[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 10.554584] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 11.527701] random: sshd: uninitialized urandom read (32 bytes read) [ 11.609321] random: crng init done Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. 2018/09/15 23:02:02 fuzzer started 2018/09/15 23:02:04 dialing manager at 10.128.0.26:41471 2018/09/15 23:02:04 syscalls: 1 2018/09/15 23:02:04 code coverage: enabled 2018/09/15 23:02:04 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/09/15 23:02:04 setuid sandbox: enabled 2018/09/15 23:02:04 namespace sandbox: enabled 2018/09/15 23:02:04 fault injection: kernel does not have systematic fault injection support 2018/09/15 23:02:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/09/15 23:02:04 net packed injection: enabled 2018/09/15 23:02:04 net device setup: enabled 23:02:36 executing program 2: keyctl$set_reqkey_keyring(0x10, 0x1) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, &(0x7f0000000380)={'bond_slave_1\x00'}) creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f00000000c0)={'lo\x00'}) sendto$packet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)='lo\x00'}, 0x30) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f00000001c0)) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) syz_execute_func(&(0x7f0000000680)="428055a0626969ef69dc00d9c421a05d2f8a20f2420f58410dc7397c2a0f0fcdae300f38211a40a5c441657538c48391683f000f01efe5e57d0fecec1a1a01460f01ee45dfde9f") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) write$selinux_load(0xffffffffffffffff, &(0x7f0000000580)=ANY=[], 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000300)=0xc) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000800)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000400)={{{@in6=@mcast2, @in=@multicast1}}, {{}, 0x0, @in=@multicast2}}, &(0x7f0000000500)=0xe8) memfd_create(&(0x7f0000000540)='^bdev])proc](\x00', 0x0) keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000180)='id_legacy\x00', 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) syz_execute_func(&(0x7f0000000140)="428055a0610fef69dce9d92a5c41ff0f1837370f38211ac4c482fd2520410feefa4e2179fbe5f54175455de0932ebc2ebc0d64ac1e5d9f7f") fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getpgrp(0x0) fstat(0xffffffffffffffff, &(0x7f0000001400)) lstat(&(0x7f0000001480)='./file0\x00', &(0x7f00000014c0)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001900)={{{@in6=@local, @in=@multicast2}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000001a00)=0xe8) fstat(0xffffffffffffffff, &(0x7f0000001a40)) lstat(&(0x7f0000001ac0)='./file0\x00', &(0x7f0000001b00)) getegid() 23:02:36 executing program 5: keyctl$set_reqkey_keyring(0x10, 0x1) creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f00000000c0)={'lo\x00'}) openat$full(0xffffffffffffff9c, &(0x7f0000000340)='/dev/full\x00', 0x0, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)='lo\x00'}, 0x30) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f00000001c0)) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) sync() ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000580)) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000440)=0x8) syz_execute_func(&(0x7f0000000680)="428055a0626969ef69dc00d9c421a05d2f8a20f2420f58410dc7397c2a0f0fcdae300f38211a40a5c441657538c48391683f000f01efe5e57d0fecec1a1a01460f01ee45dfde9f") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000300)=0xc) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000380)) memfd_create(&(0x7f0000000640)="5e6278e3b9a96f887a0fe4866465", 0x0) eventfd(0x0) write$nbd(0xffffffffffffffff, &(0x7f00000003c0), 0x10) 23:02:36 executing program 3: clock_getres(0xfffffffffffffffe, &(0x7f0000000340)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffff9c, 0x50, &(0x7f0000000380)}, 0x10) syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000400)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000300)}}, 0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000480)='/dev/vga_arbiter\x00'}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x28, &(0x7f0000000240)='\x00'}, 0x30) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000005c0)) getpgrp(0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$team(&(0x7f00000002c0)='team\x00') getpeername$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000500)=0x14) accept4$packet(0xffffffffffffffff, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000580)=0x14, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000b00)={0x0, @empty, @remote}, &(0x7f0000000b40)=0xc) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000cc0)={@multicast1, @multicast2}, &(0x7f0000000d00)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000d40)={'team0\x00'}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000ec0)={{{@in6=@loopback, @in=@multicast1}}, {{@in6=@local}, 0x0, @in6=@loopback}}, &(0x7f0000000d80)=0xe8) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000dc0)={0x0, @rand_addr, @loopback}, &(0x7f0000000e00)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000fc0)={'syzkaller1\x00'}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000010c0)={'team0\x00'}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001100)={0x0, @local, @remote}, &(0x7f0000001140)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001300)={'bond0\x00'}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001380)={{{@in=@dev, @in6=@mcast2}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000001480)=0xe8) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000002a40)={@multicast1}, &(0x7f0000002a80)=0xc) sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000002f80)={&(0x7f0000000040), 0xc, &(0x7f0000002f40)={&(0x7f0000002ac0)={0x14}, 0x14}}, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000600)={{{@in=@local, @in=@local}}, {{@in=@local}, 0x0, @in=@local}}, &(0x7f0000000700)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000740)={{{@in6=@local, @in6=@mcast1}}, {{@in=@loopback}, 0x0, @in6=@remote}}, &(0x7f0000000840)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000880)={{{@in=@multicast1, @in6=@local}}, {{@in=@dev}, 0x0, @in=@local}}, &(0x7f0000000980)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000009c0)={{{@in6=@remote, @in6=@loopback}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000000ac0)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000b80)={{{@in=@multicast1, @in6=@ipv4}}, {{@in6=@dev}, 0x0, @in6}}, &(0x7f0000000c80)=0xe8) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000e40)={0x0, @empty, @dev}, &(0x7f0000000e80)=0xc) getpriority(0x0, 0x0) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) syz_execute_func(&(0x7f0000001580)="42805da0aed1d1ef69dc0f01ee660f3a608600088041cb64f30f2b073591913d062900770f78993d233d23410feefa633917660f38302fbae5e5e575450f2e1af0442975e1c44379dfb9d6adbe90dfe2989f567f") add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000140), &(0x7f0000000180), 0x0, 0xfffffffffffffffa) keyctl$get_keyring_id(0x0, 0x0, 0x0) openat$cgroup_type(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.type\x00', 0x2, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180)='threaded\x00', 0x9) 23:02:36 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/146, 0x92}], 0x1) timerfd_settime(r0, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x1c9c380}}, &(0x7f0000000240)) 23:02:36 executing program 0: futex(&(0x7f0000000040), 0x3, 0x0, &(0x7f0000000080)={0x0, 0x989680}, &(0x7f00000000c0), 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[], 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000180)) clock_gettime(0x0, &(0x7f0000000140)) getitimer(0x0, &(0x7f0000000600)) seccomp(0x0, 0x0, &(0x7f0000000100)={0x0, &(0x7f00000000c0)}) creat(&(0x7f0000000180)='./file0\x00', 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) fstat(0xffffffffffffffff, &(0x7f0000000300)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000380)={{{@in=@broadcast}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @rand_addr}}}, &(0x7f0000000480)=0xe8) getgroups(0x0, &(0x7f00000004c0)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000500)={{{@in6=@remote, @in=@dev}}, {{@in=@local}, 0x0, @in6=@ipv4={[], [], @broadcast}}}, &(0x7f0000000640)=0xe8) getresgid(&(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)) stat(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)) lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000008c0)={{{@in=@local, @in=@local}}, {{@in=@dev}, 0x0, @in=@local}}, &(0x7f00000009c0)=0xe8) getresgid(&(0x7f0000000a00), &(0x7f0000000a40), &(0x7f0000000a80)) getresuid(&(0x7f0000000ac0), &(0x7f0000000b00), &(0x7f0000000b40)) lstat(&(0x7f0000000b80)='./file0\x00', &(0x7f0000000bc0)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000c40)={{{@in6=@remote, @in=@rand_addr}}, {{@in6=@dev}, 0x0, @in=@multicast2}}, &(0x7f0000000d40)=0xe8) timer_create(0x0, &(0x7f0000000f00)={0x0, 0x0, 0x0, @thr={&(0x7f00000004c0), &(0x7f0000000e00)}}, &(0x7f0000000f40)) clock_gettime(0x0, &(0x7f0000000f80)) clock_gettime(0x0, &(0x7f0000000fc0)) timer_settime(0x0, 0x0, &(0x7f0000001000), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000d80)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000340)) timer_create(0x0, &(0x7f0000000380), &(0x7f00000003c0)) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) syz_execute_func(&(0x7f00000001c0)="42805da0510fef69dc0595c3300dcececb9fe502158e7e0c91a33d062900770f78993d233d23417e0f6eee80eb0a38f6eeba39290f38c4827d20c9c4a10dfbd6fee60f2e2121010d64ac1e5d31a3b7e2989d") signalfd4(0xffffffffffffff9c, &(0x7f0000000240), 0x8, 0x0) clock_gettime(0x0, &(0x7f0000000280)) 23:02:36 executing program 1: inotify_add_watch(0xffffffffffffffff, &(0x7f0000000580)='./file1\x00', 0x0) request_key(&(0x7f00000005c0)='dns_resolver\x00', &(0x7f0000000640), &(0x7f0000000680)='trusted.overlay.opaque\x00', 0xfffffffffffffffa) truncate(&(0x7f0000000040)='./file0\x00', 0x0) link(&(0x7f0000000380)='./file0\x00', 0x0) msync(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) clock_gettime(0x0, &(0x7f0000000340)) eventfd(0x0) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000006c0)=ANY=[], &(0x7f0000000140), 0x0, 0x0) getuid() stat(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000400)) geteuid() getresuid(&(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500)) add_key(&(0x7f0000000140)='asymmetric\x00', &(0x7f0000000280), &(0x7f00000002c0), 0x0, 0x0) getgroups(0x0, &(0x7f0000000540)) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x58fe4}]}) syz_execute_func(&(0x7f00000001c0)="42805da0c60fef69dc0f01eecec273fefefa380f387c366766460f38286200f081768cc8000000c481b5e5bc2b0000002167f00fbab204000000ca6b2179dae5e56b6a410febbd09000000800f2e1ac4010d64ac1e5d31a3b744dbe271fb3e3636f7c02c33ffff") syzkaller login: [ 52.320659] audit: type=1400 audit(1537052557.013:5): avc: denied { sys_admin } for pid=2077 comm="syz-executor2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 52.408246] audit: type=1400 audit(1537052557.103:6): avc: denied { net_admin } for pid=2083 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 57.456148] audit: type=1400 audit(1537052562.153:7): avc: denied { sys_chroot } for pid=2083 comm="syz-executor2" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 57.510453] audit: type=1400 audit(1537052562.203:8): avc: denied { associate } for pid=2083 comm="syz-executor2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 57.746829] audit: type=1400 audit(1537052562.443:9): avc: denied { create } for pid=3659 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 23:02:42 executing program 2: 23:02:42 executing program 4: 23:02:42 executing program 2: 23:02:42 executing program 4: [ 57.941731] audit: type=1400 audit(1537052562.633:10): avc: denied { create } for pid=3706 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 23:02:42 executing program 4: 23:02:42 executing program 2: 23:02:42 executing program 4: [ 58.060064] audit: type=1400 audit(1537052562.753:11): avc: denied { write } for pid=3706 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 58.168803] audit: type=1400 audit(1537052562.863:12): avc: denied { read } for pid=3706 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 58.502070] audit: type=1400 audit(1537052563.193:13): avc: denied { dac_override } for pid=3675 comm="syz-executor5" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 23:02:43 executing program 5: 23:02:43 executing program 0: 23:02:43 executing program 3: 23:02:43 executing program 2: 23:02:43 executing program 1: keyctl$set_reqkey_keyring(0x10, 0x1) creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f00000000c0)={'lo\x00'}) openat$full(0xffffffffffffff9c, &(0x7f0000000340)='/dev/full\x00', 0x0, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)='lo\x00'}, 0x30) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f00000001c0)) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) sync() getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000440)=0x8) syz_execute_func(&(0x7f0000000680)="428055a0626969ef69dc00d9c421a05d2f8a20f2420f58410dc7397c2a0f0fcdae300f38211a40a5c441657538c48391683f000f01efe5e57d0fecec1a1a01460f01ee45dfde9f") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000300)=0xc) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000380)) memfd_create(&(0x7f0000000640)="5e6278e3b9a96f887a0fe4866465", 0x0) eventfd(0x0) write$nbd(0xffffffffffffffff, &(0x7f00000003c0), 0x10) 23:02:43 executing program 4: 23:02:43 executing program 5: 23:02:43 executing program 0: 23:02:43 executing program 2: clock_adjtime(0x0, &(0x7f0000000440)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) accept4(0xffffffffffffff9c, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f00000001c0)=0x80, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000005c0)) openat$keychord(0xffffffffffffff9c, &(0x7f0000000280)='/dev/keychord\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000009c0)={{{@in=@local, @in=@multicast2}}, {{@in6=@ipv4={[], [], @multicast2}}}}, &(0x7f0000000940)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002400)={{{@in6=@local, @in=@multicast2}}, {{@in=@rand_addr}, 0x0, @in=@remote}}, &(0x7f0000002500)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002540)={{{@in6=@ipv4={[], [], @loopback}, @in=@loopback}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@mcast2}}, &(0x7f0000002640)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002a00)={{{@in6=@ipv4={[], [], @broadcast}, @in6=@dev}}, {{@in=@multicast2}, 0x0, @in=@remote}}, &(0x7f0000002b00)=0xe8) geteuid() fstat(0xffffffffffffffff, &(0x7f0000005940)) stat(&(0x7f00000059c0)='./file0\x00', &(0x7f0000005a00)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000005a80), &(0x7f0000005ac0)=0xc) stat(&(0x7f0000005b00)='./file0\x00', &(0x7f0000005b40)) getresuid(&(0x7f0000005bc0), &(0x7f0000005c00), &(0x7f0000005c40)) getegid() sendmsg$netlink(0xffffffffffffffff, &(0x7f0000005d40)={0x0, 0x0, &(0x7f00000058c0), 0x0, &(0x7f0000005c80)}, 0x0) ioctl$RTC_PLL_GET(0xffffffffffffffff, 0x80207011, &(0x7f00000006c0)) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000540)=""/80, 0x50, 0x0, 0x0, 0x0) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x8000006, 0x0, 0x0, 0x58fe4}]}) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000000700)) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000900)) syz_execute_func(&(0x7f0000000640)="42805da0ca24a3a3ef69dc0f01ee0dce41cbff9191a33d06292a0000770f0f993d233d234142d85d096b2179660f38302fc42278f77d00450f2e1ac4010d64ac1e5d31a3b7e29873bb7f") getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000007c0)={{{@in, @in6=@remote}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f0000000140)=0xe8) read(0xffffffffffffffff, &(0x7f0000000740)=""/61, 0x3d) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@mcast1}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f0000000180)=0xe8) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000240)='/dev/full\x00', 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000600), &(0x7f00000002c0)=0xc) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000980), 0x276) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000780)={@local}, 0x14) prctl$void(0x0) ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) 23:02:43 executing program 3: r0 = socket(0x1000000000000010, 0x80802, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x20, 0x4) r1 = dup(r0) write(r1, &(0x7f00000004c0)="2400000058001f020007f4f8002308000a04f511080001000201009f08000280ff49ffff", 0x24) 23:02:43 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_int(r0, 0x1, 0x3b, &(0x7f0000000080), &(0x7f00000000c0)=0x4) getsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000), &(0x7f0000000040)=0x4) 23:02:43 executing program 5: mount(&(0x7f0000000440), &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='proc\x00', 0x0, &(0x7f00000002c0)) getsockname(0xffffffffffffff9c, &(0x7f00000006c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, &(0x7f00000003c0)=0x80) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000840)={'mangle\x00'}, &(0x7f0000000540)=0x54) mount(&(0x7f0000000000)=@nbd={'/dev/nbd'}, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='ext4\x00', 0x0, &(0x7f0000000140)='vmnet0\\+^wlan1@.\x00') r1 = socket$inet6(0xa, 0x400000000001, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) mmap$binder(&(0x7f0000000000/0xb000)=nil, 0xb000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000380)) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f0000000300)) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000680)=0x7) r2 = dup(r1) sendto(0xffffffffffffffff, &(0x7f0000000580)="8da4d00acbe2ed40b5533ad7b5a5dcb1563ad98112678909df5d1bc67f1902ab452c82707245ac0bd855aeae71cae7c8dd5c22215c1709b0d526d7ed6d99fe69cc36443b0236808c95068fec6e3c1b", 0x4f, 0x840, &(0x7f0000000400)=@generic={0xa, "e50c7719a14445fb04949d7f67c073aa9a6b9fdb9c33a6bd8d5e0691400b5ebad341e01daf3543cf304baec08778267ae424a90af124e6d769838d8a66b2eecd3b2c83baf86ff799521daf3760e3834da4346c37013f9d8007bcce4ee88ae6cb0b380d805bc7bd120b3adce5dbfcfe51ebbd232b003df85f674037f875ec"}, 0x80) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockname(r0, &(0x7f00000007c0)=@generic, &(0x7f00000008c0)=0x80) sendto$inet6(r1, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) recvmmsg(r2, &(0x7f0000009040)=[{{&(0x7f0000007880)=@xdp, 0x80, &(0x7f0000008940)=[{&(0x7f0000007900)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000008f00), 0x20000000000000d3, &(0x7f0000008f80)=""/165, 0xa5}}], 0x2, 0x100, &(0x7f00000090c0)={0x77359400}) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0xfffffffffffffffd, 0x0, @mcast1}, 0x1c) getpid() syz_open_procfs(0x0, &(0x7f0000000340)='ns\x00') syz_genetlink_get_family_id$team(&(0x7f0000000600)='team\x00') sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480), 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0x14}, 0x14}}, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000080), 0x3) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000000c0), &(0x7f0000000000)=0x60) recvmmsg(r2, &(0x7f0000004880)=[{{&(0x7f0000002200)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000002400), 0x0, &(0x7f0000002440)=""/4096, 0x1000}}], 0x1, 0x0, &(0x7f0000004980)) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000180)=""/235, &(0x7f0000000280)=0xeb) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x1000000000000000) ftruncate(r3, 0x99b3) sendfile(r1, r3, &(0x7f0000d83ff8), 0x8000fffffffe) 23:02:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x20000, 0x0) write$selinux_validatetrans(r1, &(0x7f0000000080)={'system_u:object_r:sshd_exec_t:s0', 0x20, 'system_u:object_r:tmp_t:s0', 0x20, 0x100000001, 0x20, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00'}, 0x7f) sendmsg$nl_route(r0, &(0x7f0000000000)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000300)=@ipv6_newrule={0x34, 0x20, 0x1, 0x0, 0x0, {0x2, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@FRA_DST={0x14}]}, 0x34}}, 0x0) 23:02:43 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) syncfs(r0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000000)) io_setup(0x0, &(0x7f0000000080)=0x0) io_cancel(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x1000, r0, &(0x7f0000000100)="dfe927fe60aefea56e5eb80c3acc9ce7b733da48564327778064b8023106e06c24281cb45172dcd9e4d87618e286c9fffbaa74c28b9bd3bf3a3a15adf1bca6b27f7a48fe3607aa9b862595c00fe32651096533eadc161f226d1f9f7bdf9b245a30cce6ae5b4826bdec2d16e3691f0ba7cf", 0x71, 0x0, 0x0, 0x3}, &(0x7f00000001c0)) r3 = socket$netlink(0x10, 0x3, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000340)={'NETMAP\x00'}, &(0x7f0000000380)=0x1e) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000240)='fou\x00') sendmsg$FOU_CMD_DEL(r3, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r4, 0x202, 0x70bd2d, 0x25dfdbfd, {}, [@FOU_ATTR_IPPROTO={0x8}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x8, 0x4, 0x3}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0xff}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0xff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000090}, 0x5) writev(r3, &(0x7f0000000480)=[{&(0x7f00000003c0)="b67a9d", 0x3}, {&(0x7f0000000400)="3633df6bc1a9be572eb2f70c8fb559f19862456f43abd2b5af6218f107e8895f8ae2c75056746af9ea6160cd1d76e545b68dd75d985c26f1713c296a68abea382df2277c73914da454bfcde01ff22be9b6010156cad2847b5b59f25138e3ce3d531f4db4794a3d116d2a29be78822150233fce1735a7a46d8183", 0x7a}], 0x2) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, 0xffffffffffffffff, &(0x7f00000000c0)=0x25e) 23:02:43 executing program 4: r0 = add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffb) select(0x8150138, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)={0x77359400}) r1 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000003c0)='/selinux/policy\x00', 0x0, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000400)={&(0x7f0000000380)='./file0\x00', r2}, 0x10) tkill(r1, 0x1000000000016) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$get_persistent(0x16, r3, r0) tkill(r1, 0x14) ptrace$getregset(0x4204, r1, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=""/247, 0xf7}) 23:02:43 executing program 0: socketpair$inet6(0xa, 0x80007, 0x9, &(0x7f0000000040)={0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r2 = memfd_create(&(0x7f0000000080)="2f64ed762fc827205ec3e39dd9ce69", 0x1) sendfile(r2, r1, &(0x7f0000000100), 0x12020000000) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000140)="f65d34be94d7b33cbdf63badbe60ea8e29a1ce2653371f5b5dc4f4c9adb1a303be47fac3de98f42c4e6a9a2523d90358b3c49b556e76321a8a9f1ddc9f04ef9d75e0777a3310ff4f4d74aa662369494149777565c028bcd76cd4ad28ea302428924e4603b3f693d3c9fbcf7b20d69cc8cc7ecbacdeb284c3d746ddfa0f9e160763b60c3f797994403e52a4af9e75da23b77cfecc584dcb7b4ddab395bbdb583d7becd66dcb78eb6aa63fea31b5ae57ddfd0a077033fbb09d8846304254b1735979b5544b2273dceda12342ab5c", &(0x7f0000000240)="60e05dcea6f5cd2de783254454c16eeda50a27b32f97e43d1f05cac192de85ae2470ac6706e63f6346ed8780bc6765a70c277884b279240d6adaf77752046731c4c8c1af46f91cb0b5c4b83887d484ad083e6aae9e900e3643dcfc07132ad6d6b8d973e3dad67e3364205867b759155c63a46e370dec26071bf229d322c1f426f8c7a81b0a4c"}, 0x20) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000001140)=0x2) fchdir(r0) [ 59.165054] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57139 sclass=netlink_route_socket pig=3774 comm=syz-executor3 [ 59.229475] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57139 sclass=netlink_route_socket pig=3774 comm=syz-executor3 23:02:44 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r0 = socket$unix(0x1, 0x2, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) r2 = memfd_create(&(0x7f0000000000)="637075736574766d6e65740130257365637572697406766d6e65743170707031405b23757365725b242a757365723a", 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000040)={{{@in6=@ipv4={[], [], @remote}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@remote}}, &(0x7f0000000140)=0xe8) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[{0x8, 0x6}, {0x8, 0x7}, {0x4, 0xffff}, {0x8, 0xff}, {0x3, 0xe1e4}, {0xe, 0x4}, {0xe, 0x3}, {0x2, 0x6}], 0x8) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000180)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}}, 0x10) r4 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) r5 = dup2(r4, r4) ioctl$KDSIGACCEPT(r5, 0x5393, 0x80001000824ffe4) ioctl$sock_inet6_tcp_SIOCOUTQ(r5, 0x5411, &(0x7f00000002c0)) 23:02:44 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x200, 0x0) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000200)={0x5, &(0x7f00000001c0)=[{0x1, 0x7ff, 0x5}, {0x5, 0x3, 0x6, 0xffff}, {0x8000, 0xffffffffffffffc0, 0x6, 0xffff}, {0x40, 0x1, 0x4, 0x20}, {0x300000000, 0x80, 0x6, 0x4}]}, 0x8) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x8000, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) r2 = socket(0xa, 0x1, 0x0) getsockopt$inet_opts(r2, 0x0, 0xd, &(0x7f0000000000)=""/1, &(0x7f0000000040)=0x1) getrlimit(0x4, &(0x7f0000000240)) getpeername$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f00000000c0)={0x10001, 0x20, 0x1, 0xfffffffffffffff7, 0xffff, 0x4}) 23:02:44 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000200)) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f0000000040), &(0x7f0000000080)=0x4) sched_setscheduler(r0, 0x0, &(0x7f0000000300)) ptrace$poke(0x5, 0x0, &(0x7f00000000c0), 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') 23:02:44 executing program 3: socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000331000)={0x8000000002, 0x4, 0x7, 0x4}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000001100)={r1, &(0x7f0000000200), &(0x7f0000000180), 0x1}, 0x20) r2 = memfd_create(&(0x7f0000006400)='$%proc:\x00', 0x2) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000006440)={{{@in=@multicast2, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@dev}}, &(0x7f0000006540)=0xe8) bind$packet(r2, &(0x7f0000006580)={0x11, 0xd, r3, 0x1, 0x4, 0x6, @random="ae39cfc01a5a"}, 0x14) 23:02:44 executing program 2: socket$packet(0x11, 0x3, 0x300) r0 = memfd_create(&(0x7f0000000080)='!bdev-]\'\x00', 0x0) io_setup(0x7e2e, &(0x7f00000001c0)=0x0) io_setup(0x8, &(0x7f0000000000)) io_submit(r1, 0x1, &(0x7f0000004880)=[&(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0), 0x0, 0xffffffffffffffff}]) 23:02:44 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000000)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x6) 23:02:44 executing program 1: mkdir(&(0x7f0000000440)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000040), 0x4800) mount(&(0x7f0000000100)=ANY=[], &(0x7f0000027000)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, &(0x7f0000000000)="7820da79ac0792399b719eef0988b11a4cbc999f42e953c346ab9450f0914f0939") capset(&(0x7f00000000c0)={0x20071026}, &(0x7f0000000240)) mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x0) 23:02:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000040)=""/174, &(0x7f0000000100)=0xae) r1 = socket(0x8000000000a, 0x2, 0x0) sendto$inet6(r1, &(0x7f0000000280), 0xfe09, 0x0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback={0x0, 0x8}}, 0x1c) [ 59.739295] audit: type=1400 audit(1537052564.433:14): avc: denied { net_raw } for pid=3818 comm="syz-executor2" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 23:02:44 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f00000002c0)="237d00d3fc1ee4671fbaa0a477063e678b5e3aa7f25a11e05de5ea8e96f7fdc7874d39f1828e59735e220913b73db94f6d495077a6df50b82b4c4f8db5b8f2193609f66170fa50deb112ec132c43070000003b4556f43e5e00a7413c584555862006", 0x0) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000000), 0x4) io_setup(0xc57d, &(0x7f00000007c0)=0x0) io_submit(r2, 0x1, &(0x7f00000005c0)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000440)}]) r3 = timerfd_create(0x1, 0x80800) getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f0000000040)={'nat\x00', 0x0, 0x3, 0x90, [], 0x2ea, &(0x7f0000000600)=[{}, {}, {}], &(0x7f00000000c0)=""/144}, &(0x7f0000000780)=0x50) getsockopt$netlink(r1, 0x10e, 0xa, &(0x7f0000000180)=""/82, &(0x7f0000000200)=0x52) 23:02:44 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0x0, 0x4008080, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x8, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 23:02:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4) setsockopt$inet6_buf(r0, 0x29, 0x41, &(0x7f0000000840)="fcd5da471e8a4c270f62c9350a7dae4da33a90112e838969b611908ce497cc2a3346d59fa0bf1b3eb191a26a1d83d687fee7da133053f4ce064e8071b836a5f0d3200bf165240ac8610661f404a1ecdc693c5b061196d5384eb09a3c119a5ccb47fd1f532957eb5ffff5e6fd65c815fb14fe47912e639936c6550e8b94f2880b35429ab77e1449f856ac0772c8954807dbd2e557fc968f1cb835aab6f674078c3fca973538549b1bce735aeb09bb8f860a3b8d839431e138c8a47810c91f7a3a611eadcb83bebc56ef4a3ce383682572546104b97ed5f58b29f5bae7510c0b8f9093d548ca44127d45bfb33bac", 0xffffffffffffff88) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x6}, 0x8) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000140)=0x40000000000003, 0x4) getsockopt$inet6_int(r0, 0x29, 0xd8, &(0x7f00000000c0), &(0x7f0000000180)=0x4) sendto$inet6(r0, &(0x7f0000000280)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e602721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ef42eeb66c3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a0e1d0607f57f626a5b8d476636ef1ee76307524009ae49be4db0ab2c8ea0c5ebd1e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408cc4c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dff02ba9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669c24c206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb25c89074fcb1bba20c41bddd9ca5cd2f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2ebdfad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea09364ab42ee9802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c5912a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e218daa5a3ef64617beb30cccb31016b13ed8d7bcabb03e176b1c906a38cbda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe9bc88fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97184339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f400582bd95e5ad802050d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60be632697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20f4774d66c5ae0a0adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5b4967904daf833d91ae9461ef10036f8be", 0x5ad, 0x0, &(0x7f0000809000)={0xa, 0x1000000000004e20, 0x0, @remote}, 0x1c) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000), 0x114, &(0x7f0000000000)=""/80, 0x1c6}, 0x0) 23:02:44 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x120, 0x36b) r1 = gettid() ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x10001, &(0x7f00000000c0)=""/58) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000040)=0x5, 0x4) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000003c0)={'veth0_to_team\x00', {0x2, 0x4e23, @broadcast}}) write(r0, &(0x7f00000002c0)="16f98d2136556cebe57b1b243cdb544e9be1382445db77d20311914039b3e3341191c1f4141faf936cad87bf5c56d41fdf9cab1ea096622e940300a4c89dff412deada88861b554dcfd4bb61526344ef70fba98b9cefbc262873e0ef59dcd765888230cf4555812be82b6cd3d8a013e609ae1b23b998cd3d3d5460fe3499cf166fc161a507750cd3a39fc95534342baf180d90b687a5feb7639eaba289f5bd75a1581c9e95f7cd3dcd226717eef19efa21549ccad139779129f3717691efb6416b87f28200000000000000", 0xcb) getsockopt$inet6_buf(r0, 0x29, 0x2f, &(0x7f00000001c0)=""/252, &(0x7f0000000000)=0xfc) recvmmsg(r0, &(0x7f0000000d80)=[{{&(0x7f0000000140)=@l2, 0x80, &(0x7f0000000500)=[{&(0x7f0000000400)=""/62, 0x3e}, {&(0x7f0000000e80)=""/4096, 0x1000}, {&(0x7f0000000440)=""/63, 0x3f}, {&(0x7f0000000480)=""/97, 0x61}], 0x4, &(0x7f00000005c0)=""/212, 0xd4}}], 0x1, 0x2000, &(0x7f0000000580)) [ 59.746292] audit: type=1400 audit(1537052564.433:15): avc: denied { map_create } for pid=3809 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 23:02:44 executing program 5: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x81) mount(&(0x7f0000000000), &(0x7f0000000880)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x3, &(0x7f0000000980)) r0 = socket$inet(0x2, 0x5, 0x200) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000080)={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xf}}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}}, 0x4, {0x2, 0x4e20, @rand_addr=0x3}, 'gre0\x00'}) rmdir(&(0x7f0000000040)='./file0/file0\x00') [ 59.746931] audit: type=1400 audit(1537052564.433:16): avc: denied { map_read map_write } for pid=3809 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 59.826072] capability: warning: `syz-executor1' uses deprecated v2 capabilities in a way that may be insecure [ 59.924940] ================================================================== [ 59.924957] BUG: KASAN: stack-out-of-bounds in strlcpy+0x101/0x120 [ 59.924964] Read of size 1 at addr ffff8801afb47b4c by task syz-executor1/3856 [ 59.924966] [ 59.924975] CPU: 1 PID: 3856 Comm: syz-executor1 Not tainted 4.9.127+ #43 [ 59.924993] ffff8801afb47a28 ffffffff81af11e9 ffffea0006bed1c0 ffff8801afb47b4c [ 59.925005] 0000000000000000 ffff8801afb47b4c 00000000ffffff64 ffff8801afb47a60 [ 59.925018] ffffffff814e13fd ffff8801afb47b4c 0000000000000001 0000000000000000 [ 59.925020] Call Trace: [ 59.925033] [] dump_stack+0xc1/0x128 [ 59.925047] [] print_address_description+0x6c/0x234 [ 59.925058] [] kasan_report.cold.6+0x242/0x2fe [ 59.925067] [] ? strlcpy+0x101/0x120 [ 59.925076] [] __asan_report_load1_noabort+0x14/0x20 [ 59.925083] [] strlcpy+0x101/0x120 [ 59.925092] [] xt_copy_counters_from_user+0x152/0x300 [ 59.925100] [] ? xt_hook_ops_alloc+0x270/0x270 [ 59.925110] [] ? mutex_lock_nested+0x650/0x870 [ 59.925118] [] do_add_counters+0x96/0x5c0 [ 59.925127] [] ? __do_replace+0x630/0x630 [ 59.925137] [] ? security_capable+0x94/0xc0 [ 59.925146] [] ? ns_capable_common+0x12a/0x150 [ 59.925162] [] compat_do_ip6t_set_ctl+0xd6/0x140 [ 59.925173] [] compat_nf_setsockopt+0x8b/0x130 [ 59.925192] [] ? compat_do_replace.isra.10+0x380/0x380 [ 59.925205] [] compat_ipv6_setsockopt+0x15d/0x1d0 [ 59.925216] [] compat_udpv6_setsockopt+0x4a/0x90 [ 59.925225] [] compat_sock_common_setsockopt+0xb4/0x150 [ 59.925234] [] ? udpv6_setsockopt+0x90/0x90 [ 59.925243] [] compat_SyS_setsockopt+0x169/0x540 [ 59.925251] [] ? sock_common_setsockopt+0xe0/0xe0 [ 59.925260] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 59.925276] [] ? kcov_ioctl+0x56/0x1c0 [ 59.925286] [] ? move_addr_to_kernel+0x50/0x50 [ 59.925294] [] ? do_fast_syscall_32+0xcf/0x860 [ 59.925303] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 59.925311] [] do_fast_syscall_32+0x2f1/0x860 [ 59.925323] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.925332] [] entry_SYSENTER_compat+0x90/0xa2 [ 59.925335] [ 59.925337] The buggy address belongs to the page: [ 59.925346] page:ffffea0006bed1c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 59.925349] flags: 0x4000000000000000() [ 59.925353] page dumped because: kasan: bad access detected [ 59.925354] [ 59.925425] Memory state around the buggy address: [ 59.925435] ffff8801afb47a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.925442] ffff8801afb47a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.925449] >ffff8801afb47b00: 00 f1 f1 f1 f1 00 00 00 00 04 f2 f2 f2 00 00 00 [ 59.925453] ^ [ 59.925460] ffff8801afb47b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.925468] ffff8801afb47c00: 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2 f2 00 00 [ 59.925470] ================================================================== [ 59.925473] Disabling lock debugging due to kernel taint [ 59.926030] Kernel panic - not syncing: panic_on_warn set ... [ 59.926030] [ 59.926042] CPU: 1 PID: 3856 Comm: syz-executor1 Tainted: G B 4.9.127+ #43 [ 59.926057] ffff8801afb47988 ffffffff81af11e9 ffffffff82c347e0 00000000ffffffff [ 59.926070] 0000000000000000 0000000000000001 00000000ffffff64 ffff8801afb47a48 [ 59.926082] ffffffff813df675 0000000041b58ab3 ffffffff82c287e3 ffffffff813df4b6 [ 59.926084] Call Trace: [ 59.926095] [] dump_stack+0xc1/0x128 [ 59.926106] [] panic+0x1bf/0x39f [ 59.926115] [] ? add_taint.cold.6+0x16/0x16 [ 59.926126] [] ? ___preempt_schedule+0x16/0x18 [ 59.926134] [] kasan_end_report+0x47/0x4f [ 59.926144] [] kasan_report.cold.6+0x76/0x2fe [ 59.926152] [] ? strlcpy+0x101/0x120 [ 59.926168] [] __asan_report_load1_noabort+0x14/0x20 [ 59.926218] [] strlcpy+0x101/0x120 [ 59.926230] [] xt_copy_counters_from_user+0x152/0x300 [ 59.926239] [] ? xt_hook_ops_alloc+0x270/0x270 [ 59.926248] [] ? mutex_lock_nested+0x650/0x870 [ 59.926257] [] do_add_counters+0x96/0x5c0 [ 59.926266] [] ? __do_replace+0x630/0x630 [ 59.926275] [] ? security_capable+0x94/0xc0 [ 59.926286] [] ? ns_capable_common+0x12a/0x150 [ 59.926296] [] compat_do_ip6t_set_ctl+0xd6/0x140 [ 59.926304] [] compat_nf_setsockopt+0x8b/0x130 [ 59.926313] [] ? compat_do_replace.isra.10+0x380/0x380 [ 59.926321] [] compat_ipv6_setsockopt+0x15d/0x1d0 [ 59.926329] [] compat_udpv6_setsockopt+0x4a/0x90 [ 59.926336] [] compat_sock_common_setsockopt+0xb4/0x150 [ 59.926344] [] ? udpv6_setsockopt+0x90/0x90 [ 59.926352] [] compat_SyS_setsockopt+0x169/0x540 [ 59.926374] [] ? sock_common_setsockopt+0xe0/0xe0 [ 59.926386] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 59.926394] [] ? kcov_ioctl+0x56/0x1c0 [ 59.926405] [] ? move_addr_to_kernel+0x50/0x50 [ 59.926413] [] ? do_fast_syscall_32+0xcf/0x860 [ 59.926422] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 59.926431] [] do_fast_syscall_32+0x2f1/0x860 [ 59.926440] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.926449] [] entry_SYSENTER_compat+0x90/0xa2 [ 59.926832] Kernel Offset: disabled [ 60.501275] Rebooting in 86400 seconds..