[   30.662118] audit: type=1800 audit(1566015240.598:33): pid=6782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   30.690548] audit: type=1800 audit(1566015240.598:34): pid=6782 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
[   31.600368] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   31.969644] audit: type=1400 audit(1566015241.898:35): avc:  denied  { map } for  pid=6955 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   32.050713] random: sshd: uninitialized urandom read (32 bytes read)
[   32.645055] random: sshd: uninitialized urandom read (32 bytes read)
[   36.175010] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts.
[   41.767160] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   41.898943] audit: type=1400 audit(1566015251.828:36): avc:  denied  { map } for  pid=6968 comm="syz-executor346" path="/root/syz-executor346662995" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   41.927103] ==================================================================
[   41.934739] BUG: KASAN: slab-out-of-bounds in bpf_clone_redirect+0x2de/0x2f0
[   41.941916] Read of size 8 at addr ffff888099f56ad0 by task syz-executor346/6968
[   41.949620] 
[   41.951422] CPU: 1 PID: 6968 Comm: syz-executor346 Not tainted 4.14.139 #35
[   41.958589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.967979] Call Trace:
[   41.970568]  dump_stack+0x138/0x19c
[   41.974183]  ? bpf_clone_redirect+0x2de/0x2f0
[   41.978854]  print_address_description.cold+0x7c/0x1dc
[   41.984126]  ? bpf_clone_redirect+0x2de/0x2f0
[   41.988831]  kasan_report.cold+0xa9/0x2af
[   41.992972]  __asan_report_load8_noabort+0x14/0x20
[   41.997891]  bpf_clone_redirect+0x2de/0x2f0
[   42.002201]  ? bpf_prog_test_run_skb+0x157/0x9a0
[   42.006939]  ? SyS_bpf+0x749/0x38f3
[   42.010575]  bpf_prog_71e1d56bce5f38ff+0x63d/0x1000
[   42.015935]  ? trace_hardirqs_on+0x10/0x10
[   42.020166]  ? trace_hardirqs_on+0x10/0x10
[   42.024397]  ? bpf_test_run+0x44/0x330
[   42.028296]  ? find_held_lock+0x35/0x130
[   42.032342]  ? bpf_test_run+0x44/0x330
[   42.036341]  ? lock_acquire+0x16f/0x430
[   42.040315]  ? check_preemption_disabled+0x3c/0x250
[   42.045321]  ? bpf_test_run+0xa8/0x330
[   42.049196]  ? bpf_prog_test_run_skb+0x6c2/0x9a0
[   42.053940]  ? bpf_test_init.isra.0+0xe0/0xe0
[   42.058422]  ? __bpf_prog_get+0x153/0x1a0
[   42.062559]  ? SyS_bpf+0x749/0x38f3
[   42.066197]  ? __do_page_fault+0x4e9/0xb80
[   42.070423]  ? bpf_test_init.isra.0+0xe0/0xe0
[   42.074988]  ? bpf_prog_get+0x20/0x20
[   42.078805]  ? lock_downgrade+0x6e0/0x6e0
[   42.082947]  ? up_read+0x1a/0x40
[   42.086312]  ? __do_page_fault+0x358/0xb80
[   42.090634]  ? bpf_prog_get+0x20/0x20
[   42.094494]  ? do_syscall_64+0x1e8/0x640
[   42.098542]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.103404]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.108760] 
[   42.110409] Allocated by task 0:
[   42.113761] (stack is not available)
[   42.118214] 
[   42.119825] Freed by task 0:
[   42.123115] (stack is not available)
[   42.126957] 
[   42.128578] The buggy address belongs to the object at ffff888099f56a40
[   42.128578]  which belongs to the cache skbuff_head_cache of size 232
[   42.141853] The buggy address is located 144 bytes inside of
[   42.141853]  232-byte region [ffff888099f56a40, ffff888099f56b28)
[   42.153838] The buggy address belongs to the page:
[   42.159529] page:ffffea000267d580 count:1 mapcount:0 mapping:ffff888099f56040 index:0x0
[   42.167783] flags: 0x1fffc0000000100(slab)
[   42.172621] raw: 01fffc0000000100 ffff888099f56040 0000000000000000 000000010000000c
[   42.180500] raw: ffffea000282d920 ffff8880a9e63648 ffff88821b75f240 0000000000000000
[   42.188383] page dumped because: kasan: bad access detected
[   42.194078] 
[   42.195687] Memory state around the buggy address:
[   42.200638]  ffff888099f56980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.214820]  ffff888099f56a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.222354] >ffff888099f56a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.229712]                                                  ^
[   42.235672]  ffff888099f56b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.243446]  ffff888099f56b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.251065] ==================================================================
[   42.258503] Disabling lock debugging due to kernel taint
[   42.264248] Kernel panic - not syncing: panic_on_warn set ...
[   42.264248] 
[   42.271676] CPU: 1 PID: 6968 Comm: syz-executor346 Tainted: G    B           4.14.139 #35
[   42.279998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.289347] Call Trace:
[   42.292024]  dump_stack+0x138/0x19c
[   42.295646]  ? bpf_clone_redirect+0x2de/0x2f0
[   42.300132]  panic+0x1f2/0x426
[   42.303331]  ? add_taint.cold+0x16/0x16
[   42.307317]  kasan_end_report+0x47/0x4f
[   42.311957]  kasan_report.cold+0x130/0x2af
[   42.316377]  __asan_report_load8_noabort+0x14/0x20
[   42.321681]  bpf_clone_redirect+0x2de/0x2f0
[   42.326007]  ? bpf_prog_test_run_skb+0x157/0x9a0
[   42.330768]  ? SyS_bpf+0x749/0x38f3
[   42.334385]  bpf_prog_71e1d56bce5f38ff+0x63d/0x1000
[   42.339498]  ? trace_hardirqs_on+0x10/0x10
[   42.343981]  ? trace_hardirqs_on+0x10/0x10
[   42.348309]  ? bpf_test_run+0x44/0x330
[   42.352449]  ? find_held_lock+0x35/0x130
[   42.356858]  ? bpf_test_run+0x44/0x330
[   42.361160]  ? lock_acquire+0x16f/0x430
[   42.365144]  ? check_preemption_disabled+0x3c/0x250
[   42.370285]  ? bpf_test_run+0xa8/0x330
[   42.374244]  ? bpf_prog_test_run_skb+0x6c2/0x9a0
[   42.379609]  ? bpf_test_init.isra.0+0xe0/0xe0
[   42.384120]  ? __bpf_prog_get+0x153/0x1a0
[   42.388751]  ? SyS_bpf+0x749/0x38f3
[   42.392677]  ? __do_page_fault+0x4e9/0xb80
[   42.397232]  ? bpf_test_init.isra.0+0xe0/0xe0
[   42.402019]  ? bpf_prog_get+0x20/0x20
[   42.405828]  ? lock_downgrade+0x6e0/0x6e0
[   42.410433]  ? up_read+0x1a/0x40
[   42.414014]  ? __do_page_fault+0x358/0xb80
[   42.418310]  ? bpf_prog_get+0x20/0x20
[   42.422107]  ? do_syscall_64+0x1e8/0x640
[   42.426583]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.431696]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.438752] Kernel Offset: disabled
[   42.442513] Rebooting in 86400 seconds..