[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. 2020/07/08 17:46:23 fuzzer started 2020/07/08 17:46:24 dialing manager at 10.128.0.26:45977 2020/07/08 17:46:24 syscalls: 3123 2020/07/08 17:46:24 code coverage: enabled 2020/07/08 17:46:24 comparison tracing: enabled 2020/07/08 17:46:24 extra coverage: enabled 2020/07/08 17:46:24 setuid sandbox: enabled 2020/07/08 17:46:24 namespace sandbox: enabled 2020/07/08 17:46:24 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/08 17:46:24 fault injection: enabled 2020/07/08 17:46:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/08 17:46:24 net packet injection: enabled 2020/07/08 17:46:24 net device setup: enabled 2020/07/08 17:46:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/08 17:46:24 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/08 17:46:24 USB emulation: enabled syzkaller login: [ 247.538514][ C0] ================================================================== [ 247.548016][ C0] BUG: KASAN: stack-out-of-bounds in csd_lock_record+0xd2/0xe0 [ 247.555567][ C0] Read of size 8 at addr ffffc90001667918 by task syz-fuzzer/6777 [ 247.563378][ C0] [ 247.565706][ C0] CPU: 0 PID: 6777 Comm: syz-fuzzer Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 [ 247.575136][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.585231][ C0] Call Trace: [ 247.588523][ C0] dump_stack+0x18f/0x20d [ 247.592842][ C0] ? csd_lock_record+0xd2/0xe0 [ 247.597588][ C0] ? csd_lock_record+0xd2/0xe0 [ 247.602337][ C0] print_address_description.constprop.0.cold+0x5/0x436 [ 247.609278][ C0] ? lock_is_held_type+0xb0/0xe0 [ 247.614198][ C0] ? lockdep_hardirqs_off+0x66/0xa0 [ 247.619400][ C0] ? vprintk_func+0x97/0x1a6 [ 247.623980][ C0] ? csd_lock_record+0xd2/0xe0 [ 247.628725][ C0] kasan_report.cold+0x1f/0x37 [ 247.633480][ C0] ? csd_lock_record+0xd2/0xe0 [ 247.638228][ C0] csd_lock_record+0xd2/0xe0 [ 247.642803][ C0] flush_smp_call_function_queue+0x285/0x730 [ 247.648770][ C0] ? flush_tlb_func_common.constprop.0+0x420/0x420 [ 247.655330][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 247.661383][ C0] __sysvec_call_function_single+0x98/0x490 [ 247.667259][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 247.673306][ C0] sysvec_call_function_single+0x4f/0x120 [ 247.679012][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 247.685067][ C0] asm_sysvec_call_function_single+0x12/0x20 [ 247.691027][ C0] RIP: 0033:0x420689 [ 247.694896][ C0] Code: Bad RIP value. [ 247.698942][ C0] RSP: 002b:000000c00004dea8 EFLAGS: 00000246 [ 247.704987][ C0] RAX: 0000000000203002 RBX: 00007f0ccc8137da RCX: 0000000000000000 [ 247.712939][ C0] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 00000000000000da [ 247.720894][ C0] RBP: 000000c00004df28 R08: 00007f0ccc8e1fff R09: 000000c00a62fb40 [ 247.728848][ C0] R10: 000000c00002d270 R11: 0000000000000095 R12: 0000000000000033 [ 247.736802][ C0] R13: 0000000000000400 R14: 0000000000000022 R15: ffffffffffffffff [ 247.744763][ C0] [ 247.747068][ C0] [ 247.749375][ C0] Memory state around the buggy address: [ 247.754986][ C0] ffffc90001667800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 247.763029][ C0] ffffc90001667880: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 247.771070][ C0] >ffffc90001667900: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 247.779105][ C0] ^ [ 247.784195][ C0] ffffc90001667980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 247.792238][ C0] ffffc90001667a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 247.800274][ C0] ================================================================== [ 247.808309][ C0] Disabling lock debugging due to kernel taint [ 247.814434][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 247.821008][ C0] CPU: 0 PID: 6777 Comm: syz-fuzzer Tainted: G B 5.8.0-rc3-next-20200703-syzkaller #0 [ 247.831820][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.841848][ C0] Call Trace: [ 247.845136][ C0] dump_stack+0x18f/0x20d [ 247.849456][ C0] ? csd_lock_record+0x30/0xe0 [ 247.854199][ C0] panic+0x2e3/0x75c [ 247.858071][ C0] ? __warn_printk+0xf3/0xf3 [ 247.862649][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 247.868434][ C0] ? csd_lock_record+0xd2/0xe0 [ 247.873177][ C0] ? csd_lock_record+0xd2/0xe0 [ 247.877919][ C0] end_report+0x4d/0x53 [ 247.882105][ C0] kasan_report.cold+0xd/0x37 [ 247.886771][ C0] ? csd_lock_record+0xd2/0xe0 [ 247.891514][ C0] csd_lock_record+0xd2/0xe0 [ 247.896085][ C0] flush_smp_call_function_queue+0x285/0x730 [ 247.902044][ C0] ? flush_tlb_func_common.constprop.0+0x420/0x420 [ 247.908525][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 247.914571][ C0] __sysvec_call_function_single+0x98/0x490 [ 247.920507][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 247.926583][ C0] sysvec_call_function_single+0x4f/0x120 [ 247.932287][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 247.938332][ C0] asm_sysvec_call_function_single+0x12/0x20 [ 247.944299][ C0] RIP: 0033:0x420689 [ 247.948168][ C0] Code: Bad RIP value. [ 247.952211][ C0] RSP: 002b:000000c00004dea8 EFLAGS: 00000246 [ 247.958250][ C0] RAX: 0000000000203002 RBX: 00007f0ccc8137da RCX: 0000000000000000 [ 247.966197][ C0] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 00000000000000da [ 247.974145][ C0] RBP: 000000c00004df28 R08: 00007f0ccc8e1fff R09: 000000c00a62fb40 [ 247.982092][ C0] R10: 000000c00002d270 R11: 0000000000000095 R12: 0000000000000033 [ 247.990040][ C0] R13: 0000000000000400 R14: 0000000000000022 R15: ffffffffffffffff [ 247.998665][ C0] Kernel Offset: disabled [ 248.002979][ C0] Rebooting in 86400 seconds..