[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 76.036909][ T27] audit: type=1800 audit(1576737294.094:25): pid=8962 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 76.057039][ T27] audit: type=1800 audit(1576737294.104:26): pid=8962 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 76.101365][ T27] audit: type=1800 audit(1576737294.104:27): pid=8962 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 96.308043][ T9115] ================================================================== [ 96.308082][ T9115] BUG: KASAN: global-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 96.308090][ T9115] Read of size 1 at addr ffffffff8872a460 by task syz-executor074/9115 [ 96.308093][ T9115] [ 96.308102][ T9115] CPU: 1 PID: 9115 Comm: syz-executor074 Not tainted 5.5.0-rc2-syzkaller #0 [ 96.308108][ T9115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.308111][ T9115] Call Trace: [ 96.308122][ T9115] dump_stack+0x197/0x210 [ 96.308130][ T9115] ? bit_putcs+0xd5d/0xf10 [ 96.308143][ T9115] print_address_description.constprop.0.cold+0x5/0x30b [ 96.308150][ T9115] ? bit_putcs+0xd5d/0xf10 [ 96.308156][ T9115] ? bit_putcs+0xd5d/0xf10 [ 96.308165][ T9115] __kasan_report.cold+0x1b/0x41 [ 96.308175][ T9115] ? fb_get_color_depth.part.0+0xc0/0x200 [ 96.308182][ T9115] ? bit_putcs+0xd5d/0xf10 [ 96.308191][ T9115] kasan_report+0x12/0x20 [ 96.308200][ T9115] __asan_report_load1_noabort+0x14/0x20 [ 96.308206][ T9115] bit_putcs+0xd5d/0xf10 [ 96.308224][ T9115] ? bit_cursor+0x1a60/0x1a60 [ 96.308235][ T9115] ? write_comp_data+0x11/0x70 [ 96.308243][ T9115] ? fb_get_color_depth.part.0+0xcf/0x200 [ 96.308255][ T9115] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 96.308267][ T9115] fbcon_putcs+0x33c/0x3e0 [ 96.308274][ T9115] ? bit_cursor+0x1a60/0x1a60 [ 96.308287][ T9115] do_update_region+0x328/0x6f0 [ 96.308299][ T9115] ? con_get_trans_old+0x2a0/0x2a0 [ 96.308309][ T9115] ? fbcon_set_palette+0x3c4/0x4a0 [ 96.308318][ T9115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.308326][ T9115] ? var_to_display+0x810/0x810 [ 96.308337][ T9115] redraw_screen+0x676/0x7d0 [ 96.308347][ T9115] ? respond_string+0x2c0/0x2c0 [ 96.308361][ T9115] vc_do_resize+0x10c9/0x1460 [ 96.308372][ T9115] ? down+0x50/0x90 [ 96.308390][ T9115] ? vc_uniscr_alloc+0xd0/0xd0 [ 96.308399][ T9115] ? lock_acquire+0x190/0x410 [ 96.308409][ T9115] ? vt_ioctl+0x1f56/0x26d0 [ 96.308420][ T9115] vc_resize+0x4d/0x60 [ 96.308430][ T9115] vt_ioctl+0x2076/0x26d0 [ 96.308441][ T9115] ? complete_change_console+0x3a0/0x3a0 [ 96.308448][ T9115] ? lock_downgrade+0x920/0x920 [ 96.308456][ T9115] ? rwlock_bug.part.0+0x90/0x90 [ 96.308467][ T9115] ? tomoyo_path_number_perm+0x214/0x520 [ 96.308474][ T9115] ? find_held_lock+0x35/0x130 [ 96.308483][ T9115] ? tomoyo_path_number_perm+0x214/0x520 [ 96.308491][ T9115] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 96.308500][ T9115] ? tty_jobctrl_ioctl+0x50/0xd40 [ 96.308509][ T9115] ? complete_change_console+0x3a0/0x3a0 [ 96.308519][ T9115] tty_ioctl+0xa37/0x14f0 [ 96.308528][ T9115] ? tty_vhangup+0x30/0x30 [ 96.308535][ T9115] ? tomoyo_path_number_perm+0x454/0x520 [ 96.308546][ T9115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 96.308554][ T9115] ? tomoyo_path_number_perm+0x25e/0x520 [ 96.308563][ T9115] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 96.308590][ T9115] ? tty_vhangup+0x30/0x30 [ 96.308608][ T9115] do_vfs_ioctl+0x977/0x14e0 [ 96.308627][ T9115] ? compat_ioctl_preallocate+0x220/0x220 [ 96.308645][ T9115] ? kmem_cache_free+0x26b/0x320 [ 96.308662][ T9115] ? putname+0xf4/0x130 [ 96.308673][ T9115] ? do_sys_open+0x31d/0x5d0 [ 96.308683][ T9115] ? tomoyo_file_ioctl+0x23/0x30 [ 96.308692][ T9115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.308700][ T9115] ? security_file_ioctl+0x8d/0xc0 [ 96.308709][ T9115] ksys_ioctl+0xab/0xd0 [ 96.308719][ T9115] __x64_sys_ioctl+0x73/0xb0 [ 96.308731][ T9115] do_syscall_64+0xfa/0x790 [ 96.308742][ T9115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.308749][ T9115] RIP: 0033:0x444f69 [ 96.308760][ T9115] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 96.308764][ T9115] RSP: 002b:00007ffc11622c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.308773][ T9115] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444f69 [ 96.308778][ T9115] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000004 [ 96.308783][ T9115] RBP: 00000000006d0018 R08: 000000000000000d R09: 00000000004002e0 [ 96.308787][ T9115] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004021b0 [ 96.308792][ T9115] R13: 0000000000402240 R14: 0000000000000000 R15: 0000000000000000 [ 96.308803][ T9115] [ 96.308806][ T9115] The buggy address belongs to the variable: [ 96.308812][ T9115] oid_index+0x520/0xb80 [ 96.308814][ T9115] [ 96.308817][ T9115] Memory state around the buggy address: [ 96.308824][ T9115] ffffffff8872a300: 00 07 fa fa fa fa fa fa 00 06 fa fa fa fa fa fa [ 96.308831][ T9115] ffffffff8872a380: 06 fa fa fa fa fa fa fa 00 00 00 04 fa fa fa fa [ 96.308837][ T9115] >ffffffff8872a400: 00 00 fa fa fa fa fa fa 00 00 06 fa fa fa fa fa [ 96.308841][ T9115] ^ [ 96.308847][ T9115] ffffffff8872a480: 00 06 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa [ 96.308853][ T9115] ffffffff8872a500: 00 00 01 fa fa fa fa fa 06 fa fa fa fa fa fa fa [ 96.308856][ T9115] ================================================================== [ 96.308859][ T9115] Disabling lock debugging due to kernel taint [ 96.308869][ T9115] Kernel panic - not syncing: panic_on_warn set ... [ 96.308877][ T9115] CPU: 1 PID: 9115 Comm: syz-executor074 Tainted: G B 5.5.0-rc2-syzkaller #0 [ 96.308881][ T9115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.308883][ T9115] Call Trace: [ 96.308891][ T9115] dump_stack+0x197/0x210 [ 96.308901][ T9115] panic+0x2e3/0x75c [ 96.308908][ T9115] ? add_taint.cold+0x16/0x16 [ 96.308920][ T9115] ? trace_hardirqs_on+0x67/0x240 [ 96.308927][ T9115] ? trace_hardirqs_on+0x5e/0x240 [ 96.308934][ T9115] ? bit_putcs+0xd5d/0xf10 [ 96.308941][ T9115] end_report+0x47/0x4f [ 96.308947][ T9115] ? bit_putcs+0xd5d/0xf10 [ 96.308954][ T9115] __kasan_report.cold+0xe/0x41 [ 96.308962][ T9115] ? fb_get_color_depth.part.0+0xc0/0x200 [ 96.308968][ T9115] ? bit_putcs+0xd5d/0xf10 [ 96.308975][ T9115] kasan_report+0x12/0x20 [ 96.308983][ T9115] __asan_report_load1_noabort+0x14/0x20 [ 96.308989][ T9115] bit_putcs+0xd5d/0xf10 [ 96.309000][ T9115] ? bit_cursor+0x1a60/0x1a60 [ 96.309008][ T9115] ? write_comp_data+0x11/0x70 [ 96.309016][ T9115] ? fb_get_color_depth.part.0+0xcf/0x200 [ 96.309024][ T9115] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 96.309033][ T9115] fbcon_putcs+0x33c/0x3e0 [ 96.309040][ T9115] ? bit_cursor+0x1a60/0x1a60 [ 96.309048][ T9115] do_update_region+0x328/0x6f0 [ 96.309057][ T9115] ? con_get_trans_old+0x2a0/0x2a0 [ 96.309066][ T9115] ? fbcon_set_palette+0x3c4/0x4a0 [ 96.309074][ T9115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.309081][ T9115] ? var_to_display+0x810/0x810 [ 96.309090][ T9115] redraw_screen+0x676/0x7d0 [ 96.309098][ T9115] ? respond_string+0x2c0/0x2c0 [ 96.309108][ T9115] vc_do_resize+0x10c9/0x1460 [ 96.309115][ T9115] ? down+0x50/0x90 [ 96.309127][ T9115] ? vc_uniscr_alloc+0xd0/0xd0 [ 96.309134][ T9115] ? lock_acquire+0x190/0x410 [ 96.309142][ T9115] ? vt_ioctl+0x1f56/0x26d0 [ 96.309151][ T9115] vc_resize+0x4d/0x60 [ 96.309159][ T9115] vt_ioctl+0x2076/0x26d0 [ 96.309168][ T9115] ? complete_change_console+0x3a0/0x3a0 [ 96.309174][ T9115] ? lock_downgrade+0x920/0x920 [ 96.309182][ T9115] ? rwlock_bug.part.0+0x90/0x90 [ 96.309189][ T9115] ? tomoyo_path_number_perm+0x214/0x520 [ 96.309195][ T9115] ? find_held_lock+0x35/0x130 [ 96.309203][ T9115] ? tomoyo_path_number_perm+0x214/0x520 [ 96.309211][ T9115] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 96.309218][ T9115] ? tty_jobctrl_ioctl+0x50/0xd40 [ 96.309226][ T9115] ? complete_change_console+0x3a0/0x3a0 [ 96.309233][ T9115] tty_ioctl+0xa37/0x14f0 [ 96.309241][ T9115] ? tty_vhangup+0x30/0x30 [ 96.309248][ T9115] ? tomoyo_path_number_perm+0x454/0x520 [ 96.309257][ T9115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 96.309263][ T9115] ? tomoyo_path_number_perm+0x25e/0x520 [ 96.309272][ T9115] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 96.309283][ T9115] ? tty_vhangup+0x30/0x30 [ 96.309290][ T9115] do_vfs_ioctl+0x977/0x14e0 [ 96.309299][ T9115] ? compat_ioctl_preallocate+0x220/0x220 [ 96.309306][ T9115] ? kmem_cache_free+0x26b/0x320 [ 96.309314][ T9115] ? putname+0xf4/0x130 [ 96.309321][ T9115] ? do_sys_open+0x31d/0x5d0 [ 96.309329][ T9115] ? tomoyo_file_ioctl+0x23/0x30 [ 96.309337][ T9115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.309343][ T9115] ? security_file_ioctl+0x8d/0xc0 [ 96.309351][ T9115] ksys_ioctl+0xab/0xd0 [ 96.309358][ T9115] __x64_sys_ioctl+0x73/0xb0 [ 96.309369][ T9115] do_syscall_64+0xfa/0x790 [ 96.309377][ T9115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.309382][ T9115] RIP: 0033:0x444f69 [ 96.309389][ T9115] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 96.309393][ T9115] RSP: 002b:00007ffc11622c28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.309399][ T9115] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444f69 [ 96.309403][ T9115] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000004 [ 96.309407][ T9115] RBP: 00000000006d0018 R08: 000000000000000d R09: 00000000004002e0 [ 96.309412][ T9115] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004021b0 [ 96.309416][ T9115] R13: 0000000000402240 R14: 0000000000000000 R15: 0000000000000000 [ 96.311011][ T9115] Kernel Offset: disabled [ 97.224374][ T9115] Rebooting in 86400 seconds..