[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   59.753987][   T26] audit: type=1800 audit(1558161061.780:25): pid=8678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   59.791996][   T26] audit: type=1800 audit(1558161061.780:26): pid=8678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   59.830640][   T26] audit: type=1800 audit(1558161061.790:27): pid=8678 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
2019/05/18 06:31:09 fuzzer started
2019/05/18 06:31:12 dialing manager at 10.128.0.26:37669
2019/05/18 06:31:12 syscalls: 1006
2019/05/18 06:31:12 code coverage: enabled
2019/05/18 06:31:12 comparison tracing: enabled
2019/05/18 06:31:12 extra coverage: extra coverage is not supported by the kernel
2019/05/18 06:31:12 setuid sandbox: enabled
2019/05/18 06:31:12 namespace sandbox: enabled
2019/05/18 06:31:12 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/18 06:31:12 fault injection: enabled
2019/05/18 06:31:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/18 06:31:12 net packet injection: enabled
2019/05/18 06:31:12 net device setup: enabled
06:31:17 executing program 0:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
r1 = socket$unix(0x1, 0x10004000000002, 0x0)
connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
sendmmsg(r1, &(0x7f0000000000), 0x548, 0x0)
recvmmsg(r0, &(0x7f0000002cc0)=[{{0x0, 0xfffffffffffffe22, 0x0}}], 0x1ece87a4671555d, 0x42, 0x0)

06:31:17 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000300)="0adc1f123c123f319bd070")
ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x3, 0x7, 0x2, 0x1, 0xb0}]}, &(0x7f0000f6bffb)='GPL\x00'}, 0x48)

syzkaller login: [   75.409096][ T8844] IPVS: ftp: loaded support on port[0] = 21
[   75.419718][ T8844] NET: Registered protocol family 30
[   75.425461][ T8844] Failed to register TIPC socket type
06:31:17 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8000008031, 0xffffffffffffffff, 0x0)
socket(0x0, 0x0, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
close(r1)

[   75.661764][ T8846] IPVS: ftp: loaded support on port[0] = 21
[   75.685939][ T8846] NET: Registered protocol family 30
[   75.691264][ T8846] Failed to register TIPC socket type
[   75.932686][ T8848] IPVS: ftp: loaded support on port[0] = 21
[   75.953139][ T8848] NET: Registered protocol family 30
[   75.958485][ T8848] Failed to register TIPC socket type
06:31:18 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='/\x02roup.stap\x00', 0x2761, 0x0)
r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000000)=0x5, 0x4)
write$cgroup_int(r1, &(0x7f00000000c0), 0x4557434d)
sendfile(r0, r1, 0x0, 0x2000000000e)

[   76.477394][ T8850] IPVS: ftp: loaded support on port[0] = 21
[   76.496014][ T8850] NET: Registered protocol family 30
[   76.501333][ T8850] Failed to register TIPC socket type
06:31:18 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000000)=0x728, 0x4)

[   77.057955][ T8852] IPVS: ftp: loaded support on port[0] = 21
[   77.096188][ T8852] NET: Registered protocol family 30
[   77.101512][ T8852] Failed to register TIPC socket type
06:31:19 executing program 5:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000001600)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r3 = socket(0x2, 0x1, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f0000000280)={@caif=@dgm={0x25, 0x3}, {0x0}, 0x0}, 0xa0)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, 0x0, 0x0)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000080)={'lo\x00'})
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000040)={'lo\x00', 0x6a})
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x900)

[   77.799069][ T8854] IPVS: ftp: loaded support on port[0] = 21
[   77.836234][ T8854] NET: Registered protocol family 30
[   77.841566][ T8854] Failed to register TIPC socket type
[   78.385387][ T8844] chnl_net:caif_netlink_parms(): no params data found
[   78.802416][ T8844] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.810169][ T8844] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.895345][ T8844] device bridge_slave_0 entered promiscuous mode
[   79.036347][ T8844] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.182890][ T8844] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.282939][ T8844] device bridge_slave_1 entered promiscuous mode
[   79.766459][ T8844] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   80.047599][ T8844] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   80.739853][ T8844] team0: Port device team_slave_0 added
[   81.121439][ T8844] team0: Port device team_slave_1 added
[   82.409501][ T8844] device hsr_slave_0 entered promiscuous mode
[   82.816122][ T8844] device hsr_slave_1 entered promiscuous mode
[   84.905093][ T8844] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.291160][ T2840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   85.338759][ T2840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.573801][ T8844] 8021q: adding VLAN 0 to HW filter on device team0
[   85.953680][ T2840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   85.982594][ T2840] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   86.173219][ T2840] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.180616][ T2840] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.522883][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   86.531098][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   86.694423][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   86.842481][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.849598][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.255440][ T9198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.312866][ T9198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   87.534502][ T9196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   87.624211][ T9196] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.026449][ T9198] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.062750][ T9198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.230915][ T9198] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.422816][ T9198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.431462][ T9198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.743479][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   88.803357][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.956116][ T8844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   89.463264][ T8844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.378137][ T9315] IPVS: ftp: loaded support on port[0] = 21
[   98.025993][ T9315] NET: Registered protocol family 30
[   98.031341][ T9315] Failed to register TIPC socket type
[   98.098336][ T9318] IPVS: ftp: loaded support on port[0] = 21
[   98.586564][ T9318] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0.
[   98.634745][ T9316] IPVS: ftp: loaded support on port[0] = 21
[   98.703502][ T9320] IPVS: ftp: loaded support on port[0] = 21
[   99.172277][ T9318] ------------[ cut here ]------------
[   99.177821][ T9318] kernel BUG at lib/list_debug.c:29!
[   99.701914][ T9318] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   99.708043][ T9318] CPU: 1 PID: 9318 Comm: syz-executor.2 Not tainted 5.1.0+ #18
[   99.715589][ T9318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.725669][ T9318] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[   99.731566][ T9318] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b
[   99.751187][ T9318] RSP: 0018:ffff88806b5efb88 EFLAGS: 00010282
[   99.757260][ T9318] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000
[   99.765248][ T9318] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100d6bdf63
[   99.773236][ T9318] RBP: ffff88806b5efba0 R08: 0000000000000058 R09: ffffed1015d26011
[   99.781213][ T9318] R10: ffffed1015d26010 R11: ffff8880ae930087 R12: ffffffff89544ab0
[   99.789186][ T9318] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50
[   99.797166][ T9318] FS:  00000000023a3940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   99.806183][ T9318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   99.812771][ T9318] CR2: ffffffffff600400 CR3: 000000008af99000 CR4: 00000000001406e0
[   99.820746][ T9318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   99.828746][ T9318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   99.836719][ T9318] Call Trace:
[   99.840017][ T9318]  ? mutex_lock_nested+0x16/0x20
[   99.844962][ T9318]  proto_register+0x459/0x8e0
[   99.849650][ T9318]  ? lockdep_init_map+0x1be/0x6d0
[   99.854683][ T9318]  tipc_socket_init+0x1c/0x70
[   99.859543][ T9318]  tipc_init_net+0x32a/0x5b0
[   99.864137][ T9318]  ? tipc_exit_net+0x40/0x40
[   99.868729][ T9318]  ops_init+0xb6/0x410
[   99.872799][ T9318]  setup_net+0x2d3/0x740
[   99.877054][ T9318]  ? copy_net_ns+0x1c0/0x340
[   99.881657][ T9318]  ? ops_init+0x410/0x410
[   99.885996][ T9318]  ? kasan_check_write+0x14/0x20
[   99.890943][ T9318]  ? down_read_killable+0x51/0x220
[   99.896068][ T9318]  copy_net_ns+0x1df/0x340
[   99.900534][ T9318]  create_new_namespaces+0x400/0x7b0
[   99.905846][ T9318]  unshare_nsproxy_namespaces+0xc2/0x200
[   99.911496][ T9318]  ksys_unshare+0x440/0x980
[   99.916011][ T9318]  ? trace_hardirqs_on+0x67/0x230
[   99.921063][ T9318]  ? walk_process_tree+0x2d0/0x2d0
[   99.926190][ T9318]  ? blkcg_exit_queue+0x30/0x30
[   99.931056][ T9318]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   99.936530][ T9318]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.942618][ T9318]  ? do_syscall_64+0x26/0x680
[   99.947336][ T9318]  ? lockdep_hardirqs_on+0x418/0x5d0
[   99.952766][ T9318]  __x64_sys_unshare+0x31/0x40
[   99.957547][ T9318]  do_syscall_64+0x103/0x680
[   99.962158][ T9318]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   99.968057][ T9318] RIP: 0033:0x45b897
[   99.971969][ T9318] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   99.991619][ T9318] RSP: 002b:00007ffd245b5168 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  100.000042][ T9318] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897
[  100.008203][ T9318] RDX: 0000000000000000 RSI: 00007ffd245b5110 RDI: 0000000040000000
[  100.016245][ T9318] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[  100.024223][ T9318] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000414ab0
[  100.032203][ T9318] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000
[  100.040192][ T9318] Modules linked in:
[  100.517450][ T9340] IPVS: ftp: loaded support on port[0] = 21
[  109.009721][ T9318] ---[ end trace 7a5e47d1a07287fe ]---