Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts. 2019/06/04 01:51:36 fuzzer started [ 58.100584] audit: type=1400 audit(1559613096.909:36): avc: denied { map } for pid=7827 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 01:51:39 dialing manager at 10.128.0.105:38735 2019/06/04 01:51:39 syscalls: 2460 2019/06/04 01:51:39 code coverage: enabled 2019/06/04 01:51:39 comparison tracing: enabled 2019/06/04 01:51:39 extra coverage: extra coverage is not supported by the kernel 2019/06/04 01:51:39 setuid sandbox: enabled 2019/06/04 01:51:39 namespace sandbox: enabled 2019/06/04 01:51:39 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 01:51:39 fault injection: enabled 2019/06/04 01:51:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 01:51:39 net packet injection: enabled 2019/06/04 01:51:39 net device setup: enabled 01:51:41 executing program 0: r0 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)="2e0000001d00810ee00f80ecdb4cb9f207c804a00d00000009003ffb0a0002000e0ada1b40d805000600c50083b8", 0x2e}], 0x1}, 0x0) [ 62.774033] audit: type=1400 audit(1559613101.579:37): avc: denied { map } for pid=7846 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14732 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 62.865541] IPVS: ftp: loaded support on port[0] = 21 [ 62.875650] NET: Registered protocol family 30 [ 62.880426] Failed to register TIPC socket type 01:51:41 executing program 1: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="06", 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) name_to_handle_at(r1, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x8}, 0x0, 0x1000) [ 63.163170] IPVS: ftp: loaded support on port[0] = 21 [ 63.192687] NET: Registered protocol family 30 [ 63.197309] Failed to register TIPC socket type 01:51:42 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000100)={@dev}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x0) [ 63.565035] IPVS: ftp: loaded support on port[0] = 21 [ 63.583502] NET: Registered protocol family 30 [ 63.597733] Failed to register TIPC socket type 01:51:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2a4500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 64.103164] IPVS: ftp: loaded support on port[0] = 21 [ 64.141937] NET: Registered protocol family 30 [ 64.146560] Failed to register TIPC socket type 01:51:43 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uhid\x00', 0x802, 0x0) writev(r0, &(0x7f0000000d40)=[{&(0x7f00000006c0)="a3", 0x1}], 0x1) [ 64.624285] IPVS: ftp: loaded support on port[0] = 21 [ 64.642077] NET: Registered protocol family 30 [ 64.646694] Failed to register TIPC socket type [ 65.337334] chnl_net:caif_netlink_parms(): no params data found [ 65.780680] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.807788] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.867774] device bridge_slave_0 entered promiscuous mode [ 65.928990] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.935432] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.001402] device bridge_slave_1 entered promiscuous mode [ 66.459114] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 66.650944] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.363160] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 67.549879] team0: Port device team_slave_0 added [ 67.739185] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 67.869308] team0: Port device team_slave_1 added [ 68.070322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 68.424611] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.179416] device hsr_slave_0 entered promiscuous mode [ 69.380735] device hsr_slave_1 entered promiscuous mode [ 69.615366] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 69.751069] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 69.931272] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.532366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.730371] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 70.969307] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 70.975552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.990070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.169445] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 71.175579] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.451637] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.569122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.577245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.709247] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.715766] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.936251] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.058770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.066046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.211869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.318292] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.324681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.527406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.668857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.840388] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.848380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.134620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 73.298863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.306945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.506344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.658829] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.666440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.859960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.000377] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 74.174614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.199293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.365066] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 74.512418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.554149] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.722702] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 74.912028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.079229] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 75.334594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.064959] audit: type=1400 audit(1559613114.869:38): avc: denied { associate } for pid=7847 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 01:51:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x7a, 0x0, [0x4d0], [0xc1]}) [ 78.983660] IPVS: ftp: loaded support on port[0] = 21 [ 79.044312] NET: Registered protocol family 30 01:51:57 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) [ 79.187711] Failed to register TIPC socket type [ 79.773823] IPVS: ftp: loaded support on port[0] = 21 [ 79.785069] NET: Registered protocol family 30 [ 79.790170] Failed to register TIPC socket type 01:51:58 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) 01:51:59 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) [ 80.333543] IPVS: ftp: loaded support on port[0] = 21 [ 80.352210] NET: Registered protocol family 30 [ 80.356821] Failed to register TIPC socket type 01:51:59 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) [ 80.716709] IPVS: ftp: loaded support on port[0] = 21 [ 80.749220] NET: Registered protocol family 30 [ 80.753841] Failed to register TIPC socket type 01:51:59 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) 01:52:00 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) [ 81.371057] IPVS: ftp: loaded support on port[0] = 21 [ 81.401521] NET: Registered protocol family 30 [ 81.406149] Failed to register TIPC socket type 01:52:00 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r0, 0x1) [ 83.891836] IPVS: ftp: loaded support on port[0] = 21 [ 83.901278] NET: Registered protocol family 30 [ 83.905886] Failed to register TIPC socket type [ 83.983879] IPVS: ftp: loaded support on port[0] = 21 [ 83.992997] NET: Registered protocol family 30 [ 83.997584] Failed to register TIPC socket type [ 84.602445] IPVS: ftp: loaded support on port[0] = 21 [ 84.621837] NET: Registered protocol family 30 [ 84.626469] Failed to register TIPC socket type [ 84.684257] IPVS: ftp: loaded support on port[0] = 21 [ 84.701679] NET: Registered protocol family 30 [ 84.706287] Failed to register TIPC socket type [ 84.941979] IPVS: ftp: loaded support on port[0] = 21 [ 84.972627] NET: Registered protocol family 30 [ 84.977245] Failed to register TIPC socket type [ 87.304503] IPVS: ftp: loaded support on port[0] = 21 [ 87.312152] NET: Registered protocol family 30 [ 87.316758] Failed to register TIPC socket type [ 87.776138] IPVS: ftp: loaded support on port[0] = 21 [ 87.785499] NET: Registered protocol family 30 [ 87.791596] Failed to register TIPC socket type [ 88.410545] IPVS: ftp: loaded support on port[0] = 21 [ 88.420474] NET: Registered protocol family 30 [ 88.425167] Failed to register TIPC socket type [ 88.616033] IPVS: ftp: loaded support on port[0] = 21 [ 88.636132] IPVS: ftp: loaded support on port[0] = 21 [ 88.641921] NET: Registered protocol family 30 [ 88.646514] Failed to register TIPC socket type [ 88.652539] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 88.678051] ------------[ cut here ]------------ [ 88.682848] kernel BUG at lib/list_debug.c:29! [ 88.687450] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 88.692819] CPU: 1 PID: 8552 Comm: syz-executor.3 Not tainted 4.19.47 #19 [ 88.699739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.709106] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 88.714298] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 88.733208] RSP: 0018:ffff8880728ffb88 EFLAGS: 00010282 [ 88.738580] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 88.745860] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100e51ff63 [ 88.753133] RBP: ffff8880728ffba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 88.760494] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 88.767767] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 88.775126] FS: 0000000000bde940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 88.783352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.789237] CR2: 0000000000a75e58 CR3: 000000006811f000 CR4: 00000000001406e0 [ 88.796512] Call Trace: [ 88.799103] ? mutex_lock_nested+0x16/0x20 [ 88.803342] proto_register+0x459/0x8e0 [ 88.807329] tipc_socket_init+0x1c/0x70 [ 88.811319] tipc_init_net+0x2ed/0x570 [ 88.815205] ? tipc_exit_net+0x40/0x40 [ 88.819100] ops_init+0xb3/0x410 [ 88.822472] setup_net+0x2d3/0x740 [ 88.826023] ? lock_acquire+0x16f/0x3f0 [ 88.830001] ? ops_init+0x410/0x410 [ 88.833641] copy_net_ns+0x1df/0x340 [ 88.837358] create_new_namespaces+0x400/0x7b0 [ 88.841956] unshare_nsproxy_namespaces+0xc2/0x200 [ 88.846888] ksys_unshare+0x440/0x980 [ 88.850691] ? walk_process_tree+0x2c0/0x2c0 [ 88.855101] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 88.859860] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.865223] ? do_syscall_64+0x26/0x620 [ 88.869201] ? lockdep_hardirqs_on+0x415/0x5d0 [ 88.873786] __x64_sys_unshare+0x31/0x40 [ 88.877943] do_syscall_64+0xfd/0x620 [ 88.881748] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.886937] RIP: 0033:0x45bd47 [ 88.890132] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 88.909473] RSP: 002b:00007ffc78c3a6e8 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 88.917192] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 88.924472] RDX: 0000000000000000 RSI: 00007ffc78c3a690 RDI: 0000000040000000 [ 88.931748] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 88.939894] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8 [ 88.947178] R13: 00007ffc78c3a958 R14: 0000000000000000 R15: 0000000000000000 [ 88.954454] Modules linked in: [ 88.958990] ---[ end trace 3053227a405e4eea ]--- [ 88.963775] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 88.969215] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 88.988297] RSP: 0018:ffff8880728ffb88 EFLAGS: 00010282 [ 88.993713] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 89.001004] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100e51ff63 [ 89.008304] RBP: ffff8880728ffba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 89.015560] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 89.022865] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 89.030175] FS: 0000000000bde940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 89.038441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.044334] CR2: 0000000000a75e58 CR3: 000000006811f000 CR4: 00000000001406e0 [ 89.051648] Kernel panic - not syncing: Fatal exception [ 89.058068] Kernel Offset: disabled [ 89.061696] Rebooting in 86400 seconds..