[ 33.851860] audit: type=1800 audit(1578508218.166:33): pid=7095 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.879093] audit: type=1800 audit(1578508218.166:34): pid=7095 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.865937] random: sshd: uninitialized urandom read (32 bytes read) [ 38.158562] audit: type=1400 audit(1578508222.466:35): avc: denied { map } for pid=7268 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.213136] random: sshd: uninitialized urandom read (32 bytes read) [ 38.881137] random: sshd: uninitialized urandom read (32 bytes read) [ 39.073182] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts. [ 44.751301] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program [ 44.872435] audit: type=1400 audit(1578508229.186:36): avc: denied { map } for pid=7280 comm="syz-executor637" path="/root/syz-executor637995228" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.907451] ================================================================== [ 44.907470] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc09/0xdb0 [ 44.907475] Read of size 1 at addr ffffffff8706df60 by task syz-executor637/7282 [ 44.907476] [ 44.907482] CPU: 0 PID: 7282 Comm: syz-executor637 Not tainted 4.14.162-syzkaller #0 [ 44.907485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.907488] Call Trace: [ 44.907496] dump_stack+0x142/0x197 [ 44.907501] ? bit_putcs+0xc09/0xdb0 [ 44.907508] print_address_description.cold+0x5/0x1dc [ 44.907512] ? bit_putcs+0xc09/0xdb0 [ 44.907517] kasan_report.cold+0xa9/0x2af [ 44.907523] __asan_report_load1_noabort+0x14/0x20 [ 44.907527] bit_putcs+0xc09/0xdb0 [ 44.907535] ? trace_hardirqs_on+0x10/0x10 [ 44.907545] ? update_attr.isra.0+0x160/0x160 [ 44.907552] ? update_attr.isra.0+0x160/0x160 [ 44.907558] ? fb_get_color_depth+0x5f/0x70 [ 44.907564] ? update_attr.isra.0+0x160/0x160 [ 44.907568] fbcon_putcs+0x3c2/0x480 [ 44.907574] ? con2fb_acquire_newinfo+0x2d0/0x2d0 [ 44.907580] do_con_write.part.0+0xca3/0x1b50 [ 44.907592] ? do_con_trol+0x5b40/0x5b40 [ 44.907599] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 44.907604] con_write+0x38/0xc0 [ 44.907610] n_tty_write+0x38b/0xf20 [ 44.907620] ? process_echoes+0x150/0x150 [ 44.907625] ? do_wait_intr_irq+0x2a0/0x2a0 [ 44.907630] ? kasan_check_write+0x14/0x20 [ 44.907637] ? _copy_from_user+0x99/0x110 [ 44.907644] tty_write+0x3f6/0x700 [ 44.907650] ? process_echoes+0x150/0x150 [ 44.907657] do_iter_write+0x3d3/0x540 [ 44.907665] vfs_writev+0x170/0x2a0 [ 44.907670] ? vfs_iter_write+0xb0/0xb0 [ 44.907675] ? save_trace+0x290/0x290 [ 44.907681] ? __do_page_fault+0x4e9/0xb80 [ 44.907687] ? __do_page_fault+0x4e9/0xb80 [ 44.907695] ? __fget_light+0x172/0x1f0 [ 44.907701] do_writev+0x10a/0x2d0 [ 44.907706] ? vfs_writev+0x2a0/0x2a0 [ 44.907711] ? SyS_readv+0x30/0x30 [ 44.907716] SyS_writev+0x28/0x30 [ 44.907724] do_syscall_64+0x1e8/0x640 [ 44.907728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.907735] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.907740] RIP: 0033:0x441239 [ 44.907743] RSP: 002b:00007fff7ee26958 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 44.907748] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239 [ 44.907751] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000003 [ 44.907754] RBP: 000000000000af4a R08: 000000000000000d R09: 00000000004002c8 [ 44.907757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402060 [ 44.907760] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 44.907767] [ 44.907769] The buggy address belongs to the variable: [ 44.907775] str__msr__trace_system_name+0x200/0x9a0 [ 44.907777] [ 44.907778] Memory state around the buggy address: [ 44.907783] ffffffff8706de00: fa fa fa fa 00 00 00 00 06 fa fa fa fa fa fa fa [ 44.907786] ffffffff8706de80: 00 00 00 fa fa fa fa fa 00 00 00 fa fa fa fa fa [ 44.907790] >ffffffff8706df00: 00 00 00 03 fa fa fa fa 00 00 00 04 fa fa fa fa [ 44.907792] ^ [ 44.907795] ffffffff8706df80: 00 00 00 00 03 fa fa fa fa fa fa fa 00 00 07 fa [ 44.907798] ffffffff8706e000: fa fa fa fa 00 00 00 00 00 00 03 fa fa fa fa fa [ 44.907800] ================================================================== [ 44.907802] Disabling lock debugging due to kernel taint [ 44.907805] Kernel panic - not syncing: panic_on_warn set ... [ 44.907805] [ 44.907809] CPU: 0 PID: 7282 Comm: syz-executor637 Tainted: G B 4.14.162-syzkaller #0 [ 44.907811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.907812] Call Trace: [ 44.907816] dump_stack+0x142/0x197 [ 44.907824] ? bit_putcs+0xc09/0xdb0 [ 44.907829] panic+0x1f9/0x42d [ 44.907832] ? add_taint.cold+0x16/0x16 [ 44.907837] ? lock_downgrade+0x740/0x740 [ 44.907842] kasan_end_report+0x47/0x4f [ 44.907846] kasan_report.cold+0x130/0x2af [ 44.907851] __asan_report_load1_noabort+0x14/0x20 [ 44.907854] bit_putcs+0xc09/0xdb0 [ 44.907859] ? trace_hardirqs_on+0x10/0x10 [ 44.907865] ? update_attr.isra.0+0x160/0x160 [ 44.907870] ? update_attr.isra.0+0x160/0x160 [ 44.907873] ? fb_get_color_depth+0x5f/0x70 [ 44.907877] ? update_attr.isra.0+0x160/0x160 [ 44.907881] fbcon_putcs+0x3c2/0x480 [ 44.907886] ? con2fb_acquire_newinfo+0x2d0/0x2d0 [ 44.907890] do_con_write.part.0+0xca3/0x1b50 [ 44.907897] ? do_con_trol+0x5b40/0x5b40 [ 44.907902] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 44.907906] con_write+0x38/0xc0 [ 44.907909] n_tty_write+0x38b/0xf20 [ 44.907916] ? process_echoes+0x150/0x150 [ 44.907920] ? do_wait_intr_irq+0x2a0/0x2a0 [ 44.907924] ? kasan_check_write+0x14/0x20 [ 44.907927] ? _copy_from_user+0x99/0x110 [ 44.907932] tty_write+0x3f6/0x700 [ 44.907936] ? process_echoes+0x150/0x150 [ 44.907940] do_iter_write+0x3d3/0x540 [ 44.907946] vfs_writev+0x170/0x2a0 [ 44.907950] ? vfs_iter_write+0xb0/0xb0 [ 44.907954] ? save_trace+0x290/0x290 [ 44.907958] ? __do_page_fault+0x4e9/0xb80 [ 44.907962] ? __do_page_fault+0x4e9/0xb80 [ 44.907967] ? __fget_light+0x172/0x1f0 [ 44.907972] do_writev+0x10a/0x2d0 [ 44.907975] ? vfs_writev+0x2a0/0x2a0 [ 44.907979] ? SyS_readv+0x30/0x30 [ 44.907983] SyS_writev+0x28/0x30 [ 44.907987] do_syscall_64+0x1e8/0x640 [ 44.907991] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.907996] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.907999] RIP: 0033:0x441239 [ 44.908001] RSP: 002b:00007fff7ee26958 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 44.908005] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239 [ 44.908007] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000003 [ 44.908009] RBP: 000000000000af4a R08: 000000000000000d R09: 00000000004002c8 [ 44.908012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402060 [ 44.908014] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 44.909545] Kernel Offset: disabled [ 45.484119] Rebooting in 86400 seconds..