[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.167' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   54.044792][ T6829] ==================================================================
[   54.052969][ T6829] BUG: KASAN: slab-out-of-bounds in qrtr_endpoint_post+0xeeb/0x1010
[   54.060920][ T6829] Read of size 2 at addr ffff8880a848f3c8 by task syz-executor063/6829
[   54.072594][ T6829] 
[   54.074902][ T6829] CPU: 0 PID: 6829 Comm: syz-executor063 Not tainted 5.8.0-rc2-next-20200626-syzkaller #0
[   54.084758][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.094786][ T6829] Call Trace:
[   54.098073][ T6829]  dump_stack+0x18f/0x20d
[   54.102397][ T6829]  ? qrtr_endpoint_post+0xeeb/0x1010
[   54.107661][ T6829]  ? qrtr_endpoint_post+0xeeb/0x1010
[   54.112923][ T6829]  print_address_description.constprop.0.cold+0xae/0x436
[   54.119959][ T6829]  ? lockdep_hardirqs_off+0x66/0xa0
[   54.125131][ T6829]  ? vprintk_func+0x97/0x1a6
[   54.129697][ T6829]  ? qrtr_endpoint_post+0xeeb/0x1010
[   54.134954][ T6829]  kasan_report.cold+0x1f/0x37
[   54.139694][ T6829]  ? __netdev_alloc_skb+0x80/0x420
[   54.144777][ T6829]  ? qrtr_endpoint_post+0xeeb/0x1010
[   54.150035][ T6829]  qrtr_endpoint_post+0xeeb/0x1010
[   54.155122][ T6829]  qrtr_tun_write_iter+0xf5/0x180
[   54.160132][ T6829]  do_iter_readv_writev+0x567/0x780
[   54.165305][ T6829]  ? get_order+0x20/0x20
[   54.169521][ T6829]  ? apparmor_file_permission+0x26e/0x4e0
[   54.175221][ T6829]  do_iter_write+0x188/0x5f0
[   54.179797][ T6829]  ? trace_hardirqs_off+0x27/0x210
[   54.184882][ T6829]  vfs_writev+0x1aa/0x2e0
[   54.189186][ T6829]  ? vfs_iter_write+0xa0/0xa0
[   54.193851][ T6829]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   54.199372][ T6829]  ? putname+0xe1/0x120
[   54.203501][ T6829]  ? build_open_flags+0x650/0x650
[   54.208501][ T6829]  ? _down_write_nest_lock+0x150/0x150
[   54.213938][ T6829]  __x64_sys_pwritev+0x231/0x310
[   54.218850][ T6829]  ? __ia32_sys_preadv2+0x150/0x150
[   54.224023][ T6829]  ? lock_is_held_type+0xb0/0xe0
[   54.228933][ T6829]  ? do_syscall_64+0x1c/0xe0
[   54.233496][ T6829]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   54.239463][ T6829]  do_syscall_64+0x60/0xe0
[   54.243854][ T6829]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   54.249718][ T6829] RIP: 0033:0x4401d9
[   54.253595][ T6829] Code: Bad RIP value.
[   54.257633][ T6829] RSP: 002b:00007fffece3f658 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[   54.266031][ T6829] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9
[   54.274071][ T6829] RDX: 0000000000000001 RSI: 0000000020000440 RDI: 0000000000000003
[   54.282133][ T6829] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   54.290098][ T6829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60
[   54.298045][ T6829] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   54.306000][ T6829] 
[   54.308304][ T6829] Allocated by task 6829:
[   54.312658][ T6829]  save_stack+0x1b/0x40
[   54.316786][ T6829]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   54.322477][ T6829]  __kmalloc+0x18f/0x4d0
[   54.326696][ T6829]  qrtr_tun_write_iter+0x8a/0x180
[   54.331690][ T6829]  do_iter_readv_writev+0x567/0x780
[   54.336859][ T6829]  do_iter_write+0x188/0x5f0
[   54.341420][ T6829]  vfs_writev+0x1aa/0x2e0
[   54.345722][ T6829]  __x64_sys_pwritev+0x231/0x310
[   54.350632][ T6829]  do_syscall_64+0x60/0xe0
[   54.355152][ T6829]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   54.361011][ T6829] 
[   54.363311][ T6829] Freed by task 6757:
[   54.367266][ T6829]  save_stack+0x1b/0x40
[   54.371398][ T6829]  __kasan_slab_free+0xf2/0x130
[   54.376219][ T6829]  kfree+0x103/0x2c0
[   54.380088][ T6829]  security_cred_free+0xc3/0x130
[   54.385010][ T6829]  put_cred_rcu+0x122/0x4a0
[   54.389484][ T6829]  __put_cred+0x1de/0x250
[   54.393783][ T6829]  revert_creds+0x1a8/0x1f0
[   54.398257][ T6829]  do_faccessat+0x2ca/0x820
[   54.402732][ T6829]  do_syscall_64+0x60/0xe0
[   54.407121][ T6829]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   54.412993][ T6829] 
[   54.415302][ T6829] The buggy address belongs to the object at ffff8880a848f3c0
[   54.415302][ T6829]  which belongs to the cache kmalloc-32 of size 32
[   54.429158][ T6829] The buggy address is located 8 bytes inside of
[   54.429158][ T6829]  32-byte region [ffff8880a848f3c0, ffff8880a848f3e0)
[   54.442149][ T6829] The buggy address belongs to the page:
[   54.447776][ T6829] page:ffffea0002a123c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a848ffc1
[   54.458303][ T6829] flags: 0xfffe0000000200(slab)
[   54.463411][ T6829] raw: 00fffe0000000200 ffffea00029c2448 ffffea00027dc308 ffff8880aa000100
[   54.471973][ T6829] raw: ffff8880a848ffc1 ffff8880a848f000 0000000100000021 0000000000000000
[   54.480616][ T6829] page dumped because: kasan: bad access detected
[   54.487007][ T6829] 
[   54.489313][ T6829] Memory state around the buggy address:
[   54.495435][ T6829]  ffff8880a848f280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   54.503468][ T6829]  ffff8880a848f300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   54.511500][ T6829] >ffff8880a848f380: 06 fc fc fc fc fc fc fc 04 fc fc fc fc fc fc fc
[   54.519529][ T6829]                                               ^
[   54.525911][ T6829]  ffff8880a848f400: 05 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   54.533943][ T6829]  ffff8880a848f480: fb fb fb fb fc fc fc fc 07 fc fc fc fc fc fc fc
[   54.541973][ T6829] ==================================================================
[   54.550005][ T6829] Disabling lock debugging due to kernel taint
[   54.566733][ T6829] Kernel panic - not syncing: panic_on_warn set ...
[   54.573328][ T6829] CPU: 0 PID: 6829 Comm: syz-executor063 Tainted: G    B             5.8.0-rc2-next-20200626-syzkaller #0
[   54.584587][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.594700][ T6829] Call Trace:
[   54.597972][ T6829]  dump_stack+0x18f/0x20d
[   54.602291][ T6829]  ? qrtr_endpoint_post+0xe20/0x1010
[   54.607546][ T6829]  panic+0x2e3/0x75c
[   54.611412][ T6829]  ? __warn_printk+0xf3/0xf3
[   54.615972][ T6829]  ? preempt_schedule_common+0x59/0xc0
[   54.621412][ T6829]  ? qrtr_endpoint_post+0xeeb/0x1010
[   54.626668][ T6829]  ? preempt_schedule_thunk+0x16/0x18
[   54.632018][ T6829]  ? trace_hardirqs_on+0x55/0x220
[   54.637015][ T6829]  ? qrtr_endpoint_post+0xeeb/0x1010
[   54.642267][ T6829]  ? qrtr_endpoint_post+0xeeb/0x1010
[   54.647621][ T6829]  end_report+0x4d/0x53
[   54.651765][ T6829]  kasan_report.cold+0xd/0x37
[   54.656414][ T6829]  ? __netdev_alloc_skb+0x80/0x420
[   54.662450][ T6829]  ? qrtr_endpoint_post+0xeeb/0x1010
[   54.668312][ T6829]  qrtr_endpoint_post+0xeeb/0x1010
[   54.673393][ T6829]  qrtr_tun_write_iter+0xf5/0x180
[   54.678390][ T6829]  do_iter_readv_writev+0x567/0x780
[   54.683557][ T6829]  ? get_order+0x20/0x20
[   54.687769][ T6829]  ? apparmor_file_permission+0x26e/0x4e0
[   54.693460][ T6829]  do_iter_write+0x188/0x5f0
[   54.698026][ T6829]  ? trace_hardirqs_off+0x27/0x210
[   54.703119][ T6829]  vfs_writev+0x1aa/0x2e0
[   54.707418][ T6829]  ? vfs_iter_write+0xa0/0xa0
[   54.712077][ T6829]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   54.718028][ T6829]  ? putname+0xe1/0x120
[   54.724584][ T6829]  ? build_open_flags+0x650/0x650
[   54.729665][ T6829]  ? _down_write_nest_lock+0x150/0x150
[   54.735094][ T6829]  __x64_sys_pwritev+0x231/0x310
[   54.740005][ T6829]  ? __ia32_sys_preadv2+0x150/0x150
[   54.745173][ T6829]  ? lock_is_held_type+0xb0/0xe0
[   54.750081][ T6829]  ? do_syscall_64+0x1c/0xe0
[   54.754641][ T6829]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   54.760604][ T6829]  do_syscall_64+0x60/0xe0
[   54.764996][ T6829]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   54.770858][ T6829] RIP: 0033:0x4401d9
[   54.774717][ T6829] Code: Bad RIP value.
[   54.778753][ T6829] RSP: 002b:00007fffece3f658 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[   54.787133][ T6829] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9
[   54.795078][ T6829] RDX: 0000000000000001 RSI: 0000000020000440 RDI: 0000000000000003
[   54.803020][ T6829] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   54.810964][ T6829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60
[   54.818919][ T6829] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   54.828147][ T6829] Kernel Offset: disabled
[   54.832460][ T6829] Rebooting in 86400 seconds..