[?25l[?1c7[ ok 8[?25h[?0c[   33.629848] audit: type=1800 audit(1583641558.539:34): pid=7147 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.194594] random: sshd: uninitialized urandom read (32 bytes read)
[   36.402264] audit: type=1400 audit(1583641561.349:35): avc:  denied  { map } for  pid=7321 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   36.446810] random: sshd: uninitialized urandom read (32 bytes read)
[   37.181602] random: sshd: uninitialized urandom read (32 bytes read)
[   44.723635] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts.
[   50.249776] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   50.374837] audit: type=1400 audit(1583641575.319:36): avc:  denied  { map } for  pid=7333 comm="syz-executor122" path="/root/syz-executor122843340" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   50.429585] ==================================================================
[   50.429611] BUG: KASAN: use-after-free in con_shutdown+0x7f/0x90
[   50.429616] Write of size 8 at addr ffff888095568408 by task syz-executor122/7341
[   50.429618] 
[   50.429625] CPU: 1 PID: 7341 Comm: syz-executor122 Not tainted 4.14.172-syzkaller #0
[   50.429628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.429630] Call Trace:
[   50.429640]  dump_stack+0x13e/0x194
[   50.429647]  ? con_shutdown+0x7f/0x90
[   50.429656]  print_address_description.cold+0x7c/0x1e2
[   50.429662]  ? con_shutdown+0x7f/0x90
[   50.429668]  kasan_report.cold+0xa9/0x2ae
[   50.429674]  ? set_palette+0x130/0x130
[   50.429680]  con_shutdown+0x7f/0x90
[   50.429686]  release_tty+0xb6/0x7a0
[   50.429693]  tty_release_struct+0x37/0x50
[   50.429699]  tty_release+0xaa6/0xd60
[   50.429709]  ? tty_release_struct+0x50/0x50
[   50.429714]  __fput+0x25f/0x790
[   50.429726]  task_work_run+0x113/0x190
[   50.429735]  do_exit+0x9f2/0x2b00
[   50.429743]  ? __do_page_fault+0x4e4/0xb40
[   50.429750]  ? mm_update_next_owner+0x5b0/0x5b0
[   50.429758]  ? lock_downgrade+0x6e0/0x6e0
[   50.429768]  do_group_exit+0x100/0x310
[   50.429775]  SyS_exit_group+0x19/0x20
[   50.429780]  ? do_group_exit+0x310/0x310
[   50.429787]  do_syscall_64+0x1d5/0x640
[   50.429797]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   50.429803] RIP: 0033:0x43ff38
[   50.429806] RSP: 002b:00007ffeae5dc278 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   50.429813] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff38
[   50.429816] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   50.429819] RBP: 00000000004bf950 R08: 00000000000000e7 R09: ffffffffffffffd0
[   50.429823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.429832] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[   50.429841] 
[   50.429844] Allocated by task 7341:
[   50.429850]  save_stack+0x32/0xa0
[   50.429854]  kasan_kmalloc+0xbf/0xe0
[   50.429858]  kmem_cache_alloc_trace+0x14d/0x7b0
[   50.429863]  vc_allocate+0x142/0x550
[   50.429867]  con_install+0x4f/0x3e0
[   50.429872]  tty_init_dev+0xe1/0x3a0
[   50.429876]  tty_open+0x410/0x9c0
[   50.429881]  chrdev_open+0x1fc/0x540
[   50.429887]  do_dentry_open+0x732/0xe90
[   50.429893]  vfs_open+0x105/0x220
[   50.429899]  path_openat+0x8ca/0x3c50
[   50.429905]  do_filp_open+0x18e/0x250
[   50.429911]  do_sys_open+0x29d/0x3f0
[   50.429917]  do_syscall_64+0x1d5/0x640
[   50.429923]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   50.429925] 
[   50.429928] Freed by task 7340:
[   50.429934]  save_stack+0x32/0xa0
[   50.429940]  kasan_slab_free+0x75/0xc0
[   50.429945]  kfree+0xcb/0x260
[   50.429953]  vt_disallocate_all+0x25c/0x340
[   50.429958]  vt_ioctl+0x6e3/0x1f00
[   50.429964]  tty_ioctl+0x6c5/0x1220
[   50.429970]  do_vfs_ioctl+0x75a/0xfe0
[   50.429976]  SyS_ioctl+0x7f/0xb0
[   50.429982]  do_syscall_64+0x1d5/0x640
[   50.429989]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   50.429991] 
[   50.429996] The buggy address belongs to the object at ffff888095568300
[   50.429996]  which belongs to the cache kmalloc-2048 of size 2048
[   50.430002] The buggy address is located 264 bytes inside of
[   50.430002]  2048-byte region [ffff888095568300, ffff888095568b00)
[   50.430004] The buggy address belongs to the page:
[   50.430010] page:ffffea0002555a00 count:1 mapcount:0 mapping:ffff888095568300 index:0x0 compound_mapcount: 0
[   50.430019] flags: 0xfffe0000008100(slab|head)
[   50.430028] raw: 00fffe0000008100 ffff888095568300 0000000000000000 0000000100000003
[   50.430035] raw: ffffea00024f23a0 ffffea000254c1a0 ffff88812fe56c40 0000000000000000
[   50.430038] page dumped because: kasan: bad access detected
[   50.430040] 
[   50.430042] Memory state around the buggy address:
[   50.430048]  ffff888095568300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.430052]  ffff888095568380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.430057] >ffff888095568400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.430060]                       ^
[   50.430065]  ffff888095568480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.430070]  ffff888095568500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.430073] ==================================================================
[   50.430075] Disabling lock debugging due to kernel taint
[   50.430258] Kernel panic - not syncing: panic_on_warn set ...
[   50.430258] 
[   50.430263] CPU: 1 PID: 7341 Comm: syz-executor122 Tainted: G    B           4.14.172-syzkaller #0
[   50.430267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.430268] Call Trace:
[   50.430280]  dump_stack+0x13e/0x194
[   50.430286]  panic+0x1f9/0x42d
[   50.430291]  ? add_taint.cold+0x16/0x16
[   50.430298]  ? con_shutdown+0x7f/0x90
[   50.430303]  kasan_end_report+0x43/0x49
[   50.430308]  kasan_report.cold+0x12f/0x2ae
[   50.430313]  ? set_palette+0x130/0x130
[   50.430318]  con_shutdown+0x7f/0x90
[   50.430323]  release_tty+0xb6/0x7a0
[   50.430329]  tty_release_struct+0x37/0x50
[   50.430334]  tty_release+0xaa6/0xd60
[   50.430341]  ? tty_release_struct+0x50/0x50
[   50.430345]  __fput+0x25f/0x790
[   50.430353]  task_work_run+0x113/0x190
[   50.430360]  do_exit+0x9f2/0x2b00
[   50.430365]  ? __do_page_fault+0x4e4/0xb40
[   50.430371]  ? mm_update_next_owner+0x5b0/0x5b0
[   50.430376]  ? lock_downgrade+0x6e0/0x6e0
[   50.430384]  do_group_exit+0x100/0x310
[   50.430389]  SyS_exit_group+0x19/0x20
[   50.430393]  ? do_group_exit+0x310/0x310
[   50.430398]  do_syscall_64+0x1d5/0x640
[   50.430405]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   50.430408] RIP: 0033:0x43ff38
[   50.430411] RSP: 002b:00007ffeae5dc278 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   50.430416] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff38
[   50.430419] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   50.430422] RBP: 00000000004bf950 R08: 00000000000000e7 R09: ffffffffffffffd0
[   50.430425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.430427] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000
[   50.431650] Kernel Offset: disabled
[   51.027768] Rebooting in 86400 seconds..