[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   64.407215][   T26] audit: type=1800 audit(1558134395.313:25): pid=8900 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   64.450845][   T26] audit: type=1800 audit(1558134395.313:26): pid=8900 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   64.493569][   T26] audit: type=1800 audit(1558134395.313:27): pid=8900 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts.
2019/05/17 23:06:45 fuzzer started
2019/05/17 23:06:48 dialing manager at 10.128.0.26:37669
2019/05/17 23:06:48 syscalls: 1006
2019/05/17 23:06:48 code coverage: enabled
2019/05/17 23:06:48 comparison tracing: enabled
2019/05/17 23:06:48 extra coverage: extra coverage is not supported by the kernel
2019/05/17 23:06:48 setuid sandbox: enabled
2019/05/17 23:06:48 namespace sandbox: enabled
2019/05/17 23:06:48 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/17 23:06:48 fault injection: enabled
2019/05/17 23:06:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/17 23:06:48 net packet injection: enabled
2019/05/17 23:06:48 net device setup: enabled
23:06:49 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x12, 0x0, &(0x7f0000000080))

syzkaller login: [   78.807896][ T9065] IPVS: ftp: loaded support on port[0] = 21
[   78.818663][ T9065] NET: Registered protocol family 30
[   78.824280][ T9065] Failed to register TIPC socket type
23:06:49 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='veth1\x00', 0xfecd)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @initdev}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='ip_vti0\x00', 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x0, 0x43}, 0x14)
setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000100), 0x1042b)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

[   79.126127][ T9067] IPVS: ftp: loaded support on port[0] = 21
[   79.155048][ T9067] NET: Registered protocol family 30
[   79.160363][ T9067] Failed to register TIPC socket type
23:06:50 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c)
recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
ppoll(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
ppoll(&(0x7f0000000080)=[{r0, 0x80}, {r0}, {r0}], 0x3, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000140), 0x8)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f000000ab80)={0x0, 0x0, 0x0}, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000340), &(0x7f0000000380), 0x8)
accept$ax25(0xffffffffffffff9c, &(0x7f00000005c0)={{0x3, @rose}, [@netrom, @remote, @rose, @rose, @rose]}, &(0x7f0000000640)=0x48)
ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x89e8, 0x0)
r1 = accept(r0, 0x0, &(0x7f00000003c0))
setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000000480)={0x5, 0x1, 0x1}, 0xc)
r2 = accept$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @broadcast}, &(0x7f00000001c0)=0x10)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000200), &(0x7f0000000240)=0x4)
r3 = socket(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000080)={@loopback, @dev, @loopback, 0x0, 0x0, 0x0, 0x500})

[   79.436735][ T9069] IPVS: ftp: loaded support on port[0] = 21
[   79.447182][ T9069] NET: Registered protocol family 30
[   79.470983][ T9069] Failed to register TIPC socket type
23:06:50 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c)
sendmmsg(r0, &(0x7f00000089c0)=[{{&(0x7f0000000440)=@in={0x2, 0x4e24, @multicast2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000500), 0xffd2}], 0x1}}], 0x469, 0x0)

[   79.971506][ T9071] IPVS: ftp: loaded support on port[0] = 21
[   80.001796][ T9071] NET: Registered protocol family 30
[   80.007127][ T9071] Failed to register TIPC socket type
23:06:51 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001100)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x0, 0x0, 0x0, 0x8}]}}, &(0x7f0000000100)=""/4096, 0x26, 0x1000, 0x1}, 0x20)

[   80.568949][ T9073] IPVS: ftp: loaded support on port[0] = 21
[   80.605071][ T9073] NET: Registered protocol family 30
[   80.610394][ T9073] Failed to register TIPC socket type
23:06:51 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xe, 0x4, 0x4, 0x42180}, 0x2c)

[   81.239618][ T9075] IPVS: ftp: loaded support on port[0] = 21
[   81.265234][ T9075] NET: Registered protocol family 30
[   81.270556][ T9075] Failed to register TIPC socket type
[   81.716808][ T9065] chnl_net:caif_netlink_parms(): no params data found
[   82.152712][ T9065] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.201818][ T9065] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.262277][ T9065] device bridge_slave_0 entered promiscuous mode
[   82.351262][ T9065] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.358542][ T9065] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.413105][ T9065] device bridge_slave_1 entered promiscuous mode
[   82.933215][ T9065] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   83.288705][ T9065] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   83.998747][ T9065] team0: Port device team_slave_0 added
[   84.398121][ T9065] team0: Port device team_slave_1 added
[   85.588014][ T9065] device hsr_slave_0 entered promiscuous mode
[   86.185596][ T9065] device hsr_slave_1 entered promiscuous mode
[   88.798027][ T9065] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.328251][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   89.363487][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   89.595690][ T9065] 8021q: adding VLAN 0 to HW filter on device team0
[   90.004584][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   90.063261][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   90.249195][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.256590][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.602637][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   90.621089][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   90.761257][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   90.892371][ T3168] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.899485][ T3168] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.306613][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   91.352807][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   91.654280][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   91.782278][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   92.160256][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   92.171633][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   92.347242][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   92.502641][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   92.642407][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   92.872021][ T9434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   92.882309][ T9434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   93.037548][ T9065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   93.465054][ T9065] 8021q: adding VLAN 0 to HW filter on device batadv0
23:07:08 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x12, 0x0, &(0x7f0000000080))

23:07:08 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x12, 0x0, &(0x7f0000000080))

23:07:10 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x12, 0x0, &(0x7f0000000080))

23:07:11 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = socket(0x400000000000010, 0x3, 0x0)
ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"})
ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000080)={'ip_vti0\x00', @ifru_flags})

[  101.567243][ T9561] IPVS: ftp: loaded support on port[0] = 21
[  101.640039][ T9564] IPVS: ftp: loaded support on port[0] = 21
[  101.967550][ T9563] IPVS: ftp: loaded support on port[0] = 21
[  101.980284][ T9562] IPVS: ftp: loaded support on port[0] = 21
[  102.124876][ T9561] NET: Registered protocol family 30
[  102.130199][ T9561] Failed to register TIPC socket type
[  102.334935][ T9564] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0.
[  102.911110][ T9564] ------------[ cut here ]------------
[  102.916608][ T9564] kernel BUG at lib/list_debug.c:29!
[  103.370774][ T9564] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  103.376891][ T9564] CPU: 0 PID: 9564 Comm: syz-executor.1 Not tainted 5.1.0+ #18
[  103.384431][ T9564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  103.394506][ T9564] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[  103.400400][ T9564] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b
[  103.420026][ T9564] RSP: 0018:ffff888068a1fb88 EFLAGS: 00010282
[  103.426106][ T9564] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000
[  103.434088][ T9564] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100d143f63
[  103.442062][ T9564] RBP: ffff888068a1fba0 R08: 0000000000000058 R09: ffffed1015d06011
[  103.450047][ T9564] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffffffff89544ab0
[  103.458034][ T9564] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50
[  103.466030][ T9564] FS:  00000000024b5940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  103.474997][ T9564] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.481692][ T9564] CR2: 0000000000738000 CR3: 0000000071d05000 CR4: 00000000001406f0
[  103.489670][ T9564] Call Trace:
[  103.492971][ T9564]  ? mutex_lock_nested+0x16/0x20
[  103.498018][ T9564]  proto_register+0x459/0x8e0
[  103.502700][ T9564]  ? lockdep_init_map+0x1be/0x6d0
[  103.507734][ T9564]  tipc_socket_init+0x1c/0x70
[  103.512423][ T9564]  tipc_init_net+0x32a/0x5b0
[  103.517033][ T9564]  ? tipc_exit_net+0x40/0x40
[  103.521643][ T9564]  ops_init+0xb6/0x410
[  103.525738][ T9564]  setup_net+0x2d3/0x740
[  103.529983][ T9564]  ? copy_net_ns+0x1c0/0x340
[  103.534588][ T9564]  ? ops_init+0x410/0x410
[  103.539044][ T9564]  ? kasan_check_write+0x14/0x20
[  103.544005][ T9564]  ? down_read_killable+0x51/0x220
[  103.549391][ T9564]  copy_net_ns+0x1df/0x340
[  103.553815][ T9564]  create_new_namespaces+0x400/0x7b0
[  103.559113][ T9564]  unshare_nsproxy_namespaces+0xc2/0x200
[  103.564761][ T9564]  ksys_unshare+0x440/0x980
[  103.569286][ T9564]  ? trace_hardirqs_on+0x67/0x230
[  103.574589][ T9564]  ? walk_process_tree+0x2d0/0x2d0
[  103.579743][ T9564]  ? blkcg_exit_queue+0x30/0x30
[  103.584693][ T9564]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  103.590456][ T9564]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.596537][ T9564]  ? do_syscall_64+0x26/0x680
[  103.601223][ T9564]  ? lockdep_hardirqs_on+0x418/0x5d0
[  103.606528][ T9564]  __x64_sys_unshare+0x31/0x40
[  103.611399][ T9564]  do_syscall_64+0x103/0x680
[  103.616004][ T9564]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.622077][ T9564] RIP: 0033:0x45b897
[  103.626066][ T9564] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  103.645682][ T9564] RSP: 002b:00007ffcd8c4a488 EFLAGS: 00000202 ORIG_RAX: 0000000000000110
[  103.654102][ T9564] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897
[  103.662090][ T9564] RDX: 0000000000000000 RSI: 00007ffcd8c4a430 RDI: 0000000040000000
23:07:14 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = socket(0x400000000000010, 0x3, 0x0)
ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"})
ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000080)={'ip_vti0\x00', @ifru_flags})

[  103.670073][ T9564] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[  103.678056][ T9564] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000414ab0
[  103.686048][ T9564] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000
[  103.694036][ T9564] Modules linked in:
[  103.752007][ T3879] kobject: 'loop0' (00000000da983ee9): kobject_uevent_env
[  103.759220][ T3879] kobject: 'loop0' (00000000da983ee9): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  104.845982][ T9574] IPVS: ftp: loaded support on port[0] = 21
23:07:16 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = socket(0x400000000000010, 0x3, 0x0)
ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"})
ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000080)={'ip_vti0\x00', @ifru_flags})

[  105.117690][ T3879] kobject: 'loop0' (00000000da983ee9): kobject_uevent_env
[  105.490803][ T3879] kobject: 'loop0' (00000000da983ee9): fill_kobj_path: path = '/devices/virtual/block/loop0'
23:07:17 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = socket(0x400000000000010, 0x3, 0x0)
ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"})
ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000080)={'ip_vti0\x00', @ifru_flags})

[  106.420895][ T3879] kobject: 'loop0' (00000000da983ee9): kobject_uevent_env
[  106.428091][ T3879] kobject: 'loop0' (00000000da983ee9): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  108.121605][ T3879] kobject: 'loop0' (00000000da983ee9): kobject_uevent_env
[  108.128800][ T3879] kobject: 'loop0' (00000000da983ee9): fill_kobj_path: path = '/devices/virtual/block/loop0'