Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts. 2019/06/04 00:31:08 fuzzer started [ 65.072788] audit: type=1400 audit(1559608268.018:36): avc: denied { map } for pid=8250 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 00:31:11 dialing manager at 10.128.0.105:38735 2019/06/04 00:31:11 syscalls: 2460 2019/06/04 00:31:11 code coverage: enabled 2019/06/04 00:31:11 comparison tracing: enabled 2019/06/04 00:31:11 extra coverage: extra coverage is not supported by the kernel 2019/06/04 00:31:11 setuid sandbox: enabled 2019/06/04 00:31:11 namespace sandbox: enabled 2019/06/04 00:31:11 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 00:31:11 fault injection: enabled 2019/06/04 00:31:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 00:31:11 net packet injection: enabled 2019/06/04 00:31:11 net device setup: enabled 00:31:13 executing program 0: syz_mount_image$xfs(&(0x7f0000000780)='xfs\x00', &(0x7f00000007c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 70.842325] audit: type=1400 audit(1559608273.788:37): avc: denied { map } for pid=8267 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14975 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 00:31:14 executing program 1: semctl$IPC_STAT(0x0, 0x0, 0xb, 0x0) [ 71.022730] IPVS: ftp: loaded support on port[0] = 21 [ 71.034491] NET: Registered protocol family 30 [ 71.039637] Failed to register TIPC socket type [ 71.290745] IPVS: ftp: loaded support on port[0] = 21 00:31:14 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) r1 = socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="728d0800000000000000043caa4c478990d1bb9db26af1e7740bcd531adc61aea391"], 0x22) [ 71.311178] NET: Registered protocol family 30 [ 71.315828] Failed to register TIPC socket type [ 71.603944] IPVS: ftp: loaded support on port[0] = 21 [ 71.622436] NET: Registered protocol family 30 [ 71.627065] Failed to register TIPC socket type 00:31:14 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="77ad6aacde04ddb9a3e8b43749c600ba8922005e6106942b75a97919f2ab04435032698f81284786fc4d970a982ccc6ce1a53bd38e2fe62ab8c120983ec1cf290be404857f6af594c1e920d400338420156d393be7d22770266f6f18d874e11925879215b01cce0522a0de616310309050674727bc7142c8c09d89b5b5dfcc6d8ff3a5a64358f8f825dbaa1b2e172872b1f1af30eb63cfbaa18074623ff2880c5cf6011f46992e5bc431edef75c3d6a6ab6b2173b36fb9faf9f467120b8913", 0xbf) [ 72.225775] IPVS: ftp: loaded support on port[0] = 21 [ 72.263404] NET: Registered protocol family 30 [ 72.287496] Failed to register TIPC socket type 00:31:15 executing program 4: openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x10001, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, 0x0) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4008641c, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3, &(0x7f0000000000)=0x5, 0x8, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x1, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000007c0)={0xffffffffffffffff, 0x0, 0xfffffffffffffff8, 0x9}, 0x0) clone(0x20002104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dlm-monitor\x00', 0x44000, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40046432, &(0x7f0000000400)=0x8) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000c34000)) [ 72.874453] IPVS: ftp: loaded support on port[0] = 21 [ 72.893160] NET: Registered protocol family 30 [ 72.917569] Failed to register TIPC socket type 00:31:16 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x10, 0x4, 0x4, 0x7}, 0x3c) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") bpf$MAP_CREATE(0x4, &(0x7f0000003000)={0x3, 0x0, 0x400000, 0x0, 0x70c000, 0x0}, 0x2c) [ 73.644534] IPVS: ftp: loaded support on port[0] = 21 [ 73.672999] NET: Registered protocol family 30 [ 73.697698] Failed to register TIPC socket type [ 74.462789] chnl_net:caif_netlink_parms(): no params data found [ 74.979652] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.986767] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.104895] device bridge_slave_0 entered promiscuous mode [ 75.220227] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.288682] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.408724] device bridge_slave_1 entered promiscuous mode [ 76.023400] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 76.409645] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 77.136520] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 77.359580] team0: Port device team_slave_0 added [ 77.591020] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 77.730430] team0: Port device team_slave_1 added [ 77.943443] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 78.269961] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 79.281167] device hsr_slave_0 entered promiscuous mode [ 79.567982] device hsr_slave_1 entered promiscuous mode [ 79.754216] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 79.928448] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 80.044579] IPVS: ftp: loaded support on port[0] = 21 [ 80.111785] NET: Registered protocol family 30 [ 80.116490] Failed to register TIPC socket type [ 80.251849] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 81.059709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.250195] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 81.426163] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 81.537716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.546078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.702844] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 81.822588] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.070218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 82.077479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.086596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.264717] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.271388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.470447] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.619566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.627158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.790554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.939204] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.945658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.291562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 83.427901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 83.569288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 83.576389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 83.880258] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 83.987907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 83.996369] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.228255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 84.236604] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.259391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.399195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.516916] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 84.661005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.716390] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.919281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 85.009214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.017201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.173731] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 85.327630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.548613] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 85.838291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.126907] audit: type=1400 audit(1559608289.068:38): avc: denied { associate } for pid=8269 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 88.427821] XFS (loop0): Invalid superblock magic number 00:31:31 executing program 0: syz_mount_image$xfs(&(0x7f0000000780)='xfs\x00', &(0x7f00000007c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 89.301278] XFS (loop0): Invalid superblock magic number 00:31:32 executing program 0: syz_mount_image$xfs(&(0x7f0000000780)='xfs\x00', &(0x7f00000007c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 89.565249] IPVS: ftp: loaded support on port[0] = 21 [ 89.584337] IPVS: ftp: loaded support on port[0] = 21 [ 89.587194] NET: Registered protocol family 30 [ 89.594411] IPVS: ftp: loaded support on port[0] = 21 [ 89.607595] Failed to register TIPC socket type [ 89.611720] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 89.627074] ------------[ cut here ]------------ [ 89.632181] kernel BUG at lib/list_debug.c:29! [ 89.639865] XFS (loop0): Invalid superblock magic number [ 89.645864] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 89.651262] CPU: 0 PID: 8941 Comm: syz-executor.2 Not tainted 4.19.47 #19 [ 89.658206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.667669] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 89.672886] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 89.691916] RSP: 0018:ffff88807180fb88 EFLAGS: 00010282 [ 89.697299] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 89.704583] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100e301f63 [ 89.711860] RBP: ffff88807180fba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 89.719238] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 89.726508] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 89.733779] FS: 0000000001464940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 89.742001] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.747954] CR2: 0000000000a75e58 CR3: 0000000071d5b000 CR4: 00000000001406f0 [ 89.755440] Call Trace: [ 89.758061] ? mutex_lock_nested+0x16/0x20 [ 89.762343] proto_register+0x459/0x8e0 [ 89.766350] tipc_socket_init+0x1c/0x70 [ 89.780092] tipc_init_net+0x2ed/0x570 [ 89.783985] ? tipc_exit_net+0x40/0x40 [ 89.787907] ops_init+0xb3/0x410 [ 89.791277] setup_net+0x2d3/0x740 [ 89.794846] ? lock_acquire+0x16f/0x3f0 [ 89.798842] ? ops_init+0x410/0x410 [ 89.802480] copy_net_ns+0x1df/0x340 [ 89.806218] create_new_namespaces+0x400/0x7b0 [ 89.810834] unshare_nsproxy_namespaces+0xc2/0x200 [ 89.815798] ksys_unshare+0x440/0x980 [ 89.819600] ? walk_process_tree+0x2c0/0x2c0 [ 89.824024] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 89.828784] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 89.834150] ? do_syscall_64+0x26/0x620 [ 89.838126] ? lockdep_hardirqs_on+0x415/0x5d0 [ 89.842744] __x64_sys_unshare+0x31/0x40 [ 89.846826] do_syscall_64+0xfd/0x620 [ 89.850640] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 89.855859] RIP: 0033:0x45bd47 [ 89.859052] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 89.877948] RSP: 002b:00007ffde42b9898 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 89.885654] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 89.892920] RDX: 0000000000000000 RSI: 00007ffde42b9840 RDI: 0000000040000000 [ 89.900219] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 89.907580] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075c9a8 [ 89.914958] R13: 00007ffde42b9b08 R14: 0000000000000000 R15: 0000000000000000 [ 89.922226] Modules linked in: [ 89.927499] ---[ end trace 9b54b007bab7562c ]--- [ 89.932598] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 89.937944] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 89.957197] RSP: 0018:ffff88807180fb88 EFLAGS: 00010282 [ 89.962722] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 89.970681] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100e301f63 [ 89.978104] RBP: ffff88807180fba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 89.985495] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 89.992967] kobject: 'loop0' (00000000237c639f): kobject_uevent_env [ 89.995723] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 89.999749] kobject: 'loop0' (00000000237c639f): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 90.016872] FS: 0000000001464940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 90.030325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.036238] CR2: 0000000000a75e58 CR3: 0000000071d5b000 CR4: 00000000001406f0 [ 90.051548] Kernel panic - not syncing: Fatal exception [ 90.058080] Kernel Offset: disabled [ 90.061743] Rebooting in 86400 seconds..