Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. 2019/06/04 06:28:31 fuzzer started [ 67.645385] audit: type=1400 audit(1559629710.990:36): avc: denied { map } for pid=7971 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 06:28:33 dialing manager at 10.128.0.105:38735 2019/06/04 06:28:33 syscalls: 2460 2019/06/04 06:28:33 code coverage: enabled 2019/06/04 06:28:33 comparison tracing: enabled 2019/06/04 06:28:33 extra coverage: extra coverage is not supported by the kernel 2019/06/04 06:28:33 setuid sandbox: enabled 2019/06/04 06:28:33 namespace sandbox: enabled 2019/06/04 06:28:33 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 06:28:33 fault injection: enabled 2019/06/04 06:28:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 06:28:33 net packet injection: enabled 2019/06/04 06:28:33 net device setup: enabled 06:28:36 executing program 0: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="24000000100007031dfffd946ff20c0020200a0009000100231d8568261baba20400ff7e", 0x24}], 0x1}, 0x0) [ 73.270097] audit: type=1400 audit(1559629716.610:37): avc: denied { map } for pid=7989 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1112 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 73.388471] IPVS: ftp: loaded support on port[0] = 21 [ 73.398345] NET: Registered protocol family 30 [ 73.402952] Failed to register TIPC socket type 06:28:36 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x10000004}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x523, 0x0) recvmmsg(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdeb}}], 0x3fffffffffffd33, 0x0, 0x0) [ 73.664175] IPVS: ftp: loaded support on port[0] = 21 06:28:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000180)={0x80000000003, 0x2000000980915, 0x3}) [ 73.693626] NET: Registered protocol family 30 [ 73.698258] Failed to register TIPC socket type [ 73.890461] IPVS: ftp: loaded support on port[0] = 21 [ 73.917309] NET: Registered protocol family 30 [ 73.921919] Failed to register TIPC socket type 06:28:37 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') [ 74.488786] IPVS: ftp: loaded support on port[0] = 21 [ 74.507450] NET: Registered protocol family 30 [ 74.512078] Failed to register TIPC socket type 06:28:38 executing program 4: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f0300fe01b2a4a280930a050001000000005d000000390002002d005000060000001900054003000000000022dc1338d54400009b84136ef75afb83de4411000500c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) [ 75.056019] IPVS: ftp: loaded support on port[0] = 21 [ 75.086405] NET: Registered protocol family 30 [ 75.091031] Failed to register TIPC socket type [ 76.321099] chnl_net:caif_netlink_parms(): no params data found [ 76.754823] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.761490] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.826737] device bridge_slave_0 entered promiscuous mode [ 76.886066] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.892507] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.965070] device bridge_slave_1 entered promiscuous mode [ 77.447393] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 77.740609] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 78.275845] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 78.324120] team0: Port device team_slave_0 added [ 78.565658] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 78.704990] team0: Port device team_slave_1 added [ 79.029061] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 79.233501] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 79.928800] device hsr_slave_0 entered promiscuous mode [ 80.075653] device hsr_slave_1 entered promiscuous mode [ 80.315864] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 80.499916] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 80.775192] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 81.428586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.624231] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 81.763745] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 81.769987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.797259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.892875] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 82.054146] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.214670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 82.221796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.253582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.333349] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.339982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.497740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.593170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.625760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.724628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.793340] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.799742] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.891469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.980014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 06:28:46 executing program 5: r0 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000240)=@ccm_128={{}, "568395463487b059", "6ecd44e0c44c4d3f91e79a5a4c926fb0", "25feb8c4", "8a57a638ce64f1b6"}, 0x28) [ 84.218463] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 84.606029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.952421] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 85.277737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.333899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.584686] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 85.961817] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 86.049719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.350822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.651040] IPVS: ftp: loaded support on port[0] = 21 [ 86.703621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 86.902835] NET: Registered protocol family 30 [ 86.949437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 87.009878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 87.212825] Failed to register TIPC socket type [ 87.329478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 87.573167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 87.581502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.893675] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 87.900341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 88.238369] IPVS: ftp: loaded support on port[0] = 21 [ 88.250714] IPVS: ftp: loaded support on port[0] = 21 [ 88.386873] NET: Registered protocol family 30 [ 88.391880] Failed to register TIPC socket type [ 88.435644] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 88.480229] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 88.678811] ------------[ cut here ]------------ [ 88.683639] kernel BUG at lib/list_debug.c:29! [ 88.705284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.783045] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 88.788763] CPU: 1 PID: 8532 Comm: syz-executor.1 Not tainted 4.19.47 #19 [ 88.795709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.805522] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 88.810741] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 88.830414] RSP: 0018:ffff888068ee7b88 EFLAGS: 00010282 [ 88.834673] kobject: 'bpq28' (00000000a105d7cb): kobject_add_internal: parent: 'net', set: 'devices' [ 88.835950] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 88.853213] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100d1dcf63 [ 88.860837] RBP: ffff888068ee7ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 88.868428] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 88.876131] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 88.883570] FS: 0000000000ada940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 88.891831] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.898007] CR2: ffffffffff600400 CR3: 000000006cb5b000 CR4: 00000000001406e0 [ 88.905455] Call Trace: [ 88.908158] ? mutex_lock_nested+0x16/0x20 [ 88.912538] proto_register+0x459/0x8e0 [ 88.916631] tipc_socket_init+0x1c/0x70 [ 88.920839] tipc_init_net+0x2ed/0x570 [ 88.924853] ? tipc_exit_net+0x40/0x40 [ 88.929271] ops_init+0xb3/0x410 [ 88.932670] setup_net+0x2d3/0x740 [ 88.936337] ? lock_acquire+0x16f/0x3f0 [ 88.940429] ? ops_init+0x410/0x410 [ 88.943889] kobject: 'bpq28' (00000000a105d7cb): kobject_uevent_env [ 88.944363] copy_net_ns+0x1df/0x340 [ 88.950921] kobject: 'bpq28' (00000000a105d7cb): fill_kobj_path: path = '/devices/virtual/net/bpq28' [ 88.954711] create_new_namespaces+0x400/0x7b0 [ 88.954727] unshare_nsproxy_namespaces+0xc2/0x200 [ 88.954743] ksys_unshare+0x440/0x980 [ 88.954760] ? walk_process_tree+0x2c0/0x2c0 [ 88.982447] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 88.987249] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.992640] ? do_syscall_64+0x26/0x620 [ 88.996645] ? lockdep_hardirqs_on+0x415/0x5d0 [ 89.001256] __x64_sys_unshare+0x31/0x40 [ 89.005644] do_syscall_64+0xfd/0x620 [ 89.009478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 89.014693] RIP: 0033:0x45bd47 [ 89.018014] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 89.037432] RSP: 002b:00007ffd0c217cb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 89.045171] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 89.052470] RDX: 0000000000000000 RSI: 00007ffd0c217c60 RDI: 0000000040000000 [ 89.060040] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 89.067619] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8 [ 89.074919] R13: 00007ffd0c217f28 R14: 0000000000000000 R15: 0000000000000000 [ 89.077263] kobject: 'queues' (00000000ba46e007): kobject_add_internal: parent: 'bpq28', set: '' [ 89.082453] Modules linked in: [ 89.301959] kobject: 'queues' (00000000ba46e007): kobject_uevent_env [ 89.383025] kobject: 'queues' (00000000ba46e007): kobject_uevent_env: filter function caused the event to drop! [ 89.553126] kobject: 'rx-0' (000000008d374650): kobject_add_internal: parent: 'queues', set: 'queues' [ 89.620687] kobject: 'rx-0' (000000008d374650): kobject_uevent_env [ 89.654403] kobject: 'rx-0' (000000008d374650): fill_kobj_path: path = '/devices/virtual/net/bpq28/queues/rx-0' [ 89.694560] kobject: 'tx-0' (00000000a039a49d): kobject_add_internal: parent: 'queues', set: 'queues' [ 89.733861] kobject: 'tx-0' (00000000a039a49d): kobject_uevent_env [ 89.740612] kobject: 'tx-0' (00000000a039a49d): fill_kobj_path: path = '/devices/virtual/net/bpq28/queues/tx-0' [ 89.795248] kobject: 'lapb28' (000000009aa91642): kobject_add_internal: parent: 'net', set: 'devices' [ 89.833952] kobject: 'lapb28' (000000009aa91642): kobject_uevent_env [ 89.855566] kobject: 'lapb28' (000000009aa91642): fill_kobj_path: path = '/devices/virtual/net/lapb28' [ 89.875710] ---[ end trace 68fa31c46d55b0f8 ]--- [ 89.880778] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 89.886362] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 89.897285] kobject: 'queues' (00000000e8703bd8): kobject_add_internal: parent: 'lapb28', set: '' [ 89.922819] RSP: 0018:ffff888068ee7b88 EFLAGS: 00010282 [ 89.942456] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 89.954163] kobject: 'queues' (00000000e8703bd8): kobject_uevent_env [ 89.960833] kobject: 'queues' (00000000e8703bd8): kobject_uevent_env: filter function caused the event to drop! [ 89.973049] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100d1dcf63 [ 89.980815] RBP: ffff888068ee7ba0 R08: 0000000000000058 R09: ffffed1015d24fe9 [ 89.988841] kobject: 'rx-0' (00000000a441c9cf): kobject_add_internal: parent: 'queues', set: 'queues' [ 90.003053] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630 [ 90.010629] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 90.013088] kobject: 'rx-0' (00000000a441c9cf): kobject_uevent_env [ 90.023053] FS: 0000000000ada940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 90.033073] kobject: 'rx-0' (00000000a441c9cf): fill_kobj_path: path = '/devices/virtual/net/lapb28/queues/rx-0' [ 90.043038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.049633] CR2: 000000000171d008 CR3: 000000006cb5b000 CR4: 00000000001406e0 [ 90.053122] kobject: 'tx-0' (000000000a507241): kobject_add_internal: parent: 'queues', set: 'queues' [ 90.066326] Kernel panic - not syncing: Fatal exception [ 90.073184] Kernel Offset: disabled [ 90.077116] Rebooting in 86400 seconds..