[   33.206354] audit: type=1800 audit(1565435115.524:33): pid=6834 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   33.233264] audit: type=1800 audit(1565435115.524:34): pid=6834 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   38.004065] random: sshd: uninitialized urandom read (32 bytes read)
[   38.409846] audit: type=1400 audit(1565435120.724:35): avc:  denied  { map } for  pid=7009 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   38.453903] random: sshd: uninitialized urandom read (32 bytes read)
[   39.010382] random: sshd: uninitialized urandom read (32 bytes read)
[   39.202644] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.220' (ECDSA) to the list of known hosts.
[   44.781479] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   44.903249] audit: type=1400 audit(1565435127.224:36): avc:  denied  { map } for  pid=7021 comm="syz-executor517" path="/root/syz-executor517345867" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.931593] ==================================================================
[   44.939113] BUG: KASAN: slab-out-of-bounds in bpf_skb_change_tail+0xa7f/0xba0
[   44.946374] Read of size 8 at addr ffff88809a6cd390 by task syz-executor517/7021
[   44.953993] 
[   44.955630] CPU: 0 PID: 7021 Comm: syz-executor517 Not tainted 4.14.138 #34
[   44.962706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.972046] Call Trace:
[   44.974624]  dump_stack+0x138/0x19c
[   44.978250]  ? bpf_skb_change_tail+0xa7f/0xba0
[   44.982821]  print_address_description.cold+0x7c/0x1dc
[   44.988082]  ? bpf_skb_change_tail+0xa7f/0xba0
[   44.992650]  kasan_report.cold+0xa9/0x2af
[   44.996789]  __asan_report_load8_noabort+0x14/0x20
[   45.001704]  bpf_skb_change_tail+0xa7f/0xba0
[   45.006149]  ? __lock_acquire+0x5f7/0x4620
[   45.010393]  ? build_skb+0x1f/0x160
[   45.014015]  ? bpf_prog_test_run_skb+0x157/0x9a0
[   45.018766]  ? SyS_bpf+0x749/0x38f3
[   45.022405]  bpf_prog_6b83fbf63565f5a7+0xf6b/0x1000
[   45.027416]  ? trace_hardirqs_on+0x10/0x10
[   45.031636]  ? trace_hardirqs_on+0x10/0x10
[   45.035856]  ? bpf_test_run+0x44/0x330
[   45.039727]  ? find_held_lock+0x35/0x130
[   45.043803]  ? bpf_test_run+0x44/0x330
[   45.047707]  ? lock_acquire+0x16f/0x430
[   45.051706]  ? check_preemption_disabled+0x3c/0x250
[   45.056819]  ? bpf_test_run+0xa8/0x330
[   45.060697]  ? bpf_prog_test_run_skb+0x6c2/0x9a0
[   45.065466]  ? bpf_test_init.isra.0+0xe0/0xe0
[   45.069952]  ? __bpf_prog_get+0x153/0x1a0
[   45.074093]  ? SyS_bpf+0x749/0x38f3
[   45.077704]  ? __do_page_fault+0x4e9/0xb80
[   45.081947]  ? bpf_test_init.isra.0+0xe0/0xe0
[   45.086422]  ? bpf_prog_get+0x20/0x20
[   45.090207]  ? lock_downgrade+0x6e0/0x6e0
[   45.094363]  ? up_read+0x1a/0x40
[   45.097713]  ? __do_page_fault+0x358/0xb80
[   45.101959]  ? bpf_prog_get+0x20/0x20
[   45.105764]  ? do_syscall_64+0x1e8/0x640
[   45.109804]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.114636]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.119986] 
[   45.121598] Allocated by task 0:
[   45.124951] (stack is not available)
[   45.128637] 
[   45.130243] Freed by task 0:
[   45.133280] (stack is not available)
[   45.136974] 
[   45.138581] The buggy address belongs to the object at ffff88809a6cd300
[   45.138581]  which belongs to the cache skbuff_head_cache of size 232
[   45.151739] The buggy address is located 144 bytes inside of
[   45.151739]  232-byte region [ffff88809a6cd300, ffff88809a6cd3e8)
[   45.163617] The buggy address belongs to the page:
[   45.168538] page:ffffea000269b340 count:1 mapcount:0 mapping:ffff88809a6cd080 index:0x0
[   45.176664] flags: 0x1fffc0000000100(slab)
[   45.180905] raw: 01fffc0000000100 ffff88809a6cd080 0000000000000000 000000010000000c
[   45.188774] raw: ffffea000200dea0 ffff8880a9e67648 ffff88821b75f240 0000000000000000
[   45.196631] page dumped because: kasan: bad access detected
[   45.202334] 
[   45.203937] Memory state around the buggy address:
[   45.208850]  ffff88809a6cd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   45.216188]  ffff88809a6cd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   45.223543] >ffff88809a6cd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   45.230965]                          ^
[   45.234847]  ffff88809a6cd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   45.242298]  ffff88809a6cd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   45.249638] ==================================================================
[   45.256979] Disabling lock debugging due to kernel taint
[   45.262553] Kernel panic - not syncing: panic_on_warn set ...
[   45.262553] 
[   45.269935] CPU: 0 PID: 7021 Comm: syz-executor517 Tainted: G    B           4.14.138 #34
[   45.278230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.287567] Call Trace:
[   45.290147]  dump_stack+0x138/0x19c
[   45.293771]  ? bpf_skb_change_tail+0xa7f/0xba0
[   45.298329]  panic+0x1f2/0x426
[   45.301498]  ? add_taint.cold+0x16/0x16
[   45.305457]  kasan_end_report+0x47/0x4f
[   45.309410]  kasan_report.cold+0x130/0x2af
[   45.313628]  __asan_report_load8_noabort+0x14/0x20
[   45.318534]  bpf_skb_change_tail+0xa7f/0xba0
[   45.322922]  ? __lock_acquire+0x5f7/0x4620
[   45.327132]  ? build_skb+0x1f/0x160
[   45.330741]  ? bpf_prog_test_run_skb+0x157/0x9a0
[   45.335489]  ? SyS_bpf+0x749/0x38f3
[   45.339127]  bpf_prog_6b83fbf63565f5a7+0xf6b/0x1000
[   45.344131]  ? trace_hardirqs_on+0x10/0x10
[   45.348367]  ? trace_hardirqs_on+0x10/0x10
[   45.352582]  ? bpf_test_run+0x44/0x330
[   45.356470]  ? find_held_lock+0x35/0x130
[   45.360516]  ? bpf_test_run+0x44/0x330
[   45.364387]  ? lock_acquire+0x16f/0x430
[   45.368348]  ? check_preemption_disabled+0x3c/0x250
[   45.373353]  ? bpf_test_run+0xa8/0x330
[   45.377235]  ? bpf_prog_test_run_skb+0x6c2/0x9a0
[   45.382177]  ? bpf_test_init.isra.0+0xe0/0xe0
[   45.386665]  ? __bpf_prog_get+0x153/0x1a0
[   45.390792]  ? SyS_bpf+0x749/0x38f3
[   45.394399]  ? __do_page_fault+0x4e9/0xb80
[   45.398611]  ? bpf_test_init.isra.0+0xe0/0xe0
[   45.403107]  ? bpf_prog_get+0x20/0x20
[   45.406889]  ? lock_downgrade+0x6e0/0x6e0
[   45.411016]  ? up_read+0x1a/0x40
[   45.414361]  ? __do_page_fault+0x358/0xb80
[   45.418587]  ? bpf_prog_get+0x20/0x20
[   45.422374]  ? do_syscall_64+0x1e8/0x640
[   45.426445]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.431282]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.437905] Kernel Offset: disabled
[   45.441534] Rebooting in 86400 seconds..