[ 10.754970] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.571085] random: sshd: uninitialized urandom read (32 bytes read) [ 21.905602] audit: type=1400 audit(1568307467.143:6): avc: denied { map } for pid=1759 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 21.994803] random: sshd: uninitialized urandom read (32 bytes read) [ 22.634288] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.25' (ECDSA) to the list of known hosts. [ 28.216870] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/12 16:57:53 fuzzer started [ 28.312375] audit: type=1400 audit(1568307473.553:7): avc: denied { map } for pid=1768 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 28.990981] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/12 16:57:55 dialing manager at 10.128.0.26:37569 2019/09/12 16:57:55 syscalls: 1347 2019/09/12 16:57:55 code coverage: enabled 2019/09/12 16:57:55 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/12 16:57:55 extra coverage: extra coverage is not supported by the kernel 2019/09/12 16:57:55 setuid sandbox: enabled 2019/09/12 16:57:55 namespace sandbox: enabled 2019/09/12 16:57:55 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/12 16:57:55 fault injection: CONFIG_FAULT_INJECTION is not enabled 2019/09/12 16:57:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/12 16:57:55 net packet injection: enabled 2019/09/12 16:57:55 net device setup: enabled [ 31.569990] random: crng init done INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes 16:59:21 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0xf1b, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) shutdown(r0, 0x1) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa4784c}, 0x100) 16:59:21 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:21 executing program 5: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") wait4(0x0, 0x0, 0x80000000, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, &(0x7f0000000040)}}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="d3d2cd80"], 0x4}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYRESHEX], 0x0, 0x12}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 16:59:21 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key$user(&(0x7f0000000100)='user\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) 16:59:21 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000e8009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0xf0ffff, &(0x7f00000000c0)="b9ff0300000d698cb89e40f086dd01000005a400400063a377fbac141414e9", 0x0, 0x100, 0x600}, 0x28) recvmsg(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x70, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffffffffffb3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff80000001, 0x0, 0x6e581283, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x607e015d, 0x0, 0x8c38, 0x0, 0x7f, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x7, 0x20, 0x0, 0x2, 0x5, 0x2}, 0x0, 0xd, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 16:59:21 executing program 4: socket$unix(0x1, 0x1, 0x0) r0 = socket$unix(0x1, 0x0, 0x0) bind$unix(r0, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs={0x1}, 0x6e) socket$inet_udplite(0x2, 0x2, 0x88) socketpair(0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) listxattr(0x0, &(0x7f0000000240), 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000025c0)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() tkill(r2, 0x9) mount(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(0x0, 0x0, &(0x7f00000002c0)='ramfs\x00', 0x0, 0x0) umount2(&(0x7f0000000300)='./file0\x00', 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) [ 116.463314] audit: type=1400 audit(1568307561.703:8): avc: denied { map } for pid=1830 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 16:59:23 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:23 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:23 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:23 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:23 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:23 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) [ 120.453316] VFS: Warning: syz-executor.5 using old stat() call. Recompile your binary. [ 120.508238] VFS: Warning: syz-executor.5 using old stat() call. Recompile your binary. [ 120.602809] audit: type=1400 audit(1568307565.843:9): avc: denied { prog_load } for pid=2774 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 120.634345] audit: type=1400 audit(1568307565.863:10): avc: denied { prog_run } for pid=2774 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 120.657797] audit: type=1400 audit(1568307565.873:11): avc: denied { map_create } for pid=2774 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 16:59:26 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x127d, 0x0) 16:59:26 executing program 1: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:26 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1}}, 0x10) r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r2 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x2, 0x0) sendmsg$TIPC_CMD_GET_NODES(r3, 0x0, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r3, 0x0, 0x61, 0x0, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000180)='\'', 0x1}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {}, [""]}, 0x1c}}, 0x0) io_setup(0x200, &(0x7f0000000740)=0x0) r5 = socket(0x20000000000000a, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r6 = socket$inet(0x10, 0x2, 0x0) sendmsg(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)=[{0x0}], 0x1}, 0x0) setsockopt$inet6_int(r5, 0x29, 0x46, 0x0, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, &(0x7f0000000140)) socket(0x10, 0x2, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/if_inet6\x00') io_cancel(r4, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000780), 0x0, 0x400, 0x0, 0x1, r7}, &(0x7f0000000880)) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) pipe(0x0) sendfile(r1, r1, 0x0, 0x2000005) 16:59:26 executing program 5: r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000480)={{}, {}, [{}, {}], {}, [{}, {}, {}, {}, {}]}, 0x5c, 0x0) 16:59:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x4, 0x0, 0x0) 16:59:26 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x400445a0, &(0x7f00000000c0)={0x7, 0x0, 0x0, 0x0, "f7a0b7102b112d00335c120de5c42ad6ceaee9757ee5a1e0a7863894caaa95b9"}) 16:59:26 executing program 1: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r2 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0) r3 = memfd_create(0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) sendfile(r1, r2, 0x0, 0x102000002) 16:59:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x42, 0x0, 0x0) 16:59:26 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 16:59:26 executing program 1: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:26 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) r1 = dup(r0) getsockopt$inet_int(r1, 0x0, 0x7, 0x0, &(0x7f0000000140)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 16:59:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000080)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x101, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000140)=ANY=[], &(0x7f0000000040)) ptrace$setopts(0x4206, r2, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)='9', 0x1}], 0x1) tkill(r2, 0x35) fcntl$setstatus(r0, 0x4, 0x42805) 16:59:26 executing program 1: r0 = socket(0x0, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) [ 121.294693] hrtimer: interrupt took 25946 ns 16:59:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) ioctl$TCSETSW(r0, 0x5412, &(0x7f0000000040)={0xffffffdb}) 16:59:27 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x6, 0x6d, 0x1, 0x0, 0x0}, 0x11) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, &(0x7f00000000c0)}, 0x10) 16:59:27 executing program 1: r0 = socket(0x0, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 16:59:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 16:59:27 executing program 1: r0 = socket(0x0, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:27 executing program 5: ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000700)='./bus\x00', 0x0) socket$inet6(0xa, 0x3, 0x6) r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r1, &(0x7f0000000240)=0x202, 0x4000000000dc) [ 122.006456] audit: type=1400 audit(1568307567.243:12): avc: denied { map_read map_write } for pid=2844 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 16:59:27 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x612, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000100)={0x1, 0x0, [0x0]}) 16:59:27 executing program 3: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={[], [{@uid_eq={'uid'}}]}) 16:59:27 executing program 1: r0 = socket(0x80000000000000a, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) [ 122.188843] FAT-fs (loop3): bogus number of reserved sectors [ 122.195013] FAT-fs (loop3): Can't find a valid FAT filesystem [ 122.235637] FAT-fs (loop3): bogus number of reserved sectors [ 122.244007] FAT-fs (loop3): Can't find a valid FAT filesystem 16:59:29 executing program 1: r0 = socket(0x80000000000000a, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:29 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='cmdline\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 16:59:29 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000400)='./bus\x00', 0x0) truncate(&(0x7f0000000240)='./bus\x00', 0x800) r2 = open(&(0x7f0000000540)='./bus\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000ffffffff) 16:59:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x4000001, 0x182) r2 = memfd_create(&(0x7f0000000380)='iC;`\xb6p+\x10', 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) dup3(r0, r1, 0x0) r3 = syz_open_dev$loop(0x0, 0x0, 0x182) r4 = memfd_create(&(0x7f0000000380)='iC;`\xb6p+\x10', 0x0) pwritev(r4, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x0) sendfile(r3, r4, 0x0, 0x2000005) 16:59:29 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps_rollup\x00') r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000004c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) sendfile(r1, r0, 0x0, 0x100000000000002) 16:59:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 16:59:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) creat(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") [ 124.345757] audit: type=1400 audit(1568307569.583:13): avc: denied { map } for pid=2900 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 16:59:29 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x6, 0x6d, 0x1, 0x0, 0x0}, 0x11) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) 16:59:29 executing program 1: r0 = socket(0x80000000000000a, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) ioctl$TCSETSW(r0, 0x5412, &(0x7f0000000040)={0xffffffc0}) [ 124.429818] audit: type=1400 audit(1568307569.633:14): avc: denied { set_context_mgr } for pid=2894 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 16:59:29 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) 16:59:29 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x0, 0x0, 0x0, 0x0, 0x0) 16:59:29 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000240)="115ca5055e0bcfe47bf070") setsockopt$inet6_int(r1, 0x29, 0x43, &(0x7f0000000080)=0xf5, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) write$binfmt_misc(r0, &(0x7f0000000000)={'syz0'}, 0x10098) 16:59:29 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) [ 124.524277] audit: type=1400 audit(1568307569.643:15): avc: denied { map } for pid=2902 comm="blkid" path="/lib/x86_64-linux-gnu/libuuid.so.1.3.0" dev="sda1" ino=2819 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 124.557664] audit: type=1400 audit(1568307569.703:16): avc: denied { map_create } for pid=2913 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 124.592111] audit: type=1400 audit(1568307569.703:17): avc: denied { map_read map_write } for pid=2913 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 16:59:29 executing program 0: ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r1, &(0x7f0000000240)=0x202, 0x4000000000dc) 16:59:29 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0xb, 0x9, 0x7, 0x2b, 0x0, 0x70bd2d, 0x0, [@sadb_x_sec_ctx={0x21, 0x18, 0xed, 0x3, 0xf9, "1fa74a03eace4141ca544af0fba03a39e59c733b30af0ff409b8c97d92f7a1d191297a8630c0b4c67b7e8bd3d3072bf5ee1414479fb58027eb1c9a2df65e62d55d9042400d5d69da2c3c08a74c19f7d540d0c79a3b6001b1fc36f5ee8ebd8ab53cd50cc2948875478ec9826ea0b5b0bd1697715d0fa0777dcee15e4cf852c85bc4fa9070c495ad5b58ea4e76d3019b1e9a287f9044b6c2fde06cd1c26699832ef0ee5f46cbb07fd057cd2f48337795892cde4e808c4dd94245a9071883b6b1f1f94498fbd4e8ac5561d76b474b01a0072bf1d983f053e63f4ddddedf864e3914bf7794a5626f80d4e9cd3c1fc41bc036b6cf1055a5dcafccd3"}, @sadb_x_policy={0x8, 0x12, 0x1, 0xd520c3c08c9d0398, 0x0, 0x6e6bba, 0x101, {0x6, 0x2b, 0x7, 0x106, 0x0, 0x5, 0x0, @in6=@empty, @in6=@empty}}]}, 0x158}}, 0x0) 16:59:29 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x2000000000, 0xca}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 16:59:29 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:29 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240)='/dev/uinput\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7bf070") poll(&(0x7f0000000140)=[{r0}], 0x1, 0x1d) [ 124.616108] audit: type=1400 audit(1568307569.703:18): avc: denied { set_context_mgr } for pid=2894 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 16:59:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000080), &(0x7f0000000140)}, 0x20) 16:59:29 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:29 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000080), &(0x7f0000000140)}, 0x20) 16:59:29 executing program 2: socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs={0x1}, 0x6e) socketpair(0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) mount(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) umount2(&(0x7f0000000300)='./file0\x00', 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) 16:59:30 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000180)={[], 0x0, 0x10003, 0x409}) 16:59:30 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:30 executing program 0: 16:59:30 executing program 4: r0 = socket$inet(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x50, &(0x7f0000000440)=""/4096, &(0x7f0000000000)=0x1000) 16:59:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000080), &(0x7f0000000140)}, 0x20) 16:59:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$LOOP_SET_STATUS64(r0, 0x4c05, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd01e527e6fd3de45387da0200000000000000e89046e6033a61edb75c8d51c05dfaf7f4fdb16e0cdaa4276939a341033400", "7b8ddcc0c891591c4116893616105829576914e70bfed06d00f97c97644ab8a7"}) 16:59:30 executing program 2: clone(0x3103101ff7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00000c9000/0x1000)=nil, 0x1000) openat$dir(0xffffffffffffff9c, 0x0, 0x100, 0x85) 16:59:30 executing program 0: socket$unix(0x1, 0x0, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) listxattr(0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) prctl$PR_GET_SECCOMP(0x15) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) mount(&(0x7f0000000080), 0x0, 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(0x0, 0x0, &(0x7f00000002c0)='ramfs\x00', 0x0, 0x0) umount2(&(0x7f0000000300)='./file0\x00', 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) 16:59:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000080), &(0x7f0000000140)}, 0x20) 16:59:30 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:30 executing program 5: 16:59:30 executing program 4: 16:59:30 executing program 5: 16:59:30 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:30 executing program 5: 16:59:30 executing program 4: 16:59:30 executing program 5: 16:59:30 executing program 2: clone(0x3103101ff7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00000c9000/0x1000)=nil, 0x1000) openat$dir(0xffffffffffffff9c, 0x0, 0x100, 0x85) 16:59:30 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:30 executing program 4: 16:59:30 executing program 3: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:30 executing program 5: 16:59:30 executing program 0: 16:59:30 executing program 4: 16:59:30 executing program 5: 16:59:30 executing program 0: 16:59:30 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:30 executing program 3: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:30 executing program 4: 16:59:30 executing program 2: 16:59:30 executing program 3: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:30 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:30 executing program 0: 16:59:30 executing program 4: 16:59:30 executing program 5: 16:59:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:30 executing program 5: 16:59:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x3, 0x0, 0x0) 16:59:30 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:30 executing program 4: 16:59:30 executing program 2: 16:59:30 executing program 2: 16:59:30 executing program 4: 16:59:30 executing program 3: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:30 executing program 0: 16:59:31 executing program 5: 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:31 executing program 2: 16:59:31 executing program 0: 16:59:31 executing program 4: 16:59:31 executing program 5: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:31 executing program 2: 16:59:31 executing program 0: 16:59:31 executing program 4: 16:59:31 executing program 5: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 0: 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:31 executing program 4: 16:59:31 executing program 5: 16:59:31 executing program 2: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 0: 16:59:31 executing program 2: 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:31 executing program 5: 16:59:31 executing program 4: 16:59:31 executing program 0: 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:31 executing program 4: 16:59:31 executing program 2: 16:59:31 executing program 5: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 4: 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:31 executing program 0: 16:59:31 executing program 5: 16:59:31 executing program 2: 16:59:31 executing program 4: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x0, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:31 executing program 0: 16:59:31 executing program 4: 16:59:31 executing program 5: 16:59:31 executing program 2: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x0, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 0: 16:59:31 executing program 4: 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:31 executing program 5: 16:59:31 executing program 2: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x0, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 0: 16:59:31 executing program 4: 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) 16:59:31 executing program 2: 16:59:31 executing program 5: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x0, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 0: 16:59:31 executing program 4: 16:59:31 executing program 2: 16:59:31 executing program 5: 16:59:31 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) 16:59:31 executing program 0: 16:59:31 executing program 5: 16:59:31 executing program 4: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x0, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:31 executing program 2: 16:59:31 executing program 5: 16:59:31 executing program 4: 16:59:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x0, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:32 executing program 2: 16:59:32 executing program 0: 16:59:32 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) 16:59:32 executing program 5: 16:59:32 executing program 4: 16:59:32 executing program 0: 16:59:32 executing program 2: 16:59:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x0, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:32 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) 16:59:32 executing program 4: syz_read_part_table(0x0, 0x2, &(0x7f0000001280)=[{0x0, 0x0, 0xfff}, {&(0x7f0000000480)="7553b0aa1b6e27fdacd676ccaf7f145d839aff592a676eae130302467bbada2bf88ac74039a40067ba169218f5e50edb434ea534765556d683b4a28486df4a32d100be873c41051cf6e6076550034041fd87b96ce6fc6714006861452c9682144ebdf51eb8ec697e30155c2062f9f33d51074e6835c2a53a24ba65936dae87bf8b24100ec32ae0377ca7846b5180b5d3bd74274cc4cb5f90f767fd49deec906372ddc6208ebe83a2835cd8c48d0caefa8d7baaba2722497a8efcc884fac14a773ae2d88e86fa8bd9dd939e1ad14fe84f232a12a91ef5d7a407cfa8c0116778bc70a33c1d6f9c7b257fdd8789937d692b28f40d7548f0c14944d1957e1de8c4df33abc795b1d5d0c66c5e4872438348ed1d75a8e05dd1e1a4936659aa01861419652109a494090d4ba2760d0f434cc414901fb65c1c3782b42452356c5b2477ad1dbb6cf35674aef84e75a4663a45fcefcb5caca0bbd435c1e90d6b572b64cea265c034dd04d1b65300a717cbeb1f795f1a090c374d3a36fddb4b86aefd79b261db641c397e20d9791fc50080521e06dfd0f8e2ec614d96f07e29a1c64c982b52e5795c0ac02f6a6f7093bf4d9b3d974d53c3e6c5da348c1eaa508e75fcec8d9bc657eed5d1a2ffe227bf06c951a9ccb9777a56fda71a", 0x1d6, 0x2}]) 16:59:32 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) socket$inet6(0xa, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 16:59:32 executing program 0: 16:59:32 executing program 2: 16:59:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x0, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:32 executing program 1: 16:59:32 executing program 0: 16:59:32 executing program 2: 16:59:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x0, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:32 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x4, 0x6d, 0x2, 0x0, 0x0}, 0x14) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r0, &(0x7f0000000140), &(0x7f0000000240)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) 16:59:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x4000001, 0x182) r2 = memfd_create(&(0x7f0000000380)='iC;`\xb6p+\x10', 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) dup3(r0, r1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x81805) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x4000001, 0x182) r5 = memfd_create(&(0x7f0000000380)='iC;`\xb6p+\x10', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) sendfile(r4, r5, 0x0, 0x2000005) dup3(r3, r4, 0x0) 16:59:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16:59:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="580000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff0000000008000100736662002c00020028000100"/53], 0x58}}, 0x0) [ 127.130493] binder: 3303:3306 ioctl c018620c 200002c0 returned -1 16:59:32 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) socket$inet6(0xa, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 16:59:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x0, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:32 executing program 2: 16:59:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f00000002c0)={0xbf, 0x0, &(0x7f0000000280), 0xffffffffffffff65, 0x0, 0x0}) 16:59:32 executing program 0: 16:59:32 executing program 4: 16:59:32 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) socket$inet6(0xa, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 16:59:32 executing program 0: 16:59:32 executing program 2: 16:59:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x0, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) [ 127.387179] binder: 3332 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 127.387193] binder: 3332:3334 ioctl c018620c 200002c0 returned -22 16:59:32 executing program 1: 16:59:32 executing program 2: mknod(&(0x7f0000000180)='./file0\x00', 0x1000000000008020, 0x6d2) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) close(r0) 16:59:32 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) socket$inet6(0xa, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 16:59:32 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@remote}, 0x357) 16:59:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x0, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:32 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x4) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="8cff7cf90800000053"], 0x9) tkill(0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) 16:59:32 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 16:59:32 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)="a4ab12f728db4b2b2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf574b763e3062d037dca291318d0a17270bbce74b47888318b04aeb0747555ba16ea10e6ddb915ceb6397e514f3482ca3c22e31ebc6da732ee3d854a1d3b9b3c0887a22cf550250fc7204eaa3d026ef9d3f316f9fb6e05b4eb24d9694ae311", 0x7f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 16:59:32 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) 16:59:32 executing program 4: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2400000002031f001cfffd946fa2830020200a800900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) r1 = socket$inet(0x10, 0x3, 0xc) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, 0x0}, 0x0) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="24000000030307031dfffd946ff20c0020200a0009000100021d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 16:59:32 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) [ 127.643884] SELinux: truncated policydb string identifier [ 127.650853] input: syz0 as /devices/virtual/input/input4 [ 127.666698] SELinux: failed to load policy 16:59:32 executing program 0: clone(0x2007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="d3d2b53c38f19c0400cd8034"], 0xc}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f9be9f303b222957eecbc624877c825255f910c28f5e87a64820546a1ebed562db3bb44f", @ANYRESHEX, @ANYPTR64, @ANYRESOCT, @ANYRES32, @ANYRESHEX, @ANYRESHEX], 0x0, 0x7d}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 127.714399] audit: type=1400 audit(1568307572.953:19): avc: denied { create } for pid=3396 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 127.744214] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 16:59:33 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) 16:59:33 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) [ 127.763520] input: syz0 as /devices/virtual/input/input5 [ 127.774530] audit: type=1400 audit(1568307572.983:20): avc: denied { write } for pid=3396 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 16:59:33 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x175) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000200), 0x4) 16:59:33 executing program 1: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='/\x02roup.stap\x00', 0x2761, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) write(r0, &(0x7f0000000380)='v', 0x1) sendfile(r0, r0, &(0x7f0000002580), 0x7fffffff) sendfile(r0, r0, 0x0, 0x8000) 16:59:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) open(&(0x7f0000021000)='./file0\x00', 0x511083, 0x0) 16:59:33 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:33 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x0, 0x0, 0x100000003, 0x1, 0x0, 0x0, 0x400000000}, 0x20) dup2(r0, r1) [ 127.960378] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 16:59:35 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x81, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x3, 0x6) 16:59:35 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000240)}, 0x20) 16:59:35 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000001c80)=[{{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000040)="2a91", 0x2}], 0x1}}, {{&(0x7f0000000340)={0x2, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f0000001ac0)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xfffffffffffffffd}}], 0x18}}], 0x2, 0x0) 16:59:35 executing program 4: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 16:59:35 executing program 5: socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs, 0x6e) socket$inet_udplite(0x2, 0x2, 0x88) socketpair(0x0, 0x0, 0x0, 0x0) listxattr(0x0, &(0x7f0000000240), 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f00000001c0)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000025c0)) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000200)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) mount(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(0x0, 0x0, &(0x7f00000002c0)='ramfs\x00', 0x0, 0x0) umount2(&(0x7f0000000300)='./file0\x00', 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) 16:59:35 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_MODE={0x8, 0x1, 0x6}]}}}]}, 0x3c}}, 0x0) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000100)=0x8) write$P9_RCLUNK(0xffffffffffffffff, 0x0, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) 16:59:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, 0x0, &(0x7f0000000240)}, 0x20) 16:59:35 executing program 0: clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 130.655671] audit: type=1400 audit(1568307575.893:21): avc: denied { map } for pid=3443 comm="syz-executor.4" path="/dev/ashmem" dev="devtmpfs" ino=5105 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 16:59:35 executing program 1: lstat(&(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r2) lstat(&(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r3) 16:59:35 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, 0x0, &(0x7f0000000240)}, 0x20) 16:59:36 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x108) [ 130.723251] binder: 3464:3465 ioctl c018620c 200002c0 returned -1 [ 130.733329] binder: 3464:3469 ioctl c018620c 200002c0 returned -1 16:59:36 executing program 1: r0 = socket$inet(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000000a00)={&(0x7f0000000440)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f00000009c0)=[@ip_tos_int={{0x14}}], 0x18}, 0x0) 16:59:36 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0xfffffffffffffc6d, 0x20000800, &(0x7f0000000240)={0x2, 0x4e23, @local}, 0x10) getsockopt$inet_buf(r0, 0x0, 0x50, &(0x7f0000000440)=""/4096, &(0x7f0000000000)=0x1000) 16:59:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="7127a50d1e0bcfe47bf070") r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x4800000000000002, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7c0000002400070500"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff000000000a000100636f64656c00000048000200080005000000000008000400000000000800050000000026fa1cc200000000000000050000000000080004000000000008000200000000000800050000000000a802040000000000"], 0x7c}}, 0x0) [ 130.826177] ================================================================== [ 130.833679] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x19d/0x1f0 [ 130.840437] Read of size 2 at addr ffff8881c59fe2b0 by task syz-executor.2/3479 [ 130.847882] [ 130.849515] CPU: 0 PID: 3479 Comm: syz-executor.2 Not tainted 4.14.143+ #0 [ 130.856521] Call Trace: [ 130.859141] dump_stack+0xca/0x134 [ 130.862682] ? tcp_init_tso_segs+0x19d/0x1f0 [ 130.867687] ? tcp_init_tso_segs+0x19d/0x1f0 16:59:36 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x1277, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd01e527e6fd3de45387da0200000000000000e89046e6033a61edb75c8d51fffffaf7f4fdb16e0cdaa4276939a341033400", "7b8ddcc1c891591c411689361613d064716900e70bfed06d00f97c17654ab8a7"}) [ 130.872363] print_address_description+0x60/0x226 [ 130.873977] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 130.877201] ? tcp_init_tso_segs+0x19d/0x1f0 [ 130.877213] ? tcp_init_tso_segs+0x19d/0x1f0 [ 130.877222] __kasan_report.cold+0x1a/0x41 [ 130.877235] ? kvm_guest_cpu_init+0x220/0x220 [ 130.877241] ? tcp_init_tso_segs+0x19d/0x1f0 [ 130.877252] tcp_init_tso_segs+0x19d/0x1f0 [ 130.877258] ? tcp_tso_segs+0x7b/0x1c0 [ 130.877267] tcp_write_xmit+0x15a/0x4730 [ 130.877282] ? memset+0x20/0x40 [ 130.877306] __tcp_push_pending_frames+0xa0/0x230 [ 130.929283] tcp_send_fin+0x154/0xbc0 [ 130.933147] tcp_close+0xc62/0xf40 [ 130.936968] inet_release+0xe9/0x1c0 [ 130.940700] __sock_release+0xd2/0x2c0 [ 130.944595] ? __sock_release+0x2c0/0x2c0 [ 130.948921] sock_close+0x15/0x20 [ 130.952487] __fput+0x25e/0x710 [ 130.955787] task_work_run+0x125/0x1a0 [ 130.959684] exit_to_usermode_loop+0x13b/0x160 [ 130.964285] do_syscall_64+0x3a3/0x520 [ 130.968189] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 130.973373] RIP: 0033:0x4135d1 [ 130.976558] RSP: 002b:00007fff44b13c80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 130.984268] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004135d1 [ 130.991537] RDX: 0000001b2e520000 RSI: 0000000000000000 RDI: 0000000000000003 [ 130.998803] RBP: 0000000000000001 R08: 0000000080e89025 R09: 0000000080e89029 [ 131.006073] R10: 00007fff44b13d60 R11: 0000000000000293 R12: 000000000075bf20 [ 131.013345] R13: 000000000001ff09 R14: 0000000000760450 R15: ffffffffffffffff [ 131.020619] [ 131.022345] Allocated by task 3483: [ 131.025962] __kasan_kmalloc.part.0+0x53/0xc0 [ 131.030437] kmem_cache_alloc+0xee/0x360 [ 131.034479] __alloc_skb+0xea/0x5c0 [ 131.038104] sk_stream_alloc_skb+0xf4/0x8a0 [ 131.042437] tcp_sendmsg_locked+0xf11/0x2f50 [ 131.047285] tcp_sendmsg+0x2b/0x40 [ 131.050813] inet_sendmsg+0x15b/0x520 [ 131.054832] sock_sendmsg+0xb7/0x100 [ 131.058555] SyS_sendto+0x1de/0x2f0 [ 131.062173] do_syscall_64+0x19b/0x520 [ 131.066055] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 131.071225] 0xffffffffffffffff [ 131.074480] [ 131.076104] Freed by task 3483: [ 131.079377] __kasan_slab_free+0x164/0x210 [ 131.083870] kmem_cache_free+0xd7/0x3b0 [ 131.088259] kfree_skbmem+0x84/0x110 [ 131.091967] tcp_remove_empty_skb+0x264/0x320 [ 131.096444] tcp_sendmsg_locked+0x1c09/0x2f50 [ 131.100932] tcp_sendmsg+0x2b/0x40 [ 131.104455] inet_sendmsg+0x15b/0x520 [ 131.108234] sock_sendmsg+0xb7/0x100 [ 131.111926] SyS_sendto+0x1de/0x2f0 [ 131.115707] do_syscall_64+0x19b/0x520 [ 131.119758] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 131.124934] 0xffffffffffffffff [ 131.128192] [ 131.129820] The buggy address belongs to the object at ffff8881c59fe280 [ 131.129820] which belongs to the cache skbuff_fclone_cache of size 456 [ 131.143264] The buggy address is located 48 bytes inside of [ 131.143264] 456-byte region [ffff8881c59fe280, ffff8881c59fe448) [ 131.155073] The buggy address belongs to the page: [ 131.160254] page:ffffea0007167f80 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 131.170216] flags: 0x4000000000010200(slab|head) [ 131.174983] raw: 4000000000010200 0000000000000000 0000000000000000 00000001000c000c [ 131.182857] raw: ffffea0007287c80 0000000300000003 ffff8881dab70400 0000000000000000 [ 131.190716] page dumped because: kasan: bad access detected [ 131.196404] [ 131.198044] Memory state around the buggy address: [ 131.202961] ffff8881c59fe180: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 131.210319] ffff8881c59fe200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 131.217671] >ffff8881c59fe280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 16:59:36 executing program 4: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 16:59:36 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='io.bfq.weight\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) 16:59:36 executing program 1: 16:59:36 executing program 0: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x2, 0xc) write(r2, &(0x7f0000000000)="1f0000000104fffffd3b090007110000f30501000b000100040423ca0000cf", 0x1f) 16:59:36 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x200000001, 0x3, 0x2000000000000009, 0x2, 0x1, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, 0x0, &(0x7f0000000240)}, 0x20) [ 131.225014] ^ [ 131.230529] ffff8881c59fe300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.237889] ffff8881c59fe380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.245842] ================================================================== [ 131.253187] Disabling lock debugging due to kernel taint [ 131.259897] Kernel panic - not syncing: panic_on_warn set ... [ 131.259897] [ 131.267305] CPU: 0 PID: 3479 Comm: syz-executor.2 Tainted: G B 4.14.143+ #0 16:59:36 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd01e527e6fd3de45387da0200000000000000e89046e6033a61edb75c8d51fffffaf7f4fdb16e0cdaa4276939a341033400", "7b8ddcc1c891591c411689361613d064716900e70bfed06d00f97c17654ab8a7"}) 16:59:36 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd01e527e6fd3de45387da0200000000000000e89046e6033a61edb75c8d51fffffaf7f4fdb16e0cdaa4276939a341033400", "7b8ddcc1c891591c411689361613d064716900e70bfed06d00f97c17654ab8a7"}) [ 131.276655] Call Trace: [ 131.280239] dump_stack+0xca/0x134 [ 131.283901] panic+0x1ea/0x3d3 [ 131.287184] ? add_taint.cold+0x16/0x16 [ 131.291542] ? tcp_init_tso_segs+0x19d/0x1f0 [ 131.295998] ? ___preempt_schedule+0x16/0x18 [ 131.300596] ? tcp_init_tso_segs+0x19d/0x1f0 [ 131.305102] end_report+0x43/0x49 [ 131.308992] ? tcp_init_tso_segs+0x19d/0x1f0 [ 131.315489] __kasan_report.cold+0xd/0x41 [ 131.319643] ? kvm_guest_cpu_init+0x220/0x220 [ 131.324139] ? tcp_init_tso_segs+0x19d/0x1f0 16:59:36 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd01e527e6fd3de45387da0200000000000000e89046e6033a61edb75c8d51fffffaf7f4fdb16e0cdaa4276939a341033400", "7b8ddcc1c891591c411689361613d064716900e70bfed06d00f97c17654ab8a7"}) [ 131.328686] tcp_init_tso_segs+0x19d/0x1f0 [ 131.334209] ? tcp_tso_segs+0x7b/0x1c0 [ 131.338210] tcp_write_xmit+0x15a/0x4730 [ 131.342282] ? memset+0x20/0x40 [ 131.345581] __tcp_push_pending_frames+0xa0/0x230 [ 131.350520] tcp_send_fin+0x154/0xbc0 [ 131.354352] tcp_close+0xc62/0xf40 [ 131.357887] inet_release+0xe9/0x1c0 [ 131.361599] __sock_release+0xd2/0x2c0 [ 131.365515] ? __sock_release+0x2c0/0x2c0 [ 131.369663] sock_close+0x15/0x20 [ 131.373117] __fput+0x25e/0x710 16:59:36 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd01e527e6fd3de45387da0200000000000000e89046e6033a61edb75c8d51fffffaf7f4fdb16e0cdaa4276939a341033400", "7b8ddcc1c891591c411689361613d064716900e70bfed06d00f97c17654ab8a7"}) [ 131.376407] task_work_run+0x125/0x1a0 [ 131.380301] exit_to_usermode_loop+0x13b/0x160 [ 131.384888] do_syscall_64+0x3a3/0x520 [ 131.388784] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 131.393970] RIP: 0033:0x4135d1 [ 131.397149] RSP: 002b:00007fff44b13c80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 131.404851] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004135d1 [ 131.412119] RDX: 0000001b2e520000 RSI: 0000000000000000 RDI: 0000000000000003 [ 131.419390] RBP: 0000000000000001 R08: 0000000080e89025 R09: 0000000080e89029 [ 131.426946] R10: 00007fff44b13d60 R11: 0000000000000293 R12: 000000000075bf20 [ 131.434416] R13: 000000000001ff09 R14: 0000000000760450 R15: ffffffffffffffff [ 131.442772] Kernel Offset: 0x39400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 131.453958] Rebooting in 86400 seconds..