[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 77.379392][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 77.379406][ T26] audit: type=1400 audit(1575258346.989:41): avc: denied { map } for pid=9532 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 99.956308][ T26] audit: type=1400 audit(1575258369.569:42): avc: denied { map } for pid=9544 comm="syz-executor795" path="/root/syz-executor795481135" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program [ 100.162903][ T9550] ================================================================== [ 100.171203][ T9550] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 100.178556][ T9550] Write of size 8 at addr ffff8880a8399228 by task syz-executor795/9550 [ 100.186880][ T9550] [ 100.189194][ T9550] CPU: 1 PID: 9550 Comm: syz-executor795 Not tainted 5.4.0-syzkaller #0 [ 100.197601][ T9550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.207653][ T9550] Call Trace: [ 100.210936][ T9550] dump_stack+0x197/0x210 [ 100.215248][ T9550] ? pipe_write+0xe30/0x1000 [ 100.219825][ T9550] print_address_description.constprop.0.cold+0xd4/0x30b [ 100.226831][ T9550] ? pipe_write+0xe30/0x1000 [ 100.231400][ T9550] ? pipe_write+0xe30/0x1000 [ 100.235971][ T9550] __kasan_report.cold+0x1b/0x41 [ 100.240894][ T9550] ? pipe_write+0xe30/0x1000 [ 100.245470][ T9550] kasan_report+0x12/0x20 [ 100.249783][ T9550] __asan_report_store8_noabort+0x17/0x20 [ 100.255485][ T9550] pipe_write+0xe30/0x1000 [ 100.259888][ T9550] new_sync_write+0x4d3/0x770 [ 100.264547][ T9550] ? new_sync_read+0x800/0x800 [ 100.269382][ T9550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 100.275610][ T9550] ? security_file_permission+0x8f/0x380 [ 100.281221][ T9550] __vfs_write+0xe1/0x110 [ 100.285668][ T9550] vfs_write+0x268/0x5d0 [ 100.289891][ T9550] ksys_write+0x220/0x290 [ 100.294209][ T9550] ? __ia32_sys_read+0xb0/0xb0 [ 100.298961][ T9550] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 100.304400][ T9550] ? do_syscall_64+0x26/0x790 [ 100.309246][ T9550] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.315295][ T9550] ? do_syscall_64+0x26/0x790 [ 100.319957][ T9550] __x64_sys_write+0x73/0xb0 [ 100.324528][ T9550] do_syscall_64+0xfa/0x790 [ 100.329020][ T9550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.334898][ T9550] RIP: 0033:0x4466c9 [ 100.338794][ T9550] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 100.358381][ T9550] RSP: 002b:00007fbd2a7abdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 100.366774][ T9550] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 00000000004466c9 [ 100.374741][ T9550] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 100.382709][ T9550] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 100.390663][ T9550] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 100.398614][ T9550] R13: 00007ffc2fcd0f6f R14: 00007fbd2a7ac9c0 R15: 20c49ba5e353f7cf [ 100.406573][ T9550] [ 100.408881][ T9550] Allocated by task 9552: [ 100.413191][ T9550] save_stack+0x23/0x90 [ 100.417344][ T9550] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 100.422953][ T9550] kasan_kmalloc+0x9/0x10 [ 100.427264][ T9550] __kmalloc+0x163/0x770 [ 100.431495][ T9550] pipe_fcntl+0x3f7/0x8e0 [ 100.435826][ T9550] do_fcntl+0x255/0x1030 [ 100.440046][ T9550] __x64_sys_fcntl+0x16d/0x1e0 [ 100.444788][ T9550] do_syscall_64+0xfa/0x790 [ 100.449272][ T9550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.455155][ T9550] [ 100.457461][ T9550] Freed by task 0: [ 100.461157][ T9550] (stack is not available) [ 100.465555][ T9550] [ 100.467887][ T9550] The buggy address belongs to the object at ffff8880a8399200 [ 100.467887][ T9550] which belongs to the cache kmalloc-64 of size 64 [ 100.481742][ T9550] The buggy address is located 40 bytes inside of [ 100.481742][ T9550] 64-byte region [ffff8880a8399200, ffff8880a8399240) [ 100.494818][ T9550] The buggy address belongs to the page: [ 100.500530][ T9550] page:ffffea0002a0e640 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 100.509737][ T9550] raw: 00fffe0000000200 ffffea0002752548 ffffea00029d3648 ffff8880aa400380 [ 100.518313][ T9550] raw: 0000000000000000 ffff8880a8399000 0000000100000020 0000000000000000 [ 100.527002][ T9550] page dumped because: kasan: bad access detected [ 100.533396][ T9550] [ 100.535702][ T9550] Memory state around the buggy address: [ 100.541319][ T9550] ffff8880a8399100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.549368][ T9550] ffff8880a8399180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.557425][ T9550] >ffff8880a8399200: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 100.565543][ T9550] ^ [ 100.570895][ T9550] ffff8880a8399280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 100.578940][ T9550] ffff8880a8399300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 100.586982][ T9550] ================================================================== [ 100.595030][ T9550] Disabling lock debugging due to kernel taint [ 100.602080][ T9550] Kernel panic - not syncing: panic_on_warn set ... [ 100.608783][ T9550] CPU: 1 PID: 9550 Comm: syz-executor795 Tainted: G B 5.4.0-syzkaller #0 [ 100.618470][ T9550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.628590][ T9550] Call Trace: [ 100.631865][ T9550] dump_stack+0x197/0x210 [ 100.636181][ T9550] panic+0x2e3/0x75c [ 100.640058][ T9550] ? add_taint.cold+0x16/0x16 [ 100.644732][ T9550] ? pipe_write+0xe30/0x1000 [ 100.649305][ T9550] ? preempt_schedule+0x4b/0x60 [ 100.654145][ T9550] ? ___preempt_schedule+0x16/0x18 [ 100.659253][ T9550] ? trace_hardirqs_on+0x5e/0x240 [ 100.664278][ T9550] ? pipe_write+0xe30/0x1000 [ 100.668855][ T9550] end_report+0x47/0x4f [ 100.672993][ T9550] ? pipe_write+0xe30/0x1000 [ 100.677563][ T9550] __kasan_report.cold+0xe/0x41 [ 100.682395][ T9550] ? pipe_write+0xe30/0x1000 [ 100.687019][ T9550] kasan_report+0x12/0x20 [ 100.691417][ T9550] __asan_report_store8_noabort+0x17/0x20 [ 100.697117][ T9550] pipe_write+0xe30/0x1000 [ 100.701549][ T9550] new_sync_write+0x4d3/0x770 [ 100.706218][ T9550] ? new_sync_read+0x800/0x800 [ 100.710975][ T9550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 100.717201][ T9550] ? security_file_permission+0x8f/0x380 [ 100.722949][ T9550] __vfs_write+0xe1/0x110 [ 100.727259][ T9550] vfs_write+0x268/0x5d0 [ 100.731550][ T9550] ksys_write+0x220/0x290 [ 100.735862][ T9550] ? __ia32_sys_read+0xb0/0xb0 [ 100.740657][ T9550] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 100.746097][ T9550] ? do_syscall_64+0x26/0x790 [ 100.750757][ T9550] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.756801][ T9550] ? do_syscall_64+0x26/0x790 [ 100.761495][ T9550] __x64_sys_write+0x73/0xb0 [ 100.766071][ T9550] do_syscall_64+0xfa/0x790 [ 100.770571][ T9550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.776442][ T9550] RIP: 0033:0x4466c9 [ 100.780314][ T9550] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 100.799895][ T9550] RSP: 002b:00007fbd2a7abdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 100.808288][ T9550] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 00000000004466c9 [ 100.816239][ T9550] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 100.824189][ T9550] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 100.832137][ T9550] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 100.840085][ T9550] R13: 00007ffc2fcd0f6f R14: 00007fbd2a7ac9c0 R15: 20c49ba5e353f7cf [ 100.849641][ T9550] Kernel Offset: disabled [ 100.854135][ T9550] Rebooting in 86400 seconds..