[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.926742] IPVS: ftp: loaded support on port[0] = 21 [ 37.069722] audit: type=1800 audit(1626435384.867:2): pid=8108 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor462" name="/" dev="fuse" ino=1 res=0 [ 37.283291] ================================================================== [ 37.290830] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x90c/0x9a0 [ 37.297829] Read of size 8 at addr ffff888094c07d10 by task syz-executor462/8107 [ 37.305371] [ 37.306996] CPU: 1 PID: 8107 Comm: syz-executor462 Not tainted 4.19.197-syzkaller #0 [ 37.314870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.324379] Call Trace: [ 37.326962] dump_stack+0x1fc/0x2ef [ 37.330572] print_address_description.cold+0x54/0x219 [ 37.335831] kasan_report_error.cold+0x8a/0x1b9 [ 37.340698] ? iov_iter_revert+0x90c/0x9a0 [ 37.345059] __asan_report_load8_noabort+0x88/0x90 [ 37.349995] ? iov_iter_revert+0x90c/0x9a0 [ 37.355107] iov_iter_revert+0x90c/0x9a0 [ 37.359270] ? filemap_check_errors+0xb5/0xd0 [ 37.363749] generic_file_read_iter+0x16fb/0x2b60 [ 37.368604] ? do_futex+0x171/0x1880 [ 37.372335] fuse_file_read_iter+0x198/0x240 [ 37.376736] __vfs_read+0x518/0x750 [ 37.380438] ? __se_sys_copy_file_range+0x410/0x410 [ 37.385448] ? security_file_permission+0x1c0/0x220 [ 37.390451] vfs_read+0x194/0x3c0 [ 37.393902] ksys_read+0x12b/0x2a0 [ 37.397427] ? kernel_write+0x110/0x110 [ 37.401388] ? trace_hardirqs_off_caller+0x6e/0x210 [ 37.406391] ? do_syscall_64+0x21/0x620 [ 37.410434] do_syscall_64+0xf9/0x620 [ 37.414229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.419487] RIP: 0033:0x445ea9 [ 37.422698] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 37.441770] RSP: 002b:00007ff185e4e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 37.449671] RAX: ffffffffffffffda RBX: 00000000004d14f0 RCX: 0000000000445ea9 [ 37.456945] RDX: 000000002000a3a0 RSI: 0000000020008380 RDI: 0000000000000005 [ 37.464472] RBP: 00000000004a10dc R08: 0000000000000000 R09: 0000000000000000 [ 37.471835] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 37.479103] R13: 000000000049d0d0 R14: 000000000049f0d8 R15: 00000000004d14f8 [ 37.486369] [ 37.488018] The buggy address belongs to the page: [ 37.493126] page:ffffea00025301c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 37.501276] flags: 0xfff00000000000() [ 37.505076] raw: 00fff00000000000 0000000000000000 ffffffff02530101 0000000000000000 [ 37.513029] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 37.520883] page dumped because: kasan: bad access detected [ 37.526591] [ 37.528297] Memory state around the buggy address: [ 37.533219] ffff888094c07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.541278] ffff888094c07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 37.549431] >ffff888094c07d00: f1 f1 f1 00 00 f2 f2 00 00 00 00 00 f2 f2 f2 f2 [ 37.556790] ^ [ 37.560665] ffff888094c07d80: f2 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 [ 37.568011] ffff888094c07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.575349] ================================================================== [ 37.582708] Disabling lock debugging due to kernel taint [ 37.593210] Kernel panic - not syncing: panic_on_warn set ... [ 37.593210] [ 37.600611] CPU: 1 PID: 8107 Comm: syz-executor462 Tainted: G B 4.19.197-syzkaller #0 [ 37.609992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.619334] Call Trace: [ 37.621919] dump_stack+0x1fc/0x2ef [ 37.625535] panic+0x26a/0x50e [ 37.628712] ? __warn_printk+0xf3/0xf3 [ 37.632587] ? preempt_schedule_common+0x45/0xc0 [ 37.637512] ? ___preempt_schedule+0x16/0x18 [ 37.641917] ? trace_hardirqs_on+0x55/0x210 [ 37.646742] kasan_end_report+0x43/0x49 [ 37.650698] kasan_report_error.cold+0xa7/0x1b9 [ 37.655433] ? iov_iter_revert+0x90c/0x9a0 [ 37.659647] __asan_report_load8_noabort+0x88/0x90 [ 37.664568] ? iov_iter_revert+0x90c/0x9a0 [ 37.668778] iov_iter_revert+0x90c/0x9a0 [ 37.672822] ? filemap_check_errors+0xb5/0xd0 [ 37.677306] generic_file_read_iter+0x16fb/0x2b60 [ 37.682253] ? do_futex+0x171/0x1880 [ 37.686171] fuse_file_read_iter+0x198/0x240 [ 37.690571] __vfs_read+0x518/0x750 [ 37.694721] ? __se_sys_copy_file_range+0x410/0x410 [ 37.699742] ? security_file_permission+0x1c0/0x220 [ 37.705009] vfs_read+0x194/0x3c0 [ 37.708452] ksys_read+0x12b/0x2a0 [ 37.712028] ? kernel_write+0x110/0x110 [ 37.715983] ? trace_hardirqs_off_caller+0x6e/0x210 [ 37.721113] ? do_syscall_64+0x21/0x620 [ 37.725081] do_syscall_64+0xf9/0x620 [ 37.729031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.734211] RIP: 0033:0x445ea9 [ 37.737388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 37.756273] RSP: 002b:00007ff185e4e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 37.764136] RAX: ffffffffffffffda RBX: 00000000004d14f0 RCX: 0000000000445ea9 [ 37.771398] RDX: 000000002000a3a0 RSI: 0000000020008380 RDI: 0000000000000005 [ 37.778658] RBP: 00000000004a10dc R08: 0000000000000000 R09: 0000000000000000 [ 37.786008] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 37.793283] R13: 000000000049d0d0 R14: 000000000049f0d8 R15: 00000000004d14f8 [ 37.802101] Kernel Offset: disabled [ 37.805714] Rebooting in 86400 seconds..