[   79.876258][   T24] audit: type=1800 audit(1564596973.299:30): pid=10761 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   85.841301][   T24] kauditd_printk_skb: 4 callbacks suppressed
[   85.841315][   T24] audit: type=1400 audit(1564596979.299:35): avc:  denied  { map } for  pid=10940 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[  128.268512][   T24] audit: type=1400 audit(1564597021.729:36): avc:  denied  { map } for  pid=10951 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts.
[  133.407049][   T24] audit: type=1400 audit(1564597026.869:37): avc:  denied  { map } for  pid=10955 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/07/31 18:17:07 parsed 1 programs
[  134.425484][   T24] audit: type=1400 audit(1564597027.879:38): avc:  denied  { map } for  pid=10955 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=67 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/07/31 18:17:10 executed programs: 0
[  136.590011][T10975] IPVS: ftp: loaded support on port[0] = 21
[  136.601886][T10977] IPVS: ftp: loaded support on port[0] = 21
[  136.644561][T10984] IPVS: ftp: loaded support on port[0] = 21
[  136.644736][T10982] IPVS: ftp: loaded support on port[0] = 21
[  136.674763][T10980] IPVS: ftp: loaded support on port[0] = 21
[  136.683351][T10985] IPVS: ftp: loaded support on port[0] = 21
[  136.783226][T10975] chnl_net:caif_netlink_parms(): no params data found
[  136.820041][T10984] chnl_net:caif_netlink_parms(): no params data found
[  136.840344][T10975] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.847946][T10975] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.855733][T10975] device bridge_slave_0 entered promiscuous mode
[  136.864423][T10975] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.871612][T10975] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.879165][T10975] device bridge_slave_1 entered promiscuous mode
[  136.898472][T10977] chnl_net:caif_netlink_parms(): no params data found
[  136.917945][T10975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.928094][T10975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.968897][T10975] team0: Port device team_slave_0 added
[  136.977716][T10982] chnl_net:caif_netlink_parms(): no params data found
[  136.994740][T10984] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.002025][T10984] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.010369][T10984] device bridge_slave_0 entered promiscuous mode
[  137.018600][T10975] team0: Port device team_slave_1 added
[  137.024404][T10984] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.031663][T10984] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.039284][T10984] device bridge_slave_1 entered promiscuous mode
[  137.065028][T10977] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.072590][T10977] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.080433][T10977] device bridge_slave_0 entered promiscuous mode
[  137.097834][T10984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.133396][T10977] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.140791][T10977] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.148713][T10977] device bridge_slave_1 entered promiscuous mode
[  137.155648][T10982] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.162946][T10982] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.171525][T10982] device bridge_slave_0 entered promiscuous mode
[  137.179364][T10984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.196470][T10985] chnl_net:caif_netlink_parms(): no params data found
[  137.208080][T10982] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.215113][T10982] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.222746][T10982] device bridge_slave_1 entered promiscuous mode
[  137.270682][T10984] team0: Port device team_slave_0 added
[  137.317693][T10975] device hsr_slave_0 entered promiscuous mode
[  137.356357][T10975] device hsr_slave_1 entered promiscuous mode
[  137.402093][T10977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.415025][T10977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.424941][T10984] team0: Port device team_slave_1 added
[  137.439953][T10982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.450457][T10982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.465320][T10980] chnl_net:caif_netlink_parms(): no params data found
[  137.489224][T10982] team0: Port device team_slave_0 added
[  137.495578][T10977] team0: Port device team_slave_0 added
[  137.502439][T10977] team0: Port device team_slave_1 added
[  137.511001][T10985] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.518255][T10985] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.526903][T10985] device bridge_slave_0 entered promiscuous mode
[  137.534910][T10982] team0: Port device team_slave_1 added
[  137.557446][T10980] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.564623][T10980] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.573776][T10980] device bridge_slave_0 entered promiscuous mode
[  137.580861][T10985] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.588170][T10985] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.595698][T10985] device bridge_slave_1 entered promiscuous mode
[  137.677772][T10977] device hsr_slave_0 entered promiscuous mode
[  137.716464][T10977] device hsr_slave_1 entered promiscuous mode
[  137.786119][T10977] debugfs: Directory 'hsr0' with parent '/' already present!
[  137.795197][T10975] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.802284][T10975] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.809638][T10975] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.816697][T10975] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.827539][T10980] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.834585][T10980] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.842507][T10980] device bridge_slave_1 entered promiscuous mode
[  137.851058][T10985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.899317][T10984] device hsr_slave_0 entered promiscuous mode
[  137.936470][T10984] device hsr_slave_1 entered promiscuous mode
[  137.996118][T10984] debugfs: Directory 'hsr0' with parent '/' already present!
[  138.003956][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.011353][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.046920][T10985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.098700][T10982] device hsr_slave_0 entered promiscuous mode
[  138.136395][T10982] device hsr_slave_1 entered promiscuous mode
[  138.186114][T10982] debugfs: Directory 'hsr0' with parent '/' already present!
[  138.212441][T10985] team0: Port device team_slave_0 added
[  138.224539][T10980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.234546][T10985] team0: Port device team_slave_1 added
[  138.249187][T10980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.329157][T10985] device hsr_slave_0 entered promiscuous mode
[  138.386503][T10985] device hsr_slave_1 entered promiscuous mode
[  138.436074][T10985] debugfs: Directory 'hsr0' with parent '/' already present!
[  138.472301][T10980] team0: Port device team_slave_0 added
[  138.489149][T10977] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.497557][T10980] team0: Port device team_slave_1 added
[  138.527400][T10977] 8021q: adding VLAN 0 to HW filter on device team0
[  138.552465][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  138.560457][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  138.607913][T10980] device hsr_slave_0 entered promiscuous mode
[  138.656392][T10980] device hsr_slave_1 entered promiscuous mode
[  138.696403][T10980] debugfs: Directory 'hsr0' with parent '/' already present!
[  138.711772][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  138.721550][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  138.730255][ T3014] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.737368][ T3014] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.745049][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  138.753692][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  138.761989][ T3014] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.769031][ T3014] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.797296][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  138.805134][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  138.818724][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  138.830116][T10984] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.847327][T10975] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.871482][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  138.880024][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  138.903766][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  138.912525][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  138.921059][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  138.929878][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  138.938202][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  138.946512][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  138.954053][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  138.963613][T10975] 8021q: adding VLAN 0 to HW filter on device team0
[  138.980919][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  138.989423][T10992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  139.003461][T10982] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.015911][T10984] 8021q: adding VLAN 0 to HW filter on device team0
[  139.027827][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  139.038480][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.046877][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.053931][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.086247][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  139.094825][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.103951][ T3573] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.111066][ T3573] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.119504][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  139.128420][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  139.136714][ T3573] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.143749][ T3573] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.151422][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  139.160070][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  139.168533][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  139.177097][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  139.185385][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  139.193824][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  139.202033][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  139.210260][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  139.218439][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  139.227160][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  139.236605][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  139.244471][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  139.252362][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  139.260166][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  139.281942][T10975] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  139.292582][T10982] 8021q: adding VLAN 0 to HW filter on device team0
[  139.304777][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  139.314207][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  139.322827][ T3574] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.329921][ T3574] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.337710][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  139.359221][T10985] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.370039][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  139.379389][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  139.388521][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  139.397138][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  139.405583][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  139.414595][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  139.431170][T10977] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.455340][T10985] 8021q: adding VLAN 0 to HW filter on device team0
[  139.467845][T10980] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.484732][T10975] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.492141][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  139.501580][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.512779][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.519967][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.528006][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  139.536617][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  139.544839][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.551927][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.560081][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  139.568944][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  139.577258][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  139.585386][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  139.593336][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  139.601085][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  139.609341][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  139.617895][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  139.627212][T10984] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  139.660413][T10980] 8021q: adding VLAN 0 to HW filter on device team0
[  139.672913][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  139.687175][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  139.695657][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.704154][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.711227][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.719112][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  139.727718][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  139.735931][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.743018][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.750559][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  139.759184][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  139.766860][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  139.774467][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  139.786909][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  139.795644][ T3573] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  139.820777][T10984] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.828074][   T24] audit: type=1400 audit(1564597033.269:39): avc:  denied  { associate } for  pid=10975 comm="syz-executor.3" name="syz3" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[  139.863364][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  139.874858][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  139.883562][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  139.893418][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  139.901999][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  139.910763][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.919294][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.926385][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.933865][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  139.942880][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  139.951402][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  139.959914][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  139.968434][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  139.977598][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  139.985867][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.992951][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.001445][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  140.009874][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  140.033212][T10982] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  140.055292][T10982] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  140.072968][   T24] audit: type=1400 audit(1564597033.529:40): avc:  denied  { map_create } for  pid=11008 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  140.102231][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  140.112242][   T24] audit: type=1400 audit(1564597033.529:41): avc:  denied  { map_read map_write } for  pid=11008 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  140.117682][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  140.145304][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  140.155136][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  140.163795][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  140.172382][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  140.180908][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  140.197327][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  140.205743][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  140.216974][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  140.225446][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  140.234077][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  140.244514][T10985] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  140.272755][T10980] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  140.285475][T10980] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  140.325219][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  140.335526][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  140.352864][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  140.361687][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  140.370355][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  140.378833][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  140.387859][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  140.396076][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  140.406243][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  140.437466][T10982] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.479850][T10985] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.566610][T10980] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/07/31 18:17:15 executed programs: 51
2019/07/31 18:17:20 executed programs: 267
2019/07/31 18:17:25 executed programs: 477
2019/07/31 18:17:30 executed programs: 695
2019/07/31 18:17:35 executed programs: 913
2019/07/31 18:17:40 executed programs: 1132
2019/07/31 18:17:45 executed programs: 1352
2019/07/31 18:17:50 executed programs: 1569
2019/07/31 18:17:55 executed programs: 1780
2019/07/31 18:18:00 executed programs: 1992
2019/07/31 18:18:05 executed programs: 2195
2019/07/31 18:18:10 executed programs: 2398
2019/07/31 18:18:15 executed programs: 2598
2019/07/31 18:18:20 executed programs: 2796
2019/07/31 18:18:25 executed programs: 2999
2019/07/31 18:18:30 executed programs: 3204
2019/07/31 18:18:35 executed programs: 3412
2019/07/31 18:18:40 executed programs: 3619
2019/07/31 18:18:45 executed programs: 3834
2019/07/31 18:18:50 executed programs: 4030
2019/07/31 18:18:55 executed programs: 4232
2019/07/31 18:19:00 executed programs: 4430
2019/07/31 18:19:05 executed programs: 4621
2019/07/31 18:19:10 executed programs: 4821
2019/07/31 18:19:15 executed programs: 5033
2019/07/31 18:19:20 executed programs: 5232
2019/07/31 18:19:25 executed programs: 5417
2019/07/31 18:19:30 executed programs: 5607
2019/07/31 18:19:35 executed programs: 5791
2019/07/31 18:19:40 executed programs: 5980
2019/07/31 18:19:45 executed programs: 6188
2019/07/31 18:19:50 executed programs: 6391
2019/07/31 18:19:55 executed programs: 6579
2019/07/31 18:20:00 executed programs: 6771
2019/07/31 18:20:05 executed programs: 6958
2019/07/31 18:20:10 executed programs: 7138
2019/07/31 18:20:15 executed programs: 7350
2019/07/31 18:20:20 executed programs: 7556
2019/07/31 18:20:25 executed programs: 7748
2019/07/31 18:20:30 executed programs: 7938
2019/07/31 18:20:35 executed programs: 8119
2019/07/31 18:20:40 executed programs: 8303
2019/07/31 18:20:45 executed programs: 8500
2019/07/31 18:20:50 executed programs: 8704
2019/07/31 18:20:55 executed programs: 8894
2019/07/31 18:21:00 executed programs: 9079
2019/07/31 18:21:05 executed programs: 9251
2019/07/31 18:21:10 executed programs: 9426
2019/07/31 18:21:16 executed programs: 9618
2019/07/31 18:21:21 executed programs: 9835
2019/07/31 18:21:26 executed programs: 10036
2019/07/31 18:21:31 executed programs: 10227
2019/07/31 18:21:36 executed programs: 10406
2019/07/31 18:21:41 executed programs: 10586
[  411.224455][T20397] ==================================================================
[  411.232648][T20397] BUG: KASAN: use-after-free in sk_psock_unlink+0x3dd/0x4b0
[  411.241268][T20397] Read of size 4 at addr ffff888092afed58 by task syz-executor.5/20397
[  411.249525][T20397] 
[  411.251862][T20397] CPU: 0 PID: 20397 Comm: syz-executor.5 Not tainted 5.3.0-rc2+ #84
[  411.259835][T20397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  411.269886][T20397] Call Trace:
[  411.273363][T20397]  dump_stack+0x172/0x1f0
[  411.277716][T20397]  ? sk_psock_unlink+0x3dd/0x4b0
[  411.282715][T20397]  ? tcp_check_oom+0x560/0x560
[  411.287487][T20397]  print_address_description.cold+0xd4/0x306
[  411.293473][T20397]  ? sk_psock_unlink+0x3dd/0x4b0
[  411.298418][T20397]  ? sk_psock_unlink+0x3dd/0x4b0
[  411.304888][T20397]  ? tcp_check_oom+0x560/0x560
[  411.309661][T20397]  __kasan_report.cold+0x1b/0x36
[  411.314672][T20397]  ? swapgs_restore_regs_and_return_to_usermode+0x3b/0x40
[  411.321816][T20397]  ? sk_psock_unlink+0x3dd/0x4b0
[  411.326759][T20397]  kasan_report+0x12/0x17
[  411.331092][T20397]  __asan_report_load4_noabort+0x14/0x20
[  411.336726][T20397]  sk_psock_unlink+0x3dd/0x4b0
[  411.341490][T20397]  ? tcp_check_oom+0x560/0x560
[  411.341567][T20397]  tcp_bpf_remove+0x21/0x50
[  411.350779][T20397]  tcp_bpf_close+0x130/0x390
[  411.350831][T20397]  inet_release+0xed/0x200
[  411.350877][T20397]  inet6_release+0x53/0x80
[  411.364285][T20397]  __sock_release+0xce/0x280
[  411.364303][T20397]  sock_close+0x1e/0x30
[  411.373114][T20397]  __fput+0x2ff/0x890
[  411.377096][T20397]  ? __sock_release+0x280/0x280
[  411.377113][T20397]  ____fput+0x16/0x20
[  411.377126][T20397]  task_work_run+0x145/0x1c0
[  411.377145][T20397]  exit_to_usermode_loop+0x316/0x380
[  411.377161][T20397]  do_syscall_64+0x5a9/0x6a0
[  411.377181][T20397]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  411.386064][T20397] RIP: 0033:0x413511
[  411.386079][T20397] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  411.386087][T20397] RSP: 002b:00007ffd45fb0d20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  411.386099][T20397] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413511
[  411.386106][T20397] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  411.386114][T20397] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  411.386122][T20397] R10: 00007ffd45fb0e00 R11: 0000000000000293 R12: 000000000075bf20
[  411.386129][T20397] R13: 000000000006462d R14: 00000000007610a8 R15: ffffffffffffffff
[  411.386141][T20397] 
[  411.386148][T20397] Allocated by task 20403:
[  411.386161][T20397]  save_stack+0x23/0x90
[  411.386173][T20397]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  411.386190][T20397]  kasan_kmalloc+0x9/0x10
[  411.396066][T20397]  kmem_cache_alloc_trace+0x158/0x790
[  411.396081][T20397]  sock_map_alloc+0x1bb/0x3a0
[  411.396095][T20397]  __do_sys_bpf+0x475/0x42f0
[  411.396107][T20397]  __x64_sys_bpf+0x73/0xb0
[  411.396120][T20397]  do_syscall_64+0xfd/0x6a0
[  411.396131][T20397]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  411.396134][T20397] 
[  411.396154][T20397] Freed by task 12638:
[  411.430440][T20397]  save_stack+0x23/0x90
[  411.430453][T20397]  __kasan_slab_free+0x102/0x150
[  411.430464][T20397]  kasan_slab_free+0xe/0x10
[  411.430474][T20397]  kfree+0x10a/0x2c0
[  411.430486][T20397]  sock_map_free+0x22a/0x310
[  411.430500][T20397]  bpf_map_free_deferred+0xb3/0x100
[  411.430513][T20397]  process_one_work+0x9af/0x1740
[  411.430531][T20397]  worker_thread+0x98/0xe40
[  411.446885][T20397]  kthread+0x361/0x430
[  411.446897][T20397]  ret_from_fork+0x24/0x30
[  411.446901][T20397] 
[  411.446912][T20397] The buggy address belongs to the object at ffff888092afed40
[  411.446912][T20397]  which belongs to the cache kmalloc-512 of size 512
[  411.446923][T20397] The buggy address is located 24 bytes inside of
[  411.446923][T20397]  512-byte region [ffff888092afed40, ffff888092afef40)
[  411.446927][T20397] The buggy address belongs to the page:
[  411.446940][T20397] page:ffffea00024abf80 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0xffff888092afeac0
[  411.446950][T20397] flags: 0x1fffc0000000200(slab)
[  411.446968][T20397] raw: 01fffc0000000200 ffffea0002626f08 ffffea000243a008 ffff8880aa400a80
[  411.610983][T20397] raw: ffff888092afeac0 ffff888092afe0c0 0000000100000005 0000000000000000
[  411.610989][T20397] page dumped because: kasan: bad access detected
[  411.610993][T20397] 
[  411.610997][T20397] Memory state around the buggy address:
[  411.611008][T20397]  ffff888092afec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  411.611022][T20397]  ffff888092afec80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  411.640510][T20397] >ffff888092afed00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  411.640517][T20397]                                                     ^
[  411.640528][T20397]  ffff888092afed80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  411.640537][T20397]  ffff888092afee00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  411.640549][T20397] ==================================================================
[  411.662221][ T3909] kobject: 'loop1' (00000000e35ce371): kobject_uevent_env
[  411.686628][T20397] Kernel panic - not syncing: panic_on_warn set ...
[  411.711563][ T3909] kobject: 'loop1' (00000000e35ce371): fill_kobj_path: path = '/devices/virtual/block/loop1'
[  411.718802][T20397] CPU: 0 PID: 20397 Comm: syz-executor.5 Tainted: G    B             5.3.0-rc2+ #84
[  411.718811][T20397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  411.718815][T20397] Call Trace:
[  411.718838][T20397]  dump_stack+0x172/0x1f0
[  411.718856][T20397]  ? tcp_check_oom+0x560/0x560
[  411.718877][T20397]  panic+0x2dc/0x755
[  411.730056][ T3909] kobject: 'loop3' (0000000054b62edd): kobject_uevent_env
[  411.732559][T20397]  ? add_taint.cold+0x16/0x16
[  411.732577][T20397]  ? sk_psock_unlink+0x3dd/0x4b0
[  411.732597][T20397]  ? tcp_check_oom+0x560/0x560
[  411.742846][ T3909] kobject: 'loop3' (0000000054b62edd): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  411.752073][T20397]  ? preempt_schedule+0x4b/0x60
[  411.752090][T20397]  ? ___preempt_schedule+0x16/0x20
[  411.752103][T20397]  ? trace_hardirqs_on+0x5e/0x240
[  411.752119][T20397]  ? sk_psock_unlink+0x3dd/0x4b0
[  411.752133][T20397]  ? tcp_check_oom+0x560/0x560
[  411.752147][T20397]  end_report+0x47/0x4f
[  411.752160][T20397]  ? sk_psock_unlink+0x3dd/0x4b0
[  411.752179][T20397]  __kasan_report.cold+0xe/0x36
[  411.775299][ T3909] kobject: 'loop0' (000000004df27927): kobject_uevent_env
[  411.778445][T20397]  ? swapgs_restore_regs_and_return_to_usermode+0x3b/0x40
[  411.778460][T20397]  ? sk_psock_unlink+0x3dd/0x4b0
[  411.778476][T20397]  kasan_report+0x12/0x17
[  411.778491][T20397]  __asan_report_load4_noabort+0x14/0x20
[  411.778504][T20397]  sk_psock_unlink+0x3dd/0x4b0
[  411.778520][T20397]  ? tcp_check_oom+0x560/0x560
[  411.778530][T20397]  tcp_bpf_remove+0x21/0x50
[  411.778541][T20397]  tcp_bpf_close+0x130/0x390
[  411.778555][T20397]  inet_release+0xed/0x200
[  411.778575][T20397]  inet6_release+0x53/0x80
[  411.789850][ T3909] kobject: 'loop0' (000000004df27927): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  411.790344][T20397]  __sock_release+0xce/0x280
[  411.796782][ T3909] kobject: 'loop2' (000000002820c93f): kobject_uevent_env
[  411.800010][T20397]  sock_close+0x1e/0x30
[  411.800026][T20397]  __fput+0x2ff/0x890
[  411.800044][T20397]  ? __sock_release+0x280/0x280
[  411.813027][ T3909] kobject: 'loop2' (000000002820c93f): fill_kobj_path: path = '/devices/virtual/block/loop2'
[  411.815012][T20397]  ____fput+0x16/0x20
[  411.815027][T20397]  task_work_run+0x145/0x1c0
[  411.815050][T20397]  exit_to_usermode_loop+0x316/0x380
[  411.933558][ T3909] kobject: 'loop3' (0000000054b62edd): kobject_uevent_env
[  411.934991][T20397]  do_syscall_64+0x5a9/0x6a0
[  411.943258][ T3909] kobject: 'loop3' (0000000054b62edd): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  411.949955][T20397]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  411.949966][T20397] RIP: 0033:0x413511
[  411.949980][T20397] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  411.949987][T20397] RSP: 002b:00007ffd45fb0d20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  411.949999][T20397] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413511
[  411.950006][T20397] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  411.950014][T20397] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  411.950021][T20397] R10: 00007ffd45fb0e00 R11: 0000000000000293 R12: 000000000075bf20
[  411.950029][T20397] R13: 000000000006462d R14: 00000000007610a8 R15: ffffffffffffffff
[  411.955153][T20397] Kernel Offset: disabled
[  412.068784][T20397] Rebooting in 86400 seconds..