[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   73.714300][   T26] kauditd_printk_skb: 5 callbacks suppressed
[   73.714312][   T26] audit: type=1800 audit(1558146781.450:29): pid=8745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   73.744379][   T26] audit: type=1800 audit(1558146781.450:30): pid=8745 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts.
2019/05/18 02:33:12 fuzzer started
2019/05/18 02:33:16 dialing manager at 10.128.0.26:37669
2019/05/18 02:33:16 syscalls: 1006
2019/05/18 02:33:16 code coverage: enabled
2019/05/18 02:33:16 comparison tracing: enabled
2019/05/18 02:33:16 extra coverage: extra coverage is not supported by the kernel
2019/05/18 02:33:16 setuid sandbox: enabled
2019/05/18 02:33:16 namespace sandbox: enabled
2019/05/18 02:33:16 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/18 02:33:16 fault injection: enabled
2019/05/18 02:33:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/18 02:33:16 net packet injection: enabled
2019/05/18 02:33:16 net device setup: enabled
02:33:18 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x14, r1, 0x31}, 0x14}}, 0x0)

02:33:19 executing program 1:
r0 = socket$inet(0x2, 0x3, 0x8)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc5f123c123f319bd070")
r1 = socket(0x400000000010, 0x3, 0x0)
recvmsg(r1, &(0x7f00000027c0)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000040)=0x522, 0x4)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
getsockopt$inet_mreqsrc(r1, 0x0, 0x0, &(0x7f0000000000)={@empty, @multicast2, @remote}, &(0x7f00000000c0)=0xc)
write(r1, &(0x7f0000000080)="2400000021002551071c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24)

syzkaller login: [   91.342768][ T8912] IPVS: ftp: loaded support on port[0] = 21
[   91.353766][ T8912] NET: Registered protocol family 30
[   91.359068][ T8912] Failed to register TIPC socket type
[   91.610630][ T8914] IPVS: ftp: loaded support on port[0] = 21
[   91.621059][ T8914] NET: Registered protocol family 30
[   91.626833][ T8914] Failed to register TIPC socket type
02:33:19 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r1, 0x6, 0x22, &(0x7f0000bfcffc), &(0x7f0000000080)=0xffffffffffffff90)

[   92.030597][ T8916] IPVS: ftp: loaded support on port[0] = 21
[   92.056560][ T8916] NET: Registered protocol family 30
[   92.061878][ T8916] Failed to register TIPC socket type
02:33:19 executing program 3:
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
connect$x25(r0, &(0x7f0000000280)={0x9, @null='               \x00'}, 0x12)

[   92.612586][ T8918] IPVS: ftp: loaded support on port[0] = 21
[   92.633248][ T8918] NET: Registered protocol family 30
[   92.638551][ T8918] Failed to register TIPC socket type
02:33:20 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x34, &(0x7f0000000080), 0x4)

[   93.279375][ T8920] IPVS: ftp: loaded support on port[0] = 21
[   93.306279][ T8920] NET: Registered protocol family 30
[   93.311581][ T8920] Failed to register TIPC socket type
02:33:21 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

[   93.941813][ T8922] IPVS: ftp: loaded support on port[0] = 21
[   93.976448][ T8922] NET: Registered protocol family 30
[   93.981753][ T8922] Failed to register TIPC socket type
[   94.367496][ T8912] chnl_net:caif_netlink_parms(): no params data found
[   94.735269][ T8912] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.813064][ T8912] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.897539][ T8912] device bridge_slave_0 entered promiscuous mode
[   94.975999][ T8912] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.062085][ T8912] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.183248][ T8912] device bridge_slave_1 entered promiscuous mode
[   95.686012][ T8912] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   96.018880][ T8912] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   96.621209][ T8912] team0: Port device team_slave_0 added
[   96.954743][ T8912] team0: Port device team_slave_1 added
[   99.085345][ T8912] device hsr_slave_0 entered promiscuous mode
[   99.494657][ T8912] device hsr_slave_1 entered promiscuous mode
[  101.837551][ T8912] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.359630][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  102.395049][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.587318][ T8912] 8021q: adding VLAN 0 to HW filter on device team0
[  103.003529][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.055860][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.196592][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.203908][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.484662][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  103.572771][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  103.699208][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.809474][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.816640][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.064261][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  104.328805][ T9280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  104.455638][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  104.532966][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.763007][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  104.771301][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  104.952363][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  105.150724][ T9280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  105.202741][ T9280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  105.450647][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  105.522872][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.691007][ T8912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  106.234343][ T8912] 8021q: adding VLAN 0 to HW filter on device batadv0
02:33:53 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x14, r1, 0x31}, 0x14}}, 0x0)

02:33:53 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x14, r1, 0x31}, 0x14}}, 0x0)

02:33:54 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x14, r1, 0x31}, 0x14}}, 0x0)

02:33:54 executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x1, 0x4)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000200)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
r1 = socket$inet6(0xa, 0x200000002, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x400000000000176, 0x0)

[  126.888602][ T9527] IPVS: ftp: loaded support on port[0] = 21
[  127.072894][ T9527] NET: Registered protocol family 30
[  127.111248][ T9527] Failed to register TIPC socket type
[  127.242921][ T9539] IPVS: ftp: loaded support on port[0] = 21
[  127.261159][ T9535] IPVS: ftp: loaded support on port[0] = 21
02:33:55 executing program 0:
r0 = socket(0xa, 0x3, 0x8)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x004\x01\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge0\x00', 0xfffffffffffffffd})

[  127.296457][ T9541] IPVS: ftp: loaded support on port[0] = 21
[  127.365025][ T9539] NET: Registered protocol family 30
[  127.370342][ T9539] Failed to register TIPC socket type
[  127.381264][ T9535] list_add double add: new=ffffffff89544ab0, prev=ffffffff89334ac0, next=ffffffff89544ab0.
[  127.445811][ T9543] IPVS: ftp: loaded support on port[0] = 21
[  127.522925][ T9535] ------------[ cut here ]------------
[  127.526616][ T9554] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.528409][ T9535] kernel BUG at lib/list_debug.c:29!
[  127.541626][ T9554] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.546408][ T9535] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  127.554722][ T9535] CPU: 0 PID: 9535 Comm: syz-executor.4 Not tainted 5.1.0+ #18
[  127.562256][ T9535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  127.572379][ T9535] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[  127.578271][ T9535] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b
[  127.597880][ T9535] RSP: 0018:ffff88806c10fb88 EFLAGS: 00010282
[  127.604463][ T9535] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000
[  127.612447][ T9535] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100d821f63
[  127.620417][ T9535] RBP: ffff88806c10fba0 R08: 0000000000000058 R09: ffffed1015d06011
[  127.628380][ T9535] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffffffff89544ab0
[  127.636350][ T9535] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50
[  127.644319][ T9535] FS:  00000000016cb940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  127.653249][ T9535] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  127.659821][ T9535] CR2: 0000000002257560 CR3: 00000000a04d7000 CR4: 00000000001406f0
[  127.667794][ T9535] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  127.675769][ T9535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  127.683740][ T9535] Call Trace:
[  127.687084][ T9535]  ? mutex_lock_nested+0x16/0x20
[  127.692403][ T9535]  proto_register+0x459/0x8e0
[  127.697116][ T9535]  ? lockdep_init_map+0x1be/0x6d0
[  127.702441][ T9535]  tipc_socket_init+0x1c/0x70
[  127.707138][ T9535]  tipc_init_net+0x32a/0x5b0
[  127.711733][ T9535]  ? tipc_exit_net+0x40/0x40
[  127.716328][ T9535]  ops_init+0xb6/0x410
[  127.720484][ T9535]  setup_net+0x2d3/0x740
[  127.724735][ T9535]  ? copy_net_ns+0x1c0/0x340
[  127.729326][ T9535]  ? ops_init+0x410/0x410
[  127.733680][ T9535]  ? kasan_check_write+0x14/0x20
[  127.738622][ T9535]  ? down_read_killable+0x51/0x220
[  127.743737][ T9535]  copy_net_ns+0x1df/0x340
[  127.748167][ T9535]  create_new_namespaces+0x400/0x7b0
[  127.753478][ T9535]  unshare_nsproxy_namespaces+0xc2/0x200
[  127.759109][ T9535]  ksys_unshare+0x440/0x980
[  127.763626][ T9535]  ? trace_hardirqs_on+0x67/0x230
[  127.768654][ T9535]  ? walk_process_tree+0x2d0/0x2d0
[  127.773779][ T9535]  ? blkcg_exit_queue+0x30/0x30
[  127.778649][ T9535]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  127.784113][ T9535]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  127.790193][ T9535]  ? do_syscall_64+0x26/0x680
[  127.794875][ T9535]  ? lockdep_hardirqs_on+0x418/0x5d0
[  127.800394][ T9535]  __x64_sys_unshare+0x31/0x40
[  127.805162][ T9535]  do_syscall_64+0x103/0x680
[  127.809777][ T9535]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  127.815685][ T9535] RIP: 0033:0x45b897
[  127.819574][ T9535] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  127.839173][ T9535] RSP: 002b:00007ffe8aa5cbd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000110
[  127.847695][ T9535] RAX: ffffffffffffffda RBX: 000000000073c988 RCX: 000000000045b897
[  127.855666][ T9535] RDX: 0000000000000000 RSI: 00007ffe8aa5cb80 RDI: 0000000040000000
[  127.863632][ T9535] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[  127.871599][ T9535] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000414ab0
[  127.879578][ T9535] R13: 0000000000414b40 R14: 0000000000000000 R15: 0000000000000000
[  127.887554][ T9535] Modules linked in:
[  127.915370][ T9557] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.922506][ T9557] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.929903][ T9557] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.937292][ T9557] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.939754][ T9535] ---[ end trace 8681122f10a1a68b ]---
[  127.966722][ T9535] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[  127.974294][ T9535] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 20 4c a3 87 e8 00 60 25 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 60 4d a3 87 e8 e9 5f 25 fe <0f> 0b 48 89 f1 48 c7 c7 e0 4c a3 87 4c 89 e6 e8 d5 5f 25 fe 0f 0b
[  128.002852][ T9535] RSP: 0018:ffff88806c10fb88 EFLAGS: 00010282
[  128.008968][ T9535] RAX: 0000000000000058 RBX: ffffffff89544920 RCX: 0000000000000000
[  128.017392][ T9557] device bridge0 entered promiscuous mode
[  128.025605][ T9535] RDX: 0000000000000000 RSI: ffffffff815afbe6 RDI: ffffed100d821f63
[  128.036527][ T9535] RBP: ffff88806c10fba0 R08: 0000000000000058 R09: ffffed1015d06011
[  128.045058][ T9554] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.052230][ T9554] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.059515][ T9535] R10: ffffed1015d06010 R11: ffff8880ae830087 R12: ffffffff89544ab0
[  128.068000][ T9554] device bridge0 left promiscuous mode
[  128.073560][ T9535] R13: ffffffff89544ab0 R14: ffffffff89544ab0 R15: ffffffff89544a50
[  128.081639][ T9535] FS:  00000000016cb940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[  128.102001][ T9535] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  128.108598][ T9535] CR2: ffffffffff600400 CR3: 00000000a04d7000 CR4: 00000000001406f0
[  128.131254][ T9535] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  128.146064][ T9535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  128.161170][ T9535] Kernel panic - not syncing: Fatal exception
[  128.168221][ T9535] Kernel Offset: disabled
[  128.172555][ T9535] Rebooting in 86400 seconds..