Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. 2019/06/03 19:07:45 fuzzer started [ 55.770494] audit: type=1400 audit(1559588865.639:36): avc: denied { map } for pid=7978 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/03 19:07:48 dialing manager at 10.128.0.105:46883 2019/06/03 19:07:48 syscalls: 2456 2019/06/03 19:07:48 code coverage: enabled 2019/06/03 19:07:48 comparison tracing: enabled 2019/06/03 19:07:48 extra coverage: extra coverage is not supported by the kernel 2019/06/03 19:07:48 setuid sandbox: enabled 2019/06/03 19:07:48 namespace sandbox: enabled 2019/06/03 19:07:48 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/03 19:07:48 fault injection: enabled 2019/06/03 19:07:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/03 19:07:48 net packet injection: enabled 2019/06/03 19:07:48 net device setup: enabled 19:07:52 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r1) close(r0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$FUSE_INTERRUPT(r1, &(0x7f0000000000)={0x10}, 0x10) write$cgroup_type(r1, &(0x7f0000000100)='threaded\x00', 0x116) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0xfffffffffffffd43, &(0x7f0000000340)=[{&(0x7f0000000400)=""/215, 0xd7}], 0x7}, 0x0) [ 62.610233] audit: type=1400 audit(1559588872.479:37): avc: denied { map } for pid=7996 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14944 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 62.740772] IPVS: ftp: loaded support on port[0] = 21 [ 62.750834] NET: Registered protocol family 30 [ 62.755763] Failed to register TIPC socket type 19:07:52 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0xffffffffffffffcf, &(0x7f00000000c0)}, 0x57) [ 62.995864] IPVS: ftp: loaded support on port[0] = 21 [ 63.026185] NET: Registered protocol family 30 [ 63.030915] Failed to register TIPC socket type 19:07:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_MAX_THREADS(r1, 0xc018620b, 0x0) [ 63.277184] IPVS: ftp: loaded support on port[0] = 21 [ 63.305882] NET: Registered protocol family 30 [ 63.310692] Failed to register TIPC socket type 19:07:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$SIOCAX25GETINFO(r1, 0x890b, 0x0) [ 64.469084] IPVS: ftp: loaded support on port[0] = 21 [ 64.486519] NET: Registered protocol family 30 [ 64.491155] Failed to register TIPC socket type 19:07:54 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, [], 0x0, 0xffffffffffffff9c}, 0x3c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)=""/1}, 0x18) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socketpair(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f9, &(0x7f0000000140)='sit0\x00') [ 65.090520] IPVS: ftp: loaded support on port[0] = 21 [ 65.200306] NET: Registered protocol family 30 [ 65.236930] chnl_net:caif_netlink_parms(): no params data found [ 65.308952] Failed to register TIPC socket type [ 65.624402] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.743408] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.825561] device bridge_slave_0 entered promiscuous mode [ 65.972988] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.321525] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.421549] device bridge_slave_1 entered promiscuous mode [ 66.905157] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.225263] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.717427] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 67.884054] team0: Port device team_slave_0 added [ 68.169985] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.272298] team0: Port device team_slave_1 added [ 68.430171] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 68.625357] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.137758] device hsr_slave_0 entered promiscuous mode [ 69.296567] device hsr_slave_1 entered promiscuous mode [ 69.583028] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 69.809215] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 70.065662] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.630767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.843240] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 71.018541] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 71.088002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.119851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.264230] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 71.331582] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.493237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.584619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.622912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.702117] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.709356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.902656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.909876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.923211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.012325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.086009] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.092548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.234625] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.307599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.388268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.451852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.554283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.636840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.647528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 19:08:02 executing program 5: r0 = socket$kcm(0x10, 0x800000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e000000130081c5e4050cecdb4cb9040a485e430e00000000fffffff08ef9000600b0ebb06ac40006001100f9ff", 0x2e}], 0x1}, 0x0) [ 73.293336] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 73.300535] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.347274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.742383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.200813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 74.402901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.410883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.957939] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 75.332012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.340249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.744122] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 76.091559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.397217] IPVS: ftp: loaded support on port[0] = 21 [ 76.555473] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 76.675658] NET: Registered protocol family 30 [ 76.680344] Failed to register TIPC socket type [ 77.224775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.667156] audit: type=1400 audit(1559588887.539:38): avc: denied { associate } for pid=7997 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 78.808814] IPVS: ftp: loaded support on port[0] = 21 [ 78.968623] IPVS: ftp: loaded support on port[0] = 21 [ 79.025681] NET: Registered protocol family 30 [ 79.030448] Failed to register TIPC socket type [ 79.094011] cache_from_obj: Wrong slab cache. TIPC but object is from kmalloc-2048 [ 79.102560] WARNING: CPU: 1 PID: 18 at mm/slab.h:380 kmem_cache_free.cold+0x1c/0x23 [ 79.110383] Kernel panic - not syncing: panic_on_warn set ... [ 79.110383] [ 79.118077] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.47 #19 [ 79.125397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.134921] Call Trace: [ 79.137561] dump_stack+0x172/0x1f0 [ 79.141393] panic+0x263/0x507 [ 79.144607] ? __warn_printk+0xf3/0xf3 [ 79.148524] ? kmem_cache_free.cold+0x1c/0x23 [ 79.153952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.159795] ? __warn.cold+0x5/0x4a [ 79.163548] ? __warn+0xe8/0x1d0 [ 79.166956] ? kmem_cache_free.cold+0x1c/0x23 [ 79.171482] __warn.cold+0x20/0x4a [ 79.175157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.180734] ? kmem_cache_free.cold+0x1c/0x23 [ 79.185275] report_bug+0x263/0x2b0 [ 79.189487] do_error_trap+0x204/0x360 [ 79.194555] ? math_error+0x340/0x340 [ 79.200086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.206021] ? wake_up_klogd+0x99/0xd0 [ 79.210034] ? error_entry+0x76/0xd0 [ 79.213785] ? trace_hardirqs_off_caller+0x65/0x220 [ 79.218930] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 79.223869] do_invalid_op+0x1b/0x20 [ 79.228505] invalid_op+0x14/0x20 [ 79.231987] RIP: 0010:kmem_cache_free.cold+0x1c/0x23 [ 79.237114] Code: e8 95 ab 47 05 44 8b 6d c4 e9 74 a5 ff ff 48 8b 48 58 48 c7 c6 c0 44 54 87 48 c7 c7 78 66 38 88 49 8b 54 24 58 e8 44 3d b4 ff <0f> 0b e9 89 df ff ff 49 8b 4f 58 48 c7 c6 c0 44 54 87 48 c7 c7 78 [ 79.256567] RSP: 0018:ffff8880aa2a7ba8 EFLAGS: 00010286 [ 79.262502] RAX: 0000000000000046 RBX: ffff8880a689cc00 RCX: 0000000000000000 [ 79.270050] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed1015454f67 [ 79.277354] RBP: ffff8880aa2a7bc8 R08: 0000000000000046 R09: ffffed1015d24fe9 [ 79.284666] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffff88809f0f7c40 [ 79.291965] R13: 0000000000000000 R14: ffff88809f0f7c40 R15: ffff8880a689cf10 [ 79.299290] ? vprintk_func+0x86/0x189 [ 79.303223] ? kmem_cache_free.cold+0x1c/0x23 [ 79.308033] __sk_destruct+0x4b4/0x6d0 [ 79.312490] ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0 [ 79.317900] sk_destruct+0x7b/0x90 [ 79.321477] __sk_free+0xce/0x300 [ 79.324979] sk_free+0x42/0x50 [ 79.328198] tipc_sk_callback+0x48/0x60 [ 79.332198] rcu_process_callbacks+0xba0/0x1a30 [ 79.336901] ? __rcu_read_unlock+0x170/0x170 [ 79.341351] ? sched_clock+0x2e/0x50 [ 79.345231] __do_softirq+0x25c/0x921 [ 79.349260] ? takeover_tasklets+0x7b0/0x7b0 [ 79.353711] run_ksoftirqd+0x8e/0x110 [ 79.358346] smpboot_thread_fn+0x6a3/0xa30 [ 79.363413] ? sort_range+0x30/0x30 [ 79.367076] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 79.372653] ? __kthread_parkme+0xfb/0x1b0 [ 79.376937] kthread+0x354/0x420 [ 79.380350] ? sort_range+0x30/0x30 [ 79.384371] ? kthread_delayed_work_timer_fn+0x290/0x290 [ 79.389888] ret_from_fork+0x24/0x30 [ 79.396776] Kernel Offset: disabled [ 79.402206] Rebooting in 86400 seconds..