[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.658450][ T24] audit: type=1800 audit(1558139522.851:25): pid=8813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 59.702334][ T24] audit: type=1800 audit(1558139522.851:26): pid=8813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 59.762367][ T24] audit: type=1800 audit(1558139522.851:27): pid=8813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts. 2019/05/18 00:32:13 fuzzer started 2019/05/18 00:32:16 dialing manager at 10.128.0.26:37669 2019/05/18 00:32:16 syscalls: 1006 2019/05/18 00:32:16 code coverage: enabled 2019/05/18 00:32:16 comparison tracing: enabled 2019/05/18 00:32:16 extra coverage: extra coverage is not supported by the kernel 2019/05/18 00:32:16 setuid sandbox: enabled 2019/05/18 00:32:16 namespace sandbox: enabled 2019/05/18 00:32:16 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/18 00:32:16 fault injection: enabled 2019/05/18 00:32:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/18 00:32:16 net packet injection: enabled 2019/05/18 00:32:16 net device setup: enabled 00:32:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80}, 0x29b) setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88) syzkaller login: [ 75.755752][ T8980] IPVS: ftp: loaded support on port[0] = 21 [ 75.767149][ T8980] NET: Registered protocol family 30 [ 75.772576][ T8980] Failed to register TIPC socket type 00:32:19 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x14, 0x4, 0x200000004, 0x400, 0x0, 0x1}, 0x2c) socket$kcm(0x29, 0x5, 0x0) r0 = socket$kcm(0x2, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5}, 0xfffffffffffffdcb) connect(r0, &(0x7f0000000040)=@un=@file={0x0, './file0\x00'}, 0x80) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x10020000000, 0x0}, 0x2c) [ 76.062143][ T8982] IPVS: ftp: loaded support on port[0] = 21 [ 76.082567][ T8982] NET: Registered protocol family 30 [ 76.087906][ T8982] Failed to register TIPC socket type 00:32:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000780)={0x14, 0x23, 0x1, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) [ 76.442754][ T8984] IPVS: ftp: loaded support on port[0] = 21 [ 76.463295][ T8984] NET: Registered protocol family 30 [ 76.468643][ T8984] Failed to register TIPC socket type 00:32:19 executing program 3: r0 = socket$kcm(0x2, 0x200000000000001, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000040)=r1, 0xab) sendmsg(r0, &(0x7f0000000080)={&(0x7f00000003c0)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x20000000) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x3, &(0x7f0000346fc8)=@framed, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00000002c0)=""/251}, 0x48) r3 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r0, r2}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e1, &(0x7f0000000100)={r3}) [ 76.973022][ T8986] IPVS: ftp: loaded support on port[0] = 21 [ 76.993504][ T8986] NET: Registered protocol family 30 [ 76.998837][ T8986] Failed to register TIPC socket type 00:32:20 executing program 4: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) sendmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK/file0\x00'}, 0x6e, 0x0}, 0x0) sendmmsg(r1, &(0x7f0000000040), 0x40000000000020f, 0x0) [ 77.559781][ T8988] IPVS: ftp: loaded support on port[0] = 21 [ 77.586256][ T8988] NET: Registered protocol family 30 [ 77.591675][ T8988] Failed to register TIPC socket type 00:32:21 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000240)={0x18, 0x0, {0x2, @remote, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) connect$pppoe(r0, &(0x7f0000000680)={0x18, 0x0, {0x0, @local, 'ip6gre0\x00'}}, 0x1e) [ 78.347716][ T8990] IPVS: ftp: loaded support on port[0] = 21 [ 78.463606][ T8990] NET: Registered protocol family 30 [ 78.468948][ T8990] Failed to register TIPC socket type [ 78.537095][ T8980] chnl_net:caif_netlink_parms(): no params data found [ 78.984040][ T8980] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.119456][ T8980] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.234850][ T8980] device bridge_slave_0 entered promiscuous mode [ 79.397215][ T8980] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.532106][ T8980] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.540266][ T8980] device bridge_slave_1 entered promiscuous mode [ 80.068133][ T8980] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.375202][ T8980] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 81.122948][ T8980] team0: Port device team_slave_0 added [ 81.424457][ T8980] team0: Port device team_slave_1 added [ 82.587866][ T8980] device hsr_slave_0 entered promiscuous mode [ 83.136671][ T8980] device hsr_slave_1 entered promiscuous mode [ 85.280565][ T8980] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.984016][ T9152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.054682][ T9152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.334996][ T8980] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.785397][ T9152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.893735][ T9152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.182704][ T9152] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.189978][ T9152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.573083][ T9152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 87.832490][ T9152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.081597][ T9152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.362560][ T9152] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.369692][ T9152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.843564][ T9152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.468420][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.531853][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.842999][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 90.218421][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 90.292875][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 90.301652][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 90.942881][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.951335][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 91.603998][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 91.943712][ T3484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 92.372572][ T8980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 93.336631][ T8980] 8021q: adding VLAN 0 to HW filter on device batadv0 00:32:40 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80}, 0x29b) setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88) 00:32:42 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80}, 0x29b) setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88) [ 100.391686][ T9482] IPVS: ftp: loaded support on port[0] = 21 00:32:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80}, 0x29b) setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88) [ 100.684250][ T9482] NET: Registered protocol family 30 [ 100.689603][ T9482] Failed to register TIPC socket type [ 100.692620][ C0] cache_from_obj: Wrong slab cache. TIPC but object is from kmalloc-2k [ 100.703555][ C0] WARNING: CPU: 0 PID: 9 at mm/slab.h:376 kmem_cache_free.cold+0x1c/0x23 [ 100.711980][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 100.718573][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.1.0+ #18 [ 100.725607][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.735673][ C0] Call Trace: [ 100.739593][ C0] dump_stack+0x172/0x1f0 [ 100.743938][ C0] ? __check_heap_object+0x50/0xb3 [ 100.749059][ C0] panic+0x2cb/0x65c [ 100.752965][ C0] ? __warn_printk+0xf3/0xf3 [ 100.757566][ C0] ? kmem_cache_free.cold+0x1c/0x23 [ 100.762772][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 100.769028][ C0] ? __warn.cold+0x5/0x45 [ 100.773370][ C0] ? __warn+0xe8/0x1d0 [ 100.777450][ C0] ? kmem_cache_free.cold+0x1c/0x23 [ 100.782661][ C0] __warn.cold+0x20/0x45 [ 100.786908][ C0] ? wake_up_klogd+0x99/0xd0 [ 100.791510][ C0] ? kmem_cache_free.cold+0x1c/0x23 [ 100.796716][ C0] report_bug+0x263/0x2b0 [ 100.801066][ C0] do_error_trap+0x11b/0x200 [ 100.806207][ C0] do_invalid_op+0x37/0x50 [ 100.810631][ C0] ? kmem_cache_free.cold+0x1c/0x23 [ 100.815851][ C0] invalid_op+0x14/0x20 [ 100.820022][ C0] RIP: 0010:kmem_cache_free.cold+0x1c/0x23 [ 100.825834][ C0] Code: e8 a5 ae 6e 05 44 8b 6d c4 e9 04 a6 ff ff 48 8b 48 58 48 c7 c6 80 42 74 87 48 c7 c7 f0 a9 5c 88 49 8b 54 24 58 e8 e4 9d b1 ff <0f> 0b e9 89 df ff ff 49 8b 4f 58 48 c7 c6 80 42 74 87 48 c7 c7 f0 [ 100.845447][ C0] RSP: 0018:ffff8880a98afbc0 EFLAGS: 00010286 [ 100.851523][ C0] RAX: 0000000000000044 RBX: ffff8880a416a900 RCX: 0000000000000000 [ 100.859511][ C0] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed1015315f6a [ 100.867489][ C0] RBP: ffff8880a98afbe0 R08: 0000000000000044 R09: ffffed1015d06011 [ 100.875464][ C0] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffff8880994b99c0 [ 100.883446][ C0] R13: 0000000000000000 R14: ffff8880994b99c0 R15: ffff8880a416ac28 [ 100.891444][ C0] ? vprintk_func+0x86/0x189 [ 100.896045][ C0] __sk_destruct+0x4be/0x6e0 [ 100.900658][ C0] ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0 [ 100.906748][ C0] sk_destruct+0x7b/0x90 [ 100.911020][ C0] __sk_free+0xce/0x300 [ 100.915195][ C0] ? tipc_wait_for_connect.isra.0+0x4c0/0x4c0 [ 100.921269][ C0] sk_free+0x42/0x50 [ 100.925174][ C0] tipc_sk_callback+0x48/0x60 [ 100.929864][ C0] rcu_core+0x973/0x1430 [ 100.934127][ C0] ? rcu_note_context_switch+0x1760/0x1760 [ 100.939939][ C0] ? sched_clock+0x2e/0x50 [ 100.944376][ C0] __do_softirq+0x266/0x95a [ 100.948900][ C0] ? takeover_tasklets+0x7b0/0x7b0 [ 100.954020][ C0] run_ksoftirqd+0x8e/0x110 [ 100.958522][ C0] smpboot_thread_fn+0x6ab/0xa40 [ 100.963465][ C0] ? sort_range+0x30/0x30 [ 100.967800][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 100.974059][ C0] ? __kthread_parkme+0xfb/0x1b0 [ 100.979023][ C0] kthread+0x357/0x430 [ 100.983096][ C0] ? sort_range+0x30/0x30 [ 100.987435][ C0] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 100.993692][ C0] ret_from_fork+0x3a/0x50 [ 100.999320][ C0] Kernel Offset: disabled [ 101.003699][ C0] Rebooting in 86400 seconds..