[ 79.595412][ T27] audit: type=1400 audit(1575904033.569:37): avc: denied { watch } for pid=10055 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 79.619498][ T27] audit: type=1400 audit(1575904033.569:38): avc: denied { watch } for pid=10055 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 79.870094][ T27] audit: type=1800 audit(1575904033.849:39): pid=9959 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 79.892386][ T27] audit: type=1800 audit(1575904033.849:40): pid=9959 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 82.301201][ T27] audit: type=1400 audit(1575904036.279:41): avc: denied { map } for pid=10137 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts. [ 88.971855][ T27] audit: type=1400 audit(1575904042.949:42): avc: denied { map } for pid=10149 comm="syz-executor796" path="/root/syz-executor796180095" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 89.002588][T10157] IPVS: ftp: loaded support on port[0] = 21 [ 89.019373][T10158] IPVS: ftp: loaded support on port[0] = 21 [ 89.020624][T10160] IPVS: ftp: loaded support on port[0] = 21 [ 89.034362][T10156] IPVS: ftp: loaded support on port[0] = 21 [ 89.043591][T10159] IPVS: ftp: loaded support on port[0] = 21 [ 89.052706][T10161] IPVS: ftp: loaded support on port[0] = 21 executing program [ 89.142479][ T27] audit: type=1400 audit(1575904043.119:43): avc: denied { create } for pid=10158 comm="syz-executor796" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 executing program [ 89.186724][ T27] audit: type=1400 audit(1575904043.119:44): avc: denied { write } for pid=10158 comm="syz-executor796" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 89.186751][ T27] audit: type=1400 audit(1575904043.119:45): avc: denied { read } for pid=10158 comm="syz-executor796" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 89.587503][T10203] ================================================================== [ 89.587572][T10203] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 89.587585][T10203] Read of size 1 at addr ffff88808ce9f808 by task syz-executor796/10203 [ 89.587589][T10203] [ 89.587605][T10203] CPU: 0 PID: 10203 Comm: syz-executor796 Not tainted 5.5.0-rc1-syzkaller #0 [ 89.587613][T10203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.587618][T10203] Call Trace: [ 89.587638][T10203] dump_stack+0x197/0x210 [ 89.587649][T10203] ? bit_putcs+0xd5d/0xf10 [ 89.587667][T10203] print_address_description.constprop.0.cold+0xd4/0x30b [ 89.587675][T10203] ? bit_putcs+0xd5d/0xf10 [ 89.587683][T10203] ? bit_putcs+0xd5d/0xf10 [ 89.587694][T10203] __kasan_report.cold+0x1b/0x41 [ 89.587709][T10203] ? fb_get_color_depth.part.0+0x40/0x200 [ 89.587719][T10203] ? bit_putcs+0xd5d/0xf10 [ 89.587734][T10203] kasan_report+0x12/0x20 [ 89.587749][T10203] __asan_report_load1_noabort+0x14/0x20 [ 89.587760][T10203] bit_putcs+0xd5d/0xf10 [ 89.587792][T10203] ? bit_cursor+0x1a60/0x1a60 [ 89.587811][T10203] ? write_comp_data+0x1/0x70 [ 89.587826][T10203] ? fb_get_color_depth.part.0+0xcf/0x200 [ 89.587844][T10203] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 89.587866][T10203] fbcon_putcs+0x33c/0x3e0 [ 89.587880][T10203] ? bit_cursor+0x1a60/0x1a60 [ 89.587901][T10203] do_update_region+0x42b/0x6f0 [ 89.587916][T10203] ? con_get_trans_old+0x2a0/0x2a0 [ 89.587929][T10203] ? fbcon_set_palette+0x3c4/0x4a0 [ 89.587940][T10203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.587954][T10203] ? var_to_display+0x810/0x810 [ 89.587972][T10203] redraw_screen+0x676/0x7d0 [ 89.587989][T10203] ? respond_string+0x2c0/0x2c0 [ 89.588011][T10203] fbcon_do_set_font+0x829/0x960 [ 89.588030][T10203] fbcon_copy_font+0x12c/0x190 [ 89.588043][T10203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.588055][T10203] ? fbcon_do_set_font+0x960/0x960 [ 89.588079][T10203] con_font_op+0x6b2/0x1270 [ 89.588095][T10203] ? lock_downgrade+0x920/0x920 [ 89.588117][T10203] ? con_write+0xd0/0xd0 [ 89.588145][T10203] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 89.588161][T10203] ? _copy_from_user+0x12c/0x1a0 [ 89.588182][T10203] vt_ioctl+0x181a/0x26d0 [ 89.588205][T10203] ? complete_change_console+0x3a0/0x3a0 [ 89.588217][T10203] ? lock_downgrade+0x920/0x920 [ 89.588233][T10203] ? rwlock_bug.part.0+0x90/0x90 [ 89.588249][T10203] ? tomoyo_path_number_perm+0x214/0x520 [ 89.588262][T10203] ? find_held_lock+0x35/0x130 [ 89.588280][T10203] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 89.588295][T10203] ? tty_jobctrl_ioctl+0x50/0xd40 [ 89.588309][T10203] ? complete_change_console+0x3a0/0x3a0 [ 89.588325][T10203] tty_ioctl+0xa37/0x14f0 [ 89.588340][T10203] ? tty_vhangup+0x30/0x30 [ 89.588352][T10203] ? tomoyo_path_number_perm+0x454/0x520 [ 89.588369][T10203] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 89.588383][T10203] ? tomoyo_path_number_perm+0x25e/0x520 [ 89.588399][T10203] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 89.588422][T10203] ? ___might_sleep+0x163/0x2c0 [ 89.588439][T10203] ? tty_vhangup+0x30/0x30 [ 89.588456][T10203] do_vfs_ioctl+0x977/0x14e0 [ 89.588473][T10203] ? compat_ioctl_preallocate+0x220/0x220 [ 89.588493][T10203] ? selinux_file_mprotect+0x620/0x620 [ 89.588506][T10203] ? __fget+0x37f/0x550 [ 89.588523][T10203] ? ksys_dup3+0x3e0/0x3e0 [ 89.588546][T10203] ? tomoyo_file_ioctl+0x23/0x30 [ 89.588560][T10203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.588573][T10203] ? security_file_ioctl+0x8d/0xc0 [ 89.588589][T10203] ksys_ioctl+0xab/0xd0 [ 89.588605][T10203] __x64_sys_ioctl+0x73/0xb0 [ 89.588625][T10203] do_syscall_64+0xfa/0x790 [ 89.588651][T10203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 89.588662][T10203] RIP: 0033:0x447329 [ 89.588676][T10203] Code: e8 4c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 89.588684][T10203] RSP: 002b:00007f3d0571bd08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 89.588697][T10203] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000447329 [ 89.588705][T10203] RDX: 0000000020000180 RSI: 0000000000004b72 RDI: 0000000000000003 [ 89.588711][T10203] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 89.588719][T10203] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 89.588727][T10203] R13: 0000000000000000 R14: 00000000f72a8fce R15: 00000000006dcc6c [ 89.588746][T10203] [ 89.588753][T10203] Allocated by task 10163: [ 89.588767][T10203] save_stack+0x23/0x90 [ 89.588778][T10203] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 89.588789][T10203] kasan_kmalloc+0x9/0x10 [ 89.588799][T10203] __kmalloc+0x163/0x770 [ 89.588810][T10203] fbcon_set_font+0x32d/0x860 [ 89.588822][T10203] con_font_op+0xe30/0x1270 [ 89.588836][T10203] vt_ioctl+0xd2e/0x26d0 [ 89.588847][T10203] tty_ioctl+0xa37/0x14f0 [ 89.588858][T10203] do_vfs_ioctl+0x977/0x14e0 [ 89.588868][T10203] ksys_ioctl+0xab/0xd0 [ 89.588879][T10203] __x64_sys_ioctl+0x73/0xb0 [ 89.588892][T10203] do_syscall_64+0xfa/0x790 [ 89.588903][T10203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 89.588907][T10203] [ 89.588912][T10203] Freed by task 0: [ 89.588916][T10203] (stack is not available) [ 89.588919][T10203] [ 89.588930][T10203] The buggy address belongs to the object at ffff88808ce9f000 [ 89.588930][T10203] which belongs to the cache kmalloc-2k of size 2048 [ 89.588941][T10203] The buggy address is located 8 bytes to the right of [ 89.588941][T10203] 2048-byte region [ffff88808ce9f000, ffff88808ce9f800) [ 89.588945][T10203] The buggy address belongs to the page: [ 89.588959][T10203] page:ffffea000233a7c0 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 [ 89.588978][T10203] raw: 00fffe0000000200 ffffea0002808f88 ffffea000239ac48 ffff8880aa400e00 [ 89.588992][T10203] raw: 0000000000000000 ffff88808ce9f000 0000000100000001 0000000000000000 [ 89.588999][T10203] page dumped because: kasan: bad access detected [ 89.589002][T10203] [ 89.589007][T10203] Memory state around the buggy address: [ 89.589018][T10203] ffff88808ce9f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.589026][T10203] ffff88808ce9f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.589037][T10203] >ffff88808ce9f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.589042][T10203] ^ [ 89.589052][T10203] ffff88808ce9f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.589066][T10203] ffff88808ce9f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.589070][T10203] ================================================================== [ 89.589075][T10203] Disabling lock debugging due to kernel taint [ 89.589081][T10203] Kernel panic - not syncing: panic_on_warn set ... [ 89.589094][T10203] CPU: 0 PID: 10203 Comm: syz-executor796 Tainted: G B 5.5.0-rc1-syzkaller #0 [ 89.589101][T10203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.589104][T10203] Call Trace: [ 89.589119][T10203] dump_stack+0x197/0x210 [ 89.589134][T10203] panic+0x2e3/0x75c [ 89.589145][T10203] ? add_taint.cold+0x16/0x16 [ 89.589165][T10203] ? trace_hardirqs_on+0x67/0x240 [ 89.589176][T10203] ? trace_hardirqs_on+0x5e/0x240 [ 89.589189][T10203] ? bit_putcs+0xd5d/0xf10 [ 89.589207][T10203] end_report+0x47/0x4f [ 89.589217][T10203] ? bit_putcs+0xd5d/0xf10 [ 89.589230][T10203] __kasan_report.cold+0xe/0x41 [ 89.589244][T10203] ? fb_get_color_depth.part.0+0x40/0x200 [ 89.589254][T10203] ? bit_putcs+0xd5d/0xf10 [ 89.589267][T10203] kasan_report+0x12/0x20 [ 89.589280][T10203] __asan_report_load1_noabort+0x14/0x20 [ 89.589291][T10203] bit_putcs+0xd5d/0xf10 [ 89.589312][T10203] ? bit_cursor+0x1a60/0x1a60 [ 89.589327][T10203] ? write_comp_data+0x1/0x70 [ 89.589340][T10203] ? fb_get_color_depth.part.0+0xcf/0x200 [ 89.589357][T10203] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 89.589372][T10203] fbcon_putcs+0x33c/0x3e0 [ 89.589384][T10203] ? bit_cursor+0x1a60/0x1a60 [ 89.589400][T10203] do_update_region+0x42b/0x6f0 [ 89.589416][T10203] ? con_get_trans_old+0x2a0/0x2a0 [ 89.589430][T10203] ? fbcon_set_palette+0x3c4/0x4a0 [ 89.589444][T10203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.589455][T10203] ? var_to_display+0x810/0x810 [ 89.589470][T10203] redraw_screen+0x676/0x7d0 [ 89.589483][T10203] ? respond_string+0x2c0/0x2c0 [ 89.589498][T10203] fbcon_do_set_font+0x829/0x960 [ 89.589512][T10203] fbcon_copy_font+0x12c/0x190 [ 89.589525][T10203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.589535][T10203] ? fbcon_do_set_font+0x960/0x960 [ 89.589548][T10203] con_font_op+0x6b2/0x1270 [ 89.589561][T10203] ? lock_downgrade+0x920/0x920 [ 89.589574][T10203] ? con_write+0xd0/0xd0 [ 89.589591][T10203] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 89.589604][T10203] ? _copy_from_user+0x12c/0x1a0 [ 89.589618][T10203] vt_ioctl+0x181a/0x26d0 [ 89.589633][T10203] ? complete_change_console+0x3a0/0x3a0 [ 89.589644][T10203] ? lock_downgrade+0x920/0x920 [ 89.589658][T10203] ? rwlock_bug.part.0+0x90/0x90 [ 89.589671][T10203] ? tomoyo_path_number_perm+0x214/0x520 [ 89.589681][T10203] ? find_held_lock+0x35/0x130 [ 89.589692][T10203] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 89.589702][T10203] ? tty_jobctrl_ioctl+0x50/0xd40 [ 89.589712][T10203] ? complete_change_console+0x3a0/0x3a0 [ 89.589722][T10203] tty_ioctl+0xa37/0x14f0 [ 89.589732][T10203] ? tty_vhangup+0x30/0x30 [ 89.589741][T10203] ? tomoyo_path_number_perm+0x454/0x520 [ 89.589752][T10203] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 89.589760][T10203] ? tomoyo_path_number_perm+0x25e/0x520 [ 89.589770][T10203] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 89.589783][T10203] ? ___might_sleep+0x163/0x2c0 [ 89.589793][T10203] ? tty_vhangup+0x30/0x30 [ 89.589803][T10203] do_vfs_ioctl+0x977/0x14e0 [ 89.589813][T10203] ? compat_ioctl_preallocate+0x220/0x220 [ 89.589823][T10203] ? selinux_file_mprotect+0x620/0x620 [ 89.589833][T10203] ? __fget+0x37f/0x550 [ 89.589843][T10203] ? ksys_dup3+0x3e0/0x3e0 [ 89.589856][T10203] ? tomoyo_file_ioctl+0x23/0x30 [ 89.589868][T10203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.589880][T10203] ? security_file_ioctl+0x8d/0xc0 [ 89.589893][T10203] ksys_ioctl+0xab/0xd0 [ 89.589907][T10203] __x64_sys_ioctl+0x73/0xb0 [ 89.589921][T10203] do_syscall_64+0xfa/0x790 [ 89.589936][T10203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 89.589945][T10203] RIP: 0033:0x447329 [ 89.589957][T10203] Code: e8 4c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 89.589964][T10203] RSP: 002b:00007f3d0571bd08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 89.589978][T10203] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000447329 [ 89.589986][T10203] RDX: 0000000020000180 RSI: 0000000000004b72 RDI: 0000000000000003 [ 89.589993][T10203] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 89.590001][T10203] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 89.590009][T10203] R13: 0000000000000000 R14: 00000000f72a8fce R15: 00000000006dcc6c [ 89.591674][T10203] Kernel Offset: disabled