[   10.895282] random: sshd: uninitialized urandom read (32 bytes read)
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.915316] random: sshd: uninitialized urandom read (32 bytes read)
[   24.077927] audit: type=1400 audit(1568527107.394:6): avc:  denied  { map } for  pid=1764 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   24.124904] random: sshd: uninitialized urandom read (32 bytes read)
[   24.740165] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.69' (ECDSA) to the list of known hosts.
[   30.237245] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/15 05:58:33 fuzzer started
[   30.334829] audit: type=1400 audit(1568527113.654:7): avc:  denied  { map } for  pid=1773 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   30.886131] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/15 05:58:35 dialing manager at 10.128.0.26:37083
2019/09/15 05:58:35 syscalls: 1347
2019/09/15 05:58:35 code coverage: enabled
2019/09/15 05:58:35 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/09/15 05:58:35 extra coverage: extra coverage is not supported by the kernel
2019/09/15 05:58:35 setuid sandbox: enabled
2019/09/15 05:58:35 namespace sandbox: enabled
2019/09/15 05:58:35 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/15 05:58:35 fault injection: CONFIG_FAULT_INJECTION is not enabled
2019/09/15 05:58:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/15 05:58:35 net packet injection: enabled
2019/09/15 05:58:35 net device setup: enabled
[   33.240646] random: crng init done
05:59:39 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x49)
connect$inet6(r2, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5)
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
setsockopt$inet6_opts(r2, 0x29, 0x22, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x1)
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x10010000000035)
fcntl$setstatus(r2, 0x4, 0x2000)

05:59:39 executing program 1:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom\x00', 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000400)=ANY=[@ANYBLOB="06"])

05:59:39 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff})
prlimit64(0x0, 0x7, &(0x7f00000000c0), 0x0)
sendmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000100000001000000030000000300000081be2b9f8daa3b18e4e82f0a5f06733c44133be183a0191a5f19e74d7fd7425306ecfdae1f01bf7a8d88ff383a719ab875bb7fd47712537c55a6d31568615c1a5ebfbb7a8ca29ea2dc469f66080ece5905c8e2d30d2bf771d0ed2d53e26e7d4751b86ab3ff02424fa25c6e276e15252a1aeb0956b43705cae3f36dda1894e842e293181fdaa033ce007d30675c34bfe82bbc5b998fe35c73799ae195251167f87ff86b1ce20632140cbe446ce4cf64cb46b05a38c0d7d366993729abf46e8741c398e3742a5cc307410a14dc35b7f6419660954f0eb47426227f3a5b0dcec9"], 0x18}, 0x0)

05:59:39 executing program 2:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x9, 0x0, 0x13, 0x2}, 0x10}}, 0x0)

05:59:39 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a0000200000000001003bae", 0x1c)
recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x173)

05:59:39 executing program 4:
syz_open_dev$evdev(0x0, 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00<s\x8c\')tU\x19\x9a)S\xa7b\xce\xd8\xde\x95\xf6\xc3\\n\xc1\xa2)o\xee\x97\xdf\xe9\xf3\xfdJ\xe8`7iY\x86~\xd8\xecy\xc00.\x90\xfc\xac\xa0\xb8\x1d\x1a\x7f\xec\xea\np\xb4\xd5l\xb5\xc3\xc7w%\x16a~]P\x04\xc7 \xf7\x92\x8b\x8f\x9d&\\\xf9\xa3\x96G<\xd4\x80\x16/\x81\xe7(\x8b\xde9]\xaf\xbc\xb0\r}Ne\xfaX\xb0\x8a\xbd\x1d\xfc\xd4\x91\x95\x00\v\x14a0_\xd9\x1f\xc7\xb5\xc3FS\x16\x03~\xbbc*\xa3\xab`\x06\xf0\xbc\xacJY\xe7\xb2\x8cw\xa4U.\xa4\xe2u\x1d!jVL}#O\t\xb2`\x0e\xe9\xc6*\xf7\xf8Uh\x8e\x01\xf1b\xf5;\x8a\x17\x9a\x0fq\x01\x91pSR\x82-H\n\x1fP\xb6*\xc9\xfd\x89\xb5\x7f\x87m\"\xaa\xce\xed\a\xf2\xfd<\x10\xb8\xcf\xfac\xcc\x0f\xd2\xdd\xcd#8\"\x8b\xf2\xccA\v\xdf\xf5\x8d\xa5-\x02\xaa|\xdd\xd0az\xc8,)\xedf\x89x>\a\x13', 0x275a, 0x0)

[   95.953112] audit: type=1400 audit(1568527179.274:8): avc:  denied  { map } for  pid=1830 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
05:59:42 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0xfffffffffffffffd}, 0x1c)
sendto$inet(r0, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)

05:59:42 executing program 1:
r0 = getpgrp(0x0)
prctl$PR_SET_PTRACER(0x59616d61, r0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ptrace$cont(0x18, r1, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfa})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

05:59:42 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
sendto(r0, &(0x7f00000002c0)="120000001200e7ef007b1a3fd800000000a3", 0x12, 0x0, 0x0, 0xffffffffffffff57)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x11, &(0x7f0000000380)=[{&(0x7f0000000200)=""/95, 0xac0}, {&(0x7f00000000c0)=""/85, 0x2f}, {&(0x7f0000000780)=""/4096, 0x1050}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000140)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x400000000000334, 0x6, &(0x7f0000003700)={0x77359400})

05:59:42 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000140)=0x2, 0x4)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x0, 0x0, 0x1000000}, 0x215)

05:59:42 executing program 1:
memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='Cpuacct.stE\xae\x00', 0x275a, 0x0)
r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000002)
read$eventfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
fallocate(r0, 0x4, 0x6, 0x2)
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
r2 = socket$inet6(0xa, 0x400000000001, 0x0)
r3 = dup(r2)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r2)
memfd_create(&(0x7f0000000200)='%.trustedeth0posix_acl_accessvboxnet0^em0posix_acl_access@\x00', 0x2)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
sendto$inet6(r3, &(0x7f00000005c0)="750e102a841c215d9b48342cc74df1656f36933a9ff12e9102bfb123e38418cd5c59c782afa4b1d93a5074c738d4b5121a9b165b7523253aaa728aef1174f37ba84ca947032e7793374b38c9363fc41b5271af977d1f76cbbda6dfbf341c7604521a250be454d91381645d34b9353edf2dae81d792dc12226151ac4700ac06dd11803598614c402438ace71359c6fc81cd7829086193a5964626e1ff7f78bccc4396bae55c4bfe1df3362af0d321bd990d24100180b86d1db8865e355a940efac5508206edd7c57993896bbc77fae32fdbcc31", 0xffffffffffffffe8, 0x40840, 0x0, 0x0)

05:59:42 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f0000000040)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0xf8)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)

05:59:44 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x61)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='illinois\x00', 0x9)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a)

05:59:44 executing program 1:
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27)
syz_open_procfs(0x0, 0x0)
lstat(0x0, &(0x7f00000005c0))
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)

05:59:44 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020700090200000000000000007a5b00"], 0x10}}, 0x0)
socket$inet6(0xa, 0x0, 0x0)

05:59:44 executing program 3:
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$selinux_enforce(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(r0, 0x0, 0x20002, 0x180)
getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f0000000340)={'HL\x00'}, 0x0)
pipe(&(0x7f0000001940))
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='attr/keycreate\x00')
readv(r1, &(0x7f0000000580), 0x3c1)
write(0xffffffffffffffff, 0x0, 0x0)
ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001a00)=[{0x0}, {0x0}], 0x2)
write$ppp(0xffffffffffffffff, 0x0, 0x0)

05:59:44 executing program 4:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
open(&(0x7f0000000940)='./file0\x00', 0x40, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, @perf_config_ext={0xffffffffffffffff}, 0x200000000, 0x80000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xfffffffffffffd7b)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='nfs\x00', 0x0, &(0x7f0000000000))

05:59:44 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070")
r1 = socket$packet(0x11, 0x3, 0x300)
poll(&(0x7f0000000080)=[{r1}], 0x1, 0xb7)

05:59:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_mount_image$ext4(&(0x7f0000000140)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000180)="25bca274769e620aa734fa0095e0612687463915e38802a9d8aea872943afd874e2f98b579a7186270146d0e0206e73ba8c63cd7dcc6760253ef7d590300be1b4c548bf0f8ab5b832b46ae69d9a5e6720d5da05064c96a040a54a3e47d0f0445533c21a2a991", 0x66, 0x400}], 0x0, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")

05:59:44 executing program 3:
memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='Cpuacct.stE\xae\x00', 0x275a, 0x0)
r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000002)
read$eventfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
fallocate(r0, 0x4, 0x6, 0x2)
r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
r4 = dup(r3)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r3)
memfd_create(&(0x7f0000000200)='%.trustedeth0posix_acl_accessvboxnet0^em0posix_acl_access@\x00', 0x2)
setsockopt$inet6_tcp_int(r4, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x80000000000, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ftruncate(r2, 0x800fe)
sendto$inet6(r4, &(0x7f00000005c0)="750e102a841c215d9b48342cc74df1656f36933a9ff12e9102bfb123e38418cd5c59c782afa4b1d93a5074c738d4b5121a9b165b7523253aaa728aef1174f37ba84ca947032e7793374b38c9363fc41b5271af977d1f76cbbda6dfbf341c7604521a250be454d91381645d34b9353edf2dae81d792dc12226151ac4700ac06dd11803598614c402438ace71359c6fc81cd7829086193a5964626e1ff7f78bccc4396bae55c4bfe1df3362af0d321bd990d24100180b86d1db8865e355a940efac5508206edd7c57993896bbc77fae32fdbcc31", 0xffffffffffffffe8, 0x40840, 0x0, 0x0)

[  101.310034] hrtimer: interrupt took 34694 ns
05:59:44 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000000a004e2100000007fe8000000000000000000000000000bbff0300000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000050000000a004e2100000edeff01000000000000000000000000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e3200000000fe8000000000000000000000000000bb00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e21000064490000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e24000000040000000000000000000000000000000107"], 0x1)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0)

[  101.332711] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
05:59:44 executing program 4:
r0 = syz_open_dev$loop(&(0x7f0000000580)='/dev/loop#\x00', 0x0, 0x2)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

05:59:44 executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x215)
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11012, r0, 0x0)

05:59:44 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000040)=ANY=[@ANYBLOB="b702000003070000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000f5067d60b7030000000000006a0a00fe18000000850000002b000000b70000000000000095000000000000000d7a28073a4102e4aeb54f36633e27c279341bf489903cfdb4c05e96e3046f04e77969be0634674d0942b66b249b3518598e7e290b39a6f2fc2a5e019bc6b45684f002cf57bf887e83fbb2215b8a34e6bdc4dc1ef6d3c6958da4bddac602e0048bec11e874602f060000002af21b75fe26aa5e85ae281993bfa213923bb755c1f1abd196407b4c8fabe27b2121a5f03dff9787dfd6e7608eb638e6fc4e0bc6bd5ff35928a5b5fa723028eb6ddd35ea79b92beeb52265a4b04ba50fd46a504116fb8ef84c2be021a6c9daf3f24ad7b965af8f522371c9a43c80ee6b397bea247e2d714090d43fe66bbf4f4ffe410bd701d0350f8dde2a20a0aeffb9843947c3bced2e00463d9c039bfdd58709e898c7ebad73fc48e73c75b505b852621ad19c854622f7c7d79ec3ab4494353b9f6b822211eb1aa48cfcaebb109382"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r0, 0x0, 0xe, 0x7e, &(0x7f0000000540)="b324226b91c89d060980dbbbb01b", &(0x7f00000002c0)=""/126}, 0x28)

05:59:44 executing program 2:
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x1)
write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0'}, 0xb)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0)

[  101.556857] audit: type=1400 audit(1568527184.874:9): avc:  denied  { prog_load } for  pid=2855 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  101.597089] usercopy: kernel memory exposure attempt detected from 'kmalloc-4096' (1809 bytes)
[  101.622628] ------------[ cut here ]------------
[  101.627439] kernel BUG at mm/usercopy.c:71!
[  101.639729] audit: type=1400 audit(1568527184.914:10): avc:  denied  { map } for  pid=2851 comm="syz-executor.0" path="socket:[8730]" dev="sockfs" ino=8730 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=packet_socket permissive=1
[  101.678088] invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  101.684022] Modules linked in:
[  101.687224] CPU: 1 PID: 2860 Comm: syz-executor.4 Not tainted 4.14.143+ #0
[  101.694234] task: 00000000904ead45 task.stack: 000000008e1bf636
[  101.700304] RIP: 0010:__check_object_size.cold+0x58/0x84
[  101.705749] RSP: 0018:ffff8881979dfbc0 EFLAGS: 00010286
[  101.711110] RAX: 0000000000000052 RBX: ffff888197a432fd RCX: 0000000000000000
[  101.718402] RDX: 0000000000000000 RSI: ffffc90004b5c000 RDI: ffffed1032f3bf6a
[  101.725669] RBP: 0000000000000711 R08: 0000000000000052 R09: ffffed103b764ce9
[  101.732935] R10: ffffed103b764ce8 R11: ffff8881dbb26747 R12: ffffffff95abd6a0
[  101.740202] R13: 0000000000000001 R14: ffffffff95abd660 R15: ffffea00065e9000
[  101.747476] FS:  00007ff22592d700(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000
[  101.755706] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  101.761589] CR2: 0000000020201000 CR3: 00000001d319a003 CR4: 00000000001606a0
[  101.769298] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  101.776572] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  101.783847] Call Trace:
[  101.786445]  bpf_test_finish.isra.0+0x99/0x160
[  101.791052]  ? bpf_test_run+0x340/0x340
[  101.795039]  bpf_prog_test_run_skb+0x528/0x8c0
[  101.799632]  ? bpf_test_init.isra.0+0xc0/0xc0
[  101.804131]  ? fput+0x19/0x150
[  101.807329]  ? bpf_test_init.isra.0+0xc0/0xc0
[  101.811821]  SyS_bpf+0xa3b/0x3830
[  101.815276]  ? __might_fault+0x177/0x1b0
[  101.819328]  ? bpf_prog_get+0x20/0x20
[  101.823124]  ? _copy_to_user+0x82/0xd0
[  101.827010]  ? put_timespec64+0xbe/0x110
[  101.831077]  ? SyS_clock_gettime+0x7d/0xe0
[  101.835304]  ? do_clock_gettime+0xd0/0xd0
[  101.839448]  ? do_syscall_64+0x43/0x520
[  101.843415]  ? bpf_prog_get+0x20/0x20
[  101.847224]  do_syscall_64+0x19b/0x520
[  101.851116]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  101.856320] RIP: 0033:0x4598e9
[  101.859504] RSP: 002b:00007ff22592cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  101.867209] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9
[  101.874481] RDX: 0000000000000028 RSI: 0000000020000380 RDI: 000000000000000a
[  101.881743] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  101.883020] audit: type=1400 audit(1568527184.914:11): avc:  denied  { prog_run } for  pid=2855 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  101.889006] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff22592d6d4
[  101.889012] R13: 00000000004bfc2b R14: 00000000004d1938 R15: 00000000ffffffff
[  101.889026] Code: c7 c2 a0 d6 ab 95 4c 0f 45 e2 e8 58 0c db ff 48 8b 04 24 49 89 e8 4c 89 f2 4c 89 e6 48 c7 c7 e0 d6 ab 95 48 89 c1 e8 47 31 cc ff <0f> 0b 48 c7 c0 20 d5 ab 95 eb a4 48 c7 c0 e0 d4 ab 95 eb 9b 48 
[  101.945113] RIP: __check_object_size.cold+0x58/0x84 RSP: ffff8881979dfbc0
[  101.952606] ---[ end trace 6832cf8b9016a990 ]---
[  101.957816] Kernel panic - not syncing: Fatal exception
[  101.963915] Kernel Offset: 0x12c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  101.974954] Rebooting in 86400 seconds..