Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 106.313999][ T27] audit: type=1400 audit(1578643685.177:37): avc: denied { watch } for pid=10375 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 111.682567][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 111.682582][ T27] audit: type=1400 audit(1578643690.547:41): avc: denied { map } for pid=10467 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. executing program executing program [ 118.574066][ T27] audit: type=1400 audit(1578643697.437:42): avc: denied { map } for pid=10479 comm="syz-executor031" path="/root/syz-executor031451817" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 118.609634][T10481] ================================================================== [ 118.609674][T10481] BUG: KASAN: global-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 118.609682][T10481] Read of size 1 at addr ffffffff88742041 by task syz-executor031/10481 [ 118.609684][T10481] [ 118.609693][T10481] CPU: 0 PID: 10481 Comm: syz-executor031 Not tainted 5.5.0-rc5-syzkaller #0 [ 118.609699][T10481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.609702][T10481] Call Trace: [ 118.609713][T10481] dump_stack+0x197/0x210 [ 118.609721][T10481] ? bit_putcs+0xd5d/0xf10 [ 118.609735][T10481] print_address_description.constprop.0.cold+0x5/0x30b [ 118.609742][T10481] ? bit_putcs+0xd5d/0xf10 [ 118.609759][T10481] ? bit_putcs+0xd5d/0xf10 [ 118.609773][T10481] __kasan_report.cold+0x1b/0x41 [ 118.609790][T10481] ? fb_get_color_depth.part.0+0x10/0x200 [ 118.609802][T10481] ? bit_putcs+0xd5d/0xf10 [ 118.609818][T10481] kasan_report+0x12/0x20 [ 118.609834][T10481] __asan_report_load1_noabort+0x14/0x20 [ 118.609846][T10481] bit_putcs+0xd5d/0xf10 [ 118.609880][T10481] ? bit_cursor+0x1a60/0x1a60 [ 118.609900][T10481] ? __sanitizer_cov_trace_cmp4+0x11/0x20 [ 118.609917][T10481] ? fb_get_color_depth.part.0+0xcf/0x200 [ 118.609937][T10481] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 118.609955][T10481] fbcon_putcs+0x33c/0x3e0 [ 118.609977][T10481] ? bit_cursor+0x1a60/0x1a60 [ 118.609993][T10481] ? fb_flashcursor+0x3e0/0x3e0 [ 118.610013][T10481] do_con_write.part.0+0xfb5/0x1ef0 [ 118.610057][T10481] ? do_con_trol+0x61b0/0x61b0 [ 118.610074][T10481] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 118.610089][T10481] ? add_wait_queue+0x112/0x170 [ 118.610105][T10481] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 118.610131][T10481] con_write+0x46/0xd0 [ 118.610151][T10481] n_tty_write+0x40e/0x1080 [ 118.610181][T10481] ? n_tty_read+0x1bf0/0x1bf0 [ 118.610201][T10481] ? prepare_to_wait_exclusive+0x320/0x320 [ 118.610221][T10481] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 118.610240][T10481] ? _copy_from_user+0x12c/0x1a0 [ 118.610257][T10481] tty_write+0x496/0x7f0 [ 118.610275][T10481] ? n_tty_read+0x1bf0/0x1bf0 [ 118.610294][T10481] do_iter_write+0x4a0/0x610 [ 118.610310][T10481] ? dup_iter+0x260/0x260 [ 118.610336][T10481] vfs_writev+0x1b3/0x2f0 [ 118.610352][T10481] ? vfs_iter_write+0xb0/0xb0 [ 118.610371][T10481] ? find_held_lock+0x35/0x130 [ 118.610389][T10481] ? __do_page_fault+0x56a/0xd80 [ 118.610415][T10481] ? lock_downgrade+0x920/0x920 [ 118.610444][T10481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 118.610460][T10481] ? __fget_light+0x1a9/0x230 [ 118.610478][T10481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 118.610494][T10481] do_writev+0x15b/0x330 [ 118.610511][T10481] ? vfs_writev+0x2f0/0x2f0 [ 118.610529][T10481] ? do_syscall_64+0x26/0x790 [ 118.610545][T10481] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.610561][T10481] ? do_syscall_64+0x26/0x790 [ 118.610580][T10481] __x64_sys_writev+0x75/0xb0 [ 118.610597][T10481] do_syscall_64+0xfa/0x790 [ 118.610615][T10481] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.610628][T10481] RIP: 0033:0x441239 [ 118.610646][T10481] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.610657][T10481] RSP: 002b:00007ffda139e2a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 118.610680][T10481] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239 [ 118.610692][T10481] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000003 [ 118.610704][T10481] RBP: 000000000001cf12 R08: 000000000000000d R09: 00000000004002c8 [ 118.610717][T10481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402060 [ 118.610729][T10481] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 118.610750][T10481] [ 118.610759][T10481] The buggy address belongs to the variable: [ 118.610774][T10481] oid_index+0xb01/0xb80 [ 118.610782][T10481] [ 118.610792][T10481] Memory state around the buggy address: [ 118.610804][T10481] ffffffff88741f00: 00 00 02 fa fa fa fa fa 00 00 00 05 fa fa fa fa [ 118.610817][T10481] ffffffff88741f80: 00 00 00 fa fa fa fa fa 00 00 00 00 00 01 fa fa [ 118.610830][T10481] >ffffffff88742000: fa fa fa fa 00 00 00 00 01 fa fa fa fa fa fa fa [ 118.610840][T10481] ^ [ 118.610853][T10481] ffffffff88742080: 00 00 00 00 fa fa fa fa 00 03 fa fa fa fa fa fa [ 118.610866][T10481] ffffffff88742100: 04 fa fa fa fa fa fa fa 00 00 01 fa fa fa fa fa [ 118.610882][T10481] ================================================================== [ 118.610887][T10481] Disabling lock debugging due to kernel taint [ 118.611983][T10481] Kernel panic - not syncing: panic_on_warn set ... [ 118.611995][T10481] CPU: 0 PID: 10481 Comm: syz-executor031 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 118.612000][T10481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.612002][T10481] Call Trace: [ 118.612012][T10481] dump_stack+0x197/0x210 [ 118.612023][T10481] panic+0x2e3/0x75c [ 118.612030][T10481] ? add_taint.cold+0x16/0x16 [ 118.612038][T10481] ? bit_putcs+0xd5d/0xf10 [ 118.612048][T10481] ? preempt_schedule+0x4b/0x60 [ 118.612056][T10481] ? ___preempt_schedule+0x16/0x18 [ 118.612066][T10481] ? trace_hardirqs_on+0x5e/0x240 [ 118.612074][T10481] ? bit_putcs+0xd5d/0xf10 [ 118.612082][T10481] end_report+0x47/0x4f [ 118.612089][T10481] ? bit_putcs+0xd5d/0xf10 [ 118.612096][T10481] __kasan_report.cold+0xe/0x41 [ 118.612105][T10481] ? fb_get_color_depth.part.0+0x10/0x200 [ 118.612111][T10481] ? bit_putcs+0xd5d/0xf10 [ 118.612119][T10481] kasan_report+0x12/0x20 [ 118.612127][T10481] __asan_report_load1_noabort+0x14/0x20 [ 118.612134][T10481] bit_putcs+0xd5d/0xf10 [ 118.612146][T10481] ? bit_cursor+0x1a60/0x1a60 [ 118.612156][T10481] ? __sanitizer_cov_trace_cmp4+0x11/0x20 [ 118.612164][T10481] ? fb_get_color_depth.part.0+0xcf/0x200 [ 118.612173][T10481] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 118.612181][T10481] fbcon_putcs+0x33c/0x3e0 [ 118.612188][T10481] ? bit_cursor+0x1a60/0x1a60 [ 118.612194][T10481] ? fb_flashcursor+0x3e0/0x3e0 [ 118.612204][T10481] do_con_write.part.0+0xfb5/0x1ef0 [ 118.612217][T10481] ? do_con_trol+0x61b0/0x61b0 [ 118.612224][T10481] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 118.612231][T10481] ? add_wait_queue+0x112/0x170 [ 118.612237][T10481] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 118.612247][T10481] con_write+0x46/0xd0 [ 118.612256][T10481] n_tty_write+0x40e/0x1080 [ 118.612268][T10481] ? n_tty_read+0x1bf0/0x1bf0 [ 118.612275][T10481] ? prepare_to_wait_exclusive+0x320/0x320 [ 118.612284][T10481] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 118.612294][T10481] ? _copy_from_user+0x12c/0x1a0 [ 118.612302][T10481] tty_write+0x496/0x7f0 [ 118.612311][T10481] ? n_tty_read+0x1bf0/0x1bf0 [ 118.612320][T10481] do_iter_write+0x4a0/0x610 [ 118.612326][T10481] ? dup_iter+0x260/0x260 [ 118.612335][T10481] vfs_writev+0x1b3/0x2f0 [ 118.612342][T10481] ? vfs_iter_write+0xb0/0xb0 [ 118.612349][T10481] ? find_held_lock+0x35/0x130 [ 118.612357][T10481] ? __do_page_fault+0x56a/0xd80 [ 118.612365][T10481] ? lock_downgrade+0x920/0x920 [ 118.612384][T10481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 118.612391][T10481] ? __fget_light+0x1a9/0x230 [ 118.612400][T10481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 118.612407][T10481] do_writev+0x15b/0x330 [ 118.612414][T10481] ? vfs_writev+0x2f0/0x2f0 [ 118.612426][T10481] ? do_syscall_64+0x26/0x790 [ 118.612437][T10481] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.612450][T10481] ? do_syscall_64+0x26/0x790 [ 118.612465][T10481] __x64_sys_writev+0x75/0xb0 [ 118.612480][T10481] do_syscall_64+0xfa/0x790 [ 118.612494][T10481] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.612502][T10481] RIP: 0033:0x441239 [ 118.612510][T10481] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.612514][T10481] RSP: 002b:00007ffda139e2a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 118.612521][T10481] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239 [ 118.612526][T10481] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000003 [ 118.612530][T10481] RBP: 000000000001cf12 R08: 000000000000000d R09: 00000000004002c8 [ 118.612534][T10481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402060 [ 118.612538][T10481] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000 [ 118.613210][T10481] Kernel Offset: disabled [ 119.436890][T10481] Rebooting in 86400 seconds..