[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts. 2020/07/08 16:00:48 fuzzer started 2020/07/08 16:00:49 dialing manager at 10.128.0.26:45977 2020/07/08 16:00:49 syscalls: 3123 2020/07/08 16:00:49 code coverage: enabled 2020/07/08 16:00:49 comparison tracing: enabled 2020/07/08 16:00:49 extra coverage: enabled 2020/07/08 16:00:49 setuid sandbox: enabled 2020/07/08 16:00:49 namespace sandbox: enabled 2020/07/08 16:00:49 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/08 16:00:49 fault injection: enabled 2020/07/08 16:00:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/08 16:00:49 net packet injection: enabled 2020/07/08 16:00:49 net device setup: enabled 2020/07/08 16:00:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/08 16:00:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/08 16:00:49 USB emulation: enabled syzkaller login: [ 248.164832][ C0] ================================================================== [ 248.173249][ C0] BUG: KASAN: stack-out-of-bounds in csd_lock_record+0xd2/0xe0 [ 248.180776][ C0] Read of size 8 at addr ffffc90001577918 by task syz-fuzzer/6819 [ 248.188663][ C0] [ 248.190981][ C0] CPU: 0 PID: 6819 Comm: syz-fuzzer Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 [ 248.200406][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.210458][ C0] Call Trace: [ 248.213778][ C0] dump_stack+0x18f/0x20d [ 248.218087][ C0] ? csd_lock_record+0xd2/0xe0 [ 248.222825][ C0] ? csd_lock_record+0xd2/0xe0 [ 248.227597][ C0] print_address_description.constprop.0.cold+0x5/0x436 [ 248.234540][ C0] ? lock_is_held_type+0xb0/0xe0 [ 248.239454][ C0] ? lockdep_hardirqs_off+0x66/0xa0 [ 248.244668][ C0] ? vprintk_func+0x97/0x1a6 [ 248.249240][ C0] ? csd_lock_record+0xd2/0xe0 [ 248.253979][ C0] kasan_report.cold+0x1f/0x37 [ 248.258725][ C0] ? csd_lock_record+0xd2/0xe0 [ 248.263470][ C0] csd_lock_record+0xd2/0xe0 [ 248.268043][ C0] flush_smp_call_function_queue+0x285/0x730 [ 248.274039][ C0] ? flush_tlb_func_common.constprop.0+0x420/0x420 [ 248.280539][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.286604][ C0] __sysvec_call_function_single+0x98/0x490 [ 248.292482][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.298522][ C0] sysvec_call_function_single+0x4f/0x120 [ 248.304221][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.310265][ C0] asm_sysvec_call_function_single+0x12/0x20 [ 248.316225][ C0] RIP: 0033:0x4206b0 [ 248.320093][ C0] Code: Bad RIP value. [ 248.324139][ C0] RSP: 002b:000000c0000dfea8 EFLAGS: 00000213 [ 248.330188][ C0] RAX: 0000000000203004 RBX: 00007fb85b9ddc49 RCX: 0000000000000002 [ 248.338136][ C0] RDX: 0000000000000020 RSI: 0000000000000002 RDI: 000000c010cb8900 [ 248.346086][ C0] RBP: 000000c0000dff28 R08: 00007fb85bb77fff R09: 000000c010cb8920 [ 248.354036][ C0] R10: 000000c00002f770 R11: 0000000000000010 R12: 0000000000000054 [ 248.361987][ C0] R13: 0000000000000800 R14: 0000000000000002 R15: 0000000000000002 [ 248.369946][ C0] [ 248.372249][ C0] [ 248.374554][ C0] Memory state around the buggy address: [ 248.380167][ C0] ffffc90001577800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 248.388203][ C0] ffffc90001577880: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 248.396240][ C0] >ffffc90001577900: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 248.404269][ C0] ^ [ 248.409355][ C0] ffffc90001577980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 248.417391][ C0] ffffc90001577a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 248.425426][ C0] ================================================================== [ 248.433460][ C0] Disabling lock debugging due to kernel taint [ 248.439582][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 248.446160][ C0] CPU: 0 PID: 6819 Comm: syz-fuzzer Tainted: G B 5.8.0-rc3-next-20200703-syzkaller #0 [ 248.456968][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.466995][ C0] Call Trace: [ 248.470262][ C0] dump_stack+0x18f/0x20d [ 248.474584][ C0] ? csd_lock_record+0x30/0xe0 [ 248.479383][ C0] panic+0x2e3/0x75c [ 248.483256][ C0] ? __warn_printk+0xf3/0xf3 [ 248.487824][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 248.493608][ C0] ? csd_lock_record+0xd2/0xe0 [ 248.498351][ C0] ? csd_lock_record+0xd2/0xe0 [ 248.503088][ C0] end_report+0x4d/0x53 [ 248.507218][ C0] kasan_report.cold+0xd/0x37 [ 248.511876][ C0] ? csd_lock_record+0xd2/0xe0 [ 248.516614][ C0] csd_lock_record+0xd2/0xe0 [ 248.521177][ C0] flush_smp_call_function_queue+0x285/0x730 [ 248.527132][ C0] ? flush_tlb_func_common.constprop.0+0x420/0x420 [ 248.533610][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.539654][ C0] __sysvec_call_function_single+0x98/0x490 [ 248.545521][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.551557][ C0] sysvec_call_function_single+0x4f/0x120 [ 248.557266][ C0] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.563308][ C0] asm_sysvec_call_function_single+0x12/0x20 [ 248.569266][ C0] RIP: 0033:0x4206b0 [ 248.573127][ C0] Code: Bad RIP value. [ 248.577168][ C0] RSP: 002b:000000c0000dfea8 EFLAGS: 00000213 [ 248.583208][ C0] RAX: 0000000000203004 RBX: 00007fb85b9ddc49 RCX: 0000000000000002 [ 248.591155][ C0] RDX: 0000000000000020 RSI: 0000000000000002 RDI: 000000c010cb8900 [ 248.599101][ C0] RBP: 000000c0000dff28 R08: 00007fb85bb77fff R09: 000000c010cb8920 [ 248.607048][ C0] R10: 000000c00002f770 R11: 0000000000000010 R12: 0000000000000054 [ 248.614998][ C0] R13: 0000000000000800 R14: 0000000000000002 R15: 0000000000000002 [ 248.624239][ C0] Kernel Offset: disabled [ 248.628550][ C0] Rebooting in 86400 seconds..