[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   53.471201][   T26] audit: type=1800 audit(1558158264.940:25): pid=8357 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   53.510533][   T26] audit: type=1800 audit(1558158264.940:26): pid=8357 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   53.549791][   T26] audit: type=1800 audit(1558158264.940:27): pid=8357 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
2019/05/18 05:44:36 fuzzer started
2019/05/18 05:44:39 dialing manager at 10.128.0.26:37669
2019/05/18 05:44:39 syscalls: 1006
2019/05/18 05:44:39 code coverage: enabled
2019/05/18 05:44:39 comparison tracing: enabled
2019/05/18 05:44:39 extra coverage: extra coverage is not supported by the kernel
2019/05/18 05:44:39 setuid sandbox: enabled
2019/05/18 05:44:39 namespace sandbox: enabled
2019/05/18 05:44:39 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/18 05:44:39 fault injection: enabled
2019/05/18 05:44:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/18 05:44:39 net packet injection: enabled
2019/05/18 05:44:39 net device setup: enabled
05:44:43 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@gettaction={0x18, 0x32, 0x5, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)

syzkaller login: [   71.995397][ T8522] IPVS: ftp: loaded support on port[0] = 21
[   72.005537][ T8522] NET: Registered protocol family 30
[   72.011521][ T8522] Failed to register TIPC socket type
05:44:43 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r1, &(0x7f0000000200)={{0x3, @netrom, 0x1}, [@null, @default, @bcast, @null, @bcast, @rose, @netrom, @default]}, 0x48)
close(r1)

[   72.189868][ T8524] IPVS: ftp: loaded support on port[0] = 21
[   72.199543][ T8524] NET: Registered protocol family 30
[   72.204970][ T8524] Failed to register TIPC socket type
05:44:43 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)='4', 0x1}], 0x1}], 0x1, 0x0)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000500)=""/84, 0x54}], 0x1}, 0x0)

[   72.697524][ T8526] IPVS: ftp: loaded support on port[0] = 21
[   72.724111][ T8526] NET: Registered protocol family 30
[   72.729421][ T8526] Failed to register TIPC socket type
05:44:44 executing program 3:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$rose(r0, 0x104, 0x4, &(0x7f0000000080), 0x4)

[   73.177788][ T8528] IPVS: ftp: loaded support on port[0] = 21
[   73.204301][ T8528] NET: Registered protocol family 30
[   73.209718][ T8528] Failed to register TIPC socket type
05:44:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x4, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}, @typedef={0x2}]}, {0x0, [0x0, 0x61]}}, &(0x7f0000000200)=""/4096, 0x40, 0x1000, 0x1}, 0x20)

[   73.716807][ T8530] IPVS: ftp: loaded support on port[0] = 21
[   73.734432][ T8530] NET: Registered protocol family 30
[   73.739752][ T8530] Failed to register TIPC socket type
05:44:45 executing program 5:
r0 = socket$packet(0x11, 0x400000000000002, 0x300)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth0\x00', &(0x7f0000000000)=@ethtool_link_settings={0x46}})

[   74.462349][ T8522] chnl_net:caif_netlink_parms(): no params data found
[   74.862276][ T8522] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.869932][ T8522] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.928312][ T8522] device bridge_slave_0 entered promiscuous mode
[   75.009916][ T8593] IPVS: ftp: loaded support on port[0] = 21
[   75.016846][ T8522] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.102481][ T8522] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.125010][ T8593] NET: Registered protocol family 30
[   75.223065][ T8522] device bridge_slave_1 entered promiscuous mode
[   75.271187][ T8593] Failed to register TIPC socket type
[   75.721559][ T8522] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   76.020226][ T8522] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   76.706199][ T8522] team0: Port device team_slave_0 added
[   77.025569][ T8522] team0: Port device team_slave_1 added
[   78.107750][ T8522] device hsr_slave_0 entered promiscuous mode
[   78.613463][ T8522] device hsr_slave_1 entered promiscuous mode
[   80.479964][ T8522] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.992965][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   81.041976][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   81.255643][ T8522] 8021q: adding VLAN 0 to HW filter on device team0
[   81.542053][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   81.620949][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   81.773812][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.781038][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.223377][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   82.251818][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   82.421937][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   82.561874][ T3759] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.568979][ T3759] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.810673][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   83.046127][ T8892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   83.073967][ T8892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   83.230458][ T8892] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   83.412150][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   83.420140][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   83.593484][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   83.905171][ T8892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   83.971016][ T8892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   84.084406][ T8892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   84.232013][ T8892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   84.355305][ T8522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   84.725101][ T8522] 8021q: adding VLAN 0 to HW filter on device batadv0
05:45:00 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@gettaction={0x18, 0x32, 0x5, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)

05:45:00 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@gettaction={0x18, 0x32, 0x5, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)

05:45:02 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@gettaction={0x18, 0x32, 0x5, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)

[   92.606313][ T9021] IPVS: ftp: loaded support on port[0] = 21
[   92.746343][ T9019] IPVS: ftp: loaded support on port[0] = 21
05:45:04 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@gettaction={0x18, 0x32, 0x5, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)

[   93.032869][ T9020] IPVS: ftp: loaded support on port[0] = 21
[   93.106504][ T9021] NET: Registered protocol family 30
[   93.154859][ T9022] IPVS: ftp: loaded support on port[0] = 21
[   93.264102][ T9019] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0.
[   93.490352][ T9021] Failed to register TIPC socket type
[   93.840631][ T9019] ------------[ cut here ]------------
[   93.846137][ T9019] kernel BUG at lib/list_debug.c:29!
[   94.280355][ T9019] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   94.286459][ T9019] CPU: 0 PID: 9019 Comm: syz-executor.4 Not tainted 5.1.0+ #18
[   94.293996][ T9019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.304064][ T9019] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[   94.309953][ T9019] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b
[   94.329553][ T9019] RSP: 0018:ffff88807e417b88 EFLAGS: 00010282
[   94.335626][ T9019] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000
[   94.343610][ T9019] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100fc82f63
[   94.351589][ T9019] RBP: ffff88807e417ba0 R08: 0000000000000058 R09: ffffed1015d06011
[   94.359557][ T9019] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffffffff89544ab0
[   94.367532][ T9019] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50
[   94.375504][ T9019] FS:  000000000142b940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   94.384424][ T9019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   94.391003][ T9019] CR2: 00007fb4306ccca0 CR3: 0000000080bcc000 CR4: 00000000001406f0
[   94.398977][ T9019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   94.406949][ T9019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   94.414914][ T9019] Call Trace:
[   94.418202][ T9019]  ? mutex_lock_nested+0x16/0x20
[   94.423140][ T9019]  proto_register+0x459/0x8e0
[   94.427815][ T9019]  ? lockdep_init_map+0x1be/0x6d0
[   94.432840][ T9019]  tipc_socket_init+0x1c/0x70
[   94.437513][ T9019]  tipc_init_net+0x32a/0x5b0
[   94.442101][ T9019]  ? tipc_exit_net+0x40/0x40
[   94.446689][ T9019]  ops_init+0xb6/0x410
[   94.450755][ T9019]  setup_net+0x2d3/0x740
[   94.454997][ T9019]  ? copy_net_ns+0x1c0/0x340
[   94.459588][ T9019]  ? ops_init+0x410/0x410
[   94.463924][ T9019]  ? kasan_check_write+0x14/0x20
[   94.468857][ T9019]  ? down_read_killable+0x51/0x220
[   94.473967][ T9019]  copy_net_ns+0x1df/0x340
[   94.478386][ T9019]  create_new_namespaces+0x400/0x7b0
[   94.483677][ T9019]  unshare_nsproxy_namespaces+0xc2/0x200
[   94.489308][ T9019]  ksys_unshare+0x440/0x980
[   94.493814][ T9019]  ? trace_hardirqs_on+0x67/0x230
[   94.498836][ T9019]  ? walk_process_tree+0x2d0/0x2d0
[   94.503943][ T9019]  ? blkcg_exit_queue+0x30/0x30
[   94.508792][ T9019]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   94.514250][ T9019]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.520314][ T9019]  ? do_syscall_64+0x26/0x680
[   94.524989][ T9019]  ? lockdep_hardirqs_on+0x418/0x5d0
[   94.530272][ T9019]  __x64_sys_unshare+0x31/0x40
[   94.535031][ T9019]  do_syscall_64+0x103/0x680
[   94.539715][ T9019]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.545598][ T9019] RIP: 0033:0x45b897
[   94.549490][ T9019] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   94.569135][ T9019] RSP: 002b:00007fffe0807ef8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
05:45:06 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@gettaction={0x18, 0x32, 0x5, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)

[   94.577545][ T9019] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897
[   94.585527][ T9019] RDX: 0000000000000000 RSI: 00007fffe0807ea0 RDI: 0000000040000000
[   94.593509][ T9019] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[   94.601479][ T9019] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000414ab0
[   94.609446][ T9019] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000
[   94.617417][ T9019] Modules linked in:
[   94.804896][ T3879] kobject: 'loop0' (00000000e80a87d3): kobject_uevent_env
[   94.990708][ T3879] kobject: 'loop0' (00000000e80a87d3): fill_kobj_path: path = '/devices/virtual/block/loop0'
05:45:07 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@gettaction={0x18, 0x32, 0x5, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)

[   95.845932][ T3879] kobject: 'loop0' (00000000e80a87d3): kobject_uevent_env
[   95.930731][ T3879] kobject: 'loop0' (00000000e80a87d3): fill_kobj_path: path = '/devices/virtual/block/loop0'
05:45:08 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r2 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
sendfile(r2, r2, &(0x7f0000000080)=0x1ffffff, 0x100000010a000201)

[   96.795249][ T3879] kobject: 'loop0' (00000000e80a87d3): kobject_uevent_env
[   96.910341][ T3879] kobject: 'loop0' (00000000e80a87d3): fill_kobj_path: path = '/devices/virtual/block/loop0'
[   97.875963][ T3879] kobject: 'loop0' (00000000e80a87d3): kobject_uevent_env
[   98.000731][ T3879] kobject: 'loop0' (00000000e80a87d3): fill_kobj_path: path = '/devices/virtual/block/loop0'
[   98.455964][ T9061] IPVS: ftp: loaded support on port[0] = 21