[   50.202764] audit: type=1800 audit(1546886453.606:29): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   50.243247] audit: type=1800 audit(1546886453.606:30): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts.
syzkaller login: [  102.211187] kauditd_printk_skb: 5 callbacks suppressed
[  102.211204] audit: type=1400 audit(1546886505.616:36): avc:  denied  { map } for  pid=8486 comm="syz-executor457" path="/root/syz-executor457116072" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  102.262209] IPVS: ftp: loaded support on port[0] = 21
[  102.329372] chnl_net:caif_netlink_parms(): no params data found
[  102.363386] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.370197] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.377387] device bridge_slave_0 entered promiscuous mode
[  102.384635] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.391055] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.398028] device bridge_slave_1 entered promiscuous mode
[  102.413006] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.421829] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.437790] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  102.445174] team0: Port device team_slave_0 added
[  102.450724] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  102.457781] team0: Port device team_slave_1 added
[  102.462989] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  102.470207] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  102.531608] device hsr_slave_0 entered promiscuous mode
[  102.589868] device hsr_slave_1 entered promiscuous mode
[  102.650071] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  102.656906] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  102.671439] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.677924] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.684738] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.691100] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.723215] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  102.729353] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.738882] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  102.748313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.767853] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.775501] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.783617] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  102.793783] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  102.800408] 8021q: adding VLAN 0 to HW filter on device team0
[  102.808976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.816991] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.823379] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.841912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.849425] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.855802] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.863478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  102.871170] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  102.880665] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  102.889262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  102.900574] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  102.911111] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  102.917098] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  102.924529] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  102.937369] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  102.949170] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.958847] audit: type=1400 audit(1546886506.356:37): avc:  denied  { associate } for  pid=8487 comm="syz-executor457" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[  141.053284] ------------[ cut here ]------------
[  141.053288] DEBUG_LOCKS_WARN_ON(chain_key != 0)
[  141.053294] kasan: CONFIG_KASAN_INLINE enabled
[  141.053300] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  141.053305] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  141.053309] CPU: 0 PID: 9 Comm:  Not tainted 5.0.0-rc1+ #14
[  141.053315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  141.053319] kasan: CONFIG_KASAN_INLINE enabled
[  141.053324] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  141.053329] general protection fault: 0000 [#2] PREEMPT SMP KASAN
[  141.053333] CPU: 0 PID: 9 Comm:  Not tainted 5.0.0-rc1+ #14
[  141.053339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  141.053343] ------------[ cut here ]------------
[  141.053351] Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLAB object 'sighand_cache' (offset 2176, size 8)!
[  141.053354] kasan: CONFIG_KASAN_INLINE enabled
[  141.053360] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  141.053364] general protection fault: 0000 [#3] PREEMPT SMP KASAN
[  141.053368] CPU: 0 PID: 9 Comm:  Not tainted 5.0.0-rc1+ #14
[  141.053375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  141.053379] RIP: 0010:uprobe_get_trap_addr+0x9a/0xf0
[  141.053390] Code: 00 00 e8 a9 b8 e3 ff 4c 89 e0 5b 41 5c 5d c3 e8 9c b8 e3 ff 49 8d 7c 24 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 41 49 83 7c 24 20 00 74 a0 e8 73 b8 e3 ff 49 8d 7c
[  141.053394] RSP: 0018:ffff8880a94798f8 EFLAGS: 00010003
[  141.053402] RAX: dffffc0000000000 RBX: ffff8880a9479938 RCX: ffffffff880009e7
[  141.053407] RDX: 0000000000000008 RSI: ffffffff819e3e94 RDI: 0000000000000044
[  141.053412] RBP: ffff8880a9479908 R08: 0000000000000000 R09: 0000000000000000
[  141.053418] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000024
[  141.053423] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  141.053429] FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[  141.053433] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  141.053439] CR2: 0000000000000130 CR3: 0000000009871000 CR4: 00000000001406f0
[  141.053444] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  141.053449] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  141.053452] Call Trace:
[  141.053455] Modules linked in:
[  141.058640] ==================================================================
[  141.063050] ---[ end trace d0d4250f91f480df ]---
[  141.063055] RIP: 0010:uprobe_get_trap_addr+0x9a/0xf0
[  141.063067] Code: 00 00 e8 a9 b8 e3 ff 4c 89 e0 5b 41 5c 5d c3 e8 9c b8 e3 ff 49 8d 7c 24 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 41 49 83 7c 24 20 00 74 a0 e8 73 b8 e3 ff 49 8d 7c
[  141.063071] RSP: 0018:ffff8880a947a568 EFLAGS: 00010003
[  141.063079] RAX: dffffc0000000000 RBX: ffff8880a947a5a8 RCX: ffffffff880009e7
[  141.063085] RDX: 0000000000000008 RSI: ffffffff819e3e94 RDI: 0000000000000044
[  141.063090] RBP: ffff8880a947a578 R08: 0000000000000000 R09: 0000000000000000
[  141.063096] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000024
[  141.063101] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  141.063107] FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[  141.063112] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  141.063118] CR2: 0000000000000130 CR3: 0000000009871000 CR4: 00000000001406f0
[  141.063123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  141.063129] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  141.063134] Kernel panic - not syncing: Fatal exception in interrupt
[  141.408274] BUG: KASAN: stack-out-of-bounds in __list_add_valid+0x88/0xa0
[  141.415199] Read of size 8 at addr ffff8880a947a2f8 by task syz-executor457/8487
[  141.423162] 
[  141.424795] CPU: 1 PID: 8487 Comm: syz-executor457 Tainted: G      D           5.0.0-rc1+ #14
[  141.433447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  141.442793] Call Trace:
[  141.445383]  dump_stack+0x1db/0x2d0
[  141.449018]  ? dump_stack_print_info.cold+0x20/0x20
[  141.454038]  ? __list_add_valid+0x88/0xa0
[  141.458188]  print_address_description.cold+0x7c/0x20d
[  141.463460]  ? __list_add_valid+0x88/0xa0
[  141.467605]  ? __list_add_valid+0x88/0xa0
[  141.471752]  kasan_report.cold+0x1b/0x40
[  141.475814]  ? __list_add_valid+0x88/0xa0
[  141.479962]  __asan_report_load8_noabort+0x14/0x20
[  141.484901]  __list_add_valid+0x88/0xa0
[  141.488877]  account_entity_enqueue+0x3a0/0x660
[  141.493562]  ? cpu_load_update+0x360/0x360
[  141.497835]  ? mark_held_locks+0x100/0x100
[  141.502071]  ? debug_object_activate+0x1d9/0x550
[  141.506845]  enqueue_entity+0x276/0x20b0
[  141.510934]  ? update_load_avg+0x130f/0x23b0
[  141.515359]  ? put_prev_task_fair+0x80/0x80
[  141.519693]  ? can_migrate_task+0x12f0/0x12f0
[  141.524186]  ? debug_object_active_state+0x37/0x500
[  141.529200]  ? task_numa_migrate+0x2830/0x2830
[  141.533819]  ? pvclock_read_flags+0x160/0x160
[  141.538322]  enqueue_task_fair+0x237/0x10c0
[  141.542644]  ? lock_downgrade+0x910/0x910
[  141.546790]  ? sched_clock_cpu+0x1b/0x1b0
[  141.550936]  ? enqueue_entity+0x20b0/0x20b0
[  141.555282]  ? record_times+0x1e/0x580
[  141.559168]  ? do_raw_spin_lock+0x156/0x360
[  141.563486]  ? psi_task_change+0x36a/0x590
[  141.567736]  ? kvm_clock_read+0x18/0x30
[  141.571718]  activate_task+0x11d/0x470
[  141.575611]  wake_up_new_task+0x50c/0xd30
[  141.579762]  ? to_ratio+0x20/0x20
[  141.583214]  ? get_task_pid+0x213/0x3c0
[  141.587191]  ? find_get_pid+0x260/0x260
[  141.591162]  ? blkcg_exit_queue+0x30/0x30
[  141.595321]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  141.600339]  _do_fork+0x2a5/0x1170
[  141.603879]  ? fork_idle+0x1d0/0x1d0
[  141.607590]  ? _raw_spin_unlock_irq+0x5e/0x90
[  141.612082]  ? trace_hardirqs_off+0xb8/0x310
[  141.616514]  ? do_syscall_64+0x696/0x800
[  141.620586]  ? trace_hardirqs_on_caller+0x310/0x310
[  141.625622]  ? __close_fd+0x25f/0x3d0
[  141.629437]  ? trace_hardirqs_on+0xbd/0x310
[  141.633757]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  141.639118]  ? trace_hardirqs_off_caller+0x300/0x300
[  141.644287]  __x64_sys_clone+0xbf/0x150
[  141.648271]  do_syscall_64+0x1a3/0x800
[  141.652159]  ? syscall_return_slowpath+0x5f0/0x5f0
[  141.657086]  ? lockdep_sys_exit+0x49/0x5c
[  141.661265]  ? prepare_exit_to_usermode+0x232/0x3b0
[  141.666287]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  141.671146]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  141.676333] RIP: 0033:0x44398a
[  141.679521] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[  141.698415] RSP: 002b:00007ffedd8acbb0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  141.706119] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044398a
[  141.713379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  141.720645] RBP: 00007ffedd8acbd0 R08: 0000000000000001 R09: 0000000000eaf940
[  141.727910] R10: 0000000000eafc10 R11: 0000000000000246 R12: 0000000000000001
[  141.735171] R13: 00000000000226b7 R14: 0000000000000000 R15: 000000aaaaaaaaaa
[  141.742453] 
[  141.744067] Allocated by task 2419400192:
[  142.260371] Shutting down cpus with NMI
[  142.260375] Kernel Offset: disabled