Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting Permit User Sessions... [ OK ] Started System Logging Service. [ OK ] Found device /dev/ttyS0. [ 62.205486][ T8144] sshd (8144) used greatest stack depth: 22912 bytes left [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 81.308494][ T35] audit: type=1400 audit(1611375784.059:8): avc: denied { execmem } for pid=8459 comm="syz-executor482" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 81.326807][ T8460] IPVS: ftp: loaded support on port[0] = 21 [ 81.376322][ T35] audit: type=1107 audit(1611375784.129:9): pid=8460 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 msg='7O!`wfe7pTK)օN [ 81.376322][ T35] k?)={|o8GcRBi%Tױ9k [ 81.376322][ T35] -R{;w6WQ"mBTA~}̿9$4UyncW4$@3]m'Q;kevw}γ)bwLowE` =ABaX>1R3(cH]sVE@ ]]ޱx2K}Swu'd^|T(iLm&j%g|L"~\P4a$e./㠣Ȏ~iS&oX6iaOLۊYx^EC{AJCU\ "qot.}WS' [ 81.378545][ T35] ================================================================== [ 81.378559][ T35] BUG: KASAN: global-out-of-bounds in record_print_text+0x33f/0x380 [ 81.378566][ T35] Write of size 1 at addr ffffffff8f08d01e by task kauditd/35 [ 81.378571][ T35] [ 81.378574][ T35] CPU: 0 PID: 35 Comm: kauditd Not tainted 5.11.0-rc4-syzkaller #0 [ 81.378581][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.378587][ T35] Call Trace: [ 81.378589][ T35] dump_stack+0x107/0x163 [ 81.378593][ T35] ? record_print_text+0x33f/0x380 [ 81.378597][ T35] ? record_print_text+0x33f/0x380 [ 81.378601][ T35] print_address_description.constprop.0.cold+0x5/0x2c6 [ 81.378606][ T35] ? record_print_text+0x33f/0x380 [ 81.378610][ T35] ? record_print_text+0x33f/0x380 [ 81.378613][ T35] kasan_report.cold+0x79/0xd5 [ 81.378617][ T35] ? record_print_text+0x33f/0x380 [ 81.378621][ T35] record_print_text+0x33f/0x380 [ 81.378625][ T35] ? get_record_print_text_size+0x110/0x110 [ 81.378629][ T35] ? prb_read_valid+0x75/0xa0 [ 81.378632][ T35] ? prb_final_commit+0x20/0x20 [ 81.378636][ T35] ? console_unlock+0x850/0xbb0 [ 81.378640][ T35] console_unlock+0x318/0xbb0 [ 81.378643][ T35] ? devkmsg_read+0x740/0x740 [ 81.378647][ T35] ? lock_release+0x710/0x710 [ 81.378650][ T35] ? vprintk_func+0x8d/0x1e0 [ 81.378654][ T35] vprintk_emit+0x189/0x490 [ 81.378657][ T35] vprintk_func+0x8d/0x1e0 [ 81.378661][ T35] printk+0xba/0xed [ 81.378664][ T35] ? record_print_text.cold+0x16/0x16 [ 81.378668][ T35] ? lockdep_hardirqs_on+0x79/0x100 [ 81.378672][ T35] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 81.378676][ T35] ? ___ratelimit+0x21c/0x460 [ 81.378679][ T35] kauditd_hold_skb.cold+0x41/0x50 [ 81.378683][ T35] ? auditd_pid_vnr+0x230/0x230 [ 81.378687][ T35] kauditd_send_queue+0x19d/0x210 [ 81.378691][ T35] ? audit_log_lost+0x180/0x180 [ 81.378694][ T35] kauditd_thread+0x7f0/0xb80 [ 81.378698][ T35] ? auditd_reset+0x170/0x170 [ 81.378701][ T35] ? finish_wait+0x260/0x260 [ 81.378705][ T35] ? lockdep_hardirqs_on+0x79/0x100 [ 81.378709][ T35] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 81.378713][ T35] ? __kthread_parkme+0x13f/0x1e0 [ 81.378717][ T35] ? auditd_reset+0x170/0x170 [ 81.378721][ T35] kthread+0x3b1/0x4a0 [ 81.378724][ T35] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 81.378728][ T35] ret_from_fork+0x1f/0x30 [ 81.378731][ T35] [ 81.378734][ T35] The buggy address belongs to the variable: [ 81.378739][ T35] console_waiter+0x3e/0x40 [ 81.378742][ T35] [ 81.378745][ T35] Memory state around the buggy address: [ 81.378750][ T35] ffffffff8f08cf00: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 [ 81.378757][ T35] ffffffff8f08cf80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 [ 81.378763][ T35] >ffffffff8f08d000: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 [ 81.378768][ T35] ^ [ 81.378773][ T35] ffffffff8f08d080: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 f9 f9 [ 81.378779][ T35] ffffffff8f08d100: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.378785][ T35] ================================================================== [ 81.378791][ T35] Disabling lock debugging due to kernel taint [ 81.378796][ T35] Kernel panic - not syncing: panic_on_warn set ... [ 81.378802][ T35] CPU: 0 PID: 35 Comm: kauditd Tainted: G B 5.11.0-rc4-syzkaller #0 [ 81.378809][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.378814][ T35] Call Trace: [ 81.378817][ T35] dump_stack+0x107/0x163 [ 81.378821][ T35] ? record_print_text+0x2e0/0x380 [ 81.378824][ T35] panic+0x306/0x73d [ 81.378827][ T35] ? __warn_printk+0xf3/0xf3 [ 81.378831][ T35] ? record_print_text+0x33f/0x380 [ 81.378835][ T35] ? record_print_text+0x33f/0x380 [ 81.378839][ T35] ? record_print_text+0x33f/0x380 [ 81.378842][ T35] end_report+0x58/0x5e [ 81.378846][ T35] kasan_report.cold+0x67/0xd5 [ 81.378849][ T35] ? record_print_text+0x33f/0x380 [ 81.378853][ T35] record_print_text+0x33f/0x380 [ 81.378857][ T35] ? get_record_print_text_size+0x110/0x110 [ 81.378861][ T35] ? prb_read_valid+0x75/0xa0 [ 81.378865][ T35] ? prb_final_commit+0x20/0x20 [ 81.378868][ T35] ? console_unlock+0x850/0xbb0 [ 81.378872][ T35] console_unlock+0x318/0xbb0 [ 81.378876][ T35] ? devkmsg_read+0x740/0x740 [ 81.378879][ T35] ? lock_release+0x710/0x710 [ 81.378883][ T35] ? vprintk_func+0x8d/0x1e0 [ 81.378886][ T35] vprintk_emit+0x189/0x490 [ 81.378889][ T35] vprintk_func+0x8d/0x1e0 [ 81.378893][ T35] printk+0xba/0xed [ 81.378896][ T35] ? record_print_text.cold+0x16/0x16 [ 81.378900][ T35] ? lockdep_hardirqs_on+0x79/0x100 [ 81.378904][ T35] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 81.378908][ T35] ? ___ratelimit+0x21c/0x460 [ 81.378912][ T35] kauditd_hold_skb.cold+0x41/0x50 [ 81.378915][ T35] ? auditd_pid_vnr+0x230/0x230 [ 81.378919][ T35] kauditd_send_queue+0x19d/0x210 [ 81.378923][ T35] ? audit_log_lost+0x180/0x180 [ 81.378927][ T35] kauditd_thread+0x7f0/0xb80 [ 81.378930][ T35] ? auditd_reset+0x170/0x170 [ 81.378934][ T35] ? finish_wait+0x260/0x260 [ 81.378937][ T35] ? lockdep_hardirqs_on+0x79/0x100 [ 81.378942][ T35] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 81.378946][ T35] ? __kthread_parkme+0x13f/0x1e0 [ 81.378950][ T35] ? auditd_reset+0x170/0x170 [ 81.378953][ T35] kthread+0x3b1/0x4a0 [ 81.378957][ T35] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 81.378961][ T35] ret_from_fork+0x1f/0x30 [ 81.378964][ T35] Kernel Offset: disabled