Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts. 2019/06/03 23:58:18 fuzzer started [ 56.892984] audit: type=1400 audit(1559606298.928:36): avc: denied { map } for pid=7810 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/03 23:58:21 dialing manager at 10.128.0.105:38735 2019/06/03 23:58:21 syscalls: 2460 2019/06/03 23:58:21 code coverage: enabled 2019/06/03 23:58:21 comparison tracing: enabled 2019/06/03 23:58:21 extra coverage: extra coverage is not supported by the kernel 2019/06/03 23:58:21 setuid sandbox: enabled 2019/06/03 23:58:21 namespace sandbox: enabled 2019/06/03 23:58:21 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/03 23:58:21 fault injection: enabled 2019/06/03 23:58:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/03 23:58:21 net packet injection: enabled 2019/06/03 23:58:21 net device setup: enabled 23:58:22 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000780), 0x4) [ 60.247882] audit: type=1400 audit(1559606302.288:37): avc: denied { map } for pid=7828 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=489 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 60.336687] IPVS: ftp: loaded support on port[0] = 21 [ 60.345603] NET: Registered protocol family 30 [ 60.350299] Failed to register TIPC socket type 23:58:22 executing program 1: epoll_create1(0x0) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000240)='/proc/capi/capi20ncci\x00', 0x0, 0x0) dup(r0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) pipe(&(0x7f0000000180)) unshare(0x600) pselect6(0x40, &(0x7f00000000c0)={0x9}, 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) [ 60.662775] IPVS: ftp: loaded support on port[0] = 21 [ 60.691912] NET: Registered protocol family 30 [ 60.696539] Failed to register TIPC socket type 23:58:22 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x16}]}) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) [ 61.000825] IPVS: ftp: loaded support on port[0] = 21 [ 61.021180] NET: Registered protocol family 30 [ 61.025806] Failed to register TIPC socket type 23:58:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f123c123f319bd070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r1, 0xff) close(r1) [ 61.583254] IPVS: ftp: loaded support on port[0] = 21 [ 61.601451] NET: Registered protocol family 30 [ 61.606083] Failed to register TIPC socket type 23:58:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$nl_generic(r0, &(0x7f0000005000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x48, 0x15, 0x7, 0x0, 0x0, {0x2, 0xf0ffff, 0x600}, [@typed={0x34, 0x0, @binary="582f45cff97465821b0965512fe4fa59a835ee66e0000002fd3953ffee03d79dc442c6bbe736863d55a7374efe"}]}, 0x48}}, 0x0) [ 62.150002] IPVS: ftp: loaded support on port[0] = 21 [ 62.177824] NET: Registered protocol family 30 [ 62.182456] Failed to register TIPC socket type 23:58:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000480)="0adc1f123c123f219bd070") timerfd_create(0xf, 0x0) [ 62.711966] IPVS: ftp: loaded support on port[0] = 21 [ 62.741931] NET: Registered protocol family 30 [ 62.746568] Failed to register TIPC socket type [ 63.271643] chnl_net:caif_netlink_parms(): no params data found [ 63.689072] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.758935] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.867335] device bridge_slave_0 entered promiscuous mode [ 63.961830] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.124434] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.249384] device bridge_slave_1 entered promiscuous mode [ 64.711886] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 65.049209] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 65.649546] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 65.818321] team0: Port device team_slave_0 added [ 66.018921] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 66.109180] team0: Port device team_slave_1 added [ 66.340894] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 66.631276] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 67.629686] device hsr_slave_0 entered promiscuous mode [ 67.981480] device hsr_slave_1 entered promiscuous mode [ 68.102313] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 68.313114] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 68.586692] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 69.249143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.425970] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 69.614530] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 69.718430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 69.726406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.835294] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 69.918573] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.118370] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 70.125935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.158255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.257552] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.264080] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.449921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.458406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 70.465743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.559349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.647952] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.654356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.779558] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.857859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.939070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 70.946034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.148840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.155786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.188167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.248146] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.358892] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.365879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.419063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.528891] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 71.535922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 71.561344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.739969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 71.747023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 71.768235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.970432] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 72.200260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.418933] audit: type=1400 audit(1559606314.458:38): avc: denied { associate } for pid=7829 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 23:58:37 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000780), 0x4) 23:58:37 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000780), 0x4) 23:58:38 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000780), 0x4) 23:58:38 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000780), 0x4) 23:58:38 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000780), 0x4) [ 76.886924] IPVS: ftp: loaded support on port[0] = 21 [ 76.893401] IPVS: ftp: loaded support on port[0] = 21 [ 76.905337] NET: Registered protocol family 30 [ 76.912513] IPVS: ftp: loaded support on port[0] = 21 [ 76.919560] IPVS: ftp: loaded support on port[0] = 21 23:58:39 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000780), 0x4) [ 76.931515] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 76.948416] Failed to register TIPC socket type [ 76.957094] ------------[ cut here ]------------ [ 76.961880] kernel BUG at lib/list_debug.c:29! [ 76.967925] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 76.973310] CPU: 0 PID: 8486 Comm: syz-executor.1 Not tainted 4.19.47 #19 [ 76.980237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.980788] kobject: 'loop0' (000000006932a10d): kobject_uevent_env [ 76.989608] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 76.989622] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 76.989634] RSP: 0018:ffff888077b87b88 EFLAGS: 00010282 [ 77.003754] kobject: 'loop0' (000000006932a10d): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 77.020254] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 77.020260] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ef70f63 [ 77.020267] RBP: ffff888077b87ba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 77.020274] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 77.020281] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 77.020290] FS: 000000000173a940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 77.020297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.020304] CR2: 00007ffea8bad9e8 CR3: 00000000775c5000 CR4: 00000000001406f0 [ 77.020312] Call Trace: [ 77.020336] ? mutex_lock_nested+0x16/0x20 [ 77.063308] kobject: 'loop0' (000000006932a10d): kobject_uevent_env [ 77.064343] proto_register+0x459/0x8e0 [ 77.074831] kobject: 'loop0' (000000006932a10d): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 77.079843] tipc_socket_init+0x1c/0x70 [ 77.079857] tipc_init_net+0x2ed/0x570 [ 77.079869] ? tipc_exit_net+0x40/0x40 [ 77.079888] ops_init+0xb3/0x410 [ 77.134807] setup_net+0x2d3/0x740 [ 77.138354] ? lock_acquire+0x16f/0x3f0 [ 77.142318] ? ops_init+0x410/0x410 [ 77.145941] copy_net_ns+0x1df/0x340 [ 77.149644] create_new_namespaces+0x400/0x7b0 [ 77.154219] unshare_nsproxy_namespaces+0xc2/0x200 [ 77.159138] ksys_unshare+0x440/0x980 [ 77.162932] ? walk_process_tree+0x2c0/0x2c0 [ 77.167334] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 77.172083] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.177438] ? do_syscall_64+0x26/0x620 [ 77.181418] ? lockdep_hardirqs_on+0x415/0x5d0 [ 77.185993] __x64_sys_unshare+0x31/0x40 [ 77.190067] do_syscall_64+0xfd/0x620 [ 77.193879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.199066] RIP: 0033:0x45bd47 [ 77.202258] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.221361] RSP: 002b:00007ffcc3a26b78 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 77.229060] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 23:58:39 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x17}}}, 0x1c) [ 77.236332] RDX: 0000000000000000 RSI: 00007ffcc3a26b20 RDI: 0000000040000000 [ 77.243604] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 77.250890] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8 [ 77.258154] R13: 00007ffcc3a26de8 R14: 0000000000000000 R15: 0000000000000000 [ 77.265453] Modules linked in: [ 77.269559] ---[ end trace bd19a2f3074cb36d ]--- [ 77.274478] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 77.281311] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 77.287828] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 77.301069] RSP: 0018:ffff888077b87b88 EFLAGS: 00010282 [ 77.314304] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 77.316951] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 77.316960] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ef70f63 [ 77.316968] RBP: ffff888077b87ba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 77.316982] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 77.349724] kobject: 'loop0' (000000006932a10d): kobject_uevent_env [ 77.356680] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 77.363529] kobject: 'loop0' (000000006932a10d): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 77.370683] FS: 000000000173a940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 77.370692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.370700] CR2: 000000000269cbd0 CR3: 00000000775c5000 CR4: 00000000001406e0 [ 77.370711] Kernel panic - not syncing: Fatal exception [ 77.371757] Kernel Offset: disabled [ 77.411465] Rebooting in 86400 seconds..