Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. 2019/05/29 14:21:02 fuzzer started [ 58.352963] audit: type=1400 audit(1559139662.231:36): avc: denied { map } for pid=8090 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/05/29 14:21:05 dialing manager at 10.128.0.105:33829 2019/05/29 14:21:05 syscalls: 2457 2019/05/29 14:21:05 code coverage: enabled 2019/05/29 14:21:05 comparison tracing: enabled 2019/05/29 14:21:05 extra coverage: extra coverage is not supported by the kernel 2019/05/29 14:21:05 setuid sandbox: enabled 2019/05/29 14:21:05 namespace sandbox: enabled 2019/05/29 14:21:05 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/29 14:21:05 fault injection: enabled 2019/05/29 14:21:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/29 14:21:05 net packet injection: enabled 2019/05/29 14:21:05 net device setup: enabled 14:21:06 executing program 0: r0 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) [ 62.788150] audit: type=1400 audit(1559139666.671:37): avc: denied { map } for pid=8107 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=30 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 62.915682] IPVS: ftp: loaded support on port[0] = 21 [ 62.926442] NET: Registered protocol family 30 [ 62.933730] Failed to register TIPC socket type 14:21:06 executing program 1: r0 = socket(0x2, 0x803, 0x1) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) connect$inet(r0, &(0x7f0000390000)={0x2, 0x0, @multicast2}, 0x10) r1 = open(&(0x7f0000000200)='./file0\x00', 0x141046, 0x0) ftruncate(r1, 0x8007ffc) write$binfmt_aout(r1, &(0x7f0000000240)={{}, "d9549d41dc9591ae08c0b7cfe71bbc2394e3fedd3ec0b730bc077d1ac20da0169b2baa6d8f344bb5de14987d71e92ab7b7bc14cc66fb883081c4a4dbf8c14b35cd6c562863c891ad378fcfdae230d287aa1e0032d5e47f43cea3193a520c0ff0b1640f5a59c08dbc8fafeeb0a530896841aec09ab5544fc712481db6a5bd1fadc06fbd92906d9b0005a0f1ed9bf1534d7767f76a76b65c2354c34b8f3e5ff1387fc8b3fd802417fb4133f83e7169d081ab5f7352c2afa6b8c49fa81bb566a4eb16b69a7cbedc61f3da2941f6"}, 0xec) sendfile(r0, r1, 0x0, 0x72439a6b) [ 63.221142] IPVS: ftp: loaded support on port[0] = 21 [ 63.237790] NET: Registered protocol family 30 [ 63.242445] Failed to register TIPC socket type 14:21:07 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") close(r0) [ 63.631153] IPVS: ftp: loaded support on port[0] = 21 [ 63.648023] NET: Registered protocol family 30 [ 63.652663] Failed to register TIPC socket type 14:21:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0xb0, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x4}, @TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8}]}]}, 0xb0}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 64.208694] IPVS: ftp: loaded support on port[0] = 21 [ 64.228477] NET: Registered protocol family 30 [ 64.233125] Failed to register TIPC socket type 14:21:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x21000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001100)=ANY=[@ANYBLOB="02000000bf0100000000000000000000ba010000086e00002123002fde042774602f36cddb4aa287b3b3312d91f7fbcd26167f6444b666b5023d6da31997c5864183bb5548c8d5210899d6b5b6d5efcd76ffd06e3e62e26c761a6047d17f3aed967ad2b9eaceeae2cb7df923371fd5e88cb2109310447fd0b311245765d6097e53a8c17cc048956f81eae779bb571cacac48a457bd4d0318be01a875d8a9d7039d2c88658fdc197346946806aca29bd51e448d160dee6cb1b7154b67078c77c404f67883fdeea217dddce5faf01620da79e102e6baf4f99d80879756b350f508274acd1cd428d448cf820f4706031e75835813e13b954579822cabf5c49c204788c967997833ccbf197ef5fe6a6fa3b8cc8808fb8af13058263c1f576dad05236f15a8d4d9d46f05a2d51006000000756fd3aae8cba7bac5f2ca2a3eb779f29b0a7fb6cffc073f9c9d4f1a08c83ab9c76700"/359], 0x167}}, 0x0) syz_execute_func(&(0x7f0000000180)="f2af91930f0124eda133fa20430fbafce842f66188d0c0430fc7f314c1ab5be2f9660f3a0fae5e090000ba44d8d1b63ac4817d73d74ec482310d46f449f216c863fa43c4c2750ade1bdbae95c4e1a05d6b06aa420f383c02c401405c6bfd499768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5c") [ 64.919575] IPVS: ftp: loaded support on port[0] = 21 [ 64.958362] NET: Registered protocol family 30 [ 64.963007] Failed to register TIPC socket type 14:21:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000080)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 65.857048] chnl_net:caif_netlink_parms(): no params data found [ 65.903840] IPVS: ftp: loaded support on port[0] = 21 [ 65.973926] NET: Registered protocol family 30 [ 65.978591] Failed to register TIPC socket type [ 66.337956] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.413844] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.493466] device bridge_slave_0 entered promiscuous mode [ 66.578856] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.690552] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.855449] device bridge_slave_1 entered promiscuous mode [ 67.446735] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.767039] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.260241] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.485101] team0: Port device team_slave_0 added [ 68.762553] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.905504] team0: Port device team_slave_1 added [ 69.144920] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.417431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 70.080330] device hsr_slave_0 entered promiscuous mode [ 70.277220] device hsr_slave_1 entered promiscuous mode [ 70.526139] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 70.675971] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 70.996107] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.644957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.836323] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 72.075642] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 72.081939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.125009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.314959] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 72.321121] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.585645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 72.592787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.616595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.745085] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.751668] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.896760] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.994245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.002380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.066952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.115072] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.121487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.268301] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 73.354535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.435106] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 73.500109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.625151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 73.632194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.644811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.840790] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.913561] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.920947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.029300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.126468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 74.134400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.142180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.330019] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 74.378815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.434130] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.496831] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 74.503007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.689339] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 74.886914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.058633] audit: type=1400 audit(1559139678.941:38): avc: denied { associate } for pid=8108 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 14:21:22 executing program 0: r0 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) 14:21:23 executing program 0: r0 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) 14:21:24 executing program 0: r0 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) 14:21:24 executing program 0: r0 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) [ 81.149024] IPVS: ftp: loaded support on port[0] = 21 [ 81.180764] IPVS: ftp: loaded support on port[0] = 21 [ 81.191728] NET: Registered protocol family 30 [ 81.193678] cache_from_obj: Wrong slab cache. TIPC but object is from kmalloc-2048 [ 81.199304] Failed to register TIPC socket type [ 81.205164] WARNING: CPU: 0 PID: 9 at mm/slab.h:380 kmem_cache_free.cold+0x1c/0x23 [ 81.217654] Kernel panic - not syncing: panic_on_warn set ... [ 81.217654] [ 81.225335] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.46 #18 [ 81.231756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.241131] Call Trace: [ 81.243788] dump_stack+0x172/0x1f0 [ 81.247475] panic+0x263/0x507 [ 81.250695] ? __warn_printk+0xf3/0xf3 [ 81.254600] ? kmem_cache_free.cold+0x1c/0x23 [ 81.259137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.264710] ? __warn.cold+0x5/0x4a [ 81.268478] ? __warn+0xe8/0x1d0 [ 81.271883] ? kmem_cache_free.cold+0x1c/0x23 [ 81.276417] __warn.cold+0x20/0x4a [ 81.279968] ? kmem_cache_free.cold+0x1c/0x23 [ 81.284480] report_bug+0x263/0x2b0 [ 81.288127] do_error_trap+0x204/0x360 [ 81.292118] ? math_error+0x340/0x340 [ 81.295935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.301478] ? wake_up_klogd+0x99/0xd0 [ 81.305572] ? error_entry+0x76/0xd0 [ 81.309307] ? trace_hardirqs_off_caller+0x65/0x220 [ 81.314361] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 81.319329] do_invalid_op+0x1b/0x20 [ 81.323063] invalid_op+0x14/0x20 [ 81.326565] RIP: 0010:kmem_cache_free.cold+0x1c/0x23 [ 81.331678] Code: e8 25 8d 47 05 44 8b 6d c4 e9 74 a5 ff ff 48 8b 48 58 48 c7 c6 40 45 54 87 48 c7 c7 18 64 38 88 49 8b 54 24 58 e8 34 43 b4 ff <0f> 0b e9 89 df ff ff 49 8b 4f 58 48 c7 c6 40 45 54 87 48 c7 c7 18 [ 81.350709] RSP: 0018:ffff8880aa237ba8 EFLAGS: 00010286 [ 81.356100] RAX: 0000000000000046 RBX: ffff888080458c00 RCX: 0000000000000000 [ 81.363405] RDX: 0000000000000000 RSI: ffffffff81559e76 RDI: ffffed1015446f67 [ 81.370785] RBP: ffff8880aa237bc8 R08: 0000000000000046 R09: 0000000000000000 [ 81.378069] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808a245300 [ 81.385356] R13: 0000000000000000 R14: ffff88808a245300 R15: ffff888080458f10 [ 81.392676] ? vprintk_func+0x86/0x189 [ 81.396764] ? kmem_cache_free.cold+0x1c/0x23 [ 81.401312] __sk_destruct+0x4b4/0x6d0 [ 81.405330] ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0 [ 81.410723] sk_destruct+0x7b/0x90 [ 81.414283] __sk_free+0xce/0x300 [ 81.417763] sk_free+0x42/0x50 [ 81.421138] tipc_sk_callback+0x48/0x60 [ 81.425586] rcu_process_callbacks+0xba0/0x1a30 [ 81.430455] ? __rcu_read_unlock+0x170/0x170 [ 81.434880] ? sched_clock+0x2e/0x50 [ 81.438717] __do_softirq+0x25c/0x921 [ 81.442544] ? pci_mmcfg_check_reserved+0x170/0x170 [ 81.447592] ? takeover_tasklets+0x7b0/0x7b0 [ 81.452020] run_ksoftirqd+0x8e/0x110 [ 81.455883] smpboot_thread_fn+0x6a3/0xa30 [ 81.460146] ? sort_range+0x30/0x30 [ 81.463814] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 81.469371] ? __kthread_parkme+0xfb/0x1b0 [ 81.473636] kthread+0x354/0x420 [ 81.477038] ? sort_range+0x30/0x30 [ 81.480690] ? kthread_delayed_work_timer_fn+0x290/0x290 [ 81.486170] ret_from_fork+0x24/0x30 [ 81.491578] Kernel Offset: disabled [ 81.495356] Rebooting in 86400 seconds..