[ 36.263231] kauditd_printk_skb: 9 callbacks suppressed [ 36.263238] audit: type=1800 audit(1559463850.059:33): pid=7054 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 36.289879] audit: type=1800 audit(1559463850.059:34): pid=7054 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 50.894998] random: sshd: uninitialized urandom read (32 bytes read) [ 51.338898] audit: type=1400 audit(1559463865.129:35): avc: denied { map } for pid=7225 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 51.391931] random: sshd: uninitialized urandom read (32 bytes read) [ 52.059297] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. [ 57.636704] random: sshd: uninitialized urandom read (32 bytes read) 2019/06/02 08:24:31 fuzzer started [ 57.839016] audit: type=1400 audit(1559463871.629:36): avc: denied { map } for pid=7234 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 59.452695] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/02 08:24:34 dialing manager at 10.128.0.105:43551 2019/06/02 08:24:34 syscalls: 2441 2019/06/02 08:24:34 code coverage: enabled 2019/06/02 08:24:34 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/06/02 08:24:34 extra coverage: extra coverage is not supported by the kernel 2019/06/02 08:24:34 setuid sandbox: enabled 2019/06/02 08:24:34 namespace sandbox: enabled 2019/06/02 08:24:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/02 08:24:34 fault injection: enabled 2019/06/02 08:24:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/02 08:24:34 net packet injection: enabled 2019/06/02 08:24:34 net device setup: enabled [ 62.459146] random: crng init done 08:25:08 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SOCKETS={0x14, 0x7, [{0x8}, {0x8}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x27}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x3445}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1f}, @NBD_ATTR_TIMEOUT={0xc}]}, 0x70}, 0x1, 0x0, 0x0, 0x8004}, 0x48804) syz_execute_func(&(0x7f0000000180)="f2af91930f0124eda133fa20660fd3ca42f66188d0d4f8ab5be2f9660f3a0fae5e090000ba44d8d1c401f5ef1ac4817d73d74ec4a275bd153c78ab7749f216c863fa43c4c2750ade1bdb95c4e1a05d6b06aa420f383c02c401405c6bfdc402b504a60080000068d768f833c4a1cd61b3b23c0000ab26dbc1a1fe5ff6f6df0804f4c4d231a59cc4a26da8fc288ba6452e000054c4431d3e660f6e7f3c") 08:25:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x94, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x78, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}]}, 0x94}}, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000240)="f2af91cd800f0124eda133fa20430fbafce842f66188d0d038c4ab39fd5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95bf9c44149f2168f4808eebce00000802000c863fa43adc4e17a6fe60f186746f340aee47c7c730f66400f3833fe8f0f14e7e701fe5ff6e7df660fe7af5cc34a510804f4c441a5609c8ba80000005499") 08:25:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@broadcast, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={[], [], @dev}, 0x0, 0x2b}, 0x0, @in, 0x0, 0x4}}, 0xe8) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 08:25:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="16dc1f123c123f319bd070") syz_execute_func(&(0x7f0000000000)="b13691cd80c4a2d1920cec38c4ab39fd5bf9e2f9e2c7c7e4c653fb0f014cb63a3af4a95ff9c44149f2168f4808eebce00000802000c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47edcfd7cfd7c652642d1fb26400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4f30f1a12f2400f125200111d54111d00") r1 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) write$binfmt_elf32(r1, &(0x7f0000001180)={{0x7f, 0x45, 0x4c, 0x46, 0x7fff, 0x8, 0x0, 0x0, 0x0, 0x2, 0x7, 0x9, 0x1fe, 0x38, 0xb6, 0x1000, 0x0, 0x20, 0x1}, [{0x0, 0x0, 0x0, 0x8001}]}, 0x58) r2 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) pwritev(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x200000d) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000380)={'#! ', './file0', [], 0xa, "fe"}, 0xc) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ftruncate(r1, 0x2007fff) sendfile(r3, r1, 0x0, 0x8000fffffffb) 08:25:08 executing program 3: r0 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)="a9ee55e6efc355b5d84579e1e0581cc25f19e348ceb89b33bd33da13f96bbe0dcc630a821b80d3d0a483a8c5f29797398c28dbc85610dbb0af30258f767edff6d7b5a45e8ffa59734a1a82f440b46595ea85a27c19429df8ac14fd8c", 0x5c, 0xfffffffffffffff9) keyctl$update(0x2, r0, &(0x7f00000014c0)="c726523b8d4be49277add5f840cc442ba390b10646aecf0911f4237e91c25bf3ea77617c8bde0bd7b2972da9acf14b1d649621278687c9294d45bb3cb0cc53ded1a0715540c23e3360aa38339fb14e14866f56f7b98e8d560f30dfd6bb8350082d9cc7adb600a9d2a7e78df574822ef92deaed78ef61ecdbd70ecd13f7677917e9eb40786534c2d9c8d9156b15dc12d66f2935dd62df77964d4e280f229fc5c3eb50b8b2407040b0347e24e87a3c946717527d3d604725aa9663be30799913d91b4c86c7feb973a29817be690c6c0780b510cbfe19a2eb7af0dcc78351b3a17907902ef290b5c15d310b1a60dea5a7ebdcdd538cdded3bc783ffc961adcc6b5ff47f2ba14d8c6700d4938ebcfcdcafe94610919971e7fbad5c6417a4d3616ca5e679f5f1bc31284a807eb2ef22c31c3e33cb95193b5de6077a39532e6aee2f022f2a6564d02b0129fd202bc14a2a38aeab4020ced292880c16afcce0786d854ce71caea4a0d00998dd310d8f8e4c09ddd1b2c169698f7b598c4a27986d7ddf9746ecdd7d2cb61e007e6cd45c3003958568d860e7c2c9c12669df4c71dc0992a7f004e0586dd6e415c7a40de1ef0515dc846d898a8306243ade7656aa011a0524f2a9c9b9dfa0d09c0b8249baf2373ac32c5b60c058889620ffcd1400310b8947f79286a543328e07f089aac5d189d9e2c1b79b1571c51c492b5568c34e348b97af32932cd257cf1b1f9fc1297a911439178fb3e8d5279f606b93a15a20075fca6a1ae1351c19adee45f49da4ccae29c2b5c129a521e2c09fc8607589a4c621ac388d3edf33be5226bbe0ce3db30c6b4945cd221178ceb82b66d38fdf977adfffd4fe7bad19b72500b9eba80dacbd9829dc9823f55370da1a8d00af9e52e940f455332f4d4874672df1b9f3d489b99b442d68136304f5df6b463aa9842984e16726d92ea0a901fd21d0a213ec222a1e191746fc9ae6fb2cf446a67ac9653f0e42794b1b3f8a2cd9cb216b6bcb2c2f13320fdf21b81bcc7ca7abd99541226b4e23ae6cd3c6f41b615efa15382add44e2f8702c6fe984bac9dc561998cc64974cc4327a69dc86b27651c74f3ee200e39ca3e92d70f474f701657fded03bc28d6a30869e56b1a149c9387829fdadc7278714da3618fad807949dca0c78ef586d283153e3b3b95ae23ff1aae3c0542f4cb2fe898c1a1bcc6f85d52685417c091e6b5fc8706e709ddfce8dbef58f8bbc466325106597ed9515658264d18f7c6e19627ea2d28adf267cba5b9940f0d2616f2874bfea4c6aab2e7ce26644e75dc2b9bcca6f92cce48f051edc8b71fcf4af61328da746a70033310e13d19d838c59a8760535c6eb9c6aef940a25533608166f1de0f43ab485cf058665154904d8480cc6591eec5c4d6f39ccfb137f35c544b7f1b6fc0e539690b641cb3e4686143470ebd2fd5184ddc069d0908063fb87d27974d031bb04ece2aaec54c71df93ffd05078e4cb2e6509544940de8c998c272fc50968ce75eaf393869c9058c2a2eb9506f7ea661db5c2d660f852775d14a78314fe9e8eef9257f772c6b4713a60e88bbe361301db8ec729c8ba575e7afbc0d1e5883ef7b5944973d4039206050af931c10ce3ff19bb3074204aa7602755c2a98db173fcc78abc2e71b83bb0eca9599831b6102fdca8029fd5537c235819b6a2e02019891a445b2473085af1a51936e8e61068b22f4c1b85831c8ff7aab3049f1d1539e59bb3f0c450a210bd5f288f2566372132387fdf93733781e081d8e91e451f4c2325060434ea41335bd035f49261e17902aaffc988dd8126e5133a83f52890319f9eb6bd9ed5e1736fa2d60c7e0bbed1b4dfb8f19bb760ec032e9266f1037176d6e6b011c11eb3fe77d0aba2dc120ff025fae53cb9b9664de3eb708739b49e0aa164a6016f642659ebf4236e1c5f5826452ca7fd8f5c8f3bb86f6a7f1245ecd8fa0122de474020a834523724a774ede21462cfb8d6176b8621e0d18d71a30eb0458ec73bb9be0cfb6eff1cdc953c92efaf386d28e01d9c6667b62f9e14b81a5ed1c1997efafd37bbd04b18bbad68eca720702422480d4ef7a3fa60edad2b4726b220f89d61ddb959a8ff61949ab6f74252838e2bbc7a0a361fca754f71acb225d608e322b76199abc0666e0474daec0868e16df66622b308532b1b3c07bb3c65e382ae32ea6a1a9b0f1de8c50b657bfc90495565b6df8836a6c0343cfe4c1b028d0d2cb949f218b57c40b3133366a5604cabcdb3be90cffbe1c424f721e781c0e56f63e090c66d4ab6453eb795e6e46322ff40bcae786c2c99a4714b05596273e683fad2ac44a8f11b5c6f3acf9b3ab8075f1a7717881ead31b07966e9b0ddac57ff56533f72b7b458d4dc7694698d74de0b419dacb21074488396afe193db11cf3190649ba6d21d90d89ebb4c5adb2c3a6088c337a5448636cc0bea912597d46cb4b9a8064b9f54fcbee392aeba0f46306d617ccdbc751970feb21b224c2af419ed3fbcad74a5bb22c9141d7127bcd2027e0b73081addccf3ea1d10e4a4f47522bd3c82797e7db4bd6c51f4122813fe852f9e33c5f6fa0245b21277d220af6188544a29c658f03595df4f59a3357d4d4b0cecc02c8173f9475529d15842a2c88542aff2ae0fc42bcc27b8c7591360946be538ecbe11fd426de0d923d0262873f1e9acdf828febdbdf6fa0ff56c43b27539f75868a1d30bc1fadb3603e4112019ec770db95db76867ded635588f9a103a74d2c101ca5b09b9fc96c062b22643ee9841cb101d30c0c787be1a2ff49ba104e773f1fc11ae28a7cfb47b0f13933c53d5d3ec003585d88e87de0b36f8f17ac372c7d8fbf61d1c135de3c6545bd7a54d507a92b3adaa7e4189ddb5747b53bca3c77062fca39eb0d61525728d59b869ea39bfd06603fd6ae081ca5ba89c15c14e546ef848fb86621af2e5a0f2f694ed61f8dcd00017f509301b756ad3ed96301e516700693c09f10000b1ec106555b43462e3f9421c62d446fb569aebc444b1bb9e349162551081746e753c072957944271a181356c8bcfc6056a5e4995c12b8cd574f53bf0ac6929c039caf4b61c6b8347058cf8892c2bd0cca3842c0e6c6e3b15ead5c7b2f7c65d7685aa2d4854d1aba86630b2dbce689f076e0ce70f1fd0f85873e2a30bb396e0f95a0f9b6f70c61bda0a43949db547a1bfdd6ec36175c3be13b2447c4564821f58f4951d4da643d3b7fab9d8fad0267262a960244c0ced322486016a555dd4b4ee067af3dccfb22d6fb0bcceba1d6ac478be6001da383a0b7b0ff2c6f24abb4c60d7a140746e021a5b8d99eeee5d02f1d62d092b0f8b92eaf8f4380fa9abc8698d191c3c278f959dd7cef24c32d7b398bc1d914288ff8c3376dc151a137bf0f83113e8cd64e53a0c96dc8e675b2849305c583a8db75f89683fe73b54dee1a40daf2be72ce880538bdab0d077115bcaf405c61eb6d4fd4b8bf11c5114075510c9c1a023694292969ac36a15d5f192f40919390137a2d98adaf166b9bf7dbced3cc5e57c9f2511815838770db09b34b1549df0551e91dbb4789113029bfc3e895262bab8a4c74687e3d8002a5136a21ceb8737cacb75dc40540e2bcc7adac42b302c5e3f2086ff333020bcc7cd7a728d947b76c59523d16b53315723adcacccb926c4872dc11edcb775e50e3dfc627cf94dae8b5ac766c5f7cdece5472e9e57a1e043311cf7f6a623837486fcac2565646aa16f6d2b1a3e252409f3e5449d576646ed24204cfe1b7f51eb09be58117785bd9b3dd447501fafc5aea4a87af57aeac4b4e3dda7fadf377ca38c40c55f6d6ad3dcba051ffd61783aa2b18d0e04d64bbf406770bc63a5300c054ff4b5624b7e410bdf6bd5407d64755629fa63747a3757d88af3e3fcc301f1c62083bf4ea47bd03ca50dbe8bad3ace40dec03eb8ce01b7d5e2a201248f820fbd8188f94866bb4222fe6c71035819cceadc8dc49fdff93713264131f4687e9ba3edda7484263339f39454f3f57f88ca30360d380105286ef8b113506eaed455e75ebc163116d8b6fda0bd452d4acdf2aa2cd28444947288870050252b940167798a74f421057ddc865575edc6c9d86be39b2c427970b454d240ad3a163d05203fc6df972b39aee22cfd31c3c09ed320510768d303c64d9327af352b2771c5689f4d839e5b24884da547a4d651298ec6b02486eb81d5f64c65907c8e19573ee519d774aa894e521d88548000a526ecadcd56e12c6471ce9f8f88a5ba38f136d24e4c9facf8177ffceb815679dc835700658b7e61c98f7f7e8eaf7395b3b46ad5cb485fd5eb680e5e19c14fe1d5ed3e93c4ced20e4a4502d544599285aa7cf4507e482ba6f3d0619cd726907eca921794f74fe5b64367f29181cd86a60c0af3003b1b3fc073264f07744a9a310ba627e596110e800ec64d045287fd21bd9b784df54f403cb6134cf60533b7bde930d4e41431281146e41833b0885de5d0f9dbe4386062c36b42c86bb13ba2ea40db702a926aa38c63d45063695abe40a08814b82e9f03db500d13fc1e72769bf12f4fa25de67c21e60d04db8eb23f9b7c84ad034dacc0ac40e640a7bbd2bb96bc3e8b38e90f2c11f1ef854f31b8a17e2c1488c7a77bbef2a3fa2f69cd63cff5d9d8b6d576f6c79527d2dc34d0b929515913f00a8cb650cdcf34534c2893cf70f73bff1d97484664ac37275eb59a8db38715e933d3b9744459c8960eb4b03ee3031ef25a7a68bba0113b383a17cb1a8d31dc83ddc58aff245abf482f469f7c125346d943eefb49f88e74de24fa164bceb08da5d5672f0a56f6ca086ff2cef8f079d768632a8313d00cbf4a601c4665bc1667cc88d1feb5bc378a1e1bc8157c536559b41c1a359873d893b1b12cd48c0199152167794e80d4933c8b5e1416afdb8b7e7abed4f123486fd2959afc7ea7a23ff286b92cd2daad3763d99b20f49ff66554f0909e79ef3a2cf53b22f8690cd1d3c15ebb0fb896474b90d1b23c638c621cff34e9df005eb2c8e18d4718f28ef7779f4156230a8512b9b020817c759f8a8ad7dab02f0391d2a3c570c8eca511d8d8261108e51be2dfa30e44bfa3359b22da63b3b69ac4e5e8b6185815975a7a67d439e130a71a15a3b7912813bb7e34f71098ecf96933fcc8b3ca3dc6ceca253fd6ce2c948c4ec125509cd2f7f639f821abff216aa4493d549bf9af5cb99554a37d7e27d6bb562a07b06e4c2186acb5304e2dfcc3d8b7a4f9242a1bafd95ecb886e6859ff2749f61b9a27ab25fbb70597a7b0fac77887ce9f9ae040ede601485d7703bc7ffe153dd96bbcc89adeb42c90d314e6aafa54e411815f978a138eea60f0413938f1014d5a8ce560ec6e9b534dad43fbe125b334fa1bac043b0cfab43cfa21a76378d2ebaecfdcddabc98f9e7016b7419f3c9f3c7b1fce8baf33bc110c1f37db285cffbfe2c8f46d2c9ba83bde07536efa08012de4bf384d866854a3c747632b5b2249c799d2e5822579575044409b1f58377eaf3d8693c608dce4df8e0b109369bfba01bbfd1716566a9e4b1c6bc5dbb3ecd2a37d6c87eb888283ed7f379522f524288d871d2208541ce87857b26fd8a23f66f63b42e8a863eca139f71cd20bb25ed7ebffb86c59623f55711ecf37ac48ea61428490785c953c4775b6255d9661e672deb569a34043acdf01b224df76e6f311f54a98b61cd4d1446042f8afadb899a0112b9baf6b6faf8fd24fcab45d436e998525ee3e968db0ea9cec62debb753fb68", 0xff4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000400)="b13691cd806969ef69dc00d9c4a2d1920cec38c4ab39fd5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2168f4808eebce00000802000c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c730f5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4f30f1a1254111d54111d00") setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0xffffffffffffff70) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) fsetxattr$security_smack_transmute(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) open(0x0, 0x0, 0x2) openat(0xffffffffffffffff, 0x0, 0x303200, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) r2 = creat(&(0x7f0000000480)='./bus\x00', 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) setxattr$security_evm(0x0, &(0x7f0000000080)='security.evm\x00', 0x0, 0x0, 0x0) r4 = dup(r3) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$input_event(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) ftruncate(r2, 0x2007fff) sendfile(r4, r5, 0x0, 0x8000fffffffb) 08:25:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x48, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x4}, @TIPC_NLA_LINK={0x30, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8}]}]}]}, 0x48}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 94.931027] audit: type=1400 audit(1559463908.729:37): avc: denied { map } for pid=7234 comm="syz-fuzzer" path="/root/syzkaller-shm090789551" dev="sda1" ino=16491 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 94.990522] audit: type=1400 audit(1559463908.729:38): avc: denied { map } for pid=7251 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=23 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 95.850184] IPVS: ftp: loaded support on port[0] = 21 [ 96.121320] NET: Registered protocol family 30 [ 96.125945] Failed to register TIPC socket type [ 96.982687] IPVS: ftp: loaded support on port[0] = 21 [ 97.007009] NET: Registered protocol family 30 [ 97.026173] Failed to register TIPC socket type [ 97.214972] chnl_net:caif_netlink_parms(): no params data found [ 97.467431] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.642190] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.775788] device bridge_slave_0 entered promiscuous mode [ 97.841814] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.848397] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.932231] device bridge_slave_1 entered promiscuous mode [ 98.171337] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 98.341612] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 98.863670] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 98.998311] team0: Port device team_slave_0 added [ 99.168476] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 99.320922] team0: Port device team_slave_1 added [ 99.505320] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 99.693854] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 100.196237] device hsr_slave_0 entered promiscuous mode [ 100.372822] device hsr_slave_1 entered promiscuous mode [ 100.584567] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 100.775824] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 101.063690] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 101.717145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.894342] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.057211] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.143553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.181716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.299551] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 102.402584] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.574017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 102.668829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.691646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.801344] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.807982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.929217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 103.011331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.019018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.117160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.189223] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.195954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.315582] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 103.375831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 103.459110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 103.520765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 103.605767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 103.688073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 103.701046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 103.813489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 103.881381] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 103.889657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 103.962967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 104.018354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 104.093659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 104.103741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.195794] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 104.273071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 104.281879] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.384059] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 104.460935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 104.544800] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 104.710528] 8021q: adding VLAN 0 to HW filter on device batadv0 08:25:19 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) lseek(r0, 0x0, 0x1) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) ioctl$KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, &(0x7f0000000140)=""/122) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') mount(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') sendfile(r2, r3, 0x0, 0x8000) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) [ 105.793032] hrtimer: interrupt took 25924 ns [ 105.802707] audit: type=1400 audit(1559463919.599:39): avc: denied { map } for pid=7871 comm="syz-executor.1" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=28493 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 105.894861] kasan: CONFIG_KASAN_INLINE enabled [ 105.900676] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 105.908599] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 105.914922] Modules linked in: [ 105.918121] CPU: 0 PID: 7873 Comm: syz-executor.1 Not tainted 4.14.123 #17 [ 105.925132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.934490] task: ffff888062932740 task.stack: ffff888060d30000 [ 105.940583] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 105.945248] RSP: 0018:ffff888060d37478 EFLAGS: 00010a06 [ 105.950705] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc90007046000 [ 105.957974] RDX: 1bd5a0000000000c RSI: ffffffff84cc851f RDI: dead000000000060 [ 105.965246] RBP: ffff888060d37508 R08: ffff888093341188 R09: ffffed100c09811c [ 105.972518] R10: ffffed100c09811b R11: ffff8880604c08dd R12: dffffc0000000000 [ 105.979960] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3fe0 [ 105.987317] FS: 00007fbaa7e99700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 105.995539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.001418] CR2: 0000001b3102a000 CR3: 000000008fd93000 CR4: 00000000001406f0 [ 106.008689] Call Trace: [ 106.011285] ? seq_list_next+0x5e/0x80 [ 106.015197] seq_read+0xb46/0x1280 [ 106.018746] ? seq_lseek+0x3c0/0x3c0 [ 106.022470] ? check_preemption_disabled+0x3c/0x250 [ 106.027487] ? retint_kernel+0x2d/0x2d [ 106.031384] proc_reg_read+0xfa/0x170 [ 106.035187] ? seq_lseek+0x3c0/0x3c0 [ 106.038918] do_iter_read+0x3e2/0x5b0 [ 106.042730] vfs_readv+0xd3/0x130 [ 106.046186] ? compat_rw_copy_check_uvector+0x310/0x310 [ 106.052452] ? iov_iter_get_pages_alloc+0xb8d/0xef0 [ 106.057477] ? iov_iter_pipe+0x9f/0x2c0 [ 106.061466] default_file_splice_read+0x421/0x7b0 [ 106.066345] ? __kmalloc+0x15d/0x7a0 [ 106.070061] ? alloc_pipe_info+0x15c/0x380 [ 106.074291] ? splice_direct_to_actor+0x5d2/0x7b0 [ 106.079138] ? do_splice_direct+0x18d/0x230 [ 106.083469] ? do_splice_direct+0x230/0x230 [ 106.087793] ? retint_kernel+0x2d/0x2d [ 106.091676] ? retint_kernel+0x2d/0x2d [ 106.095564] ? trace_hardirqs_on_caller+0x400/0x590 [ 106.100594] ? __inode_security_revalidate+0xd6/0x130 [ 106.105783] ? avc_policy_seqno+0x9/0x20 [ 106.109867] ? selinux_file_permission+0x85/0x480 [ 106.114715] ? security_file_permission+0x89/0x1f0 [ 106.119651] ? rw_verify_area+0xea/0x2b0 [ 106.123724] ? do_splice_direct+0x230/0x230 [ 106.128091] do_splice_to+0x105/0x170 [ 106.131902] splice_direct_to_actor+0x222/0x7b0 [ 106.136574] ? generic_pipe_buf_nosteal+0x10/0x10 [ 106.141416] ? do_splice_to+0x170/0x170 [ 106.145390] ? rw_verify_area+0xea/0x2b0 [ 106.149454] do_splice_direct+0x18d/0x230 [ 106.153602] ? splice_direct_to_actor+0x7b0/0x7b0 [ 106.158450] ? rw_verify_area+0xea/0x2b0 [ 106.162520] do_sendfile+0x4db/0xbd0 [ 106.166242] ? do_compat_pwritev64+0x140/0x140 [ 106.170827] ? put_timespec64+0xb4/0x100 [ 106.174893] ? nsecs_to_jiffies+0x30/0x30 [ 106.179045] SyS_sendfile64+0x102/0x110 [ 106.183025] ? SyS_sendfile+0x130/0x130 [ 106.187027] ? do_syscall_64+0x53/0x640 [ 106.191037] ? SyS_sendfile+0x130/0x130 [ 106.195011] do_syscall_64+0x1e8/0x640 [ 106.198898] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 106.203748] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 106.208943] RIP: 0033:0x459279 [ 106.212128] RSP: 002b:00007fbaa7e98c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 106.219836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 106.227105] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 106.234390] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 106.241678] R10: 0000000000008000 R11: 0000000000000246 R12: 00007fbaa7e996d4 [ 106.248982] R13: 00000000004c65f3 R14: 00000000004db268 R15: 00000000ffffffff [ 106.256256] Code: 06 00 00 e8 a1 20 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 106.275681] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff888060d37478 [ 106.290958] ---[ end trace 16635d481945197e ]--- [ 106.296190] Kernel panic - not syncing: Fatal exception [ 106.302631] Kernel Offset: disabled [ 106.306252] Rebooting in 86400 seconds..