[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   55.724120][   T26] audit: type=1800 audit(1558162451.142:25): pid=8388 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   55.762472][   T26] audit: type=1800 audit(1558162451.142:26): pid=8388 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   55.807271][   T26] audit: type=1800 audit(1558162451.152:27): pid=8388 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts.
2019/05/18 06:54:21 fuzzer started
2019/05/18 06:54:24 dialing manager at 10.128.0.26:37669
2019/05/18 06:54:24 syscalls: 1006
2019/05/18 06:54:24 code coverage: enabled
2019/05/18 06:54:24 comparison tracing: enabled
2019/05/18 06:54:24 extra coverage: extra coverage is not supported by the kernel
2019/05/18 06:54:24 setuid sandbox: enabled
2019/05/18 06:54:24 namespace sandbox: enabled
2019/05/18 06:54:24 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/18 06:54:24 fault injection: enabled
2019/05/18 06:54:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/18 06:54:24 net packet injection: enabled
2019/05/18 06:54:24 net device setup: enabled
06:54:28 executing program 0:
r0 = socket(0x2, 0x80805, 0x0)
ppoll(&(0x7f0000000180)=[{r0}], 0x1, &(0x7f00000001c0)={0x77359400}, 0x0, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
shutdown(r0, 0x1)
shutdown(r0, 0x0)

syzkaller login: [   73.458522][ T8555] IPVS: ftp: loaded support on port[0] = 21
[   73.468806][ T8555] NET: Registered protocol family 30
[   73.475161][ T8555] Failed to register TIPC socket type
06:54:28 executing program 1:
r0 = socket$inet6(0xa, 0x805, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)

06:54:29 executing program 2:
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4)
bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000280)=0x32, 0x4)
r2 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0x70}, {0x80000006}]}, 0x10)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r3, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070")
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000066, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a)
setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000040)=0x200, 0x4)
recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475}, 0x100)

[   73.757329][ T8557] IPVS: ftp: loaded support on port[0] = 21
[   73.767167][ T8557] NET: Registered protocol family 30
[   73.776334][ T8557] Failed to register TIPC socket type
[   73.979331][ T8559] IPVS: ftp: loaded support on port[0] = 21
[   74.007222][ T8559] NET: Registered protocol family 30
[   74.012631][ T8559] Failed to register TIPC socket type
06:54:29 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000000)={0x0, @empty, 0x0, 0x0, 'fo\x00'}, 0x2c)

[   74.509579][ T8561] IPVS: ftp: loaded support on port[0] = 21
[   74.536414][ T8561] NET: Registered protocol family 30
[   74.541735][ T8561] Failed to register TIPC socket type
06:54:30 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070")
r1 = socket(0x40000000015, 0x805, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$inet_sctp(r1, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c, 0x0, 0x0, &(0x7f0000001640)=[@dstaddrv4={0x18}, @sndrcv={0x30}], 0x48}, 0x0)

[   75.120612][ T8563] IPVS: ftp: loaded support on port[0] = 21
[   75.156360][ T8563] NET: Registered protocol family 30
[   75.161694][ T8563] Failed to register TIPC socket type
06:54:30 executing program 5:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="1b0000001a0007041dfffd946f6105000a0000001f000000005b08", 0x1b}], 0x1}, 0x0)

[   75.710109][ T8565] IPVS: ftp: loaded support on port[0] = 21
[   75.746741][ T8565] NET: Registered protocol family 30
[   75.752099][ T8565] Failed to register TIPC socket type
[   76.107643][ T8555] chnl_net:caif_netlink_parms(): no params data found
[   76.524142][ T8555] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.532009][ T8555] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.607536][ T8555] device bridge_slave_0 entered promiscuous mode
[   76.686339][ T8555] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.772440][ T8555] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.869559][ T8555] device bridge_slave_1 entered promiscuous mode
[   77.365932][ T8555] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   77.730280][ T8555] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   78.465121][ T8555] team0: Port device team_slave_0 added
[   78.745173][ T8555] team0: Port device team_slave_1 added
[   79.790934][ T8555] device hsr_slave_0 entered promiscuous mode
[   80.216084][ T8555] device hsr_slave_1 entered promiscuous mode
[   82.334263][ T8555] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.874290][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   82.965310][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   83.185095][ T8555] 8021q: adding VLAN 0 to HW filter on device team0
[   83.505095][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   83.583994][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   83.733353][ T2991] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.740615][ T2991] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.017604][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   84.083113][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   84.182842][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   84.323389][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.330509][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.606161][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   84.807297][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   84.976512][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   85.029430][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   85.215243][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   85.263218][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   85.414031][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   85.718185][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   85.747890][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   85.893590][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   85.944199][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   86.099618][ T8555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   86.485896][ T8555] 8021q: adding VLAN 0 to HW filter on device batadv0
06:54:46 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000080)=']\x00', 0x2)

06:54:47 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000080)=']\x00', 0x2)

06:54:49 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000080)=']\x00', 0x2)

06:54:50 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000080)=']\x00', 0x2)

[   95.678280][ T9058] IPVS: ftp: loaded support on port[0] = 21
[   95.696044][ T9054] IPVS: ftp: loaded support on port[0] = 21
[   95.973400][ T9056] IPVS: ftp: loaded support on port[0] = 21
[   96.048862][ T9059] IPVS: ftp: loaded support on port[0] = 21
[   96.061234][ T9055] IPVS: ftp: loaded support on port[0] = 21
[   96.117067][ T9054] NET: Registered protocol family 30
[   96.307222][ T9059] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0.
[   96.532373][ T9054] Failed to register TIPC socket type
06:54:52 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x28}]}, &(0x7f0000000000)='GPL\x00'}, 0x48)

[   96.972752][ T9059] ------------[ cut here ]------------
[   96.978261][ T9059] kernel BUG at lib/list_debug.c:29!
[   97.416443][ T9059] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   97.422566][ T9059] CPU: 1 PID: 9059 Comm: syz-executor.5 Not tainted 5.1.0+ #18
[   97.430103][ T9059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.440271][ T9059] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[   97.446165][ T9059] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b
[   97.465863][ T9059] RSP: 0018:ffff88807a757b88 EFLAGS: 00010282
[   97.471939][ T9059] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000
[   97.479931][ T9059] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100f4eaf63
[   97.487914][ T9059] RBP: ffff88807a757ba0 R08: 0000000000000058 R09: ffffed1015d26011
[   97.495895][ T9059] R10: ffffed1015d26010 R11: ffff8880ae930087 R12: ffffffff89544ab0
[   97.503877][ T9059] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50
[   97.511868][ T9059] FS:  0000000002476940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   97.520803][ T9059] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   97.527384][ T9059] CR2: 00007f1ad1fd91b0 CR3: 000000007a717000 CR4: 00000000001406e0
[   97.535451][ T9059] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   97.543683][ T9059] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   97.551655][ T9059] Call Trace:
[   97.554959][ T9059]  ? mutex_lock_nested+0x16/0x20
[   97.559909][ T9059]  proto_register+0x459/0x8e0
[   97.564587][ T9059]  ? lockdep_init_map+0x1be/0x6d0
[   97.569613][ T9059]  tipc_socket_init+0x1c/0x70
[   97.574288][ T9059]  tipc_init_net+0x32a/0x5b0
[   97.578870][ T9059]  ? tipc_exit_net+0x40/0x40
[   97.583453][ T9059]  ops_init+0xb6/0x410
[   97.587507][ T9059]  setup_net+0x2d3/0x740
[   97.591728][ T9059]  ? copy_net_ns+0x1c0/0x340
[   97.596302][ T9059]  ? ops_init+0x410/0x410
[   97.600627][ T9059]  ? kasan_check_write+0x14/0x20
[   97.605548][ T9059]  ? down_read_killable+0x51/0x220
[   97.611198][ T9059]  copy_net_ns+0x1df/0x340
[   97.615602][ T9059]  create_new_namespaces+0x400/0x7b0
[   97.620868][ T9059]  unshare_nsproxy_namespaces+0xc2/0x200
[   97.626487][ T9059]  ksys_unshare+0x440/0x980
[   97.630973][ T9059]  ? trace_hardirqs_on+0x67/0x230
[   97.635975][ T9059]  ? walk_process_tree+0x2d0/0x2d0
[   97.641071][ T9059]  ? blkcg_exit_queue+0x30/0x30
[   97.646080][ T9059]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   97.651523][ T9059]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   97.657655][ T9059]  ? do_syscall_64+0x26/0x680
[   97.662319][ T9059]  ? lockdep_hardirqs_on+0x418/0x5d0
[   97.667587][ T9059]  __x64_sys_unshare+0x31/0x40
[   97.672331][ T9059]  do_syscall_64+0x103/0x680
[   97.676910][ T9059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   97.685287][ T9059] RIP: 0033:0x45b897
[   97.689166][ T9059] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   97.708758][ T9059] RSP: 002b:00007fffdc498168 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[   97.717148][ T9059] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897
[   97.725283][ T9059] RDX: 0000000000000000 RSI: 00007fffdc498110 RDI: 0000000040000000
[   97.738422][ T9059] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[   97.747675][ T9059] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000414ab0
[   97.755625][ T9059] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000
[   97.763667][ T9059] Modules linked in:
06:54:59 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x28}]}, &(0x7f0000000000)='GPL\x00'}, 0x48)

[  103.649695][ T3879] kobject: 'loop0' (00000000999ac208): kobject_uevent_env
[  103.712485][ T3879] kobject: 'loop0' (00000000999ac208): fill_kobj_path: path = '/devices/virtual/block/loop0'
06:54:59 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x28}]}, &(0x7f0000000000)='GPL\x00'}, 0x48)

[  104.419289][ T3879] kobject: 'loop0' (00000000999ac208): kobject_uevent_env
[  104.492428][ T3879] kobject: 'loop0' (00000000999ac208): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  105.099596][ T3879] kobject: 'loop0' (00000000999ac208): kobject_uevent_env
[  105.182745][ T3879] kobject: 'loop0' (00000000999ac208): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  106.742366][ T9059] ---[ end trace 36bf15fd88c899b4 ]---
[  106.747895][ T9059] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[  106.902746][ T9059] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b