Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. 2019/06/04 06:05:01 fuzzer started [ 56.822590] audit: type=1400 audit(1559628301.864:36): avc: denied { map } for pid=7926 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 06:05:04 dialing manager at 10.128.0.105:38735 2019/06/04 06:05:04 syscalls: 2460 2019/06/04 06:05:04 code coverage: enabled 2019/06/04 06:05:04 comparison tracing: enabled 2019/06/04 06:05:04 extra coverage: extra coverage is not supported by the kernel 2019/06/04 06:05:04 setuid sandbox: enabled 2019/06/04 06:05:04 namespace sandbox: enabled 2019/06/04 06:05:04 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 06:05:04 fault injection: enabled 2019/06/04 06:05:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 06:05:04 net packet injection: enabled 2019/06/04 06:05:04 net device setup: enabled 06:05:07 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) ioctl$PPPIOCSPASS(r0, 0x4004743c, 0x0) [ 62.555131] audit: type=1400 audit(1559628307.594:37): avc: denied { map } for pid=7943 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14973 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 06:05:07 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x6e8, 0x800000101, 0x10000000005}, 0xd) [ 62.683877] IPVS: ftp: loaded support on port[0] = 21 [ 62.694330] NET: Registered protocol family 30 [ 62.699515] Failed to register TIPC socket type [ 62.843166] IPVS: ftp: loaded support on port[0] = 21 [ 62.853255] NET: Registered protocol family 30 [ 62.858450] Failed to register TIPC socket type 06:05:08 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge_slave_0\x00\x04'}) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000540)={@local, 0x3, r2}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00?', 0x22000000c0ffffff}) [ 63.269890] IPVS: ftp: loaded support on port[0] = 21 [ 63.291291] NET: Registered protocol family 30 [ 63.295917] Failed to register TIPC socket type 06:05:08 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x4, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000180)={0x10000000002, 0x0, 0x0, {0x0, 0x0, 0xe7ff}}) [ 63.749999] IPVS: ftp: loaded support on port[0] = 21 [ 63.769501] NET: Registered protocol family 30 [ 63.774121] Failed to register TIPC socket type 06:05:09 executing program 4: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x220000000032, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000040)={0x0, @multicast2, 0x0, 0x0, 'nq\x00'}, 0x2c) [ 64.322189] IPVS: ftp: loaded support on port[0] = 21 [ 64.361044] NET: Registered protocol family 30 [ 64.365663] Failed to register TIPC socket type 06:05:09 executing program 5: socketpair$unix(0x1, 0x4000000000002, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffee1, 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) ppoll(&(0x7f0000000500)=[{r1, 0x2103, 0x64}], 0x1, &(0x7f0000000580)={0x0, r2+10000000}, 0x0, 0x0) [ 64.974385] IPVS: ftp: loaded support on port[0] = 21 [ 65.010936] NET: Registered protocol family 30 [ 65.015583] Failed to register TIPC socket type [ 65.711046] chnl_net:caif_netlink_parms(): no params data found [ 66.293431] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.413443] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.578204] device bridge_slave_0 entered promiscuous mode [ 66.669633] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.676136] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.757718] device bridge_slave_1 entered promiscuous mode [ 67.209252] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.440015] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.029325] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.136217] team0: Port device team_slave_0 added [ 68.373235] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.408544] team0: Port device team_slave_1 added [ 68.571535] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 68.715827] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.354502] device hsr_slave_0 entered promiscuous mode [ 69.530309] device hsr_slave_1 entered promiscuous mode [ 69.700168] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 69.822870] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 70.064552] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.728254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.939278] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 71.098770] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 71.105126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.139993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.319765] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 71.325910] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.568230] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.575399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.598543] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.698288] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.704918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.899188] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.906781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.915815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.998289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.077388] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.083794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.183014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.257979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.373164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.427780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.538321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.545698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.580676] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.674162] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.742491] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.769136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.835677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.929963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 73.101266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 73.179002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.187238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.273201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.318314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.366089] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 73.436716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.549585] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 73.683258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.811843] audit: type=1400 audit(1559628318.854:38): avc: denied { associate } for pid=7944 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 74.495345] syz-executor.0 (8407) used obsolete PPPIOCDETACH ioctl 06:05:20 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) ioctl$PPPIOCSPASS(r0, 0x4004743c, 0x0) 06:05:22 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) ioctl$PPPIOCSPASS(r0, 0x4004743c, 0x0) 06:05:22 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) ioctl$PPPIOCSPASS(r0, 0x4004743c, 0x0) 06:05:23 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) ioctl$PPPIOCSPASS(r0, 0x4004743c, 0x0) 06:05:23 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) ioctl$PPPIOCSPASS(r0, 0x4004743c, 0x0) [ 78.649398] IPVS: ftp: loaded support on port[0] = 21 [ 78.685083] IPVS: ftp: loaded support on port[0] = 21 [ 78.698686] NET: Registered protocol family 30 [ 78.703307] Failed to register TIPC socket type [ 78.715383] IPVS: ftp: loaded support on port[0] = 21 [ 78.734226] IPVS: ftp: loaded support on port[0] = 21 [ 78.743225] NET: Registered protocol family 30 [ 78.754658] IPVS: ftp: loaded support on port[0] = 21 [ 78.761608] Failed to register TIPC socket type [ 78.763830] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 78.781780] ------------[ cut here ]------------ [ 78.786554] kernel BUG at lib/list_debug.c:29! [ 78.790369] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 78.796693] CPU: 0 PID: 8615 Comm: syz-executor.4 Not tainted 4.19.47 #19 [ 78.803613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.806626] kobject: 'tx-0' (0000000096761fec): calling ktype release [ 78.812982] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 78.813000] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 78.826610] kobject: 'tx-0': free name [ 78.843635] RSP: 0018:ffff888069e1fb88 EFLAGS: 00010282 [ 78.843647] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 78.843654] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100d3c3f63 [ 78.843662] RBP: ffff888069e1fba0 R08: 0000000000000058 R09: ffffed1015d03ee3 [ 78.843669] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: ffffffff892e7630 [ 78.843677] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 78.843687] FS: 0000000001d06940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 78.843695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.843703] CR2: ffffffffff600400 CR3: 0000000069e07000 CR4: 00000000001406f0 [ 78.843715] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.866967] kobject: 'queues' (00000000f2d59b35): kobject_cleanup, parent (null) [ 78.867461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.886617] kobject: 'queues' (00000000f2d59b35): calling ktype release [ 78.889238] Call Trace: [ 78.889263] ? mutex_lock_nested+0x16/0x20 [ 78.889283] proto_register+0x459/0x8e0 [ 78.906625] kobject: 'queues' (00000000f2d59b35): kset_release [ 78.910648] tipc_socket_init+0x1c/0x70 [ 78.910668] tipc_init_net+0x2ed/0x570 [ 78.936653] kobject: 'queues': free name [ 78.940348] ? tipc_exit_net+0x40/0x40 [ 78.940370] ops_init+0xb3/0x410 [ 78.943291] kobject: 'ppp0' (00000000787c2fb6): kobject_uevent_env [ 78.947173] setup_net+0x2d3/0x740 [ 78.947190] ? lock_acquire+0x16f/0x3f0 [ 78.947203] ? ops_init+0x410/0x410 [ 78.947222] copy_net_ns+0x1df/0x340 [ 78.966653] kobject: 'ppp0' (00000000787c2fb6): fill_kobj_path: path = '/devices/virtual/net/ppp0' [ 78.969043] create_new_namespaces+0x400/0x7b0 [ 78.969060] unshare_nsproxy_namespaces+0xc2/0x200 [ 79.016107] ksys_unshare+0x440/0x980 [ 79.019919] ? walk_process_tree+0x2c0/0x2c0 [ 79.024340] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 79.029186] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.034553] ? do_syscall_64+0x26/0x620 [ 79.038539] ? lockdep_hardirqs_on+0x415/0x5d0 [ 79.043128] __x64_sys_unshare+0x31/0x40 [ 79.047194] do_syscall_64+0xfd/0x620 [ 79.051001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.056193] RIP: 0033:0x45bd47 [ 79.059388] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.078297] RSP: 002b:00007ffd7a89fb98 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 79.086017] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 79.093300] RDX: 0000000000000000 RSI: 00007ffd7a89fb40 RDI: 0000000040000000 [ 79.100575] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 79.107845] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075c9a8 [ 79.115118] R13: 00007ffd7a89fe08 R14: 0000000000000000 R15: 0000000000000000 [ 79.122396] Modules linked in: [ 79.135187] ---[ end trace f431a46ac5fda35a ]--- [ 79.140060] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 79.145569] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 79.165085] RSP: 0018:ffff888069e1fb88 EFLAGS: 00010282 [ 79.166680] kobject: 'ppp0' (00000000787c2fb6): kobject_cleanup, parent (null) [ 79.170635] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 79.186474] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100d3c3f63 [ 79.193840] RBP: ffff888069e1fba0 R08: 0000000000000058 R09: ffffed1015d03ee3 [ 79.194095] kobject: 'ppp0' (00000000787c2fb6): calling ktype release [ 79.201190] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: ffffffff892e7630 [ 79.201200] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 79.201211] FS: 0000000001d06940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 79.201218] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 06:05:24 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) ioctl$PPPIOCSPASS(r0, 0x4004743c, 0x0) [ 79.201225] CR2: ffffffffff600400 CR3: 0000000069e07000 CR4: 00000000001406f0 [ 79.201267] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.215876] kobject: 'ppp0': free name [ 79.222814] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.246964] kobject: 'loop0' (000000005cd15d56): kobject_uevent_env [ 79.251350] Kernel panic - not syncing: Fatal exception [ 79.255043] kobject: 'loop0' (000000005cd15d56): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 79.263248] Kernel Offset: disabled [ 79.288021] Rebooting in 86400 seconds..