[ 72.304972][ T26] audit: type=1400 audit(1575955668.672:37): avc: denied { watch } for pid=9888 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 72.339064][ T26] audit: type=1400 audit(1575955668.672:38): avc: denied { watch } for pid=9888 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 72.554583][ T26] audit: type=1800 audit(1575955668.922:39): pid=9797 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 72.577171][ T26] audit: type=1800 audit(1575955668.922:40): pid=9797 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 77.196304][ T26] audit: type=1400 audit(1575955673.562:41): avc: denied { map } for pid=9974 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.38' (ECDSA) to the list of known hosts. [ 83.800957][ T26] audit: type=1400 audit(1575955680.162:42): avc: denied { map } for pid=9986 comm="syz-executor765" path="/root/syz-executor765351023" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 83.831038][ T9994] IPVS: ftp: loaded support on port[0] = 21 [ 83.855127][ T9997] IPVS: ftp: loaded support on port[0] = 21 [ 83.855133][ T9995] IPVS: ftp: loaded support on port[0] = 21 [ 83.869715][ T9998] IPVS: ftp: loaded support on port[0] = 21 [ 83.878223][ T9996] IPVS: ftp: loaded support on port[0] = 21 [ 83.886652][ T9993] IPVS: ftp: loaded support on port[0] = 21 executing program [ 84.003912][ T26] audit: type=1400 audit(1575955680.362:43): avc: denied { create } for pid=9993 comm="syz-executor765" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 84.028728][ T26] audit: type=1400 audit(1575955680.372:44): avc: denied { write } for pid=9993 comm="syz-executor765" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 executing program executing program [ 84.028753][ T26] audit: type=1400 audit(1575955680.372:45): avc: denied { read } for pid=9993 comm="syz-executor765" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 executing program executing program executing program executing program [ 84.313848][T10005] ================================================================== [ 84.313911][T10005] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 84.313924][T10005] Read of size 1 at addr ffff88809e641564 by task syz-executor765/10005 [ 84.313927][T10005] [ 84.313943][T10005] CPU: 1 PID: 10005 Comm: syz-executor765 Not tainted 5.5.0-rc1-syzkaller #0 [ 84.313950][T10005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.313955][T10005] Call Trace: [ 84.313974][T10005] dump_stack+0x197/0x210 [ 84.313986][T10005] ? bit_putcs+0xd5d/0xf10 [ 84.314014][T10005] print_address_description.constprop.0.cold+0xd4/0x30b [ 84.314025][T10005] ? bit_putcs+0xd5d/0xf10 [ 84.314037][T10005] ? bit_putcs+0xd5d/0xf10 [ 84.314050][T10005] __kasan_report.cold+0x1b/0x41 [ 84.314067][T10005] ? fb_get_color_depth.part.0+0x40/0x200 [ 84.314077][T10005] ? bit_putcs+0xd5d/0xf10 [ 84.314091][T10005] kasan_report+0x12/0x20 [ 84.314104][T10005] __asan_report_load1_noabort+0x14/0x20 [ 84.314114][T10005] bit_putcs+0xd5d/0xf10 [ 84.314144][T10005] ? bit_cursor+0x1a60/0x1a60 [ 84.314164][T10005] ? write_comp_data+0x1/0x70 [ 84.314177][T10005] ? fb_get_color_depth.part.0+0xcf/0x200 [ 84.314194][T10005] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 84.314213][T10005] fbcon_putcs+0x33c/0x3e0 [ 84.314227][T10005] ? bit_cursor+0x1a60/0x1a60 [ 84.314248][T10005] do_update_region+0x42b/0x6f0 [ 84.314272][T10005] ? con_get_trans_old+0x2a0/0x2a0 [ 84.314289][T10005] ? fbcon_set_palette+0x3c4/0x4a0 [ 84.314302][T10005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.314314][T10005] ? var_to_display+0x810/0x810 [ 84.314331][T10005] redraw_screen+0x676/0x7d0 [ 84.314349][T10005] ? respond_string+0x2c0/0x2c0 [ 84.314377][T10005] fbcon_do_set_font+0x829/0x960 [ 84.314396][T10005] fbcon_copy_font+0x12c/0x190 [ 84.314410][T10005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.314421][T10005] ? fbcon_do_set_font+0x960/0x960 [ 84.314437][T10005] con_font_op+0x6b2/0x1270 [ 84.314454][T10005] ? lock_downgrade+0x920/0x920 [ 84.314470][T10005] ? con_write+0xd0/0xd0 [ 84.314495][T10005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 84.314511][T10005] ? _copy_from_user+0x12c/0x1a0 [ 84.314531][T10005] vt_ioctl+0x181a/0x26d0 [ 84.314548][T10005] ? complete_change_console+0x3a0/0x3a0 [ 84.314560][T10005] ? lock_downgrade+0x920/0x920 [ 84.314576][T10005] ? rwlock_bug.part.0+0x90/0x90 [ 84.314593][T10005] ? tomoyo_path_number_perm+0x214/0x520 [ 84.314606][T10005] ? find_held_lock+0x35/0x130 [ 84.314624][T10005] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 84.314639][T10005] ? tty_jobctrl_ioctl+0x50/0xd40 [ 84.314654][T10005] ? complete_change_console+0x3a0/0x3a0 [ 84.314670][T10005] tty_ioctl+0xa37/0x14f0 [ 84.314686][T10005] ? tty_vhangup+0x30/0x30 [ 84.314697][T10005] ? tomoyo_path_number_perm+0x454/0x520 [ 84.314713][T10005] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 84.314726][T10005] ? tomoyo_path_number_perm+0x25e/0x520 [ 84.314743][T10005] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 84.314773][T10005] ? ___might_sleep+0x163/0x2c0 [ 84.314790][T10005] ? tty_vhangup+0x30/0x30 [ 84.314806][T10005] do_vfs_ioctl+0x977/0x14e0 [ 84.314823][T10005] ? compat_ioctl_preallocate+0x220/0x220 [ 84.314838][T10005] ? selinux_file_mprotect+0x620/0x620 [ 84.314850][T10005] ? __fget+0x37f/0x550 [ 84.314869][T10005] ? ksys_dup3+0x3e0/0x3e0 [ 84.314884][T10005] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 84.314904][T10005] ? tomoyo_file_ioctl+0x23/0x30 [ 84.314919][T10005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.314933][T10005] ? security_file_ioctl+0x8d/0xc0 [ 84.314951][T10005] ksys_ioctl+0xab/0xd0 [ 84.314968][T10005] __x64_sys_ioctl+0x73/0xb0 [ 84.314989][T10005] do_syscall_64+0xfa/0x790 [ 84.315011][T10005] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.315023][T10005] RIP: 0033:0x447129 [ 84.315039][T10005] Code: e8 6c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 84.315047][T10005] RSP: 002b:00007f03f4e52db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.315061][T10005] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000447129 [ 84.315068][T10005] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000005 [ 84.315075][T10005] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000 [ 84.315083][T10005] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c [ 84.315091][T10005] R13: 00007ffc6517fc7f R14: 00007f03f4e539c0 R15: 00000000006dcc2c [ 84.315108][T10005] [ 84.315114][T10005] Allocated by task 10001: [ 84.315128][T10005] save_stack+0x23/0x90 [ 84.315140][T10005] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 84.315151][T10005] kasan_kmalloc+0x9/0x10 [ 84.315160][T10005] __kmalloc+0x163/0x770 [ 84.315171][T10005] fbcon_set_font+0x32d/0x860 [ 84.315183][T10005] con_font_op+0xe30/0x1270 [ 84.315196][T10005] vt_ioctl+0xd2e/0x26d0 [ 84.315207][T10005] tty_ioctl+0xa37/0x14f0 [ 84.315218][T10005] do_vfs_ioctl+0x977/0x14e0 [ 84.315229][T10005] ksys_ioctl+0xab/0xd0 [ 84.315240][T10005] __x64_sys_ioctl+0x73/0xb0 [ 84.315252][T10005] do_syscall_64+0xfa/0x790 [ 84.315264][T10005] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.315267][T10005] [ 84.315273][T10005] Freed by task 9762: [ 84.315283][T10005] save_stack+0x23/0x90 [ 84.315295][T10005] __kasan_slab_free+0x102/0x150 [ 84.315305][T10005] kasan_slab_free+0xe/0x10 [ 84.315315][T10005] kfree+0x10a/0x2c0 [ 84.315326][T10005] tomoyo_supervisor+0x360/0xef0 [ 84.315337][T10005] tomoyo_path_permission+0x263/0x360 [ 84.315348][T10005] tomoyo_check_open_permission+0x3a6/0x3e0 [ 84.315367][T10005] tomoyo_file_open+0xa9/0xd0 [ 84.315377][T10005] security_file_open+0x71/0x300 [ 84.315392][T10005] do_dentry_open+0x37a/0x1380 [ 84.315403][T10005] vfs_open+0xa0/0xd0 [ 84.315417][T10005] path_openat+0x10df/0x4500 [ 84.315429][T10005] do_filp_open+0x1a1/0x280 [ 84.315439][T10005] do_sys_open+0x3fe/0x5d0 [ 84.315450][T10005] __x64_sys_open+0x7e/0xc0 [ 84.315462][T10005] do_syscall_64+0xfa/0x790 [ 84.315475][T10005] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.315478][T10005] [ 84.315488][T10005] The buggy address belongs to the object at ffff88809e641400 [ 84.315488][T10005] which belongs to the cache kmalloc-512 of size 512 [ 84.315500][T10005] The buggy address is located 356 bytes inside of [ 84.315500][T10005] 512-byte region [ffff88809e641400, ffff88809e641600) [ 84.315505][T10005] The buggy address belongs to the page: [ 84.315518][T10005] page:ffffea0002799040 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0x0 [ 84.315538][T10005] raw: 00fffe0000000200 ffffea0002799148 ffffea000252ffc8 ffff8880aa400a80 [ 84.315554][T10005] raw: 0000000000000000 ffff88809e641000 0000000100000004 0000000000000000 [ 84.315560][T10005] page dumped because: kasan: bad access detected [ 84.315564][T10005] [ 84.315568][T10005] Memory state around the buggy address: [ 84.315579][T10005] ffff88809e641400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 84.315590][T10005] ffff88809e641480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 84.315601][T10005] >ffff88809e641500: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.315607][T10005] ^ [ 84.315617][T10005] ffff88809e641580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.315627][T10005] ffff88809e641600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.315633][T10005] ================================================================== [ 84.315637][T10005] Disabling lock debugging due to kernel taint [ 84.324361][T10005] Kernel panic - not syncing: panic_on_warn set ... [ 84.324380][T10005] CPU: 1 PID: 10005 Comm: syz-executor765 Tainted: G B 5.5.0-rc1-syzkaller #0 [ 84.324387][T10005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.324391][T10005] Call Trace: [ 84.324414][T10005] dump_stack+0x197/0x210 [ 84.324430][T10005] panic+0x2e3/0x75c [ 84.324442][T10005] ? add_taint.cold+0x16/0x16 [ 84.324456][T10005] ? bit_putcs+0xd5d/0xf10 [ 84.324472][T10005] ? preempt_schedule+0x4b/0x60 [ 84.324489][T10005] ? ___preempt_schedule+0x16/0x18 [ 84.324505][T10005] ? trace_hardirqs_on+0x5e/0x240 [ 84.324518][T10005] ? bit_putcs+0xd5d/0xf10 [ 84.324531][T10005] end_report+0x47/0x4f [ 84.324542][T10005] ? bit_putcs+0xd5d/0xf10 [ 84.324554][T10005] __kasan_report.cold+0xe/0x41 [ 84.324568][T10005] ? fb_get_color_depth.part.0+0x40/0x200 [ 84.324578][T10005] ? bit_putcs+0xd5d/0xf10 [ 84.324591][T10005] kasan_report+0x12/0x20 [ 84.324603][T10005] __asan_report_load1_noabort+0x14/0x20 [ 84.324613][T10005] bit_putcs+0xd5d/0xf10 [ 84.324632][T10005] ? bit_cursor+0x1a60/0x1a60 [ 84.324648][T10005] ? write_comp_data+0x1/0x70 [ 84.324658][T10005] ? fb_get_color_depth.part.0+0xcf/0x200 [ 84.324673][T10005] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 84.324688][T10005] fbcon_putcs+0x33c/0x3e0 [ 84.324699][T10005] ? bit_cursor+0x1a60/0x1a60 [ 84.324717][T10005] do_update_region+0x42b/0x6f0 [ 84.324730][T10005] ? con_get_trans_old+0x2a0/0x2a0 [ 84.324745][T10005] ? fbcon_set_palette+0x3c4/0x4a0 [ 84.324758][T10005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.324780][T10005] ? var_to_display+0x810/0x810 [ 84.324797][T10005] redraw_screen+0x676/0x7d0 [ 84.324811][T10005] ? respond_string+0x2c0/0x2c0 [ 84.324828][T10005] fbcon_do_set_font+0x829/0x960 [ 84.324842][T10005] fbcon_copy_font+0x12c/0x190 [ 84.324854][T10005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.324864][T10005] ? fbcon_do_set_font+0x960/0x960 [ 84.324879][T10005] con_font_op+0x6b2/0x1270 [ 84.324894][T10005] ? lock_downgrade+0x920/0x920 [ 84.324907][T10005] ? con_write+0xd0/0xd0 [ 84.324927][T10005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 84.324942][T10005] ? _copy_from_user+0x12c/0x1a0 [ 84.324959][T10005] vt_ioctl+0x181a/0x26d0 [ 84.324974][T10005] ? complete_change_console+0x3a0/0x3a0 [ 84.324985][T10005] ? lock_downgrade+0x920/0x920 [ 84.325001][T10005] ? rwlock_bug.part.0+0x90/0x90 [ 84.325018][T10005] ? tomoyo_path_number_perm+0x214/0x520 [ 84.325029][T10005] ? find_held_lock+0x35/0x130 [ 84.325044][T10005] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 84.325058][T10005] ? tty_jobctrl_ioctl+0x50/0xd40 [ 84.325073][T10005] ? complete_change_console+0x3a0/0x3a0 [ 84.325088][T10005] tty_ioctl+0xa37/0x14f0 [ 84.325102][T10005] ? tty_vhangup+0x30/0x30 [ 84.325113][T10005] ? tomoyo_path_number_perm+0x454/0x520 [ 84.325128][T10005] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 84.325140][T10005] ? tomoyo_path_number_perm+0x25e/0x520 [ 84.325155][T10005] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 84.325173][T10005] ? ___might_sleep+0x163/0x2c0 [ 84.325187][T10005] ? tty_vhangup+0x30/0x30 [ 84.325202][T10005] do_vfs_ioctl+0x977/0x14e0 [ 84.325216][T10005] ? compat_ioctl_preallocate+0x220/0x220 [ 84.325229][T10005] ? selinux_file_mprotect+0x620/0x620 [ 84.325241][T10005] ? __fget+0x37f/0x550 [ 84.325254][T10005] ? ksys_dup3+0x3e0/0x3e0 [ 84.325269][T10005] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 84.325285][T10005] ? tomoyo_file_ioctl+0x23/0x30 [ 84.325297][T10005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.325309][T10005] ? security_file_ioctl+0x8d/0xc0 [ 84.325320][T10005] ksys_ioctl+0xab/0xd0 [ 84.325330][T10005] __x64_sys_ioctl+0x73/0xb0 [ 84.325344][T10005] do_syscall_64+0xfa/0x790 [ 84.325365][T10005] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.325376][T10005] RIP: 0033:0x447129 [ 84.325390][T10005] Code: e8 6c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 84.325397][T10005] RSP: 002b:00007f03f4e52db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.325410][T10005] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000447129 [ 84.325418][T10005] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000005 [ 84.325425][T10005] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000 [ 84.325433][T10005] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c [ 84.325441][T10005] R13: 00007ffc6517fc7f R14: 00007f03f4e539c0 R15: 00000000006dcc2c [ 84.326920][T10005] Kernel Offset: disabled