[ 56.274686] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. [ 61.775106] random: sshd: uninitialized urandom read (32 bytes read) 2019/06/08 03:26:00 fuzzer started [ 61.969118] audit: type=1400 audit(1559964360.738:36): avc: denied { map } for pid=6984 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 63.455409] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/08 03:26:02 dialing manager at 10.128.0.105:44383 2019/06/08 03:26:02 syscalls: 2444 2019/06/08 03:26:02 code coverage: enabled 2019/06/08 03:26:02 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/06/08 03:26:02 extra coverage: extra coverage is not supported by the kernel 2019/06/08 03:26:02 setuid sandbox: enabled 2019/06/08 03:26:02 namespace sandbox: enabled 2019/06/08 03:26:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/08 03:26:02 fault injection: enabled 2019/06/08 03:26:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/08 03:26:02 net packet injection: enabled 2019/06/08 03:26:02 net device setup: enabled 03:26:05 executing program 0: 03:26:05 executing program 5: 03:26:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/protocols\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 66.302442] audit: type=1400 audit(1559964365.078:37): avc: denied { map } for pid=6984 comm="syz-fuzzer" path="/root/syzkaller-shm815588076" dev="sda1" ino=16488 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 03:26:05 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='pagemap\x00') r1 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) r3 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0xea5a, 0x1}) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f00000000c0)={0x0, 0x0}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffd8) prctl$PR_SET_TSC(0x1a, 0x2) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1000000000401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f0000000040)=0xe8) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000080)=r4) sendmsg$nl_xfrm(r1, &(0x7f0000001a80)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f0000000180)=ANY=[@ANYBLOB="1ceaffff2c1d239e5d7b17417c2bef2dff80faf713cb5be05e10c38a041bf6c0f8cdf6c64f6b71fe705c19d63e2b895362583db4b4028440518f3350c26a6c817478a63e75ef24b78ebe8849259ae519178086d98638fabad97e523dfad0c8773db467c70c5ea6fdcf7c368602192e99a6dcac5738fccb8473110000000000"], 0x1}}, 0x0) pread64(r0, 0x0, 0x0, 0x0) 03:26:05 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000200)="11dca5055e0bcfec7be070") setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000001180), 0x4) 03:26:05 executing program 1: getrandom(&(0x7f0000000080)=""/44, 0xffffffffffffffa3, 0x0) mknod(&(0x7f0000000100)='./bus\x00', 0x20ffe, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) execve(&(0x7f0000000280)='./bus\x00', 0x0, &(0x7f0000000400)) [ 66.335483] audit: type=1400 audit(1559964365.108:38): avc: denied { map } for pid=7001 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=40 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 67.310235] IPVS: ftp: loaded support on port[0] = 21 [ 67.581361] NET: Registered protocol family 30 [ 67.586350] Failed to register TIPC socket type [ 68.482091] IPVS: ftp: loaded support on port[0] = 21 [ 68.514759] NET: Registered protocol family 30 [ 68.519389] Failed to register TIPC socket type [ 68.557458] chnl_net:caif_netlink_parms(): no params data found [ 68.854202] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.892202] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.912020] device bridge_slave_0 entered promiscuous mode [ 68.962118] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.968708] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.017518] device bridge_slave_1 entered promiscuous mode [ 69.502965] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.772707] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.426970] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.566658] team0: Port device team_slave_0 added [ 70.722440] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 70.860359] team0: Port device team_slave_1 added [ 70.989776] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.345548] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 71.971820] device hsr_slave_0 entered promiscuous mode [ 72.141014] device hsr_slave_1 entered promiscuous mode [ 72.488286] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 72.625847] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 72.901711] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.575397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.763319] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 73.947759] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 74.013611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.032850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.161760] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 74.167882] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.433738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.520509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.528525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.651347] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.657870] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.797621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.891295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.898495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.011748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.111133] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.119051] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.267985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 75.340941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.421737] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 75.471115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.542771] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 75.549726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.571763] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.600896] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.728374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 75.799414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.810929] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.884505] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 75.950304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.958006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.045247] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 76.103410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.130597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.187426] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 76.260937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.350722] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 76.471904] 8021q: adding VLAN 0 to HW filter on device batadv0 03:26:15 executing program 5: open(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/protocols\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 77.131803] kasan: CONFIG_KASAN_INLINE enabled [ 77.136539] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 77.198201] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 77.204484] Modules linked in: [ 77.207693] CPU: 0 PID: 7600 Comm: syz-executor.5 Not tainted 4.14.123 #17 [ 77.214710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.224071] task: ffff8880a3dce600 task.stack: ffff8880726a8000 [ 77.230142] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 77.234814] RSP: 0018:ffff8880726af930 EFLAGS: 00010a06 [ 77.240183] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc90006440000 [ 77.247455] RDX: 1bd5a0000000000c RSI: ffffffff84cc851f RDI: dead000000000060 [ 77.254735] RBP: ffff8880726af9c0 R08: ffff8880a9ba3488 R09: ffffed100e2f45bf [ 77.262094] R10: ffffed100e2f45be R11: ffff8880717a2df5 R12: dead000000000100 [ 77.269890] R13: ffffffff86ee3fe0 R14: dffffc0000000000 R15: 0000000000000076 [ 77.277187] FS: 00007fea68d15700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 77.285416] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.291299] CR2: 00007f69085b11b0 CR3: 00000000a7242000 CR4: 00000000001406f0 [ 77.298580] Call Trace: [ 77.301182] ? seq_list_next+0x5e/0x80 [ 77.305090] traverse+0x319/0x880 [ 77.308552] ? seq_hlist_next+0xc0/0xc0 [ 77.312535] seq_read+0x9e5/0x1280 [ 77.316087] ? __inode_security_revalidate+0xd6/0x130 [ 77.321285] ? seq_lseek+0x3c0/0x3c0 [ 77.325001] ? avc_policy_seqno+0x9/0x20 [ 77.329069] ? selinux_file_permission+0x85/0x480 [ 77.333924] proc_reg_read+0xfa/0x170 [ 77.337730] ? seq_lseek+0x3c0/0x3c0 [ 77.341444] do_iter_read+0x3e2/0x5b0 [ 77.345267] vfs_readv+0xd3/0x130 [ 77.348729] ? compat_rw_copy_check_uvector+0x310/0x310 [ 77.354117] ? __fget+0x237/0x370 [ 77.357575] ? __fget_light+0x172/0x1f0 [ 77.361562] do_preadv+0x15d/0x200 [ 77.365115] ? do_readv+0x220/0x220 [ 77.368820] ? SyS_clock_gettime+0xf8/0x180 [ 77.373146] ? SyS_writev+0x30/0x30 [ 77.376780] SyS_preadv+0x31/0x40 [ 77.380263] do_syscall_64+0x1e8/0x640 [ 77.384150] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 77.389005] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 77.394197] RIP: 0033:0x459279 [ 77.397387] RSP: 002b:00007fea68d14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 77.405211] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 77.412490] RDX: 00000000000001fe RSI: 00000000200017c0 RDI: 0000000000000004 [ 77.419762] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 77.427060] R10: 0000400000000000 R11: 0000000000000246 R12: 00007fea68d156d4 [ 77.434335] R13: 00000000004c6376 R14: 00000000004dae78 R15: 00000000ffffffff [ 77.441635] Code: 06 00 00 e8 a1 20 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 77.460865] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff8880726af930 [ 77.568091] ---[ end trace 4a9d25bfeac1ba86 ]--- [ 77.573214] Kernel panic - not syncing: Fatal exception [ 77.579599] Kernel Offset: disabled [ 77.583220] Rebooting in 86400 seconds..