[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 62.762235][ T26] audit: type=1800 audit(1558133638.483:25): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 62.784942][ T26] audit: type=1800 audit(1558133638.483:26): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 62.819624][ T26] audit: type=1800 audit(1558133638.493:27): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts. 2019/05/17 22:54:09 fuzzer started 2019/05/17 22:54:12 dialing manager at 10.128.0.26:37669 2019/05/17 22:54:12 syscalls: 1006 2019/05/17 22:54:12 code coverage: enabled 2019/05/17 22:54:12 comparison tracing: enabled 2019/05/17 22:54:12 extra coverage: extra coverage is not supported by the kernel 2019/05/17 22:54:12 setuid sandbox: enabled 2019/05/17 22:54:12 namespace sandbox: enabled 2019/05/17 22:54:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/17 22:54:12 fault injection: enabled 2019/05/17 22:54:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/17 22:54:12 net packet injection: enabled 2019/05/17 22:54:12 net device setup: enabled 22:54:14 executing program 0: syz_emit_ethernet(0x6e, &(0x7f0000099f8c)={@random="cdbf0e000084", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @loopback, @dev, [], "800000e77f000400"}}}}}}}, 0x0) syzkaller login: [ 78.683888][ T9086] IPVS: ftp: loaded support on port[0] = 21 [ 78.694740][ T9086] NET: Registered protocol family 30 [ 78.700300][ T9086] Failed to register TIPC socket type 22:54:14 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000180)=""/97, &(0x7f0000000200)=0x8) [ 79.000374][ T9088] IPVS: ftp: loaded support on port[0] = 21 [ 79.010738][ T9088] NET: Registered protocol family 30 [ 79.016054][ T9088] Failed to register TIPC socket type 22:54:14 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000300)=@updpolicy={0xfc, 0x19, 0xa07, 0x0, 0x0, {{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@tmpl={0x44, 0x5, [{{@in6, 0x0, 0x33}, 0x0, @in=@broadcast}]}]}, 0xfc}}, 0x0) [ 79.327363][ T9090] IPVS: ftp: loaded support on port[0] = 21 [ 79.343637][ T9090] NET: Registered protocol family 30 [ 79.348948][ T9090] Failed to register TIPC socket type 22:54:15 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256\x00'}, 0x58) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x400001000008912, &(0x7f0000000000)="0a01010000123f319bd070") r2 = accept$alg(r0, 0x0, 0x0) close(r0) close(r2) [ 79.898506][ T9092] IPVS: ftp: loaded support on port[0] = 21 [ 79.934746][ T9092] NET: Registered protocol family 30 [ 79.969473][ T9092] Failed to register TIPC socket type 22:54:15 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='/\x02roup.stap\x00', 0x2761, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000100), 0xfeaa) sendfile(r1, r3, 0x0, 0x10) [ 80.433176][ T9094] IPVS: ftp: loaded support on port[0] = 21 [ 80.493538][ T9094] NET: Registered protocol family 30 [ 80.498947][ T9094] Failed to register TIPC socket type 22:54:16 executing program 5: connect$inet(0xffffffffffffffff, &(0x7f0000000080), 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000fc7000)={0x5, 0xe, 0x3, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000fcb000)={r0, &(0x7f0000000180), 0x0}, 0x20) [ 81.357252][ T9114] IPVS: ftp: loaded support on port[0] = 21 [ 81.369766][ T9086] chnl_net:caif_netlink_parms(): no params data found [ 81.433625][ T9114] NET: Registered protocol family 30 [ 81.486835][ T9114] Failed to register TIPC socket type [ 81.722140][ T9086] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.739927][ T9086] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.829610][ T9086] device bridge_slave_0 entered promiscuous mode [ 81.880433][ T9086] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.888925][ T9086] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.016608][ T9086] device bridge_slave_1 entered promiscuous mode [ 82.556569][ T9086] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 82.947392][ T9086] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 83.642521][ T9086] team0: Port device team_slave_0 added [ 83.896270][ T9086] team0: Port device team_slave_1 added [ 85.343255][ T9086] device hsr_slave_0 entered promiscuous mode [ 85.729872][ T9086] device hsr_slave_1 entered promiscuous mode [ 88.362955][ T9086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.892152][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.931813][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.186054][ T9086] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.514033][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.570249][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.769914][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.777222][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.122729][ T9295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 90.171589][ T9295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 90.285914][ T9295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 90.380066][ T9295] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.387920][ T9295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.773414][ T9456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 90.972643][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 91.121734][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.180559][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.418292][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 91.470411][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.630418][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.801873][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 91.967079][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 92.168105][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 92.241262][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 92.405477][ T9086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 93.001047][ T9086] 8021q: adding VLAN 0 to HW filter on device batadv0 22:54:32 executing program 0: syz_emit_ethernet(0x6e, &(0x7f0000099f8c)={@random="cdbf0e000084", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @loopback, @dev, [], "800000e77f000400"}}}}}}}, 0x0) 22:54:35 executing program 0: syz_emit_ethernet(0x6e, &(0x7f0000099f8c)={@random="cdbf0e000084", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @loopback, @dev, [], "800000e77f000400"}}}}}}}, 0x0) 22:54:36 executing program 0: syz_emit_ethernet(0x6e, &(0x7f0000099f8c)={@random="cdbf0e000084", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @loopback, @dev, [], "800000e77f000400"}}}}}}}, 0x0) [ 103.326711][ T9581] IPVS: ftp: loaded support on port[0] = 21 22:54:39 executing program 0: r0 = socket(0x848000000015, 0x805, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local}, 0x1b) [ 104.098679][ T9582] IPVS: ftp: loaded support on port[0] = 21 [ 104.102568][ T9585] IPVS: ftp: loaded support on port[0] = 21 [ 104.108250][ T9581] NET: Registered protocol family 30 [ 104.121694][ T9581] Failed to register TIPC socket type [ 104.145554][ T9586] IPVS: ftp: loaded support on port[0] = 21 [ 104.181333][ T9584] IPVS: ftp: loaded support on port[0] = 21 [ 104.223340][ T9582] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0. 22:54:40 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8013, r1, 0x0) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x40000, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 104.789793][ T9582] ------------[ cut here ]------------ [ 104.795297][ T9582] kernel BUG at lib/list_debug.c:29! [ 105.389455][ T9582] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 105.395583][ T9582] CPU: 0 PID: 9582 Comm: syz-executor.5 Not tainted 5.1.0+ #18 [ 105.403219][ T9582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.413300][ T9582] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 105.419223][ T9582] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b [ 105.438855][ T9582] RSP: 0018:ffff888074e47b88 EFLAGS: 00010282 [ 105.444932][ T9582] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000 [ 105.452918][ T9582] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100e9c8f63 [ 105.460897][ T9582] RBP: ffff888074e47ba0 R08: 0000000000000058 R09: ffffed1015d06011 [ 105.468932][ T9582] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffffffff89544ab0 [ 105.477067][ T9582] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50 [ 105.485092][ T9582] FS: 0000000001b93940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 105.494032][ T9582] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.500642][ T9582] CR2: 00007ffd6092ea68 CR3: 0000000074e1e000 CR4: 00000000001406f0 [ 105.508627][ T9582] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 105.516698][ T9582] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 105.524675][ T9582] Call Trace: [ 105.527979][ T9582] ? mutex_lock_nested+0x16/0x20 [ 105.532942][ T9582] proto_register+0x459/0x8e0 [ 105.537626][ T9582] ? lockdep_init_map+0x1be/0x6d0 [ 105.542682][ T9582] tipc_socket_init+0x1c/0x70 [ 105.547380][ T9582] tipc_init_net+0x32a/0x5b0 [ 105.552001][ T9582] ? tipc_exit_net+0x40/0x40 [ 105.556604][ T9582] ops_init+0xb6/0x410 [ 105.560687][ T9582] setup_net+0x2d3/0x740 [ 105.565659][ T9582] ? copy_net_ns+0x1c0/0x340 [ 105.570263][ T9582] ? ops_init+0x410/0x410 [ 105.574600][ T9582] ? kasan_check_write+0x14/0x20 [ 105.579546][ T9582] ? down_read_killable+0x51/0x220 [ 105.584675][ T9582] copy_net_ns+0x1df/0x340 [ 105.589123][ T9582] create_new_namespaces+0x400/0x7b0 [ 105.594459][ T9582] unshare_nsproxy_namespaces+0xc2/0x200 [ 105.600119][ T9582] ksys_unshare+0x440/0x980 [ 105.604650][ T9582] ? trace_hardirqs_on+0x67/0x230 [ 105.609693][ T9582] ? walk_process_tree+0x2d0/0x2d0 [ 105.614901][ T9582] ? blkcg_exit_queue+0x30/0x30 [ 105.619877][ T9582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 105.625442][ T9582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.631521][ T9582] ? do_syscall_64+0x26/0x680 [ 105.636207][ T9582] ? lockdep_hardirqs_on+0x418/0x5d0 [ 105.641522][ T9582] __x64_sys_unshare+0x31/0x40 [ 105.646301][ T9582] do_syscall_64+0x103/0x680 [ 105.650907][ T9582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.656804][ T9582] RIP: 0033:0x45b897 [ 105.660705][ T9582] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 105.680337][ T9582] RSP: 002b:00007ffe646dc9f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 105.688774][ T9582] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897 [ 105.696779][ T9582] RDX: 0000000000000000 RSI: 00007ffe646dc9a0 RDI: 0000000040000000 [ 105.704787][ T9582] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 105.712773][ T9582] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000414ab0 [ 105.720757][ T9582] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000 [ 105.728751][ T9582] Modules linked in: 22:54:42 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8013, r1, 0x0) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x40000, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 107.102058][ T3880] kobject: 'loop0' (000000005e696300): kobject_uevent_env [ 107.109354][ T3880] kobject: 'loop0' (000000005e696300): fill_kobj_path: path = '/devices/virtual/block/loop0' 22:54:45 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8013, r1, 0x0) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x40000, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 110.022483][ T3880] kobject: 'loop0' (000000005e696300): kobject_uevent_env [ 110.119631][ T3880] kobject: 'loop0' (000000005e696300): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 112.188545][ T3880] kobject: 'loop0' (000000005e696300): kobject_uevent_env [ 112.409469][ T3880] kobject: 'loop0' (000000005e696300): fill_kobj_path: path = '/devices/virtual/block/loop0'