[ 73.171672][ T27] audit: type=1400 audit(1575865367.829:37): avc: denied { watch } for pid=9858 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 73.221086][ T27] audit: type=1400 audit(1575865367.829:38): avc: denied { watch } for pid=9858 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 73.397150][ T27] audit: type=1800 audit(1575865368.049:39): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 73.418974][ T27] audit: type=1800 audit(1575865368.049:40): pid=9763 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 78.201308][ T27] audit: type=1400 audit(1575865372.859:41): avc: denied { map } for pid=9941 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. executing program [ 84.824827][ T27] audit: type=1400 audit(1575865379.479:42): avc: denied { map } for pid=9953 comm="syz-executor208" path="/root/syz-executor208471886" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 84.857752][ T9953] ================================================================== [ 84.857794][ T9953] BUG: KASAN: global-out-of-bounds in fb_pad_aligned_buffer+0x138/0x160 [ 84.857802][ T9953] Read of size 1 at addr ffffffff8872a77c by task syz-executor208/9953 [ 84.857804][ T9953] [ 84.857814][ T9953] CPU: 1 PID: 9953 Comm: syz-executor208 Not tainted 5.4.0-syzkaller #0 [ 84.857819][ T9953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.857822][ T9953] Call Trace: [ 84.857834][ T9953] dump_stack+0x197/0x210 [ 84.857842][ T9953] ? fb_pad_aligned_buffer+0x138/0x160 [ 84.857855][ T9953] print_address_description.constprop.0.cold+0x5/0x30b [ 84.857863][ T9953] ? fb_pad_aligned_buffer+0x138/0x160 [ 84.857870][ T9953] ? fb_pad_aligned_buffer+0x138/0x160 [ 84.857879][ T9953] __kasan_report.cold+0x1b/0x41 [ 84.857888][ T9953] ? fb_pad_aligned_buffer+0x138/0x160 [ 84.857897][ T9953] kasan_report+0x12/0x20 [ 84.857906][ T9953] __asan_report_load1_noabort+0x14/0x20 [ 84.857914][ T9953] fb_pad_aligned_buffer+0x138/0x160 [ 84.857925][ T9953] bit_putcs+0xd14/0xf10 [ 84.857943][ T9953] ? bit_cursor+0x1a60/0x1a60 [ 84.857954][ T9953] ? write_comp_data+0x1/0x70 [ 84.857962][ T9953] ? fb_get_color_depth.part.0+0xcf/0x200 [ 84.857973][ T9953] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 84.857985][ T9953] fbcon_putcs+0x33c/0x3e0 [ 84.857992][ T9953] ? bit_cursor+0x1a60/0x1a60 [ 84.858005][ T9953] do_update_region+0x42b/0x6f0 [ 84.858017][ T9953] ? con_get_trans_old+0x2a0/0x2a0 [ 84.858028][ T9953] ? fbcon_set_palette+0x3c4/0x4a0 [ 84.858036][ T9953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.858044][ T9953] ? var_to_display+0x810/0x810 [ 84.858055][ T9953] redraw_screen+0x676/0x7d0 [ 84.858065][ T9953] ? respond_string+0x2c0/0x2c0 [ 84.858077][ T9953] fbcon_do_set_font+0x829/0x960 [ 84.858088][ T9953] fbcon_copy_font+0x12c/0x190 [ 84.858096][ T9953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.858102][ T9953] ? fbcon_do_set_font+0x960/0x960 [ 84.858112][ T9953] con_font_op+0x6b2/0x1270 [ 84.858121][ T9953] ? lock_downgrade+0x920/0x920 [ 84.858131][ T9953] ? con_write+0xd0/0xd0 [ 84.858145][ T9953] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 84.858154][ T9953] ? _copy_from_user+0x12c/0x1a0 [ 84.858165][ T9953] vt_ioctl+0x181a/0x26d0 [ 84.858175][ T9953] ? complete_change_console+0x3a0/0x3a0 [ 84.858183][ T9953] ? lock_downgrade+0x920/0x920 [ 84.858191][ T9953] ? rwlock_bug.part.0+0x90/0x90 [ 84.858201][ T9953] ? tomoyo_path_number_perm+0x214/0x520 [ 84.858209][ T9953] ? find_held_lock+0x35/0x130 [ 84.858219][ T9953] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 84.858228][ T9953] ? tty_jobctrl_ioctl+0x50/0xd40 [ 84.858237][ T9953] ? complete_change_console+0x3a0/0x3a0 [ 84.858246][ T9953] tty_ioctl+0xa37/0x14f0 [ 84.858256][ T9953] ? tty_vhangup+0x30/0x30 [ 84.858263][ T9953] ? tomoyo_path_number_perm+0x454/0x520 [ 84.858273][ T9953] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 84.858281][ T9953] ? tomoyo_path_number_perm+0x25e/0x520 [ 84.858291][ T9953] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 84.858305][ T9953] ? ___might_sleep+0x163/0x2c0 [ 84.858316][ T9953] ? tty_vhangup+0x30/0x30 [ 84.858325][ T9953] do_vfs_ioctl+0x977/0x14e0 [ 84.858336][ T9953] ? compat_ioctl_preallocate+0x220/0x220 [ 84.858344][ T9953] ? selinux_file_mprotect+0x620/0x620 [ 84.858353][ T9953] ? kmem_cache_free+0x26b/0x320 [ 84.858363][ T9953] ? putname+0xf4/0x130 [ 84.858372][ T9953] ? do_sys_open+0x31d/0x5d0 [ 84.858382][ T9953] ? tomoyo_file_ioctl+0x23/0x30 [ 84.858391][ T9953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.858398][ T9953] ? security_file_ioctl+0x8d/0xc0 [ 84.858408][ T9953] ksys_ioctl+0xab/0xd0 [ 84.858417][ T9953] __x64_sys_ioctl+0x73/0xb0 [ 84.858428][ T9953] do_syscall_64+0xfa/0x790 [ 84.858439][ T9953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.858446][ T9953] RIP: 0033:0x440269 [ 84.858455][ T9953] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 84.858459][ T9953] RSP: 002b:00007fff65832458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.858467][ T9953] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269 [ 84.858471][ T9953] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000004 [ 84.858477][ T9953] RBP: 00000000006cb018 R08: 000000000000000d R09: 00000000004002c8 [ 84.858481][ T9953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b50 [ 84.858486][ T9953] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 84.858496][ T9953] [ 84.858499][ T9953] The buggy address belongs to the variable: [ 84.858506][ T9953] oid_index+0x93c/0xb80 [ 84.858508][ T9953] [ 84.858510][ T9953] Memory state around the buggy address: [ 84.858518][ T9953] ffffffff8872a600: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 84.858524][ T9953] ffffffff8872a680: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 84.858530][ T9953] >ffffffff8872a700: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 84.858533][ T9953] ^ [ 84.858539][ T9953] ffffffff8872a780: 05 fa fa fa fa fa fa fa 01 fa fa fa fa fa fa fa [ 84.858545][ T9953] ffffffff8872a800: 00 00 02 fa fa fa fa fa 00 00 00 05 fa fa fa fa [ 84.858548][ T9953] ================================================================== [ 84.858551][ T9953] Disabling lock debugging due to kernel taint [ 84.858555][ T9953] Kernel panic - not syncing: panic_on_warn set ... [ 84.858563][ T9953] CPU: 1 PID: 9953 Comm: syz-executor208 Tainted: G B 5.4.0-syzkaller #0 [ 84.858567][ T9953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.858569][ T9953] Call Trace: [ 84.858576][ T9953] dump_stack+0x197/0x210 [ 84.858586][ T9953] panic+0x2e3/0x75c [ 84.858593][ T9953] ? add_taint.cold+0x16/0x16 [ 84.858605][ T9953] ? trace_hardirqs_on+0x67/0x240 [ 84.858612][ T9953] ? trace_hardirqs_on+0x5e/0x240 [ 84.858620][ T9953] ? fb_pad_aligned_buffer+0x138/0x160 [ 84.858626][ T9953] end_report+0x47/0x4f [ 84.858633][ T9953] ? fb_pad_aligned_buffer+0x138/0x160 [ 84.858640][ T9953] __kasan_report.cold+0xe/0x41 [ 84.858648][ T9953] ? fb_pad_aligned_buffer+0x138/0x160 [ 84.858659][ T9953] kasan_report+0x12/0x20 [ 84.858668][ T9953] __asan_report_load1_noabort+0x14/0x20 [ 84.858675][ T9953] fb_pad_aligned_buffer+0x138/0x160 [ 84.858682][ T9953] bit_putcs+0xd14/0xf10 [ 84.858693][ T9953] ? bit_cursor+0x1a60/0x1a60 [ 84.858701][ T9953] ? write_comp_data+0x1/0x70 [ 84.858708][ T9953] ? fb_get_color_depth.part.0+0xcf/0x200 [ 84.858717][ T9953] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 84.858726][ T9953] fbcon_putcs+0x33c/0x3e0 [ 84.858733][ T9953] ? bit_cursor+0x1a60/0x1a60 [ 84.858741][ T9953] do_update_region+0x42b/0x6f0 [ 84.858750][ T9953] ? con_get_trans_old+0x2a0/0x2a0 [ 84.858758][ T9953] ? fbcon_set_palette+0x3c4/0x4a0 [ 84.858766][ T9953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.858773][ T9953] ? var_to_display+0x810/0x810 [ 84.858782][ T9953] redraw_screen+0x676/0x7d0 [ 84.858790][ T9953] ? respond_string+0x2c0/0x2c0 [ 84.858798][ T9953] fbcon_do_set_font+0x829/0x960 [ 84.858806][ T9953] fbcon_copy_font+0x12c/0x190 [ 84.858814][ T9953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.858820][ T9953] ? fbcon_do_set_font+0x960/0x960 [ 84.858828][ T9953] con_font_op+0x6b2/0x1270 [ 84.858835][ T9953] ? lock_downgrade+0x920/0x920 [ 84.858842][ T9953] ? con_write+0xd0/0xd0 [ 84.858853][ T9953] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 84.858860][ T9953] ? _copy_from_user+0x12c/0x1a0 [ 84.858868][ T9953] vt_ioctl+0x181a/0x26d0 [ 84.858877][ T9953] ? complete_change_console+0x3a0/0x3a0 [ 84.858883][ T9953] ? lock_downgrade+0x920/0x920 [ 84.858891][ T9953] ? rwlock_bug.part.0+0x90/0x90 [ 84.858898][ T9953] ? tomoyo_path_number_perm+0x214/0x520 [ 84.858904][ T9953] ? find_held_lock+0x35/0x130 [ 84.858913][ T9953] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 84.858920][ T9953] ? tty_jobctrl_ioctl+0x50/0xd40 [ 84.858927][ T9953] ? complete_change_console+0x3a0/0x3a0 [ 84.858935][ T9953] tty_ioctl+0xa37/0x14f0 [ 84.858942][ T9953] ? tty_vhangup+0x30/0x30 [ 84.858949][ T9953] ? tomoyo_path_number_perm+0x454/0x520 [ 84.858958][ T9953] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 84.858965][ T9953] ? tomoyo_path_number_perm+0x25e/0x520 [ 84.858973][ T9953] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 84.858982][ T9953] ? ___might_sleep+0x163/0x2c0 [ 84.858990][ T9953] ? tty_vhangup+0x30/0x30 [ 84.858997][ T9953] do_vfs_ioctl+0x977/0x14e0 [ 84.859006][ T9953] ? compat_ioctl_preallocate+0x220/0x220 [ 84.859012][ T9953] ? selinux_file_mprotect+0x620/0x620 [ 84.859019][ T9953] ? kmem_cache_free+0x26b/0x320 [ 84.859027][ T9953] ? putname+0xf4/0x130 [ 84.859034][ T9953] ? do_sys_open+0x31d/0x5d0 [ 84.859042][ T9953] ? tomoyo_file_ioctl+0x23/0x30 [ 84.859050][ T9953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.859056][ T9953] ? security_file_ioctl+0x8d/0xc0 [ 84.859063][ T9953] ksys_ioctl+0xab/0xd0 [ 84.859071][ T9953] __x64_sys_ioctl+0x73/0xb0 [ 84.859079][ T9953] do_syscall_64+0xfa/0x790 [ 84.859087][ T9953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.859092][ T9953] RIP: 0033:0x440269 [ 84.859098][ T9953] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 84.859102][ T9953] RSP: 002b:00007fff65832458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.859108][ T9953] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269 [ 84.859112][ T9953] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000004 [ 84.859116][ T9953] RBP: 00000000006cb018 R08: 000000000000000d R09: 00000000004002c8 [ 84.859120][ T9953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b50 [ 84.859124][ T9953] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 84.861044][ T9953] Kernel Offset: disabled [ 85.829253][ T9953] Rebooting in 86400 seconds..