[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   55.311017][ T6836] IPVS: ftp: loaded support on port[0] = 21
[   55.347195][ T6836] ==================================================================
[   55.347231][ T6836] BUG: KASAN: use-after-free in vcs_read+0xaa7/0xb40
[   55.347239][ T6836] Write of size 2 at addr ffff8880a0b68000 by task syz-executor825/6836
[   55.347241][ T6836] 
[   55.347250][ T6836] CPU: 0 PID: 6836 Comm: syz-executor825 Not tainted 5.9.0-rc1-next-20200821-syzkaller #0
[   55.347255][ T6836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.347258][ T6836] Call Trace:
[   55.347270][ T6836]  dump_stack+0x18f/0x20d
[   55.347279][ T6836]  ? vcs_read+0xaa7/0xb40
[   55.347286][ T6836]  ? vcs_read+0xaa7/0xb40
[   55.347296][ T6836]  print_address_description.constprop.0.cold+0xae/0x497
[   55.347306][ T6836]  ? lock_release+0x8e0/0x8e0
[   55.347314][ T6836]  ? lock_downgrade+0x830/0x830
[   55.347324][ T6836]  ? vprintk_func+0x97/0x1a6
[   55.347333][ T6836]  ? vcs_read+0xaa7/0xb40
[   55.347340][ T6836]  ? vcs_read+0xaa7/0xb40
[   55.347347][ T6836]  kasan_report.cold+0x1f/0x37
[   55.347356][ T6836]  ? vcs_read+0xaa7/0xb40
[   55.347365][ T6836]  vcs_read+0xaa7/0xb40
[   55.347378][ T6836]  ? vcs_write+0xb50/0xb50
[   55.347388][ T6836]  ? security_file_permission+0x248/0x560
[   55.347403][ T6836]  do_iter_read+0x48e/0x6e0
[   55.347417][ T6836]  vfs_readv+0xe5/0x150
[   55.347426][ T6836]  ? compat_rw_copy_check_uvector+0x4c0/0x4c0
[   55.347438][ T6836]  ? find_held_lock+0x2d/0x110
[   55.347454][ T6836]  ? vmacache_update+0xce/0x140
[   55.347465][ T6836]  __x64_sys_preadv+0x231/0x310
[   55.347474][ T6836]  ? __ia32_sys_writev+0xb0/0xb0
[   55.347484][ T6836]  ? trace_hardirqs_on+0x5f/0x220
[   55.347493][ T6836]  ? lockdep_hardirqs_on+0x76/0xf0
[   55.347504][ T6836]  do_syscall_64+0x2d/0x70
[   55.347513][ T6836]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   55.347521][ T6836] RIP: 0033:0x440af9
[   55.347530][ T6836] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   55.347535][ T6836] RSP: 002b:00007ffc361d17f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   55.347544][ T6836] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440af9
[   55.347549][ T6836] RDX: 0000000000000006 RSI: 0000000020001b00 RDI: 0000000000000003
[   55.347554][ T6836] RBP: 00007ffc361d1800 R08: 0000000000000000 R09: 0000000120080522
[   55.347559][ T6836] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000004a2290
[   55.347564][ T6836] R13: 0000000000402010 R14: 0000000000000000 R15: 0000000000000000
[   55.347574][ T6836] 
[   55.347578][ T6836] Allocated by task 6756:
[   55.347586][ T6836]  kasan_save_stack+0x1b/0x40
[   55.347594][ T6836]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   55.347601][ T6836]  kmem_cache_alloc_trace+0x16e/0x2c0
[   55.347609][ T6836]  tomoyo_init_log+0x18a/0x1e50
[   55.347617][ T6836]  tomoyo_supervisor+0x32f/0xeb0
[   55.347634][ T6836]  tomoyo_path_permission+0x25c/0x360
[   55.347640][ T6836]  tomoyo_path_perm+0x2e7/0x3f0
[   55.347648][ T6836]  security_inode_getattr+0xcf/0x140
[   55.347655][ T6836]  vfs_statx_fd+0x70/0xf0
[   55.347662][ T6836]  __do_sys_newfstat+0x88/0x100
[   55.347669][ T6836]  do_syscall_64+0x2d/0x70
[   55.347677][ T6836]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   55.347679][ T6836] 
[   55.347683][ T6836] Freed by task 6756:
[   55.347690][ T6836]  kasan_save_stack+0x1b/0x40
[   55.347697][ T6836]  kasan_set_track+0x1c/0x30
[   55.347704][ T6836]  kasan_set_free_info+0x1b/0x30
[   55.347711][ T6836]  __kasan_slab_free+0xd8/0x120
[   55.347717][ T6836]  kfree+0x103/0x2c0
[   55.347724][ T6836]  tomoyo_init_log+0x14b6/0x1e50
[   55.347731][ T6836]  tomoyo_supervisor+0x32f/0xeb0
[   55.347739][ T6836]  tomoyo_path_permission+0x25c/0x360
[   55.347745][ T6836]  tomoyo_path_perm+0x2e7/0x3f0
[   55.347753][ T6836]  security_inode_getattr+0xcf/0x140
[   55.347759][ T6836]  vfs_statx_fd+0x70/0xf0
[   55.347766][ T6836]  __do_sys_newfstat+0x88/0x100
[   55.347774][ T6836]  do_syscall_64+0x2d/0x70
[   55.347781][ T6836]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   55.347783][ T6836] 
[   55.347789][ T6836] The buggy address belongs to the object at ffff8880a0b68000
[   55.347789][ T6836]  which belongs to the cache kmalloc-4k of size 4096
[   55.347795][ T6836] The buggy address is located 0 bytes inside of
[   55.347795][ T6836]  4096-byte region [ffff8880a0b68000, ffff8880a0b69000)
[   55.347798][ T6836] The buggy address belongs to the page:
[   55.347807][ T6836] page:00000000829a4ea3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa0b68
[   55.347813][ T6836] head:00000000829a4ea3 order:1 compound_mapcount:0
[   55.347819][ T6836] flags: 0xfffe0000010200(slab|head)
[   55.347830][ T6836] raw: 00fffe0000010200 ffffea0002a24688 ffffea0002a2aa88 ffff8880aa040900
[   55.347839][ T6836] raw: 0000000000000000 ffff8880a0b68000 0000000100000001 0000000000000000
[   55.347843][ T6836] page dumped because: kasan: bad access detected
[   55.347845][ T6836] 
[   55.347848][ T6836] Memory state around the buggy address:
[   55.347854][ T6836]  ffff8880a0b67f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.347861][ T6836]  ffff8880a0b67f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.347867][ T6836] >ffff8880a0b68000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.347870][ T6836]                    ^
[   55.347876][ T6836]  ffff8880a0b68080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.347882][ T6836]  ffff8880a0b68100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.347885][ T6836] ==================================================================
[   55.347888][ T6836] Disabling lock debugging due to kernel taint
[   55.347893][ T6836] Kernel panic - not syncing: panic_on_warn set ...
[   55.347900][ T6836] CPU: 0 PID: 6836 Comm: syz-executor825 Tainted: G    B             5.9.0-rc1-next-20200821-syzkaller #0
[   55.347904][ T6836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.347906][ T6836] Call Trace:
[   55.347915][ T6836]  dump_stack+0x18f/0x20d
[   55.347922][ T6836]  ? vcs_read+0xa40/0xb40
[   55.347931][ T6836]  panic+0x2e3/0x75c
[   55.347938][ T6836]  ? __warn_printk+0xf3/0xf3
[   55.347947][ T6836]  ? trace_hardirqs_on+0x55/0x220
[   55.347954][ T6836]  ? vcs_read+0xaa7/0xb40
[   55.347960][ T6836]  ? vcs_read+0xaa7/0xb40
[   55.347967][ T6836]  end_report+0x4d/0x53
[   55.347974][ T6836]  kasan_report.cold+0xd/0x37
[   55.347981][ T6836]  ? vcs_read+0xaa7/0xb40
[   55.347988][ T6836]  vcs_read+0xaa7/0xb40
[   55.347998][ T6836]  ? vcs_write+0xb50/0xb50
[   55.348005][ T6836]  ? security_file_permission+0x248/0x560
[   55.348014][ T6836]  do_iter_read+0x48e/0x6e0
[   55.348023][ T6836]  vfs_readv+0xe5/0x150
[   55.348031][ T6836]  ? compat_rw_copy_check_uvector+0x4c0/0x4c0
[   55.348040][ T6836]  ? find_held_lock+0x2d/0x110
[   55.348049][ T6836]  ? vmacache_update+0xce/0x140
[   55.348058][ T6836]  __x64_sys_preadv+0x231/0x310
[   55.348066][ T6836]  ? __ia32_sys_writev+0xb0/0xb0
[   55.348073][ T6836]  ? trace_hardirqs_on+0x5f/0x220
[   55.348079][ T6836]  ? lockdep_hardirqs_on+0x76/0xf0
[   55.348087][ T6836]  do_syscall_64+0x2d/0x70
[   55.348095][ T6836]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   55.348100][ T6836] RIP: 0033:0x440af9
[   55.348107][ T6836] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   55.348111][ T6836] RSP: 002b:00007ffc361d17f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   55.348118][ T6836] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440af9
[   55.348123][ T6836] RDX: 0000000000000006 RSI: 0000000020001b00 RDI: 0000000000000003
[   55.348127][ T6836] RBP: 00007ffc361d1800 R08: 0000000000000000 R09: 0000000120080522
[   55.348131][ T6836] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000004a2290
[   55.348136][ T6836] R13: 0000000000402010 R14: 0000000000000000 R15: 0000000000000000
[   55.349201][ T6836] Kernel Offset: disabled
[   56.098712][ T6836] Rebooting in 86400 seconds..