[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   67.124646][   T28] audit: type=1400 audit(1593292640.200:8): avc:  denied  { execmem } for  pid=6804 comm="syz-executor686" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   67.127677][ T6804] ==================================================================
[   67.153511][ T6804] BUG: KASAN: slab-out-of-bounds in qrtr_endpoint_post+0xeeb/0x1010
[   67.161562][ T6804] Read of size 2 at addr ffff88809dc1ec88 by task syz-executor686/6804
[   67.170053][ T6804] 
[   67.172396][ T6804] CPU: 1 PID: 6804 Comm: syz-executor686 Not tainted 5.8.0-rc2-syzkaller #0
[   67.181039][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.191090][ T6804] Call Trace:
[   67.194358][ T6804]  dump_stack+0x18f/0x20d
[   67.198668][ T6804]  ? qrtr_endpoint_post+0xeeb/0x1010
[   67.203934][ T6804]  ? qrtr_endpoint_post+0xeeb/0x1010
[   67.209197][ T6804]  print_address_description.constprop.0.cold+0xae/0x436
[   67.216220][ T6804]  ? vprintk_func+0x97/0x1a6
[   67.220790][ T6804]  ? qrtr_endpoint_post+0xeeb/0x1010
[   67.226257][ T6804]  kasan_report.cold+0x1f/0x37
[   67.231995][ T6804]  ? __netdev_alloc_skb+0x90/0x420
[   67.239053][ T6804]  ? qrtr_endpoint_post+0xeeb/0x1010
[   67.244321][ T6804]  qrtr_endpoint_post+0xeeb/0x1010
[   67.249441][ T6804]  qrtr_tun_write_iter+0xf5/0x180
[   67.254493][ T6804]  do_iter_readv_writev+0x567/0x780
[   67.259676][ T6804]  ? get_order+0x20/0x20
[   67.263906][ T6804]  do_iter_write+0x188/0x5f0
[   67.268477][ T6804]  ? trace_hardirqs_off+0x27/0x210
[   67.273700][ T6804]  vfs_writev+0x1aa/0x2e0
[   67.278029][ T6804]  ? vfs_iter_write+0xa0/0xa0
[   67.282690][ T6804]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   67.288212][ T6804]  ? putname+0xe1/0x120
[   67.292348][ T6804]  ? build_open_flags+0x650/0x650
[   67.297805][ T6804]  ? _down_write_nest_lock+0x150/0x150
[   67.303264][ T6804]  __x64_sys_pwritev+0x231/0x310
[   67.308198][ T6804]  ? __ia32_sys_preadv2+0x150/0x150
[   67.313664][ T6804]  ? do_syscall_64+0x1c/0xe0
[   67.318235][ T6804]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   67.324196][ T6804]  do_syscall_64+0x60/0xe0
[   67.329115][ T6804]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.334992][ T6804] RIP: 0033:0x4401d9
[   67.338855][ T6804] Code: Bad RIP value.
[   67.342894][ T6804] RSP: 002b:00007ffe6c0a99c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[   67.351377][ T6804] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9
[   67.359323][ T6804] RDX: 0000000000000001 RSI: 0000000020000440 RDI: 0000000000000003
[   67.367267][ T6804] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   67.375215][ T6804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60
[   67.383168][ T6804] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   67.391558][ T6804] 
[   67.393863][ T6804] Allocated by task 6804:
[   67.398167][ T6804]  save_stack+0x1b/0x40
[   67.402298][ T6804]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[   67.407900][ T6804]  __kmalloc+0x17a/0x340
[   67.412129][ T6804]  qrtr_tun_write_iter+0x8a/0x180
[   67.417125][ T6804]  do_iter_readv_writev+0x567/0x780
[   67.422294][ T6804]  do_iter_write+0x188/0x5f0
[   67.426874][ T6804]  vfs_writev+0x1aa/0x2e0
[   67.431176][ T6804]  __x64_sys_pwritev+0x231/0x310
[   67.436083][ T6804]  do_syscall_64+0x60/0xe0
[   67.440494][ T6804]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.446372][ T6804] 
[   67.448700][ T6804] Freed by task 1:
[   67.452415][ T6804]  save_stack+0x1b/0x40
[   67.456543][ T6804]  __kasan_slab_free+0xf5/0x140
[   67.461373][ T6804]  kfree+0x103/0x2c0
[   67.465241][ T6804]  tomoyo_path_perm+0x234/0x3f0
[   67.470077][ T6804]  security_inode_getattr+0xcf/0x140
[   67.475335][ T6804]  vfs_statx+0x170/0x390
[   67.479551][ T6804]  __do_sys_newlstat+0x91/0x110
[   67.484374][ T6804]  do_syscall_64+0x60/0xe0
[   67.488763][ T6804]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.494621][ T6804] 
[   67.496923][ T6804] The buggy address belongs to the object at ffff88809dc1ec80
[   67.496923][ T6804]  which belongs to the cache kmalloc-32 of size 32
[   67.510773][ T6804] The buggy address is located 8 bytes inside of
[   67.510773][ T6804]  32-byte region [ffff88809dc1ec80, ffff88809dc1eca0)
[   67.523747][ T6804] The buggy address belongs to the page:
[   67.529354][ T6804] page:ffffea0002770780 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88809dc1efc1
[   67.539730][ T6804] flags: 0xfffe0000000200(slab)
[   67.544564][ T6804] raw: 00fffe0000000200 ffffea0002712808 ffffea0002a48bc8 ffff8880aa0001c0
[   67.553122][ T6804] raw: ffff88809dc1efc1 ffff88809dc1e000 000000010000002e 0000000000000000
[   67.561674][ T6804] page dumped because: kasan: bad access detected
[   67.568052][ T6804] 
[   67.570353][ T6804] Memory state around the buggy address:
[   67.575953][ T6804]  ffff88809dc1eb80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   67.583984][ T6804]  ffff88809dc1ec00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   67.592015][ T6804] >ffff88809dc1ec80: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   67.600042][ T6804]                       ^
[   67.604340][ T6804]  ffff88809dc1ed00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   67.612373][ T6804]  ffff88809dc1ed80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   67.620409][ T6804] ==================================================================
[   67.628457][ T6804] Disabling lock debugging due to kernel taint
[   67.635052][ T6804] Kernel panic - not syncing: panic_on_warn set ...
[   67.641644][ T6804] CPU: 1 PID: 6804 Comm: syz-executor686 Tainted: G    B             5.8.0-rc2-syzkaller #0
[   67.651693][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.661735][ T6804] Call Trace:
[   67.665013][ T6804]  dump_stack+0x18f/0x20d
[   67.669317][ T6804]  ? qrtr_endpoint_post+0xe80/0x1010
[   67.674593][ T6804]  panic+0x2e3/0x75c
[   67.678467][ T6804]  ? __warn_printk+0xf3/0xf3
[   67.683030][ T6804]  ? preempt_schedule_common+0x59/0xc0
[   67.688460][ T6804]  ? qrtr_endpoint_post+0xeeb/0x1010
[   67.693729][ T6804]  ? preempt_schedule_thunk+0x16/0x18
[   67.699092][ T6804]  ? trace_hardirqs_on+0x55/0x220
[   67.704096][ T6804]  ? qrtr_endpoint_post+0xeeb/0x1010
[   67.709350][ T6804]  ? qrtr_endpoint_post+0xeeb/0x1010
[   67.714627][ T6804]  end_report+0x4d/0x53
[   67.718760][ T6804]  kasan_report.cold+0xd/0x37
[   67.723425][ T6804]  ? __netdev_alloc_skb+0x90/0x420
[   67.728509][ T6804]  ? qrtr_endpoint_post+0xeeb/0x1010
[   67.733763][ T6804]  qrtr_endpoint_post+0xeeb/0x1010
[   67.738847][ T6804]  qrtr_tun_write_iter+0xf5/0x180
[   67.743930][ T6804]  do_iter_readv_writev+0x567/0x780
[   67.749100][ T6804]  ? get_order+0x20/0x20
[   67.753317][ T6804]  do_iter_write+0x188/0x5f0
[   67.757878][ T6804]  ? trace_hardirqs_off+0x27/0x210
[   67.762967][ T6804]  vfs_writev+0x1aa/0x2e0
[   67.767266][ T6804]  ? vfs_iter_write+0xa0/0xa0
[   67.771913][ T6804]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   67.777428][ T6804]  ? putname+0xe1/0x120
[   67.781646][ T6804]  ? build_open_flags+0x650/0x650
[   67.786644][ T6804]  ? _down_write_nest_lock+0x150/0x150
[   67.792073][ T6804]  __x64_sys_pwritev+0x231/0x310
[   67.796988][ T6804]  ? __ia32_sys_preadv2+0x150/0x150
[   67.802164][ T6804]  ? do_syscall_64+0x1c/0xe0
[   67.806733][ T6804]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   67.812684][ T6804]  do_syscall_64+0x60/0xe0
[   67.817074][ T6804]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.822935][ T6804] RIP: 0033:0x4401d9
[   67.826798][ T6804] Code: Bad RIP value.
[   67.830847][ T6804] RSP: 002b:00007ffe6c0a99c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[   67.839240][ T6804] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9
[   67.847188][ T6804] RDX: 0000000000000001 RSI: 0000000020000440 RDI: 0000000000000003
[   67.855131][ T6804] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   67.863072][ T6804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60
[   67.871015][ T6804] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   67.880448][ T6804] Kernel Offset: disabled
[   67.884760][ T6804] Rebooting in 86400 seconds..