[ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting OpenBSD Secure Shell server... [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 60.876657][ T6886] ================================================================== [ 60.885655][ T6886] BUG: KASAN: slab-out-of-bounds in qrtr_endpoint_post+0x5c1/0x1050 [ 60.894493][ T6886] Read of size 4294967293 at addr ffff8880968b0ce0 by task syz-executor266/6886 [ 60.903522][ T6886] [ 60.905862][ T6886] CPU: 1 PID: 6886 Comm: syz-executor266 Not tainted 5.9.0-rc6-syzkaller #0 [ 60.914535][ T6886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.924601][ T6886] Call Trace: [ 60.927904][ T6886] dump_stack+0x198/0x1fd [ 60.932254][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.937645][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.942938][ T6886] print_address_description.constprop.0.cold+0xae/0x497 [ 60.949971][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.955306][ T6886] ? lockdep_hardirqs_off+0x96/0xd0 [ 60.960512][ T6886] ? vprintk_func+0x95/0x1d4 [ 60.965119][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.970446][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.975772][ T6886] kasan_report.cold+0x1f/0x37 [ 60.980584][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.985963][ T6886] check_memory_region+0x13d/0x180 [ 60.991412][ T6886] memcpy+0x20/0x60 [ 60.995308][ T6886] qrtr_endpoint_post+0x5c1/0x1050 [ 61.000854][ T6886] qrtr_tun_write_iter+0xf5/0x180 [ 61.005866][ T6886] new_sync_write+0x422/0x650 [ 61.010543][ T6886] ? new_sync_read+0x6e0/0x6e0 [ 61.015292][ T6886] ? putname+0xe1/0x120 [ 61.019520][ T6886] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 61.025135][ T6886] ? putname+0xe1/0x120 [ 61.029295][ T6886] ? apparmor_file_permission+0x26e/0x4e0 [ 61.035875][ T6886] ? build_open_flags+0x650/0x650 [ 61.040889][ T6886] vfs_write+0x5ad/0x730 [ 61.045136][ T6886] ksys_write+0x12d/0x250 [ 61.049446][ T6886] ? __ia32_sys_read+0xb0/0xb0 [ 61.054206][ T6886] ? syscall_enter_from_user_mode_prepare+0x13/0x30 [ 61.060792][ T6886] ? check_preemption_disabled+0x50/0x130 [ 61.066678][ T6886] ? syscall_enter_from_user_mode_prepare+0x13/0x30 [ 61.073648][ T6886] __do_fast_syscall_32+0x60/0x90 [ 61.078742][ T6886] do_fast_syscall_32+0x2f/0x70 [ 61.083596][ T6886] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 61.089925][ T6886] RIP: 0023:0xf7f83549 [ 61.094063][ T6886] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 61.115231][ T6886] RSP: 002b:00000000ff92dd1c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 61.123825][ T6886] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 61.131808][ T6886] RDX: 0000000000000020 RSI: 00000000080ea078 RDI: 00000000ff92dd70 [ 61.139869][ T6886] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.147848][ T6886] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 61.155819][ T6886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.164596][ T6886] [ 61.166910][ T6886] Allocated by task 6886: [ 61.171320][ T6886] kasan_save_stack+0x1b/0x40 [ 61.175981][ T6886] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.181618][ T6886] __kmalloc+0x1b0/0x360 [ 61.185858][ T6886] qrtr_tun_write_iter+0x8a/0x180 [ 61.191050][ T6886] new_sync_write+0x422/0x650 [ 61.195709][ T6886] vfs_write+0x5ad/0x730 [ 61.199930][ T6886] ksys_write+0x12d/0x250 [ 61.204242][ T6886] __do_fast_syscall_32+0x60/0x90 [ 61.209250][ T6886] do_fast_syscall_32+0x2f/0x70 [ 61.214206][ T6886] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 61.220682][ T6886] [ 61.223008][ T6886] The buggy address belongs to the object at ffff8880968b0cc0 [ 61.223008][ T6886] which belongs to the cache kmalloc-32 of size 32 [ 61.237226][ T6886] The buggy address is located 0 bytes to the right of [ 61.237226][ T6886] 32-byte region [ffff8880968b0cc0, ffff8880968b0ce0) [ 61.250769][ T6886] The buggy address belongs to the page: [ 61.256409][ T6886] page:000000001a4704c7 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880968b0fc1 pfn:0x968b0 [ 61.267866][ T6886] flags: 0xfffe0000000200(slab) [ 61.272788][ T6886] raw: 00fffe0000000200 ffffea000279eb88 ffffea00025a7c48 ffff8880aa040100 [ 61.281363][ T6886] raw: ffff8880968b0fc1 ffff8880968b0000 0000000100000023 0000000000000000 [ 61.289943][ T6886] page dumped because: kasan: bad access detected [ 61.296361][ T6886] [ 61.298931][ T6886] Memory state around the buggy address: [ 61.305934][ T6886] ffff8880968b0b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 61.313999][ T6886] ffff8880968b0c00: 00 01 fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 61.322060][ T6886] >ffff8880968b0c80: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 61.330435][ T6886] ^ [ 61.337724][ T6886] ffff8880968b0d00: 00 01 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 61.345778][ T6886] ffff8880968b0d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 61.353820][ T6886] ================================================================== [ 61.361864][ T6886] Disabling lock debugging due to kernel taint [ 61.369180][ T6886] Kernel panic - not syncing: panic_on_warn set ... [ 61.375782][ T6886] CPU: 1 PID: 6886 Comm: syz-executor266 Tainted: G B 5.9.0-rc6-syzkaller #0 [ 61.386098][ T6886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.396216][ T6886] Call Trace: [ 61.399674][ T6886] dump_stack+0x198/0x1fd [ 61.404376][ T6886] ? qrtr_endpoint_post+0x5a0/0x1050 [ 61.409779][ T6886] panic+0x382/0x7fb [ 61.413935][ T6886] ? __warn_printk+0xf3/0xf3 [ 61.419151][ T6886] ? preempt_schedule_common+0x59/0xc0 [ 61.424901][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 61.430205][ T6886] ? preempt_schedule_thunk+0x16/0x18 [ 61.436509][ T6886] ? trace_hardirqs_on+0x55/0x220 [ 61.441799][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 61.447067][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 61.452875][ T6886] end_report+0x4d/0x53 [ 61.457025][ T6886] kasan_report.cold+0xd/0x37 [ 61.461691][ T6886] ? qrtr_endpoint_post+0x5c1/0x1050 [ 61.467076][ T6886] check_memory_region+0x13d/0x180 [ 61.472197][ T6886] memcpy+0x20/0x60 [ 61.475997][ T6886] qrtr_endpoint_post+0x5c1/0x1050 [ 61.481102][ T6886] qrtr_tun_write_iter+0xf5/0x180 [ 61.486107][ T6886] new_sync_write+0x422/0x650 [ 61.490762][ T6886] ? new_sync_read+0x6e0/0x6e0 [ 61.495618][ T6886] ? putname+0xe1/0x120 [ 61.499775][ T6886] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 61.505303][ T6886] ? putname+0xe1/0x120 [ 61.509456][ T6886] ? apparmor_file_permission+0x26e/0x4e0 [ 61.515152][ T6886] ? build_open_flags+0x650/0x650 [ 61.520155][ T6886] vfs_write+0x5ad/0x730 [ 61.524466][ T6886] ksys_write+0x12d/0x250 [ 61.528776][ T6886] ? __ia32_sys_read+0xb0/0xb0 [ 61.533527][ T6886] ? syscall_enter_from_user_mode_prepare+0x13/0x30 [ 61.540089][ T6886] ? check_preemption_disabled+0x50/0x130 [ 61.545812][ T6886] ? syscall_enter_from_user_mode_prepare+0x13/0x30 [ 61.552387][ T6886] __do_fast_syscall_32+0x60/0x90 [ 61.557403][ T6886] do_fast_syscall_32+0x2f/0x70 [ 61.562246][ T6886] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 61.568553][ T6886] RIP: 0023:0xf7f83549 [ 61.572616][ T6886] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 61.592202][ T6886] RSP: 002b:00000000ff92dd1c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 61.600699][ T6886] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 61.608669][ T6886] RDX: 0000000000000020 RSI: 00000000080ea078 RDI: 00000000ff92dd70 [ 61.616644][ T6886] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.624612][ T6886] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 61.632582][ T6886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.641791][ T6886] Kernel Offset: disabled [ 61.646115][ T6886] Rebooting in 86400 seconds..