[ 11.281614] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 52.258727] random: sshd: uninitialized urandom read (32 bytes read) [ 52.630970] audit: type=1400 audit(1568825464.937:6): avc: denied { map } for pid=1792 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 52.668493] random: sshd: uninitialized urandom read (32 bytes read) [ 53.240677] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.234' (ECDSA) to the list of known hosts. [ 59.138253] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/18 16:51:11 fuzzer started [ 59.232463] audit: type=1400 audit(1568825471.537:7): avc: denied { map } for pid=1801 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 59.707190] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/18 16:51:13 dialing manager at 10.128.0.26:38223 2019/09/18 16:51:13 syscalls: 1347 2019/09/18 16:51:13 code coverage: enabled 2019/09/18 16:51:13 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/18 16:51:13 extra coverage: extra coverage is not supported by the kernel 2019/09/18 16:51:13 setuid sandbox: enabled 2019/09/18 16:51:13 namespace sandbox: enabled 2019/09/18 16:51:13 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/18 16:51:13 fault injection: CONFIG_FAULT_INJECTION is not enabled 2019/09/18 16:51:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/18 16:51:13 net packet injection: enabled 2019/09/18 16:51:13 net device setup: enabled [ 62.301787] random: crng init done INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes 16:52:08 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x6) r1 = dup(r0) bind$unix(0xffffffffffffffff, 0x0, 0x0) getsockname$unix(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) getsockopt$inet_tcp_int(r1, 0x6, 0x12, &(0x7f0000000040), &(0x7f0000000080)=0x4) 16:52:08 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x2000203a, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000007c0)=""/246) write$ppp(r0, 0x0, 0x0) 16:52:08 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='+', 0x1}], 0x1}, 0xc100) recvmmsg(0xffffffffffffffff, &(0x7f0000004e00)=[{{0x0, 0x23d, &(0x7f0000001000)=[{0x0}, {0x0}, {0x0}, {0x0, 0x2ed}, {0x0}, {&(0x7f0000000e80)=""/5, 0x5}], 0x6}}], 0x1, 0x0, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000480)="a9772d9bea4824cc3854a62ffb84c4fb114d80fe462fd727b6f682cf0f9ccfe45f46ed18fc8af0505df86b4230370bfacd1f7266fae5859a3608357c69f51cfa473ef19a9dc2aeb43f9ed68acc034cf841229fbbe3f57130fe2ad707c56a92dbe64e59aa78e24db8e9b50597ab0024ca2564fbdb50e7b8cfa5c7028d556977ad6a90adf768a5ac0505ab07f8256368c6e71dd4b5a1c2e3c9946b610ab2b324099beb706b6a510c134ad18c928be3af6cf20e5016c9a050e35e30716e4913c882272bbfc8f0e1ee9c31484af6953e7d967640eff8accacee6daf3f98051a3ee281555a41340273dcb0bd8cc8cd549676f3ec23cbca42d4b76a178376eefb3da036d60cb88b5cb9c0ae0135be1d4f598c564fbe97ad4b691f59ba4063b898482d9cde4497009884d75b1965874e9c4d5a7cf8a640433c02acd340a98eff73e5948611184c7c60da3b233367d58aaf4e407e2e2c506b871fd822ec231389734d23a2aa5dc197831d8fee19361e5b99d0b51e5b1f0cadf296b91aa9477fa72879b4a3a3040777cf778cee1de32619701d71cb5316c7234a910b497b5f1b2cd2a0d39e92b6b92e091b470da2cec0e1b1fd3ce1a15d559b3733b97b2ddb1dd2aa73c9e03f189b8dd48c9093daddcd2c3fd0e1a9d16046d85c8934d2f9094aa5fa7b8ff061cb753dea2637ac2a8d523c9791ae454ea2e8cb10ce4a3ad8937ed583cd653bdb05b965e658f9c5f06a43bb1e61cfa4cb9be2cb4ef264d10f37e5292576bfdc97b2e1f8b692f0b64f76287e67805df914273677a9c39bd1e4f73d3c1afd99ad18a210caee42ab5c87969f6f99d7423dbb72d436ef3a3dead8eda03274d2e8e7f107eb04fdc3e36d6d4022dbc5c2fe388aaa3234950588ef56362708189826b98d3c9ed4dabcb33582a7e55327e82686aac973a5d0292afd7175a9c57b4fc1e5ba7cb0a34e35e50526d40bdb51a224e5b89e74e8752c1b39ab250b178adfab91c73c04d3c012b244cb7745dde4f716203ffcddaa096186ed0403b323c3aaa79aa4a0e6d1231ce99f83788ba0dc86da01cdad25816c26bf8e523b287d7ee83b5d0c55599ddbd202f743a1bc3d107a9c9610dc62537af48eecdd174ee4e796943250b81af0da28c57955aea149010ede13eb973dbe959500afe5e77b32ad5a11a353555b48eb7684596eadc481c291f185d0d47c639fa5bcb2dffe859a9d4a0e184a640e30f0afe83f2096faef9c0129289688a5267e0d2dadadd0f8cb13f35827f0337d2edf6220a244dd8c135563051f6fcd7fdad7879ff3ef01975938bc6e47aee745d4701cfc5e5546f05903bbcde0120ad847c32658c1384a6d8f188544df337a25f806051a346fb980a4e84fee06b0d367bc81161e96072b2e7e47999ac93437749d11864fa4c03a2d333135660aa17bd421623e6654eeae956e51a0157cb876db3e9cb324641d132cda7aabd9dcaa51f090c1955d20c2618466a0ea5acbaeac5a46e00b8869ca9a337eb5d9406592a790678a1f0bbe729054abb4810f4fdf50c517d4dd312b2d382412d45b9f60464c107c0735b16ceced73484f37cdcc8b9a4a62bc997bbd1d23b993fc5cfed9a43d2f4d335570e76715b020664bedb0db88816bc97ec37d13d64f604b71fc73f3c38954ae554e45997209afb0ff102dc170986e2d72e4178a7e6131308afa29ba732e251ebdf6254c0589752bfca3bef7fd0fc60ba683c6016b16234216bdcf8975bebafd8ee4606a96c1993d1f096b435fa84279344b914dec8e56566e103592a7ed44c63c8b5c18e01fa873032b1087622f225747339d38fa89e7008695ce0b3d6f505ab7ecdf99182ab7aa264d9108af35b0a373da18a8183f696dc70a8ac88c5663a866e89c7d7dbdf7296d63e5167978b38463ae9f36fe4121229e92cced04e", 0xffe4}], 0x1) 16:52:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./control\x00', 0x0) r1 = inotify_init1(0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0xa224930610d2bc7) gettid() fcntl$setown(r2, 0x8, 0x0) fcntl$setsig(r1, 0xa, 0x20) inotify_add_watch(r1, &(0x7f0000000180)='./control\x00', 0xa4000960) open(&(0x7f00003f5000)='./control\x00', 0x0, 0x0) 16:52:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{0x87}, {0x6, 0x0, 0x0, 0xffffffff7fffffff}]}) 16:52:08 executing program 4: setgroups(0x1000000, 0x0) [ 116.478295] audit: type=1400 audit(1568825528.777:8): avc: denied { map } for pid=1801 comm="syz-fuzzer" path="/root/syzkaller-shm403757805" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 116.507863] audit: type=1400 audit(1568825528.807:9): avc: denied { map } for pid=1848 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 16:52:11 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x2000203a, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000007c0)=""/246) write$ppp(r0, 0x0, 0x0) 16:52:11 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x2000203a, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000007c0)=""/246) write$ppp(r0, 0x0, 0x0) 16:52:11 executing program 0: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) setregid(0x0, 0x0) write$P9_RGETATTR(r0, 0x0, 0x0) 16:52:11 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x201f}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001fc0)={'ip_vti0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000002c0)={@dev, 0x71, r3}) dup2(r1, r2) 16:52:12 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, 0x0, 0x0) 16:52:12 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x2000203a, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000007c0)=""/246) write$ppp(r0, 0x0, 0x0) 16:52:12 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, 0x0) 16:52:12 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x2000203a, 0x0) write$ppp(r0, 0x0, 0x0) 16:52:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='+', 0x1}], 0x1}, 0xc100) recvmmsg(0xffffffffffffffff, &(0x7f0000004e00)=[{{0x0, 0x23d, &(0x7f0000001000)=[{0x0}, {0x0}, {0x0}, {0x0, 0x2ed}, {0x0}, {&(0x7f0000000e80)=""/5, 0x5}], 0x6}}], 0x1, 0x0, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000480)="a9772d9bea4824cc3854a62ffb84c4fb114d80fe462fd727b6f682cf0f9ccfe45f46ed18fc8af0505df86b4230370bfacd1f7266fae5859a3608357c69f51cfa473ef19a9dc2aeb43f9ed68acc034cf841229fbbe3f57130fe2ad707c56a92dbe64e59aa78e24db8e9b50597ab0024ca2564fbdb50e7b8cfa5c7028d556977ad6a90adf768a5ac0505ab07f8256368c6e71dd4b5a1c2e3c9946b610ab2b324099beb706b6a510c134ad18c928be3af6cf20e5016c9a050e35e30716e4913c882272bbfc8f0e1ee9c31484af6953e7d967640eff8accacee6daf3f98051a3ee281555a41340273dcb0bd8cc8cd549676f3ec23cbca42d4b76a178376eefb3da036d60cb88b5cb9c0ae0135be1d4f598c564fbe97ad4b691f59ba4063b898482d9cde4497009884d75b1965874e9c4d5a7cf8a640433c02acd340a98eff73e5948611184c7c60da3b233367d58aaf4e407e2e2c506b871fd822ec231389734d23a2aa5dc197831d8fee19361e5b99d0b51e5b1f0cadf296b91aa9477fa72879b4a3a3040777cf778cee1de32619701d71cb5316c7234a910b497b5f1b2cd2a0d39e92b6b92e091b470da2cec0e1b1fd3ce1a15d559b3733b97b2ddb1dd2aa73c9e03f189b8dd48c9093daddcd2c3fd0e1a9d16046d85c8934d2f9094aa5fa7b8ff061cb753dea2637ac2a8d523c9791ae454ea2e8cb10ce4a3ad8937ed583cd653bdb05b965e658f9c5f06a43bb1e61cfa4cb9be2cb4ef264d10f37e5292576bfdc97b2e1f8b692f0b64f76287e67805df914273677a9c39bd1e4f73d3c1afd99ad18a210caee42ab5c87969f6f99d7423dbb72d436ef3a3dead8eda03274d2e8e7f107eb04fdc3e36d6d4022dbc5c2fe388aaa3234950588ef56362708189826b98d3c9ed4dabcb33582a7e55327e82686aac973a5d0292afd7175a9c57b4fc1e5ba7cb0a34e35e50526d40bdb51a224e5b89e74e8752c1b39ab250b178adfab91c73c04d3c012b244cb7745dde4f716203ffcddaa096186ed0403b323c3aaa79aa4a0e6d1231ce99f83788ba0dc86da01cdad25816c26bf8e523b287d7ee83b5d0c55599ddbd202f743a1bc3d107a9c9610dc62537af48eecdd174ee4e796943250b81af0da28c57955aea149010ede13eb973dbe959500afe5e77b32ad5a11a353555b48eb7684596eadc481c291f185d0d47c639fa5bcb2dffe859a9d4a0e184a640e30f0afe83f2096faef9c0129289688a5267e0d2dadadd0f8cb13f35827f0337d2edf6220a244dd8c135563051f6fcd7fdad7879ff3ef01975938bc6e47aee745d4701cfc5e5546f05903bbcde0120ad847c32658c1384a6d8f188544df337a25f806051a346fb980a4e84fee06b0d367bc81161e96072b2e7e47999ac93437749d11864fa4c03a2d333135660aa17bd421623e6654eeae956e51a0157cb876db3e9cb324641d132cda7aabd9dcaa51f090c1955d20c2618466a0ea5acbaeac5a46e00b8869ca9a337eb5d9406592a790678a1f0bbe729054abb4810f4fdf50c517d4dd312b2d382412d45b9f60464c107c0735b16ceced73484f37cdcc8b9a4a62bc997bbd1d23b993fc5cfed9a43d2f4d335570e76715b020664bedb0db88816bc97ec37d13d64f604b71fc73f3c38954ae554e45997209afb0ff102dc170986e2d72e4178a7e6131308afa29ba732e251ebdf6254c0589752bfca3bef7fd0fc60ba683c6016b16234216bdcf8975bebafd8ee4606a96c1993d1f096b435fa84279344b914dec8e56566e103592a7ed44c63c8b5c18e01fa873032b1087622f225747339d38fa89e7008695ce0b3d6f505ab7ecdf99182ab7aa264d9108af35b0a373da18a8183f696dc70a8ac88c5663a866e89c7d7dbdf7296d63e5167978b38463ae9f36fe4121229e92cced04e", 0xffe4}], 0x1) 16:52:12 executing program 2: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x200000, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000100)=""/230, 0xe6) 16:52:12 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="24000000240007041dfffd946fa2830020200a0009000000001d85680c1ba6a20400ff7e", 0x24}], 0x1}, 0x0) 16:52:12 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x15, 0x5, 0x0, &(0x7f0000000100)) recvmsg(0xffffffffffffffff, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) 16:52:12 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x2000203a, 0x0) write$ppp(r0, 0x0, 0x0) 16:52:12 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000800)=ANY=[@ANYBLOB], 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="8305", 0x2}], 0x1}}], 0x1, 0x8000) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="e13a9246b5d159b41981f95f4c8654c3e1c1d8dc457a", 0x16}], 0x1) 16:52:12 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = gettid() ptrace$getenv(0x4201, r0, 0x0, 0x0) 16:52:12 executing program 0: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x60000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x25) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x20002, 0x0, 0x0, 0x0, 0x42}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 16:52:12 executing program 2: pselect6(0x40, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140), &(0x7f00000001c0)={&(0x7f0000000180), 0x7}) 16:52:12 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000080)) 16:52:12 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) write$P9_RXATTRCREATE(r1, &(0x7f00000000c0)={0xfffffffffffffe1b}, 0xfffffee3) write$P9_RREADLINK(r1, &(0x7f0000000100)={0xe, 0x17, 0x1, {0x5, './bus'}}, 0xe) r2 = open(&(0x7f0000000040)='./bus\x00', 0x1001, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ftruncate(r1, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) [ 120.420691] hrtimer: interrupt took 40093 ns 16:52:12 executing program 2: pipe(0x0) close(0xffffffffffffffff) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0xe, 0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) 16:52:12 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x2000203a, 0x0) write$ppp(r0, 0x0, 0x0) 16:52:12 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x201f}) 16:52:12 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000007c0)=""/246) write$ppp(0xffffffffffffffff, 0x0, 0x0) 16:52:12 executing program 4: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syz_tun\x00'}) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) io_setup(0x1, &(0x7f0000000300)=0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\r', 0x20000005002}) io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0xff66}]) 16:52:12 executing program 0: r0 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x0) 16:52:12 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000007c0)=""/246) write$ppp(0xffffffffffffffff, 0x0, 0x0) 16:52:12 executing program 1: getsockname$unix(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0x20000000000002, &(0x7f0000000280)=0x81, 0x28a) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000002c0)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x8, 0x0, "9fc72b543b28dd4728c3988b7adea76fa59f716c731782304d2a8b2baf8c1724fb01b86d7c1d88f3c7322926d8f0fcdb51b5df3ba8b696320eb85ae1bd8e6af048c54f27e0dad819d7cb50aaa2bc300f"}, 0xd8) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f00000000c0)=0x7, 0x4) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x100000299, 0x20000008, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) ftruncate(r3, 0x7fff) sendfile(r1, r3, 0x0, 0x8000ffffbffe) 16:52:12 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$netlink(r0, 0x0, 0x0) 16:52:12 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) r1 = dup(r0) bind$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, 0x0) 16:52:12 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000007c0)=""/246) write$ppp(0xffffffffffffffff, 0x0, 0x0) [ 120.714196] kasan: CONFIG_KASAN_INLINE enabled [ 120.733694] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 120.753928] general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 120.760711] Modules linked in: [ 120.763918] CPU: 1 PID: 2878 Comm: syz-executor.1 Not tainted 4.14.144+ #0 [ 120.771190] task: 00000000514f455d task.stack: 00000000a8f059d6 [ 120.777252] RIP: 0010:do_tcp_sendpages+0x33c/0x1780 [ 120.782264] RSP: 0018:ffff88819de9f6a8 EFLAGS: 00010206 [ 120.787620] RAX: 000000000000000f RBX: 0000000000000000 RCX: 00000000000014f2 [ 120.794885] RDX: ffffffff8252c9ea RSI: ffffc90002da5000 RDI: 0000000000000078 [ 120.802158] RBP: 0000000000000507 R08: 0000000000000001 R09: 0000000000000001 [ 120.809424] R10: fffffbfff34c5ba5 R11: ffffffff9a62dd2b R12: ffffea0006765080 [ 120.816702] R13: dffffc0000000000 R14: ffff88819ec89600 R15: 0000000000028000 [ 120.823983] FS: 00007f2d7657d700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000 [ 120.832833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.838737] CR2: 0000000002023978 CR3: 00000001cd120005 CR4: 00000000001606a0 [ 120.846038] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 120.853308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 120.860575] Call Trace: [ 120.863169] ? blk_finish_plug+0x50/0x97 [ 120.867232] ? sk_stream_alloc_skb+0x8a0/0x8a0 [ 120.871823] tcp_sendpage_locked+0x81/0x130 [ 120.877278] tcp_sendpage+0x3a/0x60 [ 120.880917] inet_sendpage+0x197/0x5d0 [ 120.884816] ? tcp_sendpage_locked+0x130/0x130 [ 120.889404] ? inet_getname+0x390/0x390 [ 120.893381] kernel_sendpage+0x84/0xd0 [ 120.897273] sock_sendpage+0x84/0xa0 [ 120.900992] pipe_to_sendpage+0x23d/0x300 [ 120.905136] ? kernel_sendpage+0xd0/0xd0 [ 120.909199] ? direct_splice_actor+0x160/0x160 [ 120.913788] ? splice_from_pipe_next.part.0+0x1e4/0x290 [ 120.919152] __splice_from_pipe+0x331/0x740 [ 120.923472] ? direct_splice_actor+0x160/0x160 [ 120.928050] ? direct_splice_actor+0x160/0x160 [ 120.932648] splice_from_pipe+0xd9/0x140 [ 120.936711] ? splice_shrink_spd+0xb0/0xb0 [ 120.940950] ? security_file_permission+0x88/0x1e0 [ 120.945880] ? splice_from_pipe+0x140/0x140 [ 120.950226] direct_splice_actor+0x118/0x160 [ 120.954635] splice_direct_to_actor+0x292/0x760 [ 120.959300] ? generic_pipe_buf_nosteal+0x10/0x10 [ 120.964138] ? do_splice_to+0x150/0x150 [ 120.968112] ? security_file_permission+0x88/0x1e0 [ 120.973058] do_splice_direct+0x177/0x240 [ 120.977211] ? splice_direct_to_actor+0x760/0x760 [ 120.982053] ? security_file_permission+0x88/0x1e0 [ 120.986980] do_sendfile+0x493/0xb20 [ 120.990692] ? do_compat_pwritev64+0x170/0x170 [ 120.995271] ? put_timespec64+0xbe/0x110 [ 120.999326] ? nsecs_to_jiffies+0x30/0x30 [ 121.003471] SyS_sendfile64+0x11f/0x140 [ 121.007439] ? SyS_sendfile+0x150/0x150 [ 121.011405] ? do_clock_gettime+0xd0/0xd0 [ 121.015546] ? fput+0x19/0x150 [ 121.018731] ? do_syscall_64+0x43/0x520 [ 121.022699] ? SyS_sendfile+0x150/0x150 [ 121.026672] do_syscall_64+0x19b/0x520 [ 121.030545] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 121.035712] RIP: 0033:0x4598e9 [ 121.038882] RSP: 002b:00007f2d7657cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 121.046565] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004598e9 [ 121.053818] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000004 16:52:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000000), 0x4) sendto$inet(r0, 0x0, 0xff1b, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000240), 0x1192aca8268c9077, 0x3, 0x0, 0xffffffffffffff06) 16:52:13 executing program 0: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/mcfilter\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000181, 0x0) 16:52:13 executing program 2: r0 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, 0x0) r1 = memfd_create(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0) getsockopt(r0, 0x0, 0x0, &(0x7f0000000040)=""/173, &(0x7f0000000100)=0xfffffffffffffeb1) [ 121.061073] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 121.068321] R10: 00008000ffffbffe R11: 0000000000000246 R12: 00007f2d7657d6d4 [ 121.075569] R13: 00000000004c709e R14: 00000000004dc750 R15: 00000000ffffffff [ 121.082828] Code: 24 08 48 0f 44 d8 e8 84 4c de fe 48 85 ed 0f 84 7e 03 00 00 e8 76 4c de fe 48 8d 7b 78 8b ac 24 c8 00 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 15 11 00 00 2b 6b 78 85 [ 121.101912] RIP: do_tcp_sendpages+0x33c/0x1780 RSP: ffff88819de9f6a8 [ 121.111522] ---[ end trace e26e0de0432fb059 ]--- [ 121.116354] Kernel panic - not syncing: Fatal exception [ 121.122281] Kernel Offset: 0x16e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 121.133204] Rebooting in 86400 seconds..