[ 88.792978][ T26] audit: type=1400 audit(1578788834.088:37): avc: denied { watch } for pid=10485 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 88.817103][ T26] audit: type=1400 audit(1578788834.088:38): avc: denied { watch } for pid=10485 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 89.084830][ T26] audit: type=1800 audit(1578788834.388:39): pid=10398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 89.107244][ T26] audit: type=1800 audit(1578788834.388:40): pid=10398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 91.794967][ T26] audit: type=1400 audit(1578788837.098:41): avc: denied { map } for pid=10577 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. executing program [ 98.628313][ T26] audit: type=1400 audit(1578788843.928:42): avc: denied { map } for pid=10589 comm="syz-executor842" path="/root/syz-executor842980891" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 98.662643][T10591] ================================================================== [ 98.662682][T10591] BUG: KASAN: global-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 98.662690][T10591] Read of size 1 at addr ffffffff8874115e by task syz-executor842/10591 [ 98.662692][T10591] [ 98.662702][T10591] CPU: 1 PID: 10591 Comm: syz-executor842 Not tainted 5.5.0-rc5-syzkaller #0 [ 98.662707][T10591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.662710][T10591] Call Trace: [ 98.662721][T10591] dump_stack+0x197/0x210 [ 98.662729][T10591] ? bit_putcs+0xd5d/0xf10 [ 98.662742][T10591] print_address_description.constprop.0.cold+0x5/0x30b [ 98.662749][T10591] ? bit_putcs+0xd5d/0xf10 [ 98.662757][T10591] ? bit_putcs+0xd5d/0xf10 [ 98.662765][T10591] __kasan_report.cold+0x1b/0x41 [ 98.662776][T10591] ? fb_get_color_depth.part.0+0x10/0x200 [ 98.662782][T10591] ? bit_putcs+0xd5d/0xf10 [ 98.662792][T10591] kasan_report+0x12/0x20 [ 98.662801][T10591] __asan_report_load1_noabort+0x14/0x20 [ 98.662808][T10591] bit_putcs+0xd5d/0xf10 [ 98.662826][T10591] ? bit_cursor+0x1a60/0x1a60 [ 98.662838][T10591] ? __sanitizer_cov_trace_cmp4+0x11/0x20 [ 98.662849][T10591] ? fb_get_color_depth.part.0+0xcf/0x200 [ 98.662860][T10591] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 98.662871][T10591] fbcon_putcs+0x33c/0x3e0 [ 98.662879][T10591] ? bit_cursor+0x1a60/0x1a60 [ 98.662891][T10591] do_update_region+0x42b/0x6f0 [ 98.662904][T10591] ? con_get_trans_old+0x2a0/0x2a0 [ 98.662913][T10591] ? fbcon_set_palette+0x3c4/0x4a0 [ 98.662921][T10591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.662928][T10591] ? var_to_display+0x810/0x810 [ 98.662939][T10591] redraw_screen+0x676/0x7d0 [ 98.662950][T10591] ? respond_string+0x2c0/0x2c0 [ 98.662966][T10591] fbcon_do_set_font+0x829/0x960 [ 98.662977][T10591] fbcon_copy_font+0x12c/0x190 [ 98.662985][T10591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.662992][T10591] ? fbcon_do_set_font+0x960/0x960 [ 98.663000][T10591] con_font_op+0x6b2/0x1270 [ 98.663009][T10591] ? lock_downgrade+0x920/0x920 [ 98.663017][T10591] ? con_write+0xd0/0xd0 [ 98.663032][T10591] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.663042][T10591] ? _copy_from_user+0x12c/0x1a0 [ 98.663051][T10591] vt_ioctl+0x181a/0x26d0 [ 98.663060][T10591] ? complete_change_console+0x3a0/0x3a0 [ 98.663067][T10591] ? lock_downgrade+0x920/0x920 [ 98.663075][T10591] ? rwlock_bug.part.0+0x90/0x90 [ 98.663086][T10591] ? tomoyo_path_number_perm+0x214/0x520 [ 98.663093][T10591] ? find_held_lock+0x35/0x130 [ 98.663103][T10591] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 98.663113][T10591] ? tty_jobctrl_ioctl+0x50/0xd40 [ 98.663121][T10591] ? complete_change_console+0x3a0/0x3a0 [ 98.663131][T10591] tty_ioctl+0xa37/0x14f0 [ 98.663140][T10591] ? tty_vhangup+0x30/0x30 [ 98.663148][T10591] ? tomoyo_path_number_perm+0x454/0x520 [ 98.663159][T10591] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 98.663167][T10591] ? tomoyo_path_number_perm+0x25e/0x520 [ 98.663177][T10591] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 98.663191][T10591] ? ___might_sleep+0x163/0x2c0 [ 98.663203][T10591] ? tty_vhangup+0x30/0x30 [ 98.663212][T10591] do_vfs_ioctl+0x977/0x14e0 [ 98.663223][T10591] ? compat_ioctl_preallocate+0x220/0x220 [ 98.663232][T10591] ? selinux_file_mprotect+0x620/0x620 [ 98.663239][T10591] ? __fget+0x37f/0x550 [ 98.663249][T10591] ? ksys_dup3+0x3e0/0x3e0 [ 98.663259][T10591] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 98.663270][T10591] ? tomoyo_file_ioctl+0x23/0x30 [ 98.663279][T10591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.663287][T10591] ? security_file_ioctl+0x8d/0xc0 [ 98.663297][T10591] ksys_ioctl+0xab/0xd0 [ 98.663306][T10591] __x64_sys_ioctl+0x73/0xb0 [ 98.663317][T10591] do_syscall_64+0xfa/0x790 [ 98.663328][T10591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.663335][T10591] RIP: 0033:0x445919 [ 98.663344][T10591] Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.663348][T10591] RSP: 002b:00007f96bbd60db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.663357][T10591] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445919 [ 98.663362][T10591] RDX: 0000000020000540 RSI: 0000000000004b72 RDI: 0000000000000008 [ 98.663366][T10591] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 98.663371][T10591] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 98.663376][T10591] R13: 00007ffd2d5ead1f R14: 00007f96bbd619c0 R15: 20c49ba5e353f7cf [ 98.663386][T10591] [ 98.663389][T10591] The buggy address belongs to the variable: [ 98.663397][T10591] fontdata_8x16+0x10de/0x1120 [ 98.663399][T10591] [ 98.663402][T10591] Memory state around the buggy address: [ 98.663409][T10591] ffffffff88741000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 98.663415][T10591] ffffffff88741080: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa [ 98.663421][T10591] >ffffffff88741100: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 03 fa [ 98.663425][T10591] ^ [ 98.663430][T10591] ffffffff88741180: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 98.663436][T10591] ffffffff88741200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 98.663439][T10591] ================================================================== [ 98.663442][T10591] Disabling lock debugging due to kernel taint [ 98.663446][T10591] Kernel panic - not syncing: panic_on_warn set ... [ 98.663455][T10591] CPU: 1 PID: 10591 Comm: syz-executor842 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 98.663459][T10591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.663461][T10591] Call Trace: [ 98.663467][T10591] dump_stack+0x197/0x210 [ 98.663477][T10591] panic+0x2e3/0x75c [ 98.663484][T10591] ? add_taint.cold+0x16/0x16 [ 98.663496][T10591] ? trace_hardirqs_on+0x67/0x240 [ 98.663503][T10591] ? trace_hardirqs_on+0x5e/0x240 [ 98.663510][T10591] ? bit_putcs+0xd5d/0xf10 [ 98.663517][T10591] end_report+0x47/0x4f [ 98.663524][T10591] ? bit_putcs+0xd5d/0xf10 [ 98.663530][T10591] __kasan_report.cold+0xe/0x41 [ 98.663539][T10591] ? fb_get_color_depth.part.0+0x10/0x200 [ 98.663545][T10591] ? bit_putcs+0xd5d/0xf10 [ 98.663552][T10591] kasan_report+0x12/0x20 [ 98.663560][T10591] __asan_report_load1_noabort+0x14/0x20 [ 98.663572][T10591] bit_putcs+0xd5d/0xf10 [ 98.663584][T10591] ? bit_cursor+0x1a60/0x1a60 [ 98.663592][T10591] ? __sanitizer_cov_trace_cmp4+0x11/0x20 [ 98.663600][T10591] ? fb_get_color_depth.part.0+0xcf/0x200 [ 98.663609][T10591] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 98.663617][T10591] fbcon_putcs+0x33c/0x3e0 [ 98.663624][T10591] ? bit_cursor+0x1a60/0x1a60 [ 98.663632][T10591] do_update_region+0x42b/0x6f0 [ 98.663641][T10591] ? con_get_trans_old+0x2a0/0x2a0 [ 98.663649][T10591] ? fbcon_set_palette+0x3c4/0x4a0 [ 98.663657][T10591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.663663][T10591] ? var_to_display+0x810/0x810 [ 98.663672][T10591] redraw_screen+0x676/0x7d0 [ 98.663680][T10591] ? respond_string+0x2c0/0x2c0 [ 98.663689][T10591] fbcon_do_set_font+0x829/0x960 [ 98.663698][T10591] fbcon_copy_font+0x12c/0x190 [ 98.663706][T10591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.663712][T10591] ? fbcon_do_set_font+0x960/0x960 [ 98.663719][T10591] con_font_op+0x6b2/0x1270 [ 98.663726][T10591] ? lock_downgrade+0x920/0x920 [ 98.663732][T10591] ? con_write+0xd0/0xd0 [ 98.663743][T10591] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.663750][T10591] ? _copy_from_user+0x12c/0x1a0 [ 98.663757][T10591] vt_ioctl+0x181a/0x26d0 [ 98.663765][T10591] ? complete_change_console+0x3a0/0x3a0 [ 98.663771][T10591] ? lock_downgrade+0x920/0x920 [ 98.663778][T10591] ? rwlock_bug.part.0+0x90/0x90 [ 98.663786][T10591] ? tomoyo_path_number_perm+0x214/0x520 [ 98.663793][T10591] ? find_held_lock+0x35/0x130 [ 98.663801][T10591] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 98.663809][T10591] ? tty_jobctrl_ioctl+0x50/0xd40 [ 98.663815][T10591] ? complete_change_console+0x3a0/0x3a0 [ 98.663823][T10591] tty_ioctl+0xa37/0x14f0 [ 98.663831][T10591] ? tty_vhangup+0x30/0x30 [ 98.663839][T10591] ? tomoyo_path_number_perm+0x454/0x520 [ 98.663847][T10591] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 98.663855][T10591] ? tomoyo_path_number_perm+0x25e/0x520 [ 98.663863][T10591] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 98.663873][T10591] ? ___might_sleep+0x163/0x2c0 [ 98.663882][T10591] ? tty_vhangup+0x30/0x30 [ 98.663891][T10591] do_vfs_ioctl+0x977/0x14e0 [ 98.663900][T10591] ? compat_ioctl_preallocate+0x220/0x220 [ 98.663907][T10591] ? selinux_file_mprotect+0x620/0x620 [ 98.663913][T10591] ? __fget+0x37f/0x550 [ 98.663921][T10591] ? ksys_dup3+0x3e0/0x3e0 [ 98.663928][T10591] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 98.663938][T10591] ? tomoyo_file_ioctl+0x23/0x30 [ 98.663945][T10591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.663952][T10591] ? security_file_ioctl+0x8d/0xc0 [ 98.663959][T10591] ksys_ioctl+0xab/0xd0 [ 98.663967][T10591] __x64_sys_ioctl+0x73/0xb0 [ 98.663975][T10591] do_syscall_64+0xfa/0x790 [ 98.663983][T10591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.663988][T10591] RIP: 0033:0x445919 [ 98.663995][T10591] Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.663999][T10591] RSP: 002b:00007f96bbd60db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.664005][T10591] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445919 [ 98.664009][T10591] RDX: 0000000020000540 RSI: 0000000000004b72 RDI: 0000000000000008 [ 98.664013][T10591] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 98.664017][T10591] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 98.664021][T10591] R13: 00007ffd2d5ead1f R14: 00007f96bbd619c0 R15: 20c49ba5e353f7cf [ 98.665452][T10591] Kernel Offset: disabled [ 99.623213][T10591] Rebooting in 86400 seconds..