Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts. [ 43.789149] random: sshd: uninitialized urandom read (32 bytes read) 2019/05/26 08:27:43 fuzzer started [ 43.987673] audit: type=1400 audit(1558859263.497:36): avc: denied { map } for pid=7143 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.488540] random: cc1: uninitialized urandom read (8 bytes read) 2019/05/26 08:27:45 dialing manager at 10.128.0.105:40355 2019/05/26 08:27:46 syscalls: 2441 2019/05/26 08:27:46 code coverage: enabled 2019/05/26 08:27:46 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/05/26 08:27:46 extra coverage: extra coverage is not supported by the kernel 2019/05/26 08:27:46 setuid sandbox: enabled 2019/05/26 08:27:46 namespace sandbox: enabled 2019/05/26 08:27:46 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/26 08:27:46 fault injection: enabled 2019/05/26 08:27:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/26 08:27:46 net packet injection: enabled 2019/05/26 08:27:46 net device setup: enabled [ 48.078957] random: crng init done 08:28:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02000000bf0100000000000000000000ba010000086e000021232948de042774602f36cddb4aa287b3b3312d91f7cd26167f6444b666a5c2b5023d6da31997c5864183bb5548c8d5210899d6b5b6d5efcd76ffd06e3e62e26c761a6047d17f3aed967ad2b9eaceeae2cb7df923371fd5e88cb2109310447fd0b311245765d6097e53a8c17cc048956f81eae779bb571cacac48a457bd4d0318be01a875d806aca29bdd1e448d160dee6cb1b7154b67078c77c404f67883fdeea217dddce5faf01620da79e102ffa9192e2b0b89fc559edd377d1ba0dce6baf4f99d80879756b350f508"], 0xe3}}, 0x0) syz_execute_func(&(0x7f0000000180)="f2af91930f0124eda133fa20430fbafce842f66188d0d4f814c1ab5be2f9660f3a0fae5e090000ba44d8d1c401f5ef1ac4817d73d74ec4a275bd153c78ab7749f216c863fa43c4c2750ade1bdbae95c4e1a05d6b06aa420f383c02c401405c6bfdc402b504a60080000068d768f833c4a1cd61b3b23c0000ab26dbc1a1fe5ff6f6df0804f4c4efa59cc442abf58f104eb547288ba6452e000054c4431d3e660f6e7f3c") 08:28:00 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123ccfe5219bd070") openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) syz_execute_func(&(0x7f0000000140)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e1801493ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a9f340ae955baaaa420f383c02c401405c6bfd49d768d768f833fefb430f1299feefffff6464660f38323c8f26dbc1a1fe5ff6f6df0804f4ebef26450f01dd9c0f01c40a8ba6452e006148551c7180") 08:28:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$key(0xffffffffffffffff, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="020000ff770100000000000000000000759632ea35309d0c4a1381cd380118000000990be4af704a6d3c8db59ba5b5cdbd99133f335d8b0e6906aa8d07202573ed6d05b95b5ea23f2025cef12fd919df765410dc5d0f3c5b5be5a1df1d8cc8d7d80d0b4296f27be2f6"], 0x69}}, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000180)="f2af91cd800f0124eda133fa20430fbafce842f66188d0ccab5bf9e2f905c7c7e4c653fb0fc48f68b4a2319c3af4a95bf9c44149f2168f4808eebce00000802000c863fa43adc4e17a6fe6450f01eee47c7c730f66400f386033338f0f14e7e7c401fc52e95ff67de7baba0fe7af5cc34a51c441a5609c8ba80000005499") 08:28:00 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x100, 0x0) timerfd_create(0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$KDSKBMODE(r0, 0x4b45, 0x0) socket$key(0xf, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000480)="f2f5fa3619356d3e5d1aa4b3368f0498f69679a1579376683f244c4bf3958452dfda200f8818750e04f24af2cca49405bcacea7cbaca3f3b3f8897557c4cfbd25191d7e89ccd8634a580ab950b6cc8230395ea8f67044f56ec50511af06d614e9bc54131389dced939e3acf9d047b9d4953f28458596e422033dff8fc3349e7846737ae6c4a55952ea8e9d42d037e25fc673f6fb439bf0af8e930825f15a8188f3703b1cb15824cab649367664ba6265cd059f6690f097d2b0d9a26c5c25f0fef9404f722eb4cc97ed00604a88659b043148f62a2bbf37c89800bef63c5f3089025233447b1e180d5c991098dbdbf4c1e65d70e50828641fa00000b97bcfb487") syz_execute_func(&(0x7f0000000580)="b13691cd806969ef69dc00d9d0d038c4ab39fd5bf9e2f9e2c7c7e4c653fb0fb0e2762e014cb63a38a95ff9c44149f216c421fc51c12aea01efc48192558dc3c3664545a318b34646c27d0fb3c442dd8e1100007c7c730f5726400f0d18c401fe5ff6e7df646736676666430fefb3000000000804f4f30f1a12856394c4a141d2e8") ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, 0x0) syz_execute_func(&(0x7f00000007c0)="c4a17b2dd04a2ae92ca842980f050d427ce444c4a37bf0c50241e2e9b5c422ebc4a249dc56eabb3c00ba00000fc7a4ea70db000000000f383a9e02000000110f9a8f698099005b091e2fdee5bebec42104ca67f30fedb216787600fe3c2424584243c4e10bf8d4d9c08fe978e125001000020f66420fc443ed0ed000c423c96cb83d000000fe2e2e66450f7d64c608c4a3bd4877f88a0383397fd3ff3a0065f20ffe7cd8d8a1a12ad764d3cf53afc421b1f56af38466f2abc4423d9f9346000000660f79cead768a8a9294d80200490f2d8f0b000000c2a0c10b00ccf0498785000000000d6572d33c6436b2aa66450fc46500000f01f9c441c05983f9070bb3ddcd4aa646808cb0159517f4dcc481c5f89780000000c483d94848f24b7d7526802d08000000fa67f243a75c450f91f3dac9c401fe70580869553131b83a00a2b0fbaf3b62") recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) 08:28:00 executing program 2: r0 = socket(0x40000000015, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @my}, 0x10) 08:28:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="02000000b5000000000000000000005188adfdb4cc55070002d9f133c0616c072a20139b9ac715e5c07c0227c829273502eb42cd8030f39022e15b9479d77bfc098beef32dc3fabf1cc4ad639e0db270328b9270a905b371c01c50d9abf9ded461f8319a489c42008752f1e5b2ccbbc331f3ca9f8d22703298cb979df160c59201fb8628e59c96f717025b"], 0x8b}}, 0x0) syz_execute_func(&(0x7f0000000100)="40ddb80000000091930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a900fbab7bab7baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 60.636816] audit: type=1400 audit(1558859280.147:37): avc: denied { map } for pid=7143 comm="syz-fuzzer" path="/root/syzkaller-shm162945061" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 60.681313] audit: type=1400 audit(1558859280.157:38): avc: denied { map } for pid=7161 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=17 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 60.873292] IPVS: ftp: loaded support on port[0] = 21 [ 61.071965] NET: Registered protocol family 30 [ 61.076613] Failed to register TIPC socket type [ 61.942697] IPVS: ftp: loaded support on port[0] = 21 [ 61.965643] NET: Registered protocol family 30 [ 61.992220] Failed to register TIPC socket type [ 62.117861] chnl_net:caif_netlink_parms(): no params data found [ 62.443995] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.530279] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.537901] device bridge_slave_0 entered promiscuous mode [ 62.717116] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.830165] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.837508] device bridge_slave_1 entered promiscuous mode [ 63.261042] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.405605] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.922453] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 64.010370] team0: Port device team_slave_0 added [ 64.272791] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 64.395500] team0: Port device team_slave_1 added [ 64.543554] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.917102] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 65.469978] device hsr_slave_0 entered promiscuous mode [ 65.634332] device hsr_slave_1 entered promiscuous mode [ 65.697736] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 65.866696] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 66.061704] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 66.492974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.567620] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 66.709342] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 66.830365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.838486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.948233] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 67.011634] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.155857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.203038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.230708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.301152] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.307686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.419559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.522768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 67.529949] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.608159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.673436] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.679829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.784575] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 67.871367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.986346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 68.084691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.174025] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 68.311251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 68.319164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.721690] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 68.941200] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.948282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.232524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.443925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 69.631439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.639028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.841928] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 70.048605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 70.089146] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.233133] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 70.239187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.471966] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 70.631246] 8021q: adding VLAN 0 to HW filter on device batadv0 08:28:11 executing program 5: r0 = socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x1, 0x1a4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000240], 0x2, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000110000000000000000007665746830000000000000000000000073010030000002000000ffff000000007663616e300000000000000000000000766c616e300000000000000000000000ffffffffffff0000000000000000000000000000003ae4000000b0000000f800000070010000737461746973746963000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000004552524f5200000000000000000000c1b7a4c90f8b3bcb0000000000000000002000000000000000ba0be9ca0b23a9a1ebaf3b44170401d4ab2351ab7128568e3a41a42e1c9b00006e666c6f6700000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000002ce719c99cffcbf4d7e80e410bb5007c6981466b6431c7e6b129fcead3f149b589996102627779dc3b23bf8250fc3acd9e8be08a4bbab9be219f504cae3a7e4d0000000000000000"]}, 0x21c) 08:28:11 executing program 5: r0 = socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x1, 0x1a4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000240], 0x2, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000110000000000000000007665746830000000000000000000000073010030000002000000ffff000000007663616e300000000000000000000000766c616e300000000000000000000000ffffffffffff0000000000000000000000000000003ae4000000b0000000f800000070010000737461746973746963000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000004552524f5200000000000000000000c1b7a4c90f8b3bcb0000000000000000002000000000000000ba0be9ca0b23a9a1ebaf3b44170401d4ab2351ab7128568e3a41a42e1c9b00006e666c6f6700000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000002ce719c99cffcbf4d7e80e410bb5007c6981466b6431c7e6b129fcead3f149b589996102627779dc3b23bf8250fc3acd9e8be08a4bbab9be219f504cae3a7e4d0000000000000000"]}, 0x21c) 08:28:11 executing program 5: r0 = socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x1, 0x1a4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000240], 0x2, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000110000000000000000007665746830000000000000000000000073010030000002000000ffff000000007663616e300000000000000000000000766c616e300000000000000000000000ffffffffffff0000000000000000000000000000003ae4000000b0000000f800000070010000737461746973746963000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000004552524f5200000000000000000000c1b7a4c90f8b3bcb0000000000000000002000000000000000ba0be9ca0b23a9a1ebaf3b44170401d4ab2351ab7128568e3a41a42e1c9b00006e666c6f6700000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000002ce719c99cffcbf4d7e80e410bb5007c6981466b6431c7e6b129fcead3f149b589996102627779dc3b23bf8250fc3acd9e8be08a4bbab9be219f504cae3a7e4d0000000000000000"]}, 0x21c) 08:28:11 executing program 5: r0 = socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x1, 0x1a4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000240], 0x2, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000110000000000000000007665746830000000000000000000000073010030000002000000ffff000000007663616e300000000000000000000000766c616e300000000000000000000000ffffffffffff0000000000000000000000000000003ae4000000b0000000f800000070010000737461746973746963000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000004552524f5200000000000000000000c1b7a4c90f8b3bcb0000000000000000002000000000000000ba0be9ca0b23a9a1ebaf3b44170401d4ab2351ab7128568e3a41a42e1c9b00006e666c6f6700000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000002ce719c99cffcbf4d7e80e410bb5007c6981466b6431c7e6b129fcead3f149b589996102627779dc3b23bf8250fc3acd9e8be08a4bbab9be219f504cae3a7e4d0000000000000000"]}, 0x21c) 08:28:11 executing program 5: openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r0, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) lseek(r0, 0x0, 0x80001) sendfile(r0, r0, &(0x7f0000000440), 0x20) sendfile(r0, r0, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') fcntl$getownex(r2, 0x10, &(0x7f0000000400)) r5 = getpid() fcntl$getown(r4, 0x9) fcntl$setown(r2, 0x8, r5) getsockopt$inet6_opts(r3, 0x29, 0x3f, &(0x7f00000004c0)=""/51, &(0x7f0000000580)=0x33) sendfile(r3, r4, 0x0, 0x8000) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000340)={0x6, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}]}) prctl$PR_SVE_SET_VL(0x32, 0x1000000030a6d) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) getxattr(&(0x7f0000000640)='./file0/file0\x00', &(0x7f0000000840)=ANY=[], 0x0, 0x187) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f0000000240)={'broute\x00'}, &(0x7f0000000180)=0x78) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) llistxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000500)=""/69, 0x45) syz_genetlink_get_family_id$tipc(&(0x7f0000000780)='TIPC\x00') mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x1910824, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) [ 71.955403] audit: type=1400 audit(1558859291.467:39): avc: denied { map } for pid=7799 comm="syz-executor.5" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=27785 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 72.016326] hrtimer: interrupt took 26733 ns [ 72.054032] kasan: CONFIG_KASAN_INLINE enabled [ 72.059748] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 72.067745] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 72.073999] Modules linked in: [ 72.077198] CPU: 1 PID: 7802 Comm: syz-executor.5 Not tainted 4.14.122 #16 [ 72.084205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.093558] task: ffff88808c2e62c0 task.stack: ffff88808c210000 [ 72.099618] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 72.104367] RSP: 0018:ffff88808c217478 EFLAGS: 00010a06 [ 72.109727] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc9000604e000 [ 72.116997] RDX: 1bd5a0000000000c RSI: ffffffff84cc751f RDI: dead000000000060 [ 72.124276] RBP: ffff88808c217508 R08: ffff888087929008 R09: ffffed10123e48c4 [ 72.131556] R10: ffffed10123e48c3 R11: ffff888091f2461d R12: dffffc0000000000 [ 72.138826] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3b20 [ 72.146100] FS: 00007fc756782700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 72.154337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.160310] CR2: 0000001b3352a000 CR3: 00000000a58ea000 CR4: 00000000001406e0 [ 72.167584] Call Trace: [ 72.170184] ? seq_list_next+0x5e/0x80 [ 72.174086] seq_read+0xb46/0x1280 [ 72.177638] ? trace_hardirqs_on_caller+0x400/0x590 [ 72.182662] ? seq_lseek+0x3c0/0x3c0 [ 72.186380] ? proc_reg_read+0x92/0x170 [ 72.190354] proc_reg_read+0xfa/0x170 [ 72.194158] ? seq_lseek+0x3c0/0x3c0 [ 72.197876] do_iter_read+0x3e2/0x5b0 [ 72.201681] vfs_readv+0xd3/0x130 [ 72.205161] ? push_pipe+0x3e6/0x780 [ 72.208875] ? compat_rw_copy_check_uvector+0x310/0x310 [ 72.214245] ? retint_kernel+0x2d/0x2d [ 72.218164] ? trace_hardirqs_on_caller+0x400/0x590 [ 72.223201] default_file_splice_read+0x421/0x7b0 [ 72.228048] ? trace_hardirqs_on_caller+0x400/0x590 [ 72.233085] ? do_splice_direct+0x230/0x230 [ 72.237597] ? __inode_security_revalidate+0xd6/0x130 [ 72.242874] ? avc_policy_seqno+0x9/0x20 [ 72.246961] ? selinux_file_permission+0x85/0x480 [ 72.251828] ? security_file_permission+0x89/0x1f0 [ 72.256760] ? rw_verify_area+0xea/0x2b0 [ 72.260827] ? do_splice_direct+0x230/0x230 [ 72.265151] do_splice_to+0x105/0x170 [ 72.268953] splice_direct_to_actor+0x222/0x7b0 [ 72.273644] ? generic_pipe_buf_nosteal+0x10/0x10 [ 72.278488] ? do_splice_to+0x170/0x170 [ 72.282467] ? rw_verify_area+0xea/0x2b0 [ 72.286530] do_splice_direct+0x18d/0x230 [ 72.290680] ? splice_direct_to_actor+0x7b0/0x7b0 [ 72.297085] ? rw_verify_area+0xea/0x2b0 [ 72.301149] do_sendfile+0x4db/0xbd0 [ 72.304876] ? do_compat_pwritev64+0x140/0x140 [ 72.309457] ? retint_kernel+0x2d/0x2d [ 72.313347] SyS_sendfile64+0x102/0x110 [ 72.317332] ? SyS_sendfile+0x130/0x130 [ 72.321314] ? do_syscall_64+0x53/0x640 [ 72.325287] ? SyS_sendfile+0x130/0x130 [ 72.329272] do_syscall_64+0x1e8/0x640 [ 72.333175] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 72.338027] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 72.343212] RIP: 0033:0x459279 [ 72.346405] RSP: 002b:00007fc756781c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 72.354115] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 72.361381] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 72.368647] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 72.375914] R10: 0000000000008000 R11: 0000000000000246 R12: 00007fc7567826d4 [ 72.383185] R13: 00000000004c65f3 R14: 00000000004db268 R15: 00000000ffffffff [ 72.390625] Code: 06 00 00 e8 61 2e 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 72.409870] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff88808c217478 [ 72.427318] ---[ end trace 4779a018e8244534 ]--- [ 72.432730] Kernel panic - not syncing: Fatal exception [ 72.438832] Kernel Offset: disabled [ 72.442457] Rebooting in 86400 seconds..