Warning: Permanently added '10.128.0.199' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 59.587398][ T6837] ================================================================== [ 59.595726][ T6837] BUG: KASAN: slab-out-of-bounds in qrtr_endpoint_post+0x5c1/0x1050 [ 59.603710][ T6837] Read of size 4294967294 at addr ffff8880978aae90 by task syz-executor191/6837 [ 59.612696][ T6837] [ 59.615007][ T6837] CPU: 0 PID: 6837 Comm: syz-executor191 Not tainted 5.8.0-rc7-next-20200731-syzkaller #0 [ 59.624863][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.634892][ T6837] Call Trace: [ 59.638163][ T6837] dump_stack+0x18f/0x20d [ 59.642474][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 59.647731][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 59.652995][ T6837] print_address_description.constprop.0.cold+0xae/0x497 [ 59.659994][ T6837] ? lockdep_hardirqs_off+0x7e/0xb0 [ 59.665185][ T6837] ? vprintk_func+0x97/0x1a6 [ 59.669765][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 59.675115][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 59.680377][ T6837] kasan_report.cold+0x1f/0x37 [ 59.685119][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 59.690420][ T6837] check_memory_region+0x13d/0x180 [ 59.695645][ T6837] memcpy+0x20/0x60 [ 59.699438][ T6837] qrtr_endpoint_post+0x5c1/0x1050 [ 59.704546][ T6837] qrtr_tun_write_iter+0xf5/0x180 [ 59.709551][ T6837] new_sync_write+0x422/0x650 [ 59.714210][ T6837] ? new_sync_read+0x6e0/0x6e0 [ 59.718954][ T6837] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 59.724477][ T6837] ? apparmor_file_permission+0x26e/0x4e0 [ 59.730174][ T6837] ? build_open_flags+0x650/0x650 [ 59.735179][ T6837] vfs_write+0x5ad/0x730 [ 59.739420][ T6837] ksys_write+0x12d/0x250 [ 59.743726][ T6837] ? __ia32_sys_read+0xb0/0xb0 [ 59.748465][ T6837] ? trace_hardirqs_on+0x5f/0x220 [ 59.753465][ T6837] ? lockdep_hardirqs_on+0x76/0xf0 [ 59.758562][ T6837] do_syscall_64+0x2d/0x70 [ 59.762966][ T6837] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.768834][ T6837] RIP: 0033:0x440259 [ 59.772735][ T6837] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.792311][ T6837] RSP: 002b:00007ffd54432af8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 59.800697][ T6837] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 59.808653][ T6837] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 59.816597][ T6837] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 59.824558][ T6837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60 [ 59.832503][ T6837] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 59.840462][ T6837] [ 59.842764][ T6837] Allocated by task 6837: [ 59.847068][ T6837] kasan_save_stack+0x1b/0x40 [ 59.851745][ T6837] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 59.857350][ T6837] __kmalloc+0x1a8/0x320 [ 59.861568][ T6837] qrtr_tun_write_iter+0x8a/0x180 [ 59.866567][ T6837] new_sync_write+0x422/0x650 [ 59.871217][ T6837] vfs_write+0x5ad/0x730 [ 59.875438][ T6837] ksys_write+0x12d/0x250 [ 59.879741][ T6837] do_syscall_64+0x2d/0x70 [ 59.884133][ T6837] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.889992][ T6837] [ 59.892296][ T6837] The buggy address belongs to the object at ffff8880978aae80 [ 59.892296][ T6837] which belongs to the cache kmalloc-32 of size 32 [ 59.906148][ T6837] The buggy address is located 16 bytes inside of [ 59.906148][ T6837] 32-byte region [ffff8880978aae80, ffff8880978aaea0) [ 59.919213][ T6837] The buggy address belongs to the page: [ 59.924822][ T6837] page:00000000939341fd refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880978aafc1 pfn:0x978aa [ 59.936242][ T6837] flags: 0xfffe0000000200(slab) [ 59.941071][ T6837] raw: 00fffe0000000200 ffffea00026a89c8 ffffea00027e6a48 ffff8880aa000100 [ 59.949655][ T6837] raw: ffff8880978aafc1 ffff8880978aa000 000000010000002e 0000000000000000 [ 59.958216][ T6837] page dumped because: kasan: bad access detected [ 59.964597][ T6837] [ 59.966898][ T6837] Memory state around the buggy address: [ 59.972502][ T6837] ffff8880978aad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 59.980541][ T6837] ffff8880978aae00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 59.988577][ T6837] >ffff8880978aae80: 00 00 fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 59.996607][ T6837] ^ [ 60.001173][ T6837] ffff8880978aaf00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 60.009207][ T6837] ffff8880978aaf80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 60.017235][ T6837] ================================================================== [ 60.025264][ T6837] Disabling lock debugging due to kernel taint [ 60.031692][ T6837] Kernel panic - not syncing: panic_on_warn set ... [ 60.038386][ T6837] CPU: 0 PID: 6837 Comm: syz-executor191 Tainted: G B 5.8.0-rc7-next-20200731-syzkaller #0 [ 60.049653][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.059691][ T6837] Call Trace: [ 60.062955][ T6837] dump_stack+0x18f/0x20d [ 60.067257][ T6837] ? qrtr_endpoint_post+0x5c0/0x1050 [ 60.072518][ T6837] panic+0x2e3/0x75c [ 60.076386][ T6837] ? __warn_printk+0xf3/0xf3 [ 60.080948][ T6837] ? preempt_schedule_common+0x59/0xc0 [ 60.086376][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.091638][ T6837] ? preempt_schedule_thunk+0x16/0x18 [ 60.096985][ T6837] ? trace_hardirqs_on+0x55/0x220 [ 60.101981][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.107247][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.112506][ T6837] end_report+0x4d/0x53 [ 60.116635][ T6837] kasan_report.cold+0xd/0x37 [ 60.121285][ T6837] ? qrtr_endpoint_post+0x5c1/0x1050 [ 60.126543][ T6837] check_memory_region+0x13d/0x180 [ 60.131629][ T6837] memcpy+0x20/0x60 [ 60.135410][ T6837] qrtr_endpoint_post+0x5c1/0x1050 [ 60.140496][ T6837] qrtr_tun_write_iter+0xf5/0x180 [ 60.145503][ T6837] new_sync_write+0x422/0x650 [ 60.150152][ T6837] ? new_sync_read+0x6e0/0x6e0 [ 60.154887][ T6837] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 60.160406][ T6837] ? apparmor_file_permission+0x26e/0x4e0 [ 60.166096][ T6837] ? build_open_flags+0x650/0x650 [ 60.171092][ T6837] vfs_write+0x5ad/0x730 [ 60.175309][ T6837] ksys_write+0x12d/0x250 [ 60.179617][ T6837] ? __ia32_sys_read+0xb0/0xb0 [ 60.184368][ T6837] ? trace_hardirqs_on+0x5f/0x220 [ 60.189375][ T6837] ? lockdep_hardirqs_on+0x76/0xf0 [ 60.194462][ T6837] do_syscall_64+0x2d/0x70 [ 60.198977][ T6837] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.204843][ T6837] RIP: 0033:0x440259 [ 60.208717][ T6837] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.228294][ T6837] RSP: 002b:00007ffd54432af8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 60.236681][ T6837] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259 [ 60.244626][ T6837] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 60.252570][ T6837] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 60.260514][ T6837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60 [ 60.268490][ T6837] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 60.277550][ T6837] Kernel Offset: disabled [ 60.281868][ T6837] Rebooting in 86400 seconds..