[   80.259435][   T27] audit: type=1800 audit(1584955284.498:40): pid=10302 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   84.674900][   T27] audit: type=1400 audit(1584955288.938:41): avc:  denied  { map } for  pid=10478 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts.
[   91.481168][   T27] audit: type=1400 audit(1584955295.738:42): avc:  denied  { map } for  pid=10490 comm="syz-executor103" path="/root/syz-executor103391739" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   91.499601][T10491] IPVS: ftp: loaded support on port[0] = 21
executing program
[   91.544150][   T27] audit: type=1400 audit(1584955295.808:43): avc:  denied  { create } for  pid=10491 comm="syz-executor103" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   91.570480][   T27] audit: type=1400 audit(1584955295.808:44): avc:  denied  { write } for  pid=10491 comm="syz-executor103" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   91.570594][T10491] general protection fault, probably for non-canonical address 0xe00d898eadcf2e8e: 0000 [#1] PREEMPT SMP KASAN
[   91.595511][   T27] audit: type=1400 audit(1584955295.808:45): avc:  denied  { read } for  pid=10491 comm="syz-executor103" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   91.606840][T10491] KASAN: maybe wild-memory-access in range [0x006c6c756e797470-0x006c6c756e797477]
[   91.606853][T10491] CPU: 0 PID: 10491 Comm: syz-executor103 Not tainted 5.6.0-rc6-syzkaller #0
[   91.606858][T10491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.606876][T10491] RIP: 0010:tcf_action_destroy+0x94/0x150
[   91.606893][T10491] Code: 42 80 3c 28 00 0f 85 ae 00 00 00 4c 8b 3b 4d 85 ff 0f 84 8b 00 00 00 e8 7a d3 46 fb 4c 89 f8 48 c7 03 00 00 00 00 48 c1 e8 03 <42> 80 3c 28 00 0f 85 91 00 00 00 49 8b 07 31 ff 44 89 f6 48 89 04
[   91.695601][T10491] RSP: 0018:ffffc900029c7028 EFLAGS: 00010207
[   91.705384][T10491] RAX: 000d8d8eadcf2e8e RBX: ffffffff885ee6c0 RCX: 0000000000000000
[   91.713604][T10491] RDX: 0000000000000000 RSI: ffffffff862b51a6 RDI: ffffffff885ee6c0
[   91.722408][T10491] RBP: 0000000000000000 R08: ffff88808f07c340 R09: ffffed1015cc7074
[   91.730484][T10491] R10: ffffed1015cc7073 R11: ffff8880ae63839b R12: 0000000000000000
[   91.738664][T10491] R13: dffffc0000000000 R14: 0000000000000001 R15: 006c6c756e797474
[   91.746927][T10491] FS:  0000000000fe2940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   91.757157][T10491] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   91.764156][T10491] CR2: 0000000020000280 CR3: 0000000097d6f000 CR4: 00000000001406f0
[   91.772212][T10491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   91.780166][T10491] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   91.788121][T10491] Call Trace:
[   91.791492][T10491]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   91.798321][T10491]  tcf_exts_destroy+0x42/0xc0
[   91.802993][T10491]  tcf_exts_change+0xf4/0x150
[   91.807803][T10491]  ? tcf_exts_destroy+0xc0/0xc0
[   91.813191][T10491]  tcindex_set_parms+0xed8/0x1a00
[   91.818211][T10491]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   91.824609][T10491]  ? mark_held_locks+0xe0/0xe0
[   91.829368][T10491]  ? nla_memcpy+0xa0/0xa0
[   91.833690][T10491]  ? tcindex_change+0x203/0x2e0
[   91.838690][T10491]  tcindex_change+0x203/0x2e0
[   91.844238][T10491]  ? tcindex_set_parms+0x1a00/0x1a00
[   91.850200][T10491]  tc_new_tfilter+0xa59/0x20b0
[   91.854974][T10491]  ? tcindex_set_parms+0x1a00/0x1a00
[   91.860250][T10491]  ? tc_del_tfilter+0x1430/0x1430
[   91.865485][T10491]  ? __lock_acquire+0x80b/0x3ca0
[   91.870441][T10491]  ? rcu_read_lock_held+0x9c/0xb0
[   91.875463][T10491]  ? tc_del_tfilter+0x1430/0x1430
[   91.880481][T10491]  rtnetlink_rcv_msg+0x810/0xad0
[   91.885403][T10491]  ? rtnl_bridge_getlink+0x880/0x880
[   91.890671][T10491]  ? mark_held_locks+0xe0/0xe0
[   91.896959][T10491]  ? netlink_deliver_tap+0x146/0xb50
[   91.902851][T10491]  netlink_rcv_skb+0x15a/0x410
[   91.907702][T10491]  ? rtnl_bridge_getlink+0x880/0x880
[   91.912974][T10491]  ? netlink_ack+0xa80/0xa80
[   91.917565][T10491]  netlink_unicast+0x537/0x740
[   91.922327][T10491]  ? netlink_attachskb+0x810/0x810
[   91.927434][T10491]  ? _copy_from_iter_full+0x25c/0x870
[   91.932971][T10491]  netlink_sendmsg+0x882/0xe10
[   91.937715][T10491]  ? netlink_unicast+0x740/0x740
[   91.942634][T10491]  ? netlink_unicast+0x740/0x740
[   91.947639][T10491]  sock_sendmsg+0xcf/0x120
[   91.952044][T10491]  ____sys_sendmsg+0x6b9/0x7d0
[   91.956796][T10491]  ? kernel_sendmsg+0x50/0x50
[   91.970564][T10491]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   91.976097][T10491]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   91.982074][T10491]  ___sys_sendmsg+0x100/0x170
[   91.986731][T10491]  ? sendmsg_copy_msghdr+0x70/0x70
[   91.991820][T10491]  ? lock_downgrade+0x7f0/0x7f0
[   91.996646][T10491]  ? lock_acquire+0x197/0x420
[   92.001310][T10491]  ? __might_fault+0xef/0x1d0
[   92.005968][T10491]  ? __might_fault+0x190/0x1d0
[   92.011054][T10491]  ? _copy_to_user+0x107/0x150
[   92.015817][T10491]  ? move_addr_to_user+0xb3/0x200
[   92.020819][T10491]  ? __fget_light+0x1a5/0x270
[   92.025475][T10491]  __sys_sendmsg+0xec/0x1b0
[   92.030043][T10491]  ? __sys_sendmsg_sock+0xb0/0xb0
[   92.035053][T10491]  ? mark_held_locks+0x9f/0xe0
[   92.040659][T10491]  ? trace_hardirqs_off_caller+0x55/0x230
[   92.046392][T10491]  ? do_syscall_64+0x21/0x7d0
[   92.051166][T10491]  do_syscall_64+0xf6/0x7d0
[   92.056153][T10491]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   92.062054][T10491] RIP: 0033:0x442d99
[   92.065941][T10491] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   92.090828][T10491] RSP: 002b:00007fffae866b38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.099227][T10491] RAX: ffffffffffffffda RBX: 00007fffae866b70 RCX: 0000000000442d99
[   92.108574][T10491] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   92.116662][T10491] RBP: 0000000000000003 R08: 0000000001000002 R09: 0000000001000002
[   92.126569][T10491] R10: 0000000001000002 R11: 0000000000000246 R12: 0000000000000000
[   92.134821][T10491] R13: 0000000000000003 R14: 0000000000000004 R15: 00007fffae866c40
[   92.142786][T10491] Modules linked in:
[   92.148029][T10491] ---[ end trace c1be637078322dcb ]---
[   92.153845][T10491] RIP: 0010:tcf_action_destroy+0x94/0x150
[   92.159560][T10491] Code: 42 80 3c 28 00 0f 85 ae 00 00 00 4c 8b 3b 4d 85 ff 0f 84 8b 00 00 00 e8 7a d3 46 fb 4c 89 f8 48 c7 03 00 00 00 00 48 c1 e8 03 <42> 80 3c 28 00 0f 85 91 00 00 00 49 8b 07 31 ff 44 89 f6 48 89 04
[   92.179594][T10491] RSP: 0018:ffffc900029c7028 EFLAGS: 00010207
[   92.185723][T10491] RAX: 000d8d8eadcf2e8e RBX: ffffffff885ee6c0 RCX: 0000000000000000
[   92.193762][T10491] RDX: 0000000000000000 RSI: ffffffff862b51a6 RDI: ffffffff885ee6c0
[   92.201747][T10491] RBP: 0000000000000000 R08: ffff88808f07c340 R09: ffffed1015cc7074
[   92.209716][T10491] R10: ffffed1015cc7073 R11: ffff8880ae63839b R12: 0000000000000000
[   92.220567][T10491] R13: dffffc0000000000 R14: 0000000000000001 R15: 006c6c756e797474
[   92.228827][T10491] FS:  0000000000fe2940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[   92.238385][T10491] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   92.245145][T10491] CR2: 0000000020000280 CR3: 0000000097d6f000 CR4: 00000000001406f0
[   92.253152][T10491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   92.261123][T10491] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   92.270025][T10491] Kernel panic - not syncing: Fatal exception
[   92.277356][T10491] Kernel Offset: disabled
[   92.281681][T10491] Rebooting in 86400 seconds..