[ 41.082199] audit: type=1800 audit(1581668307.333:29): pid=7862 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 41.117299] audit: type=1800 audit(1581668307.343:30): pid=7862 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.679713] kauditd_printk_skb: 5 callbacks suppressed [ 49.679730] audit: type=1400 audit(1581668315.933:36): avc: denied { map } for pid=8048 comm="syz-executor847" path="/root/syz-executor847156921" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 49.779194] ================================================================== [ 49.779231] BUG: KASAN: null-ptr-deref in do_con_trol+0x3b9/0x6070 [ 49.779244] Read of size 4294967294 at addr 0000000000000012 by task syz-executor847/8048 [ 49.779247] [ 49.779261] CPU: 0 PID: 8048 Comm: syz-executor847 Not tainted 4.19.103-syzkaller #0 [ 49.779269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.779274] Call Trace: [ 49.779293] dump_stack+0x197/0x210 [ 49.779311] ? do_con_trol+0x3b9/0x6070 [ 49.779327] kasan_report.cold+0x199/0x2ba [ 49.779346] check_memory_region+0x123/0x190 [ 49.779361] memcpy+0x24/0x50 [ 49.779377] do_con_trol+0x3b9/0x6070 [ 49.779397] ? reset_palette+0x190/0x190 [ 49.779414] ? kasan_check_read+0x11/0x20 [ 49.779437] ? __atomic_notifier_call_chain+0xfd/0x1a0 [ 49.779459] do_con_write.part.0+0xfd5/0x1eb0 [ 49.779492] ? do_con_trol+0x6070/0x6070 [ 49.779507] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.779522] ? add_wait_queue+0x112/0x170 [ 49.779536] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.779554] ? trace_hardirqs_on+0x67/0x220 [ 49.779576] con_write+0x46/0xd0 [ 49.779594] n_tty_write+0x3f9/0x1140 [ 49.779622] ? process_echoes+0x170/0x170 [ 49.779640] ? do_wait_intr_irq+0x2b0/0x2b0 [ 49.779659] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.779673] ? _copy_from_user+0xdd/0x150 [ 49.779691] tty_write+0x458/0x7a0 [ 49.779710] ? process_echoes+0x170/0x170 [ 49.779729] __vfs_write+0x114/0x810 [ 49.779744] ? tty_read+0x2a0/0x2a0 [ 49.779759] ? kernel_read+0x120/0x120 [ 49.779774] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.779790] ? __inode_security_revalidate+0xda/0x120 [ 49.779805] ? avc_policy_seqno+0xd/0x70 [ 49.779897] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 49.779920] ? selinux_file_permission+0x92/0x550 [ 49.779939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.779954] ? security_file_permission+0x89/0x230 [ 49.779971] ? rw_verify_area+0x118/0x360 [ 49.779989] vfs_write+0x20c/0x560 [ 49.780008] ksys_write+0x14f/0x2d0 [ 49.780026] ? __ia32_sys_read+0xb0/0xb0 [ 49.780043] ? do_syscall_64+0x26/0x620 [ 49.780060] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.780074] ? do_syscall_64+0x26/0x620 [ 49.780094] __x64_sys_write+0x73/0xb0 [ 49.780112] do_syscall_64+0xfd/0x620 [ 49.780131] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.780144] RIP: 0033:0x4404f9 [ 49.780165] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.780174] RSP: 002b:00007ffefc0bbca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 49.780188] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9 [ 49.780197] RDX: 0000000000000078 RSI: 0000000020000140 RDI: 0000000000000004 [ 49.780205] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 49.780214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 49.780222] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 49.780278] ================================================================== [ 49.780284] Disabling lock debugging due to kernel taint [ 49.780291] Kernel panic - not syncing: panic_on_warn set ... [ 49.780291] [ 49.780307] CPU: 0 PID: 8048 Comm: syz-executor847 Tainted: G B 4.19.103-syzkaller #0 [ 49.780314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.780318] Call Trace: [ 49.780335] dump_stack+0x197/0x210 [ 49.780350] ? do_con_trol+0x3b9/0x6070 [ 49.780361] panic+0x26a/0x50e [ 49.780371] ? __warn_printk+0xf3/0xf3 [ 49.780394] ? lock_downgrade+0x880/0x880 [ 49.780413] ? trace_hardirqs_on+0x67/0x220 [ 49.780426] ? trace_hardirqs_on+0x5e/0x220 [ 49.780443] ? do_con_trol+0x3b9/0x6070 [ 49.780458] kasan_end_report+0x47/0x4f [ 49.780473] kasan_report.cold+0xa9/0x2ba [ 49.780489] check_memory_region+0x123/0x190 [ 49.780503] memcpy+0x24/0x50 [ 49.780518] do_con_trol+0x3b9/0x6070 [ 49.780533] ? reset_palette+0x190/0x190 [ 49.780547] ? kasan_check_read+0x11/0x20 [ 49.780565] ? __atomic_notifier_call_chain+0xfd/0x1a0 [ 49.780584] do_con_write.part.0+0xfd5/0x1eb0 [ 49.780608] ? do_con_trol+0x6070/0x6070 [ 49.780622] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.780636] ? add_wait_queue+0x112/0x170 [ 49.780650] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.780665] ? trace_hardirqs_on+0x67/0x220 [ 49.780681] con_write+0x46/0xd0 [ 49.780695] n_tty_write+0x3f9/0x1140 [ 49.780717] ? process_echoes+0x170/0x170 [ 49.780732] ? do_wait_intr_irq+0x2b0/0x2b0 [ 49.780748] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.780763] ? _copy_from_user+0xdd/0x150 [ 49.780777] tty_write+0x458/0x7a0 [ 49.780793] ? process_echoes+0x170/0x170 [ 49.780809] __vfs_write+0x114/0x810 [ 49.780822] ? tty_read+0x2a0/0x2a0 [ 49.780836] ? kernel_read+0x120/0x120 [ 49.780850] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.780882] ? __inode_security_revalidate+0xda/0x120 [ 49.780896] ? avc_policy_seqno+0xd/0x70 [ 49.780908] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 49.780921] ? selinux_file_permission+0x92/0x550 [ 49.780936] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.780952] ? security_file_permission+0x89/0x230 [ 49.780966] ? rw_verify_area+0x118/0x360 [ 49.780981] vfs_write+0x20c/0x560 [ 49.780997] ksys_write+0x14f/0x2d0 [ 49.781013] ? __ia32_sys_read+0xb0/0xb0 [ 49.781028] ? do_syscall_64+0x26/0x620 [ 49.781043] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.781057] ? do_syscall_64+0x26/0x620 [ 49.781073] __x64_sys_write+0x73/0xb0 [ 49.781089] do_syscall_64+0xfd/0x620 [ 49.781105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.781115] RIP: 0033:0x4404f9 [ 49.781129] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.781136] RSP: 002b:00007ffefc0bbca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 49.781148] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9 [ 49.781157] RDX: 0000000000000078 RSI: 0000000020000140 RDI: 0000000000000004 [ 49.781165] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 49.781172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 49.781180] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 49.782580] Kernel Offset: disabled [ 50.399874] Rebooting in 86400 seconds..