[   29.983287] audit: type=1800 audit(1562141008.106:33): pid=6751 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   30.010641] audit: type=1800 audit(1562141008.106:34): pid=6751 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.059577] random: sshd: uninitialized urandom read (32 bytes read)
[   34.419193] audit: type=1400 audit(1562141012.536:35): avc:  denied  { map } for  pid=6924 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   34.469466] random: sshd: uninitialized urandom read (32 bytes read)
[   35.062924] random: sshd: uninitialized urandom read (32 bytes read)
[   35.250313] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts.
[   40.773015] random: sshd: uninitialized urandom read (32 bytes read)
[   40.953744] audit: type=1400 audit(1562141019.076:36): avc:  denied  { map } for  pid=6937 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/07/03 08:03:40 parsed 1 programs
[   41.886696] audit: type=1400 audit(1562141020.006:37): avc:  denied  { map } for  pid=6937 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=25 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   42.456408] random: cc1: uninitialized urandom read (8 bytes read)
2019/07/03 08:03:41 executed programs: 0
[   44.100240] IPVS: ftp: loaded support on port[0] = 21
[   44.407310] chnl_net:caif_netlink_parms(): no params data found
[   44.436755] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.443399] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.450753] device bridge_slave_0 entered promiscuous mode
[   44.457496] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.463959] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.471028] device bridge_slave_1 entered promiscuous mode
[   44.484965] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   44.493808] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   44.508573] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   44.516452] team0: Port device team_slave_0 added
[   44.521846] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   44.528807] team0: Port device team_slave_1 added
[   44.534058] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.541241] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.602051] device hsr_slave_0 entered promiscuous mode
[   44.670296] device hsr_slave_1 entered promiscuous mode
[   44.720598] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   44.727427] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   44.739996] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.746424] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.753301] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.759629] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.786262] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   44.792362] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.799706] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.807917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.826311] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.833302] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.844098] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   44.850309] 8021q: adding VLAN 0 to HW filter on device team0
[   44.858187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.865928] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.872283] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.891592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.899172] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.905543] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.912567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.920067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.927489] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.935298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.943295] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   44.949280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   44.956355] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   44.967732] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   44.976773] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.400953] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   46.171802] hsr_addr_subst_dest: Unknown node
[   46.176519] ------------[ cut here ]------------
[   46.181269] WARNING: CPU: 1 PID: 6970 at net/hsr/hsr_framereg.c:313 hsr_addr_subst_dest.cold+0x45/0x4f
[   46.190688] Kernel panic - not syncing: panic_on_warn set ...
[   46.190688] 
[   46.198027] CPU: 1 PID: 6970 Comm: syz-executor.0 Not tainted 4.14.131 #25
[   46.205054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.214387] Call Trace:
[   46.216963]  dump_stack+0x138/0x19c
[   46.220583]  panic+0x1f2/0x426
[   46.223751]  ? add_taint.cold+0x16/0x16
[   46.227701]  ? hsr_addr_subst_dest.cold+0x45/0x4f
[   46.232521]  ? hsr_addr_subst_dest.cold+0x45/0x4f
[   46.237341]  __warn.cold+0x2f/0x36
[   46.240866]  ? ist_end_non_atomic+0x10/0x10
[   46.245168]  ? hsr_addr_subst_dest.cold+0x45/0x4f
[   46.250046]  report_bug+0x216/0x254
[   46.253654]  do_error_trap+0x1bb/0x310
[   46.257520]  ? math_error+0x360/0x360
[   46.261298]  ? vprintk_emit+0x171/0x600
[   46.265258]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.270081]  do_invalid_op+0x1b/0x20
[   46.273774]  invalid_op+0x1b/0x40
[   46.277205] RIP: 0010:hsr_addr_subst_dest.cold+0x45/0x4f
[   46.282723] RSP: 0018:ffff8880803b74f8 EFLAGS: 00010286
[   46.288069] RAX: 0000000000000021 RBX: dffffc0000000000 RCX: 0000000000000000
[   46.295336] RDX: 0000000000000000 RSI: ffffffff866d0ca0 RDI: ffffed1010076e95
[   46.302585] RBP: ffff8880803b7538 R08: 0000000000000021 R09: 0000000000000000
[   46.309838] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a175eca0
[   46.317092] R13: 0000000000000000 R14: ffff8880a175eca0 R15: 0000000000005e6f
[   46.324357]  ? hsr_addr_subst_dest.cold+0x45/0x4f
[   46.329180]  hsr_forward_skb+0x1025/0x1940
[   46.333403]  hsr_dev_xmit+0x72/0xa0
[   46.337020]  dev_hard_start_xmit+0x18c/0x8b0
[   46.341412]  ? check_preemption_disabled+0x30/0x250
[   46.346407]  __dev_queue_xmit+0x1d95/0x25e0
[   46.350722]  ? netdev_pick_tx+0x300/0x300
[   46.354855]  ? skb_copy_datagram_from_iter+0x3b7/0x5b0
[   46.360108]  ? lock_downgrade+0x6e0/0x6e0
[   46.364233]  dev_queue_xmit+0x18/0x20
[   46.368011]  ? dev_queue_xmit+0x18/0x20
[   46.371962]  packet_sendmsg+0x328f/0x5920
[   46.376086]  ? avc_has_perm_noaudit+0x420/0x420
[   46.380760]  ? kasan_check_write+0x14/0x20
[   46.384975]  ? _copy_from_user+0x99/0x110
[   46.389113]  ? rw_copy_check_uvector+0x1f1/0x290
[   46.393852]  ? packet_notifier+0x760/0x760
[   46.398064]  ? copy_msghdr_from_user+0x292/0x3f0
[   46.402808]  ? security_socket_sendmsg+0x89/0xb0
[   46.407540]  ? packet_notifier+0x760/0x760
[   46.411752]  sock_sendmsg+0xce/0x110
[   46.415441]  ___sys_sendmsg+0x349/0x840
[   46.419393]  ? copy_msghdr_from_user+0x3f0/0x3f0
[   46.424125]  ? find_held_lock+0x35/0x130
[   46.428181]  ? __fget+0x210/0x370
[   46.431624]  ? lock_downgrade+0x6e0/0x6e0
[   46.435754]  ? __fget+0x237/0x370
[   46.439189]  ? __fget_light+0x172/0x1f0
[   46.443142]  ? __fdget+0x1b/0x20
[   46.446491]  ? sockfd_lookup_light+0xb4/0x160
[   46.450967]  __sys_sendmmsg+0x152/0x3a0
[   46.454918]  ? SyS_sendmsg+0x50/0x50
[   46.458617]  ? kasan_check_read+0x11/0x20
[   46.462757]  ? _copy_to_user+0x87/0xd0
[   46.466642]  ? put_timespec64+0xb4/0x100
[   46.470687]  ? nsecs_to_jiffies+0x30/0x30
[   46.474823]  ? SyS_clock_gettime+0xf8/0x180
[   46.479125]  SyS_sendmmsg+0x35/0x60
[   46.482727]  ? __sys_sendmmsg+0x3a0/0x3a0
[   46.486859]  do_syscall_64+0x1e8/0x640
[   46.490719]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.495538]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   46.500705] RIP: 0033:0x4597c9
[   46.503869] RSP: 002b:00007f72e1966c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   46.511554] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004597c9
[   46.518804] RDX: 0000000000000001 RSI: 0000000020004e80 RDI: 0000000000000003
[   46.526063] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[   46.533309] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f72e19676d4
[   46.540553] R13: 00000000004c6df8 R14: 00000000004dc140 R15: 00000000ffffffff
[   46.549038] Kernel Offset: disabled
[   46.552710] Rebooting in 86400 seconds..