Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. 2019/06/04 04:06:32 fuzzer started [ 56.561108] audit: type=1400 audit(1559621192.970:36): avc: denied { map } for pid=7946 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/04 04:06:36 dialing manager at 10.128.0.105:38735 2019/06/04 04:06:36 syscalls: 2460 2019/06/04 04:06:36 code coverage: enabled 2019/06/04 04:06:36 comparison tracing: enabled 2019/06/04 04:06:36 extra coverage: extra coverage is not supported by the kernel 2019/06/04 04:06:36 setuid sandbox: enabled 2019/06/04 04:06:36 namespace sandbox: enabled 2019/06/04 04:06:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/04 04:06:36 fault injection: enabled 2019/06/04 04:06:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/04 04:06:36 net packet injection: enabled 2019/06/04 04:06:36 net device setup: enabled 04:06:38 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x10, 0x3, 0x0) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x11, &(0x7f0000000000), 0x20a154cc) [ 62.350853] audit: type=1400 audit(1559621198.760:37): avc: denied { map } for pid=7963 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14957 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 62.471322] IPVS: ftp: loaded support on port[0] = 21 [ 62.482229] NET: Registered protocol family 30 [ 62.487392] Failed to register TIPC socket type 04:06:38 executing program 1: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) dup3(r1, r0, 0x0) io_setup(0x479, &(0x7f0000000080)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) [ 62.644573] IPVS: ftp: loaded support on port[0] = 21 [ 62.654026] NET: Registered protocol family 30 [ 62.659092] Failed to register TIPC socket type 04:06:39 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x4, r2, 0x1, 0x0, 0x6, @dev}, 0x14) syz_emit_ethernet(0x40, &(0x7f0000000000)={@empty, @remote, [], {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "0ab3bc31d111e81e"}}}}, 0x0) [ 63.158444] IPVS: ftp: loaded support on port[0] = 21 [ 63.178223] NET: Registered protocol family 30 [ 63.182833] Failed to register TIPC socket type 04:06:39 executing program 3: r0 = getpid() ioprio_set$pid(0x3, r0, 0x0) [ 63.653908] IPVS: ftp: loaded support on port[0] = 21 [ 63.680886] NET: Registered protocol family 30 [ 63.686188] Failed to register TIPC socket type 04:06:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xe, 0x4, 0x4, 0x10070}, 0xe7) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000180)='bcsf0\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x13') ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") [ 64.282811] IPVS: ftp: loaded support on port[0] = 21 [ 64.309445] NET: Registered protocol family 30 [ 64.314060] Failed to register TIPC socket type 04:06:41 executing program 5: syz_emit_ethernet(0x140, &(0x7f0000000100)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x10a, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 64.982847] IPVS: ftp: loaded support on port[0] = 21 [ 65.009505] NET: Registered protocol family 30 [ 65.014133] Failed to register TIPC socket type [ 65.429994] chnl_net:caif_netlink_parms(): no params data found [ 65.847199] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.854205] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.926672] device bridge_slave_0 entered promiscuous mode [ 65.978696] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.033065] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.166343] device bridge_slave_1 entered promiscuous mode [ 66.625720] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 66.917153] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.462024] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 67.631859] team0: Port device team_slave_0 added [ 67.880761] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 67.998172] team0: Port device team_slave_1 added [ 68.332043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 68.583252] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.104991] device hsr_slave_0 entered promiscuous mode [ 69.510847] device hsr_slave_1 entered promiscuous mode [ 69.711028] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 69.850645] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 70.066891] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.670269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.868406] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 71.078010] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 71.084307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.118100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.294220] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 71.405321] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.567969] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.706465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.714538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.838068] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.844614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.991691] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.085466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.092894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.212253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.286758] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.293163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.447893] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.507132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.588818] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.640661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.676913] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.683996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.737417] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.921536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.987501] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.007906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.047294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.140195] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 73.215895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.223715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.326358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 73.334296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.397151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.506304] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 73.512441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.718168] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 73.927504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.150091] audit: type=1400 audit(1559621210.560:38): avc: denied { associate } for pid=7964 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 04:06:55 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x10, 0x3, 0x0) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x11, &(0x7f0000000000), 0x20a154cc) 04:06:55 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x10, 0x3, 0x0) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x11, &(0x7f0000000000), 0x20a154cc) 04:06:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x10, 0x3, 0x0) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x11, &(0x7f0000000000), 0x20a154cc) [ 80.504668] IPVS: ftp: loaded support on port[0] = 21 [ 80.591033] NET: Registered protocol family 30 [ 80.628056] Failed to register TIPC socket type 04:06:57 executing program 0: prctl$PR_CAPBSET_DROP(0x18, 0x20) mknod$loop(&(0x7f0000000100)='./file0\x00', 0xa, 0xffffffffffffffff) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 80.751810] IPVS: ftp: loaded support on port[0] = 21 [ 80.762101] NET: Registered protocol family 30 [ 80.774462] Failed to register TIPC socket type [ 80.782468] IPVS: ftp: loaded support on port[0] = 21 [ 80.800540] IPVS: ftp: loaded support on port[0] = 21 [ 80.812392] NET: Registered protocol family 30 [ 80.822867] Failed to register TIPC socket type [ 80.832212] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 80.853318] ------------[ cut here ]------------ [ 80.858116] kernel BUG at lib/list_debug.c:29! [ 80.879619] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 80.885033] CPU: 1 PID: 8637 Comm: syz-executor.4 Not tainted 4.19.47 #19 [ 80.892065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.901532] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 80.906728] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 80.925642] RSP: 0018:ffff888075f77b88 EFLAGS: 00010282 [ 80.931013] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 80.938293] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ebeef63 [ 80.945703] RBP: ffff888075f77ba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 80.952978] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 80.960255] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 80.967529] FS: 0000000000e51940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 80.975764] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.981655] CR2: 00007f5ae73a65c3 CR3: 0000000075fa2000 CR4: 00000000001406e0 [ 80.988935] Call Trace: [ 80.991528] ? mutex_lock_nested+0x16/0x20 [ 80.995774] proto_register+0x459/0x8e0 [ 80.999762] tipc_socket_init+0x1c/0x70 [ 81.003758] tipc_init_net+0x2ed/0x570 [ 81.007646] ? tipc_exit_net+0x40/0x40 [ 81.011538] ops_init+0xb3/0x410 [ 81.014909] setup_net+0x2d3/0x740 [ 81.018455] ? lock_acquire+0x16f/0x3f0 [ 81.022435] ? ops_init+0x410/0x410 [ 81.026072] copy_net_ns+0x1df/0x340 [ 81.029877] create_new_namespaces+0x400/0x7b0 [ 81.034470] unshare_nsproxy_namespaces+0xc2/0x200 [ 81.039406] ksys_unshare+0x440/0x980 [ 81.043209] ? walk_process_tree+0x2c0/0x2c0 [ 81.047625] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.052393] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.057767] ? do_syscall_64+0x26/0x620 [ 81.061754] ? lockdep_hardirqs_on+0x415/0x5d0 [ 81.066346] __x64_sys_unshare+0x31/0x40 [ 81.070417] do_syscall_64+0xfd/0x620 [ 81.074226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.079503] RIP: 0033:0x45bd47 [ 81.082702] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:06:57 executing program 0: prctl$PR_CAPBSET_DROP(0x18, 0x20) mknod$loop(&(0x7f0000000100)='./file0\x00', 0xa, 0xffffffffffffffff) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 81.101786] RSP: 002b:00007ffdf1166118 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 81.109498] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 [ 81.117034] RDX: 0000000000000000 RSI: 00007ffdf11660c0 RDI: 0000000040000000 [ 81.124395] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 81.131769] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8 [ 81.139128] R13: 00007ffdf1166388 R14: 0000000000000000 R15: 0000000000000000 [ 81.146501] Modules linked in: [ 81.165268] kobject: 'loop0' (0000000082e28966): kobject_uevent_env [ 81.168582] ---[ end trace a5ab8d097a44716b ]--- [ 81.175309] kobject: 'loop0' (0000000082e28966): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 81.178208] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 81.202450] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 81.233002] RSP: 0018:ffff888075f77b88 EFLAGS: 00010282 [ 81.240790] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 81.251231] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100ebeef63 [ 81.260681] RBP: ffff888075f77ba0 R08: 0000000000000058 R09: ffffed1015d04fe9 [ 81.276182] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff892e7630 [ 81.283492] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 81.296866] FS: 0000000000e51940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 81.298885] kobject: 'loop0' (0000000082e28966): kobject_uevent_env 04:06:57 executing program 0: prctl$PR_CAPBSET_DROP(0x18, 0x20) mknod$loop(&(0x7f0000000100)='./file0\x00', 0xa, 0xffffffffffffffff) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 81.305206] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.331765] CR2: 0000001b2d729000 CR3: 0000000075fa2000 CR4: 00000000001406e0 [ 81.345299] kobject: 'loop0' (0000000082e28966): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 81.345791] Kernel panic - not syncing: Fatal exception [ 81.361269] Kernel Offset: disabled [ 81.364905] Rebooting in 86400 seconds..