Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts. 2019/06/03 17:44:34 fuzzer started [ 49.583405] kauditd_printk_skb: 3 callbacks suppressed [ 49.583419] audit: type=1400 audit(1559583873.975:36): avc: denied { map } for pid=7641 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/03 17:44:37 dialing manager at 10.128.0.105:46883 2019/06/03 17:44:37 syscalls: 2456 2019/06/03 17:44:37 code coverage: enabled 2019/06/03 17:44:37 comparison tracing: enabled 2019/06/03 17:44:37 extra coverage: extra coverage is not supported by the kernel 2019/06/03 17:44:37 setuid sandbox: enabled 2019/06/03 17:44:37 namespace sandbox: enabled 2019/06/03 17:44:37 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/03 17:44:37 fault injection: enabled 2019/06/03 17:44:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/03 17:44:37 net packet injection: enabled 2019/06/03 17:44:37 net device setup: enabled 17:44:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x33c) [ 56.706305] audit: type=1400 audit(1559583881.095:37): avc: denied { map } for pid=7658 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14959 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 56.831089] IPVS: ftp: loaded support on port[0] = 21 [ 56.841747] NET: Registered protocol family 30 [ 56.846375] Failed to register TIPC socket type 17:44:41 executing program 1: r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000140)="2400000019002551075c0165ff0ffc041d235adaffd18b0507e1000c0800060000000000", 0x24) [ 56.998719] IPVS: ftp: loaded support on port[0] = 21 [ 57.008098] NET: Registered protocol family 30 [ 57.013487] Failed to register TIPC socket type 17:44:41 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) [ 57.482722] IPVS: ftp: loaded support on port[0] = 21 [ 57.492482] NET: Registered protocol family 30 [ 57.497107] Failed to register TIPC socket type 17:44:42 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000000)) [ 57.969328] IPVS: ftp: loaded support on port[0] = 21 [ 58.014184] NET: Registered protocol family 30 [ 58.018809] Failed to register TIPC socket type 17:44:42 executing program 4: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="240000000a0607031dfffd946fa2830020200a0009000100061d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) [ 58.527599] IPVS: ftp: loaded support on port[0] = 21 [ 58.555332] NET: Registered protocol family 30 [ 58.579825] Failed to register TIPC socket type 17:44:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x201, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0xf7}}, 0x0) r1 = dup2(r0, r0) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x332) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)) fstat(r0, &(0x7f00000006c0)) r3 = syz_open_pts(r0, 0x0) readv(r3, &(0x7f0000000440), 0x2000000000000283) [ 59.087670] IPVS: ftp: loaded support on port[0] = 21 [ 59.103997] NET: Registered protocol family 30 [ 59.108620] Failed to register TIPC socket type [ 59.621995] chnl_net:caif_netlink_parms(): no params data found [ 60.002677] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.040904] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.109999] device bridge_slave_0 entered promiscuous mode [ 60.171238] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.221453] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.269956] device bridge_slave_1 entered promiscuous mode [ 60.550711] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.868096] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 61.541488] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 61.670405] team0: Port device team_slave_0 added [ 61.845814] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 62.050804] team0: Port device team_slave_1 added [ 62.207714] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 62.649709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 63.412356] device hsr_slave_0 entered promiscuous mode [ 63.725269] device hsr_slave_1 entered promiscuous mode [ 63.933806] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 64.222572] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 64.525484] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.156448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.405854] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 65.572098] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 65.620056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.629146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.692228] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 65.789896] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.818442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 65.989969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.998407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.104226] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.110914] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.205556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 66.291838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.299220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.413862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.490297] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.496726] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.631918] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 66.661162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.772104] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 66.779454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.946468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 67.020964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.029075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.118120] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 67.190063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.197524] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.251882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.362768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 67.381531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 67.421429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.487104] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 67.620982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.629651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.790768] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 67.975678] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.122877] audit: type=1400 audit(1559583892.515:38): avc: denied { associate } for pid=7659 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 69.364385] hrtimer: interrupt took 35242 ns [ 71.188816] IPVS: ftp: loaded support on port[0] = 21 [ 71.452270] NET: Registered protocol family 30 [ 71.456920] Failed to register TIPC socket type 17:44:56 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x33c) 17:44:56 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x33c) [ 72.037351] IPVS: ftp: loaded support on port[0] = 21 [ 72.047903] NET: Registered protocol family 30 [ 72.049830] cache_from_obj: Wrong slab cache. TIPC but object is from kmalloc-2048 [ 72.053064] Failed to register TIPC socket type [ 72.060727] WARNING: CPU: 0 PID: 8256 at mm/slab.h:380 kmem_cache_free.cold+0x1c/0x23 [ 72.073296] Kernel panic - not syncing: panic_on_warn set ... [ 72.073296] [ 72.080657] CPU: 0 PID: 8256 Comm: syz-executor.1 Not tainted 4.19.47 #19 [ 72.087578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.096916] Call Trace: [ 72.099485] [ 72.101636] dump_stack+0x172/0x1f0 [ 72.105257] panic+0x263/0x507 [ 72.108441] ? __warn_printk+0xf3/0xf3 [ 72.112323] ? kmem_cache_free.cold+0x1c/0x23 [ 72.116809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 72.122348] ? __warn.cold+0x5/0x4a [ 72.125964] ? __warn+0xe8/0x1d0 [ 72.129318] ? kmem_cache_free.cold+0x1c/0x23 [ 72.133801] __warn.cold+0x20/0x4a [ 72.137331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 72.142855] ? kmem_cache_free.cold+0x1c/0x23 [ 72.147341] report_bug+0x263/0x2b0 [ 72.150963] do_error_trap+0x204/0x360 [ 72.154840] ? math_error+0x340/0x340 [ 72.158626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 72.164166] ? wake_up_klogd+0x99/0xd0 [ 72.168088] ? error_entry+0x76/0xd0 [ 72.171795] ? trace_hardirqs_off_caller+0x65/0x220 [ 72.176802] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 72.181636] do_invalid_op+0x1b/0x20 [ 72.185337] invalid_op+0x14/0x20 [ 72.188777] RIP: 0010:kmem_cache_free.cold+0x1c/0x23 [ 72.193959] Code: e8 95 ab 47 05 44 8b 6d c4 e9 74 a5 ff ff 48 8b 48 58 48 c7 c6 c0 44 54 87 48 c7 c7 78 66 38 88 49 8b 54 24 58 e8 44 3d b4 ff <0f> 0b e9 89 df ff ff 49 8b 4f 58 48 c7 c6 c0 44 54 87 48 c7 c7 78 [ 72.213023] RSP: 0000:ffff8880ae807cf8 EFLAGS: 00010286 [ 72.218422] RAX: 0000000000000046 RBX: ffff88806dd7ac00 RCX: 0000000000000000 [ 72.225680] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed1015d00f91 [ 72.232953] RBP: ffff8880ae807d18 R08: 0000000000000046 R09: ffffed1015d04fe9 [ 72.240214] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffff8880971f6900 [ 72.247470] R13: 0000000000000000 R14: ffff8880971f6900 R15: ffff88806dd7af10 [ 72.254748] ? vprintk_func+0x86/0x189 [ 72.258627] ? kmem_cache_free.cold+0x1c/0x23 [ 72.263115] __sk_destruct+0x4b4/0x6d0 [ 72.267010] ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0 [ 72.272365] sk_destruct+0x7b/0x90 [ 72.275902] __sk_free+0xce/0x300 [ 72.279350] sk_free+0x42/0x50 [ 72.282535] tipc_sk_callback+0x48/0x60 [ 72.286502] rcu_process_callbacks+0xba0/0x1a30 [ 72.291167] ? __rcu_read_unlock+0x170/0x170 [ 72.295564] ? __lock_is_held+0xb6/0x140 [ 72.299645] __do_softirq+0x25c/0x921 [ 72.303446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 72.308977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 72.314514] irq_exit+0x180/0x1d0 [ 72.317964] smp_apic_timer_interrupt+0x13b/0x550 [ 72.322810] apic_timer_interrupt+0xf/0x20 [ 72.327037] [ 72.329267] RIP: 0010:lock_release+0x47a/0xa30 [ 72.333841] Code: 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 a7 03 00 00 48 83 3d 6d d8 1f 07 00 0f 84 65 02 00 00 48 8b bd 68 ff ff ff 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 c7 04 03 00 00 00 [ 72.353089] RSP: 0000:ffff888070147af0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 72.360788] RAX: 1ffffffff10e46c9 RBX: 1ffff1100e028f64 RCX: 1ffff11013e20d26 [ 72.368045] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000282 [ 72.375304] RBP: ffff888070147ba8 R08: ffff88809f1060c0 R09: 0000000000000001 [ 72.382564] R10: ffffed1015d04732 R11: ffff8880ae823993 R12: ffff88809f1060c0 [ 72.389823] R13: ffffffff85c8ab6c R14: 0000000000000003 R15: ffff888070147b80 [ 72.397115] ? inet_twsk_purge+0x3ec/0x5f0 [ 72.401352] ? lock_downgrade+0x810/0x810 [ 72.405511] ? kasan_check_read+0x11/0x20 [ 72.409656] inet_twsk_purge+0x413/0x5f0 [ 72.413720] ? dccp_v6_send_check+0x3f0/0x3f0 [ 72.418206] ? dccp_v6_exit_batch+0x20/0x20 [ 72.422529] dccp_v6_exit_batch+0x1a/0x20 [ 72.426668] ops_exit_list.isra.0+0xfc/0x150 [ 72.431080] setup_net+0x400/0x740 [ 72.434612] ? ops_init+0x410/0x410 [ 72.438234] copy_net_ns+0x1df/0x340 [ 72.441940] create_new_namespaces+0x400/0x7b0 [ 72.446532] unshare_nsproxy_namespaces+0xc2/0x200 [ 72.451473] ksys_unshare+0x440/0x980 [ 72.455262] ? walk_process_tree+0x2c0/0x2c0 [ 72.459665] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 72.464415] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.469786] ? do_syscall_64+0x26/0x620 [ 72.473752] ? lockdep_hardirqs_on+0x415/0x5d0 [ 72.478325] __x64_sys_unshare+0x31/0x40 [ 72.482735] do_syscall_64+0xfd/0x620 [ 72.486531] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.491814] RIP: 0033:0x45bd47 [ 72.494999] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.514410] RSP: 002b:00007ffce96f7438 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 72.522138] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 72.529400] RDX: 0000000000000000 RSI: 00007ffce96f73e0 RDI: 0000000040000000 [ 72.536656] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 72.544009] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075c9a8 [ 72.551443] R13: 00007ffce96f76a8 R14: 0000000000000000 R15: 0000000000000000 [ 72.560521] Kernel Offset: disabled [ 72.564243] Rebooting in 86400 seconds..