Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts. 2019/08/27 00:33:19 fuzzer started 2019/08/27 00:33:22 dialing manager at 10.128.0.26:44829 2019/08/27 00:33:22 syscalls: 1367 2019/08/27 00:33:22 code coverage: enabled 2019/08/27 00:33:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/27 00:33:22 extra coverage: extra coverage is not supported by the kernel 2019/08/27 00:33:22 setuid sandbox: enabled 2019/08/27 00:33:22 namespace sandbox: enabled 2019/08/27 00:33:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/27 00:33:22 fault injection: kernel does not have systematic fault injection support 2019/08/27 00:33:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/27 00:33:22 net packet injection: enabled 2019/08/27 00:33:22 net device setup: enabled 00:33:48 executing program 5: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) sendfile(r0, r0, 0x0, 0xfffffffffffffff7) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x40, 0x0) ioctl$VT_OPENQRY(r2, 0x5600, &(0x7f0000000080)) r3 = openat$cgroup_procs(r2, &(0x7f00000000c0)='cgroup.threads\x00', 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) fcntl$setown(r0, 0x8, r4) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000180)=0x1, 0x4) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f00000001c0)={0x2, 0x800, 0x2, 0xffffffff, 0x1, [{0xfffffffffffffff9, 0x39, 0x178d, 0x0, 0x0, 0x1004}]}) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000280)=@add_del={0x2, &(0x7f0000000240)='ip6gretap0\x00'}) fcntl$getownex(r3, 0x10, &(0x7f00000002c0)={0x0, 0x0}) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000300)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, {0xede247c1da33d339, @local}, 0x2, {0x2, 0x4e20, @loopback}}) r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x220}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r8, 0x8, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x8000) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000500)={0x5, &(0x7f00000004c0)=[{0x5, 0x7e9, 0x0, 0xd311}, {0xff, 0x8, 0xfffffffffffff000, 0x9}, {0x282f, 0x1100a293, 0x1000, 0x1}, {0x80000000, 0x8001, 0x0, 0x4}, {0x8, 0x5031, 0x3, 0x5}]}) ptrace$setregs(0xd, r7, 0x7, &(0x7f0000000540)="fe9eada6becbf4e69ab82d93ae01a1755dde59a411199f553392cca130423fd4f54a163954ceb2f37b00d28fb1aef458e04f3a28d3d697effd6b94d01578220d8ed3ad5187951c95de8580f120529c0c12bff57fdd0495d9a3333ad6acb1ae1003bf6258da15fabac8607e45c5912a91") r9 = creat(&(0x7f00000005c0)='./file0\x00', 0x80) clock_settime(0x2, &(0x7f0000000600)) getsockname$netlink(r9, &(0x7f0000000640), &(0x7f0000000680)=0xc) r10 = add_key(&(0x7f00000006c0)='cifs.spnego\x00', &(0x7f0000000700)={'syz', 0x2}, &(0x7f0000000740)="6fdc3b289146c4ce5bf3ae3443dc4051915999fd407d7da406cfd3dc127717c5a541f07a2cea8823c69de9ab323669e5ac5088e4cfc697fb69fddc4bec0d5c2831f0a140a9fb9cfab395986bd55871596b3b6710902b1a83d1bd7fa7f609bf573ac5b44f9f6f14da2bfada134ff8a2d8437e68100eca994c92521cd2ad2259aee9e88d356549381e6807fb492eb328f4cd6c60b31857eb2da2aaa75ce799576601666ef9a5f8da6fe21a03981c24648f0e43b89dd616bebc8659effe9285fbb2b177190df43c11821a45a2", 0xcb, 0xfffffffffffffffb) keyctl$describe(0x6, r10, &(0x7f0000000840)=""/212, 0xd4) sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x64000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x28, r8, 0x100, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x1) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000a40)=0x4, 0x4) write$binfmt_misc(r1, &(0x7f0000000a80)={'syz1', "1634993b86d4b0140c1eb3"}, 0xf) socket$nl_generic(0x10, 0x3, 0x10) fchownat(r9, &(0x7f0000000ac0)='./file0\x00', r5, r6, 0x100) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x9) setsockopt$inet_tcp_TLS_TX(r9, 0x6, 0x1, &(0x7f0000000b00)=@gcm_256={{}, "a5bb396ed3f2c9e2", "c2a402585bc56252b939dd706bcc73c7b044614a145c3d20ed0521e99885e7c4", "c31235cc", "70cfec50345a9074"}, 0x38) getsockname$packet(r9, &(0x7f0000000b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000b80)=0x14) ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f0000000bc0)=r11) 00:33:48 executing program 0: r0 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/context\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x4040, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x98, r2, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xbce}]}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x20000004) write$binfmt_misc(r0, &(0x7f0000000240)={'syz1', "5b4cd2e7370f637e39678b8f35753b262a2c8e36dc9d794d566ba0568e36550169549be88a38d4bfeb21a62838d7e97e0f8d54b6b835080e765b584eb091dfe2de86047dc1677a03add784606ef0e21d1b0e96981c67233c8614c7c2794445b3443abf3c5e4a241a52b5e78614be880eb055700e65219cf94f30a7d55eb3f3e9105a9700b7beddeff1e208bebb0e6e1344cf5d97b9b5409853beeebad5ba0733e3e5b0f0bbb94cd31dabda313df311de818a694fb31b1af8"}, 0xbc) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r1, &(0x7f0000000300)={0x9}) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380)='TIPCv2\x00') sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000040}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x20, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x4}, @TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000850}, 0x1) ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000480)=0x4) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000004c0)=0x0) sched_getscheduler(r4) ioctl$BLKSECTGET(r1, 0x1267, &(0x7f0000000500)) ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000540)=""/69) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000600)={0x0, 0x0}, &(0x7f0000000640)=0xc) quotactl(0x8, &(0x7f00000005c0)='./file0\x00', r5, &(0x7f0000000680)="fa75f04f82942dce53e0f73476931a71a9b95dc24434e9abf46b7702d5cd4b9986e16dccf7eb6d86947ac3a95b26cd2ceb2d5a32077174afdae3de5c6bbabd09107ed1a8b11d12b03128d545e39c1d618127df52409a58ef73edaa64106990de6a46e54ed0b8c176") ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000700)={'lo\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)={0x14, 0x4106, 0x80000001, 0x5, 0x20, r1, 0x56, [], r6, r1, 0x5}, 0x3c) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r7, &(0x7f0000000780)={0xa}) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000007c0), &(0x7f0000000800)=0x4) r8 = pkey_alloc(0x0, 0xaeb0be936f442754) pkey_mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4, r8) r9 = openat$cgroup_ro(r1, &(0x7f0000000840)='cpuacct.usage_sys\x00', 0x0, 0x0) sendmsg$unix(r9, &(0x7f0000000a80)={&(0x7f0000000880)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000a40)=[{&(0x7f0000000900)="d78e2cbdb29b93d9365a81a2e6903a15e8d0082894703b4e99430d8d3f3822b4cae9359197c52801b72cf8194347757c206db73667eea9c4adca9da6a52f73ea0a765d180d60e6d5c2700149f5cfcb07693a40880fbec72b74581f0e4f4b15ca35584be335c48f357331f3d9cf7c78b30e32222f02a10f860a0a6e49143a48766fe97120a241341f62c4be7074dafb2883d0c3b891e44460132a2ab5c2739e218470806a9e3b2f435da89f34b40288655d91619c90a0", 0xb6}, {&(0x7f00000009c0)="26e979b935d143fbddf9ef81d46e7168e9119bd55bff903837c5fe2408fb6f4e1d8f16a94eadc868930ae4ba649ef84ad84dfcfe1d98355e08084212f3a94a4c04cffd8fb2be482e9e68b8b15258b16d9ee450dce3fc6859b3d17a668d76e004361b3f645bddd41f1183866e4aa7b9b693b9fedcc2cc5083", 0x78}], 0x2, 0x0, 0x0, 0x40000}, 0x4000000) r10 = add_key(&(0x7f0000000ac0)='id_legacy\x00', &(0x7f0000000b00)={'syz', 0x3}, &(0x7f0000000b40)="719ff121c16986b302ae9d5b7bfc4140b7431e1fe47b79853585d7f1b70168287a668120281860ad97f558d32b0f17d0a38120cc93130a9f6574515398e4f309ec00e3137e69534faf9d546c9e81f406c03681ce8cd44841e921c3b7ed9db61564a8ea368bc06a91d99fbe666ccfbcfc98d3be48a5e3c7424cd17f6a765b870edbe9424711c2b5a8c688aad07c056f0aabbfbdbaaecac5b3e81b23aaf09ad795e9c7ed6a17a248356d5421a4c54c8032e758dbfc716955f2d75fda5c8b67899f078cabf66a1dd3fb96411494cb743eab1660b4efb15dfdfb9417fc57adc9e2be", 0xe0, 0xfffffffffffffffe) keyctl$revoke(0x3, r10) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r9, &(0x7f0000000c40)={0x14}) tee(r9, r0, 0x80, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) lseek(r9, 0x0, 0x2) r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000cc0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r9, &(0x7f0000000d80)={&(0x7f0000000c80), 0xc, &(0x7f0000000d40)={&(0x7f0000000d00)={0x1c, r11, 0x4, 0x70bd2d, 0x25dfdbfe, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) 00:33:48 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x80100, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x4ee) write$binfmt_elf32(r0, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x8001, 0x95, 0x1, 0x1f, 0xffff, 0x2, 0x6, 0x0, 0x115, 0x38, 0x35, 0x380000000000000, 0x80000000, 0x20, 0x1, 0x10000, 0x0, 0x800}, [{0x3, 0x200, 0x4, 0xfffffffffffffff7, 0x8, 0x5, 0x3, 0x362c}], "8e51020d63d18b5f6986cb7078ca744884c6062bd8f4f5d37ad2e3a1de03365d1d18082f7703c3673f380aa6cb09c63ee194177c4d35395d3feec4ad1108", [[], [], [], [], []]}, 0x596) ioctl$TCSBRKP(r0, 0x5425, 0x7) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000600)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000680)={0xffffffffffffffff, r0, 0x0, 0x11, &(0x7f0000000640)='/dev/vga_arbiter\x00'}, 0x30) tgkill(r1, r2, 0x3b) ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f00000006c0)=""/222) r4 = dup2(r3, r3) fcntl$F_GET_RW_HINT(r4, 0x40b, &(0x7f00000007c0)) rt_tgsigqueueinfo(r1, r2, 0x38, &(0x7f0000000800)={0x3c, 0xd1f, 0x9}) ioctl$TIOCGRS485(r0, 0x542e, &(0x7f0000000880)) r5 = accept4$packet(r0, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000009c0)=0x14, 0x80000) stat(&(0x7f0000000a00)='./file0\x00', &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000ac0)={{{@in6=@rand_addr="af0573e29c567efc9a5fb16b0ccb5d61", @in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4e23, 0x0, 0x4e24, 0x8, 0x2, 0x80, 0x80, 0x0, r6, r7}, {0x4, 0x1, 0x10001, 0x1000, 0x3, 0x9394}, {0xfffffffffffff03e, 0x2, 0x4, 0x8}, 0x7fffffff, 0x6e6bb5, 0x3, 0x0, 0x3, 0x2}, {{@in6=@mcast1, 0x4d6, 0x6916a58417d6de6e}, 0x2, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3504, 0x3, 0x2, 0x9, 0x7, 0x36e6, 0x8000}}, 0xe8) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000bc0)) r8 = open(&(0x7f0000000c00)='./file0\x00', 0x90ee0c4e98c1e35e, 0x1) r9 = add_key(&(0x7f0000000c40)='rxrpc\x00', &(0x7f0000000c80)={'syz', 0x3}, &(0x7f0000000cc0)="8965586fde93fba16b3b6a5fe15515334e5822a466466e88366c3f037291fe6bd458533960b00c7c88dd7e14db9747bd6ec0cb9c2a328ddee6eacac964081b44f927619da455528ef5366b562ac3d864a4b4977641450016e8b830f6344c0d58c62c1c636798a5ff2aacc818efd48c4cecd84481312a49989c91950823f8dea4d54e247be02de154440db26b871f48c0053b43bad32e84b3e266c81435c6ba1f9c4a60e32f680b740b1fa0b992cb3f", 0xaf, 0xfffffffffffffffb) r10 = request_key(&(0x7f0000000d80)='.dead\x00', &(0x7f0000000dc0)={'syz', 0x0}, &(0x7f0000000e00)='$\x00', 0xfffffffffffffffa) keyctl$reject(0x13, r9, 0x101, 0xfff, r10) ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f0000000e40)) ioctl$KDSKBMETA(r8, 0x4b63, &(0x7f0000000e80)=0x2) execveat(r8, &(0x7f0000000ec0)='./file0\x00', &(0x7f0000000f80)=[&(0x7f0000000f00)='/dev/vga_arbiter\x00', &(0x7f0000000f40)='\x00'], &(0x7f0000001140)=[&(0x7f0000000fc0)='#nodev&*\x00', &(0x7f0000001000)='/dev/vga_arbiter\x00', &(0x7f0000001040)='/dev/vga_arbiter\x00', &(0x7f0000001080)='posix_acl_accesswlan1\x00', &(0x7f00000010c0)='\x00', &(0x7f0000001100)='.dead\x00'], 0x400) r11 = syz_genetlink_get_family_id$tipc(&(0x7f00000011c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x83840c99c192e88b}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x24, r11, 0x100, 0x70bd2b, 0x25dfdbfb, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0x200}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) ioctl$EVIOCGKEYCODE(r4, 0x80084504, &(0x7f00000012c0)=""/187) sched_setaffinity(r1, 0x8, &(0x7f0000001380)=0x8000) fgetxattr(r5, &(0x7f00000013c0)=@known='com.apple.FinderInfo\x00', &(0x7f0000001400)=""/121, 0x79) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000001540)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x300008}, 0xc, &(0x7f0000001500)={&(0x7f00000014c0)={0x1c, r11, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r8, 0x6, 0xe, &(0x7f0000001580)={@in6={{0xa, 0x4e20, 0x8, @ipv4={[], [], @multicast1}, 0x1000}}, 0x0, 0x4, 0x0, "62fb08e9e4dcb86a2a2d6e260adc1650d308a9ec190b234e45b289833a53dd5c97525b8aecdb9e06e80d6570772574b000ca4ea9eafd23299070b7be9a3f010646fb009539efcc6b0a413d5bcfc8cdfe"}, 0xd8) 00:33:48 executing program 3: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlockall(0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 00:33:48 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000780)='bbr\x00\x94\xf9\x86}j*\x15\xfb9l\niP\x00\xd4]\xc6t~\x89\xb3\xae\xd77>\v0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f00000035c0)) waitid(0x0, 0x0, &(0x7f0000003ff8), 0xa1000004, 0x0) 00:33:49 executing program 4: 00:33:49 executing program 3: [ 49.334433] audit: type=1400 audit(1566866029.167:14): avc: denied { add_name } for pid=2218 comm="syz-executor.0" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 00:33:49 executing program 5: 00:33:49 executing program 4: 00:33:49 executing program 0: 00:33:49 executing program 3: 00:33:49 executing program 1: 00:33:49 executing program 2: 00:33:49 executing program 4: 00:33:49 executing program 2: 00:33:49 executing program 3: 00:33:49 executing program 0: 00:33:49 executing program 1: 00:33:49 executing program 5: 00:33:49 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000006c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "3b6b1a9e42ac8a390be24a9eacc05730f66157a96acc15813f0dceff970000000000000000000000000000000000000000000000000000000000000059566d4f", "a8a4cd01e527e6fd3de45387daf7b1ac786d0e8af4e8904655361fe06f308fe6033a61edb75c8d51c055faf7f4fdb16e0cdaa4276939a341033400", "2f18ffffffffffff4116c9361610582957691b110bfeb59800f97c97644ab8a7"}) 00:33:49 executing program 3: unshare(0x20000) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) mount(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, 0x1000, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[], 0xfffffe8b) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) unlink(&(0x7f0000000080)='./file0\x00') 00:33:49 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/netlink\x00') readv(r0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000040)=""/91, 0x5b}], 0x2) 00:33:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f00000005c0)={0x8, 0x40000100, 0x10000}, 0xc) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10) clock_gettime(0x0, &(0x7f00000002c0)) sched_yield() connect$inet(r0, &(0x7f0000000640)={0x2, 0x4e23, @local}, 0x10) r1 = syz_open_pts(0xffffffffffffffff, 0x1) ioctl$TIOCEXCL(r1, 0x540c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$netlink(r2, 0x10e, 0x1, &(0x7f0000000800)=""/156, &(0x7f0000000000)=0xffffffffffffff80) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x9}]}, 0x10) r3 = fcntl$dupfd(r0, 0x0, r0) fcntl$getown(0xffffffffffffffff, 0x9) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x0) write$P9_RLCREATE(r3, &(0x7f0000000400)={0xfcca}, 0xffffff25) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffdac) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0) sendmsg$netlink(r3, 0x0, 0x40000007) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) ioperm(0x0, 0x80000003, 0x8) write$P9_RSTAT(0xffffffffffffffff, 0x0, 0x3bf) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) write$P9_RSTAT(r3, 0x0, 0xed) bind$inet(0xffffffffffffffff, 0x0, 0x0) write$P9_RSTAT(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="3a4a1c1ccad2b747cab0acaf50663dc54cfae857553dc5120fc872bd36eb56f0222f780fd349d3b28586aacd504dd4830d305f11701fa97022d347fde641b8873cbe3b8b569af64312546ac89a1568f54836868cd3d9dde35b6d07c6550360199826a62aef03ed270736fec99464ba078dba3b02e2c29fbc193c8c28be55f783185e88f8a27957d8009a551d619956b0f700000000000000000000308e12c929e10e00000000000000000000000000000000000000004887d5a3192c248b318a0b35745444085e59568ae79375e3194c7b99b96d262a60cf9b7d23dc2260eb6baec9e371fd458c4f23b56bb424d85a8aad6b1677a609d850623623cead38f5b1907a4a1798cbf0e88d95a75372c5e3a7763f8f252aa764523b8c79dee49aa7bc52fc2308aa084e53418b944608514c4ddf2c916b07179a60ad087724ddcb3a8e46772cb616897352bbdc6ed567316535d7e764f2e2e6bfae62a51fecc0c5d69023669a6ec7ba87a616567f3ceb3a22fa620000000000d4"], 0xb0) accept4(r2, &(0x7f00000001c0)=@xdp, &(0x7f0000000140)=0xfffffd04, 0x80800) connect(r0, &(0x7f0000000480)=@nl=@unspec, 0x80) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) 00:33:49 executing program 1: r0 = socket(0x10, 0x2, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000001c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x4e4}, {&(0x7f00000024c0)=""/4096, 0x105c}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0x1f9}}], 0x40000000000004b, 0x6, &(0x7f0000003700)={0x77359400}) 00:33:50 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x2, 0x29021) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'veth0_to_bridge\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="1a00000000000000010001000400"/27]}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/rt_acct\x00') pipe(&(0x7f0000000200)={0xffffffffffffffff}) renameat(r1, &(0x7f0000000180)='./file0\x00', r2, &(0x7f0000000280)='./file0\x00') ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0x0, 0x3]) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10014}, 0xc, 0x0}, 0x8840) openat$selinux_relabel(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/relabel\x00', 0x2, 0x0) write$evdev(r0, &(0x7f0000000040)=[{{0x77359400}}], 0xfdda) getpid() 00:33:50 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_buf(r0, 0x29, 0x23, &(0x7f00000000c0)=""/216, &(0x7f00000001c0)=0xd8) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\x00') futimesat(r1, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000000)) 00:33:50 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x1, 0x0) ioctl$KDSETMODE(r1, 0x4b3a, 0x6) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000000004, 0x400031, 0xffffffffffffffff, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000080)=0x2) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000100)=0x4) r3 = add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="b90333d7bf5c8a6bfde262b35dc06c63d6ff480922e09e7f7285951a2c6b5b052a990174cdcfb1b74590f61fc332b6d8d5f687119dda6193f94f038afa89e2ce47413cc273cc39c6e39ad82107ca47cb6b63fbca91f3137e706567b1ccb51bed39c475", 0x63, r3) ioctl$RTC_EPOCH_READ(r1, 0x8004700d, &(0x7f00000001c0)) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000040)) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000180)={r1, 0x0, 0x2, 0x100, 0x7}) 00:33:50 executing program 1: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, &(0x7f0000000540)=@generic={0x3}) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) getpeername$packet(r1, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000480)=0x14) linkat(r0, &(0x7f0000000440)='./file0\x00', r1, &(0x7f00000006c0)='./file0/file0\x00', 0x1400) fchdir(r1) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/full\x00', 0x40000000008004, 0x0) fchdir(r2) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000380)) r4 = creat(&(0x7f0000000a40)='./bus\x00', 0xa) fcntl$setstatus(r4, 0x4, 0x6100) truncate(&(0x7f0000000300)='./bus\x00', 0xa00) lsetxattr(&(0x7f0000000240)='./bus\x00', &(0x7f0000000580)=ANY=[@ANYBLOB="80030767d2f4d955275917e84d720eef3eb90f8a1b01433820805e966f350000009428a4ce93f78879cdd3dd3ce9a75a54df427e0000e2ff0d417c2072482d081498cbcc839ea650db672a9492c2704fdbe48423566449564cb20ea349f09fa8df3b9a9330a14e646d5ac3ae17650bdabe937c232dca788c2ce6e60c8b59c81bce58791cfcbc0711fdf897792bc3f006989c3672ea34a595c73b984c4e994582dbfe2104b968bc30825fe788c62f9f49e29c54dbdfedfc2f5196464f2a9b3a7290ce1530feff543842a82580714a982243ce8662bf8b54efa846f79cc781631b1a22cce56312f07000"/249], 0x0, 0x0, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x26880, 0x3) r6 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000a00)='/selinux/avc/cache_stats\x00', 0x0, 0x0) write$P9_RLOCK(r3, &(0x7f00000009c0)={0x8, 0x35, 0x1}, 0x8) setsockopt$netlink_NETLINK_CAP_ACK(r3, 0x10e, 0xa, &(0x7f0000000340)=0xd4ab, 0x4) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f00000002c0)=0x0) sched_rr_get_interval(r7, &(0x7f0000000a80)) lseek(r4, 0x20000010000, 0x2) sendfile(r4, r5, 0x0, 0xfffffffffffffffc) sendfile(r4, r5, &(0x7f0000000040), 0x8000fffffffe) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000140)={'filter\x00'}, &(0x7f00000001c0)=0x54) write(r1, &(0x7f00000000c0)="8aec592344b8776fcc12640aa7cd9a6107f8c1362aa042ade4d2f75310142645d5e57475f85fdd39978588cd373068", 0x2f) ftruncate(r6, 0x6) creat(&(0x7f0000000280)='./bus\x00', 0x0) 00:33:50 executing program 0: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xfffffd96) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) lseek(r1, 0x0, 0x4) 00:33:50 executing program 2: r0 = socket$inet6(0xa, 0x806, 0x800000006) r1 = socket$netlink(0x10, 0x3, 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0) syz_open_dev$mice(&(0x7f0000000440)='/dev/input/mice\x00', 0x0, 0x2000) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000004c0)='pids.events\x00', 0x0, 0x0) open(&(0x7f0000000500)='./bus\x00', 0x800, 0x1) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0xa601, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000540)='memory.stat\x00', 0x0, 0x0) ioctl$TIOCCBRK(r3, 0x5428) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_PKTINFO(r4, 0x10e, 0x3, &(0x7f0000000140)=0x3, 0x1) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f00000000c0)=0x7fffffff, 0x4) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) fstat(r0, &(0x7f00000005c0)) setxattr$security_smack_transmute(&(0x7f0000000240)='./bus\x00', &(0x7f0000000580)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000340)='TRUE', 0xffffffffffffff52, 0x0) getsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f0000000200), &(0x7f00000002c0)=0x4) pipe(&(0x7f0000000a80)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f00000001c0), 0xfffffef3) ioctl$sock_SIOCSIFBR(r4, 0x8941, &(0x7f0000000400)=@generic={0x3, 0x4bc7b0e2, 0x2}) fchdir(r1) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x40983, 0x0) uname(&(0x7f0000000280)=""/25) r8 = geteuid() fstat(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$netlink_NETLINK_PKTINFO(r4, 0x10e, 0x3, &(0x7f0000000180), 0xfffffffffffffe7e) mount$fuse(0x0, &(0x7f0000000300)='./bus\x00', &(0x7f0000000740)='fuse\x00', 0x110000, &(0x7f0000000ac0)=ANY=[@ANYBLOB="2cffffff7f000000003030303030303038302c626c6b73697a653d30781030303030314ab611303030303430302c64656661756c745f7065726f6e732c6d61785f726561643d3078303030303030303030303030303030312c616c6c6f775f6f746865722c64656661756c745f7065726d020e38637da59965626c6b736900653d307830303030303030303030303030327eac3acc30740c746561643d3078303030303030303030303030303064632c626c6be1bcdbf5ad0703bf73697a65303030303030313030302c61707072616973655f7479706508006d61738869672c646566636f6e746578743d757365725f752c66756e632a4250524d5f434845434b2c7569643d850b0dc23747b3e4fbcc35bffa9197f5f153789f4600d4e229bc7a9ab4b06e197f754553c7747742cdebc31335d05ed91aeae73fbcdbb4060068ddd8d6d159cb1fb28a986cd19763b0a7208c7b277d6abab8b1ce6795228509ebebec802502872d7447c2d79d559b4aec1345b82b1615b18be062d61c6506619a5fb3d78aa8be2cec4774cfa0916f39bc930000000000e73fce9bdd17726582349048433bd040b11f59ca568a578a4578193c0c01a583aa329e3f76e0653817fc434eab18d9a899c928742673f14e621c381130501bc0bb90e81ccfe43d413cc9919632985822e71391a9214988ddacb9c9f6844bc8b439211c3d903842a41df2d678c948deafaa406f0567f28d179530a69972f9bd549888a36120a5a823aa7984e81376ab55bd4c05bf928c024f7dccd97350a06a526e4b6bd2400c5e36b89c95c2a917e686762ebd63d79fe82137271a0e157a7a817f3856a002d6523714a8f0d9007e0000000000006dc7b91860e1d647596c9b65729eaac0abc4a7b1163e1db9c3bb603aceaa84ba349208b5dc0d6d2bda7093f3790c68180fdd950971985f61023d85bbc8d5538307b6fbed55e9bd2f4f909845380ec1dcd7925633598c1acaf38a62dfb4a863856d65d232a398a886e2e9465bf4d0dfc4ec35166cd86e2ba53e069c9247bee5d3bc10f511d8d8a6ff17d43cc8d506ab2c1563bc599dcca0e5be5aa55bdeba4b18bd48f9b986d3026c3147e64dfffa051e1505c16a232773a50020a806f1bc78f3e218067b6eaf5c8a759b7a4fa703986336550d4d9c425e6347561e3a22975e2688b4d932821684fd942dd01503b4ae5b4f536419bc691b2934c4a1539b0feb65e7e10eb7da50a556070dc46b0a6dba00a430ea3d625d72bfef2defd85a57b8f2e217ed6d9781193d1448bfa2ada2da9735646ac33d6d87b2bfe5563918a3a3bea6cb309ffcdb58552bc906f003d76e1dc4a304ca00004a40a30cdfb6b8fb0e2d14077069d831a882b0c95ceedd23db94cbb0560738beff8ac70f5766156e5f5a3998e2d1c5f719f2799ff1b88985d685e8a43d783daba796700371cc148b2ded14c9d1132363d00f9e88573139573f64abf52188840dbaea8048d8fcf899f310658ff123e0a367833aa279fcde96d357fa0fae425af444cc19072dd39161434d47e5162512f6efc7d6458c457d15f089623b19139137d2182c7064c248ef87bb93080b8a7604889f678164b64c6ce2a8aeb476cb62786cc739c391d70eebac57440d0698e9e0c34c52fd754e4f08b23d8f113718730d7d4dd297abf7f6830a4d19d40d88bbca09ff740c2c6f2f978a0b2ba7647b37a9083cfd89954852f8ad28663bf59fc0e2c9ae805f28308fa5f051a31742ab66ca20c11a6e9885409ebc9b6642b7567e0c55fceb839762a01347effbcaff6a226b41f9908d77a435edfb5f50c4c409c025c642c0169daf597201a5f07378e5b70f89bcedb1739feab4190544d4c0bbcd129be700"/1342, @ANYRESDEC=0x0, @ANYPTR=&(0x7f0000000780)=ANY=[@ANYRES16=r10, @ANYRES16=r6, @ANYRES64=r9]]) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) getsockopt$inet6_mreq(r7, 0x29, 0x1c, &(0x7f0000000800)={@empty, 0x0}, &(0x7f00000001c0)=0xffffff2c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000880)={{{@in6=@dev={0xfe, 0x80, [], 0x10}, @in6=@loopback, 0x2000000004e20, 0x7ff, 0x80000004e24, 0x3, 0xa, 0xa0, 0x800000000000, 0x77, r11, r8}, {0x7, 0x3, 0xff, 0xb8a, 0x2, 0x10000, 0x1, 0xffffffffffff8000}, {0x8, 0x2, 0x101, 0x1ff}, 0x2, 0x6e6bb2, 0x0, 0x0, 0x2, 0x1}, {{@in6=@mcast2, 0x4cf, 0xff}, 0x0, @in6=@ipv4={[], [], @broadcast}, 0x3500, 0x3, 0x2, 0x200000000003ff, 0x2bd, 0x0, 0x2}}, 0xe8) ioctl$TIOCGSID(r5, 0x5429, &(0x7f0000000480)) memfd_create(&(0x7f0000000640)='blksize', 0x2) setrlimit(0x1, &(0x7f0000011000)) r12 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r12) truncate(&(0x7f00000000c0)='./bus\x00', 0xa02) [ 50.378671] ================================================================== [ 50.386153] BUG: KASAN: use-after-free in tcp_connect+0x2606/0x2fa0 [ 50.392551] Read of size 4 at addr ffff8801cac44a28 by task syz-executor.4/2347 [ 50.399982] [ 50.401608] CPU: 0 PID: 2347 Comm: syz-executor.4 Not tainted 4.9.141+ #23 [ 50.408614] ffff8801ab56f940 ffffffff81b42e79 ffffea00072b1100 ffff8801cac44a28 [ 50.416669] 0000000000000000 ffff8801cac44a28 ffff8801d2649ba0 ffff8801ab56f978 00:33:50 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = open(0x0, 0x2, 0xd0) r3 = memfd_create(&(0x7f0000000280)='[\'posix_acl_access\x00', 0x0) write$UHID_INPUT(r3, &(0x7f0000004240)={0x8, "a4695c532a8840cd6fab5414a4526f2c79702ae7d3c6501814b0f7c64161e134364c387ed362863f529d0903deef786d215310eaa4c13c41250db8794e3f0bf1be5e5d1aac357c8b6d3f43c2219de07cd2219aa3c3f251252b86ebd758fdaf0e156ad88b2e624d1e405363aebe4aa0f31ce7f0e51706273ea3b7c2cbd7d77d314a4adb25485c5e5bde9b998ae95c0581836fa841e241749ca8b55b9c4705c4a8714bd7165f7d0999adb658a9507fa64c7a41e58fc346dca457710f13e9699b0e175c7523b55aa74a54e6cccfb463a2d6a89451f85ebd962b042418e5cc266abd4f41bad18eb2639379b55aaf6e89d92d01bfd995274711f8e72094b45a4b79b0995e38b28f6633237f105a7ec050896f833de886c1d31e3c14f48ba185043d7f3ee7231fbfd2cbd31ef3454027c26940714dca40c74dda73812edb9d2adc7354ce2633aeeadbc6c14e169d994d7ac1b68043fc1b3727b2f96706da8c3f3b3771d5beba69188fca57852785f46cb373c19a3374d8c041f92ab3820d2a1eb525237cce0f7a99e0c66cf681e7ea950e062cfaf0e8d8d834da0443703ea2b63568d29cd2d7199b6ef6784e0dc8a8979841d4ddea77b998619e8eae45a9ea9bb1464ad2aa2df228e60a65b5e83ad369bc367b69a8207d8f0904b4c389c973ec705b73b666e2f298d10f57f098ed0af810231358dd151ea5bc03675bf1c9fe6ac570ad628152c8a2b8570d849c8a0460b617fabda499cd10aa0e366b8320e14b1bec56c6a96165d23b9806c0c4f86d2d4677a95a6c0e627aae99c235b06bf1432e7c81dd827e43fff9ecd24f7531ca4cfacf478f66ed764fcf53d773f4b9abe8185a661fdc9727a478f422a4bb1a7edeaf68b1e2ffa68e3068a7de077cedc7554de7a90dd2b2483a47814cc7bc85eb1a972246778db8b33bd522ec79aefa3529a000c58b570b940e55c0484386325f4097b13bf337759b0bec9321fe39e521a546a7563eb675a61ce680dee112f368343ca56332c28f44f95024ae1d77b411abe6ed80c645ce69daee65e2505d13b2d0f2f1dfe35ea7c5340c6eb70c4c34350fbcb9945e2ff4759baf55b01db49b1a7d1011eaee4811150e7f5caf7e93b0746efbc52f5733c74e27b8f4631d3852d544eef295eb18a2bf2369679c2bd9a9c5939803c6ea153d9c15dd4112789060da7b1d5b7e41b718a68a10f1d4f3e3298c16c5ab69a6c7187ddc82f2d3e8cd737afb7187dea3076359fac2b40917305d9f831b2ea698051f6560fc3cc6d24dbd148abe8e58f7d8127a9615ba027aa35aafc88debf06dab3ca38e01977102164747b0eb568009887342bbc14e274e1d12729b770887f9aea18d2ad6441849842d51d41907428ab28e36e815103360ef3c121d5a602231413d2825c0bc1a2f04614920b113e871ae1da79eb4f3a8528effc9e738c48eb2ba7843332b85bcc4d4f4cbce5090967fd6e88cd63a3d03f5c79f36ccc45be3941b3b39fb19e51298b8671930a5772ed878b057572b6db8ece6ac3f46a062a8fccd0a3b9133c0573419e3a2d5b7ab5ca40033e35918449d04428ecb9febcabeff937fba5ee21e75707de789432ec0680d3f952927ebb85e5609aebf96e8c84d88056d369493c875ce0f9e8ae5fac48912a7689914f9be71773d3f004306406cdb761c127382e70a77ac6da6aa98d57a575b218b72e2d90a66bcc130600b52765da0b017bab0e3f3e3689cf1220329ea86a03cd2f6d2b54c95364c839ebbc315153dfbc97d6961d7f0e6db56a93fa1d7afeaf479fe47ac35c92a398be921769f3f7c422cfd5ffc372f85ee3f619974b8c627568430c64d84f6aaf69a1276a7cf4cf57c057257181f15e82fd37271278da6235f34891fc702894cca12001e263d74a6e18a45bc0ebd1600987c3237804507a4923f4700ebcca3684ef35f8e4c0a8b9875cf92aec862519f5c0cdcb1d5b90710a88d39bb919c0820f25685085d179bd48ebce21c4ed697a9def3ad887eb4652ac5919ffb2ff34e78d53123e9c1ae9e50447d77560c3702d818ba1e9f848123f31ca6236457daeda138846b55017b426fd8fe0e65b5c1d8d936bda2e7e9f67ec0faaada6ebafb2440071f0c50aac2f0a5059dce32998799524bd6412c13bbee27b891de386bdc7b4a96a3e495300e82ec8d837b95b9af4b1171ea7640a27f27b3befeed4b864b5442f889b769206d6767b5815a74df960824fbcab31ab93281db2b651a838b790e52fb4c2ed29358cfe44c85f5453af706eb96ebc3140697eb914e803f3965614c15ca7fb5f6c632007fe7c56acdbdb0a197341d44f024cbe174244c0acfb1bd29f0d628d037956ad4434aa3a71ecd29556f3a23fbfc3735904c2ce5e84fd53bbc43e924940f307a81706556c45f53630c311aaae9ce4565aed2339d95bbf3107a90a3b8a6e95e8415a2ae7b8841dac758d52b7bb22cbe0ebad79900e9c7c40cca8799cca66b3571fbecf68e3ea2e3880bc2cbed1ad1dabd69593e1a968da410c5d8538fdc8199ee310a3a2b14c642e388e9f1413bb90f876aa478006554a01f6b0d41d2f5c8b7ff20d7cb79afd13f6ab3f1331a8de154a60da33aac5310c174cd54a79985772fce707da4a9ce7c5b7b60e9a9a58cd0aa4343c45d4acca17b04214076800d3ab346142ebe4bdf3c7094e73a552b1929af8c5a5603188cb751b35a98314694ecbf71c05e7997a322eec7a659c44899f7c53c8d3477d3c36f21577620813b41223aabdc72d772a2f60deb3b55bf1b5c1455371f14b0ad57af2cf6cc5b25793935d9d1fe24a2c54b5d1e45b0d69c7f697ba26595bd30e8361adee3e84b2bb08410435ae348947b1c389d5bb5a97b4654241f9b9bc07d968a6d963200e0f4eed7dc80780dadd6b570a2c5a6e9dd93712e6103bce24db15d906ba03085c06d5d963d3452f742a386661b1679f9a2cae3b9debf35c01a82a5e869cc63aabb113f6a37a3454b134108dfec975ac6192be9c699321ef5280e82e13a58d6c6f68d8d3abcde2d2fd047d8e08650c715932bedc0afbadbfad32dab976687c4d7dfc40d95399716f410d75e8d6b4e5ad85562e5604d1e414cecc3941b2e9cfd1aa2a6f31b2d509420dab96d19fe6627420c0c454f48b9263d2af216ab0858590005d57412234755b706da1a7a145fce8e007969695d00bb462270ac95fd1b483686ff6db7ffe576a8df61d80604443452236e27adbb46d4a70f2e7ccbf1735a9e9fce0f56859fa00c011742f5ded1a3631a8addbd1c412f4b404a6c7164b33f378c95395b8ce6185f90c93a9f6b33f905b03c2089554bef2991428d4d2b27e001926e714eef50ba21b7a9c048cbf2d72576a82b1145f40c9e8a2dd79684fd5c3319a8076b5f88632930542348241ee0c0b737c9474a4448d2a7d1ad2d81a5bcd4566520b678aedbb3c54cdc7dd6d03bb60af951eee9dfa5b92ebd2b6e4edf1cae7feee75c901b8fbef195921076aafce7c34732c3c67093587e25860e94028768b98c1980038fce54fb76d2531b9c3f945630ee9ec1afa2acba1e66d2ccc8b966c0470d5528cfc119c0ba14cf84c5c2a2fbcf99657c3c73ab20b32547275bba54d45eaf49e86622467e82d173d8dcaeaf5eba2a24abbdbeb5bcae6ff222d49eff8994c31297ee3f53ed0595ca90aa6315d30cffb5fdf27bd68f78ff547d4e1b443161c130cdb02f38bd0c5fc5eb86dc8a7cd9c3956d8aec7b9f4d342edffef3b819657f0891be01b974409e7a5b2ae63ac68bd7696e1b6ab1da8ee48ee955a3a12d14ce067c9c3c8b752e37c843fa9f5e9f3a1fff75ad6ff6366b34464a397bf6c74a6488912f2bb8fb379d1806a9a635d969b5818eaf11b7cd7377cc684d71f3745082efa2f49f64a057050c5f5c171b93a64dc93bdf89a181a70d38dae0731e5863c62735d7a4b28419abd22126a00fc9a5a75a74691caddc54d5426b81df6448efebc6b5105c4d648dcc23ae4f9ec7611aaef8030ea44d38952dd9cb32ddb484d3cd4e6b0174c58fd7288352f1639f78f2fd2113523462c4999a92e5d9e0ea1541c3ff9b749b5a37687f0499b1a13fb2590f7c76a1573f673ad8503845257c588c3049350e97ed93e24312ff82620d42f7229c4ac1094203e0b2022e9a6173d000e7644f867bfb7a142d4fc2e35a54de4e9e23516cc5cdce027b62ef24fc32cd10890e4f2fcf26a0f7b40039225ff19ff35ba97d9ecdb6e6d2cd211663dcc0dee1d41409f2d8410bf0bc9ceb490d292a3d97cc34ebc647354d8487b21c306e80b45dc57816924fee5e24e30915967e18a952b007da91d270af88fab23dd420fdb102387503280d436f644ced6868a2ab7ab2b1374969db72ea9c612636b858547a9bb187d2639fc30be948760bc634e572718efd0dad2fe4f6aaf44b0c5823e6854726f1d46bf41dd8691e58a77bdcb9afa63f3b0e1fbb0e5cafa7605406769d62a3f7e399e7d6c138adb02de7f4843783b0dc06f4c4539b02d565e79e81eba20609ba8a8914f74899ab42ac92b03580cfb5e457ca5d0b747a69ab9edd278cb59f7e6bd381a483d92dc866e9ccaf780b91a6f6993bab6f73d52593fe2cda79561ffbed677f5742f7844d284cfd9da34cb64b423073a4b3cff07fa6f18eea3a3ef843146870763c766d16c782517acfa89fb3d273e70dc8ba22a56f1d840c5dc87c31e4df33938c0a0dc78ea35872ae89b23290e786baf581ba3bcd995e5bddf22e6a54a6d6ae093278f6fbbd3e514cfea144d6901073e547d143c329ea2a1f97ab9aa766a2c0324890c8cb1aec1b21c88edfbb8f0d814848f31bd4a0370cc3cba4765c50975c8349da805df6fe1b67904b5aa70687e61f6bef1179e30a9b795704d11bdd7aba532bc48528574a3dfadd9f281c0cbfecd991e32c901b8d7cc57744ce5158f2259473f37e025c3f1ddae6c51cf50c2bc10bbdb17d01ac0f4807043cdadb0530283e52b6e82516603a1d7079bb45ae71c15b23a9877bc2ae706da4331b9ac9ab6e1ec8fd4041894ce2c989dc1c95802e3d443ff2cf05ec7e8348df32ae0202420dadbf6e23de917c76ab512426af82adea7a5fd72fdef2801851905ec73b83bfc8c6e63e572616a687851b8afa9e3f6c1ee357b6ffa917eeacd1005c67bced235f61436cb44dd9bf6842c8ea5ba281f77531e1d08a7a09ef0c19d2cac655bfb81ac4b7ad40083d09d9b83e7d56ada5b972cf6ee53ca693af576fe22cfde1796927aa2b54378884a93e80ecc992cf298ba99e4ad5b9d135af6e237f24c519f078b30ab1fa028438976935751d840a6078ad33f1229adf5663b5ba3c8abcff8ff30183446a62aae8a0937f8bb418e0d0c984c441271ccfc3984cdc23793346cfc36809f5ceec330e73e4f13d5a17726526b6e39931a8de1fb1d998680747f01724b117710759b9d29bf68fda8529473eaeb28182e502220a6bf5cdca4c118d2edaefe1ffac007bdb8f246407dba1f7ae277298b765e448b501e1c57e5f9e620fb6a894506d7e81fa92bd5571b32edaa3fbeb1a84e9dbd2d2e61d31bfface3ad615837f3fa95f2ed37c9e96cc045baedb79ad9c7ff37bd96798e6cce6a8d2fc8453c3a44865e1fae5e5fb551126038ef2ed4f6f7b6e186072aec9d62b8670f972eabdf12f13a1d3be51d037b25ee0552772c1fcfecccfa2bb445a34daeb79d4a1bcfbf70e718091dd72ca46069731c38775136d7256e445b58419ea845dd0f65a8a1daf88c750731a0092297c4c964005bc9cf9ec215f07c18a395b350cab70658bbb", 0xfffffffffffffdd1}, 0xfffffe48) getgroups(0x3, &(0x7f0000000180)=[0xffffffffffffffff, 0x0, 0xee00]) getgroups(0x2, &(0x7f0000000480)=[0x0, r4]) lstat(0x0, &(0x7f0000000500)) getgid() getresgid(0x0, &(0x7f0000000600), 0x0) r5 = syz_open_dev$mice(&(0x7f0000000440)='/dev/input/mice\x00', 0x0, 0x2) ioctl$IOC_PR_PREEMPT_ABORT(r5, 0x401870cc, &(0x7f0000000200)={0x2, 0x4, 0x3, 0x2}) ioctl$int_in(r1, 0x5452, &(0x7f00000000c0)=0xa3f6) write$binfmt_elf32(r0, &(0x7f00000006c0)={{0x7f, 0x45, 0x4c, 0x46, 0x59c, 0x1, 0xfffffffffffffffe, 0xfff, 0xfffffffffffff257, 0x3, 0x3e, 0x8, 0x27, 0x38, 0x188, 0x0, 0x5, 0x20, 0x2, 0x0, 0x16a, 0x8}, [{0x6, 0x1, 0x8, 0x8200000000000000, 0x800, 0x5, 0x1, 0x9}], "20a30c07d9364171f9e7146b2be251efd0b4385cc88dd31aa0a49efab5274c4e8696d3f454cf479e0db37799c8bef8db61894edc9592b6c0f197a0a07eee295c3e0323e63414faa1cabe83d4a41f04f0a0bd4d10d8bf459c73f5a5644a49b1", [[], [], [], [], [], [], [], []]}, 0x8b7) sendfile(r0, r3, 0x0, 0x20020102000007) pipe(&(0x7f0000000680)) ioctl$sock_inet_SIOCSIFNETMASK(r2, 0x891c, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) recvfrom$unix(r1, &(0x7f0000000040)=""/4, 0xebc3276d6d4b1cd2, 0x100100, &(0x7f0000000100)=@abs, 0x930000) [ 50.424735] ffffffff815009b8 ffff8801cac44a28 0000000000000004 0000000000000000 [ 50.432800] Call Trace: [ 50.435384] [] dump_stack+0xc1/0x128 [ 50.440745] [] print_address_description+0x6c/0x234 [ 50.447402] [] kasan_report.cold.6+0x242/0x2fe [ 50.453629] [] ? tcp_connect+0x2606/0x2fa0 [ 50.459507] [] __asan_report_load4_noabort+0x14/0x20 [ 50.466253] [] tcp_connect+0x2606/0x2fa0 [ 50.471956] [] ? tcp_push_one+0xe0/0xe0 [ 50.477570] [] tcp_v4_connect+0x19ec/0x1c00 [ 50.483533] [] ? tcp_v4_init_sequence+0x200/0x200 [ 50.490014] [] ? selinux_socket_connect+0x15d/0x4a0 [ 50.496666] [] __inet_stream_connect+0x6e0/0xbf0 [ 50.503060] [] ? mark_held_locks+0xc7/0x130 [ 50.509023] [] ? inet_bind+0x8b0/0x8b0 [ 50.514551] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 50.521381] [] ? lock_sock_nested+0x90/0x120 [ 50.527425] [] ? trace_hardirqs_on+0xd/0x10 [ 50.533388] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 50.539687] [] inet_stream_connect+0x55/0xa0 [ 50.545720] [] SyS_connect+0x1b8/0x310 [ 50.551233] [] ? SyS_accept+0x30/0x30 [ 50.556659] [] ? __might_fault+0x92/0x1d0 [ 50.562431] [] ? SyS_clock_gettime+0x11e/0x1f0 [ 50.568658] [] ? SyS_clock_settime+0x220/0x220 [ 50.574885] [] ? __compat_put_timespec.isra.3+0xc7/0x140 [ 50.581978] [] ? compat_SyS_clock_gettime+0x131/0x1b0 [ 50.588813] [] ? compat_SyS_clock_settime+0x1a0/0x1a0 [ 50.595646] [] ? do_fast_syscall_32+0xcf/0xa10 [ 50.601869] [] ? SyS_accept+0x30/0x30 [ 50.607311] [] do_fast_syscall_32+0x2f1/0xa10 [ 50.613442] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 50.620091] [] entry_SYSENTER_compat+0x90/0xa2 [ 50.626295] [ 50.627897] Allocated by task 2330: [ 50.631509] save_stack_trace+0x16/0x20 [ 50.635469] kasan_kmalloc.part.1+0x62/0xf0 [ 50.639762] kasan_kmalloc+0xaf/0xc0 [ 50.643454] kasan_slab_alloc+0x12/0x20 [ 50.647406] kmem_cache_alloc+0xd5/0x2b0 [ 50.651457] __alloc_skb+0xe6/0x5b0 [ 50.655069] sk_stream_alloc_skb+0xa3/0x5d0 [ 50.659363] tcp_sendmsg+0xe72/0x2fd0 [ 50.663137] inet_sendmsg+0x203/0x4d0 [ 50.666919] sock_sendmsg+0xbb/0x110 [ 50.670617] sock_write_iter+0x223/0x3b0 [ 50.674655] __vfs_write+0x3d7/0x580 [ 50.678350] vfs_write+0x187/0x520 [ 50.681864] SyS_write+0xd9/0x1c0 [ 50.685294] do_fast_syscall_32+0x2f1/0xa10 [ 50.689589] entry_SYSENTER_compat+0x90/0xa2 [ 50.693968] [ 50.695572] Freed by task 2347: [ 50.698831] save_stack_trace+0x16/0x20 [ 50.702781] kasan_slab_free+0xac/0x190 [ 50.706735] kmem_cache_free+0xbe/0x310 [ 50.710691] kfree_skbmem+0x7c/0x100 [ 50.714375] __kfree_skb+0x1d/0x20 [ 50.717893] tcp_connect+0xa74/0x2fa0 [ 50.721667] tcp_v4_connect+0x19ec/0x1c00 [ 50.725790] __inet_stream_connect+0x6e0/0xbf0 [ 50.730431] inet_stream_connect+0x55/0xa0 [ 50.734642] SyS_connect+0x1b8/0x310 [ 50.738338] do_fast_syscall_32+0x2f1/0xa10 [ 50.742634] entry_SYSENTER_compat+0x90/0xa2 [ 50.747011] [ 50.748614] The buggy address belongs to the object at ffff8801cac44a00 [ 50.748614] which belongs to the cache skbuff_fclone_cache of size 456 [ 50.761950] The buggy address is located 40 bytes inside of [ 50.761950] 456-byte region [ffff8801cac44a00, ffff8801cac44bc8) [ 50.773712] The buggy address belongs to the page: [ 50.778629] page:ffffea00072b1100 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 50.788824] flags: 0x4000000000004080(slab|head) [ 50.793558] page dumped because: kasan: bad access detected [ 50.799247] [ 50.800849] Memory state around the buggy address: [ 50.805753] ffff8801cac44900: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 50.813093] ffff8801cac44980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.820426] >ffff8801cac44a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 00:33:50 executing program 5: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/checkreqprot\x00', 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e70e) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) ioctl$VT_WAITACTIVE(r2, 0x5607) syz_genetlink_get_family_id$tipc(&(0x7f00000008c0)='TIPC\x00') fchdir(r3) ioctl$FS_IOC_ENABLE_VERITY(r3, 0x6685, &(0x7f0000000580)={0x1, 0x6, 0x1000, 0x6f, &(0x7f0000000180)="100ec5f212a1c80405191f262b044f359facfc8d75c1fa9cb0a2983d8c36b5725b2f09d9daacf2261da7df8e153ba0b56a26e745913652b2458e1fa5e947a853d86932c29d85869d1c7a286a0f069fc053bd99b853b35a3cd4f3c5b8c0cf2447fce3696fed7d77b048e91a155cc497", 0xe2, 0x0, &(0x7f0000000480)="e4536042284c1abdb904b885da108dc05c19fb159260fa14fbabf306909ddd1d781dbc613e6c0707b3cd9e4c3de4f8f6029c4637e51e93b695a52e1eff90a76424cf2bbce0a5856a2492c6b7705b8527165a1eba29f0be9fc9af2ffe0d574a6fa53240707dc1b65fc91198290be413c4a7e24bd69d5fa9dc50a3c073b40b17e4b1a2e64f9d16576186c3b8596bd2c70a370d7cd681890144f791f219d3974db57368d3ab1c6f0dd9d2bd7254cf252cc4341973c9a894b275b76dd6d98254f60aa6521489fde788ce2d19134d2aa8c73516ea152ec4f458a3cb2d2715c6a192e0322f"}) r4 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x100000010) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000440)=0x0) perf_event_open(&(0x7f00000003c0)={0x5, 0x70, 0x8, 0x1e, 0x9, 0x0, 0x0, 0x1d9c529d, 0x40000, 0xc, 0xd66, 0x0, 0xd4, 0x7f, 0x7ff, 0x10000, 0x0, 0x0, 0xce4, 0x9d3, 0x7, 0x0, 0x4, 0x0, 0x40, 0xaf, 0x1, 0x5, 0x0, 0x9, 0x0, 0x4, 0x0, 0xa5f, 0xb848, 0x3ff, 0x2, 0xfffffffffffffd7b, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10000}, 0x0, 0x1767, 0x400, 0x1, 0x3, 0x8, 0xd542}, r5, 0x0, r2, 0x1) ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68) r6 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x46800) write$FUSE_INIT(r4, &(0x7f0000000000)={0x50, 0x0, 0x3}, 0x50) ioctl$EVIOCSABS20(r4, 0x401845e0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$cgroup_type(r6, &(0x7f0000000200)='threaded\x00', 0x175d900f) ioctl$TCSETS2(r6, 0x402c542b, &(0x7f0000000380)={0x3ff, 0x0, 0x7, 0xfffffffffffff1a3, 0x833, "c954facd4de4e940838cea87aa78bfe09cdd0d", 0x3, 0xea6}) syz_open_dev$binder(0x0, 0x0, 0x802) syz_genetlink_get_family_id$SEG6(&(0x7f0000000140)='SEG6\x00') [ 50.827764] ^ [ 50.832412] ffff8801cac44a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.839770] ffff8801cac44b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.847101] ================================================================== [ 50.854435] Disabling lock debugging due to kernel taint [ 50.862819] Kernel panic - not syncing: panic_on_warn set ... [ 50.862819] [ 50.870185] CPU: 0 PID: 2347 Comm: syz-executor.4 Tainted: G B 4.9.141+ #23 [ 50.878404] ffff8801ab56f8a0 ffffffff81b42e79 ffffffff82e37630 00000000ffffffff [ 50.886471] 0000000000000000 0000000000000000 ffff8801d2649ba0 ffff8801ab56f960 [ 50.894517] ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66 [ 50.902520] Call Trace: [ 50.905089] [] dump_stack+0xc1/0x128 [ 50.910453] [] panic+0x1bf/0x39f [ 50.915449] [] ? add_taint.cold.5+0x16/0x16 [ 50.921395] [] ? ___preempt_schedule+0x16/0x18 [ 50.927609] [] kasan_end_report+0x47/0x4f [ 50.933400] [] kasan_report.cold.6+0x76/0x2fe [ 50.939546] [] ? tcp_connect+0x2606/0x2fa0 [ 50.945433] [] __asan_report_load4_noabort+0x14/0x20 [ 50.952182] [] tcp_connect+0x2606/0x2fa0 [ 50.957884] [] ? tcp_push_one+0xe0/0xe0 [ 50.963496] [] tcp_v4_connect+0x19ec/0x1c00 [ 50.969461] [] ? tcp_v4_init_sequence+0x200/0x200 [ 50.975945] [] ? selinux_socket_connect+0x15d/0x4a0 [ 50.982600] [] __inet_stream_connect+0x6e0/0xbf0 [ 50.988995] [] ? mark_held_locks+0xc7/0x130 [ 50.994957] [] ? inet_bind+0x8b0/0x8b0 [ 51.000477] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 51.007298] [] ? lock_sock_nested+0x90/0x120 [ 51.013333] [] ? trace_hardirqs_on+0xd/0x10 [ 51.019286] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 51.025596] [] inet_stream_connect+0x55/0xa0 [ 51.031630] [] SyS_connect+0x1b8/0x310 [ 51.037140] [] ? SyS_accept+0x30/0x30 [ 51.042575] [] ? __might_fault+0x92/0x1d0 [ 51.048362] [] ? SyS_clock_gettime+0x11e/0x1f0 [ 51.054577] [] ? SyS_clock_settime+0x220/0x220 [ 51.060784] [] ? __compat_put_timespec.isra.3+0xc7/0x140 [ 51.067886] [] ? compat_SyS_clock_gettime+0x131/0x1b0 [ 51.074705] [] ? compat_SyS_clock_settime+0x1a0/0x1a0 [ 51.081521] [] ? do_fast_syscall_32+0xcf/0xa10 [ 51.087732] [] ? SyS_accept+0x30/0x30 [ 51.093184] [] do_fast_syscall_32+0x2f1/0xa10 [ 51.099310] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.105957] [] entry_SYSENTER_compat+0x90/0xa2 [ 51.112576] Kernel Offset: disabled [ 51.116196] Rebooting in 86400 seconds..