Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. 2019/06/04 05:04:18 fuzzer started [ 66.790010] audit: type=1400 audit(1559624658.418:36): avc: denied { map } for pid=7997 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 05:04:21 dialing manager at 10.128.0.105:38735 2019/06/04 05:04:21 syscalls: 2460 2019/06/04 05:04:21 code coverage: enabled 2019/06/04 05:04:21 comparison tracing: enabled 2019/06/04 05:04:21 extra coverage: extra coverage is not supported by the kernel 2019/06/04 05:04:21 setuid sandbox: enabled 2019/06/04 05:04:21 namespace sandbox: enabled 2019/06/04 05:04:21 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 05:04:21 fault injection: enabled 2019/06/04 05:04:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 05:04:21 net packet injection: enabled 2019/06/04 05:04:21 net device setup: enabled 05:04:24 executing program 0: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0xfcda) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000440)=""/175, 0xaf}], 0x1) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) [ 72.783083] audit: type=1400 audit(1559624664.408:37): avc: denied { map } for pid=8016 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14347 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 72.905709] IPVS: ftp: loaded support on port[0] = 21 [ 72.915927] NET: Registered protocol family 30 [ 72.920834] Failed to register TIPC socket type 05:04:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) [ 73.176240] IPVS: ftp: loaded support on port[0] = 21 [ 73.193807] NET: Registered protocol family 30 [ 73.198420] Failed to register TIPC socket type 05:04:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$dh_compute(0x14, 0x0, &(0x7f0000000740)=""/243, 0xf3, 0x0) [ 73.513253] IPVS: ftp: loaded support on port[0] = 21 [ 73.533736] NET: Registered protocol family 30 [ 73.538376] Failed to register TIPC socket type 05:04:25 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0000002d000500d25a80648c63940d0200fc001000034002020000053582c137153e37090001800af01700d1bd", 0x2e}], 0x1}, 0x0) [ 73.907124] IPVS: ftp: loaded support on port[0] = 21 [ 73.923778] NET: Registered protocol family 30 [ 73.928416] Failed to register TIPC socket type 05:04:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x2c00) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000000000)="1f000000030319000000070000000681", 0x10}], 0x1) [ 74.517187] IPVS: ftp: loaded support on port[0] = 21 [ 74.544381] NET: Registered protocol family 30 [ 74.569384] Failed to register TIPC socket type [ 75.857737] chnl_net:caif_netlink_parms(): no params data found [ 76.433235] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.590185] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.750178] device bridge_slave_0 entered promiscuous mode [ 76.840267] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.846733] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.960143] device bridge_slave_1 entered promiscuous mode [ 77.382049] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 77.779532] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 78.324830] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 78.460928] team0: Port device team_slave_0 added [ 78.653406] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 78.710992] team0: Port device team_slave_1 added [ 78.874809] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 79.019584] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 79.626727] device hsr_slave_0 entered promiscuous mode [ 79.699999] device hsr_slave_1 entered promiscuous mode [ 79.907813] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 80.072965] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 80.331286] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 81.003113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.177142] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 81.382887] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 81.450467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.458750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 05:04:33 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r0, 0x0, 0x0, 0x0, 0x0, 0xa1}, 0x20) [ 81.682519] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 81.688665] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.980819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.987927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.052513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.160857] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.167454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.332061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.451480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.458961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.599777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.720865] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.727275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.899088] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.919753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.932685] IPVS: ftp: loaded support on port[0] = 21 [ 83.062045] NET: Registered protocol family 30 [ 83.067185] Failed to register TIPC socket type [ 83.170781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 83.178634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 83.480674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 83.487623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 83.524000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.759919] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.062269] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 84.420351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.428397] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.870488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 85.390886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 85.398031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.506129] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.780041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 86.040375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 86.271505] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 86.436228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 86.813081] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 87.154437] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.422521] audit: type=1400 audit(1559624679.048:38): avc: denied { associate } for pid=8017 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 87.925766] IPVS: ftp: loaded support on port[0] = 21 [ 87.966520] IPVS: ftp: loaded support on port[0] = 21 [ 88.040544] IPVS: ftp: loaded support on port[0] = 21 [ 88.098271] raw_sendmsg: syz-executor.0 forgot to set AF_INET. Fix it! [ 88.103484] NET: Registered protocol family 30 [ 88.135419] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 88.182701] Failed to register TIPC socket type [ 88.284303] ------------[ cut here ]------------ [ 88.289120] kernel BUG at lib/list_debug.c:29! [ 88.360560] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 88.365992] CPU: 1 PID: 8610 Comm: syz-executor.3 Not tainted 4.19.47 #19 [ 88.372926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.382327] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 88.387537] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 88.406454] RSP: 0018:ffff888068b27b88 EFLAGS: 00010282 [ 88.411840] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 88.419127] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100d164f63 [ 88.426414] RBP: ffff888068b27ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 88.433697] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 88.440980] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 88.448264] FS: 0000000000d23940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 88.456505] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.462400] CR2: 000000000061c500 CR3: 0000000068af6000 CR4: 00000000001406e0 [ 88.469681] Call Trace: [ 88.472290] ? mutex_lock_nested+0x16/0x20 [ 88.476550] proto_register+0x459/0x8e0 [ 88.480547] tipc_socket_init+0x1c/0x70 [ 88.484538] tipc_init_net+0x2ed/0x570 [ 88.488444] ? tipc_exit_net+0x40/0x40 [ 88.492357] ops_init+0xb3/0x410 [ 88.495750] setup_net+0x2d3/0x740 [ 88.499319] ? lock_acquire+0x16f/0x3f0 [ 88.503317] ? ops_init+0x410/0x410 [ 88.506968] copy_net_ns+0x1df/0x340 [ 88.510704] create_new_namespaces+0x400/0x7b0 [ 88.515324] unshare_nsproxy_namespaces+0xc2/0x200 [ 88.520279] ksys_unshare+0x440/0x980 [ 88.524106] ? walk_process_tree+0x2c0/0x2c0 [ 88.528535] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 88.533315] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.538696] ? do_syscall_64+0x26/0x620 [ 88.542689] ? lockdep_hardirqs_on+0x415/0x5d0 [ 88.547292] __x64_sys_unshare+0x31/0x40 [ 88.551372] do_syscall_64+0xfd/0x620 [ 88.555187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.560381] RIP: 0033:0x45bd47 [ 88.563589] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 88.582504] RSP: 002b:00007fff30d5b8a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 88.590226] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 88.596132] kobject: 'loop0' (0000000092e6a984): kobject_uevent_env [ 88.597510] RDX: 0000000000000000 RSI: 00007fff30d5b850 RDI: 0000000040000000 05:04:40 executing program 0: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0xfcda) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000440)=""/175, 0xaf}], 0x1) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) [ 88.611188] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 88.618473] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075c9a8 [ 88.619088] kobject: 'loop0' (0000000092e6a984): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 88.625754] R13: 00007fff30d5bb18 R14: 0000000000000000 R15: 0000000000000000 [ 88.642470] Modules linked in: 05:04:40 executing program 0: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0xfcda) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000440)=""/175, 0xaf}], 0x1) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) 05:04:40 executing program 0: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0xfcda) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000440)=""/175, 0xaf}], 0x1) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) [ 88.834751] kobject: 'loop0' (0000000092e6a984): kobject_uevent_env [ 88.845293] kobject: 'loop0' (0000000092e6a984): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 88.866847] ---[ end trace 13b89b96e198d128 ]--- [ 88.872980] RIP: 0010:__list_add_valid.cold+0x26/0x3c 05:04:40 executing program 0: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0xfcda) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000440)=""/175, 0xaf}], 0x1) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) [ 88.895763] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 88.920727] kobject: 'loop0' (0000000092e6a984): kobject_uevent_env [ 88.927211] kobject: 'loop0' (0000000092e6a984): fill_kobj_path: path = '/devices/virtual/block/loop0' 05:04:40 executing program 0: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0xfcda) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000440)=""/175, 0xaf}], 0x1) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) [ 88.946296] RSP: 0018:ffff888068b27b88 EFLAGS: 00010282 [ 88.957045] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 88.973357] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100d164f63 05:04:40 executing program 0: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0xfcda) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000440)=""/175, 0xaf}], 0x1) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) [ 88.995437] RBP: ffff888068b27ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 89.003139] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 89.016730] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 89.029704] FS: 0000000000d23940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 89.037963] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.044985] CR2: 0000001b30c25000 CR3: 0000000068af6000 CR4: 00000000001406f0 [ 89.052746] kobject: 'loop0' (0000000092e6a984): kobject_uevent_env [ 89.054488] Kernel panic - not syncing: Fatal exception [ 89.065588] Kernel Offset: disabled [ 89.069218] Rebooting in 86400 seconds..