[ 32.956326] audit: type=1800 audit(1572142276.084:33): pid=6814 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.986673] audit: type=1800 audit(1572142276.084:34): pid=6814 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.206214] random: sshd: uninitialized urandom read (32 bytes read) [ 36.562916] audit: type=1400 audit(1572142279.694:35): avc: denied { map } for pid=6985 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.614453] random: sshd: uninitialized urandom read (32 bytes read) [ 37.184182] random: sshd: uninitialized urandom read (32 bytes read) [ 50.800972] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts. [ 56.293122] random: sshd: uninitialized urandom read (32 bytes read) [ 56.414532] audit: type=1400 audit(1572142299.544:36): avc: denied { map } for pid=6997 comm="syz-executor162" path="/root/syz-executor162179496" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.426833] ================================================================== [ 56.443144] BUG: unable to handle kernel NULL pointer dereference [ 56.448216] BUG: KASAN: null-ptr-deref in llcp_sock_getname+0x38f/0x4a0 [ 56.448225] Read of size 3 at addr (null) by task syz-executor162/7005 [ 56.454442] at (null) [ 56.461176] [ 56.468691] IP: memcpy_erms+0x6/0x10 [ 56.472029] CPU: 0 PID: 7005 Comm: syz-executor162 Not tainted 4.14.150 #0 [ 56.473632] PGD 76fdb067 [ 56.477323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.484312] P4D 76fdb067 [ 56.487054] Call Trace: [ 56.487069] dump_stack+0x138/0x197 [ 56.487077] ? llcp_sock_getname+0x38f/0x4a0 [ 56.487086] kasan_report.cold+0x127/0x2af [ 56.487094] check_memory_region+0x123/0x190 [ 56.496428] PUD a0a2f067 [ 56.499178] memcpy+0x24/0x50 [ 56.501734] PMD 0 [ 56.505340] llcp_sock_getname+0x38f/0x4a0 [ 56.514715] ? security_socket_getpeername+0x79/0xa0 [ 56.519180] Oops: 0000 [#1] PREEMPT SMP KASAN [ 56.521916] SYSC_getpeername+0x120/0x270 [ 56.525000] Modules linked in: [ 56.527136] ? SYSC_getsockname+0x1f0/0x1f0 [ 56.536430] ? __do_page_fault+0x358/0xb80 [ 56.540890] CPU: 1 PID: 7006 Comm: syz-executor162 Not tainted 4.14.150 #0 [ 56.545024] SyS_getpeername+0x24/0x30 [ 56.548189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.552918] ? SyS_getsockname+0x30/0x30 [ 56.557125] task: ffff8880a59d0580 task.stack: ffff8880996b0000 [ 56.564112] do_syscall_64+0x1e8/0x640 [ 56.567972] RIP: 0010:memcpy_erms+0x6/0x10 [ 56.577301] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.581329] RSP: 0018:ffff8880996b7d20 EFLAGS: 00010246 [ 56.587368] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.595434] RIP: 0033:0x441299 [ 56.600245] RAX: ffff8880996b7e0a RBX: ffff8880996b7df8 RCX: 0000000000000003 [ 56.605591] RSP: 002b:00007fff87920a38 EFLAGS: 00000246 [ 56.610759] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff8880996b7e0a [ 56.613931] ORIG_RAX: 0000000000000034 [ 56.621177] RBP: ffff8880996b7d40 R08: 1ffff110132d6fc1 R09: ffffed10132d6fc2 [ 56.621183] R10: ffffed10132d6fc1 R11: ffff8880996b7e0c R12: 0000000000000003 [ 56.626532] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441299 [ 56.633784] R13: ffff8880996b7e0a R14: 0000000000000000 R15: ffffffff87069c40 [ 56.637903] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 56.637908] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 56.645155] FS: 000000000251b880(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 56.652408] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402010 [ 56.659659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.666904] R13: 00000000004020a0 R14: 0000000000000000 R15: 0000000000000000 [ 56.674150] CR2: 0000000000000000 CR3: 000000008cdfd000 CR4: 00000000001406e0 [ 56.681409] ================================================================== [ 56.689609] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.698567] Kernel panic - not syncing: panic_on_warn set ... [ 56.698567] [ 56.702750] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.746446] Call Trace: [ 56.749115] ? memcpy+0x46/0x50 [ 56.752385] llcp_sock_getname+0x38f/0x4a0 [ 56.756609] ? security_socket_getpeername+0x79/0xa0 [ 56.761711] SYSC_getpeername+0x120/0x270 [ 56.765841] ? SYSC_getsockname+0x1f0/0x1f0 [ 56.770161] ? __do_page_fault+0x358/0xb80 [ 56.774388] SyS_getpeername+0x24/0x30 [ 56.778257] ? SyS_getsockname+0x30/0x30 [ 56.782303] do_syscall_64+0x1e8/0x640 [ 56.786175] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.791015] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.796195] RIP: 0033:0x441299 [ 56.799367] RSP: 002b:00007fff87920a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000034 [ 56.807057] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441299 [ 56.814311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 56.821572] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 56.828824] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402010 [ 56.836086] R13: 00000000004020a0 R14: 0000000000000000 R15: 0000000000000000 [ 56.843344] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 [ 56.862572] RIP: memcpy_erms+0x6/0x10 RSP: ffff8880996b7d20 [ 56.868265] CR2: 0000000000000000 [ 56.873075] Kernel Offset: disabled [ 56.876735] Rebooting in 86400 seconds..