[ 104.357860][ T27] audit: type=1800 audit(1581527811.012:35): pid=10500 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 104.381758][ T27] audit: type=1800 audit(1581527811.012:36): pid=10500 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.207' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 113.072288][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 113.072303][ T27] audit: type=1400 audit(1581527819.792:42): avc: denied { map } for pid=10687 comm="syz-executor381" path="/root/syz-executor381887387" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 113.216636][T10687] ================================================================== [ 113.216681][T10687] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c8b/0x2200 [ 113.216688][T10687] Read of size 2 at addr ffffffff8896d93e by task syz-executor381/10687 [ 113.216691][T10687] [ 113.216701][T10687] CPU: 0 PID: 10687 Comm: syz-executor381 Not tainted 5.6.0-rc1-syzkaller #0 [ 113.216706][T10687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.216709][T10687] Call Trace: [ 113.216722][T10687] dump_stack+0x197/0x210 [ 113.216732][T10687] ? vga16fb_imageblit+0x1c8b/0x2200 [ 113.216748][T10687] print_address_description.constprop.0.cold+0x5/0x30b [ 113.216757][T10687] ? vga16fb_imageblit+0x1c8b/0x2200 [ 113.216766][T10687] ? vga16fb_imageblit+0x1c8b/0x2200 [ 113.216775][T10687] __kasan_report.cold+0x1b/0x32 [ 113.216787][T10687] ? vga16fb_imageblit+0x1c8b/0x2200 [ 113.216799][T10687] kasan_report+0x12/0x20 [ 113.216810][T10687] __asan_report_load2_noabort+0x14/0x20 [ 113.216819][T10687] vga16fb_imageblit+0x1c8b/0x2200 [ 113.216828][T10687] ? mark_lock+0x1bf/0x1220 [ 113.216850][T10687] soft_cursor+0x4fb/0xa30 [ 113.216858][T10687] ? lockdep_hardirqs_on+0x421/0x5e0 [ 113.216878][T10687] bit_cursor+0x12fc/0x1a60 [ 113.216897][T10687] ? bit_clear+0x530/0x530 [ 113.216905][T10687] ? fbcon_putcs+0x33c/0x3e0 [ 113.216913][T10687] ? fbcon_putcs+0x343/0x3e0 [ 113.216981][T10687] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 113.216995][T10687] ? get_color+0x225/0x430 [ 113.217008][T10687] fbcon_cursor+0x487/0x660 [ 113.217018][T10687] ? bit_clear+0x530/0x530 [ 113.217048][T10687] set_cursor+0x1fb/0x280 [ 113.217059][T10687] redraw_screen+0x4e1/0x7d0 [ 113.217067][T10687] ? vesafb_probe.cold+0x1279/0x1279 [ 113.217078][T10687] ? respond_string+0x2c0/0x2c0 [ 113.217090][T10687] ? fbcon_set_palette+0x3c4/0x4a0 [ 113.217104][T10687] fbcon_modechanged+0x5c3/0x790 [ 113.217120][T10687] fbcon_update_vcs+0x42/0x50 [ 113.217129][T10687] fb_set_var+0xb32/0xdd0 [ 113.217140][T10687] ? fb_blank+0x1a0/0x1a0 [ 113.217149][T10687] ? stack_depot_save+0x25a/0x450 [ 113.217166][T10687] ? save_stack+0x5c/0x90 [ 113.217173][T10687] ? save_stack+0x23/0x90 [ 113.217181][T10687] ? __kasan_slab_free+0x102/0x150 [ 113.217189][T10687] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 113.217198][T10687] ? vga16fb_imageblit+0x1eb/0x2200 [ 113.217204][T10687] ? vc_resize+0x4d/0x60 [ 113.217212][T10687] ? fbcon_modechanged+0x367/0x790 [ 113.217220][T10687] ? fbcon_resize+0x3f/0x780 [ 113.217255][T10687] ? bit_cursor+0xaf6/0x1a60 [ 113.217265][T10687] ? fb_videomode_to_var+0x14/0x630 [ 113.217279][T10687] fbcon_switch+0x556/0x17f0 [ 113.217296][T10687] ? fbcon_set_def_font+0x360/0x360 [ 113.217320][T10687] ? fbcon_cursor+0x48c/0x660 [ 113.217331][T10687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.217340][T10687] ? fbcon_set_origin+0x2b/0x50 [ 113.217348][T10687] ? fbcon_scrolldelta+0x1220/0x1220 [ 113.217356][T10687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.217369][T10687] redraw_screen+0x2b6/0x7d0 [ 113.217377][T10687] ? vesafb_probe.cold+0x1279/0x1279 [ 113.217387][T10687] ? respond_string+0x2c0/0x2c0 [ 113.217400][T10687] ? fbcon_set_palette+0x3c4/0x4a0 [ 113.217413][T10687] fbcon_modechanged+0x5c3/0x790 [ 113.217429][T10687] fbcon_update_vcs+0x42/0x50 [ 113.217438][T10687] fb_set_var+0xb32/0xdd0 [ 113.217449][T10687] ? fb_blank+0x1a0/0x1a0 [ 113.217459][T10687] ? lock_acquire+0x190/0x410 [ 113.217480][T10687] ? __mutex_lock+0x458/0x13c0 [ 113.217488][T10687] ? down+0x70/0x90 [ 113.217520][T10687] ? do_fb_ioctl+0x335/0x7d0 [ 113.217546][T10687] do_fb_ioctl+0x390/0x7d0 [ 113.217556][T10687] ? fb_mmap+0x560/0x560 [ 113.217574][T10687] ? ___might_sleep+0x163/0x2c0 [ 113.217591][T10687] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 113.217601][T10687] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 113.217611][T10687] ? do_vfs_ioctl+0x568/0x13b0 [ 113.217649][T10687] fb_ioctl+0xe6/0x130 [ 113.217656][T10687] ? do_fb_ioctl+0x7d0/0x7d0 [ 113.217666][T10687] ksys_ioctl+0x123/0x180 [ 113.217680][T10687] __x64_sys_ioctl+0x73/0xb0 [ 113.217693][T10687] do_syscall_64+0xfa/0x790 [ 113.217706][T10687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.217713][T10687] RIP: 0033:0x440309 [ 113.217723][T10687] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.217728][T10687] RSP: 002b:00007fffb30bc688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 113.217736][T10687] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 113.217741][T10687] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 113.217746][T10687] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 113.217750][T10687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 113.217755][T10687] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 113.217773][T10687] [ 113.217776][T10687] The buggy address belongs to the variable: [ 113.217784][T10687] transl_h+0x3e/0x40 [ 113.217786][T10687] [ 113.217789][T10687] Memory state around the buggy address: [ 113.217802][T10687] ffffffff8896d800: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 113.217809][T10687] ffffffff8896d880: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa [ 113.217818][T10687] >ffffffff8896d900: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa [ 113.217822][T10687] ^ [ 113.217828][T10687] ffffffff8896d980: 00 01 fa fa fa fa fa fa 00 00 00 04 fa fa fa fa [ 113.217834][T10687] ffffffff8896da00: 00 00 04 fa fa fa fa fa 00 00 00 00 00 00 02 fa [ 113.217837][T10687] ================================================================== [ 113.217840][T10687] Disabling lock debugging due to kernel taint [ 113.217845][T10687] Kernel panic - not syncing: panic_on_warn set ... [ 113.217854][T10687] CPU: 0 PID: 10687 Comm: syz-executor381 Tainted: G B 5.6.0-rc1-syzkaller #0 [ 113.217858][T10687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.217861][T10687] Call Trace: [ 113.217871][T10687] dump_stack+0x197/0x210 [ 113.217882][T10687] panic+0x2e3/0x75c [ 113.217890][T10687] ? add_taint.cold+0x16/0x16 [ 113.217904][T10687] ? trace_hardirqs_on+0x67/0x240 [ 113.217912][T10687] ? trace_hardirqs_on+0x5e/0x240 [ 113.217923][T10687] ? vga16fb_imageblit+0x1c8b/0x2200 [ 113.217931][T10687] end_report+0x47/0x4f [ 113.217939][T10687] ? vga16fb_imageblit+0x1c8b/0x2200 [ 113.217947][T10687] __kasan_report.cold+0xe/0x32 [ 113.217956][T10687] ? vga16fb_imageblit+0x1c8b/0x2200 [ 113.217965][T10687] kasan_report+0x12/0x20 [ 113.217975][T10687] __asan_report_load2_noabort+0x14/0x20 [ 113.217983][T10687] vga16fb_imageblit+0x1c8b/0x2200 [ 113.217990][T10687] ? mark_lock+0x1bf/0x1220 [ 113.218004][T10687] soft_cursor+0x4fb/0xa30 [ 113.218012][T10687] ? lockdep_hardirqs_on+0x421/0x5e0 [ 113.218035][T10687] bit_cursor+0x12fc/0x1a60 [ 113.218047][T10687] ? bit_clear+0x530/0x530 [ 113.218054][T10687] ? fbcon_putcs+0x33c/0x3e0 [ 113.218062][T10687] ? fbcon_putcs+0x343/0x3e0 [ 113.218075][T10687] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 113.218083][T10687] ? get_color+0x225/0x430 [ 113.218092][T10687] fbcon_cursor+0x487/0x660 [ 113.218100][T10687] ? bit_clear+0x530/0x530 [ 113.218109][T10687] set_cursor+0x1fb/0x280 [ 113.218117][T10687] redraw_screen+0x4e1/0x7d0 [ 113.218125][T10687] ? vesafb_probe.cold+0x1279/0x1279 [ 113.218133][T10687] ? respond_string+0x2c0/0x2c0 [ 113.218142][T10687] ? fbcon_set_palette+0x3c4/0x4a0 [ 113.218152][T10687] fbcon_modechanged+0x5c3/0x790 [ 113.218163][T10687] fbcon_update_vcs+0x42/0x50 [ 113.218170][T10687] fb_set_var+0xb32/0xdd0 [ 113.218178][T10687] ? fb_blank+0x1a0/0x1a0 [ 113.218185][T10687] ? stack_depot_save+0x25a/0x450 [ 113.218196][T10687] ? save_stack+0x5c/0x90 [ 113.218202][T10687] ? save_stack+0x23/0x90 [ 113.218209][T10687] ? __kasan_slab_free+0x102/0x150 [ 113.218217][T10687] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 113.218225][T10687] ? vga16fb_imageblit+0x1eb/0x2200 [ 113.218231][T10687] ? vc_resize+0x4d/0x60 [ 113.218238][T10687] ? fbcon_modechanged+0x367/0x790 [ 113.218245][T10687] ? fbcon_resize+0x3f/0x780 [ 113.218265][T10687] ? bit_cursor+0xaf6/0x1a60 [ 113.218273][T10687] ? fb_videomode_to_var+0x14/0x630 [ 113.218283][T10687] fbcon_switch+0x556/0x17f0 [ 113.218294][T10687] ? fbcon_set_def_font+0x360/0x360 [ 113.218309][T10687] ? fbcon_cursor+0x48c/0x660 [ 113.218319][T10687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.218326][T10687] ? fbcon_set_origin+0x2b/0x50 [ 113.218334][T10687] ? fbcon_scrolldelta+0x1220/0x1220 [ 113.218342][T10687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.218350][T10687] redraw_screen+0x2b6/0x7d0 [ 113.218358][T10687] ? vesafb_probe.cold+0x1279/0x1279 [ 113.218366][T10687] ? respond_string+0x2c0/0x2c0 [ 113.218375][T10687] ? fbcon_set_palette+0x3c4/0x4a0 [ 113.218385][T10687] fbcon_modechanged+0x5c3/0x790 [ 113.218396][T10687] fbcon_update_vcs+0x42/0x50 [ 113.218403][T10687] fb_set_var+0xb32/0xdd0 [ 113.218411][T10687] ? fb_blank+0x1a0/0x1a0 [ 113.218418][T10687] ? lock_acquire+0x190/0x410 [ 113.218431][T10687] ? __mutex_lock+0x458/0x13c0 [ 113.218438][T10687] ? down+0x70/0x90 [ 113.218455][T10687] ? do_fb_ioctl+0x335/0x7d0 [ 113.218466][T10687] do_fb_ioctl+0x390/0x7d0 [ 113.218473][T10687] ? fb_mmap+0x560/0x560 [ 113.218484][T10687] ? ___might_sleep+0x163/0x2c0 [ 113.218496][T10687] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 113.218504][T10687] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 113.218512][T10687] ? do_vfs_ioctl+0x568/0x13b0 [ 113.218537][T10687] fb_ioctl+0xe6/0x130 [ 113.218543][T10687] ? do_fb_ioctl+0x7d0/0x7d0 [ 113.218552][T10687] ksys_ioctl+0x123/0x180 [ 113.218561][T10687] __x64_sys_ioctl+0x73/0xb0 [ 113.218570][T10687] do_syscall_64+0xfa/0x790 [ 113.218580][T10687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.218585][T10687] RIP: 0033:0x440309 [ 113.218592][T10687] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.218595][T10687] RSP: 002b:00007fffb30bc688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 113.218602][T10687] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 113.218606][T10687] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 113.218610][T10687] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 113.218614][T10687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 113.218618][T10687] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 113.220199][T10687] Kernel Offset: disabled [ 114.251464][T10687] Rebooting in 86400 seconds..