[   34.307633] audit: type=1800 audit(1577913669.338:33): pid=6917 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   34.335552] audit: type=1800 audit(1577913669.348:34): pid=6917 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.178930] random: sshd: uninitialized urandom read (32 bytes read)
[   37.413390] audit: type=1400 audit(1577913672.448:35): avc:  denied  { map } for  pid=7090 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   37.496364] random: sshd: uninitialized urandom read (32 bytes read)
[   38.072165] random: sshd: uninitialized urandom read (32 bytes read)
[   40.176263] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts.
[   45.713177] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
[   45.839079] audit: type=1400 audit(1577913680.868:36): avc:  denied  { map } for  pid=7102 comm="syz-executor216" path="/root/syz-executor216016565" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   45.888693] ==================================================================
[   45.896304] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x8b09/0x9d63
[   45.903494] Read of size 6 at addr ffff88809163da48 by task kworker/u5:0/1179
[   45.910772] 
[   45.912396] CPU: 1 PID: 1179 Comm: kworker/u5:0 Not tainted 4.14.161-syzkaller #0
[   45.920016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.929805] Workqueue: hci0 hci_rx_work
[   45.933782] Call Trace:
[   45.936367]  dump_stack+0x142/0x197
[   45.940102]  ? hci_event_packet+0x8b09/0x9d63
[   45.944593]  print_address_description.cold+0x7c/0x1dc
[   45.949854]  ? hci_event_packet+0x8b09/0x9d63
[   45.954331]  kasan_report.cold+0xa9/0x2af
[   45.958539]  __asan_report_load_n_noabort+0xf/0x20
[   45.963635]  hci_event_packet+0x8b09/0x9d63
[   45.968005]  ? hci_cmd_complete_evt+0x9b70/0x9b70
[   45.972841]  ? __lock_acquire+0x2298/0x4620
[   45.977163]  ? save_trace+0x250/0x290
[   45.980953]  ? save_trace+0x290/0x290
[   45.984735]  ? cpu_attach_domain+0x720/0xaf0
[   45.989124]  ? skb_dequeue+0x12e/0x180
[   45.992996]  ? mark_held_locks+0xb1/0x100
[   45.998434]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   46.003531]  ? trace_hardirqs_on_caller+0x400/0x590
[   46.008529]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   46.015527]  hci_rx_work+0x3cf/0x940
[   46.019220]  ? hci_rx_work+0x3cf/0x940
[   46.023180]  process_one_work+0x863/0x1600
[   46.027501]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   46.032161]  worker_thread+0x5d9/0x1050
[   46.036122]  kthread+0x319/0x430
[   46.039555]  ? process_one_work+0x1600/0x1600
[   46.044029]  ? kthread_create_on_node+0xd0/0xd0
[   46.048695]  ret_from_fork+0x24/0x30
[   46.052406] 
[   46.054011] Allocated by task 7107:
[   46.057618]  save_stack_trace+0x16/0x20
[   46.061570]  save_stack+0x45/0xd0
[   46.065026]  kasan_kmalloc+0xce/0xf0
[   46.068724]  __kmalloc_node_track_caller+0x51/0x80
[   46.074559]  __kmalloc_reserve.isra.0+0x40/0xe0
[   46.079310]  __alloc_skb+0xcf/0x500
[   46.082941]  vhci_write+0xb6/0x437
[   46.086464]  __vfs_write+0x4a7/0x6b0
[   46.090166]  vfs_write+0x198/0x500
[   46.093694]  SyS_write+0xfd/0x230
[   46.097134]  do_syscall_64+0x1e8/0x640
[   46.101005]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   46.106170] 
[   46.107802] Freed by task 3610:
[   46.111064]  save_stack_trace+0x16/0x20
[   46.115028]  save_stack+0x45/0xd0
[   46.118460]  kasan_slab_free+0x75/0xc0
[   46.122339]  kfree+0xcc/0x270
[   46.125426]  kernfs_fop_release+0x112/0x180
[   46.129807]  __fput+0x275/0x7a0
[   46.133083]  ____fput+0x16/0x20
[   46.136487]  task_work_run+0x114/0x190
[   46.140358]  exit_to_usermode_loop+0x1da/0x220
[   46.144921]  do_syscall_64+0x4bc/0x640
[   46.148809]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   46.153976] 
[   46.155585] The buggy address belongs to the object at ffff88809163d840
[   46.155585]  which belongs to the cache kmalloc-512 of size 512
[   46.168235] The buggy address is located 8 bytes to the right of
[   46.168235]  512-byte region [ffff88809163d840, ffff88809163da40)
[   46.180441] The buggy address belongs to the page:
[   46.185349] page:ffffea0002458f40 count:1 mapcount:0 mapping:ffff88809163d0c0 index:0x0
[   46.193487] flags: 0xfffe0000000100(slab)
[   46.197625] raw: 00fffe0000000100 ffff88809163d0c0 0000000000000000 0000000100000006
[   46.205541] raw: ffffea0002112860 ffffea0002a053a0 ffff8880aa800940 0000000000000000
[   46.213504] page dumped because: kasan: bad access detected
[   46.219352] 
[   46.220991] Memory state around the buggy address:
[   46.225904]  ffff88809163d900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.233284]  ffff88809163d980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.240634] >ffff88809163da00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   46.247975]                                               ^
[   46.253701]  ffff88809163da80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   46.261059]  ffff88809163db00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   46.268394] ==================================================================
[   46.275730] Disabling lock debugging due to kernel taint
[   46.281644] Kernel panic - not syncing: panic_on_warn set ...
[   46.281644] 
[   46.291952] CPU: 1 PID: 1179 Comm: kworker/u5:0 Tainted: G    B           4.14.161-syzkaller #0
[   46.300851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.310194] Workqueue: hci0 hci_rx_work
[   46.314147] Call Trace:
[   46.316711]  dump_stack+0x142/0x197
[   46.320316]  ? hci_event_packet+0x8b09/0x9d63
[   46.324808]  panic+0x1f9/0x42d
[   46.327981]  ? add_taint.cold+0x16/0x16
[   46.331953]  ? ___preempt_schedule+0x16/0x18
[   46.336428]  kasan_end_report+0x47/0x4f
[   46.340383]  kasan_report.cold+0x130/0x2af
[   46.344598]  __asan_report_load_n_noabort+0xf/0x20
[   46.350127]  hci_event_packet+0x8b09/0x9d63
[   46.354441]  ? hci_cmd_complete_evt+0x9b70/0x9b70
[   46.359263]  ? __lock_acquire+0x2298/0x4620
[   46.363561]  ? save_trace+0x250/0x290
[   46.367343]  ? save_trace+0x290/0x290
[   46.371123]  ? cpu_attach_domain+0x720/0xaf0
[   46.375516]  ? skb_dequeue+0x12e/0x180
[   46.379384]  ? mark_held_locks+0xb1/0x100
[   46.383513]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   46.388618]  ? trace_hardirqs_on_caller+0x400/0x590
[   46.393623]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   46.398711]  hci_rx_work+0x3cf/0x940
[   46.402402]  ? hci_rx_work+0x3cf/0x940
[   46.406411]  process_one_work+0x863/0x1600
[   46.410632]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   46.415286]  worker_thread+0x5d9/0x1050
[   46.419267]  kthread+0x319/0x430
[   46.422617]  ? process_one_work+0x1600/0x1600
[   46.427094]  ? kthread_create_on_node+0xd0/0xd0
[   46.431753]  ret_from_fork+0x24/0x30
[   46.436986] Kernel Offset: disabled
[   46.440628] Rebooting in 86400 seconds..