[ 32.077924] audit: type=1800 audit(1578811406.555:33): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.105072] audit: type=1800 audit(1578811406.555:34): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.127975] random: sshd: uninitialized urandom read (32 bytes read) [ 36.404740] audit: type=1400 audit(1578811410.885:35): avc: denied { map } for pid=7229 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.454674] random: sshd: uninitialized urandom read (32 bytes read) [ 37.128660] random: sshd: uninitialized urandom read (32 bytes read) [ 37.308903] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. [ 42.934895] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 43.051695] audit: type=1400 audit(1578811417.535:36): avc: denied { map } for pid=7241 comm="syz-executor558" path="/root/syz-executor558786346" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.085447] ================================================================== [ 43.085469] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc09/0xdb0 [ 43.085473] Read of size 1 at addr ffffffff8706bc7e by task syz-executor558/7243 [ 43.085475] [ 43.085481] CPU: 1 PID: 7243 Comm: syz-executor558 Not tainted 4.14.163-syzkaller #0 [ 43.085484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.085486] Call Trace: [ 43.085493] dump_stack+0x142/0x197 [ 43.085500] ? ieee80211_free_tid_rx+0x1a8/0x300 [ 43.085510] ? bit_putcs+0xc09/0xdb0 [ 43.085517] print_address_description.cold+0x5/0x1dc [ 43.085522] ? bit_putcs+0xc09/0xdb0 [ 43.085527] kasan_report.cold+0xa9/0x2af [ 43.085533] __asan_report_load1_noabort+0x14/0x20 [ 43.085537] bit_putcs+0xc09/0xdb0 [ 43.085542] ? memcpy+0x46/0x50 [ 43.085553] ? update_attr.isra.0+0x160/0x160 [ 43.085560] ? update_attr.isra.0+0x160/0x160 [ 43.085564] ? fb_get_color_depth+0x5f/0x70 [ 43.085571] ? update_attr.isra.0+0x160/0x160 [ 43.085575] fbcon_putcs+0x3c2/0x480 [ 43.085584] do_update_region+0x3b3/0x650 [ 43.085592] ? con_get_trans_old+0x230/0x230 [ 43.085596] ? fbcon_set_palette+0x203/0x5b0 [ 43.085601] ? fbcon_redraw.isra.0+0x440/0x440 [ 43.085607] redraw_screen+0x589/0x7c0 [ 43.085613] ? con_flush_chars+0x90/0x90 [ 43.085620] fbcon_do_set_font+0x6d1/0x9a0 [ 43.085627] fbcon_copy_font+0x12c/0x190 [ 43.085632] ? fbcon_do_set_font+0x9a0/0x9a0 [ 43.085637] con_font_op+0x5c6/0x1060 [ 43.085643] ? con_write+0xc0/0xc0 [ 43.085651] ? kasan_check_write+0x14/0x20 [ 43.085657] ? _copy_from_user+0x99/0x110 [ 43.085662] vt_ioctl+0x179f/0x2170 [ 43.085668] ? avc_has_extended_perms+0x8ec/0xe40 [ 43.085674] ? futex_wake+0x134/0x430 [ 43.085679] ? complete_change_console+0x360/0x360 [ 43.085683] ? avc_ss_reset+0x110/0x110 [ 43.085692] ? tty_jobctrl_ioctl+0x44/0xc10 [ 43.085696] ? complete_change_console+0x360/0x360 [ 43.085703] tty_ioctl+0x841/0x1320 [ 43.085709] ? tty_vhangup+0x30/0x30 [ 43.085719] ? __might_sleep+0x93/0xb0 [ 43.085723] ? __fget+0x210/0x370 [ 43.085731] ? tty_vhangup+0x30/0x30 [ 43.085736] do_vfs_ioctl+0x7ae/0x1060 [ 43.085741] ? selinux_file_mprotect+0x5d0/0x5d0 [ 43.085746] ? lock_downgrade+0x740/0x740 [ 43.085751] ? ioctl_preallocate+0x1c0/0x1c0 [ 43.085757] ? __fget+0x237/0x370 [ 43.085764] ? security_file_ioctl+0x7d/0xb0 [ 43.085768] ? security_file_ioctl+0x89/0xb0 [ 43.085774] SyS_ioctl+0x8f/0xc0 [ 43.085778] ? do_vfs_ioctl+0x1060/0x1060 [ 43.085785] do_syscall_64+0x1e8/0x640 [ 43.085789] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.085796] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 43.085800] RIP: 0033:0x445919 [ 43.085803] RSP: 002b:00007fe35f075db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.085809] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445919 [ 43.085811] RDX: 0000000020000540 RSI: 0000000000004b72 RDI: 0000000000000008 [ 43.085814] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 43.085817] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 43.085819] R13: 00007fff97ab867f R14: 00007fe35f0769c0 R15: 20c49ba5e353f7cf [ 43.085827] [ 43.085828] The buggy address belongs to the variable: [ 43.085833] fontdata_8x16+0x10de/0x1120 [ 43.085834] [ 43.085836] Memory state around the buggy address: [ 43.085840] ffffffff8706bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.085843] ffffffff8706bb80: 00 00 00 00 fa fa fa fa 06 fa fa fa fa fa fa fa [ 43.085846] >ffffffff8706bc00: 05 fa fa fa fa fa fa fa 06 fa fa fa fa fa fa fa [ 43.085848] ^ [ 43.085851] ffffffff8706bc80: 00 00 03 fa fa fa fa fa 00 00 00 00 00 00 00 00 [ 43.085854] ffffffff8706bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.085856] ================================================================== [ 43.085858] Disabling lock debugging due to kernel taint [ 43.085860] Kernel panic - not syncing: panic_on_warn set ... [ 43.085860] [ 43.085864] CPU: 1 PID: 7243 Comm: syz-executor558 Tainted: G B 4.14.163-syzkaller #0 [ 43.085866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.085867] Call Trace: [ 43.085871] dump_stack+0x142/0x197 [ 43.085876] ? bit_putcs+0xc09/0xdb0 [ 43.085880] panic+0x1f9/0x42d [ 43.085883] ? add_taint.cold+0x16/0x16 [ 43.085888] ? lock_downgrade+0x740/0x740 [ 43.085894] kasan_end_report+0x47/0x4f [ 43.085897] kasan_report.cold+0x130/0x2af [ 43.085902] __asan_report_load1_noabort+0x14/0x20 [ 43.085906] bit_putcs+0xc09/0xdb0 [ 43.085909] ? memcpy+0x46/0x50 [ 43.085917] ? update_attr.isra.0+0x160/0x160 [ 43.085922] ? update_attr.isra.0+0x160/0x160 [ 43.085925] ? fb_get_color_depth+0x5f/0x70 [ 43.085930] ? update_attr.isra.0+0x160/0x160 [ 43.085934] fbcon_putcs+0x3c2/0x480 [ 43.085939] do_update_region+0x3b3/0x650 [ 43.085945] ? con_get_trans_old+0x230/0x230 [ 43.085949] ? fbcon_set_palette+0x203/0x5b0 [ 43.085953] ? fbcon_redraw.isra.0+0x440/0x440 [ 43.085957] redraw_screen+0x589/0x7c0 [ 43.085961] ? con_flush_chars+0x90/0x90 [ 43.085966] fbcon_do_set_font+0x6d1/0x9a0 [ 43.085972] fbcon_copy_font+0x12c/0x190 [ 43.085976] ? fbcon_do_set_font+0x9a0/0x9a0 [ 43.085979] con_font_op+0x5c6/0x1060 [ 43.085984] ? con_write+0xc0/0xc0 [ 43.085989] ? kasan_check_write+0x14/0x20 [ 43.085993] ? _copy_from_user+0x99/0x110 [ 43.085997] vt_ioctl+0x179f/0x2170 [ 43.086000] ? avc_has_extended_perms+0x8ec/0xe40 [ 43.086004] ? futex_wake+0x134/0x430 [ 43.086008] ? complete_change_console+0x360/0x360 [ 43.086012] ? avc_ss_reset+0x110/0x110 [ 43.086017] ? tty_jobctrl_ioctl+0x44/0xc10 [ 43.086021] ? complete_change_console+0x360/0x360 [ 43.086025] tty_ioctl+0x841/0x1320 [ 43.086029] ? tty_vhangup+0x30/0x30 [ 43.086035] ? __might_sleep+0x93/0xb0 [ 43.086038] ? __fget+0x210/0x370 [ 43.086044] ? tty_vhangup+0x30/0x30 [ 43.086048] do_vfs_ioctl+0x7ae/0x1060 [ 43.086052] ? selinux_file_mprotect+0x5d0/0x5d0 [ 43.086055] ? lock_downgrade+0x740/0x740 [ 43.086060] ? ioctl_preallocate+0x1c0/0x1c0 [ 43.086064] ? __fget+0x237/0x370 [ 43.086069] ? security_file_ioctl+0x7d/0xb0 [ 43.086073] ? security_file_ioctl+0x89/0xb0 [ 43.086078] SyS_ioctl+0x8f/0xc0 [ 43.086081] ? do_vfs_ioctl+0x1060/0x1060 [ 43.086086] do_syscall_64+0x1e8/0x640 [ 43.086089] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.086094] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 43.086097] RIP: 0033:0x445919 [ 43.086099] RSP: 002b:00007fe35f075db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.086103] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445919 [ 43.086105] RDX: 0000000020000540 RSI: 0000000000004b72 RDI: 0000000000000008 [ 43.086107] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 43.086109] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 43.086111] R13: 00007fff97ab867f R14: 00007fe35f0769c0 R15: 20c49ba5e353f7cf [ 43.087412] Kernel Offset: disabled [ 43.756004] Rebooting in 86400 seconds..