[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   60.606072][   T27] audit: type=1800 audit(1558153259.406:25): pid=8762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   60.648905][   T27] audit: type=1800 audit(1558153259.406:26): pid=8762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   60.706756][   T27] audit: type=1800 audit(1558153259.406:27): pid=8762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
2019/05/18 04:21:09 fuzzer started
2019/05/18 04:21:11 dialing manager at 10.128.0.26:37669
2019/05/18 04:21:11 syscalls: 1006
2019/05/18 04:21:11 code coverage: enabled
2019/05/18 04:21:11 comparison tracing: enabled
2019/05/18 04:21:11 extra coverage: extra coverage is not supported by the kernel
2019/05/18 04:21:11 setuid sandbox: enabled
2019/05/18 04:21:11 namespace sandbox: enabled
2019/05/18 04:21:11 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/18 04:21:11 fault injection: enabled
2019/05/18 04:21:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/18 04:21:11 net packet injection: enabled
2019/05/18 04:21:11 net device setup: enabled
04:21:15 executing program 0:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x40000000000102, @random="d098e74b0514", 'bond0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f0000004500)=[{{0x0, 0xffffff7f, 0x0}}], 0x1fe, 0x0)

syzkaller login: [   76.960843][ T8930] IPVS: ftp: loaded support on port[0] = 21
[   76.971840][ T8930] NET: Registered protocol family 30
[   76.977347][ T8930] Failed to register TIPC socket type
04:21:15 executing program 1:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}]}, 0x80}}, 0x0)

[   77.274169][ T8932] IPVS: ftp: loaded support on port[0] = 21
[   77.284219][ T8932] NET: Registered protocol family 30
[   77.290035][ T8932] Failed to register TIPC socket type
04:21:16 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xf, 0x4, 0x4, 0x1, 0x10, 0x1}, 0x2c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/60}, 0xb)

[   77.678785][ T8934] IPVS: ftp: loaded support on port[0] = 21
[   77.703090][ T8934] NET: Registered protocol family 30
[   77.708394][ T8934] Failed to register TIPC socket type
04:21:16 executing program 3:
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="5fb88c750196077aa3214bebc13f7d74ad4d9320611cf5a33f2a3f09e1c926359dcfe20001c781cb67f79cb0c6f5f4bf8ed60dce2176c22a20b22b9b24172b5569ec67906e7df93b05b19ba5360f2eab62812070fc181a2483366595113b240804d882a7dcd7ac4ba53e06d02558968b978122716d1823dcc7d40155c1bc1e8433f5ba15f5ee48c0ca941fce872e497d1377e2a5bde956f003caaf58c7520f82d7346c266e8ea70dab3bb7af6d78602a31ab8d232b07f6e3ef524b552ed88a1b1c02bc89f4f671855d40a2c1c173d4bb121bc86270c32d39c4c0d09a29b8983169914d8df86417a802b772bb638f72ccdcbb46267b5751816c77b6739f484292d5ca5e1bc4efee06f4e07e6a795faee2af27a8f212", 0x115, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'ip6gretap0\x00'})
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100))
connect$bt_l2cap(r0, &(0x7f0000000200)={0x1f, 0x100, {0x401, 0x81, 0x7fffffff, 0x8000, 0x800}, 0x5, 0x8}, 0xe)

[   78.171531][ T8936] IPVS: ftp: loaded support on port[0] = 21
[   78.191844][ T8936] NET: Registered protocol family 30
[   78.197169][ T8936] Failed to register TIPC socket type
04:21:17 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [0x0, 0xfec0]}}, 0x1c)

[   78.826431][ T8938] IPVS: ftp: loaded support on port[0] = 21
[   78.852973][ T8938] NET: Registered protocol family 30
[   78.858324][ T8938] Failed to register TIPC socket type
04:21:18 executing program 5:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$bt_hci(r0, 0x65, 0x2, 0x0, &(0x7f0000000040))

[   79.588475][ T8940] IPVS: ftp: loaded support on port[0] = 21
[   79.633672][ T8940] NET: Registered protocol family 30
[   79.738895][ T8940] Failed to register TIPC socket type
[   79.788452][ T8930] chnl_net:caif_netlink_parms(): no params data found
[   80.190823][ T8930] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.198474][ T8930] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.273197][ T8930] device bridge_slave_0 entered promiscuous mode
[   80.342297][ T8930] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.399954][ T8930] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.520329][ T8930] device bridge_slave_1 entered promiscuous mode
[   81.110200][ T8930] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   81.337718][ T8930] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   81.975844][ T8930] team0: Port device team_slave_0 added
[   82.292510][ T8930] team0: Port device team_slave_1 added
[   83.429141][ T8930] device hsr_slave_0 entered promiscuous mode
[   83.895391][ T8930] device hsr_slave_1 entered promiscuous mode
[   86.777125][ T8930] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.445361][ T3697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.500724][ T3697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.773258][ T8930] 8021q: adding VLAN 0 to HW filter on device team0
[   88.100914][ T3697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.172082][ T3697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   88.400952][ T3697] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.409534][ T3697] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.764103][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   88.809818][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   89.000512][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   89.169434][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.176692][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.467250][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   89.631446][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   89.842080][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   89.897315][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   90.170197][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   90.178458][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   90.364493][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   90.562871][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   90.600663][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   90.810454][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   90.889535][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   91.080467][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   91.604686][ T8930] 8021q: adding VLAN 0 to HW filter on device batadv0
04:21:35 executing program 0:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x40000000000102, @random="d098e74b0514", 'bond0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f0000004500)=[{{0x0, 0xffffff7f, 0x0}}], 0x1fe, 0x0)

04:21:39 executing program 0:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x40000000000102, @random="d098e74b0514", 'bond0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f0000004500)=[{{0x0, 0xffffff7f, 0x0}}], 0x1fe, 0x0)

[  100.946744][ T9424] IPVS: ftp: loaded support on port[0] = 21
[  100.984587][ T9423] IPVS: ftp: loaded support on port[0] = 21
[  101.510197][ T9424] NET: Registered protocol family 30
[  101.515540][ T9424] Failed to register TIPC socket type
[  101.623911][ T9423] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0.
[  101.711729][ T9425] IPVS: ftp: loaded support on port[0] = 21
[  101.865550][ T9430] IPVS: ftp: loaded support on port[0] = 21
[  102.070263][ T9423] ------------[ cut here ]------------
[  102.076034][ T9423] kernel BUG at lib/list_debug.c:29!
[  102.518870][ T9423] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  102.525004][ T9423] CPU: 1 PID: 9423 Comm: syz-executor.3 Not tainted 5.1.0+ #18
[  102.532544][ T9423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  102.542613][ T9423] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[  102.548515][ T9423] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b
[  102.568207][ T9423] RSP: 0018:ffff8880759efb88 EFLAGS: 00010282
[  102.574272][ T9423] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000
[  102.582249][ T9423] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100eb3df63
[  102.590229][ T9423] RBP: ffff8880759efba0 R08: 0000000000000058 R09: ffffed1015d06011
[  102.598208][ T9423] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffffffff89544ab0
[  102.606182][ T9423] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50
[  102.614173][ T9423] FS:  0000000001854940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  102.623208][ T9423] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.629795][ T9423] CR2: ffffffffff600400 CR3: 00000000759be000 CR4: 00000000001406e0
[  102.637889][ T9423] Call Trace:
[  102.641183][ T9423]  ? mutex_lock_nested+0x16/0x20
[  102.646128][ T9423]  proto_register+0x459/0x8e0
[  102.650810][ T9423]  ? lockdep_init_map+0x1be/0x6d0
[  102.655847][ T9423]  tipc_socket_init+0x1c/0x70
[  102.660532][ T9423]  tipc_init_net+0x32a/0x5b0
[  102.665148][ T9423]  ? tipc_exit_net+0x40/0x40
[  102.669836][ T9423]  ops_init+0xb6/0x410
[  102.673910][ T9423]  setup_net+0x2d3/0x740
[  102.678155][ T9423]  ? copy_net_ns+0x1c0/0x340
[  102.682753][ T9423]  ? ops_init+0x410/0x410
[  102.687097][ T9423]  ? kasan_check_write+0x14/0x20
[  102.692595][ T9423]  ? down_read_killable+0x51/0x220
[  102.697803][ T9423]  copy_net_ns+0x1df/0x340
[  102.702230][ T9423]  create_new_namespaces+0x400/0x7b0
[  102.707527][ T9423]  unshare_nsproxy_namespaces+0xc2/0x200
[  102.713186][ T9423]  ksys_unshare+0x440/0x980
[  102.717702][ T9423]  ? trace_hardirqs_on+0x67/0x230
[  102.722768][ T9423]  ? walk_process_tree+0x2d0/0x2d0
[  102.727891][ T9423]  ? blkcg_exit_queue+0x30/0x30
[  102.732867][ T9423]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  102.738348][ T9423]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.744422][ T9423]  ? do_syscall_64+0x26/0x680
[  102.749189][ T9423]  ? lockdep_hardirqs_on+0x418/0x5d0
[  102.754493][ T9423]  __x64_sys_unshare+0x31/0x40
[  102.759266][ T9423]  do_syscall_64+0x103/0x680
[  102.763953][ T9423]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.769846][ T9423] RIP: 0033:0x45b897
[  102.773740][ T9423] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  102.793611][ T9423] RSP: 002b:00007ffd89cdbd98 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  102.802032][ T9423] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897
[  102.810014][ T9423] RDX: 0000000000000000 RSI: 00007ffd89cdbd40 RDI: 0000000040000000
[  102.818001][ T9423] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[  102.825984][ T9423] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000414ab0
[  102.833995][ T9423] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000
[  102.841974][ T9423] Modules linked in:
04:21:42 executing program 0:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x40000000000102, @random="d098e74b0514", 'bond0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f0000004500)=[{{0x0, 0xffffff7f, 0x0}}], 0x1fe, 0x0)

[  103.514530][ T3879] kobject: 'loop0' (00000000272be776): kobject_uevent_env
[  103.609317][ T3879] kobject: 'loop0' (00000000272be776): fill_kobj_path: path = '/devices/virtual/block/loop0'
04:21:44 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x0, 0x1, 0x13}]}, &(0x7f0000f6bffb)='W*\x00\x00', 0x0, 0xabf543b4162708cd, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x7b7, 0x10, 0x0, 0xfffffe09}, 0x14)

[  105.529453][ T3879] kobject: 'loop0' (00000000272be776): kobject_uevent_env
[  105.537476][ T3879] kobject: 'loop0' (00000000272be776): fill_kobj_path: path = '/devices/virtual/block/loop0'
04:21:45 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x0, 0x1, 0x13}]}, &(0x7f0000f6bffb)='W*\x00\x00', 0x0, 0xabf543b4162708cd, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x7b7, 0x10, 0x0, 0xfffffe09}, 0x14)

[  106.316729][ T3879] kobject: 'loop0' (00000000272be776): kobject_uevent_env
[  106.438918][ T3879] kobject: 'loop0' (00000000272be776): fill_kobj_path: path = '/devices/virtual/block/loop0'
04:21:46 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x0, 0x1, 0x13}]}, &(0x7f0000f6bffb)='W*\x00\x00', 0x0, 0xabf543b4162708cd, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x7b7, 0x10, 0x0, 0xfffffe09}, 0x14)

[  107.354660][ T9485] IPVS: ftp: loaded support on port[0] = 21
[  107.590828][ T3879] kobject: 'loop0' (00000000272be776): kobject_uevent_env
[  107.598025][ T3879] kobject: 'loop0' (00000000272be776): fill_kobj_path: path = '/devices/virtual/block/loop0'
04:21:47 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x0, 0x1, 0x13}]}, &(0x7f0000f6bffb)='W*\x00\x00', 0x0, 0xabf543b4162708cd, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x7b7, 0x10, 0x0, 0xfffffe09}, 0x14)

[  108.297123][ T3879] kobject: 'loop0' (00000000272be776): kobject_uevent_env
[  108.538893][ T3879] kobject: 'loop0' (00000000272be776): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  109.218606][ T3879] kobject: 'loop0' (00000000272be776): kobject_uevent_env
[  109.392573][ T3879] kobject: 'loop0' (00000000272be776): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  111.650854][ T9423] ---[ end trace 3cf0cdff59757fb5 ]---
[  111.656365][ T9423] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[  111.858942][ T9423] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b