Starting getty on tty2-tty6 if dbus and logind are not available... Starting OpenBSD Secure Shell server... [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ 53.229141][ T6496] sshd (6496) used greatest stack depth: 23288 bytes left [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.38' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.604462][ T29] audit: type=1400 audit(1596266852.620:8): avc: denied { execmem } for pid=6834 comm="syz-executor119" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 71.607120][ T6834] ================================================================== [ 71.633356][ T6834] BUG: KASAN: slab-out-of-bounds in qrtr_endpoint_post+0x5c1/0x1050 [ 71.641368][ T6834] Read of size 4294967294 at addr ffff8880a818ba10 by task syz-executor119/6834 [ 71.650381][ T6834] [ 71.652701][ T6834] CPU: 0 PID: 6834 Comm: syz-executor119 Not tainted 5.8.0-rc7-syzkaller #0 [ 71.661657][ T6834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.671748][ T6834] Call Trace: [ 71.675071][ T6834] dump_stack+0x18f/0x20d [ 71.679399][ T6834] ? qrtr_endpoint_post+0x5c1/0x1050 [ 71.684672][ T6834] ? qrtr_endpoint_post+0x5c1/0x1050 [ 71.689972][ T6834] print_address_description.constprop.0.cold+0xae/0x436 [ 71.696997][ T6834] ? do_raw_spin_unlock+0x171/0x230 [ 71.702208][ T6834] ? lockdep_hardirqs_off+0x66/0xa0 [ 71.707396][ T6834] ? vprintk_func+0x97/0x1a6 [ 71.712067][ T6834] ? qrtr_endpoint_post+0x5c1/0x1050 [ 71.717477][ T6834] kasan_report.cold+0x1f/0x37 [ 71.722263][ T6834] ? qrtr_endpoint_post+0x5c1/0x1050 [ 71.727552][ T6834] check_memory_region+0x13d/0x180 [ 71.732682][ T6834] memcpy+0x20/0x60 [ 71.736476][ T6834] qrtr_endpoint_post+0x5c1/0x1050 [ 71.741610][ T6834] qrtr_tun_write_iter+0xf5/0x180 [ 71.746642][ T6834] new_sync_write+0x422/0x650 [ 71.751308][ T6834] ? new_sync_read+0x6e0/0x6e0 [ 71.756067][ T6834] ? selinux_file_permission+0x92/0x520 [ 71.761611][ T6834] ? build_open_flags+0x650/0x650 [ 71.766659][ T6834] vfs_write+0x59d/0x6b0 [ 71.770910][ T6834] ksys_write+0x12d/0x250 [ 71.775324][ T6834] ? __ia32_sys_read+0xb0/0xb0 [ 71.780092][ T6834] ? lock_is_held_type+0xb0/0xe0 [ 71.785114][ T6834] ? do_syscall_64+0x1c/0xe0 [ 71.789699][ T6834] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 71.795678][ T6834] do_syscall_64+0x60/0xe0 [ 71.800103][ T6834] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.805988][ T6834] RIP: 0033:0x440259 [ 71.809892][ T6834] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.829494][ T6834] RSP: 002b:00007ffd18650b78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.837907][ T6834] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 71.845876][ T6834] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 71.853897][ T6834] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 71.861910][ T6834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60 [ 71.869909][ T6834] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 71.877876][ T6834] [ 71.880182][ T6834] Allocated by task 6834: [ 71.884501][ T6834] save_stack+0x1b/0x40 [ 71.888641][ T6834] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 71.894726][ T6834] __kmalloc+0x17a/0x340 [ 71.898962][ T6834] qrtr_tun_write_iter+0x8a/0x180 [ 71.903993][ T6834] new_sync_write+0x422/0x650 [ 71.908674][ T6834] vfs_write+0x59d/0x6b0 [ 71.912906][ T6834] ksys_write+0x12d/0x250 [ 71.917593][ T6834] do_syscall_64+0x60/0xe0 [ 71.922019][ T6834] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.927895][ T6834] [ 71.930394][ T6834] Freed by task 1: [ 71.934135][ T6834] save_stack+0x1b/0x40 [ 71.938328][ T6834] __kasan_slab_free+0xf5/0x140 [ 71.943175][ T6834] kfree+0x103/0x2c0 [ 71.947075][ T6834] tomoyo_path_perm+0x234/0x3f0 [ 71.951953][ T6834] security_inode_getattr+0xcf/0x140 [ 71.957239][ T6834] vfs_statx+0x170/0x390 [ 71.961484][ T6834] __do_sys_newlstat+0x91/0x110 [ 71.966340][ T6834] do_syscall_64+0x60/0xe0 [ 71.970749][ T6834] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.976621][ T6834] [ 71.978951][ T6834] The buggy address belongs to the object at ffff8880a818ba00 [ 71.978951][ T6834] which belongs to the cache kmalloc-32 of size 32 [ 71.992819][ T6834] The buggy address is located 16 bytes inside of [ 71.992819][ T6834] 32-byte region [ffff8880a818ba00, ffff8880a818ba20) [ 72.005928][ T6834] The buggy address belongs to the page: [ 72.011559][ T6834] page:ffffea0002a062c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a818bfc1 [ 72.021956][ T6834] flags: 0xfffe0000000200(slab) [ 72.026796][ T6834] raw: 00fffe0000000200 ffffea000272eb48 ffffea0002765c48 ffff8880aa0001c0 [ 72.035395][ T6834] raw: ffff8880a818bfc1 ffff8880a818b000 000000010000000f 0000000000000000 [ 72.044064][ T6834] page dumped because: kasan: bad access detected [ 72.050488][ T6834] [ 72.052794][ T6834] Memory state around the buggy address: [ 72.058426][ T6834] ffff8880a818b900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 72.066489][ T6834] ffff8880a818b980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 72.074544][ T6834] >ffff8880a818ba00: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 72.082594][ T6834] ^ [ 72.087170][ T6834] ffff8880a818ba80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 72.095219][ T6834] ffff8880a818bb00: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 72.103275][ T6834] ================================================================== [ 72.111332][ T6834] Disabling lock debugging due to kernel taint [ 72.118286][ T6834] Kernel panic - not syncing: panic_on_warn set ... [ 72.124924][ T6834] CPU: 0 PID: 6834 Comm: syz-executor119 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 72.134984][ T6834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.145044][ T6834] Call Trace: [ 72.148347][ T6834] dump_stack+0x18f/0x20d [ 72.152686][ T6834] ? qrtr_endpoint_post+0x530/0x1050 [ 72.157956][ T6834] panic+0x2e3/0x75c [ 72.161847][ T6834] ? __warn_printk+0xf3/0xf3 [ 72.166428][ T6834] ? preempt_schedule_common+0x59/0xc0 [ 72.171906][ T6834] ? qrtr_endpoint_post+0x5c1/0x1050 [ 72.177200][ T6834] ? preempt_schedule_thunk+0x16/0x18 [ 72.182573][ T6834] ? trace_hardirqs_on+0x55/0x220 [ 72.187597][ T6834] ? qrtr_endpoint_post+0x5c1/0x1050 [ 72.192870][ T6834] ? qrtr_endpoint_post+0x5c1/0x1050 [ 72.198137][ T6834] end_report+0x4d/0x53 [ 72.202281][ T6834] kasan_report.cold+0xd/0x37 [ 72.206954][ T6834] ? qrtr_endpoint_post+0x5c1/0x1050 [ 72.212246][ T6834] check_memory_region+0x13d/0x180 [ 72.217355][ T6834] memcpy+0x20/0x60 [ 72.221161][ T6834] qrtr_endpoint_post+0x5c1/0x1050 [ 72.226267][ T6834] qrtr_tun_write_iter+0xf5/0x180 [ 72.231297][ T6834] new_sync_write+0x422/0x650 [ 72.235972][ T6834] ? new_sync_read+0x6e0/0x6e0 [ 72.240750][ T6834] ? selinux_file_permission+0x92/0x520 [ 72.246289][ T6834] ? build_open_flags+0x650/0x650 [ 72.251302][ T6834] vfs_write+0x59d/0x6b0 [ 72.255535][ T6834] ksys_write+0x12d/0x250 [ 72.259849][ T6834] ? __ia32_sys_read+0xb0/0xb0 [ 72.264595][ T6834] ? lock_is_held_type+0xb0/0xe0 [ 72.269546][ T6834] ? do_syscall_64+0x1c/0xe0 [ 72.274141][ T6834] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 72.280131][ T6834] do_syscall_64+0x60/0xe0 [ 72.284571][ T6834] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.290472][ T6834] RIP: 0033:0x440259 [ 72.294363][ T6834] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.313950][ T6834] RSP: 002b:00007ffd18650b78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.322364][ T6834] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 72.330320][ T6834] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 72.338361][ T6834] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 72.346330][ T6834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60 [ 72.354297][ T6834] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 72.363303][ T6834] Kernel Offset: disabled [ 72.367650][ T6834] Rebooting in 86400 seconds..