Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   73.654540][   T26] kauditd_printk_skb: 3 callbacks suppressed
[   73.654552][   T26] audit: type=1800 audit(1563349537.959:33): pid=9020 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   73.682747][   T26] audit: type=1800 audit(1563349537.959:34): pid=9020 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   78.290174][   T26] audit: type=1400 audit(1563349542.599:35): avc:  denied  { map } for  pid=9198 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts.
[   84.734700][   T26] audit: type=1400 audit(1563349549.039:36): avc:  denied  { map } for  pid=9210 comm="syz-executor051" path="/root/syz-executor051711581" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   84.763975][ T9219] IPVS: ftp: loaded support on port[0] = 21
[   84.776733][ T9218] IPVS: ftp: loaded support on port[0] = 21
[   84.781993][ T9217] IPVS: ftp: loaded support on port[0] = 21
[   84.795226][ T9222] IPVS: ftp: loaded support on port[0] = 21
[   84.805773][ T9220] IPVS: ftp: loaded support on port[0] = 21
[   84.816826][ T9221] IPVS: ftp: loaded support on port[0] = 21
[   85.088370][ T9218] chnl_net:caif_netlink_parms(): no params data found
[   85.116266][ T9220] chnl_net:caif_netlink_parms(): no params data found
[   85.186766][ T9222] chnl_net:caif_netlink_parms(): no params data found
[   85.195377][ T9218] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.204195][ T9218] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.212489][ T9218] device bridge_slave_0 entered promiscuous mode
[   85.235462][ T9217] chnl_net:caif_netlink_parms(): no params data found
[   85.252563][ T9218] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.261395][ T9218] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.269136][ T9218] device bridge_slave_1 entered promiscuous mode
[   85.322683][ T9219] chnl_net:caif_netlink_parms(): no params data found
[   85.372575][ T9220] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.379778][ T9220] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.387461][ T9220] device bridge_slave_0 entered promiscuous mode
[   85.409691][ T9222] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.416839][ T9222] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.424672][ T9222] device bridge_slave_0 entered promiscuous mode
[   85.434509][ T9222] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.441843][ T9222] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.449996][ T9222] device bridge_slave_1 entered promiscuous mode
[   85.458233][ T9218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.467682][ T9220] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.474727][ T9220] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.482729][ T9220] device bridge_slave_1 entered promiscuous mode
[   85.504361][ T9221] chnl_net:caif_netlink_parms(): no params data found
[   85.522916][ T9218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.534279][ T9219] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.542642][ T9219] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.550729][ T9219] device bridge_slave_0 entered promiscuous mode
[   85.574165][ T9217] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.581849][ T9217] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.590103][ T9217] device bridge_slave_0 entered promiscuous mode
[   85.602077][ T9217] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.609565][ T9217] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.617238][ T9217] device bridge_slave_1 entered promiscuous mode
[   85.635042][ T9219] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.642527][ T9219] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.653339][ T9219] device bridge_slave_1 entered promiscuous mode
[   85.661479][ T9220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.678441][ T9220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.690515][ T9222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.705194][ T9222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.715755][ T9218] team0: Port device team_slave_0 added
[   85.727181][ T9218] team0: Port device team_slave_1 added
[   85.771207][ T9222] team0: Port device team_slave_0 added
[   85.778374][ T9222] team0: Port device team_slave_1 added
[   85.784116][ T9221] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.791359][ T9221] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.799053][ T9221] device bridge_slave_0 entered promiscuous mode
[   85.810694][ T9221] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.817782][ T9221] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.825634][ T9221] device bridge_slave_1 entered promiscuous mode
[   85.834037][ T9217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.852503][ T9219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.864366][ T9219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.886447][ T9220] team0: Port device team_slave_0 added
[   85.894036][ T9220] team0: Port device team_slave_1 added
[   85.904052][ T9217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.934704][ T9221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.009296][ T9222] device hsr_slave_0 entered promiscuous mode
[   86.067858][ T9222] device hsr_slave_1 entered promiscuous mode
[   86.124841][ T9221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.179484][ T9218] device hsr_slave_0 entered promiscuous mode
[   86.247951][ T9218] device hsr_slave_1 entered promiscuous mode
[   86.297717][ T9218] debugfs: Directory 'hsr0' with parent '/' already present!
[   86.310921][ T9219] team0: Port device team_slave_0 added
[   86.360769][ T9220] device hsr_slave_0 entered promiscuous mode
[   86.418027][ T9220] device hsr_slave_1 entered promiscuous mode
[   86.487671][ T9220] debugfs: Directory 'hsr0' with parent '/' already present!
[   86.506297][ T9217] team0: Port device team_slave_0 added
[   86.517253][ T9217] team0: Port device team_slave_1 added
[   86.525840][ T9219] team0: Port device team_slave_1 added
[   86.543246][ T9221] team0: Port device team_slave_0 added
[   86.571750][ T9221] team0: Port device team_slave_1 added
[   86.599355][ T9217] device hsr_slave_0 entered promiscuous mode
[   86.647972][ T9217] device hsr_slave_1 entered promiscuous mode
[   86.707625][ T9217] debugfs: Directory 'hsr0' with parent '/' already present!
[   86.779645][ T9219] device hsr_slave_0 entered promiscuous mode
[   86.838724][ T9219] device hsr_slave_1 entered promiscuous mode
[   86.877828][ T9219] debugfs: Directory 'hsr0' with parent '/' already present!
[   86.939469][ T9221] device hsr_slave_0 entered promiscuous mode
[   86.977833][ T9221] device hsr_slave_1 entered promiscuous mode
[   87.027694][ T9221] debugfs: Directory 'hsr0' with parent '/' already present!
[   87.155257][ T9218] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.183286][ T9222] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.192889][ T9220] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.210360][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.221592][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.236007][ T9222] 8021q: adding VLAN 0 to HW filter on device team0
[   87.245679][ T9218] 8021q: adding VLAN 0 to HW filter on device team0
[   87.255180][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.265313][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.296696][ T9219] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.304461][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.313169][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.322111][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.329326][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.337244][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.345995][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.354384][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.361456][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.369196][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.376829][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.385279][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   87.397416][ T9217] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.419870][ T9220] 8021q: adding VLAN 0 to HW filter on device team0
[   87.436932][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.446519][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.455424][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.463795][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.470930][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.479513][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.487130][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.494945][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   87.503609][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   87.512338][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   87.520679][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.529332][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.537795][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.544833][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.553078][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   87.561109][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   87.569774][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   87.580501][ T9219] 8021q: adding VLAN 0 to HW filter on device team0
[   87.615551][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   87.626082][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   87.634690][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.643469][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.651818][ T3506] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.658887][ T3506] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.666306][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   87.674778][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   87.683234][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.692207][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   87.700496][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   87.708802][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   87.717188][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.725806][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.734102][ T3506] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.741281][ T3506] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.748770][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.756335][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.766495][ T9222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   87.779869][ T9221] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.799718][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.809283][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.817626][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.824657][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.833264][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.841867][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   87.860649][ T9217] 8021q: adding VLAN 0 to HW filter on device team0
[   87.882788][ T9221] 8021q: adding VLAN 0 to HW filter on device team0
[   87.891056][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   87.899979][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   87.910575][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   87.919217][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   87.927752][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   87.936027][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   87.944953][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   87.953385][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.961811][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.970649][ T9225] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.977737][ T9225] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.985201][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.994493][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   88.003083][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   88.011781][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.020246][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   88.028119][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   88.036144][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.044008][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.051859][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.090530][ T9222] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.103562][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.112659][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.121302][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   88.130375][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.141357][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.150254][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   88.159452][ T9225] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.166487][ T9225] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.174095][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.182674][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   88.191214][ T9225] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.198304][ T9225] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.205735][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   88.214351][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   88.222895][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.231422][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.240190][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   88.248882][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.257249][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   88.265191][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.284357][ T9219] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   88.295113][ T9219] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   88.314319][ T9220] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   88.325168][ T9220] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   88.337355][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.346568][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.355419][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.363768][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.372164][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   88.380574][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.388852][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.397271][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   88.405724][ T9225] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.412783][ T9225] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.420592][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.429299][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.437603][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.445764][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.454107][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.462298][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.471186][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   88.479795][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.489146][ T9218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[   88.519861][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   88.528321][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   88.536353][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   88.544213][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.553712][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   88.562557][ T9225] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.569730][ T9225] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.577700][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   88.586119][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   88.594917][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   88.603182][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.613091][ T9217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   88.631815][ T9219] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.650829][ T9220] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.699063][ T9218] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.740018][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   88.752110][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.762630][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.771556][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.780895][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.789857][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.895712][ T9221] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   88.922366][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   88.961624][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.976635][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
executing program
[   89.013483][ T9225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
executing program
executing program
executing program
[   89.140727][ T9217] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.284339][ T9221] 8021q: adding VLAN 0 to HW filter on device batadv0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  111.638794][T10126] 
[  111.641164][T10126] =========================
[  111.645651][T10126] WARNING: held lock freed!
[  111.650146][T10126] 5.2.0+ #59 Not tainted
[  111.654375][T10126] -------------------------
[  111.658870][T10126] syz-executor051/10126 is freeing memory ffff888093aa1340-ffff888093aa1b3f, with a lock still held there!
[  111.670219][T10126] 0000000041a2f918 (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0
[  111.678647][T10126] 2 locks held by syz-executor051/10126:
[  111.684262][T10126]  #0: 0000000012cd6f38 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x89/0x280
[  111.694248][T10126]  #1: 0000000041a2f918 (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0
[  111.703107][T10126] 
[  111.703107][T10126] stack backtrace:
[  111.708998][T10126] CPU: 1 PID: 10126 Comm: syz-executor051 Not tainted 5.2.0+ #59
[  111.716703][T10126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  111.726750][T10126] Call Trace:
[  111.730271][T10126]  dump_stack+0x172/0x1f0
[  111.734626][T10126]  debug_check_no_locks_freed.cold+0x9d/0xa9
[  111.740602][T10126]  ? trace_hardirqs_off+0x62/0x240
[  111.745712][T10126]  kfree+0xec/0x2c0
[  111.749526][T10126]  __sk_destruct+0x4f7/0x6e0
[  111.754112][T10126]  sk_destruct+0x86/0xa0
[  111.758352][T10126]  __sk_free+0xfb/0x360
[  111.762503][T10126]  sk_free+0x42/0x50
[  111.766399][T10126]  nr_destroy_socket+0x3ea/0x4b0
[  111.771334][T10126]  nr_release+0x347/0x3e0
[  111.775680][T10126]  __sock_release+0xce/0x280
[  111.780266][T10126]  sock_close+0x1e/0x30
[  111.784417][T10126]  __fput+0x2ff/0x890
[  111.788396][T10126]  ? __sock_release+0x280/0x280
[  111.793240][T10126]  ____fput+0x16/0x20
[  111.797219][T10126]  task_work_run+0x145/0x1c0
[  111.801808][T10126]  exit_to_usermode_loop+0x316/0x380
[  111.807092][T10126]  do_syscall_64+0x5a9/0x6a0
[  111.811676][T10126]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  111.817564][T10126] RIP: 0033:0x406d41
[  111.821453][T10126] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  111.841139][T10126] RSP: 002b:00007ffd14c0fb20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  111.849546][T10126] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000406d41
[  111.857516][T10126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  111.865480][T10126] RBP: 00007ffd14c0fb90 R08: 00000000006dbfb0 R09: 00000000006dbfb0
[  111.873450][T10126] R10: 00007ffd14c0fb50 R11: 0000000000000293 R12: 00000000006ddc60
[  111.881522][T10126] R13: 0000000000000064 R14: 0000000000000009 R15: 00000000006ddc6c
[  112.077727][ T9994] kobject: 'rx-0' (00000000ce90fada): kobject_cleanup, parent 00000000a5ab55db
[  112.117827][ T9994] kobject: 'rx-0' (00000000ce90fada): auto cleanup 'remove' event
[  112.196173][ T9994] kobject: 'rx-0' (00000000ce90fada): kobject_uevent_env
[  112.270241][ T9994] kobject: 'rx-0' (00000000ce90fada): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/rx-0'
[  112.381661][ T9994] kobject: 'rx-0' (00000000ce90fada): auto cleanup kobject_del
[  112.454481][ T9994] kobject: 'rx-0' (00000000ce90fada): calling ktype release
[  112.526970][ T9994] kobject: 'rx-0': free name
[  112.567108][ T9994] kobject: 'tx-0' (00000000cd7dabc1): kobject_cleanup, parent 00000000a5ab55db
[  112.645763][ T9994] kobject: 'tx-0' (00000000cd7dabc1): auto cleanup 'remove' event
[  112.716576][ T9994] kobject: 'tx-0' (00000000cd7dabc1): kobject_uevent_env
[  112.772886][ T9994] kobject: 'tx-0' (00000000cd7dabc1): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/tx-0'
[  112.883432][ T9994] kobject: 'tx-0' (00000000cd7dabc1): auto cleanup kobject_del
[  112.951407][ T9994] kobject: 'tx-0' (00000000cd7dabc1): calling ktype release
[  113.005840][ T9994] kobject: 'tx-0': free name
[  113.042697][ T9994] kobject: 'queues' (00000000a5ab55db): kobject_cleanup, parent 0000000008c32a9f
[  113.119906][ T9994] kobject: 'queues' (00000000a5ab55db): calling ktype release
[  113.175817][ T9994] kobject: 'queues' (00000000a5ab55db): kset_release
[  113.221059][ T9994] kobject: 'queues': free name
[  113.262836][ T9994] kobject: 'bcsf0' (00000000f5f35e2e): kobject_uevent_env
[  113.317257][ T9994] kobject: 'bcsf0' (00000000f5f35e2e): fill_kobj_path: path = '/devices/virtual/net/bcsf0'
[  113.437805][ T9994] kobject: 'bcsf0' (00000000f5f35e2e): kobject_cleanup, parent 0000000008c32a9f
[  113.471991][ T9994] kobject: 'bcsf0' (00000000f5f35e2e): calling ktype release
[  113.512246][ T9994] kobject: 'bcsf0': free name
executing program
[  113.535215][T10019] kobject: 'bcsf0' (00000000fcfbf0f1): kobject_add_internal: parent: 'net', set: 'devices'
[  113.574473][T10019] kobject: 'bcsf0' (00000000fcfbf0f1): kobject_uevent_env
[  113.611412][T10019] kobject: 'bcsf0' (00000000fcfbf0f1): fill_kobj_path: path = '/devices/virtual/net/bcsf0'
[  113.616449][T10126] ==================================================================
[  113.629478][T10126] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28a/0x2e0
[  113.636858][T10126] Read of size 4 at addr ffff888093aa13cc by task syz-executor051/10126
[  113.645198][T10126] 
[  113.647550][T10126] CPU: 0 PID: 10126 Comm: syz-executor051 Not tainted 5.2.0+ #59
[  113.655252][T10126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  113.657477][T10019] kobject: 'queues' (000000007a8a25aa): kobject_add_internal: parent: 'bcsf0', set: '<NULL>'
[  113.665390][T10126] Call Trace:
[  113.665410][T10126]  dump_stack+0x172/0x1f0
[  113.665424][T10126]  ? do_raw_spin_lock+0x28a/0x2e0
[  113.665439][T10126]  print_address_description.cold+0xd4/0x306
[  113.665447][T10126]  ? do_raw_spin_lock+0x28a/0x2e0
[  113.665462][T10126]  ? do_raw_spin_lock+0x28a/0x2e0
[  113.704172][T10126]  __kasan_report.cold+0x1b/0x36
[  113.709230][T10126]  ? do_raw_spin_lock+0x28a/0x2e0
[  113.714251][T10126]  kasan_report+0x12/0x20
[  113.718577][T10126]  __asan_report_load4_noabort+0x14/0x20
[  113.724204][T10126]  do_raw_spin_lock+0x28a/0x2e0
[  113.729052][T10126]  ? rwlock_bug.part.0+0x90/0x90
[  113.731193][T10019] kobject: 'queues' (000000007a8a25aa): kobject_uevent_env
[  113.733986][T10126]  ? lock_acquire+0x190/0x410
[  113.734000][T10126]  ? release_sock+0x20/0x1c0
[  113.734015][T10126]  ? __sk_free+0x100/0x360
[  113.754859][T10126]  _raw_spin_lock_bh+0x3b/0x50
[  113.759619][T10126]  ? release_sock+0x20/0x1c0
[  113.764205][T10126]  release_sock+0x20/0x1c0
[  113.764836][T10019] kobject: 'queues' (000000007a8a25aa): kobject_uevent_env: filter function caused the event to drop!
[  113.768617][T10126]  nr_release+0x303/0x3e0
[  113.768635][T10126]  __sock_release+0xce/0x280
[  113.768646][T10126]  sock_close+0x1e/0x30
[  113.768659][T10126]  __fput+0x2ff/0x890
[  113.768672][T10126]  ? __sock_release+0x280/0x280
[  113.768687][T10126]  ____fput+0x16/0x20
[  113.805481][T10126]  task_work_run+0x145/0x1c0
[  113.810074][T10126]  exit_to_usermode_loop+0x316/0x380
[  113.815355][T10126]  do_syscall_64+0x5a9/0x6a0
[  113.816161][T10019] kobject: 'rx-0' (00000000f0601dac): kobject_add_internal: parent: 'queues', set: 'queues'
[  113.819962][T10126]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  113.819972][T10126] RIP: 0033:0x406d41
[  113.819986][T10126] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  113.819992][T10126] RSP: 002b:00007ffd14c0fb20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  113.820004][T10126] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000406d41
[  113.820011][T10126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  113.820018][T10126] RBP: 00007ffd14c0fb90 R08: 00000000006dbfb0 R09: 00000000006dbfb0
[  113.820030][T10126] R10: 00007ffd14c0fb50 R11: 0000000000000293 R12: 00000000006ddc60
[  113.860480][T10019] kobject: 'rx-0' (00000000f0601dac): kobject_uevent_env
[  113.867787][T10126] R13: 0000000000000064 R14: 0000000000000009 R15: 00000000006ddc6c
[  113.867801][T10126] 
[  113.867808][T10126] Allocated by task 9218:
[  113.867821][T10126]  save_stack+0x23/0x90
[  113.867833][T10126]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  113.867848][T10126]  kasan_kmalloc+0x9/0x10
[  113.867858][T10126]  __kmalloc+0x163/0x780
[  113.867875][T10126]  sk_prot_alloc+0x23a/0x310
[  113.884116][T10019] kobject: 'rx-0' (00000000f0601dac): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/rx-0'
[  113.891759][T10126]  sk_alloc+0x39/0xf70
[  113.891773][T10126]  nr_rx_frame+0x733/0x1e80
[  113.891785][T10126]  nr_loopback_timer+0x7b/0x170
[  113.891797][T10126]  call_timer_fn+0x1ac/0x780
[  113.891808][T10126]  run_timer_softirq+0x697/0x17a0
[  113.891825][T10126]  __do_softirq+0x262/0x98c
[  113.914838][T10019] kobject: 'tx-0' (00000000ebe5f025): kobject_add_internal: parent: 'queues', set: 'queues'
[  113.915220][T10126] 
[  113.928081][T10019] kobject: 'tx-0' (00000000ebe5f025): kobject_uevent_env
[  113.931697][T10126] Freed by task 10126:
[  113.931712][T10126]  save_stack+0x23/0x90
[  113.931727][T10126]  __kasan_slab_free+0x102/0x150
[  113.943278][T10019] kobject: 'tx-0' (00000000ebe5f025): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/tx-0'
[  113.945129][T10126]  kasan_slab_free+0xe/0x10
[  113.945140][T10126]  kfree+0x10a/0x2c0
[  113.945157][T10126]  __sk_destruct+0x4f7/0x6e0
[  113.973922][T10019] kobject: 'brif' (000000002f301c8b): kobject_add_internal: parent: 'bcsf0', set: '<NULL>'
[  113.974096][T10126]  sk_destruct+0x86/0xa0
[  113.987079][T10019] kobject: 'batman_adv' (000000000d8519eb): kobject_add_internal: parent: 'bcsf0', set: '<NULL>'
[  113.993697][T10126]  __sk_free+0xfb/0x360
[  113.993708][T10126]  sk_free+0x42/0x50
[  113.993723][T10126]  nr_destroy_socket+0x3ea/0x4b0
[  113.993733][T10126]  nr_release+0x347/0x3e0
[  113.993744][T10126]  __sock_release+0xce/0x280
[  113.993757][T10126]  sock_close+0x1e/0x30
[  114.007469][T10014] kobject: 'brif' (000000002f301c8b): kobject_cleanup, parent 00000000fcfbf0f1
[  114.011245][T10126]  __fput+0x2ff/0x890
[  114.011255][T10126]  ____fput+0x16/0x20
[  114.011267][T10126]  task_work_run+0x145/0x1c0
[  114.011281][T10126]  exit_to_usermode_loop+0x316/0x380
[  114.011297][T10126]  do_syscall_64+0x5a9/0x6a0
[  114.016545][T10014] kobject: 'brif' (000000002f301c8b): auto cleanup kobject_del
[  114.027135][T10126]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  114.027140][T10126] 
[  114.027149][T10126] The buggy address belongs to the object at ffff888093aa1340
[  114.027149][T10126]  which belongs to the cache kmalloc-2k of size 2048
[  114.027159][T10126] The buggy address is located 140 bytes inside of
[  114.027159][T10126]  2048-byte region [ffff888093aa1340, ffff888093aa1b40)
[  114.027163][T10126] The buggy address belongs to the page:
[  114.027175][T10126] page:ffffea00024ea800 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0xffff888093aa0ac0 compound_mapcount: 0
[  114.027188][T10126] flags: 0x1fffc0000010200(slab|head)
[  114.027205][T10126] raw: 01fffc0000010200 ffffea0001c96d08 ffffea0002676a08 ffff8880aa400e00
[  114.051885][T10014] kobject: 'brif' (000000002f301c8b): calling ktype release
[  114.054415][T10126] raw: ffff888093aa0ac0 ffff888093aa0240 0000000100000001 0000000000000000
[  114.054421][T10126] page dumped because: kasan: bad access detected
[  114.054430][T10126] 
[  114.081779][T10014] kobject: (000000002f301c8b): dynamic_kobj_release
[  114.082236][T10126] Memory state around the buggy address:
[  114.094385][T10014] kobject: 'brif': free name
[  114.099858][T10126]  ffff888093aa1280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  114.099869][T10126]  ffff888093aa1300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  114.099877][T10126] >ffff888093aa1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.099882][T10126]                                               ^
[  114.099891][T10126]  ffff888093aa1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.099902][T10126]  ffff888093aa1480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.285131][T10126] ==================================================================
[  114.293234][T10126] Kernel panic - not syncing: panic_on_warn set ...
[  114.299821][T10126] CPU: 0 PID: 10126 Comm: syz-executor051 Tainted: G    B             5.2.0+ #59
[  114.309017][T10126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  114.319064][T10126] Call Trace:
[  114.322357][T10126]  dump_stack+0x172/0x1f0
[  114.326687][T10126]  panic+0x2dc/0x755
[  114.330578][T10126]  ? add_taint.cold+0x16/0x16
[  114.335254][T10126]  ? trace_hardirqs_on+0x5e/0x240
[  114.340274][T10126]  ? trace_hardirqs_on+0x5e/0x240
[  114.345297][T10126]  ? do_raw_spin_lock+0x28a/0x2e0
[  114.350369][T10126]  end_report+0x47/0x4f
[  114.354522][T10126]  ? do_raw_spin_lock+0x28a/0x2e0
[  114.359564][T10126]  __kasan_report.cold+0xe/0x36
[  114.364413][T10126]  ? do_raw_spin_lock+0x28a/0x2e0
[  114.369434][T10126]  kasan_report+0x12/0x20
[  114.373758][T10126]  __asan_report_load4_noabort+0x14/0x20
[  114.379391][T10126]  do_raw_spin_lock+0x28a/0x2e0
[  114.384236][T10126]  ? rwlock_bug.part.0+0x90/0x90
[  114.389165][T10126]  ? lock_acquire+0x190/0x410
[  114.393940][T10126]  ? release_sock+0x20/0x1c0
[  114.398529][T10126]  ? __sk_free+0x100/0x360
[  114.402947][T10126]  _raw_spin_lock_bh+0x3b/0x50
[  114.407708][T10126]  ? release_sock+0x20/0x1c0
[  114.412316][T10126]  release_sock+0x20/0x1c0
[  114.416846][T10126]  nr_release+0x303/0x3e0
[  114.421175][T10126]  __sock_release+0xce/0x280
[  114.425762][T10126]  sock_close+0x1e/0x30
[  114.429918][T10126]  __fput+0x2ff/0x890
[  114.433909][T10126]  ? __sock_release+0x280/0x280
[  114.438759][T10126]  ____fput+0x16/0x20
[  114.442740][T10126]  task_work_run+0x145/0x1c0
[  114.447332][T10126]  exit_to_usermode_loop+0x316/0x380
[  114.452616][T10126]  do_syscall_64+0x5a9/0x6a0
[  114.457206][T10126]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  114.463117][T10126] RIP: 0033:0x406d41
[  114.467005][T10126] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  114.486603][T10126] RSP: 002b:00007ffd14c0fb20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  114.495007][T10126] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000406d41
[  114.502976][T10126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  114.510938][T10126] RBP: 00007ffd14c0fb90 R08: 00000000006dbfb0 R09: 00000000006dbfb0
[  114.518993][T10126] R10: 00007ffd14c0fb50 R11: 0000000000000293 R12: 00000000006ddc60
[  114.527095][T10126] R13: 0000000000000064 R14: 0000000000000009 R15: 00000000006ddc6c
[  114.536241][T10126] Kernel Offset: disabled
[  114.540563][T10126] Rebooting in 86400 seconds..