[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 60.172913][ T6827] ================================================================== [ 60.181216][ T6827] BUG: KASAN: slab-out-of-bounds in qrtr_endpoint_post+0x5c1/0x1050 [ 60.189167][ T6827] Read of size 4294967294 at addr ffff888097d07f10 by task syz-executor949/6827 [ 60.198266][ T6827] [ 60.200577][ T6827] CPU: 1 PID: 6827 Comm: syz-executor949 Not tainted 5.8.0-rc7-next-20200731-syzkaller #0 [ 60.210451][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.220482][ T6827] Call Trace: [ 60.223761][ T6827] dump_stack+0x18f/0x20d [ 60.228068][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.233352][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.238615][ T6827] print_address_description.constprop.0.cold+0xae/0x497 [ 60.245629][ T6827] ? lockdep_hardirqs_off+0x7e/0xb0 [ 60.250807][ T6827] ? vprintk_func+0x97/0x1a6 [ 60.255374][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.260649][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.265926][ T6827] kasan_report.cold+0x1f/0x37 [ 60.270668][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.275930][ T6827] check_memory_region+0x13d/0x180 [ 60.281033][ T6827] memcpy+0x20/0x60 [ 60.284820][ T6827] qrtr_endpoint_post+0x5c1/0x1050 [ 60.289908][ T6827] qrtr_tun_write_iter+0xf5/0x180 [ 60.294909][ T6827] new_sync_write+0x422/0x650 [ 60.299563][ T6827] ? new_sync_read+0x6e0/0x6e0 [ 60.304321][ T6827] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 60.309846][ T6827] ? apparmor_file_permission+0x26e/0x4e0 [ 60.315546][ T6827] ? build_open_flags+0x650/0x650 [ 60.320553][ T6827] vfs_write+0x5ad/0x730 [ 60.324775][ T6827] ksys_write+0x12d/0x250 [ 60.329080][ T6827] ? __ia32_sys_read+0xb0/0xb0 [ 60.333822][ T6827] ? trace_hardirqs_on+0x5f/0x220 [ 60.338831][ T6827] ? lockdep_hardirqs_on+0x76/0xf0 [ 60.344011][ T6827] do_syscall_64+0x2d/0x70 [ 60.348418][ T6827] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.354285][ T6827] RIP: 0033:0x440259 [ 60.358157][ T6827] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.377737][ T6827] RSP: 002b:00007ffc0208e378 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 60.386125][ T6827] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 60.394077][ T6827] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 60.402024][ T6827] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 60.409971][ T6827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60 [ 60.417918][ T6827] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 60.425873][ T6827] [ 60.428179][ T6827] Allocated by task 6827: [ 60.432490][ T6827] kasan_save_stack+0x1b/0x40 [ 60.437140][ T6827] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.442745][ T6827] __kmalloc+0x1a8/0x320 [ 60.446962][ T6827] qrtr_tun_write_iter+0x8a/0x180 [ 60.451978][ T6827] new_sync_write+0x422/0x650 [ 60.456628][ T6827] vfs_write+0x5ad/0x730 [ 60.460854][ T6827] ksys_write+0x12d/0x250 [ 60.465159][ T6827] do_syscall_64+0x2d/0x70 [ 60.469550][ T6827] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.475410][ T6827] [ 60.477730][ T6827] The buggy address belongs to the object at ffff888097d07f00 [ 60.477730][ T6827] which belongs to the cache kmalloc-32 of size 32 [ 60.491598][ T6827] The buggy address is located 16 bytes inside of [ 60.491598][ T6827] 32-byte region [ffff888097d07f00, ffff888097d07f20) [ 60.504665][ T6827] The buggy address belongs to the page: [ 60.510276][ T6827] page:000000005426aea5 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888097d07fc1 pfn:0x97d07 [ 60.521697][ T6827] flags: 0xfffe0000000200(slab) [ 60.526613][ T6827] raw: 00fffe0000000200 ffffea00025f4008 ffffea0002a84fc8 ffff8880aa000100 [ 60.535175][ T6827] raw: ffff888097d07fc1 ffff888097d07000 000000010000003f 0000000000000000 [ 60.543740][ T6827] page dumped because: kasan: bad access detected [ 60.550142][ T6827] [ 60.552446][ T6827] Memory state around the buggy address: [ 60.558151][ T6827] ffff888097d07e00: 00 00 02 fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 60.566188][ T6827] ffff888097d07e80: 00 00 05 fc fc fc fc fc 00 00 06 fc fc fc fc fc [ 60.574240][ T6827] >ffff888097d07f00: 00 00 fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 60.582272][ T6827] ^ [ 60.586837][ T6827] ffff888097d07f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 60.594871][ T6827] ffff888097d08000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.602904][ T6827] ================================================================== [ 60.611041][ T6827] Disabling lock debugging due to kernel taint [ 60.617467][ T6827] Kernel panic - not syncing: panic_on_warn set ... [ 60.624074][ T6827] CPU: 1 PID: 6827 Comm: syz-executor949 Tainted: G B 5.8.0-rc7-next-20200731-syzkaller #0 [ 60.635339][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.645385][ T6827] Call Trace: [ 60.648652][ T6827] dump_stack+0x18f/0x20d [ 60.652958][ T6827] ? qrtr_endpoint_post+0x5c0/0x1050 [ 60.658216][ T6827] panic+0x2e3/0x75c [ 60.662090][ T6827] ? __warn_printk+0xf3/0xf3 [ 60.666655][ T6827] ? preempt_schedule_common+0x59/0xc0 [ 60.672086][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.677344][ T6827] ? preempt_schedule_thunk+0x16/0x18 [ 60.682687][ T6827] ? trace_hardirqs_on+0x55/0x220 [ 60.687682][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.692939][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.698194][ T6827] end_report+0x4d/0x53 [ 60.702340][ T6827] kasan_report.cold+0xd/0x37 [ 60.706989][ T6827] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.712246][ T6827] check_memory_region+0x13d/0x180 [ 60.717330][ T6827] memcpy+0x20/0x60 [ 60.721112][ T6827] qrtr_endpoint_post+0x5c1/0x1050 [ 60.726200][ T6827] qrtr_tun_write_iter+0xf5/0x180 [ 60.731208][ T6827] new_sync_write+0x422/0x650 [ 60.735883][ T6827] ? new_sync_read+0x6e0/0x6e0 [ 60.740629][ T6827] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 60.746148][ T6827] ? apparmor_file_permission+0x26e/0x4e0 [ 60.751855][ T6827] ? build_open_flags+0x650/0x650 [ 60.756867][ T6827] vfs_write+0x5ad/0x730 [ 60.761098][ T6827] ksys_write+0x12d/0x250 [ 60.765399][ T6827] ? __ia32_sys_read+0xb0/0xb0 [ 60.770133][ T6827] ? trace_hardirqs_on+0x5f/0x220 [ 60.775132][ T6827] ? lockdep_hardirqs_on+0x76/0xf0 [ 60.780217][ T6827] do_syscall_64+0x2d/0x70 [ 60.784608][ T6827] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.790471][ T6827] RIP: 0033:0x440259 [ 60.794341][ T6827] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.813932][ T6827] RSP: 002b:00007ffc0208e378 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 60.822334][ T6827] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 60.830278][ T6827] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 60.838223][ T6827] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 60.846168][ T6827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60 [ 60.854112][ T6827] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 60.863582][ T6827] Kernel Offset: disabled [ 60.867897][ T6827] Rebooting in 86400 seconds..