[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   73.627134][   T26] kauditd_printk_skb: 6 callbacks suppressed
[   73.627147][   T26] audit: type=1800 audit(1561122335.647:33): pid=9504 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   73.666831][   T26] audit: type=1800 audit(1561122335.647:34): pid=9504 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
[....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   77.361940][   T26] audit: type=1400 audit(1561122339.377:35): avc:  denied  { map } for  pid=9704 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.197' (ECDSA) to the list of known hosts.
[  105.356524][   T26] audit: type=1400 audit(1561122367.367:36): avc:  denied  { map } for  pid=9716 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/06/21 13:06:08 parsed 1 programs
[  106.334297][   T26] audit: type=1400 audit(1561122368.347:37): avc:  denied  { map } for  pid=9716 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15319 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/06/21 13:06:10 executed programs: 0
[  108.562937][ T9739] IPVS: ftp: loaded support on port[0] = 21
[  108.575201][ T9738] IPVS: ftp: loaded support on port[0] = 21
[  108.698964][ T9741] IPVS: ftp: loaded support on port[0] = 21
[  108.723244][ T9744] IPVS: ftp: loaded support on port[0] = 21
[  108.724886][ T9747] IPVS: ftp: loaded support on port[0] = 21
[  108.740935][ T9746] IPVS: ftp: loaded support on port[0] = 21
[  108.901320][ T9738] chnl_net:caif_netlink_parms(): no params data found
[  109.037251][ T9739] chnl_net:caif_netlink_parms(): no params data found
[  109.066421][ T9738] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.074152][ T9738] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.083237][ T9738] device bridge_slave_0 entered promiscuous mode
[  109.114657][ T9738] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.121965][ T9738] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.131126][ T9738] device bridge_slave_1 entered promiscuous mode
[  109.154373][ T9739] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.161705][ T9739] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.170571][ T9739] device bridge_slave_0 entered promiscuous mode
[  109.184250][ T9739] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.191512][ T9739] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.199780][ T9739] device bridge_slave_1 entered promiscuous mode
[  109.258679][ T9738] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  109.287674][ T9741] chnl_net:caif_netlink_parms(): no params data found
[  109.302404][ T9738] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  109.337502][ T9739] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  109.391821][ T9739] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  109.418997][ T9738] team0: Port device team_slave_0 added
[  109.465976][ T9738] team0: Port device team_slave_1 added
[  109.473942][ T9747] chnl_net:caif_netlink_parms(): no params data found
[  109.490548][ T9739] team0: Port device team_slave_0 added
[  109.502806][ T9744] chnl_net:caif_netlink_parms(): no params data found
[  109.538842][ T9741] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.546461][ T9741] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.554889][ T9741] device bridge_slave_0 entered promiscuous mode
[  109.564260][ T9739] team0: Port device team_slave_1 added
[  109.596356][ T9741] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.605083][ T9741] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.614360][ T9741] device bridge_slave_1 entered promiscuous mode
[  109.631594][ T9746] chnl_net:caif_netlink_parms(): no params data found
[  109.710445][ T9738] device hsr_slave_0 entered promiscuous mode
[  109.767294][ T9738] device hsr_slave_1 entered promiscuous mode
[  109.846794][ T9747] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.853955][ T9747] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.862246][ T9747] device bridge_slave_0 entered promiscuous mode
[  109.873360][ T9741] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  109.950511][ T9739] device hsr_slave_0 entered promiscuous mode
[  109.997313][ T9739] device hsr_slave_1 entered promiscuous mode
[  110.072460][ T9747] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.080662][ T9747] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.088728][ T9747] device bridge_slave_1 entered promiscuous mode
[  110.097379][ T9741] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  110.164111][ T9746] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.172817][ T9746] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.181079][ T9746] device bridge_slave_0 entered promiscuous mode
[  110.190544][ T9746] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.197693][ T9746] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.205825][ T9746] device bridge_slave_1 entered promiscuous mode
[  110.213327][ T9744] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.220609][ T9744] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.228330][ T9744] device bridge_slave_0 entered promiscuous mode
[  110.236322][ T9744] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.244138][ T9744] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.253073][ T9744] device bridge_slave_1 entered promiscuous mode
[  110.270514][ T9741] team0: Port device team_slave_0 added
[  110.278188][ T9747] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  110.306659][ T9741] team0: Port device team_slave_1 added
[  110.322516][ T9747] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  110.341428][ T9744] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  110.363927][ T9746] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  110.383837][ T9744] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  110.406504][ T9746] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  110.425402][ T9747] team0: Port device team_slave_0 added
[  110.488885][ T9741] device hsr_slave_0 entered promiscuous mode
[  110.527205][ T9741] device hsr_slave_1 entered promiscuous mode
[  110.603656][ T9747] team0: Port device team_slave_1 added
[  110.622576][ T9744] team0: Port device team_slave_0 added
[  110.632737][ T9744] team0: Port device team_slave_1 added
[  110.645235][ T9746] team0: Port device team_slave_0 added
[  110.675967][ T9746] team0: Port device team_slave_1 added
[  110.760334][ T9744] device hsr_slave_0 entered promiscuous mode
[  110.817397][ T9744] device hsr_slave_1 entered promiscuous mode
[  110.900140][ T9747] device hsr_slave_0 entered promiscuous mode
[  110.957305][ T9747] device hsr_slave_1 entered promiscuous mode
[  111.121492][ T9746] device hsr_slave_0 entered promiscuous mode
[  111.177224][ T9746] device hsr_slave_1 entered promiscuous mode
[  111.219760][ T9738] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.242361][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  111.251753][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  111.275180][ T9738] 8021q: adding VLAN 0 to HW filter on device team0
[  111.322989][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  111.333511][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  111.342438][ T2950] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.349671][ T2950] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.361555][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  111.373718][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  111.383057][ T2950] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.394933][ T2950] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.406048][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  111.446557][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  111.459716][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  111.468731][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  111.478477][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  111.499865][ T9739] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.516586][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  111.528623][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  111.539449][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  111.552963][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  111.565875][ T2950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  111.610813][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  111.623037][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  111.640122][ T9741] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.672978][ T9739] 8021q: adding VLAN 0 to HW filter on device team0
[  111.693549][ T9738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  111.702089][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  111.711846][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  111.733020][ T9746] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.760352][ T9744] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.775512][ T9741] 8021q: adding VLAN 0 to HW filter on device team0
[  111.785383][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  111.793691][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  111.802355][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  111.812204][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  111.821160][ T9750] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.828305][ T9750] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.836109][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  111.844264][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  111.855406][ T9746] 8021q: adding VLAN 0 to HW filter on device team0
[  111.881972][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  111.890204][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  111.899067][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  111.907766][ T9750] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.914829][ T9750] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.923076][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  111.931857][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  111.940873][ T9750] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.947992][ T9750] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.956419][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  111.995168][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  112.004258][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  112.014655][ T9750] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.021915][ T9750] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.029768][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  112.039141][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  112.049418][ T9750] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.056528][ T9750] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.065868][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  112.078231][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  112.090439][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  112.099251][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  112.108186][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  112.116468][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  112.125247][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  112.133682][ T9750] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.140813][ T9750] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.148412][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  112.157405][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  112.165785][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  112.174345][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  112.184070][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  112.192115][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  112.200568][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  112.213756][ T9738] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.223363][ T9747] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.244800][ T9746] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  112.263320][ T9746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  112.287454][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  112.296417][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  112.306380][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  112.316499][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  112.325257][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  112.333385][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  112.341622][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  112.350661][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  112.359747][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  112.369116][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  112.386312][ T9744] 8021q: adding VLAN 0 to HW filter on device team0
[  112.413247][ T9746] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.422826][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  112.437971][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  112.454299][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  112.463201][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  112.472733][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  112.481398][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  112.491511][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  112.503854][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.510994][ T3310] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.519271][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  112.527702][ T3310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  112.557415][   T26] audit: type=1400 audit(1561122374.567:38): avc:  denied  { associate } for  pid=9738 comm="syz-executor.2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[  112.588208][ T9755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  112.603781][ T9755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  112.613677][ T9755] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.620896][ T9755] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.635134][ T9755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  112.643877][ T9755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  112.652509][ T9755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  112.672946][ T9739] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  112.685289][ T9739] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  112.706981][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  112.715503][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  112.740311][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  112.752300][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  112.760873][   T26] audit: type=1400 audit(1561122374.777:39): avc:  denied  { map_create } for  pid=9766 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  112.771801][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  112.799982][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  112.823465][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  112.839351][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  112.847934][   T26] audit: type=1400 audit(1561122374.827:40): avc:  denied  { map_read map_write } for  pid=9766 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  112.890947][ T9741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  112.940264][ T9747] 8021q: adding VLAN 0 to HW filter on device team0
[  112.963211][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  112.971702][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  113.011993][ T9739] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.073077][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  113.092836][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  113.126579][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  113.136118][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  113.145250][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  113.154513][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  113.164829][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  113.173683][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  113.182578][ T9750] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.189712][ T9750] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.197441][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  113.205979][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  113.214554][ T9750] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.221668][ T9750] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.229439][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  113.239466][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  113.248015][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  113.261347][ T9744] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.273829][ T9744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  113.304352][ T9770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  113.348871][ T9770] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  113.364061][ T9770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  113.434165][ T9741] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.451069][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  113.474294][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  113.504201][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
2019/06/21 13:06:15 executed programs: 11
[  113.538175][ T9744] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.559184][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  113.593481][ T9750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  113.642349][ T9747] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  113.680037][ T9747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.737161][ T9806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  113.764423][ T9806] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  113.783053][ T9806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  113.792204][ T9806] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  113.802355][ T9806] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  113.848637][ T9747] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/06/21 13:06:20 executed programs: 156
2019/06/21 13:06:25 executed programs: 302
2019/06/21 13:06:30 executed programs: 437
2019/06/21 13:06:35 executed programs: 588
2019/06/21 13:06:40 executed programs: 741
2019/06/21 13:06:45 executed programs: 888
2019/06/21 13:06:50 executed programs: 1033
[  148.994282][T13883] ==================================================================
[  149.002679][T13883] BUG: KASAN: use-after-free in sk_psock_unlink+0x443/0x4b0
[  149.002703][T13883] Read of size 8 at addr ffff88808c9abb80 by task syz-executor.0/13883
[  149.002707][T13883] 
[  149.002720][T13883] CPU: 1 PID: 13883 Comm: syz-executor.0 Not tainted 5.2.0-rc5+ #31
[  149.002727][T13883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  149.002731][T13883] Call Trace:
[  149.002752][T13883]  dump_stack+0x172/0x1f0
[  149.002764][T13883]  ? sk_psock_unlink+0x443/0x4b0
[  149.002781][T13883]  ? tcp_check_oom+0x560/0x560
[  149.028844][T13883]  print_address_description.cold+0x7c/0x20d
[  149.028861][T13883]  ? sk_psock_unlink+0x443/0x4b0
[  149.028872][T13883]  ? sk_psock_unlink+0x443/0x4b0
[  149.028888][T13883]  ? tcp_check_oom+0x560/0x560
[  149.028902][T13883]  __kasan_report.cold+0x1b/0x40
[  149.028917][T13883]  ? sk_psock_unlink+0x443/0x4b0
[  149.028943][T13883]  kasan_report+0x12/0x20
[  149.091665][T13883]  __asan_report_load8_noabort+0x14/0x20
[  149.097401][T13883]  sk_psock_unlink+0x443/0x4b0
[  149.102177][T13883]  ? sk_psock_link_pop+0x186/0x1f0
[  149.107301][T13883]  ? tcp_check_oom+0x560/0x560
[  149.112077][T13883]  tcp_bpf_remove+0x21/0x50
[  149.116595][T13883]  tcp_bpf_close+0x130/0x390
[  149.121206][T13883]  inet_release+0xe0/0x1f0
[  149.125718][T13883]  inet6_release+0x53/0x80
[  149.130144][T13883]  __sock_release+0xce/0x2a0
[  149.130159][T13883]  sock_close+0x1b/0x30
[  149.130175][T13883]  __fput+0x2ff/0x890
[  149.130190][T13883]  ? __sock_release+0x2a0/0x2a0
[  149.130205][T13883]  ____fput+0x16/0x20
[  149.130219][T13883]  task_work_run+0x145/0x1c0
[  149.130243][T13883]  exit_to_usermode_loop+0x273/0x2c0
[  149.130263][T13883]  do_syscall_64+0x58e/0x680
[  149.166239][T13883]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  149.172233][T13883] RIP: 0033:0x412fb1
[  149.176144][T13883] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  149.195855][T13883] RSP: 002b:00007ffecd8c6510 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  149.204291][T13883] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000412fb1
[  149.212289][T13883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  149.220447][T13883] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff
[  149.228433][T13883] R10: 00007ffecd8c65f0 R11: 0000000000000293 R12: 00000000007610a8
[  149.236418][T13883] R13: 00000000000245b9 R14: 00000000000245e6 R15: 000000000075bfd4
[  149.244411][T13883] 
[  149.246759][T13883] Allocated by task 13888:
[  149.251279][T13883]  save_stack+0x23/0x90
[  149.255528][T13883]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  149.261168][T13883]  kasan_kmalloc+0x9/0x10
[  149.265510][T13883]  kmem_cache_alloc_trace+0x151/0x750
[  149.270888][T13883]  sock_hash_alloc+0x1e3/0x5b0
[  149.275662][T13883]  __do_sys_bpf+0x730/0x43d0
[  149.280258][T13883]  __x64_sys_bpf+0x73/0xb0
[  149.284679][T13883]  do_syscall_64+0xfd/0x680
[  149.289206][T13883]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  149.295092][T13883] 
[  149.297440][T13883] Freed by task 9874:
[  149.301430][T13883]  save_stack+0x23/0x90
[  149.305594][T13883]  __kasan_slab_free+0x102/0x150
[  149.310543][T13883]  kasan_slab_free+0xe/0x10
[  149.315057][T13883]  kfree+0xcf/0x220
[  149.318879][T13883]  sock_hash_free+0x327/0x4a0
[  149.323653][T13883]  bpf_map_free_deferred+0xb4/0xe0
[  149.328796][T13883]  process_one_work+0x989/0x1790
[  149.333736][T13883]  worker_thread+0x98/0xe40
[  149.338249][T13883]  kthread+0x354/0x420
[  149.342327][T13883]  ret_from_fork+0x24/0x30
[  149.346832][T13883] 
[  149.349251][T13883] The buggy address belongs to the object at ffff88808c9aba80
[  149.349251][T13883]  which belongs to the cache kmalloc-512 of size 512
[  149.363491][T13883] The buggy address is located 256 bytes inside of
[  149.363491][T13883]  512-byte region [ffff88808c9aba80, ffff88808c9abc80)
[  149.376765][T13883] The buggy address belongs to the page:
[  149.382582][T13883] page:ffffea0002326ac0 refcount:1 mapcount:0 mapping:ffff8880aa400940 index:0x0
[  149.391693][T13883] flags: 0x1fffc0000000200(slab)
[  149.391713][T13883] raw: 01fffc0000000200 ffffea00028eb188 ffffea00028c40c8 ffff8880aa400940
[  149.391727][T13883] raw: 0000000000000000 ffff88808c9ab080 0000000100000006 0000000000000000
[  149.391733][T13883] page dumped because: kasan: bad access detected
[  149.391736][T13883] 
[  149.391740][T13883] Memory state around the buggy address:
[  149.391751][T13883]  ffff88808c9aba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.391761][T13883]  ffff88808c9abb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.391771][T13883] >ffff88808c9abb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.391776][T13883]                    ^
[  149.391786][T13883]  ffff88808c9abc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.391795][T13883]  ffff88808c9abc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  149.391800][T13883] ==================================================================
[  149.391804][T13883] Disabling lock debugging due to kernel taint
[  149.499893][T13883] Kernel panic - not syncing: panic_on_warn set ...
[  149.506537][T13883] CPU: 1 PID: 13883 Comm: syz-executor.0 Tainted: G    B             5.2.0-rc5+ #31
[  149.516261][T13883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  149.526326][T13883] Call Trace:
[  149.529630][T13883]  dump_stack+0x172/0x1f0
[  149.534276][T13883]  ? tcp_check_oom+0x560/0x560
[  149.539199][T13883]  panic+0x2cb/0x744
[  149.542291][ T3879] kobject: 'loop3' (00000000156d4baf): kobject_uevent_env
[  149.543113][T13883]  ? __warn_printk+0xf3/0xf3
[  149.543135][T13883]  ? sk_psock_unlink+0x443/0x4b0
[  149.555729][ T3879] kobject: 'loop3' (00000000156d4baf): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  149.559747][T13883]  ? tcp_check_oom+0x560/0x560
[  149.559764][T13883]  ? preempt_schedule+0x4b/0x60
[  149.559780][T13883]  ? ___preempt_schedule+0x16/0x18
[  149.559794][T13883]  ? trace_hardirqs_on+0x5e/0x220
[  149.559810][T13883]  ? sk_psock_unlink+0x443/0x4b0
[  149.559823][T13883]  ? tcp_check_oom+0x560/0x560
[  149.559845][T13883]  end_report+0x47/0x4f
[  149.576502][ T3879] kobject: 'loop5' (0000000003c90292): kobject_uevent_env
[  149.579700][T13883]  ? sk_psock_unlink+0x443/0x4b0
[  149.579717][T13883]  __kasan_report.cold+0xe/0x40
[  149.579732][T13883]  ? sk_psock_unlink+0x443/0x4b0
[  149.579745][T13883]  kasan_report+0x12/0x20
[  149.579767][T13883]  __asan_report_load8_noabort+0x14/0x20
[  149.586021][ T3879] kobject: 'loop5' (0000000003c90292): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  149.590003][T13883]  sk_psock_unlink+0x443/0x4b0
[  149.590018][T13883]  ? sk_psock_link_pop+0x186/0x1f0
[  149.590034][T13883]  ? tcp_check_oom+0x560/0x560
[  149.590047][T13883]  tcp_bpf_remove+0x21/0x50
[  149.590059][T13883]  tcp_bpf_close+0x130/0x390
[  149.590076][T13883]  inet_release+0xe0/0x1f0
[  149.590097][T13883]  inet6_release+0x53/0x80
[  149.599418][ T3879] kobject: 'loop4' (000000007a37570b): kobject_uevent_env
[  149.599786][T13883]  __sock_release+0xce/0x2a0
[  149.599805][T13883]  sock_close+0x1b/0x30
[  149.604108][ T3879] kobject: 'loop4' (000000007a37570b): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  149.611237][T13883]  __fput+0x2ff/0x890
[  149.611253][T13883]  ? __sock_release+0x2a0/0x2a0
[  149.611266][T13883]  ____fput+0x16/0x20
[  149.611279][T13883]  task_work_run+0x145/0x1c0
[  149.611297][T13883]  exit_to_usermode_loop+0x273/0x2c0
[  149.611313][T13883]  do_syscall_64+0x58e/0x680
[  149.611335][T13883]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  149.628792][ T3879] kobject: 'loop1' (000000005967902c): kobject_uevent_env
[  149.630455][T13883] RIP: 0033:0x412fb1
[  149.630472][T13883] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  149.630486][T13883] RSP: 002b:00007ffecd8c6510 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  149.636593][ T3879] kobject: 'loop1' (000000005967902c): fill_kobj_path: path = '/devices/virtual/block/loop1'
[  149.646365][T13883] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000412fb1
[  149.646373][T13883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  149.646380][T13883] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff
[  149.646386][T13883] R10: 00007ffecd8c65f0 R11: 0000000000000293 R12: 00000000007610a8
[  149.646393][T13883] R13: 00000000000245b9 R14: 00000000000245e6 R15: 000000000075bfd4
[  149.647470][T13883] Kernel Offset: disabled
[  149.849756][T13883] Rebooting in 86400 seconds..