[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.15.221' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   62.114584][ T6857] ==================================================================
[   62.122873][ T6857] BUG: KASAN: use-after-free in path_init+0x116b/0x13c0
[   62.130495][ T6857] Read of size 8 at addr ffff8880a6b32700 by task syz-executor154/6857
[   62.138727][ T6857] 
[   62.141067][ T6857] CPU: 1 PID: 6857 Comm: syz-executor154 Not tainted 5.8.0-next-20200812-syzkaller #0
[   62.151301][ T6857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.161515][ T6857] Call Trace:
[   62.164797][ T6857]  dump_stack+0x18f/0x20d
[   62.169132][ T6857]  ? path_init+0x116b/0x13c0
[   62.173716][ T6857]  ? path_init+0x116b/0x13c0
[   62.178501][ T6857]  print_address_description.constprop.0.cold+0xae/0x497
[   62.185751][ T6857]  ? vprintk_func+0x97/0x1a6
[   62.190350][ T6857]  ? path_init+0x116b/0x13c0
[   62.194919][ T6857]  ? path_init+0x116b/0x13c0
[   62.199511][ T6857]  kasan_report.cold+0x1f/0x37
[   62.204456][ T6857]  ? path_init+0x116b/0x13c0
[   62.209034][ T6857]  path_init+0x116b/0x13c0
[   62.213440][ T6857]  ? __kasan_slab_free+0xd8/0x120
[   62.218711][ T6857]  ? kmem_cache_free.part.0+0x67/0x1f0
[   62.224267][ T6857]  ? putname+0xe1/0x120
[   62.228522][ T6857]  ? do_rmdir+0x145/0x440
[   62.232845][ T6857]  ? do_syscall_64+0x2d/0x70
[   62.237611][ T6857]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.243688][ T6857]  path_parentat+0x22/0x1b0
[   62.248275][ T6857]  filename_parentat+0x188/0x560
[   62.253222][ T6857]  ? getname+0xd0/0xd0
[   62.257661][ T6857]  ? lockdep_hardirqs_off+0x89/0xc0
[   62.262865][ T6857]  ? _raw_spin_unlock_irqrestore+0x9b/0xe0
[   62.268671][ T6857]  ? lockdep_hardirqs_off+0x89/0xc0
[   62.273868][ T6857]  ? check_preemption_disabled+0x50/0x130
[   62.279595][ T6857]  ? putname+0xe1/0x120
[   62.283833][ T6857]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   62.289376][ T6857]  ? putname+0xe1/0x120
[   62.293989][ T6857]  ? kmem_cache_free.part.0+0x1c4/0x1f0
[   62.299638][ T6857]  do_rmdir+0xa8/0x440
[   62.303707][ T6857]  ? __ia32_sys_mkdir+0x80/0x80
[   62.308544][ T6857]  ? strncpy_from_user+0x2bf/0x3e0
[   62.313639][ T6857]  ? trace_hardirqs_on+0x5f/0x220
[   62.318650][ T6857]  do_syscall_64+0x2d/0x70
[   62.323240][ T6857]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.329139][ T6857] RIP: 0033:0x4403e9
[   62.333023][ T6857] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   62.352809][ T6857] RSP: 002b:00007ffd725f92d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[   62.361312][ T6857] RAX: ffffffffffffffda RBX: 69662f7375622f2e RCX: 00000000004403e9
[   62.369288][ T6857] RDX: 00000000004403e9 RSI: 00000000004403e9 RDI: 0000000020000080
[   62.377406][ T6857] RBP: 2f31656c69662f2e R08: 0000000000000000 R09: 0000000000000000
[   62.385389][ T6857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401bf0
[   62.393353][ T6857] R13: 0000000000401c80 R14: 0000000000000000 R15: 0000000000000000
[   62.401332][ T6857] 
[   62.403643][ T6857] Allocated by task 6857:
[   62.407959][ T6857]  kasan_save_stack+0x1b/0x40
[   62.412716][ T6857]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   62.418360][ T6857]  kmem_cache_alloc+0x138/0x3a0
[   62.423207][ T6857]  getname_flags.part.0+0x50/0x4f0
[   62.428325][ T6857]  __x64_sys_rmdir+0xb1/0x100
[   62.433015][ T6857]  do_syscall_64+0x2d/0x70
[   62.437439][ T6857]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.443322][ T6857] 
[   62.445648][ T6857] Freed by task 6857:
[   62.449635][ T6857]  kasan_save_stack+0x1b/0x40
[   62.454315][ T6857]  kasan_set_track+0x1c/0x30
[   62.458896][ T6857]  kasan_set_free_info+0x1b/0x30
[   62.463824][ T6857]  __kasan_slab_free+0xd8/0x120
[   62.468691][ T6857]  kmem_cache_free.part.0+0x67/0x1f0
[   62.473973][ T6857]  putname+0xe1/0x120
[   62.477957][ T6857]  do_rmdir+0x145/0x440
[   62.482121][ T6857]  do_syscall_64+0x2d/0x70
[   62.486598][ T6857]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.492615][ T6857] 
[   62.494974][ T6857] The buggy address belongs to the object at ffff8880a6b32700
[   62.494974][ T6857]  which belongs to the cache names_cache of size 4096
[   62.509491][ T6857] The buggy address is located 0 bytes inside of
[   62.509491][ T6857]  4096-byte region [ffff8880a6b32700, ffff8880a6b33700)
[   62.522675][ T6857] The buggy address belongs to the page:
[   62.528307][ T6857] page:00000000b6534f4f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa6b32
[   62.538800][ T6857] head:00000000b6534f4f order:1 compound_mapcount:0
[   62.545380][ T6857] flags: 0xfffe0000010200(slab|head)
[   62.550683][ T6857] raw: 00fffe0000010200 ffffea0002379788 ffffea000226ec88 ffff88821bc47a00
[   62.559362][ T6857] raw: 0000000000000000 ffff8880a6b32700 0000000100000001 0000000000000000
[   62.567999][ T6857] page dumped because: kasan: bad access detected
[   62.574417][ T6857] 
[   62.576734][ T6857] Memory state around the buggy address:
[   62.582366][ T6857]  ffff8880a6b32600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.590423][ T6857]  ffff8880a6b32680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.598492][ T6857] >ffff8880a6b32700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.606541][ T6857]                    ^
[   62.610610][ T6857]  ffff8880a6b32780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.618657][ T6857]  ffff8880a6b32800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.626703][ T6857] ==================================================================
[   62.634760][ T6857] Disabling lock debugging due to kernel taint
[   62.641716][ T6857] Kernel panic - not syncing: panic_on_warn set ...
[   62.648343][ T6857] CPU: 1 PID: 6857 Comm: syz-executor154 Tainted: G    B             5.8.0-next-20200812-syzkaller #0
[   62.659282][ T6857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.669343][ T6857] Call Trace:
[   62.672646][ T6857]  dump_stack+0x18f/0x20d
[   62.676986][ T6857]  ? path_init+0x10d0/0x13c0
[   62.681615][ T6857]  panic+0x2e3/0x75c
[   62.685508][ T6857]  ? __warn_printk+0xf3/0xf3
[   62.690082][ T6857]  ? preempt_schedule_common+0x59/0xc0
[   62.695534][ T6857]  ? path_init+0x116b/0x13c0
[   62.700466][ T6857]  ? preempt_schedule_thunk+0x16/0x18
[   62.706166][ T6857]  ? trace_hardirqs_on+0x55/0x220
[   62.711189][ T6857]  ? path_init+0x116b/0x13c0
[   62.715770][ T6857]  ? path_init+0x116b/0x13c0
[   62.720376][ T6857]  end_report+0x4d/0x53
[   62.724555][ T6857]  kasan_report.cold+0xd/0x37
[   62.729223][ T6857]  ? path_init+0x116b/0x13c0
[   62.733797][ T6857]  path_init+0x116b/0x13c0
[   62.738197][ T6857]  ? __kasan_slab_free+0xd8/0x120
[   62.743222][ T6857]  ? kmem_cache_free.part.0+0x67/0x1f0
[   62.748676][ T6857]  ? putname+0xe1/0x120
[   62.752824][ T6857]  ? do_rmdir+0x145/0x440
[   62.757572][ T6857]  ? do_syscall_64+0x2d/0x70
[   62.762158][ T6857]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.768218][ T6857]  path_parentat+0x22/0x1b0
[   62.772705][ T6857]  filename_parentat+0x188/0x560
[   62.777717][ T6857]  ? getname+0xd0/0xd0
[   62.781780][ T6857]  ? lockdep_hardirqs_off+0x89/0xc0
[   62.787083][ T6857]  ? _raw_spin_unlock_irqrestore+0x9b/0xe0
[   62.792971][ T6857]  ? lockdep_hardirqs_off+0x89/0xc0
[   62.798162][ T6857]  ? check_preemption_disabled+0x50/0x130
[   62.803905][ T6857]  ? putname+0xe1/0x120
[   62.808057][ T6857]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   62.813615][ T6857]  ? putname+0xe1/0x120
[   62.817851][ T6857]  ? kmem_cache_free.part.0+0x1c4/0x1f0
[   62.824535][ T6857]  do_rmdir+0xa8/0x440
[   62.828593][ T6857]  ? __ia32_sys_mkdir+0x80/0x80
[   62.833538][ T6857]  ? strncpy_from_user+0x2bf/0x3e0
[   62.838679][ T6857]  ? trace_hardirqs_on+0x5f/0x220
[   62.843794][ T6857]  do_syscall_64+0x2d/0x70
[   62.848316][ T6857]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.854189][ T6857] RIP: 0033:0x4403e9
[   62.858063][ T6857] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   62.877735][ T6857] RSP: 002b:00007ffd725f92d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[   62.886149][ T6857] RAX: ffffffffffffffda RBX: 69662f7375622f2e RCX: 00000000004403e9
[   62.894246][ T6857] RDX: 00000000004403e9 RSI: 00000000004403e9 RDI: 0000000020000080
[   62.902492][ T6857] RBP: 2f31656c69662f2e R08: 0000000000000000 R09: 0000000000000000
[   62.910458][ T6857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401bf0
[   62.918739][ T6857] R13: 0000000000401c80 R14: 0000000000000000 R15: 0000000000000000
[   62.928249][ T6857] Kernel Offset: disabled
[   62.932928][ T6857] Rebooting in 86400 seconds..