[ 10.560204] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.469676] random: sshd: uninitialized urandom read (32 bytes read) [ 33.710804] audit: type=1400 audit(1568148539.982:6): avc: denied { map } for pid=1770 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.759026] random: sshd: uninitialized urandom read (32 bytes read) [ 34.335471] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. [ 39.902020] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/10 20:49:06 fuzzer started [ 39.993378] audit: type=1400 audit(1568148546.262:7): avc: denied { map } for pid=1779 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.328228] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/10 20:49:07 dialing manager at 10.128.0.26:46601 2019/09/10 20:49:07 syscalls: 1347 2019/09/10 20:49:07 code coverage: enabled 2019/09/10 20:49:07 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/10 20:49:07 extra coverage: extra coverage is not supported by the kernel 2019/09/10 20:49:07 setuid sandbox: enabled 2019/09/10 20:49:07 namespace sandbox: enabled 2019/09/10 20:49:07 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/10 20:49:07 fault injection: CONFIG_FAULT_INJECTION is not enabled 2019/09/10 20:49:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/10 20:49:07 net packet injection: enabled 2019/09/10 20:49:07 net device setup: enabled [ 42.383416] random: crng init done 20:50:11 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 20:50:11 executing program 5: setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0xfffffffffffffdc1) ioctl(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getresuid(&(0x7f0000000080), 0x0, 0x0) setuid(0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00') bind$inet6(r1, &(0x7f0000807fe4)={0xa, 0x4e22}, 0x1c) io_setup(0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x200408d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000000000)="d4", 0x1, 0x37ffdfbb, 0x0, 0x0) recvfrom$inet6(r1, 0x0, 0x0, 0x1, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @empty}, 0x1c) 20:50:11 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x0, 0x2, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000000)=@fragment, 0x8) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) writev(r0, &(0x7f0000001380)=[{&(0x7f0000000200)="8f202adb7a5a8de9df00"/24, 0x187}], 0x1) 20:50:11 executing program 2: syz_open_procfs(0x0, &(0x7f0000000b40)='oom_adj\x00') sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.net\x00\xf9\x86\x86\xb4\x8dMVDg\xed\x947\xf6\xcd\xf6\x90\xd1\xff\x86\xec\xe0\xe8D\x1c\x1d\xc8M\xf0\x8b\xe8z\xf2p`\x8e{\x98\x8e\tl\xcc@\x1c[p\xf5\x8a\x03\xb5\xce\xcd\b\xeb\x1f\xd7\xec\xd1\xdb]}\xf6wn\x9f\x85&nG\xd9d\\.\x9c}\xfdOsl\x1f\x99\x8f\x18&f\x9e@\x00\x06\xba\xc0a\x99\xca\xc3\x96\xe7\x12Hz\x04\x02\xa5\x9b2\xefNh6z\xd0W\xe0#\xc5AY,\xd8\x99Q\xd3a\x9d\xd9 (\xe2\x93\xfb\xdb?\xea\x06\xbd|\xe6\xca*\xb9\xe9a\xe2\xd6\x8eB\xfb\xe0\xa0\xc17\x7f\xdb\xe9Q< J@\x9f\x83\x1fRC6 N\xea\xb6\x88\xf3\xdf\xa8^\xba6\x8e\xf7\x14\x88\xc56\xd2\xc9\x0eBy$`\xa3G\xc1\x7f7,\xd1B\x14\xf0\xa5\"q\xc5\x17:B!\xf93_\xa7\x91\xa3h\xae\xdfmP\x85w\xe7F\x11\xa7\xfdl!N$\xb1\xbc\xfa}D\xa6\xe0\xb5\n\xee\xb3\xa4\"z\xc8z\x98\xe1\x14\xe4\\\x19u\ag\r\a\"\xb0\xccy\xc9\x17s[G\xc6i\x8b\x8b\xa1\xa7v\xe5q\xb3\x89\th\x9b\xdb:', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000000)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x757c7818) personality(0x0) clock_gettime(0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(0xffffffffffffffff, 0x770a, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r1, 0x0) 20:50:11 executing program 3: 20:50:11 executing program 4: symlink(&(0x7f0000000200)='./file1\x00', &(0x7f0000000040)='./file0\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) symlink(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file1\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0x0, 0x0}) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0xffffff7f, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 105.294103] audit: type=1400 audit(1568148611.562:8): avc: denied { map } for pid=1779 comm="syz-fuzzer" path="/root/syzkaller-shm094330501" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 105.350182] audit: type=1400 audit(1568148611.592:9): avc: denied { map } for pid=1838 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 108.631477] audit: type=1400 audit(1568148614.902:10): avc: denied { create } for pid=2730 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 108.656054] audit: type=1400 audit(1568148614.922:11): avc: denied { write } for pid=2730 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 20:50:14 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) bind$inet6(r0, &(0x7f0000d85fe4)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x8800, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) sendto$inet6(r1, &(0x7f00000000c0)="dd", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000380)=[{{0x0, 0xfef3, 0x0, 0x0, 0x0, 0xfffffffffffffdcc}}], 0x400000000000490, 0x6, 0x0) [ 108.680438] audit: type=1400 audit(1568148614.932:12): avc: denied { read } for pid=2730 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 20:50:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) bind$inet6(r0, &(0x7f0000d85fe4)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x8800, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) sendto$inet6(r1, &(0x7f00000000c0)="dd", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000380)=[{{0x0, 0xfef3, 0x0, 0x0, 0x0, 0xfffffffffffffdcc}}], 0x400000000000490, 0x6, 0x0) 20:50:15 executing program 5: 20:50:15 executing program 5: 20:50:15 executing program 5: 20:50:15 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000004c0)="11dca50d5e0bcfe47bf070") gettid() timer_create(0x0, 0x0, &(0x7f0000000100)) timer_delete(0x0) 20:50:15 executing program 0: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)="a4ab12f728db4b2b4d2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf56db763bbce74b47888318b04aeb1747555ba16ea10e6ddb915ceb6397e514faf19e3f74a1d3b9b3c08eaba138725c4fe54204eaa3d026ef9d3f3ec56b0f16103a9073b96abe27eecccbfee02622f3a0ad7eb5b57f828631505476e1ec45b44df66b111a6ca5818bb168a65d5a9d26a8aa48cb704f3f257c814aa541e17aaf78b4648e9742a20d8689863f3f99c4afd672a7ff8133161ff4885410ef233666b", 0xc1}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x13) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 20:50:15 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000000), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x12fa88) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f00000000c0), 0x4) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") ptrace$setopts(0x4206, r1, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) 20:50:15 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000180)='./control\x00', 0x0) rmdir(&(0x7f00000004c0)='./control\x00') 20:50:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(r2, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=ANY=[@ANYBLOB="44040000240007e744c01e69dfc8a80000000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff0000000008000100636271001804020004040600030000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c118ed4800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ecffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000001000050005000000000000007f00000008c91af67c82576a74db5c"], 0x444}}, 0x0) 20:50:15 executing program 3: open(&(0x7f0000000080)='./file0\x00', 0x68042, 0x0) mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)='squashfs\x00', 0x0, 0x0) 20:50:15 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[], 0xffdbc2ca) unlink(&(0x7f0000000180)='./file0\x00') clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) 20:50:16 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) fcntl$getown(r0, 0x9) 20:50:16 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x31b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x9, &(0x7f0000000180)) 20:50:16 executing program 3: 20:50:16 executing program 3: 20:50:16 executing program 4: 20:50:16 executing program 3: rt_sigprocmask(0x0, &(0x7f0000000140)={0xfffffffffffffffd}, 0x0, 0x8) r0 = gettid() r1 = gettid() tkill(r1, 0x16) timer_create(0x0, &(0x7f0000000040)={0x0, 0x2d, 0x4, @tid=r0}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f00000001c0)={0xfffffffffffffdb0}, 0x8, 0x0) read(r2, &(0x7f0000000080)=""/128, 0xae3f1a6) timer_delete(0x0) INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes 20:50:19 executing program 0: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)="a4ab12f728db4b2b4d2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf56db763bbce74b47888318b04aeb1747555ba16ea10e6ddb915ceb6397e514faf19e3f74a1d3b9b3c08eaba138725c4fe54204eaa3d026ef9d3f3ec56b0f16103a9073b96abe27eecccbfee02622f3a0ad7eb5b57f828631505476e1ec45b44df66b111a6ca5818bb168a65d5a9d26a8aa48cb704f3f257c814aa541e17aaf78b4648e9742a20d8689863f3f99c4afd672a7ff8133161ff4885410ef233666b", 0xc1}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x13) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 20:50:19 executing program 4: r0 = socket(0x10, 0x3, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000340)="1f0000000104ff40003b54c007110000f30501000b000600000000000100cf", 0x1f) 20:50:19 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x3, 0xc) write(r1, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r1, &(0x7f0000000340)="1f0000000104ff40003b54c007110000f30502000b000200000000000100cf", 0x1f) 20:50:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000004e40)=[{{&(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x2}, 0x10, 0x0, 0x0, &(0x7f0000000680)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x7, 0x4, [@remote]}]}}}], 0x18}}], 0x1, 0x0) 20:50:19 executing program 1: r0 = socket(0x10, 0x3, 0xc) write(r0, &(0x7f0000000340)="1f0000000105ff40003b54c007110000f30501000b000200000000000100cf", 0x1f) [ 112.753595] audit: type=1400 audit(1568148619.022:13): avc: denied { create } for pid=2844 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 112.775215] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. 20:50:19 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b800000013006bc20000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00 \x00'/112], 0xb8}}, 0x0) 20:50:19 executing program 1: clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000440)="a4ab12f728db4b2b4d2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf56db763e3062d037dca291318d0a17270bbce74b47888318b04aeb1747555ba16ea10e6ddb915ceb6397e514f3482ca3c4a1d3b9b8d0500eaba138725c4fe54204ea23df9fb6e05b4eb24d9d4ecec86c93f10ff44910738fe220927cb13aeba91de1e10907f84356c9b6f44ddfa662beb127a31f95d987c418943811005c95ce7e0d4a3f9ec9eabb4c88c14a40c05a612c07f6a78c156ff1d5631ebe5bbd35735802805b734f09339bd23f2affe80b22b91a50a00184bbbc9b1c78c470adb55381f993ea1fbbb4ac8ef1b7e55b8612bd451eb9517c6020dde3a615060e978ef4744e37aef67893f720cfb79247e0500d83e0c0000000000b9c1dfc22d7e089d", 0x121}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 20:50:19 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000738ff0)={0x2, 0x4e21, @dev}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21}, 0xfffffed3) getsockname(r1, &(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, &(0x7f0000000000)=0x80) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000140)=0x1, 0x4) syz_open_pts(r2, 0x50800) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000440)=0xfffffffffffffffc, 0x4) r3 = open(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0) mknodat(r3, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r4 = socket(0x0, 0x80, 0x5) r5 = open(&(0x7f0000000500)='./bus\x00', 0x8141042, 0x80) close(r5) r6 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x105082) r7 = memfd_create(&(0x7f0000001ac0)='lp\xff\xbf\xfco\xd5\xaa\xfe\x1d\x15\xe2\x95Q\x87\xa4\'\xd0\xd8\xe3\xa1\x83\xf2A/\x80x\xe9\x11\x05\x8dOS\xdb\xc7`J\x94X\xbd\x9eXg\x7f\xfdQu\xcd<\xbfi1\xd4\xbbb\xe2\xf3,^\xbc\xbb\b\x8d#%\";+\xb8\xc3\x9ea\xde\xd2,S\xa1\x14\xbd\xe9\n3-\x88B\x1f\xa5\xba\xfc\x9fTZW\vG\xe4\x1a6\xdf\x14o.mU\x94t\x90P\x84\x7f\x16\x89\xf7S\x8e\x12U}[\xa6\xe7\"`\x14\xdf\x04z:', 0x2) pwritev(r7, &(0x7f00000000c0)=[{&(0x7f0000000480)="a8", 0x1}], 0x1, 0x81000) ioctl$LOOP_CHANGE_FD(r6, 0x4c00, r7) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r5, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r9, &(0x7f00000001c0), 0x526987c9) getsockopt$ARPT_SO_GET_ENTRIES(r5, 0x0, 0x61, &(0x7f0000001a00)=ANY=[@ANYRESDEC=r2, @ANYPTR=&(0x7f0000001880)=ANY=[@ANYRESOCT=0x0, @ANYPTR64=&(0x7f0000001d40)=ANY=[@ANYPTR64, @ANYBLOB="aab6e334eb73e421428d49736e948ef6255bf488a266d3cb6a85c857a6dd9e236b4986c7f26eeb4560ee1d3d455782e77293756eac3bca0ac2f0091bdc734b941d78af3532e9108cd57e0c0d5878a18f3affb6c5f59154b003fdd46cb0446bfa2f51f64ce16cd76b568250ca0e52bcc0abcc41648305739135b0b22cfb877aa73c2a699ffa7cdc8161d647", @ANYRESHEX=r6, @ANYRES16=r2, @ANYBLOB="3d512f06484a1f8e1c63257c723bff10a0e523ec7263a6c31d37b297f654615c222ed321772defd520bc6bcf21ca86a6b5de4eb2f72e401ba80d1d958d9d1a9164a91490013795cfeb0d45921b0fef7452781de5d0e31d8dc6e1c5fea16cf0e4b4775aa16b6eeec3a33762d54bd56e5001567e683a581442d0f12e36ed6b0ea25770cafee1f268f63c518f0f3c78fd1515a038f339ef1c99ba9198b35d7cfebe02e32161f2617d1559a42dc19199da977c76984c08c940c1daf21c63043d9266fd6f4bc8dfee6f3430c32a51b164a8354cf764651cb530e27ef119706a2ff5eacd75be645e9f4b"], @ANYRES64=r5, @ANYPTR=&(0x7f0000000540)=ANY=[@ANYRESHEX=r7, @ANYPTR, @ANYRES32=r3, @ANYRESHEX=r9, @ANYRESDEC=r4], @ANYRESOCT=r3, @ANYRESDEC=r8, @ANYPTR64=&(0x7f0000000800)=ANY=[@ANYRESDEC, @ANYPTR64, @ANYBLOB="6fcb45b450d04f97b07f61dcec39169554e9923fe35d39818e1f23493ebb7b928cfaceaac610415436904f73c69616eb93f54261f78f25066b998f8d062e7c5853c6a5f4732746467f0f6f9a207e4abd76d635bddfe17613a0072856870f0a0c65cb1484405a7ce4d2c798e89e81ab1d2540474aa66beb254ca655f05362377fa344fcd4d54786950c6fa56d6a1602fcd09080b8bdc8fe02df5d1d68271772d8dd4311db64bea8143ac3b01962000000008813f8d36b91d5504e7822b3a88bb8be4c17f9d4c419ea98e6405ace91407f06ccef809a674649c04d085260e3009e1fb27f662477b6c601f1f4a718b4c25397b3ce8a6af71cf647b6eae6ec56dfab8a95c64877ed8a6d765387937d2d6ea29f0020f5b74ea5bb47f5ea5c0c3d2f6376c0c0fe9666ad0390e0dbe4f50afce016926d5fe077c26d4fbe0af7aff100b6e510d2c4c3ced7d3191cbd4f018596f16a3203f625796f91650d2bd3bf9cf185bc87761be1cc530d09f5698479b6e22b8492bae9a5fcc64b059d4e3f9e7ccf5eb2ff8063f3b38881b2eac0e754fc76c880dadaccc0e28c18b11b5e19bfe334e7cdfbad0e7f9f8efda34c4d011c9f7113444c31d57f9c217d601032001ab98300ffcf9d56c8c49ac7c3bb5c1b7924738999b1b50e352653292610e355706eca34b9f6e8893b2c00f9a63c4bc65444046191812f95bfc8a478579bcb8c238f4d0e5b61f490645d1380fa854850e35ba1a88a7904fa793a17dc1fdafcbde07491d4bf54310373a968162577ea84d6e46a72f7978449971e2247755087fd31daf574e4953a7473bbe3050ca18ce8272549ab6ca1b2414124ecb2b91e5feb08de2f05bcafe654c773102010c7ea170cd632466e4fc65a781b4de12d2c3fa73ff5486f26523d81fae750fcdc551014d5b4686353f46178f218baf41a4177c615d155ca8e25ce4df307290b2821b57e9809a0abbe03b98deff5b22f05cba2d51127acd6df58d17230fb80f445f9f9d182c6d6a940461a43c1b4e9e66d19acb07db1a316ce96858a55bbbb5f98cc7d4e6c726b9ac539afa552392ee057c3a573dec61de2a4a35d935468ddde3c07b42d91bb53c4976f59c7fcf53264cf72a7fcf96e1460f5a272d9bf9225afc26034ca4e20f498a0aed5cc6bbaf328632ec94b67d683892577fda8c04ee4243869f8a0b2f32d8d28b2202abcf788793e07d1d44032ea2a2fcc92620541b2dd197780ce06dca49ea26d2f5815fa23f7553c39a8062f4d5dc1261eddc2081034b23cd55e0194b11df9bc55a0bae74cc005d56a4e7426b82446caebd410d891784cacc2bffc921cf3c663988f1953f4751a8a8e5d32341e9b594303bb246e4f1c8bf35230699a42766ef64785919338974d512488a9c0a90df74a359cd02d0100adf47924f0a863466de1d36c7bf6e63d31a15a389673472e44e037d22da5c5c2134fda612ed678dc2f76e53eef6e08cfe615bb539434c5228c96bdf6202c8d21206cf8ae11abb0a7ff12bb4cc0a6b6a5391955ad8f883811f86cb49965aff51e8f6c38140b540cbd7164c73cbf04f51c2fff0189ef1d4385028010acb005476bd5e0af5c4d452c636546a8b23d01fe9351ab4b3f2337df18470a8355d0007ff9dbbfae303f8b78e57be46d932e4905410ea8b1baf43c0924d9dcc2614247cf74e64f80d6ef2768fa49327ca5f370c499577bb27f6fe2e7e366d783a957046b014c4cd0fdacf98f97b6a72530e863168f11d4637883a61b3c5ebff223daa2a70d4bb6b5787d0a389c26b23f4fdd48f416d103be0849bff5564d97ecfb8d30757f47d14c183b50003724f70f3c9dd07ad6e9bf26babaff48a8d8af6b2a37e83f8a95bdbefb9aae7887d6767c2a0fccdd0bd3c482c74497360563bb7254183ef42217a4b41ae73e2e8b4a274c0b5d0a22d3e5ad4eddb768e861254f430344733287d883c498f849e43f7b34e4df1f580141dae940a5febf1eecf68af66b1272cc4db44643eceef8034ad33a33e6839a4be6d05e49d4a83d3338346008a6fd27e9b7353c36d96d15e175b48a077e59cac00d7bb723c108d95197c7db9582e6a54ddd10d849b85b14818950953099a47afbc13f85f5d72cf95650bed584e738f897c8cbe733640d35c415f9b360ad0a2662ade2b604299e362f7f6712864f276ec140c394c2ba9a65b2bcbae626064f82a6900ad52e7e4d5aeb5a7a28b234aaedec06ca3bf038b28fa874ac8f54fc76b79f1f35fcbe6f7f8ddcb94568bc43bc6fd10b124d5810cd8aff4de8726fa8dea4e73727ee4bfe7c26c371dd4a8d2f6d736b82f979b023cc3623c00e7cb4304518d80a8d32714c43199c93d658cdbe6c71d5382b050cad7a21add3975250af671effb2d6b611c817066609f3d2752709fcb687d4989678b8db5208735428b4faa49dfb9dc7abf34319b737c525f7b09be3f5c536b784a03695ed2b147106353db7dd6f8dd283e4389e885c176cef3b2cc894d3eb00992374d680ecb63562a4dfd2342b69b3313e3aa6717ca128a0165a9df1bc14a2f4d99a49fc638cf450073078b2e3b779bfec0718bc7513329d814918933e8f7d0abb83f2dcdad3db77dcf1a201a0589b98c17cfdda2db473367039d47692430f9f667dcb439231c372f5e0e221105bef964d279f8dbd55313265fe2b3bd433b51ec07ec3f7108a199a8e67916a7bbe96492bf9b5f5497ac97cfcd901000000ffffffffd8d65b8f7007454542e752633bd1e9b84de6309adcea87b5cbd97106eff506eb2eaa1a23db11a3b25423039332a2b94c9e88a1e52abd11161ff3e0ffe13bdd7a1b9c7bcfbd6fdbef1618daa5551085e2117f2ed0133025213342d4da9f445032ece5cc480665f3860003c8ba6e9ae50a4435cac05f7296dd13323dd267da1bf56fe2a7560e3d818b0f27f83b6e6db5e716011f2595cda29ff75447659e1f0cc918f0062d6f461e0b99aec3d734f8067cc178d2b2ffd5cd2db078858791932f8947e40e92c1a8fa853387d63f4d360113608248bcd0f9a27447f4a860835e578eeb335078ef97e422b91162da8237c5508899268ed77386e8e2b91daf69843631c4f1e5d9cfc5f3b4783cfd40f4349b3eb4911cc34cb4c4b5174ef9a0bc4c9f73b79acea30a84c82b9c02015f51ee712cafa08865b10a7e161ed61d7d43556fef6f5f971d9a5b0329ee298113702e7ef616af73d49d7bdb4dc54f43dfb1028aa78fe5178121c2984421e5198aec685b5698f6d99fbd2d6fef3d87d76150e753c15d4da81fe9136c3b7a0fd0047d5a1d34ada6a7cd4dbed86581d45eb0bf0ea44bd44115902bcb0a5a7d67e11ae98358ab527408721dab73e7a06d99c471586ddcfdad2f0815a4b49f62dbe239b9d0ced6fac3863633d8029877ef9c7900800000000000000cd72a1b262bac22206f66704a6047831571e0fdb5f7a1e0e53ebbb72d636c0105b46529e98212b8482a00330cf2a6590f3fffc72a0a7f0ddf5ab1668146c3df364195a6d728aae93609743e0175f000d57083f3667035b67e116c3423bf2ba1ff3f7110809995b4c76f4f24e5b8da609a963420f1325f462e210657cd713ee4dce3c11e3417b37eb19abad78dc080f36ba877631d92ec0880f2538a01b31ab4b060e0c413411a09030933f24afe33d3ddfa2a8b2f5a0eb2405ad439d12876653c29aeef7d5b7ab3c044f1b6cb031228c151ed3e9c5142815f3ab545911ebd0fd8103173ea6828085e5763b212c76e8e7aab81c8d29fae4913d4c63eb8a2199473b56312c06f2b0ae7ea0fe84c2fe9a409af76216f6e914a412d397e60508eb7c9347c7aab79cfd6d9ebbb7d30ff156bd6d3e115a16f0aa44b78b447181a8567020ac4334f014acd44e16d11e8c90393d8d8b6dc9a7f882d478d975f7252eddf97b9923d05c94bb8ee4462f4cd4a4d0215862854c99e001038fda11316ca92a9268d4bad5dee72537ac960bbe9e9358b99a098d86d2db86fcb500e72725b638b7833d413661ff23df7f11e022b8918cbbf2e77fe9b30bf5e5e73f9a351e11ccd2fe02319b5b06d7fe1bf51eae844fd14e11876733ec03a2bb54beb809be28434ea5a950e24b6db2ee9bb904e3b6abd7a3d47006ffbc2c978f0b218c1ffbbe757a2e7e6fbd7a3a42ba3310873e4606f67534c1ae4e61e20ea198c36e42a61c014701409f38950887acd99d88cf369c3ab623d1b1ce7453e402e46c8b82a5f072b0f8b7343f183a8c3741a4eaf0b9f50b83f05a33b23ec7b7ff5152c7dd5f805106a02f3dc0846a2a99cadfde2bfbad5035178b64834a7a930f6aafc8f573a4b53b77aaf11d6dc5691283831ad05bc24a2e8265576b8ddfb51ad2c30e202acc96bcc2e4670011716ee783f8f10e7625b38fbfc273b849bd5714f642642c2562b180b313ef89830e486cead98de5c2b42b6646400154b15f69ca1e7171f5c2729d9f7a237aa8bf13febc6702279401bd6efdd62beb3a110bf5c203d459101551e6edb1d0c13b015cbcd8224a462c0338fc452cd731555e6000086776ada9b5bc5ac90023b983f61d1e12f0a4201e73d8982665d53a644cbd1e8b583df69aab0789cbc94b106850f4e9c9792f8da8099ee82d6915346e39fccbc973a5806512534c46ea31763ab4ef7636904fe78adbe9c0fbfe124634b9991e3d6d72c5e324e719f37cdf262c2047d828f6da52227988f5081e080a209dc804ac88a2426acac59a47803aa40321b3d19ab053fa144820be1ef8a455e7c109e0262d442f3f28e392d04cf53c4b6b259f38c1058409e34850896e22e1c846fc1aea9eed46944af115d03be68706501a2000892b2c27a8f7ba4d843600a3cd5e295d4a4a64f23b17524d2944eb64d3f40701b1a21de9c521ca7436f742a407bc7f644dc00bea476e628c6c36536a4d862531f996fa6c506767a597a8c872c1a8bdde36b7174ddfb6b775c20f9bba345d11ad4682bb5e3bc03acc84f883f4fb053f89667f19069bd8c2ae987cb70eda0ad3d66c18c87108988fe81cc3911ef9fe828d96ed30c24c9d5aeb3d4145f7dae6320c8f6f9d3dc53ead9a80044abc9e369528b9798b5ad9adc81d429a3f4bc588b8ce91943632c4fe87d91f382a0555e991311b115aaa4385f13289233e30c7af25ebc38d8946ba9d76ed4aeff496eb241b02dd86310ba4e465be5ec745755b61dc76acd90bd8f9925c93aff10169d96e3a5acd1fd7ff0c1ff7cbcef32d94acbe5caf830dca24b4bedf9bfa8069e1a738102c647322d10db4bb4d728f642d8d95a232286936522a58b323dbc60071dbbf7bf7b48726749fcb1026b996653f84f93ccf8b95b4fd69bae0c871c7c1af8e8d7d270f3d606d3efcfb4c1941d0b63f412132b252b435ddcd3e2103e6c51e8587a49992c6d1d8a4c22c85f52ad681c31a1cf6563f139697770197985bcc9e25c180dd14192b5688d5970e9f79ddc3ec2beeaeb79196f4700e0bf20a1e53a2f155edcb21dddb20743b294cb8857eca453d647d2aec1d58bc99babacba7509ba38d825ac2dd710625d0c997251311afa95ded11ed3fb8aa94a9fc73c658e7d33d600e5528ef43d6ae93e9d00e53f4232dbaf8faaeb734202fca3ef06024daeeae9ce489f3b23cf308578f1c8136cbc5073670e121f87d16195e4e19606457bb19a870312f7efd71434038ff0a62dc508c0bb00512e0bedf6c5a08946cca3a328dbe568719f097f014cc080a0d6d2ca593859f3ed92d17359ef97132435bf5e872bea56f02ce4d0ba440599a6767410294bac9ae209d33223000000003294cd7445422c7f1405bcb0452e7b3f1bc2fa9ff69b24a3abea2442e73ff3c578ddee0bafe8a9ac0ac764d75a1016209ff2", @ANYPTR, @ANYRESHEX=r8, @ANYRESDEC=r4]], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES64, @ANYPTR=&(0x7f0000001900)=ANY=[@ANYRESDEC=r4, @ANYRES64=r5, @ANYBLOB="c07236ec8d91ba5551dc0a832dd32bc947eb11d3dbdc52c59d0000eeeb60005b6004", @ANYRESOCT=r7, @ANYRES32=r7, @ANYPTR64, @ANYPTR64, @ANYRES32=0x0, @ANYPTR], @ANYBLOB="59a31ba601b3634c37b51674f6d888974c0bb789a82485cb73f1df5a00027cb7c15d5b8a2c6013154e199e8fd2ad322ed04568fc14a7e1d121b331d0e5", @ANYRESOCT=r9, @ANYPTR=&(0x7f00000004c0)=ANY=[@ANYPTR, @ANYPTR], @ANYRESOCT=r7, @ANYRES64], @ANYRES32=r2], 0x0) read(r8, &(0x7f0000000200)=""/250, 0x50c7e3e3) getsockname$packet(r8, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f00000003c0)=0x8) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'team_slave_1\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="3700000000000000ffff0000732805080fbff40000000098b70cad5e1d8b544081f32ec03e4b2b9e0c6415b00f8b970add4002d61dcb86f774df2676d0095128365d2744be217bced7356905530e7cb41cc74ecb9f5614962f3222e9d26c083f8e9de53fcc45a2492df6878175a67a9737cbfae430d548012f29f4f67d4f7de49d89e84f7ad6633b512e9e54a0ebef01ff010b0ecc9075719d3ad345f1251f7213816492ceb556cb45c69ddca4e8df278ea39e57bffd085c5c0b8a82db00ab14a507189e3ab4bba887cde1f2482c3f0c407aec87e6a29351a2bb22879f5e9ce0658562648b9b12e2e1c1d0687091dd9003b05d250a39aad4ab1eb24e3c9690eee05f68e7d9a0ca9193a35c6ae400bf1da861c751bbf5668a28cff1961694bc163aa15539d76a70fec4c390049727205683439a4200de528aa92f566d6ff6be091cda47aa35bcaefbaa4ef8a8dc3dc9ca238b328060780f9581a5eb7b75d92bab0d4ab24c6e77c87a"]}) 20:50:19 executing program 2: r0 = socket$packet(0x11, 0x2000100000000a, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x5dd, &(0x7f0000000040)=[{}]}, 0x10) 20:50:19 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setaffinity(r0, 0x0, 0x0) [ 112.782742] audit: type=1400 audit(1568148619.022:14): avc: denied { write } for pid=2844 comm="syz-executor.1" path="socket:[9223]" dev="sockfs" ino=9223 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 112.807334] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. [ 112.820656] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. [ 112.838725] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. 20:50:19 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fremovexattr(r1, &(0x7f0000000000)=ANY=[@ANYRESHEX]) 20:50:19 executing program 3: [ 112.904231] audit: type=1400 audit(1568148619.172:15): avc: denied { map } for pid=2863 comm="syz-executor.4" path="/dev/loop0" dev="devtmpfs" ino=1059 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1 20:50:22 executing program 0: socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pselect6(0x27f, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000000000000}, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x0) 20:50:22 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x409, &(0x7f00000000c0)={@link_local, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x0, 0x0, @empty, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 20:50:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000240)="11dca5055e0bcfe47bf070") prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() r2 = dup(r1) setsockopt$inet_msfilter(r2, 0x0, 0x29, 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x80000000002c00) 20:50:22 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="02006300000a00000000ff07000000000000000000000000000000000000000000004200000000000000018000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 20:50:22 executing program 5: 20:50:22 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000738ff0)={0x2, 0x4e21, @dev}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21}, 0xfffffed3) getsockname(r1, &(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, &(0x7f0000000000)=0x80) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000140)=0x1, 0x4) syz_open_pts(r2, 0x50800) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000440)=0xfffffffffffffffc, 0x4) r3 = open(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0) mknodat(r3, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r4 = socket(0x0, 0x80, 0x5) r5 = open(&(0x7f0000000500)='./bus\x00', 0x8141042, 0x80) close(r5) r6 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x105082) r7 = memfd_create(&(0x7f0000001ac0)='lp\xff\xbf\xfco\xd5\xaa\xfe\x1d\x15\xe2\x95Q\x87\xa4\'\xd0\xd8\xe3\xa1\x83\xf2A/\x80x\xe9\x11\x05\x8dOS\xdb\xc7`J\x94X\xbd\x9eXg\x7f\xfdQu\xcd<\xbfi1\xd4\xbbb\xe2\xf3,^\xbc\xbb\b\x8d#%\";+\xb8\xc3\x9ea\xde\xd2,S\xa1\x14\xbd\xe9\n3-\x88B\x1f\xa5\xba\xfc\x9fTZW\vG\xe4\x1a6\xdf\x14o.mU\x94t\x90P\x84\x7f\x16\x89\xf7S\x8e\x12U}[\xa6\xe7\"`\x14\xdf\x04z:', 0x2) pwritev(r7, &(0x7f00000000c0)=[{&(0x7f0000000480)="a8", 0x1}], 0x1, 0x81000) ioctl$LOOP_CHANGE_FD(r6, 0x4c00, r7) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r5, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r9, &(0x7f00000001c0), 0x526987c9) getsockopt$ARPT_SO_GET_ENTRIES(r5, 0x0, 0x61, &(0x7f0000001a00)=ANY=[@ANYRESDEC=r2, @ANYPTR=&(0x7f0000001880)=ANY=[@ANYRESOCT=0x0, @ANYPTR64=&(0x7f0000001d40)=ANY=[@ANYPTR64, @ANYBLOB="aab6e334eb73e421428d49736e948ef6255bf488a266d3cb6a85c857a6dd9e236b4986c7f26eeb4560ee1d3d455782e77293756eac3bca0ac2f0091bdc734b941d78af3532e9108cd57e0c0d5878a18f3affb6c5f59154b003fdd46cb0446bfa2f51f64ce16cd76b568250ca0e52bcc0abcc41648305739135b0b22cfb877aa73c2a699ffa7cdc8161d647", @ANYRESHEX=r6, @ANYRES16=r2, @ANYBLOB="3d512f06484a1f8e1c63257c723bff10a0e523ec7263a6c31d37b297f654615c222ed321772defd520bc6bcf21ca86a6b5de4eb2f72e401ba80d1d958d9d1a9164a91490013795cfeb0d45921b0fef7452781de5d0e31d8dc6e1c5fea16cf0e4b4775aa16b6eeec3a33762d54bd56e5001567e683a581442d0f12e36ed6b0ea25770cafee1f268f63c518f0f3c78fd1515a038f339ef1c99ba9198b35d7cfebe02e32161f2617d1559a42dc19199da977c76984c08c940c1daf21c63043d9266fd6f4bc8dfee6f3430c32a51b164a8354cf764651cb530e27ef119706a2ff5eacd75be645e9f4b"], @ANYRES64=r5, @ANYPTR=&(0x7f0000000540)=ANY=[@ANYRESHEX=r7, @ANYPTR, @ANYRES32=r3, @ANYRESHEX=r9, @ANYRESDEC=r4], @ANYRESOCT=r3, @ANYRESDEC=r8, @ANYPTR64=&(0x7f0000000800)=ANY=[@ANYRESDEC, @ANYPTR64, @ANYBLOB="6fcb45b450d04f97b07f61dcec39169554e9923fe35d39818e1f23493ebb7b928cfaceaac610415436904f73c69616eb93f54261f78f25066b998f8d062e7c5853c6a5f4732746467f0f6f9a207e4abd76d635bddfe17613a0072856870f0a0c65cb1484405a7ce4d2c798e89e81ab1d2540474aa66beb254ca655f05362377fa344fcd4d54786950c6fa56d6a1602fcd09080b8bdc8fe02df5d1d68271772d8dd4311db64bea8143ac3b01962000000008813f8d36b91d5504e7822b3a88bb8be4c17f9d4c419ea98e6405ace91407f06ccef809a674649c04d085260e3009e1fb27f662477b6c601f1f4a718b4c25397b3ce8a6af71cf647b6eae6ec56dfab8a95c64877ed8a6d765387937d2d6ea29f0020f5b74ea5bb47f5ea5c0c3d2f6376c0c0fe9666ad0390e0dbe4f50afce016926d5fe077c26d4fbe0af7aff100b6e510d2c4c3ced7d3191cbd4f018596f16a3203f625796f91650d2bd3bf9cf185bc87761be1cc530d09f5698479b6e22b8492bae9a5fcc64b059d4e3f9e7ccf5eb2ff8063f3b38881b2eac0e754fc76c880dadaccc0e28c18b11b5e19bfe334e7cdfbad0e7f9f8efda34c4d011c9f7113444c31d57f9c217d601032001ab98300ffcf9d56c8c49ac7c3bb5c1b7924738999b1b50e352653292610e355706eca34b9f6e8893b2c00f9a63c4bc65444046191812f95bfc8a478579bcb8c238f4d0e5b61f490645d1380fa854850e35ba1a88a7904fa793a17dc1fdafcbde07491d4bf54310373a968162577ea84d6e46a72f7978449971e2247755087fd31daf574e4953a7473bbe3050ca18ce8272549ab6ca1b2414124ecb2b91e5feb08de2f05bcafe654c773102010c7ea170cd632466e4fc65a781b4de12d2c3fa73ff5486f26523d81fae750fcdc551014d5b4686353f46178f218baf41a4177c615d155ca8e25ce4df307290b2821b57e9809a0abbe03b98deff5b22f05cba2d51127acd6df58d17230fb80f445f9f9d182c6d6a940461a43c1b4e9e66d19acb07db1a316ce96858a55bbbb5f98cc7d4e6c726b9ac539afa552392ee057c3a573dec61de2a4a35d935468ddde3c07b42d91bb53c4976f59c7fcf53264cf72a7fcf96e1460f5a272d9bf9225afc26034ca4e20f498a0aed5cc6bbaf328632ec94b67d683892577fda8c04ee4243869f8a0b2f32d8d28b2202abcf788793e07d1d44032ea2a2fcc92620541b2dd197780ce06dca49ea26d2f5815fa23f7553c39a8062f4d5dc1261eddc2081034b23cd55e0194b11df9bc55a0bae74cc005d56a4e7426b82446caebd410d891784cacc2bffc921cf3c663988f1953f4751a8a8e5d32341e9b594303bb246e4f1c8bf35230699a42766ef64785919338974d512488a9c0a90df74a359cd02d0100adf47924f0a863466de1d36c7bf6e63d31a15a389673472e44e037d22da5c5c2134fda612ed678dc2f76e53eef6e08cfe615bb539434c5228c96bdf6202c8d21206cf8ae11abb0a7ff12bb4cc0a6b6a5391955ad8f883811f86cb49965aff51e8f6c38140b540cbd7164c73cbf04f51c2fff0189ef1d4385028010acb005476bd5e0af5c4d452c636546a8b23d01fe9351ab4b3f2337df18470a8355d0007ff9dbbfae303f8b78e57be46d932e4905410ea8b1baf43c0924d9dcc2614247cf74e64f80d6ef2768fa49327ca5f370c499577bb27f6fe2e7e366d783a957046b014c4cd0fdacf98f97b6a72530e863168f11d4637883a61b3c5ebff223daa2a70d4bb6b5787d0a389c26b23f4fdd48f416d103be0849bff5564d97ecfb8d30757f47d14c183b50003724f70f3c9dd07ad6e9bf26babaff48a8d8af6b2a37e83f8a95bdbefb9aae7887d6767c2a0fccdd0bd3c482c74497360563bb7254183ef42217a4b41ae73e2e8b4a274c0b5d0a22d3e5ad4eddb768e861254f430344733287d883c498f849e43f7b34e4df1f580141dae940a5febf1eecf68af66b1272cc4db44643eceef8034ad33a33e6839a4be6d05e49d4a83d3338346008a6fd27e9b7353c36d96d15e175b48a077e59cac00d7bb723c108d95197c7db9582e6a54ddd10d849b85b14818950953099a47afbc13f85f5d72cf95650bed584e738f897c8cbe733640d35c415f9b360ad0a2662ade2b604299e362f7f6712864f276ec140c394c2ba9a65b2bcbae626064f82a6900ad52e7e4d5aeb5a7a28b234aaedec06ca3bf038b28fa874ac8f54fc76b79f1f35fcbe6f7f8ddcb94568bc43bc6fd10b124d5810cd8aff4de8726fa8dea4e73727ee4bfe7c26c371dd4a8d2f6d736b82f979b023cc3623c00e7cb4304518d80a8d32714c43199c93d658cdbe6c71d5382b050cad7a21add3975250af671effb2d6b611c817066609f3d2752709fcb687d4989678b8db5208735428b4faa49dfb9dc7abf34319b737c525f7b09be3f5c536b784a03695ed2b147106353db7dd6f8dd283e4389e885c176cef3b2cc894d3eb00992374d680ecb63562a4dfd2342b69b3313e3aa6717ca128a0165a9df1bc14a2f4d99a49fc638cf450073078b2e3b779bfec0718bc7513329d814918933e8f7d0abb83f2dcdad3db77dcf1a201a0589b98c17cfdda2db473367039d47692430f9f667dcb439231c372f5e0e221105bef964d279f8dbd55313265fe2b3bd433b51ec07ec3f7108a199a8e67916a7bbe96492bf9b5f5497ac97cfcd901000000ffffffffd8d65b8f7007454542e752633bd1e9b84de6309adcea87b5cbd97106eff506eb2eaa1a23db11a3b25423039332a2b94c9e88a1e52abd11161ff3e0ffe13bdd7a1b9c7bcfbd6fdbef1618daa5551085e2117f2ed0133025213342d4da9f445032ece5cc480665f3860003c8ba6e9ae50a4435cac05f7296dd13323dd267da1bf56fe2a7560e3d818b0f27f83b6e6db5e716011f2595cda29ff75447659e1f0cc918f0062d6f461e0b99aec3d734f8067cc178d2b2ffd5cd2db078858791932f8947e40e92c1a8fa853387d63f4d360113608248bcd0f9a27447f4a860835e578eeb335078ef97e422b91162da8237c5508899268ed77386e8e2b91daf69843631c4f1e5d9cfc5f3b4783cfd40f4349b3eb4911cc34cb4c4b5174ef9a0bc4c9f73b79acea30a84c82b9c02015f51ee712cafa08865b10a7e161ed61d7d43556fef6f5f971d9a5b0329ee298113702e7ef616af73d49d7bdb4dc54f43dfb1028aa78fe5178121c2984421e5198aec685b5698f6d99fbd2d6fef3d87d76150e753c15d4da81fe9136c3b7a0fd0047d5a1d34ada6a7cd4dbed86581d45eb0bf0ea44bd44115902bcb0a5a7d67e11ae98358ab527408721dab73e7a06d99c471586ddcfdad2f0815a4b49f62dbe239b9d0ced6fac3863633d8029877ef9c7900800000000000000cd72a1b262bac22206f66704a6047831571e0fdb5f7a1e0e53ebbb72d636c0105b46529e98212b8482a00330cf2a6590f3fffc72a0a7f0ddf5ab1668146c3df364195a6d728aae93609743e0175f000d57083f3667035b67e116c3423bf2ba1ff3f7110809995b4c76f4f24e5b8da609a963420f1325f462e210657cd713ee4dce3c11e3417b37eb19abad78dc080f36ba877631d92ec0880f2538a01b31ab4b060e0c413411a09030933f24afe33d3ddfa2a8b2f5a0eb2405ad439d12876653c29aeef7d5b7ab3c044f1b6cb031228c151ed3e9c5142815f3ab545911ebd0fd8103173ea6828085e5763b212c76e8e7aab81c8d29fae4913d4c63eb8a2199473b56312c06f2b0ae7ea0fe84c2fe9a409af76216f6e914a412d397e60508eb7c9347c7aab79cfd6d9ebbb7d30ff156bd6d3e115a16f0aa44b78b447181a8567020ac4334f014acd44e16d11e8c90393d8d8b6dc9a7f882d478d975f7252eddf97b9923d05c94bb8ee4462f4cd4a4d0215862854c99e001038fda11316ca92a9268d4bad5dee72537ac960bbe9e9358b99a098d86d2db86fcb500e72725b638b7833d413661ff23df7f11e022b8918cbbf2e77fe9b30bf5e5e73f9a351e11ccd2fe02319b5b06d7fe1bf51eae844fd14e11876733ec03a2bb54beb809be28434ea5a950e24b6db2ee9bb904e3b6abd7a3d47006ffbc2c978f0b218c1ffbbe757a2e7e6fbd7a3a42ba3310873e4606f67534c1ae4e61e20ea198c36e42a61c014701409f38950887acd99d88cf369c3ab623d1b1ce7453e402e46c8b82a5f072b0f8b7343f183a8c3741a4eaf0b9f50b83f05a33b23ec7b7ff5152c7dd5f805106a02f3dc0846a2a99cadfde2bfbad5035178b64834a7a930f6aafc8f573a4b53b77aaf11d6dc5691283831ad05bc24a2e8265576b8ddfb51ad2c30e202acc96bcc2e4670011716ee783f8f10e7625b38fbfc273b849bd5714f642642c2562b180b313ef89830e486cead98de5c2b42b6646400154b15f69ca1e7171f5c2729d9f7a237aa8bf13febc6702279401bd6efdd62beb3a110bf5c203d459101551e6edb1d0c13b015cbcd8224a462c0338fc452cd731555e6000086776ada9b5bc5ac90023b983f61d1e12f0a4201e73d8982665d53a644cbd1e8b583df69aab0789cbc94b106850f4e9c9792f8da8099ee82d6915346e39fccbc973a5806512534c46ea31763ab4ef7636904fe78adbe9c0fbfe124634b9991e3d6d72c5e324e719f37cdf262c2047d828f6da52227988f5081e080a209dc804ac88a2426acac59a47803aa40321b3d19ab053fa144820be1ef8a455e7c109e0262d442f3f28e392d04cf53c4b6b259f38c1058409e34850896e22e1c846fc1aea9eed46944af115d03be68706501a2000892b2c27a8f7ba4d843600a3cd5e295d4a4a64f23b17524d2944eb64d3f40701b1a21de9c521ca7436f742a407bc7f644dc00bea476e628c6c36536a4d862531f996fa6c506767a597a8c872c1a8bdde36b7174ddfb6b775c20f9bba345d11ad4682bb5e3bc03acc84f883f4fb053f89667f19069bd8c2ae987cb70eda0ad3d66c18c87108988fe81cc3911ef9fe828d96ed30c24c9d5aeb3d4145f7dae6320c8f6f9d3dc53ead9a80044abc9e369528b9798b5ad9adc81d429a3f4bc588b8ce91943632c4fe87d91f382a0555e991311b115aaa4385f13289233e30c7af25ebc38d8946ba9d76ed4aeff496eb241b02dd86310ba4e465be5ec745755b61dc76acd90bd8f9925c93aff10169d96e3a5acd1fd7ff0c1ff7cbcef32d94acbe5caf830dca24b4bedf9bfa8069e1a738102c647322d10db4bb4d728f642d8d95a232286936522a58b323dbc60071dbbf7bf7b48726749fcb1026b996653f84f93ccf8b95b4fd69bae0c871c7c1af8e8d7d270f3d606d3efcfb4c1941d0b63f412132b252b435ddcd3e2103e6c51e8587a49992c6d1d8a4c22c85f52ad681c31a1cf6563f139697770197985bcc9e25c180dd14192b5688d5970e9f79ddc3ec2beeaeb79196f4700e0bf20a1e53a2f155edcb21dddb20743b294cb8857eca453d647d2aec1d58bc99babacba7509ba38d825ac2dd710625d0c997251311afa95ded11ed3fb8aa94a9fc73c658e7d33d600e5528ef43d6ae93e9d00e53f4232dbaf8faaeb734202fca3ef06024daeeae9ce489f3b23cf308578f1c8136cbc5073670e121f87d16195e4e19606457bb19a870312f7efd71434038ff0a62dc508c0bb00512e0bedf6c5a08946cca3a328dbe568719f097f014cc080a0d6d2ca593859f3ed92d17359ef97132435bf5e872bea56f02ce4d0ba440599a6767410294bac9ae209d33223000000003294cd7445422c7f1405bcb0452e7b3f1bc2fa9ff69b24a3abea2442e73ff3c578ddee0bafe8a9ac0ac764d75a1016209ff2", @ANYPTR, @ANYRESHEX=r8, @ANYRESDEC=r4]], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES64, @ANYPTR=&(0x7f0000001900)=ANY=[@ANYRESDEC=r4, @ANYRES64=r5, @ANYBLOB="c07236ec8d91ba5551dc0a832dd32bc947eb11d3dbdc52c59d0000eeeb60005b6004", @ANYRESOCT=r7, @ANYRES32=r7, @ANYPTR64, @ANYPTR64, @ANYRES32=0x0, @ANYPTR], @ANYBLOB="59a31ba601b3634c37b51674f6d888974c0bb789a82485cb73f1df5a00027cb7c15d5b8a2c6013154e199e8fd2ad322ed04568fc14a7e1d121b331d0e5", @ANYRESOCT=r9, @ANYPTR=&(0x7f00000004c0)=ANY=[@ANYPTR, @ANYPTR], @ANYRESOCT=r7, @ANYRES64], @ANYRES32=r2], 0x0) read(r8, &(0x7f0000000200)=""/250, 0x50c7e3e3) getsockname$packet(r8, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f00000003c0)=0x8) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'team_slave_1\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="3700000000000000ffff0000732805080fbff40000000098b70cad5e1d8b544081f32ec03e4b2b9e0c6415b00f8b970add4002d61dcb86f774df2676d0095128365d2744be217bced7356905530e7cb41cc74ecb9f5614962f3222e9d26c083f8e9de53fcc45a2492df6878175a67a9737cbfae430d548012f29f4f67d4f7de49d89e84f7ad6633b512e9e54a0ebef01ff010b0ecc9075719d3ad345f1251f7213816492ceb556cb45c69ddca4e8df278ea39e57bffd085c5c0b8a82db00ab14a507189e3ab4bba887cde1f2482c3f0c407aec87e6a29351a2bb22879f5e9ce0658562648b9b12e2e1c1d0687091dd9003b05d250a39aad4ab1eb24e3c9690eee05f68e7d9a0ca9193a35c6ae400bf1da861c751bbf5668a28cff1961694bc163aa15539d76a70fec4c390049727205683439a4200de528aa92f566d6ff6be091cda47aa35bcaefbaa4ef8a8dc3dc9ca238b328060780f9581a5eb7b75d92bab0d4ab24c6e77c87a"]}) 20:50:22 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000004e40)=[{{&(0x7f0000000040)={0x2, 0x4e21}, 0x10, 0x0, 0x0, &(0x7f0000000680)=[@ip_retopts={{0x14, 0x0, 0x7, {[@ssrr={0x89, 0x3, 0x4}]}}}], 0x18}}], 0x1, 0x0) 20:50:22 executing program 5: write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) epoll_create(0xb) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x8000002, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='dctcp\x00', 0x6) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x243, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xb, &(0x7f00000001c0)=""/122, &(0x7f0000000140)=0x7a) [ 115.843274] loop1: p1 p3 [ 115.848937] loop1: p1 size 2047 extends beyond EOD, truncated [ 115.862581] loop1: p3 size 32769 extends beyond EOD, truncated 20:50:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="11dca5055e0bcfe47bf070") prctl$PR_SET_TIMERSLACK(0x1d, 0x0) [ 115.892799] hrtimer: interrupt took 47831 ns [ 115.936147] ================================================================== [ 115.943621] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x19d/0x1f0 [ 115.950371] Read of size 2 at addr ffff8881c716b930 by task syz-executor.5/2911 [ 115.957814] [ 115.959443] CPU: 0 PID: 2911 Comm: syz-executor.5 Not tainted 4.14.143+ #0 [ 115.966452] Call Trace: [ 115.969045] dump_stack+0xca/0x134 [ 115.972615] ? tcp_init_tso_segs+0x19d/0x1f0 [ 115.977018] ? tcp_init_tso_segs+0x19d/0x1f0 [ 115.981426] print_address_description+0x60/0x226 [ 115.986264] ? tcp_init_tso_segs+0x19d/0x1f0 [ 115.990668] ? tcp_init_tso_segs+0x19d/0x1f0 [ 115.995075] __kasan_report.cold+0x1a/0x41 [ 115.999312] ? kvm_guest_cpu_init+0x220/0x220 [ 116.003902] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.009709] tcp_init_tso_segs+0x19d/0x1f0 [ 116.013938] ? tcp_tso_segs+0x7b/0x1c0 [ 116.017822] tcp_write_xmit+0x15a/0x4730 [ 116.021901] ? ip6_mtu+0x206/0x330 [ 116.025437] ? lock_downgrade+0x5d0/0x5d0 [ 116.029586] ? lock_acquire+0x12b/0x360 [ 116.033592] __tcp_push_pending_frames+0xa0/0x230 [ 116.038441] tcp_send_fin+0x154/0xbc0 [ 116.042253] tcp_close+0xc62/0xf40 [ 116.045794] ? lock_acquire+0x12b/0x360 [ 116.049772] ? __sock_release+0x86/0x2c0 [ 116.053841] inet_release+0xe9/0x1c0 [ 116.057555] inet6_release+0x4c/0x70 [ 116.061271] __sock_release+0xd2/0x2c0 [ 116.065180] ? __sock_release+0x2c0/0x2c0 [ 116.069326] sock_close+0x15/0x20 [ 116.072805] __fput+0x25e/0x710 [ 116.076113] task_work_run+0x125/0x1a0 [ 116.080004] exit_to_usermode_loop+0x13b/0x160 20:50:22 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r1, &(0x7f0000000000), 0x100000008008) [ 116.084583] do_syscall_64+0x3a3/0x520 [ 116.088474] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.093658] RIP: 0033:0x4135d1 [ 116.096844] RSP: 002b:00007ffe5aecd4d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 116.104548] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000004135d1 [ 116.111815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 116.119085] RBP: 0000000000000001 R08: 0000000080e89025 R09: 0000000080e89029 [ 116.126350] R10: 00007ffe5aecd5b0 R11: 0000000000000293 R12: 000000000075bf20 20:50:22 executing program 2: socket(0xb, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/relabel\x00', 0x2, 0x0) write$selinux_access(r1, &(0x7f0000000380)=ANY=[], 0x0) fchdir(r0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) io_setup(0x7, &(0x7f00000005c0)) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000001c0)) write$cgroup_type(r2, &(0x7f0000000340)='threaded\x00', 0xffffffc5) syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') write(r2, 0x0, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) [ 116.133621] R13: 000000000001c4df R14: 0000000000761270 R15: ffffffffffffffff [ 116.140917] [ 116.142546] Allocated by task 2913: [ 116.146179] __kasan_kmalloc.part.0+0x53/0xc0 [ 116.150682] kmem_cache_alloc+0xee/0x360 [ 116.154739] __alloc_skb+0xea/0x5c0 [ 116.158371] sk_stream_alloc_skb+0xf4/0x8a0 [ 116.162694] tcp_sendmsg_locked+0xf11/0x2f50 [ 116.167100] tcp_sendmsg+0x2b/0x40 [ 116.170646] inet_sendmsg+0x15b/0x520 [ 116.174446] sock_sendmsg+0xb7/0x100 [ 116.178159] SyS_sendto+0x1de/0x2f0 [ 116.181786] do_syscall_64+0x19b/0x520 [ 116.185674] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.190858] 0xffffffffffffffff [ 116.194130] [ 116.195754] Freed by task 2913: [ 116.199031] __kasan_slab_free+0x164/0x210 [ 116.203257] kmem_cache_free+0xd7/0x3b0 [ 116.207228] kfree_skbmem+0x84/0x110 [ 116.210939] tcp_remove_empty_skb+0x264/0x320 [ 116.215444] tcp_sendmsg_locked+0x1c09/0x2f50 [ 116.219967] tcp_sendmsg+0x2b/0x40 [ 116.223511] inet_sendmsg+0x15b/0x520 [ 116.227310] sock_sendmsg+0xb7/0x100 [ 116.231021] SyS_sendto+0x1de/0x2f0 [ 116.234675] do_syscall_64+0x19b/0x520 [ 116.238571] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.243770] 0xffffffffffffffff [ 116.247033] [ 116.248646] The buggy address belongs to the object at ffff8881c716b900 [ 116.248646] which belongs to the cache skbuff_fclone_cache of size 456 [ 116.261996] The buggy address is located 48 bytes inside of [ 116.261996] 456-byte region [ffff8881c716b900, ffff8881c716bac8) [ 116.273784] The buggy address belongs to the page: [ 116.278715] page:ffffea00071c5a80 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 116.288683] flags: 0x4000000000010200(slab|head) [ 116.293461] raw: 4000000000010200 0000000000000000 0000000000000000 00000001800c000c [ 116.301341] raw: ffffea000721a400 0000000d0000000d ffff8881dab70400 0000000000000000 [ 116.309229] page dumped because: kasan: bad access detected [ 116.314930] [ 116.316549] Memory state around the buggy address: [ 116.321478] ffff8881c716b800: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 116.328839] ffff8881c716b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 116.336228] >ffff8881c716b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.343593] ^ [ 116.348520] ffff8881c716b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.356829] ffff8881c716ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.366872] ================================================================== [ 116.374310] Disabling lock debugging due to kernel taint [ 116.387924] Kernel panic - not syncing: panic_on_warn set ... [ 116.387924] [ 116.397422] CPU: 0 PID: 2911 Comm: syz-executor.5 Tainted: G B 4.14.143+ #0 [ 116.405641] Call Trace: [ 116.408334] dump_stack+0xca/0x134 [ 116.411873] panic+0x1ea/0x3d3 [ 116.415063] ? add_taint.cold+0x16/0x16 [ 116.419036] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.423445] ? ___preempt_schedule+0x16/0x18 [ 116.427855] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.432258] end_report+0x43/0x49 [ 116.435717] ? tcp_init_tso_segs+0x19d/0x1f0 20:50:22 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000006fc0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000080c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'eql\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00*', 0x8002}) ioctl$sock_ifreq(r1, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00', @ifru_mtu=0x1}) r3 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_ifreq(r3, 0x8922, &(0x7f0000000180)={'eql\x00\x00\x00\xa9[\x00', @ifru_map={0x1ff}}) ioctl$sock_ifreq(r4, 0x8922, &(0x7f0000000000)={'eql\x00', @ifru_ivalue=0x10e8}) [ 116.440125] __kasan_report.cold+0xd/0x41 [ 116.444279] ? kvm_guest_cpu_init+0x220/0x220 [ 116.448771] ? tcp_init_tso_segs+0x19d/0x1f0 [ 116.453209] tcp_init_tso_segs+0x19d/0x1f0 [ 116.457550] ? tcp_tso_segs+0x7b/0x1c0 [ 116.461432] tcp_write_xmit+0x15a/0x4730 [ 116.465490] ? ip6_mtu+0x206/0x330 [ 116.469020] ? lock_downgrade+0x5d0/0x5d0 [ 116.473160] ? lock_acquire+0x12b/0x360 [ 116.477141] __tcp_push_pending_frames+0xa0/0x230 [ 116.481981] tcp_send_fin+0x154/0xbc0 [ 116.485785] tcp_close+0xc62/0xf40 [ 116.489320] ? lock_acquire+0x12b/0x360 [ 116.493287] ? __sock_release+0x86/0x2c0 [ 116.497339] inet_release+0xe9/0x1c0 [ 116.501039] inet6_release+0x4c/0x70 [ 116.504736] __sock_release+0xd2/0x2c0 [ 116.508609] ? __sock_release+0x2c0/0x2c0 [ 116.512741] sock_close+0x15/0x20 [ 116.516178] __fput+0x25e/0x710 [ 116.519440] task_work_run+0x125/0x1a0 [ 116.523312] exit_to_usermode_loop+0x13b/0x160 [ 116.527875] do_syscall_64+0x3a3/0x520 [ 116.531752] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 116.537129] RIP: 0033:0x4135d1 [ 116.540315] RSP: 002b:00007ffe5aecd4d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 116.548012] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000004135d1 [ 116.555259] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 116.562506] RBP: 0000000000000001 R08: 0000000080e89025 R09: 0000000080e89029 [ 116.569809] R10: 00007ffe5aecd5b0 R11: 0000000000000293 R12: 000000000075bf20 [ 116.577148] R13: 000000000001c4df R14: 0000000000761270 R15: ffffffffffffffff [ 116.585066] Kernel Offset: 0x18e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 116.595973] Rebooting in 86400 seconds..