Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 62.078901][ T6808] ================================================================== [ 62.087074][ T6808] BUG: KASAN: slab-out-of-bounds in qrtr_endpoint_post+0x5c1/0x1050 [ 62.095077][ T6808] Read of size 4294967294 at addr ffff888094d76cd0 by task syz-executor568/6808 [ 62.104139][ T6808] [ 62.106455][ T6808] CPU: 0 PID: 6808 Comm: syz-executor568 Not tainted 5.8.0-syzkaller #0 [ 62.114754][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.124788][ T6808] Call Trace: [ 62.128063][ T6808] dump_stack+0x18f/0x20d [ 62.132372][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.137636][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.142906][ T6808] print_address_description.constprop.0.cold+0xae/0x497 [ 62.149925][ T6808] ? vprintk_func+0x97/0x1a6 [ 62.154497][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.159760][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.165041][ T6808] kasan_report.cold+0x1f/0x37 [ 62.169791][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.175061][ T6808] check_memory_region+0x13d/0x180 [ 62.180165][ T6808] memcpy+0x20/0x60 [ 62.184011][ T6808] qrtr_endpoint_post+0x5c1/0x1050 [ 62.189195][ T6808] qrtr_tun_write_iter+0xf5/0x180 [ 62.194225][ T6808] new_sync_write+0x422/0x650 [ 62.198887][ T6808] ? new_sync_read+0x6e0/0x6e0 [ 62.203678][ T6808] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 62.209201][ T6808] ? apparmor_file_permission+0x26e/0x4e0 [ 62.214900][ T6808] ? build_open_flags+0x650/0x650 [ 62.219909][ T6808] vfs_write+0x5ad/0x730 [ 62.224132][ T6808] ksys_write+0x12d/0x250 [ 62.228440][ T6808] ? __ia32_sys_read+0xb0/0xb0 [ 62.233241][ T6808] ? trace_hardirqs_on+0x5f/0x220 [ 62.238247][ T6808] ? lockdep_hardirqs_on+0x76/0xf0 [ 62.243340][ T6808] __do_fast_syscall_32+0x57/0x80 [ 62.248340][ T6808] do_fast_syscall_32+0x2f/0x70 [ 62.253169][ T6808] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 62.259473][ T6808] RIP: 0023:0xf7f0e569 [ 62.263519][ T6808] Code: 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 62.283097][ T6808] RSP: 002b:00000000ff9b9cbc EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 62.291482][ T6808] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 62.299434][ T6808] RDX: 0000000000000010 RSI: 00000000080ea078 RDI: 00000000ff9b9d10 [ 62.307405][ T6808] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.315354][ T6808] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 62.323301][ T6808] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 62.331255][ T6808] [ 62.333566][ T6808] Allocated by task 6808: [ 62.337877][ T6808] kasan_save_stack+0x1b/0x40 [ 62.342529][ T6808] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.348134][ T6808] __kmalloc+0x1a8/0x320 [ 62.352350][ T6808] qrtr_tun_write_iter+0x8a/0x180 [ 62.357349][ T6808] new_sync_write+0x422/0x650 [ 62.362000][ T6808] vfs_write+0x5ad/0x730 [ 62.366214][ T6808] ksys_write+0x12d/0x250 [ 62.370520][ T6808] __do_fast_syscall_32+0x57/0x80 [ 62.375538][ T6808] do_fast_syscall_32+0x2f/0x70 [ 62.380377][ T6808] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 62.386673][ T6808] [ 62.388980][ T6808] The buggy address belongs to the object at ffff888094d76cc0 [ 62.388980][ T6808] which belongs to the cache kmalloc-32 of size 32 [ 62.402849][ T6808] The buggy address is located 16 bytes inside of [ 62.402849][ T6808] 32-byte region [ffff888094d76cc0, ffff888094d76ce0) [ 62.415920][ T6808] The buggy address belongs to the page: [ 62.421540][ T6808] page:00000000501024b2 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888094d76fc1 pfn:0x94d76 [ 62.432993][ T6808] flags: 0xfffe0000000200(slab) [ 62.437822][ T6808] raw: 00fffe0000000200 ffffea000260bc08 ffffea00026a8048 ffff8880aa040100 [ 62.446406][ T6808] raw: ffff888094d76fc1 ffff888094d76000 0000000100000025 0000000000000000 [ 62.454974][ T6808] page dumped because: kasan: bad access detected [ 62.461378][ T6808] [ 62.463677][ T6808] Memory state around the buggy address: [ 62.469283][ T6808] ffff888094d76b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 62.477319][ T6808] ffff888094d76c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 62.485374][ T6808] >ffff888094d76c80: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 62.493421][ T6808] ^ [ 62.500069][ T6808] ffff888094d76d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 62.508107][ T6808] ffff888094d76d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 62.516142][ T6808] ================================================================== [ 62.524178][ T6808] Disabling lock debugging due to kernel taint [ 62.531065][ T6808] Kernel panic - not syncing: panic_on_warn set ... [ 62.537657][ T6808] CPU: 0 PID: 6808 Comm: syz-executor568 Tainted: G B 5.8.0-syzkaller #0 [ 62.547364][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.557432][ T6808] Call Trace: [ 62.560701][ T6808] dump_stack+0x18f/0x20d [ 62.565014][ T6808] ? qrtr_endpoint_post+0x530/0x1050 [ 62.570294][ T6808] panic+0x2e3/0x75c [ 62.574163][ T6808] ? __warn_printk+0xf3/0xf3 [ 62.578754][ T6808] ? preempt_schedule_common+0x59/0xc0 [ 62.584190][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.589448][ T6808] ? preempt_schedule_thunk+0x16/0x18 [ 62.594793][ T6808] ? trace_hardirqs_on+0x55/0x220 [ 62.599812][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.605071][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.610325][ T6808] end_report+0x4d/0x53 [ 62.614453][ T6808] kasan_report.cold+0xd/0x37 [ 62.619102][ T6808] ? qrtr_endpoint_post+0x5c1/0x1050 [ 62.624360][ T6808] check_memory_region+0x13d/0x180 [ 62.629443][ T6808] memcpy+0x20/0x60 [ 62.633224][ T6808] qrtr_endpoint_post+0x5c1/0x1050 [ 62.638312][ T6808] qrtr_tun_write_iter+0xf5/0x180 [ 62.643310][ T6808] new_sync_write+0x422/0x650 [ 62.647960][ T6808] ? new_sync_read+0x6e0/0x6e0 [ 62.652700][ T6808] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 62.658219][ T6808] ? apparmor_file_permission+0x26e/0x4e0 [ 62.663936][ T6808] ? build_open_flags+0x650/0x650 [ 62.668939][ T6808] vfs_write+0x5ad/0x730 [ 62.673160][ T6808] ksys_write+0x12d/0x250 [ 62.677488][ T6808] ? __ia32_sys_read+0xb0/0xb0 [ 62.682228][ T6808] ? trace_hardirqs_on+0x5f/0x220 [ 62.687260][ T6808] ? lockdep_hardirqs_on+0x76/0xf0 [ 62.692348][ T6808] __do_fast_syscall_32+0x57/0x80 [ 62.697349][ T6808] do_fast_syscall_32+0x2f/0x70 [ 62.702175][ T6808] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 62.708474][ T6808] RIP: 0023:0xf7f0e569 [ 62.712516][ T6808] Code: 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 62.732094][ T6808] RSP: 002b:00000000ff9b9cbc EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 62.740484][ T6808] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 62.748451][ T6808] RDX: 0000000000000010 RSI: 00000000080ea078 RDI: 00000000ff9b9d10 [ 62.756397][ T6808] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.764355][ T6808] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 62.772299][ T6808] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 62.781568][ T6808] Kernel Offset: disabled [ 62.785881][ T6808] Rebooting in 86400 seconds..