[  OK  ] Started Daily apt upgrade and clean activities.
         Starting getty on tty2-tty6 if dbus and logind are not available...
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Reached target Timers.
         Starting OpenBSD Secure Shell server...
[  OK  ] Started Regular background program processing daemon.
[  OK  ] Started System Logging Service.
[  OK  ] Started Permit User Sessions.
[  OK  ] Started OpenBSD Secure Shell server.
[  OK  ] Started getty on tty2-tty6 if dbus and logind are not available.
[  OK  ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[  OK  ] Started Getty on tty6.
[  OK  ] Started Getty on tty5.
[  OK  ] Started Getty on tty4.
[  OK  ] Started Getty on tty3.
[  OK  ] Started Getty on tty2.
[  OK  ] Started Getty on tty1.
[  OK  ] Started Serial Getty on ttyS0.
[  OK  ] Reached target Login Prompts.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[  OK  ] Started Update UTMP about System Runlevel Changes.
[  OK  ] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts.
syzkaller login: [   79.533079][   T35] audit: type=1400 audit(1611549952.729:8): avc:  denied  { execmem } for  pid=8470 comm="syz-executor015" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   79.569735][ T8471] IPVS: ftp: loaded support on port[0] = 21
[   79.685494][ T8471] chnl_net:caif_netlink_parms(): no params data found
[   79.745954][ T8471] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.754649][ T8471] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.765174][ T8471] device bridge_slave_0 entered promiscuous mode
[   79.775551][ T8471] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.783206][ T8471] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.792066][ T8471] device bridge_slave_1 entered promiscuous mode
[   79.815440][ T8471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.828508][ T8471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.854301][ T8471] team0: Port device team_slave_0 added
[   79.863138][ T8471] team0: Port device team_slave_1 added
[   79.884437][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.891459][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.917967][ T8471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.931002][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.939360][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.965838][ T8471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.996221][ T8471] device hsr_slave_0 entered promiscuous mode
[   80.003163][ T8471] device hsr_slave_1 entered promiscuous mode
[   80.124890][ T8471] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.136836][ T8471] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.147663][ T8471] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.159209][ T8471] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.189702][ T8471] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.197014][ T8471] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.204959][ T8471] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.212130][ T8471] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.266825][ T8471] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.281786][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.294203][ T3194] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.304265][ T3194] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.313406][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   80.329806][ T8471] 8021q: adding VLAN 0 to HW filter on device team0
[   80.341645][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   80.352252][ T3194] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.359422][ T3194] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.378443][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   80.387685][ T3194] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.394747][ T3194] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.417352][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   80.427514][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   80.442757][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   80.451019][ T3714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   80.463338][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   80.476197][ T8471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.498898][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   80.507518][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   80.522979][ T8471] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.545675][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   80.570238][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   80.579407][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   80.589323][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   80.601602][ T8471] device veth0_vlan entered promiscuous mode
[   80.615540][ T8471] device veth1_vlan entered promiscuous mode
[   80.643861][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   80.652097][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   80.661479][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   80.674760][ T8471] device veth0_macvtap entered promiscuous mode
[   80.686253][ T8471] device veth1_macvtap entered promiscuous mode
[   80.707936][ T8471] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.715773][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   80.728618][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   80.740886][ T8471] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.749736][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   80.759848][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   80.773706][ T8471] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.784578][ T8471] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.793621][ T8471] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   80.812082][ T8471] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.862394][   T35] audit: type=1107 audit(1611549954.059:9): pid=8471 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 msg='йw�q���
�X���*��F��O��lj��\2|�2E޿��`���������E}x@��Mj��@p���4���N�Ÿ�&"�xn���d_"�c�s�?�"J�8垝��X��T�3�x�z�s�(JΝ6�Y���M%u)�^~&+�����G���mf-([�6��g��Y���V�䠃<,����m�J�˻����IJsʭ�I	���נ����x��`-D�k���GGn��萨S�|����-��-�倲������	W,��{֎����$nF�H�}:C��ZvU/���[v@�4z��3�!φ�6~7h%'�4�KN(r.ҁ��5g(uU�u�k28˕�B�<mԋ�&3��7�TeƜ~����0�<���٢5�b�(0��Ъ8�b��v�z�9�hs�fWTXG0�j����Mu�&R������@��P�
[   80.862394][   T35] ���Hd��tW~��;	k�s�p�CZ
[   80.862394][   T35] �A.�d��^»�U( ���eD���.��`?�B���2!�	EniK���הN �w��z�/�ߙ��̏�A��k���`f�:���tx��׀:l���>х�y��i������$���0Uw��)Sp�|߭8��DGj�mېT9��m�	��Oح�ɴ�T��pڼ�v��1��j9\�O[��@
'|y~MS��^�4GΚ����@M�ӡv��1ٷ��������)_�>���!�*��_�]
[   80.862394][   T35] ��
[   81.151745][  T101] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.249004][ T8158] ==================================================================
[   81.249018][ T8158] BUG: KASAN: slab-out-of-bounds in record_print_text+0x33f/0x380
[   81.249024][ T8158] Write of size 1 at addr ffff888027e5d764 by task in:imklog/8158
[   81.249028][ T8158] 
[   81.249032][ T8158] CPU: 1 PID: 8158 Comm: in:imklog Not tainted 5.11.0-rc4-syzkaller #0
[   81.249038][ T8158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.249044][ T8158] Call Trace:
[   81.249046][ T8158]  dump_stack+0x107/0x163
[   81.249050][ T8158]  ? record_print_text+0x33f/0x380
[   81.249054][ T8158]  ? record_print_text+0x33f/0x380
[   81.249058][ T8158]  print_address_description.constprop.0.cold+0x5b/0x2c6
[   81.249062][ T8158]  ? record_print_text+0x33f/0x380
[   81.249066][ T8158]  ? record_print_text+0x33f/0x380
[   81.249069][ T8158]  kasan_report.cold+0x79/0xd5
[   81.249073][ T8158]  ? record_print_text+0x33f/0x380
[   81.249077][ T8158]  record_print_text+0x33f/0x380
[   81.249080][ T8158]  ? get_record_print_text_size+0x110/0x110
[   81.249084][ T8158]  ? prb_read_valid+0x75/0xa0
[   81.249088][ T8158]  ? prb_final_commit+0x20/0x20
[   81.249091][ T8158]  ? syslog_print+0x34b/0x430
[   81.249095][ T8158]  syslog_print+0x2bb/0x430
[   81.249098][ T8158]  ? kmsg_dump_rewind+0x180/0x180
[   81.249102][ T8158]  ? find_held_lock+0x2d/0x110
[   81.249106][ T8158]  ? _raw_spin_unlock_irqrestore+0x42/0x50
[   81.249110][ T8158]  do_syslog.part.0+0x2a8/0x7c0
[   81.249113][ T8158]  ? syslog_print_all+0x4a0/0x4a0
[   81.249117][ T8158]  ? lock_release+0x710/0x710
[   81.249120][ T8158]  ? do_futex+0x163/0x1960
[   81.249124][ T8158]  ? finish_wait+0x260/0x260
[   81.249127][ T8158]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   81.249132][ T8158]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   81.249136][ T8158]  ? avc_has_perm+0x107/0x1b0
[   81.249139][ T8158]  ? avc_has_perm_noaudit+0x390/0x390
[   81.249143][ T8158]  ? fsnotify+0x1070/0x1070
[   81.249146][ T8158]  ? selinux_syslog+0xfa/0x2c0
[   81.249150][ T8158]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   81.249154][ T8158]  ? security_syslog+0x73/0x90
[   81.249157][ T8158]  do_syslog+0x49/0x60
[   81.249160][ T8158]  kmsg_read+0x90/0xb0
[   81.249163][ T8158]  ? kmsg_release+0x20/0x20
[   81.249167][ T8158]  proc_reg_read+0x119/0x300
[   81.249170][ T8158]  ? rw_verify_area+0x11d/0x350
[   81.249173][ T8158]  ? proc_reg_write+0x300/0x300
[   81.249177][ T8158]  vfs_read+0x1b5/0x570
[   81.249180][ T8158]  ksys_read+0x12d/0x250
[   81.249183][ T8158]  ? vfs_write+0xa30/0xa30
[   81.249186][ T8158]  ? syscall_enter_from_user_mode+0x1d/0x50
[   81.249190][ T8158]  do_syscall_64+0x2d/0x70
[   81.249194][ T8158]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   81.249198][ T8158] RIP: 0033:0x7fe0e808f22d
[   81.249204][ T8158] Code: c1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 4e fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 97 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   81.249214][ T8158] RSP: 002b:00007fe0e5a2b580 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   81.249224][ T8158] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe0e808f22d
[   81.249230][ T8158] RDX: 0000000000001fa0 RSI: 00007fe0e5a2bda0 RDI: 0000000000000004
[   81.249236][ T8158] RBP: 00005572425759d0 R08: 0000000000000000 R09: 0000000004000001
[   81.249241][ T8158] R10: 0000000000000001 R11: 0000000000000293 R12: 00007fe0e5a2bda0
[   81.249247][ T8158] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007fe0e5a2be04
[   81.249251][ T8158] 
[   81.249254][ T8158] Allocated by task 8158:
[   81.249257][ T8158]  kasan_save_stack+0x1b/0x40
[   81.249261][ T8158]  ____kasan_kmalloc.constprop.0+0x7f/0xa0
[   81.249265][ T8158]  kmem_cache_alloc_trace+0x1e0/0x400
[   81.249269][ T8158]  syslog_print+0xb2/0x430
[   81.249272][ T8158]  do_syslog.part.0+0x2a8/0x7c0
[   81.249275][ T8158]  do_syslog+0x49/0x60
[   81.249278][ T8158]  kmsg_read+0x90/0xb0
[   81.249281][ T8158]  proc_reg_read+0x119/0x300
[   81.249285][ T8158]  vfs_read+0x1b5/0x570
[   81.249288][ T8158]  ksys_read+0x12d/0x250
[   81.249291][ T8158]  do_syscall_64+0x2d/0x70
[   81.249295][ T8158]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   81.249298][ T8158] 
[   81.249302][ T8158] The buggy address belongs to the object at ffff888027e5d000
[   81.249307][ T8158]  which belongs to the cache kmalloc-1k of size 1024
[   81.249312][ T8158] The buggy address is located 868 bytes to the right of
[   81.249317][ T8158]  1024-byte region [ffff888027e5d000, ffff888027e5d400)
[   81.249322][ T8158] The buggy address belongs to the page:
[   81.249327][ T8158] page:000000004be8ec80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27e5d
[   81.249333][ T8158] flags: 0xfff00000000200(slab)
[   81.249338][ T8158] raw: 00fff00000000200 ffffea00009f9708 ffff888010041850 ffff888010040700
[   81.249344][ T8158] raw: 0000000000000000 ffff888027e5d000 0000000100000002 0000000000000000
[   81.249350][ T8158] page dumped because: kasan: bad access detected
[   81.249353][ T8158] 
[   81.249356][ T8158] Memory state around the buggy address:
[   81.249361][ T8158]  ffff888027e5d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.249367][ T8158]  ffff888027e5d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.249373][ T8158] >ffff888027e5d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.249379][ T8158]                                                        ^
[   81.249384][ T8158]  ffff888027e5d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.249390][ T8158]  ffff888027e5d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.249396][ T8158] ==================================================================
[   81.249401][ T8158] Disabling lock debugging due to kernel taint
[   81.249406][ T8158] Kernel panic - not syncing: panic_on_warn set ...
[   81.249412][ T8158] CPU: 1 PID: 8158 Comm: in:imklog Tainted: G    B             5.11.0-rc4-syzkaller #0
[   81.249418][ T8158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.249423][ T8158] Call Trace:
[   81.249426][ T8158]  dump_stack+0x107/0x163
[   81.249430][ T8158]  ? record_print_text+0x280/0x380
[   81.249433][ T8158]  panic+0x306/0x73d
[   81.249436][ T8158]  ? __warn_printk+0xf3/0xf3
[   81.249439][ T8158]  ? record_print_text+0x33f/0x380
[   81.249443][ T8158]  ? record_print_text+0x33f/0x380
[   81.249447][ T8158]  ? record_print_text+0x33f/0x380
[   81.249450][ T8158]  end_report+0x58/0x5e
[   81.249453][ T8158]  kasan_report.cold+0x67/0xd5
[   81.249457][ T8158]  ? record_print_text+0x33f/0x380
[   81.249461][ T8158]  record_print_text+0x33f/0x380
[   81.249464][ T8158]  ? get_record_print_text_size+0x110/0x110
[   81.249468][ T8158]  ? prb_read_valid+0x75/0xa0
[   81.249472][ T8158]  ? prb_final_commit+0x20/0x20
[   81.249476][ T8158]  ? syslog_print+0x34b/0x430
[   81.249479][ T8158]  syslog_print+0x2bb/0x430
[   81.249483][ T8158]  ? kmsg_dump_rewind+0x180/0x180
[   81.249486][ T8158]  ? find_held_lock+0x2d/0x110
[   81.249490][ T8158]  ? _raw_spin_unlock_irqrestore+0x42/0x50
[   81.249494][ T8158]  do_syslog.part.0+0x2a8/0x7c0
[   81.249498][ T8158]  ? syslog_print_all+0x4a0/0x4a0
[   81.249501][ T8158]  ? lock_release+0x710/0x710
[   81.249505][ T8158]  ? do_futex+0x163/0x1960
[   81.249508][ T8158]  ? finish_wait+0x260/0x260
[   81.249512][ T8158]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   81.249516][ T8158]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   81.249520][ T8158]  ? avc_has_perm+0x107/0x1b0
[   81.249523][ T8158]  ? avc_has_perm_noaudit+0x390/0x390
[   81.249527][ T8158]  ? fsnotify+0x1070/0x1070
[   81.249531][ T8158]  ? selinux_syslog+0xfa/0x2c0
[   81.249534][ T8158]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   81.249539][ T8158]  ? security_syslog+0x73/0x90
[   81.249542][ T8158]  do_syslog+0x49/0x60
[   81.249545][ T8158]  kmsg_read+0x90/0xb0
[   81.249548][ T8158]  ? kmsg_release+0x20/0x20
[   81.249551][ T8158]  proc_reg_read+0x119/0x300
[   81.249555][ T8158]  ? rw_verify_area+0x11d/0x350
[   81.249558][ T8158]  ? proc_reg_write+0x300/0x300
[   81.249561][ T8158]  vfs_read+0x1b5/0x570
[   81.249565][ T8158]  ksys_read+0x12d/0x250
[   81.249568][ T8158]  ? vfs_write+0xa30/0xa30
[   81.249571][ T8158]  ? syscall_enter_from_user_mode+0x1d/0x50
[   81.249575][ T8158]  do_syscall_64+0x2d/0x70
[   81.249579][ T8158]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   81.249582][ T8158] RIP: 0033:0x7fe0e808f22d
[   81.249589][ T8158] Code: c1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 4e fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 97 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   81.249599][ T8158] RSP: 002b:00007fe0e5a2b580 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   81.249608][ T8158] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe0e808f22d
[   81.249613][ T8158] RDX: 0000000000001fa0 RSI: 00007fe0e5a2bda0 RDI: 0000000000000004
[   81.249619][ T8158] RBP: 00005572425759d0 R08: 0000000000000000 R09: 0000000004000001
[   81.249625][ T8158] R10: 0000000000000001 R11: 0000000000000293 R12: 00007fe0e5a2bda0
[   81.249633][ T8158] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007fe0e5a2be04
[   81.249638][ T8158] Kernel Offset: disabled