[?25l[?1c7[ ok 8[?25h[?0c. [ 37.148668] audit: type=1800 audit(1559543782.560:33): pid=6951 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 37.170138] audit: type=1800 audit(1559543782.560:34): pid=6951 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.092239] random: sshd: uninitialized urandom read (32 bytes read) [ 44.480739] audit: type=1400 audit(1559543789.900:35): avc: denied { map } for pid=7123 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 44.533605] random: sshd: uninitialized urandom read (32 bytes read) [ 45.197004] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.59' (ECDSA) to the list of known hosts. [ 50.777986] random: sshd: uninitialized urandom read (32 bytes read) 2019/06/03 06:36:36 fuzzer started [ 50.972339] audit: type=1400 audit(1559543796.390:36): avc: denied { map } for pid=7132 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.944630] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/03 06:36:39 dialing manager at 10.128.0.105:43551 2019/06/03 06:36:40 syscalls: 2441 2019/06/03 06:36:40 code coverage: enabled 2019/06/03 06:36:40 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/06/03 06:36:40 extra coverage: extra coverage is not supported by the kernel 2019/06/03 06:36:40 setuid sandbox: enabled 2019/06/03 06:36:40 namespace sandbox: enabled 2019/06/03 06:36:40 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/03 06:36:40 fault injection: enabled 2019/06/03 06:36:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/03 06:36:40 net packet injection: enabled 2019/06/03 06:36:40 net device setup: enabled [ 55.885773] random: crng init done 06:37:24 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="b13691cd8069ef69dc00d9c4a2d1920cec14c2ab39fd5bf9e2f9b315c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2164f01c4c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4c462e0f317114d54111d00") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) readv(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0xb, 0x5b82557d) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000100), 0x13f698e4b9e299b7, 0x1, 0x0, 0xffffffffffffff06) 06:37:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)={0xe4, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x50, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @broadcast}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffff}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA={0x78, 0x5, [@TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x80}, 0x0) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 98.984029] audit: type=1400 audit(1559543844.400:37): avc: denied { map } for pid=7132 comm="syz-fuzzer" path="/root/syzkaller-shm949610595" dev="sda1" ino=16490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 06:37:24 executing program 5: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") lseek(r0, 0xfffffffffdfffffe, 0x1) getdents(r0, &(0x7f0000000000)=""/38, 0x26) 06:37:24 executing program 2: clock_getres(0xdffffffffffffff5, 0x0) 06:37:24 executing program 3: syz_execute_func(&(0x7f0000000280)="9119c8428db408c4c628705a7500ab5a4be2f942e4fc0f75d2700098a0edaa2869c10000a2a22b8fcfac000f0fe16666410fd7de2d9dc4fb003e13480f7e21410816666bd3263d440fa0b78fb095cdab162666410f5d42d351261ae3437a66664c0f6e971677e16c182e383c8484414561a8433b007166500f38e422a92944dfbaf0a0a044d03e420f01ee405743405714bf34000000c4c159ea6cdd8bf2e07dd1d9400f751ef355c4c27d5874921184614a406690529a9ac42219581e4d000d746d06af0c00c402e9935c8f00da32") r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") 06:37:24 executing program 4: sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0xcc, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x3c, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MEDIA={0x10, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_LINK={0x6c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40}, 0x40050) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000200)="f2af91cd800f0124eda133fa20430fbafce842f66188d0c4e1801cf5ab39fd5bf9e2f9660f3a0fae5e090000bac7e4c65849db023c1fb63a3af4f3af49f216c863fa438036a966410f6c244dd68dbaa9f340ae955b955f420f383c027336d70fc7f83666420f383a6539f3ab0f14e746d9f8a1fe5ff6f6df0804f4c4efa5b3609c0f01c4288ba6452e00005480") [ 99.010782] audit: type=1400 audit(1559543844.400:38): avc: denied { map } for pid=7151 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13826 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 99.580254] IPVS: ftp: loaded support on port[0] = 21 [ 99.851566] NET: Registered protocol family 30 [ 99.856176] Failed to register TIPC socket type [ 100.776947] IPVS: ftp: loaded support on port[0] = 21 [ 100.813015] NET: Registered protocol family 30 [ 100.855624] Failed to register TIPC socket type [ 100.898742] chnl_net:caif_netlink_parms(): no params data found [ 101.126534] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.181509] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.189839] device bridge_slave_0 entered promiscuous mode [ 101.352211] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.439630] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.521740] device bridge_slave_1 entered promiscuous mode [ 101.861759] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 102.131455] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 102.595085] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 102.740802] team0: Port device team_slave_0 added [ 102.970744] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 102.978060] team0: Port device team_slave_1 added [ 103.272471] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 103.565288] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 104.317995] device hsr_slave_0 entered promiscuous mode [ 104.564355] device hsr_slave_1 entered promiscuous mode [ 104.808442] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 104.969408] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 105.244077] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 105.825640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.010964] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.155932] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.271927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.279831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.402398] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 106.408531] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.673660] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 106.787187] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 106.829558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 106.910520] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.917045] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.071719] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 107.104925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 107.120812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 107.213831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.311589] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.317988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.412529] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 107.500985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 107.615925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 107.680358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 107.783795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 107.866710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 107.903128] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 107.979843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 108.044786] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 108.063771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 108.141506] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 108.188273] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 108.252755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 108.277286] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 108.374502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 108.431311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 108.438905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 108.529495] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 108.600276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 108.716913] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 108.872960] 8021q: adding VLAN 0 to HW filter on device batadv0 06:37:35 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="b13691cd8069ef69dc00d9c4a2d1920cec14c2ab39fd5bf9e2f9b315c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2164f01c4c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4c462e0f317114d54111d00") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) readv(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0xb, 0x5b82557d) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000100), 0x13f698e4b9e299b7, 0x1, 0x0, 0xffffffffffffff06) [ 110.220279] IPVS: ftp: loaded support on port[0] = 21 06:37:35 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="b13691cd8069ef69dc00d9c4a2d1920cec14c2ab39fd5bf9e2f9b315c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2164f01c4c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4c462e0f317114d54111d00") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) readv(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0xb, 0x5b82557d) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000100), 0x13f698e4b9e299b7, 0x1, 0x0, 0xffffffffffffff06) [ 110.461726] NET: Registered protocol family 30 [ 110.466369] Failed to register TIPC socket type 06:37:36 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="b13691cd8069ef69dc00d9c4a2d1920cec14c2ab39fd5bf9e2f9b315c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2164f01c4c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4c462e0f317114d54111d00") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) readv(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0xb, 0x5b82557d) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000100), 0x13f698e4b9e299b7, 0x1, 0x0, 0xffffffffffffff06) 06:37:37 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="b13691cd8069ef69dc00d9c4a2d1920cec14c2ab39fd5bf9e2f9b315c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2164f01c4c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4c462e0f317114d54111d00") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) readv(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0xb, 0x5b82557d) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000100), 0x13f698e4b9e299b7, 0x1, 0x0, 0xffffffffffffff06) 06:37:37 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="b13691cd8069ef69dc00d9c4a2d1920cec14c2ab39fd5bf9e2f9b315c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2164f01c4c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4c462e0f317114d54111d00") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) readv(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0xb, 0x5b82557d) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000100), 0x13f698e4b9e299b7, 0x1, 0x0, 0xffffffffffffff06) 06:37:37 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="b13691cd8069ef69dc00d9c4a2d1920cec14c2ab39fd5bf9e2f9b315c7e4c653fb0fc4014cb63a3af4a95ff9c44149f2164f01c4c421fc51c12aeac461a1f8a100000021c4e189d8a42973858e2c0f186746f3400faee47e7c5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4c462e0f317114d54111d00") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) readv(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0xb, 0x5b82557d) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000100), 0x13f698e4b9e299b7, 0x1, 0x0, 0xffffffffffffff06) [ 112.531658] IPVS: ftp: loaded support on port[0] = 21 [ 112.772073] NET: Registered protocol family 30 [ 112.777569] Failed to register TIPC socket type 06:37:38 executing program 0: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) lseek(r0, 0x0, 0x1) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/status\x00', 0x0, 0x0) getsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000180), &(0x7f00000003c0)=0x4) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') mount(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000280)={0x7f, @loopback, 0x4e20, 0x2, 'lblc\x00', 0x3, 0x4, 0x5c}, 0x2c) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r5 = syz_open_procfs(0x0, &(0x7f0000000400)='net/protocols\x00') write$UHID_CREATE2(r3, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000268fb8c500000000000000200000000000000000000000000000000000000000000000000000295b5152000000000000000012000000000000000073797a3000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000e3226bff480fa61879d0466300000000000000000000000000000000000000000000000000000000000000000041e6000000000000000000000032000000acc200000184000002000000090000004ba3185441d8ef0ba21947190a0bb05049ddb6a644e3b64f21174d5afe551699d9c2020000007b4bae64af0e68fd043482c8"], 0x1) sendfile(r4, r5, 0x0, 0x8000) mkdir(&(0x7f0000000240)='./file0\x00', 0x161424ab48450249) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) [ 112.968298] audit: type=1400 audit(1559543858.380:39): avc: denied { map } for pid=7813 comm="syz-executor.0" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=28155 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 113.004344] hrtimer: interrupt took 34923 ns [ 113.125932] kasan: CONFIG_KASAN_INLINE enabled [ 113.146308] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 113.177951] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 113.184212] Modules linked in: [ 113.187410] CPU: 0 PID: 7816 Comm: syz-executor.0 Not tainted 4.14.123 #17 [ 113.194416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.203780] task: ffff888078d3a5c0 task.stack: ffff8880681a8000 [ 113.209836] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 113.214491] RSP: 0018:ffff8880681af478 EFLAGS: 00010a06 [ 113.219851] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc90006076000 [ 113.227120] RDX: 1bd5a0000000000c RSI: ffffffff84cc851f RDI: dead000000000060 [ 113.234386] RBP: ffff8880681af508 R08: ffff8880900ee448 R09: ffffed100cf4114c [ 113.241744] R10: ffffed100cf4114b R11: ffff888067a08a5d R12: dffffc0000000000 [ 113.249007] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3fe0 [ 113.256273] FS: 00007f3014151700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 113.264491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.270364] CR2: 00000000200019c0 CR3: 0000000099135000 CR4: 00000000001406f0 [ 113.277630] Call Trace: [ 113.280234] ? seq_list_next+0x5e/0x80 [ 113.284120] seq_read+0xb46/0x1280 [ 113.287660] ? trace_hardirqs_on_caller+0x400/0x590 [ 113.292765] ? seq_lseek+0x3c0/0x3c0 [ 113.296478] ? seq_lseek+0x3c0/0x3c0 [ 113.300188] proc_reg_read+0xfa/0x170 [ 113.303986] ? seq_lseek+0x3c0/0x3c0 [ 113.307712] do_iter_read+0x3e2/0x5b0 [ 113.311516] vfs_readv+0xd3/0x130 [ 113.314977] ? compat_rw_copy_check_uvector+0x310/0x310 [ 113.320357] ? iov_iter_get_pages_alloc+0x634/0xef0 [ 113.325404] ? iov_iter_pipe+0x9f/0x2c0 [ 113.329468] default_file_splice_read+0x421/0x7b0 [ 113.334319] ? __kmalloc+0x15d/0x7a0 [ 113.338042] ? alloc_pipe_info+0x15c/0x380 [ 113.342280] ? splice_direct_to_actor+0x5d2/0x7b0 [ 113.347210] ? do_splice_direct+0x18d/0x230 [ 113.351567] ? do_splice_direct+0x230/0x230 [ 113.355903] ? trace_hardirqs_on_caller+0x400/0x590 [ 113.360928] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 113.365690] ? check_preemption_disabled+0x3c/0x250 [ 113.370720] ? __inode_security_revalidate+0xd6/0x130 [ 113.375915] ? avc_policy_seqno+0x9/0x20 [ 113.379973] ? selinux_file_permission+0x85/0x480 [ 113.384826] ? security_file_permission+0x89/0x1f0 [ 113.389756] ? rw_verify_area+0xea/0x2b0 [ 113.393815] ? do_splice_direct+0x230/0x230 [ 113.398226] do_splice_to+0x105/0x170 [ 113.402035] splice_direct_to_actor+0x222/0x7b0 [ 113.406715] ? generic_pipe_buf_nosteal+0x10/0x10 [ 113.411653] ? do_splice_to+0x170/0x170 [ 113.415633] ? rw_verify_area+0xea/0x2b0 [ 113.420138] do_splice_direct+0x18d/0x230 [ 113.424287] ? splice_direct_to_actor+0x7b0/0x7b0 [ 113.429153] ? rw_verify_area+0xea/0x2b0 [ 113.433216] do_sendfile+0x4db/0xbd0 [ 113.436943] ? do_compat_pwritev64+0x140/0x140 [ 113.441698] ? put_timespec64+0xb4/0x100 [ 113.445762] ? nsecs_to_jiffies+0x30/0x30 [ 113.449915] SyS_sendfile64+0x102/0x110 [ 113.453907] ? SyS_sendfile+0x130/0x130 [ 113.457883] ? do_syscall_64+0x53/0x640 [ 113.461867] ? SyS_sendfile+0x130/0x130 [ 113.465850] do_syscall_64+0x1e8/0x640 [ 113.469735] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 113.474672] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 113.479860] RIP: 0033:0x459279 [ 113.483057] RSP: 002b:00007f3014150c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 113.490765] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 113.498058] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 113.505324] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 113.512590] R10: 0000000000008000 R11: 0000000000000246 R12: 00007f30141516d4 [ 113.519861] R13: 00000000004c65f3 R14: 00000000004db268 R15: 00000000ffffffff [ 113.527551] Code: 06 00 00 e8 a1 20 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 113.546873] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff8880681af478 [ 113.556665] ---[ end trace a55903a0b471bd49 ]--- [ 113.561720] Kernel panic - not syncing: Fatal exception [ 113.568130] Kernel Offset: disabled [ 113.571747] Rebooting in 86400 seconds..