[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   57.284112][ T7127] netlink: 1996 bytes leftover after parsing attributes in process `syz-executor576'.
[   57.294293][ T7127] sch_tbf: burst 549 is lower than device lo mtu (65550) !
[   57.309510][ T7127] ==================================================================
[   57.317750][ T7127] BUG: KASAN: slab-out-of-bounds in skb_gso_transport_seglen+0x344/0x360
[   57.326181][ T7127] Read of size 2 at addr ffff8880a6d1765c by task syz-executor576/7127
[   57.334427][ T7127] 
[   57.336759][ T7127] CPU: 0 PID: 7127 Comm: syz-executor576 Not tainted 5.7.0-rc2-syzkaller #0
[   57.345422][ T7127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.355472][ T7127] Call Trace:
[   57.358785][ T7127]  dump_stack+0x188/0x20d
[   57.363102][ T7127]  print_address_description.constprop.0.cold+0xd3/0x315
[   57.370126][ T7127]  ? skb_gso_transport_seglen+0x344/0x360
[   57.375849][ T7127]  __kasan_report.cold+0x35/0x4d
[   57.380780][ T7127]  ? skb_gso_transport_seglen+0x344/0x360
[   57.386480][ T7127]  ? skb_gso_transport_seglen+0x344/0x360
[   57.392185][ T7127]  kasan_report+0x33/0x50
[   57.396518][ T7127]  skb_gso_transport_seglen+0x344/0x360
[   57.402170][ T7127]  skb_gso_validate_mac_len+0x85/0x290
[   57.407655][ T7127]  tbf_enqueue+0x1f2/0x990
[   57.412077][ T7127]  ? rwlock_bug.part.0+0x90/0x90
[   57.417007][ T7127]  ? rcu_read_lock_bh_held+0x5a/0xb0
[   57.422320][ T7127]  ? rcu_read_lock_sched_held+0xd0/0xd0
[   57.427859][ T7127]  __dev_queue_xmit+0x154a/0x30a0
[   57.432888][ T7127]  ? netdev_core_pick_tx+0x2e0/0x2e0
[   57.438173][ T7127]  ? copyin+0x10e/0x140
[   57.442342][ T7127]  ? copy_page_from_iter+0x5de/0x840
[   57.447712][ T7127]  ? packet_parse_headers.isra.0+0x117/0x470
[   57.453679][ T7127]  ? __unregister_prot_hook+0x320/0x320
[   57.459213][ T7127]  ? packet_sendmsg+0x23cc/0x5ce0
[   57.464223][ T7127]  packet_sendmsg+0x23cc/0x5ce0
[   57.469069][ T7127]  ? mark_held_locks+0xe0/0xe0
[   57.473852][ T7127]  ? aa_label_sk_perm+0x89/0xe0
[   57.478696][ T7127]  ? aa_sk_perm+0x319/0xab0
[   57.483203][ T7127]  ? packet_notifier+0x860/0x860
[   57.488136][ T7127]  ? aa_af_perm+0x260/0x260
[   57.492642][ T7127]  ? packet_do_bind+0x452/0xc00
[   57.497524][ T7127]  ? packet_notifier+0x860/0x860
[   57.502475][ T7127]  sock_sendmsg+0xcf/0x120
[   57.506881][ T7127]  __sys_sendto+0x220/0x330
[   57.511368][ T7127]  ? __ia32_sys_getpeername+0xb0/0xb0
[   57.516819][ T7127]  ? packet_do_bind+0x452/0xc00
[   57.521674][ T7127]  ? __sys_bind+0x13e/0x250
[   57.526177][ T7127]  ? __ia32_sys_socketpair+0xf0/0xf0
[   57.531456][ T7127]  ? fpregs_mark_activate+0x320/0x320
[   57.536812][ T7127]  __ia32_sys_sendto+0xdb/0x1b0
[   57.541650][ T7127]  ? lockdep_hardirqs_on+0x463/0x620
[   57.546969][ T7127]  do_fast_syscall_32+0x270/0xe90
[   57.551987][ T7127]  entry_SYSENTER_compat+0x70/0x7f
[   57.557089][ T7127] 
[   57.559446][ T7127] Allocated by task 7127:
[   57.563762][ T7127]  save_stack+0x1b/0x40
[   57.567897][ T7127]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   57.573513][ T7127]  __kmalloc_reserve.isra.0+0x39/0xe0
[   57.578864][ T7127]  __alloc_skb+0xef/0x5a0
[   57.583174][ T7127]  alloc_skb_with_frags+0x92/0x560
[   57.588277][ T7127]  sock_alloc_send_pskb+0x734/0x890
[   57.593479][ T7127]  packet_sendmsg+0x1947/0x5ce0
[   57.598323][ T7127]  sock_sendmsg+0xcf/0x120
[   57.602749][ T7127]  __sys_sendto+0x220/0x330
[   57.607292][ T7127]  __ia32_sys_sendto+0xdb/0x1b0
[   57.612133][ T7127]  do_fast_syscall_32+0x270/0xe90
[   57.617328][ T7127]  entry_SYSENTER_compat+0x70/0x7f
[   57.622414][ T7127] 
[   57.624723][ T7127] Freed by task 6967:
[   57.628687][ T7127]  save_stack+0x1b/0x40
[   57.632828][ T7127]  __kasan_slab_free+0xf7/0x140
[   57.637660][ T7127]  kfree+0x109/0x2b0
[   57.641540][ T7127]  tomoyo_supervisor+0x34d/0xee0
[   57.646466][ T7127]  tomoyo_path_permission+0x257/0x360
[   57.651820][ T7127]  tomoyo_check_open_permission+0x336/0x370
[   57.657691][ T7127]  tomoyo_file_open+0xa3/0xd0
[   57.662355][ T7127]  security_file_open+0x6e/0x410
[   57.667282][ T7127]  do_dentry_open+0x358/0x1290
[   57.672023][ T7127]  path_openat+0x1e59/0x27d0
[   57.676601][ T7127]  do_filp_open+0x192/0x260
[   57.681099][ T7127]  do_sys_openat2+0x585/0x7d0
[   57.685763][ T7127]  do_sys_open+0xc3/0x140
[   57.690071][ T7127]  do_syscall_64+0xf6/0x7d0
[   57.694556][ T7127]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   57.700418][ T7127] 
[   57.702724][ T7127] The buggy address belongs to the object at ffff8880a6d17400
[   57.702724][ T7127]  which belongs to the cache kmalloc-512 of size 512
[   57.716777][ T7127] The buggy address is located 92 bytes to the right of
[   57.716777][ T7127]  512-byte region [ffff8880a6d17400, ffff8880a6d17600)
[   57.730517][ T7127] The buggy address belongs to the page:
[   57.736144][ T7127] page:ffffea00029b45c0 refcount:1 mapcount:0 mapping:00000000bdc4e33c index:0x0
[   57.745237][ T7127] flags: 0xfffe0000000200(slab)
[   57.750093][ T7127] raw: 00fffe0000000200 ffffea00028c6ac8 ffffea00028dca48 ffff8880aa000a80
[   57.758660][ T7127] raw: 0000000000000000 ffff8880a6d17000 0000000100000004 0000000000000000
[   57.767222][ T7127] page dumped because: kasan: bad access detected
[   57.773622][ T7127] 
[   57.775930][ T7127] Memory state around the buggy address:
[   57.782325][ T7127]  ffff8880a6d17500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.790422][ T7127]  ffff8880a6d17580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.798523][ T7127] >ffff8880a6d17600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.806586][ T7127]                                                     ^
[   57.813509][ T7127]  ffff8880a6d17680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.821558][ T7127]  ffff8880a6d17700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.829606][ T7127] ==================================================================
[   57.837665][ T7127] Disabling lock debugging due to kernel taint
[   57.843867][ T7127] Kernel panic - not syncing: panic_on_warn set ...
[   57.850477][ T7127] CPU: 0 PID: 7127 Comm: syz-executor576 Tainted: G    B             5.7.0-rc2-syzkaller #0
[   57.860541][ T7127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.870604][ T7127] Call Trace:
[   57.873913][ T7127]  dump_stack+0x188/0x20d
[   57.878238][ T7127]  panic+0x2e3/0x75c
[   57.882119][ T7127]  ? add_taint.cold+0x16/0x16
[   57.886805][ T7127]  ? skb_gso_transport_seglen+0x344/0x360
[   57.892550][ T7127]  ? trace_hardirqs_on+0x55/0x220
[   57.897575][ T7127]  ? skb_gso_transport_seglen+0x344/0x360
[   57.903305][ T7127]  end_report+0x4d/0x53
[   57.907452][ T7127]  __kasan_report.cold+0xd/0x4d
[   57.912299][ T7127]  ? skb_gso_transport_seglen+0x344/0x360
[   57.917996][ T7127]  ? skb_gso_transport_seglen+0x344/0x360
[   57.923701][ T7127]  kasan_report+0x33/0x50
[   57.928011][ T7127]  skb_gso_transport_seglen+0x344/0x360
[   57.933534][ T7127]  skb_gso_validate_mac_len+0x85/0x290
[   57.938972][ T7127]  tbf_enqueue+0x1f2/0x990
[   57.943382][ T7127]  ? rwlock_bug.part.0+0x90/0x90
[   57.948299][ T7127]  ? rcu_read_lock_bh_held+0x5a/0xb0
[   57.953577][ T7127]  ? rcu_read_lock_sched_held+0xd0/0xd0
[   57.959104][ T7127]  __dev_queue_xmit+0x154a/0x30a0
[   57.964124][ T7127]  ? netdev_core_pick_tx+0x2e0/0x2e0
[   57.969392][ T7127]  ? copyin+0x10e/0x140
[   57.973533][ T7127]  ? copy_page_from_iter+0x5de/0x840
[   57.978817][ T7127]  ? packet_parse_headers.isra.0+0x117/0x470
[   57.984879][ T7127]  ? __unregister_prot_hook+0x320/0x320
[   57.990416][ T7127]  ? packet_sendmsg+0x23cc/0x5ce0
[   57.995424][ T7127]  packet_sendmsg+0x23cc/0x5ce0
[   58.000307][ T7127]  ? mark_held_locks+0xe0/0xe0
[   58.005073][ T7127]  ? aa_label_sk_perm+0x89/0xe0
[   58.009910][ T7127]  ? aa_sk_perm+0x319/0xab0
[   58.014412][ T7127]  ? packet_notifier+0x860/0x860
[   58.019333][ T7127]  ? aa_af_perm+0x260/0x260
[   58.023837][ T7127]  ? packet_do_bind+0x452/0xc00
[   58.028669][ T7127]  ? packet_notifier+0x860/0x860
[   58.033592][ T7127]  sock_sendmsg+0xcf/0x120
[   58.037993][ T7127]  __sys_sendto+0x220/0x330
[   58.042480][ T7127]  ? __ia32_sys_getpeername+0xb0/0xb0
[   58.048025][ T7127]  ? packet_do_bind+0x452/0xc00
[   58.052875][ T7127]  ? __sys_bind+0x13e/0x250
[   58.057360][ T7127]  ? __ia32_sys_socketpair+0xf0/0xf0
[   58.062629][ T7127]  ? fpregs_mark_activate+0x320/0x320
[   58.068000][ T7127]  __ia32_sys_sendto+0xdb/0x1b0
[   58.072849][ T7127]  ? lockdep_hardirqs_on+0x463/0x620
[   58.078302][ T7127]  do_fast_syscall_32+0x270/0xe90
[   58.083318][ T7127]  entry_SYSENTER_compat+0x70/0x7f
[   58.089718][ T7127] Kernel Offset: disabled
[   58.094058][ T7127] Rebooting in 86400 seconds..