[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.62' (ECDSA) to the list of known hosts. 2020/07/08 10:30:17 fuzzer started 2020/07/08 10:30:18 dialing manager at 10.128.0.26:45977 2020/07/08 10:30:18 syscalls: 3123 2020/07/08 10:30:18 code coverage: enabled 2020/07/08 10:30:18 comparison tracing: enabled 2020/07/08 10:30:18 extra coverage: enabled 2020/07/08 10:30:18 setuid sandbox: enabled 2020/07/08 10:30:18 namespace sandbox: enabled 2020/07/08 10:30:18 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/08 10:30:18 fault injection: enabled 2020/07/08 10:30:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/08 10:30:18 net packet injection: enabled 2020/07/08 10:30:18 net device setup: enabled 2020/07/08 10:30:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/08 10:30:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/08 10:30:18 USB emulation: enabled syzkaller login: [ 188.755470][ C1] ================================================================== [ 188.763755][ C1] BUG: KASAN: stack-out-of-bounds in csd_lock_record+0xd2/0xe0 [ 188.771301][ C1] Read of size 8 at addr ffffc90001627918 by task syz-fuzzer/6837 [ 188.779087][ C1] [ 188.781413][ C1] CPU: 1 PID: 6837 Comm: syz-fuzzer Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 [ 188.790858][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.800921][ C1] Call Trace: [ 188.804235][ C1] dump_stack+0x18f/0x20d [ 188.808563][ C1] ? csd_lock_record+0xd2/0xe0 [ 188.813322][ C1] ? csd_lock_record+0xd2/0xe0 [ 188.818553][ C1] print_address_description.constprop.0.cold+0x5/0x436 [ 188.825497][ C1] ? lock_is_held_type+0xb0/0xe0 [ 188.830447][ C1] ? lockdep_hardirqs_off+0x66/0xa0 [ 188.835641][ C1] ? vprintk_func+0x97/0x1a6 [ 188.840243][ C1] ? csd_lock_record+0xd2/0xe0 [ 188.844998][ C1] kasan_report.cold+0x1f/0x37 [ 188.849761][ C1] ? csd_lock_record+0xd2/0xe0 [ 188.854524][ C1] csd_lock_record+0xd2/0xe0 [ 188.859110][ C1] flush_smp_call_function_queue+0x285/0x730 [ 188.865088][ C1] ? flush_tlb_func_common.constprop.0+0x420/0x420 [ 188.871590][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 188.877654][ C1] __sysvec_call_function_single+0x98/0x490 [ 188.883569][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 188.889648][ C1] sysvec_call_function_single+0x4f/0x120 [ 188.895374][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 188.901462][ C1] asm_sysvec_call_function_single+0x12/0x20 [ 188.907437][ C1] RIP: 0033:0x414708 [ 188.911324][ C1] Code: Bad RIP value. [ 188.916160][ C1] RSP: 002b:000000c0000ede58 EFLAGS: 00000202 [ 188.922846][ C1] RAX: 000000c004668a80 RBX: 00000000000000a8 RCX: 0000000000000004 [ 188.931775][ C1] RDX: 00007f55fe326b88 RSI: 0000000000000004 RDI: ffffffffffffffff [ 188.939773][ C1] RBP: 000000c0000ede98 R08: 00007f55fe648fff R09: 000000c00d2d4e00 [ 188.948347][ C1] R10: 000000c00002f770 R11: 0000000000000078 R12: 000000c004668a80 [ 188.956332][ C1] R13: 0000000000000400 R14: 0000000000000007 R15: 000000000000994a [ 188.964320][ C1] [ 188.966650][ C1] [ 188.968966][ C1] Memory state around the buggy address: [ 188.974682][ C1] ffffc90001627800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 188.982738][ C1] ffffc90001627880: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 188.990799][ C1] >ffffc90001627900: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 188.998962][ C1] ^ [ 189.004069][ C1] ffffc90001627980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 189.012931][ C1] ffffc90001627a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 189.020999][ C1] ================================================================== [ 189.029055][ C1] Disabling lock debugging due to kernel taint [ 189.035190][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 189.041773][ C1] CPU: 1 PID: 6837 Comm: syz-fuzzer Tainted: G B 5.8.0-rc3-next-20200703-syzkaller #0 [ 189.052605][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.062651][ C1] Call Trace: [ 189.065942][ C1] dump_stack+0x18f/0x20d [ 189.070267][ C1] ? csd_lock_record+0x30/0xe0 [ 189.075029][ C1] panic+0x2e3/0x75c [ 189.078919][ C1] ? __warn_printk+0xf3/0xf3 [ 189.083506][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 189.089313][ C1] ? csd_lock_record+0xd2/0xe0 [ 189.094074][ C1] ? csd_lock_record+0xd2/0xe0 [ 189.098842][ C1] end_report+0x4d/0x53 [ 189.102996][ C1] kasan_report.cold+0xd/0x37 [ 189.107670][ C1] ? csd_lock_record+0xd2/0xe0 [ 189.112695][ C1] csd_lock_record+0xd2/0xe0 [ 189.117288][ C1] flush_smp_call_function_queue+0x285/0x730 [ 189.123271][ C1] ? flush_tlb_func_common.constprop.0+0x420/0x420 [ 189.129796][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 189.135876][ C1] __sysvec_call_function_single+0x98/0x490 [ 189.141768][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 189.147826][ C1] sysvec_call_function_single+0x4f/0x120 [ 189.153541][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 189.159618][ C1] asm_sysvec_call_function_single+0x12/0x20 [ 189.165592][ C1] RIP: 0033:0x414708 [ 189.169468][ C1] Code: Bad RIP value. [ 189.173534][ C1] RSP: 002b:000000c0000ede58 EFLAGS: 00000202 [ 189.179598][ C1] RAX: 000000c004668a80 RBX: 00000000000000a8 RCX: 0000000000000004 [ 189.187559][ C1] RDX: 00007f55fe326b88 RSI: 0000000000000004 RDI: ffffffffffffffff [ 189.195520][ C1] RBP: 000000c0000ede98 R08: 00007f55fe648fff R09: 000000c00d2d4e00 [ 189.203485][ C1] R10: 000000c00002f770 R11: 0000000000000078 R12: 000000c004668a80 [ 189.211446][ C1] R13: 0000000000000400 R14: 0000000000000007 R15: 000000000000994a [ 189.220537][ C1] Kernel Offset: disabled [ 189.224896][ C1] Rebooting in 86400 seconds..