[   43.539183] audit: type=1800 audit(1559603836.997:30): pid=7642 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[   43.562224] audit: type=1800 audit(1559603837.007:31): pid=7642 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.212' (ECDSA) to the list of known hosts.
2019/06/03 23:17:24 fuzzer started
syzkaller login: [   51.317199] kauditd_printk_skb: 4 callbacks suppressed
[   51.317215] audit: type=1400 audit(1559603844.807:36): avc:  denied  { map } for  pid=7825 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/06/03 23:17:27 dialing manager at 10.128.0.105:46883
2019/06/03 23:17:27 syscalls: 2456
2019/06/03 23:17:27 code coverage: enabled
2019/06/03 23:17:27 comparison tracing: enabled
2019/06/03 23:17:27 extra coverage: extra coverage is not supported by the kernel
2019/06/03 23:17:27 setuid sandbox: enabled
2019/06/03 23:17:27 namespace sandbox: enabled
2019/06/03 23:17:27 Android sandbox: /sys/fs/selinux/policy does not exist
2019/06/03 23:17:27 fault injection: enabled
2019/06/03 23:17:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/06/03 23:17:27 net packet injection: enabled
2019/06/03 23:17:27 net device setup: enabled
23:17:32 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1000000000000010, 0x0, 0x0, 0x400, 0x0, 0xffffffffffffff9c, 0x0, [0x5f]}, 0x3c)

[   58.658565] audit: type=1400 audit(1559603852.147:37): avc:  denied  { map } for  pid=7842 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14160 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   58.750588] IPVS: ftp: loaded support on port[0] = 21
[   58.760597] NET: Registered protocol family 30
[   58.766288] Failed to register TIPC socket type
23:17:32 executing program 1:
r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
preadv(r0, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/149, 0x95}], 0x1, 0x0)

[   59.081583] IPVS: ftp: loaded support on port[0] = 21
[   59.108507] NET: Registered protocol family 30
[   59.113148] Failed to register TIPC socket type
23:17:32 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x486}]})

[   59.478838] IPVS: ftp: loaded support on port[0] = 21
[   59.499306] NET: Registered protocol family 30
[   59.503929] Failed to register TIPC socket type
23:17:33 executing program 3:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)
mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x4, 0x0, 0x0, 0x0)

[   60.061819] IPVS: ftp: loaded support on port[0] = 21
[   60.088980] NET: Registered protocol family 30
[   60.093605] Failed to register TIPC socket type
23:17:33 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x21000008912, &(0x7f0000000080)="0adc1f123c123f319bd070")
mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x6, 0x8000031, 0xffffffffffffffff, 0x0)
getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f00000022c0)=""/4096, &(0x7f0000000000)=0xffffff6e)

[   60.792644] IPVS: ftp: loaded support on port[0] = 21
[   60.828978] NET: Registered protocol family 30
[   60.833763] Failed to register TIPC socket type
23:17:34 executing program 5:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_int(r0, 0x1, 0x28, 0x0, &(0x7f0000003340))

[   61.469376] chnl_net:caif_netlink_parms(): no params data found
[   61.840560] IPVS: ftp: loaded support on port[0] = 21
[   61.846819] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.910297] NET: Registered protocol family 30
[   61.915303] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.923534] device bridge_slave_0 entered promiscuous mode
[   62.007699] Failed to register TIPC socket type
[   62.026904] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.075329] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.215489] device bridge_slave_1 entered promiscuous mode
[   62.818280] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   63.161739] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   63.925933] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   64.069307] team0: Port device team_slave_0 added
[   64.491902] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   64.615063] team0: Port device team_slave_1 added
[   64.835777] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   65.115836] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   65.789995] device hsr_slave_0 entered promiscuous mode
[   66.068355] device hsr_slave_1 entered promiscuous mode
[   66.290838] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   66.477173] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   66.704834] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   67.296417] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.477741] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   67.636819] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   67.643093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   67.660205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.856859] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   67.915230] 8021q: adding VLAN 0 to HW filter on device team0
[   68.134824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   68.141968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.165876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.285501] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.292064] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.464297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   68.471789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   68.505834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.595077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.714510] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.720924] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.885863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   68.965017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   68.981196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   69.104549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.121058] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   69.296998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.306375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.385086] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.466709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   69.535791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.545227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.563573] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   69.678660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.689895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.780748] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   69.878899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.899269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.027179] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   70.033417] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.258907] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   70.417357] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.589559] audit: type=1400 audit(1559603864.077:38): avc:  denied  { associate } for  pid=7843 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   73.217825] audit: type=1400 audit(1559603866.707:39): avc:  denied  { map_create } for  pid=8378 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
23:17:48 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1000000000000010, 0x0, 0x0, 0x400, 0x0, 0xffffffffffffff9c, 0x0, [0x5f]}, 0x3c)

23:17:48 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1000000000000010, 0x0, 0x0, 0x400, 0x0, 0xffffffffffffff9c, 0x0, [0x5f]}, 0x3c)

23:17:48 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1000000000000010, 0x0, 0x0, 0x400, 0x0, 0xffffffffffffff9c, 0x0, [0x5f]}, 0x3c)

23:17:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)

[   75.247279] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
23:17:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)

23:17:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)

23:17:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)

[   76.250839] IPVS: ftp: loaded support on port[0] = 21
[   76.268204] NET: Registered protocol family 30
[   76.272834] Failed to register TIPC socket type
[   76.321391] IPVS: ftp: loaded support on port[0] = 21
[   76.327675] IPVS: ftp: loaded support on port[0] = 21
[   76.338330] NET: Registered protocol family 30
[   76.342933] Failed to register TIPC socket type
[   76.353397] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630.
[   76.370487] IPVS: ftp: loaded support on port[0] = 21
[   76.395563] ------------[ cut here ]------------
[   76.400362] kernel BUG at lib/list_debug.c:29!
[   76.417486] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   76.422890] CPU: 1 PID: 8514 Comm: syz-executor.3 Not tainted 4.19.47 #19
[   76.429820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.439238] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[   76.444455] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b
[   76.449260] IPVS: ftp: loaded support on port[0] = 21
[   76.463473] RSP: 0018:ffff888074397b88 EFLAGS: 00010282
[   76.463486] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000
[   76.463492] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100e872f63
[   76.463498] RBP: ffff888074397ba0 R08: 0000000000000058 R09: ffffed1015d24fe9
[   76.463505] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630
[   76.463512] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0
[   76.463530] FS:  0000000001783940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   76.518712] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.524691] CR2: 00007ffffc3f41a8 CR3: 0000000074387000 CR4: 00000000001406e0
[   76.531965] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.539377] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.546647] Call Trace:
[   76.549264]  ? mutex_lock_nested+0x16/0x20
[   76.553529]  proto_register+0x459/0x8e0
[   76.557516]  tipc_socket_init+0x1c/0x70
[   76.561579]  tipc_init_net+0x2ed/0x570
[   76.565478]  ? tipc_exit_net+0x40/0x40
[   76.569368]  ops_init+0xb3/0x410
[   76.572737]  setup_net+0x2d3/0x740
[   76.576304]  ? lock_acquire+0x16f/0x3f0
[   76.580283]  ? ops_init+0x410/0x410
[   76.583913]  copy_net_ns+0x1df/0x340
[   76.587732]  create_new_namespaces+0x400/0x7b0
[   76.592440]  unshare_nsproxy_namespaces+0xc2/0x200
[   76.597372]  ksys_unshare+0x440/0x980
[   76.601174]  ? walk_process_tree+0x2c0/0x2c0
[   76.605595]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.610368]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.615748]  ? do_syscall_64+0x26/0x620
[   76.619731]  ? lockdep_hardirqs_on+0x415/0x5d0
[   76.624317]  __x64_sys_unshare+0x31/0x40
[   76.628385]  do_syscall_64+0xfd/0x620
[   76.632212]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.637400] RIP: 0033:0x45bd47
[   76.640592] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   76.659511] RSP: 002b:00007ffd8c7d24d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000110
[   76.667229] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47
[   76.674503] RDX: 0000000000000000 RSI: 00007ffd8c7d2480 RDI: 0000000040000000
[   76.681800] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
[   76.689099] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000075c9a8
[   76.696371] R13: 00007ffd8c7d2748 R14: 0000000000000000 R15: 0000000000000000
[   76.703674] Modules linked in:
[   76.708056] ---[ end trace 989fab8f01b824e0 ]---
[   76.712851] RIP: 0010:__list_add_valid.cold+0x26/0x3c
[   76.719294] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b
[   76.738660] RSP: 0018:ffff888074397b88 EFLAGS: 00010282
[   76.744044] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000
[   76.751375] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed100e872f63
[   76.758710] RBP: ffff888074397ba0 R08: 0000000000000058 R09: ffffed1015d24fe9
[   76.766037] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffffffff892e7630
[   76.773326] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0
[   76.780656] FS:  0000000001783940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   76.789051] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.794973] CR2: 00007ffffc3f41a8 CR3: 0000000074387000 CR4: 00000000001406e0
[   76.802360] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.809676] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.817006] Kernel panic - not syncing: Fatal exception
[   76.823421] Kernel Offset: disabled
[   76.827048] Rebooting in 86400 seconds..