[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Found device /dev/ttyS0.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   43.393753][ T6850] ==================================================================
[   43.401980][ T6850] BUG: KASAN: slab-out-of-bounds in qrtr_endpoint_post+0x659/0x1150
[   43.410042][ T6850] Read of size 4294967293 at addr ffff88809a744c20 by task syz-executor092/6850
[   43.419127][ T6850] 
[   43.421443][ T6850] CPU: 1 PID: 6850 Comm: syz-executor092 Not tainted 5.9.0-rc6-syzkaller #0
[   43.430109][ T6850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.440138][ T6850] Call Trace:
[   43.443407][ T6850]  dump_stack+0x1d6/0x29e
[   43.447713][ T6850]  print_address_description+0x66/0x620
[   43.453228][ T6850]  ? printk+0x62/0x83
[   43.457181][ T6850]  ? vprintk_emit+0x2f0/0x370
[   43.461829][ T6850]  kasan_report+0x132/0x1d0
[   43.466302][ T6850]  ? kmem_cache_alloc+0x180/0x2d0
[   43.471295][ T6850]  ? qrtr_endpoint_post+0x659/0x1150
[   43.476549][ T6850]  ? __netdev_alloc_skb+0x1a0/0x610
[   43.481718][ T6850]  check_memory_region+0x2b5/0x2f0
[   43.486798][ T6850]  ? qrtr_endpoint_post+0x659/0x1150
[   43.492049][ T6850]  memcpy+0x25/0x60
[   43.495824][ T6850]  qrtr_endpoint_post+0x659/0x1150
[   43.500902][ T6850]  ? __check_object_size+0x2fd/0x3f0
[   43.506159][ T6850]  qrtr_tun_write_iter+0xc6/0x120
[   43.511167][ T6850]  vfs_write+0xa96/0xd10
[   43.515390][ T6850]  ksys_write+0x11b/0x220
[   43.519694][ T6850]  do_syscall_64+0x31/0x70
[   43.524081][ T6850]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.529944][ T6850] RIP: 0033:0x440279
[   43.533810][ T6850] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   43.553406][ T6850] RSP: 002b:00007ffdac30df78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   43.561818][ T6850] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440279
[   43.569761][ T6850] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000003
[   43.577706][ T6850] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   43.585651][ T6850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
[   43.593634][ T6850] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   43.601624][ T6850] 
[   43.603923][ T6850] Allocated by task 6850:
[   43.608227][ T6850]  __kasan_kmalloc+0x100/0x130
[   43.612956][ T6850]  __kmalloc+0x205/0x300
[   43.617166][ T6850]  kzalloc+0x16/0x30
[   43.621074][ T6850]  qrtr_tun_write_iter+0x76/0x120
[   43.626067][ T6850]  vfs_write+0xa96/0xd10
[   43.630276][ T6850]  ksys_write+0x11b/0x220
[   43.634576][ T6850]  do_syscall_64+0x31/0x70
[   43.638964][ T6850]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.644820][ T6850] 
[   43.647120][ T6850] The buggy address belongs to the object at ffff88809a744c00
[   43.647120][ T6850]  which belongs to the cache kmalloc-32 of size 32
[   43.660985][ T6850] The buggy address is located 0 bytes to the right of
[   43.660985][ T6850]  32-byte region [ffff88809a744c00, ffff88809a744c20)
[   43.674494][ T6850] The buggy address belongs to the page:
[   43.680099][ T6850] page:000000007799dd64 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88809a744fc1 pfn:0x9a744
[   43.691515][ T6850] flags: 0xfffe0000000200(slab)
[   43.696371][ T6850] raw: 00fffe0000000200 ffffea00029ab5c8 ffffea0002794e88 ffff8880aa440100
[   43.704924][ T6850] raw: ffff88809a744fc1 ffff88809a744000 000000010000003d 0000000000000000
[   43.713527][ T6850] page dumped because: kasan: bad access detected
[   43.719905][ T6850] 
[   43.722204][ T6850] Memory state around the buggy address:
[   43.727802][ T6850]  ffff88809a744b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   43.735831][ T6850]  ffff88809a744b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   43.743901][ T6850] >ffff88809a744c00: 00 00 00 00 fc fc fc fc 00 00 01 fc fc fc fc fc
[   43.751928][ T6850]                                ^
[   43.757066][ T6850]  ffff88809a744c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   43.765106][ T6850]  ffff88809a744d00: 00 00 01 fc fc fc fc fc fa fb fb fb fc fc fc fc
[   43.773133][ T6850] ==================================================================
[   43.781162][ T6850] Disabling lock debugging due to kernel taint
[   43.787921][ T6850] Kernel panic - not syncing: panic_on_warn set ...
[   43.794506][ T6850] CPU: 1 PID: 6850 Comm: syz-executor092 Tainted: G    B             5.9.0-rc6-syzkaller #0
[   43.804547][ T6850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.814704][ T6850] Call Trace:
[   43.817963][ T6850]  dump_stack+0x1d6/0x29e
[   43.822267][ T6850]  panic+0x2c0/0x800
[   43.826164][ T6850]  ? trace_hardirqs_on+0x30/0x80
[   43.831064][ T6850]  kasan_report+0x1c9/0x1d0
[   43.835531][ T6850]  ? kmem_cache_alloc+0x180/0x2d0
[   43.840518][ T6850]  ? qrtr_endpoint_post+0x659/0x1150
[   43.845768][ T6850]  ? __netdev_alloc_skb+0x1a0/0x610
[   43.850931][ T6850]  check_memory_region+0x2b5/0x2f0
[   43.856013][ T6850]  ? qrtr_endpoint_post+0x659/0x1150
[   43.861261][ T6850]  memcpy+0x25/0x60
[   43.865036][ T6850]  qrtr_endpoint_post+0x659/0x1150
[   43.870113][ T6850]  ? __check_object_size+0x2fd/0x3f0
[   43.875365][ T6850]  qrtr_tun_write_iter+0xc6/0x120
[   43.880355][ T6850]  vfs_write+0xa96/0xd10
[   43.884579][ T6850]  ksys_write+0x11b/0x220
[   43.888885][ T6850]  do_syscall_64+0x31/0x70
[   43.893268][ T6850]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.899158][ T6850] RIP: 0033:0x440279
[   43.903019][ T6850] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   43.922600][ T6850] RSP: 002b:00007ffdac30df78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   43.930985][ T6850] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440279
[   43.938924][ T6850] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000003
[   43.946864][ T6850] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   43.954803][ T6850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
[   43.962739][ T6850] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   43.971857][ T6850] Kernel Offset: disabled
[   43.976162][ T6850] Rebooting in 86400 seconds..