[ 11.197852] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.674747] random: sshd: uninitialized urandom read (32 bytes read) [ 29.191753] audit: type=1400 audit(1568671254.583:6): avc: denied { map } for pid=1770 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.234550] random: sshd: uninitialized urandom read (32 bytes read) [ 29.793398] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. [ 35.376925] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/16 22:01:00 fuzzer started [ 35.470482] audit: type=1400 audit(1568671260.863:7): avc: denied { map } for pid=1785 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 36.205758] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/16 22:01:02 dialing manager at 10.128.0.26:45495 2019/09/16 22:01:02 syscalls: 1347 2019/09/16 22:01:02 code coverage: enabled 2019/09/16 22:01:02 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/16 22:01:02 extra coverage: extra coverage is not supported by the kernel 2019/09/16 22:01:02 setuid sandbox: enabled 2019/09/16 22:01:02 namespace sandbox: enabled 2019/09/16 22:01:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/16 22:01:02 fault injection: CONFIG_FAULT_INJECTION is not enabled 2019/09/16 22:01:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/16 22:01:02 net packet injection: enabled 2019/09/16 22:01:02 net device setup: enabled [ 38.508875] random: crng init done 22:02:03 executing program 5: syz_emit_ethernet(0x4e, &(0x7f0000000080)={@broadcast, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "e30600", 0x18, 0x40000000003a, 0x43ff, @ipv4={[], [], @broadcast}, @local, {[], @icmpv6=@mld={0x87, 0x0, 0x0, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffff0a000000}}}}}}}, 0x0) 22:02:03 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="11dca5055e0bcfe47bf070") clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x669, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000002940)='\'\xc4\'\v\xec\xe4\t\xc5r\x12-\x90\xda\x9a\x94\x02\xec\xea\x10\x90\x03\xcb\xf8\x1b6\xa5t\xd6\xd3\x93\xd3\xdf\x85P\x19G7Q\v\xdcHv\x03Qa\xf3\xd4\xfc(\x83\xfb\xf8C\xf6\x8a$\xb1\x90\xeb\'~\xa0\xd8\xc8\xe8\x94#\xcd\xd5Kp\xbf\xc0\x8d7\x1b?A(\xe8^\x9c\xff\x0f\x1ck\xbc\x95\x05\xcd\x17\xf7\x15o\xd4\xdc4\x84uw\xa6w\x0f\xea`1\xec\xb4\x04\xd5\r\x8d\xde\x1f]\x15\xe5\xe8\xd00\xe5\x8d\x9c\x9ec+\x02\x1d\xffa5\x94\xab\xddNe\xfe\x8c\xc4q\xbb#f\xc1\xb9\x81W\xa4$)!\v\x9b\xa7\b\x91\xe5\xeb\x88\x1c\x0f\xb2.Tr\xe4\x99\x9e\x03\xb4\xd2\xf9KW\xce\xd1cC\xd5\xcf\x97\xa9\xeab\xda\xd6:\xa91q\xf7\xc5\xc0C\xd1\'\x89\xee\x84T:\x88x\xe2\x83\xf2r\xf4&t@\x9e\xa4qf\xdf\xf4\xb5\x01\\a\x85\xd3\xe0\xb7\n\xe7\xed\x84Q\xd7s\xcd4B\xcbQ\xa4\x9f[\x99\xdfJ%\xa8\xfc\xe3`\xc1JA\xc9\xbc\xd4~}\xce\xe8\xfejH\x8fb\xdd\xbcJ\vk\'\xe7Q\xfd\xaaA`\xb5\xa1\xe4\xf8\x9eG\xcfb\xe8@\x04\xe1\xf8\xacU)(S\xed\xffA\xfaqt\xb6-\x9b5\xf6\x1e\x13$e\n\xc7\x9b\xb0X\xb6\xd4\t\x99^^\xc2>J\x16\xd0\x8c\xecy*\xa0\a\xe9Ar\xa6\xb4n9j\xe5\xba\x8a\n\xce2\xcf_\x1b.t)\x8d09A[-\xf6\xe7\xe8\x1f\x92>\xb8\xd4>-\xacY\x9e\x88\x96\xa7\xfa\xdaoL\xa6\xec\xe8\xd5\xbfaf\xd7\xfc\x03\x91w)\xcd\x1f\xbe\xc9R\xcfz\x03\xec\br\x83\x8bM-\xf8X\xfd\"\xb4RV\x7f\xda\xd3\xd4h\x1c\xdb\xbe\xa4U\xec\xcd\'\xbc\xd22\x85{,\xe6-,6\x9d\x85\xb4fL\b\x98\xe9@\xee\xc2.\xb3\xd6w\x10\x94\xb5%D\xe8\r\xfe\x98G\x82\fx,\xa2J\x12\x03ec\xd5e-\x1f6\xe7\xb6\xd9\xcf0J\xed\xb7\x9b\xfd\xfc\x00EQ\x1f\x00D\xc95\xdeG +\x1bp\xf4\t\x94\x87\xf1ZbO\xa6\xe9\f`u\xda\xb3\x1d\xf9\x94\x80\xc1\x17\xde(_\xa7\xe7\x11\x9a\xac\x8c\xb1\xd71\xc5\xe9\xd3n\xc2\xa4\x98P\x9aF\xc2\x93\xad@\xa9h\x96\x1b]2\x88\xf3\xd8\xc798\x8c\x9f\xd4W4\xf1}\aD\xa0\xd8\xda\xf4\x1bEx(t|\xf4Y\xfaJ\xc2GS\xc9R\xb5\xda\xa8\x9b\xaa\x01\xe2~\xd8f.#\x94\xbf\x85z\xbf\xa0x62L\x1f\x91\xd2\x1e%\x88\x1f\f\xabb\x8ds\x93\x9e\xed\xd2\xdb\x02\x0e\xcf\xf5\xaf\xc8>+\x03e\xb7\xba\xb9}\xca\xfc\xe8\xed\x9b\xa2\x9ey\bMv\x8f\x8a8\xfd;\x9a5J\xee\x9a\xae\x83>$\x8a6\x05P\x8c\x05\xb8\r\xcf\xdd\x15/\xa9\xa1\xd4\x87{\xc9I4\xe3 i\xa4\xc5\xe5l\x03?\xfdM&\xc0a9}h\x8ef\x10!\xf0\x99\x80\xb72\xcc\x06\'+\xf0\xa1\a\xeeSGH\x12\x068S7s\xd3\xdaT\"\xa9jk\xed\xa2IyM\xa3&t\xfeA\xa9\"\xb4\xec\xdex\x00\x80`p\x91\x84\xbfK\xb6\x00\xa7\xa2\x06\xce\xc8X\x7f\xd1@\xf1\xcf\xdf\xae\xdb\r\xf6h\xdf\xc6+\xac\r\x9f\xc2D\xdf\xd6\xde`\xa4\xd1=\x1b\x8d\xf4\xbe#\tH\x06;a(`\xdcw\x1dc_\v\x046j\xf9`\r\xc0\a\x8d\x12:l\xc7j3E\xd7\xcaX\x97\xad\x93\xea\x99\xca\xd7m\xb8\x1e1\xb6Nz\"U/\x0eP\b=\x01W\xcd\xf1x\x85\xf4&\xe7\xf9W\x06\xa4\xf8&\xbc\xf4\xd0\xd2\xd1W\xee\x9a\xdd\xdbu\x0e\x9aV\xe2\xc5\x84`Bu\x12\xa8/=\x17\xc4F\x11\xdfm-)\xd9hc\xba\xb7\x91\xd9\x11\x9a,\x19\xf4]\xa7Y@B\x1f') openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) ioctl$int_in(0xffffffffffffffff, 0x35c1412875eec207, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b00)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xedJ\x16\xd0\x8c\xecy*\xa0\a\xe9Ar\xa6\xb4n9j\xe5\xba\x8a\n\xce2\xcf_\x1b.t)\x8d09A[-\xf6\xe7\xe8\x1f\x92>\xb8\xd4>-\xacY\x9e\x88\x96\xa7\xfa\xdaoL\xa6\xec\xe8\xd5\xbfaf\xd7\xfc\x03\x91w)\xcd\x1f\xbe\xc9R\xcfz\x03\xec\br\x83\x8bM-\xf8X\xfd\"\xb4RV\x7f\xda\xd3\xd4h\x1c\xdb\xbe\xa4U\xec\xcd\'\xbc\xd22\x85{,\xe6-,6\x9d\x85\xb4fL\b\x98\xe9@\xee\xc2.\xb3\xd6w\x10\x94\xb5%D\xe8\r\xfe\x98G\x82\fx,\xa2J\x12\x03ec\xd5e-\x1f6\xe7\xb6\xd9\xcf0J\xed\xb7\x9b\xfd\xfc\x00EQ\x1f\x00D\xc95\xdeG +\x1bp\xf4\t\x94\x87\xf1ZbO\xa6\xe9\f`u\xda\xb3\x1d\xf9\x94\x80\xc1\x17\xde(_\xa7\xe7\x11\x9a\xac\x8c\xb1\xd71\xc5\xe9\xd3n\xc2\xa4\x98P\x9aF\xc2\x93\xad@\xa9h\x96\x1b]2\x88\xf3\xd8\xc798\x8c\x9f\xd4W4\xf1}\aD\xa0\xd8\xda\xf4\x1bEx(t|\xf4Y\xfaJ\xc2GS\xc9R\xb5\xda\xa8\x9b\xaa\x01\xe2~\xd8f.#\x94\xbf\x85z\xbf\xa0x62L\x1f\x91\xd2\x1e%\x88\x1f\f\xabb\x8ds\x93\x9e\xed\xd2\xdb\x02\x0e\xcf\xf5\xaf\xc8>+\x03e\xb7\xba\xb9}\xca\xfc\xe8\xed\x9b\xa2\x9ey\bMv\x8f\x8a8\xfd;\x9a5J\xee\x9a\xae\x83>$\x8a6\x05P\x8c\x05\xb8\r\xcf\xdd\x15/\xa9\xa1\xd4\x87{\xc9I4\xe3 i\xa4\xc5\xe5l\x03?\xfdM&\xc0a9}h\x8ef\x10!\xf0\x99\x80\xb72\xcc\x06\'+\xf0\xa1\a\xeeSGH\x12\x068S7s\xd3\xdaT\"\xa9jk\xed\xa2IyM\xa3&t\xfeA\xa9\"\xb4\xec\xdex\x00\x80`p\x91\x84\xbfK\xb6\x00\xa7\xa2\x06\xce\xc8X\x7f\xd1@\xf1\xcf\xdf\xae\xdb\r\xf6h\xdf\xc6+\xac\r\x9f\xc2D\xdf\xd6\xde`\xa4\xd1=\x1b\x8d\xf4\xbe#\tH\x06;a(`\xdcw\x1dc_\v\x046j\xf9`\r\xc0\a\x8d\x12:l\xc7j3E\xd7\xcaX\x97\xad\x93\xea\x99\xca\xd7m\xb8\x1e1\xb6Nz\"U/\x0eP\b=\x01W\xcd\xf1x\x85\xf4&\xe7\xf9W\x06\xa4\xf8&\xbc\xf4\xd0\xd2\xd1W\xee\x9a\xdd\xdbu\x0e\x9aV\xe2\xc5\x84`Bu\x12\xa8/=\x17\xc4F\x11\xdfm-)\xd9hc\xba\xb7\x91\xd9\x11\x9a,\x19\xf4]\xa7Y@B\x1f') openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getegid() sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) 22:02:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="11dca5055e0bcfe47bf070") accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x8000, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f0000000d00)="e911ae3867dd39d67f1080296a5802411ea73c4d3e33ce5bcc0d183961d938b9619c848c7ebd2700e7c5830ad8dc74b6ceac60c5268300454ba6dd016996b7fcd0eb5d17157bf7d8cbf3e47d463b707d1b484495a1d695299d53baacf32e673e28dafdf5580c65c12137045c1179c54e5f8ab35e202f1bb04cf68d52f2b7259a90eaf0157af7236025eae7c29d4d2040f5c12e1619f9c0965bad1fd6175e734967d7ba6e25d06814bf09b6610545f16d74c24f5d74096dab8554ddc2355963fb192407527b7524e996ddaabe466c47201609f4fb4af56eb262d9e4d48cf0bd077497856b92f7e85c99fb708f580a0c95b4d945eedb59d210bb002dafac7545f194a3b7c1e49f51fc88e99d5cab4ea94849ac51537af16e57f595e0e53d4f17cc14c2f532a9d0eb55261779317d8db84ea0017c8fc7ad5155156600b06e52c0f2f1078d4d79c75378b848221ec98cd5e895f4a40ee82bf618e222ee6cb1ac82ada1010cf6140922f1c092e75bdfdcb9c5f8ee7ecf1741ed2dc2adb7ec06d00c9f4c1262d7708963186572bfa99688b6df6be8e1febb7cd4e62c6e20b5bae9ad979032cf4a1751844ae0e3e9b5bd160e581a6bdfa103e663c3dfcad4bf89403b1b3df1ac670f3bc26a42d6162bdba6d519f143b213a546b5b7e7bf9813b223239959876c0f6b254de1284c7dc1e8ae06f31dfa5a1d9190182f82af0dff4628ee246e42a35793b4c17a37f978cbf81d5fc5c174a4d9a7f2da80252b0897c16a29cc349000de7f196a4769c82147c3451ca0f75f137ad2b58b6c4cd10b9a22f4ca4a2450869b64d69f6451a0250718d1753e4b7240e56050638e60b28befc4b533bef9442c0cec220e7529624b59c4b3eea154de4f4b2ae265eefed9cc483418951a627d7afc8d3e41d5f345b790c97b86db4cacd7885a71cfaebf427429404d8586cac800f67ab2559fda10eb66f02b67c8dfd4c77120ad7b219d9b8fdde324543733186138ae69a884fbe427e6384f8e9ba5f150cd962aeb0f61d02809e300416603e2582d0ac9a7dba1cf813560d264185a879e86092cbca98f472294205cf86ecad86880edfaa4d73839101245389562e7bd9f1861005f47ce15bbad255c1879e9c9c61f4fccdb714ad3edcccc214d9dad38804c91377dcaa572bb112567bc6063a52f897f236a3e62f436e75b657e4fd27c5ec309e103332584b14deb77fd0e363d6efe7d6b4a97a7fe5b79030a0a4888a8dc8002634911f91b16388c05780a49d5ec66361bde0c41aade94573bf4f626e2896d78e3dafa5050ade987f7e1613db515351b7b6fd7e82e70ca37c1c87d9d1373d809c9ebcbdb7a439e3cb484f66fb99ce94d25b1e778799c976b31b2d02db645efdaad08c8c156f94251822079be9199dfac4ee4e014aadfb0d34ac1843b1f0d69f44b2ad2b5d88e769d8c78fddfaa2fb513d9aa7a6c6650bd84a20df99a538153d2549425ae53236ba21de4419754fa750abc9cdc6c660483c330f6e39c7327a2e4c84338f67021cff5189e0e855c3f746a8c919a5c358aea94d474bca78b9353f8c1c7c1d117b6b11e55dd4948efdc23847e85dddb185f3272178095d0a1673a320d6b2816c168a3e2cc2b510bcdc47c786176c4e3aea682845d10122d3ea0378b86a27971184a43e5f761fc0ef857c7b9ea24bf5ba1b33c493982d025f3e8d42e5fa77cc40a3ce6f4990d22425101142ce81936f6bedf319d1580cc2b874fb74ccaa0ae74b7ba728ab1e9439aa93d203b878491223225a80294f649ba0b1620aa754edb5bc6ff7f8ae43628756787d648c9129bf36253b013381c55e004ff66e82b3be229d50fd4b968c9f331e9e21cf9c4a461bbd93f33cc7245ee2497956178ec15c9e7350ddf2592b22c446ed740fd6c66c942222dcb5e3d3b332fe255ad3e43f5128756da6223cde58702df21f53bb661e022d277fd7f34108b6ea407550d4d44a52ca7f3d0904301cf99d92da8115b99b6fc048e35c43069d98a8c1a56b4f52b1c369ebfcce941000000", 0x5a1, 0x400c000, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000000000)="8650f77769735150c7eaaa9e", 0xc, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0x0) 22:02:03 executing program 2: r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) r1 = gettid() clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0)='bpf\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2c63536e7465d2f4894ed7ebd5b842aa0cf843ef787e3d73ed1c61666d5f752c726f6f74636f6e746578743d0b80c5bc8cb94a06a189f2abe9baad92710e63446e4f83b42ba914df0dfc0e8c50d902cca9a98af6082369df1f528d24b768327854bc03a8247ead78facadab7d6c0011a86fce129621eb651f2197891b7f2f9d3f9c07cdb5ffc0f812fdbdacccb74"]) ptrace(0x10, r1) wait4(0x0, 0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000000240)) getgroups(0x6, &(0x7f0000000780)=[0xffffffffffffffff, 0x0, 0xee01, 0xffffffffffffffff, 0x0, 0xee00]) getgid() lstat(0x0, &(0x7f00000009c0)) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00'}) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, 0x0, 0x0) 22:02:03 executing program 4: clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x333, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000400bfa30000000000000703000000fe380d7a0af0fff8ffffff79a4f0ff00000000b7060000000000812d6405000000000025040400010000001704000001000a40b7040000000100006a0a00fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)="7db98a90a6ac6f6e") [ 97.886770] audit: type=1400 audit(1568671323.273:8): avc: denied { map } for pid=1785 comm="syz-fuzzer" path="/root/syzkaller-shm542053254" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 97.926289] audit: type=1400 audit(1568671323.283:9): avc: denied { map } for pid=1836 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 22:02:05 executing program 5: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x39) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) wait4(r1, &(0x7f0000000000), 0x1000000, &(0x7f0000000240)) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3d2b93c929e00cd80"], 0x9}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRESHEX, @ANYRESHEX, @ANYBLOB="e6c55c669eb82eec510100019b3d7280437a7462010000000000000029a741efca44f937d0492482ba83"], 0x0, 0x4e}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 22:02:05 executing program 5: setrlimit(0x40000000000008, &(0x7f0000000000)) capset(&(0x7f0000a31000)={0x19980330}, &(0x7f00009b3000)) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_netdev_private(r0, 0x89f0, &(0x7f0000000100)="a333298725ae575d6b9f0fc5405f2f") ioctl$void(r0, 0xc0045878) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$KDSKBLED(r1, 0x4b65, 0x8000) socket$inet_udp(0x2, 0x2, 0x0) 22:02:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000001) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in6=@empty, 0x3, 0xff}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0x1}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffd8) [ 100.039964] capability: warning: `syz-executor.5' uses 32-bit capabilities (legacy support in use) [ 100.170361] hrtimer: interrupt took 24816 ns 22:02:05 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0, 0xffffffd0}, {0x0, 0x199}, {&(0x7f0000000240)=ANY=[], 0x12a}], 0x100000000000021b, 0x0, 0xfffffffffffffedb}, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x1c, 0x4) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x31) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) sched_setparam(r1, &(0x7f0000000080)=0x1ff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e62cfe47bf070") ptrace$cont(0x7, r1, 0x0, 0x0) 22:02:05 executing program 5: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, &(0x7f0000000040)}}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="d3d2cd80"], 0x4}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYRES32], 0x0, 0x16}, 0x20) tkill(r0, 0x3b) openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0xa7, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x5, 0x3}, 0x0, 0x0, &(0x7f0000000240)={0x5, 0x9, 0x6, 0x1}, &(0x7f0000000280)=0xb278, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=0x8}}, 0x10) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 22:02:05 executing program 5: 22:02:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r2, &(0x7f0000000040), 0x1c) r3 = dup2(r2, r2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x132224) setsockopt$inet6_buf(r3, 0x29, 0x32, 0x0, 0x3da) fcntl$setstatus(r3, 0x4, 0x42808) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000010}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x78, r4, 0xe7bca8fd8f549613, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xffffffffffffff80}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bcsf0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xffff}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4}]}]}, 0x78}, 0x1, 0x0, 0x0, 0xc0}, 0x20000080) ioctl$TCSETSF(r1, 0x5411, 0x0) [ 100.751131] audit: type=1400 audit(1568671326.143:10): avc: denied { create } for pid=2687 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 100.811461] audit: type=1400 audit(1568671326.143:11): avc: denied { write } for pid=2687 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 100.858365] audit: type=1400 audit(1568671326.143:12): avc: denied { read } for pid=2687 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 101.773356] audit: type=1400 audit(1568671327.163:13): avc: denied { prog_load } for pid=2786 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 102.154920] SELinux: unknown mount option [ 102.163400] SELinux: unknown mount option 22:02:07 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rtc\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00002486c0ea28d633d9be1d8b4a617ec329070e98a377389903b978f55932f6ca9d1490a8f05eafc880b233386d79820c9d919e0eed8002bef3df9d3e12b3fbf2adb33dffc18b9c4b6e8a0d8c832f0d80be06e22afb965a398e18a582bd16561752de8c9045526bb227a803c48932293aed2ccd141a79918b5a50436d957704fc68fde560976348264be1255416dcb755d64f19d9c5f9938962119a9ced3d070522c62b87b8ec7c947988b9a85b0b14855154d4f090d3e3db0f25c1db681d717cb566469529bdf8bbdd485521d1fb78497e6256d186fd2f887fab5ffc4f22867a000000000000", @ANYRES16=r1, @ANYBLOB="000427bd7000fbdbdf25110000000800040001000000300003001400020053797a6b616c2efec26d23326c65723100000000000008000100010000000800040002000000080005007f00000134000200080007004d00000008000900080000000800040000000100080007002cf80000080002004e2200000800090007000000240002000800050002000000080007000002000008000e004e210000080002004e21000008000400df050000080005000080000050000200080002004e230000080009005f0edd2997b78a6765a300000000018000004e24000014000100e000000100000000000000000008000400ff0700e3859d2a7286eb0f580a05495b6351db000800"], 0x104}, 0x1, 0x0, 0x0, 0x2004c800}, 0x40000) ioctl$RTC_AIE_ON(r0, 0x7001) 22:02:07 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000002180)=0x100, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000500)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000100)={0x11, 0x800, r2, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x100, 0x4) sendto$inet6(r0, &(0x7f0000000000)="0204030073bb600000000000fff55b42d4b2eff5dd335c6ac855cfe757489ca44b0000001af8792dfbf56bf1", 0x2c, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r3, &(0x7f0000000040), 0x1c) r4 = dup2(r3, r3) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000440), 0x132224) setsockopt$inet6_buf(r4, 0x29, 0x32, 0x0, 0x3da) fcntl$setstatus(r4, 0x4, 0x42808) write$apparmor_exec(r4, &(0x7f0000000080)={'stack ', 'syz_tun\x00'}, 0xe) 22:02:07 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) setsockopt$inet6_buf(r1, 0x29, 0x32, 0x0, 0x3da) fcntl$setstatus(r1, 0x4, 0x42808) ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000100)={0x7, 0xfffffffffffffffe, 0xfffffffffffffff9, 0x7fff, 0x44e, 0xc7}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000680)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sR/\xd3g\xad\"\xe8U0%\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\x8bK$\xd7\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22, 0x20, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x99a}, 0x1c) prctl$PR_SET_MM(0x23, 0x3, &(0x7f00002d6000/0x1000)=nil) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@ipv4={[], [], @broadcast}, @in=@broadcast}}, {{@in6=@loopback}, 0x0, @in=@local}}, 0x0) fstat(r0, &(0x7f0000000ac0)) 22:02:10 executing program 5: syz_open_dev$sndtimer(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$P9_RSTATFS(0xffffffffffffffff, &(0x7f0000000340)={0x43, 0x9, 0x0, {0x0, 0x40, 0x0, 0x8000, 0x0, 0x7, 0x102}}, 0x43) sendmsg(0xffffffffffffffff, 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00fb389763355ec18966d358049a4aafebd54939ae42f4b4f0ce363092b619c2c309a060111ba358466086d514bba43e88"], 0x1, 0x1) socket$inet(0x10, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000100)=0xc) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000400)='hugetlb.2MB.failcnt\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) inotify_add_watch(r0, &(0x7f0000000280)='./file0\x00', 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x27) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) sendto$inet(r1, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x652b, 0xc, 0x0, 0x27) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0xb55) poll(&(0x7f00000001c0)=[{0xffffffffffffffff, 0x2000}, {r1, 0x404}, {r2}, {0xffffffffffffffff, 0x100}], 0x4, 0xd3e) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ftruncate(r3, 0x3) 22:02:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="11dca5055e0bcfe47bf070") accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x8000, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f0000000d00)="e911ae3867dd39d67f1080296a5802411ea73c4d3e33ce5bcc0d183961d938b9619c848c7ebd2700e7c5830ad8dc74b6ceac60c5268300454ba6dd016996b7fcd0eb5d17157bf7d8cbf3e47d463b707d1b484495a1d695299d53baacf32e673e28dafdf5580c65c12137045c1179c54e5f8ab35e202f1bb04cf68d52f2b7259a90eaf0157af7236025eae7c29d4d2040f5c12e1619f9c0965bad1fd6175e734967d7ba6e25d06814bf09b6610545f16d74c24f5d74096dab8554ddc2355963fb192407527b7524e996ddaabe466c47201609f4fb4af56eb262d9e4d48cf0bd077497856b92f7e85c99fb708f580a0c95b4d945eedb59d210bb002dafac7545f194a3b7c1e49f51fc88e99d5cab4ea94849ac51537af16e57f595e0e53d4f17cc14c2f532a9d0eb55261779317d8db84ea0017c8fc7ad5155156600b06e52c0f2f1078d4d79c75378b848221ec98cd5e895f4a40ee82bf618e222ee6cb1ac82ada1010cf6140922f1c092e75bdfdcb9c5f8ee7ecf1741ed2dc2adb7ec06d00c9f4c1262d7708963186572bfa99688b6df6be8e1febb7cd4e62c6e20b5bae9ad979032cf4a1751844ae0e3e9b5bd160e581a6bdfa103e663c3dfcad4bf89403b1b3df1ac670f3bc26a42d6162bdba6d519f143b213a546b5b7e7bf9813b223239959876c0f6b254de1284c7dc1e8ae06f31dfa5a1d9190182f82af0dff4628ee246e42a35793b4c17a37f978cbf81d5fc5c174a4d9a7f2da80252b0897c16a29cc349000de7f196a4769c82147c3451ca0f75f137ad2b58b6c4cd10b9a22f4ca4a2450869b64d69f6451a0250718d1753e4b7240e56050638e60b28befc4b533bef9442c0cec220e7529624b59c4b3eea154de4f4b2ae265eefed9cc483418951a627d7afc8d3e41d5f345b790c97b86db4cacd7885a71cfaebf427429404d8586cac800f67ab2559fda10eb66f02b67c8dfd4c77120ad7b219d9b8fdde324543733186138ae69a884fbe427e6384f8e9ba5f150cd962aeb0f61d02809e300416603e2582d0ac9a7dba1cf813560d264185a879e86092cbca98f472294205cf86ecad86880edfaa4d73839101245389562e7bd9f1861005f47ce15bbad255c1879e9c9c61f4fccdb714ad3edcccc214d9dad38804c91377dcaa572bb112567bc6063a52f897f236a3e62f436e75b657e4fd27c5ec309e103332584b14deb77fd0e363d6efe7d6b4a97a7fe5b79030a0a4888a8dc8002634911f91b16388c05780a49d5ec66361bde0c41aade94573bf4f626e2896d78e3dafa5050ade987f7e1613db515351b7b6fd7e82e70ca37c1c87d9d1373d809c9ebcbdb7a439e3cb484f66fb99ce94d25b1e778799c976b31b2d02db645efdaad08c8c156f94251822079be9199dfac4ee4e014aadfb0d34ac1843b1f0d69f44b2ad2b5d88e769d8c78fddfaa2fb513d9aa7a6c6650bd84a20df99a538153d2549425ae53236ba21de4419754fa750abc9cdc6c660483c330f6e39c7327a2e4c84338f67021cff5189e0e855c3f746a8c919a5c358aea94d474bca78b9353f8c1c7c1d117b6b11e55dd4948efdc23847e85dddb185f3272178095d0a1673a320d6b2816c168a3e2cc2b510bcdc47c786176c4e3aea682845d10122d3ea0378b86a27971184a43e5f761fc0ef857c7b9ea24bf5ba1b33c493982d025f3e8d42e5fa77cc40a3ce6f4990d22425101142ce81936f6bedf319d1580cc2b874fb74ccaa0ae74b7ba728ab1e9439aa93d203b878491223225a80294f649ba0b1620aa754edb5bc6ff7f8ae43628756787d648c9129bf36253b013381c55e004ff66e82b3be229d50fd4b968c9f331e9e21cf9c4a461bbd93f33cc7245ee2497956178ec15c9e7350ddf2592b22c446ed740fd6c66c942222dcb5e3d3b332fe255ad3e43f5128756da6223cde58702df21f53bb661e022d277fd7f34108b6ea407550d4d44a52ca7f3d0904301cf99d92da8115b99b6fc048e35c43069d98a8c1a56b4f52b1c369ebfcce941000000", 0x5a1, 0x400c000, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000000000)="8650f77769735150c7eaaa9e", 0xc, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0x0) [ 105.226729] SELinux: unknown mount option 22:02:10 executing program 1: r0 = gettid() r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x8000, 0x0) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000086c0)=[{{&(0x7f0000000440)=@generic, 0x80, &(0x7f0000001940)=[{&(0x7f00000004c0)=""/193, 0xc1}, {&(0x7f00000005c0)=""/17, 0x11}, {&(0x7f0000000700)=""/158, 0x9e}, {&(0x7f00000007c0)=""/54, 0x36}, {&(0x7f0000000800)=""/50, 0x32}, {&(0x7f0000000840)=""/166, 0xa6}, {&(0x7f0000000900)=""/11, 0xb}, {0x0}], 0x8, &(0x7f0000001a00)=""/73, 0x49}}, {{&(0x7f0000001a80)=@l2, 0x80, &(0x7f0000001dc0)=[{0x0}, {&(0x7f0000001c00)=""/11, 0xb}, {0x0}, {&(0x7f0000001c80)=""/177, 0xb1}, {&(0x7f0000001d40)=""/111, 0x6f}], 0x5, &(0x7f0000001e40)=""/44, 0x2c}, 0x6}, {{&(0x7f0000001e80)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, 0x80, &(0x7f0000003000)=[{&(0x7f0000001f00)=""/212, 0xd4}, {&(0x7f0000002000)=""/4096, 0x1000}], 0x2, &(0x7f0000003040)=""/130, 0x82}, 0xfffffffffffffffe}, {{&(0x7f0000003100)=@can={0x1d, 0x0}, 0x80, &(0x7f00000034c0)=[{0x0}, {&(0x7f0000003240)=""/85, 0x55}, {&(0x7f00000032c0)=""/218, 0xda}], 0x3}, 0x3ff}, {{&(0x7f0000003500)=@caif=@dgm, 0x80, &(0x7f0000003ac0)=[{&(0x7f0000003580)=""/84, 0x54}, {&(0x7f0000003600)=""/68, 0x44}, {&(0x7f0000003680)=""/187, 0xbb}, {0x0}, {&(0x7f0000003800)=""/63, 0x3f}, {&(0x7f00000038c0)=""/75, 0x4b}, {&(0x7f0000003940)=""/29, 0x1d}, {&(0x7f0000003980)=""/173, 0xad}], 0x8}, 0x4}, {{&(0x7f0000003c00)=@isdn, 0x80, &(0x7f0000007100)=[{&(0x7f0000003c80)=""/4096, 0x1000}, {0x0}, {0x0}, {&(0x7f0000005d40)=""/4096, 0x1000}, {&(0x7f0000006e40)=""/224, 0xe0}, {&(0x7f0000006f40)=""/216, 0xd8}, {&(0x7f0000007040)=""/171, 0xab}], 0x7}, 0x100000000}], 0x6, 0x40000002, &(0x7f00000088c0)) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000008900)={r3, 0x1, 0x6}, 0x10) bind$packet(r1, &(0x7f0000000040)={0x11, 0x10, r3, 0x1, 0x1, 0x6, @local}, 0x14) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="f95a0f34"], 0x4}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140), 0xc}], 0x100000000000005a}}], 0x1, 0x0) clone(0x20100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="7e499f5c5fd21dacb7b35ad2998aca50dedea299e5deb90bd622b9f4a177373afcbc3b5bf61816d9160b65cccc061c938047d9953b277929434509c7ecfe9659f8afccc983090dfe92f8ec65fcc8e262ebca23c7e811847e2477054fc0136e136f1c21122803ab2e3a7c209f2ad15cbf989a88b6f264c970c954c01b33dd9e31ea8a7dc73435827acff83babd2e943473102300841ecb2e78bd261b870452493a3426094b006c2694acba7374666ae1dd0b6e1bd8307f1220b4944f972b13c88dad7", @ANYBLOB="9f3388c5b87b558d8aedcbb605ebcfca9bb189d8f1e87738"], 0x0, 0xe1}, 0x20) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r0, 0x30) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 22:02:10 executing program 0: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x60) write$cgroup_type(r0, &(0x7f0000000200)='threaded\b', 0x175d900f) r1 = socket$inet6(0xa, 0x400200000001, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000600)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r3, &(0x7f0000000040), 0x1c) r4 = dup2(r3, r3) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000440), 0x132224) setsockopt$inet6_buf(r4, 0x29, 0x32, 0x0, 0x3da) fcntl$setstatus(r4, 0x4, 0x42808) ioctl$EVIOCGUNIQ(r4, 0x80404508, &(0x7f00000000c0)=""/127) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet_tcp_int(r2, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_int(r2, 0x6, 0x18, &(0x7f00000001c0), 0x4) r5 = open(&(0x7f00000034c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r5, 0x0, 0x8000fffffffb) [ 105.292369] kasan: CONFIG_KASAN_INLINE enabled [ 105.316501] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 105.327361] general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 105.334128] Modules linked in: [ 105.337317] CPU: 1 PID: 2862 Comm: syz-executor.4 Not tainted 4.14.144+ #0 [ 105.344323] task: 0000000051ebc5bd task.stack: 0000000016f6728e [ 105.350382] RIP: 0010:do_tcp_sendpages+0x33c/0x1780 [ 105.355386] RSP: 0018:ffff8881d45476a8 EFLAGS: 00010206 [ 105.360745] RAX: 000000000000000f RBX: 0000000000000000 RCX: 0000000000001212 [ 105.368007] RDX: ffffffff8252c8ea RSI: ffffc90002d1d000 RDI: 0000000000000078 [ 105.375275] RBP: 0000000000005580 R08: 0000000000000001 R09: 0000000000000001 [ 105.382535] R10: fffffbfff2c85ba5 R11: ffffffff9642dd2b R12: ffffea0006b0de80 [ 105.389796] R13: dffffc0000000000 R14: ffff88819df81600 R15: 0000000000028000 [ 105.397057] FS: 00007fad1c63e700(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000 [ 105.405272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.411146] CR2: 000000000179a010 CR3: 00000001c9a20001 CR4: 00000000001606a0 [ 105.418408] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 105.425673] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 105.432934] Call Trace: [ 105.435520] ? mem_cgroup_uncharge+0x140/0x140 [ 105.440100] ? sk_stream_alloc_skb+0x8a0/0x8a0 [ 105.444680] tcp_sendpage_locked+0x81/0x130 [ 105.449000] tcp_sendpage+0x3a/0x60 [ 105.452618] inet_sendpage+0x197/0x5d0 [ 105.456497] ? tcp_sendpage_locked+0x130/0x130 [ 105.461072] ? check_preemption_disabled+0x35/0x1f0 [ 105.466085] ? inet_getname+0x390/0x390 [ 105.470053] kernel_sendpage+0x84/0xd0 [ 105.473943] sock_sendpage+0x84/0xa0 [ 105.477654] pipe_to_sendpage+0x23d/0x300 [ 105.481795] ? kernel_sendpage+0xd0/0xd0 [ 105.485853] ? direct_splice_actor+0x160/0x160 [ 105.490438] ? splice_from_pipe_next.part.0+0x1e4/0x290 [ 105.495796] __splice_from_pipe+0x331/0x740 [ 105.500115] ? direct_splice_actor+0x160/0x160 [ 105.504695] ? direct_splice_actor+0x160/0x160 [ 105.509276] splice_from_pipe+0xd9/0x140 [ 105.513344] ? splice_shrink_spd+0xb0/0xb0 [ 105.517575] ? security_file_permission+0x88/0x1e0 [ 105.522504] ? splice_from_pipe+0x140/0x140 [ 105.526821] direct_splice_actor+0x118/0x160 [ 105.531230] splice_direct_to_actor+0x292/0x760 [ 105.535895] ? generic_pipe_buf_nosteal+0x10/0x10 [ 105.540736] ? do_splice_to+0x150/0x150 [ 105.544702] ? security_file_permission+0x88/0x1e0 [ 105.549631] do_splice_direct+0x177/0x240 [ 105.553776] ? splice_direct_to_actor+0x760/0x760 [ 105.558613] ? security_file_permission+0x88/0x1e0 [ 105.563539] do_sendfile+0x493/0xb20 [ 105.567255] ? do_compat_pwritev64+0x170/0x170 [ 105.571834] ? __might_fault+0x177/0x1b0 [ 105.575891] SyS_sendfile64+0xab/0x140 [ 105.579775] ? SyS_sendfile+0x150/0x150 [ 105.583745] ? key_put+0x1b/0x80 [ 105.587107] ? do_syscall_64+0x43/0x520 [ 105.591077] ? SyS_sendfile+0x150/0x150 [ 105.595044] do_syscall_64+0x19b/0x520 [ 105.598937] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 105.604115] RIP: 0033:0x4598e9 [ 105.607294] RSP: 002b:00007fad1c63dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 105.614993] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 105.622251] RDX: 00000000200000c0 RSI: 000000000000000a RDI: 0000000000000008 [ 105.629508] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 105.636753] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fad1c63e6d4 [ 105.643998] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff 22:02:11 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000080)="11dca50d5e0bcfe47bf07016cc2927bce4893b9a985cd187c05a0f9fbacff598fc2c4709a63e86b2df7e697fe22e523d") perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) getgid() sendmsg$unix(0xffffffffffffffff, 0x0, 0x20008000) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8004002, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000340)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) sendfile(r1, r1, 0x0, 0x8800000) r2 = gettid() fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x4, 0x9, 0x81, r2}) [ 105.651248] Code: 24 08 48 0f 44 d8 e8 24 4d de fe 48 85 ed 0f 84 7e 03 00 00 e8 16 4d de fe 48 8d 7b 78 8b ac 24 c8 00 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 15 11 00 00 2b 6b 78 85 [ 105.670329] RIP: do_tcp_sendpages+0x33c/0x1780 RSP: ffff8881d45476a8 [ 105.680816] ---[ end trace 4d09cd56167f6d6b ]--- [ 105.686703] Kernel panic - not syncing: Fatal exception [ 105.692694] Kernel Offset: 0x12c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 105.703650] Rebooting in 86400 seconds..