Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. executing program [ 29.503611] XFS (loop0): Mounting V4 Filesystem [ 29.521294] XFS (loop0): Ending clean mount [ 29.541241] audit: type=1800 audit(1671149326.554:2): pid=7969 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor193" name="bus" dev="loop0" ino=41 res=0 [ 29.560842] ================================================================== [ 29.568280] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x800/0x900 [ 29.575268] Read of size 8 at addr ffff8880b3b0fc98 by task syz-executor193/7969 [ 29.582773] [ 29.584394] CPU: 1 PID: 7969 Comm: syz-executor193 Not tainted 4.14.302-syzkaller #0 [ 29.592244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.601577] Call Trace: [ 29.604140] dump_stack+0x1b2/0x281 [ 29.607742] print_address_description.cold+0x54/0x1d3 [ 29.612997] kasan_report_error.cold+0x8a/0x191 [ 29.617639] ? iov_iter_revert+0x800/0x900 [ 29.621847] __asan_report_load8_noabort+0x68/0x70 [ 29.626752] ? iov_iter_revert+0x800/0x900 [ 29.630963] iov_iter_revert+0x800/0x900 [ 29.635000] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.639988] ? mapping_needs_writeback+0xd4/0x110 [ 29.644801] ? filemap_check_errors+0x75/0x90 [ 29.649270] iomap_dio_rw+0xaac/0xd20 [ 29.653046] ? iomap_seek_data+0x150/0x150 [ 29.657255] ? xfs_ilock+0x1a4/0x3e0 [ 29.660945] ? xfs_file_dio_aio_read+0x13b/0x460 [ 29.665674] ? down_read_nested+0x39/0x80 [ 29.669791] ? xfs_ilock+0x1a4/0x3e0 [ 29.673475] ? xfs_ilock+0x94/0x3e0 [ 29.677075] xfs_file_dio_aio_read+0x150/0x460 [ 29.681631] xfs_file_read_iter+0x3a9/0x4f0 [ 29.685936] ? rw_verify_area+0xe1/0x2a0 [ 29.689968] aio_read+0x25d/0x390 [ 29.693393] ? trace_hardirqs_on+0x10/0x10 [ 29.697599] ? aio_complete+0xf20/0xf20 [ 29.701546] ? cache_alloc_refill+0x2fa/0x350 [ 29.706015] ? lock_acquire+0x170/0x3f0 [ 29.709969] ? lock_acquire+0x170/0x3f0 [ 29.713914] ? lock_downgrade+0x740/0x740 [ 29.718036] do_io_submit+0xdeb/0x1570 [ 29.721911] ? aio_write+0x560/0x560 [ 29.725599] ? do_sys_ftruncate.constprop.0+0x33b/0x480 [ 29.730934] ? lock_downgrade+0x740/0x740 [ 29.735065] ? do_syscall_64+0x4c/0x640 [ 29.739013] ? SyS_io_destroy+0x340/0x340 [ 29.743134] do_syscall_64+0x1d5/0x640 [ 29.747000] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.752169] RIP: 0033:0x7f0de4b26979 [ 29.755853] RSP: 002b:00007fff0c9000d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 29.763532] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0de4b26979 [ 29.770773] RDX: 0000000020001d00 RSI: 0000000000000003 RDI: 00007f0dde6d9000 [ 29.778014] RBP: 00007f0de4ae6210 R08: 0000000000000000 R09: 0000000000000000 [ 29.785258] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0de4ae62a0 [ 29.792500] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.799747] [ 29.801347] The buggy address belongs to the page: [ 29.806247] page:ffffea0002cec3c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 29.814359] flags: 0xfff00000000000() [ 29.818131] raw: 00fff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 29.825982] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 29.833830] page dumped because: kasan: bad access detected [ 29.839508] [ 29.841104] Memory state around the buggy address: [ 29.846097] ffff8880b3b0fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.853430] ffff8880b3b0fc00: f1 f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 f2 [ 29.860757] >ffff8880b3b0fc80: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.870606] ^ [ 29.874728] ffff8880b3b0fd00: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 29.882057] ffff8880b3b0fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 29.889386] ================================================================== [ 29.896712] Disabling lock debugging due to kernel taint [ 29.902505] Kernel panic - not syncing: panic_on_warn set ... [ 29.902505] [ 29.909946] CPU: 1 PID: 7969 Comm: syz-executor193 Tainted: G B 4.14.302-syzkaller #0 [ 29.919026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.928361] Call Trace: [ 29.930925] dump_stack+0x1b2/0x281 [ 29.934523] panic+0x1f9/0x42d [ 29.937686] ? add_taint.cold+0x16/0x16 [ 29.941643] ? ___preempt_schedule+0x16/0x18 [ 29.946022] kasan_end_report+0x43/0x49 [ 29.949966] kasan_report_error.cold+0xa7/0x191 [ 29.954606] ? iov_iter_revert+0x800/0x900 [ 29.958824] __asan_report_load8_noabort+0x68/0x70 [ 29.963724] ? iov_iter_revert+0x800/0x900 [ 29.967928] iov_iter_revert+0x800/0x900 [ 29.971959] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.976960] ? mapping_needs_writeback+0xd4/0x110 [ 29.981784] ? filemap_check_errors+0x75/0x90 [ 29.986262] iomap_dio_rw+0xaac/0xd20 [ 29.990041] ? iomap_seek_data+0x150/0x150 [ 29.994269] ? xfs_ilock+0x1a4/0x3e0 [ 29.997957] ? xfs_file_dio_aio_read+0x13b/0x460 [ 30.002685] ? down_read_nested+0x39/0x80 [ 30.006801] ? xfs_ilock+0x1a4/0x3e0 [ 30.010485] ? xfs_ilock+0x94/0x3e0 [ 30.014087] xfs_file_dio_aio_read+0x150/0x460 [ 30.018642] xfs_file_read_iter+0x3a9/0x4f0 [ 30.022950] ? rw_verify_area+0xe1/0x2a0 [ 30.026984] aio_read+0x25d/0x390 [ 30.030410] ? trace_hardirqs_on+0x10/0x10 [ 30.034631] ? aio_complete+0xf20/0xf20 [ 30.038581] ? cache_alloc_refill+0x2fa/0x350 [ 30.043051] ? lock_acquire+0x170/0x3f0 [ 30.046996] ? lock_acquire+0x170/0x3f0 [ 30.050942] ? lock_downgrade+0x740/0x740 [ 30.055155] do_io_submit+0xdeb/0x1570 [ 30.059016] ? aio_write+0x560/0x560 [ 30.062701] ? do_sys_ftruncate.constprop.0+0x33b/0x480 [ 30.068038] ? lock_downgrade+0x740/0x740 [ 30.072156] ? do_syscall_64+0x4c/0x640 [ 30.076206] ? SyS_io_destroy+0x340/0x340 [ 30.080325] do_syscall_64+0x1d5/0x640 [ 30.084192] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.089352] RIP: 0033:0x7f0de4b26979 [ 30.093031] RSP: 002b:00007fff0c9000d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 30.100710] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0de4b26979 [ 30.108038] RDX: 0000000020001d00 RSI: 0000000000000003 RDI: 00007f0dde6d9000 [ 30.115280] RBP: 00007f0de4ae6210 R08: 0000000000000000 R09: 0000000000000000 [ 30.122523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0de4ae62a0 [ 30.129882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.137323] Kernel Offset: disabled [ 30.140928] Rebooting in 86400 seconds..