[ 70.711932][ T27] audit: type=1800 audit(1576230944.517:24): pid=9241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2454 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 71.452586][ T27] audit: type=1800 audit(1576230945.367:25): pid=9241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 71.488500][ T27] audit: type=1800 audit(1576230945.367:26): pid=9241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. syzkaller login: [ 81.527321][ T9407] IPVS: ftp: loaded support on port[0] = 21 [ 81.536263][ T9404] IPVS: ftp: loaded support on port[0] = 21 [ 81.536487][ T9403] IPVS: ftp: loaded support on port[0] = 21 [ 81.542783][ T9408] IPVS: ftp: loaded support on port[0] = 21 [ 81.557715][ T9405] IPVS: ftp: loaded support on port[0] = 21 [ 81.559385][ T9406] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program [ 82.106832][ T9429] ================================================================== [ 82.106896][ T9429] BUG: KASAN: slab-out-of-bounds in fbcon_get_font+0x2b2/0x5e0 [ 82.106908][ T9429] Read of size 5 at addr ffff8880937a140c by task syz-executor207/9429 [ 82.106912][ T9429] [ 82.106929][ T9429] CPU: 0 PID: 9429 Comm: syz-executor207 Not tainted 5.5.0-rc1-syzkaller #0 [ 82.106937][ T9429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.106942][ T9429] Call Trace: [ 82.106961][ T9429] dump_stack+0x197/0x210 [ 82.106976][ T9429] ? fbcon_get_font+0x2b2/0x5e0 [ 82.106997][ T9429] print_address_description.constprop.0.cold+0xd4/0x30b [ 82.107010][ T9429] ? fbcon_get_font+0x2b2/0x5e0 [ 82.107025][ T9429] ? fbcon_get_font+0x2b2/0x5e0 [ 82.107037][ T9429] __kasan_report.cold+0x1b/0x41 [ 82.107053][ T9429] ? fbcon_get_font+0x2b2/0x5e0 [ 82.107064][ T9429] kasan_report+0x12/0x20 [ 82.107075][ T9429] check_memory_region+0x134/0x1a0 [ 82.107085][ T9429] memcpy+0x24/0x50 [ 82.107096][ T9429] fbcon_get_font+0x2b2/0x5e0 [ 82.107109][ T9429] ? display_to_var+0x7e0/0x7e0 [ 82.107123][ T9429] con_font_op+0x20b/0x1270 [ 82.107133][ T9429] ? mark_lock+0xc2/0x1220 [ 82.107149][ T9429] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 82.107163][ T9429] ? con_write+0xd0/0xd0 [ 82.107175][ T9429] ? cap_capable+0x205/0x270 [ 82.107192][ T9429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.107205][ T9429] ? security_capable+0x95/0xc0 [ 82.107220][ T9429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.107235][ T9429] ? ns_capable_common+0x93/0x100 [ 82.107253][ T9429] vt_ioctl+0xd2e/0x26d0 [ 82.107268][ T9429] ? complete_change_console+0x3a0/0x3a0 [ 82.107279][ T9429] ? lock_downgrade+0x920/0x920 [ 82.107293][ T9429] ? rwlock_bug.part.0+0x90/0x90 [ 82.107306][ T9429] ? tomoyo_path_number_perm+0x214/0x520 [ 82.107318][ T9429] ? find_held_lock+0x35/0x130 [ 82.107332][ T9429] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 82.107345][ T9429] ? tty_jobctrl_ioctl+0x50/0xd40 [ 82.107357][ T9429] ? complete_change_console+0x3a0/0x3a0 [ 82.107371][ T9429] tty_ioctl+0xa37/0x14f0 [ 82.107386][ T9429] ? tty_vhangup+0x30/0x30 [ 82.107396][ T9429] ? tomoyo_path_number_perm+0x454/0x520 [ 82.107412][ T9429] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 82.107423][ T9429] ? tomoyo_path_number_perm+0x25e/0x520 [ 82.107437][ T9429] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 82.107464][ T9429] ? tty_vhangup+0x30/0x30 [ 82.107481][ T9429] do_vfs_ioctl+0x977/0x14e0 [ 82.107497][ T9429] ? compat_ioctl_preallocate+0x220/0x220 [ 82.107510][ T9429] ? __fget+0x37f/0x550 [ 82.107527][ T9429] ? ksys_dup3+0x3e0/0x3e0 [ 82.107546][ T9429] ? tomoyo_file_ioctl+0x23/0x30 [ 82.107558][ T9429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.107570][ T9429] ? security_file_ioctl+0x8d/0xc0 [ 82.107584][ T9429] ksys_ioctl+0xab/0xd0 [ 82.107600][ T9429] __x64_sys_ioctl+0x73/0xb0 [ 82.107618][ T9429] do_syscall_64+0xfa/0x790 [ 82.107638][ T9429] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.107651][ T9429] RIP: 0033:0x447f69 [ 82.107672][ T9429] Code: e8 1c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.107680][ T9429] RSP: 002b:00007f7d34955ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.107694][ T9429] RAX: ffffffffffffffda RBX: 00000000006ddc48 RCX: 0000000000447f69 [ 82.107702][ T9429] RDX: 0000000020000140 RSI: 0000000000004b60 RDI: 0000000000000003 [ 82.107709][ T9429] RBP: 00000000006ddc40 R08: 0000000000000000 R09: 0000000000000000 [ 82.107716][ T9429] R10: 000000000000000e R11: 0000000000000246 R12: 00000000006ddc4c [ 82.107724][ T9429] R13: 00007ffca33c56df R14: 00007f7d349569c0 R15: 20c49ba5e353f7cf [ 82.107743][ T9429] [ 82.107751][ T9429] Allocated by task 9415: [ 82.107761][ T9429] save_stack+0x23/0x90 [ 82.107773][ T9429] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 82.107784][ T9429] kasan_kmalloc+0x9/0x10 [ 82.107794][ T9429] __kmalloc+0x163/0x770 [ 82.107805][ T9429] fbcon_set_font+0x32d/0x860 [ 82.107818][ T9429] con_font_op+0xe30/0x1270 [ 82.107830][ T9429] vt_ioctl+0xd2e/0x26d0 [ 82.107840][ T9429] tty_ioctl+0xa37/0x14f0 [ 82.107851][ T9429] do_vfs_ioctl+0x977/0x14e0 [ 82.107861][ T9429] ksys_ioctl+0xab/0xd0 [ 82.107873][ T9429] __x64_sys_ioctl+0x73/0xb0 [ 82.107885][ T9429] do_syscall_64+0xfa/0x790 [ 82.107898][ T9429] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.107902][ T9429] [ 82.107908][ T9429] Freed by task 0: [ 82.107912][ T9429] (stack is not available) [ 82.107916][ T9429] [ 82.107926][ T9429] The buggy address belongs to the object at ffff8880937a1000 [ 82.107926][ T9429] which belongs to the cache kmalloc-2k of size 2048 [ 82.107938][ T9429] The buggy address is located 1036 bytes inside of [ 82.107938][ T9429] 2048-byte region [ffff8880937a1000, ffff8880937a1800) [ 82.107942][ T9429] The buggy address belongs to the page: [ 82.107956][ T9429] page:ffffea00024de840 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 [ 82.107973][ T9429] raw: 00fffe0000000200 ffffea00024dfa48 ffffea000293f048 ffff8880aa400e00 [ 82.107989][ T9429] raw: 0000000000000000 ffff8880937a1000 0000000100000001 0000000000000000 [ 82.107995][ T9429] page dumped because: kasan: bad access detected [ 82.107999][ T9429] [ 82.108004][ T9429] Memory state around the buggy address: [ 82.108014][ T9429] ffff8880937a1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.108024][ T9429] ffff8880937a1380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.108034][ T9429] >ffff8880937a1400: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.108039][ T9429] ^ [ 82.108049][ T9429] ffff8880937a1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.108059][ T9429] ffff8880937a1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.108064][ T9429] ================================================================== [ 82.108069][ T9429] Disabling lock debugging due to kernel taint [ 82.108076][ T9429] Kernel panic - not syncing: panic_on_warn set ... [ 82.108091][ T9429] CPU: 0 PID: 9429 Comm: syz-executor207 Tainted: G B 5.5.0-rc1-syzkaller #0 [ 82.108098][ T9429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.108101][ T9429] Call Trace: [ 82.108116][ T9429] dump_stack+0x197/0x210 [ 82.108133][ T9429] panic+0x2e3/0x75c [ 82.108146][ T9429] ? add_taint.cold+0x16/0x16 [ 82.108166][ T9429] ? trace_hardirqs_on+0x67/0x240 [ 82.108179][ T9429] ? trace_hardirqs_on+0x5e/0x240 [ 82.108195][ T9429] ? fbcon_get_font+0x2b2/0x5e0 [ 82.108208][ T9429] end_report+0x47/0x4f [ 82.108220][ T9429] ? fbcon_get_font+0x2b2/0x5e0 [ 82.108232][ T9429] __kasan_report.cold+0xe/0x41 [ 82.108247][ T9429] ? fbcon_get_font+0x2b2/0x5e0 [ 82.108259][ T9429] kasan_report+0x12/0x20 [ 82.108272][ T9429] check_memory_region+0x134/0x1a0 [ 82.108283][ T9429] memcpy+0x24/0x50 [ 82.108297][ T9429] fbcon_get_font+0x2b2/0x5e0 [ 82.108311][ T9429] ? display_to_var+0x7e0/0x7e0 [ 82.108329][ T9429] con_font_op+0x20b/0x1270 [ 82.108338][ T9429] ? mark_lock+0xc2/0x1220 [ 82.108351][ T9429] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 82.108361][ T9429] ? con_write+0xd0/0xd0 [ 82.108369][ T9429] ? cap_capable+0x205/0x270 [ 82.108383][ T9429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.108393][ T9429] ? security_capable+0x95/0xc0 [ 82.108405][ T9429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.108417][ T9429] ? ns_capable_common+0x93/0x100 [ 82.108429][ T9429] vt_ioctl+0xd2e/0x26d0 [ 82.108441][ T9429] ? complete_change_console+0x3a0/0x3a0 [ 82.108450][ T9429] ? lock_downgrade+0x920/0x920 [ 82.108460][ T9429] ? rwlock_bug.part.0+0x90/0x90 [ 82.108471][ T9429] ? tomoyo_path_number_perm+0x214/0x520 [ 82.108481][ T9429] ? find_held_lock+0x35/0x130 [ 82.108494][ T9429] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 82.108505][ T9429] ? tty_jobctrl_ioctl+0x50/0xd40 [ 82.108516][ T9429] ? complete_change_console+0x3a0/0x3a0 [ 82.108527][ T9429] tty_ioctl+0xa37/0x14f0 [ 82.108539][ T9429] ? tty_vhangup+0x30/0x30 [ 82.108547][ T9429] ? tomoyo_path_number_perm+0x454/0x520 [ 82.108560][ T9429] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 82.108571][ T9429] ? tomoyo_path_number_perm+0x25e/0x520 [ 82.108583][ T9429] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 82.108601][ T9429] ? tty_vhangup+0x30/0x30 [ 82.108612][ T9429] do_vfs_ioctl+0x977/0x14e0 [ 82.108625][ T9429] ? compat_ioctl_preallocate+0x220/0x220 [ 82.108637][ T9429] ? __fget+0x37f/0x550 [ 82.108651][ T9429] ? ksys_dup3+0x3e0/0x3e0 [ 82.108674][ T9429] ? tomoyo_file_ioctl+0x23/0x30 [ 82.108685][ T9429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.108697][ T9429] ? security_file_ioctl+0x8d/0xc0 [ 82.108710][ T9429] ksys_ioctl+0xab/0xd0 [ 82.108724][ T9429] __x64_sys_ioctl+0x73/0xb0 [ 82.108738][ T9429] do_syscall_64+0xfa/0x790 [ 82.108754][ T9429] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.108762][ T9429] RIP: 0033:0x447f69 [ 82.108774][ T9429] Code: e8 1c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.108780][ T9429] RSP: 002b:00007f7d34955ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.108792][ T9429] RAX: ffffffffffffffda RBX: 00000000006ddc48 RCX: 0000000000447f69 [ 82.108800][ T9429] RDX: 0000000020000140 RSI: 0000000000004b60 RDI: 0000000000000003 [ 82.108807][ T9429] RBP: 00000000006ddc40 R08: 0000000000000000 R09: 0000000000000000 [ 82.108815][ T9429] R10: 000000000000000e R11: 0000000000000246 R12: 00000000006ddc4c [ 82.108823][ T9429] R13: 00007ffca33c56df R14: 00007f7d349569c0 R15: 20c49ba5e353f7cf [ 82.110912][ T9429] Kernel Offset: disabled [ 83.048853][ T9429] Rebooting in 86400 seconds..