[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. 2020/07/06 02:45:35 fuzzer started 2020/07/06 02:45:36 dialing manager at 10.128.0.26:45977 2020/07/06 02:45:36 syscalls: 3123 2020/07/06 02:45:36 code coverage: enabled 2020/07/06 02:45:36 comparison tracing: enabled 2020/07/06 02:45:36 extra coverage: enabled 2020/07/06 02:45:36 setuid sandbox: enabled 2020/07/06 02:45:36 namespace sandbox: enabled 2020/07/06 02:45:36 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/06 02:45:36 fault injection: enabled 2020/07/06 02:45:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/06 02:45:36 net packet injection: enabled 2020/07/06 02:45:36 net device setup: enabled 2020/07/06 02:45:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/06 02:45:36 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/06 02:45:36 USB emulation: enabled syzkaller login: [ 248.435340][ C1] ================================================================== [ 248.443810][ C1] BUG: KASAN: out-of-bounds in csd_lock_record+0xd2/0xe0 [ 248.450874][ C1] Read of size 8 at addr ffffc900016b7918 by task syz-fuzzer/6796 [ 248.458768][ C1] [ 248.461097][ C1] CPU: 1 PID: 6796 Comm: syz-fuzzer Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 [ 248.470543][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.480625][ C1] Call Trace: [ 248.484018][ C1] dump_stack+0x18f/0x20d [ 248.488344][ C1] ? csd_lock_record+0xd2/0xe0 [ 248.493099][ C1] ? csd_lock_record+0xd2/0xe0 [ 248.497910][ C1] print_address_description.constprop.0.cold+0x5/0x436 [ 248.504955][ C1] ? lock_is_held_type+0xb0/0xe0 [ 248.509894][ C1] ? lockdep_hardirqs_off+0x66/0xa0 [ 248.515126][ C1] ? vprintk_func+0x97/0x1a6 [ 248.519713][ C1] ? csd_lock_record+0xd2/0xe0 [ 248.524472][ C1] kasan_report.cold+0x1f/0x37 [ 248.529226][ C1] ? csd_lock_record+0xd2/0xe0 [ 248.533988][ C1] csd_lock_record+0xd2/0xe0 [ 248.538570][ C1] flush_smp_call_function_queue+0x285/0x730 [ 248.544607][ C1] ? flush_tlb_func_common.constprop.0+0x420/0x420 [ 248.551125][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.557215][ C1] __sysvec_call_function_single+0x98/0x490 [ 248.563104][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.569163][ C1] sysvec_call_function_single+0x4f/0x120 [ 248.574876][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.580937][ C1] asm_sysvec_call_function_single+0x12/0x20 [ 248.586905][ C1] RIP: 0033:0x46081b [ 248.590788][ C1] Code: Bad RIP value. [ 248.594845][ C1] RSP: 002b:000000c000051f48 EFLAGS: 00000246 [ 248.600900][ C1] RAX: 000000c000000480 RBX: 000000c000042000 RCX: 0000000000000001 [ 248.608863][ C1] RDX: 000000000043b31a RSI: 0000000000000000 RDI: 000000c000051f30 [ 248.616829][ C1] RBP: 000000c000051f48 R08: 000000000004f065 R09: 00007ffcd8f26090 [ 248.624793][ C1] R10: 000000000000bfcc R11: 0000000000000202 R12: 00000000004338c0 [ 248.632751][ C1] R13: 0000000000000000 R14: 0000000000adca10 R15: 0000000000000000 [ 248.640730][ C1] [ 248.643047][ C1] [ 248.645361][ C1] Memory state around the buggy address: [ 248.650979][ C1] ffffc900016b7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 248.659026][ C1] ffffc900016b7880: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 248.667077][ C1] >ffffc900016b7900: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 248.675124][ C1] ^ [ 248.679961][ C1] ffffc900016b7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 248.688010][ C1] ffffc900016b7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 248.696060][ C1] ================================================================== [ 248.704106][ C1] Disabling lock debugging due to kernel taint [ 248.710234][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 248.716809][ C1] CPU: 1 PID: 6796 Comm: syz-fuzzer Tainted: G B 5.8.0-rc3-next-20200703-syzkaller #0 [ 248.727636][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.737678][ C1] Call Trace: [ 248.740959][ C1] dump_stack+0x18f/0x20d [ 248.745280][ C1] ? csd_lock_record+0x30/0xe0 [ 248.750143][ C1] panic+0x2e3/0x75c [ 248.754026][ C1] ? __warn_printk+0xf3/0xf3 [ 248.758611][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 248.764406][ C1] ? csd_lock_record+0xd2/0xe0 [ 248.769153][ C1] ? csd_lock_record+0xd2/0xe0 [ 248.773904][ C1] end_report+0x4d/0x53 [ 248.778049][ C1] kasan_report.cold+0xd/0x37 [ 248.782809][ C1] ? csd_lock_record+0xd2/0xe0 [ 248.787560][ C1] csd_lock_record+0xd2/0xe0 [ 248.792139][ C1] flush_smp_call_function_queue+0x285/0x730 [ 248.798107][ C1] ? flush_tlb_func_common.constprop.0+0x420/0x420 [ 248.804597][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.810650][ C1] __sysvec_call_function_single+0x98/0x490 [ 248.816538][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.822591][ C1] sysvec_call_function_single+0x4f/0x120 [ 248.828297][ C1] ? asm_sysvec_call_function_single+0xa/0x20 [ 248.834347][ C1] asm_sysvec_call_function_single+0x12/0x20 [ 248.840308][ C1] RIP: 0033:0x46081b [ 248.844204][ C1] Code: Bad RIP value. [ 248.848268][ C1] RSP: 002b:000000c000051f48 EFLAGS: 00000246 [ 248.854443][ C1] RAX: 000000c000000480 RBX: 000000c000042000 RCX: 0000000000000001 [ 248.862431][ C1] RDX: 000000000043b31a RSI: 0000000000000000 RDI: 000000c000051f30 [ 248.870395][ C1] RBP: 000000c000051f48 R08: 000000000004f065 R09: 00007ffcd8f26090 [ 248.878354][ C1] R10: 000000000000bfcc R11: 0000000000000202 R12: 00000000004338c0 [ 248.886311][ C1] R13: 0000000000000000 R14: 0000000000adca10 R15: 0000000000000000 [ 248.895779][ C1] Kernel Offset: disabled [ 248.900257][ C1] Rebooting in 86400 seconds..