[ 31.846310] kauditd_printk_skb: 9 callbacks suppressed [ 31.846317] audit: type=1800 audit(1558871112.169:33): pid=6858 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.873646] audit: type=1800 audit(1558871112.169:34): pid=6858 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.173196] random: sshd: uninitialized urandom read (32 bytes read) [ 38.360436] audit: type=1400 audit(1558871118.689:35): avc: denied { map } for pid=7032 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.411893] random: sshd: uninitialized urandom read (32 bytes read) [ 39.064875] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. [ 44.718858] random: sshd: uninitialized urandom read (32 bytes read) 2019/05/26 11:45:25 fuzzer started [ 44.921058] audit: type=1400 audit(1558871125.249:36): avc: denied { map } for pid=7041 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.685661] random: cc1: uninitialized urandom read (8 bytes read) 2019/05/26 11:45:27 dialing manager at 10.128.0.105:40355 2019/05/26 11:45:28 syscalls: 2441 2019/05/26 11:45:28 code coverage: enabled 2019/05/26 11:45:28 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/05/26 11:45:28 extra coverage: extra coverage is not supported by the kernel 2019/05/26 11:45:28 setuid sandbox: enabled 2019/05/26 11:45:28 namespace sandbox: enabled 2019/05/26 11:45:28 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/26 11:45:28 fault injection: enabled 2019/05/26 11:45:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/26 11:45:28 net packet injection: enabled 2019/05/26 11:45:28 net device setup: enabled [ 48.991831] random: crng init done 11:45:46 executing program 0: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) lseek(r0, 0x0, 0x1) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') mount(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') write$UHID_CREATE2(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032000000acc200000104000002000000090000004ba3185441d8ef0ba51947190a0bb05049ddb68644e3b64f21174d5afe551699d9c26de9edec7b4bae64af0e68fd043482c8"], 0x1) sendfile(r3, r4, 0x0, 0x8000) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) 11:45:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)={0x104, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_SOCK={0x4}, @TIPC_NLA_BEARER={0x48, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x14, 0x2, @in={0x2, 0x0, @local}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}]}]}, 0x104}}, 0x0) syz_execute_func(&(0x7f0000000100)="f2af91930f0124eda133fa20430fbafce842f66188d0c4e18014d1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac462b99cbc0ce8000000c482310d46f449f216c863fa438036a966410f6c244dd68dbaa9f340ae955b955f420f383c02c401405c6bfdd70fc7f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa5b3609c0f01c4288ba6452e00005480") 11:45:46 executing program 5: mknod$loop(&(0x7f0000000040)='./file1\x00', 0x6003, 0x1) r0 = open(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) setresuid(0x0, 0xee01, 0x0) ioctl$BLKFLSBUF(r0, 0x401870cb, 0x0) 11:45:46 executing program 3: r0 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)="a9ee55e6efc355b5d84579e1e0581cc25f19e348ceb89b33bd33da13f96bbe0dcc630a821b80d3d0a483a8c5f29797398c28dbc85610dbb0af30258f767edff6d7b5a45e8ffa59734a1a82f440b46595ea85a27c19429df8ac14fd8c", 0x5c, 0xfffffffffffffff9) keyctl$update(0x2, r0, &(0x7f00000014c0)="c726523b8d4be49277add5f840cc442ba390b10646aecf0911f4237e91c25bf3ea77617c8bde0bd7b2972da9acf14b1d649621278687c9294d45bb3cb0cc53ded1a0715540c23e3360aa38339fb14e14866f56f7b98e8d560f30dfd6bb8350082d9cc7adb600a9d2a7e78df574822ef92deaed78ef61ecdbd70ecd13f7677917e9eb40786534c2d9c8d9156b15dc12d66f2935dd62df77964d4e280f229fc5c3eb50b8b2407040b0347e24e87a3c946717527d3d604725aa9663be30799913d91b4c86c7feb973a29817be690c6c0780b510cbfe19a2eb7af0dcc78351b3a17907902ef290b5c15d310b1a60dea5a7ebdcdd538cdded3bc783ffc961adcc6b5ff47f2ba14d8c6700d4938ebcfcdcafe94610919971e7fbad5c6417a4d3616ca5e679f5f1bc31284a807eb2ef22c31c3e33cb95193b5de6077a39532e6aee2f022f2a6564d02b0129fd202bc14a2a38aeab4020ced292880c16afcce0786d854ce71caea4a0d00998dd310d8f8e4c09ddd1b2c169698f7b598c4a27986d7ddf9746ecdd7d2cb61e007e6cd45c3003958568d860e7c2c9c12669df4c71dc0992a7f004e0586dd6e415c7a40de1ef0515dc846d898a8306243ade7656aa011a0524f2a9c9b9dfa0d09c0b8249baf2373ac32c5b60c058889620ffcd1400310b8947f79286a543328e07f089aac5d189d9e2c1b79b1571c51c492b5568c34e348b97af32932cd257cf1b1f9fc1297a911439178fb3e8d5279f606b93a15a20075fca6a1ae1351c19adee45f49da4ccae29c2b5c129a521e2c09fc8607589a4c621ac388d3edf33be5226bbe0ce3db30c6b4945cd221178ceb82b66d38fdf977adfffd4fe7bad19b72500b9eba80dacbd9829dc9823f55370da1a8d00af9e52e940f455332f4d4874672df1b9f3d489b99b442d68136304f5df6b463aa9842984e16726d92ea0a901fd21d0a213ec222a1e191746fc9ae6fb2cf446a67ac9653f0e42794b1b3f8a2cd9cb216b6bcb2c2f13320fdf21b81bcc7ca7abd99541226b4e23ae6cd3c6f41b615efa15382add44e2f8702c6fe984bac9dc561998cc64974cc4327a69dc86b27651c74f3ee200e39ca3e92d70f474f701657fded03bc28d6a30869e56b1a149c9387829fdadc7278714da3618fad807949dca0c78ef586d283153e3b3b95ae23ff1aae3c0542f4cb2fe898c1a1bcc6f85d52685417c091e6b5fc8706e709ddfce8dbef58f8bbc466325106597ed9515658264d18f7c6e19627ea2d28adf267cba5b9940f0d2616f2874bfea4c6aab2e7ce26644e75dc2b9bcca6f92cce48f051edc8b71fcf4af61328da746a70033310e13d19d838c59a8760535c6eb9c6aef940a25533608166f1de0f43ab485cf058665154904d8480cc6591eec5c4d6f39ccfb137f35c544b7f1b6fc0e539690b641cb3e4686143470ebd2fd5184ddc069d0908063fb87d27974d031bb04ece2aaec54c71df93ffd05078e4cb2e6509544940de8c998c272fc50968ce75eaf393869c9058c2a2eb9506f7ea661db5c2d660f852775d14a78314fe9e8eef9257f772c6b4713a60e88bbe361301db8ec729c8ba575e7afbc0d1e5883ef7b5944973d4039206050af931c10ce3ff19bb3074204aa7602755c2a98db173fcc78abc2e71b83bb0eca9599831b6102fdca8029fd5537c235819b6a2e02019891a445b2473085af1a51936e8e61068b22f4c1b85831c8ff7aab3049f1d1539e59bb3f0c450a210bd5f288f2566372132387fdf93733781e081d8e91e451f4c2325060434ea41335bd035f49261e17902aaffc988dd8126e5133a83f52890319f9eb6bd9ed5e1736fa2d60c7e0bbed1b4dfb8f19bb760ec032e9266f1037176d6e6b011c11eb3fe77d0aba2dc120ff025fae53cb9b9664de3eb708739b49e0aa164a6016f642659ebf4236e1c5f5826452ca7fd8f5c8f3bb86f6a7f1245ecd8fa0122de474020a834523724a774ede21462cfb8d6176b8621e0d18d71a30eb0458ec73bb9be0cfb6eff1cdc953c92efaf386d28e01d9c6667b62f9e14b81a5ed1c1997efafd37bbd04b18bbad68eca720702422480d4ef7a3fa60edad2b4726b220f89d61ddb959a8ff61949ab6f74252838e2bbc7a0a361fca754f71acb225d608e322b76199abc0666e0474daec0868e16df66622b308532b1b3c07bb3c65e382ae32ea6a1a9b0f1de8c50b657bfc90495565b6df8836a6c0343cfe4c1b028d0d2cb949f218b57c40b3133366a5604cabcdb3be90cffbe1c424f721e781c0e56f63e090c66d4ab6453eb795e6e46322ff40bcae786c2c99a4714b05596273e683fad2ac44a8f11b5c6f3acf9b3ab8075f1a7717881ead31b07966e9b0ddac57ff56533f72b7b458d4dc7694698d74de0b419dacb21074488396afe193db11cf3190649ba6d21d90d89ebb4c5adb2c3a6088c337a5448636cc0bea912597d46cb4b9a8064b9f54fcbee392aeba0f46306d617ccdbc751970feb21b224c2af419ed3fbcad74a5bb22c9141d7127bcd2027e0b73081addccf3ea1d10e4a4f47522bd3c82797e7db4bd6c51f4122813fe852f9e33c5f6fa0245b21277d220af6188544a29c658f03595df4f59a3357d4d4b0cecc02c8173f9475529d15842a2c88542aff2ae0fc42bcc27b8c7591360946be538ecbe11fd426de0d923d0262873f1e9acdf828febdbdf6fa0ff56c43b27539f75868a1d30bc1fadb3603e4112019ec770db95db76867ded635588f9a103a74d2c101ca5b09b9fc96c062b22643ee9841cb101d30c0c787be1a2ff49ba104e773f1fc11ae28a7cfb47b0f13933c53d5d3ec003585d88e87de0b36f8f17ac372c7d8fbf61d1c135de3c6545bd7a54d507a92b3adaa7e4189ddb5747b53bca3c77062fca39eb0d61525728d59b869ea39bfd06603fd6ae081ca5ba89c15c14e546ef848fb86621af2e5a0f2f694ed61f8dcd00017f509301b756ad3ed96301e516700693c09f10000b1ec106555b43462e3f9421c62d446fb569aebc444b1bb9e349162551081746e753c072957944271a181356c8bcfc6056a5e4995c12b8cd574f53bf0ac6929c039caf4b61c6b8347058cf8892c2bd0cca3842c0e6c6e3b15ead5c7b2f7c65d7685aa2d4854d1aba86630b2dbce689f076e0ce70f1fd0f85873e2a30bb396e0f95a0f9b6f70c61bda0a43949db547a1bfdd6ec36175c3be13b2447c4564821f58f4951d4da643d3b7fab9d8fad0267262a960244c0ced322486016a555dd4b4ee067af3dccfb22d6fb0bcceba1d6ac478be6001da383a0b7b0ff2c6f24abb4c60d7a140746e021a5b8d99eeee5d02f1d62d092b0f8b92eaf8f4380fa9abc8698d191c3c278f959dd7cef24c32d7b398bc1d914288ff8c3376dc151a137bf0f83113e8cd64e53a0c96dc8e675b2849305c583a8db75f89683fe73b54dee1a40daf2be72ce880538bdab0d077115bcaf405c61eb6d4fd4b8bf11c5114075510c9c1a023694292969ac36a15d5f192f40919390137a2d98adaf166b9bf7dbced3cc5e57c9f2511815838770db09b34b1549df0551e91dbb4789113029bfc3e895262bab8a4c74687e3d8002a5136a21ceb8737cacb75dc40540e2bcc7adac42b302c5e3f2086ff333020bcc7cd7a728d947b76c59523d16b53315723adcacccb926c4872dc11edcb775e50e3dfc627cf94dae8b5ac766c5f7cdece5472e9e57a1e043311cf7f6a623837486fcac2565646aa16f6d2b1a3e252409f3e5449d576646ed24204cfe1b7f51eb09be58117785bd9b3dd447501fafc5aea4a87af57aeac4b4e3dda7fadf377ca38c40c55f6d6ad3dcba051ffd61783aa2b18d0e04d64bbf406770bc63a5300c054ff4b5624b7e410bdf6bd5407d64755629fa63747a3757d88af3e3fcc301f1c62083bf4ea47bd03ca50dbe8bad3ace40dec03eb8ce01b7d5e2a201248f820fbd8188f94866bb4222fe6c71035819cceadc8dc49fdff93713264131f4687e9ba3edda7484263339f39454f3f57f88ca30360d380105286ef8b113506eaed455e75ebc163116d8b6fda0bd452d4acdf2aa2cd28444947288870050252b940167798a74f421057ddc865575edc6c9d86be39b2c427970b454d240ad3a163d05203fc6df972b39aee22cfd31c3c09ed320510768d303c64d9327af352b2771c5689f4d839e5b24884da547a4d651298ec6b02486eb81d5f64c65907c8e19573ee519d774aa894e521d88548000a526ecadcd56e12c6471ce9f8f88a5ba38f136d24e4c9facf8177ffceb815679dc835700658b7e61c98f7f7e8eaf7395b3b46ad5cb485fd5eb680e5e19c14fe1d5ed3e93c4ced20e4a4502d544599285aa7cf4507e482ba6f3d0619cd726907eca921794f74fe5b64367f29181cd86a60c0af3003b1b3fc073264f07744a9a310ba627e596110e800ec64d045287fd21bd9b784df54f403cb6134cf60533b7bde930d4e41431281146e41833b0885de5d0f9dbe4386062c36b42c86bb13ba2ea40db702a926aa38c63d45063695abe40a08814b82e9f03db500d13fc1e72769bf12f4fa25de67c21e60d04db8eb23f9b7c84ad034dacc0ac40e640a7bbd2bb96bc3e8b38e90f2c11f1ef854f31b8a17e2c1488c7a77bbef2a3fa2f69cd63cff5d9d8b6d576f6c79527d2dc34d0b929515913f00a8cb650cdcf34534c2893cf70f73bff1d97484664ac37275eb59a8db38715e933d3b9744459c8960eb4b03ee3031ef25a7a68bba0113b383a17cb1a8d31dc83ddc58aff245abf482f469f7c125346d943eefb49f88e74de24fa164bceb08da5d5672f0a56f6ca086ff2cef8f079d768632a8313d00cbf4a601c4665bc1667cc88d1feb5bc378a1e1bc8157c536559b41c1a359873d893b1b12cd48c0199152167794e80d4933c8b5e1416afdb8b7e7abed4f123486fd2959afc7ea7a23ff286b92cd2d", 0xdb4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000400)="b13691cd806969ef69dc00d9c4a2d1920cec38c4ab39fd5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2168f4808eebce00000802000c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c730f5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4f30f1a1254111d54111d00") setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x362) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) readahead(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0xffffffffffffff70) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) fsetxattr$security_smack_transmute(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) r2 = creat(&(0x7f0000000480)='./bus\x00', 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='security.evm\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="0202763ba140887661ebe61ac1bd"], 0x1, 0x3) r4 = dup(r3) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, 0x0, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$input_event(r2, &(0x7f00000002c0)={{0x0, 0x7530}, 0x5, 0x9, 0xfffffffffffffff8}, 0x18) getsockopt$IP6T_SO_GET_REVISION_TARGET(r4, 0x29, 0x45, 0x0, 0x0) r5 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x2007fff) sendfile(r4, r5, 0x0, 0x8000fffffffb) 11:45:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYRESOCT], 0x1}}, 0x0) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000240)="f2af91930f0124eda133fa20430fbafce842f66188d0c4e18014d3ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac462b99cbc0ce8000000c482310d46f449f216c863fa438036a966410f6c244dd68dbaa9f340ae955b955f420f383c02c401405c6bfdd70fc7f833fe0f8028ffffffab64e4660f38323c8fa1fe5ff6f6df0804f4c49ef8f840fc9c0f01c4288ba6452e00001ebdd4083644d923") [ 66.054118] audit: type=1400 audit(1558871146.379:37): avc: denied { map } for pid=7041 comm="syz-fuzzer" path="/root/syzkaller-shm914465875" dev="sda1" ino=16491 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 11:45:46 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000003c0), 0x812e46f0, 0x0}, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000240)="f2af91cd800f0124eda133fa20430fbafce842f66188d0d038c4ab39fd5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95bf9c44149f2168f4808eebce00000802000c863fa43adc4e17a6fe60f186746f340aee47c7c730f66400f3833fe8f0f14e7e701fe5ff6e7df660fe7af5cc34a510804f4c441a5609c8ba80000005499") r2 = socket$inet6(0xa, 0x3, 0x88) connect$inet6(r2, &(0x7f0000000080), 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) [ 66.092225] audit: type=1400 audit(1558871146.379:38): avc: denied { map } for pid=7058 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13817 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 66.850198] IPVS: ftp: loaded support on port[0] = 21 [ 67.171224] NET: Registered protocol family 30 [ 67.175833] Failed to register TIPC socket type [ 68.091106] IPVS: ftp: loaded support on port[0] = 21 [ 68.112775] NET: Registered protocol family 30 [ 68.117728] Failed to register TIPC socket type [ 68.260987] chnl_net:caif_netlink_parms(): no params data found [ 68.484773] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.560594] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.651223] device bridge_slave_0 entered promiscuous mode [ 68.780937] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.787395] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.871722] device bridge_slave_1 entered promiscuous mode [ 69.274297] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.646908] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.079832] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.191617] team0: Port device team_slave_0 added [ 70.378932] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 70.510715] team0: Port device team_slave_1 added [ 70.800838] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.031473] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 71.518098] device hsr_slave_0 entered promiscuous mode [ 71.723775] device hsr_slave_1 entered promiscuous mode [ 71.945386] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 72.147556] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 72.382273] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.091800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.243370] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 73.483208] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 73.489451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.502975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.647732] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 73.742284] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.884467] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.980176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.988178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.110560] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.117086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.251604] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.452006] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.459204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.483921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.590531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.598201] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.604618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.778053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.847197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.915963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.014754] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 75.050774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.060851] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.153045] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 75.160873] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.167905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.231439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.312318] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 75.384357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.401586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.502380] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 75.577283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.586153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.667490] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 75.722951] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.851049] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 75.963965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.345722] audit: type=1400 audit(1558871156.669:39): avc: denied { map } for pid=7661 comm="syz-executor.0" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=27380 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 76.390093] hrtimer: interrupt took 45680 ns [ 76.528348] kasan: CONFIG_KASAN_INLINE enabled [ 76.580956] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 76.648547] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 76.654853] Modules linked in: [ 76.658061] CPU: 0 PID: 7667 Comm: syz-executor.0 Not tainted 4.14.122 #16 [ 76.665076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.674437] task: ffff88806eb861c0 task.stack: ffff8880691a8000 [ 76.680508] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 76.685179] RSP: 0018:ffff8880691af478 EFLAGS: 00010a06 [ 76.690547] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc9000603e000 [ 76.697836] RDX: 1bd5a0000000000c RSI: ffffffff84cc751f RDI: dead000000000060 [ 76.705116] RBP: ffff8880691af508 R08: ffff88807ce13908 R09: ffffed1012921c94 [ 76.712394] R10: ffffed1012921c93 R11: ffff88809490e49d R12: dffffc0000000000 [ 76.719671] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3b20 [ 76.727055] FS: 00007fbd651f9700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 76.735376] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.741263] CR2: 0000001b2ce2a000 CR3: 00000000a0993000 CR4: 00000000001406f0 [ 76.748538] Call Trace: [ 76.751141] ? seq_list_next+0x5e/0x80 [ 76.755041] seq_read+0xb46/0x1280 [ 76.758595] ? seq_lseek+0x3c0/0x3c0 [ 76.762315] ? avc_policy_seqno+0x9/0x20 [ 76.766384] ? selinux_file_permission+0x85/0x480 [ 76.771252] proc_reg_read+0xfa/0x170 [ 76.775052] ? seq_lseek+0x3c0/0x3c0 [ 76.778770] do_iter_read+0x3e2/0x5b0 [ 76.782587] vfs_readv+0xd3/0x130 [ 76.786044] ? compat_rw_copy_check_uvector+0x310/0x310 [ 76.791404] ? audit_add_tree_rule.cold+0x2e/0x2e [ 76.796230] ? iov_iter_pipe+0x9f/0x2c0 [ 76.800201] default_file_splice_read+0x421/0x7b0 [ 76.805123] ? __kmalloc+0x15d/0x7a0 [ 76.808822] ? alloc_pipe_info+0x15c/0x380 [ 76.813055] ? splice_direct_to_actor+0x5d2/0x7b0 [ 76.818049] ? do_splice_direct+0x18d/0x230 [ 76.822441] ? do_splice_direct+0x230/0x230 [ 76.826745] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 76.831490] ? __inode_security_revalidate+0xd6/0x130 [ 76.836660] ? avc_policy_seqno+0x9/0x20 [ 76.840708] ? selinux_file_permission+0x85/0x480 [ 76.845533] ? security_file_permission+0x89/0x1f0 [ 76.850445] ? rw_verify_area+0xea/0x2b0 [ 76.854492] ? do_splice_direct+0x230/0x230 [ 76.858797] do_splice_to+0x105/0x170 [ 76.862603] splice_direct_to_actor+0x222/0x7b0 [ 76.867268] ? generic_pipe_buf_nosteal+0x10/0x10 [ 76.872099] ? do_splice_to+0x170/0x170 [ 76.876056] ? rw_verify_area+0xea/0x2b0 [ 76.880166] do_splice_direct+0x18d/0x230 [ 76.884308] ? splice_direct_to_actor+0x7b0/0x7b0 [ 76.889232] ? do_sendfile+0x388/0xbd0 [ 76.893121] do_sendfile+0x4db/0xbd0 [ 76.896844] ? do_compat_pwritev64+0x140/0x140 [ 76.901427] ? put_timespec64+0xb4/0x100 [ 76.905470] ? nsecs_to_jiffies+0x30/0x30 [ 76.909603] SyS_sendfile64+0x102/0x110 [ 76.913558] ? SyS_sendfile+0x130/0x130 [ 76.917515] ? do_syscall_64+0x53/0x640 [ 76.921473] ? SyS_sendfile+0x130/0x130 [ 76.925431] do_syscall_64+0x1e8/0x640 [ 76.929323] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 76.934174] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 76.939356] RIP: 0033:0x459279 [ 76.942528] RSP: 002b:00007fbd651f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 76.950223] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 76.957494] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 76.964745] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 76.972003] R10: 0000000000008000 R11: 0000000000000246 R12: 00007fbd651f96d4 [ 76.979255] R13: 00000000004c65f3 R14: 00000000004db268 R15: 00000000ffffffff [ 76.986509] Code: 06 00 00 e8 61 2e 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 77.005782] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff8880691af478 [ 77.013630] ---[ end trace 63bd220ca2006f2e ]--- [ 77.018429] Kernel panic - not syncing: Fatal exception [ 77.024456] Kernel Offset: disabled [ 77.028081] Rebooting in 86400 seconds..