Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. 2019/06/04 02:34:57 fuzzer started [ 61.470096] audit: type=1400 audit(1559615697.828:36): avc: denied { map } for pid=7930 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 02:35:00 dialing manager at 10.128.0.105:38735 2019/06/04 02:35:01 syscalls: 2460 2019/06/04 02:35:01 code coverage: enabled 2019/06/04 02:35:01 comparison tracing: enabled 2019/06/04 02:35:01 extra coverage: extra coverage is not supported by the kernel 2019/06/04 02:35:01 setuid sandbox: enabled 2019/06/04 02:35:01 namespace sandbox: enabled 2019/06/04 02:35:01 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 02:35:01 fault injection: enabled 2019/06/04 02:35:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 02:35:01 net packet injection: enabled 2019/06/04 02:35:01 net device setup: enabled 02:35:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000080)) [ 66.696573] audit: type=1400 audit(1559615703.058:37): avc: denied { map } for pid=7947 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=72 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 66.816525] IPVS: ftp: loaded support on port[0] = 21 [ 66.827138] NET: Registered protocol family 30 [ 66.831961] Failed to register TIPC socket type 02:35:03 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x8765) r1 = syz_open_procfs(0x0, 0x0) ioctl$VIDIOC_ENUM_DV_TIMINGS(r1, 0xc0945662, 0x0) [ 67.090755] IPVS: ftp: loaded support on port[0] = 21 [ 67.107880] NET: Registered protocol family 30 [ 67.112537] Failed to register TIPC socket type 02:35:03 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000001000)=@filter={'filter\x00', 0xe, 0x1, 0x1dc, [0x0, 0x200005c0, 0x2000073c, 0x2000076c], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000001000000000000000000000000000000feffffff010000000300000000000000080065716c000000000000000000000000006970366772653000000000000400000074756e6c30000000000000000000000069726c616e30000000000000e6ff00000000000000000000000000000180c20000000000000000000000e8000000240100004c01000069700000000000000000000000000000000000000000000000000000000000001c00000000000000ac00001d3040e89c0a1fdf85a4000000e2b4d329a1000000737461746973746963000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000052415445455354000000000000000000000000000000050000000000000000001800000073797a30000000000000000000001f0000000000000000004155444954000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff00000000"]}, 0x254) [ 67.377333] IPVS: ftp: loaded support on port[0] = 21 [ 67.398351] NET: Registered protocol family 30 [ 67.403000] Failed to register TIPC socket type 02:35:04 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) set_mempolicy(0x2, &(0x7f0000000180)=0xe692, 0x5) sendfile(r0, r0, 0x0, 0x2000005) [ 67.929495] IPVS: ftp: loaded support on port[0] = 21 [ 67.957679] NET: Registered protocol family 30 [ 67.962325] Failed to register TIPC socket type 02:35:04 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0x2, 0x0, @local={0xac, 0x2c0}}, 0xffd6, &(0x7f0000000640), 0x98, &(0x7f0000000000)=[{0x18, 0x84}], 0x1f}, 0xfc) [ 68.480993] IPVS: ftp: loaded support on port[0] = 21 [ 68.517630] NET: Registered protocol family 30 [ 68.522276] Failed to register TIPC socket type 02:35:05 executing program 5: r0 = socket$kcm(0x2, 0x2, 0x73) getsockname$netlink(r0, 0x0, &(0x7f0000000040)) [ 69.149111] IPVS: ftp: loaded support on port[0] = 21 [ 69.207579] NET: Registered protocol family 30 [ 69.212225] Failed to register TIPC socket type [ 69.947913] chnl_net:caif_netlink_parms(): no params data found [ 70.409027] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.474404] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.544041] device bridge_slave_0 entered promiscuous mode [ 70.616209] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.622833] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.754637] device bridge_slave_1 entered promiscuous mode [ 71.294583] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 71.549147] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 72.185022] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 72.364377] team0: Port device team_slave_0 added [ 72.592097] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 72.724653] team0: Port device team_slave_1 added [ 72.907487] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 73.165159] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 73.850176] device hsr_slave_0 entered promiscuous mode [ 74.165750] device hsr_slave_1 entered promiscuous mode [ 74.421015] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 74.584287] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 74.814819] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 75.367674] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.544888] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 75.744879] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 75.872734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.887900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.994401] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 76.081637] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.226218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 76.276509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.287069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.474179] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.480828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.599662] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 76.701264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.709868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.821881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.912895] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.919355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.015481] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 77.092660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.184598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 77.263447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.344985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 77.424102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.432897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.504766] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.588254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 77.646391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.688161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.776127] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 77.840578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.858817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.946108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 77.954672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.962511] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.149164] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 78.208393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.365400] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 78.531082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.668340] audit: type=1400 audit(1559615715.028:38): avc: denied { associate } for pid=7948 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 79.338183] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 02:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000080)) 02:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000080)) 02:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000080)) 02:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000080)) 02:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000080)) 02:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000080)) 02:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000080)) [ 85.968829] IPVS: ftp: loaded support on port[0] = 21 [ 85.987615] NET: Registered protocol family 30 [ 85.992272] Failed to register TIPC socket type [ 86.056484] IPVS: ftp: loaded support on port[0] = 21 [ 86.065854] IPVS: ftp: loaded support on port[0] = 21 [ 86.071683] IPVS: ftp: loaded support on port[0] = 21 [ 86.082377] IPVS: ftp: loaded support on port[0] = 21 [ 86.089368] NET: Registered protocol family 30 [ 86.090626] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 86.104689] Failed to register TIPC socket type [ 86.108268] ------------[ cut here ]------------ [ 86.114177] kernel BUG at lib/list_debug.c:29! [ 86.119224] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 86.124617] CPU: 0 PID: 8641 Comm: syz-executor.3 Not tainted 4.19.47 #19 [ 86.131548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.141218] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 86.146514] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 86.165429] RSP: 0018:ffff888077bcfb88 EFLAGS: 00010282 [ 86.170818] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 86.178108] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ef79f63 [ 86.185707] RBP: ffff888077bcfba0 R08: 0000000000000058 R09: ffffed1015d03ee3 [ 86.192990] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: ffffffff892e7630 [ 86.200366] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 86.207736] FS: 00000000012f7940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 86.215976] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.221872] CR2: 0000000000a75e58 CR3: 0000000077f3f000 CR4: 00000000001426f0 [ 86.229153] Call Trace: [ 86.231762] ? mutex_lock_nested+0x16/0x20 [ 86.236013] proto_register+0x459/0x8e0 [ 86.240008] tipc_socket_init+0x1c/0x70 [ 86.243997] tipc_init_net+0x2ed/0x570 [ 86.247898] ? tipc_exit_net+0x40/0x40 [ 86.251804] ops_init+0xb3/0x410 [ 86.255198] setup_net+0x2d3/0x740 [ 86.258751] ? lock_acquire+0x16f/0x3f0 [ 86.262741] ? ops_init+0x410/0x410 [ 86.266386] copy_net_ns+0x1df/0x340 [ 86.270123] create_new_namespaces+0x400/0x7b0 [ 86.274724] unshare_nsproxy_namespaces+0xc2/0x200 [ 86.279759] ksys_unshare+0x440/0x980 [ 86.283580] ? walk_process_tree+0x2c0/0x2c0 [ 86.288025] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 86.292822] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.298224] ? do_syscall_64+0x26/0x620 [ 86.302213] ? lockdep_hardirqs_on+0x415/0x5d0 [ 86.306996] __x64_sys_unshare+0x31/0x40 [ 86.311078] do_syscall_64+0xfd/0x620 [ 86.314900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.320105] RIP: 0033:0x45bd47 [ 86.324979] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.344160] RSP: 002b:00007ffdb1cba338 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 86.351888] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 86.359195] RDX: 0000000000000000 RSI: 00007ffdb1cba2e0 RDI: 0000000040000000 [ 86.366480] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 86.377698] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075c9a8 [ 86.384981] R13: 00007ffdb1cba5a8 R14: 0000000000000000 R15: 0000000000000000 [ 86.392270] Modules linked in: [ 86.397099] ---[ end trace 0ea0d80ef64386a9 ]--- [ 86.401904] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 86.407817] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 86.426805] RSP: 0018:ffff888077bcfb88 EFLAGS: 00010282 [ 86.432437] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 86.440072] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ef79f63 [ 86.447410] RBP: ffff888077bcfba0 R08: 0000000000000058 R09: ffffed1015d03ee3 [ 86.454964] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: ffffffff892e7630 [ 86.462632] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 86.469986] FS: 00000000012f7940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 86.478289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.484252] CR2: 0000000000a75e58 CR3: 0000000077f3f000 CR4: 00000000001426f0 [ 86.491757] Kernel panic - not syncing: Fatal exception [ 86.498243] Kernel Offset: disabled [ 86.501883] Rebooting in 86400 seconds..