[ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.057908] IPVS: ftp: loaded support on port[0] = 21 [ 34.199943] audit: type=1800 audit(1627052987.745:2): pid=8121 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor069" name="/" dev="fuse" ino=1 res=0 [ 34.422310] ================================================================== [ 34.430033] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x90c/0x9a0 [ 34.437242] Read of size 8 at addr ffff888096a27d10 by task syz-executor069/8120 [ 34.445126] [ 34.446769] CPU: 1 PID: 8120 Comm: syz-executor069 Not tainted 4.19.198-syzkaller #0 [ 34.454830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.464305] Call Trace: [ 34.467132] dump_stack+0x1fc/0x2ef [ 34.471535] print_address_description.cold+0x54/0x219 [ 34.476818] kasan_report_error.cold+0x8a/0x1b9 [ 34.481485] ? iov_iter_revert+0x90c/0x9a0 [ 34.485714] __asan_report_load8_noabort+0x88/0x90 [ 34.490674] ? iov_iter_revert+0x90c/0x9a0 [ 34.495019] iov_iter_revert+0x90c/0x9a0 [ 34.499089] ? filemap_check_errors+0xb5/0xd0 [ 34.503916] generic_file_read_iter+0x16fb/0x2b60 [ 34.508765] ? do_futex+0x171/0x1880 [ 34.512487] fuse_file_read_iter+0x198/0x240 [ 34.516888] __vfs_read+0x518/0x750 [ 34.520500] ? __se_sys_copy_file_range+0x410/0x410 [ 34.525687] ? security_file_permission+0x1c0/0x220 [ 34.530791] vfs_read+0x194/0x3c0 [ 34.534333] ksys_read+0x12b/0x2a0 [ 34.537856] ? kernel_write+0x110/0x110 [ 34.542197] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.547298] ? do_syscall_64+0x21/0x620 [ 34.551279] do_syscall_64+0xf9/0x620 [ 34.555607] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.561054] RIP: 0033:0x445ea9 [ 34.564320] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 34.584508] RSP: 002b:00007f2e972fc2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 34.592316] RAX: ffffffffffffffda RBX: 00000000004d14f0 RCX: 0000000000445ea9 [ 34.599569] RDX: 000000002000a3a0 RSI: 0000000020008380 RDI: 0000000000000005 [ 34.606818] RBP: 00000000004a10dc R08: 0000000000000000 R09: 0000000000000000 [ 34.614329] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 34.621594] R13: 000000000049d0d0 R14: 000000000049f0d8 R15: 00000000004d14f8 [ 34.628859] [ 34.630493] The buggy address belongs to the page: [ 34.635603] page:ffffea00025a89c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 34.643731] flags: 0xfff00000000000() [ 34.647517] raw: 00fff00000000000 0000000000000000 ffffffff025a0101 0000000000000000 [ 34.655571] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 34.663438] page dumped because: kasan: bad access detected [ 34.669130] [ 34.670756] Memory state around the buggy address: [ 34.675837] ffff888096a27c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.683173] ffff888096a27c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 34.690694] >ffff888096a27d00: f1 f1 f1 00 00 f2 f2 00 00 00 00 00 f2 f2 f2 f2 [ 34.698039] ^ [ 34.702086] ffff888096a27d80: f2 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 [ 34.710050] ffff888096a27e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.717497] ================================================================== [ 34.724846] Disabling lock debugging due to kernel taint [ 34.733605] Kernel panic - not syncing: panic_on_warn set ... [ 34.733605] [ 34.740997] CPU: 1 PID: 8120 Comm: syz-executor069 Tainted: G B 4.19.198-syzkaller #0 [ 34.750260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.759594] Call Trace: [ 34.762162] dump_stack+0x1fc/0x2ef [ 34.765770] panic+0x26a/0x50e [ 34.768940] ? __warn_printk+0xf3/0xf3 [ 34.772805] ? preempt_schedule_common+0x45/0xc0 [ 34.777536] ? ___preempt_schedule+0x16/0x18 [ 34.781923] ? trace_hardirqs_on+0x55/0x210 [ 34.786222] kasan_end_report+0x43/0x49 [ 34.790178] kasan_report_error.cold+0xa7/0x1b9 [ 34.794872] ? iov_iter_revert+0x90c/0x9a0 [ 34.799088] __asan_report_load8_noabort+0x88/0x90 [ 34.803997] ? iov_iter_revert+0x90c/0x9a0 [ 34.808247] iov_iter_revert+0x90c/0x9a0 [ 34.812385] ? filemap_check_errors+0xb5/0xd0 [ 34.816946] generic_file_read_iter+0x16fb/0x2b60 [ 34.821768] ? do_futex+0x171/0x1880 [ 34.825473] fuse_file_read_iter+0x198/0x240 [ 34.829887] __vfs_read+0x518/0x750 [ 34.833499] ? __se_sys_copy_file_range+0x410/0x410 [ 34.838516] ? security_file_permission+0x1c0/0x220 [ 34.843521] vfs_read+0x194/0x3c0 [ 34.846958] ksys_read+0x12b/0x2a0 [ 34.850484] ? kernel_write+0x110/0x110 [ 34.854438] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.859439] ? do_syscall_64+0x21/0x620 [ 34.863392] do_syscall_64+0xf9/0x620 [ 34.867178] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.872354] RIP: 0033:0x445ea9 [ 34.875603] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 34.894673] RSP: 002b:00007f2e972fc2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 34.902358] RAX: ffffffffffffffda RBX: 00000000004d14f0 RCX: 0000000000445ea9 [ 34.909623] RDX: 000000002000a3a0 RSI: 0000000020008380 RDI: 0000000000000005 [ 34.916879] RBP: 00000000004a10dc R08: 0000000000000000 R09: 0000000000000000 [ 34.924306] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 34.931686] R13: 000000000049d0d0 R14: 000000000049f0d8 R15: 00000000004d14f8 [ 34.940492] Kernel Offset: disabled [ 34.944187] Rebooting in 86400 seconds..