[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[ 42.044695] audit: type=1800 audit(1576715407.443:32): pid=7539 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 42.508815] audit: type=1800 audit(1576715407.903:33): pid=7539 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 42.536735] audit: type=1800 audit(1576715407.913:34): pid=7539 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 45.805962] audit: type=1400 audit(1576715411.203:35): avc: denied { map } for pid=7715 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. executing program [ 59.857312] audit: type=1400 audit(1576715425.253:36): avc: denied { map } for pid=7727 comm="syz-executor015" path="/root/syz-executor015726331" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 60.089434] ================================================================== [ 60.089461] BUG: KASAN: global-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 60.089469] Read of size 1 at addr ffffffff87ecbfc0 by task syz-executor015/7727 [ 60.089472] [ 60.089483] CPU: 0 PID: 7727 Comm: syz-executor015 Not tainted 4.19.90-syzkaller #0 [ 60.089488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.089492] Call Trace: [ 60.089503] dump_stack+0x197/0x210 [ 60.089513] ? bit_putcs+0xd5d/0xf10 [ 60.089524] print_address_description.cold+0x5/0x20d [ 60.089532] ? bit_putcs+0xd5d/0xf10 [ 60.089540] kasan_report.cold+0x8c/0x2ba [ 60.089552] __asan_report_load1_noabort+0x14/0x20 [ 60.089559] bit_putcs+0xd5d/0xf10 [ 60.089577] ? bit_cursor+0x1a60/0x1a60 [ 60.089588] ? __sanitizer_cov_trace_cmp1+0x1/0x20 [ 60.089598] ? fb_get_color_depth.part.0+0xcf/0x200 [ 60.089608] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 60.089618] fbcon_putcs+0x42b/0x4f0 [ 60.089627] ? bit_cursor+0x1a60/0x1a60 [ 60.089637] do_update_region+0x328/0x6f0 [ 60.089649] ? con_get_trans_old+0x2a0/0x2a0 [ 60.089658] ? fbcon_set_palette+0x227/0x610 [ 60.089665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.089673] ? fbcon_redraw.isra.0+0x490/0x490 [ 60.089683] redraw_screen+0x602/0x8e0 [ 60.089692] ? con_flush_chars+0xa0/0xa0 [ 60.089703] ? mutex_unlock+0xd/0x10 [ 60.089714] vc_do_resize+0x118e/0x14a0 [ 60.089731] ? vc_uniscr_alloc+0xd0/0xd0 [ 60.089742] ? lock_acquire+0x16f/0x3f0 [ 60.089750] ? vt_ioctl+0x1ec0/0x2530 [ 60.089761] vc_resize+0x4d/0x60 [ 60.089770] vt_ioctl+0x1fe0/0x2530 [ 60.089780] ? complete_change_console+0x3a0/0x3a0 [ 60.089791] ? avc_has_extended_perms+0xa78/0x10f0 [ 60.089804] ? avc_ss_reset+0x190/0x190 [ 60.089811] ? save_stack+0xa9/0xd0 [ 60.089818] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 60.089829] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 60.089837] ? complete_change_console+0x3a0/0x3a0 [ 60.089845] tty_ioctl+0x7f3/0x1510 [ 60.089854] ? tty_vhangup+0x30/0x30 [ 60.089863] ? find_held_lock+0x35/0x130 [ 60.089872] ? debug_check_no_obj_freed+0x200/0x464 [ 60.089889] ? __might_sleep+0x95/0x190 [ 60.089897] ? trace_hardirqs_off+0x62/0x220 [ 60.089904] ? tty_vhangup+0x30/0x30 [ 60.089913] do_vfs_ioctl+0xd5f/0x1380 [ 60.089921] ? selinux_file_ioctl+0x46f/0x5e0 [ 60.089929] ? selinux_file_ioctl+0x125/0x5e0 [ 60.089938] ? ioctl_preallocate+0x210/0x210 [ 60.089946] ? selinux_file_mprotect+0x620/0x620 [ 60.089951] ? putname+0xef/0x130 [ 60.089960] ? kmem_cache_free+0x222/0x260 [ 60.089968] ? putname+0xf4/0x130 [ 60.089977] ? do_sys_open+0x31d/0x550 [ 60.089993] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.090001] ? security_file_ioctl+0x8d/0xc0 [ 60.090010] ksys_ioctl+0xab/0xd0 [ 60.090020] __x64_sys_ioctl+0x73/0xb0 [ 60.090030] do_syscall_64+0xfd/0x620 [ 60.090040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.090047] RIP: 0033:0x443f89 [ 60.090056] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.090061] RSP: 002b:00007ffd136393a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.090069] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443f89 [ 60.090074] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000004 [ 60.090079] RBP: 00000000006cf018 R08: 0000000000000000 R09: 00000000004002e0 [ 60.090084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c90 [ 60.090088] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 60.090099] [ 60.090101] The buggy address belongs to the variable: [ 60.090109] oid_index+0x600/0xa60 [ 60.090111] [ 60.090113] Memory state around the buggy address: [ 60.090121] ffffffff87ecbe80: fa fa fa fa 00 00 01 fa fa fa fa fa 06 fa fa fa [ 60.090127] ffffffff87ecbf00: fa fa fa fa 05 fa fa fa fa fa fa fa 00 00 00 00 [ 60.090132] >ffffffff87ecbf80: fa fa fa fa 00 00 00 fa fa fa fa fa 00 01 fa fa [ 60.090136] ^ [ 60.090142] ffffffff87ecc000: fa fa fa fa 00 00 00 00 fa fa fa fa 04 fa fa fa [ 60.090147] ffffffff87ecc080: fa fa fa fa 00 01 fa fa fa fa fa fa 04 fa fa fa [ 60.090150] ================================================================== [ 60.090153] Disabling lock debugging due to kernel taint [ 60.090158] Kernel panic - not syncing: panic_on_warn set ... [ 60.090158] [ 60.090165] CPU: 0 PID: 7727 Comm: syz-executor015 Tainted: G B 4.19.90-syzkaller #0 [ 60.090169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.090171] Call Trace: [ 60.090178] dump_stack+0x197/0x210 [ 60.090186] ? bit_putcs+0xd5d/0xf10 [ 60.090193] panic+0x26a/0x50e [ 60.090199] ? __warn_printk+0xf3/0xf3 [ 60.090207] ? lock_downgrade+0x880/0x880 [ 60.090215] ? trace_hardirqs_on+0x67/0x220 [ 60.090222] ? trace_hardirqs_on+0x5e/0x220 [ 60.090230] ? bit_putcs+0xd5d/0xf10 [ 60.090238] kasan_end_report+0x47/0x4f [ 60.090250] kasan_report.cold+0xa9/0x2ba [ 60.090260] __asan_report_load1_noabort+0x14/0x20 [ 60.090267] bit_putcs+0xd5d/0xf10 [ 60.090279] ? bit_cursor+0x1a60/0x1a60 [ 60.090287] ? __sanitizer_cov_trace_cmp1+0x1/0x20 [ 60.090295] ? fb_get_color_depth.part.0+0xcf/0x200 [ 60.090303] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 60.090311] fbcon_putcs+0x42b/0x4f0 [ 60.090319] ? bit_cursor+0x1a60/0x1a60 [ 60.090326] do_update_region+0x328/0x6f0 [ 60.090335] ? con_get_trans_old+0x2a0/0x2a0 [ 60.090342] ? fbcon_set_palette+0x227/0x610 [ 60.090349] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.090356] ? fbcon_redraw.isra.0+0x490/0x490 [ 60.090364] redraw_screen+0x602/0x8e0 [ 60.090372] ? con_flush_chars+0xa0/0xa0 [ 60.090380] ? mutex_unlock+0xd/0x10 [ 60.090389] vc_do_resize+0x118e/0x14a0 [ 60.090401] ? vc_uniscr_alloc+0xd0/0xd0 [ 60.090409] ? lock_acquire+0x16f/0x3f0 [ 60.090416] ? vt_ioctl+0x1ec0/0x2530 [ 60.090425] vc_resize+0x4d/0x60 [ 60.090432] vt_ioctl+0x1fe0/0x2530 [ 60.090441] ? complete_change_console+0x3a0/0x3a0 [ 60.090449] ? avc_has_extended_perms+0xa78/0x10f0 [ 60.090459] ? avc_ss_reset+0x190/0x190 [ 60.090466] ? save_stack+0xa9/0xd0 [ 60.090472] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 60.090483] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 60.090491] ? complete_change_console+0x3a0/0x3a0 [ 60.090497] tty_ioctl+0x7f3/0x1510 [ 60.090504] ? tty_vhangup+0x30/0x30 [ 60.090512] ? find_held_lock+0x35/0x130 [ 60.090520] ? debug_check_no_obj_freed+0x200/0x464 [ 60.090531] ? __might_sleep+0x95/0x190 [ 60.090538] ? trace_hardirqs_off+0x62/0x220 [ 60.090545] ? tty_vhangup+0x30/0x30 [ 60.090552] do_vfs_ioctl+0xd5f/0x1380 [ 60.090559] ? selinux_file_ioctl+0x46f/0x5e0 [ 60.090566] ? selinux_file_ioctl+0x125/0x5e0 [ 60.090574] ? ioctl_preallocate+0x210/0x210 [ 60.090581] ? selinux_file_mprotect+0x620/0x620 [ 60.090586] ? putname+0xef/0x130 [ 60.090593] ? kmem_cache_free+0x222/0x260 [ 60.090600] ? putname+0xf4/0x130 [ 60.090607] ? do_sys_open+0x31d/0x550 [ 60.090616] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.090622] ? security_file_ioctl+0x8d/0xc0 [ 60.090630] ksys_ioctl+0xab/0xd0 [ 60.090638] __x64_sys_ioctl+0x73/0xb0 [ 60.090646] do_syscall_64+0xfd/0x620 [ 60.090654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.090659] RIP: 0033:0x443f89 [ 60.090666] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.090670] RSP: 002b:00007ffd136393a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.090676] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443f89 [ 60.090681] RDX: 0000000020000000 RSI: 000000000000560a RDI: 0000000000000004 [ 60.090685] RBP: 00000000006cf018 R08: 0000000000000000 R09: 00000000004002e0 [ 60.090689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c90 [ 60.090693] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 60.092041] Kernel Offset: disabled [ 60.860973] Rebooting in 86400 seconds..