[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 11.552715] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.137509] random: sshd: uninitialized urandom read (32 bytes read) [ 40.429830] audit: type=1400 audit(1568503322.646:6): avc: denied { map } for pid=1776 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.471907] random: sshd: uninitialized urandom read (32 bytes read) [ 41.072047] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. [ 46.694941] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/14 23:22:09 fuzzer started [ 46.796421] audit: type=1400 audit(1568503329.016:7): avc: denied { map } for pid=1791 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.602280] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/14 23:22:10 dialing manager at 10.128.0.26:37083 2019/09/14 23:22:10 syscalls: 1347 2019/09/14 23:22:10 code coverage: enabled 2019/09/14 23:22:10 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/14 23:22:10 extra coverage: extra coverage is not supported by the kernel 2019/09/14 23:22:10 setuid sandbox: enabled 2019/09/14 23:22:10 namespace sandbox: enabled 2019/09/14 23:22:10 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/14 23:22:10 fault injection: CONFIG_FAULT_INJECTION is not enabled 2019/09/14 23:22:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/14 23:22:10 net packet injection: enabled 2019/09/14 23:22:10 net device setup: enabled [ 49.958937] random: crng init done INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes 23:23:19 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)) r2 = syz_open_pts(r1, 0x0) dup3(r2, r0, 0x0) 23:23:19 executing program 5: perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:23:19 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000002c0)={@multicast2, @loopback}, 0xc) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r1, &(0x7f0000002c40)=[{{&(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @broadcast}}}], 0x20}}], 0x1, 0x0) 23:23:19 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, 0x0) 23:23:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)="a4ab12f72b454b2b2f2f3ff7ff273b1e89e46f905080af4c90ccb170e60b3a8bf5d35563e3062d037dca291318eda17270bbce74b47888318b04aeb0ba16ea10e6dd728af3c22cb89e44400f9e53b878bdd0b915ceb6397e514f3482ca3c22e31ebce14b64a73d854a", 0x69}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 23:23:19 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)="a4ab12f72b454b2b2f2f3ff7ff273b1e89e46f905080af4c90ccb170e60b3a8bf5d35563e3062d037dca291318eda17270bbce74b47888318b04aeb0ba16ea10e6dd728af3c22cb89e44400f9e53b878bdd0b915ceb6397e514f3482ca3c22e31ebce14b64a73d854a1d3b9b3c0887a22cf550250fc7204eaa3d026ef9d3f316f9fb6e05b4eb24d9694ae311c93e10ff44910738fe2229aad8dc604bb8c133e8382f58f1bd2aa7f74ae63383315926d787838c32a71fd772e5ae946083f89c0a7b9b39630a94050deb366be077733a1cb1a56a2750b57ab3d4220e81b966b0e84a7f0321a9c7eab23fe2", 0xea}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 117.707008] audit: type=1400 audit(1568503399.926:8): avc: denied { map } for pid=1791 comm="syz-fuzzer" path="/root/syzkaller-shm802751914" dev="sda1" ino=16490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 117.740156] audit: type=1400 audit(1568503399.946:9): avc: denied { map } for pid=1842 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 23:23:21 executing program 0: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) fcntl$lock(r1, 0x7, &(0x7f0000000000)={0x1}) unshare(0x400) fcntl$lock(r0, 0x20000000006, &(0x7f00000000c0)) 23:23:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) 23:23:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$inet6(0xa, 0x801, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r1, 0xffeffffefffffffb) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @random="192bce5e2dfb", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 23:23:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="eb3c90696b66732e66617400020401", 0xf}], 0x0, 0x0) [ 119.917811] syz-executor.0 (2463) used greatest stack depth: 22752 bytes left [ 119.978916] FAT-fs (loop0): bogus number of FAT structure [ 120.003133] FAT-fs (loop0): Can't find a valid FAT filesystem [ 120.067226] FAT-fs (loop0): bogus number of FAT structure [ 120.081766] FAT-fs (loop0): Can't find a valid FAT filesystem 23:23:22 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000640)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e2a3166ec21e03c68a60708328e1606a83211bc78be79097861ce52747ac474593d76f9ec5cdd91725cb16e62b4bb027fbb96eab344de0401076c6345a7d32e9fe9ba1e68ac07081a7d1e0ed1eb9e96b41214af554f1831dfd8bd2b466789f4295317d17c138abe5fa9044a44792e9aecfb3f9130ff673786a8ef2b14c4999c29a5713c2fb5e35f2fae0d58b64355a697efd45e36528e57c68a62c6edc7879962e05419c7c5fa64ec92e670821df50d0f3a7312d2120f363954e72ba0322fc4318f819b1e2b1a17fb939a5db9c1a0a83b44abcffc3dd555d4dd30c0a4bd524c29d4d57bc906c012446c99a882162f3f72cce0702d7394288807fe2a308e01adc9bbf2a9cd78fabaa3c10640777e0813726a70df3323924035b235fd39ae4ab08d3f09bd231b38dca4389b098b0d3538dd3ef5bf068c1df8fbe00b", 0x208, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67a", 0x2a, 0x0, 0x0, 0x0) 23:23:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0) 23:23:22 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 23:23:24 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) preadv(r1, &(0x7f00000015c0)=[{&(0x7f00000000c0)=""/4, 0x4}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='\x00\x00\x00\x00\x00\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xc9\x82)\xc8]\xbeqAq\xdfi\x9f\xa7_b\xe0\xa6u.\x1c\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x930x0}) syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 23:23:27 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x0, 0x70, 0x0, 0xbfbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0xce3, 0x9, 0x0, 0x7fff, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}, 0x0, 0x0, 0x5, 0x3, 0x0, 0x9, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x9) accept(0xffffffffffffffff, &(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getdents(0xffffffffffffffff, &(0x7f0000000340)=""/199, 0x188) getdents(0xffffffffffffffff, 0x0, 0x0) 23:23:27 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000000)) ioprio_set$pid(0x2, 0x0, 0x0) 23:23:27 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x40000008001, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x4a8bc4e8, 0xa, 0x8, 0x1}) 23:23:27 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)={0x14, 0x40000000000016, 0xffffffffff7ffffd, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) 23:23:27 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x40000008001, 0x0) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x4a8bc4e8, 0xa, 0x8, 0x1}) 23:23:27 executing program 4: write$P9_RWALK(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="300000006f000003000000000200000000000000000000000000000000e3ffffff000000d4"], 0x25) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)='ext4\x00') setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f00000002c0)={0x20, {{0xa, 0x0, 0x0, @empty}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x108) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab31, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 124.997020] audit: type=1400 audit(1568503407.216:10): avc: denied { create } for pid=2834 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 125.037022] capability: warning: `syz-executor.0' uses 32-bit capabilities (legacy support in use) 23:23:27 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)="a4ab12f72b454b2b2f2f3ff7ff273b1e89e46f905080af4c90ccb170e60b3a8bf5d35563e3062d037dca291318eda17270bbce74b47888318b04aeb0ba16ea10e6dd728af3c22cb89e44400f9e53b878bdd0b915ceb6397e514f3482ca3c22e31ebce14b64a73d854a1d3b9b3c0887a22cf550250fc7204eaa3d026ef9d3f316f9fb6e05b4eb24d9694ae311c93e10ff44910738fe2229aad8dc604bb8c133e8382f58f1bd2aa7f74ae63383315926d787838c32a71fd772e5ae946083f89c0a7b9b39630a94050deb366be077733a1cb1a56a2750b57ab3d4220e81b966b0e84a7f0321", 0xe4}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 23:23:27 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x40000008001, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0xa, 0x8, 0x1}) [ 125.082467] audit: type=1400 audit(1568503407.246:11): avc: denied { write } for pid=2834 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 23:23:27 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0xa, 0x8}) 23:23:27 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) mount(&(0x7f0000000040)=@nullb='[:\n:]:0::::\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 125.144901] FAT-fs (loop1): codepage cp437 not found 23:23:27 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)) [ 125.205122] EXT4-fs (loop4): Unrecognized mount option " " or missing value [ 125.221499] EXT4-fs (loop4): failed to parse options in superblock: [ 125.230751] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 23:23:27 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) ioctl$int_in(r1, 0x5421, &(0x7f0000000000)=0x1000) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) [ 125.276737] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 125.297500] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 23:23:27 executing program 2: clone(0x10a0100, 0x0, 0x0, 0x0, 0x0) 23:23:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:23:27 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) preadv(r1, &(0x7f00000015c0)=[{&(0x7f00000000c0)=""/4, 0x4}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='\x00\x00\x00\x00\x00\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xc9\x82)\xc8]\xbeqAq\xdfi\x9f\xa7_b\xe0\xa6u.\x1c\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x930xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:23:33 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x40000008001, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) 23:23:33 executing program 4: 23:23:33 executing program 0: 23:23:33 executing program 5: 23:23:33 executing program 4: 23:23:33 executing program 3: 23:23:33 executing program 5: 23:23:33 executing program 0: 23:23:33 executing program 1: 23:23:33 executing program 4: 23:23:33 executing program 5: [ 131.306398] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 131.344951] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 23:23:33 executing program 2: r0 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000580)={0x8, "c0c814a55b6300d28afc61ac7dd1ffb869b761e8e53ee36e4be89e9fea175523e4468dec44bf8b5473c7a5062b4ede67dcb24cb9484ccfff2b3a70befc56e8ab2eee3483f5bf78c16beac035b700eb84e2216f268d02b717d2046c273814475b412437f7dc08a13a55d3c02132999dfd9fe80b750eff4d7c1da975b3835602728ae09e72527fcee19377e29c6c19e1ccce0f75e0e54001e3e83e473fa3d37eca8be1b3de565571e0e84f310c11fa8616068113b038aaa5c69967699fc2aa41c6f26fc22cf68e3577242c9b4ca20fab9de5885e0648fbd7af089b05f38f152d2f8144461608733c567b6dc5d2a07022c3764565c85abcfd99dd7a85e58939278235d50e8b321be7dbaa5141e097c28364fad2f713d666ca94f4e429687fcabb72aceeaf8abe5b506d98dc393b6e97492d785ead0ca2953f92c4d2b2c9f616e3d98b36be55a923fc5892413f7a3b615cec89b52e0ecdcee0aa5af72bcbb91b4bade7435dd8b529feaf13f8b48fcaca5952235d2e909f8831d8ca05a0daa3f6c581f388e0c1879b41fe63ef3d122bd0c5acd4fb07b96797918791075ae7383bb1bbdea574b31301ff37ecc45671ee2e7fc55bf6244025d1fd82dca56a42a23aa826a0b1e102bd87893ddc05649304eb1866c796e46e0d57f552bd572891ef892918bb2e7f2c6bcf68f388ea0c50f48c06de1b46b1434cdf25ca1288ebabe2a33d1c6effb77f91ef75471e93952caeda8ac2b2677e46d62b8366922d093832bccb949e177b4417864812d22972d81d89158288b5318d017329d4e8f66273abf74c434f318ebf32c7629342a85336387231b1e579d57cff0b125bef9dddf0fc33f71cb59d5a8972cda06ba6bba4a89cb8d3b465492c431698984998b2979ea61fed3d99b049724f2bdda5a0700ccb28825da1343f41290e569a6d38d4ae3968147cf39b097efd78e058fc71523c12e724bf93dc4ecc02b5cb18d13b59ec8f85368ac1ea93ed0149c60c53569dc69cdb3f37470eab26ef010b03a7e651b9e8e9065da347660836eddb3988c9a0f394aad055f727310f646d6cb35131d02aaf24735792bfce250798bebf0d1a4495fca568b9449e81afef2937b50faf873257d7efa07d31759474d50ca2a7922e79ab47dd59b11dfd1ec43fef3551aed81d01ee4ab997c6cecc39013dcaa442aec803e4cebbc288b4f9e87b30613f0ec88ddc6f60f56787f4040897e6e6bdac317d74b27f97f2efadb031f03c61954fd0232373582b7fa315d3eb9f67053126d2ed0636f04d669c47bdeb078fbda177533902e20b5ce9d8f395ea4c0aaf2cae774fe99bc40105a9ca184bcb598ab2f49c1df62d32d1a6d73a26812cb47a2ccaf0e9b759df89ad1e18238d897b9fd658f6786a92a0c12bd0ee6dad8a430a67962363e5b9afb3329e4f1f6fcd7e63cb8f24872bcf5b8c349d9ce423666ca39f16884219dea338b388e40f4ad996419cb3858637364d8e5af67f846d77b2749115131a3642ef56681315e4a2cbca5e60febabf693570f515e09c2a8994a8e2be3cba28118ef429d4de781118182607dd2c2d5aaba621ea29c140338bd8f1787fd2a3f43bb7fa22a8ce053adb331a4c78eab569af317e14360a6bf1c8b7394f34bfc1a941ac88dab334d5a2d45fc83bee28884698fd82339c972a06efb369220049ca89727513bd4262ad6f94f55f659ec98b684b1d92e1b6a303548a196cc5316e9845baaf01e737ef047d3d1ac4fe13de618e8fd6471c225e688b73b866213f4765c1a1ecf041f66a11177b0425b0423c455dccfa35a34f3b1c4c9850267bd41dcc366f4f8fef6982699e9aee7f3edff90217c84f6865234676e65911e5e99739792161766e959d061d6e86797b595ae3cffc043da0929dce1b4bd27e04532800f14f69398a681d46f00197f547fa138e676a4c84e586e9a2037faad7d7342221c229ff13606688ab70305dc28d01270604fbcb2b5777541e637a10e7d6c2dfa76461b18c8b303234282f31b7ed8afd0cdcc3978c6520a182000ea312296c7d9df08c2a67b944bc519113822014a831c8d6a7f8d26a7a443666b6077bdc1c11cf47001bcbb484d163543445c77a02140191bbb813da818b4dc3ef1ca420f624e5cb67c48024aeb8691b549202750899938067a3ad49da19e9fffc6486b3525fba8b2ff991fb3b4c1a536818f2dad96f713ac264a22136c6a3a9eacb4f69ab08cfe2b971a7d916833c6a0370d4b0bc428db2e4b4013899668b73caf9c983e2f07e46b4b5b4f0d231edee8b1951e1d0e34c881d1fc5c6be05b92b13680398e7109bd18048f0bd980fceb24e59411873e7a8a7f95f4da2ba5c082fdda710361e163a213a3dbb82c08a69020545da4636c09a67cd962182a011cf5eb1c3d999abc7b834ee518bb53afe19941927ca190699abf79c334c52e206fc851deb7398947ad5bd125ef3f51349497142e921c85506c739f6319ae0eb8e3c551ceb7e16afc2d6aad36841ed8eb560ef984ee5e00f1ead2c646546b3c145e3700b07fc257551641cf3dcb76a8b3cc75994f2c3eb521cea22d64c8b72b2de506fde8185b70b4707b7f571668a5925ca21e605904d7c896a5d7290b9c4fc75ecc7ddbbd7f6f003a74f53d1a5432e0377a3efce1e7ac61e36dc13aeea57400d4d3986db3fccb6edaf83f86daeb42f416f58c502e74178e013b399d0b155e0df86b40b5f3f2ab0ad61c90870cee340c07977b55622699101e5372677dd4e208fa6b5d4834a2d6f37b2ead107218aa0e702d1f6a60bd4ad3a2e22807237129fdc02993ef1fffe3c285bd4f7b093b2da8d772ce2df7874bf9b7fd0893eb66a4931acc38129bfe4a8fc6b28ea83bcca1220b66c86d4d90914bb9e9a425fce618f11b66f93aa78515eac0f3956cb1e8b6f12d7f6f22c1ca5563e280b15c64732aec2a37d6010cee0fd2263ea3ea2011043153284b4a5fc87cc0dd8c36f084ce715a6e9ba3e8b2586726255d122f2b5677d6590405ae031df8f83840ef3011a7f5d18037407758270d980aa65d5a4aa26a35a61b65178b6183b282771e89a8fe47bd3ea5a23146b924a47c3cc2540a9c8d91d4a8924e010fb6d3e60457e0aa86749cc3444707fda055a0f489aecda68af7f0d7d31cf25641a10bcc0d00996cddf9059121639fa3ff2e5490bae6b702fcf226d8e50f27f0973e5e4cf543445524d0fe3bd55d3f215978bfabcba0d44c076f5b333b2095c70f6a5426338bf0c065ddce27f6730606d84d1ccef8cebcd15085fa8a5d0975dc47eeb09a4ab6da21d01916c97f4e266c4b01f2bfb3b6a08bb5a7cf834e56782d824e7c55b591cd883ed9e806a4f7033bbab49a2b8ab2cb0f6da9d76968208236b35a51f8eba3769a676ad60d69c475706a630f3a078ebaa6ba5bc25719867cb61d48cc3a381b261165c04f3c93f37d72fc15f43df1de34e24e80a46f5d15fb362e71cb4a5365dde04a53dc5e42745fbd601ff148db416244dd76ac16f24138ef9a02491eb5b48d731a8bdcd46040d0ff11a07c040b83db84bfd21ffb1d818203cb7d3f8fca47f1dc510afa8219ab031aaba2147aed7c50228930e895a72abf55ca6997131e231ea92e0059b680735548adf2d572c3540e096a644deb3750e3b341bbeffee70ff22e0b4e56142e4c1965c01a646dd9b5b0055f88f08987ad45adb844b9ffc84792073048c28bcb60f2666802052ee45dcd9a2950d55ecf0234a3dcf67e83cfa0bfb1285eb54e6292d8075c9e1b459e48556f416898557c9c864fc5de459feb53e33dd1a6860a2d1a836ab5ff6efaee123b3715a7137787ee4345efbce38074e262f363a8ff400345c8539d44a7286c7291246810bce063f0877db6585842380b530a4aaef6e36779a95fed220cef6c1fff2fdd5031f83987dc3282d432f322852cc9dc6d00c59d5ed83b386ff97c521e528e59f2df932467ac02d17f8818c2de26d69725f42cecaf186fab7b6e10b1ebd9a9a12ed83cd382d9a6f9a9bed2736cb0ec0260057f5ec704d2e1a64caad59e02ff2022174b23564cb0942e6769b12e0ae4d65dc4c5e6b6ceaf2667e085909c93a9768b7bfdac612801c0bc3848bad51e2367f788cbd1c5091ce0e9c567528c72003712e91247d87f1ff60d3865fc687a35886822079392f8d151b89e09469bef98e59139c460a53805a93245148cbb9a6a010dadc87e9b1a0e0a89e87e433ff1c0ad4b125760858c8badff4d82cbd31cf88f3e2e16a4e960e1e0b5825fc0f2b21d660cf60069d43fb6a8a96c44fa922164f02c9cd5ebb6fad848871224d157777b5a70dc6deb988506bd03aa4ce2200e9ce23641221784250c22d2c8635a3512f45d433cf66e158eb261f48a23d54f5ef4358df3487da471eb5775bdba565ee170be126b2300d0dad050212606f2d77a63fa2ab430e62670e852b89944e611509415bee36bf0961c8918bd8b0eb8af45b1a9d0420c7101a9c5f4a63efb9cc8de7897b5e2b02cb5885ad8d0d8ac7754ba8d4e9d37175e614e3f3a6a7b122bbc6dd9ce78f1b9a4e940a1160bb85650d8932fe1a82d0525630ba017be5129625a45c3cae66c7cdaa33ee704791db81ef2e11a2f528974fa388cd929c934dbdb21425e6117839ab33b2926b036457db3a43083c3ec17231aed4ee5b607a45a5735c9470c03a424b43efcea953c078717344aeb1449c0dfa3a3ec224b542c16cf735466bdaf26b522aef1db547b14f07ebd4f5da34426a46007757be47ed3f643c47f2c4467762cd049d6f4cf8a78d04f8318bdedcee80871e91c0330499d88254555c456d9bde8a892394267eac15c230cf7e7ba19ebc01b1905c80476de3cea8258f6d0820d159f4aa8a37fb378b2685da4e0e89d253187219869f1157bbe4a8a43eabf65e86a6d9b21e25d91c43c3036914427833ed87073886719069148e2e47219bb5da5d9664d64dc5c4ff71c0e808dadbb53a23e41e3c02fd0c9e0704490f3283d1864d15d795882e6522f31445556cab6832f273dac0c7aef4e3f8c09a34d1624fdb087d852f2e827fb2c3105f1afda54b9dc12cfde3cf7747daa5ac70904e82636a13155303f9a1198d6e7f9dc7be394ebc5db9e8380e290e6cae5f320caa56aa94490789fce2e2540b3de8865396f58e14d61d3cb122f7bd1af5a27c6fe733eba3cc39106efc906ea967fb833e2480aa80bd56ccd9e5c25304e2b8135f1453af70059e599cb67bc8eaaa38c39768e74d3da8aba0135f0192d7ddf0149ce62f353b0360251f1f88b272c6e85b4ee4e0563a6de80de83749af6e6aa4d80cab7031aff3f7e8d0c9114940549f828a62be9fd6a16db001369728b4b93d4ecf91563ae03def3ca4e9900a97657c4ff1e41c5742fb3329ba882ed61645aedb22f2543b83cd4007e5d228697a48064acc32ece41f2d5ead3f31a9689249e8b4bb57ac0b136b6c60ec531708235b94db823344aafbb9b79e21959635664b2193c3add0b28767906b7ba4118e6548e9a23b49e9181dc6f7dc7857425c9ab1b1451bc4572fd060190d0b5a76b8368b68e72a212bd0f89d0778d293b1d32f155f30c9aafe7215d2e746ea8f2c73a30bcd8c093a489519b60616b15afe69074ee77fb65caf5faf0aad49106057a91fdcd622a07ac21eb5c221f2e65323228af41b3eb894517c34c4f60ba20fb6f6c4309a7357884c0eeeb0a4874550107f2d0ffdc412f86bdf712f96183b3932cfb4da3f179cde1a288df9af09c243fae8c67b0d208d9cdb7adde8d5e548e0624b19da4818ef656b88280a", 0x1000}, 0x10000005c) chown(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) 23:23:33 executing program 0: 23:23:33 executing program 3: 23:23:33 executing program 1: 23:23:33 executing program 5: 23:23:33 executing program 4: [ 131.365886] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 131.386345] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 23:23:33 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000140)="7312334f6743a747f8bf09abec", 0xd, 0x8800, &(0x7f00000000c0)={0x2, 0x100000000004e23, @remote}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000100)='\x00', 0x38, 0x4088, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 23:23:33 executing program 0: 23:23:33 executing program 5: 23:23:33 executing program 1: 23:23:33 executing program 4: 23:23:33 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x4, r1, 0x0, 0x0) 23:23:34 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd0\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7\x95\xaeV\x0f\x9e\xed\x13\xc6H\v\xb7\xd0g!`\x18\x0f\x99\xadD-\xc8{\xbc\xb2\xb9Y\xe2P\x9b\xec\x1e_\xb4\x01\xf1\x1e\xa8\xf8\xdf?#p-\xbd3\"L\xe5\x7f\nC\x00}\x0eb\xbc\xa4}\x93\x9a\t\xf4\xfa\xbew D\x00\xb0Z\xc0\x1a\xf9\x924\a\x1c4\xfa\xe4\xe2\x8e\xe8\x19\x00\x05\xb7\xd51)\b\xf2#[-\xbf\x7f\x10\x14vy\x86\x85\xa4W\r\xe8i\x95\xc9\xe6\xf8\a\xd8\xe2\xdf\xc8\x97\xa2\b{b\xca\x95u:\v\x97\b\r@g\x80\x8d_\x18y\xd1\x8d\xc1)U`\xb9\xe2\xd7\x88\xc2\xaf\xdc\xc1\xda\xcc\xca\x9a\v\xact8Z\x1c\x06\x1b\xdf\xb5\xc1\"\x05,Yw\vP\xcc\xfa\xf9\x9f<\xbd\x1c\x1a\xcb*\x06\xb7\xcd\x7f\xba\xadr\xbb/\"2p\xf8\b\x1e\x04\xac*\x88\xb0\xa7\xc6\xb4M\x97n\xdck\xd1\\\x9f\x9d\x1a4 Y\xac\xcb\xf9f\xcf>qd\vn:\x12\xc0\xdca\xfd\x8d\x9dL\x92\x17\x8fe\xd1\xaa$\x12\x02R\x96t?\x9a\x1a') r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(r1, r0, 0x0, 0x800) 23:23:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)="a4ab12f72b454b2b2f2f3ff7ff273b1e89e46f905080af4c90ccb170e60b3a8bf5d35563e3062d037dca291318eda17270bbce74b47888318b04aeb0ba16ea10e6dd728af3c22cb89e44400f9e53b878bdd0b915ceb6397e514f3482ca3c22e31ebce14b64a73d854a1d3b9b3c0887a22cf550250fc7204eaa3d026ef9d3f316f9fb6e05b4eb24d9694ae311c93e10ff44910738fe2229aad8dc604bb8c133e8382f58f1bd2aa7f74ae63383315926d787838c32a71fd772e5ae946083f89c0a7b9b39630a94050deb366be077733a1cb1a56a2750b57ab3d4220e81b966b0e84a7f0321a9c7eab23fe2f5fbed25ecfdc81a031cbcf3b2f1c988a84918b4274a759875e3872d198bd2d497", 0x10b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 23:23:34 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="ea004000000000008741aa34b2e8744c8a10f4a4d57b2d877ec5a07b209539e64169d6b720e7565e9509647ed7e253afff27932aabefc217ac500195009d55c4a6de3aba2603"], 0x8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) write$P9_RSTAT(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="8200"/24], 0x18) 23:23:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000400)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x1) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) epoll_create1(0x0) r2 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0) r4 = accept4$unix(r3, &(0x7f00000002c0), 0x0, 0xc00) setsockopt$packet_tx_ring(r1, 0x107, 0xd, 0x0, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$getown(r4, 0x9) fcntl$setpipe(r6, 0x407, 0x0) write(r6, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000003c0)=0x0) ptrace$setopts(0x4206, r8, 0xffff, 0x100030) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r7+30000000}, 0x0) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 23:23:34 executing program 5: socket$unix(0x1, 0x0, 0x0) r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x82, 0x0) ioctl$TIOCGSID(r1, 0x5429, 0x0) sched_setaffinity(0x0, 0xfe75, &(0x7f00000002c0)=0x8000009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(r2, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) r4 = dup3(r3, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$BLKBSZSET(r4, 0x40081271, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = getpgrp(0x0) getpgid(0x0) getpgid(r5) r6 = getpgrp(0x0) write$cgroup_pid(r0, 0x0, 0x0) r7 = getpgrp(r6) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$P9_RCREATE(r1, 0x0, 0xeb) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) capget(0x0, 0x0) r8 = socket$inet6(0xa, 0x400000000001, 0x0) r9 = dup(r8) ptrace$setregset(0x4205, r7, 0x201, &(0x7f0000000240)={0x0}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) ptrace$setregset(0x4205, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) io_setup(0x0, 0x0) io_cancel(0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r8, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback, 0x81}, 0x1c) sendto$inet6(r8, 0x0, 0x88, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r10 = open(&(0x7f0000000100)='./bus\x00', 0x141046, 0x0) ftruncate(r10, 0x2007fff) sendfile(r9, r10, &(0x7f0000d83ff8), 0x8000fffffffe) 23:23:34 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$inet6(0xa, 0x80001, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$bt_hci(r1, 0x0, 0x60, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x44) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2f) wait4(0x0, 0x0, 0x0, 0x0) 23:23:34 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000002c0)={@multicast2, @loopback}, 0xc) close(r0) [ 131.942273] kasan: CONFIG_KASAN_INLINE enabled [ 131.947326] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 131.957760] general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 131.964625] Modules linked in: [ 131.967819] CPU: 0 PID: 3050 Comm: syz-executor.5 Not tainted 4.14.143+ #0 [ 131.974823] task: 000000009377eff8 task.stack: 000000006e27b5e6 [ 131.980882] RIP: 0010:do_tcp_sendpages+0x33c/0x1780 [ 131.985880] RSP: 0018:ffff8881c58b76a8 EFLAGS: 00010206 23:23:34 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd0\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7\x95\xaeV\x0f\x9e\xed\x13\xc6H\v\xb7\xd0g!`\x18\x0f\x99\xadD-\xc8{\xbc\xb2\xb9Y\xe2P\x9b\xec\x1e_\xb4\x01\xf1\x1e\xa8\xf8\xdf?#p-\xbd3\"L\xe5\x7f\nC\x00}\x0eb\xbc\xa4}\x93\x9a\t\xf4\xfa\xbew D\x00\xb0Z\xc0\x1a\xf9\x924\a\x1c4\xfa\xe4\xe2\x8e\xe8\x19\x00\x05\xb7\xd51)\b\xf2#[-\xbf\x7f\x10\x14vy\x86\x85\xa4W\r\xe8i\x95\xc9\xe6\xf8\a\xd8\xe2\xdf\xc8\x97\xa2\b{b\xca\x95u:\v\x97\b\r@g\x80\x8d_\x18y\xd1\x8d\xc1)U`\xb9\xe2\xd7\x88\xc2\xaf\xdc\xc1\xda\xcc\xca\x9a\v\xact8Z\x1c\x06\x1b\xdf\xb5\xc1\"\x05,Yw\vP\xcc\xfa\xf9\x9f<\xbd\x1c\x1a\xcb*\x06\xb7\xcd\x7f\xba\xadr\xbb/\"2p\xf8\b\x1e\x04\xac*\x88\xb0\xa7\xc6\xb4M\x97n\xdck\xd1\\\x9f\x9d\x1a4 Y\xac\xcb\xf9f\xcf>qd\vn:\x12\xc0\xdca\xfd\x8d\x9dL\x92\x17\x8fe\xd1\xaa$\x12\x02R\x96t?\x9a\x1a') r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(r1, r0, 0x0, 0x800) 23:23:34 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd0\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7\x95\xaeV\x0f\x9e\xed\x13\xc6H\v\xb7\xd0g!`\x18\x0f\x99\xadD-\xc8{\xbc\xb2\xb9Y\xe2P\x9b\xec\x1e_\xb4\x01\xf1\x1e\xa8\xf8\xdf?#p-\xbd3\"L\xe5\x7f\nC\x00}\x0eb\xbc\xa4}\x93\x9a\t\xf4\xfa\xbew D\x00\xb0Z\xc0\x1a\xf9\x924\a\x1c4\xfa\xe4\xe2\x8e\xe8\x19\x00\x05\xb7\xd51)\b\xf2#[-\xbf\x7f\x10\x14vy\x86\x85\xa4W\r\xe8i\x95\xc9\xe6\xf8\a\xd8\xe2\xdf\xc8\x97\xa2\b{b\xca\x95u:\v\x97\b\r@g\x80\x8d_\x18y\xd1\x8d\xc1)U`\xb9\xe2\xd7\x88\xc2\xaf\xdc\xc1\xda\xcc\xca\x9a\v\xact8Z\x1c\x06\x1b\xdf\xb5\xc1\"\x05,Yw\vP\xcc\xfa\xf9\x9f<\xbd\x1c\x1a\xcb*\x06\xb7\xcd\x7f\xba\xadr\xbb/\"2p\xf8\b\x1e\x04\xac*\x88\xb0\xa7\xc6\xb4M\x97n\xdck\xd1\\\x9f\x9d\x1a4 Y\xac\xcb\xf9f\xcf>qd\vn:\x12\xc0\xdca\xfd\x8d\x9dL\x92\x17\x8fe\xd1\xaa$\x12\x02R\x96t?\x9a\x1a') r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(r1, r0, 0x0, 0x800) [ 131.991230] RAX: 000000000000000f RBX: 0000000000000000 RCX: 0000000000008ebb [ 131.998507] RDX: ffffffff8252c8ca RSI: ffffc90000d55000 RDI: 0000000000000078 [ 132.005775] RBP: 0000000000005580 R08: 0000000000028000 R09: ffffed103a64e728 [ 132.013178] R10: ffffed103a64e727 R11: ffff8881d327393f R12: ffffea00066d8340 [ 132.020453] R13: dffffc0000000000 R14: ffff8881d3273700 R15: 0000000000028000 [ 132.027727] FS: 00007f44a0f56700(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000 [ 132.035949] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 23:23:34 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd0\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7\x95\xaeV\x0f\x9e\xed\x13\xc6H\v\xb7\xd0g!`\x18\x0f\x99\xadD-\xc8{\xbc\xb2\xb9Y\xe2P\x9b\xec\x1e_\xb4\x01\xf1\x1e\xa8\xf8\xdf?#p-\xbd3\"L\xe5\x7f\nC\x00}\x0eb\xbc\xa4}\x93\x9a\t\xf4\xfa\xbew D\x00\xb0Z\xc0\x1a\xf9\x924\a\x1c4\xfa\xe4\xe2\x8e\xe8\x19\x00\x05\xb7\xd51)\b\xf2#[-\xbf\x7f\x10\x14vy\x86\x85\xa4W\r\xe8i\x95\xc9\xe6\xf8\a\xd8\xe2\xdf\xc8\x97\xa2\b{b\xca\x95u:\v\x97\b\r@g\x80\x8d_\x18y\xd1\x8d\xc1)U`\xb9\xe2\xd7\x88\xc2\xaf\xdc\xc1\xda\xcc\xca\x9a\v\xact8Z\x1c\x06\x1b\xdf\xb5\xc1\"\x05,Yw\vP\xcc\xfa\xf9\x9f<\xbd\x1c\x1a\xcb*\x06\xb7\xcd\x7f\xba\xadr\xbb/\"2p\xf8\b\x1e\x04\xac*\x88\xb0\xa7\xc6\xb4M\x97n\xdck\xd1\\\x9f\x9d\x1a4 Y\xac\xcb\xf9f\xcf>qd\vn:\x12\xc0\xdca\xfd\x8d\x9dL\x92\x17\x8fe\xd1\xaa$\x12\x02R\x96t?\x9a\x1a') r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(r1, r0, 0x0, 0x800) 23:23:34 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd0\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7\x95\xaeV\x0f\x9e\xed\x13\xc6H\v\xb7\xd0g!`\x18\x0f\x99\xadD-\xc8{\xbc\xb2\xb9Y\xe2P\x9b\xec\x1e_\xb4\x01\xf1\x1e\xa8\xf8\xdf?#p-\xbd3\"L\xe5\x7f\nC\x00}\x0eb\xbc\xa4}\x93\x9a\t\xf4\xfa\xbew D\x00\xb0Z\xc0\x1a\xf9\x924\a\x1c4\xfa\xe4\xe2\x8e\xe8\x19\x00\x05\xb7\xd51)\b\xf2#[-\xbf\x7f\x10\x14vy\x86\x85\xa4W\r\xe8i\x95\xc9\xe6\xf8\a\xd8\xe2\xdf\xc8\x97\xa2\b{b\xca\x95u:\v\x97\b\r@g\x80\x8d_\x18y\xd1\x8d\xc1)U`\xb9\xe2\xd7\x88\xc2\xaf\xdc\xc1\xda\xcc\xca\x9a\v\xact8Z\x1c\x06\x1b\xdf\xb5\xc1\"\x05,Yw\vP\xcc\xfa\xf9\x9f<\xbd\x1c\x1a\xcb*\x06\xb7\xcd\x7f\xba\xadr\xbb/\"2p\xf8\b\x1e\x04\xac*\x88\xb0\xa7\xc6\xb4M\x97n\xdck\xd1\\\x9f\x9d\x1a4 Y\xac\xcb\xf9f\xcf>qd\vn:\x12\xc0\xdca\xfd\x8d\x9dL\x92\x17\x8fe\xd1\xaa$\x12\x02R\x96t?\x9a\x1a') r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(r1, r0, 0x0, 0x800) 23:23:34 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd0\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7\x95\xaeV\x0f\x9e\xed\x13\xc6H\v\xb7\xd0g!`\x18\x0f\x99\xadD-\xc8{\xbc\xb2\xb9Y\xe2P\x9b\xec\x1e_\xb4\x01\xf1\x1e\xa8\xf8\xdf?#p-\xbd3\"L\xe5\x7f\nC\x00}\x0eb\xbc\xa4}\x93\x9a\t\xf4\xfa\xbew D\x00\xb0Z\xc0\x1a\xf9\x924\a\x1c4\xfa\xe4\xe2\x8e\xe8\x19\x00\x05\xb7\xd51)\b\xf2#[-\xbf\x7f\x10\x14vy\x86\x85\xa4W\r\xe8i\x95\xc9\xe6\xf8\a\xd8\xe2\xdf\xc8\x97\xa2\b{b\xca\x95u:\v\x97\b\r@g\x80\x8d_\x18y\xd1\x8d\xc1)U`\xb9\xe2\xd7\x88\xc2\xaf\xdc\xc1\xda\xcc\xca\x9a\v\xact8Z\x1c\x06\x1b\xdf\xb5\xc1\"\x05,Yw\vP\xcc\xfa\xf9\x9f<\xbd\x1c\x1a\xcb*\x06\xb7\xcd\x7f\xba\xadr\xbb/\"2p\xf8\b\x1e\x04\xac*\x88\xb0\xa7\xc6\xb4M\x97n\xdck\xd1\\\x9f\x9d\x1a4 Y\xac\xcb\xf9f\xcf>qd\vn:\x12\xc0\xdca\xfd\x8d\x9dL\x92\x17\x8fe\xd1\xaa$\x12\x02R\x96t?\x9a\x1a') r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(r1, r0, 0x0, 0x800) [ 132.041829] CR2: 000000000075c000 CR3: 00000001c5a06003 CR4: 00000000001606b0 [ 132.049107] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 132.056379] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 132.063648] Call Trace: [ 132.066249] ? sk_stream_alloc_skb+0x8a0/0x8a0 [ 132.070852] tcp_sendpage_locked+0x81/0x130 [ 132.075183] tcp_sendpage+0x3a/0x60 [ 132.078813] inet_sendpage+0x197/0x5d0 [ 132.082705] ? tcp_sendpage_locked+0x130/0x130 [ 132.087291] ? inet_getname+0x390/0x390 23:23:34 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd0\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7\x95\xaeV\x0f\x9e\xed\x13\xc6H\v\xb7\xd0g!`\x18\x0f\x99\xadD-\xc8{\xbc\xb2\xb9Y\xe2P\x9b\xec\x1e_\xb4\x01\xf1\x1e\xa8\xf8\xdf?#p-\xbd3\"L\xe5\x7f\nC\x00}\x0eb\xbc\xa4}\x93\x9a\t\xf4\xfa\xbew D\x00\xb0Z\xc0\x1a\xf9\x924\a\x1c4\xfa\xe4\xe2\x8e\xe8\x19\x00\x05\xb7\xd51)\b\xf2#[-\xbf\x7f\x10\x14vy\x86\x85\xa4W\r\xe8i\x95\xc9\xe6\xf8\a\xd8\xe2\xdf\xc8\x97\xa2\b{b\xca\x95u:\v\x97\b\r@g\x80\x8d_\x18y\xd1\x8d\xc1)U`\xb9\xe2\xd7\x88\xc2\xaf\xdc\xc1\xda\xcc\xca\x9a\v\xact8Z\x1c\x06\x1b\xdf\xb5\xc1\"\x05,Yw\vP\xcc\xfa\xf9\x9f<\xbd\x1c\x1a\xcb*\x06\xb7\xcd\x7f\xba\xadr\xbb/\"2p\xf8\b\x1e\x04\xac*\x88\xb0\xa7\xc6\xb4M\x97n\xdck\xd1\\\x9f\x9d\x1a4 Y\xac\xcb\xf9f\xcf>qd\vn:\x12\xc0\xdca\xfd\x8d\x9dL\x92\x17\x8fe\xd1\xaa$\x12\x02R\x96t?\x9a\x1a') r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) sendfile(r1, r0, 0x0, 0x800) [ 132.091268] kernel_sendpage+0x84/0xd0 [ 132.095161] sock_sendpage+0x84/0xa0 [ 132.098882] pipe_to_sendpage+0x23d/0x300 [ 132.103030] ? kernel_sendpage+0xd0/0xd0 [ 132.107094] ? direct_splice_actor+0x160/0x160 [ 132.111688] ? splice_from_pipe_next.part.0+0x1e4/0x290 [ 132.117058] __splice_from_pipe+0x331/0x740 [ 132.121386] ? direct_splice_actor+0x160/0x160 [ 132.125971] ? direct_splice_actor+0x160/0x160 [ 132.130555] splice_from_pipe+0xd9/0x140 [ 132.134615] ? splice_shrink_spd+0xb0/0xb0 [ 132.138856] ? splice_from_pipe+0x140/0x140 [ 132.143179] direct_splice_actor+0x118/0x160 [ 132.147592] splice_direct_to_actor+0x292/0x760 [ 132.152262] ? generic_pipe_buf_nosteal+0x10/0x10 [ 132.157108] ? do_splice_to+0x150/0x150 [ 132.161089] ? security_file_permission+0x88/0x1e0 [ 132.166147] do_splice_direct+0x177/0x240 [ 132.170290] ? splice_direct_to_actor+0x760/0x760 [ 132.175122] ? security_file_permission+0x88/0x1e0 [ 132.180049] do_sendfile+0x493/0xb20 [ 132.183759] ? do_compat_pwritev64+0x170/0x170 [ 132.188333] ? __might_fault+0x177/0x1b0 [ 132.192391] SyS_sendfile64+0xab/0x140 [ 132.196276] ? SyS_sendfile+0x150/0x150 [ 132.200232] ? SyS_sendfile+0x150/0x150 [ 132.204185] do_syscall_64+0x19b/0x520 [ 132.208061] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 132.213233] RIP: 0033:0x4598e9 [ 132.216405] RSP: 002b:00007f44a0f55c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 132.224108] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 132.231376] RDX: 0000000020d83ff8 RSI: 0000000000000009 RDI: 0000000000000007 [ 132.238626] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 132.245877] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f44a0f566d4 [ 132.253141] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff [ 132.260398] Code: 24 08 48 0f 44 d8 e8 24 4d de fe 48 85 ed 0f 84 7e 03 00 00 e8 16 4d de fe 48 8d 7b 78 8b ac 24 c8 00 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 15 11 00 00 2b 6b 78 85 [ 132.279492] RIP: do_tcp_sendpages+0x33c/0x1780 RSP: ffff8881c58b76a8 [ 132.288208] ---[ end trace 091120140b4dd6f5 ]--- [ 132.293631] Kernel panic - not syncing: Fatal exception [ 132.299713] Kernel Offset: 0xc000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 132.310525] Rebooting in 86400 seconds..