[ 44.095477] audit: type=1800 audit(1578780592.765:29): pid=7981 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 44.116551] audit: type=1800 audit(1578780592.765:30): pid=7981 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.159098] kauditd_printk_skb: 5 callbacks suppressed [ 53.159114] audit: type=1400 audit(1578780601.825:36): avc: denied { map } for pid=8170 comm="syz-executor996" path="/root/syz-executor996847261" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.200157] ================================================================== [ 53.200189] BUG: KASAN: global-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 53.200197] Read of size 1 at addr ffffffff87ed8cbe by task syz-executor996/8172 [ 53.200200] [ 53.200210] CPU: 1 PID: 8172 Comm: syz-executor996 Not tainted 4.19.94-syzkaller #0 [ 53.200215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.200218] Call Trace: [ 53.200231] dump_stack+0x197/0x210 [ 53.200241] ? bit_putcs+0xd5d/0xf10 [ 53.200253] print_address_description.cold+0x5/0x20d [ 53.200262] ? bit_putcs+0xd5d/0xf10 [ 53.200270] kasan_report.cold+0x8c/0x2ba [ 53.200282] __asan_report_load1_noabort+0x14/0x20 [ 53.200290] bit_putcs+0xd5d/0xf10 [ 53.200308] ? bit_cursor+0x1a60/0x1a60 [ 53.200319] ? write_comp_data+0x1/0x70 [ 53.200327] ? fb_get_color_depth.part.0+0xcf/0x200 [ 53.200338] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 53.200349] fbcon_putcs+0x42b/0x4f0 [ 53.200359] ? bit_cursor+0x1a60/0x1a60 [ 53.200370] do_update_region+0x42b/0x6f0 [ 53.200383] ? con_get_trans_old+0x2a0/0x2a0 [ 53.200393] ? fbcon_set_palette+0x227/0x610 [ 53.200401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.200409] ? fbcon_redraw.isra.0+0x490/0x490 [ 53.200420] redraw_screen+0x602/0x8e0 [ 53.200429] ? down+0x50/0x90 [ 53.200438] ? con_flush_chars+0xa0/0xa0 [ 53.200452] fbcon_do_set_font+0x73a/0xa40 [ 53.200460] ? lock_acquire+0x16f/0x3f0 [ 53.200472] fbcon_copy_font+0x12c/0x190 [ 53.200479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.200502] ? fbcon_do_set_font+0xa40/0xa40 [ 53.200512] con_font_op+0x69a/0x1250 [ 53.200523] ? con_write+0xd0/0xd0 [ 53.200537] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.200546] ? _copy_from_user+0xdd/0x150 [ 53.200556] vt_ioctl+0x1784/0x2530 [ 53.200565] ? complete_change_console+0x3a0/0x3a0 [ 53.200574] ? avc_has_extended_perms+0xa78/0x10f0 [ 53.200588] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 53.200598] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 53.200605] ? complete_change_console+0x3a0/0x3a0 [ 53.200615] tty_ioctl+0x7f3/0x1510 [ 53.200625] ? tty_vhangup+0x30/0x30 [ 53.200635] ? mark_held_locks+0x100/0x100 [ 53.200645] ? do_futex+0x17d/0x1d70 [ 53.200658] ? __fget+0x340/0x540 [ 53.200671] ? __might_sleep+0x95/0x190 [ 53.200680] ? tty_vhangup+0x30/0x30 [ 53.200690] do_vfs_ioctl+0xd5f/0x1380 [ 53.200697] ? selinux_file_ioctl+0x46f/0x5e0 [ 53.200704] ? selinux_file_ioctl+0x125/0x5e0 [ 53.200713] ? ioctl_preallocate+0x210/0x210 [ 53.200720] ? selinux_file_mprotect+0x620/0x620 [ 53.200732] ? iterate_fd+0x360/0x360 [ 53.200747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.200757] ? security_file_ioctl+0x8d/0xc0 [ 53.200766] ksys_ioctl+0xab/0xd0 [ 53.200776] __x64_sys_ioctl+0x73/0xb0 [ 53.200787] do_syscall_64+0xfd/0x620 [ 53.200798] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.200805] RIP: 0033:0x445919 [ 53.200813] Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.200817] RSP: 002b:00007f6d8808adb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.200826] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445919 [ 53.200830] RDX: 0000000020000540 RSI: 0000000000004b72 RDI: 0000000000000008 [ 53.200835] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 53.200840] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 53.200845] R13: 00007fff8c236adf R14: 00007f6d8808b9c0 R15: 20c49ba5e353f7cf [ 53.200855] [ 53.200858] The buggy address belongs to the variable: [ 53.200867] fontdata_8x16+0x10de/0x1120 [ 53.200869] [ 53.200871] Memory state around the buggy address: [ 53.200879] ffffffff87ed8b80: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa [ 53.200885] ffffffff87ed8c00: 06 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 53.200891] >ffffffff87ed8c80: 06 fa fa fa fa fa fa fa 00 00 03 fa fa fa fa fa [ 53.200895] ^ [ 53.200900] ffffffff87ed8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.200906] ffffffff87ed8d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa [ 53.200909] ================================================================== [ 53.200912] Disabling lock debugging due to kernel taint [ 53.200916] Kernel panic - not syncing: panic_on_warn set ... [ 53.200916] [ 53.200924] CPU: 1 PID: 8172 Comm: syz-executor996 Tainted: G B 4.19.94-syzkaller #0 [ 53.200928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.200930] Call Trace: [ 53.200937] dump_stack+0x197/0x210 [ 53.200946] ? bit_putcs+0xd5d/0xf10 [ 53.200952] panic+0x26a/0x50e [ 53.200959] ? __warn_printk+0xf3/0xf3 [ 53.200967] ? lock_downgrade+0x880/0x880 [ 53.200976] ? trace_hardirqs_on+0x67/0x220 [ 53.200983] ? trace_hardirqs_on+0x5e/0x220 [ 53.200992] ? bit_putcs+0xd5d/0xf10 [ 53.201000] kasan_end_report+0x47/0x4f [ 53.201007] kasan_report.cold+0xa9/0x2ba [ 53.201017] __asan_report_load1_noabort+0x14/0x20 [ 53.201024] bit_putcs+0xd5d/0xf10 [ 53.201038] ? bit_cursor+0x1a60/0x1a60 [ 53.201045] ? write_comp_data+0x1/0x70 [ 53.201052] ? fb_get_color_depth.part.0+0xcf/0x200 [ 53.201060] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 53.201069] fbcon_putcs+0x42b/0x4f0 [ 53.201078] ? bit_cursor+0x1a60/0x1a60 [ 53.201086] do_update_region+0x42b/0x6f0 [ 53.201096] ? con_get_trans_old+0x2a0/0x2a0 [ 53.201104] ? fbcon_set_palette+0x227/0x610 [ 53.201112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.201119] ? fbcon_redraw.isra.0+0x490/0x490 [ 53.201135] redraw_screen+0x602/0x8e0 [ 53.201144] ? down+0x50/0x90 [ 53.201152] ? con_flush_chars+0xa0/0xa0 [ 53.201163] fbcon_do_set_font+0x73a/0xa40 [ 53.201170] ? lock_acquire+0x16f/0x3f0 [ 53.201179] fbcon_copy_font+0x12c/0x190 [ 53.201187] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.201194] ? fbcon_do_set_font+0xa40/0xa40 [ 53.201202] con_font_op+0x69a/0x1250 [ 53.201211] ? con_write+0xd0/0xd0 [ 53.201222] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.201229] ? _copy_from_user+0xdd/0x150 [ 53.201236] vt_ioctl+0x1784/0x2530 [ 53.201244] ? complete_change_console+0x3a0/0x3a0 [ 53.201251] ? avc_has_extended_perms+0xa78/0x10f0 [ 53.201261] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 53.201269] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 53.201275] ? complete_change_console+0x3a0/0x3a0 [ 53.201283] tty_ioctl+0x7f3/0x1510 [ 53.201291] ? tty_vhangup+0x30/0x30 [ 53.201298] ? mark_held_locks+0x100/0x100 [ 53.201305] ? do_futex+0x17d/0x1d70 [ 53.201314] ? __fget+0x340/0x540 [ 53.201323] ? __might_sleep+0x95/0x190 [ 53.201331] ? tty_vhangup+0x30/0x30 [ 53.201339] do_vfs_ioctl+0xd5f/0x1380 [ 53.201345] ? selinux_file_ioctl+0x46f/0x5e0 [ 53.201352] ? selinux_file_ioctl+0x125/0x5e0 [ 53.201359] ? ioctl_preallocate+0x210/0x210 [ 53.201366] ? selinux_file_mprotect+0x620/0x620 [ 53.201374] ? iterate_fd+0x360/0x360 [ 53.201384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.201392] ? security_file_ioctl+0x8d/0xc0 [ 53.201400] ksys_ioctl+0xab/0xd0 [ 53.201408] __x64_sys_ioctl+0x73/0xb0 [ 53.201416] do_syscall_64+0xfd/0x620 [ 53.201424] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.201430] RIP: 0033:0x445919 [ 53.201439] Code: e8 fc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.201442] RSP: 002b:00007f6d8808adb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.201449] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445919 [ 53.201453] RDX: 0000000020000540 RSI: 0000000000004b72 RDI: 0000000000000008 [ 53.201457] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 53.201461] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 53.201466] R13: 00007fff8c236adf R14: 00007f6d8808b9c0 R15: 20c49ba5e353f7cf [ 53.203123] Kernel Offset: disabled [ 53.979255] Rebooting in 86400 seconds..