[....] Starting periodic command scheduler: cron[ 46.297713] audit: type=1800 audit(1559603386.782:30): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 52.535202] kauditd_printk_skb: 4 callbacks suppressed [ 52.535218] audit: type=1400 audit(1559603393.022:35): avc: denied { map } for pid=7968 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. 2019/06/03 23:09:59 fuzzer started [ 59.207290] audit: type=1400 audit(1559603399.692:36): avc: denied { map } for pid=7977 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/03 23:10:02 dialing manager at 10.128.0.105:46883 2019/06/03 23:10:02 syscalls: 2456 2019/06/03 23:10:02 code coverage: enabled 2019/06/03 23:10:02 comparison tracing: enabled 2019/06/03 23:10:02 extra coverage: extra coverage is not supported by the kernel 2019/06/03 23:10:02 setuid sandbox: enabled 2019/06/03 23:10:02 namespace sandbox: enabled 2019/06/03 23:10:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/03 23:10:02 fault injection: enabled 2019/06/03 23:10:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/03 23:10:02 net packet injection: enabled 2019/06/03 23:10:02 net device setup: enabled 23:10:07 executing program 0: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43}, 0x34e) r1 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000200)={0x18, 0x14, 0x301, 0x0, 0x0, {0x1e}, [@generic="c1"]}, 0x18}}, 0x0) [ 66.794970] audit: type=1400 audit(1559603407.282:37): avc: denied { map } for pid=7994 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=36 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 66.915980] IPVS: ftp: loaded support on port[0] = 21 [ 66.926370] NET: Registered protocol family 30 [ 66.930995] Failed to register TIPC socket type 23:10:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000240)="39000000130009006900000000000000ab008048100000004600010700000014190001c010000000000003f5000000000000ef38bf461e59d7", 0x39}], 0x1) [ 67.159905] IPVS: ftp: loaded support on port[0] = 21 [ 67.176780] NET: Registered protocol family 30 [ 67.181524] Failed to register TIPC socket type 23:10:07 executing program 2: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={[{@fat=@flush='flush'}]}) [ 67.467587] IPVS: ftp: loaded support on port[0] = 21 [ 67.496988] NET: Registered protocol family 30 [ 67.501620] Failed to register TIPC socket type 23:10:08 executing program 3: r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) [ 67.990180] IPVS: ftp: loaded support on port[0] = 21 [ 68.017684] NET: Registered protocol family 30 [ 68.032401] Failed to register TIPC socket type 23:10:08 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) write(r1, &(0x7f0000000100), 0x1ede5) sendto$inet6(r1, &(0x7f0000000080)='u', 0x1, 0x0, 0x0, 0x0) r2 = accept(r0, 0x0, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000200)="03", 0x1}], 0x1) [ 68.600080] IPVS: ftp: loaded support on port[0] = 21 [ 68.626557] NET: Registered protocol family 30 [ 68.631194] Failed to register TIPC socket type 23:10:09 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r1 = dup2(r0, 0xffffffffffffff9c) write$cgroup_subtree(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="2f6d656d6f7279202d72646d61202b63707520006d656d6f7279204177cf97264a1b62cf7280c192c6036501d08638a13361a419c31846785e3f26802d48496622c3d170e0c87c06c6fbfc49f09d0b26094cd5f8ec4bd91f66287e57464c9cbd3c72a13ebac0dc0a55c6607346ee95a3cbbbdb96695f26d0d4cd44dc85477c44d8766efc1f69304253165fdcc25a96678a7d8ba002f9ae8fd5fe801de368504a543b43969abade2fdf8021761ca5ab4dfd5fb3b3933d37aa7bc49d78eac255f5b3dbe9dd84d87a16e562c6aabf6687e772a815eb1a16cedf1ac8d3a3d20af6d8b3f618d3bd08a240980f565f966a00a58d3bb0ab43928d368318442f700f87bd71080eb0b465bf618c8686e857840eefd013623eebb4ef55538aa95bc4584a8c53acc0aae51cb0eb3128d8a06d2fe32be74f"], 0x132) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6(0xa, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/igmp\x00') mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffd000/0x1000)=nil) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540), 0xc1}, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000300)="e65ec6579fad2b31c93d9d829577481f82f59fc706f4782ace8b5299df4da42597aadfa842b08fa7e394e46473fa0dfa2daec061593b09f7152d9bea2b49fada15ffeb403640e7355dc68e80c652cd2766454ad7a0ae47d541b5043730a82ddf35d1e727b38d8fb490ec0c71", 0x6c) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000040)={'veth1_to_bond\x00', 0x101}) ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000200)=0x80) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000100)={0x3, &(0x7f00000000c0)=[{}, {}, {}]}) bind$inet6(r3, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f0000000080)) mknod(&(0x7f0000000280)='./bus\x00', 0x0, 0x419) ioctl$EXT4_IOC_GROUP_EXTEND(r3, 0x40086607, &(0x7f0000000000)=0xbc9) getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f0000000140), &(0x7f0000000240)=0xc) getsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000001c0), 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x7, 0x950, r4, 0x0) r5 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000840)='./bus\x00', &(0x7f00000002c0)='security.SMACK64TRANSMUTE\x00', &(0x7f00000008c0)='TRUE', 0x4, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000400)=0x1, 0x4) ftruncate(r5, 0x2007fff) sendfile(r4, r5, &(0x7f0000d83ff8), 0x8000fffffffe) [ 69.270137] IPVS: ftp: loaded support on port[0] = 21 [ 69.296519] NET: Registered protocol family 30 [ 69.301150] Failed to register TIPC socket type [ 70.083002] chnl_net:caif_netlink_parms(): no params data found [ 70.518088] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.585160] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.701435] device bridge_slave_0 entered promiscuous mode [ 70.800071] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.962944] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.082251] device bridge_slave_1 entered promiscuous mode [ 71.483804] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 71.872641] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 72.355045] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 72.534700] team0: Port device team_slave_0 added [ 72.718973] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 72.968691] team0: Port device team_slave_1 added [ 73.123348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 73.257989] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 73.919348] device hsr_slave_0 entered promiscuous mode [ 74.265269] device hsr_slave_1 entered promiscuous mode [ 74.423034] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 74.523615] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 74.742803] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 75.404357] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.608259] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 75.843766] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 75.931124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.953882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.084559] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 76.133186] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.284706] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 76.382302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.390684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.533261] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.540013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.659296] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 76.762331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.769810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.882459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.942455] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.948909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.058667] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 77.119824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.223972] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 77.312409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.396072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 77.457736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.484047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.572822] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 77.632794] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.640351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.699324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.788667] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 77.853082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.860947] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.994520] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 78.073074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.103958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.179602] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 78.243267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.393646] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 78.532750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.682227] audit: type=1400 audit(1559603419.162:38): avc: denied { associate } for pid=7995 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 23:10:21 executing program 0: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43}, 0x34e) r1 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000200)={0x18, 0x14, 0x301, 0x0, 0x0, {0x1e}, [@generic="c1"]}, 0x18}}, 0x0) 23:10:22 executing program 0: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43}, 0x34e) r1 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000200)={0x18, 0x14, 0x301, 0x0, 0x0, {0x1e}, [@generic="c1"]}, 0x18}}, 0x0) 23:10:23 executing program 0: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43}, 0x34e) r1 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000200)={0x18, 0x14, 0x301, 0x0, 0x0, {0x1e}, [@generic="c1"]}, 0x18}}, 0x0) [ 84.367287] IPVS: ftp: loaded support on port[0] = 21 23:10:24 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x3, 0x0) close(r0) [ 84.616477] NET: Registered protocol family 30 [ 84.621113] Failed to register TIPC socket type [ 84.625059] cache_from_obj: Wrong slab cache. TIPC but object is from kmalloc-2048 [ 84.633916] WARNING: CPU: 1 PID: 18 at mm/slab.h:380 kmem_cache_free.cold+0x1c/0x23 [ 84.641726] Kernel panic - not syncing: panic_on_warn set ... [ 84.641726] [ 84.649110] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.47 #19 [ 84.655614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.664976] Call Trace: [ 84.667626] dump_stack+0x172/0x1f0 [ 84.671306] panic+0x263/0x507 [ 84.674531] ? __warn_printk+0xf3/0xf3 [ 84.678468] ? kmem_cache_free.cold+0x1c/0x23 [ 84.682990] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.688551] ? __warn.cold+0x5/0x4a [ 84.692205] ? __warn+0xe8/0x1d0 [ 84.695695] ? kmem_cache_free.cold+0x1c/0x23 [ 84.700226] __warn.cold+0x20/0x4a [ 84.703503] IPVS: ftp: loaded support on port[0] = 21 [ 84.703801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.714555] ? kmem_cache_free.cold+0x1c/0x23 [ 84.719196] report_bug+0x263/0x2b0 [ 84.722855] do_error_trap+0x204/0x360 [ 84.726797] ? math_error+0x340/0x340 [ 84.730632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.736197] ? wake_up_klogd+0x99/0xd0 [ 84.740116] ? error_entry+0x76/0xd0 [ 84.743901] ? trace_hardirqs_off_caller+0x65/0x220 [ 84.749039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 84.753905] do_invalid_op+0x1b/0x20 [ 84.756527] IPVS: ftp: loaded support on port[0] = 21 [ 84.757666] invalid_op+0x14/0x20 [ 84.766675] RIP: 0010:kmem_cache_free.cold+0x1c/0x23 [ 84.771799] Code: e8 95 ab 47 05 44 8b 6d c4 e9 74 a5 ff ff 48 8b 48 58 48 c7 c6 c0 44 54 87 48 c7 c7 78 66 38 88 49 8b 54 24 58 e8 44 3d b4 ff <0f> 0b e9 89 df ff ff 49 8b 4f 58 48 c7 c6 c0 44 54 87 48 c7 c7 78 [ 84.790726] RSP: 0018:ffff8880aa2a7ba8 EFLAGS: 00010286 [ 84.796117] RAX: 0000000000000046 RBX: ffff888098a353c0 RCX: 0000000000000000 [ 84.798065] IPVS: ftp: loaded support on port[0] = 21 [ 84.803401] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed1015454f67 [ 84.803410] RBP: ffff8880aa2a7bc8 R08: 0000000000000046 R09: ffffed1015d24fe9 [ 84.803418] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffff88806bb94a80 [ 84.803425] R13: 0000000000000000 R14: ffff88806bb94a80 R15: ffff888098a356d0 [ 84.803454] ? vprintk_func+0x86/0x189 [ 84.803475] ? kmem_cache_free.cold+0x1c/0x23 [ 84.846240] __sk_destruct+0x4b4/0x6d0 [ 84.849344] IPVS: ftp: loaded support on port[0] = 21 [ 84.850327] ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0 [ 84.860893] sk_destruct+0x7b/0x90 [ 84.864462] __sk_free+0xce/0x300 [ 84.867974] sk_free+0x42/0x50 [ 84.871288] tipc_sk_callback+0x48/0x60 [ 84.875289] rcu_process_callbacks+0xba0/0x1a30 [ 84.879988] ? __rcu_read_unlock+0x170/0x170 [ 84.884424] ? sched_clock+0x2e/0x50 [ 84.888174] __do_softirq+0x25c/0x921 [ 84.892023] ? takeover_tasklets+0x7b0/0x7b0 [ 84.896456] run_ksoftirqd+0x8e/0x110 [ 84.900280] smpboot_thread_fn+0x6a3/0xa30 [ 84.904633] ? sort_range+0x30/0x30 [ 84.908559] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 84.914134] ? __kthread_parkme+0xfb/0x1b0 [ 84.916651] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 84.918406] kthread+0x354/0x420 [ 84.931342] ? sort_range+0x30/0x30 [ 84.934992] ? kthread_delayed_work_timer_fn+0x290/0x290 [ 84.940482] ret_from_fork+0x24/0x30 [ 84.945374] Kernel Offset: disabled [ 84.949070] Rebooting in 86400 seconds..