Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts. 2019/06/04 03:27:48 fuzzer started syzkaller login: [ 46.277009] kauditd_printk_skb: 3 callbacks suppressed [ 46.277022] audit: type=1400 audit(1559618868.743:36): avc: denied { map } for pid=7659 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 03:27:51 dialing manager at 10.128.0.105:38735 2019/06/04 03:27:51 syscalls: 2460 2019/06/04 03:27:51 code coverage: enabled 2019/06/04 03:27:51 comparison tracing: enabled 2019/06/04 03:27:51 extra coverage: extra coverage is not supported by the kernel 2019/06/04 03:27:51 setuid sandbox: enabled 2019/06/04 03:27:51 namespace sandbox: enabled 2019/06/04 03:27:51 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 03:27:51 fault injection: enabled 2019/06/04 03:27:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 03:27:51 net packet injection: enabled 2019/06/04 03:27:51 net device setup: enabled 03:27:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1, 0x2c}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48) [ 51.534034] audit: type=1400 audit(1559618873.993:37): avc: denied { map } for pid=7678 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=104 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 51.649471] IPVS: ftp: loaded support on port[0] = 21 [ 51.659816] NET: Registered protocol family 30 [ 51.664458] Failed to register TIPC socket type 03:27:54 executing program 1: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x5c832, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 51.881957] IPVS: ftp: loaded support on port[0] = 21 [ 51.899228] NET: Registered protocol family 30 [ 51.903867] Failed to register TIPC socket type 03:27:54 executing program 2: bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x7adfb5934af0b79c}, 0x10) [ 52.177537] IPVS: ftp: loaded support on port[0] = 21 [ 52.207648] NET: Registered protocol family 30 [ 52.212286] Failed to register TIPC socket type 03:27:54 executing program 3: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$peek(0x3, r0, 0x0) [ 52.662556] IPVS: ftp: loaded support on port[0] = 21 [ 52.679564] NET: Registered protocol family 30 [ 52.684193] Failed to register TIPC socket type 03:27:55 executing program 4: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x801, 0x0) write$9p(r0, &(0x7f00000001c0)="e88a9238e4e8a092812bde487abd4164254225e773594b2a6d646dd257b2596cc25f62f3682d55cf31f9c3a791c1af3582ec8264f664f377f2a63732d6da0cc3219f633c20ca340b62babca0fe949ad29616cda249e88d3dccb379b977283b5cfeed7999a0dc05f5d7d94673321f3d1cb8b38f097689a1f1fa2a3a192819f316f73edfec9f359e7c1bbd761c0118a7ce0114902c1ce5bdfb083c10eebccd69e037c17cf12bbe0fb11444b8d411782cd4a818075b7187aa9b7e8ac07df0ef82b7a44a5ab652b6247a8733580e590a", 0xce) [ 53.220649] IPVS: ftp: loaded support on port[0] = 21 [ 53.259308] NET: Registered protocol family 30 [ 53.263946] Failed to register TIPC socket type 03:27:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="06"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1163484001"], 0x0, 0x0, 0x0}) [ 53.863134] IPVS: ftp: loaded support on port[0] = 21 [ 53.885644] NET: Registered protocol family 30 [ 53.890271] Failed to register TIPC socket type [ 54.401707] chnl_net:caif_netlink_parms(): no params data found [ 54.787225] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.806735] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.851694] device bridge_slave_0 entered promiscuous mode [ 54.954397] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.096369] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.218650] device bridge_slave_1 entered promiscuous mode [ 55.617933] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.946871] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.506200] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.707027] team0: Port device team_slave_0 added [ 56.916749] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.046835] team0: Port device team_slave_1 added [ 57.514683] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.850871] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.672945] device hsr_slave_0 entered promiscuous mode [ 59.080883] device hsr_slave_1 entered promiscuous mode [ 59.307582] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.447634] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.698114] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.276731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.448866] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.591306] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.707189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.726966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.867263] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.873554] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.105356] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 61.113184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.136459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.205673] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.212384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.337382] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.369056] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 61.447645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.495899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.503719] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.510151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.687163] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 61.694465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.788578] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 61.831454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.928639] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 61.976787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.996220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.068008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 62.086324] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.146816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.176165] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.259943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 62.346678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.354624] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.450212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 62.535843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.543599] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.640184] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 62.723960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.840783] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 62.968593] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.111982] audit: type=1400 audit(1559618885.573:38): avc: denied { associate } for pid=7679 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 63.523480] audit: type=1400 audit(1559618885.983:39): avc: denied { prog_load } for pid=8224 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 63.784042] audit: type=1400 audit(1559618886.243:40): avc: denied { prog_run } for pid=8224 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 03:28:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1, 0x2c}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48) 03:28:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1, 0x2c}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48) 03:28:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x12, 0x4, &(0x7f00000033c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1, 0x2c}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f0000000200)=""/251, 0x0, 0x0, [], 0x0, 0xf}, 0x48) 03:28:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000080)=ANY=[@ANYBLOB="00fe"]) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc0c0583b, 0x20000001) 03:28:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000080)=ANY=[@ANYBLOB="00fe"]) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc0c0583b, 0x20000001) 03:28:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000080)=ANY=[@ANYBLOB="00fe"]) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc0c0583b, 0x20000001) [ 65.820982] IPVS: ftp: loaded support on port[0] = 21 [ 65.831414] NET: Registered protocol family 30 [ 65.841911] Failed to register TIPC socket type 03:28:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000080)=ANY=[@ANYBLOB="00fe"]) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc0c0583b, 0x20000001) [ 66.807654] IPVS: ftp: loaded support on port[0] = 21 [ 66.839189] NET: Registered protocol family 30 [ 66.843854] Failed to register TIPC socket type [ 66.874470] IPVS: ftp: loaded support on port[0] = 21 [ 66.883879] NET: Registered protocol family 30 [ 66.894330] Failed to register TIPC socket type [ 66.921686] IPVS: ftp: loaded support on port[0] = 21 [ 66.922070] IPVS: ftp: loaded support on port[0] = 21 [ 66.940099] NET: Registered protocol family 30 [ 66.944733] Failed to register TIPC socket type [ 66.946366] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 66.975642] ------------[ cut here ]------------ [ 66.980446] kernel BUG at lib/list_debug.c:29! [ 66.985050] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 66.990422] CPU: 1 PID: 8351 Comm: syz-executor.5 Not tainted 4.19.47 #19 [ 66.997590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.006968] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 67.012276] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 67.031189] RSP: 0018:ffff88806f127b88 EFLAGS: 00010282 [ 67.039317] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 67.046599] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100de24f63 [ 67.054139] RBP: ffff88806f127ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 67.061419] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 67.068719] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 67.076007] FS: 00000000028fe940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 67.084331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.090216] CR2: 0000000000a75e58 CR3: 000000006f10c000 CR4: 00000000001406e0 [ 67.097498] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.104863] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.112280] Call Trace: [ 67.114895] ? mutex_lock_nested+0x16/0x20 [ 67.119253] proto_register+0x459/0x8e0 [ 67.123243] tipc_socket_init+0x1c/0x70 [ 67.127224] tipc_init_net+0x2ed/0x570 [ 67.131134] ? tipc_exit_net+0x40/0x40 [ 67.135034] ops_init+0xb3/0x410 [ 67.138411] setup_net+0x2d3/0x740 [ 67.141969] ? lock_acquire+0x16f/0x3f0 [ 67.145953] ? ops_init+0x410/0x410 [ 67.149591] copy_net_ns+0x1df/0x340 [ 67.153314] create_new_namespaces+0x400/0x7b0 [ 67.157956] unshare_nsproxy_namespaces+0xc2/0x200 [ 67.162896] ksys_unshare+0x440/0x980 [ 67.166712] ? walk_process_tree+0x2c0/0x2c0 [ 67.171223] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 67.176111] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 67.181595] ? do_syscall_64+0x26/0x620 [ 67.185703] ? lockdep_hardirqs_on+0x415/0x5d0 [ 67.190297] __x64_sys_unshare+0x31/0x40 [ 67.194371] do_syscall_64+0xfd/0x620 [ 67.198183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 67.203378] RIP: 0033:0x45bd47 [ 67.206675] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.233752] RSP: 002b:00007ffc56547428 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 67.241488] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 67.248781] RDX: 0000000000000000 RSI: 00007ffc565473d0 RDI: 0000000040000000 [ 67.256176] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 67.263462] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8 [ 67.270831] R13: 00007ffc56547698 R14: 0000000000000000 R15: 0000000000000000 [ 67.278259] Modules linked in: [ 67.282990] ---[ end trace 89fe09eb1eaef32a ]--- [ 67.287922] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 67.293515] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 67.312905] RSP: 0018:ffff88806f127b88 EFLAGS: 00010282 [ 67.318680] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 67.326171] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100de24f63 [ 67.333452] RBP: ffff88806f127ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 67.340977] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 67.348715] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 67.356198] FS: 00000000028fe940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 67.365509] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.371495] CR2: 0000000000a75e58 CR3: 000000006f10c000 CR4: 00000000001406e0 [ 67.379007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.386770] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.394054] Kernel panic - not syncing: Fatal exception [ 67.400871] Kernel Offset: disabled [ 67.404505] Rebooting in 86400 seconds..