[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   11.794925] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.261668] random: sshd: uninitialized urandom read (32 bytes read)
[   37.481225] audit: type=1400 audit(1568594183.644:6): avc:  denied  { map } for  pid=1770 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   37.523418] random: sshd: uninitialized urandom read (32 bytes read)
[   38.133166] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.232' (ECDSA) to the list of known hosts.
[   43.571126] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/16 00:36:29 fuzzer started
[   43.664693] audit: type=1400 audit(1568594189.824:7): avc:  denied  { map } for  pid=1785 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.303235] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/16 00:36:31 dialing manager at 10.128.0.26:37083
2019/09/16 00:36:31 syscalls: 1347
2019/09/16 00:36:31 code coverage: enabled
2019/09/16 00:36:31 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/09/16 00:36:31 extra coverage: extra coverage is not supported by the kernel
2019/09/16 00:36:31 setuid sandbox: enabled
2019/09/16 00:36:31 namespace sandbox: enabled
2019/09/16 00:36:31 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/16 00:36:31 fault injection: CONFIG_FAULT_INJECTION is not enabled
2019/09/16 00:36:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/16 00:36:31 net packet injection: enabled
2019/09/16 00:36:31 net device setup: enabled
[   47.197678] random: crng init done
00:37:37 executing program 0:
clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000200))
ptrace(0x10, r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup2(r2, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ptrace$cont(0x2, r0, 0xffffffffff600000, 0x710000)

00:37:37 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r1, 0x29, 0x43, &(0x7f0000000080)=0xf5, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='s'], 0x1)

00:37:37 executing program 5:
r0 = socket(0x200000000000011, 0x803, 0x0)
setsockopt$packet_int(r0, 0x107, 0x100000000014, &(0x7f0000000140)=0x1, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000640)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
sendto$packet(r0, &(0x7f0000000340)="e425f0bbcaf3c6b87078ffe5f585", 0xe, 0x0, &(0x7f0000000100)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14)

00:37:37 executing program 2:
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0))
listen(0xffffffffffffffff, 0x0)
epoll_pwait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0, 0x0, 0x0)

00:37:37 executing program 3:
syz_emit_ethernet(0x3e, &(0x7f0000000200)={@local, @random="bfba1f3617fe", [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x8, 0x88, 0x0, @dev, @ipv4={[], [], @loopback}, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0)

00:37:37 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x38)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070")
ptrace$cont(0x18, r0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x1f, r0, 0x0, 0x0)

[  111.780190] audit: type=1400 audit(1568594257.934:8): avc:  denied  { map } for  pid=1838 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1

INIT: Id "1" respawning too fast: disabled for 5 minutes

INIT: Id "3" respawning too fast: disabled for 5 minutes

INIT: Id "4" respawning too fast: disabled for 5 minutes

INIT: Id "6" respawning too fast: disabled for 5 minutes

INIT: Id "5" respawning too fast: disabled for 5 minutes

INIT: Id "2" respawning too fast: disabled for 5 minutes
00:37:41 executing program 1:
mkdir(&(0x7f00000000c0)='./control\x00', 0x0)
r0 = inotify_init()
r1 = epoll_create(0x80001)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x40001001})
r2 = inotify_add_watch(r0, &(0x7f0000000000)='./control\x00', 0x70)
epoll_wait(r1, &(0x7f0000000100)=[{}], 0x228, 0xc36)
inotify_rm_watch(r0, r2)

00:37:41 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000)="ba00000019005f0014f9f4070009040002000000000000000223000008001e000a000001", 0xba)

00:37:41 executing program 1:
clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0x6542}, {&(0x7f0000000140)="a4ab12f728db4b2b4d2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf56db763e3f9274e5aea09761e1bc095ad6f0fc98ab110a8dd4b95fcfd5b7a634139cf7aaafa322ccb93d7efe0510b0f4c6135583df08c324ee0690c3a9d6305f4fe8b6bbdb587725307721aa64c58b1e6d0e846073183cf59d7e0276f65b53da56b43f091488261c3f8e7e51999e07630449797958bc7dbc6544a055d5eaaa7b2dd3331f7bf5e06c3", 0x26}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x15)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

00:37:41 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@weak_binder, @flat=@weak_binder={0x77622a85, 0x0, 0x2}, @flat=@weak_handle}, &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

[  115.462190] audit: type=1400 audit(1568594261.624:9): avc:  denied  { map } for  pid=2775 comm="syz-executor.2" path="/dev/binder2" dev="devtmpfs" ino=1092 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[  115.464526] binder: 2775:2777 got transaction to context manager from process owning it
00:37:41 executing program 5:
syz_emit_ethernet(0x7e, &(0x7f0000000000)={@link_local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x5, 0x0, 0x0, 0x0, 0x2, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4029, 0x0, @local={0xac, 0x223}, @dev, {[@timestamp={0x32000, 0x40, 0x0, 0x0, 0x0, [{[@broadcast]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {[@broadcast]}, {[@multicast1]}, {[@dev]}]}]}}}}}}}, 0x0)

[  115.490488] audit: type=1400 audit(1568594261.624:10): avc:  denied  { set_context_mgr } for  pid=2775 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
[  115.499711] binder: 2775:2777 transaction failed 29201/-22, size 72-24 line 3119
[  115.531430] binder: undelivered TRANSACTION_ERROR: 29201
[  115.543117] binder: BINDER_SET_CONTEXT_MGR already set
[  115.549138] binder: 2775:2777 ioctl 40046207 0 returned -16
00:37:41 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xe78f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xffffefffffffffff, 0x11, r2, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0)
r3 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xe78f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x0)

00:37:41 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x501, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00\x00\x00\x00\x00\x00\x00t\x00', 0x4009})
write$binfmt_script(r0, &(0x7f0000000500)={'#! ', './file0', [{}, {}, {0x20, '/dev/net/tun\x00'}]}, 0x1b)

00:37:41 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/ptmx\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000a40)='./bus\x00', 0x0)
dup3(r1, r0, 0x0)

[  115.556047] binder: 2775:2778 transaction failed 29189/-22, size 72-24 line 3128
[  115.565468] binder: undelivered TRANSACTION_ERROR: 29189
00:37:41 executing program 2:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0)
symlink(&(0x7f0000000180)='./file1\x00', &(0x7f0000000140)='./file1\x00')
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f00000005c0)=""/11, 0x1f2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200))
r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109)
r2 = dup2(r0, r1)
execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0)
open$dir(&(0x7f00000001c0)='./file0\x00', 0x841, 0x0)
clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(r2, 0x5411, 0x0)

00:37:41 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)={@multicast2, @loopback, 0x0, 0x3, [@broadcast, @loopback, @broadcast]}, 0x1c)

00:37:42 executing program 3:

00:37:42 executing program 5:
unshare(0x2000400)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f00000008c0)=ANY=[@ANYBLOB="850000002f0000005d00000000000000950000000000000025fede660a6c1c6ec4020d15b97b31f134b1af97f342b178af18cfb6dccc8d1618bc9915642cf6741c5b747ed813b2209640b52287f865a321cae0e0d996715ffc2ec777c95e101656a0e9cdf6711b6276d514b56b39bb6bb1b64e9b1ccca4c219a68d3ec49a105be0212364e24355dabc3a3401ffd3693968d7eb376a2607125aaf0b253efa5a91b44b70d200000000000000000000000080"], &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000580)=r0, 0x4)

00:37:42 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000)="ba00000019005f0014f9f4070009040002000000000000000223000008000f000a000001", 0xba)

00:37:42 executing program 4:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x3, 0x0)
ioctl$UI_DEV_DESTROY(r0, 0x5502)
ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, 0x0)

[  115.929620] input: syz1 as /devices/virtual/input/input4
[  115.935731] audit: type=1400 audit(1568594262.094:11): avc:  denied  { prog_load } for  pid=2821 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  115.985134] audit: type=1400 audit(1568594262.124:12): avc:  denied  { prog_run } for  pid=2821 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  116.009485] audit: type=1400 audit(1568594262.124:13): avc:  denied  { create } for  pid=2821 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  116.040294] audit: type=1400 audit(1568594262.124:14): avc:  denied  { setopt } for  pid=2821 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  116.072459] input: syz1 as /devices/virtual/input/input5
00:37:44 executing program 0:

00:37:44 executing program 3:

00:37:44 executing program 5:

00:37:44 executing program 1:

00:37:44 executing program 4:

00:37:44 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000)="ba00000019005f0014f9f407000904000200000000000000022300000800120002000001", 0xba)

00:37:44 executing program 5:

00:37:44 executing program 4:

00:37:44 executing program 0:

00:37:44 executing program 3:

00:37:44 executing program 1:

00:37:44 executing program 2:

00:37:44 executing program 3:

00:37:44 executing program 1:

00:37:44 executing program 4:

00:37:44 executing program 5:

00:37:44 executing program 2:

00:37:44 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5)
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
r2 = fcntl$dupfd(r0, 0x0, r0)
getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, 0x0, &(0x7f0000000340))
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x33)
fcntl$setstatus(r0, 0x4, 0x80000000002c00)

00:37:44 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x18}}, 0x0)
readv(r0, &(0x7f0000001500)=[{&(0x7f00000003c0)=""/156, 0x9c}], 0x1)
openat$pfkey(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/net/pfkey\x00', 0x0, 0x0)
syz_open_procfs(0x0, 0x0)

00:37:44 executing program 1:
perf_event_open(&(0x7f0000000400)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8080, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0)

00:37:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f0000000000)="2400000019005f0014f9f40700090400020000000000000002230000050012007f000001", 0xba)

00:37:44 executing program 5:

00:37:44 executing program 2:

00:37:44 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@weak_binder, @flat=@weak_binder={0x77622a85, 0x0, 0x2}, @flat=@weak_handle}, &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

00:37:44 executing program 2:
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
symlink(&(0x7f00000000c0)='./file1/file0\x00', &(0x7f0000000100)='./file1/file0\x00')
lsetxattr$system_posix_acl(&(0x7f0000000040)='./file1/file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f00000007c0), 0x24, 0x0)

[  118.259228] hrtimer: interrupt took 48662 ns
00:37:44 executing program 4:
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8948, &(0x7f0000000580)='ip6_vti0\x00')

[  118.302539] binder: 2894:2897 got transaction to context manager from process owning it
[  118.336251] binder: 2894:2897 transaction failed 29201/-22, size 72-24 line 3119
00:37:44 executing program 2:
r0 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000200)={'syz'}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$revoke(0x3, r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000001540)="f5", 0x1, 0xfffffffffffffffe)
keyctl$update(0x2, r2, &(0x7f0000000240)="db", 0x1)

00:37:44 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x4000000000000004)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070")
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
getgid()
keyctl$chown(0x4, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
sendto$inet(r1, &(0x7f0000000180)='\x00', 0x1, 0x0, 0x0, 0x0)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1)

[  118.361048] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  118.380832] binder: undelivered TRANSACTION_ERROR: 29201
00:37:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r1 = gettid()
mknod(&(0x7f0000000180)='./file0\x00', 0x8001420, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
tkill(r1, 0x13)

[  118.411596] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  118.466079] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 not in group (block 32896)!
[  118.494225] EXT4-fs (loop1): group descriptors corrupted!
00:37:47 executing program 2:
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000001840)='ecryptfs\x00', 0x0, 0x0)

00:37:47 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
gettid()

00:37:47 executing program 3:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000f80000)='./file0\x00', 0x1042, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0)
creat(&(0x7f00000002c0)='./file1\x00', 0x21)
r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109)
dup2(r0, r1)
execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x103841, 0x0)
clone(0x3102401ff1, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f00000003c0)='./file1\x00', 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
dup2(r2, r3)

00:37:47 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000b0b000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00000fd000/0x2000)=nil)
socket$inet6_tcp(0xa, 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
r0 = socket$inet6(0xa, 0x80000000080003, 0x20000000003c)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
sendmmsg(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000001180), 0x240, &(0x7f00000011c0)}}], 0x249, 0x0)

00:37:47 executing program 1:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0xcc, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0x9, 0x1, 'netem\x00'}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0x2}, [@TCA_NETEM_RATE64={0xc}, @TCA_NETEM_REORDER={0xc, 0x5}, @TCA_NETEM_JITTER64={0xc}, @TCA_NETEM_REORDER={0xc}]}}}, @qdisc_kind_options=@q_htb={{0x0, 0x1, 'htb\x00'}, {0x0, 0x2, [@TCA_HTB_DIRECT_QLEN, @TCA_HTB_DIRECT_QLEN, @TCA_HTB_INIT, @TCA_HTB_DIRECT_QLEN, @TCA_HTB_DIRECT_QLEN, @TCA_HTB_INIT, @TCA_HTB_DIRECT_QLEN, @TCA_HTB_INIT]}}]}, 0xcc}}, 0x0)

00:37:47 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000080)=0x1, 0x251)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @link_local={0x1, 0x80, 0xc2, 0x300}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x18}}}}}}}, 0x0)

00:37:47 executing program 2:

00:37:47 executing program 5:

00:37:47 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x1800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply={0xffffff86, 0x4}}}}}, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)

[  121.219985] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.1'.
[  121.258573] syz-executor.5 (2949) used greatest stack depth: 23408 bytes left
00:37:47 executing program 1:
r0 = getpid()
r1 = syz_open_procfs(r0, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000480)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"Kgn{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x81\xfa\xaa\xf30\x8b\xb7\xea\xfc^\xb6\x95\x87E\x11\x89\x7f\xa0m\xd3&\tHvtD\x83\\6\xe0t\xa8\xdd\xa3\xa4\xd2\xb9\xb9{+\x1d\xa3\xd5Z;]*2\x99Os\bVW5\xe6\xe7\xdb\x95\x8d\xffY\xe0s\x7f\x9eK,\xae\xaeX\x15M@\xdd\x04`\xea\x03\xf7\x7f:\xc8HU3\xabX}\xa7S8s\xdb_\xc5\x9c\xc9Rw\x90G\xf3J\x9c\x8f\x91\xa1\xd6\x055?m\xed\x94\x9c\xb7(\x0f\xd3\xbc\xba\xc6T\xdd\x15\xf7+*Z3\x8e_Z\xa3k\xe4R\x1e\xc8\vYV\x8a\x8d\xad\x8cI\x88\fM\x19JX\x1f\xffe#|\x06\xfa86\xcb\x93\xea\xab\xcc\x864fC*I\x7fM\t7\x94}\x06\x1d\xc3\x9co-\xdd\xa6\x1b\xa8_\x1fBl\xc4:\xae\xfe4\x9e\xa9T\x91\xd9w\x05\xf8{\xd6@', 0x0, 0x0)
pipe(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[]}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x27)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x0)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
sendto$inet(r3, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x652b, 0xc, 0x0, 0x27)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000280))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0xb401f9334d777b19, 0x0)
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)="971586989bc81f30d6330f502b3db6632a3422e80edf8067874e30871d83f9758ab60513000000000000", 0x2a)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KDMKTONE(r1, 0x4b30, 0x3)
accept4$packet(0xffffffffffffffff, &(0x7f0000002f80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000002fc0)=0x14, 0x0)

00:37:47 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000440)={'lo\x00'})
r1 = socket(0x11, 0x800000003, 0x0)
bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00', 0x101})

[  121.368802] device lo entered promiscuous mode
00:37:47 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000180)={0x0, 0x9, &(0x7f0000000100)="447e5b280688e362ac"})

00:37:47 executing program 3:

[  121.409806] audit: type=1400 audit(1568594267.564:15): avc:  denied  { write } for  pid=2967 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  121.434430] audit: type=1400 audit(1568594267.574:16): avc:  denied  { read } for  pid=2967 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
00:37:47 executing program 3:

00:37:47 executing program 5:

[  121.481110] device lo left promiscuous mode
[  121.497764] device lo entered promiscuous mode
00:37:47 executing program 0:

00:37:47 executing program 4:

00:37:47 executing program 2:

00:37:47 executing program 5:

00:37:47 executing program 3:

00:37:47 executing program 2:

00:37:48 executing program 1:
r0 = getpid()
r1 = syz_open_procfs(r0, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000480)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"Kgn{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x81\xfa\xaa\xf30\x8b\xb7\xea\xfc^\xb6\x95\x87E\x11\x89\x7f\xa0m\xd3&\tHvtD\x83\\6\xe0t\xa8\xdd\xa3\xa4\xd2\xb9\xb9{+\x1d\xa3\xd5Z;]*2\x99Os\bVW5\xe6\xe7\xdb\x95\x8d\xffY\xe0s\x7f\x9eK,\xae\xaeX\x15M@\xdd\x04`\xea\x03\xf7\x7f:\xc8HU3\xabX}\xa7S8s\xdb_\xc5\x9c\xc9Rw\x90G\xf3J\x9c\x8f\x91\xa1\xd6\x055?m\xed\x94\x9c\xb7(\x0f\xd3\xbc\xba\xc6T\xdd\x15\xf7+*Z3\x8e_Z\xa3k\xe4R\x1e\xc8\vYV\x8a\x8d\xad\x8cI\x88\fM\x19JX\x1f\xffe#|\x06\xfa86\xcb\x93\xea\xab\xcc\x864fC*I\x7fM\t7\x94}\x06\x1d\xc3\x9co-\xdd\xa6\x1b\xa8_\x1fBl\xc4:\xae\xfe4\x9e\xa9T\x91\xd9w\x05\xf8{\xd6@', 0x0, 0x0)
pipe(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[]}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x27)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x0)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
sendto$inet(r3, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x652b, 0xc, 0x0, 0x27)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000280))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0xb401f9334d777b19, 0x0)
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)="971586989bc81f30d6330f502b3db6632a3422e80edf8067874e30871d83f9758ab60513000000000000", 0x2a)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KDMKTONE(r1, 0x4b30, 0x3)
accept4$packet(0xffffffffffffffff, &(0x7f0000002f80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000002fc0)=0x14, 0x0)

00:37:48 executing program 5:

00:37:48 executing program 0:

00:37:48 executing program 4:

00:37:48 executing program 2:

00:37:48 executing program 3:

00:37:48 executing program 4:

00:37:48 executing program 3:

00:37:48 executing program 5:

00:37:48 executing program 2:

00:37:48 executing program 0:

00:37:48 executing program 5:

00:37:48 executing program 2:

00:37:48 executing program 3:

00:37:48 executing program 4:

00:37:48 executing program 1:
r0 = getpid()
r1 = syz_open_procfs(r0, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000480)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"Kgn{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x81\xfa\xaa\xf30\x8b\xb7\xea\xfc^\xb6\x95\x87E\x11\x89\x7f\xa0m\xd3&\tHvtD\x83\\6\xe0t\xa8\xdd\xa3\xa4\xd2\xb9\xb9{+\x1d\xa3\xd5Z;]*2\x99Os\bVW5\xe6\xe7\xdb\x95\x8d\xffY\xe0s\x7f\x9eK,\xae\xaeX\x15M@\xdd\x04`\xea\x03\xf7\x7f:\xc8HU3\xabX}\xa7S8s\xdb_\xc5\x9c\xc9Rw\x90G\xf3J\x9c\x8f\x91\xa1\xd6\x055?m\xed\x94\x9c\xb7(\x0f\xd3\xbc\xba\xc6T\xdd\x15\xf7+*Z3\x8e_Z\xa3k\xe4R\x1e\xc8\vYV\x8a\x8d\xad\x8cI\x88\fM\x19JX\x1f\xffe#|\x06\xfa86\xcb\x93\xea\xab\xcc\x864fC*I\x7fM\t7\x94}\x06\x1d\xc3\x9co-\xdd\xa6\x1b\xa8_\x1fBl\xc4:\xae\xfe4\x9e\xa9T\x91\xd9w\x05\xf8{\xd6@', 0x0, 0x0)
pipe(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[]}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x27)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x0)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
sendto$inet(r3, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x652b, 0xc, 0x0, 0x27)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000280))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0xb401f9334d777b19, 0x0)
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)="971586989bc81f30d6330f502b3db6632a3422e80edf8067874e30871d83f9758ab60513000000000000", 0x2a)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KDMKTONE(r1, 0x4b30, 0x3)
accept4$packet(0xffffffffffffffff, &(0x7f0000002f80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000002fc0)=0x14, 0x0)

00:37:48 executing program 0:

00:37:48 executing program 5:

00:37:48 executing program 5:

00:37:49 executing program 0:

00:37:49 executing program 2:

00:37:49 executing program 4:

00:37:49 executing program 3:

00:37:49 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0xc)
writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f00000002031900000007000000068100ed853b09000100010100ff3ffe58", 0x1f}], 0x1)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071")
dup2(r1, r0)

[  122.948936] audit: type=1400 audit(1568594269.104:17): avc:  denied  { create } for  pid=3052 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[  122.979051] audit: type=1400 audit(1568594269.134:18): avc:  denied  { write } for  pid=3052 comm="syz-executor.4" path="socket:[9051]" dev="sockfs" ino=9051 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
00:37:49 executing program 1:
r0 = getpid()
r1 = syz_open_procfs(r0, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000480)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"Kgn{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x81\xfa\xaa\xf30\x8b\xb7\xea\xfc^\xb6\x95\x87E\x11\x89\x7f\xa0m\xd3&\tHvtD\x83\\6\xe0t\xa8\xdd\xa3\xa4\xd2\xb9\xb9{+\x1d\xa3\xd5Z;]*2\x99Os\bVW5\xe6\xe7\xdb\x95\x8d\xffY\xe0s\x7f\x9eK,\xae\xaeX\x15M@\xdd\x04`\xea\x03\xf7\x7f:\xc8HU3\xabX}\xa7S8s\xdb_\xc5\x9c\xc9Rw\x90G\xf3J\x9c\x8f\x91\xa1\xd6\x055?m\xed\x94\x9c\xb7(\x0f\xd3\xbc\xba\xc6T\xdd\x15\xf7+*Z3\x8e_Z\xa3k\xe4R\x1e\xc8\vYV\x8a\x8d\xad\x8cI\x88\fM\x19JX\x1f\xffe#|\x06\xfa86\xcb\x93\xea\xab\xcc\x864fC*I\x7fM\t7\x94}\x06\x1d\xc3\x9co-\xdd\xa6\x1b\xa8_\x1fBl\xc4:\xae\xfe4\x9e\xa9T\x91\xd9w\x05\xf8{\xd6@', 0x0, 0x0)
pipe(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[]}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x27)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x0)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
sendto$inet(r3, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x652b, 0xc, 0x0, 0x27)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000280))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0xb401f9334d777b19, 0x0)
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)="971586989bc81f30d6330f502b3db6632a3422e80edf8067874e30871d83f9758ab60513000000000000", 0x2a)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KDMKTONE(r1, 0x4b30, 0x3)
accept4$packet(0xffffffffffffffff, &(0x7f0000002f80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000002fc0)=0x14, 0x0)

00:37:49 executing program 5:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x800000003}, 0x8)
write(r0, &(0x7f0000000040)="240000001a005f0214f9f407000904001100000000000000000000000800040011000000", 0x24)

00:37:49 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
fstat(r0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setresgid(0x0, r1, 0x0)
r2 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, <r4=>0x0}, &(0x7f0000000280)=0x5)
setuid(r4)
keyctl$chown(0x4, r2, 0x0, 0x0)

00:37:49 executing program 2:
syz_emit_ethernet(0x7e, &(0x7f0000000000)={@link_local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x2, 0x0, 0x0, 0x0, 0x2, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4029, 0x0, @local={0xac, 0x223}, @dev, {[@timestamp={0x32000, 0x40, 0x0, 0x0, 0x0, [{[@broadcast]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {[@broadcast]}, {[@multicast1]}, {[@dev]}]}]}}}}}}}, 0x0)

00:37:49 executing program 0:

00:37:49 executing program 4:

00:37:49 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000002000)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @empty}, 0x1c, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000001ec0)=ANY=[@ANYBLOB="1400000000000000290000000b00000000000007"], 0x14}}], 0x2, 0x0)

00:37:49 executing program 0:
perf_event_open(&(0x7f0000000180)={0x1, 0x21f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0)

00:37:49 executing program 4:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x0)
mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='udf\x00b\xdd\xd3\xb5\xcd\xbay\xb4\'Y\xa8\xcai\x8d\xcc\x10\xfaZ\xc4#\xd5\xb0\xe3\xbb\x01[\x83\x8c\x06z\xcb\xbd\nW\xa7n>\xcb\xecX\xf0\xbdA@\xc7\xad\xa7/\xfc7\xc0\x8b\xb4\xd9\xa2c\xd2u\xea?\xea\xa1\x03\xb0\x92-\x84\xbf\x06r\x80\xcf\xd2\xd0\xd70\x98\\\xa47\xc0w\x836\\U\xf4v:Pw\x84f~\x9f\xd5Q7\t\xa5\xc9[\x996HI\xd5\xcc\x86\x03&\f\xab)\x1ag^\xb8\xa2>/\xc9Fc]\xf6\xa6\xc9\xb6\xf0\x8ca\\\xcd\xe6\xe2^XV\xcb\xe9\xd3\x9f\xbe\xbfR=\x9b;*\a\v\xa6\x0f\x1a7\xca\x96_\xfb]\x1c\xb9\xbf\xd2w\xd1\xc4q.ol\xf4\xd9H\x86\x8b\x1b\xc6eN\xfd\xde6\xeeO\x1319\xa9\xb7\xa9', 0x0, 0x0)

[  123.646284] audit: type=1400 audit(1568594269.804:19): avc:  denied  { getattr } for  pid=3063 comm="syz-executor.3" path="socket:[9523]" dev="sockfs" ino=9523 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
00:37:49 executing program 5:
r0 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(r0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={@multicast2, @dev}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x20100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
prctl$PR_GET_TID_ADDRESS(0x28, 0x0)
r1 = add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$revoke(0x3, 0x0)
r2 = request_key(0x0, &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)='.\x00', 0xffffffffffffffff)
r3 = request_key(0x0, &(0x7f00000002c0)={'wy\xfa', 0x3}, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r2, 0x0, &(0x7f0000000240)={'syz', 0x2}, r3)
keyctl$unlink(0x6, r1, 0x0)
keyctl$instantiate_iov(0x14, r1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa01bbb2e2bfe4737}}, 0x0, 0xfffffffffffffff7, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
clone(0x80000, 0x0, 0x0, 0x0, 0x0)
keyctl$unlink(0x6, 0x0, 0x0)
r4 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$unlink(0x9, r4, 0xfffffffffffffffd)
keyctl$unlink(0x9, 0x0, 0x0)
r5 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$revoke(0x3, r5)
keyctl$instantiate_iov(0x14, r5, 0x0, 0x0, 0x0)
add_key(&(0x7f0000000240)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)

00:37:49 executing program 3:
socket$inet6(0xa, 0x696afeb95ee97b88, 0x6)
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r1 = open(0x0, 0x5, 0x0)
write$selinux_attr(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x400000000001, 0x0)
r3 = dup(r2)
setsockopt$inet6_tcp_int(r3, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c)
sendto$inet6(r2, 0x0, 0xffffffffffffff7a, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$inet6_int(r3, 0x29, 0x31, &(0x7f0000000140)=0x4, 0x4)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, 0x0)
clock_adjtime(0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a2, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f0000000440)=@fragment, 0x8)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, 0x0, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
ftruncate(r4, 0x7ffd)
sendfile(r3, r4, 0x0, 0x8040fffffffd)

00:37:49 executing program 2:
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
request_key(&(0x7f0000000000)='rxrpc\x00', 0x0, 0x0, 0xffffffffffffffff)
keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xfffffffffffffff7, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
keyctl$unlink(0x6, 0x0, 0x0)
r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$unlink(0x9, r0, 0xfffffffffffffffd)

[  123.833559] kasan: CONFIG_KASAN_INLINE enabled
[  123.844949] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  123.875990] general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  123.882786] Modules linked in:
[  123.885995] CPU: 0 PID: 3086 Comm: syz-executor.3 Not tainted 4.14.143+ #0
[  123.893011] task: 00000000d15586ce task.stack: 00000000373b4ac4
[  123.899213] RIP: 0010:do_tcp_sendpages+0x33c/0x1780
[  123.904230] RSP: 0018:ffff88819a32f6a8 EFLAGS: 00010206
[  123.909684] RAX: 000000000000000f RBX: 0000000000000000 RCX: 0000000000002189
[  123.916955] RDX: ffffffff8252c8ca RSI: ffffc90004531000 RDI: 0000000000000078
[  123.924231] RBP: 0000000000000240 R08: 0000000000028000 R09: ffffed1033ad15c8
[  123.931502] R10: ffffed1033ad15c7 R11: ffff88819d68ae3f R12: ffffea0006697e80
[  123.938864] R13: dffffc0000000000 R14: ffff88819d68ac00 R15: 0000000000028000
[  123.946135] FS:  00007f67c436b700(0000) GS:ffff8881dba00000(0000) knlGS:0000000000000000
[  123.954361] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.960250] CR2: 00007fffda596e8c CR3: 00000001cd52e002 CR4: 00000000001606b0
[  123.967672] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  123.974939] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  123.982210] Call Trace:
[  123.984816]  ? sk_stream_alloc_skb+0x8a0/0x8a0
[  123.989400]  ? lock_acquire+0x170/0x360
[  123.993550]  tcp_sendpage_locked+0x81/0x130
[  123.997871]  tcp_sendpage+0x3a/0x60
[  124.001671]  inet_sendpage+0x197/0x5d0
[  124.005673]  ? tcp_sendpage_locked+0x130/0x130
[  124.010255]  ? inet_getname+0x390/0x390
[  124.014411]  kernel_sendpage+0x84/0xd0
[  124.018288]  sock_sendpage+0x84/0xa0
[  124.022003]  pipe_to_sendpage+0x23d/0x300
[  124.026151]  ? kernel_sendpage+0xd0/0xd0
[  124.030199]  ? direct_splice_actor+0x160/0x160
[  124.034776]  ? splice_from_pipe_next.part.0+0x1e4/0x290
[  124.040146]  __splice_from_pipe+0x331/0x740
[  124.044515]  ? direct_splice_actor+0x160/0x160
[  124.049090]  ? direct_splice_actor+0x160/0x160
[  124.053660]  splice_from_pipe+0xd9/0x140
[  124.057706]  ? splice_shrink_spd+0xb0/0xb0
[  124.061942]  ? splice_from_pipe+0x140/0x140
[  124.066275]  direct_splice_actor+0x118/0x160
[  124.070678]  splice_direct_to_actor+0x292/0x760
[  124.075340]  ? generic_pipe_buf_nosteal+0x10/0x10
[  124.080171]  ? do_splice_to+0x150/0x150
[  124.084129]  ? security_file_permission+0x88/0x1e0
[  124.089057]  do_splice_direct+0x177/0x240
[  124.093227]  ? splice_direct_to_actor+0x760/0x760
[  124.098114]  ? security_file_permission+0x88/0x1e0
[  124.103153]  do_sendfile+0x493/0xb20
[  124.106857]  ? do_compat_pwritev64+0x170/0x170
[  124.111761]  ? put_timespec64+0xbe/0x110
[  124.115822]  ? nsecs_to_jiffies+0x30/0x30
[  124.119971]  SyS_sendfile64+0x11f/0x140
[  124.123949]  ? SyS_sendfile+0x150/0x150
[  124.127919]  ? do_clock_gettime+0xd0/0xd0
[  124.132063]  ? fput+0x19/0x150
[  124.135254]  ? do_syscall_64+0x43/0x520
[  124.139216]  ? SyS_sendfile+0x150/0x150
[  124.143173]  do_syscall_64+0x19b/0x520
[  124.147049]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  124.152222] RIP: 0033:0x4598e9
[  124.155398] RSP: 002b:00007f67c436ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  124.163110] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9
[  124.170378] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[  124.177646] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  124.184916] R10: 00008040fffffffd R11: 0000000000000246 R12: 00007f67c436b6d4
[  124.192186] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff
[  124.199471] Code: 24 08 48 0f 44 d8 e8 24 4d de fe 48 85 ed 0f 84 7e 03 00 00 e8 16 4d de fe 48 8d 7b 78 8b ac 24 c8 00 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 15 11 00 00 2b 6b 78 85 
[  124.218853] RIP: do_tcp_sendpages+0x33c/0x1780 RSP: ffff88819a32f6a8
[  124.228322] ---[ end trace 0aba34b594314b48 ]---
[  124.233313] Kernel panic - not syncing: Fatal exception
[  124.239451] Kernel Offset: 0x29800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  124.250523] Rebooting in 86400 seconds..