[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.70' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.216121][ T36] audit: type=1800 audit(1628776330.533:2): pid=8433 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor477" name="bus" dev="sda1" ino=13862 res=0 errno=0 [ 48.216462][ T8433] ================================================================== [ 48.244334][ T8433] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x179/0xa30 [ 48.252074][ T8433] Read of size 8 at addr ffffc9000bbb6f58 by task syz-executor477/8433 [ 48.260738][ T8433] [ 48.263089][ T8433] CPU: 1 PID: 8433 Comm: syz-executor477 Not tainted 5.14.0-rc5-syzkaller #0 [ 48.271871][ T8433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.281908][ T8433] Call Trace: [ 48.285208][ T8433] dump_stack_lvl+0x1ae/0x29f [ 48.289871][ T8433] ? show_regs_print_info+0x12/0x12 [ 48.295080][ T8433] ? printk+0xc0/0x108 [ 48.299130][ T8433] ? wake_up_klogd+0xb2/0xf0 [ 48.303697][ T8433] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 48.309429][ T8433] ? _raw_spin_lock_irqsave+0xbf/0x100 [ 48.314880][ T8433] print_address_description+0x66/0x3b0 [ 48.320409][ T8433] kasan_report+0x163/0x210 [ 48.324899][ T8433] ? iov_iter_revert+0x179/0xa30 [ 48.329833][ T8433] iov_iter_revert+0x179/0xa30 [ 48.334593][ T8433] ? rw_verify_area+0x1b8/0x370 [ 48.339435][ T8433] io_write+0x8ba/0xb90 [ 48.343588][ T8433] ? io_submit_flush_completions+0x6d0/0x6d0 [ 48.349554][ T8433] ? __lock_acquire+0x145b/0x6100 [ 48.354561][ T8433] ? trace_lock_acquire+0x190/0x190 [ 48.359747][ T8433] ? __lock_acquire+0x1385/0x6100 [ 48.364752][ T8433] io_issue_sqe+0xc34/0x9530 [ 48.369329][ T8433] ? mark_lock+0x199/0x1eb0 [ 48.373809][ T8433] ? __io_queue_sqe+0xf00/0xf00 [ 48.378642][ T8433] ? __bfs+0x700/0x700 [ 48.382693][ T8433] ? trace_lock_acquire+0x190/0x190 [ 48.387870][ T8433] ? rcu_read_lock_sched_held+0x87/0x110 [ 48.393508][ T8433] ? rcu_lock_release+0x5/0x20 [ 48.398326][ T8433] ? stack_trace_save+0x1e0/0x1e0 [ 48.403327][ T8433] ? rcu_read_lock_sched_held+0x87/0x110 [ 48.408935][ T8433] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 48.414911][ T8433] ? __lock_acquire+0x1385/0x6100 [ 48.419947][ T8433] ? rcu_lock_release+0x5/0x20 [ 48.424715][ T8433] ? trace_lock_acquire+0x190/0x190 [ 48.429908][ T8433] ? stack_trace_save+0x1e0/0x1e0 [ 48.434912][ T8433] ? stack_trace_save+0x1e0/0x1e0 [ 48.439913][ T8433] ? is_bpf_text_address+0x253/0x270 [ 48.445177][ T8433] ? stack_trace_save+0x1e0/0x1e0 [ 48.450179][ T8433] ? __kernel_text_address+0x93/0x100 [ 48.455529][ T8433] ? unwind_get_return_address+0x48/0x80 [ 48.461144][ T8433] ? arch_stack_walk+0x98/0xe0 [ 48.465899][ T8433] ? rcu_lock_release+0x9/0x20 [ 48.470640][ T8433] ? rcu_read_lock_sched_held+0x87/0x110 [ 48.476253][ T8433] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 48.482229][ T8433] ? rcu_lock_release+0x9/0x20 [ 48.486974][ T8433] ? __lock_acquire+0x6100/0x6100 [ 48.491986][ T8433] __io_queue_sqe+0x1f9/0xf00 [ 48.496657][ T8433] ? rcu_read_lock_sched_held+0x87/0x110 [ 48.502278][ T8433] ? io_req_task_submit+0x210/0x210 [ 48.507462][ T8433] ? io_queue_sqe+0xb9/0xd70 [ 48.512040][ T8433] ? trace_io_uring_submit_sqe+0xcd/0x270 [ 48.517748][ T8433] io_submit_sqes+0x1e49/0x7d40 [ 48.522621][ T8433] ? io_uring_add_tctx_node+0x330/0x330 [ 48.528592][ T8433] ? io_uring_add_tctx_node+0x74/0x330 [ 48.534137][ T8433] __se_sys_io_uring_enter+0x22b/0x1d30 [ 48.539692][ T8433] ? __x64_sys_io_uring_enter+0xf0/0xf0 [ 48.545237][ T8433] ? lockdep_hardirqs_on_prepare+0x3e2/0x750 [ 48.551201][ T8433] ? print_irqtrace_events+0x220/0x220 [ 48.556641][ T8433] ? vtime_user_exit+0x2b2/0x3e0 [ 48.561563][ T8433] ? syscall_enter_from_user_mode+0x2e/0x1b0 [ 48.567524][ T8433] ? lockdep_hardirqs_on+0x8d/0x130 [ 48.572700][ T8433] ? __x64_sys_io_uring_enter+0x1d/0xf0 [ 48.578231][ T8433] do_syscall_64+0x3d/0xb0 [ 48.582635][ T8433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.588522][ T8433] RIP: 0033:0x43f8a9 [ 48.592402][ T8433] Code: 28 c3 e8 1a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 48.611984][ T8433] RSP: 002b:00007ffe645dde88 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 48.620379][ T8433] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000043f8a9 [ 48.628337][ T8433] RDX: 0000000000000000 RSI: 00000000000052fe RDI: 0000000000000003 [ 48.636291][ T8433] RBP: 00007ffe645ddea8 R08: 0000000000000000 R09: 0000000000000000 [ 48.644254][ T8433] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe645ddeb0 [ 48.652203][ T8433] R13: 0000000000000000 R14: 00000000004ae018 R15: 0000000000400488 [ 48.660571][ T8433] [ 48.662886][ T8433] [ 48.665188][ T8433] addr ffffc9000bbb6f58 is located in stack of task syz-executor477/8433 at offset 24 in frame: [ 48.675630][ T8433] io_write+0x0/0xb90 [ 48.679600][ T8433] [ 48.681999][ T8433] this frame has 3 objects: [ 48.686481][ T8433] [32, 160) 'inline_vecs' [ 48.686492][ T8433] [192, 200) 'iovec' [ 48.690884][ T8433] [224, 264) '__iter' [ 48.694844][ T8433] [ 48.701185][ T8433] Memory state around the buggy address: [ 48.706793][ T8433] ffffc9000bbb6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.714832][ T8433] ffffc9000bbb6e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.722865][ T8433] >ffffc9000bbb6f00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 [ 48.730940][ T8433] ^ [ 48.737851][ T8433] ffffc9000bbb6f80: 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 [ 48.745939][ T8433] ffffc9000bbb7000: 00 f2 f2 f2 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 [ 48.753971][ T8433] ================================================================== [ 48.762056][ T8433] Disabling lock debugging due to kernel taint [ 48.769258][ T8433] Kernel panic - not syncing: panic_on_warn set ... [ 48.775836][ T8433] CPU: 1 PID: 8433 Comm: syz-executor477 Tainted: G B 5.14.0-rc5-syzkaller #0 [ 48.785965][ T8433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.796009][ T8433] Call Trace: [ 48.799273][ T8433] dump_stack_lvl+0x1ae/0x29f [ 48.803936][ T8433] ? show_regs_print_info+0x12/0x12 [ 48.809254][ T8433] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 48.814955][ T8433] ? preempt_schedule+0x14a/0x170 [ 48.819959][ T8433] ? schedule_preempt_disabled+0x20/0x20 [ 48.825570][ T8433] panic+0x2e1/0x850 [ 48.829447][ T8433] ? trace_hardirqs_on+0x30/0x80 [ 48.834364][ T8433] ? nmi_panic+0x90/0x90 [ 48.838583][ T8433] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 48.844541][ T8433] ? print_memory_metadata+0xa7/0x100 [ 48.849898][ T8433] kasan_report+0x206/0x210 [ 48.854384][ T8433] ? iov_iter_revert+0x179/0xa30 [ 48.859298][ T8433] iov_iter_revert+0x179/0xa30 [ 48.864041][ T8433] ? rw_verify_area+0x1b8/0x370 [ 48.868886][ T8433] io_write+0x8ba/0xb90 [ 48.873027][ T8433] ? io_submit_flush_completions+0x6d0/0x6d0 [ 48.878990][ T8433] ? __lock_acquire+0x145b/0x6100 [ 48.883997][ T8433] ? trace_lock_acquire+0x190/0x190 [ 48.889178][ T8433] ? __lock_acquire+0x1385/0x6100 [ 48.894182][ T8433] io_issue_sqe+0xc34/0x9530 [ 48.898756][ T8433] ? mark_lock+0x199/0x1eb0 [ 48.903240][ T8433] ? __io_queue_sqe+0xf00/0xf00 [ 48.908076][ T8433] ? __bfs+0x700/0x700 [ 48.912123][ T8433] ? trace_lock_acquire+0x190/0x190 [ 48.917316][ T8433] ? rcu_read_lock_sched_held+0x87/0x110 [ 48.922934][ T8433] ? rcu_lock_release+0x5/0x20 [ 48.927675][ T8433] ? stack_trace_save+0x1e0/0x1e0 [ 48.932677][ T8433] ? rcu_read_lock_sched_held+0x87/0x110 [ 48.938289][ T8433] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 48.944250][ T8433] ? __lock_acquire+0x1385/0x6100 [ 48.949273][ T8433] ? rcu_lock_release+0x5/0x20 [ 48.954017][ T8433] ? trace_lock_acquire+0x190/0x190 [ 48.959208][ T8433] ? stack_trace_save+0x1e0/0x1e0 [ 48.964217][ T8433] ? stack_trace_save+0x1e0/0x1e0 [ 48.969228][ T8433] ? is_bpf_text_address+0x253/0x270 [ 48.974492][ T8433] ? stack_trace_save+0x1e0/0x1e0 [ 48.979493][ T8433] ? __kernel_text_address+0x93/0x100 [ 48.984860][ T8433] ? unwind_get_return_address+0x48/0x80 [ 48.990484][ T8433] ? arch_stack_walk+0x98/0xe0 [ 48.995234][ T8433] ? rcu_lock_release+0x9/0x20 [ 48.999980][ T8433] ? rcu_read_lock_sched_held+0x87/0x110 [ 49.005594][ T8433] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 49.011575][ T8433] ? rcu_lock_release+0x9/0x20 [ 49.016319][ T8433] ? __lock_acquire+0x6100/0x6100 [ 49.021326][ T8433] __io_queue_sqe+0x1f9/0xf00 [ 49.026004][ T8433] ? rcu_read_lock_sched_held+0x87/0x110 [ 49.031614][ T8433] ? io_req_task_submit+0x210/0x210 [ 49.036803][ T8433] ? io_queue_sqe+0xb9/0xd70 [ 49.041372][ T8433] ? trace_io_uring_submit_sqe+0xcd/0x270 [ 49.047082][ T8433] io_submit_sqes+0x1e49/0x7d40 [ 49.051922][ T8433] ? io_uring_add_tctx_node+0x330/0x330 [ 49.057460][ T8433] ? io_uring_add_tctx_node+0x74/0x330 [ 49.062902][ T8433] __se_sys_io_uring_enter+0x22b/0x1d30 [ 49.068443][ T8433] ? __x64_sys_io_uring_enter+0xf0/0xf0 [ 49.073985][ T8433] ? lockdep_hardirqs_on_prepare+0x3e2/0x750 [ 49.079956][ T8433] ? print_irqtrace_events+0x220/0x220 [ 49.085404][ T8433] ? vtime_user_exit+0x2b2/0x3e0 [ 49.090347][ T8433] ? syscall_enter_from_user_mode+0x2e/0x1b0 [ 49.096312][ T8433] ? lockdep_hardirqs_on+0x8d/0x130 [ 49.101492][ T8433] ? __x64_sys_io_uring_enter+0x1d/0xf0 [ 49.107019][ T8433] do_syscall_64+0x3d/0xb0 [ 49.111420][ T8433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.117293][ T8433] RIP: 0033:0x43f8a9 [ 49.121167][ T8433] Code: 28 c3 e8 1a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 49.140753][ T8433] RSP: 002b:00007ffe645dde88 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 49.149145][ T8433] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000043f8a9 [ 49.157096][ T8433] RDX: 0000000000000000 RSI: 00000000000052fe RDI: 0000000000000003 [ 49.165046][ T8433] RBP: 00007ffe645ddea8 R08: 0000000000000000 R09: 0000000000000000 [ 49.172994][ T8433] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe645ddeb0 [ 49.180945][ T8433] R13: 0000000000000000 R14: 00000000004ae018 R15: 0000000000400488 [ 49.190125][ T8433] Kernel Offset: disabled [ 49.194436][ T8433] Rebooting in 86400 seconds..