[?25l[?1c7[ ok 8[?25h[?0c. [ 35.087450] audit: type=1800 audit(1559765233.299:33): pid=7025 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 35.113190] audit: type=1800 audit(1559765233.309:34): pid=7025 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.371958] random: sshd: uninitialized urandom read (32 bytes read) [ 46.825026] audit: type=1400 audit(1559765245.039:35): avc: denied { map } for pid=7198 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 46.869385] random: sshd: uninitialized urandom read (32 bytes read) [ 47.548214] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.45' (ECDSA) to the list of known hosts. [ 53.184320] random: sshd: uninitialized urandom read (32 bytes read) 2019/06/05 20:07:31 fuzzer started [ 53.380879] audit: type=1400 audit(1559765251.599:36): avc: denied { map } for pid=7208 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.145257] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/05 20:07:34 dialing manager at 10.128.0.105:44623 2019/06/05 20:07:34 syscalls: 2444 2019/06/05 20:07:34 code coverage: enabled 2019/06/05 20:07:34 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/06/05 20:07:34 extra coverage: extra coverage is not supported by the kernel 2019/06/05 20:07:34 setuid sandbox: enabled 2019/06/05 20:07:34 namespace sandbox: enabled 2019/06/05 20:07:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/05 20:07:34 fault injection: enabled 2019/06/05 20:07:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/05 20:07:34 net packet injection: enabled 2019/06/05 20:07:34 net device setup: enabled [ 57.152386] random: crng init done 20:07:40 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xb, 0x40, 0xa9, 0x5, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000664f000002800000850800000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xa, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x2, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x27}], &(0x7f0000000300)='GPL\x00', 0x1, 0xa7, &(0x7f00000004c0)=""/167}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x0, 0xe, 0x0, &(0x7f0000000280)="47576def21c8ec0fb34a564c13f2", 0x0, 0x404}, 0x28) 20:07:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x100000e, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x803, 0x1) getsockopt(r1, 0xff, 0x1, &(0x7f0000001180)=""/166, &(0x7f0000000040)=0x9) 20:07:40 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) listen(r0, 0xbc) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000040)=@routing, 0x8) accept4(r0, &(0x7f0000000440)=@hci, 0x0, 0x0) 20:07:40 executing program 2: syz_emit_ethernet(0x2a, &(0x7f0000000040)={@broadcast, @empty, [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @remote, @dev, @random="75022981b6a4", @loopback}}}}, 0x0) 20:07:40 executing program 3: r0 = userfaultfd(0x0) sigaltstack(&(0x7f000073a000/0x1000)=nil, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 20:07:40 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) sched_setaffinity(0x0, 0xffffff55, &(0x7f00000000c0)=0x5) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r2 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x2, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8000) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000000)='.//ile0\x00') connect(0xffffffffffffffff, &(0x7f0000000480)=@l2={0x1f, 0x6358, {0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0x8cc1}, 0x80) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) sendmsg(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x3, {0xa, 0x4e23, 0x80, @dev={0xfe, 0x80, [], 0x16}}}}, 0x80, &(0x7f0000000800)=[{0x0}], 0x1}, 0x4000) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r3, &(0x7f0000000240)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) [ 62.372641] audit: type=1400 audit(1559765260.589:37): avc: denied { map } for pid=7208 comm="syz-fuzzer" path="/root/syzkaller-shm061802731" dev="sda1" ino=16490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 62.404672] audit: type=1400 audit(1559765260.619:38): avc: denied { map } for pid=7224 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=23 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 63.090226] IPVS: ftp: loaded support on port[0] = 21 [ 63.361254] NET: Registered protocol family 30 [ 63.365858] Failed to register TIPC socket type [ 64.225530] IPVS: ftp: loaded support on port[0] = 21 [ 64.245076] NET: Registered protocol family 30 [ 64.249721] Failed to register TIPC socket type [ 64.385980] chnl_net:caif_netlink_parms(): no params data found [ 64.647182] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.703328] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.741720] device bridge_slave_0 entered promiscuous mode [ 64.782317] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.790604] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.890530] device bridge_slave_1 entered promiscuous mode [ 65.284559] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 65.543149] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 66.077699] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 66.248879] team0: Port device team_slave_0 added [ 66.423056] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 66.451097] team0: Port device team_slave_1 added [ 66.630706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 66.811597] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 67.125110] device hsr_slave_0 entered promiscuous mode [ 67.291235] device hsr_slave_1 entered promiscuous mode [ 67.475488] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 67.568053] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 67.808188] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 68.240358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.373106] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.538462] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.600241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.608077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.699097] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 68.786612] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.892370] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 68.899438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.952282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.030747] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.037256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.164069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.325945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.334462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.379228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.421651] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.428037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.491550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 69.498630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.622384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 69.629329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.714405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.771172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.779122] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.852009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.919610] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.931746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.991354] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.061382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 70.112183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 70.121016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.149974] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 70.220796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 70.228428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.321275] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 70.327345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.441392] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 70.543723] 8021q: adding VLAN 0 to HW filter on device batadv0 20:07:52 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xb, 0x40, 0xa9, 0x5, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000664f000002800000850800000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xa, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x2, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x27}], &(0x7f0000000300)='GPL\x00', 0x1, 0xa7, &(0x7f00000004c0)=""/167}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x0, 0xe, 0x0, &(0x7f0000000280)="47576def21c8ec0fb34a564c13f2", 0x0, 0x404}, 0x28) 20:07:52 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xb, 0x40, 0xa9, 0x5, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000664f000002800000850800000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xa, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x2, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x27}], &(0x7f0000000300)='GPL\x00', 0x1, 0xa7, &(0x7f00000004c0)=""/167}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x0, 0xe, 0x0, &(0x7f0000000280)="47576def21c8ec0fb34a564c13f2", 0x0, 0x404}, 0x28) 20:07:52 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xb, 0x40, 0xa9, 0x5, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000664f000002800000850800000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xa, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x2, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x27}], &(0x7f0000000300)='GPL\x00', 0x1, 0xa7, &(0x7f00000004c0)=""/167}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x0, 0xe, 0x0, &(0x7f0000000280)="47576def21c8ec0fb34a564c13f2", 0x0, 0x404}, 0x28) 20:07:52 executing program 0: openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) lseek(r0, 0x0, 0x1) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') write$UHID_CREATE2(r4, &(0x7f0000000480)=ANY=[@ANYBLOB="0b00000073797a3100000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000003fffffe500dcea1523674e4fc200000000000000000000000000000008225bc600000000049dec26a8eb0cf100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000000000002000000000000000000000000000000000000000000000686a96ee87ce00000000000000000000bff0e7c972e359a70000000032118300acc400b01d373dfe97d9000104000000000000090000004ba3185441d8ef0ba51947190a0bb05049ddb68644e3b64f21174d5afe551699cfc26de9edec7b4bae4b4fda8eaef1ee8d81da25fb9ca96d5e3fd0f47e906cf9778553a9341e9ee2a88f216bba214c5aea3b72f6987110c79b8a15cffdc36009808c7c4ee3aa990dd262a2ded1c9c2097dc476067ef62c5d4cc612bb8601000080000000000000063887e2662ce8a60f81e1bc1dff064ecd73e1f878fd338a2b55fd4900000000000000000000586d733524deed0c349a7f62089fde1399217c9720b4f6b17e8d689b913b84436c04b6fdac37f4f0ef451a911ad9"], 0x1) fcntl$setown(r2, 0x8, 0x0) sendfile(r3, r4, 0x0, 0x8000) prctl$PR_SVE_SET_VL(0x32, 0x1000000030a6d) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000040)={{0x0, 0x401}, {}, 0x8, 0x1}) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0) ioctl(r5, 0xffffffffffffffb2, &(0x7f0000000040)) dup2(r6, r5) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5024, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) [ 74.408352] audit: type=1400 audit(1559765272.619:39): avc: denied { map } for pid=7871 comm="syz-executor.0" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=27604 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 74.450052] hrtimer: interrupt took 44478 ns [ 74.567557] kasan: CONFIG_KASAN_INLINE enabled [ 74.577617] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 74.585496] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 74.591752] Modules linked in: [ 74.597049] CPU: 1 PID: 7873 Comm: syz-executor.0 Not tainted 4.14.123 #17 [ 74.604070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.613784] task: ffff8880952e6000 task.stack: ffff888098558000 [ 74.619861] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 74.624560] RSP: 0018:ffff88809855f478 EFLAGS: 00010a06 [ 74.629948] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc9000601e000 [ 74.638252] RDX: 1bd5a0000000000c RSI: ffffffff84cc851f RDI: dead000000000060 [ 74.645537] RBP: ffff88809855f508 R08: ffff8880a870f588 R09: ffffed100dd52dbc [ 74.652817] R10: ffffed100dd52dbb R11: ffff88806ea96ddd R12: dffffc0000000000 [ 74.660100] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3fe0 [ 74.667382] FS: 00007f41bdb05700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 74.675615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.681513] CR2: 0000001b2f52a000 CR3: 0000000092ff6000 CR4: 00000000001406e0 [ 74.688796] Call Trace: [ 74.691403] ? seq_list_next+0x5e/0x80 [ 74.695302] seq_read+0xb46/0x1280 [ 74.698861] ? seq_lseek+0x3c0/0x3c0 [ 74.702647] ? check_preemption_disabled+0x3c/0x250 [ 74.707798] ? retint_kernel+0x2d/0x2d [ 74.711703] proc_reg_read+0xfa/0x170 [ 74.715517] ? seq_lseek+0x3c0/0x3c0 [ 74.719242] do_iter_read+0x3e2/0x5b0 [ 74.723065] vfs_readv+0xd3/0x130 [ 74.726575] ? compat_rw_copy_check_uvector+0x310/0x310 [ 74.731955] ? iov_iter_get_pages_alloc+0xb8d/0xef0 [ 74.737076] ? iov_iter_pipe+0x9f/0x2c0 [ 74.742594] default_file_splice_read+0x421/0x7b0 [ 74.747450] ? __kmalloc+0x15d/0x7a0 [ 74.751172] ? alloc_pipe_info+0x15c/0x380 [ 74.755418] ? splice_direct_to_actor+0x5d2/0x7b0 [ 74.760366] ? do_splice_direct+0x18d/0x230 [ 74.764697] ? do_splice_direct+0x230/0x230 [ 74.769035] ? check_preemption_disabled+0x3c/0x250 [ 74.774071] ? trace_hardirqs_on_caller+0x400/0x590 [ 74.779111] ? check_preemption_disabled+0x3c/0x250 [ 74.784152] ? __inode_security_revalidate+0xd6/0x130 [ 74.789359] ? selinux_file_permission+0x14e/0x480 [ 74.794293] ? avc_policy_seqno+0x9/0x20 [ 74.798343] ? selinux_file_permission+0x85/0x480 [ 74.803180] ? security_file_permission+0x89/0x1f0 [ 74.808103] ? rw_verify_area+0xea/0x2b0 [ 74.812270] ? do_splice_direct+0x230/0x230 [ 74.816669] do_splice_to+0x105/0x170 [ 74.820471] splice_direct_to_actor+0x222/0x7b0 [ 74.825432] ? generic_pipe_buf_nosteal+0x10/0x10 [ 74.830271] ? do_splice_to+0x170/0x170 [ 74.834235] ? rw_verify_area+0xea/0x2b0 [ 74.838600] do_splice_direct+0x18d/0x230 [ 74.842740] ? splice_direct_to_actor+0x7b0/0x7b0 [ 74.847852] ? rw_verify_area+0xea/0x2b0 [ 74.851898] do_sendfile+0x4db/0xbd0 [ 74.855598] ? do_compat_pwritev64+0x140/0x140 [ 74.860310] ? SyS_clock_gettime+0xf8/0x180 [ 74.864620] SyS_sendfile64+0x102/0x110 [ 74.868590] ? SyS_sendfile+0x130/0x130 [ 74.872565] ? do_syscall_64+0x53/0x640 [ 74.876529] ? SyS_sendfile+0x130/0x130 [ 74.880517] do_syscall_64+0x1e8/0x640 [ 74.884392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 74.889311] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 74.894512] RIP: 0033:0x459279 [ 74.897689] RSP: 002b:00007f41bdb04c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 74.905391] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 74.912646] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 74.919903] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 74.927163] R10: 0000000000008000 R11: 0000000000000246 R12: 00007f41bdb056d4 [ 74.934426] R13: 00000000004c65f3 R14: 00000000004db2a8 R15: 00000000ffffffff [ 74.941684] Code: 06 00 00 e8 a1 20 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 74.960874] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff88809855f478 [ 74.990199] ---[ end trace 0df410ff69968c6a ]--- [ 74.995108] Kernel panic - not syncing: Fatal exception [ 75.001429] Kernel Offset: disabled [ 75.005064] Rebooting in 86400 seconds..