Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.147' (ECDSA) to the list of known hosts. syzkaller login: [ 32.973306] IPVS: ftp: loaded support on port[0] = 21 executing program [ 33.244448] audit: type=1800 audit(1653882601.818:2): pid=8115 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor174" name="/" dev="fuse" ino=2 res=0 [ 33.407290] ================================================================== [ 33.414722] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x90c/0x9a0 [ 33.421756] Read of size 8 at addr ffff88809e5afd10 by task syz-executor174/8113 [ 33.429381] [ 33.430995] CPU: 0 PID: 8113 Comm: syz-executor174 Not tainted 4.19.211-syzkaller #0 [ 33.438862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.448201] Call Trace: [ 33.450775] dump_stack+0x1fc/0x2ef [ 33.454397] print_address_description.cold+0x54/0x219 [ 33.459657] kasan_report_error.cold+0x8a/0x1b9 [ 33.464309] ? iov_iter_revert+0x90c/0x9a0 [ 33.468526] __asan_report_load8_noabort+0x88/0x90 [ 33.473438] ? iov_iter_revert+0x90c/0x9a0 [ 33.477663] iov_iter_revert+0x90c/0x9a0 [ 33.481703] ? filemap_check_errors+0xb5/0xd0 [ 33.486240] generic_file_read_iter+0x16fb/0x2b60 [ 33.491063] ? do_futex+0x171/0x1880 [ 33.494761] fuse_file_read_iter+0x198/0x240 [ 33.499148] __vfs_read+0x518/0x750 [ 33.502753] ? __se_sys_copy_file_range+0x410/0x410 [ 33.507753] ? security_file_permission+0x1c0/0x220 [ 33.512752] vfs_read+0x194/0x3c0 [ 33.516183] ksys_read+0x12b/0x2a0 [ 33.519703] ? kernel_write+0x110/0x110 [ 33.523655] ? trace_hardirqs_off_caller+0x6e/0x210 [ 33.528650] ? do_syscall_64+0x21/0x620 [ 33.532602] do_syscall_64+0xf9/0x620 [ 33.536388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.541569] RIP: 0033:0x7f5884ad8159 [ 33.545261] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 33.564140] RSP: 002b:00007f5884a682f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 33.571832] RAX: ffffffffffffffda RBX: 00007f5884b694d0 RCX: 00007f5884ad8159 [ 33.579084] RDX: 000000002000a3a0 RSI: 0000000020008380 RDI: 0000000000000005 [ 33.586335] RBP: 00007f5884b360e4 R08: 0000000000000000 R09: 0000000000000000 [ 33.593585] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 33.600835] R13: 00007f5884b320d8 R14: 00007f5884b340e0 R15: 00007f5884b694d8 [ 33.608089] [ 33.609693] The buggy address belongs to the page: [ 33.614602] page:ffffea0002796bc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 33.622721] flags: 0xfff00000000000() [ 33.626501] raw: 00fff00000000000 0000000000000000 ffffffff02790101 0000000000000000 [ 33.634362] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 33.642215] page dumped because: kasan: bad access detected [ 33.647900] [ 33.649504] Memory state around the buggy address: [ 33.654410] ffff88809e5afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.661747] ffff88809e5afc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 33.669083] >ffff88809e5afd00: f1 f1 f1 00 00 f2 f2 00 00 00 00 00 f2 f2 f2 f2 [ 33.676415] ^ [ 33.680280] ffff88809e5afd80: f2 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 [ 33.687703] ffff88809e5afe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.695035] ================================================================== [ 33.702366] Disabling lock debugging due to kernel taint [ 33.715035] Kernel panic - not syncing: panic_on_warn set ... [ 33.715035] [ 33.715050] CPU: 1 PID: 8113 Comm: syz-executor174 Tainted: G B 4.19.211-syzkaller #0 [ 33.715057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.715060] Call Trace: [ 33.715079] dump_stack+0x1fc/0x2ef [ 33.715102] panic+0x26a/0x50e [ 33.750431] ? __warn_printk+0xf3/0xf3 [ 33.754312] ? preempt_schedule_common+0x45/0xc0 [ 33.759160] ? ___preempt_schedule+0x16/0x18 [ 33.763546] ? trace_hardirqs_on+0x55/0x210 [ 33.767845] kasan_end_report+0x43/0x49 [ 33.771797] kasan_report_error.cold+0xa7/0x1b9 [ 33.776444] ? iov_iter_revert+0x90c/0x9a0 [ 33.780656] __asan_report_load8_noabort+0x88/0x90 [ 33.785562] ? iov_iter_revert+0x90c/0x9a0 [ 33.789776] iov_iter_revert+0x90c/0x9a0 [ 33.793814] ? filemap_check_errors+0xb5/0xd0 [ 33.798285] generic_file_read_iter+0x16fb/0x2b60 [ 33.803112] ? do_futex+0x171/0x1880 [ 33.806809] fuse_file_read_iter+0x198/0x240 [ 33.811199] __vfs_read+0x518/0x750 [ 33.814803] ? __se_sys_copy_file_range+0x410/0x410 [ 33.819799] ? security_file_permission+0x1c0/0x220 [ 33.824790] vfs_read+0x194/0x3c0 [ 33.828228] ksys_read+0x12b/0x2a0 [ 33.831743] ? kernel_write+0x110/0x110 [ 33.835698] ? trace_hardirqs_off_caller+0x6e/0x210 [ 33.840688] ? do_syscall_64+0x21/0x620 [ 33.844638] do_syscall_64+0xf9/0x620 [ 33.848418] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.853842] RIP: 0033:0x7f5884ad8159 [ 33.857531] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 33.876406] RSP: 002b:00007f5884a682f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 33.884113] RAX: ffffffffffffffda RBX: 00007f5884b694d0 RCX: 00007f5884ad8159 [ 33.891356] RDX: 000000002000a3a0 RSI: 0000000020008380 RDI: 0000000000000005 [ 33.898698] RBP: 00007f5884b360e4 R08: 0000000000000000 R09: 0000000000000000 [ 33.905944] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 33.913208] R13: 00007f5884b320d8 R14: 00007f5884b340e0 R15: 00007f5884b694d8 [ 33.920742] Kernel Offset: disabled [ 33.924354] Rebooting in 86400 seconds..