[....] Starting enhanced syslogd: rsyslogd[   13.521295] audit: type=1400 audit(1573571595.415:4): avc:  denied  { syslog } for  pid=1920 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.222' (ECDSA) to the list of known hosts.
2019/11/12 15:13:27 fuzzer started
2019/11/12 15:13:29 dialing manager at 10.128.0.26:43743
2019/11/12 15:13:29 syscalls: 1354
2019/11/12 15:13:29 code coverage: enabled
2019/11/12 15:13:29 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/11/12 15:13:29 extra coverage: extra coverage is not supported by the kernel
2019/11/12 15:13:29 setuid sandbox: enabled
2019/11/12 15:13:29 namespace sandbox: enabled
2019/11/12 15:13:29 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/12 15:13:29 fault injection: kernel does not have systematic fault injection support
2019/11/12 15:13:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/12 15:13:29 net packet injection: enabled
2019/11/12 15:13:29 net device setup: enabled
2019/11/12 15:13:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/11/12 15:13:29 devlink PCI setup: PCI device 0000:00:10.0 is not available
15:14:08 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071")
syz_open_dev$sndtimer(&(0x7f0000026000)='/dev/snd/timer\x00', 0x0, 0x0)
r1 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0)
close(r1)

15:14:08 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000200)={@local, @random="0598af6b9c77", [{}], {@ipv6={0x86dd, {0x0, 0x6, "db5bff", 0x8, 0x0, 0x0, @remote, @initdev={0xfe, 0x88, [], 0x0, 0x0}, {[], @icmpv6=@echo_request}}}}}, 0x0)

15:14:08 executing program 3:
r0 = socket$inet(0x2, 0x0, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc)
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2(0x0, 0x4000)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000180))
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x1, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 0xc125, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000100)={@multicast1, @local, 0x0, 0x2}, 0x134)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x101}, 0x10)

15:14:08 executing program 4:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x220020, 0x0)

15:14:08 executing program 1:
ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x800, 0xe4)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
close(r1)
connect$netlink(0xffffffffffffffff, &(0x7f0000000000), 0xc)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
shutdown(r2, 0x1)
setsockopt$inet_tcp_int(r2, 0x6, 0x4000000000014, &(0x7f0000000000)=0x80000000002, 0xe3)
recvmmsg(r2, &(0x7f00000001c0), 0x460, 0xea225aec34b1dd0e, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
open(0x0, 0x0, 0x0)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000180)={0x4, &(0x7f0000000100)=[{0x9, 0x3}, {0x3, 0x0, 0x7f, 0x6}, {0x0, 0x6, 0x8, 0x2}, {0x0, 0x80, 0x9}]})
creat(&(0x7f0000000140)='./bus\x00', 0x0)
socket(0x5, 0x0, 0xff)
ftruncate(0xffffffffffffffff, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x0, 0x0)

15:14:08 executing program 5:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)

15:14:09 executing program 4:
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x3, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x2080, 0x0)
getdents64(r0, &(0x7f0000000000)=""/24, 0xfe9c)

15:14:09 executing program 4:
clone(0x0, &(0x7f0000000140), 0x0, 0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
ppoll(&(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000000008)
ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422)
keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$negate(0xd, 0x0, 0x80000001, 0x0)
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff})
read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x0, 0x0, 0x39b)

15:14:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(0x0)
write$apparmor_current(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$inet6(0xa, 0x480040004000, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x1000, 0x0)
pipe(&(0x7f0000000440)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
ioctl$BLKALIGNOFF(r3, 0x127a, &(0x7f00000000c0))
sendfile(r2, r3, 0x0, 0xfffffffffffffffc)
write(r1, &(0x7f00000001c0), 0xfffffef3)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2cb, &(0x7f000039a000)}, 0x10)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xffffffa3)
socketpair(0x8, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8946, &(0x7f0000000100)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ')
splice(r4, 0x0, r7, 0x0, 0x1003, 0x0)
read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000300), &(0x7f0000000380)=0xc)
ioctl$PPPIOCGFLAGS1(r0, 0x8004745a, &(0x7f0000000600))
bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r8, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x3d)
write$binfmt_elf64(r8, &(0x7f0000000640)=ANY=[], 0xffffff9c)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r9 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
ioctl$FS_IOC_FIEMAP(r9, 0xc020660b, &(0x7f0000000740)={0x0, 0xffffffffffffff51, 0x0, 0x0, 0x4d9})
ioctl$sock_inet_SIOCADDRT(r9, 0x890b, 0x0)
recvmsg(r8, &(0x7f0000000180)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100)

15:14:09 executing program 5:
r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/user\x00', 0x2, 0x0)
write$selinux_user(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="756e636f6e66696e65645f753a73797374656d5f723a696e736d6f645f743a73303a63302e6331303233ff030000725f75"], 0x31)
alarm(0xffff)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x42)
write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c)
accept4$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f00000000c0)=0x1c, 0x0)

syzkaller login: [   67.987145] audit: type=1400 audit(1573571649.875:5): avc:  denied  { create } for  pid=2294 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
15:14:09 executing program 1:
pipe(&(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socket$packet(0x11, 0xa, 0x300)
close(0xffffffffffffffff)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61)
fcntl$dupfd(0xffffffffffffffff, 0x0, r2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
fcntl$setpipe(r1, 0x407, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x14480084}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x204, r4, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x50, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff9}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}]}, @TIPC_NLA_BEARER={0xa8, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x7, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x2}}, {0x14, 0x2, @in={0x2, 0x4e20, @loopback}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x7, @rand_addr="dd10e101b8531c8fb2037f5c10336b32", 0x8001}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x10000, @empty, 0x2}}}}]}, @TIPC_NLA_MON={0x4c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x101}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x330e}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}]}, @TIPC_NLA_MEDIA={0x5c, 0x5, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xbb2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7fffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfff}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1000}]}]}, 0x204}, 0x1, 0x0, 0x0, 0xe1}, 0x4000084)
bind$inet(r3, &(0x7f00000002c0)={0x2, 0x0, @local}, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x1000000000001e, 0x4)
connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r0, 0x0, r3, 0x0, 0x200005, 0x0)

[   68.072659] audit: type=1400 audit(1573571649.965:6): avc:  denied  { write } for  pid=2294 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
15:14:10 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00\f#\x9f\xd0\x85\xac\xc4\x9b\x81-\xb3\xd7=C\xea', 0x200002, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
r3 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r3, 0x208200)
fcntl$setstatus(r2, 0x4, 0x6000)
io_setup(0x1ff, &(0x7f00000004c0)=<r4=>0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xe0b7})
r5 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0)
r6 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0)
readv(r6, &(0x7f00000007c0)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x3b6)
r7 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$P9_RREMOVE(r7, &(0x7f0000000280), 0x1033b)
r8 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r9, 0x0, 0x3)
ioctl$IOC_PR_PREEMPT(r9, 0x401870cb, &(0x7f0000000040)={0x0, 0xd7, 0x2f, 0x9})
write$cgroup_type(r8, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r10, 0x0, 0x3)
dup2(r8, r10)
fdatasync(r7)
ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000200)={0x0, r7})
io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}])

[   68.220041] audit: type=1400 audit(1573571650.115:7): avc:  denied  { read } for  pid=2294 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
15:14:10 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r1, 0x0, 0x3)
setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000200)=0x2, 0x4)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newsa={0x160, 0x10, 0x713, 0x0, 0x0, {{@in6=@dev}, {@in6=@mcast2, 0x4d4, 0x32}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_aead={0x70, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x120, 0x60, "e5ded35713882b9ed9bc5c5a1c66b92f789b133cc773ecd14dfa9409c75a3dcd1a150600"}}]}, 0x160}}, 0x0)

15:14:10 executing program 5:
open(0x0, 0x0, 0x1c0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000700)='./bus\x00', 0xfffffffffffffffe)
fcntl$getownex(r1, 0x10, &(0x7f0000000400))
ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, &(0x7f0000000100))
inotify_init()
fcntl$setstatus(r1, 0x4, 0x6100)
openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x2a0241, 0x0)
pipe(&(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000001c0), 0xfffffef3)
read(r2, &(0x7f0000000200)=""/250, 0x50c7e5e2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff})
dup2(r4, r0)
setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f0000000080), 0x4)
add_key(0x0, &(0x7f0000000300)={'syz'}, &(0x7f0000000340), 0x0, 0xfffffffffffffffa)
truncate(&(0x7f00000000c0)='./bus\x00', 0x800)
r5 = open(&(0x7f0000000000)='./bus\x00', 0xa8800, 0x0)
lseek(r1, 0x0, 0x2)
sendfile(r1, r5, 0x0, 0x8000fffffffe)
writev(r1, &(0x7f0000000680), 0x0)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write(r7, 0x0, 0x0)
fcntl$lock(r7, 0x24, &(0x7f0000000100)={0x2, 0x1, 0xd95, 0x20})
fcntl$dupfd(0xffffffffffffffff, 0x605, 0xffffffffffffffff)
setsockopt$packet_drop_memb(r6, 0x107, 0x2, &(0x7f0000000340)={0x0, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x3dde20, 0x0)
sendfile(r1, r5, 0x0, 0xa5cc554)

15:14:10 executing program 2:
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
rt_sigprocmask(0x2, &(0x7f0000000140)={0x1}, 0x0, 0x8)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0)
r1 = eventfd2(0x5, 0x1)
fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000640)={'syz1\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00')
preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000080)=""/96, 0x60}, {&(0x7f0000000240)=""/190, 0xbe}], 0x2, 0x1)
getpgid(r2)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0xfffffffffffffffc, 0x0)
socket$packet(0x11, 0x3, 0x300)
memfd_create(0x0, 0x0)
pipe(&(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f00000001c0), 0xfffffef3)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, 0x0, 0x0)
sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, 0x0, 0x400b5)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0)
fsetxattr$security_evm(r6, &(0x7f0000000100)='security.evm\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="0233db6bf7d4c6c3bc799df222a748844f02c97573373c76efd146373f2aaf296fc06065478d7a084c6ff8dabad01b9c9aa773ae810086d7839a595e537934dc76551921d0a46dcd996ca1406ad49d7f3d3066e90c4c8c418f5f31ba6df7fc6f01800000000000000ad080b28efc0076619e3d2995fb000000006ca39f934ebb08160236fa14c0db36e946262134c45a98ebdfab9a83f8400000000000000062195ec39fa53d2f69ece3f63d0aa92109da02b2d49210d5fdad23a48a485c80fc6d78889d0ac21a5de5b746b180698407bb0b0ccb9b0500000000000000bb3bc99dab45aece0f9e7888501fd52e6b08826cb6d3af9d59eb0f37c6a717c08174fa864e1d2495460c03eee38bcf3091a16cdb4f"], 0x1, 0x2)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0)
read(r4, &(0x7f0000000200)=""/250, 0xfffffe8a)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000780)=ANY=[@ANYBLOB="7f454c460209010108000000000000000200030004000000f40100000000000041000000000000004c010000000000000000000005003800010080000200070002000000ff0f0000ff0700000000000003000000000000000000000000000000000000000000000000000000000000000000008000000000be5d0b7aafba3908eabaa1818d8d6a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3a5e4be04c9b7e8e00f704f8e8ea8b25bfe912921b8b31bbaf093302a2803296fde8d9d5387b636071f0cc3c51718225bfd2188e8c47c4cff2dba947865fb58c9d8f017415c8fedca4d17285b8cfa4fa3cbcde89de974e27fc8ce10289444101b12b1e000cec6d1924f43b9f60491cf4018c333478c66d597067dba4ed98d4c1ca6f3883ad19883586f649ad9323cc70d985c6"], 0x287)
inotify_init()
socket$unix(0x1, 0x1, 0x0)
clone(0x100020040004104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)

15:14:10 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000040)="240000001a005f0223b3f407000904000200000000100000000f0000080001007f000001", 0x24)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61)
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r3, 0x0, 0x3)
r4 = getuid()
r5 = getgid()
setxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='system.posix_acl_default\x00', &(0x7f0000000140)={{}, {0x1, 0x2}, [{0x2, 0x1, r4}], {0x4, 0x7}, [{0x8, 0x2, r5}], {0x10, 0x1}, {0x20, 0x5}}, 0x34, 0x1)
lseek(r3, 0xffffffffffffffff, 0x2)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='dctcp-reno\x00', 0xb)

15:14:10 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809473aa31f5ea7dfdf000000fff5dd0000001000010004080800", 0x58}], 0x10000000000001c7)

15:14:10 executing program 0:
r0 = socket(0x11, 0xa, 0x0)
ioctl$sock_ifreq(r0, 0x20000000000089f0, &(0x7f0000000080)={'sit0\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'syz_tun\x00\x00\x00\x00\xf8\xff\x00', &(0x7f0000002fc0)=@ethtool_link_settings})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
eventfd(0x1)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000080)={'sit0\x00', @ifru_flags})

15:14:11 executing program 3:
perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r1, 0x0, 0x3)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x8401, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.usage_all\x00', 0x0, 0x0)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000240)=@req3={0x80000000, 0x4, 0x0, 0x3ed, 0x2, 0x5, 0x9}, 0x1c)
write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xd4b9f61)
write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0xcc)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@dev, 0x0, 0x0, 0x0, 0xa}, 0x20)
setsockopt(r0, 0x0, 0x40, &(0x7f0000000000), 0x18)

[   69.069559] ------------[ cut here ]------------
[   69.075159] WARNING: CPU: 0 PID: 2340 at fs/ext4/inode.c:3327 ext4_direct_IO+0x226d/0x2a80()
[   69.161694] Kernel panic - not syncing: panic_on_warn set ...
[   69.161694] 
[   69.169113] CPU: 0 PID: 2340 Comm: syz-executor.4 Not tainted 4.4.174+ #4
[   69.176036]  0000000000000000 a5e3b6fa64d51075 ffff8800a49af588 ffffffff81aad1a1
[   69.184511]  0000000000000000 ffffffff82835ee0 ffffffff828bfa40 0000000000000cff
[   69.192810]  ffffffff816417cd ffff8800a49af668 ffffffff813a48c2 0000000041b58ab3
[   69.200909] Call Trace:
[   69.203592]  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120
[   69.210009]  [<ffffffff816417cd>] ? ext4_direct_IO+0x226d/0x2a80
[   69.216336]  [<ffffffff813a48c2>] panic+0x1b9/0x37b
[   69.221378]  [<ffffffff813a4709>] ? add_taint.cold+0x16/0x16
[   69.227191]  [<ffffffff813a4a9e>] ? warn_slowpath_common.cold+0x5/0x20
[   69.233863]  [<ffffffff813a4ab9>] warn_slowpath_common.cold+0x20/0x20
[   69.240551]  [<ffffffff810d3aaa>] warn_slowpath_null+0x2a/0x30
[   69.246525]  [<ffffffff816417cd>] ext4_direct_IO+0x226d/0x2a80
[   69.252587]  [<ffffffff8163f4a0>] ? ext4_update_bh_state+0xf0/0xf0
[   69.258934]  [<ffffffff8163f560>] ? ext4_end_io_dio+0xc0/0xc0
[   69.264849]  [<ffffffff813bc545>] ? __filemap_fdatawrite_range+0x1b5/0x260
[   69.271869]  [<ffffffff813b75cd>] ? filemap_fdatawait_range+0x3d/0x50
[   69.278753]  [<ffffffff813bcae6>] generic_file_direct_write+0x276/0x4f0
[   69.285594]  [<ffffffff813bc870>] ? filemap_write_and_wait_range+0xb0/0xb0
[   69.292695]  [<ffffffff814e9521>] ? file_update_time+0xc1/0x3c0
[   69.298758]  [<ffffffff8270c0d0>] ? mutex_trylock+0x500/0x500
[   69.304668]  [<ffffffff813bcfa5>] __generic_file_write_iter+0x245/0x540
[   69.312756]  [<ffffffff81633d3c>] ext4_file_write_iter+0x9ec/0xc70
[   69.319442]  [<ffffffff81b46d63>] ? depot_save_stack+0x1c3/0x5f0
[   69.325740]  [<ffffffff81633350>] ? ext4_unwritten_wait+0x200/0x200
[   69.332252]  [<ffffffff81b0abec>] ? check_preemption_disabled+0x3c/0x200
[   69.339106]  [<ffffffff81b0abec>] ? check_preemption_disabled+0x3c/0x200
[   69.346128]  [<ffffffff8123a98b>] ? rcu_read_lock_sched_held+0x10b/0x130
[   69.353068]  [<ffffffff8123b043>] ? rcu_sync_lockdep_assert+0x73/0xb0
[   69.359662]  [<ffffffff8157ff52>] ? aio_run_iocb+0x682/0x6f0
[   69.365470]  [<ffffffff8157fdcf>] aio_run_iocb+0x4ff/0x6f0
[   69.371103]  [<ffffffff81633350>] ? ext4_unwritten_wait+0x200/0x200
[   69.377631]  [<ffffffff8157f8d0>] ? aio_complete+0xb90/0xb90
[   69.383445]  [<ffffffff8123a761>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   69.390202]  [<ffffffff8123a761>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   69.397063]  [<ffffffff814308c7>] ? __might_fault+0x117/0x1d0
[   69.403038]  [<ffffffff81584279>] do_io_submit+0x639/0xf10
[   69.409076]  [<ffffffff81583f12>] ? do_io_submit+0x2d2/0xf10
[   69.415078]  [<ffffffff81583c40>] ? SyS_io_destroy+0x350/0x350
[   69.421301]  [<ffffffff81269e18>] ? SyS_clock_gettime+0x118/0x1e0
[   69.427792]  [<ffffffff81269d00>] ? SyS_clock_settime+0x220/0x220
[   69.434057]  [<ffffffff81584b78>] SyS_io_submit+0x28/0x30
[   69.440646]  [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[   69.448539] Kernel Offset: disabled
[   69.452197] Rebooting in 86400 seconds..