Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts.
2019/06/04 02:57:38 fuzzer started
[   64.580457] audit: type=1400 audit(1559617058.480:36): avc:  denied  { map } for  pid=8109 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/06/04 02:57:41 dialing manager at 10.128.0.105:38735
2019/06/04 02:57:41 syscalls: 2460
2019/06/04 02:57:41 code coverage: enabled
2019/06/04 02:57:41 comparison tracing: enabled
2019/06/04 02:57:41 extra coverage: extra coverage is not supported by the kernel
2019/06/04 02:57:41 setuid sandbox: enabled
2019/06/04 02:57:41 namespace sandbox: enabled
2019/06/04 02:57:41 Android sandbox: /sys/fs/selinux/policy does not exist
2019/06/04 02:57:41 fault injection: enabled
2019/06/04 02:57:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/06/04 02:57:41 net packet injection: enabled
2019/06/04 02:57:41 net device setup: enabled
02:57:43 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="fbdb1f123c123f319bd070")
r1 = socket$inet(0x10, 0x800000003, 0xc)
sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000020707681dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0)

[   69.813165] audit: type=1400 audit(1559617063.720:37): avc:  denied  { map } for  pid=8126 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13996 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   69.946723] IPVS: ftp: loaded support on port[0] = 21
[   69.957204] NET: Registered protocol family 30
[   69.961993] Failed to register TIPC socket type
02:57:43 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff020}, {0x80000006}]}, 0x10)

[   70.258931] IPVS: ftp: loaded support on port[0] = 21
[   70.275732] NET: Registered protocol family 30
[   70.280374] Failed to register TIPC socket type
02:57:44 executing program 2:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0)

[   70.635862] IPVS: ftp: loaded support on port[0] = 21
[   70.655663] NET: Registered protocol family 30
[   70.660303] Failed to register TIPC socket type
02:57:44 executing program 3:
r0 = socket(0x80000000000000a, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [], @loopback}}, 0x1c)
sendmsg$alg(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@assoc={0x18, 0x29, 0xb}], 0x18}, 0x0)

[   71.257267] IPVS: ftp: loaded support on port[0] = 21
[   71.285799] NET: Registered protocol family 30
[   71.290444] Failed to register TIPC socket type
02:57:45 executing program 4:
r0 = memfd_create(&(0x7f0000001fc1)='#vmnet1nodevem1\x00', 0x0)
write(r0, &(0x7f0000002000)='/', 0x1)
sendfile(r0, r0, &(0x7f0000000100), 0x7f)
sendfile(r0, r0, &(0x7f0000001000), 0xfec)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0)
mount(&(0x7f0000000080), &(0x7f0000000080)='./file1\x00', 0x0, 0x1000, 0x0)

[   72.014004] IPVS: ftp: loaded support on port[0] = 21
[   72.044831] NET: Registered protocol family 30
[   72.049478] Failed to register TIPC socket type
02:57:46 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
msync(&(0x7f00009d4000/0x2000)=nil, 0x2000, 0x4)

[   72.769844] IPVS: ftp: loaded support on port[0] = 21
[   72.875706] NET: Registered protocol family 30
[   72.880439] Failed to register TIPC socket type
[   72.954237] chnl_net:caif_netlink_parms(): no params data found
[   73.465032] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.540356] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.589635] device bridge_slave_0 entered promiscuous mode
[   73.792158] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.799198] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.902555] device bridge_slave_1 entered promiscuous mode
[   74.333961] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   74.613099] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   75.194906] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   75.416817] team0: Port device team_slave_0 added
[   75.698981] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   75.835970] team0: Port device team_slave_1 added
[   76.015020] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   76.333524] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   77.386036] device hsr_slave_0 entered promiscuous mode
[   77.765843] device hsr_slave_1 entered promiscuous mode
[   77.956685] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   78.122114] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   78.412933] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   79.033126] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.258180] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   79.472586] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   79.478934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   79.499366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.694450] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   79.700606] 8021q: adding VLAN 0 to HW filter on device team0
[   80.002665] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   80.010019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   80.041422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   80.121190] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.127826] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.313994] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   80.432788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   80.440263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   80.532651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   80.601162] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.607568] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.745716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   80.802252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   80.912639] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   80.920350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   81.067958] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   81.136707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   81.169468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   81.303663] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   81.310917] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   81.319166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   81.389281] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   81.500336] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   81.591162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   81.599546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   81.724124] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   81.792461] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   81.800307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   81.913883] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   81.919982] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   82.143487] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   82.344852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.523396] audit: type=1400 audit(1559617076.430:38): avc:  denied  { associate } for  pid=8127 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   84.371626] audit: type=1400 audit(1559617078.280:39): avc:  denied  { create } for  pid=8621 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   84.373348] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   84.775918] audit: type=1400 audit(1559617078.280:40): avc:  denied  { write } for  pid=8621 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
02:58:02 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="fbdb1f123c123f319bd070")
r1 = socket$inet(0x10, 0x800000003, 0xc)
sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000020707681dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0)

02:58:02 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="fbdb1f123c123f319bd070")
r1 = socket$inet(0x10, 0x800000003, 0xc)
sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000020707681dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0)

[   89.052078] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
02:58:03 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="fbdb1f123c123f319bd070")
r1 = socket$inet(0x10, 0x800000003, 0xc)
sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000020707681dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0)

02:58:03 executing program 0:
r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="7f454c46000000d2000000000000000003003e00000010000000000a0080020040000000000000000000000020000000000401000000380002"], 0x39)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

[   89.097478] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   89.137017] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
02:58:03 executing program 0:
r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="7f454c46000000d2000000000000000003003e00000010000000000a0080020040000000000000000000000020000000000401000000380002"], 0x39)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

02:58:03 executing program 0:
r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="7f454c46000000d2000000000000000003003e00000010000000000a0080020040000000000000000000000020000000000401000000380002"], 0x39)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

02:58:03 executing program 0:
r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="7f454c46000000d2000000000000000003003e00000010000000000a0080020040000000000000000000000020000000000401000000380002"], 0x39)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

[   90.117454] IPVS: ftp: loaded support on port[0] = 21
[   90.145512] NET: Registered protocol family 30
[   90.150162] Failed to register TIPC socket type
[   90.237543] IPVS: ftp: loaded support on port[0] = 21
[   90.259247] IPVS: ftp: loaded support on port[0] = 21
[   90.269442] NET: Registered protocol family 30
[   90.279268] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630.
[   90.288802] IPVS: ftp: loaded support on port[0] = 21
[   90.296181] Failed to register TIPC socket type
[   90.297759] IPVS: ftp: loaded support on port[0] = 21
[   90.302767] ------------[ cut here ]------------
[   90.312164] kernel BUG at lib/list_debug.c:29!
[   90.317569] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   90.322967] CPU: 0 PID: 8820 Comm: syz-executor.4 Not tainted 4.19.47 #19
[   90.329915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   90.339890] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[   90.345117] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b
[   90.364610] RSP: 0018:ffff88807711fb88 EFLAGS: 00010282
[   90.370187] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000
[   90.377830] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ee23f63
[   90.385708] RBP: ffff88807711fba0 R08: 0000000000000058 R09: ffffed1015d03ee3
[   90.393265] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: ffffffff892e7630
[   90.400736] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0
[   90.408635] FS:  000000000145c940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   90.417469] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   90.423860] CR2: 0000000000a75e58 CR3: 000000007a2e5000 CR4: 00000000001406f0
[   90.431392] Call Trace:
[   90.434129]  ? mutex_lock_nested+0x16/0x20
[   90.438449]  proto_register+0x459/0x8e0
[   90.442604]  tipc_socket_init+0x1c/0x70
[   90.446606]  tipc_init_net+0x2ed/0x570
[   90.450512]  ? tipc_exit_net+0x40/0x40
[   90.454423]  ops_init+0xb3/0x410
[   90.457855]  setup_net+0x2d3/0x740
[   90.461561]  ? lock_acquire+0x16f/0x3f0
[   90.465677]  ? ops_init+0x410/0x410
[   90.469403]  copy_net_ns+0x1df/0x340
[   90.473244]  create_new_namespaces+0x400/0x7b0
[   90.477976]  unshare_nsproxy_namespaces+0xc2/0x200
[   90.482986]  ksys_unshare+0x440/0x980
[   90.486809]  ? walk_process_tree+0x2c0/0x2c0
[   90.491251]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   90.496127]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   90.501832]  ? do_syscall_64+0x26/0x620
[   90.505913]  ? lockdep_hardirqs_on+0x415/0x5d0
[   90.510698]  __x64_sys_unshare+0x31/0x40
[   90.514779]  do_syscall_64+0xfd/0x620
[   90.518597]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   90.523803] RIP: 0033:0x45bd47
[   90.527015] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   90.546919] RSP: 002b:00007fff23e77d78 EFLAGS: 00000202 ORIG_RAX: 0000000000000110
[   90.554898] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47
[   90.562471] RDX: 0000000000000000 RSI: 00007fff23e77d20 RDI: 0000000040000000
[   90.570080] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[   90.577487] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8
[   90.585162] R13: 00007fff23e77fe8 R14: 0000000000000000 R15: 0000000000000000
[   90.592457] Modules linked in:
[   90.597506] ---[ end trace f378365dbe49d565 ]---
[   90.602368] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[   90.607774] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b
[   90.628266] RSP: 0018:ffff88807711fb88 EFLAGS: 00010282
[   90.634504] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000
[   90.642212] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ee23f63
[   90.649847] RBP: ffff88807711fba0 R08: 0000000000000058 R09: ffffed1015d03ee3
[   90.657475] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: ffffffff892e7630
[   90.664827] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0
[   90.672461] FS:  000000000145c940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   90.680930] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   90.686835] CR2: 0000000000a75e58 CR3: 000000007a2e5000 CR4: 00000000001406f0
[   90.694188] Kernel panic - not syncing: Fatal exception
[   90.701186] Kernel Offset: disabled
[   90.705037] Rebooting in 86400 seconds..