Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   40.301981] audit: type=1800 audit(1551631108.406:33): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   45.158188] kauditd_printk_skb: 1 callbacks suppressed
[   45.158203] audit: type=1400 audit(1551631113.256:35): avc:  denied  { map } for  pid=7849 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts.
[   82.585254] audit: type=1400 audit(1551631150.686:36): avc:  denied  { map } for  pid=7861 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/03/03 16:39:11 parsed 1 programs
[   83.403474] audit: type=1400 audit(1551631151.506:37): avc:  denied  { map } for  pid=7861 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15493 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/03/03 16:39:13 executed programs: 0
[   85.103548] IPVS: ftp: loaded support on port[0] = 21
[   85.158891] chnl_net:caif_netlink_parms(): no params data found
[   85.188264] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.195299] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.202320] device bridge_slave_0 entered promiscuous mode
[   85.209600] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.216076] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.222966] device bridge_slave_1 entered promiscuous mode
[   85.237646] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   85.246814] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   85.264544] team0: Port device team_slave_0 added
[   85.270368] team0: Port device team_slave_1 added
[   85.352115] device hsr_slave_0 entered promiscuous mode
[   85.410689] device hsr_slave_1 entered promiscuous mode
[   85.489007] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.495461] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.502326] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.508666] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.537478] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.548774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.568513] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.575991] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.583848] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   85.594890] 8021q: adding VLAN 0 to HW filter on device team0
[   85.603953] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.612038] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.618373] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.639697] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   85.649870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   85.662174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   85.670022] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.676429] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.684023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   85.691826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   85.699423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   85.707081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   85.714598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   85.721542] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   85.738322] 8021q: adding VLAN 0 to HW filter on device batadv0
[   85.748301] audit: type=1400 audit(1551631153.846:38): avc:  denied  { associate } for  pid=7875 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   85.850287] ==================================================================
[   85.857728] BUG: KASAN: use-after-free in __list_add_valid+0x9a/0xa0
[   85.864203] Read of size 8 at addr ffff88809701d520 by task syz-executor.0/7889
[   85.871638] 
[   85.873264] CPU: 0 PID: 7889 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
[   85.880340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.889719] Call Trace:
[   85.892299]  dump_stack+0x172/0x1f0
[   85.895998]  ? __list_add_valid+0x9a/0xa0
[   85.900131]  print_address_description.cold+0x7c/0x20d
[   85.905389]  ? __list_add_valid+0x9a/0xa0
[   85.909527]  ? __list_add_valid+0x9a/0xa0
[   85.913672]  kasan_report.cold+0x1b/0x40
[   85.917732]  ? __list_add_valid+0x9a/0xa0
[   85.921880]  __asan_report_load8_noabort+0x14/0x20
[   85.926850]  __list_add_valid+0x9a/0xa0
[   85.930833]  rdma_listen+0x63b/0x8e0
[   85.934554]  ucma_listen+0x14d/0x1c0
[   85.938254]  ? ucma_notify+0x190/0x190
[   85.942131]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   85.947657]  ? _copy_from_user+0xdd/0x150
[   85.951792]  ucma_write+0x2da/0x3c0
[   85.955403]  ? ucma_notify+0x190/0x190
[   85.959277]  ? ucma_open+0x290/0x290
[   85.962983]  __vfs_write+0x116/0x8e0
[   85.966684]  ? ucma_open+0x290/0x290
[   85.970399]  ? kernel_read+0x120/0x120
[   85.974285]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   85.979810]  ? __inode_security_revalidate+0xda/0x120
[   85.984991]  ? avc_policy_seqno+0xd/0x70
[   85.989042]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   85.994047]  ? selinux_file_permission+0x92/0x550
[   85.998890]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.004444]  ? security_file_permission+0x94/0x320
[   86.009381]  ? rw_verify_area+0x118/0x360
[   86.013531]  vfs_write+0x20c/0x580
[   86.017060]  ksys_write+0xea/0x1f0
[   86.020585]  ? __ia32_sys_read+0xb0/0xb0
[   86.024632]  ? do_syscall_64+0x26/0x610
[   86.028590]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.033938]  ? do_syscall_64+0x26/0x610
[   86.037928]  __x64_sys_write+0x73/0xb0
[   86.041803]  do_syscall_64+0x103/0x610
[   86.045679]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.050855] RIP: 0033:0x457e29
[   86.054042] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.072926] RSP: 002b:00007fbc16006c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.080614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[   86.087867] RDX: 00000000ffffff3a RSI: 00000000200001c0 RDI: 0000000000000003
[   86.095121] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[   86.102375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc160076d4
[   86.109716] R13: 00000000004c70d9 R14: 00000000004dcb90 R15: 00000000ffffffff
[   86.117069] 
[   86.118686] Allocated by task 7886:
[   86.122512]  save_stack+0x45/0xd0
[   86.126114]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   86.131043]  kasan_kmalloc+0x9/0x10
[   86.134672]  kmem_cache_alloc_trace+0x151/0x760
[   86.139333]  __rdma_create_id+0x5f/0x4e0
[   86.143552]  ucma_create_id+0x1de/0x640
[   86.147511]  ucma_write+0x2da/0x3c0
[   86.151171]  __vfs_write+0x116/0x8e0
[   86.154876]  vfs_write+0x20c/0x580
[   86.158398]  ksys_write+0xea/0x1f0
[   86.161919]  __x64_sys_write+0x73/0xb0
[   86.165799]  do_syscall_64+0x103/0x610
[   86.169681]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.174852] 
[   86.176461] Freed by task 7881:
[   86.179730]  save_stack+0x45/0xd0
[   86.183176]  __kasan_slab_free+0x102/0x150
[   86.187399]  kasan_slab_free+0xe/0x10
[   86.191196]  kfree+0xcf/0x230
[   86.194296]  rdma_destroy_id+0x723/0xab0
[   86.198340]  ucma_close+0x115/0x320
[   86.201948]  __fput+0x2df/0x8d0
[   86.205211]  ____fput+0x16/0x20
[   86.208473]  task_work_run+0x14a/0x1c0
[   86.212342]  exit_to_usermode_loop+0x273/0x2c0
[   86.216905]  do_syscall_64+0x52d/0x610
[   86.220786]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.225949] 
[   86.227570] The buggy address belongs to the object at ffff88809701d340
[   86.227570]  which belongs to the cache kmalloc-2k of size 2048
[   86.240207] The buggy address is located 480 bytes inside of
[   86.240207]  2048-byte region [ffff88809701d340, ffff88809701db40)
[   86.252153] The buggy address belongs to the page:
[   86.257081] page:ffffea00025c0700 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0
[   86.267028] flags: 0x1fffc0000010200(slab|head)
[   86.271682] raw: 01fffc0000010200 ffffea000262fa88 ffffea0002632f88 ffff88812c3f0c40
[   86.279544] raw: 0000000000000000 ffff88809701c240 0000000100000003 0000000000000000
[   86.287402] page dumped because: kasan: bad access detected
[   86.293087] 
[   86.294697] Memory state around the buggy address:
[   86.299619]  ffff88809701d400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.306966]  ffff88809701d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.314318] >ffff88809701d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.321653]                                ^
[   86.326042]  ffff88809701d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.333384]  ffff88809701d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.340831] ==================================================================
[   86.348179] Disabling lock debugging due to kernel taint
[   86.356414] Kernel panic - not syncing: panic_on_warn set ...
[   86.362319] CPU: 1 PID: 7889 Comm: syz-executor.0 Tainted: G    B             5.0.0-rc8+ #3
[   86.370800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.380143] Call Trace:
[   86.382729]  dump_stack+0x172/0x1f0
[   86.386350]  panic+0x2cb/0x65c
[   86.389526]  ? __warn_printk+0xf3/0xf3
[   86.393401]  ? __list_add_valid+0x9a/0xa0
[   86.397536]  ? preempt_schedule+0x4b/0x60
[   86.401668]  ? ___preempt_schedule+0x16/0x18
[   86.406058]  ? trace_hardirqs_on+0x5e/0x230
[   86.410493]  ? __list_add_valid+0x9a/0xa0
[   86.414682]  end_report+0x47/0x4f
[   86.418127]  ? __list_add_valid+0x9a/0xa0
[   86.422257]  kasan_report.cold+0xe/0x40
[   86.426211]  ? __list_add_valid+0x9a/0xa0
[   86.430340]  __asan_report_load8_noabort+0x14/0x20
[   86.435261]  __list_add_valid+0x9a/0xa0
[   86.439221]  rdma_listen+0x63b/0x8e0
[   86.442919]  ucma_listen+0x14d/0x1c0
[   86.446613]  ? ucma_notify+0x190/0x190
[   86.450491]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   86.456005]  ? _copy_from_user+0xdd/0x150
[   86.460135]  ucma_write+0x2da/0x3c0
[   86.463742]  ? ucma_notify+0x190/0x190
[   86.467689]  ? ucma_open+0x290/0x290
[   86.471400]  __vfs_write+0x116/0x8e0
[   86.475111]  ? ucma_open+0x290/0x290
[   86.478815]  ? kernel_read+0x120/0x120
[   86.482686]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   86.488204]  ? __inode_security_revalidate+0xda/0x120
[   86.493383]  ? avc_policy_seqno+0xd/0x70
[   86.497427]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   86.502441]  ? selinux_file_permission+0x92/0x550
[   86.507265]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.512788]  ? security_file_permission+0x94/0x320
[   86.517702]  ? rw_verify_area+0x118/0x360
[   86.521833]  vfs_write+0x20c/0x580
[   86.525359]  ksys_write+0xea/0x1f0
[   86.528876]  ? __ia32_sys_read+0xb0/0xb0
[   86.532924]  ? do_syscall_64+0x26/0x610
[   86.536877]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.542267]  ? do_syscall_64+0x26/0x610
[   86.546231]  __x64_sys_write+0x73/0xb0
[   86.550100]  do_syscall_64+0x103/0x610
[   86.553973]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.559229] RIP: 0033:0x457e29
[   86.562400] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.581282] RSP: 002b:00007fbc16006c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.588974] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[   86.596224] RDX: 00000000ffffff3a RSI: 00000000200001c0 RDI: 0000000000000003
[   86.603473] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[   86.610724] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc160076d4
[   86.617973] R13: 00000000004c70d9 R14: 00000000004dcb90 R15: 00000000ffffffff
[   86.626285] Kernel Offset: disabled
[   86.629908] Rebooting in 86400 seconds..