[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.144829][ T6804] ================================================================== [ 41.153042][ T6804] BUG: KASAN: slab-out-of-bounds in vsscanf+0x2666/0x2ef0 [ 41.160126][ T6804] Read of size 1 at addr ffff888097d682b8 by task syz-executor980/6804 [ 41.168329][ T6804] [ 41.170677][ T6804] CPU: 0 PID: 6804 Comm: syz-executor980 Not tainted 5.8.0-rc5-syzkaller #0 [ 41.179359][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.189387][ T6804] Call Trace: [ 41.192702][ T6804] dump_stack+0x1f0/0x31e [ 41.197006][ T6804] print_address_description+0x66/0x5a0 [ 41.202521][ T6804] ? vprintk_emit+0x342/0x3c0 [ 41.207170][ T6804] ? printk+0x62/0x83 [ 41.211124][ T6804] ? vprintk_emit+0x339/0x3c0 [ 41.215771][ T6804] kasan_report+0x132/0x1d0 [ 41.220352][ T6804] ? _parse_integer+0x90/0x190 [ 41.225085][ T6804] ? vsscanf+0x2666/0x2ef0 [ 41.229491][ T6804] vsscanf+0x2666/0x2ef0 [ 41.233704][ T6804] ? vsscanf+0x63f/0x2ef0 [ 41.238007][ T6804] sscanf+0x6c/0x90 [ 41.241788][ T6804] ? smk_set_cipso+0x3d1/0x6c0 [ 41.246521][ T6804] ? vsscanf+0x11af/0x2ef0 [ 41.250927][ T6804] smk_set_cipso+0x374/0x6c0 [ 41.255490][ T6804] ? lock_is_held_type+0x87/0xe0 [ 41.260400][ T6804] ? __sb_start_write+0x35f/0x410 [ 41.265390][ T6804] ? smk_write_access2+0x1c0/0x1c0 [ 41.270473][ T6804] vfs_write+0x2dd/0xc70 [ 41.274686][ T6804] ? __up_read+0x1f1/0x6f0 [ 41.279078][ T6804] ? do_user_addr_fault+0x768/0xba0 [ 41.284246][ T6804] ? __fdget_pos+0x263/0x2f0 [ 41.288823][ T6804] ksys_write+0x11b/0x220 [ 41.293148][ T6804] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.299185][ T6804] do_syscall_64+0x73/0xe0 [ 41.303570][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.309435][ T6804] RIP: 0033:0x4402d9 [ 41.313313][ T6804] Code: Bad RIP value. [ 41.317347][ T6804] RSP: 002b:00007ffe89010db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.325732][ T6804] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402d9 [ 41.333678][ T6804] RDX: 0000000000000037 RSI: 0000000020000040 RDI: 0000000000000003 [ 41.341619][ T6804] RBP: 00000000006ca018 R08: 0000000000000014 R09: 00000000004002c8 [ 41.349561][ T6804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ae0 [ 41.357516][ T6804] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 41.365483][ T6804] [ 41.367801][ T6804] Allocated by task 6804: [ 41.372159][ T6804] __kasan_kmalloc+0x103/0x140 [ 41.376892][ T6804] __kmalloc_track_caller+0x249/0x320 [ 41.382235][ T6804] memdup_user_nul+0x26/0xf0 [ 41.386793][ T6804] smk_set_cipso+0xff/0x6c0 [ 41.391266][ T6804] vfs_write+0x2dd/0xc70 [ 41.395477][ T6804] ksys_write+0x11b/0x220 [ 41.399776][ T6804] do_syscall_64+0x73/0xe0 [ 41.404163][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.410037][ T6804] [ 41.412336][ T6804] Freed by task 4906: [ 41.416288][ T6804] __kasan_slab_free+0x114/0x170 [ 41.421208][ T6804] kfree+0x10a/0x220 [ 41.425115][ T6804] tomoyo_path_number_perm+0x525/0x690 [ 41.430544][ T6804] tomoyo_path_mknod+0x128/0x150 [ 41.435451][ T6804] security_path_mknod+0xdc/0x160 [ 41.440445][ T6804] path_openat+0xbe8/0x37f0 [ 41.444914][ T6804] do_filp_open+0x191/0x3a0 [ 41.449387][ T6804] do_sys_openat2+0x463/0x770 [ 41.454031][ T6804] __x64_sys_open+0x1af/0x1e0 [ 41.458677][ T6804] do_syscall_64+0x73/0xe0 [ 41.463064][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.468921][ T6804] [ 41.471239][ T6804] The buggy address belongs to the object at ffff888097d68280 [ 41.471239][ T6804] which belongs to the cache kmalloc-64 of size 64 [ 41.485086][ T6804] The buggy address is located 56 bytes inside of [ 41.485086][ T6804] 64-byte region [ffff888097d68280, ffff888097d682c0) [ 41.498150][ T6804] The buggy address belongs to the page: [ 41.503753][ T6804] page:ffffea00025f5a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888097d68c80 [ 41.514128][ T6804] flags: 0xfffe0000000200(slab) [ 41.518950][ T6804] raw: 00fffe0000000200 ffffea000288fe08 ffffea00026f38c8 ffff8880aa400380 [ 41.527501][ T6804] raw: ffff888097d68c80 ffff888097d68000 000000010000001e 0000000000000000 [ 41.536050][ T6804] page dumped because: kasan: bad access detected [ 41.542485][ T6804] [ 41.544790][ T6804] Memory state around the buggy address: [ 41.550458][ T6804] ffff888097d68180: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 41.558517][ T6804] ffff888097d68200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 41.566549][ T6804] >ffff888097d68280: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 41.574579][ T6804] ^ [ 41.580443][ T6804] ffff888097d68300: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 41.588480][ T6804] ffff888097d68380: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 41.596508][ T6804] ================================================================== [ 41.604641][ T6804] Disabling lock debugging due to kernel taint [ 41.610995][ T6804] Kernel panic - not syncing: panic_on_warn set ... [ 41.617573][ T6804] CPU: 0 PID: 6804 Comm: syz-executor980 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 41.627619][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.637664][ T6804] Call Trace: [ 41.640932][ T6804] dump_stack+0x1f0/0x31e [ 41.645230][ T6804] panic+0x264/0x7a0 [ 41.649096][ T6804] ? trace_hardirqs_on+0x30/0x80 [ 41.654005][ T6804] kasan_report+0x1c9/0x1d0 [ 41.658475][ T6804] ? _parse_integer+0x90/0x190 [ 41.663205][ T6804] ? vsscanf+0x2666/0x2ef0 [ 41.667586][ T6804] vsscanf+0x2666/0x2ef0 [ 41.671796][ T6804] ? vsscanf+0x63f/0x2ef0 [ 41.676103][ T6804] sscanf+0x6c/0x90 [ 41.679881][ T6804] ? smk_set_cipso+0x3d1/0x6c0 [ 41.684612][ T6804] ? vsscanf+0x11af/0x2ef0 [ 41.688997][ T6804] smk_set_cipso+0x374/0x6c0 [ 41.693644][ T6804] ? lock_is_held_type+0x87/0xe0 [ 41.698550][ T6804] ? __sb_start_write+0x35f/0x410 [ 41.703540][ T6804] ? smk_write_access2+0x1c0/0x1c0 [ 41.708616][ T6804] vfs_write+0x2dd/0xc70 [ 41.712826][ T6804] ? __up_read+0x1f1/0x6f0 [ 41.717209][ T6804] ? do_user_addr_fault+0x768/0xba0 [ 41.722375][ T6804] ? __fdget_pos+0x263/0x2f0 [ 41.726933][ T6804] ksys_write+0x11b/0x220 [ 41.731231][ T6804] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.737263][ T6804] do_syscall_64+0x73/0xe0 [ 41.741652][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 41.747514][ T6804] RIP: 0033:0x4402d9 [ 41.751374][ T6804] Code: Bad RIP value. [ 41.755409][ T6804] RSP: 002b:00007ffe89010db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.763805][ T6804] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402d9 [ 41.771764][ T6804] RDX: 0000000000000037 RSI: 0000000020000040 RDI: 0000000000000003 [ 41.779705][ T6804] RBP: 00000000006ca018 R08: 0000000000000014 R09: 00000000004002c8 [ 41.787669][ T6804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ae0 [ 41.795609][ T6804] R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000 [ 41.804848][ T6804] Kernel Offset: disabled [ 41.809161][ T6804] Rebooting in 86400 seconds..