Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context mai[ 40.273149] audit: type=1800 audit(1577900449.436:33): pid=7545 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 ntaining daemon: restorecond[?2[ 40.296293] audit: type=1800 audit(1577900449.436:34): pid=7545 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 5l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 45.237283] audit: type=1400 audit(1577900454.396:35): avc: denied { map } for pid=7719 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.27' (ECDSA) to the list of known hosts. executing program [ 56.607041] audit: type=1400 audit(1577900465.766:36): avc: denied { map } for pid=7731 comm="syz-executor364" path="/root/syz-executor364662320" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.640560] ================================================================== [ 56.640584] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x2b2/0x5e0 [ 56.640591] Read of size 32 at addr ffffffff87ecb9e0 by task syz-executor364/7733 [ 56.640593] [ 56.640602] CPU: 0 PID: 7733 Comm: syz-executor364 Not tainted 4.19.92-syzkaller #0 [ 56.640607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.640610] Call Trace: [ 56.640621] dump_stack+0x197/0x210 [ 56.640631] ? fbcon_get_font+0x2b2/0x5e0 [ 56.640642] print_address_description.cold+0x5/0x20d [ 56.640651] ? fbcon_get_font+0x2b2/0x5e0 [ 56.640659] kasan_report.cold+0x8c/0x2ba [ 56.640670] check_memory_region+0x123/0x190 [ 56.640679] memcpy+0x24/0x50 [ 56.640687] fbcon_get_font+0x2b2/0x5e0 [ 56.640696] ? display_to_var+0x7e0/0x7e0 [ 56.640705] con_font_op+0x20b/0x1250 [ 56.640716] ? __might_sleep+0x95/0x190 [ 56.640726] ? con_write+0xd0/0xd0 [ 56.640736] ? selinux_capable+0x36/0x40 [ 56.640746] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.640754] ? security_capable+0x92/0xc0 [ 56.640763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.640771] ? ns_capable_common+0x141/0x170 [ 56.640782] vt_ioctl+0xd2e/0x2530 [ 56.640805] ? complete_change_console+0x3a0/0x3a0 [ 56.640815] ? avc_has_extended_perms+0xa78/0x10f0 [ 56.640828] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 56.640840] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 56.640848] ? complete_change_console+0x3a0/0x3a0 [ 56.640857] tty_ioctl+0x7f3/0x1510 [ 56.640865] ? tty_vhangup+0x30/0x30 [ 56.640874] ? mark_held_locks+0x100/0x100 [ 56.640883] ? do_futex+0x17d/0x1d70 [ 56.640895] ? __fget+0x340/0x540 [ 56.640908] ? __might_sleep+0x95/0x190 [ 56.640915] ? tty_vhangup+0x30/0x30 [ 56.640926] do_vfs_ioctl+0xd5f/0x1380 [ 56.640934] ? selinux_file_ioctl+0x46f/0x5e0 [ 56.640941] ? selinux_file_ioctl+0x125/0x5e0 [ 56.640950] ? ioctl_preallocate+0x210/0x210 [ 56.640958] ? selinux_file_mprotect+0x620/0x620 [ 56.640969] ? iterate_fd+0x360/0x360 [ 56.640982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.640990] ? security_file_ioctl+0x8d/0xc0 [ 56.640999] ksys_ioctl+0xab/0xd0 [ 56.641009] __x64_sys_ioctl+0x73/0xb0 [ 56.641021] do_syscall_64+0xfd/0x620 [ 56.641032] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.641038] RIP: 0033:0x4459b9 [ 56.641046] Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.641051] RSP: 002b:00007fa968113db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.641059] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 00000000004459b9 [ 56.641063] RDX: 0000000020000200 RSI: 0000000000004b60 RDI: 0000000000000007 [ 56.641068] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 56.641072] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 56.641077] R13: 00007ffece8c78ff R14: 00007fa9681149c0 R15: 20c49ba5e353f7cf [ 56.641087] [ 56.641090] The buggy address belongs to the variable: [ 56.641103] fontdata_8x16+0x1000/0x1120 [ 56.641105] [ 56.641107] Memory state around the buggy address: [ 56.641114] ffffffff87ecb880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.641120] ffffffff87ecb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.641126] >ffffffff87ecb980: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa [ 56.641129] ^ [ 56.641135] ffffffff87ecba00: 06 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 56.641141] ffffffff87ecba80: 06 fa fa fa fa fa fa fa 00 00 03 fa fa fa fa fa [ 56.641144] ================================================================== [ 56.641146] Disabling lock debugging due to kernel taint [ 56.641151] Kernel panic - not syncing: panic_on_warn set ... [ 56.641151] [ 56.641159] CPU: 0 PID: 7733 Comm: syz-executor364 Tainted: G B 4.19.92-syzkaller #0 [ 56.641163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.641165] Call Trace: [ 56.641172] dump_stack+0x197/0x210 [ 56.641179] ? fbcon_get_font+0x2b2/0x5e0 [ 56.641186] panic+0x26a/0x50e [ 56.641192] ? __warn_printk+0xf3/0xf3 [ 56.641200] ? lock_downgrade+0x880/0x880 [ 56.641209] ? trace_hardirqs_on+0x67/0x220 [ 56.641216] ? trace_hardirqs_on+0x5e/0x220 [ 56.641224] ? fbcon_get_font+0x2b2/0x5e0 [ 56.641231] kasan_end_report+0x47/0x4f [ 56.641239] kasan_report.cold+0xa9/0x2ba [ 56.641248] check_memory_region+0x123/0x190 [ 56.641255] memcpy+0x24/0x50 [ 56.641262] fbcon_get_font+0x2b2/0x5e0 [ 56.641269] ? display_to_var+0x7e0/0x7e0 [ 56.641277] con_font_op+0x20b/0x1250 [ 56.641284] ? __might_sleep+0x95/0x190 [ 56.641292] ? con_write+0xd0/0xd0 [ 56.641300] ? selinux_capable+0x36/0x40 [ 56.641307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.641313] ? security_capable+0x92/0xc0 [ 56.641321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.641327] ? ns_capable_common+0x141/0x170 [ 56.641336] vt_ioctl+0xd2e/0x2530 [ 56.641344] ? complete_change_console+0x3a0/0x3a0 [ 56.641352] ? avc_has_extended_perms+0xa78/0x10f0 [ 56.641362] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 56.641371] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 56.641378] ? complete_change_console+0x3a0/0x3a0 [ 56.641385] tty_ioctl+0x7f3/0x1510 [ 56.641392] ? tty_vhangup+0x30/0x30 [ 56.641399] ? mark_held_locks+0x100/0x100 [ 56.641406] ? do_futex+0x17d/0x1d70 [ 56.641415] ? __fget+0x340/0x540 [ 56.641424] ? __might_sleep+0x95/0x190 [ 56.641431] ? tty_vhangup+0x30/0x30 [ 56.641438] do_vfs_ioctl+0xd5f/0x1380 [ 56.641445] ? selinux_file_ioctl+0x46f/0x5e0 [ 56.641452] ? selinux_file_ioctl+0x125/0x5e0 [ 56.641460] ? ioctl_preallocate+0x210/0x210 [ 56.641467] ? selinux_file_mprotect+0x620/0x620 [ 56.641476] ? iterate_fd+0x360/0x360 [ 56.641486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.641493] ? security_file_ioctl+0x8d/0xc0 [ 56.641500] ksys_ioctl+0xab/0xd0 [ 56.641508] __x64_sys_ioctl+0x73/0xb0 [ 56.641516] do_syscall_64+0xfd/0x620 [ 56.641525] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.641529] RIP: 0033:0x4459b9 [ 56.641536] Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.641540] RSP: 002b:00007fa968113db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.641546] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 00000000004459b9 [ 56.641550] RDX: 0000000020000200 RSI: 0000000000004b60 RDI: 0000000000000007 [ 56.641554] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 56.641558] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 56.641563] R13: 00007ffece8c78ff R14: 00007fa9681149c0 R15: 20c49ba5e353f7cf [ 56.643068] Kernel Offset: disabled [ 57.296576] Rebooting in 86400 seconds..