[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.484188][ T37] audit: type=1800 audit(1628774018.171:2): pid=8439 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor673" name="bus" dev="sda1" ino=13862 res=0 errno=0 [ 56.484395][ T8439] ================================================================== [ 56.513779][ T8439] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x803/0x900 [ 56.522017][ T8439] Read of size 8 at addr ffffc9000cf478b0 by task syz-executor673/8439 [ 56.530773][ T8439] [ 56.533222][ T8439] CPU: 0 PID: 8439 Comm: syz-executor673 Not tainted 5.14.0-rc5-syzkaller #0 [ 56.542165][ T8439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.553029][ T8439] Call Trace: [ 56.556300][ T8439] dump_stack_lvl+0xcd/0x134 [ 56.561155][ T8439] print_address_description.constprop.0.cold+0xf/0x309 [ 56.568080][ T8439] ? iov_iter_revert+0x803/0x900 [ 56.573003][ T8439] ? iov_iter_revert+0x803/0x900 [ 56.577925][ T8439] kasan_report.cold+0x83/0xdf [ 56.582675][ T8439] ? iov_iter_revert+0x803/0x900 [ 56.587600][ T8439] iov_iter_revert+0x803/0x900 [ 56.592350][ T8439] io_write+0x57b/0xed0 [ 56.596491][ T8439] ? io_read+0x1140/0x1140 [ 56.600970][ T8439] ? kernel_text_address+0xbd/0xf0 [ 56.606238][ T8439] ? lock_chain_count+0x20/0x20 [ 56.611072][ T8439] ? unwind_get_return_address+0x51/0x90 [ 56.616691][ T8439] ? read_profile+0x180/0x710 [ 56.621620][ T8439] ? stack_trace_save+0x8c/0xc0 [ 56.626453][ T8439] ? __lock_acquire+0xbc2/0x54a0 [ 56.631377][ T8439] io_issue_sqe+0x28c/0x6920 [ 56.635954][ T8439] ? do_syscall_64+0x35/0xb0 [ 56.640526][ T8439] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 56.646490][ T8439] ? io_write+0xed0/0xed0 [ 56.650801][ T8439] ? find_held_lock+0x2d/0x110 [ 56.655656][ T8439] ? __fget_files+0x21b/0x3e0 [ 56.660319][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 56.665152][ T8439] ? ___slab_alloc+0x4ba/0x820 [ 56.669896][ T8439] __io_queue_sqe+0x1ac/0xf00 [ 56.674554][ T8439] ? io_issue_sqe+0x6920/0x6920 [ 56.679388][ T8439] io_submit_sqes+0x63ea/0x7bc0 [ 56.684231][ T8439] ? __do_sys_io_uring_enter+0xb03/0x1d40 [ 56.689929][ T8439] __do_sys_io_uring_enter+0xb03/0x1d40 [ 56.695464][ T8439] ? io_submit_sqes+0x7bc0/0x7bc0 [ 56.700556][ T8439] ? find_held_lock+0x2d/0x110 [ 56.705306][ T8439] ? __context_tracking_exit+0xb8/0xe0 [ 56.710750][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 56.715580][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 56.720421][ T8439] ? syscall_enter_from_user_mode+0x21/0x70 [ 56.726399][ T8439] do_syscall_64+0x35/0xb0 [ 56.730945][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.736826][ T8439] RIP: 0033:0x43f8a9 [ 56.740700][ T8439] Code: 28 c3 e8 1a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.760602][ T8439] RSP: 002b:00007ffcc6759968 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 56.769097][ T8439] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000043f8a9 [ 56.777051][ T8439] RDX: 0000000000000000 RSI: 00000000000052fe RDI: 0000000000000003 [ 56.785064][ T8439] RBP: 00007ffcc6759988 R08: 0000000000000000 R09: 0000000000000000 [ 56.793181][ T8439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc6759990 [ 56.801225][ T8439] R13: 0000000000000000 R14: 00000000004ae018 R15: 0000000000400488 [ 56.809187][ T8439] [ 56.811552][ T8439] [ 56.813857][ T8439] addr ffffc9000cf478b0 is located in stack of task syz-executor673/8439 at offset 152 in frame: [ 56.824334][ T8439] io_write+0x0/0xed0 [ 56.828302][ T8439] [ 56.830605][ T8439] this frame has 3 objects: [ 56.835084][ T8439] [48, 56) 'iovec' [ 56.835094][ T8439] [80, 120) '__iter' [ 56.838877][ T8439] [160, 288) 'inline_vecs' [ 56.842835][ T8439] [ 56.849607][ T8439] Memory state around the buggy address: [ 56.855245][ T8439] ffffc9000cf47780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.863288][ T8439] ffffc9000cf47800: 00 00 00 f1 f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 [ 56.871333][ T8439] >ffffc9000cf47880: 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 56.879378][ T8439] ^ [ 56.884985][ T8439] ffffc9000cf47900: 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 [ 56.893026][ T8439] ffffc9000cf47980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.901146][ T8439] ================================================================== [ 56.909182][ T8439] Disabling lock debugging due to kernel taint [ 56.916002][ T8439] Kernel panic - not syncing: panic_on_warn set ... [ 56.922582][ T8439] CPU: 0 PID: 8439 Comm: syz-executor673 Tainted: G B 5.14.0-rc5-syzkaller #0 [ 56.932722][ T8439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.942767][ T8439] Call Trace: [ 56.946204][ T8439] dump_stack_lvl+0xcd/0x134 [ 56.950789][ T8439] panic+0x306/0x73d [ 56.954670][ T8439] ? __warn_printk+0xf3/0xf3 [ 56.959246][ T8439] ? preempt_schedule_common+0x59/0xc0 [ 56.964706][ T8439] ? iov_iter_revert+0x803/0x900 [ 56.969635][ T8439] ? preempt_schedule_thunk+0x16/0x18 [ 56.974998][ T8439] ? trace_hardirqs_on+0x38/0x1c0 [ 56.980006][ T8439] ? trace_hardirqs_on+0x51/0x1c0 [ 56.985017][ T8439] ? iov_iter_revert+0x803/0x900 [ 56.989941][ T8439] ? iov_iter_revert+0x803/0x900 [ 56.994868][ T8439] end_report.cold+0x5a/0x5a [ 56.999452][ T8439] kasan_report.cold+0x71/0xdf [ 57.004205][ T8439] ? iov_iter_revert+0x803/0x900 [ 57.009334][ T8439] iov_iter_revert+0x803/0x900 [ 57.014782][ T8439] io_write+0x57b/0xed0 [ 57.018928][ T8439] ? io_read+0x1140/0x1140 [ 57.023326][ T8439] ? kernel_text_address+0xbd/0xf0 [ 57.028771][ T8439] ? lock_chain_count+0x20/0x20 [ 57.033936][ T8439] ? unwind_get_return_address+0x51/0x90 [ 57.039646][ T8439] ? read_profile+0x180/0x710 [ 57.044401][ T8439] ? stack_trace_save+0x8c/0xc0 [ 57.049290][ T8439] ? __lock_acquire+0xbc2/0x54a0 [ 57.054302][ T8439] io_issue_sqe+0x28c/0x6920 [ 57.058875][ T8439] ? do_syscall_64+0x35/0xb0 [ 57.063451][ T8439] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.069419][ T8439] ? io_write+0xed0/0xed0 [ 57.073735][ T8439] ? find_held_lock+0x2d/0x110 [ 57.078489][ T8439] ? __fget_files+0x21b/0x3e0 [ 57.083150][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 57.087983][ T8439] ? ___slab_alloc+0x4ba/0x820 [ 57.092905][ T8439] __io_queue_sqe+0x1ac/0xf00 [ 57.097608][ T8439] ? io_issue_sqe+0x6920/0x6920 [ 57.102449][ T8439] io_submit_sqes+0x63ea/0x7bc0 [ 57.107475][ T8439] ? __do_sys_io_uring_enter+0xb03/0x1d40 [ 57.113462][ T8439] __do_sys_io_uring_enter+0xb03/0x1d40 [ 57.118999][ T8439] ? io_submit_sqes+0x7bc0/0x7bc0 [ 57.124009][ T8439] ? find_held_lock+0x2d/0x110 [ 57.128766][ T8439] ? __context_tracking_exit+0xb8/0xe0 [ 57.134216][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 57.139051][ T8439] ? lock_downgrade+0x6e0/0x6e0 [ 57.143891][ T8439] ? syscall_enter_from_user_mode+0x21/0x70 [ 57.149778][ T8439] do_syscall_64+0x35/0xb0 [ 57.154187][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.160069][ T8439] RIP: 0033:0x43f8a9 [ 57.163950][ T8439] Code: 28 c3 e8 1a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.183639][ T8439] RSP: 002b:00007ffcc6759968 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 57.192045][ T8439] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000043f8a9 [ 57.200094][ T8439] RDX: 0000000000000000 RSI: 00000000000052fe RDI: 0000000000000003 [ 57.208614][ T8439] RBP: 00007ffcc6759988 R08: 0000000000000000 R09: 0000000000000000 [ 57.216576][ T8439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc6759990 [ 57.224847][ T8439] R13: 0000000000000000 R14: 00000000004ae018 R15: 0000000000400488 [ 57.243565][ T8439] Kernel Offset: disabled [ 57.248414][ T8439] Rebooting in 86400 seconds..