[   34.918657] audit: type=1800 audit(1583508111.785:33): pid=7220 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   34.946489] audit: type=1800 audit(1583508111.795:34): pid=7220 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.526944] random: sshd: uninitialized urandom read (32 bytes read)
[   36.866991] audit: type=1400 audit(1583508113.735:35): avc:  denied  { map } for  pid=7393 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   36.919094] random: sshd: uninitialized urandom read (32 bytes read)
[   37.643873] random: sshd: uninitialized urandom read (32 bytes read)
[ 1013.534280] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.140' (ECDSA) to the list of known hosts.
[ 1019.257211] random: sshd: uninitialized urandom read (32 bytes read)
[ 1019.478549] audit: type=1400 audit(1583509096.345:36): avc:  denied  { map } for  pid=7406 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2020/03/06 15:38:16 parsed 1 programs
[ 1020.323531] random: cc1: uninitialized urandom read (8 bytes read)
2020/03/06 15:38:18 executed programs: 0
[ 1021.121362] audit: type=1400 audit(1583509097.995:37): avc:  denied  { map } for  pid=7406 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15781 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[ 1021.165719] audit: type=1400 audit(1583509098.035:38): avc:  denied  { map } for  pid=7406 comm="syz-execprog" path="/root/syzkaller-shm782483826" dev="sda1" ino=16488 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[ 1021.441293] IPVS: ftp: loaded support on port[0] = 21
[ 1022.252542] chnl_net:caif_netlink_parms(): no params data found
[ 1022.305098] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1022.312930] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1022.320780] device bridge_slave_0 entered promiscuous mode
[ 1022.328436] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1022.335601] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1022.342846] device bridge_slave_1 entered promiscuous mode
[ 1022.359856] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1022.369840] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1022.388389] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 1022.396653] team0: Port device team_slave_0 added
[ 1022.402612] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 1022.410512] team0: Port device team_slave_1 added
[ 1022.425557] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1022.432732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1022.458804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1022.471045] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1022.477596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1022.503207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1022.513744] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 1022.521377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 1022.572580] device hsr_slave_0 entered promiscuous mode
[ 1022.640388] device hsr_slave_1 entered promiscuous mode
[ 1022.700879] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 1022.708974] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 1022.759497] audit: type=1400 audit(1583509099.625:39): avc:  denied  { create } for  pid=7423 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 1022.778479] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1022.784011] audit: type=1400 audit(1583509099.625:40): avc:  denied  { write } for  pid=7423 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 1022.790360] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1022.815958] audit: type=1400 audit(1583509099.625:41): avc:  denied  { read } for  pid=7423 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 1022.822585] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1022.852745] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1022.886886] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 1022.894670] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1022.903432] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 1022.913626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1022.933090] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1022.940443] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1022.950796] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 1022.957136] 8021q: adding VLAN 0 to HW filter on device team0
[ 1022.967460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1022.975524] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1022.981938] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1023.001192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1023.009493] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1023.016217] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1023.025060] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1023.033223] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1023.042230] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1023.051999] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1023.063248] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1023.075119] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 1023.081981] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1023.089080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1023.106999] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[ 1023.115925] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1023.123117] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1023.135293] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1023.200768] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[ 1023.211659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1023.251154] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[ 1023.258349] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[ 1023.265840] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[ 1023.273815] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1023.284172] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready
[ 1023.291022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1023.299054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1023.309192] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1023.316886] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1023.326565] device veth0_vlan entered promiscuous mode
[ 1023.336527] device veth1_vlan entered promiscuous mode
[ 1023.343457] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[ 1023.353335] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[ 1023.366176] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[ 1023.375877] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
[ 1023.383834] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1023.395824] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1023.404288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1023.413481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1023.424467] device veth0_macvtap entered promiscuous mode
[ 1023.431664] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[ 1023.442409] device veth1_macvtap entered promiscuous mode
[ 1023.448900] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
[ 1023.457933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[ 1023.468314] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[ 1023.478990] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[ 1023.487211] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1023.496150] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1023.503886] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1023.511482] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1023.519647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1023.529776] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[ 1023.536985] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1023.544942] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1023.553446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2020/03/06 15:38:23 executed programs: 89
2020/03/06 15:38:28 executed programs: 410
[ 1032.802505] NOHZ: local_softirq_pending 08
2020/03/06 15:38:33 executed programs: 732
2020/03/06 15:38:38 executed programs: 1058
2020/03/06 15:38:43 executed programs: 1387
2020/03/06 15:38:48 executed programs: 1712
[ 1053.273584] NOHZ: local_softirq_pending 08
2020/03/06 15:38:53 executed programs: 2042
2020/03/06 15:38:58 executed programs: 2362
2020/03/06 15:39:03 executed programs: 2683
2020/03/06 15:39:08 executed programs: 3011
2020/03/06 15:39:13 executed programs: 3328
2020/03/06 15:39:18 executed programs: 3651
2020/03/06 15:39:23 executed programs: 3972
[ 1090.690565] kasan: CONFIG_KASAN_INLINE enabled
[ 1090.695444] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 1090.702974] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 1090.709201] Modules linked in:
[ 1090.712396] CPU: 1 PID: 2698 Comm: kworker/1:2 Not tainted 4.14.172-syzkaller #0
[ 1090.720110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1090.729726] Workqueue: krxrpcd rxrpc_process_call
[ 1090.734593] task: ffff88809f8a02c0 task.stack: ffff88809f8a8000
[ 1090.740823] RIP: 0010:rxrpc_get_skb+0x5e/0x350
[ 1090.745541] RSP: 0018:ffff88809f8afc50 EFLAGS: 00010203
[ 1090.750904] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1090.758952] RDX: 000000000000001c RSI: 000000000000000a RDI: 00000000000000e4
[ 1090.766204] RBP: 000000000000000a R08: 0000000000004ede R09: ffffffff8a082fb0
[ 1090.773454] R10: ffff88809f8a0b90 R11: ffff88809f8a02c0 R12: 0000000000000000
[ 1090.780709] R13: ffff888098bfde50 R14: ffffffff8b04e520 R15: ffff888098bfdd18
[ 1090.787995] FS:  0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
[ 1090.796208] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1090.802344] CR2: 00007fba2f7bf4c0 CR3: 000000009b717000 CR4: 00000000001406e0
[ 1090.810694] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1090.818100] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1090.825363] Call Trace:
[ 1090.827938]  ? rxrpc_process_call+0x54f/0x1135
[ 1090.832508]  rxrpc_process_call+0x54f/0x1135
[ 1090.837128]  ? __lock_is_held+0xad/0x140
[ 1090.841301]  process_one_work+0x813/0x1540
[ 1090.845861]  ? pwq_dec_nr_in_flight+0x2b0/0x2b0
[ 1090.850534]  ? worker_thread+0x15d/0x1070
[ 1090.854764]  ? _raw_spin_unlock_irq+0x24/0x80
[ 1090.859248]  worker_thread+0x5d1/0x1070
[ 1090.863211]  ? process_one_work+0x1540/0x1540
[ 1090.867704]  kthread+0x30d/0x420
[ 1090.871083]  ? kthread_create_on_node+0xd0/0xd0
[ 1090.875763]  ret_from_fork+0x24/0x30
[ 1090.879477] Code: c0 e0 e4 04 8b 4c 0f 46 f0 e8 1f ca 9d fb f0 45 0f c1 26 48 8d bb e4 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 
[ 1090.899028] RIP: rxrpc_get_skb+0x5e/0x350 RSP: ffff88809f8afc50
[ 1090.905114] ---[ end trace 97355287158308e0 ]---
[ 1090.910259] Kernel panic - not syncing: Fatal exception in interrupt
[ 1090.918416] Kernel Offset: disabled
[ 1090.922675] Rebooting in 86400 seconds..