[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 62.937580][ T24] audit: type=1800 audit(1558159619.682:25): pid=8830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 62.968674][ T24] audit: type=1800 audit(1558159619.682:26): pid=8830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 63.020902][ T24] audit: type=1800 audit(1558159619.692:27): pid=8830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. 2019/05/18 06:07:10 fuzzer started 2019/05/18 06:07:13 dialing manager at 10.128.0.26:37669 2019/05/18 06:07:13 syscalls: 1006 2019/05/18 06:07:13 code coverage: enabled 2019/05/18 06:07:13 comparison tracing: enabled 2019/05/18 06:07:13 extra coverage: extra coverage is not supported by the kernel 2019/05/18 06:07:13 setuid sandbox: enabled 2019/05/18 06:07:13 namespace sandbox: enabled 2019/05/18 06:07:13 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/18 06:07:13 fault injection: enabled 2019/05/18 06:07:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/18 06:07:13 net packet injection: enabled 2019/05/18 06:07:13 net device setup: enabled 06:07:18 executing program 0: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000000)=[{}]}, 0x10) syzkaller login: [ 81.843825][ T8998] IPVS: ftp: loaded support on port[0] = 21 [ 81.855273][ T8998] NET: Registered protocol family 30 [ 81.861600][ T8998] Failed to register TIPC socket type 06:07:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x5f}}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 82.106812][ T9000] IPVS: ftp: loaded support on port[0] = 21 [ 82.119936][ T9000] NET: Registered protocol family 30 [ 82.126796][ T9000] Failed to register TIPC socket type 06:07:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_emit_ethernet(0x66, &(0x7f0000000180)={@link_local={0x1, 0x80, 0xc2, 0x4888, 0x58000000}, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x30, 0xffffff3a, 0x0, @ipv4={[0x3580], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff80, 0x0, 0x0, 0x0, [0x9, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}, @ipv4={[], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 82.553926][ T9002] IPVS: ftp: loaded support on port[0] = 21 [ 82.580574][ T9002] NET: Registered protocol family 30 [ 82.625922][ T9002] Failed to register TIPC socket type 06:07:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0xfcda) setsockopt$inet_int(r1, 0x0, 0x14, &(0x7f0000000140)=0x6, 0x4) setsockopt$inet_int(r1, 0x0, 0x4, &(0x7f0000000100), 0x4) sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) readv(r1, &(0x7f0000000500)=[{&(0x7f0000000440)=""/175, 0xaf}], 0x1) [ 83.112510][ T9004] IPVS: ftp: loaded support on port[0] = 21 [ 83.140497][ T9004] NET: Registered protocol family 30 [ 83.165862][ T9004] Failed to register TIPC socket type 06:07:20 executing program 4: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@local}) [ 83.856280][ T9006] IPVS: ftp: loaded support on port[0] = 21 [ 83.907185][ T9006] NET: Registered protocol family 30 [ 83.912574][ T9006] Failed to register TIPC socket type [ 84.867894][ T8998] chnl_net:caif_netlink_parms(): no params data found [ 85.287700][ T8998] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.295524][ T8998] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.366871][ T8998] device bridge_slave_0 entered promiscuous mode [ 85.446963][ T8998] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.454528][ T8998] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.524614][ T8998] device bridge_slave_1 entered promiscuous mode [ 85.928261][ T8998] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 86.276950][ T8998] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 86.948733][ T8998] team0: Port device team_slave_0 added [ 87.268486][ T8998] team0: Port device team_slave_1 added [ 88.741488][ T8998] device hsr_slave_0 entered promiscuous mode [ 89.250949][ T8998] device hsr_slave_1 entered promiscuous mode [ 91.747406][ T8998] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.248641][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 92.288700][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.482073][ T8998] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.741995][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.817562][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.980612][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.987931][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.248127][ T9146] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.328234][ T9146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.456614][ T9146] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.616136][ T9146] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.623264][ T9146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.863876][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.038026][ T9146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.238151][ T9201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.291769][ T9201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.522737][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.556677][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.727495][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.977845][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 95.116574][ T3485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.304912][ T2825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 95.376931][ T2825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.963053][ T8998] 8021q: adding VLAN 0 to HW filter on device batadv0 06:07:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x10, 0x701, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) recvmmsg(r1, &(0x7f0000000140), 0x675, 0x42, 0x0) 06:07:36 executing program 0: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000000)=[{}]}, 0x10) [ 101.322263][ T9467] IPVS: ftp: loaded support on port[0] = 21 [ 101.913197][ T9467] NET: Registered protocol family 30 [ 102.325871][ T9467] Failed to register TIPC socket type 06:07:39 executing program 0: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000000)=[{}]}, 0x10) 06:07:40 executing program 0: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000000)=[{}]}, 0x10) [ 104.278429][ T9490] IPVS: ftp: loaded support on port[0] = 21 [ 104.572249][ T9493] IPVS: ftp: loaded support on port[0] = 21 [ 104.600164][ T9494] IPVS: ftp: loaded support on port[0] = 21 [ 104.698569][ T9490] NET: Registered protocol family 30 [ 104.703895][ T9490] Failed to register TIPC socket type [ 105.041303][ T9493] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0. [ 105.696165][ T9493] ------------[ cut here ]------------ [ 105.702411][ T9493] kernel BUG at lib/list_debug.c:29! [ 106.471836][ T9493] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 106.478753][ T9493] CPU: 0 PID: 9493 Comm: syz-executor.2 Not tainted 5.1.0+ #18 [ 106.487039][ T9493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.497502][ T9493] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 106.503594][ T9493] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b [ 106.525517][ T9493] RSP: 0018:ffff88807e9efb88 EFLAGS: 00010282 [ 106.532134][ T9493] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000 [ 106.544663][ T9493] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100fd3df63 [ 106.568717][ T9493] RBP: ffff88807e9efba0 R08: 0000000000000058 R09: ffffed1015d06011 [ 106.589946][ T9493] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffffffff89544ab0 [ 106.616203][ T9493] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50 [ 106.638251][ T9493] FS: 0000000001a1a940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 106.653633][ T9493] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.664808][ T9493] CR2: 00007ffcc8183af8 CR3: 000000007e9a8000 CR4: 00000000001406f0 [ 106.676084][ T9493] Call Trace: [ 106.680567][ T9493] ? mutex_lock_nested+0x16/0x20 [ 106.690859][ T9493] proto_register+0x459/0x8e0 [ 106.698208][ T9493] ? lockdep_init_map+0x1be/0x6d0 [ 106.704894][ T9493] tipc_socket_init+0x1c/0x70 [ 106.711560][ T9493] tipc_init_net+0x32a/0x5b0 [ 106.720026][ T9493] ? tipc_exit_net+0x40/0x40 [ 106.727043][ T9493] ops_init+0xb6/0x410 [ 106.731579][ T9493] setup_net+0x2d3/0x740 [ 106.736913][ T9493] ? copy_net_ns+0x1c0/0x340 [ 106.742914][ T9493] ? ops_init+0x410/0x410 [ 106.749212][ T9493] ? kasan_check_write+0x14/0x20 [ 106.757900][ T9493] ? down_read_killable+0x51/0x220 [ 106.774113][ T9493] copy_net_ns+0x1df/0x340 [ 106.786829][ T9493] create_new_namespaces+0x400/0x7b0 [ 106.799093][ T9493] unshare_nsproxy_namespaces+0xc2/0x200 [ 106.816334][ T9493] ksys_unshare+0x440/0x980 [ 106.824973][ T9493] ? trace_hardirqs_on+0x67/0x230 [ 106.837742][ T9493] ? walk_process_tree+0x2d0/0x2d0 [ 106.847277][ T9493] ? blkcg_exit_queue+0x30/0x30 [ 106.855801][ T9493] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 106.864805][ T9493] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.882114][ T9493] ? do_syscall_64+0x26/0x680 [ 106.889168][ T9493] ? lockdep_hardirqs_on+0x418/0x5d0 [ 106.899110][ T9493] __x64_sys_unshare+0x31/0x40 [ 106.909325][ T9493] do_syscall_64+0x103/0x680 [ 106.917709][ T9493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.925637][ T9493] RIP: 0033:0x45b897 [ 106.930440][ T9493] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 106.957270][ T9493] RSP: 002b:00007ffcabb8ac78 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 106.971970][ T9493] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897 [ 106.984347][ T9493] RDX: 0000000000000000 RSI: 00007ffcabb8ac20 RDI: 0000000040000000 [ 106.995922][ T9493] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 107.006320][ T9493] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000414ab0 [ 107.015652][ T9493] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000 06:07:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000100)="24000000100a07041dfffd946fa2830020200a0009000108000000680c1baba20400ff7e28000000110affffba16a0aa1c0009b356da5a80d18b0400000000000000db2406b208d37ed01cc0", 0x4c}], 0x1}, 0x0) [ 107.024711][ T9493] Modules linked in: [ 107.037197][ T3879] kobject: 'loop0' (00000000976df40a): kobject_uevent_env [ 107.436593][ T9500] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 107.465944][ T3879] kobject: 'loop0' (00000000976df40a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 108.411101][ T9501] IPVS: ftp: loaded support on port[0] = 21 06:07:45 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000100)="24000000100a07041dfffd946fa2830020200a0009000108000000680c1baba20400ff7e28000000110affffba16a0aa1c0009b356da5a80d18b0400000000000000db2406b208d37ed01cc0", 0x4c}], 0x1}, 0x0) [ 108.793924][ T3879] kobject: 'loop0' (00000000976df40a): kobject_uevent_env [ 109.125866][ T3879] kobject: 'loop0' (00000000976df40a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 109.796509][ T9515] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:07:48 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000100)="24000000100a07041dfffd946fa2830020200a0009000108000000680c1baba20400ff7e28000000110affffba16a0aa1c0009b356da5a80d18b0400000000000000db2406b208d37ed01cc0", 0x4c}], 0x1}, 0x0) [ 111.493444][ T3879] kobject: 'loop0' (00000000976df40a): kobject_uevent_env [ 111.715891][ T3879] kobject: 'loop0' (00000000976df40a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 112.397960][ T9538] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 06:07:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000100)="24000000100a07041dfffd946fa2830020200a0009000108000000680c1baba20400ff7e28000000110affffba16a0aa1c0009b356da5a80d18b0400000000000000db2406b208d37ed01cc0", 0x4c}], 0x1}, 0x0) [ 113.313036][ T3879] kobject: 'loop0' (00000000976df40a): kobject_uevent_env [ 113.375860][ T3879] kobject: 'loop0' (00000000976df40a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.827972][ T9546] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 114.825174][ T3879] kobject: 'loop0' (00000000976df40a): kobject_uevent_env [ 114.876297][ T3879] kobject: 'loop0' (00000000976df40a): fill_kobj_path: path = '/devices/virtual/block/loop0'