Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2019/06/04 05:55:29 fuzzer started [ 59.107154] audit: type=1400 audit(1559627729.918:36): avc: denied { map } for pid=7935 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 05:55:32 dialing manager at 10.128.0.105:38735 2019/06/04 05:55:32 syscalls: 2460 2019/06/04 05:55:32 code coverage: enabled 2019/06/04 05:55:32 comparison tracing: enabled 2019/06/04 05:55:32 extra coverage: extra coverage is not supported by the kernel 2019/06/04 05:55:32 setuid sandbox: enabled 2019/06/04 05:55:32 namespace sandbox: enabled 2019/06/04 05:55:32 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 05:55:32 fault injection: enabled 2019/06/04 05:55:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 05:55:32 net packet injection: enabled 2019/06/04 05:55:32 net device setup: enabled 05:55:35 executing program 0: syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x7f000001, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) [ 65.026829] audit: type=1400 audit(1559627735.838:37): avc: denied { map } for pid=7953 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14992 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 65.123673] IPVS: ftp: loaded support on port[0] = 21 [ 65.134488] NET: Registered protocol family 30 [ 65.139120] Failed to register TIPC socket type 05:55:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000400)={[0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 65.387107] IPVS: ftp: loaded support on port[0] = 21 [ 65.396907] NET: Registered protocol family 30 [ 65.401818] Failed to register TIPC socket type 05:55:36 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000498000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00003c0fdc)={0x14}, 0x14}}, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 65.828507] IPVS: ftp: loaded support on port[0] = 21 [ 65.845848] NET: Registered protocol family 30 [ 65.860792] Failed to register TIPC socket type 05:55:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="230000004300817478d12876ca81410000000000080001000000000000000020000000", 0x23}], 0x1}, 0x0) [ 66.248441] IPVS: ftp: loaded support on port[0] = 21 [ 66.264942] NET: Registered protocol family 30 [ 66.269578] Failed to register TIPC socket type 05:55:37 executing program 4: syz_genetlink_get_family_id$SEG6(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='numa_maps\x00') readv(r0, &(0x7f0000000680)=[{&(0x7f00000003c0)=""/224, 0xe0}, {&(0x7f00000004c0)=""/26, 0x1a}, {&(0x7f0000000500)=""/146, 0x7fffef06}, {&(0x7f00000005c0)=""/141, 0x8d}], 0x4) [ 66.898960] IPVS: ftp: loaded support on port[0] = 21 [ 66.935194] NET: Registered protocol family 30 [ 66.939835] Failed to register TIPC socket type 05:55:38 executing program 5: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20}, 0x1c) listen(r0, 0x10001) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f0000012800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002b00)=[{0x10, 0x10d, 0x4}], 0x10}}], 0x1, 0x0) [ 67.629391] IPVS: ftp: loaded support on port[0] = 21 [ 67.667331] NET: Registered protocol family 30 [ 67.700568] Failed to register TIPC socket type [ 68.172703] chnl_net:caif_netlink_parms(): no params data found [ 68.602885] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.647383] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.715181] device bridge_slave_0 entered promiscuous mode [ 68.839984] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.985317] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.081682] device bridge_slave_1 entered promiscuous mode [ 69.543307] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.939853] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.683692] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.841754] team0: Port device team_slave_0 added [ 71.062154] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.069671] team0: Port device team_slave_1 added [ 71.352187] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.603194] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.216475] device hsr_slave_0 entered promiscuous mode [ 72.565931] device hsr_slave_1 entered promiscuous mode [ 72.745748] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 72.883184] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 73.203002] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.842997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.029676] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 74.262233] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 74.356433] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.382838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.506323] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 74.593812] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.805087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.875285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.892335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.002131] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.008808] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.202478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 75.311231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.318836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.427280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.492132] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.498595] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.673222] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 75.680214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.895410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 75.985569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.190588] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 76.261870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.270212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.391798] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.540184] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 76.690736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 76.698982] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.191291] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 77.561104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.569136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.115611] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 78.550794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.558730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.001295] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 79.007427] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.748208] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 80.335153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.857421] audit: type=1400 audit(1559627751.668:38): avc: denied { associate } for pid=7954 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 81.277119] IPVS: ftp: loaded support on port[0] = 21 [ 81.341181] IPVS: ftp: loaded support on port[0] = 21 [ 81.493856] NET: Registered protocol family 30 [ 81.498518] Failed to register TIPC socket type [ 81.528821] IPVS: ftp: loaded support on port[0] = 21 [ 81.540885] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 81.550746] ------------[ cut here ]------------ [ 81.555528] kernel BUG at lib/list_debug.c:29! [ 81.679828] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 81.685266] CPU: 0 PID: 8549 Comm: syz-executor.2 Not tainted 4.19.47 #19 [ 81.692217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.701609] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 81.706827] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 81.725750] RSP: 0018:ffff888083b2fb88 EFLAGS: 00010282 [ 81.731221] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 81.738505] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed1010765f63 [ 81.745801] RBP: ffff888083b2fba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 81.753110] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 81.760392] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 81.767693] FS: 0000000002188940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 81.775935] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.781863] CR2: 0000001b2cd20000 CR3: 0000000068bb1000 CR4: 00000000001406f0 [ 81.789148] Call Trace: [ 81.791773] ? mutex_lock_nested+0x16/0x20 [ 81.796052] proto_register+0x459/0x8e0 [ 81.800045] tipc_socket_init+0x1c/0x70 [ 81.804037] tipc_init_net+0x2ed/0x570 [ 81.807935] ? tipc_exit_net+0x40/0x40 [ 81.811840] ops_init+0xb3/0x410 [ 81.815220] setup_net+0x2d3/0x740 [ 81.818778] ? lock_acquire+0x16f/0x3f0 [ 81.822767] ? ops_init+0x410/0x410 [ 81.826409] copy_net_ns+0x1df/0x340 [ 81.830138] create_new_namespaces+0x400/0x7b0 [ 81.834741] unshare_nsproxy_namespaces+0xc2/0x200 [ 81.839690] ksys_unshare+0x440/0x980 [ 81.843511] ? walk_process_tree+0x2c0/0x2c0 [ 81.847945] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.852724] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.858105] ? do_syscall_64+0x26/0x620 [ 81.862097] ? lockdep_hardirqs_on+0x415/0x5d0 [ 81.866698] __x64_sys_unshare+0x31/0x40 [ 81.870777] do_syscall_64+0xfd/0x620 [ 81.874587] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.879785] RIP: 0033:0x45bd47 [ 81.882983] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.901900] RSP: 002b:00007fffc79a0338 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 81.909651] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 81.916942] RDX: 0000000000000000 RSI: 00007fffc79a02e0 RDI: 0000000040000000 05:55:52 executing program 0: syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x7f000001, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) [ 81.924230] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 81.931511] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075c9a8 [ 81.938795] R13: 00007fffc79a05a8 R14: 0000000000000000 R15: 0000000000000000 [ 81.946082] Modules linked in: [ 81.957538] kobject: 'loop0' (00000000f9c47db7): kobject_uevent_env [ 81.991000] kobject: 'loop0' (00000000f9c47db7): fill_kobj_path: path = '/devices/virtual/block/loop0' 05:55:53 executing program 0: syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x7f000001, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) [ 82.266540] kobject: 'loop0' (00000000f9c47db7): kobject_uevent_env [ 82.282408] kobject: 'loop0' (00000000f9c47db7): fill_kobj_path: path = '/devices/virtual/block/loop0' 05:55:53 executing program 0: syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x7f000001, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) [ 82.383802] kobject: 'loop0' (00000000f9c47db7): kobject_uevent_env [ 82.390331] kobject: 'loop0' (00000000f9c47db7): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 82.395168] ---[ end trace fce8c6720c8bd533 ]--- [ 82.405241] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 82.410472] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 82.439099] RSP: 0018:ffff888083b2fb88 EFLAGS: 00010282 [ 82.459062] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 82.464840] kobject: 'loop0' (00000000f9c47db7): kobject_uevent_env [ 82.467755] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed1010765f63 05:55:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x34, 0x20000000000036, 0x11d, 0x0, 0x0, {0x3}, [@nested={0x20, 0x0, [@typed={0x1c, 0x1, @binary="9262e42416716e41471a65aafaee860b0ba7f69233"}]}]}, 0x34}}, 0x0) [ 82.481053] kobject: 'loop0' (00000000f9c47db7): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 82.499928] RBP: ffff888083b2fba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 82.508875] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 82.520289] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 82.527819] audit: type=1400 audit(1559627753.328:39): avc: denied { create } for pid=8611 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 82.531804] netlink: zone id is out of range [ 82.552864] audit: type=1400 audit(1559627753.348:40): avc: denied { write } for pid=8611 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 82.557186] netlink: zone id is out of range [ 82.581422] FS: 0000000002188940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 82.593832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 82.599737] CR2: ffffffffff600400 CR3: 0000000068bb1000 CR4: 00000000001406e0 [ 82.607405] Kernel panic - not syncing: Fatal exception [ 82.613779] Kernel Offset: disabled [ 82.617423] Rebooting in 86400 seconds..