[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 335.314751][ T2569] kworker/dying (2569) used greatest stack depth: 24144 bytes left Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts. 2020/07/28 09:40:39 parsed 1 programs 2020/07/28 09:40:40 executed programs: 0 [ 1045.996471][ T6849] IPVS: ftp: loaded support on port[0] = 21 [ 1046.081920][ T6849] chnl_net:caif_netlink_parms(): no params data found [ 1046.126108][ T6849] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.133620][ T6849] bridge0: port 1(bridge_slave_0) entered disabled state [ 1046.142873][ T6849] device bridge_slave_0 entered promiscuous mode [ 1046.151162][ T6849] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.158335][ T6849] bridge0: port 2(bridge_slave_1) entered disabled state [ 1046.165918][ T6849] device bridge_slave_1 entered promiscuous mode [ 1046.184043][ T6849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1046.194788][ T6849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1046.215114][ T6849] team0: Port device team_slave_0 added [ 1046.222205][ T6849] team0: Port device team_slave_1 added [ 1046.237855][ T6849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1046.244917][ T6849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1046.270976][ T6849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1046.282981][ T6849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1046.289971][ T6849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1046.315879][ T6849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1046.391396][ T6849] device hsr_slave_0 entered promiscuous mode [ 1046.448476][ T6849] device hsr_slave_1 entered promiscuous mode [ 1046.577539][ T6849] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1046.630746][ T6849] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1046.670453][ T6849] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1046.710164][ T6849] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1046.761288][ T6849] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.768449][ T6849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1046.775909][ T6849] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.783006][ T6849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1046.817152][ T6849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1046.831153][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1046.841556][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 1046.850080][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 1046.857637][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1046.870100][ T6849] 8021q: adding VLAN 0 to HW filter on device team0 [ 1046.881623][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1046.890057][ T6818] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.897114][ T6818] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1046.918710][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1046.926981][ T6818] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.934057][ T6818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1046.943650][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1046.952241][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1046.965889][ T6849] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1046.976880][ T6849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1046.989622][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1046.997300][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1047.005964][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1047.014428][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1047.029759][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1047.037087][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1047.050127][ T6849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1047.067031][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1047.085982][ T6849] device veth0_vlan entered promiscuous mode [ 1047.092747][ T7060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1047.101629][ T7060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1047.112466][ T7060] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1047.120902][ T7060] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1047.131773][ T6849] device veth1_vlan entered promiscuous mode [ 1047.151288][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1047.159570][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1047.167427][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1047.176859][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1047.188357][ T6849] device veth0_macvtap entered promiscuous mode [ 1047.197550][ T6849] device veth1_macvtap entered promiscuous mode [ 1047.212367][ T6849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1047.220716][ T7060] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1047.230269][ T7060] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1047.238719][ T7060] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1047.247020][ T7060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1047.258553][ T6849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1047.270422][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1047.278953][ T6818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1048.348016][ T7095] ================================================================== [ 1048.348161][ T7095] BUG: KASAN: slab-out-of-bounds in vc_do_resize+0xe2e/0x1d00 [ 1048.348168][ T7095] Read of size 4 at addr ffff8880a500faa0 by task syz-executor.0/7095 [ 1048.348170][ T7095] [ 1048.348177][ T7095] CPU: 1 PID: 7095 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0 [ 1048.348181][ T7095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.348183][ T7095] Call Trace: [ 1048.348210][ T7095] dump_stack+0x1f0/0x31e [ 1048.348288][ T7095] print_address_description+0x66/0x5a0 [ 1048.348340][ T7095] ? vprintk_emit+0x342/0x3c0 [ 1048.348348][ T7095] ? printk+0x62/0x83 [ 1048.348354][ T7095] ? vprintk_emit+0x339/0x3c0 [ 1048.348361][ T7095] kasan_report+0x132/0x1d0 [ 1048.348368][ T7095] ? vc_do_resize+0xe2e/0x1d00 [ 1048.348376][ T7095] check_memory_region+0x2b5/0x2f0 [ 1048.348381][ T7095] ? vc_do_resize+0xe2e/0x1d00 [ 1048.348387][ T7095] memcpy+0x25/0x60 [ 1048.348394][ T7095] vc_do_resize+0xe2e/0x1d00 [ 1048.348432][ T7095] ? fb_match_mode+0x59b/0x6e0 [ 1048.348442][ T7095] fbcon_modechanged+0x710/0xd90 [ 1048.348451][ T7095] fb_set_var+0x825/0xcc0 [ 1048.348469][ T7095] do_fb_ioctl+0x502/0x6f0 [ 1048.348484][ T7095] ? fb_write+0x540/0x540 [ 1048.348519][ T7095] __se_sys_ioctl+0xf9/0x160 [ 1048.348571][ T7095] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1048.348581][ T7095] do_syscall_64+0x73/0xe0 [ 1048.348587][ T7095] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1048.348593][ T7095] RIP: 0033:0x45c369 [ 1048.348600][ T7095] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1048.348604][ T7095] RSP: 002b:00007f16624a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1048.348610][ T7095] RAX: ffffffffffffffda RBX: 000000000000d540 RCX: 000000000045c369 [ 1048.348613][ T7095] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000005 [ 1048.348617][ T7095] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 1048.348620][ T7095] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 1048.348623][ T7095] R13: 00007ffd8d31687f R14: 00007f16624a59c0 R15: 000000000078bfac [ 1048.348632][ T7095] [ 1048.348635][ T7095] Allocated by task 3893: [ 1048.348642][ T7095] __kasan_kmalloc+0x103/0x140 [ 1048.348646][ T7095] __kmalloc+0x24b/0x330 [ 1048.348678][ T7095] tomoyo_encode2+0x25a/0x560 [ 1048.348686][ T7095] tomoyo_realpath_from_path+0x5d6/0x630 [ 1048.348698][ T7095] tomoyo_check_open_permission+0x1b6/0x900 [ 1048.348739][ T7095] security_file_open+0x50/0xc0 [ 1048.348770][ T7095] do_dentry_open+0x3cd/0x1070 [ 1048.348777][ T7095] path_openat+0x278d/0x37f0 [ 1048.348783][ T7095] do_filp_open+0x191/0x3a0 [ 1048.348800][ T7095] do_sys_openat2+0x463/0x770 [ 1048.348804][ T7095] __x64_sys_open+0x1af/0x1e0 [ 1048.348809][ T7095] do_syscall_64+0x73/0xe0 [ 1048.348814][ T7095] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1048.348816][ T7095] [ 1048.348819][ T7095] Freed by task 3893: [ 1048.348824][ T7095] __kasan_slab_free+0x114/0x170 [ 1048.348829][ T7095] kfree+0x10a/0x220 [ 1048.348834][ T7095] tomoyo_check_open_permission+0x6e2/0x900 [ 1048.348838][ T7095] security_file_open+0x50/0xc0 [ 1048.348843][ T7095] do_dentry_open+0x3cd/0x1070 [ 1048.348847][ T7095] path_openat+0x278d/0x37f0 [ 1048.348851][ T7095] do_filp_open+0x191/0x3a0 [ 1048.348855][ T7095] do_sys_openat2+0x463/0x770 [ 1048.348860][ T7095] __x64_sys_open+0x1af/0x1e0 [ 1048.348864][ T7095] do_syscall_64+0x73/0xe0 [ 1048.348869][ T7095] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1048.348871][ T7095] [ 1048.348875][ T7095] The buggy address belongs to the object at ffff8880a500fa80 [ 1048.348875][ T7095] which belongs to the cache kmalloc-32 of size 32 [ 1048.348880][ T7095] The buggy address is located 0 bytes to the right of [ 1048.348880][ T7095] 32-byte region [ffff8880a500fa80, ffff8880a500faa0) [ 1048.348883][ T7095] The buggy address belongs to the page: [ 1048.348890][ T7095] page:ffffea00029403c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a500ffc1 [ 1048.348895][ T7095] flags: 0xfffe0000000200(slab) [ 1048.348902][ T7095] raw: 00fffe0000000200 ffffea00029dfcc8 ffffea0002565fc8 ffff8880aa4001c0 [ 1048.348908][ T7095] raw: ffff8880a500ffc1 ffff8880a500f000 000000010000003f 0000000000000000 [ 1048.348911][ T7095] page dumped because: kasan: bad access detected [ 1048.348913][ T7095] [ 1048.348915][ T7095] Memory state around the buggy address: [ 1048.348919][ T7095] ffff8880a500f980: 05 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 1048.348924][ T7095] ffff8880a500fa00: 00 04 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 1048.348928][ T7095] >ffff8880a500fa80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 1048.348930][ T7095] ^ [ 1048.348934][ T7095] ffff8880a500fb00: 05 fc fc fc fc fc fc fc 05 fc fc fc fc fc fc fc [ 1048.348938][ T7095] ffff8880a500fb80: 05 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 1048.348941][ T7095] ================================================================== [ 1048.348943][ T7095] Disabling lock debugging due to kernel taint [ 1048.348946][ T7095] Kernel panic - not syncing: panic_on_warn set ... [ 1048.348952][ T7095] CPU: 1 PID: 7095 Comm: syz-executor.0 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 1048.348955][ T7095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.348957][ T7095] Call Trace: [ 1048.348963][ T7095] dump_stack+0x1f0/0x31e [ 1048.349008][ T7095] panic+0x264/0x7a0 [ 1048.349030][ T7095] ? trace_hardirqs_on+0x30/0x80 [ 1048.349037][ T7095] kasan_report+0x1c9/0x1d0 [ 1048.349042][ T7095] ? vc_do_resize+0xe2e/0x1d00 [ 1048.349054][ T7095] check_memory_region+0x2b5/0x2f0 [ 1048.349059][ T7095] ? vc_do_resize+0xe2e/0x1d00 [ 1048.349064][ T7095] memcpy+0x25/0x60 [ 1048.349069][ T7095] vc_do_resize+0xe2e/0x1d00 [ 1048.349078][ T7095] ? fb_match_mode+0x59b/0x6e0 [ 1048.349084][ T7095] fbcon_modechanged+0x710/0xd90 [ 1048.349090][ T7095] fb_set_var+0x825/0xcc0 [ 1048.349100][ T7095] do_fb_ioctl+0x502/0x6f0 [ 1048.349109][ T7095] ? fb_write+0x540/0x540 [ 1048.349113][ T7095] __se_sys_ioctl+0xf9/0x160 [ 1048.349118][ T7095] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1048.349123][ T7095] do_syscall_64+0x73/0xe0 [ 1048.349128][ T7095] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1048.349132][ T7095] RIP: 0033:0x45c369 [ 1048.349137][ T7095] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1048.349140][ T7095] RSP: 002b:00007f16624a4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1048.349145][ T7095] RAX: ffffffffffffffda RBX: 000000000000d540 RCX: 000000000045c369 [ 1048.349148][ T7095] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000005 [ 1048.349151][ T7095] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 1048.349153][ T7095] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 1048.349156][ T7095] R13: 00007ffd8d31687f R14: 00007f16624a59c0 R15: 000000000078bfac [ 1048.350338][ T7095] Kernel Offset: disabled [ 1049.022298][ T7095] Rebooting in 86400 seconds..