[ 89.745178][ T27] audit: type=1400 audit(1577900147.101:37): avc: denied { watch } for pid=10085 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 89.778013][ T27] audit: type=1400 audit(1577900147.101:38): avc: denied { watch } for pid=10085 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 90.102592][ T27] audit: type=1800 audit(1577900147.461:39): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 90.124353][ T27] audit: type=1800 audit(1577900147.461:40): pid=9998 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 92.103507][ T27] audit: type=1400 audit(1577900149.461:41): avc: denied { map } for pid=10176 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. executing program executing program [ 101.114826][ T27] audit: type=1400 audit(1577900158.471:42): avc: denied { map } for pid=10188 comm="syz-executor334" path="/root/syz-executor334749210" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 101.154730][T10190] ================================================================== [ 101.154773][T10190] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x2b2/0x5e0 [ 101.154782][T10190] Read of size 32 at addr ffffffff88729e80 by task syz-executor334/10190 [ 101.154784][T10190] [ 101.154795][T10190] CPU: 0 PID: 10190 Comm: syz-executor334 Not tainted 5.5.0-rc4-syzkaller #0 [ 101.154800][T10190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.154804][T10190] Call Trace: [ 101.154817][T10190] dump_stack+0x197/0x210 [ 101.154824][T10190] ? fbcon_get_font+0x2b2/0x5e0 [ 101.154840][T10190] print_address_description.constprop.0.cold+0x5/0x30b [ 101.154846][T10190] ? fbcon_get_font+0x2b2/0x5e0 [ 101.154853][T10190] ? fbcon_get_font+0x2b2/0x5e0 [ 101.154861][T10190] __kasan_report.cold+0x1b/0x41 [ 101.154870][T10190] ? fbcon_get_font+0x2b2/0x5e0 [ 101.154879][T10190] kasan_report+0x12/0x20 [ 101.154888][T10190] check_memory_region+0x134/0x1a0 [ 101.154897][T10190] memcpy+0x24/0x50 [ 101.154905][T10190] fbcon_get_font+0x2b2/0x5e0 [ 101.154914][T10190] ? display_to_var+0x7e0/0x7e0 [ 101.154927][T10190] con_font_op+0x20b/0x1270 [ 101.154935][T10190] ? mark_lock+0xc2/0x1220 [ 101.154946][T10190] ? con_write+0xd0/0xd0 [ 101.154961][T10190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.154973][T10190] ? security_capable+0x95/0xc0 [ 101.154983][T10190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.154994][T10190] ? ns_capable_common+0x93/0x100 [ 101.155016][T10190] vt_ioctl+0xd2e/0x26d0 [ 101.155032][T10190] ? complete_change_console+0x3a0/0x3a0 [ 101.155044][T10190] ? lock_downgrade+0x920/0x920 [ 101.155058][T10190] ? rwlock_bug.part.0+0x90/0x90 [ 101.155076][T10190] ? tomoyo_path_number_perm+0x214/0x520 [ 101.155089][T10190] ? find_held_lock+0x35/0x130 [ 101.155106][T10190] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 101.155122][T10190] ? tty_jobctrl_ioctl+0x50/0xd40 [ 101.155134][T10190] ? complete_change_console+0x3a0/0x3a0 [ 101.155153][T10190] tty_ioctl+0xa37/0x14f0 [ 101.155166][T10190] ? tty_vhangup+0x30/0x30 [ 101.155174][T10190] ? tomoyo_path_number_perm+0x454/0x520 [ 101.155185][T10190] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 101.155194][T10190] ? tomoyo_path_number_perm+0x25e/0x520 [ 101.155204][T10190] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 101.155219][T10190] ? ___might_sleep+0x163/0x2c0 [ 101.155237][T10190] ? tty_vhangup+0x30/0x30 [ 101.155249][T10190] do_vfs_ioctl+0x977/0x14e0 [ 101.155259][T10190] ? compat_ioctl_preallocate+0x220/0x220 [ 101.155270][T10190] ? selinux_file_mprotect+0x620/0x620 [ 101.155279][T10190] ? kmem_cache_free+0x26b/0x320 [ 101.155289][T10190] ? putname+0xf4/0x130 [ 101.155300][T10190] ? do_sys_open+0x31d/0x5d0 [ 101.155311][T10190] ? tomoyo_file_ioctl+0x23/0x30 [ 101.155320][T10190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.155328][T10190] ? security_file_ioctl+0x8d/0xc0 [ 101.155337][T10190] ksys_ioctl+0xab/0xd0 [ 101.155347][T10190] __x64_sys_ioctl+0x73/0xb0 [ 101.155359][T10190] do_syscall_64+0xfa/0x790 [ 101.155372][T10190] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 101.155379][T10190] RIP: 0033:0x4412d9 [ 101.155389][T10190] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 101.155393][T10190] RSP: 002b:00007ffc49b97f18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 101.155403][T10190] RAX: ffffffffffffffda RBX: 00000000004a2487 RCX: 00000000004412d9 [ 101.155408][T10190] RDX: 0000000020000200 RSI: 0000000000004b60 RDI: 0000000000000004 [ 101.155413][T10190] RBP: 0000000000018ac7 R08: 000000000000000d R09: 00000000004002c8 [ 101.155418][T10190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402100 [ 101.155423][T10190] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000 [ 101.155433][T10190] [ 101.155436][T10190] The buggy address belongs to the variable: [ 101.155445][T10190] fontdata_8x16+0x1000/0x1120 [ 101.155448][T10190] [ 101.155450][T10190] Memory state around the buggy address: [ 101.155458][T10190] ffffffff88729d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.155464][T10190] ffffffff88729e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.155470][T10190] >ffffffff88729e80: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa [ 101.155474][T10190] ^ [ 101.155480][T10190] ffffffff88729f00: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 03 fa [ 101.155486][T10190] ffffffff88729f80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.155489][T10190] ================================================================== [ 101.155493][T10190] Disabling lock debugging due to kernel taint [ 101.156022][T10190] Kernel panic - not syncing: panic_on_warn set ... [ 101.156038][T10190] CPU: 0 PID: 10190 Comm: syz-executor334 Tainted: G B 5.5.0-rc4-syzkaller #0 [ 101.156049][T10190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.156057][T10190] Call Trace: [ 101.156074][T10190] dump_stack+0x197/0x210 [ 101.156092][T10190] panic+0x2e3/0x75c [ 101.156111][T10190] ? add_taint.cold+0x16/0x16 [ 101.156131][T10190] ? trace_hardirqs_on+0x5e/0x240 [ 101.156146][T10190] ? trace_hardirqs_on+0x5e/0x240 [ 101.156162][T10190] ? fbcon_get_font+0x2b2/0x5e0 [ 101.156177][T10190] end_report+0x47/0x4f [ 101.156191][T10190] ? fbcon_get_font+0x2b2/0x5e0 [ 101.156206][T10190] __kasan_report.cold+0xe/0x41 [ 101.156220][T10190] ? fbcon_get_font+0x2b2/0x5e0 [ 101.156238][T10190] kasan_report+0x12/0x20 [ 101.156254][T10190] check_memory_region+0x134/0x1a0 [ 101.156264][T10190] memcpy+0x24/0x50 [ 101.156272][T10190] fbcon_get_font+0x2b2/0x5e0 [ 101.156281][T10190] ? display_to_var+0x7e0/0x7e0 [ 101.156294][T10190] con_font_op+0x20b/0x1270 [ 101.156304][T10190] ? mark_lock+0xc2/0x1220 [ 101.156320][T10190] ? con_write+0xd0/0xd0 [ 101.156337][T10190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.156351][T10190] ? security_capable+0x95/0xc0 [ 101.156367][T10190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.156382][T10190] ? ns_capable_common+0x93/0x100 [ 101.156394][T10190] vt_ioctl+0xd2e/0x26d0 [ 101.156406][T10190] ? complete_change_console+0x3a0/0x3a0 [ 101.156416][T10190] ? lock_downgrade+0x920/0x920 [ 101.156433][T10190] ? rwlock_bug.part.0+0x90/0x90 [ 101.156449][T10190] ? tomoyo_path_number_perm+0x214/0x520 [ 101.156462][T10190] ? find_held_lock+0x35/0x130 [ 101.156479][T10190] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 101.156494][T10190] ? tty_jobctrl_ioctl+0x50/0xd40 [ 101.156508][T10190] ? complete_change_console+0x3a0/0x3a0 [ 101.156524][T10190] tty_ioctl+0xa37/0x14f0 [ 101.156539][T10190] ? tty_vhangup+0x30/0x30 [ 101.156554][T10190] ? tomoyo_path_number_perm+0x454/0x520 [ 101.156571][T10190] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 101.156587][T10190] ? tomoyo_path_number_perm+0x25e/0x520 [ 101.156602][T10190] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 101.156619][T10190] ? ___might_sleep+0x163/0x2c0 [ 101.156635][T10190] ? tty_vhangup+0x30/0x30 [ 101.156650][T10190] do_vfs_ioctl+0x977/0x14e0 [ 101.156666][T10190] ? compat_ioctl_preallocate+0x220/0x220 [ 101.156682][T10190] ? selinux_file_mprotect+0x620/0x620 [ 101.156696][T10190] ? kmem_cache_free+0x26b/0x320 [ 101.156712][T10190] ? putname+0xf4/0x130 [ 101.156727][T10190] ? do_sys_open+0x31d/0x5d0 [ 101.156746][T10190] ? tomoyo_file_ioctl+0x23/0x30 [ 101.156763][T10190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.156778][T10190] ? security_file_ioctl+0x8d/0xc0 [ 101.156792][T10190] ksys_ioctl+0xab/0xd0 [ 101.156807][T10190] __x64_sys_ioctl+0x73/0xb0 [ 101.156824][T10190] do_syscall_64+0xfa/0x790 [ 101.156841][T10190] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 101.156853][T10190] RIP: 0033:0x4412d9 [ 101.156868][T10190] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 101.156878][T10190] RSP: 002b:00007ffc49b97f18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 101.156899][T10190] RAX: ffffffffffffffda RBX: 00000000004a2487 RCX: 00000000004412d9 [ 101.156910][T10190] RDX: 0000000020000200 RSI: 0000000000004b60 RDI: 0000000000000004 [ 101.156921][T10190] RBP: 0000000000018ac7 R08: 000000000000000d R09: 00000000004002c8 [ 101.156932][T10190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402100 [ 101.156943][T10190] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000 [ 101.158695][T10190] Kernel Offset: disabled [ 102.038371][T10190] Rebooting in 86400 seconds..