[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.110' (ECDSA) to the list of known hosts. syzkaller login: [ 237.245270][T26003] ================================================================== [ 237.253740][T26003] BUG: KASAN: out-of-bounds in kfence_guarded_free+0x7f1/0x8f0 [ 237.261355][T26003] Read of size 1 at addr ffff88823bdcafe4 by task syz-executor939/26003 [ 237.269677][T26003] [ 237.271986][T26003] CPU: 1 PID: 26003 Comm: syz-executor939 Not tainted 5.10.0-next-20201223-syzkaller #0 [ 237.281680][T26003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.291745][T26003] Call Trace: [ 237.295098][T26003] dump_stack+0x107/0x163 [ 237.299435][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 237.304708][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 237.309984][T26003] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 237.317017][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 237.322290][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 237.327564][T26003] kasan_report.cold+0x79/0xd5 [ 237.332345][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 237.337631][T26003] kfence_guarded_free+0x7f1/0x8f0 [ 237.342737][T26003] __kfence_free+0x70/0x150 [ 237.347225][T26003] kfree+0x57c/0x5c0 [ 237.351117][T26003] ? crypto_destroy_tfm+0xc0/0x210 [ 237.356261][T26003] crypto_destroy_tfm+0xc0/0x210 [ 237.361200][T26003] ? crypto_shash_final+0x120/0x120 [ 237.366420][T26003] crypto_destroy_tfm+0xab/0x210 [ 237.371345][T26003] alg_sock_destruct+0x85/0xe0 [ 237.376146][T26003] ? af_alg_wait_for_data+0x680/0x680 [ 237.381521][T26003] __sk_destruct+0x4b/0x900 [ 237.386126][T26003] sk_destruct+0xbd/0xe0 [ 237.390354][T26003] __sk_free+0xef/0x3d0 [ 237.394512][T26003] sk_free+0x78/0xa0 [ 237.398391][T26003] af_alg_release+0xdb/0x110 [ 237.402980][T26003] __sock_release+0xcd/0x280 [ 237.407600][T26003] sock_close+0x18/0x20 [ 237.411749][T26003] __fput+0x283/0x920 [ 237.415787][T26003] ? __sock_release+0x280/0x280 [ 237.420629][T26003] task_work_run+0xdd/0x190 [ 237.425249][T26003] do_exit+0xb89/0x29e0 [ 237.429461][T26003] ? mm_update_next_owner+0x7a0/0x7a0 [ 237.434850][T26003] do_group_exit+0x125/0x310 [ 237.439442][T26003] __x64_sys_exit_group+0x3a/0x50 [ 237.444459][T26003] do_syscall_64+0x2d/0x70 [ 237.448886][T26003] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 237.454809][T26003] RIP: 0033:0x43feb8 [ 237.458695][T26003] Code: Unable to access opcode bytes at RIP 0x43fe8e. [ 237.465526][T26003] RSP: 002b:00007ffefb4cacd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 237.473927][T26003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043feb8 [ 237.481880][T26003] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 237.489845][T26003] RBP: 00000000004bf790 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 237.497801][T26003] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 237.505755][T26003] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 237.513725][T26003] [ 237.516032][T26003] Allocated by task 2846403498: [ 237.520903][T26003] ------------[ cut here ]------------ [ 237.526335][T26003] slab index 831406 out of bounds (390) for stack id adacafae [ 237.533991][T26003] WARNING: CPU: 1 PID: 26003 at lib/stackdepot.c:211 stack_depot_fetch+0x6d/0xa0 [ 237.543143][T26003] Modules linked in: [ 237.547033][T26003] CPU: 1 PID: 26003 Comm: syz-executor939 Not tainted 5.10.0-next-20201223-syzkaller #0 [ 237.556740][T26003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.567125][T26003] RIP: 0010:stack_depot_fetch+0x6d/0xa0 [ 237.572674][T26003] Code: 48 c1 e0 04 25 f0 3f 00 00 48 01 d0 48 8d 50 18 48 89 13 8b 40 0c 48 83 c4 10 5b c3 89 f9 48 c7 c7 58 8d d2 8a e8 6a b6 de 04 <0f> 0b 48 83 c4 10 31 c0 5b c3 48 83 c4 10 31 c0 5b c3 48 c7 c7 20 [ 237.592292][T26003] RSP: 0018:ffffc900022579e8 EFLAGS: 00010082 [ 237.598349][T26003] RAX: 0000000000000000 RBX: ffffc90002257a08 RCX: 0000000000000000 [ 237.606311][T26003] RDX: ffff888029838000 RSI: ffffffff815b3355 RDI: fffff5200044af2f [ 237.614323][T26003] RBP: ffffea0008ef7280 R08: 0000000000000000 R09: 0000000000000000 [ 237.622292][T26003] R10: ffffffff815ac52e R11: 0000000000000000 R12: ffff88823bdcafe4 [ 237.630248][T26003] R13: ffff88823bdca000 R14: ffff88823bdca040 R15: 00000000ffffffad [ 237.638208][T26003] FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 [ 237.647125][T26003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 237.653702][T26003] CR2: 00000000004bf7c8 CR3: 000000000b08e000 CR4: 00000000001506e0 [ 237.661686][T26003] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 237.669646][T26003] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 237.677607][T26003] Call Trace: [ 237.680876][T26003] print_stack+0x9/0x18 [ 237.685030][T26003] print_address_description.constprop.0.cold+0x21a/0x2f8 [ 237.692143][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 237.697461][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 237.702789][T26003] kasan_report.cold+0x79/0xd5 [ 237.707578][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 237.712876][T26003] kfence_guarded_free+0x7f1/0x8f0 [ 237.718006][T26003] __kfence_free+0x70/0x150 [ 237.722515][T26003] kfree+0x57c/0x5c0 [ 237.726402][T26003] ? crypto_destroy_tfm+0xc0/0x210 [ 237.731562][T26003] crypto_destroy_tfm+0xc0/0x210 [ 237.736491][T26003] ? crypto_shash_final+0x120/0x120 [ 237.741685][T26003] crypto_destroy_tfm+0xab/0x210 [ 237.746731][T26003] alg_sock_destruct+0x85/0xe0 [ 237.751494][T26003] ? af_alg_wait_for_data+0x680/0x680 [ 237.756858][T26003] __sk_destruct+0x4b/0x900 [ 237.761356][T26003] sk_destruct+0xbd/0xe0 [ 237.766198][T26003] __sk_free+0xef/0x3d0 [ 237.770343][T26003] sk_free+0x78/0xa0 [ 237.774230][T26003] af_alg_release+0xdb/0x110 [ 237.778811][T26003] __sock_release+0xcd/0x280 [ 237.783397][T26003] sock_close+0x18/0x20 [ 237.787542][T26003] __fput+0x283/0x920 [ 237.791516][T26003] ? __sock_release+0x280/0x280 [ 237.796365][T26003] task_work_run+0xdd/0x190 [ 237.800871][T26003] do_exit+0xb89/0x29e0 [ 237.805035][T26003] ? mm_update_next_owner+0x7a0/0x7a0 [ 237.810404][T26003] do_group_exit+0x125/0x310 [ 237.814983][T26003] __x64_sys_exit_group+0x3a/0x50 [ 237.819998][T26003] do_syscall_64+0x2d/0x70 [ 237.824425][T26003] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 237.830316][T26003] RIP: 0033:0x43feb8 [ 237.834194][T26003] Code: Unable to access opcode bytes at RIP 0x43fe8e. [ 237.841020][T26003] RSP: 002b:00007ffefb4cacd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 237.849420][T26003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043feb8 [ 237.857380][T26003] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 237.865336][T26003] RBP: 00000000004bf790 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 237.873299][T26003] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 237.881263][T26003] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 237.889324][T26003] Kernel panic - not syncing: panic_on_warn set ... [ 237.895952][T26003] CPU: 1 PID: 26003 Comm: syz-executor939 Not tainted 5.10.0-next-20201223-syzkaller #0 [ 237.905657][T26003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.915699][T26003] Call Trace: [ 237.918976][T26003] dump_stack+0x107/0x163 [ 237.923304][T26003] panic+0x306/0x73d [ 237.927274][T26003] ? __warn_printk+0xf3/0xf3 [ 237.931879][T26003] ? __warn.cold+0x1a/0x44 [ 237.936283][T26003] ? stack_depot_fetch+0x6d/0xa0 [ 237.941215][T26003] __warn.cold+0x35/0x44 [ 237.945444][T26003] ? wake_up_klogd.part.0+0x8e/0xd0 [ 237.950679][T26003] ? stack_depot_fetch+0x6d/0xa0 [ 237.955605][T26003] report_bug+0x1bd/0x210 [ 237.959962][T26003] handle_bug+0x3c/0x60 [ 237.964105][T26003] exc_invalid_op+0x14/0x40 [ 237.968610][T26003] asm_exc_invalid_op+0x12/0x20 [ 237.973449][T26003] RIP: 0010:stack_depot_fetch+0x6d/0xa0 [ 237.978990][T26003] Code: 48 c1 e0 04 25 f0 3f 00 00 48 01 d0 48 8d 50 18 48 89 13 8b 40 0c 48 83 c4 10 5b c3 89 f9 48 c7 c7 58 8d d2 8a e8 6a b6 de 04 <0f> 0b 48 83 c4 10 31 c0 5b c3 48 83 c4 10 31 c0 5b c3 48 c7 c7 20 [ 237.998605][T26003] RSP: 0018:ffffc900022579e8 EFLAGS: 00010082 [ 238.004665][T26003] RAX: 0000000000000000 RBX: ffffc90002257a08 RCX: 0000000000000000 [ 238.012635][T26003] RDX: ffff888029838000 RSI: ffffffff815b3355 RDI: fffff5200044af2f [ 238.020597][T26003] RBP: ffffea0008ef7280 R08: 0000000000000000 R09: 0000000000000000 [ 238.028553][T26003] R10: ffffffff815ac52e R11: 0000000000000000 R12: ffff88823bdcafe4 [ 238.036534][T26003] R13: ffff88823bdca000 R14: ffff88823bdca040 R15: 00000000ffffffad [ 238.044496][T26003] ? wake_up_klogd.part.0+0x8e/0xd0 [ 238.050273][T26003] ? vprintk_func+0x95/0x1e0 [ 238.054870][T26003] ? stack_depot_fetch+0x6d/0xa0 [ 238.059802][T26003] print_stack+0x9/0x18 [ 238.063949][T26003] print_address_description.constprop.0.cold+0x21a/0x2f8 [ 238.071057][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 238.076343][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 238.081617][T26003] kasan_report.cold+0x79/0xd5 [ 238.086373][T26003] ? kfence_guarded_free+0x7f1/0x8f0 [ 238.091697][T26003] kfence_guarded_free+0x7f1/0x8f0 [ 238.096803][T26003] __kfence_free+0x70/0x150 [ 238.101337][T26003] kfree+0x57c/0x5c0 [ 238.105214][T26003] ? crypto_destroy_tfm+0xc0/0x210 [ 238.110363][T26003] crypto_destroy_tfm+0xc0/0x210 [ 238.115297][T26003] ? crypto_shash_final+0x120/0x120 [ 238.120496][T26003] crypto_destroy_tfm+0xab/0x210 [ 238.125438][T26003] alg_sock_destruct+0x85/0xe0 [ 238.130207][T26003] ? af_alg_wait_for_data+0x680/0x680 [ 238.135568][T26003] __sk_destruct+0x4b/0x900 [ 238.140059][T26003] sk_destruct+0xbd/0xe0 [ 238.144287][T26003] __sk_free+0xef/0x3d0 [ 238.148436][T26003] sk_free+0x78/0xa0 [ 238.152319][T26003] af_alg_release+0xdb/0x110 [ 238.156895][T26003] __sock_release+0xcd/0x280 [ 238.161475][T26003] sock_close+0x18/0x20 [ 238.165620][T26003] __fput+0x283/0x920 [ 238.169592][T26003] ? __sock_release+0x280/0x280 [ 238.174432][T26003] task_work_run+0xdd/0x190 [ 238.178926][T26003] do_exit+0xb89/0x29e0 [ 238.183071][T26003] ? mm_update_next_owner+0x7a0/0x7a0 [ 238.188437][T26003] do_group_exit+0x125/0x310 [ 238.193016][T26003] __x64_sys_exit_group+0x3a/0x50 [ 238.198029][T26003] do_syscall_64+0x2d/0x70 [ 238.202442][T26003] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 238.208324][T26003] RIP: 0033:0x43feb8 [ 238.212202][T26003] Code: Unable to access opcode bytes at RIP 0x43fe8e. [ 238.219025][T26003] RSP: 002b:00007ffefb4cacd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 238.227423][T26003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043feb8 [ 238.235434][T26003] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 238.243405][T26003] RBP: 00000000004bf790 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 238.251361][T26003] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 238.259316][T26003] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 238.268207][T26003] Kernel Offset: disabled [ 238.272757][T26003] Rebooting in 86400 seconds..