Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts. executing program [ 93.533839][ T26] audit: type=1400 audit(1582813495.534:42): avc: denied { map } for pid=10835 comm="syz-executor208" path="/root/syz-executor208176039" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 93.546643][T10835] sp0: Synchronizing with TNC [ 93.567719][ T7] ================================================================== [ 93.575933][ T7] BUG: KASAN: slab-out-of-bounds in decode_data.part.0+0x23b/0x270 [ 93.583830][ T7] Write of size 1 at addr ffff888087c5544e by task kworker/u4:0/7 [ 93.591894][ T7] [ 93.594240][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.6.0-rc3-syzkaller #0 [ 93.602392][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.612578][ T7] Workqueue: events_unbound flush_to_ldisc [ 93.618386][ T7] Call Trace: [ 93.621692][ T7] dump_stack+0x197/0x210 [ 93.626042][ T7] ? decode_data.part.0+0x23b/0x270 [ 93.631263][ T7] print_address_description.constprop.0.cold+0xd4/0x30b [ 93.638293][ T7] ? decode_data.part.0+0x23b/0x270 [ 93.643504][ T7] ? decode_data.part.0+0x23b/0x270 [ 93.648712][ T7] __kasan_report.cold+0x1b/0x32 [ 93.653669][ T7] ? decode_data.part.0+0x23b/0x270 [ 93.658897][ T7] kasan_report+0x12/0x20 [ 93.663255][ T7] __asan_report_store1_noabort+0x17/0x20 [ 93.668985][ T7] decode_data.part.0+0x23b/0x270 [ 93.674036][ T7] sixpack_receive_buf+0xde4/0x1420 [ 93.679258][ T7] ? sixpack_close+0x250/0x250 [ 93.684167][ T7] tty_ldisc_receive_buf+0x15f/0x1c0 [ 93.689461][ T7] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.695723][ T7] tty_port_default_receive_buf+0x7d/0xb0 [ 93.701464][ T7] flush_to_ldisc+0x222/0x390 [ 93.706174][ T7] process_one_work+0xa05/0x17a0 [ 93.711129][ T7] ? mark_held_locks+0xf0/0xf0 [ 93.716039][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 93.721420][ T7] ? lock_acquire+0x190/0x410 [ 93.726490][ T7] worker_thread+0x98/0xe40 [ 93.731031][ T7] kthread+0x361/0x430 [ 93.735226][ T7] ? process_one_work+0x17a0/0x17a0 [ 93.740432][ T7] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 93.746188][ T7] ret_from_fork+0x24/0x30 [ 93.750630][ T7] [ 93.752960][ T7] Allocated by task 10835: [ 93.757387][ T7] save_stack+0x23/0x90 [ 93.761644][ T7] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 93.767284][ T7] kasan_kmalloc+0x9/0x10 [ 93.771625][ T7] __kmalloc_node+0x4e/0x70 [ 93.776188][ T7] kvmalloc_node+0x68/0x100 [ 93.780715][ T7] alloc_netdev_mqs+0x98/0xe40 [ 93.785590][ T7] sixpack_open+0x104/0xaaf [ 93.790103][ T7] tty_ldisc_open.isra.0+0xa3/0x110 [ 93.795321][ T7] tty_set_ldisc+0x30e/0x6b0 [ 93.799916][ T7] tty_ioctl+0xe8d/0x14f0 [ 93.804260][ T7] ksys_ioctl+0x123/0x180 [ 93.808593][ T7] __x64_sys_ioctl+0x73/0xb0 [ 93.813196][ T7] do_syscall_64+0xfa/0x790 [ 93.817708][ T7] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.823595][ T7] [ 93.825943][ T7] Freed by task 10612: [ 93.830627][ T7] save_stack+0x23/0x90 [ 93.834801][ T7] __kasan_slab_free+0x102/0x150 [ 93.839752][ T7] kasan_slab_free+0xe/0x10 [ 93.844275][ T7] kfree+0x10a/0x2c0 [ 93.848181][ T7] tomoyo_realpath_from_path+0x1a7/0x660 [ 93.853859][ T7] tomoyo_path_number_perm+0x1dd/0x520 [ 93.859332][ T7] tomoyo_file_ioctl+0x23/0x30 [ 93.864110][ T7] security_file_ioctl+0x77/0xc0 [ 93.869055][ T7] ksys_ioctl+0x56/0x180 [ 93.873317][ T7] __x64_sys_ioctl+0x73/0xb0 [ 93.878230][ T7] do_syscall_64+0xfa/0x790 [ 93.882929][ T7] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.888818][ T7] [ 93.891208][ T7] The buggy address belongs to the object at ffff888087c54000 [ 93.891208][ T7] which belongs to the cache kmalloc-4k of size 4096 [ 93.905281][ T7] The buggy address is located 1102 bytes to the right of [ 93.905281][ T7] 4096-byte region [ffff888087c54000, ffff888087c55000) [ 93.919262][ T7] The buggy address belongs to the page: [ 93.924972][ T7] page:ffffea00021f1500 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0 [ 93.936056][ T7] flags: 0xfffe0000010200(slab|head) [ 93.941382][ T7] raw: 00fffe0000010200 ffffea0002515008 ffffea00025e1708 ffff8880aa402000 [ 93.950070][ T7] raw: 0000000000000000 ffff888087c54000 0000000100000001 0000000000000000 [ 93.958734][ T7] page dumped because: kasan: bad access detected [ 93.965140][ T7] [ 93.967457][ T7] Memory state around the buggy address: [ 93.973084][ T7] ffff888087c55300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.981225][ T7] ffff888087c55380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.989290][ T7] >ffff888087c55400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.997342][ T7] ^ [ 94.003748][ T7] ffff888087c55480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.011804][ T7] ffff888087c55500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.019860][ T7] ================================================================== [ 94.027976][ T7] Disabling lock debugging due to kernel taint [ 94.034938][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 94.041538][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.6.0-rc3-syzkaller #0 [ 94.051061][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.061164][ T7] Workqueue: events_unbound flush_to_ldisc [ 94.066957][ T7] Call Trace: [ 94.070234][ T7] dump_stack+0x197/0x210 [ 94.074573][ T7] panic+0x2e3/0x75c [ 94.078547][ T7] ? add_taint.cold+0x16/0x16 [ 94.083258][ T7] ? decode_data.part.0+0x23b/0x270 [ 94.088488][ T7] ? preempt_schedule+0x4b/0x60 [ 94.093338][ T7] ? ___preempt_schedule+0x16/0x18 [ 94.098515][ T7] ? trace_hardirqs_on+0x5e/0x240 [ 94.103524][ T7] ? decode_data.part.0+0x23b/0x270 [ 94.108718][ T7] end_report+0x47/0x4f [ 94.112865][ T7] ? decode_data.part.0+0x23b/0x270 [ 94.118214][ T7] __kasan_report.cold+0xe/0x32 [ 94.123067][ T7] ? decode_data.part.0+0x23b/0x270 [ 94.128353][ T7] kasan_report+0x12/0x20 [ 94.132918][ T7] __asan_report_store1_noabort+0x17/0x20 [ 94.138620][ T7] decode_data.part.0+0x23b/0x270 [ 94.143734][ T7] sixpack_receive_buf+0xde4/0x1420 [ 94.149038][ T7] ? sixpack_close+0x250/0x250 [ 94.153838][ T7] tty_ldisc_receive_buf+0x15f/0x1c0 [ 94.159120][ T7] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.165485][ T7] tty_port_default_receive_buf+0x7d/0xb0 [ 94.171640][ T7] flush_to_ldisc+0x222/0x390 [ 94.176313][ T7] process_one_work+0xa05/0x17a0 [ 94.181240][ T7] ? mark_held_locks+0xf0/0xf0 [ 94.186010][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 94.191388][ T7] ? lock_acquire+0x190/0x410 [ 94.196076][ T7] worker_thread+0x98/0xe40 [ 94.200581][ T7] kthread+0x361/0x430 [ 94.205678][ T7] ? process_one_work+0x17a0/0x17a0 [ 94.210888][ T7] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 94.216623][ T7] ret_from_fork+0x24/0x30 [ 94.222410][ T7] Kernel Offset: disabled [ 94.226896][ T7] Rebooting in 86400 seconds..