[ 88.867575][ T26] audit: type=1800 audit(1580981408.937:26): pid=9641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 90.034245][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 90.034256][ T26] audit: type=1800 audit(1580981410.127:29): pid=9641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 90.060958][ T26] audit: type=1800 audit(1580981410.137:30): pid=9641 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 99.857921][ T9793] ================================================================== [ 99.866242][ T9793] BUG: KASAN: slab-out-of-bounds in suffix_kstrtoint.constprop.0+0x214/0x250 [ 99.875013][ T9793] Read of size 1 at addr ffff8880a4b5b3ff by task syz-executor933/9793 [ 99.883249][ T9793] [ 99.885586][ T9793] CPU: 0 PID: 9793 Comm: syz-executor933 Not tainted 5.5.0-next-20200206-syzkaller #0 [ 99.895285][ T9793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.905348][ T9793] Call Trace: [ 99.908627][ T9793] dump_stack+0x197/0x210 [ 99.912941][ T9793] ? suffix_kstrtoint.constprop.0+0x214/0x250 [ 99.919005][ T9793] print_address_description.constprop.0.cold+0xd4/0x30b [ 99.926351][ T9793] ? suffix_kstrtoint.constprop.0+0x214/0x250 [ 99.932433][ T9793] ? suffix_kstrtoint.constprop.0+0x214/0x250 [ 99.938487][ T9793] __kasan_report.cold+0x1b/0x32 [ 99.943421][ T9793] ? suffix_kstrtoint.constprop.0+0x214/0x250 [ 99.949487][ T9793] kasan_report+0x12/0x20 [ 99.953809][ T9793] __asan_report_load1_noabort+0x14/0x20 [ 99.959440][ T9793] suffix_kstrtoint.constprop.0+0x214/0x250 [ 99.965336][ T9793] ? xfs_fs_inode_init_once+0xd0/0xd0 [ 99.970710][ T9793] xfs_fc_parse_param+0x991/0xcd0 [ 99.975737][ T9793] ? suffix_kstrtoint.constprop.0+0x250/0x250 [ 99.981805][ T9793] ? __kmalloc_track_caller+0x540/0x760 [ 99.987370][ T9793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.993601][ T9793] ? suffix_kstrtoint.constprop.0+0x250/0x250 [ 99.999663][ T9793] vfs_parse_fs_param+0x2b4/0x610 [ 100.004681][ T9793] vfs_parse_fs_string+0x10a/0x170 [ 100.009793][ T9793] ? vfs_parse_fs_param+0x610/0x610 [ 100.014978][ T9793] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 100.020535][ T9793] generic_parse_monolithic+0x181/0x200 [ 100.026065][ T9793] ? vfs_parse_fs_string+0x170/0x170 [ 100.031522][ T9793] ? vfs_parse_fs_string+0x170/0x170 [ 100.036806][ T9793] parse_monolithic_mount_data+0x69/0x90 [ 100.042448][ T9793] do_mount+0x1310/0x1b50 [ 100.046764][ T9793] ? copy_mount_string+0x40/0x40 [ 100.051703][ T9793] ? _copy_from_user+0x12c/0x1a0 [ 100.056792][ T9793] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 100.063025][ T9793] __x64_sys_mount+0x192/0x230 [ 100.067912][ T9793] do_syscall_64+0xfa/0x790 [ 100.072423][ T9793] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.078772][ T9793] RIP: 0033:0x446a8a [ 100.084042][ T9793] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d ae fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a ae fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 100.105598][ T9793] RSP: 002b:00007ffc8d9430c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 100.115395][ T9793] RAX: ffffffffffffffda RBX: 00007ffc8d9430d0 RCX: 0000000000446a8a [ 100.124640][ T9793] RDX: 00007ffc8d9430d0 RSI: 0000000020000080 RDI: 00007ffc8d9430f0 [ 100.133870][ T9793] RBP: 0000000000000003 R08: 00007ffc8d943130 R09: 0000000000000000 [ 100.142858][ T9793] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc8d943130 [ 100.153381][ T9793] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 [ 100.161463][ T9793] [ 100.163789][ T9793] Allocated by task 9791: [ 100.168119][ T9793] save_stack+0x23/0x90 [ 100.172476][ T9793] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 100.178369][ T9793] kasan_kmalloc+0x9/0x10 [ 100.182768][ T9793] __kmalloc+0x163/0x770 [ 100.187008][ T9793] tomoyo_encode2.part.0+0xf5/0x400 [ 100.192205][ T9793] tomoyo_encode+0x2b/0x50 [ 100.196627][ T9793] tomoyo_realpath_from_path+0x19c/0x660 [ 100.202519][ T9793] tomoyo_path_perm+0x230/0x430 [ 100.207367][ T9793] tomoyo_inode_getattr+0x1d/0x30 [ 100.212389][ T9793] security_inode_getattr+0xf2/0x150 [ 100.219151][ T9793] vfs_getattr+0x25/0x70 [ 100.223476][ T9793] vfs_statx_fd+0x71/0xc0 [ 100.227815][ T9793] __do_sys_newfstat+0x9b/0x120 [ 100.232664][ T9793] __x64_sys_newfstat+0x54/0x80 [ 100.238565][ T9793] do_syscall_64+0xfa/0x790 [ 100.243178][ T9793] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.249657][ T9793] [ 100.252137][ T9793] Freed by task 9791: [ 100.256215][ T9793] save_stack+0x23/0x90 [ 100.261505][ T9793] __kasan_slab_free+0x102/0x150 [ 100.266526][ T9793] kasan_slab_free+0xe/0x10 [ 100.271121][ T9793] kfree+0x10a/0x2c0 [ 100.275011][ T9793] tomoyo_path_perm+0x24e/0x430 [ 100.279844][ T9793] tomoyo_inode_getattr+0x1d/0x30 [ 100.284853][ T9793] security_inode_getattr+0xf2/0x150 [ 100.290927][ T9793] vfs_getattr+0x25/0x70 [ 100.295168][ T9793] vfs_statx_fd+0x71/0xc0 [ 100.299599][ T9793] __do_sys_newfstat+0x9b/0x120 [ 100.305578][ T9793] __x64_sys_newfstat+0x54/0x80 [ 100.310430][ T9793] do_syscall_64+0xfa/0x790 [ 100.314925][ T9793] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.320818][ T9793] [ 100.323156][ T9793] The buggy address belongs to the object at ffff8880a4b5b3c0 [ 100.323156][ T9793] which belongs to the cache kmalloc-32 of size 32 [ 100.337110][ T9793] The buggy address is located 31 bytes to the right of [ 100.337110][ T9793] 32-byte region [ffff8880a4b5b3c0, ffff8880a4b5b3e0) [ 100.350810][ T9793] The buggy address belongs to the page: [ 100.360570][ T9793] page:ffffea000292d6c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a4b5bfc1 [ 100.372333][ T9793] flags: 0xfffe0000000200(slab) [ 100.377200][ T9793] raw: 00fffe0000000200 ffffea0002a15908 ffffea00025c80c8 ffff8880aa4001c0 [ 100.390472][ T9793] raw: ffff8880a4b5bfc1 ffff8880a4b5b000 0000000100000028 0000000000000000 [ 100.399532][ T9793] page dumped because: kasan: bad access detected [ 100.405950][ T9793] [ 100.408275][ T9793] Memory state around the buggy address: [ 100.413921][ T9793] ffff8880a4b5b280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 100.421980][ T9793] ffff8880a4b5b300: 00 03 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 100.430202][ T9793] >ffff8880a4b5b380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 100.440644][ T9793] ^ [ 100.450093][ T9793] ffff8880a4b5b400: 01 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 100.460449][ T9793] ffff8880a4b5b480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 100.470164][ T9793] ================================================================== [ 100.478329][ T9793] Disabling lock debugging due to kernel taint [ 100.489029][ T9793] Kernel panic - not syncing: panic_on_warn set ... [ 100.498897][ T9793] CPU: 0 PID: 9793 Comm: syz-executor933 Tainted: G B 5.5.0-next-20200206-syzkaller #0 [ 100.510685][ T9793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.520989][ T9793] Call Trace: [ 100.524603][ T9793] dump_stack+0x197/0x210 [ 100.529824][ T9793] panic+0x2e3/0x75c [ 100.534837][ T9793] ? add_taint.cold+0x16/0x16 [ 100.539537][ T9793] ? suffix_kstrtoint.constprop.0+0x214/0x250 [ 100.545792][ T9793] ? preempt_schedule+0x4b/0x60 [ 100.550636][ T9793] ? ___preempt_schedule+0x16/0x18 [ 100.555731][ T9793] ? trace_hardirqs_on+0x5e/0x240 [ 100.561710][ T9793] ? suffix_kstrtoint.constprop.0+0x214/0x250 [ 100.567769][ T9793] end_report+0x47/0x4f [ 100.573239][ T9793] ? suffix_kstrtoint.constprop.0+0x214/0x250 [ 100.579565][ T9793] __kasan_report.cold+0xe/0x32 [ 100.584413][ T9793] ? suffix_kstrtoint.constprop.0+0x214/0x250 [ 100.590647][ T9793] kasan_report+0x12/0x20 [ 100.597428][ T9793] __asan_report_load1_noabort+0x14/0x20 [ 100.604555][ T9793] suffix_kstrtoint.constprop.0+0x214/0x250 [ 100.610549][ T9793] ? xfs_fs_inode_init_once+0xd0/0xd0 [ 100.617638][ T9793] xfs_fc_parse_param+0x991/0xcd0 [ 100.622748][ T9793] ? suffix_kstrtoint.constprop.0+0x250/0x250 [ 100.628810][ T9793] ? __kmalloc_track_caller+0x540/0x760 [ 100.634580][ T9793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 100.641431][ T9793] ? suffix_kstrtoint.constprop.0+0x250/0x250 [ 100.648679][ T9793] vfs_parse_fs_param+0x2b4/0x610 [ 100.653841][ T9793] vfs_parse_fs_string+0x10a/0x170 [ 100.659314][ T9793] ? vfs_parse_fs_param+0x610/0x610 [ 100.664586][ T9793] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 100.670133][ T9793] generic_parse_monolithic+0x181/0x200 [ 100.675838][ T9793] ? vfs_parse_fs_string+0x170/0x170 [ 100.681140][ T9793] ? vfs_parse_fs_string+0x170/0x170 [ 100.686408][ T9793] parse_monolithic_mount_data+0x69/0x90 [ 100.692092][ T9793] do_mount+0x1310/0x1b50 [ 100.696404][ T9793] ? copy_mount_string+0x40/0x40 [ 100.701345][ T9793] ? _copy_from_user+0x12c/0x1a0 [ 100.706271][ T9793] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 100.712551][ T9793] __x64_sys_mount+0x192/0x230 [ 100.717298][ T9793] do_syscall_64+0xfa/0x790 [ 100.721805][ T9793] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.727683][ T9793] RIP: 0033:0x446a8a [ 100.731558][ T9793] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d ae fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a ae fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 100.751179][ T9793] RSP: 002b:00007ffc8d9430c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 100.759687][ T9793] RAX: ffffffffffffffda RBX: 00007ffc8d9430d0 RCX: 0000000000446a8a [ 100.767661][ T9793] RDX: 00007ffc8d9430d0 RSI: 0000000020000080 RDI: 00007ffc8d9430f0 [ 100.775667][ T9793] RBP: 0000000000000003 R08: 00007ffc8d943130 R09: 0000000000000000 [ 100.783647][ T9793] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc8d943130 [ 100.791609][ T9793] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 [ 100.800920][ T9793] Kernel Offset: disabled [ 100.805244][ T9793] Rebooting in 86400 seconds..