Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts. 2019/06/04 05:13:25 fuzzer started [ 53.441037] audit: type=1400 audit(1559625205.909:36): avc: denied { map } for pid=7862 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 05:13:29 dialing manager at 10.128.0.105:38735 2019/06/04 05:13:29 syscalls: 2460 2019/06/04 05:13:29 code coverage: enabled 2019/06/04 05:13:29 comparison tracing: enabled 2019/06/04 05:13:29 extra coverage: extra coverage is not supported by the kernel 2019/06/04 05:13:29 setuid sandbox: enabled 2019/06/04 05:13:29 namespace sandbox: enabled 2019/06/04 05:13:29 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 05:13:29 fault injection: enabled 2019/06/04 05:13:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 05:13:29 net packet injection: enabled 2019/06/04 05:13:29 net device setup: enabled 05:13:32 executing program 0: openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) [ 59.848937] audit: type=1400 audit(1559625212.319:37): avc: denied { map } for pid=7879 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=68 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 59.973552] IPVS: ftp: loaded support on port[0] = 21 [ 59.983573] NET: Registered protocol family 30 [ 59.988457] Failed to register TIPC socket type 05:13:32 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)={0x5, 0x7, 0x6, 0x1ff, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x5}, 0x3c) [ 60.213701] IPVS: ftp: loaded support on port[0] = 21 [ 60.231054] NET: Registered protocol family 30 [ 60.235741] Failed to register TIPC socket type 05:13:32 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x4, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) [ 60.651070] IPVS: ftp: loaded support on port[0] = 21 [ 60.671549] NET: Registered protocol family 30 [ 60.676181] Failed to register TIPC socket type 05:13:33 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) ioctl$TIOCSTI(r1, 0x5412, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x8d5af}], 0x10000000000000db, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x848000, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f7673762f6e756c6c623000206d696d655f747970650a21fe6bea9c3413b337bd790bbeaf3fdc8f77e487a391e81fed25dec96e88b59a3655593605e7f9cb2f23d4"], 0x51) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x80, 0x0) [ 61.182471] IPVS: ftp: loaded support on port[0] = 21 [ 61.211461] NET: Registered protocol family 30 [ 61.216089] Failed to register TIPC socket type 05:13:33 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000015c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0}) [ 61.832299] IPVS: ftp: loaded support on port[0] = 21 [ 61.861331] NET: Registered protocol family 30 [ 61.865959] Failed to register TIPC socket type 05:13:34 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x1, 0x7, 0x8, 0x10000000005, 0x0, 0x1}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x2077fffb, 0x0, 0x10020000002, 0x0, 0x4000}, 0x2c) [ 62.473864] IPVS: ftp: loaded support on port[0] = 21 [ 62.510885] NET: Registered protocol family 30 [ 62.515521] Failed to register TIPC socket type [ 62.853801] chnl_net:caif_netlink_parms(): no params data found [ 63.289448] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.296323] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.377872] device bridge_slave_0 entered promiscuous mode [ 63.437476] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.443942] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.528254] device bridge_slave_1 entered promiscuous mode [ 63.961664] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 64.310583] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 64.984687] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 65.153695] team0: Port device team_slave_0 added [ 65.371208] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 65.549700] team0: Port device team_slave_1 added [ 65.862157] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 66.035690] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 66.541877] device hsr_slave_0 entered promiscuous mode [ 66.739054] device hsr_slave_1 entered promiscuous mode [ 66.952555] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 67.112076] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 67.389794] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 68.067772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.225497] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.419681] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.425948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.487966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.638381] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 68.644520] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.901415] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.006729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.014741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.129767] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.136866] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.338319] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.346364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.392814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.497067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.556720] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.563122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.699971] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 69.767739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.838049] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 69.844949] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.998594] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 70.087548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 70.108158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.217832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 70.270533] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.288655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 70.357587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.413963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 70.496900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 70.504675] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.604915] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 70.669176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 70.708056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.772493] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 70.856590] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.992163] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 71.138639] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.290748] audit: type=1400 audit(1559625223.759:38): avc: denied { associate } for pid=7880 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 75.018528] IPVS: ftp: loaded support on port[0] = 21 [ 75.388220] hrtimer: interrupt took 24877 ns [ 75.687213] NET: Registered protocol family 30 [ 75.914075] Failed to register TIPC socket type [ 76.302987] IPVS: ftp: loaded support on port[0] = 21 [ 76.650851] NET: Registered protocol family 30 [ 76.768787] Failed to register TIPC socket type [ 78.330827] IPVS: ftp: loaded support on port[0] = 21 [ 78.361163] NET: Registered protocol family 30 [ 78.365844] Failed to register TIPC socket type [ 78.471941] IPVS: ftp: loaded support on port[0] = 21 [ 78.510391] NET: Registered protocol family 30 [ 78.512830] IPVS: ftp: loaded support on port[0] = 21 [ 78.515027] Failed to register TIPC socket type [ 78.543806] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 78.561025] IPVS: ftp: loaded support on port[0] = 21 [ 78.568433] IPVS: ftp: loaded support on port[0] = 21 [ 78.579955] ------------[ cut here ]------------ [ 78.584743] kernel BUG at lib/list_debug.c:29! [ 78.589891] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 78.595280] CPU: 1 PID: 8539 Comm: syz-executor.4 Not tainted 4.19.47 #19 [ 78.602217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.611638] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 78.616840] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 78.635750] RSP: 0018:ffff88806e0a7b88 EFLAGS: 00010282 [ 78.641133] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 78.648415] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100dc14f63 [ 78.655706] RBP: ffff88806e0a7ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 78.663007] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 78.670289] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 78.677588] FS: 0000000000dd4940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 78.685937] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.692000] CR2: 0000000000a75e58 CR3: 000000006eab2000 CR4: 00000000001406e0 [ 78.699316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.706586] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.713859] Call Trace: [ 78.716486] ? mutex_lock_nested+0x16/0x20 [ 78.720740] proto_register+0x459/0x8e0 [ 78.724733] tipc_socket_init+0x1c/0x70 [ 78.728721] tipc_init_net+0x2ed/0x570 [ 78.732612] ? tipc_exit_net+0x40/0x40 [ 78.736507] ops_init+0xb3/0x410 [ 78.739877] setup_net+0x2d3/0x740 [ 78.743416] ? lock_acquire+0x16f/0x3f0 [ 78.747397] ? ops_init+0x410/0x410 [ 78.751035] copy_net_ns+0x1df/0x340 [ 78.754757] create_new_namespaces+0x400/0x7b0 [ 78.759345] unshare_nsproxy_namespaces+0xc2/0x200 [ 78.764284] ksys_unshare+0x440/0x980 [ 78.768351] ? walk_process_tree+0x2c0/0x2c0 [ 78.772772] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 78.777561] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.782933] ? do_syscall_64+0x26/0x620 [ 78.786911] ? lockdep_hardirqs_on+0x415/0x5d0 [ 78.791512] __x64_sys_unshare+0x31/0x40 [ 78.795587] do_syscall_64+0xfd/0x620 [ 78.799406] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.804690] RIP: 0033:0x45bd47 [ 78.807886] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.826980] RSP: 002b:00007ffc7bf1e008 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 78.834700] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 78.841971] RDX: 0000000000000000 RSI: 00007ffc7bf1dfb0 RDI: 0000000040000000 [ 78.849245] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 78.856712] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075c9a8 [ 78.863983] R13: 00007ffc7bf1e278 R14: 0000000000000000 R15: 0000000000000000 [ 78.871253] Modules linked in: [ 78.874919] ---[ end trace 4380708349e894f6 ]--- [ 78.879742] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 78.884938] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 78.904025] RSP: 0018:ffff88806e0a7b88 EFLAGS: 00010282 [ 78.909441] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 78.926434] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100dc14f63 [ 78.933733] RBP: ffff88806e0a7ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 78.947816] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 78.955131] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 78.963141] FS: 0000000000dd4940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 78.971455] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.977805] CR2: 0000000000a75e58 CR3: 000000006eab2000 CR4: 00000000001406f0 [ 78.985083] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.992983] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.000723] Kernel panic - not syncing: Fatal exception [ 79.007147] Kernel Offset: disabled [ 79.010804] Rebooting in 86400 seconds..