Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. 2019/06/04 01:04:16 fuzzer started syzkaller login: [ 50.612683] kauditd_printk_skb: 3 callbacks suppressed [ 50.612699] audit: type=1400 audit(1559610256.898:36): avc: denied { map } for pid=7729 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 01:04:20 dialing manager at 10.128.0.105:38735 2019/06/04 01:04:20 syscalls: 2460 2019/06/04 01:04:20 code coverage: enabled 2019/06/04 01:04:20 comparison tracing: enabled 2019/06/04 01:04:20 extra coverage: extra coverage is not supported by the kernel 2019/06/04 01:04:20 setuid sandbox: enabled 2019/06/04 01:04:20 namespace sandbox: enabled 2019/06/04 01:04:20 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 01:04:20 fault injection: enabled 2019/06/04 01:04:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 01:04:20 net packet injection: enabled 2019/06/04 01:04:20 net device setup: enabled 01:04:21 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000002c0), 0x15) [ 55.444702] audit: type=1400 audit(1559610261.728:37): avc: denied { map } for pid=7746 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14978 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 01:04:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&\xdbA\x1bn\xbcSv\x91->y\xfe\xfa\xfb/\x18g\x80y\xfe\x89\xab\x0e\xab\xac\b\'\xcd', 0x26e1, 0x0) close(r0) close(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)='W', 0x1}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x2) [ 55.569631] IPVS: ftp: loaded support on port[0] = 21 [ 55.579711] NET: Registered protocol family 30 [ 55.584673] Failed to register TIPC socket type [ 55.816259] IPVS: ftp: loaded support on port[0] = 21 [ 55.834761] NET: Registered protocol family 30 [ 55.839396] Failed to register TIPC socket type 01:04:22 executing program 2: r0 = socket(0x10, 0x20000000803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8993, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000100)=@ethtool_link_settings}) [ 56.092969] IPVS: ftp: loaded support on port[0] = 21 [ 56.104218] NET: Registered protocol family 30 [ 56.108843] Failed to register TIPC socket type 01:04:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x6, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f00000016c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0x0, r0, &(0x7f0000000080)="ca5bb0bf8c6b8f", 0x7}]) [ 56.579717] IPVS: ftp: loaded support on port[0] = 21 [ 56.606532] NET: Registered protocol family 30 [ 56.630461] Failed to register TIPC socket type 01:04:23 executing program 4: r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0) write$binfmt_script(r0, &(0x7f0000000000)={'#! ', './bus'}, 0x9) fallocate(r0, 0x20, 0x0, 0xffffffff000) [ 57.167003] IPVS: ftp: loaded support on port[0] = 21 [ 57.194515] NET: Registered protocol family 30 [ 57.199138] Failed to register TIPC socket type 01:04:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200001e4) r2 = memfd_create(&(0x7f0000000180)='dev ', 0x3) write(r2, &(0x7f00000011c0)="16", 0x1) sendfile(r1, r2, &(0x7f0000000000), 0xffff) clone(0x3502001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$addseals(r2, 0x409, 0x8) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, &(0x7f0000000200)) [ 57.775973] IPVS: ftp: loaded support on port[0] = 21 [ 57.804816] NET: Registered protocol family 30 [ 57.809444] Failed to register TIPC socket type [ 58.584870] chnl_net:caif_netlink_parms(): no params data found [ 59.244396] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.366106] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.451920] device bridge_slave_0 entered promiscuous mode [ 59.602963] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.609463] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.711913] device bridge_slave_1 entered promiscuous mode [ 60.211967] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.483175] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 61.023758] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 61.171854] team0: Port device team_slave_0 added [ 61.362158] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 61.461056] team0: Port device team_slave_1 added [ 61.628693] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 61.812880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 62.515611] device hsr_slave_0 entered promiscuous mode [ 62.703123] device hsr_slave_1 entered promiscuous mode [ 62.985711] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 63.143432] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 63.371552] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 63.972684] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.142032] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.332041] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.338323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.353792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.554332] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 64.610451] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.751644] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 64.759048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.793610] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.872122] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.879080] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.042384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 65.049832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.062073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.142313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.173223] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.179618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.286564] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 65.338877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.465415] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 65.546460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.603653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 65.700640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.708809] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.817584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 65.890721] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.898119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.977312] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.083322] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 66.093137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.152074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.217202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 66.293287] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.421175] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 66.427295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.501558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.530868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.641374] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 66.753098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.935448] audit: type=1400 audit(1559610273.218:38): avc: denied { associate } for pid=7747 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 01:04:34 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000002c0), 0x15) 01:04:35 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000002c0), 0x15) [ 69.331502] IPVS: ftp: loaded support on port[0] = 21 [ 69.340341] NET: Registered protocol family 30 [ 69.420480] Failed to register TIPC socket type 01:04:35 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000002c0), 0x15) [ 69.620956] IPVS: ftp: loaded support on port[0] = 21 [ 69.629618] IPVS: ftp: loaded support on port[0] = 21 [ 69.629846] NET: Registered protocol family 30 [ 69.652348] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 69.664815] ------------[ cut here ]------------ [ 69.669594] kernel BUG at lib/list_debug.c:29! [ 69.674786] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 69.676037] IPVS: ftp: loaded support on port[0] = 21 [ 69.680169] CPU: 0 PID: 8384 Comm: syz-executor.4 Not tainted 4.19.47 #19 [ 69.694119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.703577] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 69.708779] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 69.727692] RSP: 0018:ffff888072117b88 EFLAGS: 00010282 [ 69.733060] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 69.740327] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100e422f63 [ 69.747622] RBP: ffff888072117ba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 69.755218] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 69.762511] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 69.769869] FS: 000000000267d940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 69.778096] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.784003] CR2: ffffffffff600400 CR3: 000000006ef3f000 CR4: 00000000001406f0 [ 69.791271] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.798624] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.805889] Call Trace: [ 69.808482] ? mutex_lock_nested+0x16/0x20 [ 69.812725] proto_register+0x459/0x8e0 [ 69.816704] tipc_socket_init+0x1c/0x70 [ 69.820681] tipc_init_net+0x2ed/0x570 [ 69.824566] ? tipc_exit_net+0x40/0x40 [ 69.828455] ops_init+0xb3/0x410 [ 69.831826] setup_net+0x2d3/0x740 [ 69.835374] ? lock_acquire+0x16f/0x3f0 [ 69.839350] ? ops_init+0x410/0x410 [ 69.842986] copy_net_ns+0x1df/0x340 [ 69.846786] create_new_namespaces+0x400/0x7b0 [ 69.851740] unshare_nsproxy_namespaces+0xc2/0x200 [ 69.856675] ksys_unshare+0x440/0x980 [ 69.860428] Failed to register TIPC socket type [ 69.860479] ? walk_process_tree+0x2c0/0x2c0 [ 69.869531] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.874315] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.879681] ? do_syscall_64+0x26/0x620 [ 69.883660] ? lockdep_hardirqs_on+0x415/0x5d0 [ 69.888249] __x64_sys_unshare+0x31/0x40 [ 69.892321] do_syscall_64+0xfd/0x620 [ 69.896130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.901315] RIP: 0033:0x45bd47 [ 69.904512] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.923419] RSP: 002b:00007ffc937a7128 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 69.931131] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 69.938401] RDX: 0000000000000000 RSI: 00007ffc937a70d0 RDI: 0000000040000000 [ 69.947223] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 69.954792] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8 [ 69.962064] R13: 00007ffc937a7398 R14: 0000000000000000 R15: 0000000000000000 [ 69.969323] Modules linked in: 01:04:36 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000002c0), 0x15) 01:04:36 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000002c0), 0x15) [ 69.973628] ---[ end trace ae1c00e9a72d8a1a ]--- [ 69.978546] kobject: 'loop0' (00000000337936ac): kobject_uevent_env [ 69.978574] kobject: 'loop0' (00000000337936ac): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 69.995059] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 70.000667] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 70.017885] kobject: 'loop0' (00000000337936ac): kobject_uevent_env [ 70.020192] RSP: 0018:ffff888072117b88 EFLAGS: 00010282 [ 70.029266] kobject: 'loop0' (00000000337936ac): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 70.031469] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 70.031476] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100e422f63 [ 70.031484] RBP: ffff888072117ba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 70.031492] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 70.031499] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 70.031511] FS: 000000000267d940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 70.031519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.031526] CR2: ffffffffff600400 CR3: 000000006ef3f000 CR4: 00000000001406f0 [ 70.031536] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.031543] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.031551] Kernel panic - not syncing: Fatal exception [ 70.032930] Kernel Offset: disabled [ 70.123705] Rebooting in 86400 seconds..