[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.386352] random: sshd: uninitialized urandom read (32 bytes read) [ 32.631123] kauditd_printk_skb: 9 callbacks suppressed [ 32.631132] audit: type=1400 audit(1572408287.468:35): avc: denied { map } for pid=6812 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 32.687929] random: sshd: uninitialized urandom read (32 bytes read) [ 33.311061] random: sshd: uninitialized urandom read (32 bytes read) [ 50.856420] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.227' (ECDSA) to the list of known hosts. [ 56.479459] random: sshd: uninitialized urandom read (32 bytes read) [ 56.608159] audit: type=1400 audit(1572408311.438:36): avc: denied { map } for pid=6826 comm="syz-executor496" path="/root/syz-executor496605180" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.627119] ================================================================== [ 56.643586] BUG: KASAN: null-ptr-deref in llcp_sock_getname+0x38f/0x4a0 [ 56.645056] BUG: unable to handle kernel [ 56.650568] Read of size 43 at addr (null) by task syz-executor496/6833 [ 56.650575] [ 56.654734] NULL pointer dereference [ 56.662601] CPU: 1 PID: 6833 Comm: syz-executor496 Not tainted 4.14.151 #0 [ 56.664213] at (null) [ 56.669714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.676884] IP: memcpy_erms+0x6/0x10 [ 56.680268] Call Trace: [ 56.690538] PGD 93d0f067 [ 56.694265] dump_stack+0x138/0x197 [ 56.696823] P4D 93d0f067 [ 56.699593] ? llcp_sock_getname+0x38f/0x4a0 [ 56.703199] PUD 9293b067 [ 56.706110] kasan_report.cold+0x127/0x2af [ 56.710498] PMD 0 [ 56.713376] check_memory_region+0x123/0x190 [ 56.719755] memcpy+0x24/0x50 [ 56.724677] Oops: 0000 [#1] PREEMPT SMP KASAN [ 56.728078] llcp_sock_getname+0x38f/0x4a0 [ 56.732917] Modules linked in: [ 56.737161] ? security_socket_getpeername+0x79/0xa0 [ 56.737174] SYSC_getpeername+0x120/0x270 [ 56.740348] CPU: 0 PID: 6837 Comm: syz-executor496 Not tainted 4.14.151 #0 [ 56.745765] ? SYSC_getsockname+0x1f0/0x1f0 [ 56.751460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.758495] ? trace_hardirqs_on+0xd/0x10 [ 56.763284] task: ffff8880a9a900c0 task.stack: ffff8880a8728000 [ 56.773483] ? SyS_listen+0x181/0x230 [ 56.777607] RIP: 0010:memcpy_erms+0x6/0x10 [ 56.783648] ? SyS_bind+0x30/0x30 [ 56.787687] RSP: 0018:ffff8880a872fd20 EFLAGS: 00010246 [ 56.794081] SyS_getpeername+0x24/0x30 [ 56.802884] ? SyS_getsockname+0x30/0x30 [ 56.806752] RAX: ffff8880a872fe0a RBX: ffff8880a872fdf8 RCX: 000000000000002b [ 56.806758] RDX: 000000000000002b RSI: 0000000000000000 RDI: ffff8880a872fe0a [ 56.810826] do_syscall_64+0x1e8/0x640 [ 56.818083] RBP: ffff8880a872fd40 R08: 1ffff110150e5fc1 R09: ffffed10150e5fc7 [ 56.825378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.829243] R10: ffffed10150e5fc6 R11: ffff8880a872fe34 R12: 000000000000002b [ 56.836509] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.841325] R13: ffff8880a872fe0a R14: 0000000000000000 R15: ffffffff87069cc0 [ 56.848586] RIP: 0033:0x4412b9 [ 56.854089] FS: 0000000001ca0880(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 56.861569] RSP: 002b:00007fffabcaa758 EFLAGS: 00000246 [ 56.864746] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.873097] ORIG_RAX: 0000000000000034 [ 56.878452] CR2: 0000000000000000 CR3: 00000000916b4000 CR4: 00000000001406f0 [ 56.884451] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412b9 [ 56.888679] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.896140] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 56.904000] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.911275] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 56.918524] Call Trace: [ 56.925924] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402030 [ 56.933281] ? memcpy+0x46/0x50 [ 56.935855] R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000 [ 56.943117] llcp_sock_getname+0x38f/0x4a0 [ 56.946389] ================================================================== [ 56.953679] ? security_socket_getpeername+0x79/0xa0 [ 56.970463] SYSC_getpeername+0x120/0x270 [ 56.974710] ? SYSC_getsockname+0x1f0/0x1f0 [ 56.979122] ? trace_hardirqs_on+0xd/0x10 [ 56.983269] ? SyS_listen+0x181/0x230 [ 56.987061] ? SyS_bind+0x30/0x30 [ 56.990500] SyS_getpeername+0x24/0x30 [ 56.994373] ? SyS_getsockname+0x30/0x30 [ 56.998423] do_syscall_64+0x1e8/0x640 [ 57.002306] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.007144] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.012327] RIP: 0033:0x4412b9 [ 57.015500] RSP: 002b:00007fffabcaa758 EFLAGS: 00000246 ORIG_RAX: 0000000000000034 [ 57.023575] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412b9 [ 57.031733] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 57.038993] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 57.046247] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402030 [ 57.054125] R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000 [ 57.061476] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 [ 57.081060] RIP: memcpy_erms+0x6/0x10 RSP: ffff8880a872fd20 [ 57.086788] CR2: 0000000000000000 [ 57.090248] BUG: unable to handle kernel NULL pointer dereference at (null) [ 57.098264] IP: memcpy_erms+0x6/0x10 [ 57.101966] PGD 99447067 P4D 99447067 PUD 967c6067 PMD 0 [ 57.107494] Oops: 0000 [#2] PREEMPT SMP KASAN [ 57.111977] Modules linked in: [ 57.115159] CPU: 1 PID: 6835 Comm: syz-executor496 Tainted: G B D 4.14.151 #0 [ 57.123369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.132922] task: ffff888091fac380 task.stack: ffff8880a7fb8000 [ 57.139074] RIP: 0010:memcpy_erms+0x6/0x10 [ 57.143498] RSP: 0018:ffff8880a7fbfd20 EFLAGS: 00010246 [ 57.148864] RAX: ffff8880a7fbfe0a RBX: ffff8880a7fbfdf8 RCX: 000000000000002b [ 57.156240] RDX: 000000000000002b RSI: 0000000000000000 RDI: ffff8880a7fbfe0a [ 57.163621] RBP: ffff8880a7fbfd40 R08: 1ffff11014ff7fc1 R09: ffffed1014ff7fc7 [ 57.171423] R10: ffffed1014ff7fc6 R11: ffff8880a7fbfe34 R12: 000000000000002b [ 57.178676] R13: ffff8880a7fbfe0a R14: 0000000000000000 R15: ffffffff87069cc0 [ 57.186806] FS: 0000000001ca0880(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 57.195048] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.200928] CR2: 0000000000000000 CR3: 0000000093326000 CR4: 00000000001406e0 [ 57.208731] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.216711] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.225016] Call Trace: [ 57.227595] ? memcpy+0x46/0x50 [ 57.230880] llcp_sock_getname+0x38f/0x4a0 [ 57.235114] ? security_socket_getpeername+0x79/0xa0 [ 57.240295] SYSC_getpeername+0x120/0x270 [ 57.244749] ? SYSC_getsockname+0x1f0/0x1f0 [ 57.249063] ? trace_hardirqs_on+0xd/0x10 [ 57.253209] ? SyS_listen+0x181/0x230 [ 57.257013] ? SyS_bind+0x30/0x30 [ 57.260461] SyS_getpeername+0x24/0x30 [ 57.264585] ? SyS_getsockname+0x30/0x30 [ 57.270152] do_syscall_64+0x1e8/0x640 [ 57.274071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.278909] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.284624] RIP: 0033:0x4412b9 [ 57.288028] RSP: 002b:00007fffabcaa758 EFLAGS: 00000246 ORIG_RAX: 0000000000000034 [ 57.296189] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412b9 [ 57.304210] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 57.312906] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 57.320169] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402030 [ 57.328232] R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000 [ 57.335586] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 [ 57.354832] RIP: memcpy_erms+0x6/0x10 RSP: ffff8880a7fbfd20 [ 57.360530] CR2: 0000000000000000 [ 57.364084] BUG: unable to handle kernel NULL pointer dereference at (null) [ 57.368099] Kernel panic - not syncing: panic_on_warn set ... [ 57.368099] [ 57.372073] IP: memcpy_erms+0x6/0x10 [ 57.383095] PGD 922ea067 P4D 922ea067 PUD 9ebb2067 PMD 0 [ 57.388631] Oops: 0000 [#3] PREEMPT SMP KASAN [ 57.393124] Modules linked in: [ 57.396304] CPU: 0 PID: 6838 Comm: syz-executor496 Tainted: G B D 4.14.151 #0 [ 57.404517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.413850] task: ffff88809420e1c0 task.stack: ffff8880a7198000 [ 57.419976] RIP: 0010:memcpy_erms+0x6/0x10 [ 57.424191] RSP: 0018:ffff8880a719fd20 EFLAGS: 00010246 [ 57.429534] RAX: ffff8880a719fe0a RBX: ffff8880a719fdf8 RCX: 000000000000002b [ 57.437130] RDX: 000000000000002b RSI: 0000000000000000 RDI: ffff8880a719fe0a [ 57.444384] RBP: ffff8880a719fd40 R08: 1ffff11014e33fc1 R09: ffffed1014e33fc7 [ 57.451636] R10: ffffed1014e33fc6 R11: ffff8880a719fe34 R12: 000000000000002b [ 57.458898] R13: ffff8880a719fe0a R14: 0000000000000000 R15: ffffffff87069cc0 [ 57.466156] FS: 0000000001ca0880(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 57.474379] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.480334] CR2: 0000000000000000 CR3: 000000008b028000 CR4: 00000000001406f0 [ 57.487603] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.494851] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.502102] Call Trace: [ 57.504671] ? memcpy+0x46/0x50 [ 57.507933] llcp_sock_getname+0x38f/0x4a0 [ 57.512157] ? security_socket_getpeername+0x79/0xa0 [ 57.517242] SYSC_getpeername+0x120/0x270 [ 57.523372] ? SYSC_getsockname+0x1f0/0x1f0 [ 57.527686] ? trace_hardirqs_on+0xd/0x10 [ 57.531819] ? SyS_listen+0x181/0x230 [ 57.535600] ? SyS_bind+0x30/0x30 [ 57.539034] SyS_getpeername+0x24/0x30 [ 57.542898] ? SyS_getsockname+0x30/0x30 [ 57.546950] do_syscall_64+0x1e8/0x640 [ 57.550827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.555654] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.560821] RIP: 0033:0x4412b9 [ 57.564012] RSP: 002b:00007fffabcaa758 EFLAGS: 00000246 ORIG_RAX: 0000000000000034 [ 57.571698] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412b9 [ 57.578955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 57.586204] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 57.593453] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402030 [ 57.600701] R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000 [ 57.607964] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 [ 57.627092] RIP: memcpy_erms+0x6/0x10 RSP: ffff8880a719fd20 [ 57.632784] CR2: 0000000000000000 [ 57.637411] Kernel Offset: disabled [ 57.641072] Rebooting in 86400 seconds..