Starting OpenBSD Secure Shell server... Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ 51.922167][ T6595] sshd (6595) used greatest stack depth: 23576 bytes left [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.27' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.431250][ T29] audit: type=1400 audit(1594533180.629:8): avc: denied { execmem } for pid=6920 comm="syz-executor165" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 67.524810][ T6920] ================================================================== [ 67.524855][ T6920] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xbb6/0xd20 [ 67.524863][ T6920] Read of size 1 at addr ffff8880a6fd5a30 by task syz-executor165/6920 [ 67.524866][ T6920] [ 67.524877][ T6920] CPU: 1 PID: 6920 Comm: syz-executor165 Not tainted 5.8.0-rc4-syzkaller #0 [ 67.524882][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.524885][ T6920] Call Trace: [ 67.524896][ T6920] dump_stack+0x18f/0x20d [ 67.524906][ T6920] ? bit_putcs+0xbb6/0xd20 [ 67.524914][ T6920] ? bit_putcs+0xbb6/0xd20 [ 67.524925][ T6920] print_address_description.constprop.0.cold+0xae/0x436 [ 67.524936][ T6920] ? lock_downgrade+0x820/0x820 [ 67.524947][ T6920] ? lockdep_hardirqs_off+0x66/0xa0 [ 67.524956][ T6920] ? vprintk_func+0x97/0x1a6 [ 67.524966][ T6920] ? bit_putcs+0xbb6/0xd20 [ 67.524973][ T6920] kasan_report.cold+0x1f/0x37 [ 67.524983][ T6920] ? bit_putcs+0xbb6/0xd20 [ 67.524993][ T6920] bit_putcs+0xbb6/0xd20 [ 67.525010][ T6920] ? bit_cursor+0x17d0/0x17d0 [ 67.525019][ T6920] ? vga16fb_update_fix+0x4a0/0x4a0 [ 67.525033][ T6920] ? fb_get_color_depth+0x11a/0x240 [ 67.525045][ T6920] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.525056][ T6920] ? bit_cursor+0x17d0/0x17d0 [ 67.525063][ T6920] fbcon_putcs+0x33c/0x3f0 [ 67.525078][ T6920] do_update_region+0x399/0x630 [ 67.525091][ T6920] ? con_get_trans_old+0x280/0x280 [ 67.525101][ T6920] ? fbcon_set_palette+0x3a8/0x490 [ 67.525109][ T6920] ? var_to_display+0x7f0/0x7f0 [ 67.525121][ T6920] redraw_screen+0x64c/0x770 [ 67.525130][ T6920] ? wait_for_completion+0x260/0x260 [ 67.525140][ T6920] ? vc_init+0x440/0x440 [ 67.525154][ T6920] vc_do_resize+0x110e/0x13f0 [ 67.525169][ T6920] ? lock_downgrade+0x820/0x820 [ 67.525179][ T6920] ? store_bind+0x6a0/0x6a0 [ 67.525189][ T6920] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 67.525198][ T6920] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.525207][ T6920] ? trace_hardirqs_on+0x5f/0x220 [ 67.525218][ T6920] vt_ioctl+0x2037/0x2670 [ 67.525228][ T6920] ? trace_stack_print+0x1e0/0x2c0 [ 67.525237][ T6920] ? lockdep_hardirqs_on+0x6a/0xe0 [ 67.525245][ T6920] ? vt_waitactive+0x350/0x350 [ 67.525261][ T6920] ? tomoyo_path_number_perm+0x244/0x4d0 [ 67.525272][ T6920] ? tomoyo_execute_permission+0x470/0x470 [ 67.525282][ T6920] ? lockdep_hardirqs_off+0x66/0xa0 [ 67.525293][ T6920] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.525303][ T6920] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 67.525311][ T6920] ? vt_waitactive+0x350/0x350 [ 67.525321][ T6920] tty_ioctl+0x1019/0x15f0 [ 67.525332][ T6920] ? tty_fasync+0x390/0x390 [ 67.525342][ T6920] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.525351][ T6920] ? do_vfs_ioctl+0x27d/0x1090 [ 67.525360][ T6920] ? generic_block_fiemap+0x60/0x60 [ 67.525372][ T6920] ? selinux_inode_getsecctx+0x90/0x90 [ 67.525381][ T6920] ? build_open_flags+0x650/0x650 [ 67.525397][ T6920] ? sockfd_lookup_light+0xc6/0x170 [ 67.525408][ T6920] ? __sys_sendmsg+0x10c/0x1b0 [ 67.525417][ T6920] ? __sys_sendmsg_sock+0xb0/0xb0 [ 67.525430][ T6920] ? tty_fasync+0x390/0x390 [ 67.525438][ T6920] ksys_ioctl+0x11a/0x180 [ 67.525448][ T6920] __x64_sys_ioctl+0x6f/0xb0 [ 67.525457][ T6920] ? lockdep_hardirqs_on+0x6a/0xe0 [ 67.525466][ T6920] do_syscall_64+0x60/0xe0 [ 67.525475][ T6920] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.525483][ T6920] RIP: 0033:0x4403a9 [ 67.525486][ T6920] Code: Bad RIP value. [ 67.525491][ T6920] RSP: 002b:00007ffc17538eb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.525500][ T6920] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403a9 [ 67.525505][ T6920] RDX: 0000000020000080 RSI: 000000000000560a RDI: 0000000000000004 [ 67.525511][ T6920] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 67.525516][ T6920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10 [ 67.525521][ T6920] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000 [ 67.525531][ T6920] [ 67.525535][ T6920] Allocated by task 6920: [ 67.525545][ T6920] save_stack+0x1b/0x40 [ 67.525553][ T6920] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 67.525560][ T6920] __kmalloc+0x17a/0x340 [ 67.525568][ T6920] fbcon_set_font+0x34f/0x8b0 [ 67.525574][ T6920] con_font_op+0xd25/0x1110 [ 67.525581][ T6920] vt_ioctl+0x1180/0x2670 [ 67.525588][ T6920] tty_ioctl+0x1019/0x15f0 [ 67.525595][ T6920] ksys_ioctl+0x11a/0x180 [ 67.525602][ T6920] __x64_sys_ioctl+0x6f/0xb0 [ 67.525609][ T6920] do_syscall_64+0x60/0xe0 [ 67.525617][ T6920] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.525619][ T6920] [ 67.525623][ T6920] Freed by task 6819: [ 67.525631][ T6920] save_stack+0x1b/0x40 [ 67.525639][ T6920] __kasan_slab_free+0xf5/0x140 [ 67.525646][ T6920] kfree+0x103/0x2c0 [ 67.525654][ T6920] skb_release_data+0x6d9/0x910 [ 67.525661][ T6920] napi_consume_skb+0x167/0x370 [ 67.525669][ T6920] free_old_xmit_skbs+0xd5/0x230 [ 67.525677][ T6920] virtnet_poll_tx+0x1e9/0x370 [ 67.525685][ T6920] net_rx_action+0x4a1/0xe60 [ 67.525694][ T6920] __do_softirq+0x34c/0xa60 [ 67.525696][ T6920] [ 67.525702][ T6920] The buggy address belongs to the object at ffff8880a6fd5800 [ 67.525702][ T6920] which belongs to the cache kmalloc-1k of size 1024 [ 67.525710][ T6920] The buggy address is located 560 bytes inside of [ 67.525710][ T6920] 1024-byte region [ffff8880a6fd5800, ffff8880a6fd5c00) [ 67.525712][ T6920] The buggy address belongs to the page: [ 67.525723][ T6920] page:ffffea00029bf540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.525729][ T6920] flags: 0xfffe0000000200(slab) [ 67.525742][ T6920] raw: 00fffe0000000200 ffffea00027ae608 ffffea00024048c8 ffff8880aa000c40 [ 67.525751][ T6920] raw: 0000000000000000 ffff8880a6fd5000 0000000100000002 0000000000000000 [ 67.525755][ T6920] page dumped because: kasan: bad access detected [ 67.525757][ T6920] [ 67.525760][ T6920] Memory state around the buggy address: [ 67.525767][ T6920] ffff8880a6fd5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.525773][ T6920] ffff8880a6fd5980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.525780][ T6920] >ffff8880a6fd5a00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.525783][ T6920] ^ [ 67.525789][ T6920] ffff8880a6fd5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.525796][ T6920] ffff8880a6fd5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.525799][ T6920] ================================================================== [ 67.525802][ T6920] Disabling lock debugging due to kernel taint [ 67.525806][ T6920] Kernel panic - not syncing: panic_on_warn set ... [ 67.525815][ T6920] CPU: 1 PID: 6920 Comm: syz-executor165 Tainted: G B 5.8.0-rc4-syzkaller #0 [ 67.525819][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.525821][ T6920] Call Trace: [ 67.525829][ T6920] dump_stack+0x18f/0x20d [ 67.525837][ T6920] ? bit_putcs+0xad0/0xd20 [ 67.525846][ T6920] panic+0x2e3/0x75c [ 67.525854][ T6920] ? __warn_printk+0xf3/0xf3 [ 67.525863][ T6920] ? trace_hardirqs_on+0x55/0x220 [ 67.525871][ T6920] ? bit_putcs+0xbb6/0xd20 [ 67.525878][ T6920] ? bit_putcs+0xbb6/0xd20 [ 67.525884][ T6920] end_report+0x4d/0x53 [ 67.525891][ T6920] kasan_report.cold+0xd/0x37 [ 67.525899][ T6920] ? bit_putcs+0xbb6/0xd20 [ 67.525907][ T6920] bit_putcs+0xbb6/0xd20 [ 67.525918][ T6920] ? bit_cursor+0x17d0/0x17d0 [ 67.525925][ T6920] ? vga16fb_update_fix+0x4a0/0x4a0 [ 67.525935][ T6920] ? fb_get_color_depth+0x11a/0x240 [ 67.525945][ T6920] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.525953][ T6920] ? bit_cursor+0x17d0/0x17d0 [ 67.525960][ T6920] fbcon_putcs+0x33c/0x3f0 [ 67.525969][ T6920] do_update_region+0x399/0x630 [ 67.525978][ T6920] ? con_get_trans_old+0x280/0x280 [ 67.525987][ T6920] ? fbcon_set_palette+0x3a8/0x490 [ 67.525994][ T6920] ? var_to_display+0x7f0/0x7f0 [ 67.526003][ T6920] redraw_screen+0x64c/0x770 [ 67.526010][ T6920] ? wait_for_completion+0x260/0x260 [ 67.526019][ T6920] ? vc_init+0x440/0x440 [ 67.526029][ T6920] vc_do_resize+0x110e/0x13f0 [ 67.526039][ T6920] ? lock_downgrade+0x820/0x820 [ 67.526048][ T6920] ? store_bind+0x6a0/0x6a0 [ 67.526055][ T6920] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 67.526063][ T6920] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.526071][ T6920] ? trace_hardirqs_on+0x5f/0x220 [ 67.526078][ T6920] vt_ioctl+0x2037/0x2670 [ 67.526086][ T6920] ? trace_stack_print+0x1e0/0x2c0 [ 67.526095][ T6920] ? lockdep_hardirqs_on+0x6a/0xe0 [ 67.526102][ T6920] ? vt_waitactive+0x350/0x350 [ 67.526110][ T6920] ? tomoyo_path_number_perm+0x244/0x4d0 [ 67.526119][ T6920] ? tomoyo_execute_permission+0x470/0x470 [ 67.526128][ T6920] ? lockdep_hardirqs_off+0x66/0xa0 [ 67.526137][ T6920] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.526145][ T6920] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 67.526151][ T6920] ? vt_waitactive+0x350/0x350 [ 67.526160][ T6920] tty_ioctl+0x1019/0x15f0 [ 67.526168][ T6920] ? tty_fasync+0x390/0x390 [ 67.526177][ T6920] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.526184][ T6920] ? do_vfs_ioctl+0x27d/0x1090 [ 67.526191][ T6920] ? generic_block_fiemap+0x60/0x60 [ 67.526200][ T6920] ? selinux_inode_getsecctx+0x90/0x90 [ 67.526207][ T6920] ? build_open_flags+0x650/0x650 [ 67.526215][ T6920] ? sockfd_lookup_light+0xc6/0x170 [ 67.526222][ T6920] ? __sys_sendmsg+0x10c/0x1b0 [ 67.526229][ T6920] ? __sys_sendmsg_sock+0xb0/0xb0 [ 67.526239][ T6920] ? tty_fasync+0x390/0x390 [ 67.526245][ T6920] ksys_ioctl+0x11a/0x180 [ 67.526261][ T6920] __x64_sys_ioctl+0x6f/0xb0 [ 67.526269][ T6920] ? lockdep_hardirqs_on+0x6a/0xe0 [ 67.526276][ T6920] do_syscall_64+0x60/0xe0 [ 67.526284][ T6920] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.526289][ T6920] RIP: 0033:0x4403a9 [ 67.526291][ T6920] Code: Bad RIP value. [ 67.526295][ T6920] RSP: 002b:00007ffc17538eb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.526302][ T6920] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403a9 [ 67.526307][ T6920] RDX: 0000000020000080 RSI: 000000000000560a RDI: 0000000000000004 [ 67.526311][ T6920] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 67.526316][ T6920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10 [ 67.526320][ T6920] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000 [ 67.527857][ T6920] Kernel Offset: disabled [ 68.525775][ T6920] Rebooting in 86400 seconds..