[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.238' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.019740] XFS (loop0): Mounting V4 Filesystem [ 29.039365] XFS (loop0): Ending clean mount [ 29.051711] audit: type=1800 audit(1671894791.169:2): pid=7971 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor350" name="bus" dev="loop0" ino=41 res=0 [ 29.059891] ================================================================== [ 29.077223] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x800/0x900 [ 29.084227] Read of size 8 at addr ffff888091be7c98 by task syz-executor350/7971 [ 29.091743] [ 29.093348] CPU: 0 PID: 7971 Comm: syz-executor350 Not tainted 4.14.302-syzkaller #0 [ 29.101209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.110546] Call Trace: [ 29.113113] dump_stack+0x1b2/0x281 [ 29.116714] print_address_description.cold+0x54/0x1d3 [ 29.121963] kasan_report_error.cold+0x8a/0x191 [ 29.126604] ? iov_iter_revert+0x800/0x900 [ 29.130809] __asan_report_load8_noabort+0x68/0x70 [ 29.135735] ? iov_iter_revert+0x800/0x900 [ 29.139944] iov_iter_revert+0x800/0x900 [ 29.143977] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.148967] ? mapping_needs_writeback+0xd4/0x110 [ 29.153779] ? filemap_check_errors+0x75/0x90 [ 29.158248] iomap_dio_rw+0xaac/0xd20 [ 29.162025] ? iomap_seek_data+0x150/0x150 [ 29.166233] ? xfs_ilock+0x1a4/0x3e0 [ 29.169923] ? xfs_file_dio_aio_read+0x13b/0x460 [ 29.174650] ? down_read_nested+0x39/0x80 [ 29.178770] ? xfs_ilock+0x1a4/0x3e0 [ 29.182454] ? xfs_ilock+0x94/0x3e0 [ 29.186053] xfs_file_dio_aio_read+0x150/0x460 [ 29.190614] xfs_file_read_iter+0x3a9/0x4f0 [ 29.194911] ? rw_verify_area+0xe1/0x2a0 [ 29.198945] aio_read+0x25d/0x390 [ 29.202372] ? trace_hardirqs_on+0x10/0x10 [ 29.206580] ? aio_complete+0xf20/0xf20 [ 29.210526] ? cache_alloc_refill+0x2fa/0x350 [ 29.214996] ? lock_acquire+0x170/0x3f0 [ 29.218971] ? lock_acquire+0x170/0x3f0 [ 29.222916] ? lock_downgrade+0x740/0x740 [ 29.227056] do_io_submit+0xdeb/0x1570 [ 29.230930] ? aio_write+0x560/0x560 [ 29.234629] ? do_sys_ftruncate.constprop.0+0x33b/0x480 [ 29.239974] ? lock_downgrade+0x740/0x740 [ 29.244099] ? do_syscall_64+0x4c/0x640 [ 29.248046] ? SyS_io_destroy+0x340/0x340 [ 29.252167] do_syscall_64+0x1d5/0x640 [ 29.256038] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.261199] RIP: 0033:0x7f66e5a18979 [ 29.264881] RSP: 002b:00007ffdd7af80f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 29.272560] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f66e5a18979 [ 29.279801] RDX: 0000000020001d00 RSI: 0000000000000003 RDI: 00007f66df5cb000 [ 29.287044] RBP: 00007f66e59d8210 R08: 0000000000000000 R09: 0000000000000000 [ 29.294286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66e59d82a0 [ 29.301527] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.308775] [ 29.310373] The buggy address belongs to the page: [ 29.315275] page:ffffea000246f9c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 29.323385] flags: 0xfff00000000000() [ 29.327159] raw: 00fff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 29.335011] raw: 0000000000000000 ffffea000246f9e0 0000000000000000 0000000000000000 [ 29.342864] page dumped because: kasan: bad access detected [ 29.348547] [ 29.350148] Memory state around the buggy address: [ 29.355051] ffff888091be7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.362382] ffff888091be7c00: f1 f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 f2 [ 29.369712] >ffff888091be7c80: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.377039] ^ [ 29.381158] ffff888091be7d00: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 29.388488] ffff888091be7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 29.395814] ================================================================== [ 29.403158] Disabling lock debugging due to kernel taint [ 29.408891] Kernel panic - not syncing: panic_on_warn set ... [ 29.408891] [ 29.416240] CPU: 0 PID: 7971 Comm: syz-executor350 Tainted: G B 4.14.302-syzkaller #0 [ 29.425315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.434648] Call Trace: [ 29.437211] dump_stack+0x1b2/0x281 [ 29.440812] panic+0x1f9/0x42d [ 29.443977] ? add_taint.cold+0x16/0x16 [ 29.447925] ? ___preempt_schedule+0x16/0x18 [ 29.452303] kasan_end_report+0x43/0x49 [ 29.456250] kasan_report_error.cold+0xa7/0x191 [ 29.460889] ? iov_iter_revert+0x800/0x900 [ 29.465097] __asan_report_load8_noabort+0x68/0x70 [ 29.469994] ? iov_iter_revert+0x800/0x900 [ 29.474196] iov_iter_revert+0x800/0x900 [ 29.478236] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.483222] ? mapping_needs_writeback+0xd4/0x110 [ 29.488034] ? filemap_check_errors+0x75/0x90 [ 29.492510] iomap_dio_rw+0xaac/0xd20 [ 29.496281] ? iomap_seek_data+0x150/0x150 [ 29.500486] ? xfs_ilock+0x1a4/0x3e0 [ 29.504194] ? xfs_file_dio_aio_read+0x13b/0x460 [ 29.508918] ? down_read_nested+0x39/0x80 [ 29.513034] ? xfs_ilock+0x1a4/0x3e0 [ 29.516718] ? xfs_ilock+0x94/0x3e0 [ 29.520314] xfs_file_dio_aio_read+0x150/0x460 [ 29.524867] xfs_file_read_iter+0x3a9/0x4f0 [ 29.529157] ? rw_verify_area+0xe1/0x2a0 [ 29.533197] aio_read+0x25d/0x390 [ 29.536621] ? trace_hardirqs_on+0x10/0x10 [ 29.540837] ? aio_complete+0xf20/0xf20 [ 29.544781] ? cache_alloc_refill+0x2fa/0x350 [ 29.549248] ? lock_acquire+0x170/0x3f0 [ 29.553194] ? lock_acquire+0x170/0x3f0 [ 29.557137] ? lock_downgrade+0x740/0x740 [ 29.561258] do_io_submit+0xdeb/0x1570 [ 29.565130] ? aio_write+0x560/0x560 [ 29.568821] ? do_sys_ftruncate.constprop.0+0x33b/0x480 [ 29.574154] ? lock_downgrade+0x740/0x740 [ 29.578281] ? do_syscall_64+0x4c/0x640 [ 29.582223] ? SyS_io_destroy+0x340/0x340 [ 29.586340] do_syscall_64+0x1d5/0x640 [ 29.590201] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.595361] RIP: 0033:0x7f66e5a18979 [ 29.599040] RSP: 002b:00007ffdd7af80f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 29.606718] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f66e5a18979 [ 29.613957] RDX: 0000000020001d00 RSI: 0000000000000003 RDI: 00007f66df5cb000 [ 29.621198] RBP: 00007f66e59d8210 R08: 0000000000000000 R09: 0000000000000000 [ 29.628436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66e59d82a0 [ 29.635680] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.643094] Kernel Offset: disabled [ 29.646701] Rebooting in 86400 seconds..