Warning: Permanently added '10.128.1.31' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.035685][ T6833] IPVS: ftp: loaded support on port[0] = 21 [ 56.071129][ T6833] ================================================================== [ 56.071165][ T6833] BUG: KASAN: slab-out-of-bounds in vcs_read+0xaa7/0xb40 [ 56.071172][ T6833] Write of size 2 at addr ffff8880a47ef000 by task syz-executor776/6833 [ 56.071174][ T6833] [ 56.071184][ T6833] CPU: 0 PID: 6833 Comm: syz-executor776 Not tainted 5.9.0-rc1-next-20200820-syzkaller #0 [ 56.071189][ T6833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.071192][ T6833] Call Trace: [ 56.071205][ T6833] dump_stack+0x18f/0x20d [ 56.071214][ T6833] ? vcs_read+0xaa7/0xb40 [ 56.071221][ T6833] ? vcs_read+0xaa7/0xb40 [ 56.071232][ T6833] print_address_description.constprop.0.cold+0xae/0x497 [ 56.071242][ T6833] ? lock_release+0x8e0/0x8e0 [ 56.071250][ T6833] ? lock_downgrade+0x830/0x830 [ 56.071260][ T6833] ? vprintk_func+0x97/0x1a6 [ 56.071269][ T6833] ? vcs_read+0xaa7/0xb40 [ 56.071276][ T6833] ? vcs_read+0xaa7/0xb40 [ 56.071283][ T6833] kasan_report.cold+0x1f/0x37 [ 56.071292][ T6833] ? vcs_read+0xaa7/0xb40 [ 56.071301][ T6833] vcs_read+0xaa7/0xb40 [ 56.071315][ T6833] ? vcs_write+0xb50/0xb50 [ 56.071324][ T6833] ? security_file_permission+0x248/0x560 [ 56.071336][ T6833] ? vcs_write+0xb50/0xb50 [ 56.071345][ T6833] vfs_read+0x1df/0x5a0 [ 56.071356][ T6833] ksys_read+0x12d/0x250 [ 56.071366][ T6833] ? vfs_write+0x730/0x730 [ 56.071377][ T6833] ? trace_hardirqs_on+0x5f/0x220 [ 56.071386][ T6833] ? lockdep_hardirqs_on+0x76/0xf0 [ 56.071397][ T6833] do_syscall_64+0x2d/0x70 [ 56.071406][ T6833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.071413][ T6833] RIP: 0033:0x440bb9 [ 56.071422][ T6833] Code: 26 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.071427][ T6833] RSP: 002b:00007ffed959bbf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 56.071437][ T6833] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440bb9 [ 56.071442][ T6833] RDX: 0000000000002020 RSI: 0000000020000340 RDI: 0000000000000003 [ 56.071448][ T6833] RBP: 00007ffed959bc00 R08: 0000000120080522 R09: 0000000120080522 [ 56.071453][ T6833] R10: 0000000120080522 R11: 0000000000000246 R12: 0000000000401fe0 [ 56.071458][ T6833] R13: 0000000000402070 R14: 0000000000000000 R15: 0000000000000000 [ 56.071468][ T6833] [ 56.071473][ T6833] Allocated by task 1: [ 56.071481][ T6833] kasan_save_stack+0x1b/0x40 [ 56.071488][ T6833] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 56.071495][ T6833] kmem_cache_alloc+0x138/0x3a0 [ 56.071502][ T6833] __alloc_file+0x21/0x350 [ 56.071508][ T6833] alloc_empty_file+0x6d/0x170 [ 56.071515][ T6833] path_openat+0xe3/0x2730 [ 56.071522][ T6833] do_filp_open+0x17e/0x3c0 [ 56.071529][ T6833] do_sys_openat2+0x16d/0x420 [ 56.071536][ T6833] __x64_sys_open+0x119/0x1c0 [ 56.071543][ T6833] do_syscall_64+0x2d/0x70 [ 56.071550][ T6833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.071553][ T6833] [ 56.071557][ T6833] Freed by task 16: [ 56.071564][ T6833] kasan_save_stack+0x1b/0x40 [ 56.071570][ T6833] kasan_set_track+0x1c/0x30 [ 56.071578][ T6833] kasan_set_free_info+0x1b/0x30 [ 56.071585][ T6833] __kasan_slab_free+0xd8/0x120 [ 56.071592][ T6833] kmem_cache_free.part.0+0x67/0x1f0 [ 56.071599][ T6833] rcu_core+0x5df/0x11e0 [ 56.071607][ T6833] __do_softirq+0x2de/0xa24 [ 56.071609][ T6833] [ 56.071612][ T6833] Last call_rcu(): [ 56.071618][ T6833] kasan_save_stack+0x1b/0x40 [ 56.071626][ T6833] kasan_record_aux_stack+0x82/0xb0 [ 56.071632][ T6833] call_rcu+0x14f/0x7f0 [ 56.071640][ T6833] task_work_run+0xdd/0x190 [ 56.071648][ T6833] exit_to_user_mode_prepare+0x195/0x1c0 [ 56.071655][ T6833] syscall_exit_to_user_mode+0x59/0x2b0 [ 56.071662][ T6833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.071665][ T6833] [ 56.071667][ T6833] Second to last call_rcu(): [ 56.071674][ T6833] kasan_save_stack+0x1b/0x40 [ 56.071681][ T6833] kasan_record_aux_stack+0x82/0xb0 [ 56.071688][ T6833] call_rcu+0x14f/0x7f0 [ 56.071694][ T6833] task_work_run+0xdd/0x190 [ 56.071702][ T6833] exit_to_user_mode_prepare+0x195/0x1c0 [ 56.071708][ T6833] syscall_exit_to_user_mode+0x59/0x2b0 [ 56.071716][ T6833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.071718][ T6833] [ 56.071724][ T6833] The buggy address belongs to the object at ffff8880a47ef0c0 [ 56.071724][ T6833] which belongs to the cache filp of size 488 [ 56.071731][ T6833] The buggy address is located 192 bytes to the left of [ 56.071731][ T6833] 488-byte region [ffff8880a47ef0c0, ffff8880a47ef2a8) [ 56.071734][ T6833] The buggy address belongs to the page: [ 56.071743][ T6833] page:00000000717406a1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa47ef [ 56.071750][ T6833] flags: 0xfffe0000000200(slab) [ 56.071760][ T6833] raw: 00fffe0000000200 ffffea00025060c8 ffffea00027ea248 ffff88821bc47b00 [ 56.071770][ T6833] raw: 0000000000000000 ffff8880a47ef0c0 0000000100000006 0000000000000000 [ 56.071773][ T6833] page dumped because: kasan: bad access detected [ 56.071775][ T6833] [ 56.071778][ T6833] Memory state around the buggy address: [ 56.071785][ T6833] ffff8880a47eef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.071791][ T6833] ffff8880a47eef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.071797][ T6833] >ffff8880a47ef000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.071800][ T6833] ^ [ 56.071807][ T6833] ffff8880a47ef080: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 56.071813][ T6833] ffff8880a47ef100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.071816][ T6833] ================================================================== [ 56.071819][ T6833] Disabling lock debugging due to kernel taint [ 56.071823][ T6833] Kernel panic - not syncing: panic_on_warn set ... [ 56.071831][ T6833] CPU: 0 PID: 6833 Comm: syz-executor776 Tainted: G B 5.9.0-rc1-next-20200820-syzkaller #0 [ 56.071835][ T6833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.071837][ T6833] Call Trace: [ 56.071845][ T6833] dump_stack+0x18f/0x20d [ 56.071852][ T6833] ? vcs_read+0xa50/0xb40 [ 56.071859][ T6833] panic+0x2e3/0x75c [ 56.071867][ T6833] ? __warn_printk+0xf3/0xf3 [ 56.071876][ T6833] ? trace_hardirqs_on+0x55/0x220 [ 56.071883][ T6833] ? vcs_read+0xaa7/0xb40 [ 56.071890][ T6833] ? vcs_read+0xaa7/0xb40 [ 56.071896][ T6833] end_report+0x4d/0x53 [ 56.071903][ T6833] kasan_report.cold+0xd/0x37 [ 56.071911][ T6833] ? vcs_read+0xaa7/0xb40 [ 56.071924][ T6833] vcs_read+0xaa7/0xb40 [ 56.071934][ T6833] ? vcs_write+0xb50/0xb50 [ 56.071941][ T6833] ? security_file_permission+0x248/0x560 [ 56.071949][ T6833] ? vcs_write+0xb50/0xb50 [ 56.071956][ T6833] vfs_read+0x1df/0x5a0 [ 56.071964][ T6833] ksys_read+0x12d/0x250 [ 56.071971][ T6833] ? vfs_write+0x730/0x730 [ 56.071979][ T6833] ? trace_hardirqs_on+0x5f/0x220 [ 56.071985][ T6833] ? lockdep_hardirqs_on+0x76/0xf0 [ 56.071993][ T6833] do_syscall_64+0x2d/0x70 [ 56.072000][ T6833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.072006][ T6833] RIP: 0033:0x440bb9 [ 56.072012][ T6833] Code: 26 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.072016][ T6833] RSP: 002b:00007ffed959bbf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 56.072024][ T6833] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440bb9 [ 56.072028][ T6833] RDX: 0000000000002020 RSI: 0000000020000340 RDI: 0000000000000003 [ 56.072033][ T6833] RBP: 00007ffed959bc00 R08: 0000000120080522 R09: 0000000120080522 [ 56.072037][ T6833] R10: 0000000120080522 R11: 0000000000000246 R12: 0000000000401fe0 [ 56.072042][ T6833] R13: 0000000000402070 R14: 0000000000000000 R15: 0000000000000000 [ 56.073714][ T6833] Kernel Offset: disabled [ 56.822969][ T6833] Rebooting in 86400 seconds..