCAPS(0x7) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) 12:35:18 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="580000001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x25d}], 0x1) 12:35:18 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = socket(0x0, 0x0, 0x0) getpeername$unix(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0) 12:35:18 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = socket(0x0, 0x0, 0x0) setsockopt$sock_void(r0, 0x1, 0x0, 0x0, 0x0) 12:35:18 executing program 4: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x44ee) 12:35:19 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, [], [{}, {0x801, 0x0, 0x1200}]}) 12:35:19 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, [], [{}, {0x801, 0x0, 0x2800000}]}) 12:35:19 executing program 4: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) 12:35:19 executing program 0: clone(0x47fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, 0x0) r0 = gettid() pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000), 0x43578cf5) ptrace(0x4206, r0) socket$nl_xfrm(0x10, 0x3, 0x6) tkill(r0, 0x9) wait4(0x0, 0x0, 0x0, 0x0) 12:35:19 executing program 4: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="2321202e2f66696c65302093"], 0xc) close(r0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 12:35:19 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) prctl$PR_GET_THP_DISABLE(0x2a) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) 12:35:19 executing program 4: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() wait4(0x0, 0x0, 0x60000000, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x25) ptrace$cont(0x18, r3, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x42}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x2, 0x0, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x11, 0x0, 0x0}, 0x78) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r3, 0x0, 0x0) 12:35:19 executing program 5: timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() tkill(r0, 0x16) 12:35:19 executing program 1: creat(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x17cd, 0x0) mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x79fd, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x3, 0x0) 12:35:19 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getpid() tkill(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/19, 0x13}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') preadv(r0, &(0x7f00000017c0), 0x244, 0x0) 12:35:19 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x28201, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'bpq0\x00', 0x420000015001}) write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="0004000000ad00000000000000000000000d000000008f2cddd4872d48ae4f55dd96d41a000000000000000000000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ab642c54e6118f"], 0x46) 12:35:19 executing program 5: ioprio_get$uid(0x2, 0x0) 12:35:19 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x20000000021) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c460d3e2e87c6a9e87e30e5a6637a18d2000000000000000000000000000000000000000000000040000000000000000000"], 0x34) 12:35:19 executing program 3: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket(0x11, 0x800000003, 0x0) bind(r5, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_aout(r5, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000001000000000000000000000000000040000000000"], 0xfdef) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000001440)={0x0, 0x0, 0xfffffffffffffffe}, 0x4) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 12:35:19 executing program 5: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r2 = socket$unix(0x1, 0x5, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000f2cff4)={0x53481b91e1a95fbd}) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) 12:35:19 executing program 1: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f000001c000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x7ffbf, 0x0) 12:35:19 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001091902efff07000000068100025b0509000200010100ff3fff58", 0x1f}], 0x1a4) 12:35:19 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @rand_addr=0x6}, 0x10) sendto$inet(r0, 0x0, 0xfffffffffffffec1, 0xfffffffffbffffb9, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = memfd_create(&(0x7f0000000b80)='-\'\x00\x10\f\xdex\xf5\a\xd91\xc4dT\x12P\xc6n\x0e\x83\xe7\x1b\xbd\xa5\xb4\xc2H\r\xe1\x8e[\xd6\x11\xfb\xfe&\xd2\x18\x88\x97\xea\x8eD\"\x9a\xfbpk\x18\xcb\xb3rR`\xa4\xbbzM\x84\xfb\xbd\xe3c\xe09\xd0\xc4\t\xaf\bC\x81\xb7\x05E\x8c7.\xeb+\x1c\xb4\xfdli\\\x8a$\x84\xe3\x06-61\x13\xeb\xc9\xb8\xe4\xea\aSs\rqM\xbbQ\xa6o\x9e!S\x17`\x18V\xbe\xb8N\xad\r9\x15\x8f\x92\x9b\'\xb7\xf2j\xa16\x04w\xc3\f0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000c40)=ANY=[@ANYBLOB="960cfa8f7b900487c6df5892d92f7c6a7f411929a306c762a1ba2bf05daa7fa96b1b78a5f4d96e59ecb71a01095f6993be03eb70bffc6e6135c7ca564920307ea0c8d2018219635c327bbceb847724798bb8a17a39cc0ac2b0469fe20ac981929eeb4e9c0000000000000000ef7ec5ee059b59181444a0729319d93bafa591a6ad306d070e7a2e1e803634f16f1f98a841614e51d23b19a1ac7f3d961509008fb15fff352a6809fe36bc5bba78c652fea0ff09e659dc86fab8352de1360e727851e09ad62c3610bc0556e6d853b27e199245d4b597380bc21ae88f4cb985a413da11fb0a73a46ef080588c2698200f2724eb42074e58e49cec4fea44276281866fbed1beea017b0200c211a6000000389bdc0df6b291d0a9c91f00000900000000000000ec37b0d68c65ea18ce57b0bbb7ab66ab4867e42b4418b46d2d5d9d1f7d0abb3365d60900000000000000c30b2fa268490b6057691e5dfc481ffd0897df654361e2c59b73ad7c5cde1ab8f629a5e87718a7442ef94bd5d76f03e08dd395ed7989095b37510f179b1ac04d4b24ada6355635bb8f6485955b8db63ded0fca373e6f00d66e41e85412340b2d1c3349c6e73bd8ff01278062793b744f27a9e9ec38b26e30cebc010b73223f0ff4a2aa26119f20db714a155ac803373c80d0759850a2496b4bdf9af6cf0f3f4f2fad274773ccd8bd2a0a5eed026a1a09d9185b8b90f335dcc97fc264eb776e390656e368f3349f84a795bef646a787761a55d81b6f8581fb7400000000000000000000000000000000da51620cfbfa85eb644853660bb904dfd3e3a3467eacb7115900dfdea6c1a2ceabfd9cea7d928fd5d7d8fdde821ef3d1fb1d5a6802a11b919aca0d58a84f932a87f4b59a165f05a24bc578419fb004ae0d1b3d00f54d714cb00f1ffdddd4d2792a5bc9ac2347a516e65fc04e66250e71d432aa5bd33a33849210b0571723573c1562482d0fb4454134f206d051a8874064fa6787298c6da4d80378f312ac41a0d659ea7151859ee04ab9ec3ba54748cf6f340342edaad1da685eee06d15d0b784295fe299645d214a9508648452a2bef5afe89223cdeadf6dcddb3c91557c9ad5b157f4410b0f43e1f6d4dc62968818c7417c108ea4a2e24b6d1a7f63acc33867e0c6ef5e77db84cec58069c820a16ac824338bc52514dd7f305b17abe05bc925a9c466513a777ac32618deff63613297f99b03c7dcd2a528c6b52189fb5574ad886685f67cc3139a0879c47455073cd5c1de9466b529fc8f90a7c5d3004e70c9366f1c1fba58ea6eff1df435378215732f91c3cb235a2b43c5b1a5edc0e741393bdbe3db6cd792d77a96d927f75663eb84854c748e49b8168973b052de2d8cc329ace01dc67f7289e0401a6f75e1614bd72893614c520ed184622db2cfd5f8bb757c18ce10e6176958f15247ff6f5ceb36efefe01cf110eeb51b4b944000000000067c61ed7640c84fdc2cd6e7f29bdf4fe4f1bbd62a908d90fbc275fe9b033895119d3000000000000000000000000c29086dc7eecd8c70561a5ff26f54239bb5442adf6291bfb4c449a8f7eb87059385cb7289d3322ed8473f6a45338718f81d8f2c9c659ffa9e6dac0de4fb361993d04c5acf73331d0f8cfbe8061f8cfbda6f33774c38e9801242f3ff80ffc45e90fab9e8b31529d3eb13cfccc4b9899cf55206edbee3853801bb42f72990de8eb049c4396a66a8f7f50ff2d95cb14e4fe4d9b11b2c2ef2b85441aa49e5433d5d047c8030525ded76d53d0892229318b3872be713c90ecde7cfedf80a217b109ac8646f48c1de527d9c1880dc2ac1f9a4ca0fe9156113f42c5194342555c0e351069c205d451c68048f5cee037d06377c60500269906798ea0e125d6e3cc323ef43fe2a498b3c4a031048c99f3412c2b20f18ff6f65ea6d6fbc7beba059ac0317dc6ad0e7d29e038b70c79e879a10a6a763619ebce92929b42c4bc"], 0x7) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0) r4 = socket(0x100000000018, 0x0, 0x4) connect(r4, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0xe) syzkaller login: [ 57.105858] audit: type=1400 audit(1573648519.925:5): avc: denied { create } for pid=2361 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 57.133824] audit: type=1400 audit(1573648519.975:6): avc: denied { write } for pid=2361 comm="syz-executor.2" path="socket:[8403]" dev="sockfs" ino=8403 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 12:35:22 executing program 3: socket(0x0, 0x2, 0x0) stat(0x0, 0x0) r0 = gettid() listen(0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000007cc0)='/dev/null\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) tkill(r0, 0x1000000000016) 12:35:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0xffcf, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="a199000036002908000000000000000001480000c702000089990100ffffffff0000b5160000000000000001"], 0x99a1}, 0x1, 0xffffff7f0e000000}, 0x0) 12:35:22 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x22, 0x3, 0x0, &(0x7f0000000040)) 12:35:22 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0xff}, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, 0x0) read(r2, &(0x7f0000000100)=""/13, 0xd) write(r1, &(0x7f0000000340), 0x41395527) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 12:35:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0xffcf, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="a199000036002908000000000000000001480000c702000089990100ffffffff0000b5160000000000000001"], 0x99a1}, 0x1, 0xffffff7f0e000000}, 0x0) 12:35:22 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f00000001c0)="a2e6999b", 0x4) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_aout(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="080300004a0200000000df000000000000000066509f1de51707000000d847c4f704b14fb98da91bba0400c2062a6d0000000012"], 0x34) 12:35:22 executing program 5: epoll_create1(0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0xfffffc67, 0x0}}], 0x4000000000002b4, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') preadv(r0, &(0x7f00000017c0), 0x333, 0x0) 12:35:22 executing program 2: 12:35:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0xffcf, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="a199000036002908000000000000000003480000c702000089990100ffffffff0000b5160000000000000001"], 0x99a1}, 0x1, 0xffffff7f0e000000}, 0x0) [ 59.806197] audit: type=1400 audit(1573648522.635:7): avc: denied { create } for pid=2379 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 59.820933] audit: type=1400 audit(1573648522.655:8): avc: denied { write } for pid=2376 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 12:35:22 executing program 4: symlink(&(0x7f0000000040)='..', &(0x7f00000000c0)='./file0\x00') socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = inotify_init() inotify_add_watch(r3, &(0x7f0000000140)='./file0\x00', 0xe1000468) 12:35:22 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x20000000021) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c460d3e2e87c6a9e87e30e5a6637a18d200000000000000000000000000000000000000000000004000"/62], 0x34) 12:35:22 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) 12:35:22 executing program 3: r0 = socket(0x1000000010, 0x4008000000803, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x4000800000012}, &(0x7f0000000040)) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x319) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) pipe2(&(0x7f0000000280)={0xffffffffffffffff}, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, 0x0, 0x0) setsockopt$inet6_buf(r0, 0x29, 0xd2, 0x0, 0xc) r2 = gettid() getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, 0x0, 0x0) tkill(r2, 0x1000000000016) 12:35:22 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x4000000000802, 0x0) write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x2) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x8) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x9}, 0x14) 12:35:22 executing program 5: [ 60.135673] input: syz1 as /devices/virtual/input/input4 [ 60.222133] input: syz1 as /devices/virtual/input/input5 12:35:23 executing program 0: 12:35:23 executing program 5: 12:35:23 executing program 4: 12:35:23 executing program 1: 12:35:23 executing program 3: 12:35:23 executing program 2: 12:35:23 executing program 5: 12:35:23 executing program 2: 12:35:23 executing program 1: 12:35:23 executing program 3: 12:35:23 executing program 0: 12:35:23 executing program 4: 12:35:23 executing program 5: 12:35:23 executing program 2: 12:35:23 executing program 3: 12:35:23 executing program 0: 12:35:23 executing program 4: 12:35:23 executing program 1: 12:35:23 executing program 5: 12:35:23 executing program 2: 12:35:23 executing program 4: 12:35:23 executing program 0: 12:35:23 executing program 1: 12:35:23 executing program 3: 12:35:23 executing program 2: 12:35:23 executing program 5: 12:35:23 executing program 4: 12:35:23 executing program 5: 12:35:23 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) eventfd(0x0) read$char_usb(0xffffffffffffffff, 0x0, 0x0) gettid() r0 = syz_open_procfs$namespace(0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x0) 12:35:23 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = socket(0x0, 0x0, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0x0) 12:35:23 executing program 2: 12:35:23 executing program 1: 12:35:23 executing program 4: 12:35:23 executing program 1: 12:35:23 executing program 5: 12:35:23 executing program 2: 12:35:23 executing program 4: 12:35:24 executing program 5: 12:35:24 executing program 1: 12:35:24 executing program 2: 12:35:24 executing program 3: 12:35:24 executing program 0: 12:35:24 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) unshare(0x2000400) ioctl$INOTIFY_IOC_SETNEXTWD(r2, 0x40044900, 0x0) 12:35:24 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x28201, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'bpq0\x00', 0x420000015001}) write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="0004000000ad00000000000000000000000d000000008f2cddd4872d48ae4f55dd96d41a000000000000000000000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ab642c54e6118f"], 0xa) 12:35:24 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000001e, 0x1, 0x0) getsockopt(r0, 0x800000010f, 0x80, &(0x7f00004ad000), &(0x7f0000000080)=0xfffffffffffffcbe) 12:35:24 executing program 5: r0 = socket(0x40000000001e, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setpriority(0x1, 0x0, 0x0) 12:35:24 executing program 3: 12:35:24 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) unshare(0x2000400) r2 = socket(0x40000000001e, 0x1, 0x0) getsockopt(r2, 0x800000010f, 0x0, 0x0, &(0x7f0000000080)) 12:35:24 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:35:24 executing program 3: perf_event_open$cgroup(&(0x7f0000000340)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 61.392436] ================================================================== [ 61.399851] BUG: KASAN: stack-out-of-bounds in iov_iter_advance+0x4b3/0x4f0 [ 61.406953] Read of size 8 at addr ffff8800b4b77ce8 by task syz-executor.1/2518 [ 61.414394] [ 61.416026] CPU: 0 PID: 2518 Comm: syz-executor.1 Not tainted 4.4.174+ #17 [ 61.423033] 0000000000000000 06619f1f935dfc53 ffff8800b4b77998 ffffffff81aad1a1 [ 61.431099] 0000000000000000 ffffea0002d2ddc0 ffff8800b4b77ce8 0000000000000008 12:35:24 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200036158, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 12:35:24 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='clear_refs\x00g\xff\xca\x02\x8a\xf0\xe1ZM\xfa@\x1bS0\x11\xbe\xdc\xdc\xdd\xc1\x17~\x18\xd6\xa5\x88Cd**\xde\xae\xaf\xcf\t\xec0\x04\xe7\xf3\"\b9\xb5\x96VR+\xbb\xa0a\xbb\xc8') r1 = syz_open_procfs(0x0, &(0x7f0000000200)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') sendfile(r0, r1, 0x0, 0x5) [ 61.439170] ffff8800b4b77ce0 ffff8800b4b779d0 ffffffff81490120 0000000000000000 [ 61.447223] Call Trace: [ 61.449807] [] dump_stack+0xc1/0x120 [ 61.455173] [] print_address_description+0x6f/0x21b [ 61.461844] [] kasan_report.cold+0x8c/0x2be [ 61.467827] [] ? iov_iter_advance+0x4b3/0x4f0 [ 61.473984] [] __asan_report_load8_noabort+0x14/0x20 [ 61.480742] [] iov_iter_advance+0x4b3/0x4f0 [ 61.486718] [] tun_get_user+0x2c6/0x2640 12:35:24 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/raw6\x00HT\xf4\xfa\x92\xcaH\x1ci\xccui\x13W}9\x00ah\xde\x84\xf0\xbdU\x96\xbd11=*w\x81\x8d\x1c\x82\x04\x99n\xdf\xbcD\xe6{\t\x04\xaf\x92W\x00\xe4wt&\xff-\xae\x19\x9b\x97\nS\xe5\xafu_s\xf6\xf7\x14P\a\xe3\xc0\xed\xe28F/S\xcc\xcc\xeae\r\x97Z\xd1Q0\xa8Aj\x15\xaf\xf0\xc96bJ\xeeH%\x0f=\x01\x82\xf00\x9bE!\x9e\xbf\x12w\xcb\xc1\xd0\xf1*\xf9\xe7\xc7\xd3uI\x1c#\xfa\x92\x95\xca\xd6\xa39\xd1\xf0g\xe2!\f\\;qO\x97\xce\xcc\xbcU\xadLR\xf5 \xb0\xe8\x00'/176) preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/173, 0xad}], 0x1, 0x3) [ 61.492429] [] ? tun_free_netdev+0xb0/0xb0 [ 61.498313] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 61.505073] [] ? check_preemption_disabled+0x3c/0x200 [ 61.511915] [] ? check_preemption_disabled+0x3c/0x200 [ 61.518765] [] ? __tun_get+0x126/0x230 [ 61.524315] [] tun_chr_write_iter+0xda/0x190 [ 61.530378] [] __vfs_write+0x2e8/0x3d0 [ 61.535918] [] ? __vfs_read+0x3c0/0x3c0 12:35:24 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pause() [ 61.541556] [] ? check_preemption_disabled+0x3c/0x200 [ 61.548422] [] ? selinux_file_permission+0x2f5/0x450 [ 61.555180] [] ? rw_verify_area+0x103/0x2f0 [ 61.561153] [] vfs_write+0x182/0x4e0 [ 61.566524] [] SyS_write+0xdc/0x1c0 [ 61.571802] [] ? SyS_read+0x1c0/0x1c0 [ 61.577256] [] ? do_fast_syscall_32+0xd6/0xa90 [ 61.583495] [] ? SyS_read+0x1c0/0x1c0 [ 61.588967] [] do_fast_syscall_32+0x32d/0xa90 [ 61.595118] [] sysenter_flags_fixed+0xd/0x1a [ 61.601173] [ 61.602800] The buggy address belongs to the page: [ 61.607723] page:ffffea0002d2ddc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 61.615861] flags: 0x0() [ 61.618655] page dumped because: kasan: bad access detected [ 61.624353] [ 61.625975] Memory state around the buggy address: [ 61.630900] ffff8800b4b77b80: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f3 f3 f3 [ 61.638249] ffff8800b4b77c00: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.645597] >ffff8800b4b77c80: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 00 00 [ 61.652955] ^ [ 61.659711] ffff8800b4b77d00: 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 f3 f3 f3 [ 61.667076] ffff8800b4b77d80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.674434] ================================================================== [ 61.681784] Disabling lock debugging due to kernel taint 12:35:24 executing program 4: mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200036158, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 61.700221] Kernel panic - not syncing: panic_on_warn set ... [ 61.700221] [ 61.707621] CPU: 0 PID: 2518 Comm: syz-executor.1 Tainted: G B 4.4.174+ #17 [ 61.715842] 0000000000000000 06619f1f935dfc53 ffff8800b4b778d8 ffffffff81aad1a1 [ 61.723934] ffff8800b4b779e8 ffffffff82c5cf1b ffff8800b4b77ce8 0000000000000008 [ 61.731988] ffff8800b4b77ce0 ffff8800b4b779b8 ffffffff813a48c2 0000000041b58ab3 [ 61.740058] Call Trace: [ 61.742644] [] dump_stack+0xc1/0x120 [ 61.748009] [] panic+0x1b9/0x37b [ 61.753031] [] ? add_taint.cold+0x16/0x16 [ 61.758832] [] ? preempt_schedule+0x24/0x30 [ 61.764809] [] ? ___preempt_schedule+0x12/0x14 [ 61.771046] [] kasan_end_report+0x47/0x4f [ 61.776846] [] kasan_report.cold+0xa9/0x2be [ 61.782812] [] ? iov_iter_advance+0x4b3/0x4f0 [ 61.788940] [] __asan_report_load8_noabort+0x14/0x20 [ 61.795676] [] iov_iter_advance+0x4b3/0x4f0 [ 61.801644] [] tun_get_user+0x2c6/0x2640 [ 61.807418] [] ? tun_free_netdev+0xb0/0xb0 [ 61.813298] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 61.820089] [] ? check_preemption_disabled+0x3c/0x200 [ 61.826913] [] ? check_preemption_disabled+0x3c/0x200 [ 61.833734] [] ? __tun_get+0x126/0x230 [ 61.839262] [] tun_chr_write_iter+0xda/0x190 [ 61.845307] [] __vfs_write+0x2e8/0x3d0 [ 61.850825] [] ? __vfs_read+0x3c0/0x3c0 [ 61.856430] [] ? check_preemption_disabled+0x3c/0x200 [ 61.863289] [] ? selinux_file_permission+0x2f5/0x450 [ 61.870052] [] ? rw_verify_area+0x103/0x2f0 [ 61.876004] [] vfs_write+0x182/0x4e0 [ 61.881347] [] SyS_write+0xdc/0x1c0 [ 61.886632] [] ? SyS_read+0x1c0/0x1c0 [ 61.892062] [] ? do_fast_syscall_32+0xd6/0xa90 [ 61.898270] [] ? SyS_read+0x1c0/0x1c0 [ 61.903704] [] do_fast_syscall_32+0x32d/0xa90 [ 61.909847] [] sysenter_flags_fixed+0xd/0x1a [ 61.916462] Kernel Offset: disabled [ 61.920072] Rebooting in 86400 seconds..