Warning: Permanently added '10.128.1.32' (ECDSA) to the list of known hosts. 2019/06/04 04:45:19 fuzzer started syzkaller login: [ 47.511216] kauditd_printk_skb: 5 callbacks suppressed [ 47.511231] audit: type=1400 audit(1559623519.879:36): avc: denied { map } for pid=7682 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 04:45:22 dialing manager at 10.128.0.105:38735 2019/06/04 04:45:22 syscalls: 2460 2019/06/04 04:45:22 code coverage: enabled 2019/06/04 04:45:22 comparison tracing: enabled 2019/06/04 04:45:22 extra coverage: extra coverage is not supported by the kernel 2019/06/04 04:45:22 setuid sandbox: enabled 2019/06/04 04:45:22 namespace sandbox: enabled 2019/06/04 04:45:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 04:45:22 fault injection: enabled 2019/06/04 04:45:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 04:45:22 net packet injection: enabled 2019/06/04 04:45:22 net device setup: enabled 04:45:25 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000180)={'bond0\x00@@\xea\xff\xff\x80\x00\x00\x02\x00', @ifru_names='bond_slave_1\x00'}) [ 53.277769] audit: type=1400 audit(1559623525.649:37): avc: denied { map } for pid=7700 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14968 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 53.397904] IPVS: ftp: loaded support on port[0] = 21 [ 53.409460] NET: Registered protocol family 30 [ 53.414541] Failed to register TIPC socket type 04:45:25 executing program 1: r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000100)=@bpq0='bpq0\x00', 0x10) [ 53.563163] IPVS: ftp: loaded support on port[0] = 21 [ 53.572705] NET: Registered protocol family 30 [ 53.586951] Failed to register TIPC socket type 04:45:26 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000000)=0x5, 0x4) setsockopt$inet6_tcp_buf(r1, 0x6, 0x0, &(0x7f00000000c0)="2a446ae4", 0x4) [ 53.879292] IPVS: ftp: loaded support on port[0] = 21 [ 53.899137] NET: Registered protocol family 30 [ 53.903872] Failed to register TIPC socket type 04:45:26 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000300)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x10fffe) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000100)={0x0, r1}) [ 54.419417] IPVS: ftp: loaded support on port[0] = 21 [ 54.448992] NET: Registered protocol family 30 [ 54.453637] Failed to register TIPC socket type 04:45:27 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "b14324d29fbb28382adac22cd56ca76e815d77"}) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r2 = syz_open_pts(r0, 0x20201) write(r2, &(0x7f00000002c0)="94", 0x1) [ 54.927354] IPVS: ftp: loaded support on port[0] = 21 [ 54.958761] NET: Registered protocol family 30 [ 54.963405] Failed to register TIPC socket type 04:45:27 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000480)={0x5, 0x10, 0xfa00, {0x0}}, 0x18) [ 55.599261] IPVS: ftp: loaded support on port[0] = 21 [ 55.638939] NET: Registered protocol family 30 [ 55.643581] Failed to register TIPC socket type [ 56.373283] chnl_net:caif_netlink_parms(): no params data found [ 56.724712] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.823601] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.938766] device bridge_slave_0 entered promiscuous mode [ 57.059395] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.065973] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.173381] device bridge_slave_1 entered promiscuous mode [ 57.612759] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.914258] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.409090] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.573203] team0: Port device team_slave_0 added [ 58.731793] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.857624] team0: Port device team_slave_1 added [ 59.053477] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.249034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.684785] device hsr_slave_0 entered promiscuous mode [ 59.858446] device hsr_slave_1 entered promiscuous mode [ 60.001987] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 60.174175] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 60.402936] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.097918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.257778] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.408287] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.414613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.441005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.550172] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 61.556321] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.829381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 61.836518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.848472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.958031] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.964598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.122277] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.214654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.223008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.327699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.395512] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.402068] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.547251] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 62.588284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.674156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 62.756947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.874019] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 62.972930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.993559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.103284] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 63.216946] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.224321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.319440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.460051] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 63.548273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.557654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.678195] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 63.773500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.797283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.940820] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 64.056783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.251422] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 64.478798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.762576] audit: type=1400 audit(1559623537.129:38): avc: denied { associate } for pid=7701 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 04:45:39 executing program 0: move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x400006) 04:45:39 executing program 0: move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x400006) 04:45:40 executing program 0: move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x400006) 04:45:41 executing program 0: move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x400006) 04:45:41 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000040)={0x7}) 04:45:41 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000040)={0x7}) 04:45:41 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000040)={0x7}) [ 69.111347] IPVS: ftp: loaded support on port[0] = 21 [ 69.129173] NET: Registered protocol family 30 [ 69.137274] Failed to register TIPC socket type [ 69.360445] IPVS: ftp: loaded support on port[0] = 21 [ 69.379885] IPVS: ftp: loaded support on port[0] = 21 [ 69.386757] IPVS: ftp: loaded support on port[0] = 21 [ 69.395739] NET: Registered protocol family 30 [ 69.407842] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 69.418992] ------------[ cut here ]------------ [ 69.423756] kernel BUG at lib/list_debug.c:29! [ 69.426645] Failed to register TIPC socket type [ 69.429421] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 69.438618] CPU: 0 PID: 8367 Comm: syz-executor.1 Not tainted 4.19.47 #19 [ 69.445550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.454919] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 69.460125] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 69.479129] RSP: 0018:ffff88806d10fb88 EFLAGS: 00010282 [ 69.484491] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 69.492283] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100da21f63 [ 69.499549] RBP: ffff88806d10fba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 69.506820] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 69.514082] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 69.521349] FS: 0000000002840940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 69.529661] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.535540] CR2: 0000000000a75e58 CR3: 0000000072e3d000 CR4: 00000000001406f0 [ 69.542811] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.550422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.557686] Call Trace: [ 69.560278] ? mutex_lock_nested+0x16/0x20 [ 69.564520] proto_register+0x459/0x8e0 [ 69.568506] tipc_socket_init+0x1c/0x70 [ 69.572494] tipc_init_net+0x2ed/0x570 [ 69.576464] ? tipc_exit_net+0x40/0x40 [ 69.580452] ops_init+0xb3/0x410 [ 69.583814] setup_net+0x2d3/0x740 [ 69.587352] ? lock_acquire+0x16f/0x3f0 [ 69.591352] ? ops_init+0x410/0x410 [ 69.594979] copy_net_ns+0x1df/0x340 [ 69.598693] create_new_namespaces+0x400/0x7b0 [ 69.603277] unshare_nsproxy_namespaces+0xc2/0x200 [ 69.608464] ksys_unshare+0x440/0x980 [ 69.612264] ? walk_process_tree+0x2c0/0x2c0 [ 69.616674] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.621432] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.626801] ? do_syscall_64+0x26/0x620 [ 69.630775] ? lockdep_hardirqs_on+0x415/0x5d0 [ 69.635359] __x64_sys_unshare+0x31/0x40 [ 69.639422] do_syscall_64+0xfd/0x620 [ 69.643207] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.648527] RIP: 0033:0x45bd47 [ 69.651703] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.670678] RSP: 002b:00007ffde9fa0c48 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 69.678372] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 69.685656] RDX: 0000000000000000 RSI: 00007ffde9fa0bf0 RDI: 0000000040000000 [ 69.692913] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 69.700179] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8 [ 69.707436] R13: 00007ffde9fa0eb8 R14: 0000000000000000 R15: 0000000000000000 [ 69.714692] Modules linked in: [ 69.718516] ---[ end trace 85ac5ff0d47a6c5f ]--- [ 69.723307] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 69.728556] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 69.747585] RSP: 0018:ffff88806d10fb88 EFLAGS: 00010282 [ 69.752938] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 69.760258] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100da21f63 [ 69.767560] RBP: ffff88806d10fba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 69.774829] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 69.782158] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 69.789484] FS: 0000000002840940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 69.797762] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.803647] CR2: 0000000000a75e58 CR3: 0000000072e3d000 CR4: 00000000001406f0 [ 69.811049] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.818355] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.825619] Kernel panic - not syncing: Fatal exception [ 69.832607] Kernel Offset: disabled [ 69.836240] Rebooting in 86400 seconds..