[ 81.481324][ T27] audit: type=1800 audit(1576724932.830:40): pid=9829 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 84.804966][ T27] audit: type=1400 audit(1576724936.170:41): avc: denied { map } for pid=10007 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.185' (ECDSA) to the list of known hosts. executing program [ 91.383248][ T27] audit: type=1400 audit(1576724942.750:42): avc: denied { map } for pid=10019 comm="syz-executor898" path="/root/syz-executor898944800" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 91.615143][T10019] ================================================================== [ 91.615184][T10019] BUG: KASAN: global-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 91.615191][T10019] Read of size 1 at addr ffffffff8872a460 by task syz-executor898/10019 [ 91.615194][T10019] [ 91.615203][T10019] CPU: 1 PID: 10019 Comm: syz-executor898 Not tainted 5.5.0-rc2-syzkaller #0 [ 91.615209][T10019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 91.615212][T10019] Call Trace: [ 91.615223][T10019] dump_stack+0x197/0x210 [ 91.615230][T10019] ? bit_putcs+0xd5d/0xf10 [ 91.615244][T10019] print_address_description.constprop.0.cold+0x5/0x30b [ 91.615251][T10019] ? bit_putcs+0xd5d/0xf10 [ 91.615257][T10019] ? bit_putcs+0xd5d/0xf10 [ 91.615265][T10019] __kasan_report.cold+0x1b/0x41 [ 91.615277][T10019] ? fb_get_color_depth.part.0+0xc0/0x200 [ 91.615283][T10019] ? bit_putcs+0xd5d/0xf10 [ 91.615292][T10019] kasan_report+0x12/0x20 [ 91.615301][T10019] __asan_report_load1_noabort+0x14/0x20 [ 91.615308][T10019] bit_putcs+0xd5d/0xf10 [ 91.615325][T10019] ? bit_cursor+0x1a60/0x1a60 [ 91.615337][T10019] ? write_comp_data+0x11/0x70 [ 91.615345][T10019] ? fb_get_color_depth.part.0+0xcf/0x200 [ 91.615356][T10019] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 91.615368][T10019] fbcon_putcs+0x33c/0x3e0 [ 91.615376][T10019] ? bit_cursor+0x1a60/0x1a60 [ 91.615387][T10019] do_update_region+0x328/0x6f0 [ 91.615400][T10019] ? con_get_trans_old+0x2a0/0x2a0 [ 91.615410][T10019] ? fbcon_set_palette+0x3c4/0x4a0 [ 91.615418][T10019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.615426][T10019] ? var_to_display+0x810/0x810 [ 91.615437][T10019] redraw_screen+0x676/0x7d0 [ 91.615447][T10019] ? respond_string+0x2c0/0x2c0 [ 91.615461][T10019] vc_do_resize+0x10c9/0x1460 [ 91.615471][T10019] ? down+0x50/0x90 [ 91.615489][T10019] ? vc_uniscr_alloc+0xd0/0xd0 [ 91.615497][T10019] ? lock_acquire+0x190/0x410 [ 91.615507][T10019] ? vt_ioctl+0x1f56/0x26d0 [ 91.615518][T10019] vc_resize+0x4d/0x60 [ 91.615528][T10019] vt_ioctl+0x2076/0x26d0 [ 91.615539][T10019] ? complete_change_console+0x3a0/0x3a0 [ 91.615546][T10019] ? lock_downgrade+0x920/0x920 [ 91.615554][T10019] ? rwlock_bug.part.0+0x90/0x90 [ 91.615564][T10019] ? tomoyo_path_number_perm+0x214/0x520 [ 91.615571][T10019] ? find_held_lock+0x35/0x130 [ 91.615580][T10019] ? tomoyo_path_number_perm+0x214/0x520 [ 91.615588][T10019] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 91.615597][T10019] ? tty_jobctrl_ioctl+0x50/0xd40 [ 91.615606][T10019] ? complete_change_console+0x3a0/0x3a0 [ 91.615615][T10019] tty_ioctl+0xa37/0x14f0 [ 91.615625][T10019] ? tty_vhangup+0x30/0x30 [ 91.615632][T10019] ? tomoyo_path_number_perm+0x454/0x520 [ 91.615642][T10019] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 91.615650][T10019] ? tomoyo_path_number_perm+0x25e/0x520 [ 91.615660][T10019] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 91.615674][T10019] ? ___might_sleep+0x163/0x2c0 [ 91.615685][T10019] ? tty_vhangup+0x30/0x30 [ 91.615696][T10019] do_vfs_ioctl+0x977/0x14e0 [ 91.615707][T10019] ? compat_ioctl_preallocate+0x220/0x220 [ 91.615715][T10019] ? selinux_file_mprotect+0x620/0x620 [ 91.615723][T10019] ? kmem_cache_free+0x26b/0x320 [ 91.615733][T10019] ? putname+0xf4/0x130 [ 91.615742][T10019] ? do_sys_open+0x31d/0x5d0 [ 91.615752][T10019] ? tomoyo_file_ioctl+0x23/0x30 [ 91.615761][T10019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.615769][T10019] ? security_file_ioctl+0x8d/0xc0 [ 91.615784][T10019] ksys_ioctl+0xab/0xd0 [ 91.615794][T10019] __x64_sys_ioctl+0x73/0xb0 [ 91.615806][T10019] do_syscall_64+0xfa/0x790 [ 91.615817][T10019] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.615824][T10019] RIP: 0033:0x443f89 [ 91.615833][T10019] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 91.615838][T10019] RSP: 002b:00007ffe0c875dc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.615846][T10019] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443f89 [ 91.615851][T10019] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000004 [ 91.615856][T10019] RBP: 00000000006cf018 R08: 0000000000000000 R09: 00000000004002e0 [ 91.615861][T10019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c90 [ 91.615865][T10019] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 91.615876][T10019] [ 91.615879][T10019] The buggy address belongs to the variable: [ 91.615886][T10019] oid_index+0x520/0xb80 [ 91.615888][T10019] [ 91.615890][T10019] Memory state around the buggy address: [ 91.615898][T10019] ffffffff8872a300: 00 07 fa fa fa fa fa fa 00 06 fa fa fa fa fa fa [ 91.615904][T10019] ffffffff8872a380: 06 fa fa fa fa fa fa fa 00 00 00 04 fa fa fa fa [ 91.615911][T10019] >ffffffff8872a400: 00 00 fa fa fa fa fa fa 00 00 06 fa fa fa fa fa [ 91.615914][T10019] ^ [ 91.615920][T10019] ffffffff8872a480: 00 06 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa [ 91.615926][T10019] ffffffff8872a500: 00 00 01 fa fa fa fa fa 06 fa fa fa fa fa fa fa [ 91.615929][T10019] ================================================================== [ 91.615932][T10019] Disabling lock debugging due to kernel taint [ 91.615937][T10019] Kernel panic - not syncing: panic_on_warn set ... [ 91.615945][T10019] CPU: 1 PID: 10019 Comm: syz-executor898 Tainted: G B 5.5.0-rc2-syzkaller #0 [ 91.615949][T10019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 91.615951][T10019] Call Trace: [ 91.615958][T10019] dump_stack+0x197/0x210 [ 91.615968][T10019] panic+0x2e3/0x75c [ 91.615975][T10019] ? add_taint.cold+0x16/0x16 [ 91.615986][T10019] ? trace_hardirqs_on+0x67/0x240 [ 91.615994][T10019] ? trace_hardirqs_on+0x5e/0x240 [ 91.616000][T10019] ? bit_putcs+0xd5d/0xf10 [ 91.616007][T10019] end_report+0x47/0x4f [ 91.616013][T10019] ? bit_putcs+0xd5d/0xf10 [ 91.616024][T10019] __kasan_report.cold+0xe/0x41 [ 91.616032][T10019] ? fb_get_color_depth.part.0+0xc0/0x200 [ 91.616038][T10019] ? bit_putcs+0xd5d/0xf10 [ 91.616045][T10019] kasan_report+0x12/0x20 [ 91.616053][T10019] __asan_report_load1_noabort+0x14/0x20 [ 91.616059][T10019] bit_putcs+0xd5d/0xf10 [ 91.616070][T10019] ? bit_cursor+0x1a60/0x1a60 [ 91.616078][T10019] ? write_comp_data+0x11/0x70 [ 91.616086][T10019] ? fb_get_color_depth.part.0+0xcf/0x200 [ 91.616095][T10019] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 91.616104][T10019] fbcon_putcs+0x33c/0x3e0 [ 91.616110][T10019] ? bit_cursor+0x1a60/0x1a60 [ 91.616118][T10019] do_update_region+0x328/0x6f0 [ 91.616128][T10019] ? con_get_trans_old+0x2a0/0x2a0 [ 91.616136][T10019] ? fbcon_set_palette+0x3c4/0x4a0 [ 91.616144][T10019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.616151][T10019] ? var_to_display+0x810/0x810 [ 91.616160][T10019] redraw_screen+0x676/0x7d0 [ 91.616168][T10019] ? respond_string+0x2c0/0x2c0 [ 91.616178][T10019] vc_do_resize+0x10c9/0x1460 [ 91.616185][T10019] ? down+0x50/0x90 [ 91.616197][T10019] ? vc_uniscr_alloc+0xd0/0xd0 [ 91.616204][T10019] ? lock_acquire+0x190/0x410 [ 91.616211][T10019] ? vt_ioctl+0x1f56/0x26d0 [ 91.616220][T10019] vc_resize+0x4d/0x60 [ 91.616228][T10019] vt_ioctl+0x2076/0x26d0 [ 91.616238][T10019] ? complete_change_console+0x3a0/0x3a0 [ 91.616244][T10019] ? lock_downgrade+0x920/0x920 [ 91.616251][T10019] ? rwlock_bug.part.0+0x90/0x90 [ 91.616259][T10019] ? tomoyo_path_number_perm+0x214/0x520 [ 91.616265][T10019] ? find_held_lock+0x35/0x130 [ 91.616272][T10019] ? tomoyo_path_number_perm+0x214/0x520 [ 91.616280][T10019] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 91.616287][T10019] ? tty_jobctrl_ioctl+0x50/0xd40 [ 91.616295][T10019] ? complete_change_console+0x3a0/0x3a0 [ 91.616303][T10019] tty_ioctl+0xa37/0x14f0 [ 91.616310][T10019] ? tty_vhangup+0x30/0x30 [ 91.616317][T10019] ? tomoyo_path_number_perm+0x454/0x520 [ 91.616326][T10019] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 91.616333][T10019] ? tomoyo_path_number_perm+0x25e/0x520 [ 91.616341][T10019] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 91.616350][T10019] ? ___might_sleep+0x163/0x2c0 [ 91.616359][T10019] ? tty_vhangup+0x30/0x30 [ 91.616366][T10019] do_vfs_ioctl+0x977/0x14e0 [ 91.616374][T10019] ? compat_ioctl_preallocate+0x220/0x220 [ 91.616381][T10019] ? selinux_file_mprotect+0x620/0x620 [ 91.616388][T10019] ? kmem_cache_free+0x26b/0x320 [ 91.616396][T10019] ? putname+0xf4/0x130 [ 91.616403][T10019] ? do_sys_open+0x31d/0x5d0 [ 91.616411][T10019] ? tomoyo_file_ioctl+0x23/0x30 [ 91.616419][T10019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 91.616425][T10019] ? security_file_ioctl+0x8d/0xc0 [ 91.616433][T10019] ksys_ioctl+0xab/0xd0 [ 91.616440][T10019] __x64_sys_ioctl+0x73/0xb0 [ 91.616449][T10019] do_syscall_64+0xfa/0x790 [ 91.616457][T10019] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.616462][T10019] RIP: 0033:0x443f89 [ 91.616469][T10019] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 91.616473][T10019] RSP: 002b:00007ffe0c875dc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.616479][T10019] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443f89 [ 91.616483][T10019] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000004 [ 91.616487][T10019] RBP: 00000000006cf018 R08: 0000000000000000 R09: 00000000004002e0 [ 91.616491][T10019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c90 [ 91.616495][T10019] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 91.617883][T10019] Kernel Offset: disabled [ 92.546061][T10019] Rebooting in 86400 seconds..