[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   67.372164][   T24] audit: type=1800 audit(1558121587.902:25): pid=8665 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   67.413855][   T24] audit: type=1800 audit(1558121587.912:26): pid=8665 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   67.440994][   T24] audit: type=1800 audit(1558121587.912:27): pid=8665 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.44' (ECDSA) to the list of known hosts.
2019/05/17 19:33:15 fuzzer started
2019/05/17 19:33:18 dialing manager at 10.128.0.26:44889
2019/05/17 19:33:18 syscalls: 1006
2019/05/17 19:33:18 code coverage: enabled
2019/05/17 19:33:18 comparison tracing: enabled
2019/05/17 19:33:18 extra coverage: extra coverage is not supported by the kernel
2019/05/17 19:33:18 setuid sandbox: enabled
2019/05/17 19:33:18 namespace sandbox: enabled
2019/05/17 19:33:18 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/17 19:33:18 fault injection: enabled
2019/05/17 19:33:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/17 19:33:18 net packet injection: enabled
2019/05/17 19:33:18 net device setup: enabled
19:33:19 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80}, 0x29b)
setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88)

syzkaller login: [   79.168173][ T8833] IPVS: ftp: loaded support on port[0] = 21
[   79.178687][ T8833] NET: Registered protocol family 30
[   79.184124][ T8833] Failed to register TIPC socket type
19:33:19 executing program 1:
unshare(0x400)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetl\x04\x00\x00\x00\x00\x00\x00\x00age_ir_Z\xa2\xf4es\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000300), 0xfd61)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000380), 0x10076)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0x0, r1})
syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

[   79.395804][ T8835] IPVS: ftp: loaded support on port[0] = 21
[   79.406013][ T8835] NET: Registered protocol family 30
[   79.411320][ T8835] Failed to register TIPC socket type
19:33:20 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000003c0)=@filter={'filter\x00', 0xe, 0x2, 0x1d0, [0x0, 0x20000100, 0x20000130, 0x20000200], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000004000000000000000000ffffffff0100000003000000000000000000697036677265300000000000000000007465616d30000000000000000000000076657468305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa00000000000000ffffffffffff00000000000000007000000070000000a00000004155444954000000000000000000000000000000e700000000000000000000000800000000000000000001040000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0100000011000000000000000000766c616e3000000000000000000000060000000000000000000000000000000072882e6530000000000000000000000062726964676530000000000000000000ffffffff0a1b000000000000aaaaaaaaaa0000000000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000205e00000800"/464]}, 0x248)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000300)={'filter\x00', 0x0, 0x0, 0x0, [], 0x2, 0x0, 0x0, [{}, {}]}, 0x98)

[   79.821009][ T8837] IPVS: ftp: loaded support on port[0] = 21
[   79.837747][ T8837] NET: Registered protocol family 30
[   79.843048][ T8837] Failed to register TIPC socket type
19:33:20 executing program 3:
r0 = socket(0x11, 0x800000003, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000040)=0x4, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="ce0410000013000000911efc1fb3", 0xe, 0x0, 0x0, 0x0)

[   80.271671][ T8839] IPVS: ftp: loaded support on port[0] = 21
[   80.298544][ T8839] NET: Registered protocol family 30
[   80.313901][ T8839] Failed to register TIPC socket type
19:33:21 executing program 4:
r0 = socket(0xa, 0x80005, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'bond0\x00\x00\x00\x01\x00', 0x83})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'bond0\x00\x00\x00\xe5\x1d\x00\x00\xdb\x1c\x00', 0xefc})

[   80.966095][ T8841] IPVS: ftp: loaded support on port[0] = 21
[   80.996366][ T8841] NET: Registered protocol family 30
[   81.001690][ T8841] Failed to register TIPC socket type
19:33:21 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='/group\xaestat\x00<#I[O9\x93\xe8\xf4\xdcx\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xeb-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0xc0185879, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7ff00, 0x7fff})
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000000)={0x0, 0xfffffffffffffffb})

[   81.642569][ T8845] IPVS: ftp: loaded support on port[0] = 21
[   81.739388][ T8845] NET: Registered protocol family 30
[   81.788001][ T8833] chnl_net:caif_netlink_parms(): no params data found
[   81.866538][ T8845] Failed to register TIPC socket type
[   82.138568][ T8833] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.244629][ T8833] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.341123][ T8833] device bridge_slave_0 entered promiscuous mode
[   82.427849][ T8833] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.545646][ T8833] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.685547][ T8833] device bridge_slave_1 entered promiscuous mode
[   83.134876][ T8833] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   83.321183][ T8833] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   84.009291][ T8833] team0: Port device team_slave_0 added
[   84.314243][ T8833] team0: Port device team_slave_1 added
[   85.959866][ T8833] device hsr_slave_0 entered promiscuous mode
[   86.357987][ T8833] device hsr_slave_1 entered promiscuous mode
[   88.839851][ T9131] IPVS: ftp: loaded support on port[0] = 21
[   89.051501][ T9131] NET: Registered protocol family 30
[   89.360619][ T9131] Failed to register TIPC socket type
[   89.395951][ T8833] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.275400][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   90.394674][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   90.625396][ T8833] 8021q: adding VLAN 0 to HW filter on device team0
[   91.148305][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   91.224439][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   91.233011][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.240280][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.368323][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   92.445468][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   92.754311][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   92.763024][ T8982] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.770171][ T8982] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.603942][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   94.308639][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   94.364576][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   94.373392][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   95.472551][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   95.507812][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   95.908205][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   96.214401][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   96.635192][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   96.996312][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   97.434284][ T8982] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   97.817981][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   98.786067][ T8833] 8021q: adding VLAN 0 to HW filter on device batadv0
19:33:42 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80}, 0x29b)
setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88)

19:33:44 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80}, 0x29b)
setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88)

[  104.169872][ T9377] IPVS: ftp: loaded support on port[0] = 21
[  104.477408][ T9377] NET: Registered protocol family 30
[  104.482770][ T9377] Failed to register TIPC socket type
[  104.744576][    C1] cache_from_obj: Wrong slab cache. TIPC but object is from kmalloc-2k
[  104.753158][    C1] WARNING: CPU: 1 PID: 16 at mm/slab.h:376 kmem_cache_free.cold+0x1c/0x23
[  104.761662][    C1] Kernel panic - not syncing: panic_on_warn set ...
[  104.768255][    C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.1.0+ #18
[  104.775417][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  104.785484][    C1] Call Trace:
[  104.788795][    C1]  dump_stack+0x172/0x1f0
[  104.793161][    C1]  ? __check_heap_object+0x50/0xb3
[  104.798283][    C1]  panic+0x2cb/0x65c
[  104.802186][    C1]  ? __warn_printk+0xf3/0xf3
[  104.806804][    C1]  ? kmem_cache_free.cold+0x1c/0x23
[  104.812016][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.818264][    C1]  ? __warn.cold+0x5/0x45
[  104.822598][    C1]  ? __warn+0xe8/0x1d0
[  104.826673][    C1]  ? kmem_cache_free.cold+0x1c/0x23
[  104.831879][    C1]  __warn.cold+0x20/0x45
[  104.836134][    C1]  ? wake_up_klogd+0x99/0xd0
[  104.840728][    C1]  ? kmem_cache_free.cold+0x1c/0x23
[  104.845930][    C1]  report_bug+0x263/0x2b0
[  104.850271][    C1]  do_error_trap+0x11b/0x200
[  104.854877][    C1]  do_invalid_op+0x37/0x50
[  104.859294][    C1]  ? kmem_cache_free.cold+0x1c/0x23
[  104.864502][    C1]  invalid_op+0x14/0x20
[  104.868679][    C1] RIP: 0010:kmem_cache_free.cold+0x1c/0x23
[  104.874491][    C1] Code: e8 a5 ae 6e 05 44 8b 6d c4 e9 04 a6 ff ff 48 8b 48 58 48 c7 c6 80 42 74 87 48 c7 c7 f0 a9 5c 88 49 8b 54 24 58 e8 e4 9d b1 ff <0f> 0b e9 89 df ff ff 49 8b 4f 58 48 c7 c6 80 42 74 87 48 c7 c7 f0
[  104.894114][    C1] RSP: 0018:ffff8880a990fbc0 EFLAGS: 00010286
[  104.900179][    C1] RAX: 0000000000000044 RBX: ffff88808e91eec0 RCX: 0000000000000000
[  104.908151][    C1] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed1015321f6a
[  104.916128][    C1] RBP: ffff8880a990fbe0 R08: 0000000000000044 R09: ffffed1015d26011
[  104.924643][    C1] R10: ffffed1015d26010 R11: ffff8880ae930087 R12: ffff888075a6f980
[  104.932613][    C1] R13: 0000000000000000 R14: ffff888075a6f980 R15: ffff88808e91f1e8
[  104.940609][    C1]  ? vprintk_func+0x86/0x189
[  104.945210][    C1]  __sk_destruct+0x4be/0x6e0
[  104.949803][    C1]  ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0
[  104.955866][    C1]  sk_destruct+0x7b/0x90
[  104.960103][    C1]  __sk_free+0xce/0x300
[  104.964258][    C1]  ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0
[  104.970316][    C1]  sk_free+0x42/0x50
[  104.974210][    C1]  tipc_sk_callback+0x48/0x60
[  104.978883][    C1]  rcu_core+0x973/0x1430
[  104.983129][    C1]  ? rcu_note_context_switch+0x1760/0x1760
[  104.988933][    C1]  ? sched_clock+0x2e/0x50
[  104.993356][    C1]  __do_softirq+0x266/0x95a
[  104.997864][    C1]  ? takeover_tasklets+0x7b0/0x7b0
[  105.002980][    C1]  run_ksoftirqd+0x8e/0x110
[  105.007483][    C1]  smpboot_thread_fn+0x6ab/0xa40
[  105.012427][    C1]  ? sort_range+0x30/0x30
[  105.016790][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  105.023032][    C1]  ? __kthread_parkme+0xfb/0x1b0
[  105.027992][    C1]  kthread+0x357/0x430
[  105.032094][    C1]  ? sort_range+0x30/0x30
[  105.036433][    C1]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  105.042689][    C1]  ret_from_fork+0x3a/0x50
[  105.048475][    C1] Kernel Offset: disabled
[  105.052881][    C1] Rebooting in 86400 seconds..