[ 75.569499][ T25] audit: type=1400 audit(1575353209.998:37): avc: denied { watch } for pid=9896 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 75.612275][ T25] audit: type=1400 audit(1575353209.998:38): avc: denied { watch } for pid=9896 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 75.918513][ T25] audit: type=1800 audit(1575353210.348:39): pid=9810 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 75.940567][ T25] audit: type=1800 audit(1575353210.348:40): pid=9810 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 79.115879][ T25] audit: type=1400 audit(1575353213.548:41): avc: denied { map } for pid=9985 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. executing program [ 85.700830][ T25] audit: type=1400 audit(1575353220.138:42): avc: denied { map } for pid=9997 comm="syz-executor462" path="/root/syz-executor462889265" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 85.798444][ T9998] ================================================================== [ 85.806736][ T9998] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 85.814059][ T9998] Write of size 8 at addr ffff88809ae61aa8 by task syz-executor462/9998 [ 85.822422][ T9998] [ 85.824739][ T9998] CPU: 0 PID: 9998 Comm: syz-executor462 Not tainted 5.4.0-syzkaller #0 [ 85.833103][ T9998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.843159][ T9998] Call Trace: [ 85.846436][ T9998] dump_stack+0x197/0x210 [ 85.850749][ T9998] ? pipe_write+0xe30/0x1000 [ 85.855325][ T9998] print_address_description.constprop.0.cold+0xd4/0x30b [ 85.862351][ T9998] ? pipe_write+0xe30/0x1000 [ 85.866925][ T9998] ? pipe_write+0xe30/0x1000 [ 85.871497][ T9998] __kasan_report.cold+0x1b/0x41 [ 85.876547][ T9998] ? pipe_write+0xe30/0x1000 [ 85.881158][ T9998] kasan_report+0x12/0x20 [ 85.885499][ T9998] __asan_report_store8_noabort+0x17/0x20 [ 85.891204][ T9998] pipe_write+0xe30/0x1000 [ 85.895628][ T9998] new_sync_write+0x4d3/0x770 [ 85.900313][ T9998] ? new_sync_read+0x800/0x800 [ 85.905077][ T9998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.911427][ T9998] ? security_file_permission+0x8f/0x380 [ 85.917052][ T9998] __vfs_write+0xe1/0x110 [ 85.921373][ T9998] vfs_write+0x268/0x5d0 [ 85.925599][ T9998] ksys_write+0x220/0x290 [ 85.929953][ T9998] ? __ia32_sys_read+0xb0/0xb0 [ 85.934815][ T9998] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.940308][ T9998] ? do_syscall_64+0x26/0x790 [ 85.944969][ T9998] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.951024][ T9998] ? do_syscall_64+0x26/0x790 [ 85.955718][ T9998] __x64_sys_write+0x73/0xb0 [ 85.960293][ T9998] do_syscall_64+0xfa/0x790 [ 85.964781][ T9998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.970687][ T9998] RIP: 0033:0x445879 [ 85.974564][ T9998] Code: e8 ec bc 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.994154][ T9998] RSP: 002b:00007f1adc8a8db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 86.002946][ T9998] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445879 [ 86.010913][ T9998] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 86.019071][ T9998] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 86.027081][ T9998] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 86.035125][ T9998] R13: 00007fff303618ef R14: 00007f1adc8a99c0 R15: 0000000000000000 [ 86.043099][ T9998] [ 86.045465][ T9998] Allocated by task 10000: [ 86.049869][ T9998] save_stack+0x23/0x90 [ 86.054009][ T9998] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 86.059635][ T9998] kasan_kmalloc+0x9/0x10 [ 86.063951][ T9998] __kmalloc+0x163/0x770 [ 86.068174][ T9998] pipe_fcntl+0x3f7/0x8e0 [ 86.072540][ T9998] do_fcntl+0x255/0x1030 [ 86.076764][ T9998] __x64_sys_fcntl+0x16d/0x1e0 [ 86.081513][ T9998] do_syscall_64+0xfa/0x790 [ 86.085999][ T9998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.091866][ T9998] [ 86.094185][ T9998] Freed by task 0: [ 86.097882][ T9998] (stack is not available) [ 86.102272][ T9998] [ 86.104582][ T9998] The buggy address belongs to the object at ffff88809ae61a80 [ 86.104582][ T9998] which belongs to the cache kmalloc-64 of size 64 [ 86.118461][ T9998] The buggy address is located 40 bytes inside of [ 86.118461][ T9998] 64-byte region [ffff88809ae61a80, ffff88809ae61ac0) [ 86.131537][ T9998] The buggy address belongs to the page: [ 86.137192][ T9998] page:ffffea00026b9840 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 86.146305][ T9998] raw: 00fffe0000000200 ffffea00029f2fc8 ffff8880aa401348 ffff8880aa400380 [ 86.154887][ T9998] raw: 0000000000000000 ffff88809ae61000 0000000100000020 0000000000000000 [ 86.163472][ T9998] page dumped because: kasan: bad access detected [ 86.169897][ T9998] [ 86.172208][ T9998] Memory state around the buggy address: [ 86.177914][ T9998] ffff88809ae61980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.185959][ T9998] ffff88809ae61a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.194004][ T9998] >ffff88809ae61a80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 86.202173][ T9998] ^ [ 86.207542][ T9998] ffff88809ae61b00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 86.215589][ T9998] ffff88809ae61b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 86.223633][ T9998] ================================================================== [ 86.231675][ T9998] Disabling lock debugging due to kernel taint [ 86.238353][ T9998] Kernel panic - not syncing: panic_on_warn set ... [ 86.244942][ T9998] CPU: 0 PID: 9998 Comm: syz-executor462 Tainted: G B 5.4.0-syzkaller #0 [ 86.254633][ T9998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.264679][ T9998] Call Trace: [ 86.267953][ T9998] dump_stack+0x197/0x210 [ 86.272265][ T9998] panic+0x2e3/0x75c [ 86.276141][ T9998] ? add_taint.cold+0x16/0x16 [ 86.280818][ T9998] ? pipe_write+0xe30/0x1000 [ 86.285415][ T9998] ? preempt_schedule+0x4b/0x60 [ 86.290265][ T9998] ? ___preempt_schedule+0x16/0x18 [ 86.295373][ T9998] ? trace_hardirqs_on+0x5e/0x240 [ 86.300386][ T9998] ? pipe_write+0xe30/0x1000 [ 86.304968][ T9998] end_report+0x47/0x4f [ 86.309115][ T9998] ? pipe_write+0xe30/0x1000 [ 86.313688][ T9998] __kasan_report.cold+0xe/0x41 [ 86.318520][ T9998] ? pipe_write+0xe30/0x1000 [ 86.323239][ T9998] kasan_report+0x12/0x20 [ 86.327592][ T9998] __asan_report_store8_noabort+0x17/0x20 [ 86.333302][ T9998] pipe_write+0xe30/0x1000 [ 86.337701][ T9998] new_sync_write+0x4d3/0x770 [ 86.342359][ T9998] ? new_sync_read+0x800/0x800 [ 86.347248][ T9998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.353471][ T9998] ? security_file_permission+0x8f/0x380 [ 86.359130][ T9998] __vfs_write+0xe1/0x110 [ 86.363443][ T9998] vfs_write+0x268/0x5d0 [ 86.367668][ T9998] ksys_write+0x220/0x290 [ 86.372072][ T9998] ? __ia32_sys_read+0xb0/0xb0 [ 86.376821][ T9998] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 86.382278][ T9998] ? do_syscall_64+0x26/0x790 [ 86.386934][ T9998] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.392993][ T9998] ? do_syscall_64+0x26/0x790 [ 86.397654][ T9998] __x64_sys_write+0x73/0xb0 [ 86.402278][ T9998] do_syscall_64+0xfa/0x790 [ 86.406825][ T9998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.412696][ T9998] RIP: 0033:0x445879 [ 86.416584][ T9998] Code: e8 ec bc 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.436186][ T9998] RSP: 002b:00007f1adc8a8db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 86.444580][ T9998] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445879 [ 86.452538][ T9998] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 86.460490][ T9998] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 86.468451][ T9998] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 86.476416][ T9998] R13: 00007fff303618ef R14: 00007f1adc8a99c0 R15: 0000000000000000 [ 86.485622][ T9998] Kernel Offset: disabled [ 86.489972][ T9998] Rebooting in 86400 seconds..