[ 31.379272] audit: type=1800 audit(1576003052.852:33): pid=6887 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.406213] audit: type=1800 audit(1576003052.862:34): pid=6887 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.969182] random: sshd: uninitialized urandom read (32 bytes read) [ 35.386057] audit: type=1400 audit(1576003056.862:35): avc: denied { map } for pid=7061 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.463864] random: sshd: uninitialized urandom read (32 bytes read) [ 36.052654] random: sshd: uninitialized urandom read (32 bytes read) [ 36.345293] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.221' (ECDSA) to the list of known hosts. [ 41.961313] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 42.085665] audit: type=1400 audit(1576003063.562:36): avc: denied { map } for pid=7073 comm="syz-executor444" path="/root/syz-executor444533648" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.167318] ================================================================== [ 42.167346] BUG: KASAN: user-memory-access in insert_char+0xce/0x290 [ 42.167353] Read of size 212 at addr 00000000ffffff3a by task syz-executor444/7073 [ 42.167355] [ 42.167365] CPU: 0 PID: 7073 Comm: syz-executor444 Not tainted 4.14.158-syzkaller #0 [ 42.167401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.167405] Call Trace: [ 42.167416] dump_stack+0x142/0x197 [ 42.167425] ? insert_char+0xce/0x290 [ 42.167435] kasan_report.cold+0x127/0x2af [ 42.167445] check_memory_region+0x123/0x190 [ 42.167454] memmove+0x24/0x50 [ 42.167462] insert_char+0xce/0x290 [ 42.167472] do_con_trol+0x35bd/0x5b40 [ 42.167481] ? reset_palette+0x180/0x180 [ 42.167497] ? __atomic_notifier_call_chain+0xc2/0x150 [ 42.167509] do_con_write.part.0+0xcc7/0x1b50 [ 42.167518] ? add_wait_queue+0x112/0x170 [ 42.167534] ? do_con_trol+0x5b40/0x5b40 [ 42.167546] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 42.167555] con_write+0x38/0xc0 [ 42.167567] n_tty_write+0x38b/0xee0 [ 42.167587] ? process_echoes+0x150/0x150 [ 42.167595] ? do_wait_intr_irq+0x2a0/0x2a0 [ 42.167604] ? kasan_check_write+0x14/0x20 [ 42.167614] ? _copy_from_user+0x99/0x110 [ 42.167623] tty_write+0x3f6/0x700 [ 42.167634] ? process_echoes+0x150/0x150 [ 42.167645] __vfs_write+0x105/0x6b0 [ 42.167652] ? tty_read+0x270/0x270 [ 42.167660] ? kernel_read+0x120/0x120 [ 42.167670] ? __inode_security_revalidate+0xd6/0x130 [ 42.167678] ? avc_policy_seqno+0x9/0x20 [ 42.167685] ? selinux_file_permission+0x85/0x480 [ 42.167697] ? security_file_permission+0x89/0x1f0 [ 42.167706] ? rw_verify_area+0xea/0x2b0 [ 42.167714] ? putname+0xe0/0x120 [ 42.167724] vfs_write+0x198/0x500 [ 42.167734] SyS_write+0xfd/0x230 [ 42.167743] ? SyS_read+0x230/0x230 [ 42.167757] ? do_syscall_64+0x53/0x640 [ 42.167765] ? SyS_read+0x230/0x230 [ 42.167773] do_syscall_64+0x1e8/0x640 [ 42.167780] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.167792] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.167800] RIP: 0033:0x4404f9 [ 42.167805] RSP: 002b:00007ffea945dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 42.167814] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9 [ 42.167819] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004 [ 42.167824] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 42.167829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 42.167833] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 42.167847] ================================================================== [ 42.167850] Disabling lock debugging due to kernel taint [ 42.167854] Kernel panic - not syncing: panic_on_warn set ... [ 42.167854] [ 42.167861] CPU: 0 PID: 7073 Comm: syz-executor444 Tainted: G B 4.14.158-syzkaller #0 [ 42.167864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.167865] Call Trace: [ 42.167871] dump_stack+0x142/0x197 [ 42.167877] ? insert_char+0xce/0x290 [ 42.167883] panic+0x1f9/0x42d [ 42.167888] ? add_taint.cold+0x16/0x16 [ 42.167897] ? lock_downgrade+0x740/0x740 [ 42.167904] kasan_end_report+0x47/0x4f [ 42.167910] kasan_report.cold+0x130/0x2af [ 42.167916] check_memory_region+0x123/0x190 [ 42.167922] memmove+0x24/0x50 [ 42.167927] insert_char+0xce/0x290 [ 42.167934] do_con_trol+0x35bd/0x5b40 [ 42.167940] ? reset_palette+0x180/0x180 [ 42.167949] ? __atomic_notifier_call_chain+0xc2/0x150 [ 42.167956] do_con_write.part.0+0xcc7/0x1b50 [ 42.167961] ? add_wait_queue+0x112/0x170 [ 42.167971] ? do_con_trol+0x5b40/0x5b40 [ 42.167979] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 42.167985] con_write+0x38/0xc0 [ 42.167992] n_tty_write+0x38b/0xee0 [ 42.168004] ? process_echoes+0x150/0x150 [ 42.168011] ? do_wait_intr_irq+0x2a0/0x2a0 [ 42.168017] ? kasan_check_write+0x14/0x20 [ 42.168024] ? _copy_from_user+0x99/0x110 [ 42.168032] tty_write+0x3f6/0x700 [ 42.168040] ? process_echoes+0x150/0x150 [ 42.168047] __vfs_write+0x105/0x6b0 [ 42.168053] ? tty_read+0x270/0x270 [ 42.168059] ? kernel_read+0x120/0x120 [ 42.168066] ? __inode_security_revalidate+0xd6/0x130 [ 42.168072] ? avc_policy_seqno+0x9/0x20 [ 42.168079] ? selinux_file_permission+0x85/0x480 [ 42.168087] ? security_file_permission+0x89/0x1f0 [ 42.168093] ? rw_verify_area+0xea/0x2b0 [ 42.168099] ? putname+0xe0/0x120 [ 42.168105] vfs_write+0x198/0x500 [ 42.168112] SyS_write+0xfd/0x230 [ 42.168118] ? SyS_read+0x230/0x230 [ 42.168123] ? do_syscall_64+0x53/0x640 [ 42.168129] ? SyS_read+0x230/0x230 [ 42.168135] do_syscall_64+0x1e8/0x640 [ 42.168141] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.168150] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.168154] RIP: 0033:0x4404f9 [ 42.168158] RSP: 002b:00007ffea945dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 42.168166] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9 [ 42.168170] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004 [ 42.168174] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 42.168178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 42.168182] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 42.169398] Kernel Offset: disabled [ 42.675669] Rebooting in 86400 seconds..