Warning: Permanently added '10.128.0.204' (ECDSA) to the list of known hosts. [ 24.548670] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/17 02:28:01 fuzzer started [ 24.640228] audit: type=1400 audit(1568687281.022:7): avc: denied { map } for pid=1776 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 25.376426] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/17 02:28:03 dialing manager at 10.128.0.26:37833 2019/09/17 02:28:03 syscalls: 1347 2019/09/17 02:28:03 code coverage: enabled 2019/09/17 02:28:03 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/17 02:28:03 extra coverage: extra coverage is not supported by the kernel 2019/09/17 02:28:03 setuid sandbox: enabled 2019/09/17 02:28:03 namespace sandbox: enabled 2019/09/17 02:28:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/17 02:28:03 fault injection: CONFIG_FAULT_INJECTION is not enabled 2019/09/17 02:28:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/17 02:28:03 net packet injection: enabled 2019/09/17 02:28:03 net device setup: enabled [ 27.953476] random: crng init done 02:28:59 executing program 0: clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000af5000)={0x1, &(0x7f00006dc000)=[{0x200006, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x8000000000000003, @loopback}, 0x10) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000003c0)) timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)=""/192, 0xc0}], 0x1}, 0x0) sendmmsg$inet(r0, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="e2fe9ddc6a2aecbcd539f6e4b5430b84feab853815abca693ef661df8b4b9f4bab0ee50983f88fd8514cf7ffa08954ea4b62da5d7092507239637c2ebcb3", 0x3e}, {&(0x7f0000000700)="156d53188ecd711ac3e6f4076a230e4724e21218c4a2536e275aa563c8cb867b1ee470e605c0ba9fea14fc2fabcf9428ebed7e80328077be28725a16e66ee21620f5929c", 0x44}], 0x2}}], 0x1, 0x0) r1 = gettid() r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/199, 0xc7}], 0x1}}], 0x1, 0x0, 0x0) tkill(r1, 0x14) 02:28:59 executing program 1: r0 = socket(0xa, 0x80803, 0x9) sendmmsg$unix(r0, &(0x7f00000038c0)=[{&(0x7f00000000c0)=@abs, 0x6e, 0x0, 0x0, &(0x7f00000009c0)=[@cred={{0x18, 0x1, 0x24}}], 0x18}], 0x1, 0x0) 02:28:59 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7001e0f57c0cf6270b24e415e96042aae51d870054c11cd59cc8fb47081025bad6b39d77f70a7c0f30f66157a96aae15813f0dceb29700", "a8a4cd01e527e6fd3de45387daf7b1ac786d0e8a75e8904655361fe06f308fe6033a61edb75c8d51c055faf7f4fdb16e0cdaa4276939a341033400", "2f18ffe4532a434e624ac93616105829576904e70bfeb59800f97c97644ab8a7"}) 02:28:59 executing program 2: seccomp(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfbfffffffffffffd}]}) prlimit64(0x0, 0x0, 0x0, 0x0) 02:28:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7bf070") clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x400000036) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xb, 0x0, 0x1b}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 02:28:59 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) waitid(0x3, 0x0, &(0x7f0000000000), 0x4, 0x0) [ 82.628076] audit: type=1400 audit(1568687339.012:8): avc: denied { map } for pid=1827 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 02:29:01 executing program 0: 02:29:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="a4ab12f728db4b2b4d2f2fba4fad27", 0xf}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 02:29:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x3, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="a00000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000078002b007400029c9300000000000000000000000000000000000000000000000000000000000000000000fb00"/80, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="08000000000000000000000000000000100000000000000000000000000000000000000008001b0000000000"], 0xa0}}, 0x0) 02:29:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = memfd_create(&(0x7f0000000100)='s\x00\xe2\xc6\xc1\x04\xf7\x86/\x1f\x8b\x9c\x96\xdb\x04\x9d\xf8\xc6/:\"G\xf0\v3\xb8\x89\xc3\x01\xa6\f\x01\xe8\xa9\x90\xa3\\\\JR9\xdf\xfd\xa8g[Y\xea\x82\x06\xb2m\xc8\a\"', 0x4) lseek(r1, 0x0, 0x3) 02:29:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newqdisc={0x30, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 02:29:01 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x355) 02:29:01 executing program 1: r0 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f0000000200), 0x87) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) 02:29:01 executing program 1: r0 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f0000000200), 0x87) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) [ 86.162109] audit: type=1326 audit(1568687342.552:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=2763 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0xffff0000 02:29:02 executing program 5: 02:29:03 executing program 2: 02:29:03 executing program 1: r0 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f0000000200), 0x87) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) 02:29:03 executing program 4: 02:29:03 executing program 5: [ 86.961946] audit: type=1326 audit(1568687343.352:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=2763 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0xffff0000 [ 87.070029] hrtimer: interrupt took 32423 ns 02:29:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="a4ab12f728db4b2b4d2f2fba4fad27", 0xf}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 02:29:04 executing program 3: 02:29:04 executing program 4: 02:29:04 executing program 5: 02:29:04 executing program 2: 02:29:04 executing program 1: r0 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f0000000200), 0x87) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) 02:29:04 executing program 4: 02:29:04 executing program 5: 02:29:04 executing program 2: 02:29:04 executing program 3: 02:29:04 executing program 4: 02:29:04 executing program 5: 02:29:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="a4ab12f728db4b2b4d2f2fba4fad27", 0xf}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 02:29:07 executing program 2: 02:29:07 executing program 5: 02:29:07 executing program 3: 02:29:07 executing program 4: 02:29:07 executing program 1: 02:29:07 executing program 2: 02:29:07 executing program 5: 02:29:07 executing program 3: 02:29:07 executing program 1: 02:29:07 executing program 5: 02:29:07 executing program 4: 02:29:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="a4ab12f728db4b2b4d2f2fba4fad27", 0xf}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 02:29:10 executing program 2: 02:29:10 executing program 3: 02:29:10 executing program 4: 02:29:10 executing program 1: 02:29:10 executing program 5: 02:29:10 executing program 2: 02:29:10 executing program 1: 02:29:10 executing program 5: 02:29:10 executing program 4: 02:29:10 executing program 3: 02:29:10 executing program 1: 02:29:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="a4ab12f728db4b2b4d2f2fba4fad27", 0xf}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 02:29:13 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {0x0, @dev}, 0x0, {0x2, 0x0, @broadcast}, 'sit0\x00'}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 02:29:13 executing program 4: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)) 02:29:13 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x16b) connect$inet(r0, &(0x7f00000000c0), 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) write$binfmt_elf32(r0, &(0x7f0000000140)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="a2a60da10901008d11d3f7", @ANYPTR64, @ANYRES16, @ANYRES64, @ANYRES32, @ANYRES16], @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRES32], @ANYRES16, @ANYRESDEC], 0xff1b) 02:29:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f00000000c0), 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) write$binfmt_elf32(r0, &(0x7f0000000140)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="a2a60da10901008d11d3f7", @ANYPTR64, @ANYRES16, @ANYRES64, @ANYRES32, @ANYRES16], @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRES32], @ANYRES16, @ANYRESDEC], 0xff1b) 02:29:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, 0x0) 02:29:13 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) sendfile(r2, r1, &(0x7f0000000100)=0xb, 0x100000010a0001ff) 02:29:13 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="80fd", 0x2}], 0x1, 0x0) 02:29:13 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x11, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @ipv4={[], [], @empty}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) 02:29:13 executing program 5: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r2) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x3}, 0x2c) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x33c) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r4) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x127) 02:29:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000380)={0x2, 0x0, @broadcast}, 0x10) 02:29:13 executing program 3: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000340)='./file0\x00') [ 96.945007] audit: type=1400 audit(1568687353.332:11): avc: denied { map_create } for pid=2914 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 02:29:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="a4ab12f728db4b2b4d2f2fba4fad27", 0xf}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 02:29:16 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000480)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0%\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\x8bK$\xd7\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x38f, 0x20000002, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10) getpeername$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, &(0x7f0000000140)=0x10) 02:29:16 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{}, {0x16}]}) 02:29:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00\x00\x00\x02\x00\x01\b\x00', 0x0}) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@ipv6_newaddr={0x2c, 0x14, 0x109, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_ADDRESS={0x14, 0x1, @local}]}, 0x2c}}, 0x0) 02:29:16 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b700000001edffffbfa30000000000000703000028fe7fff620af0fff8ffffff71a4f0ff000000000f040000000000004d400300000000006504000001ed000067000000000000006c44000000000000630a00fe000000001f00000000000000b7000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50becb19bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b5e4fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4ef154400e2438ec649dc74a1a610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e023906f88b53987ad1714e72ba7a54f0c33d39000d06ad99edc3a6138d5fcfba53f8d0c67ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a4040996e37c4f46756d"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) [ 99.852296] ================================================================== [ 99.858159] audit: type=1400 audit(1568687356.242:12): avc: denied { prog_load } for pid=2946 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 99.859773] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x19d/0x1f0 [ 99.888978] Read of size 2 at addr ffff8881c69a6cb0 by task syz-executor.2/2939 [ 99.896421] [ 99.898036] CPU: 0 PID: 2939 Comm: syz-executor.2 Not tainted 4.14.144+ #0 [ 99.905028] Call Trace: [ 99.907627] dump_stack+0xca/0x134 [ 99.911147] ? tcp_init_tso_segs+0x19d/0x1f0 [ 99.915536] ? tcp_init_tso_segs+0x19d/0x1f0 [ 99.919929] print_address_description+0x60/0x226 [ 99.924761] ? tcp_init_tso_segs+0x19d/0x1f0 [ 99.929192] ? tcp_init_tso_segs+0x19d/0x1f0 [ 99.933596] __kasan_report.cold+0x1a/0x41 [ 99.937822] ? kvm_guest_cpu_init+0x220/0x220 [ 99.942302] ? tcp_init_tso_segs+0x19d/0x1f0 [ 99.946872] tcp_init_tso_segs+0x19d/0x1f0 [ 99.951111] ? tcp_tso_segs+0x7b/0x1c0 [ 99.954983] tcp_write_xmit+0x15a/0x4730 [ 99.959033] ? memset+0x20/0x40 [ 99.962311] __tcp_push_pending_frames+0xa0/0x230 [ 99.967137] tcp_send_fin+0x154/0xbc0 [ 99.970928] tcp_close+0xc62/0xf40 [ 99.974455] inet_release+0xe9/0x1c0 [ 99.978151] __sock_release+0xd2/0x2c0 [ 99.982022] ? __sock_release+0x2c0/0x2c0 [ 99.986160] sock_close+0x15/0x20 [ 99.989594] __fput+0x25e/0x710 [ 99.992865] task_work_run+0x125/0x1a0 [ 99.996737] exit_to_usermode_loop+0x13b/0x160 [ 100.001300] do_syscall_64+0x3a3/0x520 [ 100.005171] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 100.010347] RIP: 0033:0x4135d1 [ 100.013514] RSP: 002b:00007ffda3d1f900 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 100.021200] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00000000004135d1 [ 100.028455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 100.035710] RBP: 0000000000000001 R08: 00000000878199a2 R09: ffffffffffffffff [ 100.042963] R10: 00007ffda3d1f9e0 R11: 0000000000000293 R12: 000000000075bf20 [ 100.050212] R13: 000000000001860b R14: 00000000007604b8 R15: ffffffffffffffff [ 100.057490] [ 100.059109] Allocated by task 2942: [ 100.062718] __kasan_kmalloc.part.0+0x53/0xc0 [ 100.067190] kmem_cache_alloc+0xee/0x360 [ 100.071231] __alloc_skb+0xea/0x5c0 [ 100.074834] sk_stream_alloc_skb+0xf4/0x8a0 [ 100.079133] tcp_sendmsg_locked+0xf11/0x2f50 [ 100.083520] tcp_sendmsg+0x2b/0x40 [ 100.087038] inet_sendmsg+0x15b/0x520 [ 100.090816] sock_sendmsg+0xb7/0x100 [ 100.094508] SyS_sendto+0x1de/0x2f0 [ 100.098113] do_syscall_64+0x19b/0x520 [ 100.101980] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 100.107146] 0xffffffffffffffff [ 100.110400] [ 100.112008] Freed by task 2942: [ 100.115266] __kasan_slab_free+0x164/0x210 [ 100.119477] kmem_cache_free+0xd7/0x3b0 [ 100.123428] kfree_skbmem+0x84/0x110 [ 100.127123] tcp_remove_empty_skb+0x264/0x320 [ 100.131601] tcp_sendmsg_locked+0x1c09/0x2f50 [ 100.136075] tcp_sendmsg+0x2b/0x40 [ 100.139596] inet_sendmsg+0x15b/0x520 [ 100.143373] sock_sendmsg+0xb7/0x100 [ 100.147063] SyS_sendto+0x1de/0x2f0 [ 100.150665] do_syscall_64+0x19b/0x520 [ 100.154528] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 100.159702] 0xffffffffffffffff [ 100.162957] [ 100.164564] The buggy address belongs to the object at ffff8881c69a6c80 [ 100.164564] which belongs to the cache skbuff_fclone_cache of size 456 [ 100.177896] The buggy address is located 48 bytes inside of [ 100.177896] 456-byte region [ffff8881c69a6c80, ffff8881c69a6e48) [ 100.189670] The buggy address belongs to the page: [ 100.194581] page:ffffea00071a6980 count:1 mapcount:0 mapping: (null) index:0xffff8881c69a6000 compound_mapcount: 0 [ 100.205834] flags: 0x4000000000010200(slab|head) [ 100.210570] raw: 4000000000010200 0000000000000000 ffff8881c69a6000 00000001800c000b [ 100.218433] raw: ffffea0007288900 0000000200000002 ffff8881dab70400 0000000000000000 [ 100.226288] page dumped because: kasan: bad access detected [ 100.231972] [ 100.233575] Memory state around the buggy address: [ 100.238483] ffff8881c69a6b80: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 100.245830] ffff8881c69a6c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.253167] >ffff8881c69a6c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.260513] ^ [ 100.265430] ffff8881c69a6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.272770] ffff8881c69a6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.280106] ================================================================== [ 100.287450] Disabling lock debugging due to kernel taint 02:29:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffff94, 0x0, 0x0, 0x0) 02:29:16 executing program 1: syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0xa321be4b3e55f0f0) listen(r0, 0x100000001) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c) bind$inet6(0xffffffffffffffff, &(0x7f0000000400)={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}, 0x1c) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x80) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, [], 0x26}, 0x5}, 0x1c) listen(r4, 0x80) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000000580)="5977cba4427193ba8dcda5ef3de4ed06686f19b8e5fc5c730b62595ac8a2d7247f24e45b8b7fec71bd7f9467a38eec2963f1d57876b8d33f1da5d790ce2b50bcb6b45c4cabfa269742f9bf3eea3ec4eacd8fb639bf2a37c230b6225801083c4a367b7e6664c33035f14a293987770a207264ad68154be4981cfcda1b0888b794a31f646f376e4796d2870f453f52f98b628cf1e2e85183be4a557dc6388d7a240de5c6781f76a0afc3aca5fba5a4d72f2b233086315fb7d72d", 0xffffffffffffffa3, 0x0, 0x0, 0xffffffffffffff6a) getsockopt$IP6T_SO_GET_REVISION_MATCH(r3, 0x29, 0x44, &(0x7f0000000080)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) ioctl$sock_proto_private(0xffffffffffffffff, 0x89ea, &(0x7f0000000540)="e1544285d6567dec0f86d7d5601c7eb8abc5bf4a92b947ac735510ede55cf6dbf1ebf044f66463d6990ebbf17ec965db924e53e0186daae6ecd5e2") socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, &(0x7f00000002c0)=""/206) timer_create(0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000180)) pipe(0x0) write(r1, &(0x7f0000000380), 0xfffffffe) recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0x1f, 0x100, 0x0, 0x0) shutdown(r0, 0x1) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000000)={'lo\x00'}) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') r7 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r7, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) [ 100.300500] audit: type=1400 audit(1568687356.682:13): avc: denied { prog_run } for pid=2946 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 100.328689] Kernel panic - not syncing: panic_on_warn set ... [ 100.328689] [ 100.336066] CPU: 0 PID: 2939 Comm: syz-executor.2 Tainted: G B 4.14.144+ #0 [ 100.344281] Call Trace: [ 100.346857] dump_stack+0xca/0x134 [ 100.350405] panic+0x1ea/0x3d3 [ 100.353590] ? add_taint.cold+0x16/0x16 [ 100.357544] ? tcp_init_tso_segs+0x19d/0x1f0 [ 100.361927] ? ___preempt_schedule+0x16/0x18 [ 100.366314] ? tcp_init_tso_segs+0x19d/0x1f0 [ 100.370697] end_report+0x43/0x49 [ 100.374130] ? tcp_init_tso_segs+0x19d/0x1f0 [ 100.378519] __kasan_report.cold+0xd/0x41 [ 100.382645] ? kvm_guest_cpu_init+0x220/0x220 [ 100.387206] ? tcp_init_tso_segs+0x19d/0x1f0 [ 100.391613] tcp_init_tso_segs+0x19d/0x1f0 [ 100.395844] ? tcp_tso_segs+0x7b/0x1c0 [ 100.399721] tcp_write_xmit+0x15a/0x4730 [ 100.403786] ? memset+0x20/0x40 [ 100.407045] __tcp_push_pending_frames+0xa0/0x230 [ 100.411863] tcp_send_fin+0x154/0xbc0 [ 100.415647] tcp_close+0xc62/0xf40 [ 100.419189] inet_release+0xe9/0x1c0 [ 100.422903] __sock_release+0xd2/0x2c0 [ 100.426767] ? __sock_release+0x2c0/0x2c0 [ 100.430892] sock_close+0x15/0x20 [ 100.434328] __fput+0x25e/0x710 [ 100.434343] kasan: CONFIG_KASAN_INLINE enabled [ 100.437611] task_work_run+0x125/0x1a0 [ 100.437623] exit_to_usermode_loop+0x13b/0x160 [ 100.437632] do_syscall_64+0x3a3/0x520 [ 100.442281] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 100.446072] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 100.446078] RIP: 0033:0x4135d1 [ 100.446082] RSP: 002b:00007ffda3d1f900 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 100.446089] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00000000004135d1 [ 100.446097] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 100.453978] general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 100.454529] RBP: 0000000000000001 R08: 00000000878199a2 R09: ffffffffffffffff [ 100.461882] Modules linked in: [ 100.467053] R10: 00007ffda3d1f9e0 R11: 0000000000000293 R12: 000000000075bf20 [ 100.477918] R13: 000000000001860b R14: 00000000007604b8 R15: ffffffffffffffff [ 100.485175] CPU: 1 PID: 2959 Comm: syz-executor.1 Tainted: G B 4.14.144+ #0 [ 100.532261] task: 00000000ee261eb8 task.stack: 000000000ab17883 [ 100.538308] RIP: 0010:tcp_sendmsg_locked+0x509/0x2f50 [ 100.543486] RSP: 0018:ffff888199e6fae8 EFLAGS: 00010206 [ 100.548832] RAX: 0000000000000011 RBX: ffff8881d363f400 RCX: 000000000000007b [ 100.556086] RDX: ffffffff8252e3c0 RSI: ffffc9000218f000 RDI: 0000000000000088 [ 100.563338] RBP: ffff8881cb0a8b12 R08: 0000000000000000 R09: fffffbfff4d05ba6 [ 100.570593] R10: fffffbfff4d05ba5 R11: 0000000000000000 R12: ffff888199e6fd90 [ 100.577845] R13: 0000000000000000 R14: ffff8881cb0a8b00 R15: dffffc0000000000 [ 100.585112] FS: 00007f179b8da700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000 [ 100.593326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 100.599190] CR2: 00007f179b8d9db8 CR3: 00000001c6e5e006 CR4: 00000000001606a0 [ 100.606447] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 100.613703] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 100.620955] Call Trace: [ 100.623544] ? tcp_sendpage+0x60/0x60 [ 100.627330] ? lock_acquire+0x12b/0x360 [ 100.631294] tcp_sendmsg+0x2b/0x40 [ 100.634820] inet_sendmsg+0x15b/0x520 [ 100.638612] ? inet_recvmsg+0x550/0x550 [ 100.642580] sock_sendmsg+0xb7/0x100 [ 100.646284] SyS_sendto+0x1de/0x2f0 [ 100.649897] ? SyS_getpeername+0x250/0x250 [ 100.654126] ? put_timespec64+0xbe/0x110 [ 100.658170] ? nsecs_to_jiffies+0x30/0x30 [ 100.662309] ? SyS_clock_gettime+0x7d/0xe0 [ 100.666529] ? do_clock_gettime+0xd0/0xd0 [ 100.670672] ? SyS_getpeername+0x250/0x250 [ 100.674889] do_syscall_64+0x19b/0x520 [ 100.678763] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 100.683942] RIP: 0033:0x4598e9 [ 100.687116] RSP: 002b:00007f179b8d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 100.694807] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004598e9 [ 100.702065] RDX: ffffffffffffffa3 RSI: 0000000020000580 RDI: 0000000000000005 [ 100.709314] RBP: 000000000075c070 R08: 0000000000000000 R09: ffffffffffffff6a [ 100.716589] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f179b8da6d4 [ 100.723860] R13: 00000000004c7880 R14: 00000000004dd188 R15: 00000000ffffffff [ 100.731138] Code: 4e 32 de fe 48 85 db 0f 84 12 08 00 00 e8 40 32 de fe 8b 84 24 08 01 00 00 49 8d bd 88 00 00 00 89 44 24 08 48 89 f8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 74 06 0f 8e 07 24 00 00 41 f6 85 88 00 00 [ 100.750298] RIP: tcp_sendmsg_locked+0x509/0x2f50 RSP: ffff888199e6fae8 [ 100.757578] Kernel Offset: 0x23000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 100.768501] Rebooting in 86400 seconds..