[....] Starting enhanced syslogd: rsyslogd[ 15.289619] audit: type=1400 audit(1575404834.335:4): avc: denied { syslog } for pid=1917 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts. 2019/12/03 20:27:26 fuzzer started 2019/12/03 20:27:28 dialing manager at 10.128.0.26:38647 2019/12/03 20:27:28 syscalls: 1382 2019/12/03 20:27:28 code coverage: enabled 2019/12/03 20:27:28 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/12/03 20:27:28 extra coverage: extra coverage is not supported by the kernel 2019/12/03 20:27:28 setuid sandbox: enabled 2019/12/03 20:27:28 namespace sandbox: enabled 2019/12/03 20:27:28 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 20:27:28 fault injection: kernel does not have systematic fault injection support 2019/12/03 20:27:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 20:27:28 net packet injection: enabled 2019/12/03 20:27:28 net device setup: enabled 2019/12/03 20:27:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/03 20:27:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 20:28:16 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x1f) getdents64(0xffffffffffffff9c, &(0x7f0000000080)=""/234, 0xea) fchmodat(r0, &(0x7f0000000180)='./file0\x00', 0x1a0) socket(0x2, 0x2, 0x1) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000200)={0x8, &(0x7f00000001c0)=[{0x0, 0x1, 0x8, 0x2}, {0x2, 0x13, 0x20, 0x4}, {0x6, 0xcd, 0x2b, 0x3d65}, {0x3, 0x8, 0x5, 0x7ff}, {0x3ff, 0x40, 0x1, 0x3f}, {0x2, 0x2, 0x20, 0x2}, {0x1, 0xff, 0x6, 0x4}, {0xaff0, 0xfb, 0x8, 0x7fffffff}]}) r1 = syz_open_dev$binderN(&(0x7f0000000240)='/dev/binder#\x00', 0x0, 0x1002) ioctl$int_out(r1, 0x0, &(0x7f0000000280)) r2 = dup(0xffffffffffffffff) getdents64(r2, &(0x7f00000002c0)=""/243, 0xf3) fcntl$notify(r0, 0x402, 0x80000008) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000003c0)='cgroup.threads\x00', 0x2, 0x0) syz_open_dev$sndtimer(&(0x7f0000000400)='/dev/snd/timer\x00', 0x0, 0x200) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000440)=0x3) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000480)) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000004c0)='/selinux/checkreqprot\x00', 0x400, 0x0) renameat2(r3, &(0x7f0000000500)='./file0\x00', r2, &(0x7f0000000540)='./file0\x00', 0x4) ioctl$BLKROTATIONAL(0xffffffffffffffff, 0x127e, &(0x7f0000000580)) pipe2$9p(&(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) write$P9_RRENAMEAT(r4, &(0x7f0000000600)={0x7, 0x4b, 0x2}, 0x7) r5 = openat(0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00', 0x143100, 0x10) setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f00000006c0)={0x2, &(0x7f0000000680)=[{0x7, 0x1f, 0x20, 0x58}, {0x1d7, 0x27, 0x3f, 0x8}]}, 0x10) r6 = syz_open_dev$mice(&(0x7f0000000700)='/dev/input/mice\x00', 0x0, 0x80) r7 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000740)='/selinux/avc/hash_stats\x00', 0x0, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000780)='/selinux/enforce\x00', 0x402000, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000005, 0x810, r8, 0xde51a000) stat(&(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r7, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000900)={{{@in=@dev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@dev}}, &(0x7f0000000a00)=0xe8) setresuid(r9, r10, r11) 20:28:16 executing program 0: r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x14, 0x800) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={0x0, @multicast1, @broadcast}, &(0x7f0000000180)=0xc) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={0x0, @ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x3}, @xdp={0x2c, 0x17, r1, 0x7}, @hci, 0x4, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xfffffffffffffffe, 0x2, 0x5}) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000240)='trusted.overlay.opaque\x00', &(0x7f0000000280)='y\x00', 0x2, 0x2) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000300)={@dev={0xfe, 0x80, [], 0x2b}}, 0x14) write(r2, &(0x7f0000000340)="cacc3a0b1dbfafa220a2ceaefd1ddbc2c9a6dbb9ff5b827cdca0ef1cd6632fb1c0a942c8fb41c5236ad73e1fe55da379ccd97a4b440c9d1b3c452bf9baa662f5198a827983fda043a7259a8aa502f0a15cf6b2832fa654dd406da10edcc246c7d5eed413da5231c6a587b7a3acbabd716accae7b5e7c06f2a1fbf44999545e91c8152f7e202387adf2d8710f89d0670f098eb0979d0cea685ff176a74f624214e68fed15feffd24bbae002f78425aadbb2f5f3bc6919", 0xb6) pipe2$9p(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000440)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_opts(r4, 0x29, 0x0, &(0x7f0000005980)=@dstopts={0x2, 0x12, [], [@hao={0xc9, 0x10, @loopback}, @enc_lim={0x4, 0x1, 0xaf}, @generic={0xff, 0x68, "3201fae3b5e6b83e85a53eae0bf3b75597e6779b1751e963cb228095b7d1ffc064f1af173fb84b74639aa54642d5684cb40b0acb04a55635361d8d1fa9fa3de81cc1d63fa34d130611b6a4337f4ff67905f0c9062acf0138298097d4a8d0a5979181134bea1f2f96"}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, [], 0x1, 0x0}}]}, 0xa0) r5 = open(&(0x7f0000005bc0)='./file0\x00', 0x800, 0x10) r6 = syz_genetlink_get_family_id$net_dm(&(0x7f0000005c40)='NET_DM\x00') sendmsg$NET_DM_CMD_STOP(r5, &(0x7f0000005d00)={&(0x7f0000005c00)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000005cc0)={&(0x7f0000005c80)={0x14, r6, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x10) r7 = dup(0xffffffffffffffff) setsockopt$inet6_tcp_int(r7, 0x6, 0x11, &(0x7f0000009b00)=0x5, 0x4) r8 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000009b40)='/selinux/mls\x00', 0x0, 0x0) setsockopt$packet_drop_memb(r8, 0x107, 0x2, &(0x7f0000009b80)={r1, 0x1, 0x6, @dev={[], 0x26}}, 0x10) r9 = socket$inet_udp(0x2, 0x2, 0x0) fcntl$notify(r9, 0x402, 0x80000004) getsockopt$inet6_buf(r4, 0x29, 0x2d, &(0x7f0000009bc0)=""/221, &(0x7f0000009cc0)=0xdd) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000009d00)='/dev/ptmx\x00', 0x20000, 0x0) ioctl$TCSETS2(r10, 0x402c542b, &(0x7f0000009d40)={0x4, 0x7ff, 0x6, 0x7, 0x2, "70c97ee6f268f7d509518edbcef95b4286b446", 0x400, 0x1}) r11 = dup3(r2, 0xffffffffffffffff, 0x80000) ioctl$TIOCGPGRP(r11, 0x540f, &(0x7f0000009d80)=0x0) recvmmsg(0xffffffffffffffff, &(0x7f000000e180)=[{{0x0, 0x0, &(0x7f000000c180)=[{&(0x7f0000009e80)=""/192, 0xc0}, {&(0x7f0000009f40)=""/122, 0x7a}, {&(0x7f0000009fc0)=""/4096, 0x1000}, {&(0x7f000000afc0)=""/172, 0xac}, {&(0x7f000000b080)=""/4096, 0x1000}, {&(0x7f000000c080)=""/235, 0xeb}], 0x6, &(0x7f000000c200)=""/202, 0xca}, 0xe8f}, {{&(0x7f000000c300)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f000000c840)=[{&(0x7f000000c380)=""/219, 0xdb}, {&(0x7f000000c480)=""/110, 0x6e}, {&(0x7f000000c500)=""/154, 0x9a}, {&(0x7f000000c5c0)=""/212, 0xd4}, {&(0x7f000000c6c0)=""/84, 0x54}, {&(0x7f000000c740)=""/255, 0xff}], 0x6, &(0x7f000000c8c0)=""/140, 0x8c}, 0x6}, {{0x0, 0x0, &(0x7f000000cc80)=[{&(0x7f000000c980)=""/15, 0xf}, {&(0x7f000000c9c0)=""/233, 0xe9}, {&(0x7f000000cac0)=""/132, 0x84}, {&(0x7f000000cb80)=""/192, 0xc0}, {&(0x7f000000cc40)=""/25, 0x19}], 0x5}, 0x7fff}, {{&(0x7f000000cd00)=@pppoe={0x18, 0x0, {0x0, @random}}, 0x80, &(0x7f000000cec0)=[{&(0x7f000000cd80)=""/54, 0x36}, {&(0x7f000000cdc0)=""/215, 0xd7}], 0x2, &(0x7f000000cf00)=""/124, 0x7c}, 0x101}, {{&(0x7f000000cf80)=@hci={0x1f, 0x0}, 0x80, &(0x7f000000e040)=[{&(0x7f000000d000)=""/38, 0x26}, {&(0x7f000000d040)=""/4096, 0x1000}], 0x2, &(0x7f000000e080)=""/224, 0xe0}, 0x5}], 0x5, 0x40000080, &(0x7f000000e2c0)) setsockopt$inet6_IPV6_PKTINFO(r4, 0x29, 0x32, &(0x7f000000e300)={@mcast1, r13}, 0x14) connect$unix(0xffffffffffffffff, &(0x7f000000e340)=@abs={0x1, 0x0, 0x4e21}, 0x6e) r14 = syz_open_procfs(r12, &(0x7f000000e3c0)='net/ip6_mr_cache\x00') lstat(&(0x7f000000e440)='./file0\x00', &(0x7f000000e480)={0x0, 0x0, 0x0, 0x0, 0x0}) r16 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) sendmsg$nl_generic(r14, &(0x7f000000e840)={&(0x7f000000e400)={0x10, 0x0, 0x0, 0x89321212f93a3b53}, 0xc, &(0x7f000000e800)={&(0x7f000000e500)={0x2dc, 0x32, 0x708, 0x70bd2a, 0x25dfdbff, {0x16}, [@nested={0x118, 0x62, [@generic="8404ba8d9e5d22d911799583fc76747e8fddfa735ace36d000de4905d2492f9d20267d7c0569e50d2201908b70eddf39", @generic="e4cf4799dae087bdf76dfc48f851f89dd5d38498fbe963b73d1954b76bc4e25f337e266c286abc2404c83d85a5dde632722096a9fdede01ba683da7038608648c9c5cbe78a8344d9d85cda9532ae0a3eb7b40965e35f608acae748b2b1d47cc0215ffdfc19f5ecb113df4b234305b19a53f0c04b86e9e71da33573c02983e30f452e305d1ef5d1ff2d2e69cb24fea5b40e", @typed={0x14, 0x29, @ipv6=@local}, @typed={0x8, 0x88, @ipv4=@loopback}, @generic="86384db23b51cc5c34317d7408572b19", @typed={0x14, 0x65, @str='/selinux/mls\x00'}, @typed={0x8, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @typed={0x8, 0x9, @uid=r15}]}, @typed={0x4, 0x2c}, @nested={0xfc, 0x92, [@generic="f81d0b899cee44dcaefa5329f989f0e644ad10bced75baf6ac1fe3c21a2fd10e9d20681d1db0b2ea8772a3e84af9b5e92e4f6fd02a0352e846c9bb21b0eb6cc876619e2711457d92d74640fa035e6cc366c5b33bf9f71f3b065a35930046085fc1d5ed1308fb4e0a9e60162031fba8e669bb700dbaa0e8065d687dcd45410c14da7ce2e656c832fcf27c36f07c47a3359090487bd6cbf24f4d1bd2b13056066053015abb42be69363d5fc1a01f686c42b8dd2e41c6b511df1d2e1a979db95bc5baf1d9d7509c18dad526d67cc60aff689cd351335d5dba2aeef835397a2cbce8a7e0f88f1eb839e3c05ac29da51bde18b1", @typed={0x4, 0x8a}]}, @nested={0xb0, 0x69, [@generic="0476462013e6d52775f4fe2f3e1ee1507ece6fabdbb0795be3233689c5a63efa67ac82203c08e28832a36494912f42c781e5feb680c9b5c7775441195aa0730fc445c18a95f98fc907ec0e15f0", @generic="682a0f419d394d4a23bd213741ef7033a42f09179942f1c278130767bf6713edfe9495479d2312a28dbf384b4045c6ec90da9e63ee3ffaf5f62365c0c60093823b45", @typed={0x14, 0x86, @ipv6=@rand_addr="8cd387ba953966c0ddcc4204f4703eb2"}, @typed={0x8, 0x3e, @fd=r16}]}]}, 0x2dc}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) 20:28:16 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000002c0), &(0x7f0000000180)=0x14) 20:28:16 executing program 1: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000380)='./file0\x00', 0x1043, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000440)=""/11, 0x330) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file1\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGEFFECTS(r1, 0x80044584, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 20:28:16 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) close(r1) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r2 = open(&(0x7f0000000400)='./bus\x00', 0x1044142, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000007, 0x11, r0, 0x0) r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r3, 0x208200) sendfile(r1, r2, 0x0, 0x8000fffffffe) 20:28:16 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0x6b) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x233) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf3, 0x21fc}, 0x14) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0xfffffd83) splice(r1, 0x0, r3, 0x0, 0x10003, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") syzkaller login: [ 78.889364] audit: type=1400 audit(1575404897.935:5): avc: denied { create } for pid=2262 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 78.916815] audit: type=1400 audit(1575404897.965:6): avc: denied { write } for pid=2262 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 78.990681] audit: type=1400 audit(1575404898.035:7): avc: denied { read } for pid=2262 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 20:28:18 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10812, r1, 0x0) [ 79.057180] binder: 2273:2275 ioctl 0 20000280 returned -22 20:28:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f00000005c0)=[{&(0x7f0000000180)=""/214, 0xd6}, {0x0}], 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00515) shutdown(r0, 0x0) dup(0xffffffffffffffff) shutdown(0xffffffffffffffff, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000600)=""/48, 0x30}, {0x0}, {0x0}], 0x4}, 0x40002) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0x1de, 0x0, 0x0, 0x800e0050e) shutdown(r3, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r4, 0x0) shutdown(r1, 0x0) 20:28:18 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0805b5055e0bcfe8474071") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@acquire={0x128, 0x17, 0x7, 0x0, 0x0, {{@in=@remote}, @in=@remote, {@in=@initdev, @in=@local}, {{@in6=@ipv4={[], [], @local}, @in6=@mcast1}}}}, 0x128}, 0x8}, 0x0) 20:28:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0xb3) ppoll(&(0x7f0000000100)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)) [ 79.149772] binder: 2273:2295 ioctl 0 20000280 returned -22 20:28:18 executing program 5: write$tun(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="3ecc2d42e556c9"], 0x1) clone(0x4000200000041fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() pause() ptrace(0x10, r0) ptrace$getregs(0xe, r0, 0x0, &(0x7f0000000000)=""/245) [ 79.238328] ------------[ cut here ]------------ [ 79.252482] WARNING: CPU: 1 PID: 2310 at net/xfrm/xfrm_user.c:2210 xfrm_add_acquire+0x7a1/0x9c0() [ 79.262021] BAD policy passed [ 79.265353] Kernel panic - not syncing: panic_on_warn set ... [ 79.265353] [ 79.272735] CPU: 1 PID: 2310 Comm: syz-executor.3 Not tainted 4.4.174+ #4 [ 79.279657] 0000000000000000 d3fcac3f02b63b24 ffff8801bfe9f3f0 ffffffff81aad1a1 [ 79.287845] ffff8801bfe9f540 ffffffff82835ee0 ffffffff82a9d500 00000000000008a2 [ 79.295879] ffffffff825836c1 ffff8801bfe9f4d0 ffffffff813a48c2 0000000041b58ab3 [ 79.303994] Call Trace: [ 79.307002] [] dump_stack+0xc1/0x120 [ 79.312377] [] ? xfrm_add_acquire+0x7a1/0x9c0 [ 79.318514] [] panic+0x1b9/0x37b [ 79.323528] [] ? add_taint.cold+0x16/0x16 [ 79.329313] [] ? vprintk_emit+0x248/0x820 [ 79.335107] [] ? warn_slowpath_common.cold+0x5/0x20 [ 79.341769] [] warn_slowpath_common.cold+0x20/0x20 [ 79.348330] [] warn_slowpath_fmt+0xbf/0x100 [ 79.354283] [] ? warn_slowpath_common+0x120/0x120 [ 79.360759] [] ? lockdep_init_map+0x114/0x1520 [ 79.366975] [] ? __raw_spin_lock_init+0x2d/0x100 [ 79.373488] [] xfrm_add_acquire+0x7a1/0x9c0 [ 79.379454] [] ? selinux_capable+0x41/0x50 [ 79.385326] [] ? security_capable+0x94/0xc0 [ 79.391283] [] ? xfrm_policy_construct+0x770/0x770 [ 79.397848] [] ? memset+0x32/0x40 [ 79.402947] [] ? nla_parse+0x15f/0x1c0 [ 79.408477] [] ? xfrm_policy_construct+0x770/0x770 [ 79.415062] [] xfrm_user_rcv_msg+0x37c/0x630 [ 79.421145] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 79.427201] [] ? mutex_trylock+0x500/0x500 [ 79.433082] [] netlink_rcv_skb+0xd4/0x2e0 [ 79.438863] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 79.444928] [] xfrm_netlink_rcv+0x70/0x90 [ 79.450714] [] netlink_unicast+0x4d7/0x700 [ 79.456591] [] ? netlink_sendskb+0x60/0x60 [ 79.462465] [] netlink_sendmsg+0x6b6/0xc80 [ 79.468433] [] ? nlmsg_notify+0x170/0x170 [ 79.474393] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 79.480893] [] ? security_socket_sendmsg+0x8f/0xc0 [ 79.487563] [] ? nlmsg_notify+0x170/0x170 [ 79.493354] [] sock_sendmsg+0xbe/0x110 [ 79.499689] [] ___sys_sendmsg+0x769/0x890 [ 79.505669] [] ? copy_msghdr_from_user+0x550/0x550 [ 79.512865] [] ? __fget+0x13b/0x370 [ 79.518256] [] ? __fget+0x162/0x370 [ 79.524065] [] ? __fget+0x47/0x370 [ 79.529328] [] ? __fget_light+0xa3/0x1f0 [ 79.535893] [] ? __fdget+0x1b/0x20 [ 79.541155] [] __sys_sendmsg+0xc5/0x160 [ 79.548383] [] ? SyS_shutdown+0x1a0/0x1a0 [ 79.554275] [] ? SyS_clock_gettime+0x118/0x1e0 [ 79.560604] [] ? SyS_clock_settime+0x220/0x220 [ 79.567470] [] SyS_sendmsg+0x2d/0x50 [ 79.573839] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 79.581543] Kernel Offset: disabled [ 79.585942] Rebooting in 86400 seconds..