[   36.433665] audit: type=1800 audit(1585416351.928:33): pid=7305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   36.460530] audit: type=1800 audit(1585416351.928:34): pid=7305 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
[   37.072988] random: sshd: uninitialized urandom read (32 bytes read)
[   37.287896] audit: type=1400 audit(1585416352.778:35): avc:  denied  { map } for  pid=7475 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   37.349660] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   38.095301] random: sshd: uninitialized urandom read (32 bytes read)
[   38.282186] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts.
[   43.896503] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
[   44.012309] audit: type=1400 audit(1585416359.508:36): avc:  denied  { map } for  pid=7487 comm="syz-executor914" path="/root/syz-executor914590399" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.051922] ==================================================================
[   44.059356] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x8b31/0x9d8b
[   44.066527] Read of size 6 at addr ffff88809fde4208 by task kworker/u5:0/1190
[   44.073863] 
[   44.075474] CPU: 0 PID: 1190 Comm: kworker/u5:0 Not tainted 4.14.174-syzkaller #0
[   44.083075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.092518] Workqueue: hci0 hci_rx_work
[   44.096490] Call Trace:
[   44.099061]  dump_stack+0x13e/0x194
[   44.102671]  ? hci_event_packet+0x8b31/0x9d8b
[   44.107297]  print_address_description.cold+0x7c/0x1e2
[   44.112589]  ? hci_event_packet+0x8b31/0x9d8b
[   44.117071]  kasan_report.cold+0xa9/0x2ae
[   44.121203]  hci_event_packet+0x8b31/0x9d8b
[   44.125518]  ? hci_cmd_complete_evt+0x9730/0x9730
[   44.130345]  ? trace_hardirqs_on_caller+0x540/0x590
[   44.135344]  ? __lock_acquire+0x5f7/0x4620
[   44.139561]  ? trace_hardirqs_on+0x10/0x10
[   44.143780]  ? save_trace+0x290/0x290
[   44.147565]  ? find_held_lock+0x2d/0x110
[   44.151604]  ? skb_dequeue+0x129/0x180
[   44.155477]  ? mark_held_locks+0xa6/0xf0
[   44.159519]  ? _raw_spin_unlock_irqrestore+0x67/0xe0
[   44.164717]  ? trace_hardirqs_on_caller+0x3f6/0x590
[   44.169732]  ? _raw_spin_unlock_irqrestore+0xa0/0xe0
[   44.174840]  ? hci_rx_work+0x3da/0x950
[   44.178708]  hci_rx_work+0x3da/0x950
[   44.182411]  process_one_work+0x813/0x1540
[   44.186630]  ? pwq_dec_nr_in_flight+0x2b0/0x2b0
[   44.191285]  worker_thread+0x5d1/0x1070
[   44.195246]  ? process_one_work+0x1540/0x1540
[   44.199722]  kthread+0x30d/0x420
[   44.203073]  ? kthread_create_on_node+0xd0/0xd0
[   44.207725]  ret_from_fork+0x24/0x30
[   44.211423] 
[   44.213031] Allocated by task 7492:
[   44.216651]  save_stack+0x32/0xa0
[   44.220095]  kasan_kmalloc+0xbf/0xe0
[   44.223809]  __kmalloc_node_track_caller+0x4c/0x70
[   44.228723]  __kmalloc_reserve.isra.0+0x35/0xd0
[   44.233383]  __alloc_skb+0xca/0x4c0
[   44.236996]  vhci_write+0xb1/0x420
[   44.240516]  __vfs_write+0x44e/0x630
[   44.244207]  vfs_write+0x192/0x4e0
[   44.247725]  SyS_write+0xf2/0x210
[   44.251158]  do_syscall_64+0x1d5/0x640
[   44.255023]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.260200] 
[   44.261807] Freed by task 3717:
[   44.265069]  save_stack+0x32/0xa0
[   44.268501]  kasan_slab_free+0x75/0xc0
[   44.272363]  kfree+0xcb/0x260
[   44.275448]  skb_free_head+0x83/0xa0
[   44.279167]  skb_release_data+0x528/0x7b0
[   44.283338]  skb_release_all+0x46/0x60
[   44.287221]  consume_skb+0xa7/0x330
[   44.290836]  skb_free_datagram+0x16/0xe0
[   44.294880]  unix_dgram_recvmsg+0x70a/0xcd0
[   44.299185]  sock_recvmsg+0xc0/0x100
[   44.302883]  SYSC_recvfrom+0x18c/0x290
[   44.306760]  do_syscall_64+0x1d5/0x640
[   44.310627]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.315793] 
[   44.317403] The buggy address belongs to the object at ffff88809fde4000
[   44.317403]  which belongs to the cache kmalloc-512 of size 512
[   44.330039] The buggy address is located 8 bytes to the right of
[   44.330039]  512-byte region [ffff88809fde4000, ffff88809fde4200)
[   44.342236] The buggy address belongs to the page:
[   44.347165] page:ffffea00027f7900 count:1 mapcount:0 mapping:ffff88809fde4000 index:0x0
[   44.355309] flags: 0xfffe0000000100(slab)
[   44.359461] raw: 00fffe0000000100 ffff88809fde4000 0000000000000000 0000000100000006
[   44.367329] raw: ffffea0002122520 ffffea0002480c60 ffff88812fe56940 0000000000000000
[   44.375191] page dumped because: kasan: bad access detected
[   44.380889] 
[   44.382495] Memory state around the buggy address:
[   44.387403]  ffff88809fde4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.394742]  ffff88809fde4180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.402093] >ffff88809fde4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.409430]                       ^
[   44.413039]  ffff88809fde4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.420378]  ffff88809fde4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.427713] ==================================================================
[   44.435049] Disabling lock debugging due to kernel taint
[   44.440975] Kernel panic - not syncing: panic_on_warn set ...
[   44.440975] 
[   44.448333] CPU: 0 PID: 1190 Comm: kworker/u5:0 Tainted: G    B           4.14.174-syzkaller #0
[   44.457144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.466489] Workqueue: hci0 hci_rx_work
[   44.470440] Call Trace:
[   44.473008]  dump_stack+0x13e/0x194
[   44.476612]  panic+0x1f9/0x42d
[   44.479785]  ? add_taint.cold+0x16/0x16
[   44.483736]  ? preempt_schedule_common+0x4a/0xc0
[   44.488485]  ? hci_event_packet+0x8b31/0x9d8b
[   44.492955]  ? ___preempt_schedule+0x16/0x18
[   44.497342]  ? hci_event_packet+0x8b31/0x9d8b
[   44.501813]  kasan_end_report+0x43/0x49
[   44.505767]  kasan_report.cold+0x12f/0x2ae
[   44.509979]  hci_event_packet+0x8b31/0x9d8b
[   44.514282]  ? hci_cmd_complete_evt+0x9730/0x9730
[   44.519101]  ? trace_hardirqs_on_caller+0x540/0x590
[   44.524101]  ? __lock_acquire+0x5f7/0x4620
[   44.528329]  ? trace_hardirqs_on+0x10/0x10
[   44.532556]  ? save_trace+0x290/0x290
[   44.536335]  ? find_held_lock+0x2d/0x110
[   44.540376]  ? skb_dequeue+0x129/0x180
[   44.544239]  ? mark_held_locks+0xa6/0xf0
[   44.548279]  ? _raw_spin_unlock_irqrestore+0x67/0xe0
[   44.553408]  ? trace_hardirqs_on_caller+0x3f6/0x590
[   44.558440]  ? _raw_spin_unlock_irqrestore+0xa0/0xe0
[   44.563535]  ? hci_rx_work+0x3da/0x950
[   44.567408]  hci_rx_work+0x3da/0x950
[   44.571104]  process_one_work+0x813/0x1540
[   44.575372]  ? pwq_dec_nr_in_flight+0x2b0/0x2b0
[   44.580030]  worker_thread+0x5d1/0x1070
[   44.583990]  ? process_one_work+0x1540/0x1540
[   44.588504]  kthread+0x30d/0x420
[   44.591849]  ? kthread_create_on_node+0xd0/0xd0
[   44.596498]  ret_from_fork+0x24/0x30
[   44.601441] Kernel Offset: disabled
[   44.605063] Rebooting in 86400 seconds..