[ 71.386530][ T27] audit: type=1800 audit(1576936121.312:25): pid=9224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 71.406625][ T27] audit: type=1800 audit(1576936121.322:26): pid=9224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 71.427384][ T27] audit: type=1800 audit(1576936121.322:27): pid=9224 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 72.212431][ T9291] sshd (9291) used greatest stack depth: 22744 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. syzkaller login: [ 81.518387][ T9381] IPVS: ftp: loaded support on port[0] = 21 [ 81.518394][ T9387] IPVS: ftp: loaded support on port[0] = 21 [ 81.532948][ T9384] IPVS: ftp: loaded support on port[0] = 21 [ 81.542650][ T9386] IPVS: ftp: loaded support on port[0] = 21 [ 81.543390][ T9388] IPVS: ftp: loaded support on port[0] = 21 [ 81.559016][ T9389] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program executing program [ 81.788570][ T9399] ================================================================== [ 81.788634][ T9399] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 81.788645][ T9399] Read of size 1 at addr ffff8880a8ed5494 by task syz-executor708/9399 [ 81.788649][ T9399] [ 81.788665][ T9399] CPU: 1 PID: 9399 Comm: syz-executor708 Not tainted 5.5.0-rc2-next-20191220-syzkaller #0 [ 81.788674][ T9399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.788679][ T9399] Call Trace: [ 81.788696][ T9399] dump_stack+0x197/0x210 [ 81.788712][ T9399] ? bit_putcs+0xd5d/0xf10 [ 81.788740][ T9399] print_address_description.constprop.0.cold+0xd4/0x30b [ 81.788755][ T9399] ? bit_putcs+0xd5d/0xf10 [ 81.788770][ T9399] ? bit_putcs+0xd5d/0xf10 [ 81.788786][ T9399] __kasan_report.cold+0x1b/0x41 [ 81.788800][ T9399] ? fb_release+0x130/0x150 [ 81.788814][ T9399] ? bit_putcs+0xd5d/0xf10 [ 81.788830][ T9399] kasan_report+0x12/0x20 [ 81.788845][ T9399] __asan_report_load1_noabort+0x14/0x20 [ 81.788858][ T9399] bit_putcs+0xd5d/0xf10 [ 81.788889][ T9399] ? bit_cursor+0x1a60/0x1a60 [ 81.788908][ T9399] ? write_comp_data+0x21/0x70 [ 81.788920][ T9399] ? fb_get_color_depth.part.0+0xcf/0x200 [ 81.788939][ T9399] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 81.788957][ T9399] fbcon_putcs+0x33c/0x3e0 [ 81.788973][ T9399] ? bit_cursor+0x1a60/0x1a60 [ 81.788990][ T9399] do_update_region+0x42b/0x6f0 [ 81.789008][ T9399] ? con_get_trans_old+0x2a0/0x2a0 [ 81.789024][ T9399] ? fbcon_set_palette+0x3c4/0x4a0 [ 81.789039][ T9399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.789053][ T9399] ? var_to_display+0x810/0x810 [ 81.789070][ T9399] redraw_screen+0x676/0x7d0 [ 81.789085][ T9399] ? respond_string+0x2c0/0x2c0 [ 81.789107][ T9399] fbcon_do_set_font+0x829/0x960 [ 81.789126][ T9399] fbcon_copy_font+0x12c/0x190 [ 81.789148][ T9399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.789161][ T9399] ? fbcon_do_set_font+0x960/0x960 [ 81.789176][ T9399] con_font_op+0x6b2/0x1270 [ 81.789191][ T9399] ? lock_downgrade+0x920/0x920 [ 81.789206][ T9399] ? con_write+0xd0/0xd0 [ 81.789230][ T9399] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 81.789246][ T9399] ? _copy_from_user+0x12c/0x1a0 [ 81.789264][ T9399] vt_ioctl+0x181a/0x26d0 [ 81.789281][ T9399] ? complete_change_console+0x3a0/0x3a0 [ 81.789302][ T9399] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 81.789322][ T9399] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 81.789340][ T9399] ? tty_jobctrl_ioctl+0x50/0xd40 [ 81.789355][ T9399] ? complete_change_console+0x3a0/0x3a0 [ 81.789368][ T9399] tty_ioctl+0xa37/0x14f0 [ 81.789382][ T9399] ? tty_vhangup+0x30/0x30 [ 81.789396][ T9399] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 81.789411][ T9399] ? do_vfs_ioctl+0x11b/0x1340 [ 81.789428][ T9399] ? ioctl_file_clone+0x180/0x180 [ 81.789442][ T9399] ? __fget+0x37f/0x550 [ 81.789461][ T9399] ? do_dup2+0x4f0/0x4f0 [ 81.789476][ T9399] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 81.789493][ T9399] ? tomoyo_file_ioctl+0x23/0x30 [ 81.789509][ T9399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.789524][ T9399] ? security_file_ioctl+0x8d/0xc0 [ 81.789535][ T9399] ? tty_vhangup+0x30/0x30 [ 81.789550][ T9399] ksys_ioctl+0x123/0x180 [ 81.789567][ T9399] __x64_sys_ioctl+0x73/0xb0 [ 81.789586][ T9399] do_syscall_64+0xfa/0x790 [ 81.789602][ T9399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.789613][ T9399] RIP: 0033:0x447329 [ 81.789627][ T9399] Code: e8 4c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.789633][ T9399] RSP: 002b:00007f0837eeecf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.789645][ T9399] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000447329 [ 81.789653][ T9399] RDX: 0000000020000180 RSI: 0000000000004b72 RDI: 0000000000000003 [ 81.789660][ T9399] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 81.789668][ T9399] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 81.789675][ T9399] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000f72a8fce [ 81.789693][ T9399] [ 81.789701][ T9399] Allocated by task 9391: [ 81.789714][ T9399] save_stack+0x23/0x90 [ 81.789729][ T9399] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 81.789742][ T9399] kasan_kmalloc+0x9/0x10 [ 81.789752][ T9399] __kmalloc+0x163/0x770 [ 81.789765][ T9399] fbcon_set_font+0x32d/0x860 [ 81.789778][ T9399] con_font_op+0xe30/0x1270 [ 81.789791][ T9399] vt_ioctl+0xd2e/0x26d0 [ 81.789802][ T9399] tty_ioctl+0xa37/0x14f0 [ 81.789815][ T9399] ksys_ioctl+0x123/0x180 [ 81.789828][ T9399] __x64_sys_ioctl+0x73/0xb0 [ 81.789843][ T9399] do_syscall_64+0xfa/0x790 [ 81.789856][ T9399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.789860][ T9399] [ 81.789866][ T9399] Freed by task 0: [ 81.789871][ T9399] (stack is not available) [ 81.789874][ T9399] [ 81.789885][ T9399] The buggy address belongs to the object at ffff8880a8ed5000 [ 81.789885][ T9399] which belongs to the cache kmalloc-2k of size 2048 [ 81.789897][ T9399] The buggy address is located 1172 bytes inside of [ 81.789897][ T9399] 2048-byte region [ffff8880a8ed5000, ffff8880a8ed5800) [ 81.789902][ T9399] The buggy address belongs to the page: [ 81.789913][ T9399] page:ffffea0002a3b540 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 [ 81.789930][ T9399] raw: 00fffe0000000200 ffffea00029bcec8 ffffea0002700488 ffff8880aa400e00 [ 81.789945][ T9399] raw: 0000000000000000 ffff8880a8ed5000 0000000100000001 0000000000000000 [ 81.789950][ T9399] page dumped because: kasan: bad access detected [ 81.789953][ T9399] [ 81.789958][ T9399] Memory state around the buggy address: [ 81.789968][ T9399] ffff8880a8ed5380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.789978][ T9399] ffff8880a8ed5400: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.789988][ T9399] >ffff8880a8ed5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.789993][ T9399] ^ [ 81.790003][ T9399] ffff8880a8ed5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.790013][ T9399] ffff8880a8ed5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.790018][ T9399] ================================================================== [ 81.790022][ T9399] Disabling lock debugging due to kernel taint [ 81.792941][ T9399] Kernel panic - not syncing: panic_on_warn set ... [ 81.792961][ T9399] CPU: 0 PID: 9399 Comm: syz-executor708 Tainted: G B 5.5.0-rc2-next-20191220-syzkaller #0 [ 81.792969][ T9399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.792974][ T9399] Call Trace: [ 81.792992][ T9399] dump_stack+0x197/0x210 [ 81.793010][ T9399] panic+0x2e3/0x75c [ 81.793024][ T9399] ? add_taint.cold+0x16/0x16 [ 81.793049][ T9399] ? bit_putcs+0xd5d/0xf10 [ 81.793064][ T9399] ? preempt_schedule+0x4b/0x60 [ 81.793081][ T9399] ? ___preempt_schedule+0x16/0x18 [ 81.793098][ T9399] ? trace_hardirqs_on+0x5e/0x240 [ 81.793113][ T9399] ? bit_putcs+0xd5d/0xf10 [ 81.793126][ T9399] end_report+0x47/0x4f [ 81.793139][ T9399] ? bit_putcs+0xd5d/0xf10 [ 81.793151][ T9399] __kasan_report.cold+0xe/0x41 [ 81.793163][ T9399] ? fb_release+0x130/0x150 [ 81.793176][ T9399] ? bit_putcs+0xd5d/0xf10 [ 81.793190][ T9399] kasan_report+0x12/0x20 [ 81.793206][ T9399] __asan_report_load1_noabort+0x14/0x20 [ 81.793219][ T9399] bit_putcs+0xd5d/0xf10 [ 81.793243][ T9399] ? bit_cursor+0x1a60/0x1a60 [ 81.793259][ T9399] ? write_comp_data+0x21/0x70 [ 81.793271][ T9399] ? fb_get_color_depth.part.0+0xcf/0x200 [ 81.793289][ T9399] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 81.793306][ T9399] fbcon_putcs+0x33c/0x3e0 [ 81.793320][ T9399] ? bit_cursor+0x1a60/0x1a60 [ 81.793334][ T9399] do_update_region+0x42b/0x6f0 [ 81.793350][ T9399] ? con_get_trans_old+0x2a0/0x2a0 [ 81.793366][ T9399] ? fbcon_set_palette+0x3c4/0x4a0 [ 81.793382][ T9399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.793396][ T9399] ? var_to_display+0x810/0x810 [ 81.793412][ T9399] redraw_screen+0x676/0x7d0 [ 81.793427][ T9399] ? respond_string+0x2c0/0x2c0 [ 81.793446][ T9399] fbcon_do_set_font+0x829/0x960 [ 81.793464][ T9399] fbcon_copy_font+0x12c/0x190 [ 81.793480][ T9399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.793494][ T9399] ? fbcon_do_set_font+0x960/0x960 [ 81.793508][ T9399] con_font_op+0x6b2/0x1270 [ 81.793523][ T9399] ? lock_downgrade+0x920/0x920 [ 81.793537][ T9399] ? con_write+0xd0/0xd0 [ 81.793559][ T9399] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 81.793576][ T9399] ? _copy_from_user+0x12c/0x1a0 [ 81.793592][ T9399] vt_ioctl+0x181a/0x26d0 [ 81.793609][ T9399] ? complete_change_console+0x3a0/0x3a0 [ 81.793628][ T9399] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 81.793653][ T9399] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 81.793670][ T9399] ? tty_jobctrl_ioctl+0x50/0xd40 [ 81.793685][ T9399] ? complete_change_console+0x3a0/0x3a0 [ 81.793697][ T9399] tty_ioctl+0xa37/0x14f0 [ 81.793708][ T9399] ? tty_vhangup+0x30/0x30 [ 81.793721][ T9399] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 81.793733][ T9399] ? do_vfs_ioctl+0x11b/0x1340 [ 81.793746][ T9399] ? ioctl_file_clone+0x180/0x180 [ 81.793759][ T9399] ? __fget+0x37f/0x550 [ 81.793775][ T9399] ? do_dup2+0x4f0/0x4f0 [ 81.793790][ T9399] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 81.793805][ T9399] ? tomoyo_file_ioctl+0x23/0x30 [ 81.793819][ T9399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.793834][ T9399] ? security_file_ioctl+0x8d/0xc0 [ 81.793844][ T9399] ? tty_vhangup+0x30/0x30 [ 81.793858][ T9399] ksys_ioctl+0x123/0x180 [ 81.793871][ T9399] __x64_sys_ioctl+0x73/0xb0 [ 81.793886][ T9399] do_syscall_64+0xfa/0x790 [ 81.793901][ T9399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.793911][ T9399] RIP: 0033:0x447329 [ 81.793925][ T9399] Code: e8 4c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.793931][ T9399] RSP: 002b:00007f0837eeecf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.793944][ T9399] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000447329 [ 81.793950][ T9399] RDX: 0000000020000180 RSI: 0000000000004b72 RDI: 0000000000000003 [ 81.793957][ T9399] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 81.793964][ T9399] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 81.793971][ T9399] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000f72a8fce [ 81.795209][ T9399] Kernel Offset: disabled