[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   62.502619][   T26] audit: type=1800 audit(1558137235.989:25): pid=9090 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   62.531747][   T26] audit: type=1800 audit(1558137235.989:26): pid=9090 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   62.552417][   T26] audit: type=1800 audit(1558137235.999:27): pid=9090 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.219' (ECDSA) to the list of known hosts.
2019/05/17 23:54:06 fuzzer started
2019/05/17 23:54:09 dialing manager at 10.128.0.26:37669
2019/05/17 23:54:09 syscalls: 1006
2019/05/17 23:54:09 code coverage: enabled
2019/05/17 23:54:09 comparison tracing: enabled
2019/05/17 23:54:09 extra coverage: extra coverage is not supported by the kernel
2019/05/17 23:54:09 setuid sandbox: enabled
2019/05/17 23:54:09 namespace sandbox: enabled
2019/05/17 23:54:09 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/17 23:54:09 fault injection: enabled
2019/05/17 23:54:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/17 23:54:09 net packet injection: enabled
2019/05/17 23:54:09 net device setup: enabled
23:54:11 executing program 0:
r0 = socket$inet(0x10, 0x880400000003, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000110007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0)

syzkaller login: [   77.872629][ T9257] IPVS: ftp: loaded support on port[0] = 21
[   77.883128][ T9257] NET: Registered protocol family 30
[   77.888427][ T9257] Failed to register TIPC socket type
23:54:11 executing program 1:
unshare(0x8000400)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='c\"uset.effective_mems\x00', 0xe0ff, 0x0)
vmsplice(r0, 0x0, 0x0, 0x0)

[   78.201943][ T9259] IPVS: ftp: loaded support on port[0] = 21
[   78.212023][ T9259] NET: Registered protocol family 30
[   78.217321][ T9259] Failed to register TIPC socket type
23:54:11 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)

[   78.612208][ T9261] IPVS: ftp: loaded support on port[0] = 21
[   78.643447][ T9261] NET: Registered protocol family 30
[   78.648815][ T9261] Failed to register TIPC socket type
23:54:12 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)="24000000200007041dfffd946f6105000a0000001f00000000000800050016000400ff7e", 0x24}], 0x1}, 0x0)

[   79.078567][ T9263] IPVS: ftp: loaded support on port[0] = 21
[   79.104693][ T9263] NET: Registered protocol family 30
[   79.110240][ T9263] Failed to register TIPC socket type
23:54:13 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg(r0, &(0x7f0000000140)=[{{&(0x7f00000001c0)=@caif=@util={0x25, "e2de872297e1c85795d3bbaf86fd0330"}, 0x80, 0x0}}], 0x1, 0x0)

[   79.904574][ T9265] IPVS: ftp: loaded support on port[0] = 21
[   79.936769][ T9265] NET: Registered protocol family 30
[   79.960768][ T9265] Failed to register TIPC socket type
23:54:13 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
getsockopt$bt_hci(r1, 0x0, 0x16, 0x0, &(0x7f00000001c0))

[   80.452283][ T9267] IPVS: ftp: loaded support on port[0] = 21
[   80.503651][ T9267] NET: Registered protocol family 30
[   80.509017][ T9267] Failed to register TIPC socket type
[   81.003199][ T9257] chnl_net:caif_netlink_parms(): no params data found
[   81.384025][ T9257] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.461614][ T9257] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.542224][ T9257] device bridge_slave_0 entered promiscuous mode
[   81.603369][ T9257] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.701967][ T9257] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.810384][ T9257] device bridge_slave_1 entered promiscuous mode
[   82.483271][ T9257] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   82.834765][ T9257] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   83.612396][ T9257] team0: Port device team_slave_0 added
[   83.944390][ T9257] team0: Port device team_slave_1 added
[   85.148624][ T9257] device hsr_slave_0 entered promiscuous mode
[   85.536001][ T9257] device hsr_slave_1 entered promiscuous mode
[   88.225186][ T9257] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.842511][ T9459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   88.903652][ T9459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   89.136572][ T9257] 8021q: adding VLAN 0 to HW filter on device team0
[   89.492654][ T9459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   89.571718][ T9459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   89.741698][ T9459] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.749055][ T9459] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.161884][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   90.210950][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   90.360974][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   90.530695][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.537836][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.853111][ T9459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   91.103830][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   91.392410][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   91.474880][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   91.783169][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   91.832466][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   92.042899][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   92.344116][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   92.412839][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   92.794079][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   92.851218][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   92.958307][ T9257] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   93.449904][ T9698] IPVS: ftp: loaded support on port[0] = 21
[   93.670912][ T9698] NET: Registered protocol family 30
[   93.821756][ T9257] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.850388][ T9698] Failed to register TIPC socket type
[   97.750851][ T9732] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
23:54:32 executing program 0:
r0 = socket$inet(0x10, 0x880400000003, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000110007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0)

[  100.041610][ T9740] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
23:54:35 executing program 0:
r0 = socket$inet(0x10, 0x880400000003, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000110007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0)

[  102.097641][ T9747] IPVS: ftp: loaded support on port[0] = 21
[  102.671082][ T9750] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.722090][ T9747] NET: Registered protocol family 30
[  102.727951][ T9747] Failed to register TIPC socket type
[  103.467745][ T9753] IPVS: ftp: loaded support on port[0] = 21
[  104.014413][ T9753] NET: Registered protocol family 30
23:54:37 executing program 0:
r0 = socket$inet(0x10, 0x880400000003, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="24000000110007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0)

[  104.430869][ T9753] Failed to register TIPC socket type
[  105.871762][ T9767] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  107.263750][ T9780] IPVS: ftp: loaded support on port[0] = 21
23:54:41 executing program 0:
r0 = socket(0x1e, 0x2, 0x0)
bind(r0, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80)
bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x3, {{0x0, 0x1}}}, 0x10)
bind(r0, &(0x7f0000670000)=@generic={0x1e, "01fd000000000000000000000000fc00000005a121b80c00000000800000002e0a53b232394a0000000100000000ffff0f82e52b0a669ae43a620170a00021f069ca021f6f65dc1161e7068f358c00f9ecff1458d1ea03000030ffff000000090003b9c8ead200c577aeb81c90541d6d7c770ee590c8bcf70dc151eb1849"}, 0x80)

[  107.654243][ T9780] NET: Registered protocol family 30
[  108.020327][ T9780] Failed to register TIPC socket type
23:54:43 executing program 0:
r0 = socket(0x1e, 0x2, 0x0)
bind(r0, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80)
bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x3, {{0x0, 0x1}}}, 0x10)
bind(r0, &(0x7f0000670000)=@generic={0x1e, "01fd000000000000000000000000fc00000005a121b80c00000000800000002e0a53b232394a0000000100000000ffff0f82e52b0a669ae43a620170a00021f069ca021f6f65dc1161e7068f358c00f9ecff1458d1ea03000030ffff000000090003b9c8ead200c577aeb81c90541d6d7c770ee590c8bcf70dc151eb1849"}, 0x80)

23:54:44 executing program 0:
r0 = socket(0x1e, 0x2, 0x0)
bind(r0, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80)
bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x3, {{0x0, 0x1}}}, 0x10)
bind(r0, &(0x7f0000670000)=@generic={0x1e, "01fd000000000000000000000000fc00000005a121b80c00000000800000002e0a53b232394a0000000100000000ffff0f82e52b0a669ae43a620170a00021f069ca021f6f65dc1161e7068f358c00f9ecff1458d1ea03000030ffff000000090003b9c8ead200c577aeb81c90541d6d7c770ee590c8bcf70dc151eb1849"}, 0x80)

[  111.079120][ T9812] IPVS: ftp: loaded support on port[0] = 21
[  111.665599][ T9812] NET: Registered protocol family 30
[  111.811220][    C1] cache_from_obj: Wrong slab cache. TIPC but object is from kmalloc-2k
[  111.819788][    C1] WARNING: CPU: 1 PID: 16 at mm/slab.h:376 kmem_cache_free.cold+0x1c/0x23
[  111.828290][    C1] Kernel panic - not syncing: panic_on_warn set ...
[  111.834883][    C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.1.0+ #18
[  111.841986][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  111.852043][    C1] Call Trace:
[  111.855353][    C1]  dump_stack+0x172/0x1f0
[  111.859699][    C1]  ? __check_heap_object+0x50/0xb3
[  111.864818][    C1]  panic+0x2cb/0x65c
[  111.868723][    C1]  ? __warn_printk+0xf3/0xf3
[  111.873418][    C1]  ? kmem_cache_free.cold+0x1c/0x23
[  111.878619][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  111.884862][    C1]  ? __warn.cold+0x5/0x45
[  111.889196][    C1]  ? __warn+0xe8/0x1d0
[  111.893286][    C1]  ? kmem_cache_free.cold+0x1c/0x23
[  111.898502][    C1]  __warn.cold+0x20/0x45
[  111.902748][    C1]  ? wake_up_klogd+0x99/0xd0
[  111.907344][    C1]  ? kmem_cache_free.cold+0x1c/0x23
[  111.912552][    C1]  report_bug+0x263/0x2b0
[  111.916893][    C1]  do_error_trap+0x11b/0x200
[  111.921503][    C1]  do_invalid_op+0x37/0x50
[  111.925925][    C1]  ? kmem_cache_free.cold+0x1c/0x23
[  111.931132][    C1]  invalid_op+0x14/0x20
[  111.935301][    C1] RIP: 0010:kmem_cache_free.cold+0x1c/0x23
[  111.941109][    C1] Code: e8 a5 ae 6e 05 44 8b 6d c4 e9 04 a6 ff ff 48 8b 48 58 48 c7 c6 80 42 74 87 48 c7 c7 f0 a9 5c 88 49 8b 54 24 58 e8 e4 9d b1 ff <0f> 0b e9 89 df ff ff 49 8b 4f 58 48 c7 c6 80 42 74 87 48 c7 c7 f0
[  111.960713][    C1] RSP: 0018:ffff8880a990fbc0 EFLAGS: 00010286
[  111.966779][    C1] RAX: 0000000000000044 RBX: ffff888069de74c0 RCX: 0000000000000000
[  111.970334][ T9812] Failed to register TIPC socket type
[  111.974745][    C1] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed1015321f6a
[  111.974758][    C1] RBP: ffff8880a990fbe0 R08: 0000000000000044 R09: ffffed1015d26011
[  111.974773][    C1] R10: ffffed1015d26010 R11: ffff8880ae930087 R12: ffff88809afe93c0
[  112.004005][    C1] R13: 0000000000000000 R14: ffff88809afe93c0 R15: ffff888069de77e8
[  112.011996][    C1]  ? vprintk_func+0x86/0x189
[  112.016592][    C1]  __sk_destruct+0x4be/0x6e0
[  112.021183][    C1]  ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0
[  112.027242][    C1]  sk_destruct+0x7b/0x90
[  112.031498][    C1]  __sk_free+0xce/0x300
[  112.035657][    C1]  ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0
[  112.041721][    C1]  sk_free+0x42/0x50
[  112.045617][    C1]  tipc_sk_callback+0x48/0x60
[  112.050288][    C1]  rcu_core+0x973/0x1430
[  112.054537][    C1]  ? rcu_note_context_switch+0x1760/0x1760
[  112.060351][    C1]  ? sched_clock+0x2e/0x50
[  112.064775][    C1]  __do_softirq+0x266/0x95a
[  112.069878][    C1]  ? takeover_tasklets+0x7b0/0x7b0
[  112.074990][    C1]  run_ksoftirqd+0x8e/0x110
[  112.079502][    C1]  smpboot_thread_fn+0x6ab/0xa40
[  112.084466][    C1]  ? sort_range+0x30/0x30
[  112.093932][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  112.100173][    C1]  ? __kthread_parkme+0xfb/0x1b0
[  112.105130][    C1]  kthread+0x357/0x430
[  112.109209][    C1]  ? sort_range+0x30/0x30
[  112.113539][    C1]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  112.119776][    C1]  ret_from_fork+0x3a/0x50
[  112.125473][    C1] Kernel Offset: disabled
[  112.129888][    C1] Rebooting in 86400 seconds..