Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. [ 40.818782] random: sshd: uninitialized urandom read (32 bytes read) 2019/05/27 19:16:48 fuzzer started [ 41.009859] audit: type=1400 audit(1558984608.111:36): avc: denied { map } for pid=6932 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.937255] random: cc1: uninitialized urandom read (8 bytes read) 2019/05/27 19:16:51 dialing manager at 10.128.0.105:46861 2019/05/27 19:16:51 syscalls: 2441 2019/05/27 19:16:51 code coverage: enabled 2019/05/27 19:16:51 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/05/27 19:16:51 extra coverage: extra coverage is not supported by the kernel 2019/05/27 19:16:51 setuid sandbox: enabled 2019/05/27 19:16:51 namespace sandbox: enabled 2019/05/27 19:16:51 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/27 19:16:51 fault injection: enabled 2019/05/27 19:16:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/27 19:16:51 net packet injection: enabled 2019/05/27 19:16:51 net device setup: enabled [ 45.480002] random: crng init done 19:17:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)={0x114, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x4}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x6c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'bridge0\x00'}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8}]}]}, 0x114}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 19:17:00 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000140)="b13691cd806969ef69dc00d9c4a2d1920cec38c4ab39fd5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2168f4808eebce00000802000c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c730f5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4f30f1a1254111d54111d00") r1 = socket$inet6(0xa, 0x80002, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) request_key(&(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0xfffffffffffffff8) add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000001c0)=0x15, 0x4) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e24}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 19:17:00 executing program 3: setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) migrate_pages(0x0, 0x1ff, 0x0, &(0x7f0000000080)=0x6e7) 19:17:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000400)="b13691cd806969ef69dc00d9c4a2d1920cec38c4ab39fd5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2168f4808eebce00000802000c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c730f5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4f30f1a1254111d54111d00") socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x362) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xee5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x1) openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) readahead(0xffffffffffffffff, 0x2, 0x1342) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x73, 0x0, 0x0) open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x140) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0x0) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) creat(0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) r3 = semget(0x1, 0x3, 0x10) semctl$SEM_STAT(r3, 0x7, 0x12, &(0x7f00000001c0)=""/156) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r1) setsockopt$inet6_tcp_int(r1, 0x6, 0x12, &(0x7f00000003c0)=0x7f, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x2007fff) sendfile(r2, r4, 0x0, 0x8000fffffffb) 19:17:00 executing program 2: syz_execute_func(&(0x7f0000000100)="b604040f052eab5b4b4b7df94b633d6d96ca000000430f381caad70000000f2fc6f3479000c4660f410af080577908c1c1ea017eaa01260f0fab167311eca6410f51e4660f383c4a646736676666430fefb3000000000804f44eaf2e660f60d7673e0facce054848000000966466b5da119800000000c4027d79fdc422f941e5c443114a913223333309f9ba") poll(0x0, 0x0, 0xfff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f1202123f319bd070") 19:17:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x11c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_LINK={0x5c, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_LINK={0x68, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8}]}]}, 0x11c}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 53.295297] audit: type=1400 audit(1558984620.401:37): avc: denied { map } for pid=6932 comm="syz-fuzzer" path="/root/syzkaller-shm155636926" dev="sda1" ino=16490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 53.336832] audit: type=1400 audit(1558984620.421:38): avc: denied { map } for pid=6949 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=22 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 53.494551] IPVS: ftp: loaded support on port[0] = 21 [ 53.671239] NET: Registered protocol family 30 [ 53.675972] Failed to register TIPC socket type [ 54.107839] audit: type=1400 audit(1558984621.211:39): avc: denied { map } for pid=6962 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 54.559161] IPVS: ftp: loaded support on port[0] = 21 [ 54.574896] NET: Registered protocol family 30 [ 54.583949] Failed to register TIPC socket type [ 54.713982] chnl_net:caif_netlink_parms(): no params data found [ 54.943424] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.980943] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.030979] device bridge_slave_0 entered promiscuous mode [ 55.090983] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.097434] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.159343] device bridge_slave_1 entered promiscuous mode [ 55.541891] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.758600] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.321344] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.451039] team0: Port device team_slave_0 added [ 56.624779] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.730690] team0: Port device team_slave_1 added [ 56.908544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.289569] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.846133] device hsr_slave_0 entered promiscuous mode [ 58.113512] device hsr_slave_1 entered promiscuous mode [ 58.143736] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.303879] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.499725] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.071915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.208503] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.379408] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.467270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.491324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.569237] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 59.677588] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.830692] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.838454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.870687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.878524] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.885107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.106128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.180946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.188086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.296507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.388209] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.395174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.513234] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.591111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.661827] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.702471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.776718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.830503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.839090] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.891877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.961498] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.968557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.046053] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.118996] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 61.190905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.199962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.303624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.354926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.381753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.436803] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.521823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.635009] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.761658] 8021q: adding VLAN 0 to HW filter on device batadv0 19:17:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000140)="ef2435487060293c32e807ccbe97ff39fffbac229fd551c1a5b61fc8bdc56b2d9b810520000000a7aaf48ddf52af256623cbdbcaa560b0dfdcde344d43c0fe538058b420f33d1ae598fcc6f1c2358f718003cbe5824e92a67bac323cca31c84d84a1925570a853551dc10c5de601c356597ab220bf23f4b78b6614f269685840a4a409c48e736de4a25b2c05cc54a0a8aab5dc9afa445a11be55d22aa0214b94a64efb81b78ab376acce", 0xaa}], 0x1, 0x0) syz_execute_func(&(0x7f00000003c0)="f2ae91cd800f0124eda133fa20430fbafce842f66188d0c4ab5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95bf9c44149f2168f480817eebce000008020080063fa43adc4e17a6fe60f186746f340aee47c7c730f66400f3833448dbd448dbd14e7e701fe5ff6e7df660fe7af5cc34a510804f4c401f882609c8b42a8002d00002d00") 19:17:10 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0xfc, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x4}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_LINK={0x88, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}]}, 0xfc}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 63.300996] IPVS: ftp: loaded support on port[0] = 21 19:17:10 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$alg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)="a3dce6a3a737f2217524edb8655ac125f9da", 0x12}], 0x1}, 0x0) syz_execute_func(&(0x7f0000000400)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e18014c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae955baaaa420f383c02c401405c6bfd49d7a6a6d768f833fefbab6464660f38323c8f26dbc126f00fb33fc4efa59c0f01c4288ba6452e00005480") [ 63.551808] NET: Registered protocol family 30 [ 63.556549] Failed to register TIPC socket type 19:17:11 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000000)="b13691c4a2d1920cecf2450d1ae8ab5bf9e2f9e2c7d86ec7e4c6c4826d293d000000000ffb8321000000809bc4809bb6383af4c482ddb806c421fc51c128eac461a1f8a100000021c4e189d8a42973858e2c0f186746441dd35d001423ae70207020e457ec69f3400f0d18c401fe5ff6e7df0804f4f30f1a1254111d54111d00") 19:17:11 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) lseek(r0, 0x0, 0x3) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') write$UHID_CREATE2(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="0b00000073797a3100000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000003fffffe500dcea1523674e4fc200000000000000000000000000000008225bc600000000049dec26a8eb0cf100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000c86a6d0000000000000000686a96ee87ce00000000000000000000bff0e7c972e359a70000000032118300acc400b048173dfe97d9000104000400000000090000004ba3185441d8ef0ba5194719b68644e3b64f21174d5afe55a7c6cfc26de9edec7b4bae4b4fda8eaef1ee8d81da25fb9ca96d5e3fd0f47e906cf9778553a9341e9ee2a88f216bba214c5aea3b72f6987110c79b8a15cffdc36009808c7c4ee3aa990dd262a2ded1c9c2097dc476067ef62c5d4cc612bb8601000080000000000000063887e2662ce8a60f81e1bc1dff064ecd73e1f878fd338a2b55fd4900000000000000000000586d733524deed0c349a7f62089fde1399217c9720b4f6b17e8d689b913b84436c04b6fdac37f4f0ef451a"], 0x1) fcntl$setown(r2, 0x8, 0x0) sendfile(r3, r4, 0x0, 0x8000) prctl$PR_SVE_SET_VL(0x32, 0x1000000030a6d) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000040)={{0x0, 0x401}, {}, 0x8, 0x1}) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0) ioctl(r5, 0xffffffffffffffb2, &(0x7f0000000040)) dup2(r6, r5) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5024, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) [ 64.581322] audit: type=1400 audit(1558984631.681:40): avc: denied { map } for pid=7603 comm="syz-executor.5" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=27171 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 64.594188] hrtimer: interrupt took 26350 ns [ 64.667539] kasan: CONFIG_KASAN_INLINE enabled [ 64.673909] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 64.684138] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 64.690475] Modules linked in: [ 64.693761] CPU: 0 PID: 7605 Comm: syz-executor.5 Not tainted 4.14.122 #16 [ 64.700768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.710211] task: ffff888097ba6600 task.stack: ffff888070f30000 [ 64.716272] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 64.720932] RSP: 0018:ffff888070f37478 EFLAGS: 00010a06 [ 64.726392] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc90006056000 [ 64.733748] RDX: 1bd5a0000000000c RSI: ffffffff84cc751f RDI: dead000000000060 [ 64.741129] RBP: ffff888070f37508 R08: ffff8880a10d5688 R09: ffffed1012bfb4f4 [ 64.748482] R10: ffffed1012bfb4f3 R11: ffff888095fda79d R12: dffffc0000000000 [ 64.755751] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3b20 [ 64.763022] FS: 00007f16bc0c1700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 64.771243] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.777119] CR2: 0000001b2e129000 CR3: 00000000a9bd7000 CR4: 00000000001406f0 [ 64.785600] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.792958] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.800227] Call Trace: [ 64.802818] ? seq_list_next+0x5e/0x80 [ 64.806707] seq_read+0xb46/0x1280 [ 64.810246] ? seq_lseek+0x3c0/0x3c0 [ 64.813972] ? avc_policy_seqno+0x9/0x20 [ 64.818048] ? selinux_file_permission+0x85/0x480 [ 64.822894] proc_reg_read+0xfa/0x170 [ 64.826698] ? seq_lseek+0x3c0/0x3c0 [ 64.830415] do_iter_read+0x3e2/0x5b0 [ 64.834217] vfs_readv+0xd3/0x130 [ 64.837666] ? compat_rw_copy_check_uvector+0x310/0x310 [ 64.843029] ? iov_iter_get_pages_alloc+0xbba/0xef0 [ 64.848072] ? iov_iter_pipe+0x9f/0x2c0 [ 64.852399] default_file_splice_read+0x421/0x7b0 [ 64.857240] ? trace_hardirqs_on_caller+0x400/0x590 [ 64.862356] ? do_splice_direct+0x230/0x230 [ 64.866692] ? __inode_security_revalidate+0xd6/0x130 [ 64.871879] ? avc_policy_seqno+0x9/0x20 [ 64.875940] ? selinux_file_permission+0x85/0x480 [ 64.880785] ? security_file_permission+0x89/0x1f0 [ 64.885715] ? rw_verify_area+0xea/0x2b0 [ 64.889772] ? do_splice_direct+0x230/0x230 [ 64.894086] do_splice_to+0x105/0x170 [ 64.897881] splice_direct_to_actor+0x222/0x7b0 [ 64.902547] ? generic_pipe_buf_nosteal+0x10/0x10 [ 64.907391] ? do_splice_to+0x170/0x170 [ 64.911369] ? rw_verify_area+0xea/0x2b0 [ 64.915441] do_splice_direct+0x18d/0x230 [ 64.919587] ? splice_direct_to_actor+0x7b0/0x7b0 [ 64.924427] ? rw_verify_area+0xea/0x2b0 [ 64.928483] do_sendfile+0x4db/0xbd0 [ 64.932377] ? do_compat_pwritev64+0x140/0x140 [ 64.936956] ? put_timespec64+0xb4/0x100 [ 64.941009] ? nsecs_to_jiffies+0x30/0x30 [ 64.945160] SyS_sendfile64+0x102/0x110 [ 64.949129] ? SyS_sendfile+0x130/0x130 [ 64.953103] ? do_syscall_64+0x53/0x640 [ 64.959623] ? SyS_sendfile+0x130/0x130 [ 64.963602] do_syscall_64+0x1e8/0x640 [ 64.967485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 64.972327] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 64.977527] RIP: 0033:0x459279 [ 64.980709] RSP: 002b:00007f16bc0c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 64.988418] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 64.995692] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 65.003120] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 65.010402] R10: 0000000000008000 R11: 0000000000000246 R12: 00007f16bc0c16d4 [ 65.017655] R13: 00000000004c65f3 R14: 00000000004db268 R15: 00000000ffffffff [ 65.026251] Code: 06 00 00 e8 61 2e 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 65.045395] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff888070f37478 [ 65.054664] ---[ end trace 7a639520054ae80d ]--- [ 65.059784] Kernel panic - not syncing: Fatal exception [ 65.066593] Kernel Offset: disabled [ 65.070622] Rebooting in 86400 seconds..