[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 103.246099][ T27] audit: type=1400 audit(1581819430.640:37): avc: denied { watch } for pid=10875 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 106.505829][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 106.505844][ T27] audit: type=1400 audit(1581819433.900:41): avc: denied { map } for pid=10967 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts. executing program [ 113.444206][ T27] audit: type=1400 audit(1581819440.840:42): avc: denied { map } for pid=10979 comm="syz-executor031" path="/root/syz-executor031161559" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 113.530407][T10979] ================================================================== [ 113.530473][T10979] BUG: KASAN: null-ptr-deref in do_con_trol+0x3b9/0x61b0 [ 113.530486][T10979] Read of size 4294967294 at addr 0000000000000012 by task syz-executor031/10979 [ 113.530490][T10979] [ 113.530506][T10979] CPU: 1 PID: 10979 Comm: syz-executor031 Not tainted 5.6.0-rc1-syzkaller #0 [ 113.530515][T10979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.530521][T10979] Call Trace: [ 113.530541][T10979] dump_stack+0x197/0x210 [ 113.530554][T10979] ? do_con_trol+0x3b9/0x61b0 [ 113.530568][T10979] ? do_con_trol+0x3b9/0x61b0 [ 113.530588][T10979] __kasan_report.cold+0x5/0x32 [ 113.530607][T10979] ? do_con_trol+0x3b9/0x61b0 [ 113.530633][T10979] kasan_report+0x12/0x20 [ 113.530650][T10979] check_memory_region+0x134/0x1a0 [ 113.530668][T10979] memcpy+0x24/0x50 [ 113.530685][T10979] do_con_trol+0x3b9/0x61b0 [ 113.530706][T10979] ? reset_palette+0x190/0x190 [ 113.530725][T10979] ? __kasan_check_read+0x11/0x20 [ 113.530756][T10979] ? __atomic_notifier_call_chain+0xf8/0x1a0 [ 113.530786][T10979] do_con_write.part.0+0xfd9/0x1ef0 [ 113.530838][T10979] ? do_con_trol+0x61b0/0x61b0 [ 113.530855][T10979] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 113.530868][T10979] ? add_wait_queue+0x112/0x170 [ 113.530881][T10979] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 113.530907][T10979] ? trace_hardirqs_on+0x67/0x240 [ 113.530935][T10979] con_write+0x46/0xd0 [ 113.530954][T10979] n_tty_write+0x40e/0x1080 [ 113.530993][T10979] ? n_tty_read+0x1bf0/0x1bf0 [ 113.531011][T10979] ? prepare_to_wait_exclusive+0x320/0x320 [ 113.531035][T10979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.531051][T10979] ? _copy_from_user+0x12c/0x1a0 [ 113.531074][T10979] tty_write+0x496/0x7f0 [ 113.531096][T10979] ? n_tty_read+0x1bf0/0x1bf0 [ 113.531125][T10979] __vfs_write+0x8a/0x110 [ 113.531138][T10979] ? put_tty_driver+0x20/0x20 [ 113.531161][T10979] vfs_write+0x268/0x5d0 [ 113.531189][T10979] ksys_write+0x14f/0x290 [ 113.531212][T10979] ? __ia32_sys_read+0xb0/0xb0 [ 113.531233][T10979] ? do_syscall_64+0x26/0x790 [ 113.531247][T10979] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.531263][T10979] ? do_syscall_64+0x26/0x790 [ 113.531291][T10979] __x64_sys_write+0x73/0xb0 [ 113.531312][T10979] do_syscall_64+0xfa/0x790 [ 113.531337][T10979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.531348][T10979] RIP: 0033:0x4404f9 [ 113.531364][T10979] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.531373][T10979] RSP: 002b:00007ffe661a6468 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.531387][T10979] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9 [ 113.531395][T10979] RDX: 0000000000000078 RSI: 0000000020000140 RDI: 0000000000000004 [ 113.531402][T10979] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 113.531411][T10979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 113.531420][T10979] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 113.531456][T10979] ================================================================== [ 113.531461][T10979] Disabling lock debugging due to kernel taint [ 113.531468][T10979] Kernel panic - not syncing: panic_on_warn set ... [ 113.531483][T10979] CPU: 1 PID: 10979 Comm: syz-executor031 Tainted: G B 5.6.0-rc1-syzkaller #0 [ 113.531490][T10979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.531493][T10979] Call Trace: [ 113.531507][T10979] dump_stack+0x197/0x210 [ 113.531526][T10979] panic+0x2e3/0x75c [ 113.531540][T10979] ? add_taint.cold+0x16/0x16 [ 113.531563][T10979] ? trace_hardirqs_on+0x67/0x240 [ 113.531577][T10979] ? trace_hardirqs_on+0x5e/0x240 [ 113.531594][T10979] ? do_con_trol+0x3b9/0x61b0 [ 113.531610][T10979] end_report+0x47/0x4f [ 113.531623][T10979] ? do_con_trol+0x3b9/0x61b0 [ 113.531638][T10979] __kasan_report.cold+0xe/0x32 [ 113.531654][T10979] ? do_con_trol+0x3b9/0x61b0 [ 113.531671][T10979] kasan_report+0x12/0x20 [ 113.531687][T10979] check_memory_region+0x134/0x1a0 [ 113.531703][T10979] memcpy+0x24/0x50 [ 113.531718][T10979] do_con_trol+0x3b9/0x61b0 [ 113.531744][T10979] ? reset_palette+0x190/0x190 [ 113.531762][T10979] ? __kasan_check_read+0x11/0x20 [ 113.531781][T10979] ? __atomic_notifier_call_chain+0xf8/0x1a0 [ 113.531803][T10979] do_con_write.part.0+0xfd9/0x1ef0 [ 113.531834][T10979] ? do_con_trol+0x61b0/0x61b0 [ 113.531848][T10979] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 113.531860][T10979] ? add_wait_queue+0x112/0x170 [ 113.531874][T10979] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 113.531893][T10979] ? trace_hardirqs_on+0x67/0x240 [ 113.531914][T10979] con_write+0x46/0xd0 [ 113.531929][T10979] n_tty_write+0x40e/0x1080 [ 113.531956][T10979] ? n_tty_read+0x1bf0/0x1bf0 [ 113.531973][T10979] ? prepare_to_wait_exclusive+0x320/0x320 [ 113.531993][T10979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.532007][T10979] ? _copy_from_user+0x12c/0x1a0 [ 113.532022][T10979] tty_write+0x496/0x7f0 [ 113.532039][T10979] ? n_tty_read+0x1bf0/0x1bf0 [ 113.532056][T10979] __vfs_write+0x8a/0x110 [ 113.532068][T10979] ? put_tty_driver+0x20/0x20 [ 113.532086][T10979] vfs_write+0x268/0x5d0 [ 113.532106][T10979] ksys_write+0x14f/0x290 [ 113.532122][T10979] ? __ia32_sys_read+0xb0/0xb0 [ 113.532139][T10979] ? do_syscall_64+0x26/0x790 [ 113.532153][T10979] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.532167][T10979] ? do_syscall_64+0x26/0x790 [ 113.532188][T10979] __x64_sys_write+0x73/0xb0 [ 113.532205][T10979] do_syscall_64+0xfa/0x790 [ 113.532224][T10979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.532233][T10979] RIP: 0033:0x4404f9 [ 113.532246][T10979] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.532254][T10979] RSP: 002b:00007ffe661a6468 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.532266][T10979] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9 [ 113.532275][T10979] RDX: 0000000000000078 RSI: 0000000020000140 RDI: 0000000000000004 [ 113.532282][T10979] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 113.532296][T10979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 113.532304][T10979] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 113.533983][T10979] Kernel Offset: disabled [ 114.171887][T10979] Rebooting in 86400 seconds..