Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. executing program [ ***] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (14s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (14s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (15s / 1min 30s) [* ] A start job is running for dev-ttyS0.device (15s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (16s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (16s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (17s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (17s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (18s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (18s / 1min 30s) [ *] A start job is running for dev-ttyS0.device (19s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (19s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (20s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (20s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (21s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (21s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (22s / 1min 30s) [* ] A start job is running for dev-ttyS0.device (22s / 1min 30s)[ 29.511892][ T22] audit: type=1400 audit(1597859745.781:8): avc: denied { execmem } for pid=340 comm="syz-executor564" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [** ] A start job is running for dev-ttyS0.device (23s / 1min 30s)[ 29.729768][ T343] ================================================================== [ 29.737873][ T343] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x249/0xa60 [ 29.745607][ T343] Read of size 8 at addr ffff8881c3147cb8 by task syz-executor564/343 [ 29.753735][ T343] [ 29.756090][ T343] CPU: 1 PID: 343 Comm: syz-executor564 Not tainted 5.4.59-syzkaller-00504-g010ff9a0f65f #0 [ 29.766115][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.776183][ T343] Call Trace: [ 29.779508][ T343] dump_stack+0x14a/0x1ce [ 29.783809][ T343] ? fuse_aio_complete+0x40f/0x540 [ 29.788888][ T343] ? show_regs_print_info+0x12/0x12 [ 29.794057][ T343] ? printk+0xd2/0x114 [ 29.798094][ T343] print_address_description+0x93/0x620 [ 29.803606][ T343] ? devkmsg_release+0x11c/0x11c [ 29.808513][ T343] __kasan_report+0x16d/0x1e0 [ 29.813161][ T343] ? iov_iter_revert+0x249/0xa60 [ 29.818074][ T343] kasan_report+0x36/0x60 [ 29.822372][ T343] iov_iter_revert+0x249/0xa60 [ 29.827107][ T343] generic_file_read_iter+0x1dd5/0x20b0 [ 29.832710][ T343] ? __kernel_text_address+0x93/0x110 [ 29.838070][ T343] ? kasan_alloc_pages+0x4a/0x60 [ 29.842996][ T343] ? prep_new_page+0x11a/0x380 [ 29.847740][ T343] ? find_get_pages_range_tag+0xaf0/0xaf0 [ 29.853432][ T343] ? forget_all_cached_acls+0xdf/0x100 [ 29.858863][ T343] fuse_file_read_iter+0x3ec/0x4e0 [ 29.863966][ T343] ? fuse_file_llseek+0x890/0x890 [ 29.868958][ T343] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 29.874492][ T343] ? _raw_spin_lock+0xa1/0x170 [ 29.879244][ T343] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 29.885019][ T343] ? iov_iter_init+0x83/0x160 [ 29.889662][ T343] __vfs_read+0x59a/0x710 [ 29.893965][ T343] ? rw_verify_area+0x340/0x340 [ 29.898784][ T343] ? __fsnotify_update_child_dentry_flags+0x2c0/0x2c0 [ 29.905539][ T343] ? security_file_permission+0x1e9/0x300 [ 29.911752][ T343] vfs_read+0x166/0x380 [ 29.915879][ T343] ksys_read+0x18c/0x2c0 [ 29.920088][ T343] ? vfs_write+0x4f0/0x4f0 [ 29.924474][ T343] ? do_user_addr_fault+0x55c/0x9f0 [ 29.929640][ T343] do_syscall_64+0xcb/0x150 [ 29.934132][ T343] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 29.939993][ T343] RIP: 0033:0x446889 [ 29.943858][ T343] Code: e8 5c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 29.963449][ T343] RSP: 002b:00007f2f0d69ad98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 29.971840][ T343] RAX: ffffffffffffffda RBX: 00000000006e0c48 RCX: 0000000000446889 [ 29.979790][ T343] RDX: 00000000200041e0 RSI: 00000000200021c0 RDI: 0000000000000005 [ 29.987735][ T343] RBP: 00000000006e0c40 R08: 0000000000000000 R09: 0000000000000000 [ 29.995680][ T343] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e0c4c [ 30.003648][ T343] R13: 0000000020006380 R14: 00000000004b1100 R15: 00000000004af0f8 [ 30.011591][ T343] [ 30.013887][ T343] The buggy address belongs to the page: [ 30.019486][ T343] page:ffffea00070c51c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 30.028606][ T343] flags: 0x8000000000000000() [ 30.033255][ T343] raw: 8000000000000000 ffffea00070c51c8 ffffea00070c51c8 0000000000000000 [ 30.041806][ T343] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 30.050368][ T343] page dumped because: kasan: bad access detected [ 30.056749][ T343] [ 30.059050][ T343] addr ffff8881c3147cb8 is located in stack of task syz-executor564/343 at offset 24 in frame: [ 30.069342][ T343] __vfs_read+0x0/0x710 [ 30.073464][ T343] [ 30.075763][ T343] this frame has 3 objects: [ 30.080231][ T343] [32, 48) 'iov.i' [ 30.080234][ T343] [64, 112) 'kiocb.i' [ 30.084008][ T343] [144, 184) 'iter.i' [ 30.088040][ T343] [ 30.094368][ T343] Memory state around the buggy address: [ 30.101702][ T343] ffff8881c3147b80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 [ 30.109737][ T343] ffff8881c3147c00: 00 00 00 00