Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. 2019/06/03 23:45:37 fuzzer started [ 60.031781] audit: type=1400 audit(1559605537.802:36): avc: denied { map } for pid=7616 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/03 23:45:40 dialing manager at 10.128.0.105:38735 2019/06/03 23:45:40 syscalls: 2460 2019/06/03 23:45:40 code coverage: enabled 2019/06/03 23:45:40 comparison tracing: enabled 2019/06/03 23:45:40 extra coverage: extra coverage is not supported by the kernel 2019/06/03 23:45:40 setuid sandbox: enabled 2019/06/03 23:45:40 namespace sandbox: enabled 2019/06/03 23:45:40 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/03 23:45:40 fault injection: enabled 2019/06/03 23:45:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/03 23:45:40 net packet injection: enabled 2019/06/03 23:45:40 net device setup: enabled 23:45:42 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x7fff}, 0x8) shutdown(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000100), 0x4) [ 64.320267] audit: type=1400 audit(1559605542.092:37): avc: denied { map } for pid=7634 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14689 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 64.406204] IPVS: ftp: loaded support on port[0] = 21 [ 64.415816] NET: Registered protocol family 30 [ 64.420444] Failed to register TIPC socket type 23:45:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r1, &(0x7f0000000380)=@hci, 0x80) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f0000000080)={&(0x7f0000000040)={0x1d, r2}, 0x10, &(0x7f0000000300)={&(0x7f0000000280)={0x1, 0x3, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ddc4a2880e6a85f2"}}, 0x48}}, 0x0) [ 64.645113] IPVS: ftp: loaded support on port[0] = 21 [ 64.654479] NET: Registered protocol family 30 [ 64.659101] Failed to register TIPC socket type 23:45:42 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) write$binfmt_elf32(r1, &(0x7f0000000200)=ANY=[], 0xff42) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000680)={0x0, 0x2}, 0x142) [ 65.062792] IPVS: ftp: loaded support on port[0] = 21 [ 65.087155] NET: Registered protocol family 30 [ 65.091959] Failed to register TIPC socket type 23:45:43 executing program 3: pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="ff100000000023e85e37edfbb59e1e1ad6649b5521031b54bfb0141c7583aea02bbdf12d8b407ee82dc3248dd78f3a63ceef3f288d99b178c77ea5f71ee0a0d5947df76a49a3a8c8a9610400000003b925bd3f6419f24555de59777f667309eebdea705a30363f058bbc8e3b09f109e06e05b13c2bf2282b6344b6489e1bb43882b2350bdbaffbf128"], 0x89) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/status\x00', 0x0, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) memfd_create(&(0x7f0000000100)='eth0\'keyring\x00', 0x2) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) accept$nfc_llcp(r1, &(0x7f0000000180), &(0x7f0000000240)=0x60) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0) creat(&(0x7f00000003c0)='./file1\x00', 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x80, 0x0) [ 65.496942] IPVS: ftp: loaded support on port[0] = 21 [ 65.526319] NET: Registered protocol family 30 [ 65.530953] Failed to register TIPC socket type 23:45:43 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000000) sendmsg(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890c, 0x0) socket$kcm(0x2, 0x3, 0x2) openat$cgroup(0xffffffffffffff9c, 0x0, 0x200002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1}, 0x814) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory', 0xe}]}, 0x200600) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) [ 66.106420] IPVS: ftp: loaded support on port[0] = 21 [ 66.136597] NET: Registered protocol family 30 [ 66.141256] Failed to register TIPC socket type 23:45:44 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) pipe(&(0x7f0000000100)={0xffffffffffffffff}) creat(&(0x7f0000000140)='./file0\x00', 0x0) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) sendmmsg(r1, &(0x7f00000065c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) [ 66.691327] IPVS: ftp: loaded support on port[0] = 21 [ 66.707256] NET: Registered protocol family 30 [ 66.711879] Failed to register TIPC socket type [ 67.304358] chnl_net:caif_netlink_parms(): no params data found [ 67.637930] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.733484] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.741340] device bridge_slave_0 entered promiscuous mode [ 67.838160] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.923100] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.930498] device bridge_slave_1 entered promiscuous mode [ 68.527531] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.844941] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 69.501975] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 69.679420] team0: Port device team_slave_0 added [ 69.884469] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 70.041317] team0: Port device team_slave_1 added [ 70.268397] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 70.437306] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 70.975717] device hsr_slave_0 entered promiscuous mode [ 71.134335] device hsr_slave_1 entered promiscuous mode [ 71.307348] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 71.438505] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 71.681992] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 72.215953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.425421] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 72.620676] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 72.674224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.682788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.806225] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 72.896362] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.038737] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.123845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.132135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.246646] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.253333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.412108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 73.493182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.500843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.564558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.626074] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.632472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.745563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 73.752691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.871990] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.929364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.990663] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 74.033598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.041874] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.112892] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.167851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 74.278091] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 74.346755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.364831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.431717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.490662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.562232] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 74.616820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.633758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.708293] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 74.754264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.875738] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 75.006327] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.141740] audit: type=1400 audit(1559605552.912:38): avc: denied { associate } for pid=7635 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 23:45:54 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x7fff}, 0x8) shutdown(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000100), 0x4) 23:45:56 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x7fff}, 0x8) shutdown(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000100), 0x4) [ 78.774650] IPVS: ftp: loaded support on port[0] = 21 [ 79.013713] NET: Registered protocol family 30 [ 79.143549] Failed to register TIPC socket type 23:45:57 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x7fff}, 0x8) shutdown(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000100), 0x4) [ 79.969202] IPVS: ftp: loaded support on port[0] = 21 [ 80.047149] IPVS: ftp: loaded support on port[0] = 21 [ 80.078295] IPVS: ftp: loaded support on port[0] = 21 [ 80.088790] NET: Registered protocol family 30 [ 80.146609] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 80.180370] Failed to register TIPC socket type [ 80.192470] IPVS: ftp: loaded support on port[0] = 21 [ 80.240914] ------------[ cut here ]------------ [ 80.245730] kernel BUG at lib/list_debug.c:29! [ 80.294487] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 80.300013] CPU: 1 PID: 8264 Comm: syz-executor.2 Not tainted 4.19.47 #19 [ 80.306952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.317725] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 80.322941] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 80.341875] RSP: 0018:ffff8880670e7b88 EFLAGS: 00010282 [ 80.347250] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 80.354700] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ce1cf63 [ 80.362070] RBP: ffff8880670e7ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 80.369358] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 80.376846] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 80.384131] FS: 0000000001965940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 80.392369] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.398263] CR2: 00007effaeaa81b0 CR3: 0000000067092000 CR4: 00000000001406e0 [ 80.405567] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.412846] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.420127] Call Trace: [ 80.422725] ? mutex_lock_nested+0x16/0x20 [ 80.426981] proto_register+0x459/0x8e0 [ 80.430966] tipc_socket_init+0x1c/0x70 [ 80.434946] tipc_init_net+0x2ed/0x570 [ 80.438834] ? tipc_exit_net+0x40/0x40 [ 80.443455] ops_init+0xb3/0x410 [ 80.446831] setup_net+0x2d3/0x740 [ 80.450382] ? lock_acquire+0x16f/0x3f0 [ 80.454357] ? ops_init+0x410/0x410 [ 80.457993] copy_net_ns+0x1df/0x340 [ 80.461710] create_new_namespaces+0x400/0x7b0 [ 80.466320] unshare_nsproxy_namespaces+0xc2/0x200 [ 80.471461] ksys_unshare+0x440/0x980 [ 80.475311] ? walk_process_tree+0x2c0/0x2c0 [ 80.479730] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 80.484495] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.489866] ? do_syscall_64+0x26/0x620 [ 80.493850] ? lockdep_hardirqs_on+0x415/0x5d0 [ 80.498440] __x64_sys_unshare+0x31/0x40 [ 80.502679] do_syscall_64+0xfd/0x620 [ 80.506488] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.511679] RIP: 0033:0x45bd47 [ 80.514881] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.533787] RSP: 002b:00007ffd6cedd428 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 80.541625] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 80.548905] RDX: 0000000000000000 RSI: 00007ffd6cedd3d0 RDI: 0000000040000000 [ 80.556272] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 80.563647] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8 [ 80.570929] R13: 00007ffd6cedd698 R14: 0000000000000000 R15: 0000000000000000 [ 80.578442] Modules linked in: [ 80.582426] ---[ end trace 5be60c9fea7c85b9 ]--- [ 80.587326] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 80.592519] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 80.611574] RSP: 0018:ffff8880670e7b88 EFLAGS: 00010282 [ 80.617019] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 80.624328] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ce1cf63 [ 80.631787] RBP: ffff8880670e7ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 80.639112] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 80.646430] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 80.653783] FS: 0000000001965940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 80.662105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.668037] CR2: 00007effaeaa81b0 CR3: 0000000067092000 CR4: 00000000001406e0 [ 80.675352] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.682628] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.690294] Kernel panic - not syncing: Fatal exception [ 80.697084] Kernel Offset: disabled [ 80.700743] Rebooting in 86400 seconds..