Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. syzkaller login: [ 39.993999] random: sshd: uninitialized urandom read (32 bytes read) 2019/06/02 05:54:24 fuzzer started [ 40.189633] audit: type=1400 audit(1559454864.656:36): avc: denied { map } for pid=7102 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.954529] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/02 05:54:27 dialing manager at 10.128.0.105:43551 2019/06/02 05:54:27 syscalls: 2441 2019/06/02 05:54:27 code coverage: enabled 2019/06/02 05:54:27 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/06/02 05:54:27 extra coverage: extra coverage is not supported by the kernel 2019/06/02 05:54:27 setuid sandbox: enabled 2019/06/02 05:54:27 namespace sandbox: enabled 2019/06/02 05:54:27 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/02 05:54:27 fault injection: enabled 2019/06/02 05:54:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/02 05:54:27 net packet injection: enabled 2019/06/02 05:54:27 net device setup: enabled [ 44.457156] random: crng init done 05:54:54 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}}}, 0x0) 05:54:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x48, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_LINK={0x28, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x48}}, 0x0) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 05:54:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0xb0, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x48, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x100000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffff801}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3553}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}]}, @TIPC_NLA_LINK={0x44, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_BEARER={0x10, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 05:54:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, &(0x7f0000000380)={&(0x7f0000be1000/0x2000)=nil, 0x2000}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00010, 0x1, &(0x7f00000000c0)=0x37000000, 0x1, 0x2000000000002) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200)}}, 0x20) 05:54:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x1000000000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000680)="230000005e0081aee4050c00000f00000000a30000ffffff9e8b1832e0b58bc609f6d8", 0x23}], 0x1}, 0x0) 05:54:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f00000002c0)="b13691cd80475838c4ab39fd5bf9e2f92ef20f2a9ff6ffffffc7e4c653fb0fc4014cb63a3a0f050566f9d441c401fe1635390000008f4808eebce00000802000c421fc51c1dfd001efc48192558dc3c36645c421496b2f6666410f380763007c7c730f400f54a70e00000026400f0d38c401fe5ff6e7f9646736676666430fefb3000000000804f4f30f1a1254111d54111d00") [ 69.856347] audit: type=1400 audit(1559454894.326:37): avc: denied { map } for pid=7102 comm="syz-fuzzer" path="/root/syzkaller-shm279474087" dev="sda1" ino=16491 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 69.893292] audit: type=1400 audit(1559454894.366:38): avc: denied { map } for pid=7121 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13816 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 70.800213] IPVS: ftp: loaded support on port[0] = 21 [ 71.041778] NET: Registered protocol family 30 [ 71.046380] Failed to register TIPC socket type [ 71.910805] IPVS: ftp: loaded support on port[0] = 21 [ 71.937187] NET: Registered protocol family 30 [ 71.957263] Failed to register TIPC socket type [ 72.112290] chnl_net:caif_netlink_parms(): no params data found [ 72.377247] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.460176] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.501399] device bridge_slave_0 entered promiscuous mode [ 72.551738] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.558190] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.651706] device bridge_slave_1 entered promiscuous mode [ 73.111080] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 73.317406] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 73.898929] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 74.018734] team0: Port device team_slave_0 added [ 74.208240] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 74.312618] team0: Port device team_slave_1 added [ 74.461565] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 74.591683] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 75.664252] device hsr_slave_0 entered promiscuous mode [ 76.090487] device hsr_slave_1 entered promiscuous mode [ 76.359441] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 76.525414] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 76.759285] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 77.350383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.525141] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 77.674191] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 77.812200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.821730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.931048] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 77.937173] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.194403] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 78.310220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 78.318931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.401550] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.408076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.572730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 78.580963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 78.680577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.740455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.810308] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.816688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.944233] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 79.030787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 79.057236] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 79.161365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.271674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 79.279030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 79.301551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.361436] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.448819] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 79.534091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 79.545118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.616998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 79.706444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.714638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.802765] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 79.901504] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.909151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.983327] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 79.989390] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.210147] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 80.357671] 8021q: adding VLAN 0 to HW filter on device batadv0 05:55:05 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}}}, 0x0) 05:55:05 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}}}, 0x0) 05:55:05 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}}}, 0x0) 05:55:05 executing program 0: syz_execute_func(&(0x7f0000000300)="b15691cd806969ef69dc00d9c4a2d1920cec38c4ab39fd5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95ff9c44149f21667a864c421fc51c12aeac461a1f8a100000021f346a40f186746f3400faee47e7cf246d85c82c45726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4f30f1a1254111d54111d00") r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f00000006c0)="416bf4c04a2ae92ca842980f050f427ce444c4a37bf0c50241e2e9b5c422ebaabb3c00ba00000fc7a4ea70db000000000f383a9e02000000110f9a8f698099005ba265aa104b26660f38091e2fdee5bebec42104ca67f30f167800c421dd584243c4e10bf8d4d9c0620f66420f5dc423c96cb83d000000fe2e2e66450f7d64c608c4a3bd4877f88a0383397fd3ff3a0065f20ffe7cd8d8a1a12ad764d3cf53afaf8466f2ab440fec3fc4423d9f9346000000660f79ce768a899294d80200490f2d8f0b000000c2a0c10b00ccf0428385000000000d6572d33c6436b2aa66450fc46500000f01f9c441c05983f9070bb3ddcd4aa6f247c0f600c481c5f89780000000c4c1045ccc7d7526802d08000000fa67f243a75c450f91f3dada0f5ea5a9a50000ffbedc4e61c9553131b83a00a2b0fbfb3b62") ioctl(0xffffffffffffffff, 0x0, &(0x7f00000003c0)) [ 81.213310] audit: type=1400 audit(1559454905.686:39): avc: denied { syslog } for pid=7764 comm="syz-executor.0" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 05:55:06 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000440)="4be031c7a5a8f2a5a3703738e7df893f9540dbcf4e7b723cf50083e266627235c487ad42a8ed0a4cdf9463f60d3775e76c06000000d600968785f97bf48cf945e930b958205693039dfe6ea5e2f49521b776ae0a98042ba870416ff7648f2631fe73f87881f10f3292fb3da41755d031cf000000c85e642f4ab44a70f24ffe310296638593fe85a86e35620617f2ddc379981aea30f1e8d62fb9891c8d46b752029c095c56e439983911f14e", 0xac}], 0x1}, 0x0) syz_execute_func(&(0x7f0000000240)="f2af91cd800f0124eda133fa20430fbafce842f66188d0c4ab39fd5bf9e2f9e2c7c7e4c653fb0fc4014cb63a3af4a95bf9c44149f2168f4808eebce00000802000c863fa43adc4e17a6fe60f186746f340aee47c7c730f66400f3833fe8f0f14e7e701fe5ff6e7df660fe7af5cc34a510804f4c441a5609c8ba80000005499") [ 82.000208] IPVS: ftp: loaded support on port[0] = 21 05:55:06 executing program 0: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) lseek(r0, 0x0, 0x1) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/status\x00', 0x0, 0x0) getsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000180), &(0x7f00000003c0)=0x4) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') mount(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000280)={0x7f, @loopback, 0x4e20, 0x2, 'lblc\x00', 0x3, 0x4, 0x5c}, 0x2c) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r5 = syz_open_procfs(0x0, &(0x7f0000000400)='net/protocols\x00') write$UHID_CREATE2(r3, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000268fb8c500000000000000200000000000000000000000000000000000000000000000000000295b5152000000000000000012000000000000000073797a3000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000e3226bff480fa61879d0466300000000000000000000000000000000000000000000000000000000000000000041e6000000000000000000000032000000acc200000184000002000000090000004ba3185441d8ef0ba21947190a0bb05049ddb6a644e3b64f21174d5afe551699d9c2020000007b4bae64af0e68fd043482c8"], 0x1) sendfile(r4, r5, 0x0, 0x8000) mkdir(&(0x7f0000000240)='./file0\x00', 0x161424ab48450249) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) [ 82.252509] NET: Registered protocol family 30 [ 82.257120] Failed to register TIPC socket type [ 82.269684] audit: type=1400 audit(1559454906.736:40): avc: denied { map } for pid=7776 comm="syz-executor.0" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=27865 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 82.331071] hrtimer: interrupt took 26777 ns [ 82.409360] kasan: CONFIG_KASAN_INLINE enabled [ 82.428133] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 82.451210] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 82.457480] Modules linked in: [ 82.460687] CPU: 1 PID: 7778 Comm: syz-executor.0 Not tainted 4.14.123 #17 [ 82.467698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.477078] task: ffff888094b84080 task.stack: ffff88806c2f8000 [ 82.483169] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 82.487834] RSP: 0018:ffff88806c2ff478 EFLAGS: 00010a06 [ 82.493201] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc9000604e000 [ 82.500654] RDX: 1bd5a0000000000c RSI: ffffffff84cc851f RDI: dead000000000060 [ 82.507932] RBP: ffff88806c2ff508 R08: ffff88807a529e88 R09: ffffed1012813924 [ 82.515228] R10: ffffed1012813923 R11: ffff88809409c91d R12: dffffc0000000000 [ 82.522499] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3fe0 [ 82.529796] FS: 00007f2b312a6700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 82.538034] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 82.543927] CR2: 0000000000d3e668 CR3: 000000008946c000 CR4: 00000000001406e0 [ 82.551215] Call Trace: [ 82.553819] ? seq_list_next+0x5e/0x80 [ 82.557711] seq_read+0xb46/0x1280 [ 82.561261] ? seq_lseek+0x3c0/0x3c0 [ 82.564983] ? avc_policy_seqno+0x9/0x20 [ 82.569047] ? selinux_file_permission+0x85/0x480 [ 82.573914] proc_reg_read+0xfa/0x170 [ 82.577719] ? seq_lseek+0x3c0/0x3c0 [ 82.581440] do_iter_read+0x3e2/0x5b0 [ 82.585266] vfs_readv+0xd3/0x130 [ 82.588733] ? compat_rw_copy_check_uvector+0x310/0x310 [ 82.594208] ? push_pipe+0x3e6/0x780 [ 82.597937] ? iov_iter_pipe+0x9f/0x2c0 [ 82.601931] default_file_splice_read+0x421/0x7b0 [ 82.606788] ? __kmalloc+0x15d/0x7a0 [ 82.610587] ? alloc_pipe_info+0x15c/0x380 [ 82.614819] ? splice_direct_to_actor+0x5d2/0x7b0 [ 82.619661] ? do_splice_direct+0x18d/0x230 [ 82.623991] ? do_splice_direct+0x230/0x230 [ 82.628671] ? trace_hardirqs_on+0x10/0x10 [ 82.632912] ? save_trace+0x290/0x290 [ 82.636736] ? __inode_security_revalidate+0xd6/0x130 [ 82.641930] ? avc_policy_seqno+0x9/0x20 [ 82.646005] ? selinux_file_permission+0x85/0x480 [ 82.650847] ? security_file_permission+0x89/0x1f0 [ 82.655802] ? rw_verify_area+0xea/0x2b0 [ 82.659860] ? do_splice_direct+0x230/0x230 [ 82.664181] do_splice_to+0x105/0x170 [ 82.667989] splice_direct_to_actor+0x222/0x7b0 [ 82.672664] ? generic_pipe_buf_nosteal+0x10/0x10 [ 82.677509] ? do_splice_to+0x170/0x170 [ 82.681512] ? rw_verify_area+0xea/0x2b0 [ 82.685596] do_splice_direct+0x18d/0x230 [ 82.689750] ? splice_direct_to_actor+0x7b0/0x7b0 [ 82.694601] ? rw_verify_area+0xea/0x2b0 [ 82.698664] do_sendfile+0x4db/0xbd0 [ 82.702385] ? do_compat_pwritev64+0x140/0x140 [ 82.706977] ? put_timespec64+0xb4/0x100 [ 82.711041] ? nsecs_to_jiffies+0x30/0x30 [ 82.715195] SyS_sendfile64+0x102/0x110 [ 82.719165] ? SyS_sendfile+0x130/0x130 [ 82.723146] ? do_syscall_64+0x53/0x640 [ 82.727127] ? SyS_sendfile+0x130/0x130 [ 82.731105] do_syscall_64+0x1e8/0x640 [ 82.735010] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 82.739862] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 82.745051] RIP: 0033:0x459279 [ 82.748270] RSP: 002b:00007f2b312a5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 82.756066] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 82.763336] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 82.770607] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 82.777876] R10: 0000000000008000 R11: 0000000000000246 R12: 00007f2b312a66d4 [ 82.785139] R13: 00000000004c65f3 R14: 00000000004db268 R15: 00000000ffffffff [ 82.792410] Code: 06 00 00 e8 a1 20 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 82.811826] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff88806c2ff478 [ 82.858976] ---[ end trace 878ffed5f5ee3858 ]--- [ 82.864854] Kernel panic - not syncing: Fatal exception [ 82.871177] Kernel Offset: disabled [ 82.874798] Rebooting in 86400 seconds..