[....] Starting periodic command scheduler: cron[ 42.871609] audit: type=1800 audit(1578513031.772:30): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 47.699161] kauditd_printk_skb: 4 callbacks suppressed [ 47.699176] audit: type=1400 audit(1578513036.602:35): avc: denied { map } for pid=7970 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. executing program executing program [ 54.390919] audit: type=1400 audit(1578513043.292:36): avc: denied { map } for pid=7982 comm="syz-executor366" path="/root/syz-executor366909895" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 54.425638] ================================================================== [ 54.425666] BUG: KASAN: global-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 54.425673] Read of size 1 at addr ffffffff87edb0a0 by task syz-executor366/7984 [ 54.425675] [ 54.425685] CPU: 1 PID: 7984 Comm: syz-executor366 Not tainted 4.19.93-syzkaller #0 [ 54.425690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.425694] Call Trace: [ 54.425705] dump_stack+0x197/0x210 [ 54.425714] ? bit_putcs+0xd5d/0xf10 [ 54.425725] print_address_description.cold+0x5/0x20d [ 54.425733] ? bit_putcs+0xd5d/0xf10 [ 54.425742] kasan_report.cold+0x8c/0x2ba [ 54.425753] __asan_report_load1_noabort+0x14/0x20 [ 54.425760] bit_putcs+0xd5d/0xf10 [ 54.425777] ? bit_cursor+0x1a60/0x1a60 [ 54.425789] ? __sanitizer_cov_trace_pc+0x31/0x50 [ 54.425798] ? fb_get_color_depth.part.0+0xcf/0x200 [ 54.425808] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 54.425820] fbcon_putcs+0x42b/0x4f0 [ 54.425829] ? bit_cursor+0x1a60/0x1a60 [ 54.425837] ? con2fb_acquire_newinfo+0x320/0x320 [ 54.425849] do_con_write.part.0+0xfb1/0x1eb0 [ 54.425868] ? do_con_trol+0x6070/0x6070 [ 54.425876] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.425886] ? add_wait_queue+0x112/0x170 [ 54.425893] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.425909] con_write+0x46/0xd0 [ 54.425920] n_tty_write+0x3f9/0x1140 [ 54.425937] ? process_echoes+0x170/0x170 [ 54.425947] ? do_wait_intr_irq+0x2b0/0x2b0 [ 54.425957] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.425967] ? _copy_from_user+0xdd/0x150 [ 54.425976] tty_write+0x458/0x7a0 [ 54.425988] ? process_echoes+0x170/0x170 [ 54.426004] do_iter_write+0x488/0x5f0 [ 54.426013] ? dup_iter+0x270/0x270 [ 54.426026] vfs_writev+0x1b3/0x2f0 [ 54.426035] ? vfs_iter_write+0xb0/0xb0 [ 54.426044] ? copy_page_range+0x2030/0x2030 [ 54.426060] ? __do_page_fault+0x676/0xe90 [ 54.426075] ? lock_downgrade+0x880/0x880 [ 54.426082] ? count_memcg_event_mm+0x2b1/0x4d0 [ 54.426091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.426100] ? __fget_light+0x1a9/0x230 [ 54.426111] do_writev+0x15e/0x370 [ 54.426123] ? vfs_writev+0x2f0/0x2f0 [ 54.426134] ? do_syscall_64+0x26/0x620 [ 54.426142] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.426149] ? do_syscall_64+0x26/0x620 [ 54.426161] __x64_sys_writev+0x75/0xb0 [ 54.426170] do_syscall_64+0xfd/0x620 [ 54.426180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.426188] RIP: 0033:0x441239 [ 54.426196] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.426201] RSP: 002b:00007ffec0a1e968 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 54.426209] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239 [ 54.426214] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000003 [ 54.426219] RBP: 000000000000d46e R08: 000000000000000d R09: 00000000004002c8 [ 54.426223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402060 [ 54.426229] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 54.426241] [ 54.426244] The buggy address belongs to the variable: [ 54.426253] str__msr__trace_system_name+0x140/0x940 [ 54.426255] [ 54.426257] Memory state around the buggy address: [ 54.426265] ffffffff87edaf80: fa fa fa fa 00 00 01 fa fa fa fa fa 04 fa fa fa [ 54.426271] ffffffff87edb000: fa fa fa fa 00 00 00 00 06 fa fa fa fa fa fa fa [ 54.426277] >ffffffff87edb080: 00 00 00 fa fa fa fa fa 00 00 00 fa fa fa fa fa [ 54.426280] ^ [ 54.426288] ffffffff87edb100: 00 00 00 03 fa fa fa fa 00 00 00 04 fa fa fa fa [ 54.426294] ffffffff87edb180: 00 00 00 00 03 fa fa fa fa fa fa fa 00 00 07 fa [ 54.426297] ================================================================== [ 54.426299] Disabling lock debugging due to kernel taint [ 54.426304] Kernel panic - not syncing: panic_on_warn set ... [ 54.426304] [ 54.426311] CPU: 1 PID: 7984 Comm: syz-executor366 Tainted: G B 4.19.93-syzkaller #0 [ 54.426317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.426320] Call Trace: [ 54.426332] dump_stack+0x197/0x210 [ 54.426344] ? bit_putcs+0xd5d/0xf10 [ 54.426355] panic+0x26a/0x50e [ 54.426366] ? __warn_printk+0xf3/0xf3 [ 54.426379] ? lock_downgrade+0x880/0x880 [ 54.426389] ? trace_hardirqs_on+0x67/0x220 [ 54.426396] ? trace_hardirqs_on+0x5e/0x220 [ 54.426403] ? bit_putcs+0xd5d/0xf10 [ 54.426411] kasan_end_report+0x47/0x4f [ 54.426419] kasan_report.cold+0xa9/0x2ba [ 54.426428] __asan_report_load1_noabort+0x14/0x20 [ 54.426434] bit_putcs+0xd5d/0xf10 [ 54.426446] ? bit_cursor+0x1a60/0x1a60 [ 54.426454] ? __sanitizer_cov_trace_pc+0x31/0x50 [ 54.426461] ? fb_get_color_depth.part.0+0xcf/0x200 [ 54.426470] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 54.426479] fbcon_putcs+0x42b/0x4f0 [ 54.426486] ? bit_cursor+0x1a60/0x1a60 [ 54.426496] ? con2fb_acquire_newinfo+0x320/0x320 [ 54.426505] do_con_write.part.0+0xfb1/0x1eb0 [ 54.426518] ? do_con_trol+0x6070/0x6070 [ 54.426525] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.426532] ? add_wait_queue+0x112/0x170 [ 54.426539] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.426550] con_write+0x46/0xd0 [ 54.426559] n_tty_write+0x3f9/0x1140 [ 54.426570] ? process_echoes+0x170/0x170 [ 54.426579] ? do_wait_intr_irq+0x2b0/0x2b0 [ 54.426588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.426595] ? _copy_from_user+0xdd/0x150 [ 54.426603] tty_write+0x458/0x7a0 [ 54.426612] ? process_echoes+0x170/0x170 [ 54.426620] do_iter_write+0x488/0x5f0 [ 54.426627] ? dup_iter+0x270/0x270 [ 54.426637] vfs_writev+0x1b3/0x2f0 [ 54.426645] ? vfs_iter_write+0xb0/0xb0 [ 54.426651] ? copy_page_range+0x2030/0x2030 [ 54.426661] ? __do_page_fault+0x676/0xe90 [ 54.426678] ? lock_downgrade+0x880/0x880 [ 54.426684] ? count_memcg_event_mm+0x2b1/0x4d0 [ 54.426692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.426699] ? __fget_light+0x1a9/0x230 [ 54.426708] do_writev+0x15e/0x370 [ 54.426716] ? vfs_writev+0x2f0/0x2f0 [ 54.426724] ? do_syscall_64+0x26/0x620 [ 54.426731] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.426738] ? do_syscall_64+0x26/0x620 [ 54.426747] __x64_sys_writev+0x75/0xb0 [ 54.426755] do_syscall_64+0xfd/0x620 [ 54.426763] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.426768] RIP: 0033:0x441239 [ 54.426775] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.426779] RSP: 002b:00007ffec0a1e968 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 54.426786] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239 [ 54.426790] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000003 [ 54.426794] RBP: 000000000000d46e R08: 000000000000000d R09: 00000000004002c8 [ 54.426798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402060 [ 54.426802] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 54.428132] Kernel Offset: disabled [ 55.112128] Rebooting in 86400 seconds..