Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   50.622827] sshd (8493) used greatest stack depth: 19480 bytes left
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   54.667898] kauditd_printk_skb: 4 callbacks suppressed
[   54.667913] audit: type=1400 audit(1546626116.718:35): avc:  denied  { map } for  pid=8600 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts.
[   84.599625] audit: type=1400 audit(1546626146.648:36): avc:  denied  { map } for  pid=8612 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/01/04 18:22:27 parsed 1 programs
[   85.357742] audit: type=1400 audit(1546626147.408:37): avc:  denied  { map } for  pid=8612 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1115 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/01/04 18:22:28 executed programs: 0
[   86.977224] IPVS: ftp: loaded support on port[0] = 21
[   87.043519] chnl_net:caif_netlink_parms(): no params data found
[   87.080519] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.087972] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.095342] device bridge_slave_0 entered promiscuous mode
[   87.102463] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.108901] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.115850] device bridge_slave_1 entered promiscuous mode
[   87.132080] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   87.141601] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   87.159744] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   87.167553] team0: Port device team_slave_0 added
[   87.172910] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   87.180152] team0: Port device team_slave_1 added
[   87.185383] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   87.192603] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   87.275771] device hsr_slave_0 entered promiscuous mode
[   87.354041] device hsr_slave_1 entered promiscuous mode
[   87.434249] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   87.441118] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   87.455817] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.462206] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.469080] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.475495] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.511200] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   87.517817] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.526514] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   87.536211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.546040] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.553407] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.561597] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   87.572457] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   87.578825] 8021q: adding VLAN 0 to HW filter on device team0
[   87.587288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.595510] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.601873] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.624915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.632447] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.638840] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.646991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   87.654857] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   87.662391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   87.670340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   87.678425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   87.686266] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   87.692255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   87.706285] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   87.718163] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.728294] audit: type=1400 audit(1546626149.778:38): avc:  denied  { associate } for  pid=8625 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2019/01/04 18:22:34 executed programs: 139
[   94.512761] 
[   94.514423] =====================================
[   94.519237] WARNING: bad unlock balance detected!
[   94.524058] 4.20.0+ #9 Not tainted
[   94.527577] -------------------------------------
[   94.532392] syz-executor0/10396 is trying to release lock (&file->mut) at:
[   94.539394] [<ffffffff85acdc69>] ucma_destroy_id+0x269/0x540
[   94.545165] but there are no more locks to release!
[   94.550155] 
[   94.550155] other info that might help us debug this:
[   94.556832] 1 lock held by syz-executor0/10396:
[   94.561487]  #0: 000000008fb5d1c5 (&file->mut){+.+.}, at: ucma_destroy_id+0x209/0x540
[   94.569438] 
[   94.569438] stack backtrace:
[   94.573913] CPU: 0 PID: 10396 Comm: syz-executor0 Not tainted 4.20.0+ #9
[   94.580728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.590077] Call Trace:
[   94.592683]  dump_stack+0x1db/0x2d0
[   94.596324]  ? dump_stack_print_info.cold+0x20/0x20
[   94.601320]  ? ucma_destroy_id+0x269/0x540
[   94.605576]  ? print_tainted+0x176/0x1e0
[   94.609632]  ? vprintk_func+0x86/0x189
[   94.613503]  ? ucma_destroy_id+0x269/0x540
[   94.617730]  print_unlock_imbalance_bug.cold+0xd0/0xdf
[   94.623003]  ? ucma_destroy_id+0x269/0x540
[   94.627219]  lock_release+0x77a/0xc40
[   94.631007]  ? lock_downgrade+0x910/0x910
[   94.635141]  ? __radix_tree_delete+0x27e/0x4e0
[   94.639738]  ? idr_preload+0x50/0x50
[   94.643443]  ? __radix_tree_lookup+0x3aa/0x4f0
[   94.648008]  __mutex_unlock_slowpath+0xe9/0x870
[   94.652682]  ? wait_for_completion+0x810/0x810
[   94.657249]  mutex_unlock+0xd/0x10
[   94.660771]  ucma_destroy_id+0x269/0x540
[   94.664815]  ? ucma_close+0x320/0x320
[   94.668618]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   94.674151]  ? _copy_from_user+0xdd/0x150
[   94.678286]  ucma_write+0x36b/0x480
[   94.681912]  ? ucma_close+0x320/0x320
[   94.685696]  ? ucma_open+0x400/0x400
[   94.689422]  ? __might_fault+0x12b/0x1e0
[   94.693466]  ? arch_local_save_flags+0x50/0x50
[   94.698041]  ? find_held_lock+0x35/0x120
[   94.702103]  __vfs_write+0x116/0xb40
[   94.705837]  ? ucma_open+0x400/0x400
[   94.709550]  ? kernel_read+0x120/0x120
[   94.713419]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   94.718940]  ? __inode_security_revalidate+0xda/0x120
[   94.724111]  ? avc_policy_seqno+0xd/0x70
[   94.728161]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   94.733158]  ? selinux_file_permission+0x92/0x550
[   94.737983]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.743524]  ? security_file_permission+0x94/0x320
[   94.748454]  ? rw_verify_area+0x118/0x360
[   94.752585]  vfs_write+0x20c/0x580
[   94.756123]  ksys_write+0x105/0x260
[   94.759733]  ? __ia32_sys_read+0xb0/0xb0
[   94.763778]  ? trace_hardirqs_off_caller+0x300/0x300
[   94.768879]  ? ret_from_fork+0x15/0x50
[   94.772747]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   94.777483]  __x64_sys_write+0x73/0xb0
[   94.781352]  do_syscall_64+0x1a3/0x800
[   94.785221]  ? syscall_return_slowpath+0x5f0/0x5f0
[   94.790133]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   94.795145]  ? __switch_to_asm+0x34/0x70
[   94.799188]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   94.804016]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.809187] RIP: 0033:0x457ec9
[   94.812363] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   94.831247] RSP: 002b:00007fe028b73c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   94.838940] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9
[   94.846194] RDX: 0000000000000018 RSI: 00000000200002c0 RDI: 0000000000000005
[   94.853445] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[   94.860707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe028b746d4
[   94.867959] R13: 00000000004cd3c8 R14: 00000000004dc1c0 R15: 00000000ffffffff