[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   62.762235][   T26] audit: type=1800 audit(1558133638.483:25): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   62.784942][   T26] audit: type=1800 audit(1558133638.483:26): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   62.819624][   T26] audit: type=1800 audit(1558133638.493:27): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts.
2019/05/17 22:54:09 fuzzer started
2019/05/17 22:54:12 dialing manager at 10.128.0.26:37669
2019/05/17 22:54:12 syscalls: 1006
2019/05/17 22:54:12 code coverage: enabled
2019/05/17 22:54:12 comparison tracing: enabled
2019/05/17 22:54:12 extra coverage: extra coverage is not supported by the kernel
2019/05/17 22:54:12 setuid sandbox: enabled
2019/05/17 22:54:12 namespace sandbox: enabled
2019/05/17 22:54:12 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/17 22:54:12 fault injection: enabled
2019/05/17 22:54:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/17 22:54:12 net packet injection: enabled
2019/05/17 22:54:12 net device setup: enabled
22:54:14 executing program 0:
syz_emit_ethernet(0x6e, &(0x7f0000099f8c)={@random="cdbf0e000084", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @loopback, @dev, [], "800000e77f000400"}}}}}}}, 0x0)

syzkaller login: [   78.683888][ T9086] IPVS: ftp: loaded support on port[0] = 21
[   78.694740][ T9086] NET: Registered protocol family 30
[   78.700300][ T9086] Failed to register TIPC socket type
22:54:14 executing program 1:
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000180)=""/97, &(0x7f0000000200)=0x8)

[   79.000374][ T9088] IPVS: ftp: loaded support on port[0] = 21
[   79.010738][ T9088] NET: Registered protocol family 30
[   79.016054][ T9088] Failed to register TIPC socket type
22:54:14 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000300)=@updpolicy={0xfc, 0x19, 0xa07, 0x0, 0x0, {{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@tmpl={0x44, 0x5, [{{@in6, 0x0, 0x33}, 0x0, @in=@broadcast}]}]}, 0xfc}}, 0x0)

[   79.327363][ T9090] IPVS: ftp: loaded support on port[0] = 21
[   79.343637][ T9090] NET: Registered protocol family 30
[   79.348948][ T9090] Failed to register TIPC socket type
22:54:15 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256\x00'}, 0x58)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x400001000008912, &(0x7f0000000000)="0a01010000123f319bd070")
r2 = accept$alg(r0, 0x0, 0x0)
close(r0)
close(r2)

[   79.898506][ T9092] IPVS: ftp: loaded support on port[0] = 21
[   79.934746][ T9092] NET: Registered protocol family 30
[   79.969473][ T9092] Failed to register TIPC socket type
22:54:15 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='/\x02roup.stap\x00', 0x2761, 0x0)
r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000100), 0xfeaa)
sendfile(r1, r3, 0x0, 0x10)

[   80.433176][ T9094] IPVS: ftp: loaded support on port[0] = 21
[   80.493538][ T9094] NET: Registered protocol family 30
[   80.498947][ T9094] Failed to register TIPC socket type
22:54:16 executing program 5:
connect$inet(0xffffffffffffffff, &(0x7f0000000080), 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000fc7000)={0x5, 0xe, 0x3, 0x2}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), 0x0}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000fcb000)={r0, &(0x7f0000000180), 0x0}, 0x20)

[   81.357252][ T9114] IPVS: ftp: loaded support on port[0] = 21
[   81.369766][ T9086] chnl_net:caif_netlink_parms(): no params data found
[   81.433625][ T9114] NET: Registered protocol family 30
[   81.486835][ T9114] Failed to register TIPC socket type
[   81.722140][ T9086] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.739927][ T9086] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.829610][ T9086] device bridge_slave_0 entered promiscuous mode
[   81.880433][ T9086] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.888925][ T9086] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.016608][ T9086] device bridge_slave_1 entered promiscuous mode
[   82.556569][ T9086] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   82.947392][ T9086] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   83.642521][ T9086] team0: Port device team_slave_0 added
[   83.896270][ T9086] team0: Port device team_slave_1 added
[   85.343255][ T9086] device hsr_slave_0 entered promiscuous mode
[   85.729872][ T9086] device hsr_slave_1 entered promiscuous mode
[   88.362955][ T9086] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.892152][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   88.931813][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   89.186054][ T9086] 8021q: adding VLAN 0 to HW filter on device team0
[   89.514033][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   89.570249][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   89.769914][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.777222][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.122729][ T9295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   90.171589][ T9295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   90.285914][ T9295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   90.380066][ T9295] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.387920][ T9295] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.773414][ T9456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   90.972643][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   91.121734][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   91.180559][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   91.418292][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   91.470411][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   91.630418][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   91.801873][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   91.967079][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   92.168105][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   92.241262][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   92.405477][ T9086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   93.001047][ T9086] 8021q: adding VLAN 0 to HW filter on device batadv0
22:54:32 executing program 0:
syz_emit_ethernet(0x6e, &(0x7f0000099f8c)={@random="cdbf0e000084", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @loopback, @dev, [], "800000e77f000400"}}}}}}}, 0x0)

22:54:35 executing program 0:
syz_emit_ethernet(0x6e, &(0x7f0000099f8c)={@random="cdbf0e000084", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @loopback, @dev, [], "800000e77f000400"}}}}}}}, 0x0)

22:54:36 executing program 0:
syz_emit_ethernet(0x6e, &(0x7f0000099f8c)={@random="cdbf0e000084", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x3a, 0x0, @loopback, @dev, [], "800000e77f000400"}}}}}}}, 0x0)

[  103.326711][ T9581] IPVS: ftp: loaded support on port[0] = 21
22:54:39 executing program 0:
r0 = socket(0x848000000015, 0x805, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local}, 0x1b)

[  104.098679][ T9582] IPVS: ftp: loaded support on port[0] = 21
[  104.102568][ T9585] IPVS: ftp: loaded support on port[0] = 21
[  104.108250][ T9581] NET: Registered protocol family 30
[  104.121694][ T9581] Failed to register TIPC socket type
[  104.145554][ T9586] IPVS: ftp: loaded support on port[0] = 21
[  104.181333][ T9584] IPVS: ftp: loaded support on port[0] = 21
[  104.223340][ T9582] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0.
22:54:40 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8013, r1, 0x0)
r2 = accept$alg(r0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x40000, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0)

[  104.789793][ T9582] ------------[ cut here ]------------
[  104.795297][ T9582] kernel BUG at lib/list_debug.c:29!
[  105.389455][ T9582] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  105.395583][ T9582] CPU: 0 PID: 9582 Comm: syz-executor.5 Not tainted 5.1.0+ #18
[  105.403219][ T9582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  105.413300][ T9582] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[  105.419223][ T9582] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b
[  105.438855][ T9582] RSP: 0018:ffff888074e47b88 EFLAGS: 00010282
[  105.444932][ T9582] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000
[  105.452918][ T9582] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100e9c8f63
[  105.460897][ T9582] RBP: ffff888074e47ba0 R08: 0000000000000058 R09: ffffed1015d06011
[  105.468932][ T9582] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffffffff89544ab0
[  105.477067][ T9582] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50
[  105.485092][ T9582] FS:  0000000001b93940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  105.494032][ T9582] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  105.500642][ T9582] CR2: 00007ffd6092ea68 CR3: 0000000074e1e000 CR4: 00000000001406f0
[  105.508627][ T9582] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  105.516698][ T9582] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  105.524675][ T9582] Call Trace:
[  105.527979][ T9582]  ? mutex_lock_nested+0x16/0x20
[  105.532942][ T9582]  proto_register+0x459/0x8e0
[  105.537626][ T9582]  ? lockdep_init_map+0x1be/0x6d0
[  105.542682][ T9582]  tipc_socket_init+0x1c/0x70
[  105.547380][ T9582]  tipc_init_net+0x32a/0x5b0
[  105.552001][ T9582]  ? tipc_exit_net+0x40/0x40
[  105.556604][ T9582]  ops_init+0xb6/0x410
[  105.560687][ T9582]  setup_net+0x2d3/0x740
[  105.565659][ T9582]  ? copy_net_ns+0x1c0/0x340
[  105.570263][ T9582]  ? ops_init+0x410/0x410
[  105.574600][ T9582]  ? kasan_check_write+0x14/0x20
[  105.579546][ T9582]  ? down_read_killable+0x51/0x220
[  105.584675][ T9582]  copy_net_ns+0x1df/0x340
[  105.589123][ T9582]  create_new_namespaces+0x400/0x7b0
[  105.594459][ T9582]  unshare_nsproxy_namespaces+0xc2/0x200
[  105.600119][ T9582]  ksys_unshare+0x440/0x980
[  105.604650][ T9582]  ? trace_hardirqs_on+0x67/0x230
[  105.609693][ T9582]  ? walk_process_tree+0x2d0/0x2d0
[  105.614901][ T9582]  ? blkcg_exit_queue+0x30/0x30
[  105.619877][ T9582]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  105.625442][ T9582]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  105.631521][ T9582]  ? do_syscall_64+0x26/0x680
[  105.636207][ T9582]  ? lockdep_hardirqs_on+0x418/0x5d0
[  105.641522][ T9582]  __x64_sys_unshare+0x31/0x40
[  105.646301][ T9582]  do_syscall_64+0x103/0x680
[  105.650907][ T9582]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  105.656804][ T9582] RIP: 0033:0x45b897
[  105.660705][ T9582] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  105.680337][ T9582] RSP: 002b:00007ffe646dc9f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  105.688774][ T9582] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897
[  105.696779][ T9582] RDX: 0000000000000000 RSI: 00007ffe646dc9a0 RDI: 0000000040000000
[  105.704787][ T9582] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[  105.712773][ T9582] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000414ab0
[  105.720757][ T9582] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000
[  105.728751][ T9582] Modules linked in:
22:54:42 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8013, r1, 0x0)
r2 = accept$alg(r0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x40000, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0)

[  107.102058][ T3880] kobject: 'loop0' (000000005e696300): kobject_uevent_env
[  107.109354][ T3880] kobject: 'loop0' (000000005e696300): fill_kobj_path: path = '/devices/virtual/block/loop0'
22:54:45 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8013, r1, 0x0)
r2 = accept$alg(r0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x40000, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0)

[  110.022483][ T3880] kobject: 'loop0' (000000005e696300): kobject_uevent_env
[  110.119631][ T3880] kobject: 'loop0' (000000005e696300): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  112.188545][ T3880] kobject: 'loop0' (000000005e696300): kobject_uevent_env
[  112.409469][ T3880] kobject: 'loop0' (000000005e696300): fill_kobj_path: path = '/devices/virtual/block/loop0'