[   50.768328] audit: type=1800 audit(1584876658.529:30): pid=8251 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   55.533582] kauditd_printk_skb: 4 callbacks suppressed
[   55.533595] audit: type=1400 audit(1584876663.329:35): avc:  denied  { map } for  pid=8422 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.58' (ECDSA) to the list of known hosts.
[   62.582621] audit: type=1400 audit(1584876670.379:36): avc:  denied  { map } for  pid=8434 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2020/03/22 11:31:10 parsed 1 programs
[   63.906313] audit: type=1400 audit(1584876671.699:37): avc:  denied  { map } for  pid=8434 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3741 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2020/03/22 11:31:11 executed programs: 0
[   64.108512] IPVS: ftp: loaded support on port[0] = 21
[   64.174827] chnl_net:caif_netlink_parms(): no params data found
[   64.229849] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.236356] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.243930] device bridge_slave_0 entered promiscuous mode
[   64.251547] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.258052] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.265207] device bridge_slave_1 entered promiscuous mode
[   64.281838] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.290886] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.308261] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   64.315909] team0: Port device team_slave_0 added
[   64.321907] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   64.329462] team0: Port device team_slave_1 added
[   64.345528] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.351955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.377343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.389185] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.395410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.420700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.431677] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   64.439145] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   64.499116] device hsr_slave_0 entered promiscuous mode
[   64.567525] device hsr_slave_1 entered promiscuous mode
[   64.637800] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   64.644884] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   64.700318] audit: type=1400 audit(1584876672.499:38): avc:  denied  { create } for  pid=8452 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   64.723847] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.725214] audit: type=1400 audit(1584876672.499:39): avc:  denied  { write } for  pid=8452 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   64.730677] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.755367] audit: type=1400 audit(1584876672.499:40): avc:  denied  { read } for  pid=8452 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   64.761353] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.791057] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.828597] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   64.834658] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.845363] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   64.854575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.873509] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.880937] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.889583] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   64.900430] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   64.906531] 8021q: adding VLAN 0 to HW filter on device team0
[   64.916171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.924213] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.930599] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.941437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.949490] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.955831] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.978991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.986890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.995857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.003954] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.013380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.023739] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   65.029936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.044415] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   65.052834] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   65.059950] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.071401] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.085117] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   65.095468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   65.136237] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   65.143498] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   65.150412] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   65.162436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   65.170258] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   65.177272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   65.186980] device veth0_vlan entered promiscuous mode
[   65.197400] device veth1_vlan entered promiscuous mode
[   65.214687] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   65.224433] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
[   65.232035] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   65.240075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   65.251398] device veth0_macvtap entered promiscuous mode
[   65.257911] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[   65.266132] device veth1_macvtap entered promiscuous mode
[   65.272729] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
[   65.281641] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   65.291542] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   65.301193] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[   65.308503] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.315163] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   65.322883] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   65.330307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   65.339104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   65.350288] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[   65.357245] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.363781] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   65.371736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   65.492976] audit: type=1400 audit(1584876673.289:41): avc:  denied  { associate } for  pid=8452 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   65.556907] ==================================================================
[   65.556935] BUG: KASAN: global-out-of-bounds in fb_pad_aligned_buffer+0x137/0x150
[   65.556941] Read of size 1 at addr ffffffff87ad63e0 by task syz-executor.0/8489
[   65.556943] 
[   65.556951] CPU: 1 PID: 8489 Comm: syz-executor.0 Not tainted 4.19.112-syzkaller #0
[   65.556955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.556958] Call Trace:
[   65.556968]  dump_stack+0x188/0x20d
[   65.556976]  ? fb_pad_aligned_buffer+0x137/0x150
[   65.556985]  print_address_description.cold+0x5/0x212
[   65.556993]  ? fb_pad_aligned_buffer+0x137/0x150
[   65.556999]  kasan_report.cold+0x88/0x2b9
[   65.557008]  fb_pad_aligned_buffer+0x137/0x150
[   65.557019]  bit_putcs+0xc21/0xe10
[   65.557063]  ? bit_cursor+0x1900/0x1900
[   65.557077]  ? vesafb_probe.cold+0x1082/0x1082
[   65.557093]  ? fb_get_color_depth.part.0+0xc6/0x1f0
[   65.557109]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   65.557126]  fbcon_putcs+0x434/0x4f0
[   65.557142]  ? bit_cursor+0x1900/0x1900
[   65.557159]  do_update_region+0x398/0x630
[   65.557179]  ? con_get_trans_old+0x280/0x280
[   65.557197]  ? fbcon_set_palette+0x4c6/0x5e0
[   65.557211]  ? fbcon_redraw.isra.0+0x4c0/0x4c0
[   65.557228]  redraw_screen+0x5e1/0x870
[   65.557243]  ? con_flush_chars+0x90/0x90
[   65.557258]  ? console_lock+0x25/0x80
[   65.557279]  fbcon_do_set_font+0x727/0xa30
[   65.557299]  ? fbcon_do_set_font+0xa30/0xa30
[   65.557319]  fbcon_copy_font+0x125/0x190
[   65.557335]  con_font_op+0x63f/0x1130
[   65.557353]  ? con_write+0xe0/0xe0
[   65.557366]  ? lock_downgrade+0x740/0x740
[   65.557390]  ? __might_fault+0x192/0x1d0
[   65.557409]  vt_ioctl+0x1615/0x2310
[   65.557426]  ? complete_change_console+0x390/0x390
[   65.557439]  ? avc_has_extended_perms+0x9c6/0x1030
[   65.557460]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   65.557469]  ? complete_change_console+0x390/0x390
[   65.557478]  tty_ioctl+0x7a1/0x1420
[   65.557485]  ? tty_vhangup+0x30/0x30
[   65.557493]  ? mark_held_locks+0xf0/0xf0
[   65.557502]  ? mark_held_locks+0xf0/0xf0
[   65.557508]  ? find_held_lock+0x2d/0x110
[   65.557517]  ? debug_check_no_obj_freed+0x20a/0x42e
[   65.557529]  ? tty_vhangup+0x30/0x30
[   65.557537]  do_vfs_ioctl+0xcda/0x12e0
[   65.557546]  ? selinux_file_ioctl+0x46c/0x5d0
[   65.557553]  ? selinux_file_ioctl+0x125/0x5d0
[   65.557560]  ? check_preemption_disabled+0x41/0x280
[   65.557567]  ? ioctl_preallocate+0x200/0x200
[   65.557574]  ? selinux_file_mprotect+0x600/0x600
[   65.557583]  ? __fget+0x340/0x510
[   65.557592]  ? iterate_fd+0x350/0x350
[   65.557603]  ? security_file_ioctl+0x6c/0xb0
[   65.557611]  ksys_ioctl+0x9b/0xc0
[   65.557619]  __x64_sys_ioctl+0x6f/0xb0
[   65.557625]  ? lockdep_hardirqs_on+0x40b/0x5d0
[   65.557634]  do_syscall_64+0xf9/0x620
[   65.557643]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.557649] RIP: 0033:0x45c849
[   65.557657] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.557661] RSP: 002b:00007fafd6cb6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.557668] RAX: ffffffffffffffda RBX: 00007fafd6cb76d4 RCX: 000000000045c849
[   65.557672] RDX: 0000000020000080 RSI: 0000000000004b72 RDI: 0000000000000003
[   65.557676] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[   65.557680] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   65.557684] R13: 000000000000036c R14: 00000000004c5dd7 R15: 000000000076bf0c
[   65.557693] 
[   65.557695] The buggy address belongs to the variable:
[   65.557703]  fontdata_8x16+0x1000/0x1120
[   65.557704] 
[   65.557707] Memory state around the buggy address:
[   65.557713]  ffffffff87ad6280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.557718]  ffffffff87ad6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.557723] >ffffffff87ad6380: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
[   65.557726]                                                        ^
[   65.557731]  ffffffff87ad6400: 06 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa
[   65.557736]  ffffffff87ad6480: 06 fa fa fa fa fa fa fa 00 00 03 fa fa fa fa fa
[   65.557739] ==================================================================
[   65.557741] Disabling lock debugging due to kernel taint
[   65.557841] Kernel panic - not syncing: panic_on_warn set ...
[   65.557841] 
[   65.557858] CPU: 1 PID: 8489 Comm: syz-executor.0 Tainted: G    B             4.19.112-syzkaller #0
[   65.557870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.557878] Call Trace:
[   65.557895]  dump_stack+0x188/0x20d
[   65.557912]  panic+0x26a/0x50e
[   65.557929]  ? __warn_printk+0xf3/0xf3
[   65.557947]  ? preempt_schedule_common+0x4a/0xc0
[   65.557963]  ? fb_pad_aligned_buffer+0x137/0x150
[   65.557980]  ? ___preempt_schedule+0x16/0x18
[   65.557997]  ? trace_hardirqs_on+0x55/0x210
[   65.558012]  ? fb_pad_aligned_buffer+0x137/0x150
[   65.558029]  kasan_end_report+0x43/0x49
[   65.558045]  kasan_report.cold+0xa4/0x2b9
[   65.558061]  fb_pad_aligned_buffer+0x137/0x150
[   65.558077]  bit_putcs+0xc21/0xe10
[   65.558101]  ? bit_cursor+0x1900/0x1900
[   65.558117]  ? vesafb_probe.cold+0x1082/0x1082
[   65.558133]  ? fb_get_color_depth.part.0+0xc6/0x1f0
[   65.558149]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   65.558165]  fbcon_putcs+0x434/0x4f0
[   65.558182]  ? bit_cursor+0x1900/0x1900
[   65.558198]  do_update_region+0x398/0x630
[   65.558214]  ? con_get_trans_old+0x280/0x280
[   65.558230]  ? fbcon_set_palette+0x4c6/0x5e0
[   65.558247]  ? fbcon_redraw.isra.0+0x4c0/0x4c0
[   65.558263]  redraw_screen+0x5e1/0x870
[   65.558279]  ? con_flush_chars+0x90/0x90
[   65.558296]  ? console_lock+0x25/0x80
[   65.558331]  fbcon_do_set_font+0x727/0xa30
[   65.558348]  ? fbcon_do_set_font+0xa30/0xa30
[   65.558365]  fbcon_copy_font+0x125/0x190
[   65.558381]  con_font_op+0x63f/0x1130
[   65.558397]  ? con_write+0xe0/0xe0
[   65.558413]  ? lock_downgrade+0x740/0x740
[   65.558431]  ? __might_fault+0x192/0x1d0
[   65.558447]  vt_ioctl+0x1615/0x2310
[   65.558464]  ? complete_change_console+0x390/0x390
[   65.558481]  ? avc_has_extended_perms+0x9c6/0x1030
[   65.558504]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   65.558521]  ? complete_change_console+0x390/0x390
[   65.558536]  tty_ioctl+0x7a1/0x1420
[   65.558552]  ? tty_vhangup+0x30/0x30
[   65.558568]  ? mark_held_locks+0xf0/0xf0
[   65.558584]  ? mark_held_locks+0xf0/0xf0
[   65.558600]  ? find_held_lock+0x2d/0x110
[   65.558618]  ? debug_check_no_obj_freed+0x20a/0x42e
[   65.558634]  ? tty_vhangup+0x30/0x30
[   65.558649]  do_vfs_ioctl+0xcda/0x12e0
[   65.558666]  ? selinux_file_ioctl+0x46c/0x5d0
[   65.558684]  ? selinux_file_ioctl+0x125/0x5d0
[   65.558701]  ? check_preemption_disabled+0x41/0x280
[   65.558717]  ? ioctl_preallocate+0x200/0x200
[   65.558735]  ? selinux_file_mprotect+0x600/0x600
[   65.558750]  ? __fget+0x340/0x510
[   65.558766]  ? iterate_fd+0x350/0x350
[   65.558782]  ? security_file_ioctl+0x6c/0xb0
[   65.558797]  ksys_ioctl+0x9b/0xc0
[   65.558821]  __x64_sys_ioctl+0x6f/0xb0
[   65.558839]  ? lockdep_hardirqs_on+0x40b/0x5d0
[   65.558855]  do_syscall_64+0xf9/0x620
[   65.558872]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.558887] RIP: 0033:0x45c849
[   65.558902] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.558914] RSP: 002b:00007fafd6cb6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.558936] RAX: ffffffffffffffda RBX: 00007fafd6cb76d4 RCX: 000000000045c849
[   65.558942] RDX: 0000000020000080 RSI: 0000000000004b72 RDI: 0000000000000003
[   65.558947] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[   65.558953] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   65.558958] R13: 000000000000036c R14: 00000000004c5dd7 R15: 000000000076bf0c
[   65.559962] Kernel Offset: disabled
[   66.309849] Rebooting in 86400 seconds..