[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 82.171033][ T23] kauditd_printk_skb: 9 callbacks suppressed [ 82.171046][ T23] audit: type=1400 audit(1575350611.745:41): avc: denied { map } for pid=9638 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts. executing program [ 91.651977][ T23] audit: type=1400 audit(1575350621.225:42): avc: denied { map } for pid=9650 comm="syz-executor136" path="/root/syz-executor136638524" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program executing program [ 92.186590][ T9668] ================================================================== [ 92.194837][ T9668] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 92.202194][ T9668] Write of size 8 at addr ffff8880a9a684a8 by task syz-executor136/9668 [ 92.210597][ T9668] [ 92.213347][ T9668] CPU: 1 PID: 9668 Comm: syz-executor136 Not tainted 5.4.0-syzkaller #0 [ 92.221821][ T9668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 92.232299][ T9668] Call Trace: [ 92.235598][ T9668] dump_stack+0x197/0x210 [ 92.239940][ T9668] ? pipe_write+0xe30/0x1000 [ 92.244524][ T9668] print_address_description.constprop.0.cold+0xd4/0x30b [ 92.254347][ T9668] ? pipe_write+0xe30/0x1000 [ 92.259047][ T9668] ? pipe_write+0xe30/0x1000 [ 92.263630][ T9668] __kasan_report.cold+0x1b/0x41 [ 92.268566][ T9668] ? pipe_write+0xe30/0x1000 [ 92.273190][ T9668] kasan_report+0x12/0x20 [ 92.277532][ T9668] __asan_report_store8_noabort+0x17/0x20 [ 92.283243][ T9668] pipe_write+0xe30/0x1000 [ 92.287665][ T9668] new_sync_write+0x4d3/0x770 [ 92.292374][ T9668] ? new_sync_read+0x800/0x800 [ 92.297184][ T9668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.303449][ T9668] ? security_file_permission+0x8f/0x380 [ 92.309279][ T9668] __vfs_write+0xe1/0x110 [ 92.313631][ T9668] vfs_write+0x268/0x5d0 [ 92.318058][ T9668] ksys_write+0x220/0x290 [ 92.322409][ T9668] ? __ia32_sys_read+0xb0/0xb0 [ 92.327183][ T9668] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 92.332854][ T9668] ? do_syscall_64+0x26/0x790 [ 92.337691][ T9668] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.343865][ T9668] ? do_syscall_64+0x26/0x790 [ 92.348572][ T9668] __x64_sys_write+0x73/0xb0 [ 92.353169][ T9668] do_syscall_64+0xfa/0x790 [ 92.357694][ T9668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.363577][ T9668] RIP: 0033:0x4466c9 [ 92.367467][ T9668] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 92.387152][ T9668] RSP: 002b:00007f8b436ffdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 92.395648][ T9668] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 00000000004466c9 [ 92.403949][ T9668] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 92.412385][ T9668] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 92.420565][ T9668] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 92.428672][ T9668] R13: 00007ffe40da648f R14: 00007f8b437009c0 R15: 20c49ba5e353f7cf [ 92.436804][ T9668] [ 92.439142][ T9668] Allocated by task 9670: [ 92.443869][ T9668] save_stack+0x23/0x90 [ 92.448319][ T9668] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 92.454176][ T9668] kasan_kmalloc+0x9/0x10 [ 92.458668][ T9668] __kmalloc+0x163/0x770 [ 92.462925][ T9668] pipe_fcntl+0x3f7/0x8e0 [ 92.467243][ T9668] do_fcntl+0x255/0x1030 [ 92.471590][ T9668] __x64_sys_fcntl+0x16d/0x1e0 [ 92.476545][ T9668] do_syscall_64+0xfa/0x790 [ 92.481290][ T9668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.487188][ T9668] [ 92.489502][ T9668] Freed by task 0: [ 92.493214][ T9668] (stack is not available) [ 92.497643][ T9668] [ 92.500164][ T9668] The buggy address belongs to the object at ffff8880a9a68480 [ 92.500164][ T9668] which belongs to the cache kmalloc-64 of size 64 [ 92.514048][ T9668] The buggy address is located 40 bytes inside of [ 92.514048][ T9668] 64-byte region [ffff8880a9a68480, ffff8880a9a684c0) [ 92.528346][ T9668] The buggy address belongs to the page: [ 92.534043][ T9668] page:ffffea0002a69a00 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 92.543150][ T9668] raw: 00fffe0000000200 ffffea00027dffc8 ffff8880aa401348 ffff8880aa400380 [ 92.551744][ T9668] raw: 0000000000000000 ffff8880a9a68000 0000000100000020 0000000000000000 [ 92.560441][ T9668] page dumped because: kasan: bad access detected [ 92.566949][ T9668] [ 92.569264][ T9668] Memory state around the buggy address: [ 92.575038][ T9668] ffff8880a9a68380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.583295][ T9668] ffff8880a9a68400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.591378][ T9668] >ffff8880a9a68480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 92.600120][ T9668] ^ [ 92.605486][ T9668] ffff8880a9a68500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.613907][ T9668] ffff8880a9a68580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.622115][ T9668] ================================================================== [ 92.630347][ T9668] Disabling lock debugging due to kernel taint [ 92.637310][ T9668] Kernel panic - not syncing: panic_on_warn set ... [ 92.644100][ T9668] CPU: 1 PID: 9668 Comm: syz-executor136 Tainted: G B 5.4.0-syzkaller #0 [ 92.653886][ T9668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 92.664504][ T9668] Call Trace: [ 92.667798][ T9668] dump_stack+0x197/0x210 [ 92.672122][ T9668] panic+0x2e3/0x75c [ 92.676011][ T9668] ? add_taint.cold+0x16/0x16 [ 92.680684][ T9668] ? pipe_write+0xe30/0x1000 [ 92.685269][ T9668] ? preempt_schedule+0x4b/0x60 [ 92.690127][ T9668] ? ___preempt_schedule+0x16/0x18 [ 92.695242][ T9668] ? trace_hardirqs_on+0x5e/0x240 [ 92.700256][ T9668] ? pipe_write+0xe30/0x1000 [ 92.704849][ T9668] end_report+0x47/0x4f [ 92.708995][ T9668] ? pipe_write+0xe30/0x1000 [ 92.713572][ T9668] __kasan_report.cold+0xe/0x41 [ 92.718414][ T9668] ? pipe_write+0xe30/0x1000 [ 92.723004][ T9668] kasan_report+0x12/0x20 [ 92.727350][ T9668] __asan_report_store8_noabort+0x17/0x20 [ 92.733350][ T9668] pipe_write+0xe30/0x1000 [ 92.738269][ T9668] new_sync_write+0x4d3/0x770 [ 92.743323][ T9668] ? new_sync_read+0x800/0x800 [ 92.748221][ T9668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.754622][ T9668] ? security_file_permission+0x8f/0x380 [ 92.760357][ T9668] __vfs_write+0xe1/0x110 [ 92.764970][ T9668] vfs_write+0x268/0x5d0 [ 92.769327][ T9668] ksys_write+0x220/0x290 [ 92.773657][ T9668] ? __ia32_sys_read+0xb0/0xb0 [ 92.778414][ T9668] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 92.783860][ T9668] ? do_syscall_64+0x26/0x790 [ 92.788922][ T9668] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.795030][ T9668] ? do_syscall_64+0x26/0x790 [ 92.799798][ T9668] __x64_sys_write+0x73/0xb0 [ 92.804715][ T9668] do_syscall_64+0xfa/0x790 [ 92.809557][ T9668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.815451][ T9668] RIP: 0033:0x4466c9 [ 92.819339][ T9668] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 92.839031][ T9668] RSP: 002b:00007f8b436ffdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 92.847434][ T9668] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 00000000004466c9 [ 92.855526][ T9668] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 92.863485][ T9668] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 92.871459][ T9668] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 92.879602][ T9668] R13: 00007ffe40da648f R14: 00007f8b437009c0 R15: 20c49ba5e353f7cf [ 92.889667][ T9668] Kernel Offset: disabled [ 92.894272][ T9668] Rebooting in 86400 seconds..