[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   45.315860][   T23] audit: type=1800 audit(1575257023.480:25): pid=8144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   45.343148][   T23] audit: type=1800 audit(1575257023.480:26): pid=8144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   45.394563][   T23] audit: type=1800 audit(1575257023.480:27): pid=8144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   55.503544][ T8297] IPVS: ftp: loaded support on port[0] = 21
[   55.534938][   T23] kauditd_printk_skb: 3 callbacks suppressed
[   55.534945][   T23] audit: type=1800 audit(1575257033.700:31): pid=8297 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor632" name="file0" dev="sda1" ino=16484 res=0
[   55.625262][ T8298] ==================================================================
[   55.633432][ T8298] BUG: KASAN: slab-out-of-bounds in iov_iter_alignment+0x6a1/0x7b0
[   55.641296][ T8298] Read of size 4 at addr ffff88809ba3a154 by task loop0/8298
[   55.648634][ T8298] 
[   55.650938][ T8298] CPU: 1 PID: 8298 Comm: loop0 Not tainted 5.4.0-syzkaller #0
[   55.658410][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.668446][ T8298] Call Trace:
[   55.671716][ T8298]  dump_stack+0x1fb/0x318
[   55.676021][ T8298]  print_address_description+0x75/0x5c0
[   55.681542][ T8298]  ? vprintk_default+0x28/0x30
[   55.686304][ T8298]  ? vprintk_func+0x158/0x170
[   55.690965][ T8298]  ? printk+0x62/0x8d
[   55.694935][ T8298]  __kasan_report+0x14b/0x1c0
[   55.699613][ T8298]  ? iov_iter_alignment+0x6a1/0x7b0
[   55.704829][ T8298]  kasan_report+0x26/0x50
[   55.709132][ T8298]  __asan_report_load4_noabort+0x14/0x20
[   55.714738][ T8298]  iov_iter_alignment+0x6a1/0x7b0
[   55.719744][ T8298]  iomap_dio_bio_actor+0x1a7/0x11e0
[   55.724919][ T8298]  ? ext4_set_iomap+0x529/0x760
[   55.729806][ T8298]  iomap_dio_actor+0x2b4/0x4a0
[   55.734548][ T8298]  ? rcu_read_lock_sched_held+0x10b/0x170
[   55.740246][ T8298]  iomap_apply+0x370/0x490
[   55.744648][ T8298]  iomap_dio_rw+0x8ad/0x1010
[   55.749249][ T8298]  ? iomap_dio_rw+0x1010/0x1010
[   55.754089][ T8298]  ext4_file_read_iter+0x834/0xc20
[   55.759215][ T8298]  lo_rw_aio+0xcbb/0xea0
[   55.763478][ T8298]  loop_queue_work+0x13ab/0x2590
[   55.768390][ T8298]  ? finish_task_switch+0x24f/0x550
[   55.773562][ T8298]  ? kthread_worker_fn+0x3e3/0x700
[   55.778651][ T8298]  ? _raw_spin_unlock_irq+0x22/0x80
[   55.783825][ T8298]  kthread_worker_fn+0x449/0x700
[   55.788742][ T8298]  loop_kthread_worker_fn+0x40/0x60
[   55.793916][ T8298]  kthread+0x332/0x350
[   55.797956][ T8298]  ? loop_set_fd+0x1410/0x1410
[   55.802690][ T8298]  ? kthread_blkcg+0xe0/0xe0
[   55.807252][ T8298]  ret_from_fork+0x24/0x30
[   55.811641][ T8298] 
[   55.813946][ T8298] Allocated by task 0:
[   55.817981][ T8298] (stack is not available)
[   55.822363][ T8298] 
[   55.824681][ T8298] Freed by task 0:
[   55.828370][ T8298] (stack is not available)
[   55.832752][ T8298] 
[   55.835054][ T8298] The buggy address belongs to the object at ffff88809ba3a100
[   55.835054][ T8298]  which belongs to the cache bio-0 of size 192
[   55.848554][ T8298] The buggy address is located 84 bytes inside of
[   55.848554][ T8298]  192-byte region [ffff88809ba3a100, ffff88809ba3a1c0)
[   55.861705][ T8298] The buggy address belongs to the page:
[   55.867310][ T8298] page:ffffea00026e8e80 refcount:1 mapcount:0 mapping:ffff8880a7e34540 index:0x0
[   55.876387][ T8298] raw: 00fffe0000000200 ffffea0002524348 ffff8880a7441b48 ffff8880a7e34540
[   55.884961][ T8298] raw: 0000000000000000 ffff88809ba3a000 0000000100000010 0000000000000000
[   55.893510][ T8298] page dumped because: kasan: bad access detected
[   55.899890][ T8298] 
[   55.902188][ T8298] Memory state around the buggy address:
[   55.907792][ T8298]  ffff88809ba3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.915835][ T8298]  ffff88809ba3a080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   55.923866][ T8298] >ffff88809ba3a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.931910][ T8298]                                                  ^
[   55.938552][ T8298]  ffff88809ba3a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.946586][ T8298]  ffff88809ba3a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   55.954625][ T8298] ==================================================================
[   55.962653][ T8298] Disabling lock debugging due to kernel taint
[   55.969265][ T8298] Kernel panic - not syncing: panic_on_warn set ...
[   55.975844][ T8298] CPU: 1 PID: 8298 Comm: loop0 Tainted: G    B             5.4.0-syzkaller #0
[   55.984657][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.994704][ T8298] Call Trace:
[   55.997970][ T8298]  dump_stack+0x1fb/0x318
[   56.002271][ T8298]  panic+0x264/0x7a9
[   56.006151][ T8298]  ? __kasan_report+0x195/0x1c0
[   56.010986][ T8298]  ? trace_hardirqs_on+0x34/0x80
[   56.015906][ T8298]  ? __kasan_report+0x195/0x1c0
[   56.020727][ T8298]  __kasan_report+0x1bb/0x1c0
[   56.025382][ T8298]  ? iov_iter_alignment+0x6a1/0x7b0
[   56.030556][ T8298]  kasan_report+0x26/0x50
[   56.034869][ T8298]  __asan_report_load4_noabort+0x14/0x20
[   56.040480][ T8298]  iov_iter_alignment+0x6a1/0x7b0
[   56.045500][ T8298]  iomap_dio_bio_actor+0x1a7/0x11e0
[   56.050707][ T8298]  ? ext4_set_iomap+0x529/0x760
[   56.055544][ T8298]  iomap_dio_actor+0x2b4/0x4a0
[   56.060296][ T8298]  ? rcu_read_lock_sched_held+0x10b/0x170
[   56.065992][ T8298]  iomap_apply+0x370/0x490
[   56.070385][ T8298]  iomap_dio_rw+0x8ad/0x1010
[   56.074947][ T8298]  ? iomap_dio_rw+0x1010/0x1010
[   56.079865][ T8298]  ext4_file_read_iter+0x834/0xc20
[   56.084953][ T8298]  lo_rw_aio+0xcbb/0xea0
[   56.089181][ T8298]  loop_queue_work+0x13ab/0x2590
[   56.094087][ T8298]  ? finish_task_switch+0x24f/0x550
[   56.099257][ T8298]  ? kthread_worker_fn+0x3e3/0x700
[   56.104358][ T8298]  ? _raw_spin_unlock_irq+0x22/0x80
[   56.109545][ T8298]  kthread_worker_fn+0x449/0x700
[   56.114470][ T8298]  loop_kthread_worker_fn+0x40/0x60
[   56.119675][ T8298]  kthread+0x332/0x350
[   56.123718][ T8298]  ? loop_set_fd+0x1410/0x1410
[   56.128452][ T8298]  ? kthread_blkcg+0xe0/0xe0
[   56.133031][ T8298]  ret_from_fork+0x24/0x30
[   56.138792][ T8298] Kernel Offset: disabled
[   56.143381][ T8298] Rebooting in 86400 seconds..