[....] Starting enhanced syslogd: rsyslogd[ 13.521295] audit: type=1400 audit(1573571595.415:4): avc: denied { syslog } for pid=1920 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.222' (ECDSA) to the list of known hosts. 2019/11/12 15:13:27 fuzzer started 2019/11/12 15:13:29 dialing manager at 10.128.0.26:43743 2019/11/12 15:13:29 syscalls: 1354 2019/11/12 15:13:29 code coverage: enabled 2019/11/12 15:13:29 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/11/12 15:13:29 extra coverage: extra coverage is not supported by the kernel 2019/11/12 15:13:29 setuid sandbox: enabled 2019/11/12 15:13:29 namespace sandbox: enabled 2019/11/12 15:13:29 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/12 15:13:29 fault injection: kernel does not have systematic fault injection support 2019/11/12 15:13:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/12 15:13:29 net packet injection: enabled 2019/11/12 15:13:29 net device setup: enabled 2019/11/12 15:13:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/12 15:13:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 15:14:08 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") syz_open_dev$sndtimer(&(0x7f0000026000)='/dev/snd/timer\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) close(r1) 15:14:08 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000200)={@local, @random="0598af6b9c77", [{}], {@ipv6={0x86dd, {0x0, 0x6, "db5bff", 0x8, 0x0, 0x0, @remote, @initdev={0xfe, 0x88, [], 0x0, 0x0}, {[], @icmpv6=@echo_request}}}}}, 0x0) 15:14:08 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(0x0, 0x4000) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000180)) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x1, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000100)={@multicast1, @local, 0x0, 0x2}, 0x134) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x101}, 0x10) 15:14:08 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='cgroup2\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x220020, 0x0) 15:14:08 executing program 1: ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x800, 0xe4) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) close(r1) connect$netlink(0xffffffffffffffff, &(0x7f0000000000), 0xc) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) shutdown(r2, 0x1) setsockopt$inet_tcp_int(r2, 0x6, 0x4000000000014, &(0x7f0000000000)=0x80000000002, 0xe3) recvmmsg(r2, &(0x7f00000001c0), 0x460, 0xea225aec34b1dd0e, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) open(0x0, 0x0, 0x0) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x4, &(0x7f0000000100)=[{0x9, 0x3}, {0x3, 0x0, 0x7f, 0x6}, {0x0, 0x6, 0x8, 0x2}, {0x0, 0x80, 0x9}]}) creat(&(0x7f0000000140)='./bus\x00', 0x0) socket(0x5, 0x0, 0xff) ftruncate(0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x0, 0x0) 15:14:08 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) 15:14:09 executing program 4: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x3, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x2080, 0x0) getdents64(r0, &(0x7f0000000000)=""/24, 0xfe9c) 15:14:09 executing program 4: clone(0x0, &(0x7f0000000140), 0x0, 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) ppoll(&(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000000008) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$negate(0xd, 0x0, 0x80000001, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet6_int(r0, 0x29, 0x0, 0x0, 0x39b) 15:14:09 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) write$apparmor_current(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$inet6(0xa, 0x480040004000, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x1000, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKALIGNOFF(r3, 0x127a, &(0x7f00000000c0)) sendfile(r2, r3, 0x0, 0xfffffffffffffffc) write(r1, &(0x7f00000001c0), 0xfffffef3) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2cb, &(0x7f000039a000)}, 0x10) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xffffffa3) socketpair(0x8, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8946, &(0x7f0000000100)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') splice(r4, 0x0, r7, 0x0, 0x1003, 0x0) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000300), &(0x7f0000000380)=0xc) ioctl$PPPIOCGFLAGS1(r0, 0x8004745a, &(0x7f0000000600)) bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x3d) write$binfmt_elf64(r8, &(0x7f0000000640)=ANY=[], 0xffffff9c) socket$inet_icmp_raw(0x2, 0x3, 0x1) r9 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_FIEMAP(r9, 0xc020660b, &(0x7f0000000740)={0x0, 0xffffffffffffff51, 0x0, 0x0, 0x4d9}) ioctl$sock_inet_SIOCADDRT(r9, 0x890b, 0x0) recvmsg(r8, &(0x7f0000000180)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) 15:14:09 executing program 5: r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/user\x00', 0x2, 0x0) write$selinux_user(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="756e636f6e66696e65645f753a73797374656d5f723a696e736d6f645f743a73303a63302e6331303233ff030000725f75"], 0x31) alarm(0xffff) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x42) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) accept4$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f00000000c0)=0x1c, 0x0) syzkaller login: [ 67.987145] audit: type=1400 audit(1573571649.875:5): avc: denied { create } for pid=2294 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 15:14:09 executing program 1: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$packet(0x11, 0xa, 0x300) close(0xffffffffffffffff) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61) fcntl$dupfd(0xffffffffffffffff, 0x0, r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x14480084}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x204, r4, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x50, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff9}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}]}, @TIPC_NLA_BEARER={0xa8, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x7, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x2}}, {0x14, 0x2, @in={0x2, 0x4e20, @loopback}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x7, @rand_addr="dd10e101b8531c8fb2037f5c10336b32", 0x8001}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x10000, @empty, 0x2}}}}]}, @TIPC_NLA_MON={0x4c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x101}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x330e}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}]}, @TIPC_NLA_MEDIA={0x5c, 0x5, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xbb2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7fffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfff}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1000}]}]}, 0x204}, 0x1, 0x0, 0x0, 0xe1}, 0x4000084) bind$inet(r3, &(0x7f00000002c0)={0x2, 0x0, @local}, 0x10) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x1000000000001e, 0x4) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r3, 0x0, 0x200005, 0x0) [ 68.072659] audit: type=1400 audit(1573571649.965:6): avc: denied { write } for pid=2294 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 15:14:10 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00\f#\x9f\xd0\x85\xac\xc4\x9b\x81-\xb3\xd7=C\xea', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ftruncate(r3, 0x208200) fcntl$setstatus(r2, 0x4, 0x6000) io_setup(0x1ff, &(0x7f00000004c0)=0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xe0b7}) r5 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) r6 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) readv(r6, &(0x7f00000007c0)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x3b6) r7 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$P9_RREMOVE(r7, &(0x7f0000000280), 0x1033b) r8 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r9, 0x0, 0x3) ioctl$IOC_PR_PREEMPT(r9, 0x401870cb, &(0x7f0000000040)={0x0, 0xd7, 0x2f, 0x9}) write$cgroup_type(r8, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61) r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r10, 0x0, 0x3) dup2(r8, r10) fdatasync(r7) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000200)={0x0, r7}) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) [ 68.220041] audit: type=1400 audit(1573571650.115:7): avc: denied { read } for pid=2294 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 15:14:10 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r1, 0x0, 0x3) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000200)=0x2, 0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newsa={0x160, 0x10, 0x713, 0x0, 0x0, {{@in6=@dev}, {@in6=@mcast2, 0x4d4, 0x32}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_aead={0x70, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x120, 0x60, "e5ded35713882b9ed9bc5c5a1c66b92f789b133cc773ecd14dfa9409c75a3dcd1a150600"}}]}, 0x160}}, 0x0) 15:14:10 executing program 5: open(0x0, 0x0, 0x1c0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0xfffffffffffffffe) fcntl$getownex(r1, 0x10, &(0x7f0000000400)) ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, &(0x7f0000000100)) inotify_init() fcntl$setstatus(r1, 0x4, 0x6100) openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x2a0241, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) read(r2, &(0x7f0000000200)=""/250, 0x50c7e5e2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup2(r4, r0) setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f0000000080), 0x4) add_key(0x0, &(0x7f0000000300)={'syz'}, &(0x7f0000000340), 0x0, 0xfffffffffffffffa) truncate(&(0x7f00000000c0)='./bus\x00', 0x800) r5 = open(&(0x7f0000000000)='./bus\x00', 0xa8800, 0x0) lseek(r1, 0x0, 0x2) sendfile(r1, r5, 0x0, 0x8000fffffffe) writev(r1, &(0x7f0000000680), 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r7, 0x0, 0x0) fcntl$lock(r7, 0x24, &(0x7f0000000100)={0x2, 0x1, 0xd95, 0x20}) fcntl$dupfd(0xffffffffffffffff, 0x605, 0xffffffffffffffff) setsockopt$packet_drop_memb(r6, 0x107, 0x2, &(0x7f0000000340)={0x0, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x3dde20, 0x0) sendfile(r1, r5, 0x0, 0xa5cc554) 15:14:10 executing program 2: accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) rt_sigprocmask(0x2, &(0x7f0000000140)={0x1}, 0x0, 0x8) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0) r1 = eventfd2(0x5, 0x1) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00') preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000080)=""/96, 0x60}, {&(0x7f0000000240)=""/190, 0xbe}], 0x2, 0x1) getpgid(r2) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xfffffffffffffffc, 0x0) socket$packet(0x11, 0x3, 0x300) memfd_create(0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f00000001c0), 0xfffffef3) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, 0x0, 0x400b5) r6 = socket$netlink(0x10, 0x3, 0x8000000004) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) fsetxattr$security_evm(r6, &(0x7f0000000100)='security.evm\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="0233db6bf7d4c6c3bc799df222a748844f02c97573373c76efd146373f2aaf296fc06065478d7a084c6ff8dabad01b9c9aa773ae810086d7839a595e537934dc76551921d0a46dcd996ca1406ad49d7f3d3066e90c4c8c418f5f31ba6df7fc6f01800000000000000ad080b28efc0076619e3d2995fb000000006ca39f934ebb08160236fa14c0db36e946262134c45a98ebdfab9a83f8400000000000000062195ec39fa53d2f69ece3f63d0aa92109da02b2d49210d5fdad23a48a485c80fc6d78889d0ac21a5de5b746b180698407bb0b0ccb9b0500000000000000bb3bc99dab45aece0f9e7888501fd52e6b08826cb6d3af9d59eb0f37c6a717c08174fa864e1d2495460c03eee38bcf3091a16cdb4f"], 0x1, 0x2) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) read(r4, &(0x7f0000000200)=""/250, 0xfffffe8a) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000780)=ANY=[@ANYBLOB="7f454c460209010108000000000000000200030004000000f40100000000000041000000000000004c010000000000000000000005003800010080000200070002000000ff0f0000ff0700000000000003000000000000000000000000000000000000000000000000000000000000000000008000000000be5d0b7aafba3908eabaa1818d8d6a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3a5e4be04c9b7e8e00f704f8e8ea8b25bfe912921b8b31bbaf093302a2803296fde8d9d5387b636071f0cc3c51718225bfd2188e8c47c4cff2dba947865fb58c9d8f017415c8fedca4d17285b8cfa4fa3cbcde89de974e27fc8ce10289444101b12b1e000cec6d1924f43b9f60491cf4018c333478c66d597067dba4ed98d4c1ca6f3883ad19883586f649ad9323cc70d985c6"], 0x287) inotify_init() socket$unix(0x1, 0x1, 0x0) clone(0x100020040004104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 15:14:10 executing program 2: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000040)="240000001a005f0223b3f407000904000200000000100000000f0000080001007f000001", 0x24) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r3, 0x0, 0x3) r4 = getuid() r5 = getgid() setxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='system.posix_acl_default\x00', &(0x7f0000000140)={{}, {0x1, 0x2}, [{0x2, 0x1, r4}], {0x4, 0x7}, [{0x8, 0x2, r5}], {0x10, 0x1}, {0x20, 0x5}}, 0x34, 0x1) lseek(r3, 0xffffffffffffffff, 0x2) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='dctcp-reno\x00', 0xb) 15:14:10 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809473aa31f5ea7dfdf000000fff5dd0000001000010004080800", 0x58}], 0x10000000000001c7) 15:14:10 executing program 0: r0 = socket(0x11, 0xa, 0x0) ioctl$sock_ifreq(r0, 0x20000000000089f0, &(0x7f0000000080)={'sit0\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'syz_tun\x00\x00\x00\x00\xf8\xff\x00', &(0x7f0000002fc0)=@ethtool_link_settings}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) eventfd(0x1) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000080)={'sit0\x00', @ifru_flags}) 15:14:11 executing program 3: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) creat(&(0x7f0000000200)='./file0\x00', 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r1, 0x0, 0x3) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x8401, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.usage_all\x00', 0x0, 0x0) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000240)=@req3={0x80000000, 0x4, 0x0, 0x3ed, 0x2, 0x5, 0x9}, 0x1c) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xcc) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@dev, 0x0, 0x0, 0x0, 0xa}, 0x20) setsockopt(r0, 0x0, 0x40, &(0x7f0000000000), 0x18) [ 69.069559] ------------[ cut here ]------------ [ 69.075159] WARNING: CPU: 0 PID: 2340 at fs/ext4/inode.c:3327 ext4_direct_IO+0x226d/0x2a80() [ 69.161694] Kernel panic - not syncing: panic_on_warn set ... [ 69.161694] [ 69.169113] CPU: 0 PID: 2340 Comm: syz-executor.4 Not tainted 4.4.174+ #4 [ 69.176036] 0000000000000000 a5e3b6fa64d51075 ffff8800a49af588 ffffffff81aad1a1 [ 69.184511] 0000000000000000 ffffffff82835ee0 ffffffff828bfa40 0000000000000cff [ 69.192810] ffffffff816417cd ffff8800a49af668 ffffffff813a48c2 0000000041b58ab3 [ 69.200909] Call Trace: [ 69.203592] [] dump_stack+0xc1/0x120 [ 69.210009] [] ? ext4_direct_IO+0x226d/0x2a80 [ 69.216336] [] panic+0x1b9/0x37b [ 69.221378] [] ? add_taint.cold+0x16/0x16 [ 69.227191] [] ? warn_slowpath_common.cold+0x5/0x20 [ 69.233863] [] warn_slowpath_common.cold+0x20/0x20 [ 69.240551] [] warn_slowpath_null+0x2a/0x30 [ 69.246525] [] ext4_direct_IO+0x226d/0x2a80 [ 69.252587] [] ? ext4_update_bh_state+0xf0/0xf0 [ 69.258934] [] ? ext4_end_io_dio+0xc0/0xc0 [ 69.264849] [] ? __filemap_fdatawrite_range+0x1b5/0x260 [ 69.271869] [] ? filemap_fdatawait_range+0x3d/0x50 [ 69.278753] [] generic_file_direct_write+0x276/0x4f0 [ 69.285594] [] ? filemap_write_and_wait_range+0xb0/0xb0 [ 69.292695] [] ? file_update_time+0xc1/0x3c0 [ 69.298758] [] ? mutex_trylock+0x500/0x500 [ 69.304668] [] __generic_file_write_iter+0x245/0x540 [ 69.312756] [] ext4_file_write_iter+0x9ec/0xc70 [ 69.319442] [] ? depot_save_stack+0x1c3/0x5f0 [ 69.325740] [] ? ext4_unwritten_wait+0x200/0x200 [ 69.332252] [] ? check_preemption_disabled+0x3c/0x200 [ 69.339106] [] ? check_preemption_disabled+0x3c/0x200 [ 69.346128] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 69.353068] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 69.359662] [] ? aio_run_iocb+0x682/0x6f0 [ 69.365470] [] aio_run_iocb+0x4ff/0x6f0 [ 69.371103] [] ? ext4_unwritten_wait+0x200/0x200 [ 69.377631] [] ? aio_complete+0xb90/0xb90 [ 69.383445] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 69.390202] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 69.397063] [] ? __might_fault+0x117/0x1d0 [ 69.403038] [] do_io_submit+0x639/0xf10 [ 69.409076] [] ? do_io_submit+0x2d2/0xf10 [ 69.415078] [] ? SyS_io_destroy+0x350/0x350 [ 69.421301] [] ? SyS_clock_gettime+0x118/0x1e0 [ 69.427792] [] ? SyS_clock_settime+0x220/0x220 [ 69.434057] [] SyS_io_submit+0x28/0x30 [ 69.440646] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 69.448539] Kernel Offset: disabled [ 69.452197] Rebooting in 86400 seconds..