[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.56' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 66.390708][ T27] audit: type=1400 audit(1588653372.486:8): avc: denied { execmem } for pid=7019 comm="syz-executor061" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 66.496707][ T7019] ================================================================== [ 66.496755][ T7019] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc08/0xd60 [ 66.496762][ T7019] Read of size 1 at addr ffff88809f8ced3f by task syz-executor061/7019 [ 66.496764][ T7019] [ 66.496773][ T7019] CPU: 0 PID: 7019 Comm: syz-executor061 Not tainted 5.7.0-rc4-syzkaller #0 [ 66.496778][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.496781][ T7019] Call Trace: [ 66.496794][ T7019] dump_stack+0x188/0x20d [ 66.496807][ T7019] print_address_description.constprop.0.cold+0xd3/0x315 [ 66.496815][ T7019] ? bit_putcs+0xc08/0xd60 [ 66.496822][ T7019] __kasan_report.cold+0x35/0x4d [ 66.496831][ T7019] ? bit_putcs+0xc08/0xd60 [ 66.496840][ T7019] ? bit_putcs+0xc08/0xd60 [ 66.496846][ T7019] kasan_report+0x33/0x50 [ 66.496855][ T7019] bit_putcs+0xc08/0xd60 [ 66.496872][ T7019] ? bit_cursor+0x1870/0x1870 [ 66.496881][ T7019] ? vesafb_probe.cold+0x1162/0x1162 [ 66.496891][ T7019] ? fb_get_color_depth.part.0+0xc6/0x1f0 [ 66.496901][ T7019] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 66.496912][ T7019] fbcon_putcs+0x345/0x3f0 [ 66.496920][ T7019] ? bit_cursor+0x1870/0x1870 [ 66.496931][ T7019] do_update_region+0x398/0x630 [ 66.496942][ T7019] ? con_get_trans_old+0x280/0x280 [ 66.496952][ T7019] ? fbcon_set_palette+0x3b1/0x4a0 [ 66.496960][ T7019] ? var_to_display+0x7f0/0x7f0 [ 66.496970][ T7019] redraw_screen+0x64c/0x770 [ 66.496978][ T7019] ? respond_string+0x290/0x290 [ 66.496990][ T7019] vc_do_resize+0xfe6/0x1340 [ 66.497014][ T7019] ? lock_downgrade+0x840/0x840 [ 66.497020][ T7019] ? rwlock_bug.part.0+0x90/0x90 [ 66.497028][ T7019] ? vt_console_print+0xdb0/0xdb0 [ 66.497041][ T7019] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 66.497053][ T7019] vt_ioctl+0x2062/0x26b0 [ 66.497061][ T7019] ? tomoyo_find_next_domain+0x4a0/0x1f6c [ 66.497068][ T7019] ? lockdep_hardirqs_on+0x463/0x620 [ 66.497076][ T7019] ? complete_change_console+0x3a0/0x3a0 [ 66.497084][ T7019] ? tomoyo_path_number_perm+0x238/0x4d0 [ 66.497093][ T7019] ? tomoyo_execute_permission+0x470/0x470 [ 66.497102][ T7019] ? trace_hardirqs_off+0x50/0x220 [ 66.497110][ T7019] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 66.497119][ T7019] ? complete_change_console+0x3a0/0x3a0 [ 66.497128][ T7019] tty_ioctl+0xedc/0x1440 [ 66.497136][ T7019] ? tty_vhangup+0x30/0x30 [ 66.497146][ T7019] ? do_vfs_ioctl+0x50c/0x1360 [ 66.497155][ T7019] ? ioctl_file_clone+0x180/0x180 [ 66.497164][ T7019] ? selinux_file_mprotect+0x610/0x610 [ 66.497172][ T7019] ? file_open_root+0x400/0x400 [ 66.497184][ T7019] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.497197][ T7019] ? tty_vhangup+0x30/0x30 [ 66.497204][ T7019] ksys_ioctl+0x11a/0x180 [ 66.497213][ T7019] __x64_sys_ioctl+0x6f/0xb0 [ 66.497220][ T7019] ? lockdep_hardirqs_on+0x463/0x620 [ 66.497231][ T7019] do_syscall_64+0xf6/0x7d0 [ 66.497240][ T7019] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 66.497247][ T7019] RIP: 0033:0x440269 [ 66.497255][ T7019] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.497259][ T7019] RSP: 002b:00007ffcb91a4b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.497267][ T7019] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269 [ 66.497272][ T7019] RDX: 0000000020000040 RSI: 000000000000560a RDI: 0000000000000004 [ 66.497276][ T7019] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 66.497280][ T7019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b50 [ 66.497284][ T7019] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 66.497295][ T7019] [ 66.497300][ T7019] Allocated by task 7019: [ 66.497306][ T7019] save_stack+0x1b/0x40 [ 66.497313][ T7019] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.497318][ T7019] __kmalloc+0x161/0x7a0 [ 66.497325][ T7019] fbcon_set_font+0x331/0x870 [ 66.497331][ T7019] con_font_op+0xd65/0x1160 [ 66.497337][ T7019] vt_ioctl+0xce5/0x26b0 [ 66.497343][ T7019] tty_ioctl+0xedc/0x1440 [ 66.497349][ T7019] ksys_ioctl+0x11a/0x180 [ 66.497355][ T7019] __x64_sys_ioctl+0x6f/0xb0 [ 66.497361][ T7019] do_syscall_64+0xf6/0x7d0 [ 66.497368][ T7019] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 66.497370][ T7019] [ 66.497373][ T7019] Freed by task 4112: [ 66.497379][ T7019] save_stack+0x1b/0x40 [ 66.497384][ T7019] __kasan_slab_free+0xf7/0x140 [ 66.497389][ T7019] kfree+0x109/0x2b0 [ 66.497398][ T7019] skb_free_head+0x8b/0xa0 [ 66.497403][ T7019] skb_release_data+0x42e/0x8b0 [ 66.497410][ T7019] skb_release_all+0x46/0x60 [ 66.497416][ T7019] consume_skb+0xf3/0x400 [ 66.497423][ T7019] skb_free_datagram+0x16/0xf0 [ 66.497430][ T7019] netlink_recvmsg+0x65e/0xee0 [ 66.497438][ T7019] sock_recvmsg+0xca/0x110 [ 66.497444][ T7019] ____sys_recvmsg+0x208/0x580 [ 66.497449][ T7019] ___sys_recvmsg+0xe4/0x150 [ 66.497455][ T7019] __sys_recvmsg+0xe9/0x1b0 [ 66.497461][ T7019] do_syscall_64+0xf6/0x7d0 [ 66.497468][ T7019] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 66.497470][ T7019] [ 66.497475][ T7019] The buggy address belongs to the object at ffff88809f8cec00 [ 66.497475][ T7019] which belongs to the cache kmalloc-512 of size 512 [ 66.497482][ T7019] The buggy address is located 319 bytes inside of [ 66.497482][ T7019] 512-byte region [ffff88809f8cec00, ffff88809f8cee00) [ 66.497484][ T7019] The buggy address belongs to the page: [ 66.497493][ T7019] page:ffffea00027e3380 refcount:1 mapcount:0 mapping:00000000dade9c90 index:0x0 [ 66.497500][ T7019] flags: 0xfffe0000000200(slab) [ 66.497510][ T7019] raw: 00fffe0000000200 ffffea00024e2b08 ffffea0002a38c08 ffff8880aa000a80 [ 66.497519][ T7019] raw: 0000000000000000 ffff88809f8ce000 0000000100000004 0000000000000000 [ 66.497522][ T7019] page dumped because: kasan: bad access detected [ 66.497524][ T7019] [ 66.497526][ T7019] Memory state around the buggy address: [ 66.497532][ T7019] ffff88809f8cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.497538][ T7019] ffff88809f8cec80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.497543][ T7019] >ffff88809f8ced00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.497546][ T7019] ^ [ 66.497552][ T7019] ffff88809f8ced80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.497558][ T7019] ffff88809f8cee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.497560][ T7019] ================================================================== [ 66.497563][ T7019] Disabling lock debugging due to kernel taint [ 66.497567][ T7019] Kernel panic - not syncing: panic_on_warn set ... [ 66.497574][ T7019] CPU: 0 PID: 7019 Comm: syz-executor061 Tainted: G B 5.7.0-rc4-syzkaller #0 [ 66.497578][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.497580][ T7019] Call Trace: [ 66.497587][ T7019] dump_stack+0x188/0x20d [ 66.497596][ T7019] panic+0x2e3/0x75c [ 66.497603][ T7019] ? add_taint.cold+0x16/0x16 [ 66.497611][ T7019] ? print_shadow_for_address+0xb8/0x114 [ 66.497616][ T7019] ? trace_hardirqs_on+0x55/0x220 [ 66.497623][ T7019] ? bit_putcs+0xc08/0xd60 [ 66.497630][ T7019] end_report+0x4d/0x53 [ 66.497636][ T7019] __kasan_report.cold+0xd/0x4d [ 66.497643][ T7019] ? bit_putcs+0xc08/0xd60 [ 66.497650][ T7019] ? bit_putcs+0xc08/0xd60 [ 66.497655][ T7019] kasan_report+0x33/0x50 [ 66.497662][ T7019] bit_putcs+0xc08/0xd60 [ 66.497673][ T7019] ? bit_cursor+0x1870/0x1870 [ 66.497680][ T7019] ? vesafb_probe.cold+0x1162/0x1162 [ 66.497687][ T7019] ? fb_get_color_depth.part.0+0xc6/0x1f0 [ 66.497694][ T7019] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 66.497701][ T7019] fbcon_putcs+0x345/0x3f0 [ 66.497708][ T7019] ? bit_cursor+0x1870/0x1870 [ 66.497715][ T7019] do_update_region+0x398/0x630 [ 66.497722][ T7019] ? con_get_trans_old+0x280/0x280 [ 66.497730][ T7019] ? fbcon_set_palette+0x3b1/0x4a0 [ 66.497736][ T7019] ? var_to_display+0x7f0/0x7f0 [ 66.497743][ T7019] redraw_screen+0x64c/0x770 [ 66.497750][ T7019] ? respond_string+0x290/0x290 [ 66.497758][ T7019] vc_do_resize+0xfe6/0x1340 [ 66.497767][ T7019] ? lock_downgrade+0x840/0x840 [ 66.497773][ T7019] ? rwlock_bug.part.0+0x90/0x90 [ 66.497779][ T7019] ? vt_console_print+0xdb0/0xdb0 [ 66.497786][ T7019] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 66.497794][ T7019] vt_ioctl+0x2062/0x26b0 [ 66.497800][ T7019] ? tomoyo_find_next_domain+0x4a0/0x1f6c [ 66.497806][ T7019] ? lockdep_hardirqs_on+0x463/0x620 [ 66.497813][ T7019] ? complete_change_console+0x3a0/0x3a0 [ 66.497819][ T7019] ? tomoyo_path_number_perm+0x238/0x4d0 [ 66.497826][ T7019] ? tomoyo_execute_permission+0x470/0x470 [ 66.497832][ T7019] ? trace_hardirqs_off+0x50/0x220 [ 66.497839][ T7019] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 66.497846][ T7019] ? complete_change_console+0x3a0/0x3a0 [ 66.497852][ T7019] tty_ioctl+0xedc/0x1440 [ 66.497858][ T7019] ? tty_vhangup+0x30/0x30 [ 66.497864][ T7019] ? do_vfs_ioctl+0x50c/0x1360 [ 66.497871][ T7019] ? ioctl_file_clone+0x180/0x180 [ 66.497877][ T7019] ? selinux_file_mprotect+0x610/0x610 [ 66.497883][ T7019] ? file_open_root+0x400/0x400 [ 66.497891][ T7019] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.497899][ T7019] ? tty_vhangup+0x30/0x30 [ 66.497906][ T7019] ksys_ioctl+0x11a/0x180 [ 66.497912][ T7019] __x64_sys_ioctl+0x6f/0xb0 [ 66.497919][ T7019] ? lockdep_hardirqs_on+0x463/0x620 [ 66.497925][ T7019] do_syscall_64+0xf6/0x7d0 [ 66.497933][ T7019] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 66.497937][ T7019] RIP: 0033:0x440269 [ 66.497943][ T7019] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.497946][ T7019] RSP: 002b:00007ffcb91a4b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.497952][ T7019] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269 [ 66.497956][ T7019] RDX: 0000000020000040 RSI: 000000000000560a RDI: 0000000000000004 [ 66.497960][ T7019] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 66.497963][ T7019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b50 [ 66.497967][ T7019] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 66.499065][ T7019] Kernel Offset: disabled [ 67.481042][ T7019] Rebooting in 86400 seconds..