Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 51.769628] kauditd_printk_skb: 3 callbacks suppressed [ 51.769644] audit: type=1400 audit(1582440605.106:36): avc: denied { map } for pid=8072 comm="syz-executor371" path="/root/syz-executor371299512" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.781824] sp0: Synchronizing with TNC [ 51.807764] ================================================================== [ 51.816046] BUG: KASAN: slab-out-of-bounds in decode_data.part.0+0x23b/0x270 [ 51.823386] Write of size 1 at addr ffff88808b30d94e by task kworker/u4:3/949 [ 51.830829] [ 51.832504] CPU: 0 PID: 949 Comm: kworker/u4:3 Not tainted 4.19.105-syzkaller #0 [ 51.840360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.850082] Workqueue: events_unbound flush_to_ldisc [ 51.855296] Call Trace: [ 51.858002] dump_stack+0x197/0x210 [ 51.862535] ? decode_data.part.0+0x23b/0x270 [ 51.867492] print_address_description.cold+0x7c/0x20d [ 51.873159] ? decode_data.part.0+0x23b/0x270 [ 51.877686] kasan_report.cold+0x8c/0x2ba [ 51.881871] __asan_report_store1_noabort+0x17/0x20 [ 51.887186] decode_data.part.0+0x23b/0x270 [ 51.891545] sixpack_receive_buf+0xdfe/0x1440 [ 51.896241] ? sp_xmit+0xc10/0xc10 [ 51.901457] tty_ldisc_receive_buf+0x15f/0x1c0 [ 51.906063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.911632] tty_port_default_receive_buf+0x7d/0xb0 [ 51.916690] flush_to_ldisc+0x222/0x390 [ 51.920700] process_one_work+0x989/0x1750 [ 51.924971] ? pwq_dec_nr_in_flight+0x320/0x320 [ 51.929681] ? lock_acquire+0x16f/0x3f0 [ 51.933695] ? kasan_check_write+0x14/0x20 [ 51.937993] ? do_raw_spin_lock+0xd7/0x250 [ 51.942410] worker_thread+0x98/0xe40 [ 51.946333] ? trace_hardirqs_on+0x67/0x220 [ 51.950684] kthread+0x354/0x420 [ 51.954061] ? process_one_work+0x1750/0x1750 [ 51.958570] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 51.964130] ret_from_fork+0x24/0x30 [ 51.967877] [ 51.969521] Allocated by task 8072: [ 51.973298] save_stack+0x45/0xd0 [ 51.976768] kasan_kmalloc+0xce/0xf0 [ 51.982405] __kmalloc_node+0x51/0x80 [ 51.986382] kvmalloc_node+0x68/0x100 [ 51.990200] alloc_netdev_mqs+0x98/0xdb0 [ 51.994395] sixpack_open+0x104/0xbf5 [ 51.998216] tty_ldisc_open.isra.0+0x89/0xd0 [ 52.002768] tty_set_ldisc+0x2d7/0x690 [ 52.006692] tty_ioctl+0x65e/0x1510 [ 52.010319] do_vfs_ioctl+0xd5f/0x1380 [ 52.014202] ksys_ioctl+0xab/0xd0 [ 52.017653] __x64_sys_ioctl+0x73/0xb0 [ 52.021544] do_syscall_64+0xfd/0x620 [ 52.025613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.030966] [ 52.032584] Freed by task 6335: [ 52.035858] save_stack+0x45/0xd0 [ 52.039318] __kasan_slab_free+0x102/0x150 [ 52.043643] kasan_slab_free+0xe/0x10 [ 52.047652] kfree+0xcf/0x220 [ 52.050778] kfree_link+0x16/0x20 [ 52.054762] walk_component+0x447/0x2000 [ 52.059422] link_path_walk.part.0+0x594/0x1330 [ 52.064185] path_openat+0x211/0x44a0 [ 52.068109] do_filp_open+0x1a1/0x280 [ 52.071923] do_sys_open+0x3fe/0x550 [ 52.075769] __x64_sys_open+0x7e/0xc0 [ 52.079798] do_syscall_64+0xfd/0x620 [ 52.084518] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.089929] [ 52.091923] The buggy address belongs to the object at ffff88808b30c5c0 [ 52.091923] which belongs to the cache kmalloc-4096 of size 4096 [ 52.104893] The buggy address is located 910 bytes to the right of [ 52.104893] 4096-byte region [ffff88808b30c5c0, ffff88808b30d5c0) [ 52.117761] The buggy address belongs to the page: [ 52.122718] page:ffffea00022cc300 count:1 mapcount:0 mapping:ffff88812c31cdc0 index:0x0 compound_mapcount: 0 [ 52.133579] flags: 0xfffe0000008100(slab|head) [ 52.138177] raw: 00fffe0000008100 ffffea00022e6708 ffffea00022c0508 ffff88812c31cdc0 [ 52.146163] raw: 0000000000000000 ffff88808b30c5c0 0000000100000001 0000000000000000 [ 52.154711] page dumped because: kasan: bad access detected [ 52.160422] [ 52.162161] Memory state around the buggy address: [ 52.167089] ffff88808b30d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.174549] ffff88808b30d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.182401] >ffff88808b30d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.190385] ^ [ 52.196109] ffff88808b30d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.203466] ffff88808b30da00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.211000] ================================================================== [ 52.218360] Disabling lock debugging due to kernel taint [ 52.225375] Kernel panic - not syncing: panic_on_warn set ... [ 52.225375] [ 52.232881] CPU: 0 PID: 949 Comm: kworker/u4:3 Tainted: G B 4.19.105-syzkaller #0 [ 52.241803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.251518] Workqueue: events_unbound flush_to_ldisc [ 52.256626] Call Trace: [ 52.259208] dump_stack+0x197/0x210 [ 52.262901] ? decode_data.part.0+0x23b/0x270 [ 52.267391] panic+0x26a/0x50e [ 52.270572] ? __warn_printk+0xf3/0xf3 [ 52.274634] ? decode_data.part.0+0x23b/0x270 [ 52.279119] ? preempt_schedule+0x4b/0x60 [ 52.283257] ? ___preempt_schedule+0x16/0x18 [ 52.287652] ? trace_hardirqs_on+0x5e/0x220 [ 52.292216] ? decode_data.part.0+0x23b/0x270 [ 52.296704] kasan_end_report+0x47/0x4f [ 52.300793] kasan_report.cold+0xa9/0x2ba [ 52.305116] __asan_report_store1_noabort+0x17/0x20 [ 52.310131] decode_data.part.0+0x23b/0x270 [ 52.314836] sixpack_receive_buf+0xdfe/0x1440 [ 52.319702] ? sp_xmit+0xc10/0xc10 [ 52.323537] tty_ldisc_receive_buf+0x15f/0x1c0 [ 52.328108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.333639] tty_port_default_receive_buf+0x7d/0xb0 [ 52.338658] flush_to_ldisc+0x222/0x390 [ 52.342632] process_one_work+0x989/0x1750 [ 52.346858] ? pwq_dec_nr_in_flight+0x320/0x320 [ 52.351608] ? lock_acquire+0x16f/0x3f0 [ 52.355565] ? kasan_check_write+0x14/0x20 [ 52.359791] ? do_raw_spin_lock+0xd7/0x250 [ 52.364011] worker_thread+0x98/0xe40 [ 52.367792] ? trace_hardirqs_on+0x67/0x220 [ 52.372105] kthread+0x354/0x420 [ 52.375454] ? process_one_work+0x1750/0x1750 [ 52.379930] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 52.385466] ret_from_fork+0x24/0x30 [ 52.390963] Kernel Offset: disabled [ 52.394595] Rebooting in 86400 seconds..