Warning: Permanently added '10.128.1.6' (ECDSA) to the list of known hosts. [ 45.177047] random: sshd: uninitialized urandom read (32 bytes read) 2019/05/27 11:44:25 fuzzer started [ 45.375902] audit: type=1400 audit(1558957465.311:36): avc: denied { map } for pid=7126 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.304098] random: cc1: uninitialized urandom read (8 bytes read) 2019/05/27 11:44:27 dialing manager at 10.128.0.105:46861 2019/05/27 11:44:28 syscalls: 2441 2019/05/27 11:44:28 code coverage: enabled 2019/05/27 11:44:28 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/05/27 11:44:28 extra coverage: extra coverage is not supported by the kernel 2019/05/27 11:44:28 setuid sandbox: enabled 2019/05/27 11:44:28 namespace sandbox: enabled 2019/05/27 11:44:28 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/27 11:44:28 fault injection: enabled 2019/05/27 11:44:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/27 11:44:28 net packet injection: enabled 2019/05/27 11:44:28 net device setup: enabled [ 49.971323] random: crng init done 11:44:31 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x54, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x40, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x54}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa206514dc42f66188d0d4e1801491ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a9f340ae955baaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4ebef26450f01dd9c0f01c4288ba6452e0000c46148551c7180") 11:44:31 executing program 0: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x800008800000001) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x8, 0x6}, 0x2c) getsockopt$inet_mreqsrc(r0, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x2c) 11:44:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="38b6896da1f06ac9c25b85b27e0d47253975ca48ad37b116c50a15e2a6b5d8cbe66023292a13114422c825ac2064881694807af3b4b049639b7555478c4810b5c3544340dcf0ed2fa314b84822bfb4aa1bef3831d264d04a81990ae8e6c00db245572d3d274afa5672a2cd4681e0870871e212e05bc228b74ebab1404e6f283e8fb64c7c854375401a405dba656641277510a06d5cc0803f2cd4b3f9dd048676bf83672ffde4342b79099f948d9e5a15405618d8bfe1792b90b51afab67e2c5d6b2a97c41bd498f8fb627db198b8433fa755c94b6c3b7175e87ea1efeee6687d9822a9239afef9d65b450413a5cd786fdefcbeadbf32511b2b75a40a03438bb120d525c24c8a88992c24d36ede8330a3ed7696827190000052a781164b83dfc13d2264252d99e150a5d169113677b2b9d4fdb3d3fe7b87e19e85666b2268f432c04b57158572a086a1221d3348567f2610219449ac68f907f3cf8489501d01f4ef69bb7383a6cd0954d4ed7b5d530472ff6ee3b23252997b389f5fde0e", @ANYPTR, @ANYPTR], 0x18d}}, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000180)="f2af91cd800f0124eda133fa20430fbafce842f66188d0efab5bf9e2f905c7c7e4c653fb0fc48f68b4a2319c3af4a95bf9c44149f2168f4808eebce00000802000c863fa43adc4e17a6fe6450f01eee47c7c730f66400f386033338f0f14e7e7c401fc52e95ff67de7baba0fe7af5cc34a51c441a5609c8ba80000005499") 11:44:31 executing program 1: socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x802, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f00000000c0)={{0x2, 0x0, @dev}, {0x0, @random="4f444d006fc4"}, 0xe, {0x2, 0x0, @initdev}, 'bpq0\x00'}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, 0x0, 0x0) 11:44:31 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @dev}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4) dup3(r1, r0, 0x0) syz_open_dev$vcsa(0x0, 0xe0000000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, 0x0, 0x4f}, 0x100) write$binfmt_elf64(r1, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 11:44:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x150, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0xdc, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9dbd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe249}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_MEDIA={0x14, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0x44, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x8000}, 0x5) syz_execute_func(&(0x7f0000000180)="f2af91cd800f0124eda133fa20430fbafce842f66188d0dcab5bf9e2f9c4e1af5d0353fb0fc48f68b4a2319c3af4a95bf9c44149f2168f4808eebce00000802000c863fa43adc4e17a6fe6450f01eee47c7c734512f8386033338f0f14e7e7c401fc52e95ff67de7baba0fe7af5cc34a51c441a5609c8ba80000005499") [ 51.398387] audit: type=1400 audit(1558957471.331:37): avc: denied { map } for pid=7126 comm="syz-fuzzer" path="/root/syzkaller-shm145858536" dev="sda1" ino=16489 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 51.480152] audit: type=1400 audit(1558957471.351:38): avc: denied { map } for pid=7142 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13816 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 52.300231] IPVS: ftp: loaded support on port[0] = 21 [ 52.581348] NET: Registered protocol family 30 [ 52.585980] Failed to register TIPC socket type [ 53.452517] IPVS: ftp: loaded support on port[0] = 21 [ 53.492863] NET: Registered protocol family 30 [ 53.497494] Failed to register TIPC socket type [ 53.583353] chnl_net:caif_netlink_parms(): no params data found [ 53.806276] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.860718] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.910912] device bridge_slave_0 entered promiscuous mode [ 53.976499] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.080285] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.141571] device bridge_slave_1 entered promiscuous mode [ 54.532317] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.715720] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.421700] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.561246] team0: Port device team_slave_0 added [ 55.713994] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.779904] team0: Port device team_slave_1 added [ 55.885362] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.075869] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.305837] device hsr_slave_0 entered promiscuous mode [ 56.383615] device hsr_slave_1 entered promiscuous mode [ 56.506300] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.643469] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.893665] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.504722] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.622752] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.731838] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.738100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.754419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.909363] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 57.972770] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.081612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.088722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.120726] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.191875] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.198367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.359417] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.444400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.452977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.531409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.580355] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.586761] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.692633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.699692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.794171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.851394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.887534] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.951075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.959052] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.044687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.115107] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.133454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.180801] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.225872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 59.282607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.292066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.357941] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 59.429464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.460428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.536014] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 59.594260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.649985] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 59.814659] 8021q: adding VLAN 0 to HW filter on device batadv0 11:44:43 executing program 5: openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) lseek(r0, 0x0, 0x1) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') write$UHID_CREATE2(r4, &(0x7f0000000480)=ANY=[@ANYBLOB="0b00000073797a3100000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000003fffffe500dcea1523674e4fc200000000000000000000000000000008225bc600000000049dec26a8eb0cf100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000000000002000000000000000000000000000000000000000000000686a96ee87ce00000000000000000000bff0e7c972e359a70000000032118300acc400b01d373dfe97d9000104000000000000090000004ba3185441d8ef0ba51947190a0bb05049ddb68644e3b64f21174d5afe551699cfc26de9edec7b4bae4b4fda8eaef1ee8d81da25fb9ca96d5e3fd0f47e906cf9778553a9341e9ee2a88f216bba214c5aea3b72f6987110c79b8a15cffdc36009808c7c4ee3aa990dd262a2ded1c9c2097dc476067ef62c5d4cc612bb8601000080000000000000063887e2662ce8a60f81e1bc1dff064ecd73e1f878fd338a2b55fd4900000000000000000000586d733524deed0c349a7f62089fde1399217c9720b4f6b17e8d689b913b84436c04b6fdac37f4f0ef451a911ad9"], 0x1) fcntl$setown(r2, 0x8, 0x0) sendfile(r3, r4, 0x0, 0x8000) prctl$PR_SVE_SET_VL(0x32, 0x1000000030a6d) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000040)={{0x0, 0x401}, {}, 0x8, 0x1}) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0) ioctl(r5, 0xffffffffffffffb2, &(0x7f0000000040)) dup2(r6, r5) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5024, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) [ 63.439492] audit: type=1400 audit(1558957483.371:39): avc: denied { map } for pid=7770 comm="syz-executor.5" path=2F6D656D66643A2D42D54E49C56ABA707070F00884A26D202864656C6574656429 dev="tmpfs" ino=26619 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 63.470054] hrtimer: interrupt took 45355 ns [ 63.563099] kasan: CONFIG_KASAN_INLINE enabled [ 63.574724] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 63.592682] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 63.598971] Modules linked in: [ 63.602190] CPU: 0 PID: 7772 Comm: syz-executor.5 Not tainted 4.14.122 #16 [ 63.609230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.618593] task: ffff8880a5d32600 task.stack: ffff888071408000 [ 63.624669] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 63.629337] RSP: 0018:ffff88807140f478 EFLAGS: 00010a06 [ 63.634713] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc9000602e000 [ 63.642015] RDX: 1bd5a0000000000c RSI: ffffffff84cc751f RDI: dead000000000060 [ 63.649292] RBP: ffff88807140f508 R08: ffff8880a42bbd08 R09: ffffed101089d8fc [ 63.656587] R10: ffffed101089d8fb R11: ffff8880844ec7dd R12: dffffc0000000000 [ 63.664045] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3b20 [ 63.671421] FS: 00007f254bcfb700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 63.679665] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.685584] CR2: 0000001b3222a000 CR3: 000000009743d000 CR4: 00000000001406f0 [ 63.692860] Call Trace: [ 63.695482] ? seq_list_next+0x5e/0x80 [ 63.699403] seq_read+0xb46/0x1280 [ 63.702958] ? seq_lseek+0x3c0/0x3c0 [ 63.706684] ? __sanitizer_cov_trace_pc+0x31/0x60 [ 63.711566] proc_reg_read+0xfa/0x170 [ 63.715375] ? seq_lseek+0x3c0/0x3c0 [ 63.719115] do_iter_read+0x3e2/0x5b0 [ 63.722923] vfs_readv+0xd3/0x130 [ 63.726387] ? compat_rw_copy_check_uvector+0x310/0x310 [ 63.731780] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.736848] ? default_file_splice_read+0x35c/0x7b0 [ 63.741888] default_file_splice_read+0x421/0x7b0 [ 63.746745] ? __kmalloc+0x15d/0x7a0 [ 63.750465] ? alloc_pipe_info+0x15c/0x380 [ 63.754703] ? splice_direct_to_actor+0x5d2/0x7b0 [ 63.759559] ? do_splice_direct+0x18d/0x230 [ 63.763896] ? do_splice_direct+0x230/0x230 [ 63.768230] ? trace_hardirqs_on+0x10/0x10 [ 63.772484] ? save_trace+0x290/0x290 [ 63.776289] ? save_trace+0x290/0x290 [ 63.780101] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.784875] ? security_file_permission+0x3b/0x1f0 [ 63.789812] ? security_file_permission+0x89/0x1f0 [ 63.794756] ? rw_verify_area+0xea/0x2b0 [ 63.799115] ? do_splice_direct+0x230/0x230 [ 63.803473] do_splice_to+0x105/0x170 [ 63.807285] splice_direct_to_actor+0x222/0x7b0 [ 63.811969] ? generic_pipe_buf_nosteal+0x10/0x10 [ 63.818339] ? do_splice_to+0x170/0x170 [ 63.822328] ? rw_verify_area+0xea/0x2b0 [ 63.826415] do_splice_direct+0x18d/0x230 [ 63.830599] ? splice_direct_to_actor+0x7b0/0x7b0 [ 63.835471] ? rw_verify_area+0xea/0x2b0 [ 63.839638] do_sendfile+0x4db/0xbd0 [ 63.843447] ? do_compat_pwritev64+0x140/0x140 [ 63.848019] ? put_timespec64+0xb4/0x100 [ 63.852080] ? nsecs_to_jiffies+0x30/0x30 [ 63.856233] SyS_sendfile64+0x102/0x110 [ 63.860811] ? SyS_sendfile+0x130/0x130 [ 63.864773] ? do_syscall_64+0x53/0x640 [ 63.868747] ? SyS_sendfile+0x130/0x130 [ 63.872712] do_syscall_64+0x1e8/0x640 [ 63.878393] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.888881] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 63.894059] RIP: 0033:0x459279 [ 63.897247] RSP: 002b:00007f254bcfac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 63.904952] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 63.912213] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 63.919476] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 63.926764] R10: 0000000000008000 R11: 0000000000000246 R12: 00007f254bcfb6d4 [ 63.934026] R13: 00000000004c65f3 R14: 00000000004db268 R15: 00000000ffffffff [ 63.941302] Code: 06 00 00 e8 61 2e 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 63.960413] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff88807140f478 [ 63.972699] ---[ end trace a17df49472f7d6f8 ]--- [ 63.977564] Kernel panic - not syncing: Fatal exception [ 63.983935] Kernel Offset: disabled [ 63.987559] Rebooting in 86400 seconds..