[ 57.823903] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts. [ 63.738228] random: sshd: uninitialized urandom read (32 bytes read) 2019/06/03 08:19:22 fuzzer started [ 63.941143] audit: type=1400 audit(1559549962.892:36): avc: denied { map } for pid=7139 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 65.687593] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/03 08:19:25 dialing manager at 10.128.0.105:43551 2019/06/03 08:19:26 syscalls: 2441 2019/06/03 08:19:26 code coverage: enabled 2019/06/03 08:19:26 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/06/03 08:19:26 extra coverage: extra coverage is not supported by the kernel 2019/06/03 08:19:26 setuid sandbox: enabled 2019/06/03 08:19:26 namespace sandbox: enabled 2019/06/03 08:19:26 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/03 08:19:26 fault injection: enabled 2019/06/03 08:19:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/03 08:19:26 net packet injection: enabled 2019/06/03 08:19:26 net device setup: enabled [ 68.827500] random: crng init done 08:20:11 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e18014c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae955baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e00005480") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xffffff54) 08:20:11 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0xe0, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x38, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_BEARER={0x7c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @multicast2}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @remote}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @dev}}}}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_ADDR={0x8}]}, @TIPC_NLA_BEARER={0x4}]}, 0xe0}}, 0x0) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 08:20:11 executing program 3: r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) accept$packet(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x66, &(0x7f0000183f92)={@random="cd39f2081b0b", @random="9a8c87bcb5a4", [], {@ipv6={0x86dd, {0x0, 0x6, "0aff0f", 0x30, 0x3a, 0x0, @ipv4, @mcast2, {[], @icmpv6=@pkt_toobig={0xffffff80, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}, @loopback}}}}}}}, 0x0) pread64(r0, &(0x7f0000002640)=""/207, 0xfffffede, 0x0) write(0xffffffffffffffff, 0x0, 0x0) getegid() 08:20:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00006a1000)={&(0x7f0000f88fa0)={0x2, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in6}, @sadb_sa={0x2}, @sadb_address={0x2000018b}]}, 0x50}}, 0x0) 08:20:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x0) r0 = open(&(0x7f00000001c0)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 08:20:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000740)={0x5c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_ADDR={0x8}]}]}, 0x5c}}, 0x0) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 112.685472] audit: type=1400 audit(1559550011.632:37): avc: denied { map } for pid=7139 comm="syz-fuzzer" path="/root/syzkaller-shm168018513" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 112.743174] audit: type=1400 audit(1559550011.652:38): avc: denied { map } for pid=7156 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13808 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 113.740208] IPVS: ftp: loaded support on port[0] = 21 [ 114.011375] NET: Registered protocol family 30 [ 114.015994] Failed to register TIPC socket type [ 114.938803] IPVS: ftp: loaded support on port[0] = 21 [ 114.953260] NET: Registered protocol family 30 [ 114.972420] Failed to register TIPC socket type [ 115.089949] chnl_net:caif_netlink_parms(): no params data found [ 115.377563] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.466058] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.549115] device bridge_slave_0 entered promiscuous mode [ 115.662288] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.668800] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.777833] device bridge_slave_1 entered promiscuous mode [ 116.174916] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 116.437991] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 116.972086] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 117.100508] team0: Port device team_slave_0 added [ 117.297943] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 117.420765] team0: Port device team_slave_1 added [ 117.686612] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 117.944667] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 118.342761] device hsr_slave_0 entered promiscuous mode [ 118.715856] device hsr_slave_1 entered promiscuous mode [ 118.871404] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 119.117802] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 119.334715] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 120.056390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.243162] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 120.451653] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.458046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.472188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.622798] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 120.628926] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.911719] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 120.918862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.956976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 121.030574] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.037146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.216189] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 121.337544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.360669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 121.430684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 121.438465] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.444900] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.616956] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 121.711322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 121.812629] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 121.819554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 121.962072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 121.969005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 122.003771] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 122.076382] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 122.152783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 122.162282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 122.220584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 122.289678] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 122.364322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 122.381927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 122.484228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 122.587273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 122.601005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 122.628862] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 122.700249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 122.808482] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 123.002210] 8021q: adding VLAN 0 to HW filter on device batadv0 08:20:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e18014c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae955baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e00005480") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xffffff54) 08:20:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e18014c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae955baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e00005480") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xffffff54) [ 124.912839] IPVS: ftp: loaded support on port[0] = 21 [ 125.171883] NET: Registered protocol family 30 [ 125.176519] Failed to register TIPC socket type 08:20:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e18014c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae955baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e00005480") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xffffff54) 08:20:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e18014c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae955baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e00005480") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xffffff54) 08:20:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e18014c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae955baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e00005480") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xffffff54) [ 127.280195] IPVS: ftp: loaded support on port[0] = 21 [ 127.532038] NET: Registered protocol family 30 [ 127.536680] Failed to register TIPC socket type 08:20:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000100)="f2af91930f0124eda133fa20430fbafce842f66188d0d4e18014c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae955baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e00005480") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xffffff54) 08:20:27 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) lseek(r0, 0x0, 0x3) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') write$UHID_CREATE2(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="0b00000073797a3100000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000003fffffe500dcea1523674e4fc200000000000000000000000000000008225bc600000000049dec26a8eb0cf100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000c86a6d0000000000000000686a96ee87ce00000000000000000000bff0e7c972e359a70000000032118300acc400b048173dfe97d9000104000400000000090000004ba3185441d8ef0ba5194719b68644e3b64f21174d5afe55a7c6cfc26de9edec7b4bae4b4fda8eaef1ee8d81da25fb9ca96d5e3fd0f47e906cf9778553a9341e9ee2a88f216bba214c5aea3b72f6987110c79b8a15cffdc36009808c7c4ee3aa990dd262a2ded1c9c2097dc476067ef62c5d4cc612bb8601000080000000000000063887e2662ce8a60f81e1bc1dff064ecd73e1f878fd338a2b55fd4900000000000000000000586d733524deed0c349a7f62089fde1399217c9720b4f6b17e8d689b913b84436c04b6fdac37f4f0ef451a"], 0x1) fcntl$setown(r2, 0x8, 0x0) sendfile(r3, r4, 0x0, 0x8000) prctl$PR_SVE_SET_VL(0x32, 0x1000000030a6d) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000040)={{0x0, 0x401}, {}, 0x8, 0x1}) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0) ioctl(r5, 0xffffffffffffffb2, &(0x7f0000000040)) dup2(r6, r5) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5024, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) [ 128.646622] audit: type=1400 audit(1559550027.592:39): avc: denied { map } for pid=7814 comm="syz-executor.5" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=26452 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 128.723121] hrtimer: interrupt took 25898 ns [ 128.753775] kasan: CONFIG_KASAN_INLINE enabled [ 128.759863] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 128.775081] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 128.781372] Modules linked in: [ 128.784750] CPU: 1 PID: 7816 Comm: syz-executor.5 Not tainted 4.14.123 #17 [ 128.791859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.801228] task: ffff88806d05a3c0 task.stack: ffff88806bc50000 [ 128.807299] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 128.812236] RSP: 0018:ffff88806bc57478 EFLAGS: 00010a06 [ 128.818565] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc9000602e000 [ 128.825852] RDX: 1bd5a0000000000c RSI: ffffffff84cc851f RDI: dead000000000060 [ 128.833482] RBP: ffff88806bc57508 R08: ffff88808ba07708 R09: ffffed100dbe007c [ 128.840881] R10: ffffed100dbe007b R11: ffff88806df003dd R12: dffffc0000000000 [ 128.848172] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3fe0 [ 128.855462] FS: 00007f2dd7c39700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 128.863693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.869627] CR2: 0000001b3302a000 CR3: 000000008e207000 CR4: 00000000001406e0 [ 128.876907] Call Trace: [ 128.879508] ? seq_list_next+0x5e/0x80 [ 128.883956] seq_read+0xb46/0x1280 [ 128.887520] ? seq_lseek+0x3c0/0x3c0 [ 128.891251] ? selinux_file_permission+0x85/0x480 [ 128.896106] proc_reg_read+0xfa/0x170 [ 128.899924] ? seq_lseek+0x3c0/0x3c0 [ 128.903648] do_iter_read+0x3e2/0x5b0 [ 128.907457] vfs_readv+0xd3/0x130 [ 128.910925] ? compat_rw_copy_check_uvector+0x310/0x310 [ 128.916293] ? push_pipe+0x3e6/0x780 [ 128.920021] default_file_splice_read+0x421/0x7b0 [ 128.924872] ? __kmalloc+0x15d/0x7a0 [ 128.928590] ? alloc_pipe_info+0x15c/0x380 [ 128.932847] ? splice_direct_to_actor+0x5d2/0x7b0 [ 128.937794] ? do_splice_direct+0x18d/0x230 [ 128.942131] ? do_splice_direct+0x230/0x230 [ 128.946662] ? trace_hardirqs_on+0x10/0x10 [ 128.950903] ? retint_kernel+0x2d/0x2d [ 128.954805] ? trace_hardirqs_on_caller+0x400/0x590 [ 128.959829] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 128.964608] ? security_file_permission+0x9e/0x1f0 [ 128.969555] ? security_file_permission+0x89/0x1f0 [ 128.974507] ? rw_verify_area+0xea/0x2b0 [ 128.978571] ? do_splice_direct+0x230/0x230 [ 128.982902] do_splice_to+0x105/0x170 [ 128.986707] splice_direct_to_actor+0x222/0x7b0 [ 128.992903] ? generic_pipe_buf_nosteal+0x10/0x10 [ 128.997760] ? do_splice_to+0x170/0x170 [ 129.001735] ? rw_verify_area+0xea/0x2b0 [ 129.005804] do_splice_direct+0x18d/0x230 [ 129.009952] ? splice_direct_to_actor+0x7b0/0x7b0 [ 129.014803] ? do_sendfile+0x388/0xbd0 [ 129.018697] do_sendfile+0x4db/0xbd0 [ 129.022420] ? do_compat_pwritev64+0x140/0x140 [ 129.027038] ? put_timespec64+0xb4/0x100 [ 129.031106] ? nsecs_to_jiffies+0x30/0x30 [ 129.035266] SyS_sendfile64+0x102/0x110 [ 129.039248] ? SyS_sendfile+0x130/0x130 [ 129.043229] ? do_syscall_64+0x53/0x640 [ 129.047217] ? SyS_sendfile+0x130/0x130 [ 129.051202] do_syscall_64+0x1e8/0x640 [ 129.055095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 129.059951] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 129.065141] RIP: 0033:0x459279 [ 129.068332] RSP: 002b:00007f2dd7c38c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 129.076066] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 129.083349] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 129.090642] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 129.097925] R10: 0000000000008000 R11: 0000000000000246 R12: 00007f2dd7c396d4 [ 129.105202] R13: 00000000004c65f3 R14: 00000000004db268 R15: 00000000ffffffff [ 129.112532] Code: 06 00 00 e8 a1 20 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 129.131662] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff88806bc57478 [ 129.140443] ---[ end trace 679c18b39dd05d7c ]--- [ 129.145341] Kernel panic - not syncing: Fatal exception [ 129.151807] Kernel Offset: disabled [ 129.155431] Rebooting in 86400 seconds..